Policy Intelligence offers several tools to help you understand service account usage in your projects. These tools can help you answer the following questions:
- When was the last time that a specific service account or key was used to authenticate?
- Which service accounts in my project have not been used in the past 90 days?
Other Google Cloud products offer tools to help you recognize suspicious service account activity:
- Cloud Monitoring provides long-term usage metrics for service accounts and keys that you can use to detect anomalies.
- Event Threat Detection reports when dormant service accounts trigger actions. Dormant service accounts are service accounts that have been inactive for more than 180 days.
To learn more about these tools and their intended uses, see Tools to understand service account usage in the Policy Intelligence documentation.