Google Cloud SQL database modified

gcp

Classification:

compliance

Tactic:

TA0040-impact

Technique:

T1565-data-manipulation

This page is not yet available in Spanish. We are working on its translation.
If you have any questions or feedback about our current translation project, feel free to reach out to us!

Goal

Detect when a Google Cloud SQL database has been modified.

Strategy

This rule lets you monitor Google Cloud SQL admin activity audit logs to determine when one of the following methods is invoked:

  • cloudsql.instances.create
  • cloudsql.instances.create
  • cloudsql.users.update

Triage and response

  1. Review the Google Cloud SQL database and ensure it is configured properly with the correct permissions.