Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
Identifies anomalous IAM-related activities in Google Cloud Platform (GCP) Audit Logs where the investigation priority is greater than zero. This query highlights potential privilege or access anomalies by providing key details such as timestamp, action type, activity type, source IP, location, and associated user and activity insights for further investigation.
| Attribute | Value |
|---|---|
| Type | Hunting Query |
| Solution | UEBA Essentials |
| ID | e5f6g7h8-i9j0-1234-efgh-ij5678901234 |
| Tactics | PrivilegeEscalation, Persistence, CredentialAccess |
| Techniques | T1078, T1548, T1098 |
| Required Connectors | BehaviorAnalytics |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Selection Criteria | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|---|
BehaviorAnalytics |
ActivityType contains "IAM"EventSource == "GCP Audit Logs" |
✓ | ✗ | ? |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊