Mit Sammlungen den Überblick behalten
Sie können Inhalte basierend auf Ihren Einstellungen speichern und kategorisieren.
In diesem Dokument wird das Audit-Logging für die On-Demand Scanning API beschrieben. Google Cloud -Dienste generieren Audit-Logs, in denen Verwaltungs- und Zugriffsaktivitäten in Ihren Google Cloud Ressourcen aufgezeichnet werden.
Weitere Informationen zu Cloud-Audit-Logs finden Sie hier:
Jede IAM-Berechtigung hat ein type-Attribut, dessen Wert ein Enum ist, der einen der folgenden vier Werte haben kann: ADMIN_READ, ADMIN_WRITE, DATA_READ oder DATA_WRITE. Wenn Sie eine Methode aufrufen, generiert die On-Demand Scanning API ein Audit-Log, dessen Kategorie vom Attribut type der Berechtigung abhängt, die für die Ausführung der Methode erforderlich ist.
Methoden, die eine IAM-Berechtigung mit dem type-Attributwert DATA_READ, DATA_WRITE oder ADMIN_READ erfordern, generieren Audit-Logs zum Datenzugriff.
Methoden, die eine IAM-Berechtigung mit dem type-Attributwert ADMIN_WRITE erfordern, generieren Audit-Logs zur Administratoraktivität.
Informationen dazu, wie und welche Berechtigungen für die einzelnen Methoden evaluiert werden, finden Sie in der Dokumentation zur Identitäts- und Zugriffsverwaltung für die On-Demand-Scanning API.
google.cloud.ondemandscanning.v1.ScannerService
Die folgenden Audit-Logs sind Methoden zugeordnet, die zu google.cloud.ondemandscanning.v1.ScannerService gehören.
[[["Leicht verständlich","easyToUnderstand","thumb-up"],["Mein Problem wurde gelöst","solvedMyProblem","thumb-up"],["Sonstiges","otherUp","thumb-up"]],[["Schwer verständlich","hardToUnderstand","thumb-down"],["Informationen oder Beispielcode falsch","incorrectInformationOrSampleCode","thumb-down"],["Benötigte Informationen/Beispiele nicht gefunden","missingTheInformationSamplesINeed","thumb-down"],["Problem mit der Übersetzung","translationIssue","thumb-down"],["Sonstiges","otherDown","thumb-down"]],["Zuletzt aktualisiert: 2025-09-02 (UTC)."],[[["\u003cp\u003eOn-Demand Scanning API audit logs record administrative and data access activities, using the service name \u003ccode\u003eondemandscanning.googleapis.com\u003c/code\u003e for filtering.\u003c/p\u003e\n"],["\u003cp\u003eAudit log types are categorized as either Data Access or Admin Activity, based on the IAM permission type (\u003ccode\u003eDATA_READ\u003c/code\u003e, \u003ccode\u003eDATA_WRITE\u003c/code\u003e, or \u003ccode\u003eADMIN_WRITE\u003c/code\u003e) required for each method.\u003c/p\u003e\n"],["\u003cp\u003eMethods requiring \u003ccode\u003eDATA_READ\u003c/code\u003e, \u003ccode\u003eDATA_WRITE\u003c/code\u003e, or \u003ccode\u003eADMIN_READ\u003c/code\u003e permissions generate Data Access audit logs, while methods requiring \u003ccode\u003eADMIN_WRITE\u003c/code\u003e generate Admin Activity logs.\u003c/p\u003e\n"],["\u003cp\u003eThe methods \u003ccode\u003eAnalyzePackages\u003c/code\u003e and \u003ccode\u003eListVulnerabilities\u003c/code\u003e in both \u003ccode\u003egoogle.cloud.ondemandscanning.v1.ScannerService\u003c/code\u003e and \u003ccode\u003egoogle.cloud.ondemandscanning.v1beta1.ScannerService\u003c/code\u003e generate Data Access audit logs, with \u003ccode\u003eAnalyzePackages\u003c/code\u003e being a long-running operation.\u003c/p\u003e\n"],["\u003cp\u003eSpecific filters, such as \u003ccode\u003eprotoPayload.methodName="google.cloud.ondemandscanning.v1.ScannerService.AnalyzePackages"\u003c/code\u003e, can be used to identify audit logs for individual methods.\u003c/p\u003e\n"]]],[],null,["# On-Demand Scanning API Audit logging\n\nThis document describes audit logging for On-Demand Scanning API. Google Cloud services\ngenerate audit logs that record administrative and access activities within your Google Cloud resources.\nFor more information about Cloud Audit Logs, see the following:\n\n- [Types of audit logs](/logging/docs/audit#types)\n- [Audit log entry structure](/logging/docs/audit#audit_log_entry_structure)\n- [Storing and routing audit logs](/logging/docs/audit#storing_and_routing_audit_logs)\n- [Cloud Logging pricing summary](/stackdriver/pricing#logs-pricing-summary)\n- [Enable Data Access audit logs](/logging/docs/audit/configure-data-access)\n\n\u003cbr /\u003e\n\nService name\n------------\n\nOn-Demand Scanning API audit logs use the service name `ondemandscanning.googleapis.com`.\nFilter for this service: \n\n```gdscript\n protoPayload.serviceName=\"ondemandscanning.googleapis.com\"\n \n```\n\n\u003cbr /\u003e\n\nMethods by permission type\n--------------------------\n\nEach IAM permission has a `type` property, whose value is an enum\nthat can be one of four values: `ADMIN_READ`, `ADMIN_WRITE`,\n`DATA_READ`, or `DATA_WRITE`. When you call a method,\nOn-Demand Scanning API generates an audit log whose category is dependent on the\n`type` property of the permission required to perform the method.\n\nMethods that require an IAM permission with the `type` property value\nof `DATA_READ`, `DATA_WRITE`, or `ADMIN_READ` generate\n[Data Access](/logging/docs/audit#data-access) audit logs.\n\nMethods that require an IAM permission with the `type` property value\nof `ADMIN_WRITE` generate\n[Admin Activity](/logging/docs/audit#admin-activity) audit logs.\n\nAPI interface audit logs\n------------------------\n\nFor information about how and which permissions are evaluated for each method,\nsee the Identity and Access Management documentation for On-Demand Scanning API.\n\n### `google.cloud.ondemandscanning.v1.ScannerService`\n\nThe following audit logs are associated with methods belonging to\n`google.cloud.ondemandscanning.v1.ScannerService`.\n\n#### `AnalyzePackages`\n\n- **Method** : `google.cloud.ondemandscanning.v1.ScannerService.AnalyzePackages` \n- **Audit log type** : [Data access](/logging/docs/audit#data-access) \n- **Permissions** :\n - `ondemandscanning.scans.analyzePackages - DATA_WRITE`\n- **Method is a long-running or streaming operation** : [**Long-running operation**](/logging/docs/audit/understanding-audit-logs#lro) \n- **Filter for this method** : `\n protoPayload.methodName=\"google.cloud.ondemandscanning.v1.ScannerService.AnalyzePackages\"\n ` \n\n#### `ListVulnerabilities`\n\n- **Method** : `google.cloud.ondemandscanning.v1.ScannerService.ListVulnerabilities` \n- **Audit log type** : [Data access](/logging/docs/audit#data-access) \n- **Permissions** :\n - `ondemandscanning.scans.listVulnerabilities - DATA_READ`\n- **Method is a long-running or streaming operation** : No. \n- **Filter for this method** : `\n protoPayload.methodName=\"google.cloud.ondemandscanning.v1.ScannerService.ListVulnerabilities\"\n ` \n\n### `google.cloud.ondemandscanning.v1beta1.ScannerService`\n\nThe following audit logs are associated with methods belonging to\n`google.cloud.ondemandscanning.v1beta1.ScannerService`.\n\n#### `AnalyzePackages`\n\n- **Method** : `google.cloud.ondemandscanning.v1beta1.ScannerService.AnalyzePackages` \n- **Audit log type** : [Data access](/logging/docs/audit#data-access) \n- **Permissions** :\n - `ondemandscanning.scans.analyzePackages - DATA_WRITE`\n- **Method is a long-running or streaming operation** : [**Long-running operation**](/logging/docs/audit/understanding-audit-logs#lro) \n- **Filter for this method** : `\n protoPayload.methodName=\"google.cloud.ondemandscanning.v1beta1.ScannerService.AnalyzePackages\"\n ` \n\n#### `ListVulnerabilities`\n\n- **Method** : `google.cloud.ondemandscanning.v1beta1.ScannerService.ListVulnerabilities` \n- **Audit log type** : [Data access](/logging/docs/audit#data-access) \n- **Permissions** :\n - `ondemandscanning.scans.listVulnerabilities - DATA_READ`\n- **Method is a long-running or streaming operation** : No. \n- **Filter for this method** : `\n protoPayload.methodName=\"google.cloud.ondemandscanning.v1beta1.ScannerService.ListVulnerabilities\"\n `"]]
