このドキュメントでは、Google Workspace Login の監査によって Google Cloud に送信される監査ログのサンプルについて説明します。
さまざまなタイプのログイン監査アクティビティ イベントのイベントとパラメータの詳細については、ログイン監査アクティビティ イベントのリファレンスをご覧ください。
利用可能なログインの監査ログ
次の表に、ログイン監査によって生成された監査ログと、対応する AuditLog.method_name を示します。
| 説明 | イベント名 | AuditLog.method_name |
|---|---|---|
| イベントの種類: 2 段階認証プロセスの登録の変更 | ||
| 2 段階認証プロセスの無効化 | 2sv_disable |
google.login.LoginService.2svDisable |
| 2 段階認証プロセスの登録 | 2sv_enroll |
google.login.LoginService.2svEnroll |
| イベントタイプ: アカウントのパスワードの変更 | ||
| アカウントのパスワードの変更 | password_edit |
google.login.LoginService.passwordEdit |
| イベントタイプ: アカウント復元用の情報の変更 | ||
| アカウント復元用のメールアドレスの変更 | recovery_email_edit |
google.login.LoginService.recoveryEmailEdit |
| アカウント復元用の電話番号の変更 | recovery_phone_edit |
google.login.LoginService.recoveryPhoneEdit |
| アカウント復元用の秘密の質問と回答の変更 | recovery_secret_qa_edit |
google.login.LoginService.recoverySecretQaEdit |
| イベントの種類: アカウント警告 | ||
| パスワード漏洩 | account_disabled_password_leak |
google.login.LoginService.accountDisabledPasswordLeak |
| リスクが高く、機密性の高い操作が許可されている | risky_sensitive_action_allowed |
google.login.LoginService.riskySensitiveActionAllowed |
| リスクが高く、機密性の高い操作が許可されている | risky_sensitive_action_blocked |
google.login.LoginService.riskySensitiveActionBlocked |
| 不審なログインをブロックしました | suspicious_login |
google.login.LoginService.suspiciousLogin |
| 安全性の低いアプリからの不審なログインのブロック | suspicious_login_less_secure_app |
google.login.LoginService.suspiciousLoginLessSecureApp |
| プログラムによる不審なログインのブロック | suspicious_programmatic_login |
google.login.LoginService.suspiciousProgrammaticLogin |
| ユーザーの停止 | account_disabled_generic |
google.login.LoginService.accountDisabledGeneric |
| ユーザーの停止(リレー経由の迷惑メール) | account_disabled_spamming_through_relay |
google.login.LoginService.accountDisabledSpammingThroughRelay |
| ユーザーの停止(迷惑メール) | account_disabled_spamming |
google.login.LoginService.accountDisabledSpamming |
| ユーザーの停止(不審なアクティビティ) | account_disabled_hijacked |
google.login.LoginService.accountDisabledHijacked |
| イベントの種類: 高度な保護機能の登録の変更 | ||
| 高度な保護機能の登録 | titanium_enroll |
google.login.LoginService.titaniumEnroll |
| 高度な保護機能の登録解除 | titanium_unenroll |
google.login.LoginService.titaniumUnenroll |
| イベントタイプ: 攻撃の警告 | ||
| 政府が支援する攻撃 | gov_attack_warning |
google.login.LoginService.govAttackWarning |
| イベントの種類: メール転送設定が変更されました | ||
| ドメイン外へのメール転送の有効化 | email_forwarding_out_of_domain |
google.login.LoginService.emailForwardingOutOfDomain |
| イベントの種類: ログイン | ||
| ログイン失敗 | login_failure |
google.login.LoginService.loginFailure |
| ログイン時の本人確認 | login_challenge |
google.login.LoginService.loginChallenge |
| ログイン認証 | login_verification |
google.login.LoginService.loginVerification |
| ログアウト | logout |
google.login.LoginService.logout |
| ログイン成功 | login_success |
google.login.LoginService.loginSuccess |
例
以下に掲載するのは、イベントタイプとイベント名に応じたログイン監査の監査ログの例です。
2 段階認証プロセスの登録を変更済み
2sv_disable
{
"protoPayload": {
"@type": "type.googleapis.com/google.cloud.audit.AuditLog",
"authenticationInfo": {
"principalEmail": "test-user@example.com"
},
"requestMetadata": {
"callerIp": "203.0.113.255",
"requestAttributes": {},
"destinationAttributes": {}
},
"serviceName": "login.googleapis.com",
"methodName": "google.login.LoginService.2svDisable",
"resourceName": "organizations/123",
"metadata": {
"activityId": {
"uniqQualifier": "-7789616625639281959",
"timeUsec": "1632459962686000"
},
"event": [
{
"status": {
"success": true
},
"parameter": [
{
"type": "TYPE_STRING",
"label": "LABEL_OPTIONAL",
"value": "INfDlrzP9IH8_QE",
"name": "dusi"
}
],
"eventName": "2sv_disable",
"eventType": "2sv_change"
}
],
"@type": "type.googleapis.com/ccc_hosted_reporting.ActivityProto"
}
},
"insertId": "-tn3jrd3lko",
"resource": {
"type": "audited_resource",
"labels": {
"service": "login.googleapis.com",
"method": "google.login.LoginService.2svDisable"
}
},
"timestamp": "2021-09-24T05:06:02.686Z",
"severity": "NOTICE",
"logName": "organizations/123/logs/cloudaudit.googleapis.com%2Fdata_access",
"receiveTimestamp": "2021-09-24T05:06:03.845372592Z"
}
2sv_enroll
{
"protoPayload": {
"@type": "type.googleapis.com/google.cloud.audit.AuditLog",
"authenticationInfo": {
"principalEmail": "test-user@example.com"
},
"requestMetadata": {
"callerIp": "203.0.113.255",
"requestAttributes": {},
"destinationAttributes": {}
},
"serviceName": "login.googleapis.com",
"methodName": "google.login.LoginService.2svEnroll",
"resourceName": "organizations/123",
"metadata": {
"activityId": {
"uniqQualifier": "1624031130844323135",
"timeUsec": "1632458745769000"
},
"@type": "type.googleapis.com/ccc_hosted_reporting.ActivityProto",
"event": [
{
"eventType": "2sv_change",
"status": {
"success": true
},
"eventName": "2sv_enroll",
"parameter": [
{
"value": "INfDlrzP9IH8_QE",
"type": "TYPE_STRING",
"label": "LABEL_OPTIONAL",
"name": "dusi"
}
]
}
]
}
},
"insertId": "g3k8gid3b3p",
"resource": {
"type": "audited_resource",
"labels": {
"method": "google.login.LoginService.2svEnroll",
"service": "login.googleapis.com"
}
},
"timestamp": "2021-09-24T04:45:45.769Z",
"severity": "NOTICE",
"logName": "organizations/123/logs/cloudaudit.googleapis.com%2Fdata_access",
"receiveTimestamp": "2021-09-24T04:45:46.331843829Z"
}
アカウントのパスワードを変更済み
password_edit
{
"protoPayload": {
"@type": "type.googleapis.com/google.cloud.audit.AuditLog",
"authenticationInfo": {
"principalEmail": "test-user@example.com"
},
"requestMetadata": {
"callerIp": "203.0.113.255",
"requestAttributes": {},
"destinationAttributes": {}
},
"serviceName": "login.googleapis.com",
"methodName": "google.login.LoginService.passwordEdit",
"resourceName": "organizations/123",
"metadata": {
"@type": "type.googleapis.com/ccc_hosted_reporting.ActivityProto",
"event": [
{
"eventName": "password_edit",
"status": {
"success": true
},
"parameter": [
{
"type": "TYPE_STRING",
"label": "LABEL_OPTIONAL",
"value": "INfDlrzP9IH8_QE",
"name": "dusi"
}
],
"eventType": "password_change"
}
],
"activityId": {
"uniqQualifier": "8894052787391296929",
"timeUsec": "1632803013900566"
}
}
},
"insertId": "-u8coc0d6n78",
"resource": {
"type": "audited_resource",
"labels": {
"service": "login.googleapis.com",
"method": "google.login.LoginService.passwordEdit"
}
},
"timestamp": "2021-09-28T04:23:33.900566Z",
"severity": "NOTICE",
"logName": "organizations/123/logs/cloudaudit.googleapis.com%2Fdata_access",
"receiveTimestamp": "2021-09-28T04:23:37.724654918Z"
}
アカウント再設定用の情報を変更済み
recovery_email_edit
{
"protoPayload": {
"@type": "type.googleapis.com/google.cloud.audit.AuditLog",
"authenticationInfo": {
"principalEmail": "test-user@example.com"
},
"requestMetadata": {
"callerIp": "203.0.113.255",
"requestAttributes": {},
"destinationAttributes": {}
},
"serviceName": "login.googleapis.com",
"methodName": "google.login.LoginService.recoveryEmailEdit",
"resourceName": "organizations/123",
"metadata": {
"activityId": {
"timeUsec": "1632802942940979",
"uniqQualifier": "-7373127890859496609"
},
"event": [
{
"eventType": "recovery_info_change",
"eventName": "recovery_email_edit",
"parameter": [
{
"label": "LABEL_OPTIONAL",
"type": "TYPE_STRING",
"value": "INfDlrzP9IH8_QE",
"name": "dusi"
}
],
"status": {
"success": true
}
}
],
"@type": "type.googleapis.com/ccc_hosted_reporting.ActivityProto"
}
},
"insertId": "-nkwfupd26zt",
"resource": {
"type": "audited_resource",
"labels": {
"service": "login.googleapis.com",
"method": "google.login.LoginService.recoveryEmailEdit"
}
},
"timestamp": "2021-09-28T04:22:22.940979Z",
"severity": "NOTICE",
"logName": "organizations/123/logs/cloudaudit.googleapis.com%2Fdata_access",
"receiveTimestamp": "2021-09-28T04:22:26.523242112Z"
}
recovery_phone_edit
{
"protoPayload": {
"@type": "type.googleapis.com/google.cloud.audit.AuditLog",
"authenticationInfo": {
"principalEmail": "test-user@example.com"
},
"requestMetadata": {
"callerIp": "203.0.113.255",
"requestAttributes": {},
"destinationAttributes": {}
},
"serviceName": "login.googleapis.com",
"methodName": "google.login.LoginService.recoveryPhoneEdit",
"resourceName": "organizations/123",
"metadata": {
"event": [
{
"status": {
"success": true
},
"eventType": "recovery_info_change",
"eventName": "recovery_phone_edit",
"parameter": [
{
"label": "LABEL_OPTIONAL",
"value": "INfDlrzP9IH8_QE",
"type": "TYPE_STRING",
"name": "dusi"
}
]
}
],
"@type": "type.googleapis.com/ccc_hosted_reporting.ActivityProto",
"activityId": {
"timeUsec": "1632804439611095",
"uniqQualifier": "1470137036135837564"
}
}
},
"insertId": "-1xtrgbd2vl2",
"resource": {
"type": "audited_resource",
"labels": {
"service": "login.googleapis.com",
"method": "google.login.LoginService.recoveryPhoneEdit"
}
},
"timestamp": "2021-09-28T04:47:19.611095Z",
"severity": "NOTICE",
"logName": "organizations/123/logs/cloudaudit.googleapis.com%2Fdata_access",
"receiveTimestamp": "2021-09-28T04:47:25.741574446Z"
recovery_secret_qa_edit
{
"protoPayload": {
"@type": "type.googleapis.com/google.cloud.audit.AuditLog",
"authenticationInfo": {
"principalEmail": "test-user@example.com"
},
"requestMetadata": {
"callerIp": "203.0.113.255",
"requestAttributes": {},
"destinationAttributes": {}
},
"serviceName": "login.googleapis.com",
"methodName": "google.login.LoginService.recoverySecretQaEdit",
"resourceName": "organizations/123",
"metadata": {
"activityId": {
"uniqQualifier": "8328506129139272243",
"timeUsec": "1632804455273424"
},
"@type": "type.googleapis.com/ccc_hosted_reporting.ActivityProto",
"event": [
{
"eventName": "recovery_secret_qa_edit",
"eventType": "recovery_info_change",
"status": {
"success": true
},
"parameter": [
{
"type": "TYPE_STRING",
"value": "INfDlrzP9IH8_QE",
"name": "dusi",
"label": "LABEL_OPTIONAL"
}
]
}
]
}
},
"insertId": "vn31slcpmy",
"resource": {
"type": "audited_resource",
"labels": {
"method": "google.login.LoginService.recoverySecretQaEdit",
"service": "login.googleapis.com"
}
},
"timestamp": "2021-09-28T04:47:35.273424Z",
"severity": "NOTICE",
"logName": "organizations/123/logs/cloudaudit.googleapis.com%2Fdata_access",
"receiveTimestamp": "2021-09-28T04:47:37.650432219Z"
アカウントに関する警告
account_disabled_password_leak
{
"protoPayload": {
"@type": "type.googleapis.com/google.cloud.audit.AuditLog",
"authenticationInfo": {},
"requestMetadata": {
"callerIp": "2001:db8:ffff:ffff:ffff:ffff:ffff:ffff"
},
"serviceName": "login.googleapis.com",
"methodName": "google.login.LoginService.accountDisabledPasswordLeak",
"resourceName": "organizations/123",
"metadata": {
"activityId": {
"timeUsec": "1619808083475000",
"uniqQualifier": "6286848759980589624"
},
"event": [
{
"eventType": "account_warning",
"eventName": "account_disabled_password_leak",
"parameter": [
{
"name": "affected_email_address",
"value": "test-user@example.com",
"label": "LABEL_OPTIONAL",
"type": "TYPE_STRING"
}
],
"status": {
"success": true
}
}
],
"@type": "type.googleapis.com/ccc_hosted_reporting.ActivityProto"
}
},
"insertId": "-xkklkzcxkl",
"resource": {
"type": "audited_resource",
"labels": {
"method": "google.login.LoginService.accountDisabledPasswordLeak",
"service": "login.googleapis.com"
}
},
"timestamp": "2021-04-30T18:41:23.475Z",
"severity": "NOTICE",
"logName": "organizations/123/logs/cloudaudit.googleapis.com%2Fdata_access",
"receiveTimestamp": "2021-04-30T18:41:24.650965796Z"
}
suspicious_login
{
"protoPayload": {
"@type": "type.googleapis.com/google.cloud.audit.AuditLog",
"authenticationInfo": {},
"requestMetadata": {
"callerIp": "2001:db8:ffff:ffff:ffff:ffff:ffff:ffff"
},
"serviceName": "login.googleapis.com",
"methodName": "google.login.LoginService.suspiciousLogin",
"resourceName": "organizations/123",
"metadata": {
"activityId": {
"timeUsec": "1620095181000000",
"uniqQualifier": "-2034771694824799453"
},
"event": [
{
"eventType": "account_warning",
"eventName": "suspicious_login",
"parameter": [
{
"name": "affected_email_address",
"value": "test-user@example.com",
"label": "LABEL_OPTIONAL",
"type": "TYPE_STRING"
}
],
"status": {
"success": true
}
}
],
"@type": "type.googleapis.com/ccc_hosted_reporting.ActivityProto"
}
},
"insertId": "-778d70d2n5b",
"resource": {
"type": "audited_resource",
"labels": {
"service": "login.googleapis.com",
"method": "google.login.LoginService.suspiciousLogin"
}
},
"timestamp": "2021-05-04T02:26:21Z",
"severity": "NOTICE",
"logName": "organizations/123/logs/cloudaudit.googleapis.com%2Fdata_access",
"receiveTimestamp": "2021-05-04T02:56:23.806722355Z"
}
suspicious_login_less_secure_app
{
"protoPayload": {
"@type": "type.googleapis.com/google.cloud.audit.AuditLog",
"authenticationInfo": {},
"requestMetadata": {
"callerIp": "2001:db8:ffff:ffff:ffff:ffff:ffff:ffff"
},
"serviceName": "login.googleapis.com",
"methodName": "google.login.LoginService.suspiciousLoginLessSecureApp",
"resourceName": "organizations/123",
"metadata": {
"activityId": {
"timeUsec": "1620095181000000",
"uniqQualifier": "-2034771694824799453"
},
"event": [
{
"eventType": "account_warning",
"eventName": "suspicious_login_less_secure_app",
"parameter": [
{
"name": "affected_email_address",
"value": "test-user@example.com",
"label": "LABEL_OPTIONAL",
"type": "TYPE_STRING"
}
],
"status": {
"success": true
}
}
],
"@type": "type.googleapis.com/ccc_hosted_reporting.ActivityProto"
}
},
"insertId": "-778d70d2n5b",
"resource": {
"type": "audited_resource",
"labels": {
"service": "login.googleapis.com",
"method": "google.login.LoginService.suspiciousLoginLessSecureApp"
}
},
"timestamp": "2021-05-04T02:26:21Z",
"severity": "NOTICE",
"logName": "organizations/123/logs/cloudaudit.googleapis.com%2Fdata_access",
"receiveTimestamp": "2021-05-04T02:56:23.806722355Z"
}
suspicious_programmatic_login
{
"protoPayload": {
"@type": "type.googleapis.com/google.cloud.audit.AuditLog",
"authenticationInfo": {},
"requestMetadata": {
"callerIp": "2001:db8:ffff:ffff:ffff:ffff:ffff:ffff"
},
"serviceName": "login.googleapis.com",
"methodName": "google.login.LoginService.suspiciousProgrammaticLogin",
"resourceName": "organizations/123",
"metadata": {
"activityId": {
"timeUsec": "1620095181000000",
"uniqQualifier": "-2034771694824799453"
},
"event": [
{
"eventType": "account_warning",
"eventName": "suspicious_programmatic_login",
"parameter": [
{
"name": "affected_email_address",
"value": "test-user@example.com",
"label": "LABEL_OPTIONAL",
"type": "TYPE_STRING"
}
],
"status": {
"success": true
}
}
],
"@type": "type.googleapis.com/ccc_hosted_reporting.ActivityProto"
}
},
"insertId": "-778d70d2n5b",
"resource": {
"type": "audited_resource",
"labels": {
"service": "login.googleapis.com",
"method": "google.login.LoginService.suspiciousProgrammaticLogin"
}
},
"timestamp": "2021-05-04T02:26:21Z",
"severity": "NOTICE",
"logName": "organizations/123/logs/cloudaudit.googleapis.com%2Fdata_access",
"receiveTimestamp": "2021-05-04T02:56:23.806722355Z"
}
account_disabled_generic
{
"protoPayload": {
"@type": "type.googleapis.com/google.cloud.audit.AuditLog",
"authenticationInfo": {},
"requestMetadata": {
"callerIp": "2001:db8:ffff:ffff:ffff:ffff:ffff:ffff"
},
"serviceName": "login.googleapis.com",
"methodName": "google.login.LoginService.accountDisabledGeneric",
"resourceName": "organizations/123",
"metadata": {
"activityId": {
"timeUsec": "1619825589352000",
"uniqQualifier": "-3303614929287073633"
},
"event": [
{
"eventType": "account_warning",
"eventName": "account_disabled_generic",
"parameter": [
{
"name": "affected_email_address",
"value": "test-user@example.com",
"label": "LABEL_OPTIONAL",
"type": "TYPE_STRING"
}
],
"status": {
"success": true
}
}
],
"@type": "type.googleapis.com/ccc_hosted_reporting.ActivityProto"
}
},
"insertId": "nlgrf8d6ygj",
"resource": {
"type": "audited_resource",
"labels": {
"method": "google.login.LoginService.accountDisabledGeneric",
"service": "login.googleapis.com"
}
},
"timestamp": "2021-04-30T23:33:09.352Z",
"severity": "NOTICE",
"logName": "organizations/123/logs/cloudaudit.googleapis.com%2Fdata_access",
"receiveTimestamp": "2021-04-30T23:33:10.673412983Z"
}
account_disabled_spamming_through_relay
{
"protoPayload": {
"@type": "type.googleapis.com/google.cloud.audit.AuditLog",
"authenticationInfo": {},
"requestMetadata": {
"callerIp": "2001:db8:ffff:ffff:ffff:ffff:ffff:ffff"
},
"serviceName": "login.googleapis.com",
"methodName": "google.login.LoginService.accountDisabledSpammingThroughRelay",
"resourceName": "organizations/123",
"metadata": {
"activityId": {
"timeUsec": "1619808083475000",
"uniqQualifier": "6286848759980589624"
},
"event": [
{
"eventType": "account_warning",
"eventName": "account_disabled_spamming_through_relay",
"parameter": [
{
"name": "affected_email_address",
"value": "test-user@example.com",
"label": "LABEL_OPTIONAL",
"type": "TYPE_STRING"
}
],
"status": {
"success": true
}
}
],
"@type": "type.googleapis.com/ccc_hosted_reporting.ActivityProto"
}
},
"insertId": "-xkklkzcxkl",
"resource": {
"type": "audited_resource",
"labels": {
"method": "google.login.LoginService.accountDisabledSpammingThroughRelay",
"service": "login.googleapis.com"
}
},
"timestamp": "2021-04-30T18:41:23.475Z",
"severity": "NOTICE",
"logName": "organizations/123/logs/cloudaudit.googleapis.com%2Fdata_access",
"receiveTimestamp": "2021-04-30T18:41:24.650965796Z"
}
account_disabled_spamming
{
"protoPayload": {
"@type": "type.googleapis.com/google.cloud.audit.AuditLog",
"authenticationInfo": {},
"requestMetadata": {
"callerIp": "2001:db8:ffff:ffff:ffff:ffff:ffff:ffff"
},
"serviceName": "login.googleapis.com",
"methodName": "google.login.LoginService.accountDisabledSpamming",
"resourceName": "organizations/123",
"metadata": {
"activityId": {
"timeUsec": "1619808083475000",
"uniqQualifier": "6286848759980589624"
},
"event": [
{
"eventType": "account_warning",
"eventName": "account_disabled_spamming",
"parameter": [
{
"name": "affected_email_address",
"value": "test-user@example.com",
"label": "LABEL_OPTIONAL",
"type": "TYPE_STRING"
}
],
"status": {
"success": true
}
}
],
"@type": "type.googleapis.com/ccc_hosted_reporting.ActivityProto"
}
},
"insertId": "-xkklkzcxkl",
"resource": {
"type": "audited_resource",
"labels": {
"method": "google.login.LoginService.accountDisabledSpamming",
"service": "login.googleapis.com"
}
},
"timestamp": "2021-04-30T18:41:23.475Z",
"severity": "NOTICE",
"logName": "organizations/123/logs/cloudaudit.googleapis.com%2Fdata_access",
"receiveTimestamp": "2021-04-30T18:41:24.650965796Z"
}
account_disabled_hijacked
{
"protoPayload": {
"@type": "type.googleapis.com/google.cloud.audit.AuditLog",
"authenticationInfo": {},
"requestMetadata": {
"callerIp": "2001:db8:ffff:ffff:ffff:ffff:ffff:ffff"
},
"serviceName": "login.googleapis.com",
"methodName": "google.login.LoginService.accountDisabledHijacked",
"resourceName": "organizations/123",
"metadata": {
"activityId": {
"timeUsec": "1619825589352000",
"uniqQualifier": "-3303614929287073633"
},
"event": [
{
"eventType": "account_warning",
"eventName": "account_disabled_hijacked",
"parameter": [
{
"name": "affected_email_address",
"value": "test-user@example.com",
"label": "LABEL_OPTIONAL",
"type": "TYPE_STRING"
}
],
"status": {
"success": true
}
}
],
"@type": "type.googleapis.com/ccc_hosted_reporting.ActivityProto"
}
},
"insertId": "nlgrf8d6ygj",
"resource": {
"type": "audited_resource",
"labels": {
"method": "google.login.LoginService.accountDisabledHijacked",
"service": "login.googleapis.com"
}
},
"timestamp": "2021-04-30T23:33:09.352Z",
"severity": "NOTICE",
"logName": "organizations/123/logs/cloudaudit.googleapis.com%2Fdata_access",
"receiveTimestamp": "2021-04-30T23:33:10.673412983Z"
}
高度な保護機能の登録を変更しました
titanium_enroll
{
"protoPayload": {
"@type": "type.googleapis.com/google.cloud.audit.AuditLog",
"authenticationInfo": {
"principalEmail": "test-user@example.com"
},
"requestMetadata": {
"callerIp": "203.0.113.255",
"requestAttributes": {},
"destinationAttributes": {}
},
"serviceName": "login.googleapis.com",
"methodName": "google.login.LoginService.titaniumEnroll",
"resourceName": "organizations/123",
"metadata": {
"activityId": {
"uniqQualifier": "4206430548119220064",
"timeUsec": "1632843484846000"
},
"event": [
{
"eventName": "titanium_enroll",
"status": {
"success": true
},
"parameter": [
{
"label": "LABEL_OPTIONAL",
"value": "INfDlrzP9IH8_QE",
"type": "TYPE_STRING",
"name": "dusi"
}
],
"eventType": "titanium_change"
}
],
"@type": "type.googleapis.com/ccc_hosted_reporting.ActivityProto"
}
},
"insertId": "-bxbn5bd167i",
"resource": {
"type": "audited_resource",
"labels": {
"service": "login.googleapis.com",
"method": "google.login.LoginService.titaniumEnroll"
}
},
"timestamp": "2021-09-28T15:38:04.846Z",
"severity": "NOTICE",
"logName": "organizations/123/logs/cloudaudit.googleapis.com%2Fdata_access",
"receiveTimestamp": "2021-09-28T15:38:05.969683854Z"
}
titanium_unenroll
{
"protoPayload": {
"@type": "type.googleapis.com/google.cloud.audit.AuditLog",
"authenticationInfo": {
"principalEmail": "test-user@example.com"
},
"requestMetadata": {
"callerIp": "203.0.113.255",
"requestAttributes": {},
"destinationAttributes": {}
},
"serviceName": "login.googleapis.com",
"methodName": "google.login.LoginService.titaniumUnenroll",
"resourceName": "organizations/123",
"metadata": {
"@type": "type.googleapis.com/ccc_hosted_reporting.ActivityProto",
"event": [
{
"eventType": "titanium_change",
"status": {
"success": true
},
"eventName": "titanium_unenroll",
"parameter": [
{
"type": "TYPE_STRING",
"label": "LABEL_OPTIONAL",
"value": "INfDlrzP9IH8_QE",
"name": "dusi"
}
]
}
],
"activityId": {
"timeUsec": "1632843914653434",
"uniqQualifier": "-6706492269209711994"
}
}
},
"insertId": "-vw60qad1861",
"resource": {
"type": "audited_resource",
"labels": {
"service": "login.googleapis.com",
"method": "google.login.LoginService.titaniumUnenroll"
}
},
"timestamp": "2021-09-28T15:45:14.653434Z",
"severity": "NOTICE",
"logName": "organizations/123/logs/cloudaudit.googleapis.com%2Fdata_access",
"receiveTimestamp": "2021-09-28T15:45:15.862755277Z"
}
攻撃の警告
gov_attack_warning
{
"protoPayload": {
"@type": "type.googleapis.com/google.cloud.audit.AuditLog",
"authenticationInfo": {
"principalEmail": "test-user@example.com"
},
"requestMetadata": {
"callerIp": "2001:db8:ffff:ffff:ffff:ffff:ffff:ffff",
"requestAttributes": {},
"destinationAttributes": {}
},
"serviceName": "login.googleapis.com",
"methodName": "google.login.LoginService.govAttackWarning",
"resourceName": "organizations/123",
"metadata": {
"activityId": {
"timeUsec": "1619825837106000",
"uniqQualifier": "7230131091737932677"
},
"@type": "type.googleapis.com/ccc_hosted_reporting.ActivityProto",
"event": [
{
"eventName": "gov_attack_warning",
"eventType": "attack_warning",
"status": {
"success": true
}
}
]
}
},
"insertId": "bxuophd1vlw",
"resource": {
"type": "audited_resource",
"labels": {
"service": "login.googleapis.com",
"method": "google.login.LoginService.govAttackWarning"
}
},
"timestamp": "2021-04-30T23:37:17.106Z",
"severity": "NOTICE",
"logName": "organizations/123/logs/cloudaudit.googleapis.com%2Fdata_access",
"receiveTimestamp": "2021-04-30T23:37:18.488559815Z"
}
メール転送設定を変更しました
email_forwarding_out_of_domain
{
"protoPayload": {
"@type": "type.googleapis.com/google.cloud.audit.AuditLog",
"authenticationInfo": {
"principalEmail": "test-user@example.com"
},
"requestMetadata": {
"callerIp": "203.0.113.255",
"requestAttributes": {},
"destinationAttributes": {}
},
"serviceName": "login.googleapis.com",
"methodName": "google.login.LoginService.emailForwardingOutOfDomain",
"resourceName": "organizations/123",
"metadata": {
"activityId": {
"uniqQualifier": "-5683698025624301037",
"timeUsec": "1632501152256000"
},
"@type": "type.googleapis.com/ccc_hosted_reporting.ActivityProto",
"event": [
{
"eventName": "email_forwarding_out_of_domain",
"status": {
"success": true
},
"parameter": [
{
"name": "dusi",
"type": "TYPE_STRING",
"value": "INfDlrzP9IH8_QE",
"label": "LABEL_OPTIONAL"
},
{
"type": "TYPE_STRING",
"label": "LABEL_OPTIONAL",
"value": "test-user@google.com",
"name": "email_forwarding_destination_address"
}
],
"eventType": "email_forwarding_change"
}
]
}
},
"insertId": "rrcp9gd3y2f",
"resource": {
"type": "audited_resource",
"labels": {
"method": "google.login.LoginService.emailForwardingOutOfDomain",
"service": "login.googleapis.com"
}
},
"timestamp": "2021-09-24T16:32:32.256Z",
"severity": "NOTICE",
"logName": "organizations/123/logs/cloudaudit.googleapis.com%2Fdata_access",
"receiveTimestamp": "2021-09-24T16:32:33.319260836Z"
}
Login
login_failure
{
"protoPayload": {
"@type": "type.googleapis.com/google.cloud.audit.AuditLog",
"authenticationInfo": {
"principalEmail": "test-user@example.com"
},
"requestMetadata": {
"callerIp": "2001:db8:ffff:ffff:ffff:ffff:ffff:ffff",
"requestAttributes": {},
"destinationAttributes": {}
},
"serviceName": "login.googleapis.com",
"methodName": "google.login.LoginService.loginFailure",
"resourceName": "organizations/123",
"metadata": {
"event": [
{
"eventName": "login_failure",
"eventType": "login",
"parameter": [
{
"value": "google_password",
"type": "TYPE_STRING",
"name": "login_type",
"label": "LABEL_OPTIONAL"
},
{
"name": "login_challenge_method",
"type": "TYPE_STRING",
"label": "LABEL_REPEATED",
"multiStrValue": [
"password",
"idv_preregistered_phone",
"idv_preregistered_phone"
]
},
{
"label": "LABEL_OPTIONAL",
"name": "dusi",
"type": "TYPE_STRING",
"value": "IOWJlfPwgvrTfg"
}
]
}
],
"activityId": {
"uniqQualifier": "358068855354",
"timeUsec": "1632500217183212"
},
"@type": "type.googleapis.com/ccc_hosted_reporting.ActivityProto"
}
},
"insertId": "-nahbepd4l1x",
"resource": {
"type": "audited_resource",
"labels": {
"method": "google.login.LoginService.loginFailure",
"service": "login.googleapis.com"
}
},
"timestamp": "2021-09-24T16:16:57.183212Z",
"severity": "NOTICE",
"logName": "organizations/123/logs/cloudaudit.googleapis.com%2Fdata_access",
"receiveTimestamp": "2021-09-24T17:51:25.034361197Z"
}
login_challenge
{
"protoPayload": {
"@type": "type.googleapis.com/google.cloud.audit.AuditLog",
"authenticationInfo": {
"principalEmail": "test-user@example.com"
},
"requestMetadata": {
"callerIp": "2001:db8:ffff:ffff:ffff:ffff:ffff:ffff",
"requestAttributes": {},
"destinationAttributes": {}
},
"serviceName": "login.googleapis.com",
"methodName": "google.login.LoginService.loginChallenge",
"resourceName": "organizations/123",
"metadata": {
"@type": "type.googleapis.com/ccc_hosted_reporting.ActivityProto",
"event": [
{
"eventName": "login_challenge",
"parameter": [
{
"name": "login_type",
"value": "google_password",
"type": "TYPE_STRING",
"label": "LABEL_OPTIONAL"
},
{
"type": "TYPE_STRING",
"label": "LABEL_REPEATED",
"name": "login_challenge_method",
"multiStrValue": [
"idv_preregistered_phone"
]
},
{
"label": "LABEL_OPTIONAL",
"type": "TYPE_STRING",
"value": "incorrect_answer_entered",
"name": "login_challenge_status"
},
{
"type": "TYPE_STRING",
"name": "dusi",
"label": "LABEL_OPTIONAL",
"value": "IOWJlfPwgvrTfg"
}
],
"eventType": "login"
}
],
"activityId": {
"timeUsec": "1632500217183211",
"uniqQualifier": "358068855354"
}
}
},
"insertId": "-nahbepd4l2j",
"resource": {
"type": "audited_resource",
"labels": {
"service": "login.googleapis.com",
"method": "google.login.LoginService.loginChallenge"
}
},
"timestamp": "2021-09-24T16:16:57.183211Z",
"severity": "NOTICE",
"logName": "organizations/123/logs/cloudaudit.googleapis.com%2Fdata_access",
"receiveTimestamp": "2021-09-24T17:51:28.041126044Z"
login_verification
{
"protoPayload": {
"@type": "type.googleapis.com/google.cloud.audit.AuditLog",
"authenticationInfo": {
"principalEmail": "test-user@example.com"
},
"requestMetadata": {
"callerIp": "203.0.113.255",
"requestAttributes": {},
"destinationAttributes": {}
},
"serviceName": "login.googleapis.com",
"methodName": "google.login.LoginService.loginVerification",
"resourceName": "organizations/123",
"metadata": {
"@type": "type.googleapis.com/ccc_hosted_reporting.ActivityProto",
"event": [
{
"eventName": "login_verification",
"parameter": [
{
"name": "login_type",
"type": "TYPE_STRING",
"value": "google_password",
"label": "LABEL_OPTIONAL"
},
{
"name": "login_challenge_method",
"multiStrValue": [
"idv_preregistered_phone"
],
"label": "LABEL_REPEATED",
"type": "TYPE_STRING"
},
{
"value": "passed",
"name": "login_challenge_status",
"type": "TYPE_STRING",
"label": "LABEL_OPTIONAL"
},
{
"value": "INfDlrzP9IH8_QE",
"label": "LABEL_OPTIONAL",
"name": "dusi",
"type": "TYPE_STRING"
},
{
"label": "LABEL_OPTIONAL",
"boolValue": true,
"type": "TYPE_BOOL",
"name": "is_second_factor"
}
],
"eventType": "login"
}
],
"activityId": {
"uniqQualifier": "358068855354",
"timeUsec": "1632459936762000"
}
}
},
"insertId": "ivb9z4d41rh",
"resource": {
"type": "audited_resource",
"labels": {
"method": "google.login.LoginService.loginVerification",
"service": "login.googleapis.com"
}
},
"timestamp": "2021-09-24T05:05:36.762Z",
"severity": "NOTICE",
"logName": "organizations/123/logs/cloudaudit.googleapis.com%2Fdata_access",
"receiveTimestamp": "2021-09-24T06:39:22.386813664Z"
}
logout
{
"protoPayload": {
"@type": "type.googleapis.com/google.cloud.audit.AuditLog",
"authenticationInfo": {
"principalEmail": "test-user@example.com"
},
"requestMetadata": {
"callerIp": "203.0.113.255",
"requestAttributes": {},
"destinationAttributes": {}
},
"serviceName": "login.googleapis.com",
"methodName": "google.login.LoginService.logout",
"resourceName": "organizations/123",
"metadata": {
"event": [
{
"eventName": "logout",
"eventType": "login",
"parameter": [
{
"type": "TYPE_STRING",
"label": "LABEL_OPTIONAL",
"name": "login_type",
"value": "google_password"
},
{
"type": "TYPE_STRING",
"name": "dusi",
"label": "LABEL_OPTIONAL",
"value": "INfDlrzP9IH8_QE"
}
]
}
],
"activityId": {
"uniqQualifier": "358068855354",
"timeUsec": "1632459903014598"
},
"@type": "type.googleapis.com/ccc_hosted_reporting.ActivityProto"
}
},
"insertId": "v37ytid14th",
"resource": {
"type": "audited_resource",
"labels": {
"service": "login.googleapis.com",
"method": "google.login.LoginService.logout"
}
},
"timestamp": "2021-09-24T05:05:03.014598Z",
"severity": "NOTICE",
"logName": "organizations/123/logs/cloudaudit.googleapis.com%2Fdata_access",
"receiveTimestamp": "2021-09-24T06:39:22.229734504Z"
}
login_success
{
"protoPayload": {
"@type": "type.googleapis.com/google.cloud.audit.AuditLog",
"authenticationInfo": {
"principalEmail": "test-user@example.com"
},
"requestMetadata": {
"callerIp": "203.0.113.255",
"requestAttributes": {},
"destinationAttributes": {}
},
"serviceName": "login.googleapis.com",
"methodName": "google.login.LoginService.loginSuccess",
"resourceName": "organizations/123",
"metadata": {
"@type": "type.googleapis.com/ccc_hosted_reporting.ActivityProto",
"activityId": {
"timeUsec": "1632458429811809",
"uniqQualifier": "358068855354"
},
"event": [
{
"parameter": [
{
"type": "TYPE_STRING",
"value": "google_password",
"name": "login_type",
"label": "LABEL_OPTIONAL"
},
{
"name": "login_challenge_method",
"label": "LABEL_REPEATED",
"type": "TYPE_STRING",
"multiStrValue": [
"password"
]
},
{
"type": "TYPE_BOOL",
"boolValue": false,
"name": "is_suspicious",
"label": "LABEL_OPTIONAL"
},
{
"value": "INfDlrzP9IH8_QE",
"name": "dusi",
"type": "TYPE_STRING",
"label": "LABEL_OPTIONAL"
}
],
"eventType": "login",
"eventName": "login_success"
}
]
}
},
"insertId": "ci1svzd3hfk",
"resource": {
"type": "audited_resource",
"labels": {
"service": "login.googleapis.com",
"method": "google.login.LoginService.loginSuccess"
}
},
"timestamp": "2021-09-24T04:40:29.811809Z",
"severity": "NOTICE",
"logName": "organizations/123/logs/cloudaudit.googleapis.com%2Fdata_access",
"receiveTimestamp": "2021-09-24T05:43:20.474338130Z"
}