Geração de registros de auditoria da API On-Demand Scanning
Mantenha tudo organizado com as coleções
Salve e categorize o conteúdo com base nas suas preferências.
Este documento descreve o registro de auditoria da API de verificação sob demanda.Os serviços do Google Cloud
geram registros de auditoria que registram atividades administrativas e de acesso nos recursos do Google Cloud .
Para mais informações sobre os Registros de auditoria do Cloud, consulte:
Cada permissão do IAM tem uma propriedade type, que tem o valor de um tipo enumerado
que pode ser um dos quatro valores: ADMIN_READ, ADMIN_WRITE,
DATA_READ ou DATA_WRITE. Quando você chama um método,
a API On-Demand Scanning gera um registro de auditoria com categoria dependente da
propriedade type da permissão necessária para executar o método.
Métodos que exigem uma permissão do IAM com o valor da propriedade type
de DATA_READ, DATA_WRITE ou ADMIN_READ geram
registros de auditoria de acesso aos dados.
Métodos que exigem uma permissão do IAM com o valor da propriedade type
de ADMIN_WRITE geram
registros de auditoria de Atividade do administrador.
Para informações sobre como e quais permissões são avaliadas para cada método,
consulte a documentação do Identity and Access Management para a API On-Demand Scanning.
google.cloud.ondemandscanning.v1.ScannerService
Os registros de auditoria a seguir estão associados a métodos que pertencem a
google.cloud.ondemandscanning.v1.ScannerService.
[[["Fácil de entender","easyToUnderstand","thumb-up"],["Meu problema foi resolvido","solvedMyProblem","thumb-up"],["Outro","otherUp","thumb-up"]],[["Difícil de entender","hardToUnderstand","thumb-down"],["Informações incorretas ou exemplo de código","incorrectInformationOrSampleCode","thumb-down"],["Não contém as informações/amostras de que eu preciso","missingTheInformationSamplesINeed","thumb-down"],["Problema na tradução","translationIssue","thumb-down"],["Outro","otherDown","thumb-down"]],["Última atualização 2025-08-19 UTC."],[[["\u003cp\u003eOn-Demand Scanning API audit logs record administrative and data access activities, using the service name \u003ccode\u003eondemandscanning.googleapis.com\u003c/code\u003e for filtering.\u003c/p\u003e\n"],["\u003cp\u003eAudit log types are categorized as either Data Access or Admin Activity, based on the IAM permission type (\u003ccode\u003eDATA_READ\u003c/code\u003e, \u003ccode\u003eDATA_WRITE\u003c/code\u003e, or \u003ccode\u003eADMIN_WRITE\u003c/code\u003e) required for each method.\u003c/p\u003e\n"],["\u003cp\u003eMethods requiring \u003ccode\u003eDATA_READ\u003c/code\u003e, \u003ccode\u003eDATA_WRITE\u003c/code\u003e, or \u003ccode\u003eADMIN_READ\u003c/code\u003e permissions generate Data Access audit logs, while methods requiring \u003ccode\u003eADMIN_WRITE\u003c/code\u003e generate Admin Activity logs.\u003c/p\u003e\n"],["\u003cp\u003eThe methods \u003ccode\u003eAnalyzePackages\u003c/code\u003e and \u003ccode\u003eListVulnerabilities\u003c/code\u003e in both \u003ccode\u003egoogle.cloud.ondemandscanning.v1.ScannerService\u003c/code\u003e and \u003ccode\u003egoogle.cloud.ondemandscanning.v1beta1.ScannerService\u003c/code\u003e generate Data Access audit logs, with \u003ccode\u003eAnalyzePackages\u003c/code\u003e being a long-running operation.\u003c/p\u003e\n"],["\u003cp\u003eSpecific filters, such as \u003ccode\u003eprotoPayload.methodName="google.cloud.ondemandscanning.v1.ScannerService.AnalyzePackages"\u003c/code\u003e, can be used to identify audit logs for individual methods.\u003c/p\u003e\n"]]],[],null,["# On-Demand Scanning API Audit logging\n\nThis document describes audit logging for On-Demand Scanning API. Google Cloud services\ngenerate audit logs that record administrative and access activities within your Google Cloud resources.\nFor more information about Cloud Audit Logs, see the following:\n\n- [Types of audit logs](/logging/docs/audit#types)\n- [Audit log entry structure](/logging/docs/audit#audit_log_entry_structure)\n- [Storing and routing audit logs](/logging/docs/audit#storing_and_routing_audit_logs)\n- [Cloud Logging pricing summary](/stackdriver/pricing#logs-pricing-summary)\n- [Enable Data Access audit logs](/logging/docs/audit/configure-data-access)\n\n\u003cbr /\u003e\n\nService name\n------------\n\nOn-Demand Scanning API audit logs use the service name `ondemandscanning.googleapis.com`.\nFilter for this service: \n\n```gdscript\n protoPayload.serviceName=\"ondemandscanning.googleapis.com\"\n \n```\n\n\u003cbr /\u003e\n\nMethods by permission type\n--------------------------\n\nEach IAM permission has a `type` property, whose value is an enum\nthat can be one of four values: `ADMIN_READ`, `ADMIN_WRITE`,\n`DATA_READ`, or `DATA_WRITE`. When you call a method,\nOn-Demand Scanning API generates an audit log whose category is dependent on the\n`type` property of the permission required to perform the method.\n\nMethods that require an IAM permission with the `type` property value\nof `DATA_READ`, `DATA_WRITE`, or `ADMIN_READ` generate\n[Data Access](/logging/docs/audit#data-access) audit logs.\n\nMethods that require an IAM permission with the `type` property value\nof `ADMIN_WRITE` generate\n[Admin Activity](/logging/docs/audit#admin-activity) audit logs.\n\nAPI interface audit logs\n------------------------\n\nFor information about how and which permissions are evaluated for each method,\nsee the Identity and Access Management documentation for On-Demand Scanning API.\n\n### `google.cloud.ondemandscanning.v1.ScannerService`\n\nThe following audit logs are associated with methods belonging to\n`google.cloud.ondemandscanning.v1.ScannerService`.\n\n#### `AnalyzePackages`\n\n- **Method** : `google.cloud.ondemandscanning.v1.ScannerService.AnalyzePackages` \n- **Audit log type** : [Data access](/logging/docs/audit#data-access) \n- **Permissions** :\n - `ondemandscanning.scans.analyzePackages - DATA_WRITE`\n- **Method is a long-running or streaming operation** : [**Long-running operation**](/logging/docs/audit/understanding-audit-logs#lro) \n- **Filter for this method** : `\n protoPayload.methodName=\"google.cloud.ondemandscanning.v1.ScannerService.AnalyzePackages\"\n ` \n\n#### `ListVulnerabilities`\n\n- **Method** : `google.cloud.ondemandscanning.v1.ScannerService.ListVulnerabilities` \n- **Audit log type** : [Data access](/logging/docs/audit#data-access) \n- **Permissions** :\n - `ondemandscanning.scans.listVulnerabilities - DATA_READ`\n- **Method is a long-running or streaming operation** : No. \n- **Filter for this method** : `\n protoPayload.methodName=\"google.cloud.ondemandscanning.v1.ScannerService.ListVulnerabilities\"\n ` \n\n### `google.cloud.ondemandscanning.v1beta1.ScannerService`\n\nThe following audit logs are associated with methods belonging to\n`google.cloud.ondemandscanning.v1beta1.ScannerService`.\n\n#### `AnalyzePackages`\n\n- **Method** : `google.cloud.ondemandscanning.v1beta1.ScannerService.AnalyzePackages` \n- **Audit log type** : [Data access](/logging/docs/audit#data-access) \n- **Permissions** :\n - `ondemandscanning.scans.analyzePackages - DATA_WRITE`\n- **Method is a long-running or streaming operation** : [**Long-running operation**](/logging/docs/audit/understanding-audit-logs#lro) \n- **Filter for this method** : `\n protoPayload.methodName=\"google.cloud.ondemandscanning.v1beta1.ScannerService.AnalyzePackages\"\n ` \n\n#### `ListVulnerabilities`\n\n- **Method** : `google.cloud.ondemandscanning.v1beta1.ScannerService.ListVulnerabilities` \n- **Audit log type** : [Data access](/logging/docs/audit#data-access) \n- **Permissions** :\n - `ondemandscanning.scans.listVulnerabilities - DATA_READ`\n- **Method is a long-running or streaming operation** : No. \n- **Filter for this method** : `\n protoPayload.methodName=\"google.cloud.ondemandscanning.v1beta1.ScannerService.ListVulnerabilities\"\n `"]]
