API

Google Cloud logging sink modified

Docs > Datadog Security > OOTB Rules > Google Cloud logging sink modified

Classification:

attack

Tactic:

TA0005-defense-evasion

Technique:

T1562-impair-defenses

This page is not yet available in Spanish. We are working on its translation.
If you have any questions or feedback about our current translation project, feel free to reach out to us!

Goal

Detect changes to Google Cloud logging sinks, which can stop audit logs from being sent to Datadog.

Strategy

Monitor Google Cloud admin activity audit logs to determine when any of the following methods are invoked:

google.logging.v2.ConfigServiceV2.UpdateSink
google.logging.v2.ConfigServiceV2.DeleteSink

Triage and response

Review the sink and ensure the sink is properly configured.

Changelog

7 February 2023 - Updated query.