Tetap teratur dengan koleksi
Simpan dan kategorikan konten berdasarkan preferensi Anda.
Dokumen ini menjelaskan logging audit untuk On-Demand Scanning API.Layanan Google Cloud
membuat log audit yang mencatat aktivitas administratif dan akses dalam resource Google Cloud Anda.
Untuk informasi selengkapnya tentang Cloud Audit Logs, lihat referensi berikut:
Setiap izin IAM memiliki properti type, yang nilainya adalah enum
yang dapat berupa salah satu dari empat nilai: ADMIN_READ, ADMIN_WRITE,
DATA_READ, atau DATA_WRITE. Saat Anda memanggil metode,
On-Demand Scanning API akan membuat log audit yang kategorinya bergantung pada
properti type dari izin yang diperlukan untuk menjalankan metode.
Metode yang memerlukan izin IAM dengan nilai properti typeDATA_READ, DATA_WRITE, atau ADMIN_READ akan menghasilkan log audit Akses Data.
Metode yang memerlukan izin IAM dengan nilai properti type dari ADMIN_WRITE akan membuat log audit Aktivitas Admin.
Untuk mengetahui informasi tentang cara dan izin mana yang dievaluasi untuk setiap metode, lihat dokumentasi Identity and Access Management untuk On-Demand Scanning API.
google.cloud.ondemandscanning.v1.ScannerService
Log audit berikut dikaitkan dengan metode yang termasuk dalam google.cloud.ondemandscanning.v1.ScannerService.
[[["Mudah dipahami","easyToUnderstand","thumb-up"],["Memecahkan masalah saya","solvedMyProblem","thumb-up"],["Lainnya","otherUp","thumb-up"]],[["Sulit dipahami","hardToUnderstand","thumb-down"],["Informasi atau kode contoh salah","incorrectInformationOrSampleCode","thumb-down"],["Informasi/contoh yang saya butuhkan tidak ada","missingTheInformationSamplesINeed","thumb-down"],["Masalah terjemahan","translationIssue","thumb-down"],["Lainnya","otherDown","thumb-down"]],["Terakhir diperbarui pada 2025-09-03 UTC."],[[["\u003cp\u003eOn-Demand Scanning API audit logs record administrative and data access activities, using the service name \u003ccode\u003eondemandscanning.googleapis.com\u003c/code\u003e for filtering.\u003c/p\u003e\n"],["\u003cp\u003eAudit log types are categorized as either Data Access or Admin Activity, based on the IAM permission type (\u003ccode\u003eDATA_READ\u003c/code\u003e, \u003ccode\u003eDATA_WRITE\u003c/code\u003e, or \u003ccode\u003eADMIN_WRITE\u003c/code\u003e) required for each method.\u003c/p\u003e\n"],["\u003cp\u003eMethods requiring \u003ccode\u003eDATA_READ\u003c/code\u003e, \u003ccode\u003eDATA_WRITE\u003c/code\u003e, or \u003ccode\u003eADMIN_READ\u003c/code\u003e permissions generate Data Access audit logs, while methods requiring \u003ccode\u003eADMIN_WRITE\u003c/code\u003e generate Admin Activity logs.\u003c/p\u003e\n"],["\u003cp\u003eThe methods \u003ccode\u003eAnalyzePackages\u003c/code\u003e and \u003ccode\u003eListVulnerabilities\u003c/code\u003e in both \u003ccode\u003egoogle.cloud.ondemandscanning.v1.ScannerService\u003c/code\u003e and \u003ccode\u003egoogle.cloud.ondemandscanning.v1beta1.ScannerService\u003c/code\u003e generate Data Access audit logs, with \u003ccode\u003eAnalyzePackages\u003c/code\u003e being a long-running operation.\u003c/p\u003e\n"],["\u003cp\u003eSpecific filters, such as \u003ccode\u003eprotoPayload.methodName="google.cloud.ondemandscanning.v1.ScannerService.AnalyzePackages"\u003c/code\u003e, can be used to identify audit logs for individual methods.\u003c/p\u003e\n"]]],[],null,["# On-Demand Scanning API Audit logging\n\nThis document describes audit logging for On-Demand Scanning API. Google Cloud services\ngenerate audit logs that record administrative and access activities within your Google Cloud resources.\nFor more information about Cloud Audit Logs, see the following:\n\n- [Types of audit logs](/logging/docs/audit#types)\n- [Audit log entry structure](/logging/docs/audit#audit_log_entry_structure)\n- [Storing and routing audit logs](/logging/docs/audit#storing_and_routing_audit_logs)\n- [Cloud Logging pricing summary](/stackdriver/pricing#logs-pricing-summary)\n- [Enable Data Access audit logs](/logging/docs/audit/configure-data-access)\n\n\u003cbr /\u003e\n\nService name\n------------\n\nOn-Demand Scanning API audit logs use the service name `ondemandscanning.googleapis.com`.\nFilter for this service: \n\n```gdscript\n protoPayload.serviceName=\"ondemandscanning.googleapis.com\"\n \n```\n\n\u003cbr /\u003e\n\nMethods by permission type\n--------------------------\n\nEach IAM permission has a `type` property, whose value is an enum\nthat can be one of four values: `ADMIN_READ`, `ADMIN_WRITE`,\n`DATA_READ`, or `DATA_WRITE`. When you call a method,\nOn-Demand Scanning API generates an audit log whose category is dependent on the\n`type` property of the permission required to perform the method.\n\nMethods that require an IAM permission with the `type` property value\nof `DATA_READ`, `DATA_WRITE`, or `ADMIN_READ` generate\n[Data Access](/logging/docs/audit#data-access) audit logs.\n\nMethods that require an IAM permission with the `type` property value\nof `ADMIN_WRITE` generate\n[Admin Activity](/logging/docs/audit#admin-activity) audit logs.\n\nAPI interface audit logs\n------------------------\n\nFor information about how and which permissions are evaluated for each method,\nsee the Identity and Access Management documentation for On-Demand Scanning API.\n\n### `google.cloud.ondemandscanning.v1.ScannerService`\n\nThe following audit logs are associated with methods belonging to\n`google.cloud.ondemandscanning.v1.ScannerService`.\n\n#### `AnalyzePackages`\n\n- **Method** : `google.cloud.ondemandscanning.v1.ScannerService.AnalyzePackages` \n- **Audit log type** : [Data access](/logging/docs/audit#data-access) \n- **Permissions** :\n - `ondemandscanning.scans.analyzePackages - DATA_WRITE`\n- **Method is a long-running or streaming operation** : [**Long-running operation**](/logging/docs/audit/understanding-audit-logs#lro) \n- **Filter for this method** : `\n protoPayload.methodName=\"google.cloud.ondemandscanning.v1.ScannerService.AnalyzePackages\"\n ` \n\n#### `ListVulnerabilities`\n\n- **Method** : `google.cloud.ondemandscanning.v1.ScannerService.ListVulnerabilities` \n- **Audit log type** : [Data access](/logging/docs/audit#data-access) \n- **Permissions** :\n - `ondemandscanning.scans.listVulnerabilities - DATA_READ`\n- **Method is a long-running or streaming operation** : No. \n- **Filter for this method** : `\n protoPayload.methodName=\"google.cloud.ondemandscanning.v1.ScannerService.ListVulnerabilities\"\n ` \n\n### `google.cloud.ondemandscanning.v1beta1.ScannerService`\n\nThe following audit logs are associated with methods belonging to\n`google.cloud.ondemandscanning.v1beta1.ScannerService`.\n\n#### `AnalyzePackages`\n\n- **Method** : `google.cloud.ondemandscanning.v1beta1.ScannerService.AnalyzePackages` \n- **Audit log type** : [Data access](/logging/docs/audit#data-access) \n- **Permissions** :\n - `ondemandscanning.scans.analyzePackages - DATA_WRITE`\n- **Method is a long-running or streaming operation** : [**Long-running operation**](/logging/docs/audit/understanding-audit-logs#lro) \n- **Filter for this method** : `\n protoPayload.methodName=\"google.cloud.ondemandscanning.v1beta1.ScannerService.AnalyzePackages\"\n ` \n\n#### `ListVulnerabilities`\n\n- **Method** : `google.cloud.ondemandscanning.v1beta1.ScannerService.ListVulnerabilities` \n- **Audit log type** : [Data access](/logging/docs/audit#data-access) \n- **Permissions** :\n - `ondemandscanning.scans.listVulnerabilities - DATA_READ`\n- **Method is a long-running or streaming operation** : No. \n- **Filter for this method** : `\n protoPayload.methodName=\"google.cloud.ondemandscanning.v1beta1.ScannerService.ListVulnerabilities\"\n `"]]
