Features
Integrations
Dashboards
Log Management
APM
Security Monitoring
Network Monitoring
Synthetic Monitoring
Real User Monitoring
Serverless
Alerts
API
< Back to rules search
GCP IAM Policy Modified
Classification:
compliance
Set up the gcp integration.
Overview
Goal
Detect a change to the IAM policy.
Strategy
This rule lets you monitor GCP admin activity audit logs to determine when the SetIamPolicy method is invoked.
Triage & Response
- Review the log and inspect the policy deltas (
@data.protoPayload.serviceData.policyDelta.bindingDeltas) and ensure none of the actions areREMOVE.
On this Page