このドキュメントでは、Google Workspace Login の監査によって Google Cloud に送信される監査ログのサンプルについて説明します。
さまざまなタイプのログイン監査アクティビティ イベントのイベントとパラメータの詳細については、ログイン監査アクティビティ イベントのリファレンスをご覧ください。
利用可能なログインの監査ログ
次の表に、ログイン監査によって生成された監査ログと、対応する AuditLog.method_name
を示します。詳細については、監査ログの形式をご覧ください。
説明 | イベント名 | AuditLog.method_name |
---|---|---|
イベントの種類: 2 段階認証プロセスの登録の変更 | ||
2 段階認証プロセスの無効化 | 2sv_disable |
google.login.LoginService.2svDisable |
2 段階認証プロセスの登録 | 2sv_enroll |
google.login.LoginService.2svEnroll |
イベントタイプ: アカウントのパスワードの変更 | ||
アカウントのパスワードの変更 | password_edit |
google.login.LoginService.passwordEdit |
イベントタイプ: アカウント復元用の情報の変更 | ||
アカウント復元用のメールアドレスの変更 | recovery_email_edit |
google.login.LoginService.recoveryEmailEdit |
アカウント復元用の電話番号の変更 | recovery_phone_edit |
google.login.LoginService.recoveryPhoneEdit |
アカウント復元用の秘密の質問と回答の変更 | recovery_secret_qa_edit |
google.login.LoginService.recoverySecretQaEdit |
イベントタイプ: アカウントに関する警告 | ||
パスワード漏洩 | account_disabled_password_leak |
google.login.LoginService.accountDisabledPasswordLeak |
リスクが高く、機密性の高い操作が許可されています | risky_sensitive_action_allowed |
google.login.LoginService.riskySensitiveActionAllowed |
リスクが高く、機密性の高い操作が許可されている | risky_sensitive_action_blocked |
google.login.LoginService.riskySensitiveActionBlocked |
不審なログインのブロック | suspicious_login |
google.login.LoginService.suspiciousLogin |
安全性の低いアプリからの不審なログインのブロック | suspicious_login_less_secure_app |
google.login.LoginService.suspiciousLoginLessSecureApp |
プログラムによる不審なログインのブロック | suspicious_programmatic_login |
google.login.LoginService.suspiciousProgrammaticLogin |
ユーザーの停止 | account_disabled_generic |
google.login.LoginService.accountDisabledGeneric |
ユーザーの停止(リレー経由の迷惑メール) | account_disabled_spamming_through_relay |
google.login.LoginService.accountDisabledSpammingThroughRelay |
ユーザーの停止(迷惑メール) | account_disabled_spamming |
google.login.LoginService.accountDisabledSpamming |
ユーザーの停止(不審なアクティビティ) | account_disabled_hijacked |
google.login.LoginService.accountDisabledHijacked |
イベントの種類: 高度な保護機能の登録の変更 | ||
高度な保護機能の登録 | titanium_enroll |
google.login.LoginService.titaniumEnroll |
高度な保護機能の登録解除 | titanium_unenroll |
google.login.LoginService.titaniumUnenroll |
イベントタイプ: 攻撃に関する警告 | ||
政府が支援する攻撃 | gov_attack_warning |
google.login.LoginService.govAttackWarning |
イベントの種類: メール転送設定が変更されました | ||
ドメイン外へのメール転送の有効化 | email_forwarding_out_of_domain |
google.login.LoginService.emailForwardingOutOfDomain |
イベントタイプ: ログイン | ||
ログイン失敗 | login_failure |
google.login.LoginService.loginFailure |
ログイン時の本人確認 | login_challenge |
google.login.LoginService.loginChallenge |
ログイン認証 | login_verification |
google.login.LoginService.loginVerification |
ログアウト | logout |
google.login.LoginService.logout |
ログイン成功 | login_success |
google.login.LoginService.loginSuccess |
サンプル
以下に掲載するのは、イベントタイプとイベント名に応じたログイン監査の監査ログの例です。
2 段階認証プロセスの登録を変更済み
2sv_disable
{ "protoPayload": { "@type": "type.googleapis.com/google.cloud.audit.AuditLog", "authenticationInfo": { "principalEmail": "test-user@example.com" }, "requestMetadata": { "callerIp": "203.0.113.255", "requestAttributes": {}, "destinationAttributes": {} }, "serviceName": "login.googleapis.com", "methodName": "google.login.LoginService.2svDisable", "resourceName": "organizations/123", "metadata": { "activityId": { "uniqQualifier": "-7789616625639281959", "timeUsec": "1632459962686000" }, "event": [ { "status": { "success": true }, "parameter": [ { "type": "TYPE_STRING", "label": "LABEL_OPTIONAL", "value": "INfDlrzP9IH8_QE", "name": "dusi" } ], "eventName": "2sv_disable", "eventType": "2sv_change" } ], "@type": "type.googleapis.com/ccc_hosted_reporting.ActivityProto" } }, "insertId": "-tn3jrd3lko", "resource": { "type": "audited_resource", "labels": { "service": "login.googleapis.com", "method": "google.login.LoginService.2svDisable" } }, "timestamp": "2021-09-24T05:06:02.686Z", "severity": "NOTICE", "logName": "organizations/123/logs/cloudaudit.googleapis.com%2Fdata_access", "receiveTimestamp": "2021-09-24T05:06:03.845372592Z" }
2sv_enroll
{ "protoPayload": { "@type": "type.googleapis.com/google.cloud.audit.AuditLog", "authenticationInfo": { "principalEmail": "test-user@example.com" }, "requestMetadata": { "callerIp": "203.0.113.255", "requestAttributes": {}, "destinationAttributes": {} }, "serviceName": "login.googleapis.com", "methodName": "google.login.LoginService.2svEnroll", "resourceName": "organizations/123", "metadata": { "activityId": { "uniqQualifier": "1624031130844323135", "timeUsec": "1632458745769000" }, "@type": "type.googleapis.com/ccc_hosted_reporting.ActivityProto", "event": [ { "eventType": "2sv_change", "status": { "success": true }, "eventName": "2sv_enroll", "parameter": [ { "value": "INfDlrzP9IH8_QE", "type": "TYPE_STRING", "label": "LABEL_OPTIONAL", "name": "dusi" } ] } ] } }, "insertId": "g3k8gid3b3p", "resource": { "type": "audited_resource", "labels": { "method": "google.login.LoginService.2svEnroll", "service": "login.googleapis.com" } }, "timestamp": "2021-09-24T04:45:45.769Z", "severity": "NOTICE", "logName": "organizations/123/logs/cloudaudit.googleapis.com%2Fdata_access", "receiveTimestamp": "2021-09-24T04:45:46.331843829Z" }
アカウントのパスワードを変更済み
password_edit
{ "protoPayload": { "@type": "type.googleapis.com/google.cloud.audit.AuditLog", "authenticationInfo": { "principalEmail": "test-user@example.com" }, "requestMetadata": { "callerIp": "203.0.113.255", "requestAttributes": {}, "destinationAttributes": {} }, "serviceName": "login.googleapis.com", "methodName": "google.login.LoginService.passwordEdit", "resourceName": "organizations/123", "metadata": { "@type": "type.googleapis.com/ccc_hosted_reporting.ActivityProto", "event": [ { "eventName": "password_edit", "status": { "success": true }, "parameter": [ { "type": "TYPE_STRING", "label": "LABEL_OPTIONAL", "value": "INfDlrzP9IH8_QE", "name": "dusi" } ], "eventType": "password_change" } ], "activityId": { "uniqQualifier": "8894052787391296929", "timeUsec": "1632803013900566" } } }, "insertId": "-u8coc0d6n78", "resource": { "type": "audited_resource", "labels": { "service": "login.googleapis.com", "method": "google.login.LoginService.passwordEdit" } }, "timestamp": "2021-09-28T04:23:33.900566Z", "severity": "NOTICE", "logName": "organizations/123/logs/cloudaudit.googleapis.com%2Fdata_access", "receiveTimestamp": "2021-09-28T04:23:37.724654918Z" }
アカウント再設定用の情報を変更済み
recovery_email_edit
{ "protoPayload": { "@type": "type.googleapis.com/google.cloud.audit.AuditLog", "authenticationInfo": { "principalEmail": "test-user@example.com" }, "requestMetadata": { "callerIp": "203.0.113.255", "requestAttributes": {}, "destinationAttributes": {} }, "serviceName": "login.googleapis.com", "methodName": "google.login.LoginService.recoveryEmailEdit", "resourceName": "organizations/123", "metadata": { "activityId": { "timeUsec": "1632802942940979", "uniqQualifier": "-7373127890859496609" }, "event": [ { "eventType": "recovery_info_change", "eventName": "recovery_email_edit", "parameter": [ { "label": "LABEL_OPTIONAL", "type": "TYPE_STRING", "value": "INfDlrzP9IH8_QE", "name": "dusi" } ], "status": { "success": true } } ], "@type": "type.googleapis.com/ccc_hosted_reporting.ActivityProto" } }, "insertId": "-nkwfupd26zt", "resource": { "type": "audited_resource", "labels": { "service": "login.googleapis.com", "method": "google.login.LoginService.recoveryEmailEdit" } }, "timestamp": "2021-09-28T04:22:22.940979Z", "severity": "NOTICE", "logName": "organizations/123/logs/cloudaudit.googleapis.com%2Fdata_access", "receiveTimestamp": "2021-09-28T04:22:26.523242112Z" }
recovery_phone_edit
{ "protoPayload": { "@type": "type.googleapis.com/google.cloud.audit.AuditLog", "authenticationInfo": { "principalEmail": "test-user@example.com" }, "requestMetadata": { "callerIp": "203.0.113.255", "requestAttributes": {}, "destinationAttributes": {} }, "serviceName": "login.googleapis.com", "methodName": "google.login.LoginService.recoveryPhoneEdit", "resourceName": "organizations/123", "metadata": { "event": [ { "status": { "success": true }, "eventType": "recovery_info_change", "eventName": "recovery_phone_edit", "parameter": [ { "label": "LABEL_OPTIONAL", "value": "INfDlrzP9IH8_QE", "type": "TYPE_STRING", "name": "dusi" } ] } ], "@type": "type.googleapis.com/ccc_hosted_reporting.ActivityProto", "activityId": { "timeUsec": "1632804439611095", "uniqQualifier": "1470137036135837564" } } }, "insertId": "-1xtrgbd2vl2", "resource": { "type": "audited_resource", "labels": { "service": "login.googleapis.com", "method": "google.login.LoginService.recoveryPhoneEdit" } }, "timestamp": "2021-09-28T04:47:19.611095Z", "severity": "NOTICE", "logName": "organizations/123/logs/cloudaudit.googleapis.com%2Fdata_access", "receiveTimestamp": "2021-09-28T04:47:25.741574446Z"
recovery_secret_qa_edit
{ "protoPayload": { "@type": "type.googleapis.com/google.cloud.audit.AuditLog", "authenticationInfo": { "principalEmail": "test-user@example.com" }, "requestMetadata": { "callerIp": "203.0.113.255", "requestAttributes": {}, "destinationAttributes": {} }, "serviceName": "login.googleapis.com", "methodName": "google.login.LoginService.recoverySecretQaEdit", "resourceName": "organizations/123", "metadata": { "activityId": { "uniqQualifier": "8328506129139272243", "timeUsec": "1632804455273424" }, "@type": "type.googleapis.com/ccc_hosted_reporting.ActivityProto", "event": [ { "eventName": "recovery_secret_qa_edit", "eventType": "recovery_info_change", "status": { "success": true }, "parameter": [ { "type": "TYPE_STRING", "value": "INfDlrzP9IH8_QE", "name": "dusi", "label": "LABEL_OPTIONAL" } ] } ] } }, "insertId": "vn31slcpmy", "resource": { "type": "audited_resource", "labels": { "method": "google.login.LoginService.recoverySecretQaEdit", "service": "login.googleapis.com" } }, "timestamp": "2021-09-28T04:47:35.273424Z", "severity": "NOTICE", "logName": "organizations/123/logs/cloudaudit.googleapis.com%2Fdata_access", "receiveTimestamp": "2021-09-28T04:47:37.650432219Z"
アカウントに関する警告
account_disabled_password_leak
{ "protoPayload": { "@type": "type.googleapis.com/google.cloud.audit.AuditLog", "authenticationInfo": {}, "requestMetadata": { "callerIp": "2001:db8:ffff:ffff:ffff:ffff:ffff:ffff" }, "serviceName": "login.googleapis.com", "methodName": "google.login.LoginService.accountDisabledPasswordLeak", "resourceName": "organizations/123", "metadata": { "activityId": { "timeUsec": "1619808083475000", "uniqQualifier": "6286848759980589624" }, "event": [ { "eventType": "account_warning", "eventName": "account_disabled_password_leak", "parameter": [ { "name": "affected_email_address", "value": "test-user@example.com", "label": "LABEL_OPTIONAL", "type": "TYPE_STRING" } ], "status": { "success": true } } ], "@type": "type.googleapis.com/ccc_hosted_reporting.ActivityProto" } }, "insertId": "-xkklkzcxkl", "resource": { "type": "audited_resource", "labels": { "method": "google.login.LoginService.accountDisabledPasswordLeak", "service": "login.googleapis.com" } }, "timestamp": "2021-04-30T18:41:23.475Z", "severity": "NOTICE", "logName": "organizations/123/logs/cloudaudit.googleapis.com%2Fdata_access", "receiveTimestamp": "2021-04-30T18:41:24.650965796Z" }
suspicious_login
{ "protoPayload": { "@type": "type.googleapis.com/google.cloud.audit.AuditLog", "authenticationInfo": {}, "requestMetadata": { "callerIp": "2001:db8:ffff:ffff:ffff:ffff:ffff:ffff" }, "serviceName": "login.googleapis.com", "methodName": "google.login.LoginService.suspiciousLogin", "resourceName": "organizations/123", "metadata": { "activityId": { "timeUsec": "1620095181000000", "uniqQualifier": "-2034771694824799453" }, "event": [ { "eventType": "account_warning", "eventName": "suspicious_login", "parameter": [ { "name": "affected_email_address", "value": "test-user@example.com", "label": "LABEL_OPTIONAL", "type": "TYPE_STRING" } ], "status": { "success": true } } ], "@type": "type.googleapis.com/ccc_hosted_reporting.ActivityProto" } }, "insertId": "-778d70d2n5b", "resource": { "type": "audited_resource", "labels": { "service": "login.googleapis.com", "method": "google.login.LoginService.suspiciousLogin" } }, "timestamp": "2021-05-04T02:26:21Z", "severity": "NOTICE", "logName": "organizations/123/logs/cloudaudit.googleapis.com%2Fdata_access", "receiveTimestamp": "2021-05-04T02:56:23.806722355Z" }
suspicious_login_less_secure_app
{ "protoPayload": { "@type": "type.googleapis.com/google.cloud.audit.AuditLog", "authenticationInfo": {}, "requestMetadata": { "callerIp": "2001:db8:ffff:ffff:ffff:ffff:ffff:ffff" }, "serviceName": "login.googleapis.com", "methodName": "google.login.LoginService.suspiciousLoginLessSecureApp", "resourceName": "organizations/123", "metadata": { "activityId": { "timeUsec": "1620095181000000", "uniqQualifier": "-2034771694824799453" }, "event": [ { "eventType": "account_warning", "eventName": "suspicious_login_less_secure_app", "parameter": [ { "name": "affected_email_address", "value": "test-user@example.com", "label": "LABEL_OPTIONAL", "type": "TYPE_STRING" } ], "status": { "success": true } } ], "@type": "type.googleapis.com/ccc_hosted_reporting.ActivityProto" } }, "insertId": "-778d70d2n5b", "resource": { "type": "audited_resource", "labels": { "service": "login.googleapis.com", "method": "google.login.LoginService.suspiciousLoginLessSecureApp" } }, "timestamp": "2021-05-04T02:26:21Z", "severity": "NOTICE", "logName": "organizations/123/logs/cloudaudit.googleapis.com%2Fdata_access", "receiveTimestamp": "2021-05-04T02:56:23.806722355Z" }
suspicious_programmatic_login
{ "protoPayload": { "@type": "type.googleapis.com/google.cloud.audit.AuditLog", "authenticationInfo": {}, "requestMetadata": { "callerIp": "2001:db8:ffff:ffff:ffff:ffff:ffff:ffff" }, "serviceName": "login.googleapis.com", "methodName": "google.login.LoginService.suspiciousProgrammaticLogin", "resourceName": "organizations/123", "metadata": { "activityId": { "timeUsec": "1620095181000000", "uniqQualifier": "-2034771694824799453" }, "event": [ { "eventType": "account_warning", "eventName": "suspicious_programmatic_login", "parameter": [ { "name": "affected_email_address", "value": "test-user@example.com", "label": "LABEL_OPTIONAL", "type": "TYPE_STRING" } ], "status": { "success": true } } ], "@type": "type.googleapis.com/ccc_hosted_reporting.ActivityProto" } }, "insertId": "-778d70d2n5b", "resource": { "type": "audited_resource", "labels": { "service": "login.googleapis.com", "method": "google.login.LoginService.suspiciousProgrammaticLogin" } }, "timestamp": "2021-05-04T02:26:21Z", "severity": "NOTICE", "logName": "organizations/123/logs/cloudaudit.googleapis.com%2Fdata_access", "receiveTimestamp": "2021-05-04T02:56:23.806722355Z" }
account_disabled_generic
{ "protoPayload": { "@type": "type.googleapis.com/google.cloud.audit.AuditLog", "authenticationInfo": {}, "requestMetadata": { "callerIp": "2001:db8:ffff:ffff:ffff:ffff:ffff:ffff" }, "serviceName": "login.googleapis.com", "methodName": "google.login.LoginService.accountDisabledGeneric", "resourceName": "organizations/123", "metadata": { "activityId": { "timeUsec": "1619825589352000", "uniqQualifier": "-3303614929287073633" }, "event": [ { "eventType": "account_warning", "eventName": "account_disabled_generic", "parameter": [ { "name": "affected_email_address", "value": "test-user@example.com", "label": "LABEL_OPTIONAL", "type": "TYPE_STRING" } ], "status": { "success": true } } ], "@type": "type.googleapis.com/ccc_hosted_reporting.ActivityProto" } }, "insertId": "nlgrf8d6ygj", "resource": { "type": "audited_resource", "labels": { "method": "google.login.LoginService.accountDisabledGeneric", "service": "login.googleapis.com" } }, "timestamp": "2021-04-30T23:33:09.352Z", "severity": "NOTICE", "logName": "organizations/123/logs/cloudaudit.googleapis.com%2Fdata_access", "receiveTimestamp": "2021-04-30T23:33:10.673412983Z" }
account_disabled_spamming_through_relay
{ "protoPayload": { "@type": "type.googleapis.com/google.cloud.audit.AuditLog", "authenticationInfo": {}, "requestMetadata": { "callerIp": "2001:db8:ffff:ffff:ffff:ffff:ffff:ffff" }, "serviceName": "login.googleapis.com", "methodName": "google.login.LoginService.accountDisabledSpammingThroughRelay", "resourceName": "organizations/123", "metadata": { "activityId": { "timeUsec": "1619808083475000", "uniqQualifier": "6286848759980589624" }, "event": [ { "eventType": "account_warning", "eventName": "account_disabled_spamming_through_relay", "parameter": [ { "name": "affected_email_address", "value": "test-user@example.com", "label": "LABEL_OPTIONAL", "type": "TYPE_STRING" } ], "status": { "success": true } } ], "@type": "type.googleapis.com/ccc_hosted_reporting.ActivityProto" } }, "insertId": "-xkklkzcxkl", "resource": { "type": "audited_resource", "labels": { "method": "google.login.LoginService.accountDisabledSpammingThroughRelay", "service": "login.googleapis.com" } }, "timestamp": "2021-04-30T18:41:23.475Z", "severity": "NOTICE", "logName": "organizations/123/logs/cloudaudit.googleapis.com%2Fdata_access", "receiveTimestamp": "2021-04-30T18:41:24.650965796Z" }
account_disabled_spamming
{ "protoPayload": { "@type": "type.googleapis.com/google.cloud.audit.AuditLog", "authenticationInfo": {}, "requestMetadata": { "callerIp": "2001:db8:ffff:ffff:ffff:ffff:ffff:ffff" }, "serviceName": "login.googleapis.com", "methodName": "google.login.LoginService.accountDisabledSpamming", "resourceName": "organizations/123", "metadata": { "activityId": { "timeUsec": "1619808083475000", "uniqQualifier": "6286848759980589624" }, "event": [ { "eventType": "account_warning", "eventName": "account_disabled_spamming", "parameter": [ { "name": "affected_email_address", "value": "test-user@example.com", "label": "LABEL_OPTIONAL", "type": "TYPE_STRING" } ], "status": { "success": true } } ], "@type": "type.googleapis.com/ccc_hosted_reporting.ActivityProto" } }, "insertId": "-xkklkzcxkl", "resource": { "type": "audited_resource", "labels": { "method": "google.login.LoginService.accountDisabledSpamming", "service": "login.googleapis.com" } }, "timestamp": "2021-04-30T18:41:23.475Z", "severity": "NOTICE", "logName": "organizations/123/logs/cloudaudit.googleapis.com%2Fdata_access", "receiveTimestamp": "2021-04-30T18:41:24.650965796Z" }
account_disabled_hijacked
{ "protoPayload": { "@type": "type.googleapis.com/google.cloud.audit.AuditLog", "authenticationInfo": {}, "requestMetadata": { "callerIp": "2001:db8:ffff:ffff:ffff:ffff:ffff:ffff" }, "serviceName": "login.googleapis.com", "methodName": "google.login.LoginService.accountDisabledHijacked", "resourceName": "organizations/123", "metadata": { "activityId": { "timeUsec": "1619825589352000", "uniqQualifier": "-3303614929287073633" }, "event": [ { "eventType": "account_warning", "eventName": "account_disabled_hijacked", "parameter": [ { "name": "affected_email_address", "value": "test-user@example.com", "label": "LABEL_OPTIONAL", "type": "TYPE_STRING" } ], "status": { "success": true } } ], "@type": "type.googleapis.com/ccc_hosted_reporting.ActivityProto" } }, "insertId": "nlgrf8d6ygj", "resource": { "type": "audited_resource", "labels": { "method": "google.login.LoginService.accountDisabledHijacked", "service": "login.googleapis.com" } }, "timestamp": "2021-04-30T23:33:09.352Z", "severity": "NOTICE", "logName": "organizations/123/logs/cloudaudit.googleapis.com%2Fdata_access", "receiveTimestamp": "2021-04-30T23:33:10.673412983Z" }
高度な保護機能の登録を変更しました
titanium_enroll
{ "protoPayload": { "@type": "type.googleapis.com/google.cloud.audit.AuditLog", "authenticationInfo": { "principalEmail": "test-user@example.com" }, "requestMetadata": { "callerIp": "203.0.113.255", "requestAttributes": {}, "destinationAttributes": {} }, "serviceName": "login.googleapis.com", "methodName": "google.login.LoginService.titaniumEnroll", "resourceName": "organizations/123", "metadata": { "activityId": { "uniqQualifier": "4206430548119220064", "timeUsec": "1632843484846000" }, "event": [ { "eventName": "titanium_enroll", "status": { "success": true }, "parameter": [ { "label": "LABEL_OPTIONAL", "value": "INfDlrzP9IH8_QE", "type": "TYPE_STRING", "name": "dusi" } ], "eventType": "titanium_change" } ], "@type": "type.googleapis.com/ccc_hosted_reporting.ActivityProto" } }, "insertId": "-bxbn5bd167i", "resource": { "type": "audited_resource", "labels": { "service": "login.googleapis.com", "method": "google.login.LoginService.titaniumEnroll" } }, "timestamp": "2021-09-28T15:38:04.846Z", "severity": "NOTICE", "logName": "organizations/123/logs/cloudaudit.googleapis.com%2Fdata_access", "receiveTimestamp": "2021-09-28T15:38:05.969683854Z" }
titanium_unenroll
{ "protoPayload": { "@type": "type.googleapis.com/google.cloud.audit.AuditLog", "authenticationInfo": { "principalEmail": "test-user@example.com" }, "requestMetadata": { "callerIp": "203.0.113.255", "requestAttributes": {}, "destinationAttributes": {} }, "serviceName": "login.googleapis.com", "methodName": "google.login.LoginService.titaniumUnenroll", "resourceName": "organizations/123", "metadata": { "@type": "type.googleapis.com/ccc_hosted_reporting.ActivityProto", "event": [ { "eventType": "titanium_change", "status": { "success": true }, "eventName": "titanium_unenroll", "parameter": [ { "type": "TYPE_STRING", "label": "LABEL_OPTIONAL", "value": "INfDlrzP9IH8_QE", "name": "dusi" } ] } ], "activityId": { "timeUsec": "1632843914653434", "uniqQualifier": "-6706492269209711994" } } }, "insertId": "-vw60qad1861", "resource": { "type": "audited_resource", "labels": { "service": "login.googleapis.com", "method": "google.login.LoginService.titaniumUnenroll" } }, "timestamp": "2021-09-28T15:45:14.653434Z", "severity": "NOTICE", "logName": "organizations/123/logs/cloudaudit.googleapis.com%2Fdata_access", "receiveTimestamp": "2021-09-28T15:45:15.862755277Z" }
攻撃の警告
gov_attack_warning
{ "protoPayload": { "@type": "type.googleapis.com/google.cloud.audit.AuditLog", "authenticationInfo": { "principalEmail": "test-user@example.com" }, "requestMetadata": { "callerIp": "2001:db8:ffff:ffff:ffff:ffff:ffff:ffff", "requestAttributes": {}, "destinationAttributes": {} }, "serviceName": "login.googleapis.com", "methodName": "google.login.LoginService.govAttackWarning", "resourceName": "organizations/123", "metadata": { "activityId": { "timeUsec": "1619825837106000", "uniqQualifier": "7230131091737932677" }, "@type": "type.googleapis.com/ccc_hosted_reporting.ActivityProto", "event": [ { "eventName": "gov_attack_warning", "eventType": "attack_warning", "status": { "success": true } } ] } }, "insertId": "bxuophd1vlw", "resource": { "type": "audited_resource", "labels": { "service": "login.googleapis.com", "method": "google.login.LoginService.govAttackWarning" } }, "timestamp": "2021-04-30T23:37:17.106Z", "severity": "NOTICE", "logName": "organizations/123/logs/cloudaudit.googleapis.com%2Fdata_access", "receiveTimestamp": "2021-04-30T23:37:18.488559815Z" }
メール転送設定を変更しました
email_forwarding_out_of_domain
{ "protoPayload": { "@type": "type.googleapis.com/google.cloud.audit.AuditLog", "authenticationInfo": { "principalEmail": "test-user@example.com" }, "requestMetadata": { "callerIp": "203.0.113.255", "requestAttributes": {}, "destinationAttributes": {} }, "serviceName": "login.googleapis.com", "methodName": "google.login.LoginService.emailForwardingOutOfDomain", "resourceName": "organizations/123", "metadata": { "activityId": { "uniqQualifier": "-5683698025624301037", "timeUsec": "1632501152256000" }, "@type": "type.googleapis.com/ccc_hosted_reporting.ActivityProto", "event": [ { "eventName": "email_forwarding_out_of_domain", "status": { "success": true }, "parameter": [ { "name": "dusi", "type": "TYPE_STRING", "value": "INfDlrzP9IH8_QE", "label": "LABEL_OPTIONAL" }, { "type": "TYPE_STRING", "label": "LABEL_OPTIONAL", "value": "test-user@google.com", "name": "email_forwarding_destination_address" } ], "eventType": "email_forwarding_change" } ] } }, "insertId": "rrcp9gd3y2f", "resource": { "type": "audited_resource", "labels": { "method": "google.login.LoginService.emailForwardingOutOfDomain", "service": "login.googleapis.com" } }, "timestamp": "2021-09-24T16:32:32.256Z", "severity": "NOTICE", "logName": "organizations/123/logs/cloudaudit.googleapis.com%2Fdata_access", "receiveTimestamp": "2021-09-24T16:32:33.319260836Z" }
ログイン
login_failure
{ "protoPayload": { "@type": "type.googleapis.com/google.cloud.audit.AuditLog", "authenticationInfo": { "principalEmail": "test-user@example.com" }, "requestMetadata": { "callerIp": "2001:db8:ffff:ffff:ffff:ffff:ffff:ffff", "requestAttributes": {}, "destinationAttributes": {} }, "serviceName": "login.googleapis.com", "methodName": "google.login.LoginService.loginFailure", "resourceName": "organizations/123", "metadata": { "event": [ { "eventName": "login_failure", "eventType": "login", "parameter": [ { "value": "google_password", "type": "TYPE_STRING", "name": "login_type", "label": "LABEL_OPTIONAL" }, { "name": "login_challenge_method", "type": "TYPE_STRING", "label": "LABEL_REPEATED", "multiStrValue": [ "password", "idv_preregistered_phone", "idv_preregistered_phone" ] }, { "label": "LABEL_OPTIONAL", "name": "dusi", "type": "TYPE_STRING", "value": "IOWJlfPwgvrTfg" } ] } ], "activityId": { "uniqQualifier": "358068855354", "timeUsec": "1632500217183212" }, "@type": "type.googleapis.com/ccc_hosted_reporting.ActivityProto" } }, "insertId": "-nahbepd4l1x", "resource": { "type": "audited_resource", "labels": { "method": "google.login.LoginService.loginFailure", "service": "login.googleapis.com" } }, "timestamp": "2021-09-24T16:16:57.183212Z", "severity": "NOTICE", "logName": "organizations/123/logs/cloudaudit.googleapis.com%2Fdata_access", "receiveTimestamp": "2021-09-24T17:51:25.034361197Z" }
login_challenge
{ "protoPayload": { "@type": "type.googleapis.com/google.cloud.audit.AuditLog", "authenticationInfo": { "principalEmail": "test-user@example.com" }, "requestMetadata": { "callerIp": "2001:db8:ffff:ffff:ffff:ffff:ffff:ffff", "requestAttributes": {}, "destinationAttributes": {} }, "serviceName": "login.googleapis.com", "methodName": "google.login.LoginService.loginChallenge", "resourceName": "organizations/123", "metadata": { "@type": "type.googleapis.com/ccc_hosted_reporting.ActivityProto", "event": [ { "eventName": "login_challenge", "parameter": [ { "name": "login_type", "value": "google_password", "type": "TYPE_STRING", "label": "LABEL_OPTIONAL" }, { "type": "TYPE_STRING", "label": "LABEL_REPEATED", "name": "login_challenge_method", "multiStrValue": [ "idv_preregistered_phone" ] }, { "label": "LABEL_OPTIONAL", "type": "TYPE_STRING", "value": "incorrect_answer_entered", "name": "login_challenge_status" }, { "type": "TYPE_STRING", "name": "dusi", "label": "LABEL_OPTIONAL", "value": "IOWJlfPwgvrTfg" } ], "eventType": "login" } ], "activityId": { "timeUsec": "1632500217183211", "uniqQualifier": "358068855354" } } }, "insertId": "-nahbepd4l2j", "resource": { "type": "audited_resource", "labels": { "service": "login.googleapis.com", "method": "google.login.LoginService.loginChallenge" } }, "timestamp": "2021-09-24T16:16:57.183211Z", "severity": "NOTICE", "logName": "organizations/123/logs/cloudaudit.googleapis.com%2Fdata_access", "receiveTimestamp": "2021-09-24T17:51:28.041126044Z"
login_verification
{ "protoPayload": { "@type": "type.googleapis.com/google.cloud.audit.AuditLog", "authenticationInfo": { "principalEmail": "test-user@example.com" }, "requestMetadata": { "callerIp": "203.0.113.255", "requestAttributes": {}, "destinationAttributes": {} }, "serviceName": "login.googleapis.com", "methodName": "google.login.LoginService.loginVerification", "resourceName": "organizations/123", "metadata": { "@type": "type.googleapis.com/ccc_hosted_reporting.ActivityProto", "event": [ { "eventName": "login_verification", "parameter": [ { "name": "login_type", "type": "TYPE_STRING", "value": "google_password", "label": "LABEL_OPTIONAL" }, { "name": "login_challenge_method", "multiStrValue": [ "idv_preregistered_phone" ], "label": "LABEL_REPEATED", "type": "TYPE_STRING" }, { "value": "passed", "name": "login_challenge_status", "type": "TYPE_STRING", "label": "LABEL_OPTIONAL" }, { "value": "INfDlrzP9IH8_QE", "label": "LABEL_OPTIONAL", "name": "dusi", "type": "TYPE_STRING" }, { "label": "LABEL_OPTIONAL", "boolValue": true, "type": "TYPE_BOOL", "name": "is_second_factor" } ], "eventType": "login" } ], "activityId": { "uniqQualifier": "358068855354", "timeUsec": "1632459936762000" } } }, "insertId": "ivb9z4d41rh", "resource": { "type": "audited_resource", "labels": { "method": "google.login.LoginService.loginVerification", "service": "login.googleapis.com" } }, "timestamp": "2021-09-24T05:05:36.762Z", "severity": "NOTICE", "logName": "organizations/123/logs/cloudaudit.googleapis.com%2Fdata_access", "receiveTimestamp": "2021-09-24T06:39:22.386813664Z" }
logout
{ "protoPayload": { "@type": "type.googleapis.com/google.cloud.audit.AuditLog", "authenticationInfo": { "principalEmail": "test-user@example.com" }, "requestMetadata": { "callerIp": "203.0.113.255", "requestAttributes": {}, "destinationAttributes": {} }, "serviceName": "login.googleapis.com", "methodName": "google.login.LoginService.logout", "resourceName": "organizations/123", "metadata": { "event": [ { "eventName": "logout", "eventType": "login", "parameter": [ { "type": "TYPE_STRING", "label": "LABEL_OPTIONAL", "name": "login_type", "value": "google_password" }, { "type": "TYPE_STRING", "name": "dusi", "label": "LABEL_OPTIONAL", "value": "INfDlrzP9IH8_QE" } ] } ], "activityId": { "uniqQualifier": "358068855354", "timeUsec": "1632459903014598" }, "@type": "type.googleapis.com/ccc_hosted_reporting.ActivityProto" } }, "insertId": "v37ytid14th", "resource": { "type": "audited_resource", "labels": { "service": "login.googleapis.com", "method": "google.login.LoginService.logout" } }, "timestamp": "2021-09-24T05:05:03.014598Z", "severity": "NOTICE", "logName": "organizations/123/logs/cloudaudit.googleapis.com%2Fdata_access", "receiveTimestamp": "2021-09-24T06:39:22.229734504Z" }
login_success
{ "protoPayload": { "@type": "type.googleapis.com/google.cloud.audit.AuditLog", "authenticationInfo": { "principalEmail": "test-user@example.com" }, "requestMetadata": { "callerIp": "203.0.113.255", "requestAttributes": {}, "destinationAttributes": {} }, "serviceName": "login.googleapis.com", "methodName": "google.login.LoginService.loginSuccess", "resourceName": "organizations/123", "metadata": { "@type": "type.googleapis.com/ccc_hosted_reporting.ActivityProto", "activityId": { "timeUsec": "1632458429811809", "uniqQualifier": "358068855354" }, "event": [ { "parameter": [ { "type": "TYPE_STRING", "value": "google_password", "name": "login_type", "label": "LABEL_OPTIONAL" }, { "name": "login_challenge_method", "label": "LABEL_REPEATED", "type": "TYPE_STRING", "multiStrValue": [ "password" ] }, { "type": "TYPE_BOOL", "boolValue": false, "name": "is_suspicious", "label": "LABEL_OPTIONAL" }, { "value": "INfDlrzP9IH8_QE", "name": "dusi", "type": "TYPE_STRING", "label": "LABEL_OPTIONAL" } ], "eventType": "login", "eventName": "login_success" } ] } }, "insertId": "ci1svzd3hfk", "resource": { "type": "audited_resource", "labels": { "service": "login.googleapis.com", "method": "google.login.LoginService.loginSuccess" } }, "timestamp": "2021-09-24T04:40:29.811809Z", "severity": "NOTICE", "logName": "organizations/123/logs/cloudaudit.googleapis.com%2Fdata_access", "receiveTimestamp": "2021-09-24T05:43:20.474338130Z" }