Questo documento fornisce esempi di audit log inviati a Google Cloud da Google Workspace Login Audit.
Per ulteriori informazioni su eventi e parametri per i vari tipi di eventi dell'attività di controllo degli accessi, consulta il documento di riferimento sugli eventi di attività di controllo dell'accesso.
Log di controllo degli accessi disponibili
Nella tabella seguente sono elencati gli audit log prodotti dal controllo dell'accesso e i rispettivi elementi AuditLog.method_name:
| Descrizione | Nome evento | AuditLog.method_name |
|---|---|---|
| Tipo di evento: registrazione per la verifica in due passaggi modificata | ||
| Disattivazione verifica in due passaggi | 2sv_disable |
google.login.LoginService.2svDisable |
| Registrazione per la verifica in due passaggi | 2sv_enroll |
google.login.LoginService.2svEnroll |
| Tipo di evento: password dell'account modificata | ||
| Modifica password account | password_edit |
google.login.LoginService.passwordEdit |
| Tipo di evento: informazioni per il recupero dell'account modificate | ||
| Modifica email di recupero dell'account | recovery_email_edit |
google.login.LoginService.recoveryEmailEdit |
| Modifica numero di telefono di recupero dell'account | recovery_phone_edit |
google.login.LoginService.recoveryPhoneEdit |
| Modifica domanda/risposta segreta di recupero dell'account | recovery_secret_qa_edit |
google.login.LoginService.recoverySecretQaEdit |
| Tipo di evento: avviso relativo all'account | ||
| Password divulgata | account_disabled_password_leak |
google.login.LoginService.accountDisabledPasswordLeak |
| Azione sensibile e rischiosa consentita | risky_sensitive_action_allowed |
google.login.LoginService.riskySensitiveActionAllowed |
| Rischioso, con azione_bloccata | risky_sensitive_action_blocked |
google.login.LoginService.riskySensitiveActionBlocked |
| Accesso sospetto bloccato | suspicious_login |
google.login.LoginService.suspiciousLogin |
| Accesso sospetto da un'app meno sicura bloccato | suspicious_login_less_secure_app |
google.login.LoginService.suspiciousLoginLessSecureApp |
| Accesso programmatico sospetto bloccato | suspicious_programmatic_login |
google.login.LoginService.suspiciousProgrammaticLogin |
| Utente sospeso | account_disabled_generic |
google.login.LoginService.accountDisabledGeneric |
| Utente sospeso (spam inviato tramite inoltro) | account_disabled_spamming_through_relay |
google.login.LoginService.accountDisabledSpammingThroughRelay |
| Utente sospeso (spam) | account_disabled_spamming |
google.login.LoginService.accountDisabledSpamming |
| Utente sospeso (attività sospetta) | account_disabled_hijacked |
google.login.LoginService.accountDisabledHijacked |
| Tipo di evento: registrazione al programma di protezione avanzata modificata | ||
| Registrazione alla protezione avanzata | titanium_enroll |
google.login.LoginService.titaniumEnroll |
| Annullamento della registrazione alla protezione avanzata | titanium_unenroll |
google.login.LoginService.titaniumUnenroll |
| Tipo di evento: avviso di attacco | ||
| Attacco sostenuto da un governo | gov_attack_warning |
google.login.LoginService.govAttackWarning |
| Tipo di evento: impostazioni di inoltro email modificate | ||
| Inoltro email al di fuori del dominio attivo | email_forwarding_out_of_domain |
google.login.LoginService.emailForwardingOutOfDomain |
| Tipo di evento: Accesso | ||
| Accesso non riuscito | login_failure |
google.login.LoginService.loginFailure |
| Verifica dell'accesso | login_challenge |
google.login.LoginService.loginChallenge |
| Verifica dell'accesso | login_verification |
google.login.LoginService.loginVerification |
| Esci | logout |
google.login.LoginService.logout |
| Accesso riuscito | login_success |
google.login.LoginService.loginSuccess |
Esempi
Di seguito sono riportati esempi di audit log per il controllo dell'accesso in base al tipo e al nome dell'evento.
Registrazione per la verifica in due passaggi modificata
2sv_disable
{
"protoPayload": {
"@type": "type.googleapis.com/google.cloud.audit.AuditLog",
"authenticationInfo": {
"principalEmail": "test-user@example.com"
},
"requestMetadata": {
"callerIp": "203.0.113.255",
"requestAttributes": {},
"destinationAttributes": {}
},
"serviceName": "login.googleapis.com",
"methodName": "google.login.LoginService.2svDisable",
"resourceName": "organizations/123",
"metadata": {
"activityId": {
"uniqQualifier": "-7789616625639281959",
"timeUsec": "1632459962686000"
},
"event": [
{
"status": {
"success": true
},
"parameter": [
{
"type": "TYPE_STRING",
"label": "LABEL_OPTIONAL",
"value": "INfDlrzP9IH8_QE",
"name": "dusi"
}
],
"eventName": "2sv_disable",
"eventType": "2sv_change"
}
],
"@type": "type.googleapis.com/ccc_hosted_reporting.ActivityProto"
}
},
"insertId": "-tn3jrd3lko",
"resource": {
"type": "audited_resource",
"labels": {
"service": "login.googleapis.com",
"method": "google.login.LoginService.2svDisable"
}
},
"timestamp": "2021-09-24T05:06:02.686Z",
"severity": "NOTICE",
"logName": "organizations/123/logs/cloudaudit.googleapis.com%2Fdata_access",
"receiveTimestamp": "2021-09-24T05:06:03.845372592Z"
}
2sv_enroll
{
"protoPayload": {
"@type": "type.googleapis.com/google.cloud.audit.AuditLog",
"authenticationInfo": {
"principalEmail": "test-user@example.com"
},
"requestMetadata": {
"callerIp": "203.0.113.255",
"requestAttributes": {},
"destinationAttributes": {}
},
"serviceName": "login.googleapis.com",
"methodName": "google.login.LoginService.2svEnroll",
"resourceName": "organizations/123",
"metadata": {
"activityId": {
"uniqQualifier": "1624031130844323135",
"timeUsec": "1632458745769000"
},
"@type": "type.googleapis.com/ccc_hosted_reporting.ActivityProto",
"event": [
{
"eventType": "2sv_change",
"status": {
"success": true
},
"eventName": "2sv_enroll",
"parameter": [
{
"value": "INfDlrzP9IH8_QE",
"type": "TYPE_STRING",
"label": "LABEL_OPTIONAL",
"name": "dusi"
}
]
}
]
}
},
"insertId": "g3k8gid3b3p",
"resource": {
"type": "audited_resource",
"labels": {
"method": "google.login.LoginService.2svEnroll",
"service": "login.googleapis.com"
}
},
"timestamp": "2021-09-24T04:45:45.769Z",
"severity": "NOTICE",
"logName": "organizations/123/logs/cloudaudit.googleapis.com%2Fdata_access",
"receiveTimestamp": "2021-09-24T04:45:46.331843829Z"
}
Password dell'account cambiata
password_edit
{
"protoPayload": {
"@type": "type.googleapis.com/google.cloud.audit.AuditLog",
"authenticationInfo": {
"principalEmail": "test-user@example.com"
},
"requestMetadata": {
"callerIp": "203.0.113.255",
"requestAttributes": {},
"destinationAttributes": {}
},
"serviceName": "login.googleapis.com",
"methodName": "google.login.LoginService.passwordEdit",
"resourceName": "organizations/123",
"metadata": {
"@type": "type.googleapis.com/ccc_hosted_reporting.ActivityProto",
"event": [
{
"eventName": "password_edit",
"status": {
"success": true
},
"parameter": [
{
"type": "TYPE_STRING",
"label": "LABEL_OPTIONAL",
"value": "INfDlrzP9IH8_QE",
"name": "dusi"
}
],
"eventType": "password_change"
}
],
"activityId": {
"uniqQualifier": "8894052787391296929",
"timeUsec": "1632803013900566"
}
}
},
"insertId": "-u8coc0d6n78",
"resource": {
"type": "audited_resource",
"labels": {
"service": "login.googleapis.com",
"method": "google.login.LoginService.passwordEdit"
}
},
"timestamp": "2021-09-28T04:23:33.900566Z",
"severity": "NOTICE",
"logName": "organizations/123/logs/cloudaudit.googleapis.com%2Fdata_access",
"receiveTimestamp": "2021-09-28T04:23:37.724654918Z"
}
Informazioni di recupero dell'account modificate
recovery_email_edit
{
"protoPayload": {
"@type": "type.googleapis.com/google.cloud.audit.AuditLog",
"authenticationInfo": {
"principalEmail": "test-user@example.com"
},
"requestMetadata": {
"callerIp": "203.0.113.255",
"requestAttributes": {},
"destinationAttributes": {}
},
"serviceName": "login.googleapis.com",
"methodName": "google.login.LoginService.recoveryEmailEdit",
"resourceName": "organizations/123",
"metadata": {
"activityId": {
"timeUsec": "1632802942940979",
"uniqQualifier": "-7373127890859496609"
},
"event": [
{
"eventType": "recovery_info_change",
"eventName": "recovery_email_edit",
"parameter": [
{
"label": "LABEL_OPTIONAL",
"type": "TYPE_STRING",
"value": "INfDlrzP9IH8_QE",
"name": "dusi"
}
],
"status": {
"success": true
}
}
],
"@type": "type.googleapis.com/ccc_hosted_reporting.ActivityProto"
}
},
"insertId": "-nkwfupd26zt",
"resource": {
"type": "audited_resource",
"labels": {
"service": "login.googleapis.com",
"method": "google.login.LoginService.recoveryEmailEdit"
}
},
"timestamp": "2021-09-28T04:22:22.940979Z",
"severity": "NOTICE",
"logName": "organizations/123/logs/cloudaudit.googleapis.com%2Fdata_access",
"receiveTimestamp": "2021-09-28T04:22:26.523242112Z"
}
recovery_phone_edit
{
"protoPayload": {
"@type": "type.googleapis.com/google.cloud.audit.AuditLog",
"authenticationInfo": {
"principalEmail": "test-user@example.com"
},
"requestMetadata": {
"callerIp": "203.0.113.255",
"requestAttributes": {},
"destinationAttributes": {}
},
"serviceName": "login.googleapis.com",
"methodName": "google.login.LoginService.recoveryPhoneEdit",
"resourceName": "organizations/123",
"metadata": {
"event": [
{
"status": {
"success": true
},
"eventType": "recovery_info_change",
"eventName": "recovery_phone_edit",
"parameter": [
{
"label": "LABEL_OPTIONAL",
"value": "INfDlrzP9IH8_QE",
"type": "TYPE_STRING",
"name": "dusi"
}
]
}
],
"@type": "type.googleapis.com/ccc_hosted_reporting.ActivityProto",
"activityId": {
"timeUsec": "1632804439611095",
"uniqQualifier": "1470137036135837564"
}
}
},
"insertId": "-1xtrgbd2vl2",
"resource": {
"type": "audited_resource",
"labels": {
"service": "login.googleapis.com",
"method": "google.login.LoginService.recoveryPhoneEdit"
}
},
"timestamp": "2021-09-28T04:47:19.611095Z",
"severity": "NOTICE",
"logName": "organizations/123/logs/cloudaudit.googleapis.com%2Fdata_access",
"receiveTimestamp": "2021-09-28T04:47:25.741574446Z"
recovery_secret_qa_edit
{
"protoPayload": {
"@type": "type.googleapis.com/google.cloud.audit.AuditLog",
"authenticationInfo": {
"principalEmail": "test-user@example.com"
},
"requestMetadata": {
"callerIp": "203.0.113.255",
"requestAttributes": {},
"destinationAttributes": {}
},
"serviceName": "login.googleapis.com",
"methodName": "google.login.LoginService.recoverySecretQaEdit",
"resourceName": "organizations/123",
"metadata": {
"activityId": {
"uniqQualifier": "8328506129139272243",
"timeUsec": "1632804455273424"
},
"@type": "type.googleapis.com/ccc_hosted_reporting.ActivityProto",
"event": [
{
"eventName": "recovery_secret_qa_edit",
"eventType": "recovery_info_change",
"status": {
"success": true
},
"parameter": [
{
"type": "TYPE_STRING",
"value": "INfDlrzP9IH8_QE",
"name": "dusi",
"label": "LABEL_OPTIONAL"
}
]
}
]
}
},
"insertId": "vn31slcpmy",
"resource": {
"type": "audited_resource",
"labels": {
"method": "google.login.LoginService.recoverySecretQaEdit",
"service": "login.googleapis.com"
}
},
"timestamp": "2021-09-28T04:47:35.273424Z",
"severity": "NOTICE",
"logName": "organizations/123/logs/cloudaudit.googleapis.com%2Fdata_access",
"receiveTimestamp": "2021-09-28T04:47:37.650432219Z"
Avviso sull'account
account_disabled_password_leak
{
"protoPayload": {
"@type": "type.googleapis.com/google.cloud.audit.AuditLog",
"authenticationInfo": {},
"requestMetadata": {
"callerIp": "2001:db8:ffff:ffff:ffff:ffff:ffff:ffff"
},
"serviceName": "login.googleapis.com",
"methodName": "google.login.LoginService.accountDisabledPasswordLeak",
"resourceName": "organizations/123",
"metadata": {
"activityId": {
"timeUsec": "1619808083475000",
"uniqQualifier": "6286848759980589624"
},
"event": [
{
"eventType": "account_warning",
"eventName": "account_disabled_password_leak",
"parameter": [
{
"name": "affected_email_address",
"value": "test-user@example.com",
"label": "LABEL_OPTIONAL",
"type": "TYPE_STRING"
}
],
"status": {
"success": true
}
}
],
"@type": "type.googleapis.com/ccc_hosted_reporting.ActivityProto"
}
},
"insertId": "-xkklkzcxkl",
"resource": {
"type": "audited_resource",
"labels": {
"method": "google.login.LoginService.accountDisabledPasswordLeak",
"service": "login.googleapis.com"
}
},
"timestamp": "2021-04-30T18:41:23.475Z",
"severity": "NOTICE",
"logName": "organizations/123/logs/cloudaudit.googleapis.com%2Fdata_access",
"receiveTimestamp": "2021-04-30T18:41:24.650965796Z"
}
suspicious_login
{
"protoPayload": {
"@type": "type.googleapis.com/google.cloud.audit.AuditLog",
"authenticationInfo": {},
"requestMetadata": {
"callerIp": "2001:db8:ffff:ffff:ffff:ffff:ffff:ffff"
},
"serviceName": "login.googleapis.com",
"methodName": "google.login.LoginService.suspiciousLogin",
"resourceName": "organizations/123",
"metadata": {
"activityId": {
"timeUsec": "1620095181000000",
"uniqQualifier": "-2034771694824799453"
},
"event": [
{
"eventType": "account_warning",
"eventName": "suspicious_login",
"parameter": [
{
"name": "affected_email_address",
"value": "test-user@example.com",
"label": "LABEL_OPTIONAL",
"type": "TYPE_STRING"
}
],
"status": {
"success": true
}
}
],
"@type": "type.googleapis.com/ccc_hosted_reporting.ActivityProto"
}
},
"insertId": "-778d70d2n5b",
"resource": {
"type": "audited_resource",
"labels": {
"service": "login.googleapis.com",
"method": "google.login.LoginService.suspiciousLogin"
}
},
"timestamp": "2021-05-04T02:26:21Z",
"severity": "NOTICE",
"logName": "organizations/123/logs/cloudaudit.googleapis.com%2Fdata_access",
"receiveTimestamp": "2021-05-04T02:56:23.806722355Z"
}
suspicious_login_less_secure_app
{
"protoPayload": {
"@type": "type.googleapis.com/google.cloud.audit.AuditLog",
"authenticationInfo": {},
"requestMetadata": {
"callerIp": "2001:db8:ffff:ffff:ffff:ffff:ffff:ffff"
},
"serviceName": "login.googleapis.com",
"methodName": "google.login.LoginService.suspiciousLoginLessSecureApp",
"resourceName": "organizations/123",
"metadata": {
"activityId": {
"timeUsec": "1620095181000000",
"uniqQualifier": "-2034771694824799453"
},
"event": [
{
"eventType": "account_warning",
"eventName": "suspicious_login_less_secure_app",
"parameter": [
{
"name": "affected_email_address",
"value": "test-user@example.com",
"label": "LABEL_OPTIONAL",
"type": "TYPE_STRING"
}
],
"status": {
"success": true
}
}
],
"@type": "type.googleapis.com/ccc_hosted_reporting.ActivityProto"
}
},
"insertId": "-778d70d2n5b",
"resource": {
"type": "audited_resource",
"labels": {
"service": "login.googleapis.com",
"method": "google.login.LoginService.suspiciousLoginLessSecureApp"
}
},
"timestamp": "2021-05-04T02:26:21Z",
"severity": "NOTICE",
"logName": "organizations/123/logs/cloudaudit.googleapis.com%2Fdata_access",
"receiveTimestamp": "2021-05-04T02:56:23.806722355Z"
}
suspicious_programmatic_login
{
"protoPayload": {
"@type": "type.googleapis.com/google.cloud.audit.AuditLog",
"authenticationInfo": {},
"requestMetadata": {
"callerIp": "2001:db8:ffff:ffff:ffff:ffff:ffff:ffff"
},
"serviceName": "login.googleapis.com",
"methodName": "google.login.LoginService.suspiciousProgrammaticLogin",
"resourceName": "organizations/123",
"metadata": {
"activityId": {
"timeUsec": "1620095181000000",
"uniqQualifier": "-2034771694824799453"
},
"event": [
{
"eventType": "account_warning",
"eventName": "suspicious_programmatic_login",
"parameter": [
{
"name": "affected_email_address",
"value": "test-user@example.com",
"label": "LABEL_OPTIONAL",
"type": "TYPE_STRING"
}
],
"status": {
"success": true
}
}
],
"@type": "type.googleapis.com/ccc_hosted_reporting.ActivityProto"
}
},
"insertId": "-778d70d2n5b",
"resource": {
"type": "audited_resource",
"labels": {
"service": "login.googleapis.com",
"method": "google.login.LoginService.suspiciousProgrammaticLogin"
}
},
"timestamp": "2021-05-04T02:26:21Z",
"severity": "NOTICE",
"logName": "organizations/123/logs/cloudaudit.googleapis.com%2Fdata_access",
"receiveTimestamp": "2021-05-04T02:56:23.806722355Z"
}
account_disabled_generic
{
"protoPayload": {
"@type": "type.googleapis.com/google.cloud.audit.AuditLog",
"authenticationInfo": {},
"requestMetadata": {
"callerIp": "2001:db8:ffff:ffff:ffff:ffff:ffff:ffff"
},
"serviceName": "login.googleapis.com",
"methodName": "google.login.LoginService.accountDisabledGeneric",
"resourceName": "organizations/123",
"metadata": {
"activityId": {
"timeUsec": "1619825589352000",
"uniqQualifier": "-3303614929287073633"
},
"event": [
{
"eventType": "account_warning",
"eventName": "account_disabled_generic",
"parameter": [
{
"name": "affected_email_address",
"value": "test-user@example.com",
"label": "LABEL_OPTIONAL",
"type": "TYPE_STRING"
}
],
"status": {
"success": true
}
}
],
"@type": "type.googleapis.com/ccc_hosted_reporting.ActivityProto"
}
},
"insertId": "nlgrf8d6ygj",
"resource": {
"type": "audited_resource",
"labels": {
"method": "google.login.LoginService.accountDisabledGeneric",
"service": "login.googleapis.com"
}
},
"timestamp": "2021-04-30T23:33:09.352Z",
"severity": "NOTICE",
"logName": "organizations/123/logs/cloudaudit.googleapis.com%2Fdata_access",
"receiveTimestamp": "2021-04-30T23:33:10.673412983Z"
}
account_disabled_spamming_through_relay
{
"protoPayload": {
"@type": "type.googleapis.com/google.cloud.audit.AuditLog",
"authenticationInfo": {},
"requestMetadata": {
"callerIp": "2001:db8:ffff:ffff:ffff:ffff:ffff:ffff"
},
"serviceName": "login.googleapis.com",
"methodName": "google.login.LoginService.accountDisabledSpammingThroughRelay",
"resourceName": "organizations/123",
"metadata": {
"activityId": {
"timeUsec": "1619808083475000",
"uniqQualifier": "6286848759980589624"
},
"event": [
{
"eventType": "account_warning",
"eventName": "account_disabled_spamming_through_relay",
"parameter": [
{
"name": "affected_email_address",
"value": "test-user@example.com",
"label": "LABEL_OPTIONAL",
"type": "TYPE_STRING"
}
],
"status": {
"success": true
}
}
],
"@type": "type.googleapis.com/ccc_hosted_reporting.ActivityProto"
}
},
"insertId": "-xkklkzcxkl",
"resource": {
"type": "audited_resource",
"labels": {
"method": "google.login.LoginService.accountDisabledSpammingThroughRelay",
"service": "login.googleapis.com"
}
},
"timestamp": "2021-04-30T18:41:23.475Z",
"severity": "NOTICE",
"logName": "organizations/123/logs/cloudaudit.googleapis.com%2Fdata_access",
"receiveTimestamp": "2021-04-30T18:41:24.650965796Z"
}
account_disabled_spamming
{
"protoPayload": {
"@type": "type.googleapis.com/google.cloud.audit.AuditLog",
"authenticationInfo": {},
"requestMetadata": {
"callerIp": "2001:db8:ffff:ffff:ffff:ffff:ffff:ffff"
},
"serviceName": "login.googleapis.com",
"methodName": "google.login.LoginService.accountDisabledSpamming",
"resourceName": "organizations/123",
"metadata": {
"activityId": {
"timeUsec": "1619808083475000",
"uniqQualifier": "6286848759980589624"
},
"event": [
{
"eventType": "account_warning",
"eventName": "account_disabled_spamming",
"parameter": [
{
"name": "affected_email_address",
"value": "test-user@example.com",
"label": "LABEL_OPTIONAL",
"type": "TYPE_STRING"
}
],
"status": {
"success": true
}
}
],
"@type": "type.googleapis.com/ccc_hosted_reporting.ActivityProto"
}
},
"insertId": "-xkklkzcxkl",
"resource": {
"type": "audited_resource",
"labels": {
"method": "google.login.LoginService.accountDisabledSpamming",
"service": "login.googleapis.com"
}
},
"timestamp": "2021-04-30T18:41:23.475Z",
"severity": "NOTICE",
"logName": "organizations/123/logs/cloudaudit.googleapis.com%2Fdata_access",
"receiveTimestamp": "2021-04-30T18:41:24.650965796Z"
}
account_disabled_hijacked
{
"protoPayload": {
"@type": "type.googleapis.com/google.cloud.audit.AuditLog",
"authenticationInfo": {},
"requestMetadata": {
"callerIp": "2001:db8:ffff:ffff:ffff:ffff:ffff:ffff"
},
"serviceName": "login.googleapis.com",
"methodName": "google.login.LoginService.accountDisabledHijacked",
"resourceName": "organizations/123",
"metadata": {
"activityId": {
"timeUsec": "1619825589352000",
"uniqQualifier": "-3303614929287073633"
},
"event": [
{
"eventType": "account_warning",
"eventName": "account_disabled_hijacked",
"parameter": [
{
"name": "affected_email_address",
"value": "test-user@example.com",
"label": "LABEL_OPTIONAL",
"type": "TYPE_STRING"
}
],
"status": {
"success": true
}
}
],
"@type": "type.googleapis.com/ccc_hosted_reporting.ActivityProto"
}
},
"insertId": "nlgrf8d6ygj",
"resource": {
"type": "audited_resource",
"labels": {
"method": "google.login.LoginService.accountDisabledHijacked",
"service": "login.googleapis.com"
}
},
"timestamp": "2021-04-30T23:33:09.352Z",
"severity": "NOTICE",
"logName": "organizations/123/logs/cloudaudit.googleapis.com%2Fdata_access",
"receiveTimestamp": "2021-04-30T23:33:10.673412983Z"
}
Iscrizione alla protezione avanzata modificata
titanium_enroll
{
"protoPayload": {
"@type": "type.googleapis.com/google.cloud.audit.AuditLog",
"authenticationInfo": {
"principalEmail": "test-user@example.com"
},
"requestMetadata": {
"callerIp": "203.0.113.255",
"requestAttributes": {},
"destinationAttributes": {}
},
"serviceName": "login.googleapis.com",
"methodName": "google.login.LoginService.titaniumEnroll",
"resourceName": "organizations/123",
"metadata": {
"activityId": {
"uniqQualifier": "4206430548119220064",
"timeUsec": "1632843484846000"
},
"event": [
{
"eventName": "titanium_enroll",
"status": {
"success": true
},
"parameter": [
{
"label": "LABEL_OPTIONAL",
"value": "INfDlrzP9IH8_QE",
"type": "TYPE_STRING",
"name": "dusi"
}
],
"eventType": "titanium_change"
}
],
"@type": "type.googleapis.com/ccc_hosted_reporting.ActivityProto"
}
},
"insertId": "-bxbn5bd167i",
"resource": {
"type": "audited_resource",
"labels": {
"service": "login.googleapis.com",
"method": "google.login.LoginService.titaniumEnroll"
}
},
"timestamp": "2021-09-28T15:38:04.846Z",
"severity": "NOTICE",
"logName": "organizations/123/logs/cloudaudit.googleapis.com%2Fdata_access",
"receiveTimestamp": "2021-09-28T15:38:05.969683854Z"
}
titanium_unenroll
{
"protoPayload": {
"@type": "type.googleapis.com/google.cloud.audit.AuditLog",
"authenticationInfo": {
"principalEmail": "test-user@example.com"
},
"requestMetadata": {
"callerIp": "203.0.113.255",
"requestAttributes": {},
"destinationAttributes": {}
},
"serviceName": "login.googleapis.com",
"methodName": "google.login.LoginService.titaniumUnenroll",
"resourceName": "organizations/123",
"metadata": {
"@type": "type.googleapis.com/ccc_hosted_reporting.ActivityProto",
"event": [
{
"eventType": "titanium_change",
"status": {
"success": true
},
"eventName": "titanium_unenroll",
"parameter": [
{
"type": "TYPE_STRING",
"label": "LABEL_OPTIONAL",
"value": "INfDlrzP9IH8_QE",
"name": "dusi"
}
]
}
],
"activityId": {
"timeUsec": "1632843914653434",
"uniqQualifier": "-6706492269209711994"
}
}
},
"insertId": "-vw60qad1861",
"resource": {
"type": "audited_resource",
"labels": {
"service": "login.googleapis.com",
"method": "google.login.LoginService.titaniumUnenroll"
}
},
"timestamp": "2021-09-28T15:45:14.653434Z",
"severity": "NOTICE",
"logName": "organizations/123/logs/cloudaudit.googleapis.com%2Fdata_access",
"receiveTimestamp": "2021-09-28T15:45:15.862755277Z"
}
Avviso di attacco
gov_attack_warning
{
"protoPayload": {
"@type": "type.googleapis.com/google.cloud.audit.AuditLog",
"authenticationInfo": {
"principalEmail": "test-user@example.com"
},
"requestMetadata": {
"callerIp": "2001:db8:ffff:ffff:ffff:ffff:ffff:ffff",
"requestAttributes": {},
"destinationAttributes": {}
},
"serviceName": "login.googleapis.com",
"methodName": "google.login.LoginService.govAttackWarning",
"resourceName": "organizations/123",
"metadata": {
"activityId": {
"timeUsec": "1619825837106000",
"uniqQualifier": "7230131091737932677"
},
"@type": "type.googleapis.com/ccc_hosted_reporting.ActivityProto",
"event": [
{
"eventName": "gov_attack_warning",
"eventType": "attack_warning",
"status": {
"success": true
}
}
]
}
},
"insertId": "bxuophd1vlw",
"resource": {
"type": "audited_resource",
"labels": {
"service": "login.googleapis.com",
"method": "google.login.LoginService.govAttackWarning"
}
},
"timestamp": "2021-04-30T23:37:17.106Z",
"severity": "NOTICE",
"logName": "organizations/123/logs/cloudaudit.googleapis.com%2Fdata_access",
"receiveTimestamp": "2021-04-30T23:37:18.488559815Z"
}
Impostazioni di inoltro email modificate
email_forwarding_out_of_domain
{
"protoPayload": {
"@type": "type.googleapis.com/google.cloud.audit.AuditLog",
"authenticationInfo": {
"principalEmail": "test-user@example.com"
},
"requestMetadata": {
"callerIp": "203.0.113.255",
"requestAttributes": {},
"destinationAttributes": {}
},
"serviceName": "login.googleapis.com",
"methodName": "google.login.LoginService.emailForwardingOutOfDomain",
"resourceName": "organizations/123",
"metadata": {
"activityId": {
"uniqQualifier": "-5683698025624301037",
"timeUsec": "1632501152256000"
},
"@type": "type.googleapis.com/ccc_hosted_reporting.ActivityProto",
"event": [
{
"eventName": "email_forwarding_out_of_domain",
"status": {
"success": true
},
"parameter": [
{
"name": "dusi",
"type": "TYPE_STRING",
"value": "INfDlrzP9IH8_QE",
"label": "LABEL_OPTIONAL"
},
{
"type": "TYPE_STRING",
"label": "LABEL_OPTIONAL",
"value": "test-user@google.com",
"name": "email_forwarding_destination_address"
}
],
"eventType": "email_forwarding_change"
}
]
}
},
"insertId": "rrcp9gd3y2f",
"resource": {
"type": "audited_resource",
"labels": {
"method": "google.login.LoginService.emailForwardingOutOfDomain",
"service": "login.googleapis.com"
}
},
"timestamp": "2021-09-24T16:32:32.256Z",
"severity": "NOTICE",
"logName": "organizations/123/logs/cloudaudit.googleapis.com%2Fdata_access",
"receiveTimestamp": "2021-09-24T16:32:33.319260836Z"
}
Accesso
login_failure
{
"protoPayload": {
"@type": "type.googleapis.com/google.cloud.audit.AuditLog",
"authenticationInfo": {
"principalEmail": "test-user@example.com"
},
"requestMetadata": {
"callerIp": "2001:db8:ffff:ffff:ffff:ffff:ffff:ffff",
"requestAttributes": {},
"destinationAttributes": {}
},
"serviceName": "login.googleapis.com",
"methodName": "google.login.LoginService.loginFailure",
"resourceName": "organizations/123",
"metadata": {
"event": [
{
"eventName": "login_failure",
"eventType": "login",
"parameter": [
{
"value": "google_password",
"type": "TYPE_STRING",
"name": "login_type",
"label": "LABEL_OPTIONAL"
},
{
"name": "login_challenge_method",
"type": "TYPE_STRING",
"label": "LABEL_REPEATED",
"multiStrValue": [
"password",
"idv_preregistered_phone",
"idv_preregistered_phone"
]
},
{
"label": "LABEL_OPTIONAL",
"name": "dusi",
"type": "TYPE_STRING",
"value": "IOWJlfPwgvrTfg"
}
]
}
],
"activityId": {
"uniqQualifier": "358068855354",
"timeUsec": "1632500217183212"
},
"@type": "type.googleapis.com/ccc_hosted_reporting.ActivityProto"
}
},
"insertId": "-nahbepd4l1x",
"resource": {
"type": "audited_resource",
"labels": {
"method": "google.login.LoginService.loginFailure",
"service": "login.googleapis.com"
}
},
"timestamp": "2021-09-24T16:16:57.183212Z",
"severity": "NOTICE",
"logName": "organizations/123/logs/cloudaudit.googleapis.com%2Fdata_access",
"receiveTimestamp": "2021-09-24T17:51:25.034361197Z"
}
login_challenge
{
"protoPayload": {
"@type": "type.googleapis.com/google.cloud.audit.AuditLog",
"authenticationInfo": {
"principalEmail": "test-user@example.com"
},
"requestMetadata": {
"callerIp": "2001:db8:ffff:ffff:ffff:ffff:ffff:ffff",
"requestAttributes": {},
"destinationAttributes": {}
},
"serviceName": "login.googleapis.com",
"methodName": "google.login.LoginService.loginChallenge",
"resourceName": "organizations/123",
"metadata": {
"@type": "type.googleapis.com/ccc_hosted_reporting.ActivityProto",
"event": [
{
"eventName": "login_challenge",
"parameter": [
{
"name": "login_type",
"value": "google_password",
"type": "TYPE_STRING",
"label": "LABEL_OPTIONAL"
},
{
"type": "TYPE_STRING",
"label": "LABEL_REPEATED",
"name": "login_challenge_method",
"multiStrValue": [
"idv_preregistered_phone"
]
},
{
"label": "LABEL_OPTIONAL",
"type": "TYPE_STRING",
"value": "incorrect_answer_entered",
"name": "login_challenge_status"
},
{
"type": "TYPE_STRING",
"name": "dusi",
"label": "LABEL_OPTIONAL",
"value": "IOWJlfPwgvrTfg"
}
],
"eventType": "login"
}
],
"activityId": {
"timeUsec": "1632500217183211",
"uniqQualifier": "358068855354"
}
}
},
"insertId": "-nahbepd4l2j",
"resource": {
"type": "audited_resource",
"labels": {
"service": "login.googleapis.com",
"method": "google.login.LoginService.loginChallenge"
}
},
"timestamp": "2021-09-24T16:16:57.183211Z",
"severity": "NOTICE",
"logName": "organizations/123/logs/cloudaudit.googleapis.com%2Fdata_access",
"receiveTimestamp": "2021-09-24T17:51:28.041126044Z"
login_verification
{
"protoPayload": {
"@type": "type.googleapis.com/google.cloud.audit.AuditLog",
"authenticationInfo": {
"principalEmail": "test-user@example.com"
},
"requestMetadata": {
"callerIp": "203.0.113.255",
"requestAttributes": {},
"destinationAttributes": {}
},
"serviceName": "login.googleapis.com",
"methodName": "google.login.LoginService.loginVerification",
"resourceName": "organizations/123",
"metadata": {
"@type": "type.googleapis.com/ccc_hosted_reporting.ActivityProto",
"event": [
{
"eventName": "login_verification",
"parameter": [
{
"name": "login_type",
"type": "TYPE_STRING",
"value": "google_password",
"label": "LABEL_OPTIONAL"
},
{
"name": "login_challenge_method",
"multiStrValue": [
"idv_preregistered_phone"
],
"label": "LABEL_REPEATED",
"type": "TYPE_STRING"
},
{
"value": "passed",
"name": "login_challenge_status",
"type": "TYPE_STRING",
"label": "LABEL_OPTIONAL"
},
{
"value": "INfDlrzP9IH8_QE",
"label": "LABEL_OPTIONAL",
"name": "dusi",
"type": "TYPE_STRING"
},
{
"label": "LABEL_OPTIONAL",
"boolValue": true,
"type": "TYPE_BOOL",
"name": "is_second_factor"
}
],
"eventType": "login"
}
],
"activityId": {
"uniqQualifier": "358068855354",
"timeUsec": "1632459936762000"
}
}
},
"insertId": "ivb9z4d41rh",
"resource": {
"type": "audited_resource",
"labels": {
"method": "google.login.LoginService.loginVerification",
"service": "login.googleapis.com"
}
},
"timestamp": "2021-09-24T05:05:36.762Z",
"severity": "NOTICE",
"logName": "organizations/123/logs/cloudaudit.googleapis.com%2Fdata_access",
"receiveTimestamp": "2021-09-24T06:39:22.386813664Z"
}
logout
{
"protoPayload": {
"@type": "type.googleapis.com/google.cloud.audit.AuditLog",
"authenticationInfo": {
"principalEmail": "test-user@example.com"
},
"requestMetadata": {
"callerIp": "203.0.113.255",
"requestAttributes": {},
"destinationAttributes": {}
},
"serviceName": "login.googleapis.com",
"methodName": "google.login.LoginService.logout",
"resourceName": "organizations/123",
"metadata": {
"event": [
{
"eventName": "logout",
"eventType": "login",
"parameter": [
{
"type": "TYPE_STRING",
"label": "LABEL_OPTIONAL",
"name": "login_type",
"value": "google_password"
},
{
"type": "TYPE_STRING",
"name": "dusi",
"label": "LABEL_OPTIONAL",
"value": "INfDlrzP9IH8_QE"
}
]
}
],
"activityId": {
"uniqQualifier": "358068855354",
"timeUsec": "1632459903014598"
},
"@type": "type.googleapis.com/ccc_hosted_reporting.ActivityProto"
}
},
"insertId": "v37ytid14th",
"resource": {
"type": "audited_resource",
"labels": {
"service": "login.googleapis.com",
"method": "google.login.LoginService.logout"
}
},
"timestamp": "2021-09-24T05:05:03.014598Z",
"severity": "NOTICE",
"logName": "organizations/123/logs/cloudaudit.googleapis.com%2Fdata_access",
"receiveTimestamp": "2021-09-24T06:39:22.229734504Z"
}
login_success
{
"protoPayload": {
"@type": "type.googleapis.com/google.cloud.audit.AuditLog",
"authenticationInfo": {
"principalEmail": "test-user@example.com"
},
"requestMetadata": {
"callerIp": "203.0.113.255",
"requestAttributes": {},
"destinationAttributes": {}
},
"serviceName": "login.googleapis.com",
"methodName": "google.login.LoginService.loginSuccess",
"resourceName": "organizations/123",
"metadata": {
"@type": "type.googleapis.com/ccc_hosted_reporting.ActivityProto",
"activityId": {
"timeUsec": "1632458429811809",
"uniqQualifier": "358068855354"
},
"event": [
{
"parameter": [
{
"type": "TYPE_STRING",
"value": "google_password",
"name": "login_type",
"label": "LABEL_OPTIONAL"
},
{
"name": "login_challenge_method",
"label": "LABEL_REPEATED",
"type": "TYPE_STRING",
"multiStrValue": [
"password"
]
},
{
"type": "TYPE_BOOL",
"boolValue": false,
"name": "is_suspicious",
"label": "LABEL_OPTIONAL"
},
{
"value": "INfDlrzP9IH8_QE",
"name": "dusi",
"type": "TYPE_STRING",
"label": "LABEL_OPTIONAL"
}
],
"eventType": "login",
"eventName": "login_success"
}
]
}
},
"insertId": "ci1svzd3hfk",
"resource": {
"type": "audited_resource",
"labels": {
"service": "login.googleapis.com",
"method": "google.login.LoginService.loginSuccess"
}
},
"timestamp": "2021-09-24T04:40:29.811809Z",
"severity": "NOTICE",
"logName": "organizations/123/logs/cloudaudit.googleapis.com%2Fdata_access",
"receiveTimestamp": "2021-09-24T05:43:20.474338130Z"
}