Classification:
compliance
Set up the gcp integration.
Detect a change to the IAM policy.
This rule lets you monitor GCP admin activity audit logs to determine when the SetIamPolicy
method is invoked.
@data.protoPayload.serviceData.policyDelta.bindingDeltas
) and ensure none of the actions are REMOVE
.