API

Google Cloud Service Account created

Docs > Datadog Security > OOTB Rules > Google Cloud Service Account created

Classification:

attack

Tactic:

TA0003-persistence

Technique:

T1136-create-account

This page is not yet available in Spanish. We are working on its translation.
If you have any questions or feedback about our current translation project, feel free to reach out to us!

Goal

Detect when a new service account is created.

Strategy

This rule lets you monitor Google Cloud admin activity audit logs to determine when a service account is created.

Triage and response

Contact the user who created the service account and ensure that the account is needed and that the role is scoped properly.