-
Book Overview & Buying
-
Table Of Contents
-
Feedback & Rating

Cybersecurity – Attack and Defense Strategies, 3rd edition
By :

Many organizations are moving towards a multi-cloud environment and Google Cloud Platform (GCP) is another big player that you need to be aware of how to monitor. GCP Cloud Audit Logs enables you to answer the following questions:
Using Microsoft Sentinel, you can ingest GCP Identity and Access Management (IAM) logs, which can be used to see admin activity (audit logs), which includes “admin write” operations, and Data Access audit logs, which includes “admin read” operations.
Once the connector is configured, the status will appear similar to the sample screenshot that follows:
Figure 17.11: GCP IAM connector
Once the connector is configured and ingesting data, you can perform queries using KQL. The example below is checking all GCP IAM logs and filtering the result to show only the following fields: SourceSystem, resource_labels_method_s...
Change the font size
Change margin width
Change background colour