Google Cloud Storage Bucket permissions modified

gcp

Classification:

compliance

Tactic:

TA0005-defense-evasion

Technique:

T1562-impair-defenses

This page is not yet available in Spanish. We are working on its translation.
If you have any questions or feedback about our current translation project, feel free to reach out to us!

Goal

Detect when permissions have changed on a GCS Bucket.

Strategy

Monitor GCS bucket admin activity audit logs to determine the following method is invoked:

  • storage.setIamPermissions

Triage and response

Review the bucket permissions and ensure they are not overly permissive.

Changelog

5 September 2022 - Updated rule query.