Google Cloud SQL database modified

This page is not yet available in Spanish. We are working on its translation.
If you have any questions or feedback about our current translation project, feel free to reach out to us!

Goal

Detect when a Google Cloud SQL database has been modified.

Strategy

This rule lets you monitor Google Cloud SQL admin activity audit logs to determine when one of the following methods is invoked:

  • cloudsql.instances.create
  • cloudsql.instances.create
  • cloudsql.users.update

Triage and response

  1. Review the Google Cloud SQL database and ensure it is configured properly with the correct permissions.