本文档介绍了 Security Command Center 的审核日志记录。Google Cloud 服务会生成审核日志,以记录 Google Cloud 资源中的管理和访问活动。 如需详细了解 Cloud Audit Logs,请参阅以下内容:
备注
根据激活 Security Command Center 的级别(项目级或组织级),以下部分中的某些操作不一定会出现在审核日志中。
服务名称
Security Command Center 审核日志使用服务名称 securitycenter.googleapis.com
。
针对此服务的过滤条件:
protoPayload.serviceName="securitycenter.googleapis.com"
方法(按权限类型)
每个 IAM 权限都有一个 type
属性,该属性的值是一个枚举,可以是以下四个值之一:ADMIN_READ
、ADMIN_WRITE
、DATA_READ
或 DATA_WRITE
。当您调用某个方法时,Security Command Center 会生成一个审核日志,其类别取决于执行该方法所需权限的 type
属性。需要 IAM 权限且 type
属性值为 DATA_READ
、DATA_WRITE
或 ADMIN_READ
的方法会生成数据访问审核日志。需要 IAM 权限且 type
属性值为 ADMIN_WRITE
的方法会生成管理员活动审核日志。
权限类型 | 方法 |
---|---|
ADMIN_READ |
google.cloud.securitycenter.settings.v1beta2.Settings.CalculateContainerThreatDetectionSettings google.cloud.securitycenter.settings.v1beta2.Settings.CalculateEventThreatDetectionSettings google.cloud.securitycenter.settings.v1beta2.Settings.CalculateRapidVulnerabilityDetectionSettings google.cloud.securitycenter.settings.v1beta2.Settings.CalculateSecurityHealthAnalyticsSettings google.cloud.securitycenter.settings.v1beta2.Settings.CalculateVirtualMachineThreatDetectionSettings google.cloud.securitycenter.settings.v1beta2.Settings.CalculateWebSecurityScannerSettings google.cloud.securitycenter.settings.v1beta2.Settings.GetContainerThreatDetectionSettings google.cloud.securitycenter.settings.v1beta2.Settings.GetEventThreatDetectionSettings google.cloud.securitycenter.settings.v1beta2.Settings.GetRapidVulnerabilityDetectionSettings google.cloud.securitycenter.settings.v1beta2.Settings.GetSecurityCenterSettings google.cloud.securitycenter.settings.v1beta2.Settings.GetSecurityHealthAnalyticsSettings google.cloud.securitycenter.settings.v1beta2.Settings.GetSubscription google.cloud.securitycenter.settings.v1beta2.Settings.GetVirtualMachineThreatDetectionSettings google.cloud.securitycenter.settings.v1beta2.Settings.GetWebSecurityScannerSettings google.cloud.securitycenter.v1.SecurityCenter.GetBigQueryExport google.cloud.securitycenter.v1.SecurityCenter.GetEffectiveEventThreatDetectionCustomModule google.cloud.securitycenter.v1.SecurityCenter.GetEffectiveSecurityHealthAnalyticsCustomModule google.cloud.securitycenter.v1.SecurityCenter.GetEventThreatDetectionCustomModule google.cloud.securitycenter.v1.SecurityCenter.GetIamPolicy google.cloud.securitycenter.v1.SecurityCenter.GetMuteConfig google.cloud.securitycenter.v1.SecurityCenter.GetOrganizationSettings google.cloud.securitycenter.v1.SecurityCenter.GetResourceValueConfig google.cloud.securitycenter.v1.SecurityCenter.GetSecurityHealthAnalyticsCustomModule google.cloud.securitycenter.v1.SecurityCenter.GetValuedResource google.cloud.securitycenter.v1.SecurityCenter.ListBigQueryExports google.cloud.securitycenter.v1.SecurityCenter.ListDescendantEventThreatDetectionCustomModules google.cloud.securitycenter.v1.SecurityCenter.ListDescendantSecurityHealthAnalyticsCustomModules google.cloud.securitycenter.v1.SecurityCenter.ListEffectiveEventThreatDetectionCustomModules google.cloud.securitycenter.v1.SecurityCenter.ListEffectiveSecurityHealthAnalyticsCustomModules google.cloud.securitycenter.v1.SecurityCenter.ListEventThreatDetectionCustomModules google.cloud.securitycenter.v1.SecurityCenter.ListMuteConfigs google.cloud.securitycenter.v1.SecurityCenter.ListResourceValueConfigs google.cloud.securitycenter.v1.SecurityCenter.ListSecurityHealthAnalyticsCustomModules google.cloud.securitycenter.v1.SecurityCenter.SimulateSecurityHealthAnalyticsCustomModule google.cloud.securitycenter.v1.SecurityCenter.ValidateEventThreatDetectionCustomModule google.cloud.securitycenter.v1beta1.SecurityCenter.GetIamPolicy google.cloud.securitycenter.v1beta1.SecurityCenter.GetOrganizationSettings google.cloud.securitycenter.v1p1beta1.SecurityCenter.GetIamPolicy google.cloud.securitycenter.v1p1beta1.SecurityCenter.GetOrganizationSettings google.cloud.securitycenter.v2.SecurityCenter.GetBigQueryExport google.cloud.securitycenter.v2.SecurityCenter.GetIamPolicy google.cloud.securitycenter.v2.SecurityCenter.GetMuteConfig google.cloud.securitycenter.v2.SecurityCenter.GetResourceValueConfig google.cloud.securitycenter.v2.SecurityCenter.GetValuedResource google.cloud.securitycenter.v2.SecurityCenter.ListBigQueryExports google.cloud.securitycenter.v2.SecurityCenter.ListMuteConfigs google.cloud.securitycenter.v2.SecurityCenter.ListResourceValueConfigs |
ADMIN_WRITE |
google.cloud.securitycenter.settings.v1beta2.Settings.UpdateContainerThreatDetectionSettings google.cloud.securitycenter.settings.v1beta2.Settings.UpdateEventThreatDetectionSettings google.cloud.securitycenter.settings.v1beta2.Settings.UpdateRapidVulnerabilityDetectionSettings google.cloud.securitycenter.settings.v1beta2.Settings.UpdateSecurityHealthAnalyticsSettings google.cloud.securitycenter.settings.v1beta2.Settings.UpdateVirtualMachineThreatDetectionSettings google.cloud.securitycenter.settings.v1beta2.Settings.UpdateWebSecurityScannerSettings google.cloud.securitycenter.v1.SecurityCenter.BatchCreateResourceValueConfigs google.cloud.securitycenter.v1.SecurityCenter.CreateBigQueryExport google.cloud.securitycenter.v1.SecurityCenter.CreateEventThreatDetectionCustomModule google.cloud.securitycenter.v1.SecurityCenter.CreateMuteConfig google.cloud.securitycenter.v1.SecurityCenter.CreateSecurityHealthAnalyticsCustomModule google.cloud.securitycenter.v1.SecurityCenter.DeleteBigQueryExport google.cloud.securitycenter.v1.SecurityCenter.DeleteEventThreatDetectionCustomModule google.cloud.securitycenter.v1.SecurityCenter.DeleteMuteConfig google.cloud.securitycenter.v1.SecurityCenter.DeleteResourceValueConfig google.cloud.securitycenter.v1.SecurityCenter.DeleteSecurityHealthAnalyticsCustomModule google.cloud.securitycenter.v1.SecurityCenter.SetIamPolicy google.cloud.securitycenter.v1.SecurityCenter.UpdateBigQueryExport google.cloud.securitycenter.v1.SecurityCenter.UpdateEventThreatDetectionCustomModule google.cloud.securitycenter.v1.SecurityCenter.UpdateMuteConfig google.cloud.securitycenter.v1.SecurityCenter.UpdateOrganizationSettings google.cloud.securitycenter.v1.SecurityCenter.UpdateResourceValueConfig google.cloud.securitycenter.v1.SecurityCenter.UpdateSecurityHealthAnalyticsCustomModule google.cloud.securitycenter.v1beta1.SecurityCenter.SetIamPolicy google.cloud.securitycenter.v1beta1.SecurityCenter.UpdateOrganizationSettings google.cloud.securitycenter.v1p1beta1.SecurityCenter.SetIamPolicy google.cloud.securitycenter.v1p1beta1.SecurityCenter.UpdateOrganizationSettings google.cloud.securitycenter.v2.SecurityCenter.BatchCreateResourceValueConfigs google.cloud.securitycenter.v2.SecurityCenter.CreateBigQueryExport google.cloud.securitycenter.v2.SecurityCenter.CreateMuteConfig google.cloud.securitycenter.v2.SecurityCenter.DeleteBigQueryExport google.cloud.securitycenter.v2.SecurityCenter.DeleteMuteConfig google.cloud.securitycenter.v2.SecurityCenter.DeleteResourceValueConfig google.cloud.securitycenter.v2.SecurityCenter.SetIamPolicy google.cloud.securitycenter.v2.SecurityCenter.UpdateBigQueryExport google.cloud.securitycenter.v2.SecurityCenter.UpdateMuteConfig google.cloud.securitycenter.v2.SecurityCenter.UpdateResourceValueConfig |
DATA_READ |
google.cloud.securitycenter.v1.SecurityCenter.GetNotificationConfig google.cloud.securitycenter.v1.SecurityCenter.GetSimulation google.cloud.securitycenter.v1.SecurityCenter.GetSource google.cloud.securitycenter.v1.SecurityCenter.GroupAssets google.cloud.securitycenter.v1.SecurityCenter.GroupFindings google.cloud.securitycenter.v1.SecurityCenter.ListAssets google.cloud.securitycenter.v1.SecurityCenter.ListAttackPaths google.cloud.securitycenter.v1.SecurityCenter.ListFindings google.cloud.securitycenter.v1.SecurityCenter.ListNotificationConfigs google.cloud.securitycenter.v1.SecurityCenter.ListSources google.cloud.securitycenter.v1.SecurityCenter.ListValuedResources google.cloud.securitycenter.v1beta1.SecurityCenter.GetSource google.cloud.securitycenter.v1beta1.SecurityCenter.GroupAssets google.cloud.securitycenter.v1beta1.SecurityCenter.GroupFindings google.cloud.securitycenter.v1beta1.SecurityCenter.ListAssets google.cloud.securitycenter.v1beta1.SecurityCenter.ListFindings google.cloud.securitycenter.v1beta1.SecurityCenter.ListSources google.cloud.securitycenter.v1p1beta1.SecurityCenter.GetNotificationConfig google.cloud.securitycenter.v1p1beta1.SecurityCenter.GetSource google.cloud.securitycenter.v1p1beta1.SecurityCenter.GroupAssets google.cloud.securitycenter.v1p1beta1.SecurityCenter.GroupFindings google.cloud.securitycenter.v1p1beta1.SecurityCenter.ListAssets google.cloud.securitycenter.v1p1beta1.SecurityCenter.ListFindings google.cloud.securitycenter.v1p1beta1.SecurityCenter.ListNotificationConfigs google.cloud.securitycenter.v1p1beta1.SecurityCenter.ListSources google.cloud.securitycenter.v2.SecurityCenter.GetNotificationConfig google.cloud.securitycenter.v2.SecurityCenter.GetSimulation google.cloud.securitycenter.v2.SecurityCenter.GetSource google.cloud.securitycenter.v2.SecurityCenter.GroupFindings google.cloud.securitycenter.v2.SecurityCenter.ListAttackPaths google.cloud.securitycenter.v2.SecurityCenter.ListFindings google.cloud.securitycenter.v2.SecurityCenter.ListNotificationConfigs google.cloud.securitycenter.v2.SecurityCenter.ListSources google.cloud.securitycenter.v2.SecurityCenter.ListValuedResources |
DATA_WRITE |
google.cloud.securitycenter.v1.SecurityCenter.BulkMuteFindings google.cloud.securitycenter.v1.SecurityCenter.CreateFinding google.cloud.securitycenter.v1.SecurityCenter.CreateNotificationConfig google.cloud.securitycenter.v1.SecurityCenter.CreateSource google.cloud.securitycenter.v1.SecurityCenter.DeleteNotificationConfig google.cloud.securitycenter.v1.SecurityCenter.SetFindingState google.cloud.securitycenter.v1.SecurityCenter.SetMute google.cloud.securitycenter.v1.SecurityCenter.UpdateExternalSystem google.cloud.securitycenter.v1.SecurityCenter.UpdateFinding google.cloud.securitycenter.v1.SecurityCenter.UpdateNotificationConfig google.cloud.securitycenter.v1.SecurityCenter.UpdateSecurityMarks google.cloud.securitycenter.v1.SecurityCenter.UpdateSource google.cloud.securitycenter.v1beta1.SecurityCenter.CreateFinding google.cloud.securitycenter.v1beta1.SecurityCenter.CreateSource google.cloud.securitycenter.v1beta1.SecurityCenter.SetFindingState google.cloud.securitycenter.v1beta1.SecurityCenter.UpdateFinding google.cloud.securitycenter.v1beta1.SecurityCenter.UpdateSecurityMarks google.cloud.securitycenter.v1beta1.SecurityCenter.UpdateSource google.cloud.securitycenter.v1p1beta1.SecurityCenter.CreateFinding google.cloud.securitycenter.v1p1beta1.SecurityCenter.CreateNotificationConfig google.cloud.securitycenter.v1p1beta1.SecurityCenter.CreateSource google.cloud.securitycenter.v1p1beta1.SecurityCenter.DeleteNotificationConfig google.cloud.securitycenter.v1p1beta1.SecurityCenter.SetFindingState google.cloud.securitycenter.v1p1beta1.SecurityCenter.UpdateFinding google.cloud.securitycenter.v1p1beta1.SecurityCenter.UpdateNotificationConfig google.cloud.securitycenter.v1p1beta1.SecurityCenter.UpdateSecurityMarks google.cloud.securitycenter.v1p1beta1.SecurityCenter.UpdateSource google.cloud.securitycenter.v2.SecurityCenter.BulkMuteFindings google.cloud.securitycenter.v2.SecurityCenter.CreateFinding google.cloud.securitycenter.v2.SecurityCenter.CreateNotificationConfig google.cloud.securitycenter.v2.SecurityCenter.CreateSource google.cloud.securitycenter.v2.SecurityCenter.DeleteNotificationConfig google.cloud.securitycenter.v2.SecurityCenter.SetFindingState google.cloud.securitycenter.v2.SecurityCenter.SetMute google.cloud.securitycenter.v2.SecurityCenter.UpdateExternalSystem google.cloud.securitycenter.v2.SecurityCenter.UpdateFinding google.cloud.securitycenter.v2.SecurityCenter.UpdateNotificationConfig google.cloud.securitycenter.v2.SecurityCenter.UpdateSecurityMarks google.cloud.securitycenter.v2.SecurityCenter.UpdateSource |
API 接口审核日志
如需了解如何针对每种方法评估权限以及评估哪些权限,请参阅 Security Command Center 的 Identity and Access Management 文档。
google.cloud.securitycenter.settings.v1beta2.Settings
以下审核日志与属于 google.cloud.securitycenter.settings.v1beta2.Settings
的方法相关联。
CalculateContainerThreatDetectionSettings
- 方法:
google.cloud.securitycenter.settings.v1beta2.Settings.CalculateContainerThreatDetectionSettings
- 审核日志类型:数据访问
- 权限:
securitycenter.containerthreatdetectionsettings.calculate - ADMIN_READ
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.settings.v1beta2.Settings.CalculateContainerThreatDetectionSettings"
CalculateEventThreatDetectionSettings
- 方法:
google.cloud.securitycenter.settings.v1beta2.Settings.CalculateEventThreatDetectionSettings
- 审核日志类型:数据访问
- 权限:
securitycenter.eventthreatdetectionsettings.calculate - ADMIN_READ
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.settings.v1beta2.Settings.CalculateEventThreatDetectionSettings"
CalculateRapidVulnerabilityDetectionSettings
- 方法:
google.cloud.securitycenter.settings.v1beta2.Settings.CalculateRapidVulnerabilityDetectionSettings
- 审核日志类型:数据访问
- 权限:
securitycenter.rapidvulnerabilitydetectionsettings.calculate - ADMIN_READ
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.settings.v1beta2.Settings.CalculateRapidVulnerabilityDetectionSettings"
CalculateSecurityHealthAnalyticsSettings
- 方法:
google.cloud.securitycenter.settings.v1beta2.Settings.CalculateSecurityHealthAnalyticsSettings
- 审核日志类型:数据访问
- 权限:
securitycenter.securityhealthanalyticssettings.calculate - ADMIN_READ
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.settings.v1beta2.Settings.CalculateSecurityHealthAnalyticsSettings"
CalculateVirtualMachineThreatDetectionSettings
- 方法:
google.cloud.securitycenter.settings.v1beta2.Settings.CalculateVirtualMachineThreatDetectionSettings
- 审核日志类型:数据访问
- 权限:
securitycenter.virtualmachinethreatdetectionsettings.calculate - ADMIN_READ
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.settings.v1beta2.Settings.CalculateVirtualMachineThreatDetectionSettings"
CalculateWebSecurityScannerSettings
- 方法:
google.cloud.securitycenter.settings.v1beta2.Settings.CalculateWebSecurityScannerSettings
- 审核日志类型:数据访问
- 权限:
securitycenter.websecurityscannersettings.calculate - ADMIN_READ
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.settings.v1beta2.Settings.CalculateWebSecurityScannerSettings"
GetContainerThreatDetectionSettings
- 方法:
google.cloud.securitycenter.settings.v1beta2.Settings.GetContainerThreatDetectionSettings
- 审核日志类型:数据访问
- 权限:
securitycenter.containerthreatdetectionsettings.get - ADMIN_READ
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.settings.v1beta2.Settings.GetContainerThreatDetectionSettings"
GetEventThreatDetectionSettings
- 方法:
google.cloud.securitycenter.settings.v1beta2.Settings.GetEventThreatDetectionSettings
- 审核日志类型:数据访问
- 权限:
securitycenter.eventthreatdetectionsettings.get - ADMIN_READ
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.settings.v1beta2.Settings.GetEventThreatDetectionSettings"
GetRapidVulnerabilityDetectionSettings
- 方法:
google.cloud.securitycenter.settings.v1beta2.Settings.GetRapidVulnerabilityDetectionSettings
- 审核日志类型:数据访问
- 权限:
securitycenter.rapidvulnerabilitydetectionsettings.get - ADMIN_READ
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.settings.v1beta2.Settings.GetRapidVulnerabilityDetectionSettings"
GetSecurityCenterSettings
- 方法:
google.cloud.securitycenter.settings.v1beta2.Settings.GetSecurityCenterSettings
- 审核日志类型:数据访问
- 权限:
securitycenter.securitycentersettings.get - ADMIN_READ
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.settings.v1beta2.Settings.GetSecurityCenterSettings"
GetSecurityHealthAnalyticsSettings
- 方法:
google.cloud.securitycenter.settings.v1beta2.Settings.GetSecurityHealthAnalyticsSettings
- 审核日志类型:数据访问
- 权限:
securitycenter.securityhealthanalyticssettings.get - ADMIN_READ
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.settings.v1beta2.Settings.GetSecurityHealthAnalyticsSettings"
GetSubscription
- 方法:
google.cloud.securitycenter.settings.v1beta2.Settings.GetSubscription
- 审核日志类型:数据访问
- 权限:
securitycenter.subscription.get - ADMIN_READ
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.settings.v1beta2.Settings.GetSubscription"
GetVirtualMachineThreatDetectionSettings
- 方法:
google.cloud.securitycenter.settings.v1beta2.Settings.GetVirtualMachineThreatDetectionSettings
- 审核日志类型:数据访问
- 权限:
securitycenter.virtualmachinethreatdetectionsettings.get - ADMIN_READ
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.settings.v1beta2.Settings.GetVirtualMachineThreatDetectionSettings"
GetWebSecurityScannerSettings
- 方法:
google.cloud.securitycenter.settings.v1beta2.Settings.GetWebSecurityScannerSettings
- 审核日志类型:数据访问
- 权限:
securitycenter.websecurityscannersettings.get - ADMIN_READ
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.settings.v1beta2.Settings.GetWebSecurityScannerSettings"
UpdateContainerThreatDetectionSettings
- 方法:
google.cloud.securitycenter.settings.v1beta2.Settings.UpdateContainerThreatDetectionSettings
- 审核日志类型:管理员活动
- 权限:
securitycenter.containerthreatdetectionsettings.update - ADMIN_WRITE
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.settings.v1beta2.Settings.UpdateContainerThreatDetectionSettings"
UpdateEventThreatDetectionSettings
- 方法:
google.cloud.securitycenter.settings.v1beta2.Settings.UpdateEventThreatDetectionSettings
- 审核日志类型:管理员活动
- 权限:
securitycenter.eventthreatdetectionsettings.update - ADMIN_WRITE
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.settings.v1beta2.Settings.UpdateEventThreatDetectionSettings"
UpdateRapidVulnerabilityDetectionSettings
- 方法:
google.cloud.securitycenter.settings.v1beta2.Settings.UpdateRapidVulnerabilityDetectionSettings
- 审核日志类型:管理员活动
- 权限:
securitycenter.rapidvulnerabilitydetectionsettings.update - ADMIN_WRITE
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.settings.v1beta2.Settings.UpdateRapidVulnerabilityDetectionSettings"
UpdateSecurityHealthAnalyticsSettings
- 方法:
google.cloud.securitycenter.settings.v1beta2.Settings.UpdateSecurityHealthAnalyticsSettings
- 审核日志类型:管理员活动
- 权限:
securitycenter.securityhealthanalyticssettings.update - ADMIN_WRITE
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.settings.v1beta2.Settings.UpdateSecurityHealthAnalyticsSettings"
UpdateVirtualMachineThreatDetectionSettings
- 方法:
google.cloud.securitycenter.settings.v1beta2.Settings.UpdateVirtualMachineThreatDetectionSettings
- 审核日志类型:管理员活动
- 权限:
securitycenter.virtualmachinethreatdetectionsettings.update - ADMIN_WRITE
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.settings.v1beta2.Settings.UpdateVirtualMachineThreatDetectionSettings"
UpdateWebSecurityScannerSettings
- 方法:
google.cloud.securitycenter.settings.v1beta2.Settings.UpdateWebSecurityScannerSettings
- 审核日志类型:管理员活动
- 权限:
securitycenter.websecurityscannersettings.update - ADMIN_WRITE
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.settings.v1beta2.Settings.UpdateWebSecurityScannerSettings"
google.cloud.securitycenter.v1.SecurityCenter
以下审核日志与属于 google.cloud.securitycenter.v1.SecurityCenter
的方法相关联。
BatchCreateResourceValueConfigs
- 方法:
google.cloud.securitycenter.v1.SecurityCenter.BatchCreateResourceValueConfigs
- 审核日志类型:管理员活动
- 权限:
securitycenter.resourcevalueconfigs.create - ADMIN_WRITE
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v1.SecurityCenter.BatchCreateResourceValueConfigs"
BulkMuteFindings
- 方法:
google.cloud.securitycenter.v1.SecurityCenter.BulkMuteFindings
- 审核日志类型:数据访问
- 权限:
securitycenter.findings.bulkMuteUpdate - DATA_WRITE
- 方法是长时间运行的操作或流式传输操作:长时间运行的操作
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v1.SecurityCenter.BulkMuteFindings"
CreateBigQueryExport
- 方法:
google.cloud.securitycenter.v1.SecurityCenter.CreateBigQueryExport
- 审核日志类型:管理员活动
- 权限:
securitycenter.bigQueryExports.create - ADMIN_WRITE
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v1.SecurityCenter.CreateBigQueryExport"
CreateEventThreatDetectionCustomModule
- 方法:
google.cloud.securitycenter.v1.SecurityCenter.CreateEventThreatDetectionCustomModule
- 审核日志类型:管理员活动
- 权限:
securitycenter.eventthreatdetectioncustommodules.create - ADMIN_WRITE
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v1.SecurityCenter.CreateEventThreatDetectionCustomModule"
CreateFinding
- 方法:
google.cloud.securitycenter.v1.SecurityCenter.CreateFinding
- 审核日志类型:数据访问
- 权限:
securitycenter.findings.update - DATA_WRITE
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v1.SecurityCenter.CreateFinding"
CreateMuteConfig
- 方法:
google.cloud.securitycenter.v1.SecurityCenter.CreateMuteConfig
- 审核日志类型:管理员活动
- 权限:
securitycenter.muteconfigs.create - ADMIN_WRITE
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v1.SecurityCenter.CreateMuteConfig"
CreateNotificationConfig
- 方法:
google.cloud.securitycenter.v1.SecurityCenter.CreateNotificationConfig
- 审核日志类型:数据访问
- 权限:
securitycenter.notificationconfig.create - DATA_WRITE
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v1.SecurityCenter.CreateNotificationConfig"
CreateSecurityHealthAnalyticsCustomModule
- 方法:
google.cloud.securitycenter.v1.SecurityCenter.CreateSecurityHealthAnalyticsCustomModule
- 审核日志类型:管理员活动
- 权限:
securitycenter.securityhealthanalyticscustommodules.create - ADMIN_WRITE
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v1.SecurityCenter.CreateSecurityHealthAnalyticsCustomModule"
CreateSource
- 方法:
google.cloud.securitycenter.v1.SecurityCenter.CreateSource
- 审核日志类型:数据访问
- 权限:
securitycenter.sources.update - DATA_WRITE
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v1.SecurityCenter.CreateSource"
DeleteBigQueryExport
- 方法:
google.cloud.securitycenter.v1.SecurityCenter.DeleteBigQueryExport
- 审核日志类型:管理员活动
- 权限:
securitycenter.bigQueryExports.delete - ADMIN_WRITE
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v1.SecurityCenter.DeleteBigQueryExport"
DeleteEventThreatDetectionCustomModule
- 方法:
google.cloud.securitycenter.v1.SecurityCenter.DeleteEventThreatDetectionCustomModule
- 审核日志类型:管理员活动
- 权限:
securitycenter.eventthreatdetectioncustommodules.delete - ADMIN_WRITE
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v1.SecurityCenter.DeleteEventThreatDetectionCustomModule"
DeleteMuteConfig
- 方法:
google.cloud.securitycenter.v1.SecurityCenter.DeleteMuteConfig
- 审核日志类型:管理员活动
- 权限:
securitycenter.muteconfigs.delete - ADMIN_WRITE
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v1.SecurityCenter.DeleteMuteConfig"
DeleteNotificationConfig
- 方法:
google.cloud.securitycenter.v1.SecurityCenter.DeleteNotificationConfig
- 审核日志类型:数据访问
- 权限:
securitycenter.notificationconfig.delete - DATA_WRITE
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v1.SecurityCenter.DeleteNotificationConfig"
DeleteResourceValueConfig
- 方法:
google.cloud.securitycenter.v1.SecurityCenter.DeleteResourceValueConfig
- 审核日志类型:管理员活动
- 权限:
securitycenter.resourcevalueconfigs.delete - ADMIN_WRITE
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v1.SecurityCenter.DeleteResourceValueConfig"
DeleteSecurityHealthAnalyticsCustomModule
- 方法:
google.cloud.securitycenter.v1.SecurityCenter.DeleteSecurityHealthAnalyticsCustomModule
- 审核日志类型:管理员活动
- 权限:
securitycenter.securityhealthanalyticscustommodules.delete - ADMIN_WRITE
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v1.SecurityCenter.DeleteSecurityHealthAnalyticsCustomModule"
GetBigQueryExport
- 方法:
google.cloud.securitycenter.v1.SecurityCenter.GetBigQueryExport
- 审核日志类型:数据访问
- 权限:
securitycenter.bigQueryExports.get - ADMIN_READ
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v1.SecurityCenter.GetBigQueryExport"
GetEffectiveEventThreatDetectionCustomModule
- 方法:
google.cloud.securitycenter.v1.SecurityCenter.GetEffectiveEventThreatDetectionCustomModule
- 审核日志类型:数据访问
- 权限:
securitycenter.effectiveeventthreatdetectioncustommodules.get - ADMIN_READ
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v1.SecurityCenter.GetEffectiveEventThreatDetectionCustomModule"
GetEffectiveSecurityHealthAnalyticsCustomModule
- 方法:
google.cloud.securitycenter.v1.SecurityCenter.GetEffectiveSecurityHealthAnalyticsCustomModule
- 审核日志类型:数据访问
- 权限:
securitycenter.effectivesecurityhealthanalyticscustommodules.get - ADMIN_READ
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v1.SecurityCenter.GetEffectiveSecurityHealthAnalyticsCustomModule"
GetEventThreatDetectionCustomModule
- 方法:
google.cloud.securitycenter.v1.SecurityCenter.GetEventThreatDetectionCustomModule
- 审核日志类型:数据访问
- 权限:
securitycenter.eventthreatdetectioncustommodules.get - ADMIN_READ
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v1.SecurityCenter.GetEventThreatDetectionCustomModule"
GetIamPolicy
- 方法:
google.cloud.securitycenter.v1.SecurityCenter.GetIamPolicy
- 审核日志类型:数据访问
- 权限:
securitycenter.sources.getIamPolicy - ADMIN_READ
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v1.SecurityCenter.GetIamPolicy"
GetMuteConfig
- 方法:
google.cloud.securitycenter.v1.SecurityCenter.GetMuteConfig
- 审核日志类型:数据访问
- 权限:
securitycenter.muteconfigs.get - ADMIN_READ
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v1.SecurityCenter.GetMuteConfig"
GetNotificationConfig
- 方法:
google.cloud.securitycenter.v1.SecurityCenter.GetNotificationConfig
- 审核日志类型:数据访问
- 权限:
securitycenter.notificationconfig.get - DATA_READ
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v1.SecurityCenter.GetNotificationConfig"
GetOrganizationSettings
- 方法:
google.cloud.securitycenter.v1.SecurityCenter.GetOrganizationSettings
- 审核日志类型:数据访问
- 权限:
securitycenter.organizationsettings.get - ADMIN_READ
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v1.SecurityCenter.GetOrganizationSettings"
GetResourceValueConfig
- 方法:
google.cloud.securitycenter.v1.SecurityCenter.GetResourceValueConfig
- 审核日志类型:数据访问
- 权限:
securitycenter.resourcevalueconfigs.get - ADMIN_READ
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v1.SecurityCenter.GetResourceValueConfig"
GetSecurityHealthAnalyticsCustomModule
- 方法:
google.cloud.securitycenter.v1.SecurityCenter.GetSecurityHealthAnalyticsCustomModule
- 审核日志类型:数据访问
- 权限:
securitycenter.securityhealthanalyticscustommodules.get - ADMIN_READ
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v1.SecurityCenter.GetSecurityHealthAnalyticsCustomModule"
GetSimulation
- 方法:
google.cloud.securitycenter.v1.SecurityCenter.GetSimulation
- 审核日志类型:数据访问
- 权限:
securitycenter.simulations.get - DATA_READ
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v1.SecurityCenter.GetSimulation"
GetSource
- 方法:
google.cloud.securitycenter.v1.SecurityCenter.GetSource
- 审核日志类型:数据访问
- 权限:
securitycenter.sources.get - DATA_READ
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v1.SecurityCenter.GetSource"
GetValuedResource
- 方法:
google.cloud.securitycenter.v1.SecurityCenter.GetValuedResource
- 审核日志类型:数据访问
- 权限:
securitycenter.valuedresources.get - ADMIN_READ
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v1.SecurityCenter.GetValuedResource"
GroupAssets
- 方法:
google.cloud.securitycenter.v1.SecurityCenter.GroupAssets
- 审核日志类型:数据访问
- 权限:
securitycenter.assets.group - DATA_READ
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v1.SecurityCenter.GroupAssets"
GroupFindings
- 方法:
google.cloud.securitycenter.v1.SecurityCenter.GroupFindings
- 审核日志类型:数据访问
- 权限:
securitycenter.findings.group - DATA_READ
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v1.SecurityCenter.GroupFindings"
ListAssets
- 方法:
google.cloud.securitycenter.v1.SecurityCenter.ListAssets
- 审核日志类型:数据访问
- 权限:
securitycenter.assets.list - DATA_READ
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v1.SecurityCenter.ListAssets"
ListAttackPaths
- 方法:
google.cloud.securitycenter.v1.SecurityCenter.ListAttackPaths
- 审核日志类型:数据访问
- 权限:
securitycenter.attackpaths.list - DATA_READ
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v1.SecurityCenter.ListAttackPaths"
ListBigQueryExports
- 方法:
google.cloud.securitycenter.v1.SecurityCenter.ListBigQueryExports
- 审核日志类型:数据访问
- 权限:
securitycenter.bigQueryExports.list - ADMIN_READ
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v1.SecurityCenter.ListBigQueryExports"
ListDescendantEventThreatDetectionCustomModules
- 方法:
google.cloud.securitycenter.v1.SecurityCenter.ListDescendantEventThreatDetectionCustomModules
- 审核日志类型:数据访问
- 权限:
securitycenter.eventthreatdetectioncustommodules.list - ADMIN_READ
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v1.SecurityCenter.ListDescendantEventThreatDetectionCustomModules"
ListDescendantSecurityHealthAnalyticsCustomModules
- 方法:
google.cloud.securitycenter.v1.SecurityCenter.ListDescendantSecurityHealthAnalyticsCustomModules
- 审核日志类型:数据访问
- 权限:
securitycenter.securityhealthanalyticscustommodules.list - ADMIN_READ
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v1.SecurityCenter.ListDescendantSecurityHealthAnalyticsCustomModules"
ListEffectiveEventThreatDetectionCustomModules
- 方法:
google.cloud.securitycenter.v1.SecurityCenter.ListEffectiveEventThreatDetectionCustomModules
- 审核日志类型:数据访问
- 权限:
securitycenter.effectiveeventthreatdetectioncustommodules.list - ADMIN_READ
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v1.SecurityCenter.ListEffectiveEventThreatDetectionCustomModules"
ListEffectiveSecurityHealthAnalyticsCustomModules
- 方法:
google.cloud.securitycenter.v1.SecurityCenter.ListEffectiveSecurityHealthAnalyticsCustomModules
- 审核日志类型:数据访问
- 权限:
securitycenter.effectivesecurityhealthanalyticscustommodules.list - ADMIN_READ
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v1.SecurityCenter.ListEffectiveSecurityHealthAnalyticsCustomModules"
ListEventThreatDetectionCustomModules
- 方法:
google.cloud.securitycenter.v1.SecurityCenter.ListEventThreatDetectionCustomModules
- 审核日志类型:数据访问
- 权限:
securitycenter.eventthreatdetectioncustommodules.list - ADMIN_READ
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v1.SecurityCenter.ListEventThreatDetectionCustomModules"
ListFindings
- 方法:
google.cloud.securitycenter.v1.SecurityCenter.ListFindings
- 审核日志类型:数据访问
- 权限:
securitycenter.findings.list - DATA_READ
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v1.SecurityCenter.ListFindings"
ListMuteConfigs
- 方法:
google.cloud.securitycenter.v1.SecurityCenter.ListMuteConfigs
- 审核日志类型:数据访问
- 权限:
securitycenter.muteconfigs.list - ADMIN_READ
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v1.SecurityCenter.ListMuteConfigs"
ListNotificationConfigs
- 方法:
google.cloud.securitycenter.v1.SecurityCenter.ListNotificationConfigs
- 审核日志类型:数据访问
- 权限:
securitycenter.notificationconfig.list - DATA_READ
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v1.SecurityCenter.ListNotificationConfigs"
ListResourceValueConfigs
- 方法:
google.cloud.securitycenter.v1.SecurityCenter.ListResourceValueConfigs
- 审核日志类型:数据访问
- 权限:
securitycenter.resourcevalueconfigs.list - ADMIN_READ
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v1.SecurityCenter.ListResourceValueConfigs"
ListSecurityHealthAnalyticsCustomModules
- 方法:
google.cloud.securitycenter.v1.SecurityCenter.ListSecurityHealthAnalyticsCustomModules
- 审核日志类型:数据访问
- 权限:
securitycenter.securityhealthanalyticscustommodules.list - ADMIN_READ
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v1.SecurityCenter.ListSecurityHealthAnalyticsCustomModules"
ListSources
- 方法:
google.cloud.securitycenter.v1.SecurityCenter.ListSources
- 审核日志类型:数据访问
- 权限:
securitycenter.sources.list - DATA_READ
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v1.SecurityCenter.ListSources"
ListValuedResources
- 方法:
google.cloud.securitycenter.v1.SecurityCenter.ListValuedResources
- 审核日志类型:数据访问
- 权限:
securitycenter.valuedresources.list - DATA_READ
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v1.SecurityCenter.ListValuedResources"
SetFindingState
- 方法:
google.cloud.securitycenter.v1.SecurityCenter.SetFindingState
- 审核日志类型:数据访问
- 权限:
securitycenter.findings.setState - DATA_WRITE
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v1.SecurityCenter.SetFindingState"
SetIamPolicy
- 方法:
google.cloud.securitycenter.v1.SecurityCenter.SetIamPolicy
- 审核日志类型:管理员活动
- 权限:
securitycenter.sources.setIamPolicy - ADMIN_WRITE
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v1.SecurityCenter.SetIamPolicy"
SetMute
- 方法:
google.cloud.securitycenter.v1.SecurityCenter.SetMute
- 审核日志类型:数据访问
- 权限:
securitycenter.findings.setMute - DATA_WRITE
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v1.SecurityCenter.SetMute"
SimulateSecurityHealthAnalyticsCustomModule
- 方法:
google.cloud.securitycenter.v1.SecurityCenter.SimulateSecurityHealthAnalyticsCustomModule
- 审核日志类型:数据访问
- 权限:
securitycenter.securityhealthanalyticscustommodules.simulate - ADMIN_READ
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v1.SecurityCenter.SimulateSecurityHealthAnalyticsCustomModule"
UpdateBigQueryExport
- 方法:
google.cloud.securitycenter.v1.SecurityCenter.UpdateBigQueryExport
- 审核日志类型:管理员活动
- 权限:
securitycenter.bigQueryExports.update - ADMIN_WRITE
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v1.SecurityCenter.UpdateBigQueryExport"
UpdateEventThreatDetectionCustomModule
- 方法:
google.cloud.securitycenter.v1.SecurityCenter.UpdateEventThreatDetectionCustomModule
- 审核日志类型:管理员活动
- 权限:
securitycenter.eventthreatdetectioncustommodules.update - ADMIN_WRITE
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v1.SecurityCenter.UpdateEventThreatDetectionCustomModule"
UpdateExternalSystem
- 方法:
google.cloud.securitycenter.v1.SecurityCenter.UpdateExternalSystem
- 审核日志类型:数据访问
- 权限:
securitycenter.findingexternalsystems.update - DATA_WRITE
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v1.SecurityCenter.UpdateExternalSystem"
UpdateFinding
- 方法:
google.cloud.securitycenter.v1.SecurityCenter.UpdateFinding
- 审核日志类型:数据访问
- 权限:
securitycenter.findings.update - DATA_WRITE
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v1.SecurityCenter.UpdateFinding"
UpdateMuteConfig
- 方法:
google.cloud.securitycenter.v1.SecurityCenter.UpdateMuteConfig
- 审核日志类型:管理员活动
- 权限:
securitycenter.muteconfigs.update - ADMIN_WRITE
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v1.SecurityCenter.UpdateMuteConfig"
UpdateNotificationConfig
- 方法:
google.cloud.securitycenter.v1.SecurityCenter.UpdateNotificationConfig
- 审核日志类型:数据访问
- 权限:
securitycenter.notificationconfig.update - DATA_WRITE
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v1.SecurityCenter.UpdateNotificationConfig"
UpdateOrganizationSettings
- 方法:
google.cloud.securitycenter.v1.SecurityCenter.UpdateOrganizationSettings
- 审核日志类型:管理员活动
- 权限:
securitycenter.organizationsettings.update - ADMIN_WRITE
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v1.SecurityCenter.UpdateOrganizationSettings"
UpdateResourceValueConfig
- 方法:
google.cloud.securitycenter.v1.SecurityCenter.UpdateResourceValueConfig
- 审核日志类型:管理员活动
- 权限:
securitycenter.resourcevalueconfigs.update - ADMIN_WRITE
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v1.SecurityCenter.UpdateResourceValueConfig"
UpdateSecurityHealthAnalyticsCustomModule
- 方法:
google.cloud.securitycenter.v1.SecurityCenter.UpdateSecurityHealthAnalyticsCustomModule
- 审核日志类型:管理员活动
- 权限:
securitycenter.securityhealthanalyticscustommodules.update - ADMIN_WRITE
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v1.SecurityCenter.UpdateSecurityHealthAnalyticsCustomModule"
UpdateSecurityMarks
- 方法:
google.cloud.securitycenter.v1.SecurityCenter.UpdateSecurityMarks
- 审核日志类型:数据访问
- 权限:
securitycenter.findingsecuritymarks.update - DATA_WRITE
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v1.SecurityCenter.UpdateSecurityMarks"
UpdateSource
- 方法:
google.cloud.securitycenter.v1.SecurityCenter.UpdateSource
- 审核日志类型:数据访问
- 权限:
securitycenter.sources.update - DATA_WRITE
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v1.SecurityCenter.UpdateSource"
ValidateEventThreatDetectionCustomModule
- 方法:
google.cloud.securitycenter.v1.SecurityCenter.ValidateEventThreatDetectionCustomModule
- 审核日志类型:数据访问
- 权限:
securitycenter.eventthreatdetectioncustommodules.validate - ADMIN_READ
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v1.SecurityCenter.ValidateEventThreatDetectionCustomModule"
google.cloud.securitycenter.v1beta1.SecurityCenter
以下审核日志与属于 google.cloud.securitycenter.v1beta1.SecurityCenter
的方法相关联。
CreateFinding
- 方法:
google.cloud.securitycenter.v1beta1.SecurityCenter.CreateFinding
- 审核日志类型:数据访问
- 权限:
securitycenter.findings.update - DATA_WRITE
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v1beta1.SecurityCenter.CreateFinding"
CreateSource
- 方法:
google.cloud.securitycenter.v1beta1.SecurityCenter.CreateSource
- 审核日志类型:数据访问
- 权限:
securitycenter.sources.update - DATA_WRITE
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v1beta1.SecurityCenter.CreateSource"
GetIamPolicy
- 方法:
google.cloud.securitycenter.v1beta1.SecurityCenter.GetIamPolicy
- 审核日志类型:数据访问
- 权限:
securitycenter.sources.getIamPolicy - ADMIN_READ
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v1beta1.SecurityCenter.GetIamPolicy"
GetOrganizationSettings
- 方法:
google.cloud.securitycenter.v1beta1.SecurityCenter.GetOrganizationSettings
- 审核日志类型:数据访问
- 权限:
securitycenter.organizationsettings.get - ADMIN_READ
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v1beta1.SecurityCenter.GetOrganizationSettings"
GetSource
- 方法:
google.cloud.securitycenter.v1beta1.SecurityCenter.GetSource
- 审核日志类型:数据访问
- 权限:
securitycenter.sources.get - DATA_READ
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v1beta1.SecurityCenter.GetSource"
GroupAssets
- 方法:
google.cloud.securitycenter.v1beta1.SecurityCenter.GroupAssets
- 审核日志类型:数据访问
- 权限:
securitycenter.assets.group - DATA_READ
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v1beta1.SecurityCenter.GroupAssets"
GroupFindings
- 方法:
google.cloud.securitycenter.v1beta1.SecurityCenter.GroupFindings
- 审核日志类型:数据访问
- 权限:
securitycenter.findings.group - DATA_READ
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v1beta1.SecurityCenter.GroupFindings"
ListAssets
- 方法:
google.cloud.securitycenter.v1beta1.SecurityCenter.ListAssets
- 审核日志类型:数据访问
- 权限:
securitycenter.assets.list - DATA_READ
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v1beta1.SecurityCenter.ListAssets"
ListFindings
- 方法:
google.cloud.securitycenter.v1beta1.SecurityCenter.ListFindings
- 审核日志类型:数据访问
- 权限:
securitycenter.findings.list - DATA_READ
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v1beta1.SecurityCenter.ListFindings"
ListSources
- 方法:
google.cloud.securitycenter.v1beta1.SecurityCenter.ListSources
- 审核日志类型:数据访问
- 权限:
securitycenter.sources.list - DATA_READ
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v1beta1.SecurityCenter.ListSources"
SetFindingState
- 方法:
google.cloud.securitycenter.v1beta1.SecurityCenter.SetFindingState
- 审核日志类型:数据访问
- 权限:
securitycenter.findings.setState - DATA_WRITE
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v1beta1.SecurityCenter.SetFindingState"
SetIamPolicy
- 方法:
google.cloud.securitycenter.v1beta1.SecurityCenter.SetIamPolicy
- 审核日志类型:管理员活动
- 权限:
securitycenter.sources.setIamPolicy - ADMIN_WRITE
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v1beta1.SecurityCenter.SetIamPolicy"
UpdateFinding
- 方法:
google.cloud.securitycenter.v1beta1.SecurityCenter.UpdateFinding
- 审核日志类型:数据访问
- 权限:
securitycenter.findings.update - DATA_WRITE
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v1beta1.SecurityCenter.UpdateFinding"
UpdateOrganizationSettings
- 方法:
google.cloud.securitycenter.v1beta1.SecurityCenter.UpdateOrganizationSettings
- 审核日志类型:管理员活动
- 权限:
securitycenter.organizationsettings.update - ADMIN_WRITE
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v1beta1.SecurityCenter.UpdateOrganizationSettings"
UpdateSecurityMarks
- 方法:
google.cloud.securitycenter.v1beta1.SecurityCenter.UpdateSecurityMarks
- 审核日志类型:数据访问
- 权限:
securitycenter.findingsecuritymarks.update - DATA_WRITE
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v1beta1.SecurityCenter.UpdateSecurityMarks"
UpdateSource
- 方法:
google.cloud.securitycenter.v1beta1.SecurityCenter.UpdateSource
- 审核日志类型:数据访问
- 权限:
securitycenter.sources.update - DATA_WRITE
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v1beta1.SecurityCenter.UpdateSource"
google.cloud.securitycenter.v1p1beta1.SecurityCenter
以下审核日志与属于 google.cloud.securitycenter.v1p1beta1.SecurityCenter
的方法相关联。
CreateFinding
- 方法:
google.cloud.securitycenter.v1p1beta1.SecurityCenter.CreateFinding
- 审核日志类型:数据访问
- 权限:
securitycenter.findings.update - DATA_WRITE
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v1p1beta1.SecurityCenter.CreateFinding"
CreateNotificationConfig
- 方法:
google.cloud.securitycenter.v1p1beta1.SecurityCenter.CreateNotificationConfig
- 审核日志类型:数据访问
- 权限:
securitycenter.notificationconfig.create - DATA_WRITE
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v1p1beta1.SecurityCenter.CreateNotificationConfig"
CreateSource
- 方法:
google.cloud.securitycenter.v1p1beta1.SecurityCenter.CreateSource
- 审核日志类型:数据访问
- 权限:
securitycenter.sources.update - DATA_WRITE
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v1p1beta1.SecurityCenter.CreateSource"
DeleteNotificationConfig
- 方法:
google.cloud.securitycenter.v1p1beta1.SecurityCenter.DeleteNotificationConfig
- 审核日志类型:数据访问
- 权限:
securitycenter.notificationconfig.delete - DATA_WRITE
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v1p1beta1.SecurityCenter.DeleteNotificationConfig"
GetIamPolicy
- 方法:
google.cloud.securitycenter.v1p1beta1.SecurityCenter.GetIamPolicy
- 审核日志类型:数据访问
- 权限:
securitycenter.sources.getIamPolicy - ADMIN_READ
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v1p1beta1.SecurityCenter.GetIamPolicy"
GetNotificationConfig
- 方法:
google.cloud.securitycenter.v1p1beta1.SecurityCenter.GetNotificationConfig
- 审核日志类型:数据访问
- 权限:
securitycenter.notificationconfig.get - DATA_READ
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v1p1beta1.SecurityCenter.GetNotificationConfig"
GetOrganizationSettings
- 方法:
google.cloud.securitycenter.v1p1beta1.SecurityCenter.GetOrganizationSettings
- 审核日志类型:数据访问
- 权限:
securitycenter.organizationsettings.get - ADMIN_READ
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v1p1beta1.SecurityCenter.GetOrganizationSettings"
GetSource
- 方法:
google.cloud.securitycenter.v1p1beta1.SecurityCenter.GetSource
- 审核日志类型:数据访问
- 权限:
securitycenter.sources.get - DATA_READ
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v1p1beta1.SecurityCenter.GetSource"
GroupAssets
- 方法:
google.cloud.securitycenter.v1p1beta1.SecurityCenter.GroupAssets
- 审核日志类型:数据访问
- 权限:
securitycenter.assets.group - DATA_READ
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v1p1beta1.SecurityCenter.GroupAssets"
GroupFindings
- 方法:
google.cloud.securitycenter.v1p1beta1.SecurityCenter.GroupFindings
- 审核日志类型:数据访问
- 权限:
securitycenter.findings.group - DATA_READ
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v1p1beta1.SecurityCenter.GroupFindings"
ListAssets
- 方法:
google.cloud.securitycenter.v1p1beta1.SecurityCenter.ListAssets
- 审核日志类型:数据访问
- 权限:
securitycenter.assets.list - DATA_READ
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v1p1beta1.SecurityCenter.ListAssets"
ListFindings
- 方法:
google.cloud.securitycenter.v1p1beta1.SecurityCenter.ListFindings
- 审核日志类型:数据访问
- 权限:
securitycenter.findings.list - DATA_READ
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v1p1beta1.SecurityCenter.ListFindings"
ListNotificationConfigs
- 方法:
google.cloud.securitycenter.v1p1beta1.SecurityCenter.ListNotificationConfigs
- 审核日志类型:数据访问
- 权限:
securitycenter.notificationconfig.list - DATA_READ
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v1p1beta1.SecurityCenter.ListNotificationConfigs"
ListSources
- 方法:
google.cloud.securitycenter.v1p1beta1.SecurityCenter.ListSources
- 审核日志类型:数据访问
- 权限:
securitycenter.sources.list - DATA_READ
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v1p1beta1.SecurityCenter.ListSources"
SetFindingState
- 方法:
google.cloud.securitycenter.v1p1beta1.SecurityCenter.SetFindingState
- 审核日志类型:数据访问
- 权限:
securitycenter.findings.setState - DATA_WRITE
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v1p1beta1.SecurityCenter.SetFindingState"
SetIamPolicy
- 方法:
google.cloud.securitycenter.v1p1beta1.SecurityCenter.SetIamPolicy
- 审核日志类型:管理员活动
- 权限:
securitycenter.sources.setIamPolicy - ADMIN_WRITE
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v1p1beta1.SecurityCenter.SetIamPolicy"
UpdateFinding
- 方法:
google.cloud.securitycenter.v1p1beta1.SecurityCenter.UpdateFinding
- 审核日志类型:数据访问
- 权限:
securitycenter.findings.update - DATA_WRITE
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v1p1beta1.SecurityCenter.UpdateFinding"
UpdateNotificationConfig
- 方法:
google.cloud.securitycenter.v1p1beta1.SecurityCenter.UpdateNotificationConfig
- 审核日志类型:数据访问
- 权限:
securitycenter.notificationconfig.update - DATA_WRITE
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v1p1beta1.SecurityCenter.UpdateNotificationConfig"
UpdateOrganizationSettings
- 方法:
google.cloud.securitycenter.v1p1beta1.SecurityCenter.UpdateOrganizationSettings
- 审核日志类型:管理员活动
- 权限:
securitycenter.organizationsettings.update - ADMIN_WRITE
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v1p1beta1.SecurityCenter.UpdateOrganizationSettings"
UpdateSecurityMarks
- 方法:
google.cloud.securitycenter.v1p1beta1.SecurityCenter.UpdateSecurityMarks
- 审核日志类型:数据访问
- 权限:
securitycenter.assetsecuritymarks.update - DATA_WRITE
securitycenter.findingsecuritymarks.update - DATA_WRITE
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v1p1beta1.SecurityCenter.UpdateSecurityMarks"
UpdateSource
- 方法:
google.cloud.securitycenter.v1p1beta1.SecurityCenter.UpdateSource
- 审核日志类型:数据访问
- 权限:
securitycenter.sources.update - DATA_WRITE
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v1p1beta1.SecurityCenter.UpdateSource"
google.cloud.securitycenter.v2.SecurityCenter
以下审核日志与属于 google.cloud.securitycenter.v2.SecurityCenter
的方法相关联。
BatchCreateResourceValueConfigs
- 方法:
google.cloud.securitycenter.v2.SecurityCenter.BatchCreateResourceValueConfigs
- 审核日志类型:管理员活动
- 权限:
securitycenter.resourcevalueconfigs.create - ADMIN_WRITE
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v2.SecurityCenter.BatchCreateResourceValueConfigs"
BulkMuteFindings
- 方法:
google.cloud.securitycenter.v2.SecurityCenter.BulkMuteFindings
- 审核日志类型:数据访问
- 权限:
securitycenter.findings.bulkMuteUpdate - DATA_WRITE
- 方法是长时间运行的操作或流式传输操作:长时间运行的操作
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v2.SecurityCenter.BulkMuteFindings"
CreateBigQueryExport
- 方法:
google.cloud.securitycenter.v2.SecurityCenter.CreateBigQueryExport
- 审核日志类型:管理员活动
- 权限:
securitycenter.bigQueryExports.create - ADMIN_WRITE
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v2.SecurityCenter.CreateBigQueryExport"
CreateFinding
- 方法:
google.cloud.securitycenter.v2.SecurityCenter.CreateFinding
- 审核日志类型:数据访问
- 权限:
securitycenter.findings.update - DATA_WRITE
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v2.SecurityCenter.CreateFinding"
CreateMuteConfig
- 方法:
google.cloud.securitycenter.v2.SecurityCenter.CreateMuteConfig
- 审核日志类型:管理员活动
- 权限:
securitycenter.muteconfigs.create - ADMIN_WRITE
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v2.SecurityCenter.CreateMuteConfig"
CreateNotificationConfig
- 方法:
google.cloud.securitycenter.v2.SecurityCenter.CreateNotificationConfig
- 审核日志类型:数据访问
- 权限:
securitycenter.notificationconfig.create - DATA_WRITE
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v2.SecurityCenter.CreateNotificationConfig"
CreateSource
- 方法:
google.cloud.securitycenter.v2.SecurityCenter.CreateSource
- 审核日志类型:数据访问
- 权限:
securitycenter.sources.update - DATA_WRITE
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v2.SecurityCenter.CreateSource"
DeleteBigQueryExport
- 方法:
google.cloud.securitycenter.v2.SecurityCenter.DeleteBigQueryExport
- 审核日志类型:管理员活动
- 权限:
securitycenter.bigQueryExports.delete - ADMIN_WRITE
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v2.SecurityCenter.DeleteBigQueryExport"
DeleteMuteConfig
- 方法:
google.cloud.securitycenter.v2.SecurityCenter.DeleteMuteConfig
- 审核日志类型:管理员活动
- 权限:
securitycenter.muteconfigs.delete - ADMIN_WRITE
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v2.SecurityCenter.DeleteMuteConfig"
DeleteNotificationConfig
- 方法:
google.cloud.securitycenter.v2.SecurityCenter.DeleteNotificationConfig
- 审核日志类型:数据访问
- 权限:
securitycenter.notificationconfig.delete - DATA_WRITE
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v2.SecurityCenter.DeleteNotificationConfig"
DeleteResourceValueConfig
- 方法:
google.cloud.securitycenter.v2.SecurityCenter.DeleteResourceValueConfig
- 审核日志类型:管理员活动
- 权限:
securitycenter.resourcevalueconfigs.delete - ADMIN_WRITE
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v2.SecurityCenter.DeleteResourceValueConfig"
GetBigQueryExport
- 方法:
google.cloud.securitycenter.v2.SecurityCenter.GetBigQueryExport
- 审核日志类型:数据访问
- 权限:
securitycenter.bigQueryExports.get - ADMIN_READ
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v2.SecurityCenter.GetBigQueryExport"
GetIamPolicy
- 方法:
google.cloud.securitycenter.v2.SecurityCenter.GetIamPolicy
- 审核日志类型:数据访问
- 权限:
securitycenter.sources.getIamPolicy - ADMIN_READ
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v2.SecurityCenter.GetIamPolicy"
GetMuteConfig
- 方法:
google.cloud.securitycenter.v2.SecurityCenter.GetMuteConfig
- 审核日志类型:数据访问
- 权限:
securitycenter.muteconfigs.get - ADMIN_READ
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v2.SecurityCenter.GetMuteConfig"
GetNotificationConfig
- 方法:
google.cloud.securitycenter.v2.SecurityCenter.GetNotificationConfig
- 审核日志类型:数据访问
- 权限:
securitycenter.notificationconfig.get - DATA_READ
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v2.SecurityCenter.GetNotificationConfig"
GetResourceValueConfig
- 方法:
google.cloud.securitycenter.v2.SecurityCenter.GetResourceValueConfig
- 审核日志类型:数据访问
- 权限:
securitycenter.resourcevalueconfigs.get - ADMIN_READ
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v2.SecurityCenter.GetResourceValueConfig"
GetSimulation
- 方法:
google.cloud.securitycenter.v2.SecurityCenter.GetSimulation
- 审核日志类型:数据访问
- 权限:
securitycenter.simulations.get - DATA_READ
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v2.SecurityCenter.GetSimulation"
GetSource
- 方法:
google.cloud.securitycenter.v2.SecurityCenter.GetSource
- 审核日志类型:数据访问
- 权限:
securitycenter.sources.get - DATA_READ
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v2.SecurityCenter.GetSource"
GetValuedResource
- 方法:
google.cloud.securitycenter.v2.SecurityCenter.GetValuedResource
- 审核日志类型:数据访问
- 权限:
securitycenter.valuedresources.get - ADMIN_READ
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v2.SecurityCenter.GetValuedResource"
GroupFindings
- 方法:
google.cloud.securitycenter.v2.SecurityCenter.GroupFindings
- 审核日志类型:数据访问
- 权限:
securitycenter.findings.group - DATA_READ
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v2.SecurityCenter.GroupFindings"
ListAttackPaths
- 方法:
google.cloud.securitycenter.v2.SecurityCenter.ListAttackPaths
- 审核日志类型:数据访问
- 权限:
securitycenter.attackpaths.list - DATA_READ
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v2.SecurityCenter.ListAttackPaths"
ListBigQueryExports
- 方法:
google.cloud.securitycenter.v2.SecurityCenter.ListBigQueryExports
- 审核日志类型:数据访问
- 权限:
securitycenter.bigQueryExports.list - ADMIN_READ
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v2.SecurityCenter.ListBigQueryExports"
ListFindings
- 方法:
google.cloud.securitycenter.v2.SecurityCenter.ListFindings
- 审核日志类型:数据访问
- 权限:
securitycenter.findings.list - DATA_READ
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v2.SecurityCenter.ListFindings"
ListMuteConfigs
- 方法:
google.cloud.securitycenter.v2.SecurityCenter.ListMuteConfigs
- 审核日志类型:数据访问
- 权限:
securitycenter.muteconfigs.list - ADMIN_READ
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v2.SecurityCenter.ListMuteConfigs"
ListNotificationConfigs
- 方法:
google.cloud.securitycenter.v2.SecurityCenter.ListNotificationConfigs
- 审核日志类型:数据访问
- 权限:
securitycenter.notificationconfig.list - DATA_READ
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v2.SecurityCenter.ListNotificationConfigs"
ListResourceValueConfigs
- 方法:
google.cloud.securitycenter.v2.SecurityCenter.ListResourceValueConfigs
- 审核日志类型:数据访问
- 权限:
securitycenter.resourcevalueconfigs.list - ADMIN_READ
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v2.SecurityCenter.ListResourceValueConfigs"
ListSources
- 方法:
google.cloud.securitycenter.v2.SecurityCenter.ListSources
- 审核日志类型:数据访问
- 权限:
securitycenter.sources.list - DATA_READ
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v2.SecurityCenter.ListSources"
ListValuedResources
- 方法:
google.cloud.securitycenter.v2.SecurityCenter.ListValuedResources
- 审核日志类型:数据访问
- 权限:
securitycenter.valuedresources.list - DATA_READ
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v2.SecurityCenter.ListValuedResources"
SetFindingState
- 方法:
google.cloud.securitycenter.v2.SecurityCenter.SetFindingState
- 审核日志类型:数据访问
- 权限:
securitycenter.findings.setState - DATA_WRITE
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v2.SecurityCenter.SetFindingState"
SetIamPolicy
- 方法:
google.cloud.securitycenter.v2.SecurityCenter.SetIamPolicy
- 审核日志类型:管理员活动
- 权限:
securitycenter.sources.setIamPolicy - ADMIN_WRITE
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v2.SecurityCenter.SetIamPolicy"
SetMute
- 方法:
google.cloud.securitycenter.v2.SecurityCenter.SetMute
- 审核日志类型:数据访问
- 权限:
securitycenter.findings.setMute - DATA_WRITE
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v2.SecurityCenter.SetMute"
UpdateBigQueryExport
- 方法:
google.cloud.securitycenter.v2.SecurityCenter.UpdateBigQueryExport
- 审核日志类型:管理员活动
- 权限:
securitycenter.bigQueryExports.update - ADMIN_WRITE
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v2.SecurityCenter.UpdateBigQueryExport"
UpdateExternalSystem
- 方法:
google.cloud.securitycenter.v2.SecurityCenter.UpdateExternalSystem
- 审核日志类型:数据访问
- 权限:
securitycenter.findingexternalsystems.update - DATA_WRITE
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v2.SecurityCenter.UpdateExternalSystem"
UpdateFinding
- 方法:
google.cloud.securitycenter.v2.SecurityCenter.UpdateFinding
- 审核日志类型:数据访问
- 权限:
securitycenter.findings.update - DATA_WRITE
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v2.SecurityCenter.UpdateFinding"
UpdateMuteConfig
- 方法:
google.cloud.securitycenter.v2.SecurityCenter.UpdateMuteConfig
- 审核日志类型:管理员活动
- 权限:
securitycenter.muteconfigs.update - ADMIN_WRITE
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v2.SecurityCenter.UpdateMuteConfig"
UpdateNotificationConfig
- 方法:
google.cloud.securitycenter.v2.SecurityCenter.UpdateNotificationConfig
- 审核日志类型:数据访问
- 权限:
securitycenter.notificationconfig.update - DATA_WRITE
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v2.SecurityCenter.UpdateNotificationConfig"
UpdateResourceValueConfig
- 方法:
google.cloud.securitycenter.v2.SecurityCenter.UpdateResourceValueConfig
- 审核日志类型:管理员活动
- 权限:
securitycenter.resourcevalueconfigs.update - ADMIN_WRITE
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v2.SecurityCenter.UpdateResourceValueConfig"
UpdateSecurityMarks
- 方法:
google.cloud.securitycenter.v2.SecurityCenter.UpdateSecurityMarks
- 审核日志类型:数据访问
- 权限:
securitycenter.assetsecuritymarks.update - DATA_WRITE
securitycenter.findingsecuritymarks.update - DATA_WRITE
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v2.SecurityCenter.UpdateSecurityMarks"
UpdateSource
- 方法:
google.cloud.securitycenter.v2.SecurityCenter.UpdateSource
- 审核日志类型:数据访问
- 权限:
securitycenter.sources.update - DATA_WRITE
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycenter.v2.SecurityCenter.UpdateSource"
系统事件
系统事件审核日志是 GCP 系统生成的,而不是通过直接用户操作生成的。如需了解详情,请参阅系统事件审核日志。
方法名称 | 过滤此事件 | 备注 |
---|---|---|
VmThreatDetectionScanStarted |
protoPayload.methodName="VmThreatDetectionScanStarted"
|
不会生成审核日志的方法
由于以下一个或多个原因,方法可能不会生成审核日志:
- 这是一种高容量方法,涉及较高的日志生成和存储费用。
- 它的审核价值较低。
- 其他审核或平台日志已提供方法。
以下方法不会生成审核日志:
google.cloud.securitycenter.v1.SecurityCenter.TestIamPermissions
google.cloud.securitycenter.v1beta1.SecurityCenter.TestIamPermissions
google.cloud.securitycenter.v1p1beta1.SecurityCenter.TestIamPermissions
google.cloud.securitycenter.v2.SecurityCenter.TestIamPermissions