Access denied for Google Cloud Service Account
Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel,
n'hésitez pas à nous contacter.
Goal
Detect when a Google Cloud service account (@usr.id:*.iam.gserviceaccount.com) exhibits access denied behavior that deviates from normal.
Strategy
Inspect the Google Cloud service account (@usr.id:*.iam.gserviceaccount.com) for errors (@data.protoPayload.status.code:7) caused by denied permissions (@evt.outcome). The anomaly detection will baseline each service account and then generate a security signal when a service account deviates from their baseline.
Triage and response
Investigate the logs and determine whether or not the Google Cloud service account {{@usr.id}} is compromised.
