GCP Service Account Key Created
Security Monitoring is now available Security Monitoring is now available
<  Back to rules search

GCP Service Account Key Created

gcp

Classification:

compliance

Set up the gcp integration.

Overview

Goal

Detect when a new service account key is created. An attacker could use this key as a backdoor to your account.

Strategy

This rule lets you monitor GCP admin activity audit logs to detect the creation of a service account key.

Triage & Response

  1. Contact the user who created the service account key to ensure they’re managing the key securely.