- 필수 기능
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- 디지털 경험
- 소프트웨어 제공
- 보안
- 로그 관리
- 관리
- 인프라스트럭처
- ci
- containers
- csm
- ndm
- otel_guides
- overview
- slos
- synthetics
- tests
- 워크플로
Detect when a Google Cloud service account is compromised.
Inspect the Google Cloud admin activity logs (@data.logName:*%2Factivity
) and filter for only Google Cloud service accounts (@usr.id:*.iam.gserviceaccount.com
). Count the unique number of Google Cloud API calls (@evt.name
) which are being made for each service account (@usr.id
). The anomaly detection baselines each service account and then generates a security signal when a service account deviates from their baseline.
To read more about Google Cloud audit logs, read the blog post.
Investigate the logs and determine whether or not the Google Cloud service account is compromised.