Cloud-Audit-Logs erfassen
In diesem Dokument wird beschrieben, wie Sie Cloud-Audit-Logs exportieren können, indem Sie die Aufnahme von Google Cloud-Telemetriedaten in Chronicle aktivieren. Außerdem wird beschrieben, wie Cloud-Audit-Logfelder den Feldern des Chronicle Unified Data Model (UDM) zugeordnet werden.
Weitere Informationen finden Sie unter Datenaufnahme in Chronicle.
Eine typische Bereitstellung besteht aus Cloud-Audit-Logs, die für die Aufnahme in Chronicle aktiviert sind. Jede Kundenbereitstellung kann von dieser Darstellung abweichen und komplexer sein.
Die Bereitstellung enthält die folgenden Komponenten:
Google Cloud: Die Google Cloud-Dienste und -Produkte, für die Sie Logs erfassen
Cloud-Audit-Logs: Die Cloud-Audit-Logs, die für die Aufnahme in Chronicle aktiviert sind
Google Workspace-Audit-Logs: Die Google Workspace-Audit-Logs, die für die Aufnahme in Chronicle aktiviert sind
Chronicle: Behält und analysiert Cloud-Audit-Logs und Google Workspace-Audit-Logs
Ein Aufnahmelabel identifiziert den Parser, der Log-Rohdaten in das strukturierte UDM-Format normalisiert. Die Informationen in diesem Dokument gelten für den Parser mit dem Aufnahmelabel GCP_CLOUDAUDIT.
Hinweise
Prüfen Sie, ob Sie die Zugriffssteuerung für Ihre Organisation und Ressourcen mithilfe von Identity and Access Management (IAM) eingerichtet haben. Weitere Informationen zur Zugriffssteuerung finden Sie unter Zugriffssteuerung für Organisationen mit IAM.
Konfigurieren Sie Audit-Logs zum Datenzugriff für Ihre Google Cloud-Ressourcen und -Dienste.
Achten Sie darauf, dass alle Systeme in der Bereitstellungsarchitektur in der UTC-Zeitzone konfiguriert sind.
Prüfen Sie die Logtypen, die vom Cloud-Audit-Logs-Parser unterstützt werden. In der folgenden Tabelle sind die vom Cloud-Audit-Logs-Parser unterstützten Logquellen und -typen aufgeführt:
| Log-Quellen | Typ der Logquelle |
|---|---|
| Cloud DNS | – |
| syslog | – |
| Audit-Logs für Google Workspace | Log-in-Audit |
| Audit-Logs für Google Workspace | Administratorprüfung |
| Cloud-Audit-Logs | Administratoraktivität |
| Cloud-Audit-Logs | Prüfung von VPC Service Controls |
| Cloud-Audit-Logs | Google Kubernetes Engine-Datenzugriff |
| Cloud-Audit-Logs | Resource Manager-Datenzugriff |
| Cloud-Audit-Logs | Datenzugriff auf BigQuery-Audit-Metadaten |
| Cloud-Audit-Logs | MySQL-Datenzugriff, Administratoraktivitäten |
| Cloud-Audit-Logs | PostgreSQL-Datenzugriff, Administratoraktivitäten |
| Cloud-Audit-Logs | SQL Server-Datenzugriff, Administratoraktivität |
| Cloud Load Balancing | Cloud-HTTP-Load-Balancer |
| Cloud DNS | Administratoraktivität |
| Virtual Private Cloud-Ablauf | Virtual Private Cloud-Ablauf |
| Firewallregeln | Firewallregeln |
| Cloud NAT | Cloud NAT |
Aufnahme von Cloud-Audit-Logs konfigurieren
Führen Sie die Schritte auf der Seite Google Cloud-Logs in Chronicle aufnehmen aus, um Cloud-Audit-Logs in Chronicle aufzunehmen.
Wenn bei der Aufnahme von Cloud-Audit-Logs Probleme auftreten, wenden Sie sich an den Chronicle-Support.
Referenz zur Feldzuordnung
In diesem Abschnitt wird erläutert, wie der Chronicle-Parser Cloud-Audit-Logs-Felder den Feldern von Chronicle Unified Data Model (UDM) zuordnet.
GCP_CLOUDAUDIT-Logtypen in UDM-Ereignistyp
In der folgenden Tabelle sind die GCP_CLOUDAUDIT-Ereignis-IDs und die entsprechenden Ereignistypen aufgeführt.| Event identifier | Event type |
|---|---|
dns.managedZones.get |
USER_RESOURCE_ACCESS |
dns.managedZones.list |
USER_RESOURCE_ACCESS |
dns.changes.get |
USER_RESOURCE_ACCESS |
dns.changes.list |
USER_RESOURCE_ACCESS |
dns.activePeeringZones.list |
USER_RESOURCE_ACCESS |
dns.activePeeringZones.getpeeringzoneinfo |
USER_RESOURCE_ACCESS |
dns.resourceRecordSets.get |
USER_RESOURCE_ACCESS |
dns.resourceRecordSets.list |
USER_RESOURCE_ACCESS |
dns.responsePolicies.get |
USER_RESOURCE_ACCESS |
dns.responsePolicies.list |
USER_RESOURCE_ACCESS |
dns.responsePolicyRules.get |
USER_RESOURCE_ACCESS |
dns.responsePolicyRules.list |
USER_RESOURCE_ACCESS |
dns.policies.get |
USER_RESOURCE_ACCESS |
dns.policies.list |
USER_RESOURCE_ACCESS |
dns.projects.get |
USER_RESOURCE_ACCESS |
dns.managedZones.create |
USER_RESOURCE_CREATION |
dns.managedZones.delete |
RESOURCE_DELETION |
dns.managedZones.update |
RESOURCE_WRITTEN |
dns.managedZones.patch |
USER_RESOURCE_UPDATE_CONTENT |
dns.changes.create |
USER_RESOURCE_CREATION |
dns.changes.delete |
RESOURCE_DELETION |
dns.activePeeringZones.deactivate |
USER_RESOURCE_UPDATE_CONTENT |
dns.resourceRecordSets.create |
USER_RESOURCE_CREATION |
dns.resourceRecordSets.delete |
RESOURCE_DELETION |
dns.resourceRecordSets.update |
RESOURCE_WRITTEN |
dns.resourceRecordSets.patch |
USER_RESOURCE_UPDATE_CONTENT |
dns.responsePolicies.create |
USER_RESOURCE_CREATION |
dns.responsePolicies.delete |
RESOURCE_DELETION |
dns.responsePolicies.update |
RESOURCE_WRITTEN |
dns.responsePolicies.patch |
USER_RESOURCE_UPDATE_CONTENT |
dns.responsePolicyRules.create |
USER_RESOURCE_CREATION |
dns.responsePolicyRules.delete |
RESOURCE_DELETION |
dns.responsePolicyRules.update |
RESOURCE_WRITTEN |
dns.responsePolicyRules.patch |
USER_RESOURCE_UPDATE_CONTENT |
dns.policies.create |
USER_RESOURCE_CREATION |
dns.policies.delete |
RESOURCE_DELETION |
dns.policies.update |
RESOURCE_WRITTEN |
dns.policies.patch |
USER_RESOURCE_UPDATE_CONTENT |
CreateRole |
USER_UNCATEGORIZED |
DeleteRole |
RESOURCE_DELETION |
UndeleteRole |
RESOURCE_CREATION |
UpdateRole |
RESOURCE_WRITTEN |
google.iam.v2beta.Policies.CreatePolicy |
USER_RESOURCE_CREATION |
google.iam.v2beta.Policies.DeletePolicy |
RESOURCE_DELETION |
google.iam.v2beta.Policies.UpdatePolicy |
RESOURCE_WRITTEN |
CreateServiceAccount |
USER_RESOURCE_CREATION |
DeleteServiceAccount |
RESOURCE_DELETION |
DisableServiceAccount |
STATUS_UPDATE |
EnableServiceAccount |
STATUS_UPDATE |
GetServiceAccount |
USER_RESOURCE_ACCESS |
PatchServiceAccount |
USER_RESOURCE_UPDATE_CONTENT |
SetIAMPolicy |
USER_RESOURCE_UPDATE_PERMISSIONS |
UndeleteServiceAccount |
RESOURCE_DELETION |
UpdateServiceAccount |
RESOURCE_WRITTEN |
CreateServiceAccountKey |
USER_RESOURCE_CREATION |
DeleteServiceAccountKey |
RESOURCE_DELETION |
UploadServiceAccountKey |
USER_RESOURCE_UPDATE_CONTENT |
CreateWorkloadIdentityPool |
USER_RESOURCE_CREATION |
DeleteWorkloadIdentityPool |
RESOURCE_DELETION |
UndeleteWorkloadIdentityPool |
RESOURCE_DELETION |
UpdateWorkloadIdentityPool |
RESOURCE_WRITTEN |
CreateWorkloadIdentityPoolProvider |
USER_RESOURCE_CREATION |
DeleteWorkloadIdentityPoolProvider |
RESOURCE_DELETION |
UndeleteWorkloadIdentityPoolProvider |
RESOURCE_DELETION |
UpdateWorkloadIdentityPoolProvider |
RESOURCE_WRITTEN |
CreateWorkforcePool |
USER_RESOURCE_CREATION |
DeleteWorkforcePool |
RESOURCE_DELETION |
UndeleteWorkforcePool |
RESOURCE_DELETION |
UpdateWorkforcePool |
RESOURCE_WRITTEN |
CreateWorkforcePoolProvider |
USER_RESOURCE_CREATION |
DeleteWorkforcePoolProvider |
RESOURCE_DELETION |
UndeleteWorkforcePoolProvider |
RESOURCE_DELETION |
UpdateWorkforcePoolProvider |
RESOURCE_WRITTEN |
GetEffectivePolicy1 |
USER_RESOURCE_ACCESS |
google.iam.admin.v1.GetPolicyDetails2 |
USER_RESOURCE_ACCESS |
ExchangeToken |
USER_RESOURCE_ACCESS |
Google Cloud console (federated) sign in |
USER_RESOURCE_UPDATE_PERMISSIONS |
GetRole |
USER_RESOURCE_ACCESS |
ListRoles |
USER_RESOURCE_ACCESS |
google.iam.v2beta.Policies.GetPolicy |
USER_RESOURCE_ACCESS |
google.iam.v2beta.Policies.ListPolicies |
USER_RESOURCE_ACCESS |
QueryGrantableRoles |
USER_RESOURCE_ACCESS |
GenerateAccessToken |
USER_RESOURCE_UPDATE_CONTENT |
GenerateIdToken |
USER_RESOURCE_UPDATE_CONTENT |
ListServiceAccounts |
USER_RESOURCE_ACCESS |
SignBlob |
USER_RESOURCE_UPDATE_CONTENT |
SignJwt |
USER_RESOURCE_UPDATE_CONTENT |
GetServiceAccountKey |
USER_RESOURCE_ACCESS |
ListServiceAccountKeys |
USER_RESOURCE_ACCESS |
GetWorkloadIdentityPool |
USER_RESOURCE_ACCESS |
ListWorkloadIdentityPools |
USER_RESOURCE_ACCESS |
GetWorkloadIdentityPoolProvider |
USER_RESOURCE_ACCESS |
ListWorkloadIdentityPoolProviders |
USER_RESOURCE_ACCESS |
GetWorkforcePool |
USER_RESOURCE_ACCESS |
ListWorkforcePools |
USER_RESOURCE_ACCESS |
GetWorkforcePoolProvider |
USER_RESOURCE_ACCESS |
ListWorkforcePoolProviders |
USER_RESOURCE_ACCESS |
io.k8s.authorization.rbac.v1 |
STATUS_UPDATE |
io.k8s.authorization.rbac.v1.roles |
STATUS_UPDATE |
io.k8s.batch.v1.jobs.create |
RESOURCE_CREATION |
io.k8s.authorization.rbac.v1.clusterroles.create |
RESOURCE_CREATION |
io.k8s.apps.v1.daemonsets.create |
RESOURCE_CREATION |
io.k8s.authorization.v1.selfsubjectaccessreviews.create |
RESOURCE_CREATION |
google.container.v1.ClusterManager.CreateCluster |
USER_RESOURCE_CREATION |
google.cloud.bigquery.v2.TableService.InsertTable |
USER_RESOURCE_CREATION |
google.cloud.bigquery.v2.TableService.UpdateTable |
RESOURCE_WRITTEN |
google.cloud.bigquery.v2.TableService.PatchTable |
USER_RESOURCE_UPDATE_CONTENT |
google.cloud.bigquery.v2.TableService.DeleteTable |
RESOURCE_DELETION |
google.cloud.bigquery.v2.DatasetService.InsertDataset |
USER_RESOURCE_CREATION |
google.cloud.bigquery.v2.DatasetService.UpdateDataset |
RESOURCE_WRITTEN |
google.cloud.bigquery.v2.DatasetService.PatchDataset |
USER_RESOURCE_UPDATE_CONTENT |
google.cloud.bigquery.v2.DatasetService.DeleteDataset |
USER_RESOURCE_DELETION |
google.cloud.bigquery.v2.TableDataService.List |
USER_RESOURCE_ACCESS |
google.cloud.bigquery.v2.JobService.InsertJob |
USER_RESOURCE_CREATION |
google.cloud.bigquery.v2.JobService.Query |
USER_RESOURCE_ACCESS |
google.cloud.bigquery.v2.JobService.GetQueryResults |
USER_RESOURCE_ACCESS |
InternalTableExpired |
USER_RESOURCE_DELETION |
google.cloud.bigquery.connection.v1.ConnectionService.CreateConnection |
USER_RESOURCE_CREATION |
google.cloud.bigquery.connection.v1.ConnectionService.DeleteConnection |
RESOURCE_DELETION |
google.cloud.bigquery.connection.v1.ConnectionService.UpdateConnection |
RESOURCE_WRITTEN |
google.cloud.bigquery.connection.v1.ConnectionService.SetIamPolicy |
RESOURCE_PERMISSIONS_CHANGE |
google.cloud.bigquery.reservation.v1.ReservationService.CreateReservation |
USER_RESOURCE_CREATION |
google.cloud.bigquery.reservation.v1.ReservationService.DeleteReservation |
RESOURCE_DELETION |
google.cloud.bigquery.reservation.v1.ReservationService.UpdateReservation |
RESOURCE_WRITTEN |
google.cloud.bigquery.reservation.v1.ReservationService.CreateCapacityCommitment |
USER_RESOURCE_CREATION |
google.cloud.bigquery.reservation.v1.ReservationService.DeleteCapacityCommitment |
RESOURCE_DELETION |
google.cloud.bigquery.reservation.v1.ReservationService.CreateAssignment |
USER_RESOURCE_CREATION |
google.cloud.bigquery.reservation.v1.ReservationService.DeleteAssignment |
RESOURCE_DELETION |
google.cloud.bigquery.reservation.v1.ReservationService.MoveAssignment |
STATUS_UPDATE |
cloudsql.backupRuns.get |
USER_RESOURCE_ACCESS |
cloudsql.backupRuns.list |
USER_RESOURCE_ACCESS |
cloudsql.databases.create |
USER_RESOURCE_CREATION |
cloudsql.databases.delete |
RESOURCE_DELETION |
cloudsql.databases.get |
USER_RESOURCE_ACCESS |
cloudsql.databases.list |
USER_RESOURCE_ACCESS |
cloudsql.databases.update |
RESOURCE_WRITTEN |
cloudsql.instances.export |
USER_RESOURCE_ACCESS |
cloudsql.instances.get |
USER_RESOURCE_ACCESS |
cloudsql.instances.import |
STATUS_UNCATEGORIZED |
cloudsql.instances.list |
USER_RESOURCE_ACCESS |
cloudsql.instances.listEffectiveTags |
USER_RESOURCE_ACCESS |
cloudsql.instances.listServerCas |
USER_RESOURCE_ACCESS |
cloudsql.instances.listTagBindings |
USER_RESOURCE_ACCESS |
cloudsql.instances.login |
USER_LOGIN |
cloudsql.sslCerts.get |
USER_RESOURCE_ACCESS |
cloudsql.sslCerts.list |
USER_RESOURCE_ACCESS |
cloudsql.users.create |
USER_RESOURCE_CREATION |
cloudsql.users.delete |
RESOURCE_DELETION |
cloudsql.users.get |
USER_RESOURCE_ACCESS |
cloudsql.users.list |
USER_RESOURCE_ACCESS |
cloudsql.users.update |
RESOURCE_WRITTEN |
cloudsql.backupRuns.create |
USER_RESOURCE_CREATION |
cloudsql.backupRuns.delete |
RESOURCE_DELETION |
cloudsql.instances.addServerCa |
USER_RESOURCE_CREATION |
cloudsql.instances.clone |
USER_RESOURCE_CREATION |
cloudsql.instances.connect |
RESOURCE_READ |
cloudsql.instances.create |
USER_RESOURCE_CREATION |
cloudsql.instances.createTagBinding |
USER_RESOURCE_CREATION |
cloudsql.instances.delete |
RESOURCE_DELETION |
cloudsql.instances.deleteTagBinding |
RESOURCE_DELETION |
cloudsql.instances.demoteMaster |
STATUS_UPDATE |
cloudsql.instances.failover |
STATUS_UPDATE |
cloudsql.instances.promoteReplica |
STATUS_UPDATE |
cloudsql.instances.resetSslConfig |
USER_RESOURCE_UPDATE_CONTENT |
cloudsql.instances.restart |
STATUS_STARTUP |
cloudsql.instances.restoreBackup |
STATUS_UPDATE |
cloudsql.instances.rotateServerCa |
STATUS_UPDATE |
cloudsql.instances.startReplica |
STATUS_STARTUP |
cloudsql.instances.stopReplica |
STATUS_UPDATE |
cloudsql.instances.truncateLog |
STATUS_UPDATE |
cloudsql.instances.update |
RESOURCE_WRITTEN |
cloudsql.sslCerts.create |
USER_RESOURCE_CREATION |
cloudsql.sslCerts.createEphemeral |
USER_RESOURCE_CREATION |
cloudsql.sslCerts.delete |
RESOURCE_DELETION |
compute.instances.insert |
RESOURCE_CREATION |
compute.instanceGroups.removeInstances |
RESOURCE_DELETION |
compute.instances.setMetadata |
USER_RESOURCE_UPDATE_CONTENT |
compute.instances.setLabels |
USER_RESOURCE_CREATION |
compute.instances.setTags |
USER_RESOURCE_CREATION |
compute.instances.setIamPolicy |
USER_RESOURCE_UPDATE_PERMISSIONS |
compute.instances.list |
USER_RESOURCE_ACCESS |
compute.images.get |
USER_RESOURCE_ACCESS |
compute.interconnectAttachments.aggregatedList |
USER_RESOURCE_ACCESS |
compute.instance.getSerialPortOutput |
USER_RESOURCE_ACCESS |
compute.instances.migrateOnHostMaintenance |
RESOURCE_CREATION |
compute.instances.automaticRestart |
USER_RESOURCE_UPDATE_CONTENT |
compute.instanceGroupManagers.resizeAdvanced |
USER_RESOURCE_UPDATE_CONTENT |
google.ssh-serialport.v1.connect |
NETWORK_CONNECTION |
firewalls.delete |
RESOURCE_DELETION |
firewalls.insert |
RESOURCE_CREATION |
firewalls.patch |
USER_RESOURCE_UPDATE_CONTENT |
firewalls.update |
RESOURCE_WRITTEN |
forwardingRules.delete |
RESOURCE_DELETION |
forwardingRules.insert |
RESOURCE_CREATION |
forwardingRules.patch |
USER_RESOURCE_UPDATE_CONTENT |
forwardingRules.setTarget |
STATUS_UPDATE |
networks.addPeering |
STATUS_UPDATE |
networks.delete |
RESOURCE_DELETION |
networks.insert |
RESOURCE_CREATION |
networks.patch |
USER_RESOURCE_UPDATE_CONTENT |
networks.removePeering |
RESOURCE_DELETION |
networks.switchToCustomMode |
STATUS_UPDATE |
networks.updatePeering |
RESOURCE_WRITTEN |
routes.delete |
RESOURCE_DELETION |
routes.insert |
USER_RESOURCE_CREATION |
subnetworks.delete |
RESOURCE_DELETION |
subnetworks.expandIpCidrRange |
STATUS_UPDATE |
subnetworks.insert |
RESOURCE_CREATION |
subnetworks.patch |
USER_RESOURCE_UPDATE_CONTENT |
subnetworks.setIamPolicy |
USER_RESOURCE_UPDATE_PERMISSIONS |
subnetworks.setPrivateIpGoogleAccess |
STATUS_UPDATE |
subnetworks.testIamPermissions |
USER_RESOURCE_ACCESS |
firewalls.get |
USER_RESOURCE_ACCESS |
firewalls.list |
USER_RESOURCE_ACCESS |
forwardingRules.aggregatedList |
USER_RESOURCE_ACCESS |
forwardingRules.get |
USER_RESOURCE_ACCESS |
forwardingRules.list |
USER_RESOURCE_ACCESS |
networks.get |
USER_RESOURCE_ACCESS |
networks.list |
USER_RESOURCE_ACCESS |
networks.listPeeringRoutes |
USER_RESOURCE_ACCESS |
routes.get |
USER_RESOURCE_ACCESS |
routes.list |
USER_RESOURCE_ACCESS |
subnetworks.aggregatedList |
USER_RESOURCE_ACCESS |
subnetworks.get |
USER_RESOURCE_ACCESS |
subnetworks.getIamPolicy |
USER_RESOURCE_ACCESS |
subnetworks.list |
USER_RESOURCE_ACCESS |
subnetworks.listUsable |
USER_RESOURCE_ACCESS |
google.admin.AdminService.alertCenterBatchDeleteAlerts |
RESOURCE_DELETION |
google.admin.AdminService.alertCenterBatchUndeleteAlerts |
RESOURCE_DELETION |
google.admin.AdminService.alertCenterCreateAlert |
USER_RESOURCE_CREATION |
google.admin.AdminService.alertCenterCreateFeedback |
USER_RESOURCE_CREATION |
google.admin.AdminService.alertCenterDeleteAlert |
RESOURCE_DELETION |
google.admin.AdminService.alertCenterGetAlertMetadata |
USER_RESOURCE_ACCESS |
google.admin.AdminService.alertCenterGetCustomerSettings |
USER_RESOURCE_ACCESS |
google.admin.AdminService.alertCenterGetSitLink |
USER_RESOURCE_ACCESS |
google.admin.AdminService.alertCenterListChange |
USER_RESOURCE_ACCESS |
google.admin.AdminService.alertCenterListFeedback |
USER_RESOURCE_ACCESS |
google.admin.AdminService.alertCenterListRelatedAlerts |
USER_RESOURCE_ACCESS |
google.admin.AdminService.alertCenterUndeleteAlert |
RESOURCE_DELETION |
google.admin.AdminService.alertCenterUpdateAlert |
RESOURCE_WRITTEN |
google.admin.AdminService.alertCenterUpdateAlertMetadata |
RESOURCE_WRITTEN |
google.admin.AdminService.alertCenterUpdateCustomerSettings |
RESOURCE_WRITTEN |
google.admin.AdminService.alertCenterView |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.changeApplicationSetting |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.createApplicationSetting |
USER_RESOURCE_CREATION |
google.admin.AdminService.deleteApplicationSetting |
RESOURCE_DELETION |
google.admin.AdminService.reorderGroupBasedPoliciesEvent |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.gplusPremiumFeatures |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.createManagedConfiguration |
USER_RESOURCE_CREATION |
google.admin.AdminService.deleteManagedConfiguration |
RESOURCE_DELETION |
google.admin.AdminService.updateManagedConfiguration |
RESOURCE_WRITTEN |
google.admin.AdminService.flashlightEduNonFeaturedServicesSelected |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.createBuilding |
USER_RESOURCE_CREATION |
google.admin.AdminService.deleteBuilding |
RESOURCE_DELETION |
google.admin.AdminService.updateBuilding |
RESOURCE_WRITTEN |
google.admin.AdminService.createCalendarResource |
USER_RESOURCE_CREATION |
google.admin.AdminService.deleteCalendarResource |
RESOURCE_DELETION |
google.admin.AdminService.createCalendarResourceFeature |
USER_RESOURCE_CREATION |
google.admin.AdminService.deleteCalendarResourceFeature |
RESOURCE_DELETION |
google.admin.AdminService.updateCalendarResourceFeature |
RESOURCE_WRITTEN |
google.admin.AdminService.renameCalendarResource |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.updateCalendarResource |
RESOURCE_WRITTEN |
google.admin.AdminService.changeCalendarSetting |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.cancelCalendarEvents |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.releaseCalendarResources |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.meetInteropCreateGateway |
USER_RESOURCE_CREATION |
google.admin.AdminService.meetInteropDeleteGateway |
RESOURCE_DELETION |
google.admin.AdminService.meetInteropModifyGateway |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.changeChatSetting |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.changeChromeOsAndroidApplicationSetting |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.changeChromeOsApplicationSetting |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.sendChromeOsDeviceCommand |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.changeChromeOsDeviceAnnotation |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.changeChromeOsDeviceSetting |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.changeChromeOsDeviceState |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.changeChromeOsPublicSessionSetting |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.insertChromeOsPrinter |
USER_RESOURCE_CREATION |
google.admin.AdminService.deleteChromeOsPrinter |
RESOURCE_DELETION |
google.admin.AdminService.updateChromeOsPrinter |
RESOURCE_WRITTEN |
google.admin.AdminService.changeChromeOsSetting |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.changeChromeOsUserSetting |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.removeChromeOsApplicationSettings |
RESOURCE_DELETION |
google.admin.AdminService.changeContactsSetting |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.assignRole |
USER_RESOURCE_UPDATE_PERMISSIONS |
google.admin.AdminService.createRole |
USER_RESOURCE_CREATION |
google.admin.AdminService.deleteRole |
RESOURCE_DELETION |
google.admin.AdminService.addPrivilege |
USER_RESOURCE_CREATION |
google.admin.AdminService.removePrivilege |
RESOURCE_DELETION |
google.admin.AdminService.renameRole |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.updateRole |
RESOURCE_WRITTEN |
google.admin.AdminService.unassignRole |
USER_RESOURCE_UPDATE_PERMISSIONS |
google.admin.AdminService.deleteDevice |
RESOURCE_DELETION |
google.admin.AdminService.moveDeviceToOrgUnit |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.transferDocumentOwnership |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.driveDataRestore |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.changeDocsSetting |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.changeAccountAutoRenewal |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.addApplication |
USER_RESOURCE_CREATION |
google.admin.AdminService.addApplicationToWhitelist |
USER_RESOURCE_CREATION |
google.admin.AdminService.changeAdvertisementOption |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.createAlert |
USER_RESOURCE_CREATION |
google.admin.AdminService.changeAlertCriteria |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.deleteAlert |
RESOURCE_DELETION |
google.admin.AdminService.alertReceiversChanged |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.renameAlert |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.alertStatusChanged |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.addDomainAlias |
USER_RESOURCE_CREATION |
google.admin.AdminService.removeDomainAlias |
RESOURCE_DELETION |
google.admin.AdminService.skipDomainAliasMx |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.verifyDomainAliasMx |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.verifyDomainAlias |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.toggleOauthAccessToAllApis |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.toggleAllowAdminPasswordReset |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.enableApiAccess |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.authorizeApiClientAccess |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.removeApiClientAccess |
RESOURCE_DELETION |
google.admin.AdminService.chromeLicensesRedeemed |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.toggleAutoAddNewService |
USER_RESOURCE_CREATION |
google.admin.AdminService.changePrimaryDomain |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.changeWhitelistSetting |
USER_RESOURCE_ACCESS |
google.admin.AdminService.communicationPreferencesSettingChange |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.changeConflictAccountAction |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.enableFeedbackSolicitation |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.toggleContactSharing |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.createPlayForWorkToken |
USER_RESOURCE_CREATION |
google.admin.AdminService.toggleUseCustomLogo |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.changeCustomLogo |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.changeDataLocalizationForRussia |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.changeDataLocalizationSetting |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.changeDataProtectionOfficerContactInfo |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.deletePlayForWorkToken |
RESOURCE_DELETION |
google.admin.AdminService.viewDnsLoginDetails |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.changeDomainDefaultLocale |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.changeDomainDefaultTimezone |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.changeDomainName |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.toggleEnablePreReleaseFeatures |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.changeDomainSupportMessage |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.addTrustedDomains |
USER_RESOURCE_CREATION |
google.admin.AdminService.removeTrustedDomains |
RESOURCE_DELETION |
google.admin.AdminService.changeEduType |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.toggleEnableOauthConsumerKey |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.toggleSsoEnabled |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.toggleSsl |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.changeEuRepresentativeContactInfo |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.generateTransferToken |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.changeLoginBackgroundColor |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.changeLoginBorderColor |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.changeLoginActivityTrace |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.playForWorkEnroll |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.playForWorkUnenroll |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.mxRecordVerificationClaim |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.toggleNewAppFeatures |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.toggleUseNextGenControlPanel |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.uploadOauthCertificate |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.regenerateOauthConsumerSecret |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.toggleOpenIdEnabled |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.changeOrganizationName |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.toggleOutboundRelay |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.changePasswordMaxLength |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.changePasswordMinLength |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.updateDomainPrimaryAdminEmail |
RESOURCE_WRITTEN |
google.admin.AdminService.enableServiceOrFeatureNotifications |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.removeApplication |
RESOURCE_DELETION |
google.admin.AdminService.removeApplicationFromWhitelist |
RESOURCE_DELETION |
google.admin.AdminService.changeRenewDomainRegistration |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.changeResellerAccess |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.ruleActionsChanged |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.createRule |
USER_RESOURCE_CREATION |
google.admin.AdminService.changeRuleCriteria |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.deleteRule |
RESOURCE_DELETION |
google.admin.AdminService.renameRule |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.ruleStatusChanged |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.addSecondaryDomain |
USER_RESOURCE_CREATION |
google.admin.AdminService.removeSecondaryDomain |
RESOURCE_DELETION |
google.admin.AdminService.skipSecondaryDomainMx |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.verifySecondaryDomainMx |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.verifySecondaryDomain |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.updateDomainSecondaryEmail |
RESOURCE_WRITTEN |
google.admin.AdminService.changeSsoSettings |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.generatePin |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.updateRule |
RESOURCE_WRITTEN |
google.admin.AdminService.dropFromQuarantine |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.emailLogSearch |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.emailUndelete |
RESOURCE_DELETION |
google.admin.AdminService.changeEmailSetting |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.changeGmailSetting |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.createGmailSetting |
USER_RESOURCE_CREATION |
google.admin.AdminService.deleteGmailSetting |
RESOURCE_DELETION |
google.admin.AdminService.rejectFromQuarantine |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.releaseFromQuarantine |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.createGroup |
USER_RESOURCE_CREATION |
google.admin.AdminService.deleteGroup |
RESOURCE_DELETION |
google.admin.AdminService.changeGroupDescription |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.groupListDownload |
USER_RESOURCE_ACCESS |
google.admin.AdminService.addGroupMember |
USER_RESOURCE_CREATION |
google.admin.AdminService.removeGroupMember |
RESOURCE_DELETION |
google.admin.AdminService.updateGroupMember |
RESOURCE_WRITTEN |
google.admin.AdminService.updateGroupMemberDeliverySettings |
RESOURCE_WRITTEN |
google.admin.AdminService.updateGroupMemberDeliverySettingsCanEmailOverride |
RESOURCE_WRITTEN |
google.admin.AdminService.groupMemberBulkUpload |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.groupMembersDownload |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.changeGroupName |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.changeGroupSetting |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.whitelistedGroupsUpdated |
RESOURCE_WRITTEN |
google.admin.AdminService.securityInvestigationAction |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.securityInvestigationActionCancellation |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.securityInvestigationActionCompletion |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.securityInvestigationActionRetry |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.securityInvestigationActionVerificationConfirmation |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.securityInvestigationActionVerificationRequest |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.securityInvestigationActionVerificationRequestExpiration |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.securityInvestigationChartCreate |
USER_RESOURCE_CREATION |
google.admin.AdminService.securityInvestigationContentAccess |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.securityInvestigationDownloadAttachment |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.securityInvestigationExportActionResults |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.securityInvestigationExportQuery |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.securityInvestigationObjectCreateDraftInvestigation |
USER_RESOURCE_CREATION |
google.admin.AdminService.securityInvestigationObjectDeleteInvestigation |
RESOURCE_DELETION |
google.admin.AdminService.securityInvestigationObjectDuplicateInvestigation |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.securityInvestigationObjectOwnershipTransfer |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.securityInvestigationObjectSaveInvestigation |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.securityInvestigationObjectUpdateDirectSharing |
RESOURCE_WRITTEN |
google.admin.AdminService.securityInvestigationObjectUpdateLinkSharing |
RESOURCE_WRITTEN |
google.admin.AdminService.securityInvestigationQuery |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.securityInvestigationSettingUpdate |
RESOURCE_WRITTEN |
google.admin.AdminService.addToTrustedOauth2Apps |
USER_RESOURCE_CREATION |
google.admin.AdminService.allowAspWithout2Sv |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.allowServiceForOauth2Access |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.allowStrongAuthentication |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.blockOnDeviceAccess |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.changeAllowedTwoStepVerificationMethods |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.changeAppAccessSettingsCollectionId |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.changeCaaAppAssignments |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.changeCaaDefaultAssignments |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.changeCaaErrorMessage |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.changeSessionLength |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.changeTwoStepVerificationEnrollmentPeriodDuration |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.changeTwoStepVerificationFrequency |
USER_RESOURCE_UPDATE_PERMISSIONS |
google.admin.AdminService.changeTwoStepVerificationGracePeriodDuration |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.changeTwoStepVerificationStartDate |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.disallowServiceForOauth2Access |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.enableNonAdminUserPasswordRecovery |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.enforceStrongAuthentication |
USER_RESOURCE_UPDATE_PERMISSIONS |
google.admin.AdminService.removeFromTrustedOauth2Apps |
RESOURCE_DELETION |
google.admin.AdminService.sessionControlSettingsChange |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.toggleCaaEnablement |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.trustDomainOwnedOauth2Apps |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.unblockOnDeviceAccess |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.untrustDomainOwnedOauth2Apps |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.updateErrorMsgForRestrictedOauth2Apps |
RESOURCE_WRITTEN |
google.admin.AdminService.weakProgrammaticLoginSettingsChanged |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.delete2SvScratchCodes |
RESOURCE_DELETION |
google.admin.AdminService.generate2SvScratchCodes |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.revoke3LoDeviceTokens |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.revoke3LoToken |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.addRecoveryEmail |
USER_RESOURCE_CREATION |
google.admin.AdminService.addRecoveryPhone |
USER_RESOURCE_CREATION |
google.admin.AdminService.grantAdminPrivilege |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.revokeAdminPrivilege |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.revokeAsp |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.toggleAutomaticContactSharing |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.bulkUpload |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.bulkUploadNotificationSent |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.cancelUserInvite |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.changeUserCustomField |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.changeUserExternalId |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.changeUserGender |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.changeUserIm |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.enableUserIpWhitelist |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.changeUserKeyword |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.changeUserLanguage |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.changeUserLocation |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.changeUserOrganization |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.changeUserPhoneNumber |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.changeRecoveryEmail |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.changeRecoveryPhone |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.changeUserRelation |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.changeUserAddress |
USER_RESOURCE_CREATION |
google.admin.AdminService.createEmailMonitor |
USER_RESOURCE_CREATION |
google.admin.AdminService.createDataTransferRequest |
USER_RESOURCE_CREATION |
google.admin.AdminService.grantDelegatedAdminPrivileges |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.deleteAccountInfoDump |
RESOURCE_DELETION |
google.admin.AdminService.deleteEmailMonitor |
RESOURCE_DELETION |
google.admin.AdminService.deleteMailboxDump |
RESOURCE_DELETION |
google.admin.AdminService.changeFirstName |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.gmailResetUser |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.changeLastName |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.mailRoutingDestinationAdded |
USER_RESOURCE_CREATION |
google.admin.AdminService.mailRoutingDestinationRemoved |
RESOURCE_DELETION |
google.admin.AdminService.addNickname |
USER_RESOURCE_CREATION |
google.admin.AdminService.removeNickname |
RESOURCE_DELETION |
google.admin.AdminService.changePassword |
USER_CHANGE_PASSWORD |
google.admin.AdminService.changePasswordOnNextLogin |
USER_CHANGE_PASSWORD |
google.admin.AdminService.downloadPendingInvitesList |
USER_RESOURCE_ACCESS |
google.admin.AdminService.removeRecoveryEmail |
RESOURCE_DELETION |
google.admin.AdminService.removeRecoveryPhone |
RESOURCE_DELETION |
google.admin.AdminService.requestAccountInfo |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.requestMailboxDump |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.resendUserInvite |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.resetSigninCookies |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.securityKeyRegisteredForUser |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.revokeSecurityKey |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.userInvite |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.viewTempPassword |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.turnOff2StepVerification |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.unblockUserSession |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.unenrollUserFromTitanium |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.archiveUser |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.updateBirthdate |
RESOURCE_WRITTEN |
google.admin.AdminService.createUser |
USER_CREATION |
google.admin.AdminService.deleteUser |
RESOURCE_DELETION |
google.admin.AdminService.downgradeUserFromGplus |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.userEnrolledInTwoStepVerification |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.downloadUserlistCsv |
USER_RESOURCE_ACCESS |
google.admin.AdminService.moveUserToOrgUnit |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.userPutInTwoStepVerificationGracePeriod |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.renameUser |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.unenrollUserFromStrongAuth |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.suspendUser |
USER_RESOURCE_UPDATE_PERMISSIONS |
google.admin.AdminService.unarchiveUser |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.undeleteUser |
RESOURCE_DELETION |
google.admin.AdminService.unsuspendUser |
STATUS_UPDATE |
google.admin.AdminService.upgradeUserToGplus |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.usersBulkUpload |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.usersBulkUploadNotificationSent |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.createAccessLevelV2 |
USER_RESOURCE_CREATION |
google.admin.AdminService.systemDefinedRuleUpdated |
USER_RESOURCE_UPDATE_PERMISSIONS |
google.admin.AdminService.createDeviceEnrollmentToken |
USER_RESOURCE_CREATION |
google.login.LoginService.2svDisable |
STATUS_UPDATE |
google.login.LoginService.2svEnroll |
STATUS_UPDATE |
google.login.LoginService.accountDisabledPasswordLeak |
STATUS_UPDATE |
google.login.LoginService.accountDisabledGeneric |
USER_LOGIN |
google.login.LoginService.accountDisabledSpammingThroughRelay |
USER_LOGIN
Security category: |
google.login.LoginService.accountDisabledSpamming |
USER_LOGIN
Security category: |
google.login.LoginService.accountDisabledHijacked |
USER_LOGIN
Security category: |
google.login.LoginService.emailForwardingOutOfDomain |
EMAIL_TRANSACTION |
google.login.LoginService.govAttackWarning |
USER_LOGIN
Security category: |
google.login.LoginService.loginChallenge |
USER_LOGIN |
google.login.LoginService.loginFailure |
USER_LOGIN
Security category: |
google.login.LoginService.loginVerification |
USER_LOGIN |
google.login.LoginService.logout |
USER_LOGOUT |
google.login.LoginService.loginSuccess |
USER_LOGIN |
google.login.LoginService.passwordEdit |
USER_CHANGE_PASSWORD |
google.login.LoginService.recoveryEmailEdit |
USER_RESOURCE_UPDATE_CONTENT |
google.login.LoginService.recoveryPhoneEdit |
USER_RESOURCE_UPDATE_CONTENT |
google.login.LoginService.recoverySecretQaEdit |
USER_RESOURCE_UPDATE_CONTENT |
google.login.LoginService.suspiciousLogin |
USER_LOGIN
Security category: |
google.login.LoginService.suspiciousLoginLessSecureApp |
USER_LOGIN
Security category: |
google.login.LoginService.suspiciousProgrammaticLogin |
USER_LOGIN
Security category: |
google.login.LoginService.titaniumEnroll |
USER_RESOURCE_UPDATE_CONTENT |
google.login.LoginService.titaniumUnenroll |
USER_RESOURCE_CREATION |
google.identity.accesscontextmanager.v1.AccessContextManager.CreateAccessLevel |
USER_RESOURCE_CREATION |
google.apps.cloudidentity.groups.v1.MembershipsService.UpdateMembership |
USER_RESOURCE_UPDATE_CONTENT |
io.k8s.core.v1.pods.create |
RESOURCE_CREATION |
io.k8s.authorization.rbac.v1.clusterrolebindings.create |
RESOURCE_CREATION |
beta.compute.instanceTemplates.insert |
RESOURCE_CREATION |
SetOrgPolicy |
USER_RESOURCE_UPDATE_PERMISSIONS |
beta.compute.instanceGroupManagers.patch |
RESOURCE_WRITTEN |
beta.compute.autoscalers.update |
RESOURCE_WRITTEN |
compute.v1.InstancesService.Get |
USER_RESOURCE_ACCESS |
google.storage.objects.list |
USER_RESOURCE_ACCESS |
google.cloudresourcemanager.v1.Projects.SetIamPolicy |
USER_RESOURCE_UPDATE_PERMISSIONS |
cloudsql.instances.query |
USER_RESOURCE_ACCESS |
cloudtrace.googleapis.com/ListInsights |
RESOURCE_READ |
google.cloud.functions.v1.CloudFunctionsService.CreateFunction |
RESOURCE_CREATION |
google.api.servicemanagement.v1.ServiceManager.ActivateServices |
USER_RESOURCE_UPDATE_CONTENT |
google.admin.AdminService.changePassword |
USER_CHANGE_PASSWORD |
google.api.serviceusage.v1.ServiceUsage.DisableService |
USER_RESOURCE_UPDATE_CONTENT |
AuthorizeUser |
USER_LOGIN |
google.cloud.oslogin.v1.OsLoginService.CheckPolicy |
USER_LOGIN |
google.admin.AdminService.unsuspendUser |
STATUS_UPDATE |
jobservice.jobcompleted |
RESOURCE_WRITTEN |
compute.v1.ProjectsService.Get |
USER_RESOURCE_ACCESS |
v1.compute.projects.setCommonInstanceMetadata |
USER_RESOURCE_UPDATE_CONTENT |
CreateCryptoKey |
RESOURCE_CREATION |
storage.buckets.get |
RESOURCE_READ |
google.longrunning.Operations.GetOperation |
RESOURCE_READ |
io.k8s.core.v1.pods.delete |
RESOURCE_DELETION |
v1.compute.disks.delete |
RESOURCE_DELETION |
v1.compute.disks.insert |
RESOURCE_CREATION |
ScheduledSnapshots |
RESOURCE_WRITTEN |
v1.compute.disks.setLabels |
RESOURCE_WRITTEN |
google.cloud.healthcare.v1alpha2.dataset.DatasetService.AccessEhrSearch |
STATUS_UPDATE |
io.k8s.apiextensions.v1.customresourcedefinitions.patch |
RESOURCE_WRITTEN |
io.k8s.post |
USER_UNCATEGORIZED |
v1.compute.instances.delete |
RESOURCE_DELETION |
storage.buckets.list |
RESOURCE_READ |
storage.objects.create |
RESOURCE_CREATION |
google.pubsub.v1.Publisher.CreateTopic |
RESOURCE_CREATION |
google.devtools.cloudbuild.v1.CloudBuild.ListBuilds |
USER_RESOURCE_ACCESS |
google.cloud.asset.v1.AssetService.UpdateFeed |
USER_RESOURCE_UPDATE_PERMISSIONS |
storage.objects.update |
RESOURCE_WRITTEN |
datasetservice.insert |
USER_RESOURCE_CREATION |
storage.setIamPermissions |
USER_RESOURCE_UPDATE_PERMISSIONS |
io.k8s.coordination.v1.leases.update |
RESOURCE_WRITTEN |
datasetservice.delete |
USER_RESOURCE_DELETION |
compute.instances.repair.recreateInstance |
RESOURCE_CREATION |
tableservice.delete |
USER_RESOURCE_DELETION |
io.k8s.core.v1.configmaps.update |
RESOURCE_WRITTEN |
io.k8s.core.v1.nodes.proxy.get |
RESOURCE_READ |
compute.instances.repair.deleteInstance |
RESOURCE_DELETION |
google.cloud.dataproc.v1.JobController.SubmitJob |
RESOURCE_WRITTEN |
google.cloud.dataproc.v1beta2.ClusterController.UpdateCluster |
RESOURCE_WRITTEN |
io.k8s.app.v1beta1.applications.update |
RESOURCE_WRITTEN |
io.gke.networking.v1beta1.managedcertificates.update |
RESOURCE_WRITTEN |
io.k8s.extensions.v1beta1.deployments.patch |
RESOURCE_WRITTEN |
compute.instanceGroupManagers.deleteInstances |
RESOURCE_DELETION |
io.k8s.authorization.rbac.v1.rolebindings.patch |
RESOURCE_WRITTEN |
google.admin.AdminService.toggleServiceEnabled |
USER_UNCATEGORIZED |
io.k8s.core.v1.services.proxy.get |
RESOURCE_READ |
google.datastore.v1.Datastore.RunQuery |
STATUS_UPDATE |
google.appengine.Datastore.Put |
STATUS_UPDATE |
google.cloud.securitycenter.settings.v1beta2.Settings.UpdateSecurityHealthAnalyticsSettings |
RESOURCE_WRITTEN |
v1.compute.securityPolicies.patchRule |
RESOURCE_WRITTEN |
beta.compute.images.setIamPolicy |
USER_RESOURCE_UPDATE_PERMISSIONS |
google.iam.v1.IAMPolicy.SetIamPolicy |
USER_RESOURCE_UPDATE_PERMISSIONS |
io.k8s.certificates.v1.certificatesigningrequests.create |
RESOURCE_CREATION |
io.k8s.core.v0.id.create |
RESOURCE_CREATION |
google.cloud.orgpolicy.v2.OrgPolicy.DeletePolicy |
RESOURCE_WRITTEN |
google.cloud.securitycenter.settings.v1beta2.Settings.UpdateEventThreatDetectionSettings |
RESOURCE_DELETION |
UpdateCryptoKeyVersion |
RESOURCE_WRITTEN |
google.apps.cloudidentity.groups.v1.GroupsService.UpdateGroup |
RESOURCE_WRITTEN |
v1 |
STATUS_UPDATE |
google.cloud.run.v1.Services.ReplaceService |
SERVICE_UNCATEGORIZED |
updatePolicy |
RESOURCE_WRITTEN |
updateBackup |
RESOURCE_WRITTEN |
Referenz zur Feldzuordnung: GCP_CLOUDAUDIT
In der folgenden Tabelle sind die Logfelder des Logtyps GCP_CLOUDAUDIT und die entsprechenden UDM-Felder aufgeführt.| Logfeld | UDM-Zuordnung | Logik |
|---|---|---|
jsonPayload.accesses[].resourceName |
about.resource.name |
|
protoPayload.response.selfLink |
about.url |
|
protoPayload.metadata.event.eventName.parameter.name[login_challenge_method] |
extensions.auth.auth_details |
Wenn der Wert des Logfelds protoPayload.metadata.event.eventName gleich login_failure, login_verification oder login_challenge oder login_success ist und der Wert des Logfelds protoPayload.metadata.event.eventName.parameter.name gleich login_challenge_method ist, wird das Logfeld protoPayload.metadata.event.eventName.parameter.value dem UDM-Feld extensions.auth.auth_details zugeordnet. |
extensions.auth.auth_mechanism |
Wenn protoPayload.metadata.event.eventName gleich login_failure oder login_verification oder login_challenge oder logic_success ist, lautet das UDM-Feld extensions.auth.auth_mechanism:
|
|
extensions.auth.type |
Wenn der Wert des Logfelds protoPayload.metadata.event.eventName gleich login_failure, login_verification oder login_challenge oder login_success ist und der Wert des Logfelds protoPayload.metadata.event.eventName.parameter.name gleich login_challenge_method ist, wird das UDM-Feld extensions.auth.type auf MACHINE gesetzt. |
|
protoPayload.metadata.event.eventName.parameter.name[GATEWAY_NAME] |
intermediary.resource.name |
|
receiveTimestamp |
metadata.collected_timestamp |
|
protoPayload.response.operationType |
metadata.description |
Wenn der Wert des Logfelds protoPayload.methodName gleich cloudsql.instances.create ist, wird das Logfeld protoPayload.response.operationType - protoPayload.response.kind dem UDM-Feld metadata.description zugeordnet. |
protoPayload.response.kind |
metadata.description |
Wenn der Wert des Logfelds protoPayload.methodName gleich cloudsql.instances.create ist, wird das Logfeld protoPayload.response.operationType - protoPayload.response.kind dem UDM-Feld metadata.description zugeordnet. |
protoPayload.metadata.event.eventName.parameter.name[SETTING_DESCRIPTION] |
metadata.description |
|
timestamp |
metadata.event_timestamp |
|
protoPayload.methodName |
metadata.product_event_type |
|
resource.labels.method |
metadata.product_event_type |
|
jsonPayload.event_subtype |
metadata.product_event_type |
|
insertId |
metadata.product_log_id |
|
protoPayload.metadata.event.eventName.parameter.name[PRODUCT_NAME] |
metadata.product_name |
Wenn der Wert des Logfelds protoPayload.serviceName mit dem regulären Ausdruck (compute.googleapis.com) übereinstimmt, ist das Feld metadata.product_name für den regulären Ausdruck (compute.googleapis.com) auf metadata.product_name/1. Das Feld „UDM/“ ist auf „metadata.product_name1“ festgelegt. Das Feld „UDM/“ ist {. Das Feld „UDM/“ entspricht dann { “ > { Feld „UDM/“ entspricht dem regulären Ausdruck „ (bigquery.googleapis.com)“. Wenn der Wert des Felds protoPayload.serviceName mit dem regulären Ausdruck (bigquery.googleapis.com) übereinstimmt.protoPayload.serviceNameprotoPayload.serviceNameprotoPayload.serviceNameprotoPayload.serviceNameprotoPayload.serviceNameprotoPayload.serviceNameprotoPayload.serviceNameprotoPayload.serviceNamemetadata.product_namemetadata.product_namemetadata.product_namemetadata.product_namemetadata.product_namemetadata.product_namemetadata.product_nameGoogle Compute EngineBigQuery(admin.googleapis.com or login.googleapis.com or cloudidentity.googleapis.com)G Suite(k8s.io)Google Kubernetes Engine(servicemanagement.googleapis.com)Google Service Management(storage.googleapis.com)Google Cloud Storage(cloudsql.googleapis.com)Google Cloud SQL(dataproc.googleapis.com)Google Dataproc(iam.googleapis.com)Google Cloud IAM(accesscontextmanager.googleapis.com)Context Manager API |
logName |
metadata.url_back_to_product |
|
protoPayload.response.selfLinkWithId |
metadata.url_back_to_product |
|
metadata.vendor_name |
Das UDM-Feld metadata.vendor_name ist auf Google Cloud Platform festgelegt. |
|
httpRequest.protocol |
network.application_protocol |
|
protoPayload.metadata.request_id |
network.community_id |
|
protoPayload.resourceOriginalState.direction |
network.direction |
|
protoPayload.request.direction |
network.direction |
|
protoPayload.metadata.event.eventName.parameter.name[EMAIL_LOG_SEARCH_SENDER] |
network.email.from |
|
protoPayload.metadata.event.eventName.parameter.name[EMAIL_LOG_SEARCH_MSG_ID] |
network.email.mail_id |
|
protoPayload.metadata.event.eventName.parameter.name[EMAIL_LOG_SEARCH_RECIPIENT] |
network.email.to |
|
httpRequest.requestMethod |
network.http.method |
|
protoPayload.requestMetadata.requestAttributes.method |
network.http.method |
|
httpRequest.referer |
network.http.referral_url |
|
protoPayload.requestMetadata.requestAttributes.path |
network.http.referral_url |
|
httpRequest.requestUrl |
network.http.referral_url |
|
protoPayload.resourceOriginalState.network |
network.http.referral_url |
|
httpRequest.status |
network.http.response_code |
|
protoPayload.response.error.code |
network.http.response_code |
|
protoPayload.status.code |
security_result.detection_fields [status_code] |
|
protoPayload.requestMetadata.callerSuppliedUserAgent |
network.http.user_agent |
Wenn der Wert des Logfelds protoPayload.requestMetadata.callerSuppliedUserAgent mit dem regulären Ausdruck Group übereinstimmt, wird das Logfeld protoPayload.requestMetadata.callerSuppliedUserAgent dem UDM-Feld principal.group.group_display_name zugeordnet. |
httpRequest.userAgent |
network.http.user_agent |
|
protoPayload.resourceOriginalState.alloweds.IPProtocol |
network.ip_protocol |
|
protoPayload.requestMetadata.requestAttributes.protocol |
network.ip_protocol |
|
protoPayload.request.IPProtocol |
network.ip_protocol |
|
protoPayload.request.alloweds.IPProtocol |
network.ip_protocol |
|
jsonPayload.connection.protocol |
network.ip_protocol |
|
protoPayload.metadata.event.eventName.parameter.name[ORG_UNIT_NAME] |
network.organization_name |
|
httpRequest.responseSize |
network.received_bytes |
|
httpRequest.requestSize |
network.sent_bytes |
|
jsonPayload.bytes_sent |
network.sent_bytes |
|
protoPayload.requestMetadata.requestAttributes.id |
network.session_id |
|
ProtoPayload.authenticationInfo.serviceAccountDelegationInfo.firstPartyPrincipal.principalEmail |
principal.email |
|
jsonPayload.src_instance.vm_name |
principal.hostname |
|
protoPayload.requestMetadata.callerIp |
principal.ip |
|
protoPayload.metadata.event.eventName.parameter.name[EMAIL_LOG_SEARCH_SMTP_SENDER_IP] |
principal.ip |
|
jsonPayload.connection.src_ip |
principal.ip |
|
httpRequest.serverIp |
principal.ip |
|
resourceLocation.originalLocations |
principal.location.name |
|
jsonPayload.connection.nat_ip |
principal.nat_ip |
|
jsonPayload.connection.nat_port |
principal.nat_port |
|
jsonPayload.connection.src_port |
principal.port |
|
protoPayload.authorizationInfo.resource |
principal.resource.name |
Wenn der Wert des Logfelds protoPayload.authorizationInfo.resource nicht leer ist, wird das Logfeld protoPayload.authorizationInfo.resource dem UDM-Feld principal.resource.name zugeordnet. |
protoPayload.authorizationInfo.resourceAttributes.name |
principal.resource.name |
Wenn der Wert des Logfelds protoPayload.authorizationInfo.resourceAttributes.name nicht leer ist, wird das Logfeld protoPayload.authorizationInfo.resourceAttributes.name dem UDM-Feld principal.resource.name zugeordnet. |
protoPayload.resourceOriginalState.name |
principal.resource.name |
|
protoPayload.authorizationInfo.resourceAttributes.type |
principal.resource.resource_subtype |
|
principal.user.account_type |
Wenn der Wert des Logfelds access.principalSubject mit dem regulären Ausdruck serviceAccount übereinstimmt, wird das UDM-Feld principal.user.account_type auf SERVICE_ACCOUNT_TYPE gesetzt.Wenn der Wert des Logfelds access.principalSubject mit dem regulären Ausdruck user übereinstimmt, wird das UDM-Feld principal.user.account_type auf CLOUD_ACCOUNT_TYPE gesetzt. |
|
protoPayload.authorizationInfo.authorizationLoggingOptions.permissionType |
principal.user.attribute.permissions.description |
|
protoPayload.request.serviceAccounts[].scopes |
principal.user.attribute.permissions.name |
|
protoPayload.authorizationInfo.permission |
principal.user.attribute.permissions.name |
|
protoPayload.authorizationInfo.authorizationLoggingOptions.permissionType |
principal.user.attribute.permissions.type |
|
protoPayload.serviceData.policyDelta.bindingDeltas[].action |
principal.user.attribute.roles.description |
|
protoPayload.request.bindings.role |
principal.user.attribute.roles.name |
|
protoPayload.serviceData.policyDelta.bindingDeltas[].role |
principal.user.attribute.roles.name |
|
jsonPayload.location.principalEmployingEntity |
principal.user.company_name |
|
jsonPayload.location.principalOfficeCountry |
principal.user.office_address.country_or_region |
|
protoPayload.authenticationInfo.principalEmail |
principal.user.userid |
Wenn der Wert des Logfelds protoPayload.authenticationInfo.principalEmail nicht leer ist, wird userid_auth mithilfe eines Grok-Musters aus dem Logfeld protoPayload.authenticationInfo.principalEmail extrahiert und dem UDM-Feld principal.user.userid zugeordnet. |
protoPayload.metadata.event.eventName.parameter.value |
principal.user.userid |
Wenn der Wert des Logfelds protoPayload.metadata.event.eventName gleich CREATE_EMAIL_MONITOR oder CREATE_DATA_TRANSFER_REQUEST ist:
protoPayload.metadata.event.eventName.parameter.name gleich USER_EMAIL ist, wird userid mithilfe eines Grok-Musters aus dem Logfeld protoPayload.metadata.event.eventName.parameter.value extrahiert und dem UDM-Feld principal.user.userid zugeordnet. |
protoPayload.authenticationInfo.authoritySelector |
principal.user.userid |
Wenn der Wert des Logfelds protoPayload.authenticationInfo.authoritySelector nicht leer ist, wird userid_selector mithilfe eines Grok-Musters aus dem Logfeld protoPayload.authenticationInfo.authoritySelector extrahiert und dem UDM-Feld principal.user.userid zugeordnet. |
jsonPayload.actor.user |
principal.user.userid |
Wenn der Wert des Logfelds jsonPayload.actor.user nicht leer ist, wird userid_actor mithilfe eines Grok-Musters aus dem Logfeld jsonPayload.actor.user extrahiert und dem UDM-Feld principal.user.userid zugeordnet. |
protoPayload.authenticationInfo.principalEmail |
principal.user.email_addresses |
Wenn der Wert des Logfelds protoPayload.authenticationInfo.principalEmail nicht leer ist und der Wert des Logfelds protoPayload.authenticationInfo.principalEmail mit dem regulären Ausdruck .@. übereinstimmt, wird das Logfeld protoPayload.authenticationInfo.principalEmail dem UDM-Feld principal.user.email_addresses zugeordnet. |
protoPayload.metadata.event.eventName.parameter.value |
principal.user.email_addresses |
protoPayload.metadata.event.eventName.parameter.value wird principal.user.email_addresses zugeordnet, wenn die folgenden Bedingungen erfüllt sind:
|
protoPayload.authenticationInfo.authoritySelector |
principal.user.email_addresses |
Wenn der Wert des Logfelds protoPayload.authenticationInfo.authoritySelector nicht leer ist und der Wert des Logfelds protoPayload.authenticationInfo.authoritySelector mit dem regulären Ausdruck .@. übereinstimmt, wird das Logfeld protoPayload.authenticationInfo.authoritySelector dem UDM-Feld principal.user.email_addresses zugeordnet. |
jsonPayload.actor.user |
principal.user.email_addresses |
Wenn der Wert des Logfelds jsonPayload.actor.user nicht leer ist und der Wert des Logfelds jsonPayload.actor.user mit dem regulären Ausdruck .@. übereinstimmt, wird das Logfeld jsonPayload.actor.user dem UDM-Feld principal.user.email_addresses zugeordnet. |
protoPayload.metadata.event.eventName.parameter.name[login_challenge_status] |
security_result.action |
security_result.action wird auf ALLOW gesetzt, wenn die folgenden Bedingungen erfüllt sind:
security_result.action wird auf FAIL festgelegt, wenn die folgenden Bedingungen erfüllt sind:
|
protoPayload.metadata.event.eventName.parameter.name[ACTION_TYPE] |
security_result.action |
security_result.action wird auf ALLOW gesetzt, wenn die folgenden Bedingungen erfüllt sind:
security_result.action wird auf BLOCK festgelegt, wenn die folgenden Bedingungen erfüllt sind:
security_result.action wird auf ALLOW_WITH_MODIFICATION festgelegt, wenn die folgenden Bedingungen erfüllt sind:
security_result.action wird auf QUARANTINE festgelegt, wenn die folgenden Bedingungen erfüllt sind:
security_result.action wird auf QUARANTINE festgelegt, wenn die folgenden Bedingungen erfüllt sind:
|
security_result.action_details |
Wenn der Wert des Logfelds protoPayload.metadata.event.eventName gleich login_challenge oder login_verification ist und der Wert des Logfelds protoPayload.metadata.event.eventName.parameter.name gleich login_challenge_status ist, wird das Logfeld protoPayload.metadata.event.eventName.parameter.value dem UDM-Feld security_result.action_details zugeordnet.Wenn der Wert des Logfelds protoPayload.metadata.event.eventName gleich ACTION_CANCELLED oder ACTION_REQUESTED ist und der Wert des Logfelds protoPayload.metadata.event.eventName.parameter.name gleich ACTION_TYPE ist, wird das Logfeld protoPayload.metadata.event.eventName.parameter.value dem UDM-Feld security_result.action_details zugeordnet. |
|
protoPayload.metadata.event.eventName.parameter.name[is_suspicious] |
security_result.category |
Wenn der Wert des Logfelds protoPayload.metadata.event.eventName gleich login_success ist und der Wert des Logfelds protoPayload.metadata.event.eventName.parameter.name gleich is_suspicious ist, wird das UDM-Feld security_result.category auf NETWORK_SUSPICIOUS gesetzt, wenn der Wert des Logfelds protoPayload.metadata.event.eventName.parameter.value gleich True ist. |
logName |
security_result.category_details |
|
protoPayload.response.status |
security_result.description |
|
protoPayload.response.error.errors[].reason |
security_result.description |
|
protoPayload.metadata.tableCreation.reason |
security_result.description |
|
protoPayload.metadata.tableChange.reason |
security_result.description |
|
protoPayload.metadata.tableDeletion.reason |
security_result.description |
|
protoPayload.metadata.datasetCreation.reason |
security_result.description |
|
protoPayload.metadata.datasetDeletion.reason |
security_result.description |
|
protoPayload.policyViolationInfo.orgPolicyViolationInfo.violationInfo.errorMessage |
security_result.description |
|
protoPayload.status.message |
security_result.description |
|
protoPayload.request.status |
security_result.description |
|
jsonPayload.reason[].detail |
security_result.description |
|
protoPayload.response.status.state |
security_result.description |
|
protoPayload.response.status.conditions[].message |
security_result.description |
Wenn der Wert des Logfelds message mit dem regulären Ausdruck response.*status.*conditions.*message übereinstimmt, wird das Logfeld protoPayload.response.status.conditions.0.message dem UDM-Feld security_result.description zugeordnet. |
protoPayload.resourceOriginalState.priority |
security_result.priority_details |
|
protoPayload.request.priority |
security_result.priority_details |
|
protoPayload.serviceData.jobGetQueryResultsResponse.job.jobConfiguration.query.queryPriority |
security_result.priority_details |
|
protoPayload.metadata.vpcServiceControlsUniqueId |
security_result.rule_id |
|
protoPayload.request.body.settings.activationPolicy |
security_result.rule_name |
|
protoPayload.request.policy |
security_result.rule_name |
|
protoPayload.metadata.violationReason |
security_result.rule_name |
|
protoPayload.policyViolationInfo.orgPolicyViolationInfo.violationInfo.policyType |
security_result.rule_type |
|
protoPayload.metadata.dryRun |
security_result.rule_type |
|
severity |
security_result.severity |
|
security_result.severity_details |
<br class="ph-2 field <ph class="ph-2 Feld <br class="ph-2 field <ph class-2 field <ph class-2 field <ph class="ph-2 field <ph class-2, d <br class-2 Feld ist gleich <br class="ph-2"> <br class-2-d dseverityseverityseverityseverityseverityseverityCRITICALCRITICALsecurity_result.severitysecurity_result.severitysecurity_result.severitysecurity_result.severitysecurity_result.severitysecurity_result.severitysecurity_result.severityERRORERRORALERTEMERGENCYHIGHINFONOTICEINFORMATIONALDEBUGLOWWARNINGMEDIUMUNKNOWN_SEVERITY |
|
protoPayload.response.error.message |
security_result.summary |
|
protoPayload.response.error.errors[].message |
security_result.summary |
|
protoPayload.status.details.violations.description |
security_result.summary |
|
protoPayload.response.message |
security_result.summary |
|
protoPayload.request.description |
security_result.summary |
|
jsonPayload.reason[].type |
security_result.summary |
|
sourceLocation.file |
src.file.full_path |
|
protoPayload.serviceName |
target.application |
|
resource.labels.service |
target.application |
|
protoPayload.metadata.event.eventName.parameter.name[APPLICATION_NAME] |
target.application |
|
protoPayload.metadata.event.eventName.parameter.name[APP_NAME] |
target.application |
Wenn der Wert des Logfelds protoPayload.metadata.event.eventName.parameter.name1 gleich APP_NAME und der Wert des Logfelds protoPayload.metadata.event.eventName.parameter.name2 gleich APP_ID ist, wird das Logfeld protoPayload.metadata.event.eventName.parameter.name2 - protoPayload.metadata.event.eventName.parameter.name1 dem UDM-Feld target.application zugeordnet. |
protoPayload.metadata.event.eventName.parameter.name[APP_ID] |
target.application |
Wenn der Wert des Logfelds protoPayload.metadata.event.eventName.parameter.name1 gleich APP_NAME und der Wert des Logfelds protoPayload.metadata.event.eventName.parameter.name2 gleich APP_ID ist, wird das Logfeld protoPayload.metadata.event.eventName.parameter.name2 - protoPayload.metadata.event.eventName.parameter.name1 dem UDM-Feld target.application zugeordnet. |
protoPayload.metadata.event.eventName.parameter.name[SERVICE_NAME] |
target.application |
|
protoPayload.metadata.event.eventName.parameter.name[OAUTH2_SERVICE_NAME] |
target.application |
|
protoPayload.metadata.event.eventName.parameter.name[OAUTH2_APP_NAME] |
target.application |
Wenn der Wert des Logfelds protoPayload.metadata.event.eventName.parameter.name1 gleich OAUTH2_APP_NAME und der Wert des Logfelds protoPayload.metadata.event.eventName.parameter.name2 gleich OAUTH2_APP_ID ist, wird das Logfeld protoPayload.metadata.event.eventName.parameter.name2 - protoPayload.metadata.event.eventName.parameter.name1 dem UDM-Feld target.application zugeordnet. |
protoPayload.metadata.event.eventName.parameter.name[OAUTH2_APP_ID] |
target.application |
Wenn der Wert des Logfelds protoPayload.metadata.event.eventName.parameter.name1 gleich OAUTH2_APP_NAME und der Wert des Logfelds protoPayload.metadata.event.eventName.parameter.name2 gleich OAUTH2_APP_ID ist, wird das Logfeld protoPayload.metadata.event.eventName.parameter.name2 - protoPayload.metadata.event.eventName.parameter.name1 dem UDM-Feld target.application zugeordnet. |
protoPayload.metadata.event.eventName.parameter.name[REAUTH_APPLICATION, SITE_NAME] |
target.application |
|
jsonPayload.product |
target.application |
|
protoPayload.metadata.device_id |
target.asset.asset_id |
|
protoPayload.metadata.event.eventName.parameter.name[DEVICE_SERIAL_NUMBER] |
target.asset.hardware.serial_number |
|
protoPayload.metadata.event.eventName.parameter.name[PRINT_SERVER_NAME] |
target.asset.hostname |
|
protoPayload.metadata.event.eventName.parameter.name[PRINTER_NAME] |
target.asset.hostname |
|
protoPayload.request.instance |
target.asset.product_object_id |
Das Logfeld protoPayload.request.instance wird dem UDM-Feld target.asset.product_object_id zugeordnet, wenn der Indexwert in protoPayload.request.instance gleich 0 ist.Für jeden anderen Indexwert wird das UDM-Feld target.asset.labels.key auf request_instance gesetzt und das Logfeld protoPayload.request.instance dem UDM-Feld target.asset.labels.value zugeordnet. |
protoPayload.metadata.event.eventName.parameter.name[DEVICE_ID] |
target.asset.product_object_id |
|
protoPayload.metadata.event.eventName.parameter.name[COMPANY_DEVICE_ID] |
target.asset.product_object_id |
|
target.asset.type |
Wenn der Wert des Logfelds protoPayload.metadata.event.eventName.parameter.name gleich PRINTER_SERVER_NAME ist, wird das UDM-Feld target.asset.type auf SERVER gesetzt.Wenn der Wert des Logfelds protoPayload.metadata.event.eventName.parameter.name gleich PRINTER_NAME ist, wird das UDM-Feld target.asset.type auf PRINTER gesetzt.Wenn der Wert des Logfelds protoPayload.metadata.event.eventName.parameter.name gleich DEVICE_TYPE ist, wird das UDM-Feld target.asset.type auf ROLE_UNSPECIFIED gesetzt. |
|
protoPayload.metadata.event.eventName.parameter.name[SITE_LOCATION] |
target.file.full_path |
|
protoPayload.metadata.event.eventName.parameter.name[PERMISSION_GROUP_NAME] |
target.group.attribute.permissions.name |
|
protoPayload.metadata.event.eventName.parameter.name[GROUP_EMAIL] |
target.group.email_addresses |
|
protoPayload.metadata.event.eventName.parameter.name[DOMAIN_NAME] |
target.hostname |
|
jsonPayload.dest_instance.vm_name |
target.hostname |
|
protoPayload.requestMetadata.requestAttributes.host |
target.hostname |
|
httpRequest.remoteIp |
target.ip |
|
protoPayload.requestMetadata.destinationAttributes.ip |
target.ip |
|
protoPayload.metadata.event.eventName.parameter.name[EMAIL_LOG_SEARCH_SMTP_RECIPIENT_IP] |
target.ip |
|
protoPayload.request.ip |
target.ip |
|
jsonPayload.connection.dest_ip |
target.ip |
|
resource.labels.region |
target.location.country_or_region |
|
protoPayload.response.region |
target.location.country_or_region |
|
protoPayload.request.body.region |
target.location.country_or_region |
|
protoPayload.request.region |
target.location.country_or_region |
|
resource.labels.region |
target.location.country_or_region |
|
jsonPayload.dest_location.country |
target.location.country_or_region |
|
jsonPayload.dest_location.continent |
target.location.country_or_region |
|
resource.labels.location |
target.location.name |
|
protoPayload.resourceOriginalState.alloweds.ports |
target.port |
|
protoPayload.requestMetadata.destinationAttributes.port |
target.port |
|
jsonPayload.connection.dest_port |
target.port |
|
protoPayload.metadata.tableCreation.table.view.query |
target.process.command_line |
|
protoPayload.metadata.jobInsertion.job.jobConfig.queryConfig.query |
target.process.command_line |
|
protoPayload.serviceData.jobQueryRequest.query |
target.process.command_line |
|
protoPayload.serviceData.tableInsertResponse.resource.view.query |
target.process.command_line |
|
protoPayload.metadata.tableChange.jobName |
target.process.pid |
|
protoPayload.metadata.tableCreation.jobName |
target.process.pid |
|
protoPayload.request.networkInterfaces[].subnetwork |
target.resource_ancestors.name |
|
protoPayload.request.body.instanceUid |
target.resource_ancestors.product_object_id |
|
protoPayload.response.instanceUid |
target.resource_ancestors.product_object_id |
|
protoPayload.request.disk[].mode |
target.resource_ancestors.attributes.permission.name |
|
protoPayload.request.disk[].autoDelete |
target.resource_ancestors.attributes.permission.name |
|
protoPayload.response.project_id |
target.resource_ancestors.id |
|
protoPayload.response.targetProject |
target.resource_ancestors.name |
|
protoPayload.request.target |
target.resource_ancestors.name |
|
protoPayload.resourceName |
target.resource_ancestors.name |
Wenn der Wert des Logfelds protoPayload.methodName mit dem regulären Ausdruck (CreateServiceAccount, CreateWorkloadIdentityPool, CreateWorkloadIdentityPoolProvider, managedZones.create, changes.create, resourceRecordSets.create, responsePolicies.create, responsePolicyRules.create, policies.create, CreateRole, CreatePolicy, CreateServiceAccountKey, CreateWorkforcePool, CreateWorkforcePoolProvider) übereinstimmt, wird das Logfeld protoPayload.resourceName dem UDM-Feld target.resource_ancestors.name zugeordnet. |
protoPayload.resource.role_name |
target.resource_ancestors.name |
|
protoPayload.request.parent |
target.resource_ancestors.name |
|
protoPayload.request.disks[].deviceName |
target.resource_ancestors.name |
|
protoPayload.request.network |
target.resource_ancestors.name |
|
resource.labels.project_id |
target.cloud.project.name |
|
resource.labels.project_id |
target.resource_ancestors.name |
|
protoPayload.request.disk[].type |
target.resource_ancestors.resource_subtype |
Wenn der Wert des Logfelds protoPayload.request.cluster.subnetwork nicht leer ist, wird das UDM-Feld target.resource_ancestors.resource_subtype auf subnetwork gesetzt.Wenn der Wert des Logfelds protoPayload.request.cluster.network nicht leer ist, wird das UDM-Feld target.resource_ancestors.resource_subtype auf network gesetzt.Wenn der Wert des Logfelds protoPayload.request.cluster.nodePools.name nicht leer ist, wird das UDM-Feld target.resource_ancestors.resource_subtype auf nodepool gesetzt. |
resource.location |
target.resource.attribute.cloud.availability_zone |
|
resourceLocation.currentLocations |
target.resource.attribute.cloud.availability_zone |
|
resource.labels.zone |
target.resource.attribute.cloud.availability_zone |
|
protoPayload.request.body.settings.locationPreference.zone |
target.resource.attribute.cloud.availability_zone |
|
protoPayload.metadata.tableChange.table.createTime |
target.resource.attribute.creation_time |
|
protoPayload.metadata.tableCreation.table.createTime |
target.resource.attribute.creation_time |
|
protoPayload.resourceOriginalState.creationTimestamp |
target.resource.attribute.creation_time |
|
protoPayload.response.insertTime |
target.resource.attribute.creation_time |
|
protoPayload.metadata.tableChange.table.updateTime |
target.resource.attribute.last_update_time |
|
protoPayload.metadata.tableCreation.table.updateTime |
target.resource.attribute.last_update_time |
|
protoPayload.serviceData.policyDelta.auditConfigDeltas[].logType |
target.resource.attribute.permissions.type |
|
request.role.title |
target.resource.attribute.roles.name |
|
protoPayload.request.role.included_permissions[] |
target.resource.attributes.permission.name |
|
protoPayload.request.role.description |
target.resource.attributes.roles.description |
|
protoPayload.resource.labels.firewall_rule_id |
target.resource.id |
|
protoPayload.resourceName |
target.resource.name |
Wenn der Wert des Logfelds protoPayload.resourceName nicht leer ist, wird das Logfeld protoPayload.resourceName dem UDM-Feld target.resource.name zugeordnet. |
protoPayload.resource.labels.role_name |
target.resource.name |
Wenn der Wert des Logfelds protoPayload.methodName gleich google.iam.admin.v1.CreateRole ist, wird das Logfeld protoPayload.resource.labels.role_name dem UDM-Feld target.resource.name zugeordnet. |
protoPayload.resource.role_name |
target.resource.name |
|
protoPayload.request.service_account.display_name |
target.resource.name |
|
protoPayload.request.workloadIdentityPool.displayName |
target.resource.name |
|
protoPayload.request.name |
target.resource.name |
Wenn der Wert des Logfelds protoPayload.methodName gleich beta.compute.instances.insert ist, wird das Logfeld protoPayload.request.name dem UDM-Feld target.resource.name zugeordnet. |
protoPayload.request.cluster.name |
target.resource.name |
|
protoPayload.metadata.tableCreation.table.tableName |
target.resource.name |
|
protoPayload.metadata.datasetCreation.dataset.datasetName |
target.resource.name |
|
jsonPayload.accessApprovals[] |
target.resource.name |
|
jsonPayload.resource.name |
target.resource.name |
|
resource.labels.email_id |
target.resource.name |
Wenn der Wert des Logfelds resource.labels.email_id nicht leer ist, wird das Logfeld resource.labels.email_id dem UDM-Feld target.resource.name zugeordnet. |
protoPayload.request.accessLevel.title |
target.resource.name |
|
resource.discoveryName |
target.resource.name |
|
protoPayload.response.name |
target.resource.name |
|
protoPayload.request.name |
target.resource.name |
|
resource.labels.network_id |
target.resource.name |
|
request.cluster.name |
target.resource.name |
|
resource.labels.cluster_name |
target.resource.name |
|
protoPayload.metadata.tableChange.table.tableName |
target.resource.name |
|
resource.labels.function_name |
target.resource.name |
Wenn der Wert des Logfelds resource.type mit dem regulären Ausdruck cloud_function übereinstimmt, wird das Logfeld resource.labels.function_name dem UDM-Feld target.resource.name zugeordnet. |
resource.parent |
target.resource.parent |
|
resource.labels.bucket_name |
target.resource.parent |
Wenn der Wert des Logfelds resource.type gleich gcs_bucket ist, wird das Logfeld resource.labels.bucket_name dem UDM-Feld target.resource.parent zugeordnet. |
resource.labels.dataset_id |
target.resource.product_object_id |
|
resource.labels.instance_group_id |
target.resource.product_object_id |
|
resource.labels.subnetwork_id |
target.resource.product_object_id |
|
resource.labels.firewall_rule_id |
target.resource.product_object_id |
|
resource.labels.forwarding_rule_id |
target.resource.product_object_id |
|
resource.labels.network_id |
target.resource.product_object_id |
|
resource.labels.unique_id |
target.resource.product_object_id |
|
protoPayload.metadata.event.eventName.parameter.name[RESOURCE_IDENTIFIER] |
target.resource.product_object_id |
|
protoPayload.metadata.event.eventName.parameter.name[SHARED_DRIVE_ID] |
target.resource.product_object_id |
|
protoPayload.response.unique_id |
target.resource.product_object_id |
Wenn der Wert des Logfelds protoPayload.methodName mit dem regulären Ausdruck (CreateServiceAccount, CreateWorkloadIdentityPool, CreateWorkloadIdentityPoolProvider, managedZones.create, changes.create, resourceRecordSets.create, responsePolicies.create, responsePolicyRules.create, policies.create, CreateRole, CreatePolicy, CreateServiceAccountKey, CreateWorkforcePool, CreateWorkforcePoolProvider) übereinstimmt, wird das Logfeld protoPayload.response.unique_id dem UDM-Feld target.resource.product_object_Id zugeordnet. |
protoPayload.request.account_id |
target.resource.product_object_id |
|
protoPayload.request.role_id |
target.resource.product_object_id |
Wenn der Wert des Logfelds protoPayload.methodName gleich google.iam.admin.v1.CreateRole ist, wird das Logfeld protoPayload.request.role_id dem UDM-Feld target.resource.product_object_id zugeordnet. |
protoPayload.request.workloadIdentityPoolId |
target.resource.product_object_id |
|
jsonPayload.resource.id |
target.resource.product_object_id |
|
resource.labels.instance_id |
target.resource.product_object_id |
|
resource.data.uniqueId |
target.resource.product_object_id |
|
protoPayload.request.workloadIdentityPoolProviderId |
target.resource.product_object_id |
|
protoPayload.request.machineType |
target.resource.resource_subtype |
|
resource.type |
target.resource.resource_subtype |
|
target.resource.resource_type |
Wenn der Wert des Log-Felds resource.type mit dem regulären Ausdruck gce_(firewall or forwarding_rule) übereinstimmt. Das Feld „UDM/1“ ist auf target.resource.resource_type/1. Das Feld „UDM/“ ist auf „target.resource.resource_type1“ festgelegt. Das Feld „UDM/1“ ist dann auf „target.resource.resource_type1“. Das Feld „UDM/1“ ist auf „target.resource.resource_type“ {Das Feld „UDM/“ ist auf FIREWALL_RULE festgelegt.Das Feld „ resource.type“ entspricht dem regulären Ausdruck gce_(subnetwork or network). Das Feld „target.resource.resource_type“. Das Feld „Log-Feld“ ist target.resource.resource_type.resource.typeresource.typeresource.typeresource.typeresource.typeresource.typeresource.typeresource.typeresource.typeresource.typeresource.typetarget.resource.resource_typetarget.resource.resource_typetarget.resource.resource_typetarget.resource.resource_typetarget.resource.resource_typetarget.resource.resource_typetarget.resource.resource_typetarget.resource.resource_typeVPC_NETWORKdataprocCLUSTERCLUSTERk8s or gke_gce_backend_serviceBACKEND_SERVICE(gce_ or dns_query)VIRTUAL_MACHINEgcs_bucketSTORAGE_BUCKETbigqueryDATABASEDATABASEcloudsqlservice_accountSERVICE_ACCOUNTprojectCLOUD_PROJECTorganizationCLOUD_ORGANIZATIONcloud_functionFUNCTIONUNSPECIFIED |
|
protoPayload.response.targetLink |
target.url |
|
protoPayload.metadata.event.eventName.parameter.name[WEB_ADDRESS] |
target.url |
|
protoPayload.request.httpRequest.url |
target.url |
|
resource.discoveryDocumentUri |
target.url |
|
httpRequest.requestUrl |
target.url |
|
protoPayload.request.role.included_permissions[] |
target.user.attribute.permissions.name |
|
protoPayload.metadata.event.eventName.parameter.name[ROLE_ID] |
target.user.attribute.roles.description |
Wenn der Wert des Logfelds protoPayload.metadata.event.eventName.parameter.name gleich ROLE_ID ist, wird das Logfeld Role_ID - protoPayload.metadata.event.eventName.parameter.value dem UDM-Feld target.user.attribute.roles.description zugeordnet. |
protoPayload.response.bindings[].role |
target.user.attribute.roles.name |
|
protoPayload.metadata.event.eventName.parameter.name[ROLE_NAME] |
target.user.attribute.roles.name |
|
protoPayload.request.serviceAccounts[].email |
target.user.email_addresses |
|
protoPayload.metadata.event.eventName.parameter.value |
target.user.email_addresses |
Wenn der Wert des Logfelds protoPayload.metadata.event.eventName.parameter.value nicht leer ist und der Wert des Logfelds protoPayload.metadata.event.eventName gleich USER_EMAIL, EMAIL_MONITOR_DEST_EMAIL oder DESTINATION_USER_EMAIL ist, wird das Logfeld protoPayload.metadata.event.eventName.parameter.value dem UDM-Feld target.user.email_addresses zugeordnet. |
protoPayload.metadata.event.eventName.parameter.name[NEW_VALUE] |
target.user.first_name |
Wenn der Wert des Logfelds protoPayload.metadata.event.eventName gleich FIRST_NAME ist und der Wert des Logfelds protoPayload.metadata.event.eventName.parameter.name gleich NEW_VALUE ist, wird das Logfeld protoPayload.metadata.event.eventName.parameter.value dem UDM-Feld target.user.first_name zugeordnet. |
protoPayload.request.personIdentifier.canonicalPersonId |
target.user.group_identifiers |
|
protoPayload.metadata.event.eventName.parameter.name[NEW_VALUE] |
target.user.last_name |
Wenn der Wert des Logfelds protoPayload.metadata.event.eventName gleich LAST_NAME ist und der Wert des Logfelds protoPayload.metadata.event.eventName.parameter.name gleich NEW_VALUE ist, wird das Logfeld protoPayload.metadata.event.eventName.parameter.value dem UDM-Feld target.user.last_name zugeordnet. |
protoPayload.metadata.event.eventName.parameter.name[NEW_VALUE] |
target.user.user_display_name |
Wenn der Wert des Logfelds protoPayload.metadata.event.eventName gleich RENAME_USER ist und der Wert des Logfelds protoPayload.metadata.event.eventName.parameter.name gleich NEW_VALUE ist, wird das Logfeld protoPayload.metadata.event.eventName.parameter.value dem UDM-Feld target.user.user_display_name zugeordnet. |
protoPayload.authenticationInfo.principalEmail |
target.user.userid |
Wenn der Wert des Logfelds event_type gleich USER_LOGIN ist, wird das Logfeld protoPayload.authenticationInfo.principalEmail dem UDM-Feld target.user.userid zugeordnet. |
protoPayload.response.user |
target.user.userid |
|
protoPayload.metadata.event.eventName.parameter.name[USER_EMAIL] |
target.user.userid |
Wenn der Wert des Logfelds protoPayload.metadata.event.eventName gleich CREATE_EMAIL_MONITOR oder CREATE_DATA_TRANSFER_REQUEST ist und der Wert des Logfelds protoPayload.metadata.event.eventName.parameter.name gleich USER_EMAIL ist, wird das Logfeld protoPayload.metadata.event.eventName.parameter.value dem UDM-Feld principal.user.userid zugeordnet.Falls der Wert des Logfelds protoPayload.metadata.event.eventName.parameter.name hingegen gleich USER_EMAIL ist, wird das Logfeld protoPayload.metadata.event.eventName.parameter.value dem UDM-Feld target.user.userid zugeordnet. |
protoPayload.metadata.event.eventName.parameter.name[EMAIL_MONITOR_DEST_EMAIL] |
target.user.userid |
|
protoPayload.metadata.event.eventName.parameter.name[DESTINATION_USER_EMAIL] |
target.user.userid |
|
protoPayload.request.user |
target.user.userid |
|
protoPayload.serviceData.policyDelta.bindingDeltas[].member |
target.user.userid |
|
protoPayload.request.objects.db |
about.labels [database_name] (verworfen) |
|
jsonPayload.accesses[].methodName |
about.labels [methodName] (verworfen) |
|
protoPayload.request.objects.name |
about.labels [objects_name] (verworfen) |
|
protoPayload.metadata.event.eventName.parameter.name[API_CLIENT_NAME] |
about.labels[api_client_name] (verworfen) |
|
protoPayload.metadata.event.eventName.parameter.name[API_SCOPES] |
about.labels[api_scopes] (verworfen) |
|
protoPayload.metadata.event.eventName.parameter.name[BEGIN_DATE_TIME] |
about.labels[begin_date_time] (verworfen) |
|
protoPayload.metadata.event.eventName.parameter.name[BULK_UPLOAD_FAIL_USERS_NUMBER] |
about.labels[bulk_upload_fail_users_number] (verworfen) |
|
protoPayload.metadata.event.eventName.parameter.name[BULK_UPLOAD_TOTAL_USERS_NUMBER] |
about.labels[bulk_upload_total_users_number] (verworfen) |
|
protoPayload.metadata.event.eventName.parameter.name[CAA_ASSIGNMENTS_NEW] |
about.labels[caa_assignments_new] (verworfen) |
|
protoPayload.metadata.event.eventName.parameter.name[CAA_ASSIGNMENTS_OLD] |
about.labels[caa_assignments_old] (verworfen) |
|
protoPayload.metadata.event.eventName.parameter.name[CAA_ENFORCEMENT_ENDPOINTS_NEW] |
about.labels[caa_enforcement_endpoints_new] (verworfen) |
|
protoPayload.metadata.event.eventName.parameter.name[CAA_ENFORCEMENT_ENDPOINTS_OLD] |
about.labels[caa_enforcement_endpoints_old] (verworfen) |
|
protoPayload.requestMetadata.requestAttributes.size |
about.labels[caller_network_request_size] (verworfen) |
|
protoPayload.requestMetadata.requestAttributes.time |
about.labels[caller_network_request_time] (verworfen) |
|
protoPayload.requestMetadata.callerNetwork |
about.labels[caller_network] (verworfen) |
|
protoPayload.requestMetadata.requestAttributes.size |
principal.labels[caller_network_request_size] (verworfen) |
|
protoPayload.requestMetadata.requestAttributes.time |
principal.labels[request_attributes_time] (verworfen) |
|
protoPayload.requestMetadata.callerNetwork |
principal.labels[caller_network] (verworfen) |
|
protoPayload.metadata.event.eventName.parameter.name[CHROME_LICENSES_ENABLED] |
about.labels[chrome_licenses_enabled] (verworfen) |
|
protoPayload.metadata.event.eventName.parameter.name[END_DATE_TIME] |
about.labels[end_date_time] (verworfen) |
|
protoPayload.metadata.event.eventName.parameter.name[END_DATE] |
about.labels[end_date] (verworfen) |
|
protoType.metadata.event[].eventName |
about.labels[event_name] (verworfen) |
|
protoPayload.metadata.event.parameter[].label |
about.labels[event_param_label] (verworfen) |
|
protoPayload.metadata.event.parameter[].type |
about.labels[event_param_type] (verworfen) |
|
protoType.metadata.event[].eventType |
about.labels[event_type] (verworfen) |
|
protoPayload.metadata.event.eventName.parameter.name[FIELD_NAME] |
about.labels[field_name] (verworfen) |
|
protoPayload.metadata.event.eventName.parameter.name[FULL_ORG_UNIT_PATH] |
about.labels[full_org_unit_path] (verworfen) |
|
protoPayload.metadata.event.eventName.parameter.name[GROUP_MEMBER_BULK_UPLOAD_FAILED_NUMBER] |
about.labels[grp_member_bulk_upload_failed] (verworfen) |
|
protoPayload.metadata.event.eventName.parameter.name[GROUP_MEMBER_BULK_UPLOAD_TOTAL_NUMBER] |
about.labels[grp_member_bulk_upload_total] (verworfen) |
|
httpRequest.cacheFillBytes |
about.labels[httpreq_cache_fill_bytes] (verworfen) |
|
httpRequest.cacheHit |
about.labels[httpreq_cache_hit] (verworfen) |
|
httpRequest.cacheLookup |
about.labels[httpreq_cache_lookup] (verworfen) |
|
httpRequest.cacheValidatedWithOriginServer |
about.labels[httpreq_cache_validated_with_origin_server] (verworfen) |
|
httpRequest.latency |
about.labels[httprequest_latency] (verworfen) |
|
protoPayload.metadata.event.eventName.parameter.name[INFO_TYPE] |
about.labels[info_type] (verworfen) |
|
protoPayload.metadata.activityId.timeUsec |
about.labels[metadata_activityId_time_usec] (verworfen) |
|
protoPayload.metadata.activityId.uniqQualifier |
about.labels[metadata_activityId_uniq_qualifier] (verworfen) |
|
protoPayload.metadata.@type |
about.labels[metadata_type] (verworfen) |
|
protoPayload.metadata.event.eventName.parameter.name[NEW_PERMISSION_GRANT_STATE] |
about.labels[new_permission_grant_state] (verworfen) |
|
protoPayload.metadata.event.eventName.parameter.name[NUMBER_OF_COMPANY_OWNED_DEVICES] |
about.labels[num_of_company_owned_device] (verworfen) |
|
protoPayload.numResponseItems |
about.labels[num_response_items] (verworfen) |
|
protoPayload.metadata.event.eventName.parameter.name[OLD_PERMISSION_GRANT_STATE] |
about.labels[old_permission_grant_state] (verworfen) |
|
operation.first |
about.labels[operation_first] (verworfen) |
|
operation.id |
about.labels[operation_id] (verworfen) |
|
operation.last |
about.labels[operation_last] (verworfen) |
|
operation.producer |
about.labels[operation_producer] (verworfen) |
|
protoPayload.resourceOriginalState.selfLinkWithId |
about.labels[rc_old_selflinkWithId] (verworfen) |
|
protoPayload.metadata.event.eventName.parameter.name[REAUTH_SETTING_NEW] |
about.labels[reauth_setting_new] (verworfen) |
|
protoPayload.metadata.event.eventName.parameter.name[REAUTH_SETTING_OLD] |
about.labels[reauth_setting_old] (verworfen) |
|
protoPayload.request.alloweds[].ports |
about.labels[req_alloweds_ports] (verworfen) |
|
protoPayload.request.body.name |
about.labels[req_body_name] (verworfen) |
|
protoPayload.request.body.settings.activityPolicy |
about.labels[req_body_settings_activity_policy] (verworfen) |
|
protoPayload.request.deletionProtection |
about.labels[req_deletion_protection] (verworfen) |
|
protoPayload.request.disabled |
about.labels[req_disabled] (verworfen) |
|
protoPayload.request.displayDevice.enableDisplay |
about.labels[req_display_device_enable_display] (verworfen) |
|
protoPayload.request.enableFlowLogs |
about.labels[req_enable_flow_logs] (verworfen) |
|
protoPayload.request.fingerprint |
about.labels[req_fingerprint] (verworfen) |
|
protoPayload.request.shieldedInstanceConfig.enableSecureBoot |
about.labels[req_instance_config_enable_secure_boot] (verworfen) |
|
protoPayload.request.shieldedInstanceConfig.enableVtpm |
about.labels[req_instance_config_enable_vtpm] (verworfen) |
|
protoPayload.request.shieldedInstanceConfig.enableIntegrityMonitoring |
about.labels[req_instance_enable_integrity_monitoring] (verworfen) |
|
protoPayload.request.key_types[] |
about.labels[req_key_types] (verworfen) |
|
protoPayload.request.logconfig.enable |
about.labels[req_logconfig_enable] (verworfen) |
|
protoPayload.request.networkTier |
about.labels[req_network_tier] (verworfen) |
|
protoPayload.request.network |
about.labels[req_network] (verworfen) |
|
protoPayload.request.page_size |
about.labels[req_page_size] (verworfen) |
|
request.pagesize |
about.labels[req_page_size] (verworfen) |
|
protoPayload.request.policy.etag |
about.labels[req_policy_etag] (verworfen) |
|
protoPayload.request.portRange |
about.labels[req_port_range] (verworfen) |
|
protoPayload.request.privateIpGoogleAccess |
about.labels[req_private_ip_google_access] (verworfen) |
|
protoPayload.request.private_key_type |
about.labels[req_private_key_type] (verworfen) |
|
protoPayload.request.remove_deleted_service_accounts |
about.labels[req_remove_deleted_serviceAcc] (verworfen) |
|
protoPayload.request.showDeleted |
about.labels[req_show_deleted] (verworfen) |
|
protoPayload.request.skip_visibility_check |
about.labels[req_skip_visibility_check] (verworfen) |
|
protoPayload.request.stackType |
about.labels[req_stack_type] (verworfen) |
|
protoPayload.request.type |
about.labels[req_type] (verworfen) |
|
protoPayload.request.updateMask |
about.labels[req_update_mask] (verworfen) |
|
protoPayload.request.version |
about.labels[req_version] (verworfen) |
|
protoPayload.response.clientOperationId |
about.labels[res_client_operation_id] (verworfen) |
|
protoPayload.response.endTime |
about.labels[res_end_time] (verworfen) |
|
protoPayload.response.id |
about.labels[res_id] (verworfen) |
|
protoPayload.response.key_algorithm |
about.labels[res_key_algorithm] (verworfen) |
|
protoPayload.response.key_origin |
about.labels[res_key_origin] (verworfen) |
|
protoPayload.response.key_type |
about.labels[res_key_type] (verworfen) |
|
protoPayload.response.kind |
about.labels[res_kind] (verworfen) |
|
protoPayload.response.private_key_type |
about.labels[res_private_key_type] (verworfen) |
|
protoPayload.response.progress |
about.labels[res_progress] (verworfen) |
|
protoPayload.response.startTime |
about.labels[res_start_time] (verworfen) |
|
protoPayload.response.status |
about.labels[res_status] (verworfen) |
Wenn der Wert des Logfelds protoPayload.methodName gleich cloudsql.instances.create ist, wird das Logfeld protoPayload.response.status dem UDM-Feld security_result.description zugeordnet. |
protoPayload.response.type |
about.labels[res_type] (verworfen) |
|
protoPayload.response.unique_id |
about.labels[res_unique_id] (verworfen) |
Wenn der Wert des Logfelds protoPayload.methodName mit dem regulären Ausdruck (CreateServiceAccount, CreateWorkloadIdentityPool, CreateWorkloadIdentityPoolProvider, managedZones.create, changes.create, resourceRecordSets.create, responsePolicies.create, responsePolicyRules.create, policies.create, CreateRole, CreatePolicy, CreateServiceAccountKey, CreateWorkforcePool, CreateWorkforcePoolProvider) übereinstimmt, wird das Logfeld protoPayload.response.unique_id dem UDM-Feld target.resource.product_object_id zugeordnet. |
protoPayload.response.valid_after_time.seconds |
about.labels[res_valid_after_time] (verworfen) |
|
protoPayload.response.valid_before_time.seconds |
about.labels[res_valid_before_time] (verworfen) |
|
protoPayload.response.version |
about.labels[res_version] (verworfen) |
|
protoPayload.response.zone |
about.labels[res_zone] (verworfen) |
|
protoPayload.metadata.event.eventName.parameter.name[SEARCH_QUERY_FOR_DUMP] |
about.labels[search_query_for_dump] (verworfen) |
|
spanId |
about.labels[span_id] (verworfen) |
|
protoPayload.metadata.event.eventName.parameter.name[START_DATE] |
about.labels[start_date] (verworfen) |
|
traceSampled |
about.labels[trace_sampled] (verworfen) |
|
Trace |
about.labels[trace] (verworfen) |
|
protoPayload.@type |
about.labels[type] (verworfen) |
|
protoPayload.metadata.instanceMetadataDelta.addedMetadataKeys |
metadata.ingestion_labels [instance_metadata_key_added] |
|
protoPayload.metadata.instanceMetadataDelta.deletedMetadataKeys |
metadata.ingestion_labels [instance_metadata_key_deletion] |
|
protoPayload.metadata.instanceMetadataDelta.modifiedMetadataKeys |
metadata.ingestion_labels [instance_metadata_key_modification] |
|
protoPayload.metadata.projectMetadataDelta.addedMetadataKeys |
metadata.ingestion_labels [AddedMetadataKeys] |
|
protoPayload.metadata.projectMetadataDelta.deletedMetadataKeys |
metadata.ingestion_labels [DeletedMetadataKeys] |
|
protoPayload.metadata.projectMetadataDelta.modifiedMetadataKeys |
metadata.ingestion_labels [ModifiedMetadataKeys] |
|
protoPayload.redactions.reason |
principal.labels [protoPayload.redactions.field] (verworfen) |
|
protoPayload.redactions.type |
principal.labels [protoPayload.redactions.field] (verworfen) |
|
authenticationInfo.serviceAccountDelegationInfo.firstPartyPrincipal.serviceMetadata |
principal.labels [service_metadata] (verworfen) |
|
jsonPayload.sourceNetwork |
principal.labels [source_network] (verworfen) |
|
authenticationInfo.serviceAccountDelegationInfo.thirdPartyPrincipal.thirdPartyClaims |
principal.labels [third_party_claims] (verworfen) |
|
protoPayload.requestMetadata.requestAttributes.time |
principal.labels[caller_network_request_time] (verworfen) |
|
protoPayload.request.description |
principal.labels[req_description] (verworfen) |
|
protoPayload.request.ipCidrRange |
principal.labels[req_ip_cidr_range] (verworfen) |
|
protoPayload.request.sourceRanges[] |
principal.labels[req_source_ranges] (verworfen) |
|
protoPayload.requestMetadata.requestAttributes.reason |
principal.labels[request_attributes_reason] (verworfen) |
|
protoPayload.authenticationInfo.thirdPartyPrincipal |
principal.labels[third_party_principal] (verworfen) |
|
protoPayload.authenticationInfo.principalSubject |
principal.user.userid |
Wenn der Wert des Logfelds protoPayload.authenticationInfo.principalSubject nicht leer ist, wird new_user_id mithilfe eines Grok-Musters aus dem Logfeld protoPayload.authenticationInfo.principalSubject extrahiert und dem UDM-Feld principal.user.userid zugeordnet. |
protoPayload.authenticationInfo.serviceAccountDelegationInfo.principalSubject |
principal.user.attribute.labels[access_serviceAcc_principalSubject] |
|
protoPayload.response.oauth2_client_id |
principal.user.attribute.labels[response_oauth2_client_id] |
|
protoPayload.authorizationInfo.resourceAttributes.service |
principal.resource.attribute.labels[authorization_info_rcService] |
|
protoPayload.authorizationInfo.granted |
principal.user.attributes.labels[authorization_granted] |
|
protoPayload.request.cryptoKey.versionTemplate.algorithm |
security_result.detection_fields [algorithm] |
|
protoPayload.response.details[].@type |
security_result.detection_fields [details_type] |
|
protoPayload.request.cryptoKey.nextRotationTime |
security_result.detection_fields [next_rotation_time] |
|
protoPayload.request.cryptoKey.versionTemplate.protectionLevel |
security_result.detection_fields [protection_level] |
|
protoPayload.request.body.settings.ipConfiguration.authorizedNetworks.value |
security_result.detection_fields [protoPayload.request.body.settings.ipConfiguration.authorizedNetworks.kind] |
|
protoPayload.request.cryptoKey.purpose |
security_result.detection_fields [purpose] |
|
protoPayload.resourceName |
security_result.detection_fields [resource_name] |
|
protoPayload.authorizationInfo.resource |
security_result.detection_fields [resource] |
|
protoPayload.response.code |
security_result.detection_fields [response_code] |
|
protoPayload.request.cryptoKey.rotationPeriod |
security_result.detection_fields [rotation_period] |
|
protoPayload.metadata.securityPolicyInfo.organizationId |
security_result.detection_fields [securityPolicyInfo.organizationId] |
|
protoPayload.request.serviceAccounts[].scopes |
security_result.detection_fields [service_account_scope] |
|
protoPayload.response.details[].violations[].subject |
security_result.detection_fields [violation_subject] |
|
protoPayload.response.details[].violations[].type |
security_result.detection_fields [violation_type] |
|
protoPayload.metadata.event.eventName.parameter.name[ACTION_ID] |
security_result.detection_fields[action_id] |
|
protoPayload.serviceData.policyDelta.auditConfigDeltas[].action |
security_result.detection_fields[action] |
|
protoPayload.metadata.event.eventName.parameter.name[ALERT_NAME] |
security_result.detection_fields[alert_name] |
|
protoPayload.metadata.event.eventName.parameter.name[ALLOWED_TWO_STEP_VERIFICATION_METHOD] |
security_result.detection_fields[allowed_two_step_verification_method] |
|
protoPayload.requestMetadata.callerNetwork.requestAttributes.reason |
security_result.detection_fields[caller_network_request_reason] |
|
protoPayload.metadata.event.eventName.parameter.name[is_second_factor] |
security_result.detection_fields[is_second_factor] |
Wenn der Wert des Logfelds protoPayload.metadata.event.eventName gleich login_verification ist und der Wert des Logfelds protoPayload.metadata.event.eventName.parameter.name gleich is_second_factor ist, wird das Logfeld protoPayload.metadata.event.eventName.parameter.value dem UDM-Feld security_result.detection_fields.value zugeordnet. |
protoPayload.metadata.event.eventName.parameter.name[is_suspicious] |
security_result.detection_fields[is_suspicious] |
Wenn der Wert des Logfelds protoPayload.metadata.event.eventName gleich login_success ist und der Wert des Logfelds protoPayload.metadata.event.eventName.parameter.name gleich is_suspicious ist, wird das Logfeld protoPayload.metadata.event.eventName.parameter.value dem UDM-Feld security_result.detection_fields.value zugeordnet. |
protoPayload.metadata.event.eventName.parameter.name[login_failure_type] |
security_result.detection_fields[login_failure_type] |
Wenn der Wert des Logfelds protoPayload.metadata.event.eventName gleich login_failure ist und der Wert des Logfelds protoPayload.metadata.event.eventName.parameter.name gleich login_failure_type ist, wird das Logfeld protoPayload.metadata.event.eventName.parameter.value dem UDM-Feld security_result.detection_fields.value zugeordnet. |
protoPayload.metadata.event.eventName.parameter.name[login_type] |
security_result.detection_fields[login_type] |
Wenn der Wert des Logfelds protoPayload.metadata.event.eventName gleich login_failure oder login_challenge, login_verification oder login_success oder logout ist und der Wert des Logfelds protoPayload.metadata.event.eventName.parameter.name gleich login_type ist, wird das Logfeld protoPayload.metadata.event.eventName.parameter.value dem UDM-Feld about.labels.value zugeordnet. |
protoPayload.request.bindings.members[] |
security_result.detection_fields[members] |
|
protoPayload.policyViolationInfo.orgPolicyViolationInfo.violationInfo.checkedValue |
security_result.detection_fields[policy_violation_checked_value] |
|
protoPayload.policyViolationInfo.orgPolicyViolationInfo.violationInfo.constraint |
security_result.detection_fields[policy_violation_constraint] |
|
protoPayload.policyViolationInfo.orgPolicyViolationInfo.resourceTags |
security_result.detection_fields[policy_violation_resource_tags] |
|
protoPayload.policyViolationInfo.orgPolicyViolationInfo.resourceType |
security_result.detection_fields[policy_violation_resource_type] |
|
protoPayload.metadata.event.eventName.parameter.name[QUARANTINE_NAME] |
security_result.detection_fields[quarantine_name] |
|
protoPayload.resourceOriginalState.logconfig.enable |
security_result.detection_fields[rc_orgState_logconfig_enable] |
|
protoPayload.request.alloweds[].ports |
security_result.detection_fields[req_alloweds_ports] |
|
protoPayload.response.error.errors[].domain |
security_result.detection_fields[res_error_domain] |
|
protoPayload.resourceOriginalState.direction |
security_result.detection_fields[resource_original_state_direction] |
|
protoPayload.authenticationInfo.serviceAccountKeyName |
security_result.detection_fields[service_account_key_name] |
|
Referred this from Default parser. |
security_result.detection_fields[SERVICE] |
|
protoPayload.status.details.type |
security_result.detection_fields[status_details_type] |
|
protoPayload.status.details.violations.subject |
security_result.detection_fields[status_details_violation_subject] |
|
protoPayload.status.details.violations.type |
security_result.detection_fields[status_details_violation_type] |
|
sourceLocation.function |
src.labels[src_location_function] |
|
sourceLocation.line |
src.labels[src_location_line] |
|
protoPayload.metadata.event.eventName.parameter.name[DEVICE_NEW_STATE] |
target.asset.attribute.labels[dvc_new_state] |
|
protoPayload.metadata.event.eventName.parameter.name[DEVICE_PREVIOUS_STATE] |
target.asset.attribute.labels[dvc_previous_state] |
|
protoPayload.metadata.event.eventName.parameter.name[DEVICE_TYPE] |
target.asset.attribute.labels[dvc_type] |
|
protoPayload.metadata.event.eventName.parameter.name[MANAGED_CONFIGURATION_NAME] |
target.asset.attribute.labels[managed_config_name] |
|
protoPayload.metadata.event.eventName.parameter.name[MOBILE_APP_PACKAGE_ID] |
target.asset.attribute.labels[mobile_app_package_id] |
|
protoPayload.metadata.event.eventName.parameter.name[MOBILE_CERTIFICATE_COMMON_NAME] |
target.asset.attribute.labels[mobile_certificate_common_name] |
|
protoPayload.metadata.event.eventName.parameter.name[MOBILE_WIRELESS_NETWORK_NAME] |
target.asset.attribute.labels[mobile_wireless_network_name] |
|
protoPayload.metadata.event.eventName.parameter.name[PLAY_FOR_WORK_MDM_VENDOR_NAME] |
target.asset.attribute.labels[play_for_work_mdm_vendor_name] |
|
protoPayload.metadata.event.eventName.parameter.name[PLAY_FOR_WORK_TOKEN_ID] |
target.asset.attribute.labels[play_for_work_token_id] |
|
resource.labels.instance_id |
target.asset.attribute.labels[rc_instance_id] |
|
protoPayload.metadata.event.eventName.parameter.name[SKU_NAME] |
target.asset.attribute.labels[sku_name] |
|
protoPayload.response.targetId |
target.asset.attribute.labels[target_id] |
Wenn der Wert des Logfelds protoPayload.methodName nicht gleich cloudsql.instances.create ist, wird das Logfeld protoPayload.response.targetId dem UDM-Feld target.asset.attribute.labels.value zugeordnet. |
resource.labels.backend_service_name |
target.labels [backend_service_name] (verworfen) |
|
protoPayload.requestMetadata.requestAttributes.auth.claims |
target.labels [request_auth_claims] (verworfen) |
|
protoPayload.metadata.event.eventName.parameter.name[APPLICATION_EDITION] |
target.labels[application_edition] (verworfen) |
|
protoPayload.metadata.event.eventName.parameter.name[ASP_ID] |
target.labels[asp_id] (verworfen) |
|
protoPayload.metadata.event.eventName.parameter.name[CHROME_OS_SESSION_TYPE] |
target.labels[chrome_os_session_type] (verworfen) |
|
protoPayload.metadata.event.eventName.parameter.name[DEVICE_NEW_ORG_UNIT] |
target.labels[device_new_org_unit] (verworfen) |
|
protoPayload.metadata.event.eventName.parameter.name[DEVICE_PREVIOUS_ORG_UNIT] |
target.labels[device_previous_org_unit] (verworfen) |
|
protoPayload.metadata.event.eventName.parameter.name[DOMAIN_ALIAS] |
target.labels[domain_alias] (verworfen) |
|
protoPayload.metadata.event.eventName.parameter.name[EMAIL_EXPORT_INCLUDE_DELETED] |
target.labels[email_export_include_deleted] (verworfen) |
|
protoPayload.metadata.event.eventName.parameter.name[EMAIL_EXPORT_PACKAGE_CONTENT] |
target.labels[email_export_package_content] (verworfen) |
|
protoPayload.metadata.event.eventName.parameter.name[EMAIL_LOG_SEARCH_END_DATE] |
target.labels[email_log_search_end_date] (verworfen) |
|
protoPayload.metadata.event.eventName.parameter.name[EMAIL_LOG_SEARCH_START_DATE] |
target.labels[email_log_search_start_date] (verworfen) |
|
protoPayload.metadata.event.eventName.parameter.name[EMAIL_MONITOR_LEVEL_CHAT] |
target.labels[email_monitor_level_chat] (verworfen) |
|
protoPayload.metadata.event.eventName.parameter.name[EMAIL_MONITOR_LEVEL_DRAFT_EMAIL] |
target.labels[email_monitor_level_draft_email] (verworfen) |
|
protoPayload.metadata.event.eventName.parameter.name[EMAIL_MONITOR_LEVEL_INCOMING_EMAIL] |
target.labels[email_monitor_level_in_email] (verworfen) |
|
protoPayload.metadata.event.eventName.parameter.name[EMAIL_MONITOR_LEVEL_OUTGOING_EMAIL] |
target.labels[email_monitor_level_out_email] (verworfen) |
|
protoPayload.metadata.event.eventName.parameter.name[GMAIL_RESET_REASON] |
target.labels[email_reset_reason] (verworfen) |
|
protoPayload.metadata.event.eventName.parameter.name[NEW_VALUE] |
target.labels[new_value] (verworfen) |
|
protoPayload.metadata.event.eventName.parameter.name[OAUTH2_APP_TYPE] |
target.labels[oauth2_app_type] (verworfen) |
|
protoPayload.metadata.event.eventName.parameter.name[OLD_VALUE] |
target.labels[old_value] (verworfen) |
|
protoPayload.requestMetadata.destinationAttributes.principal |
target.labels[peer_principal] (verworfen) |
|
protoPayload.requestMetadata.destinationAttributes.regionCode |
target.labels[peer_region_code] (verworfen) |
|
protoPayload.request.loadBalancingScheme |
target.labels[req_load_balancing_scheme] (verworfen) |
|
protoPayload.request.requestId |
target.labels[request_id] (verworfen) |
|
protoPayload.metadata.event.eventName.parameter.name[REQUEST_ID] |
target.labels[request_id] (verworfen) |
|
protoPayload.resourceOriginalState.description |
target.labels[res_originalState_description] (verworfen) |
|
protoPayload.response.bindings[].members[] |
target.labels[response_bindings_members] (verworfen) |
|
protoPayload.response.description |
target.labels[response_description] (verworfen) |
|
protoPayload.response.display_name |
target.labels[response_display_name] (verworfen) |
|
protoPayload.metadata.event.eventName.parameter.name[SECONDARY_DOMAIN_NAME] |
target.labels[secondary_domain_name] (verworfen) |
|
protoPayload.metadata.event.eventName.parameter.name[SETTING_NAME] |
target.labels[setting_name] (verworfen) |
|
protoPayload.metadata.event.eventName.parameter.name[USER_CUSTOM_FIELD] |
target.labels[user_custom_field] (verworfen) |
|
protoPayload.metadata.event.eventName.parameter.name[USER_DEFINED_SETTING_NAME] |
target.labels[user_defined_setting_name] (verworfen) |
|
protoPayload.metadata.event.eventName.parameter.name[WEB_ORIGIN] |
target.labels[web_origin] (verworfen) |
|
protoPayload.metadata.event.eventName.parameter.name[WHITELISTED_GROUPS] |
target.labels[whitelisted_groups] (verworfen) |
|
protoPayload.metadata.event.eventName.parameter.name[APP_LICENSES_ORDER_NUMBER] |
target.asset.labels[app_licenses_order_number] |
|
protoPayload.metadata.event.eventName.parameter.name[CHROME_NUM_LICENSES_PURCHASED] |
target.asset.labels[chrome_num_licenses_purchased] |
|
protoPayload.metadata.event.eventName.parameter.name[DEVICE_COMMAND_DETAILS] |
target.asset.labels[device_command_details] |
|
protoPayload.metadata.event.eventName.parameter.name[DIRECTORY_API_ID] |
target.asset.labels[directory_api_id] |
|
protoPayload.metadata.event.eventName.parameter.name[GROUP_PRIORITIES] |
target.group.attribute.labels[group_priorities] |
|
protoPayload.request.cluster.subnetwork |
target.resource_ancestor.attribute.labels[req_cls_subnetwork] |
|
protoPayload.request.cluster.nodePools[].autoscaling.enabled |
target.resource_ancestor.attribute.labels[req_clsNodePools_autoscaling_enabled] |
|
protoPayload.request.cluster.nodePools[].autoscaling.maxNodeCount |
target.resource_ancestor.attribute.labels[req_clsNodePools_autoscaling_max_node_cnt] |
|
protoPayload.request.cluster.nodePools[].autoscaling.minNodeCount |
target.resource_ancestor.attribute.labels[req_clsNodePools_autoscaling_min_node_cnt] |
|
protoPayload.request.cluster.nodePools[].management.autoupgrade |
target.resource_ancestor.attribute.labels[req_clsNodePools_autoupgrade] |
|
protoPayload.request.cluster.nodePools[].config.diskSizeGb |
target.resource_ancestor.attribute.labels[req_clsNodePools_config_disksize] |
|
protoPayload.request.cluster.nodePools[].config.imageType |
target.resource_ancestor.attribute.labels[req_clsNodePools_config_imagetype] |
|
protoPayload.request.cluster.nodePools[].config.machineType |
target.resource_ancestor.attribute.labels[req_clsNodePools_config_machinetype] |
|
protoPayload.request.cluster.nodePools[].config.oauthScopes[] |
target.resource_ancestor.attribute.labels[req_clsNodePools_config_oauth_scopes] |
|
protoPayload.request.cluster.nodePools[].name |
target.resource_ancestor.attribute.labels[req_clsNodePools_name] |
|
protoPayload.request.cluster.nodePools[].initialNodeCount |
target.resource_ancestor.attribute.labels[req_clsterNodePools_autoscaling_initial_node_cnt] |
|
resource.data.oauth2ClientId |
target.resource.attribute.labels [oauth_client_id] |
|
protoPayload.request.properties.confidentialInstanceConfig.enableConfidentialCompute |
target.resource.attribute.labels [ enable_confidential_compute] |
|
protoPayload.request.function.timeout |
target.resource.attribute.labels [ function_time_out] |
|
protoPayload.requestMetadata.requestAttributes.auth.accessLevels |
target.resource.attribute.labels [accessLevel] |
|
protoPayload.request.date |
target.resource.attribute.labels [audit_event_occurred] |
|
protoPayload.request.auditId |
target.resource.attribute.labels [audit_id] |
|
protoPayload.request.autoscalingPolicy.mode |
target.resource.attribute.labels [autoscaling_policy_mode] |
|
protoPayload.request.autoscalingPolicy.coolDownPeriodSec |
target.resource.attribute.labels [cool_down_period] |
|
protoPayload.request.denieds.0.IPProtocol |
target.resource.attribute.labels [Denied Protocol] |
|
protoPayload.request.destinationRanges |
target.resource.attribute.labels [destination_ranges] |
|
protoPayload.request.function.entryPoint |
target.resource.attribute.labels [function_entry_point] |
|
protoPayload.request.function.httpsTrigger.securityLevel |
target.resource.attribute.labels [function_httptrigger_security_level] |
|
protoPayload.request.function.runtime |
target.resource.attribute.labels [function_runtime] |
|
protoPayload.request.function.serviceAccountEmail |
target.resource.attribute.labels [function_service_account_email] |
|
protoPayload.request.function.sourceUploadUrl |
target.resource.attribute.labels [function_source_upload_url] |
|
protoPayload.metadata.iapEnabled |
target.resource.attribute.labels [iapEnabled] |
|
protoPayload.request.listManagedInstancesResults |
target.resource.attribute.labels [managed_instances_result] |
|
protoPayload.request.autoscalingPolicy.maxNumReplicas |
target.resource.attribute.labels [max_replicas] |
|
protoPayload.request.autoscalingPolicy.minNumReplicas |
target.resource.attribute.labels [min_replicas] |
|
protoPayload.request.msgType |
target.resource.attribute.labels [msg_type] |
|
protoPayload.metadata.oauth_client_id |
target.resource.attribute.labels [oauth_client_id] |
|
protoPayload.request.autoscalingPolicy.cpuUtilization.predictiveMethod |
target.resource.attribute.labels [predictive_method] |
|
protoPayload.request.labels.0.value |
target.resource.attribute.labels [protoPayload.request.labels.0.key] |
|
protoPayload.request.queryId |
target.resource.attribute.labels [query_id] |
|
protoPayload.request.constraint |
target.resource.attribute.labels [request_constraint] |
|
protoPayload.request.dataAccessed |
target.resource.attribute.labels [request_data_accessed] |
|
protoPayload.request.function.labels.deployment-tool |
target.resource.attribute.labels [request_deployment_tool] |
|
protoPayload.request.properties.description |
target.resource.attribute.labels [request_description] |
|
protoPayload.request.function.name |
target.resource.attribute.labels [request_function_name] |
|
protoPayload.request.location |
target.resource.attribute.labels [request_location] |
|
protoPayload.request.policy.constraint |
target.resource.attribute.labels [request_policy_constraint] |
|
protoPayload.request.@type |
target.resource.attribute.labels [request_type] |
|
protoPayload.request.cmd |
target.resource.attribute.labels [sql_operation_type ] |
|
protoPayload.request.threadId |
target.resource.attribute.labels [thread_id] |
|
protoPayload.metadata.unsatisfied_access_levels |
target.resource.attribute.labels [unsatisfied_access_levels] |
|
protoPayload.request.autoscalingPolicy.cpuUtilization.utilizationTarget |
target.resource.attribute.labels [utilization_target] |
|
protoPayload.request.body.settings.backupConfiguration.binaryLogEnabled |
target.resource.attribute.labels[backup_config_binarylog_enabled] |
|
protoPayload.request.body.settings.backupConfiguration.enabled |
target.resource.attribute.labels[backup_config_enabled] |
|
protoPayload.request.body.settings.backupConfiguration.transactionLogRetentionDays |
target.resource.attribute.labels[backup_config_logRetention_days] |
|
protoPayload.request.body.settings.backupConfiguration.pointInTimeRecoveryEnabled |
target.resource.attribute.labels[backup_config_point_in_time_recovery_enabled] |
|
protoPayload.request.body.settings.backupConfiguration.backupRetentionSettings.retainedBackups |
target.resource.attribute.labels[backup_config_retention_settings_retained_backups] |
|
protoPayload.request.body.settings.backupConfiguration.backupRetentionSettings.retentionUnit |
target.resource.attribute.labels[backup_config_retention_settings_unit] |
|
protoPayload.request.body.settings.backupConfiguration.startTime |
target.resource.attribute.labels[backup_config_start_time] |
|
protoPayload.request.canIpForward |
target.resource.attribute.labels[can_ip_forward] |
|
resource.labels.cluster_name |
target.resource.attribute.labels[cls_name] |
|
request.cluster.name |
target.resource.attribute.labels[cls_name] |
|
protoPayload.request.body.settings.dataDiskSizeGb |
target.resource.attribute.labels[data_disk_size_gb] |
|
protoPayload.request.body.settings.dataDiskType |
target.resource.attribute.labels[data_disk_type] |
|
protoPayload.metadata.tableDataRead.fields |
target.resource.attribute.labels[data_read_fields] |
|
protoPayload.metadata.jobInsertion.job.jobConfig.extractConfig.destinationUris[] |
target.resource.attribute.labels[destination_uris] |
|
protoPayload.request.direction |
target.resource.attribute.labels[direction] |
|
resource.labels.email_id |
target.resource.attribute.labels[email_id] |
|
resource.email_id |
target.resource.attribute.labels[email_id] |
|
resource.labels.forwarding_rule_name |
target.resource.attribute.labels[forwarding_rule_name] |
|
protoPayload.request.body.settings.ipConfiguration.ipv4Enabled |
target.resource.attribute.labels[ip_config_ipv4_enabled] |
|
protoPayload.request.body.settings.ipconfiguration.privatNetwork |
target.resource.attribute.labels[ip_config_private_network] |
|
protoPayload.request.body.settings.ipconfiguration.requireSsl |
target.resource.attribute.labels[ip_config_require_ssl] |
|
protoPayload.metadata.jobChange.job.jobConfig.type |
target.resource.attribute.labels[job_type] |
|
protoPayload.metadata.tableChange.table.tableName |
target.resource.attribute.labels[metadata_changedTable_name] |
|
protoPayload.metadata.tableCreation.table.expireTime |
target.resource.attribute.labels[metadata_creationTable_expire_time] |
|
protoPayload.request.body.settings.pricingPlan |
target.resource.attribute.labels[pricing_plan] |
|
resource.data.projectId |
target.resource.attribute.labels[projectId] |
|
resource.labels.instance_group_name |
target.resource.attribute.labels[rc_instance_groupName] |
|
resource.labels.method |
target.resource.attribute.labels[rc_method] |
|
protoPayload.resourceOriginalState.disabled |
target.resource.attribute.labels[rc_orgState_disabled] |
|
protoPayload.resourceOriginalState.enableLogging |
target.resource.attribute.labels[rc_orgState_enable_logging] |
|
protoPayload.resourceOriginalState.logconfig.enable |
target.resource.attribute.labels[rc_orgState_logconfig_enable] |
|
protoPayload.resourceOriginalState.selfLink |
target.resource.attribute.labels[rc_orgState_selflink] |
|
protoPayload.resourceOriginalState.sourceRanges |
target.resource.attribute.labels[rc_orgState_srcranges] |
|
protoPayload.resourceOriginalState.targetTags |
target.resource.attribute.labels[rc_orgState_target_tags] |
|
protoPayload.resourceOriginalState.@type |
target.resource.attribute.labels[rc_orgState_type] |
|
resource.labels.service |
target.resource.attribute.labels[rc_service] |
|
resource.labels.subnetwork_name |
target.resource.attribute.labels[rc_subnetwork_name] |
|
resource.labels.version |
target.resource.attribute.labels[rc_version] |
|
protoPayload.request.body.databaseVersion |
target.resource.attribute.labels[req_body_dbVersion] |
|
protoPayload.request.cluster.releaseChannel.channel |
target.resource.attribute.labels[req_cls_channel] |
|
protoPayload.request.cluster.addonsConfig.networkPolicyConfig.disabled |
target.resource.attribute.labels[req_cls_policy_config_disabled] |
|
protoPayload.request.reservationAffinity.consumeReservationType |
target.resource.attribute.labels[req_consumeReservation_type] |
|
protoPayload.request.disabled |
target.resource.attribute.labels[req_disabled] |
|
protoPayload.request.disks[].boot |
target.resource.attribute.labels[req_disk_boot] |
|
protoPayload.request.disks[].initializeParams.diskSizeGb |
target.resource.attribute.labels[req_disk_initialize_disk_size] |
|
protoPayload.request.disks[].initializeParams.diskType |
target.resource.attribute.labels[req_disk_initialize_disk_type] |
|
protoPayload.request.disks[].initializeParams.sourceImage |
target.resource.attribute.labels[req_disk_initialize_source_image] |
|
protoPayload.request.workloadIdentityPoolProvider.attributeCondition |
target.resource.attribute.labels[req_identityPool_attribute_condition] |
|
protoPayload.request.workloadIdentityPoolProvider.aws.accountId |
target.resource.attribute.labels[req_identityPool_aws_accountId] |
|
protoPayload.request.workloadIdentityPoolProvider.attributeMapping.attribute.aws_role |
target.resource.attribute.labels[req_identityPool_aws_role] |
|
protoPayload.request.workloadIdentityPool.description |
target.resource.attribute.labels[req_identityPool_description] |
|
protoPayload.request.workloadIdentityPool.disabled |
target.resource.attribute.labels[req_identityPool_disabled] |
|
protoPayload.request.workloadIdentityPoolProvider.displayName |
target.resource.attribute.labels[req_identityPool_displayName] |
|
protoPayload.request.workloadIdentityPoolProvider.attributeMapping.google.subject |
target.resource.attribute.labels[req_identityPool_googleSubject] |
|
protoPayload.request.workloadIdentityPoolProvider.disabled |
target.resource.attribute.labels[req_identityPool_provider_disabled] |
|
protoPayload.request.workloadIdentityPoolProviderId |
target.resource.attribute.labels[req_identityPool_providerId] |
|
protoPayload.request.instances[].instance |
target.resource.attribute.labels[req_instance] |
|
protoPayload.request.logconfig.enable |
target.resource.attribute.labels[req_logconfig_enable] |
|
protoPayload.serviceData.tabelDataListRequest.maxResults |
target.resource.attribute.labels[req_max_results] |
|
protoPayload.serviceData.jobGetQueryResultsRequest.maxResults |
target.resource.attribute.labels[req_max_results] |
|
protoPayload.request.maxResults |
target.resource.attribute.labels[req_max_results] |
|
protoPayload.request.name |
target.resource.attribute.labels[req_name] |
|
protoPayload.request.networkInterfaces[].accessConfig.name |
target.resource.attribute.labels[req_network_access_config_name] |
|
protoPayload.request.networkInterfaces[].accessConfig.networkTier |
target.resource.attribute.labels[req_network_access_config_network_tier] |
|
protoPayload.request.networkInterfaces[].accessConfig.type |
target.resource.attribute.labels[req_network_access_config_type] |
|
protoPayload.request.network |
target.resource.attribute.labels[req_network] |
|
protoPayload.request.network |
target.resource.attribute.labels[req_network] |
|
protoPayload.request.priority |
target.resource.attribute.labels[Request Priority] |
|
protoPayload.request.project |
target.resource.attribute.labels[req_project] |
|
protoPayload.request.role.stage |
target.resource.attribute.labels[req_role_stage] |
|
protoPayload.request.scheduling.automaticRestart |
target.resource.attribute.labels[req_scheduling_automatic_restart] |
|
protoPayload.request.scheduling.onHostMaintenance |
target.resource.attribute.labels[req_scheduling_on_host_mainten] |
|
protoPayload.request.scheduling.preemptible |
target.resource.attribute.labels[req_scheduling_preemptible] |
|
protoPayload.request.service_account.description |
target.resource.attribute.labels[req_serviceAcc_description] |
|
protoPayload.request.serviceAccounts[].email |
target.resource.attribute.labels[req_serviceAcc_email] |
|
protoPayload.request.policy.booleanPolicy.enforced |
target.resource.attribute.labels[request_constraint] |
|
protoPayload.response.email |
target.resource.attribute.labels[res_email] |
|
protoPayload.response.etag |
target.resource.attribute.labels[res_etag] |
|
protoPayload.response.name |
target.resource.attribute.labels[res_name] |
|
protoPayload.response.operationType |
target.resource.attribute.labels[response_operation_type] |
|
protoPayload.response.zone |
target.resource.attribute.labels[res_zone] |
|
resource.data.name |
target.resource.attribute.labels[resource_data_name] |
|
protoPayload.response.booleanPolicy.enforced |
target.resource.attribute.labels[response_enforce_policy] |
|
protoPayload.response.status |
target.resource.attribute.labels[response_status] |
|
protoPayload.response.status.conditions.message |
target.resource.attribute.labels[response_status] |
|
protoPayload.serviceData.permissionDelta.addedPermissions[] |
target.resource.attribute.labels[ser_added_perm] |
|
protoPayload.serviceData.policyDelta.bindingDeltas[].action |
target.resource.attribute.labels[ser_binding_deltas_action] |
|
protoPayload.serviceData.policyDelta.bindingDeltas[].member |
target.resource.attribute.labels[ser_binding_deltas_member] |
|
Referred this from default parser. |
target.resource.attribute.labels[ser_binding_deltas_member] |
|
protoPayload.serviceData.jobGetQueryResultsResponse.job.jobConfiguration.query.destinationTable.datasetId |
target.resource.attribute.labels[ser_destTable_datasetId] |
|
protoPayload.serviceData.jobGetQueryResultsResponse.job.jobConfiguration.query.destinationTable.projectId |
target.resource.attribute.labels[ser_destTable_projectId] |
|
protoPayload.serviceData.jobGetQueryResultsResponse.job.jobConfiguration.query.destinationTable.tableId |
target.resource.attribute.labels[ser_destTable_tableId] |
|
protoPayload.serviceData.jobGetQueryResultsResponse.job.jobStatistics.createTime |
target.resource.attribute.labels[ser_jobCreate_time] |
|
protoPayload.serviceData.jobGetQueryResultsResponse.job.jobName.jobId |
target.resource.attribute.labels[ser_req_jobId] |
|
protoPayload.serviceData.jobGetQueryResultsResponse.job.jobConfiguration.query.query |
target.resource.attribute.labels[ser_req_query] |
|
protoPayload.serviceData.jobGetQueryResultsResponse.job.jobConfiguration.query.createDisposotion |
target.resource.attribute.labels[ser_reqCreate_disposotion] |
|
protoPayload.serviceData.jobGetQueryResultsResponse.job.jobName.location |
target.resource.attribute.labels[ser_reqJob_location] |
|
protoPayload.serviceData.jobGetQueryResultsResponse.job.jobName.projectId |
target.resource.attribute.labels[ser_reqJob_projectid] |
|
protoPayload.serviceData.jobGetQueryResultsResponse.job.jobStatistics.startTime |
target.resource.attribute.labels[ser_reqJob_start_time] |
|
protoPayload.serviceData.jobGetQueryResultsResponse.job.jobStatus.state |
target.resource.attribute.labels[ser_reqJob_state] |
|
protoPayload.serviceData.jobGetQueryResultsResponse.job.jobStatistics.totalSlotMs |
target.resource.attribute.labels[ser_reqJob_total_slot_ms] |
|
protoPayload.serviceData.jobGetQueryResultsResponse.job.jobConfiguration.query.statementType |
target.resource.attribute.labels[ser_reqStatement_type] |
|
protoPayload.serviceData.jobGetQueryResultsResponse.job.jobConfiguration.query.writeDisposition |
target.resource.attribute.labels[ser_reqWrite_disposition] |
|
protoPayload.serviceData.tableInsertRequest.resource.view.query |
target.resource.attribute.labels[ser_tableInsert_query] |
|
protoPayload.serviceData.@type |
target.resource.attribute.labels[ser_type] |
|
protoPayload.request.sourceRanges[] |
target.resource.attribute.labels[source_ranges] |
|
protoPayload.request.body.settings.storageAutoResize |
target.resource.attribute.labels[storage_auto_resize] |
|
resource.labels.target_proxy_name |
target.resource.attribute.labels[target_proxy_name] |
|
protoPayload.request.body.settings.tier |
target.resource.attribute.labels[tier] |
|
resource.labels.url_map_name |
target.resource.attribute.labels[url_map_name] |
|
protoPayload.request.cluster.network |
target.resource_ancestors.attribute.labels[req_cls_network] |
|
protoPayload.request.cluster.nodePools[].management.autoRepair |
target.resource_ancestors.attribute.labels[req_clsNodePools_autorepair] |
|
protoPayload.request.body.settings.availabilityType |
target.resource.attributes.labels[resource_avaibilitytype] |
|
protoPayload.metadata.tableCreation.table.schemaJSON |
target.resource.attributes.labels[table_schemaJson] |
|
protoPayload.metadata.event.eventName.parameter.name[BIRTHDATE] |
target.user.attribute.labels[birthdate] |
|
protoPayload.metadata.event.eventName.parameter.name[PRIVILEGE_NAME] |
target.user.attribute.labels[privilege_name] |
|
protoPayload.metadata.event.eventName.parameter.name[USER_NICKNAME] |
target.user.attribute.labels[user_nickname] |
|
resource.type |
target.resource_ancestors.resource_type |
Ist der Wert des Log-Felds „resource.type“ mit dem regulären Ausdruck „gce_(firewall or forwarding_rule)“ festgelegt. Das Feld „target.resource_ancestors.resource_type1/d log_d“ ist auf target.resource_ancestors.resource_type/1, das Feld „UDM“ mit dem Wert des regulären Ausdrucks auf target.resource_ancestors.resource_type festgelegt. Das Feld „UDM1“ ist auf „target.resource_ancestors.resource_type1.1“ {Das Feld „UDM“ ist auf FIREWALL_RULE festgelegt.Das Feld „ target.resource_ancestors.resource_type1“ ist auf den Wert „target.resource_ancestors.resource_type“ für den regulären Ausdruck auf {festgelegt. Das Feld „ target.resource_ancestors.resource_type“ für den regulären Ausdruck auf gce_(subnetwork or network) entspricht dem Feld „target.resource_ancestors.resource_type“.resource.typeresource.typeresource.typeresource.typeresource.typeresource.typeresource.typeresource.typeresource.typeresource.typeresource.typetarget.resource_ancestors.resource_typetarget.resource_ancestors.resource_typetarget.resource_ancestors.resource_typetarget.resource_ancestors.resource_typetarget.resource_ancestors.resource_typeVPC_NETWORKdataprocCLUSTERCLUSTERk8s or gke_gce_backend_serviceBACKEND_SERVICE(gce_ or dns_query)target.resource.resource_typeVIRTUAL_MACHINEgcs_bucketSTORAGE_BUCKETbigqueryDATABASEDATABASEcloudsqlservice_accountSERVICE_ACCOUNTprojectCLOUD_PROJECTCLOUD_PROJECTorganizationCLOUD_ORGANIZATIONUNSPECIFIEDresource.labels.project_id |
jsonPayload.end_time |
about.labels[jsonPayload_end_time] (verworfen) |
|
jsonPayload.packets_sent |
network.sent_packets |
|
jsonPayload.reporter |
about.labels[jsonPayload_reporter] (verworfen) |
|
jsonPayload.src_vpc.vpc_name |
principal.resource.name |
|
jsonPayload.src_vpc.project_id |
principal.resource.product_object_id |
|
jsonPayload.src_vpc.subnetwork_name |
principal.resource.attribute.labels[jsonPayload_src_vpc_subnetwork_name] |
|
jsonPayload.start_time |
about.labels[jsonPayload_start_time] (verworfen) |
|
jsonPayload.src_instance.region |
principal.location.name |
|
jsonPayload.src_instance.project_id |
principal.labels[jsonPayload_src_instance_project_id] (verworfen) |
|
jsonPayload.src_instance.zone |
principal.cloud.availability_zone |
|
resource.labels.subnetwork_id |
target.resource.attribute.labels[resource_labels_subnetwork_id] |
|
jsonPayload.dest_vpc.project_id |
target.resource.product_object_id |
|
jsonPayload.dest_vpc.subnetwork_name |
target.resource.attribute.labels[jsonPayload_src_vpc_subnetwork_name] |
|
jsonPayload.dest_vpc.vpc_name |
target.resource.name |
|
jsonPayload.dest_instance.region |
target.location.name |
|
jsonPayload.dest_instance.project_id |
target.labels[jsonPayload_dest_instance_project_id] (verworfen) |
|
jsonPayload.dest_instance.zone |
target.cloud.availability_zone |
|
jsonPayload.src_location.asn |
principal.labels[jsonPayload_src_location_asn] (verworfen) |
|
jsonPayload.src_location.city |
principal.location.city |
|
jsonPayload.src_location.continent |
principal.labels[jsonPayload_src_location_continent] (verworfen) |
|
jsonPayload.src_location.country |
principal.location.country_or_region |
|
jsonPayload.src_location.region |
principal.labesl[jsonPayload_src_location_region] |
|
jsonPayload.dest_location.asn |
target.labels[jsonPayload_dest_location_asn] (verworfen) |
|
jsonPayload.dest_location.city |
target.location.city |
|
jsonPayload.dest_location.continent |
target.labels[jsonPayload_dest_location_continent] (verworfen) |
|
jsonPayload.dest_location.region |
target.labesl[jsonPayload_dest_location_region] |
|
protoPayload.metadata.ingressViolations.servicePerimeter |
security_result.detection_fields[protoPayload_metadata_ingressViolations_serviceParameter] |
|
protoPayload.metadata.ingressViolations.source |
security_result.detection_fields[protoPayload_metadata_ingressViolations_source] |
|
protoPayload.metadata.ingressViolations.sourceType |
security_result.detection_fields[protoPayload_metadata_ingressViolations_sourceType] |
|
protoPayload.metadata.ingressViolations.targetResource |
security_result.detection_fields[protoPayload_metadata_ingressViolations_targetResource] |
|
protoPayload.request.subjects.name |
target.user.attribute.labels[subject_name] |
|
protoPayload.request.spec.containers.0.image |
target.process.command_line |
|
protoPayload.request.spec.containers.0.name |
target.resource.attribute.labels[name] |
|
protoPayload.request.spec.containers.0.terminationMessagePolicy |
traget.resource.attribute.labels[terminationMessagePolicy] |
|
protoPayload.request.spec.containers.0.terminationMessagePath |
traget.resource.attribute.labels[terminationMessagePath] |
|
protoPayload.request.spec.containers.0.imagePullPolicy |
traget.resource.attribute.labels[imagePullPolicy] |
|
protoPayload.request.spec.dnsPolicy |
target.resource.attribute.labels[imagePullPolicy] |
|
protoPayload.request.spec.enableServiceLinks |
traget.resource.attribute.labels[enableServiceLinks] |
|
protoPayload.request.spec.restartPolicy |
target.resource.attribute.labels[restartPolicy] |
|
protoPayload.request.spec.schedulerName |
target.resource.attribute.labels[schedulerName] |
|
protoPayload.request.spec.terminationGracePeriodSeconds |
traget.resource.attribute.labels[protoPayload_request_spec_terminationGracePeriodSeconds] |
|
protoPayload.request.metadata.namespace |
principal.namespace |
|
protoPayload.request.apiVersion |
target.resource.attribute.labels [request apiVersion] |
|
protoPayload.request.kind |
target.resource.attribute.labels[request.kind] |
|
protoPayload.request.metadata.name |
target.resource.attribute.labels[request.metadata.name] |
|
labels.mutation.webhook.admission.k8s.io/round_0_index_0 |
security_result.about.resource.attribute.labels[labels_round_0_index_0] |
|
protoPayload.request.spec.containers.0.args |
about.file.capabilities_tags |
|
protoPayload.request.properties.disks.0.initializeParams.diskSizeGb |
principal.resource.attribute.labels[diskSizeGb] |
|
protoPayload.request.properties.disks.0.initializeParams.diskType |
principal.resource.attribute.labels[diskType] |
|
protoPayload.request.properties.disks.0.initializeParams.guestOsFeatures.0.type |
principal.resource.attribute.labels[guestOsFeatures type] |
|
protoPayload.request.properties.disks.0.initializeParams.labels.0.key |
principal.resource.attribute.labels[protoPayload.request.properties.disks.0.initializeParams.labels.0.key] |
|
protoPayload.request.properties.disks.0.initializeParams.sourceImage |
principal.resource.attribute.labels[sourceImage] |
|
protoPayload.request.properties.disks.0.type |
principal.resource.attribute.labels[disks Type] |
|
key_id |
security_result.detection_field[key_id] |
Der Feldwert key_id wird mithilfe eines Grok-Musters aus dem Logfeld message extrahiert. |
protoPayload.request.securityHealthAnalyticsSettings.modules.PUBLIC_BUCKET_ACL.moduleEnablementState |
target.resource.attribute.labels[PUBLIC_BUCKET_ACL_module_enablement_state] |
|
protoPayload.response.serviceEnablementState |
target.resource.attribute.labels[service_enablement_state] |
|
protoPayload.request.metadata.creationTimestamp |
target.resource.attribute.creation_time |
|
protoPayload.request.metadata.labels.trivy.automatic.created |
target.resource.attribute.labels[req_metadata_trivy_automatic_created] |
|
protoPayload.request.metadata.labels.trivy.collector.name |
target.resource.attribute.labels[req_metadata_trivy_collector_name] |
|
protoPayload.request.metadata.labels.trivy.resource.kind |
target.resource.attribute.labels[req_metadata_trivy_resource_kind] |
|
protoPayload.request.metadata.labels.trivy.resource.name |
target.resource.attribute.labels[req_metadata_trivy_resource_name] |
|
protoPayload.request.spec.backoffLimit |
target.resource.attribute.labels[req_spec_backoff_limit] |
|
protoPayload.request.spec.completionMode |
target.resource.attribute.labels[req_spec_completion_mode] |
|
protoPayload.request.spec.completions |
target.resource.attribute.labels[req_spec_completions] |
|
protoPayload.request.spec.parallelism |
target.resource.attribute.labels[req_spec_parallelism] |
|
protoPayload.request.spec.suspend |
target.resource.attribute.labels[req_spec_suspend] |
|
protoPayload.request.spec.template.metadata.creationTimestamp |
target.resource.attribute.labels[req_spec_template_metadata_creation_time] |
|
protoPayload.request.spec.template.metadata.labels.app |
target.resource.attribute.labels[req_spec_template_metadata_app] |
|
protoPayload.request.spec.template.spec.automountServiceAccountToken |
target.resource.attribute.labels[req_spec_template_spec_automount_service_account_token] |
|
protoPayload.request.spec.template.spec.containers.command |
target.resource_ancestors.attribute.labels[req_spec_template_spec_container_command] |
|
protoPayload.request.spec.template.spec.containers.image |
target.resource_ancestors.attribute.labels[req_spec_template_spec_container_image] |
|
protoPayload.request.spec.template.spec.containers.imagePullPolicy |
target.resource_ancestors.attribute.labels[req_spec_template_spec_container_image_pull_policy] |
|
protoPayload.request.spec.template.spec.containers.name |
target.resource_ancestors.name |
|
protoPayload.request.spec.template.spec.containers.resources.limits.cpu |
target.resource_ancestors.attribute.labels[req_spec_template_spec_container_resource_limits_cpu] |
|
protoPayload.request.spec.template.spec.containers.resources.limits.memory |
target.resource_ancestors.attribute.labels[req_spec_template_spec_container_resource_limits_memory] |
|
protoPayload.request.spec.template.spec.containers.resources.requests.cpu |
target.resource_ancestors.attribute.labels[req_spec_template_spec_container_resource_request_cpu] |
|
protoPayload.request.spec.template.spec.containers.resources.requests.memory |
target.resource_ancestors.attribute.labels[req_spec_template_spec_container_resource_request_memory] |
|
protoPayload.request.spec.template.spec.containers.securityContext.allowPrivilegeEscalation |
target.resource_ancestors.attribute.labels[req_spec_template_spec_container_security_context_allow_privilege_escalation] |
|
protoPayload.request.spec.template.spec.containers.securityContext.capabilities.drop |
target.resource_ancestors.attribute.labels[req_spec_template_spec_container_security_context_capabilities_drop] |
|
protoPayload.request.spec.template.spec.containers.securityContext.privileged |
target.resource_ancestors.attribute.labels[req_spec_template_spec_container_security_context_privileged] |
|
protoPayload.request.spec.template.spec.containers.securityContext.readOnlyRootFilesystem |
target.resource_ancestors.attribute.labels[req_spec_template_spec_container_security_context_read_only_root_filesystem] |
|
protoPayload.request.spec.template.spec.containers.terminationMessagePath |
target.resource_ancestors.attribute.labels[req_spec_template_spec_container_termination_message_path] |
|
protoPayload.request.spec.template.spec.containers.terminationMessagePolicy |
target.resource_ancestors.attribute.labels[req_spec_template_spec_container_termination_message_policy] |
|
protoPayload.request.spec.template.spec.containers.volumeMounts.mountPath |
target.resource_ancestors.attribute.labels[req_spec_template_spec_container_volume_mounts_mount_path] |
|
protoPayload.request.spec.template.spec.containers.volumeMounts.name |
target.resource_ancestors.attribute.labels[req_spec_template_spec_container_volume_mounts_name] |
|
protoPayload.request.spec.template.spec.containers.volumeMounts.readOnly |
target.resource_ancestors.attribute.labels[req_spec_template_spec_container_volume_mounts_readonly] |
|
protoPayload.request.spec.template.spec.dnsPolicy |
target.resource.attribute.labels[req_spec_template_spec_dns_policy] |
|
protoPayload.request.spec.template.spec.hostPID |
target.resource.attribute.labels[req_spec_template_spec_host_pid] |
|
protoPayload.request.spec.template.spec.restartPolicy |
target.resource.attribute.labels[req_spec_template_spec_restart_policy] |
|
protoPayload.request.spec.template.spec.schedulerName |
target.resource.attribute.labels[req_spec_template_spec_scheduler_name] |
|
protoPayload.request.spec.template.spec.securityContext.runAsGroup |
target.resource.attribute.labels[req_spec_template_spec_security_context_run_as_group] |
|
protoPayload.request.spec.template.spec.securityContext.runAsUser |
target.resource.attribute.labels[req_spec_template_spec_security_context_run_as_user] |
|
protoPayload.request.spec.template.spec.securityContext.seccompProfile.type |
target.resource.attribute.labels[req_spec_template_spec_security_context_seccomp_profile_type] |
|
protoPayload.request.spec.template.spec.terminationGracePeriodSeconds |
target.resource.attribute.labels[req_spec_template_spec_termination_grace_period_seconds] |
|
protoPayload.request.spec.template.spec.volumes.hostPath.path |
target.resource.attribute.labels[req_spec_template_spec_volumes_host_path] |
|
protoPayload.request.spec.template.spec.volumes.hostPath.type |
target.resource.attribute.labels[req_spec_template_spec_volumes_host_path_type] |
|
protoPayload.request.spec.template.spec.volumes.name |
target.resource.attribute.labels[req_spec_template_spec_volumes_name] |
|
protoPayload.request.spec.automountServiceAccountToken |
target.resource.attribute.labels[req_spec_automount_service_account_token] |
|
protoPayload.request.spec.containers.command |
target.resource.attribute.labels[req_spec_container_command] |
|
protoPayload.request.spec.containers.securityContext.privileged |
target.resource.attribute.labels[req_spec_container_security_context_privileged] |
|
protoPayload.request.spec.containers.securityContext.allowPrivilegeEscalation |
target.resource.attribute.labels[req_spec_container_security_context_allow_privilege_escalation] |
|
protoPayload.request.spec.containers.securityContext.readOnlyRootFilesystem |
target.resource.attribute.labels[req_spec_container_security_context_read_only_root_filesystem] |
|
protoPayload.request.spec.containers.securityContext.capabilities.drop |
target.resource.attribute.labels[req_spec_container_security_context_capabilities_drop] |
|
protoPayload.request.spec.containers.volumeMounts.mountPath |
target.resource.attribute.labels[req_spec_container_volume_mount_path] |
|
protoPayload.request.spec.containers.volumeMounts.name |
target.resource.attribute.labels[req_spec_container_volume_mount_name] |
|
protoPayload.request.spec.containers.volumeMounts.readOnly |
target.resource.attribute.labels[req_spec_container_volume_mount_read_only] |
|
protoPayload.request.metadata.annotations.deprecated.daemonset.template.generation |
target.resource.attribute.labels[req_metadata_annotations_deprecated_daemonset_template_generation] |
|
protoPayload.request.metadata.labels.app |
target.resource.attribute.labels[req_metadata_app] |
|
protoPayload.request.metadata.labels.type |
target.resource.attribute.labels[req_metadata_labels_type] |
|
protoPayload.request.spec.serviceAccount |
target.resource.attribute.labels[req_spec_service_account] |
|
protoPayload.request.spec.serviceAccountName |
target.resource.attribute.labels[req_spec_serivce_account_name] |
|
protoPayload.request.spec.hostIPC |
target.resource.attribute.labels[req_spec_host_ipc] |
|
protoPayload.request.spec.hostNetwork |
target.resource.attribute.labels[req_spec_host_network] |
|
protoPayload.request.spec.hostPID |
target.resource.attribute.labels[req_spec_host_pid] |
|
protoPayload.request.spec.nodeName |
target.resource.attribute.labels[req_spec_node_name] |
|
protoPayload.request.spec.securityContext.privileged |
target.resource.attribute.labels[req_spec_security_context_privileged] |
|
protoPayload.request.spec.securityContext.allowPrivilegeEscalation |
target.resource.attribute.labels[req_spec_security_context_allow_privilege_escalation] |
|
protoPayload.request.spec.securityContext.readOnlyRootFilesystem |
target.resource.attribute.labels[req_spec_security_context_read_only_root_filesystem] |
|
protoPayload.request.spec.securityContext.capabilities.drop |
target.resource.attribute.labels[req_spec_security_context_capabilities_drop] |
|
protoPayload.request.spec.volumes.hostPath.path |
target.resource.attribute.labels[req_spec_volume_host_path] |
|
protoPayload.request.spec.volumes.hostPath.type |
target.resource.attribute.labels[req_spec_volume_host_path_type] |
|
protoPayload.request.spec.volumes.name |
target.resource.attribute.labels[req_spec_volume_name] |
|
protoPayload.request.spec.revisionHistoryLimit |
target.resource.attribute.labels[req_spec_revision_history_limit] |
|
protoPayload.request.spec.selector.matchLabels.app |
target.resource.attribute.labels[req_spec_selector_match_label_app] |
|
protoPayload.request.spec.selector.matchLabels.type |
target.resource.attribute.labels[req_spec_selector_match_label_type] |
|
protoPayload.request.spec.template.metadata.labels.type |
target.resource.attribute.labels[req_spec_template_metadata_labels_type] |
|
protoPayload.request.spec.template.spec.containers.args |
target.resource.attribute.labels[req_spec_template_spec_container_arg] |
|
protoPayload.request.spec.template.spec.hostIPC |
target.resource.attribute.labels[req_spec_template_spec_host_ipc] |
|
protoPayload.request.spec.template.spec.hostNetwork |
target.resource.attribute.labels[req_spec_template_spec_host_network] |
|
protoPayload.request.spec.updateStrategy.rollingUpdate.maxSurge |
target.resource.attribute.labels[req_spec_update_strategy_rolling_update_max_surge] |
|
protoPayload.request.spec.updateStrategy.rollingUpdate.maxUnavailable |
target.resource.attribute.labels[req_spec_update_strategy_rolling_update_max_unavailable] |
|
protoPayload.request.spec.updateStrategy.type |
target.resource.attribute.labels[req_spec_update_strategy_type] |
|
protoPayload.request.status.currentNumberScheduled |
target.resource.attribute.labels[req_status_current_number_scheduled] |
|
protoPayload.request.status.desiredNumberScheduled |
target.resource.attribute.labels[req_status_desired_number_scheduled] |
|
protoPayload.request.status.numberMisscheduled |
target.resource.attribute.labels[req_status_number_miss_scheduled] |
|
protoPayload.request.status.numberReady |
target.resource.attribute.labels[req_status_number_ready] |
|
protoPayload.response.@type |
target.resource.attribute.labels[res_type] |
|
protoPayload.response.apiVersion |
target.resource.attribute.labels[res_api_version] |
|
protoPayload.response.metadata.annotations.deprecated.daemonset.template.generation |
target.resource.attribute.labels[res_metadata_annotations_deprecated_daemonset_template_generation] |
|
protoPayload.response.metadata.generation |
target.resource.attribute.labels[res_metadata_generation] |
|
protoPayload.response.metadata.labels.type |
target.resource.attribute.labels[res_metadata_labels_type] |
|
protoPayload.response.metadata.labels.app |
target.resource.attribute.labels[res_metadata_label_app] |
|
protoPayload.response.metadata.creationTimestamp |
target.resource.attribute.labels[res_metadata_creation_time] |
|
protoPayload.response.metadata.name |
target.resource.attribute.labels[res_metadata_name] |
|
protoPayload.response.metadata.namespace |
target.resource.attribute.labels[res_metadata_namespace] |
|
protoPayload.response.metadata.resourceVersion |
target.resource.attribute.labels[res_metadata_resource_version] |
|
protoPayload.response.metadata.uid |
target.resource.attribute.labels[res_metadata_uid] |
|
protoPayload.response.spec.revisionHistoryLimit |
target.resource.attribute.labels[res_spec_revision_history_limit] |
|
protoPayload.response.spec.selector.matchLabels.app |
target.resource.attribute.labels[res_spec_selector_match_label_app] |
|
protoPayload.response.spec.selector.matchLabels.type |
target.resource.attribute.labels[res_spec_selector_match_label_type] |
|
protoPayload.response.spec.template.metadata.creationTimestamp |
target.resource.attribute.labels[res_spec_template_metadata_creation_time] |
|
protoPayload.response.spec.template.metadata.labels.app |
target.resource.attribute.labels[res_spec_template_metadata_app] |
|
protoPayload.response.spec.template.metadata.labels.type |
target.resource.attribute.labels[res_spec_template_metadata_type] |
|
protoPayload.response.spec.template.spec.containers.args |
target.resource_ancestors.attribute.labels[res_spec_template_spec_container_arg] |
|
protoPayload.response.spec.template.spec.containers.command |
target.resource_ancestors.attribute.labels[res_spec_template_spec_container_command] |
|
protoPayload.response.spec.template.spec.containers.image |
target.resource_ancestors.attribute.labels[res_spec_template_spec_container_image] |
|
protoPayload.response.spec.template.spec.containers.imagePullPolicy |
target.resource_ancestors.attribute.labels[res_spec_template_spec_container_image_pull_policy] |
|
protoPayload.response.spec.template.spec.containers.name |
target.resource_ancestors.name |
|
protoPayload.response.spec.template.spec.containers.resources.limits.cpu |
target.resource_ancestors.attribute.labels[res_spec_template_spec_container_resource_limits_cpu] |
|
protoPayload.response.spec.template.spec.containers.resources.limits.memory |
target.resource_ancestors.attribute.labels[res_spec_template_spec_container_resource_limits_memory] |
|
protoPayload.response.spec.template.spec.containers.resources.requests.cpu |
target.resource_ancestors.attribute.labels[res_spec_template_spec_container_resource_request_cpu] |
|
protoPayload.response.spec.template.spec.containers.resources.requests.memory |
target.resource_ancestors.attribute.labels[res_spec_template_spec_container_resource_request_memory] |
|
protoPayload.response.spec.template.spec.containers.securityContext.privileged |
target.resource_ancestors.attribute.labels[res_spec_template_spec_container_security_context_privileged] |
|
protoPayload.response.spec.template.spec.containers.securityContext.allowPrivilegeEscalation |
target.resource_ancestors.attribute.labels[res_spec_template_spec_container_security_context_allow_privilege_escalation] |
|
protoPayload.response.spec.template.spec.containers.securityContext.readOnlyRootFilesystem |
target.resource_ancestors.attribute.labels[res_spec_template_spec_container_security_context_read_only_root_filesystem] |
|
protoPayload.response.spec.template.spec.containers.securityContext.capabilities.drop |
target.resource_ancestors.attribute.labels[res_spec_template_spec_container_security_context_capabilities_drop] |
|
protoPayload.response.spec.template.spec.containers.terminationMessagePath |
target.resource_ancestors.attribute.labels[res_spec_template_spec_container_termination_message_path] |
|
protoPayload.response.spec.template.spec.containers.terminationMessagePolicy |
target.resource_ancestors.attribute.labels[res_spec_template_spec_container_termination_message_policy] |
|
protoPayload.response.spec.template.spec.containers.volumeMounts.mountPath |
target.resource_ancestors.attribute.labels[res_spec_template_spec_container_volume_mounts_mount_path] |
|
protoPayload.response.spec.template.spec.containers.volumeMounts.name |
target.resource_ancestors.attribute.labels[res_spec_template_spec_container_volume_mounts_name] |
|
protoPayload.response.spec.template.spec.containers.volumeMounts.readOnly |
target.resource_ancestors.attribute.labels[res_spec_template_spec_container_volume_mounts_read_only] |
|
protoPayload.response.spec.template.spec.dnsPolicy |
target.resource.attribute.labels[res_spec_template_spec_dns_policy] |
|
protoPayload.response.spec.template.spec.hostIPC |
target.resource.attribute.labels[res_spec_template_spec_host_pid] |
|
protoPayload.response.spec.template.spec.hostNetwork |
target.resource.attribute.labels[res_spec_template_spec_host_network] |
|
protoPayload.response.spec.template.spec.hostPID |
target.resource.attribute.labels[res_spec_template_spec_host_ipc] |
|
protoPayload.response.spec.template.spec.nodeName |
target.resource.attribute.labels[res_spec_template_spec_node_name] |
|
protoPayload.response.spec.template.spec.restartPolicy |
target.resource.attribute.labels[res_spec_template_spec_restart_policy] |
|
protoPayload.response.spec.template.spec.schedulerName |
target.resource.attribute.labels[res_spec_template_spec_scheduler_name] |
|
protoPayload.response.spec.template.spec.securityContext.runAsGroup |
target.resource.attribute.labels[res_spec_template_spec_security_context_run_as_group] |
|
protoPayload.response.spec.template.spec.securityContext.runAsUser |
target.resource.attribute.labels[res_spec_template_spec_security_context_run_as_user] |
|
protoPayload.response.spec.template.spec.securityContext.seccompProfile.type |
target.resource.attribute.labels[res_spec_template_spec_security_context_seccomp_profile_type] |
|
protoPayload.response.spec.template.spec.terminationGracePeriodSeconds |
target.resource.attribute.labels[res_spec_template_spec_termination_grace_period_seconds] |
|
protoPayload.response.spec.template.spec.volumes.hostPath.path |
target.resource.attribute.labels[res_spec_template_spec_volumes_host_path] |
|
protoPayload.response.spec.template.spec.volumes.hostPath.type |
target.resource.attribute.labels[res_spec_template_spec_volumes_host_path_type] |
|
protoPayload.response.spec.template.spec.volumes.name |
target.resource.attribute.labels[res_spec_template_spec_volumes_name] |
|
protoPayload.response.spec.updateStrategy.rollingUpdate.maxSurge |
target.resource.attribute.labels[res_spec_update_strategy_rolling_update_max_surge] |
|
protoPayload.response.spec.updateStrategy.rollingUpdate.maxUnavailable |
target.resource.attribute.labels[res_spec_update_strategy_rolling_update_max_unavailable] |
|
protoPayload.response.spec.updateStrategy.type |
target.resource.attribute.labels[res_spec_update_strategy_type] |
|
protoPayload.response.spec.containers.args |
target.resource_ancestors.attribute.labels[res_spec_container_arg] |
|
protoPayload.response.spec.containers.command |
target.resource_ancestors.attribute.labels[res_spec_container_command] |
|
protoPayload.response.spec.containers.image |
target.resource_ancestors.attribute.labels[res_spec_container_image] |
|
protoPayload.response.spec.containers.imagePullPolicy |
target.resource_ancestors.attribute.labels[res_spec_container_image_pull_policy] |
|
protoPayload.response.spec.containers.name |
target.resource_ancestors.name |
|
protoPayload.response.spec.containers.securityContext.privileged |
target.resource_ancestors.attribute.labels[res_spec_container_security_context_privileged] |
|
protoPayload.response.spec.containers.securityContext.allowPrivilegeEscalation |
target.resource_ancestors.attribute.labels[res_spec_container_security_context_allow_privilege_escalation] |
|
protoPayload.response.spec.containers.securityContext.readOnlyRootFilesystem |
target.resource_ancestors.attribute.labels[res_spec_container_security_context_read_only_root_filesystem] |
|
protoPayload.response.spec.containers.securityContext.capabilities.drop |
target.resource_ancestors.attribute.labels[res_spec_container_security_context_capabilities_drop] |
|
protoPayload.response.spec.containers.terminationMessagePath |
target.resource_ancestors.attribute.labels[res_spec_container_termination_message_path] |
|
protoPayload.response.spec.containers.terminationMessagePolicy |
target.resource_ancestors.attribute.labels[res_spec_container_termination_message_policy] |
|
protoPayload.response.spec.containers.volumeMounts.mountPath |
target.resource_ancestors.attribute.labels[res_spec_container_volume_mount_path] |
|
protoPayload.response.spec.containers.volumeMounts.name |
target.resource_ancestors.attribute.labels[res_spec_container_volume_mount_name] |
|
protoPayload.response.spec.containers.volumeMounts.readOnly |
target.resource_ancestors.attribute.labels[res_spec_container_volume_mount_read_only] |
|
protoPayload.response.spec.dnsPolicy |
target.resource.attribute.labels[res_spec_dns_policy] |
|
protoPayload.response.spec.enableServiceLinks |
target.resource.attribute.labels[res_spec_enable_service_links] |
|
protoPayload.response.spec.hostIPC |
target.resource.attribute.labels[res_spec_host_ipc] |
|
protoPayload.response.spec.hostNetwork |
target.resource.attribute.labels[res_spec_host_network] |
|
protoPayload.response.spec.hostPID |
target.resource.attribute.labels[res_spec_host_pid] |
|
protoPayload.response.spec.nodeName |
target.resource.attribute.labels[res_spec_node_name] |
|
protoPayload.response.spec.preemptionPolicy |
target.resource.attribute.labels[res_spec_preemption_policy] |
|
protoPayload.response.spec.priority |
target.resource.attribute.labels[res_spec_priority] |
|
protoPayload.response.spec.restartPolicy |
target.resource.attribute.labels[res_spec_restart_policy] |
|
protoPayload.response.spec.schedulerName |
target.resource.attribute.labels[res_spec_scheduler_name] |
|
protoPayload.response.spec.serviceAccount |
target.resource.attribute.labels[res_spec_service_account] |
|
protoPayload.response.spec.serviceAccountName |
target.resource.attribute.labels[res_spec_serivce_account_name] |
|
protoPayload.response.spec.terminationGracePeriodSeconds |
target.resource.attribute.labels[res_spec_termination_grace_period_seconds] |
|
protoPayload.response.spec.tolerations.effect |
target.resource.attribute.labels[res_spec_toleration_effect] |
|
protoPayload.response.spec.tolerations.key |
target.resource.attribute.labels[res_spec_toleration_key] |
|
protoPayload.response.spec.tolerations.operator |
target.resource.attribute.labels[res_spec_toleration_operator] |
|
protoPayload.response.spec.tolerations.tolerationSeconds |
target.resource.attribute.labels[res_spec_toleration_second] |
|
protoPayload.response.spec.volumes.hostPath.path |
target.resource.attribute.labels[res_spec_volume_host_path] |
|
protoPayload.response.spec.volumes.hostPath.type |
target.resource.attribute.labels[res_spec_volume_host_path_type] |
|
protoPayload.response.spec.volumes.name |
target.resource.attribute.labels[res_spec_volume_name] |
|
protoPayload.response.spec.volumes.projected.defaultMode |
target.resource.attribute.labels[res_spec_volume_projected_default_mode] |
|
protoPayload.response.spec.volumes.projected.sources.serviceAccountToken.expirationSeconds |
target.resource.attribute.labels[res_spec_volume_projected_src_service_acc_token_ecpiration_sec] |
|
protoPayload.response.spec.volumes.projected.sources.serviceAccountToken.path |
target.resource.attribute.labels[res_spec_volume_projected_src_service_acc_token_path] |
|
protoPayload.response.spec.volumes.projected.sources.configMap.items.key |
target.resource.attribute.labels[res_spec_volume_projected_src_config_map_item_key] |
|
protoPayload.response.spec.volumes.projected.sources.configMap.items.path |
target.resource.attribute.labels[res_spec_volume_projected_src_config_map_item_path] |
|
protoPayload.response.spec.volumes.projected.sources.configMap.name |
target.resource.attribute.labels[res_spec_volume_projected_src_config_map_name] |
|
protoPayload.response.spec.volumes.projected.sources.downwardAPI.items.fieldRef.apiVersion |
target.resource.attribute.labels[res_spec_volume_projected_src_downward_api_item_field_ref_api_version] |
|
protoPayload.response.spec.volumes.projected.sources.downwardAPI.items.fieldRef.fieldPath |
target.resource.attribute.labels[res_spec_volume_projected_src_downward_api_item_field_ref_field_path] |
|
protoPayload.response.spec.volumes.projected.sources.downwardAPI.items.path |
target.resource.attribute.labels[res_spec_volume_projected_src_downward_api_item_path] |
|
protoPayload.response.status.phase |
target.resource.attribute.labels[res_status_phase] |
|
protoPayload.response.status.qosClass |
target.resource.attribute.labels[res_status_qos_class] |
|
protoPayload.response.status.currentNumberScheduled |
target.resource.attribute.labels[res_status_current_number_scheduled] |
|
protoPayload.response.status.desiredNumberScheduled |
target.resource.attribute.labels[res_status_desired_number_scheduled] |
|
protoPayload.response.status.numberMisscheduled |
target.resource.attribute.labels[res_status_number_miss_scheduled] |
|
protoPayload.response.status.numberReady |
target.resource.attribute.labels[res_status_number_ready] |
|
labels.authorization.k8s.io/decision |
security_result.action |
Wenn der Wert des Logfelds labels.authorization.k8s.io/decision gleich allow ist, wird das UDM-Feld security_result.action auf ALLOW gesetzt.Andernfalls wird das UDM-Feld security_result.action auf BLOCK gesetzt, wenn der Wert des Logfelds labels.authorization.k8s.io/decision gleich block ist. |
labels.pod-security.kubernetes.io/enforce-policy |
security_result.detection_fields[pod_security_kubernetes_io_enforce_policy] |
|
labels.authorization.k8s.io/reason |
security_result.action_details |
|
protoPayload.request.roleRef.apiGroup |
target.user.attribute.labels[req_role_ref_api_group] |
|
protoPayload.request.roleRef.kind |
target.user.attribute.labels[req_role_ref_kind] |
|
protoPayload.request.roleRef.name |
target.user.attribute.roles.name |
|
protoPayload.request.subjects.apiGroup |
target.user.attribute.labels[req_subject_api_group] |
|
protoPayload.request.subjects.kind |
target.user.attribute.labels[req_subject_kind] |
|
protoPayload.request.rules.apiGroups |
security_result.rule_labels[req_rule_api_group] |
|
protoPayload.request.rules.resources |
security_result.rule_labels[req_rule_resource] |
|
protoPayload.request.rules.verbs |
security_result.rule_labels[req_rule_verb] |
|
protoPayload.request.rules.resourceNames |
security_result.rule_labels[req_rule_resource_name] |
|
protoPayload.response.metadata.managedFields.apiVersion |
target.resource.attribute.labels[res_managed_field_api_version] |
|
protoPayload.response.metadata.managedFields.fieldsType |
target.resource.attribute.labels[res_managed_field_type] |
|
protoPayload.response.metadata.managedFields.manager |
target.resource.attribute.labels[res_managed_field_manager] |
|
protoPayload.response.metadata.managedFields.operation |
target.resource.attribute.labels[res_managed_field_operation] |
|
protoPayload.response.metadata.managedFields.time |
target.resource.attribute.labels[res_managed_field_time] |
|
protoPayload.request.spec.containers.securityContext.capabilities.add |
target.resource_ancestors.attribute.labels[req_spec_container_security_context_capabilities_add] |
|
protoPayload.request.spec.containers.securityContext.seccompProfile.type |
target.resource_ancestors.attribute.labels[req_spec_container_security_context_seccomp_profile_type] |
|
protoPayload.request.spec.shareProcessNamespace |
target.resource.attribute.labels[req_spec_share_process_namespace] |
|
protoPayload.response.spec.containers.securityContext.capabilities.add |
target.resource_ancestors.attribute.labels[res_spec_container_security_context_capabilities_add] |
|
protoPayload.response.spec.containers.securityContext.seccompProfile.type |
target.resource_ancestors.attribute.labels[res_spec_container_security_context_seccomp_profile_type] |
|
protoPayload.response.spec.shareProcessNamespace |
target.resource.attribute.labels[res_spec_share_process_namespace] |
|
protoPayload.metadata.membershipDelta.member |
target.resource.attribute.labels[membership_delta_member] |
|
protoPayload.metadata.membershipDelta.roleDeltas.action |
target.resource.attribute.labels[membership_role_deltas_action] |
|
protoPayload.metadata.membershipDelta.roleDeltas.role |
target.resource.attribute.labels[membership_role_deltas_role] |
|
protoPayload.request.spec.resourceAttributes.namespace |
target.resource.attribute.labels[req_spec_resource_attribute_namespace] |
|
protoPayload.request.spec.resourceAttributes.resource |
target.resource.attribute.labels[req_spec_resource_attribute_resource] |
|
protoPayload.request.spec.resourceAttributes.verb |
target.resource.attribute.labels[req_spec_resource_attribute_verb] |
|
protoPayload.request.status.allowed |
target.resource.attribute.labels[req_status_allowed] |
|
protoPayload.response.spec.resourceAttributes.namespace |
target.resource.attribute.labels[res_spec_resource_attribute_namespace] |
|
protoPayload.response.spec.resourceAttributes.resource |
target.resource.attribute.labels[res_spec_resource_attribute_resource] |
|
protoPayload.response.spec.resourceAttributes.verb |
target.resource.attribute.labels[res_spec_resource_attribute_verb] |
|
protoPayload.response.status.allowed |
target.resource.attribute.labels[res_status_allowed] |
|
protoPayload.request.objects.db |
additional.fields[database_name] |
|
jsonPayload.accesses.methodName |
additional.fields[methodName] |
|
protoPayload.request.objects.name |
additional.fields[objects_name] |
|
protoPayload.metadata.event.eventName.parameter.name[API_CLIENT_NAME] |
additional.fields[api_client_name] |
|
protoPayload.metadata.event.eventName.parameter.name[API_SCOPES] |
additional.fields[api_scopes] |
|
protoPayload.metadata.event.eventName.parameter.name[BEGIN_DATE_TIME] |
additional.fields[begin_date_time] |
|
protoPayload.metadata.event.eventName.parameter.name[BULK_UPLOAD_FAIL_USERS_NUMBER] |
additional.fields[bulk_upload_fail_users_number] |
|
protoPayload.metadata.event.eventName.parameter.name[BULK_UPLOAD_TOTAL_USERS_NUMBER] |
additional.fields[bulk_upload_total_users_number] |
|
protoPayload.metadata.event.eventName.parameter.name[CAA_ASSIGNMENTS_NEW] |
additional.fields[caa_assignments_new] |
|
protoPayload.metadata.event.eventName.parameter.name[CAA_ASSIGNMENTS_OLD] |
additional.fields[caa_assignments_old] |
|
protoPayload.metadata.event.eventName.parameter.name[CAA_ENFORCEMENT_ENDPOINTS_NEW] |
additional.fields[caa_enforcement_endpoints_new] |
|
protoPayload.metadata.event.eventName.parameter.name[CAA_ENFORCEMENT_ENDPOINTS_OLD] |
additional.fields[caa_enforcement_endpoints_old] |
|
protoPayload.requestMetadata.requestAttributes.size |
additional.fields[caller_network_request_size] |
|
protoPayload.requestMetadata.requestAttributes.time |
additional.fields[caller_network_request_time] |
|
protoPayload.requestMetadata.callerNetwork |
additional.fields[caller_network] |
|
protoPayload.requestMetadata.requestAttributes.size |
additional.fields[caller_network_request_size] |
|
protoPayload.requestMetadata.requestAttributes.time |
additional.fields[request_attributes_time] |
|
protoPayload.requestMetadata.callerNetwork |
additional.fields[caller_network] |
|
protoPayload.metadata.event.eventName.parameter.name[CHROME_LICENSES_ENABLED] |
additional.fields[chrome_licenses_enabled] |
|
protoPayload.metadata.event.eventName.parameter.name[END_DATE_TIME] |
additional.fields[end_date_time] |
|
protoPayload.metadata.event.eventName.parameter.name[END_DATE] |
additional.fields[end_date] |
|
protoType.metadata.event.eventName |
additional.fields[event_name] |
|
protoPayload.metadata.event.parameter.label |
additional.fields[event_param_label] |
|
protoPayload.metadata.event.parameter.type |
additional.fields[event_param_type] |
|
protoType.metadata.event.eventType |
additional.fields[event_type] |
|
protoPayload.metadata.event.eventName.parameter.name[FIELD_NAME] |
additional.fields[field_name] |
|
protoPayload.metadata.event.eventName.parameter.name[FULL_ORG_UNIT_PATH] |
additional.fields[full_org_unit_path] |
|
protoPayload.metadata.event.eventName.parameter.name[GROUP_MEMBER_BULK_UPLOAD_FAILED_NUMBER] |
additional.fields[grp_member_bulk_upload_failed] |
|
protoPayload.metadata.event.eventName.parameter.name[GROUP_MEMBER_BULK_UPLOAD_TOTAL_NUMBER] |
additional.fields[grp_member_bulk_upload_total] |
|
httpRequest.cacheFillBytes |
additional.fields[httpreq_cache_fill_bytes] |
|
httpRequest.cacheHit |
additional.fields[httpreq_cache_hit] |
|
httpRequest.cacheLookup |
additional.fields[httpreq_cache_lookup] |
|
httpRequest.cacheValidatedWithOriginServer |
additional.fields[httpreq_cache_validated_with_origin_server] |
|
httpRequest.latency |
additional.fields[httprequest_latency] |
|
protoPayload.metadata.event.eventName.parameter.name[INFO_TYPE] |
additional.fields[info_type] |
|
protoPayload.metadata.activityId.timeUsec |
additional.fields[metadata_activityId_time_usec] |
|
protoPayload.metadata.activityId.uniqQualifier |
additional.fields[metadata_activityId_uniq_qualifier] |
|
protoPayload.metadata.@type |
additional.fields[metadata_type] |
|
protoPayload.metadata.event.eventName.parameter.name[NEW_PERMISSION_GRANT_STATE] |
additional.fields[new_permission_grant_state] |
|
protoPayload.metadata.event.eventName.parameter.name[NUMBER_OF_COMPANY_OWNED_DEVICES] |
additional.fields[num_of_company_owned_device] |
|
protoPayload.numResponseItems |
additional.fields[num_response_items] |
|
protoPayload.metadata.event.eventName.parameter.name[OLD_PERMISSION_GRANT_STATE] |
additional.fields[old_permission_grant_state] |
|
operation.first |
additional.fields[operation_first] |
|
operation.id |
additional.fields[operation_id] |
|
operation.last |
additional.fields[operation_last] |
|
operation.producer |
additional.fields[operation_producer] |
|
protoPayload.resourceOriginalState.selfLinkWithId |
additional.fields[rc_old_selflinkWithId] |
|
protoPayload.metadata.event.eventName.parameter.name[REAUTH_SETTING_NEW] |
additional.fields[reauth_setting_new] |
|
protoPayload.metadata.event.eventName.parameter.name[REAUTH_SETTING_OLD] |
additional.fields[reauth_setting_old] |
|
protoPayload.request.alloweds.ports |
additional.fields[req_alloweds_ports] |
|
protoPayload.request.body.name |
additional.fields[req_body_name] |
|
protoPayload.request.body.settings.activityPolicy |
additional.fields[req_body_settings_activity_policy] |
|
protoPayload.request.deletionProtection |
additional.fields[req_deletion_protection] |
|
protoPayload.request.disabled |
additional.fields[req_disabled] |
|
protoPayload.request.displayDevice.enableDisplay |
additional.fields[req_display_device_enable_display] |
|
protoPayload.request.enableFlowLogs |
additional.fields[req_enable_flow_logs] |
|
protoPayload.request.fingerprint |
additional.fields[req_fingerprint] |
|
protoPayload.request.shieldedInstanceConfig.enableSecureBoot |
additional.fields[req_instance_config_enable_secure_boot] |
|
protoPayload.request.shieldedInstanceConfig.enableVtpm |
additional.fields[req_instance_config_enable_vtpm] |
|
protoPayload.request.shieldedInstanceConfig.enableIntegrityMonitoring |
additional.fields[req_instance_enable_integrity_monitoring] |
|
protoPayload.request.key_types |
additional.fields[req_key_types] |
|
protoPayload.request.logconfig.enable |
additional.fields[req_logconfig_enable] |
|
protoPayload.request.networkTier |
additional.fields[req_network_tier] |
|
protoPayload.request.network |
additional.fields[req_network] |
|
protoPayload.request.page_size |
additional.fields[req_page_size] |
|
request.pagesize |
additional.fields[req_page_size] |
|
protoPayload.request.policy.etag |
additional.fields[req_policy_etag] |
|
protoPayload.request.portRange |
additional.fields[req_port_range] |
|
protoPayload.request.privateIpGoogleAccess |
additional.fields[req_private_ip_google_access] |
|
protoPayload.request.private_key_type |
additional.fields[req_private_key_type] |
|
protoPayload.request.remove_deleted_service_accounts |
additional.fields[req_remove_deleted_serviceAcc] |
|
protoPayload.request.showDeleted |
additional.fields[req_show_deleted] |
|
protoPayload.request.skip_visibility_check |
additional.fields[req_skip_visibility_check] |
|
protoPayload.request.stackType |
additional.fields[req_stack_type] |
|
protoPayload.request.type |
additional.fields[req_type] |
|
protoPayload.request.updateMask |
additional.fields[req_update_mask] |
|
protoPayload.request.version |
additional.fields[req_version] |
|
protoPayload.response.clientOperationId |
additional.fields[res_client_operation_id] |
|
protoPayload.response.endTime |
additional.fields[res_end_time] |
|
protoPayload.response.id |
additional.fields[res_id] |
|
protoPayload.response.key_algorithm |
additional.fields[res_key_algorithm] |
|
protoPayload.response.key_origin |
additional.fields[res_key_origin] |
|
protoPayload.response.key_type |
additional.fields[res_key_type] |
|
protoPayload.response.kind |
additional.fields[res_kind] |
|
protoPayload.response.private_key_type |
additional.fields[res_private_key_type] |
|
protoPayload.response.progress |
additional.fields[res_progress] |
|
protoPayload.response.startTime |
additional.fields[res_start_time] |
|
protoPayload.response.status |
additional.fields[res_status] |
|
protoPayload.response.type |
additional.fields[res_type] |
|
protoPayload.response.unique_id |
additional.fields[res_unique_id] |
|
protoPayload.response.valid_after_time.seconds |
additional.fields[res_valid_after_time] |
|
protoPayload.response.valid_before_time.seconds |
additional.fields[res_valid_before_time] |
|
protoPayload.response.version |
additional.fields[res_version] |
|
protoPayload.response.zone |
additional.fields[res_zone] |
|
protoPayload.metadata.event.eventName.parameter.name[SEARCH_QUERY_FOR_DUMP] |
additional.fields[search_query_for_dump] |
|
spanId |
additional.fields[span_id] |
|
protoPayload.metadata.event.eventName.parameter.name[START_DATE] |
additional.fields[start_date] |
|
traceSampled |
additional.fields[trace_sampled] |
|
Trace |
additional.fields[trace] |
|
protoPayload.@type |
additional.fields[type] |
|
protoPayload.redactions.reason |
additional.fields[protoPayload.redactions.field] |
|
protoPayload.redactions.type |
additional.fields[protoPayload.redactions.field] |
|
authenticationInfo.serviceAccountDelegationInfo.firstPartyPrincipal.serviceMetadata |
additional.fields[service_metadata] |
|
jsonPayload.sourceNetwork |
additional.fields[source_network] |
|
authenticationInfo.serviceAccountDelegationInfo.thirdPartyPrincipal.thirdPartyClaims |
additional.fields[third_party_claims] |
|
protoPayload.requestMetadata.requestAttributes.time |
additional.fields[caller_network_request_time] |
|
protoPayload.request.ipCidrRange |
additional.fields[req_ip_cidr_range] |
|
protoPayload.request.description |
additional.labels[req_description] |
|
protoPayload.request.sourceRanges |
additional.fields[req_source_ranges] |
|
protoPayload.requestMetadata.requestAttributes.reason |
additional.fields[request_attributes_reason] |
|
protoPayload.authenticationInfo.thirdPartyPrincipal |
additional.fields[third_party_principal] |
|
sourceLocation.function |
additional.fields[src_location_function] |
|
sourceLocation.line |
additional.fields[src_location_line] |
|
resource.labels.backend_service_name |
additional.fields[backend_service_name] |
|
protoPayload.requestMetadata.requestAttributes.auth.claims |
additional.fields[request_auth_claims] |
|
protoPayload.metadata.event.eventName.parameter.name[APPLICATION_EDITION] |
additional.fields[application_edition] |
|
protoPayload.metadata.event.eventName.parameter.name[ASP_ID] |
additional.fields[asp_id] |
|
protoPayload.metadata.event.eventName.parameter.name[CHROME_OS_SESSION_TYPE] |
additional.fields[chrome_os_session_type] |
|
protoPayload.metadata.event.eventName.parameter.name[DEVICE_NEW_ORG_UNIT] |
additional.fields[device_new_org_unit] |
|
protoPayload.metadata.event.eventName.parameter.name[DEVICE_PREVIOUS_ORG_UNIT] |
additional.fields[device_previous_org_unit] |
|
protoPayload.metadata.event.eventName.parameter.name[DOMAIN_ALIAS] |
additional.fields[domain_alias] |
|
protoPayload.metadata.event.eventName.parameter.name[EMAIL_EXPORT_INCLUDE_DELETED] |
additional.fields[email_export_include_deleted] |
|
protoPayload.metadata.event.eventName.parameter.name[EMAIL_EXPORT_PACKAGE_CONTENT] |
additional.fields[email_export_package_content] |
|
protoPayload.metadata.event.eventName.parameter.name[EMAIL_LOG_SEARCH_END_DATE] |
additional.fields[email_log_search_end_date] |
|
protoPayload.metadata.event.eventName.parameter.name[EMAIL_LOG_SEARCH_START_DATE] |
additional.fields[email_log_search_start_date] |
|
protoPayload.metadata.event.eventName.parameter.name[EMAIL_MONITOR_LEVEL_CHAT] |
additional.fields[email_monitor_level_chat] |
|
protoPayload.metadata.event.eventName.parameter.name[EMAIL_MONITOR_LEVEL_DRAFT_EMAIL] |
additional.fields[email_monitor_level_draft_email] |
|
protoPayload.metadata.event.eventName.parameter.name[EMAIL_MONITOR_LEVEL_INCOMING_EMAIL] |
additional.fields[email_monitor_level_in_email] |
|
protoPayload.metadata.event.eventName.parameter.name[EMAIL_MONITOR_LEVEL_OUTGOING_EMAIL] |
additional.fields[email_monitor_level_out_email] |
|
protoPayload.metadata.event.eventName.parameter.name[GMAIL_RESET_REASON] |
additional.fields[email_reset_reason] |
|
protoPayload.metadata.event.eventName.parameter.name[NEW_VALUE] |
additional.fields[new_value] |
|
protoPayload.metadata.event.eventName.parameter.name[OAUTH2_APP_TYPE] |
additional.fields[oauth2_app_type] |
|
protoPayload.metadata.event.eventName.parameter.name[OLD_VALUE] |
additional.fields[old_value] |
|
protoPayload.requestMetadata.destinationAttributes.principal |
additional.fields[peer_principal] |
|
protoPayload.requestMetadata.destinationAttributes.regionCode |
additional.fields[peer_region_code] |
|
protoPayload.request.loadBalancingScheme |
additional.fields[req_load_balancing_scheme] |
|
protoPayload.request.requestId |
additional.fields[request_id] |
|
protoPayload.metadata.event.eventName.parameter.name[REQUEST_ID] |
additional.fields[request_id] |
|
protoPayload.resourceOriginalState.description |
additional.fields[res_originalState_description] |
|
protoPayload.response.bindings.members |
additional.fields[response_bindings_members] |
|
protoPayload.response.description |
additional.fields[response_description] |
|
protoPayload.response.display_name |
additional.fields[response_display_name] |
|
protoPayload.metadata.event.eventName.parameter.name[SECONDARY_DOMAIN_NAME] |
additional.fields[secondary_domain_name] |
|
protoPayload.metadata.event.eventName.parameter.name[SETTING_NAME] |
additional.fields[setting_name] |
|
protoPayload.metadata.event.eventName.parameter.name[USER_CUSTOM_FIELD] |
additional.fields[user_custom_field] |
|
protoPayload.metadata.event.eventName.parameter.name[USER_DEFINED_SETTING_NAME] |
additional.fields[user_defined_setting_name] |
|
protoPayload.metadata.event.eventName.parameter.name[WEB_ORIGIN] |
additional.fields[web_origin] |
|
protoPayload.metadata.event.eventName.parameter.name[WHITELISTED_GROUPS] |
additional.fields[whitelisted_groups] |
|
jsonPayload.end_time |
additional.fields[jsonPayload_end_time] |
|
jsonPayload.reporter |
additional.fields[jsonPayload_reporter] |
|
jsonPayload.start_time |
additional.fields[jsonPayload_start_time] |
|
jsonPayload.src_instance.project_id |
additional.fields[jsonPayload_src_instance_project_id] |
|
jsonPayload.dest_instance.project_id |
additional.fields[jsonPayload_dest_instance_project_id] |
|
jsonPayload.src_location.asn |
additional.fields[jsonPayload_src_location_asn] |
|
jsonPayload.src_location.continent |
additional.fields[jsonPayload_src_location_continent] |
|
jsonPayload.dest_location.asn |
additional.fields[jsonPayload_dest_location_asn] |
|
jsonPayload.dest_location.continent |
additional.fields[jsonPayload_dest_location_continent] |
|
protoPayload.request.spec.expirationSeconds |
target.resource.attribute.labels[req_spec_expiration_seconds] |
|
protoPayload.request.spec.request |
target.resource.attribute.labels[req_spec_request] |
|
protoPayload.request.spec.signerName |
target.resource.attribute.labels[req_spec_signer_name] |
|
protoPayload.request.spec.usages |
target.resource.attribute.labels[req_spec_usage] |
|
protoPayload.response.spec.expirationSeconds |
target.resource.attribute.labels[res_spec_expiration_seconds] |
|
protoPayload.response.spec.extra.iam.gke.io/user-assertion |
target.resource.attribute.labels[res_spec_extra_iam_gke_io/user_assertion] |
|
protoPayload.response.spec.extra.user-assertion.cloud.google.com |
target.resource.attribute.labels[res_spec_extra_user_assertion_cloud_google_com] |
|
protoPayload.response.spec.groups |
target.resource.attribute.labels[res_spec_group] |
|
protoPayload.response.spec.request |
target.resource.attribute.labels[res_spec_request] |
|
protoPayload.response.spec.signerName |
target.resource.attribute.labels[res_spec_signer_name] |
|
protoPayload.response.spec.usages |
target.resource.attribute.labels[res_spec_usage] |
|
protoPayload.response.spec.username |
target.resource.attribute.labels[res_spec_username] |
|
protoPayload.request.cryptoKeyVersion.state |
target.resource.attribute.labels[req_cryptokey_version_state] |
|
protoPayload.serviceData.policyDelta.auditConfigDeltas.action |
target.resource.attribute.labels[service_data_policy_delta_audit_config_delta_action] |
|
protoPayload.serviceData.policyDelta.auditConfigDeltas.service |
target.resource.attribute.labels[service_data_policy_delta_audit_config_delta_service] |
|
protoPayload.serviceData.policyDelta.auditConfigDeltas.exemptedMember |
target.resource.attribute.labels[service_data_policy_delta_audit_config_delta_exempted_member] |
|
protoPayload.serviceData.policyDelta.auditConfigDeltas.logType |
target.resource.attribute.labels[service_data_policy_delta_audit_config_delta_log_type] |
|
protoPayload.request.policy.bindings.role |
target.resource.attribute.labels[req_policy_bindings_role] |
|
protoPayload.request.policy.bindings.members |
target.resource.attribute.labels[req_policy_bindings_members] |
|
protoPayload.metadata.datasetChange.bindingDeltas.action |
target.resource.attribute.labels[dataset_change_binding_deltas_action] |
|
protoPayload.metadata.datasetChange.bindingDeltas.member |
target.resource.attribute.labels[dataset_change_binding_deltas_member] |
|
protoPayload.metadata.datasetChange.bindingDeltas.role |
target.resource.attribute.labels[dataset_change_binding_deltas_role] |
|
protoPayload.metadata.groupDelta.newGroup.description |
target.group.attribute.labels[metadata_group_delta_new_group_description] |
|
protoPayload.metadata.groupDelta.newGroup.email |
target.group.email_addresses |
|
protoPayload.metadata.groupDelta.newGroup.name |
target.group.group_display_name |
|
protoPayload.metadata.groupDelta.action |
target.group.attribute.labels[metadata_group_delta_action] |
|
protoPayload.response.spec.template.metadata.labels.client.knative.dev/nonce |
target.resource.attribute.labels[res_spec_template_metadata_nonce] |
|
protoPayload.response.spec.template.metadata.annotations.run.googleapis.com/client-name |
target.resource.attribute.labels[res_spec_template_metadata_client_name] |
|
protoPayload.response.spec.template.metadata.annotations.run.googleapis.com/client-version |
target.resource.attribute.labels[res_spec_template_metadata_client_version] |
|
protoPayload.response.spec.template.metadata.annotations.run.googleapis.com/execution-environment |
target.resource.attribute.labels[res_spec_template_metadata_exection_environment] |
|
protoPayload.response.spec.template.spec.taskCount |
target.resource.attribute.labels[res_spec_template_spec_taskcount] |
|
protoPayload.response.spec.template.spec.template.spec.containers.image |
target.resource_ancestors.attribute.labels[res_spec_template_spec_template_spec_container_image] |
|
protoPayload.response.spec.template.spec.template.spec.containers.resources.limits.memory |
target.resource_ancestors.attribute.labels[res_spec_template_spec_template_spec_container_resource_limits_memory] |
|
protoPayload.response.spec.template.spec.template.spec.containers.resources.limits.cpu |
target.resource_ancestors.attribute.labels[res_spec_template_spec_template_spec_container_resource_limits_cpu] |
|
protoPayload.response.spec.template.spec.template.spec.maxRetries |
target.resource.attribute.labels[res_spec_template_spec_template_spec_max_retries] |
|
protoPayload.response.spec.template.spec.template.spec.timeoutSeconds |
target.resource.attribute.labels[res_spec_template_spec_template_spec_timeout_seconds] |
|
protoPayload.response.spec.template.spec.template.spec.serviceAccountName |
principal.user.email_addresses |
|
protoPayload.request.service.metadata.annotations.run.googleapis.com/client-name |
target.resource_ancestors.attribute.labels[req_service_metadata_client_name] |
|
protoPayload.request.service.metadata.annotations.serving.knative.dev/creator |
target.resource_ancestors.attribute.labels[req_service_metadata_creator] |
|
protoPayload.request.service.metadata.annotations.run.googleapis.com/client-version |
target.resource_ancestors.attribute.labels[req_service_metadata_client_version] |
|
protoPayload.request.service.metadata.annotations.run.googleapis.com/operation-id |
target.resource_ancestors.attribute.labels[req_service_metadata_client_operation_id] |
|
protoPayload.request.service.metadata.annotations.run.googleapis.com/binary-authorization |
target.resource_ancestors.attribute.labels[req_service_metadata_binary_authorization] |
|
protoPayload.request.service.metadata.annotations.run.googleapis.com/ingress-status |
target.resource_ancestors.attribute.labels[req_service_metadata_client_ingress_status] |
|
protoPayload.request.service.metadata.annotations.serving.knative.dev/lastModifier |
target.resource_ancestors.attribute.labels[req_service_metadata_last_modifier] |
|
protoPayload.request.service.metadata.annotations.run.googleapis.com/ingress |
target.resource_ancestors.attribute.labels[req_service_metadata_ingress] |
|
protoPayload.request.service.spec.template.metadata.annotations.run.googleapis.com/client-name |
target.resource_ancestors.attribute.labels[req_service_spec_template_metadata_client_name] |
|
protoPayload.request.service.spec.template.metadata.annotations.run.googleapis.com/client-version |
target.resource_ancestors.attribute.labels[req_service_spec_template_metadata_client_version] |
|
protoPayload.request.service.spec.template.metadata.annotations.autoscaling.knative.dev/maxScale |
target.resource_ancestors.attribute.labels[req_service_spec_template_metadata_max_scale] |
|
protoPayload.request.New Data |
target.resource_ancestors.attribute.labels[req_new_data] |
|
protoPayload.response.Original Data |
target.resource_ancestors.attribute.labels[req_original_data] |
|
labels.execution_id |
additional.fields[execution_id] |
|
labels.instance_id |
additional.fields[instance_id] |
|
labels.runtime_version |
additional.fields[runtime_version] |