Access denied for Google Cloud Service Account
このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。
Goal
Detect when a Google Cloud service account (@usr.id:*.iam.gserviceaccount.com) exhibits access denied behavior that deviates from normal.
Strategy
Inspect the Google Cloud service account (@usr.id:*.iam.gserviceaccount.com) for errors (@data.protoPayload.status.code:7) caused by denied permissions (@evt.outcome). The anomaly detection will baseline each service account and then generate a security signal when a service account deviates from their baseline.
Triage and response
Investigate the logs and determine whether or not the Google Cloud service account {{@usr.id}} is compromised.
