+3Hi there!
Since my organization's GCP log explorer events are directly ingested to Secops platform, I am trying to look for resource.type="audited_resources" events in secops. However looks like everything changed after parsing and now I am unable to find respective logs on SIEM, does anyone has any experience with this, can help?
Best answer by cmorris
That's a broad query, something like this will get you started, but you'll want to narrow your results further based on what you are looking for.
metadata.log_type = "GCP_CLOUDAUDIT"
metadata.product_name = "Google Cloud Platform"
+10That's a broad query, something like this will get you started, but you'll want to narrow your results further based on what you are looking for.
metadata.log_type = "GCP_CLOUDAUDIT"
metadata.product_name = "Google Cloud Platform"
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.