Hey folks!!
For GCP audit logs does anyone know if there are any udm event for storage.object.get or storage.object.delete? I am unable to find any information on it. I can locate the events by querying Udm.metadata.product_event_type = “storage.buckets.delete”
Hi, have you to search storage.buckets.delete in the raw log. Also, pick the the log source GCP audit log, it will reduce the load. Searching in raw log will search for that keyword. Other thing would be to look in your GCP tenant .
get might come under event type - USER_RESOURCE_ACCESS, and delete under RESOURCE_WRITTEN. Or you can explore further under target.resource.resource_type=STORAGE_BUCKET
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.