此页面由 Cloud Translation API 翻译。

Google Cloud Run 函数上下文日志

本文档介绍了 Google Cloud Run 函数上下文日志的字段如何映射到 Google Security Operations 统一数据模型 (UDM) 字段。

提取标签用于标识将原始日志数据标准化的解析器结构化 UDM 格式本文档中的信息适用于具有 GCP_CLOUD_FUNCTIONS_CONTEXT 注入标签的解析器。

如需了解 Google Security Operations 支持的其他上下文解析器，请参阅 Google Security Operations 上下文解析器。

字段映射参考文档

本部分介绍 Google Security Operations 解析器如何将 Google Cloud Run 函数上下文日志字段映射到 Google Security Operations UDM 字段。

Log field	UDM mapping	Logic
	`entity.relations.resource.resource_type`	The `entity.relations.resource.resource_type` UDM field is set to `CLOUD_PROJECT`.
	`entity.relations.resource.resource_subtype`	The `entity.relations.resource.resource_subtype` UDM field is set to `project`.
	`entity.relations.resource_ancestors.resource_type`	If the `ancestor` log field value matches the regular expression pattern `organizations`, then the `entity.relations.resource_ancestors.resource_type` UDM field is set to `CLOUD_ORGANIZATION`. Else, if the `ancestor` log field value matches the regular expression pattern `folders`, then the `entity.relations.resource_ancestors.resource_type` UDM field is set to `STORAGE_OBJECT`.
	`entity.relations.resource_ancestors.resource_subtype`	If the `ancestor` log field value matches the regular expression pattern `organizations`, then the `entity.relations.resource_ancestors.resource_subtype` UDM field is set to `organizations`. Else, if the `ancestor` log field value matches the regular expression pattern `folders`, then the `entity.relations.resource_ancestors.resource_subtype` UDM field is set to `folders`.
	`entity.relations.relationship`	The `entity.relations.relationship` UDM field is set to `MEMBER`.
`resource.parent, ancestors[]`	`entity.relations.entity.resource.name`	If the `resource.parent` log field value is empty, then the `ancestors.0` log field is mapped to the `relations.entity.resource.name` UDM field.
`ancestors[]`	`entity.relations.entity.resource_ancestors.name`	If the `ancestor` log field value is not a substring of `resource.parent` log field value, then the `ancestors` log field is mapped to the `relations.entity.resource_ancestors.name` UDM field.
	`entity.relations.entity_type`	The `entity.relations.entity_type` UDM field is set to `RESOURCE`.
	`entity.relations.direction`	The `entity.relations.direction` UDM field is set to `UNIDIRECTIONAL`.
	`entity.metadata.vendor_name`	The `entity.metadata.vendor_name` UDM field is set to `Google Cloud Platform`.
`resource.version`	`entity.metadata.product_version`
	`entity.metadata.product_name`	The `entity.metadata.product_name` UDM field is set to `GCP Cloud Functions`.
	`entity.metadata.entity_type`	The `entity.metadata.entity_type` UDM field is set to `RESOURCE`.
`resource.data.description`	`entity.metadata.description`
`resource.data.serviceAccountEmail, resource.data.serviceConfig.serviceAccountEmail`	`entity.entity.user.email_addresses`
`resource.data.httpsTrigger.url, resource.data.serviceConfig.uri`	`entity.entity.url`
`resource.data.stateMessages.type`	`entity.entity.threat.summary`
`resource.data.stateMessages.severity`	`entity.entity.threat.product_severity`
`resource.data.stateMessages.message`	`entity.entity.threat.description`
	`entity.entity.resource.resource_type`	The `entity.entity.resource.resource_type` UDM field is set to `BACKEND_SERVICE`.
`assetType`	`entity.entity.resource.resource_subtype`
`resource.data.name`	`entity.entity.resource.product_object_id`
`name`	`entity.entity.resource.name`
`resource.data.updateTime`	`entity.entity.resource.attribute.last_update_time`
`resource.data.network`	`entity.entity.resource.attribute.labels[vpc_network]`
`resource.data.vpcConnector, resource.data.serviceConfig.vpcConnector`	`entity.entity.resource.attribute.labels[vpc_connector]`
`resource.data.vpcConnectorEgressSettings, resource.data.serviceConfig.vpcConnectorEgressSettings`	`entity.entity.resource.attribute.labels[vpc_connector_egress_settings]`
`resource.data.versionId`	`entity.entity.resource.attribute.labels[version_id]`
`resource.data.timeout, resource.data.serviceConfig.timeoutSeconds`	`entity.entity.resource.attribute.labels[timeout]`
`resource.data.buildConfig.source.storageSource.object`	`entity.entity.resource.attribute.labels[storage_source_object]`
`resource.data.buildConfig.source.storageSource.generation`	`entity.entity.resource.attribute.labels[storage_source_generation]`
`resource.data.buildConfig.source.storageSource.bucket`	`entity.entity.resource.attribute.labels[storage_source_bucket]`
`resource.data.sourceUploadUrl`	`entity.entity.resource.attribute.labels[source_upload_url]`
`resource.data.sourceToken`	`entity.entity.resource.attribute.labels[source_token]`
`resource.data.sourceRepository.url`	`entity.entity.resource.attribute.labels[source_repo_url]`
`resource.data.sourceRepository.deployedUrl`	`entity.entity.resource.attribute.labels[source_repo_deployed_url]`
`resource.data.sourceArchiveUrl`	`entity.entity.resource.attribute.labels[source_archive_url]`
`resource.data.serviceConfig.service`	`entity.entity.resource.attribute.labels[service_config_service]`
`resource.data.serviceConfig.revision`	`entity.entity.resource.attribute.labels[service_config_revision]`
`resource.data.serviceConfig.maxInstanceRequestConcurrency`	`entity.entity.resource.attribute.labels[service_config_max_instance_request_concurrency]`
`resource.data.serviceConfig.availableCpu`	`entity.entity.resource.attribute.labels[service_config_available_cpu]`
`resource.data.serviceConfig.allTrafficOnLatestRevision`	`entity.entity.resource.attribute.labels[service_config_all_traffic_on_latest_revision]`
`resource.data.httpsTrigger.securityLevel, resource.data.serviceConfig.securityLevel`	`entity.entity.resource.attribute.labels[security_level]`
`resource.data.secretVolumes.versions.version, resource.data.serviceConfig.secretVolumes.versions.version`	`entity.entity.resource.attribute.labels[secret_vol_ver_version]`
`resource.data.secretVolumes.versions.path, resource.data.serviceConfig.secretVolumes.versions.path`	`entity.entity.resource.attribute.labels[secret_vol_ver_path]`
`resource.data.secretVolumes.secret, resource.data.serviceConfig.secretVolumes.secret`	`entity.entity.resource.attribute.labels[secret_vol_secret]`
`resource.data.secretVolumes.projectId, resource.data.serviceConfig.secretVolumes.projectId`	`entity.entity.resource.attribute.labels[secret_vol_project_id]`
`resource.data.secretVolumes.mountPath, resource.data.serviceConfig.secretVolumes.mountPath`	`entity.entity.resource.attribute.labels[secret_vol_mount_path]`
`resource.data.secretEnvironmentVariables.version, resource.data.serviceConfig.secretEnvironmentVariables.version`	`entity.entity.resource.attribute.labels[secret_env_var_version]`
`resource.data.secretEnvironmentVariables.secret, resource.data.serviceConfig.secretEnvironmentVariables.secret`	`entity.entity.resource.attribute.labels[secret_env_var_secret]`
`resource.data.secretEnvironmentVariables.projectId, resource.data.serviceConfig.secretEnvironmentVariables.projectId`	`entity.entity.resource.attribute.labels[secret_env_var_project_id]`
`resource.data.secretEnvironmentVariables.key, resource.data.serviceConfig.secretEnvironmentVariables.key`	`entity.entity.resource.attribute.labels[secret_env_var_key]`
`resource.data.runtime, resource.data.buildConfig.runtime`	`entity.entity.resource.attribute.labels[runtime]`
`resource.data.buildConfig.sourceProvenance.resolvedStorageSource.object`	`entity.entity.resource.attribute.labels[resolved_storage_source_object]`
`resource.data.buildConfig.sourceProvenance.resolvedStorageSource.generation`	`entity.entity.resource.attribute.labels[resolved_storage_source_generation]`
`resource.data.buildConfig.sourceProvenance.resolvedStorageSource.bucket`	`entity.entity.resource.attribute.labels[resolved_storage_source_bucket]`
`resource.data.buildConfig.sourceProvenance.resolvedRepoSource.tagName`	`entity.entity.resource.attribute.labels[resolved_repo_source_tag_name]`
`resource.data.buildConfig.sourceProvenance.resolvedRepoSource.repoName`	`entity.entity.resource.attribute.labels[resolved_repo_source_repo_name]`
`resource.data.buildConfig.sourceProvenance.resolvedRepoSource.projectId`	`entity.entity.resource.attribute.labels[resolved_repo_source_project_id]`
`resource.data.buildConfig.sourceProvenance.resolvedRepoSource.invertRegex`	`entity.entity.resource.attribute.labels[resolved_repo_source_invert_regex]`
`resource.data.buildConfig.sourceProvenance.resolvedRepoSource.dir`	`entity.entity.resource.attribute.labels[resolved_repo_source_dir]`
`resource.data.buildConfig.sourceProvenance.resolvedRepoSource.commitSha`	`entity.entity.resource.attribute.labels[resolved_repo_source_commit_sha]`
`resource.data.buildConfig.sourceProvenance.resolvedRepoSource.branchName`	`entity.entity.resource.attribute.labels[resolved_repo_source_branch_name]`
`resource.data.buildConfig.source.repoSource.tagName`	`entity.entity.resource.attribute.labels[repo_source_tag_name]`
`resource.data.buildConfig.source.repoSource.repoName`	`entity.entity.resource.attribute.labels[repo_source_repo_name]`
`resource.data.buildConfig.source.repoSource.projectId`	`entity.entity.resource.attribute.labels[repo_source_project_id]`
`resource.data.buildConfig.source.repoSource.invertRegex`	`entity.entity.resource.attribute.labels[repo_source_invert_regex]`
`resource.data.buildConfig.source.repoSource.dir`	`entity.entity.resource.attribute.labels[repo_source_dir]`
`resource.data.buildConfig.source.repoSource.commitSha`	`entity.entity.resource.attribute.labels[repo_source_commit_sha]`
`resource.data.buildConfig.source.repoSource.branchName`	`entity.entity.resource.attribute.labels[repo_source_branch_name]`
`resource.data.minInstances, resource.data.serviceConfig.minInstanceCount`	`entity.entity.resource.attribute.labels[min_instance]`
`resource.data.maxInstances, resource.data.serviceConfig.maxInstanceCount`	`entity.entity.resource.attribute.labels[max_instance]`
`resource.data.kmsKeyName`	`entity.entity.resource.attribute.labels[kms_key_name]`
`resource.data.ingressSettings, resource.data.serviceConfig.ingressSettings`	`entity.entity.resource.attribute.labels[ingress_settings]`
`resource.data.buildConfig.environmentVariables.GOOGLE_FUNCTION_SOURCE`	`entity.entity.resource.attribute.labels[GOOGLE_FUNCTION_SOURCE]`
`resource.data.labels.goog-managed-by`	`entity.entity.resource.attribute.labels[goog-managed-by]`
`resource.data.status, resource.data.state`	`entity.entity.resource.attribute.labels[function_status]`
`resource.data.eventTrigger.trigger`	`entity.entity.resource.attribute.labels[event_trigger_trigger]`
`resource.data.eventTrigger.triggerRegion`	`entity.entity.resource.attribute.labels[event_trigger_trigger_reason]`
`resource.data.eventTrigger.service`	`entity.entity.resource.attribute.labels[event_trigger_service]`
`resource.data.eventTrigger.serviceAccountEmail`	`entity.entity.resource.attribute.labels[event_trigger_service_account_email]`
`resource.data.eventTrigger.retryPolicy`	`entity.entity.resource.attribute.labels[event_trigger_retry_policy]`
`resource.data.eventTrigger.resource`	`entity.entity.resource.attribute.labels[event_trigger_resource]`
`resource.data.eventTrigger.pubsubTopic`	`entity.entity.resource.attribute.labels[event_trigger_pubsub_topic]`
`resource.data.eventTrigger.eventFilters.value`	`entity.entity.resource.attribute.labels[event_trigger_evt_filter_value]`
`resource.data.eventTrigger.eventFilters.operator`	`entity.entity.resource.attribute.labels[event_trigger_evt_filter_operator]`
`resource.data.eventTrigger.eventFilters.attribute`	`entity.entity.resource.attribute.labels[event_trigger_evt_filter_attribute]`
`resource.data.eventTrigger.eventType`	`entity.entity.resource.attribute.labels[event_trigger_event_type]`
`resource.data.eventTrigger.channel`	`entity.entity.resource.attribute.labels[event_trigger_channel]`
`resource.data.environment`	`entity.entity.resource.attribute.labels[environment]`
`resource.data.entryPoint, resource.data.buildConfig.entryPoint`	`entity.entity.resource.attribute.labels[entry_point]`
`resource.data.dockerRepository, resource.data.buildConfig.dockerRepository`	`entity.entity.resource.attribute.labels[docker_repository]`
`resource.data.dockerRegistry, resource.data.buildConfig.dockerRegistry`	`entity.entity.resource.attribute.labels[docker_registry]`
`resource.discoveryName`	`entity.entity.resource.attribute.labels[discovery_name]`
`resource.discoveryDocumentUri`	`entity.entity.resource.attribute.labels[discovery_document_uri]`
`resource.data.labels.deployment-tool`	`entity.entity.resource.attribute.labels[deployment_tool]`
`resource.data.buildWorkerPool, resource.data.buildConfig.workerPool`	`entity.entity.resource.attribute.labels[build_worker_pool]`
`resource.data.buildName, resource.data.buildConfig.build`	`entity.entity.resource.attribute.labels[build_name]`
`resource.data.buildId`	`entity.entity.resource.attribute.labels[build_id]`
`resource.data.availableMemoryMb, resource.data.serviceConfig.availableMemory`	`entity.entity.resource.attribute.labels[available_memory]`
	`entity.entity.resource.attribute.cloud.environment`	The `entity.entity.resource.attribute.cloud.environment` UDM field is set to `GOOGLE_CLOUD_PLATFORM`.
`resource.data.environmentVariables.TAXII_VERSION, resource.data.serviceConfig.environmentVariables.TAXII_VERSION`	`entity.enity.resource.attribute.labels[TAXII_VERSION]`
`resource.data.environmentVariables.TAXII_USERNAME, resource.data.serviceConfig.environmentVariables.TAXII_USERNAME`	`entity.enity.resource.attribute.labels[TAXII_USERNAME]`
`resource.data.environmentVariables.TAXII_PASSWORD_SECRET_PATH, resource.data.serviceConfig.environmentVariables.TAXII_PASSWORD_SECRET_PATH`	`entity.enity.resource.attribute.labels[TAXII_PASSWORD_SECRET_PATH]`
`resource.data.environmentVariables.TAXII_DISCOVERY_URL, resource.data.serviceConfig.environmentVariables.TAXII_DISCOVERY_URL`	`entity.enity.resource.attribute.labels[TAXII_DISCOVERY_URL]`
`resource.data.environmentVariables.CHRONICLE_SERVICE_ACCOUNT, resource.data.serviceConfig.environmentVariables.CHRONICLE_SERVICE_ACCOUNT`	`entity.enity.resource.attribute.labels[CHRONICLE_SERVICE_ACCOUNT]`
`resource.data.environmentVariables.CHRONICLE_CUSTOMER_ID, resource.data.serviceConfig.environmentVariables.CHRONICLE_CUSTOMER_ID`	`entity.enity.resource.attribute.labels[CHRONICLE_CUSTOMER_ID]`