Google Cloud logging sink modified

Goal

Detect changes to Google Cloud logging sinks, which can stop audit logs from being sent to Datadog.

Strategy

Monitor Google Cloud admin activity audit logs to determine when any of the following methods are invoked:

  • google.logging.v2.ConfigServiceV2.UpdateSink
  • google.logging.v2.ConfigServiceV2.DeleteSink

Triage and response

Review the sink and ensure the sink is properly configured.

Changelog

7 February 2023 - Updated query.