Skip to content

Latest commit

 

History

History
100 lines (86 loc) · 3.1 KB

5.11.md

File metadata and controls

100 lines (86 loc) · 3.1 KB
Raw

5.11 - Recent dataset activity with granular permissions details

List who/how performed various Dataset activities (create, read, delete) in the past month. Include what kind of permissions users had to perform that operation.

Category: Data Usage
Use Cases: Audit, Respond
Data Sources: Audit Logs - Admin Activity

Queries or Rules

BigQuery Log Analytics Google SecOps
SQL SQL Contribute rule

Event Generation

No event generation steps provided. Contribute emulation test to this use case.

Sample Event

google.cloud.bigquery.v2.JobService.InsertJob-dataRead

[
  {
    "logName": "projects/1234/logs/cloudaudit.googleapis.com%2Fdata_access",
    "resource": {
      "type": "bigquery_dataset",
      "labels": {
        "method": null,
        "version": null,
        "location": null,
        "project_id": "1234",
        "service": null,
        "name": null,
        "dataset_id": "my_dataset"
      }
    },
    "protopayload_auditlog": {
      "serviceName": "bigquery.googleapis.com",
      "methodName": "google.cloud.bigquery.v2.JobService.InsertJob",
      "resourceName": "projects/1234/datasets/my_dataset/tables/my_table",
      "resourceLocation": null,
      "numResponseItems": null,
      "status": null,
      "authenticationInfo": {
        "principalEmail": "test-user@example.com",
        "authoritySelector": null,
        "serviceAccountKeyName": null,
        "serviceAccountDelegationInfo": [

        ],
        "principalSubject": null
      },
      "authorizationInfo": [
        {
          "resource": "projects/1234/datasets/my_dataset/tables/my_table",
          "permission": "bigquery.tables.getData",
          "granted": "true",
          "resourceAttributes": null
        }
      ],
      "requestMetadata": {
        "callerIp": "203.0.113.255",
        "callerSuppliedUserAgent": "<redacted>",
        "callerNetwork": null,
        "requestAttributes": null,
        "destinationAttributes": null
      },
      "requestJson": null,
      "servicedata_v1_bigquery": null,
      "metadataJson": "{\"@type\":\"type.googleapis.com/google.cloud.audit.BigQueryAuditMetadata\",\"tableDataRead\":{\"fields\":[\"_PARTITIONDATE\",\"columnA\",\"structA\",\"structA.foo\",\"structA.bar\"],\"jobName\":\"projects/1234/jobs/12345678\",\"reason\":\"JOB\"}}",
      "responseJson": null,
      "servicedata_v1_iam": null,
      "policyViolationInfo": null
    },
    "textPayload": null,
    "timestamp": "2022-08-22T02:12:57.630Z",
    "receiveTimestamp": "2022-08-22T02:12:58.346Z",
    "severity": "INFO",
    "insertId": "2ihezydi73o",
    "httpRequest": null,
    "operation": null,
    "trace": null,
    "spanId": null,
    "traceSampled": null,
    "sourceLocation": null,
    "split": null
  }
]

References