---
title: Google Compute Engine firewall rule modified
description: Datadog, the leading service for cloud-scale monitoring.
breadcrumbs: >-
  Docs > Datadog Security > OOTB Rules > Google Compute Engine firewall rule
  modified
---

# Google Compute Engine firewall rule modified
Classification:attackTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1562-impair-defenses](https://attack.mitre.org/techniques/T1562) 
## Goal{% #goal %}

Detect when a firewall rule is created, modified or deleted.

## Strategy{% #strategy %}

Monitor Google Compute Engine activity audit logs to determine when any of the following methods are invoked:

- `v1.compute.firewalls.delete`
- `v1.compute.firewalls.insert`
- `v1.compute.firewalls.patch`

## Triage and response{% #triage-and-response %}

1. Review the log and role and ensure the permissions are scoped properly.
1. Review the users associated with the role and ensure they should have the permissions attached to the role.