Access denied for Google Cloud Service Account

Documentos > Datadog Security > OOTB Rules > Access denied for Google Cloud Service Account

Classification:

attack

Tactic:

Technique:

Esta página aún no está disponible en español. Estamos trabajando en su traducción.
Si tienes alguna pregunta o comentario sobre nuestro actual proyecto de traducción, no dudes en ponerte en contacto con nosotros.

Goal

Detect when a Google Cloud service account (@usr.id:*.iam.gserviceaccount.com) exhibits access denied behavior that deviates from normal.

Strategy

Inspect the Google Cloud service account (@usr.id:*.iam.gserviceaccount.com) for errors (@data.protoPayload.status.code:7) caused by denied permissions (@evt.outcome). The anomaly detection will baseline each service account and then generate a security signal when a service account deviates from their baseline.

Triage and response

Investigate the logs and determine whether or not the Google Cloud service account {{@usr.id}} is compromised.