Azure
/
Azure-Sentinel
зеркало из
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

GCP IAM - add sample data

This commit is contained in:
Vitalii Uslystyi 2021-06-07 16:15:01 +03:00
Родитель ff66c683f5
Коммит 30b2481d19
2 изменённых файлов: 1181 добавлений и 0 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

309
.script/tests/KqlvalidationsTests/CustomTables/GCP_IAM_CL.json Normal file
Просмотреть файл

@ -0,0 +1,309 @@
{
"Name": "GCP_IAM_CL",
"Properties": [
{
"Name": "payload_status_code_d",
"Type": "Double"
},
{
"Name": "payload_status_message_s",
"Type": "String"
},
{
"Name": "payload_request_key_types_s",
"Type": "String"
},
{
"Name": "payload_serviceData_permissionDelta_removedPermissions_s",
"Type": "String"
},
{
"Name": "payload_request_update_mask_paths_s",
"Type": "String"
},
{
"Name": "resource_labels_topic_id_s",
"Type": "String"
},
{
"Name": "payload_serviceData_policyDelta_bindingDeltas_s",
"Type": "String"
},
{
"Name": "payload_request_policy_auditConfigs_s",
"Type": "String"
},
{
"Name": "payload_request_policy_etag_s",
"Type": "String"
},
{
"Name": "payload_request_policy_bindings_s",
"Type": "String"
},
{
"Name": "payload_request_resource_s",
"Type": "String"
},
{
"Name": "payload_response_bindings_s",
"Type": "String"
},
{
"Name": "payload_response_auditConfigs_s",
"Type": "String"
},
{
"Name": "payload_request_page_size_d",
"Type": "Double"
},
{
"Name": "payload_request_remove_deleted_service_accounts_b",
"Type": "Boolean"
},
{
"Name": "payload_request_view_d",
"Type": "Double"
},
{
"Name": "payload_request_parent_s",
"Type": "String"
},
{
"Name": "payload_request_show_deleted_b",
"Type": "Boolean"
},
{
"Name": "resource_labels_role_name_s",
"Type": "String"
},
{
"Name": "payload_serviceData__type_s",
"Type": "String"
},
{
"Name": "payload_serviceData_permissionDelta_addedPermissions_s",
"Type": "String"
},
{
"Name": "payload_request_role_included_permissions_s",
"Type": "String"
},
{
"Name": "payload_request_role_title_s",
"Type": "String"
},
{
"Name": "payload_request_role_description_s",
"Type": "String"
},
{
"Name": "payload_request_role_id_s",
"Type": "String"
},
{
"Name": "payload_response_group_name_s",
"Type": "String"
},
{
"Name": "payload_response_included_permissions_s",
"Type": "String"
},
{
"Name": "payload_response_title_s",
"Type": "String"
},
{
"Name": "payload_response_group_title_s",
"Type": "String"
},
{
"Name": "log_name_s",
"Type": "String"
},
{
"Name": "insert_id_s",
"Type": "String"
},
{
"Name": "severity_s",
"Type": "String"
},
{
"Name": "timestamp_t",
"Type": "DateTime"
},
{
"Name": "resource_type_s",
"Type": "String"
},
{
"Name": "resource_labels_email_id_s",
"Type": "String"
},
{
"Name": "resource_labels_project_id_s",
"Type": "String"
},
{
"Name": "resource_labels_unique_id_s",
"Type": "String"
},
{
"Name": "payload__type_s",
"Type": "String"
},
{
"Name": "payload_authenticationInfo_principalEmail_s",
"Type": "String"
},
{
"Name": "payload_authenticationInfo_principalSubject_s",
"Type": "String"
},
{
"Name": "payload_requestMetadata_callerIp_s",
"Type": "String"
},
{
"Name": "payload_requestMetadata_callerSuppliedUserAgent_s",
"Type": "String"
},
{
"Name": "payload_requestMetadata_requestAttributes_time_s",
"Type": "String"
},
{
"Name": "payload_serviceName_s",
"Type": "String"
},
{
"Name": "payload_methodName_s",
"Type": "String"
},
{
"Name": "payload_authorizationInfo_s",
"Type": "String"
},
{
"Name": "payload_resourceName_s",
"Type": "String"
},
{
"Name": "payload_request__type_s",
"Type": "String"
},
{
"Name": "payload_request_name_s",
"Type": "String"
},
{
"Name": "payload_request_account_id_s",
"Type": "String"
},
{
"Name": "payload_request_service_account_description_s",
"Type": "String"
},
{
"Name": "payload_request_service_account_display_name_s",
"Type": "String"
},
{
"Name": "payload_response_oauth2_client_id_s",
"Type": "String"
},
{
"Name": "payload_response_name_s",
"Type": "String"
},
{
"Name": "payload_response_etag_s",
"Type": "String"
},
{
"Name": "payload_response_unique_id_s",
"Type": "String"
},
{
"Name": "payload_response_description_s",
"Type": "String"
},
{
"Name": "payload_response_project_id_s",
"Type": "String"
},
{
"Name": "payload_response_display_name_s",
"Type": "String"
},
{
"Name": "payload_response__type_s",
"Type": "String"
},
{
"Name": "payload_response_email_s",
"Type": "String"
},
{
"Name": "payload_request_private_key_type_d",
"Type": "Double"
},
{
"Name": "payload_response_valid_before_time_seconds_d",
"Type": "Double"
},
{
"Name": "payload_response_valid_after_time_seconds_d",
"Type": "Double"
},
{
"Name": "payload_response_key_type_d",
"Type": "Double"
},
{
"Name": "payload_response_key_origin_d",
"Type": "Double"
},
{
"Name": "payload_response_private_key_type_d",
"Type": "Double"
},
{
"Name": "payload_response_key_algorithm_d",
"Type": "Double"
},
{
"Name": "resource_labels_service_s",
"Type": "String"
},
{
"Name": "resource_labels_version_s",
"Type": "String"
},
{
"Name": "resource_labels_location_s",
"Type": "String"
},
{
"Name": "resource_labels_method_s",
"Type": "String"
},
{
"Name": "payload_request_full_resource_name_s",
"Type": "String"
},
{
"Name": "payload_request_options_requested_policy_version_d",
"Type": "Double"
},
{
"Name": "payload_request_skip_visibility_check_b",
"Type": "Boolean"
},
{
"Name": "payload_request_page_token_s",
"Type": "String"
}
]
}

872
Sample Data/Custom/GCP_IAM_CL.json Normal file
Просмотреть файл

@ -0,0 +1,872 @@
[
{
"TenantId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated [UTC]": "6/3/2021, 4:11:48.323 PM",
"Computer": "",
"RawData": "",
"payload_status_code_d": "",
"payload_status_message_s": "",
"payload_request_key_types_s": "",
"payload_serviceData_permissionDelta_removedPermissions_s": "",
"payload_request_update_mask_paths_s": "",
"resource_labels_topic_id_s": "",
"payload_serviceData_policyDelta_bindingDeltas_s": "",
"payload_request_policy_auditConfigs_s": "",
"payload_request_policy_etag_s": "",
"payload_request_policy_bindings_s": "",
"payload_request_resource_s": "",
"payload_response_bindings_s": "",
"payload_response_auditConfigs_s": "",
"payload_request_page_size_d": "100",
"payload_request_remove_deleted_service_accounts_b": "true",
"payload_request_view_d": "",
"payload_request_parent_s": "",
"payload_request_show_deleted_b": "",
"resource_labels_role_name_s": "",
"payload_serviceData__type_s": "",
"payload_serviceData_permissionDelta_addedPermissions_s": "",
"payload_request_role_included_permissions_s": "",
"payload_request_role_title_s": "",
"payload_request_role_description_s": "",
"payload_request_role_id_s": "",
"payload_response_group_name_s": "",
"payload_response_included_permissions_s": "",
"payload_response_title_s": "",
"payload_response_group_title_s": "",
"log_name_s": "projects/test-api-project-111111/logs/cloudaudit.googleapis.com%2Fdata_access",
"insert_id_s": "4gbrtie66gza",
"severity_s": "INFO",
"timestamp_t [UTC]": "5/27/2021, 5:13:43.707 PM",
"resource_type_s": "api",
"resource_labels_email_id_s": "",
"resource_labels_project_id_s": "test-api-project-111111",
"resource_labels_unique_id_s": "",
"payload__type_s": "type.googleapis.com/google.cloud.audit.AuditLog",
"payload_authenticationInfo_principalEmail_s": "test@example.com",
"payload_authenticationInfo_principalSubject_s": "user:test@example.com",
"payload_requestMetadata_callerIp_s": "10.10.10.10",
"payload_requestMetadata_callerSuppliedUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36,gzip(gfe)",
"payload_requestMetadata_requestAttributes_time_s": "2021-05-27T17:13:43.843455400Z",
"payload_serviceName_s": "iam.googleapis.com",
"payload_methodName_s": "google.iam.admin.v1.ListServiceAccounts",
"payload_authorizationInfo_s": "[\n {\n \"resource\": \"projects/test-api-project-111111\",\n \"permission\": \"iam.serviceAccounts.list\",\n \"granted\": true,\n \"resourceAttributes\": {}\n }\n]",
"payload_resourceName_s": "projects/test-api-project-111111",
"payload_request__type_s": "type.googleapis.com/google.iam.admin.v1.ListServiceAccountsRequest",
"payload_request_name_s": "projects/test-api-project-111111",
"payload_request_account_id_s": "",
"payload_request_service_account_description_s": "",
"payload_request_service_account_display_name_s": "",
"payload_response_oauth2_client_id_s": "",
"payload_response_name_s": "",
"payload_response_etag_s": "",
"payload_response_unique_id_s": "",
"payload_response_description_s": "",
"payload_response_project_id_s": "",
"payload_response_display_name_s": "",
"payload_response__type_s": "",
"payload_response_email_s": "",
"payload_request_private_key_type_d": "",
"payload_response_valid_before_time_seconds_d": "",
"payload_response_valid_after_time_seconds_d": "",
"payload_response_key_type_d": "",
"payload_response_key_origin_d": "",
"payload_response_private_key_type_d": "",
"payload_response_key_algorithm_d": "",
"resource_labels_service_s": "iam.googleapis.com",
"resource_labels_version_s": "v1",
"resource_labels_location_s": "global",
"resource_labels_method_s": "google.iam.admin.v1.ListServiceAccounts",
"payload_request_full_resource_name_s": "",
"payload_request_options_requested_policy_version_d": "",
"payload_request_skip_visibility_check_b": "",
"payload_request_page_token_s": "",
"Type": "GCP_IAM_CL",
"_ResourceId": ""
},
{
"TenantId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated [UTC]": "6/3/2021, 4:11:48.323 PM",
"Computer": "",
"RawData": "",
"payload_status_code_d": "",
"payload_status_message_s": "",
"payload_request_key_types_s": "[\n 1\n]",
"payload_serviceData_permissionDelta_removedPermissions_s": "",
"payload_request_update_mask_paths_s": "",
"resource_labels_topic_id_s": "",
"payload_serviceData_policyDelta_bindingDeltas_s": "",
"payload_request_policy_auditConfigs_s": "",
"payload_request_policy_etag_s": "",
"payload_request_policy_bindings_s": "",
"payload_request_resource_s": "",
"payload_response_bindings_s": "",
"payload_response_auditConfigs_s": "",
"payload_request_page_size_d": "",
"payload_request_remove_deleted_service_accounts_b": "",
"payload_request_view_d": "",
"payload_request_parent_s": "",
"payload_request_show_deleted_b": "",
"resource_labels_role_name_s": "",
"payload_serviceData__type_s": "",
"payload_serviceData_permissionDelta_addedPermissions_s": "",
"payload_request_role_included_permissions_s": "",
"payload_request_role_title_s": "",
"payload_request_role_description_s": "",
"payload_request_role_id_s": "",
"payload_response_group_name_s": "",
"payload_response_included_permissions_s": "",
"payload_response_title_s": "",
"payload_response_group_title_s": "",
"log_name_s": "projects/test-api-project-111111/logs/cloudaudit.googleapis.com%2Fdata_access",
"insert_id_s": "vczv22e67ud9",
"severity_s": "INFO",
"timestamp_t [UTC]": "5/27/2021, 5:13:44.139 PM",
"resource_type_s": "service_account",
"resource_labels_email_id_s": "testloggingapi@test-api-project-111111.iam.gserviceaccount.com",
"resource_labels_project_id_s": "test-api-project-111111",
"resource_labels_unique_id_s": "111111111111111111111",
"payload__type_s": "type.googleapis.com/google.cloud.audit.AuditLog",
"payload_authenticationInfo_principalEmail_s": "test@example.com",
"payload_authenticationInfo_principalSubject_s": "",
"payload_requestMetadata_callerIp_s": "10.10.10.10",
"payload_requestMetadata_callerSuppliedUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36,gzip(gfe)",
"payload_requestMetadata_requestAttributes_time_s": "2021-05-27T17:13:44.247883026Z",
"payload_serviceName_s": "iam.googleapis.com",
"payload_methodName_s": "google.iam.admin.v1.ListServiceAccountKeys",
"payload_authorizationInfo_s": "[\n {\n \"resource\": \"projects/-/serviceAccounts/111111111111111111111\",\n \"permission\": \"iam.serviceAccountKeys.list\",\n \"granted\": true,\n \"resourceAttributes\": {\n \"name\": \"projects/-/serviceAccounts/111111111111111111111\"\n }\n }\n]",
"payload_resourceName_s": "projects/-/serviceAccounts/111111111111111111111",
"payload_request__type_s": "type.googleapis.com/google.iam.admin.v1.ListServiceAccountKeysRequest",
"payload_request_name_s": "projects/test-api-project-111111/serviceAccounts/111111111111111111111",
"payload_request_account_id_s": "",
"payload_request_service_account_description_s": "",
"payload_request_service_account_display_name_s": "",
"payload_response_oauth2_client_id_s": "",
"payload_response_name_s": "",
"payload_response_etag_s": "",
"payload_response_unique_id_s": "",
"payload_response_description_s": "",
"payload_response_project_id_s": "",
"payload_response_display_name_s": "",
"payload_response__type_s": "type.googleapis.com/google.iam.admin.v1.ListServiceAccountKeysResponse",
"payload_response_email_s": "",
"payload_request_private_key_type_d": "",
"payload_response_valid_before_time_seconds_d": "",
"payload_response_valid_after_time_seconds_d": "",
"payload_response_key_type_d": "",
"payload_response_key_origin_d": "",
"payload_response_private_key_type_d": "",
"payload_response_key_algorithm_d": "",
"resource_labels_service_s": "",
"resource_labels_version_s": "",
"resource_labels_location_s": "",
"resource_labels_method_s": "",
"payload_request_full_resource_name_s": "",
"payload_request_options_requested_policy_version_d": "",
"payload_request_skip_visibility_check_b": "",
"payload_request_page_token_s": "",
"Type": "GCP_IAM_CL",
"_ResourceId": ""
},
{
"TenantId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated [UTC]": "6/3/2021, 4:11:48.323 PM",
"Computer": "",
"RawData": "",
"payload_status_code_d": "",
"payload_status_message_s": "",
"payload_request_key_types_s": "[\n 1\n]",
"payload_serviceData_permissionDelta_removedPermissions_s": "",
"payload_request_update_mask_paths_s": "",
"resource_labels_topic_id_s": "",
"payload_serviceData_policyDelta_bindingDeltas_s": "",
"payload_request_policy_auditConfigs_s": "",
"payload_request_policy_etag_s": "",
"payload_request_policy_bindings_s": "",
"payload_request_resource_s": "",
"payload_response_bindings_s": "",
"payload_response_auditConfigs_s": "",
"payload_request_page_size_d": "",
"payload_request_remove_deleted_service_accounts_b": "",
"payload_request_view_d": "",
"payload_request_parent_s": "",
"payload_request_show_deleted_b": "",
"resource_labels_role_name_s": "",
"payload_serviceData__type_s": "",
"payload_serviceData_permissionDelta_addedPermissions_s": "",
"payload_request_role_included_permissions_s": "",
"payload_request_role_title_s": "",
"payload_request_role_description_s": "",
"payload_request_role_id_s": "",
"payload_response_group_name_s": "",
"payload_response_included_permissions_s": "",
"payload_response_title_s": "",
"payload_response_group_title_s": "",
"log_name_s": "projects/test-api-project-111111/logs/cloudaudit.googleapis.com%2Fdata_access",
"insert_id_s": "yz5xgqe677ov",
"severity_s": "INFO",
"timestamp_t [UTC]": "5/27/2021, 5:13:44.139 PM",
"resource_type_s": "service_account",
"resource_labels_email_id_s": "pubsub-test-account2@test-api-project-111111.iam.gserviceaccount.com",
"resource_labels_project_id_s": "test-api-project-111111",
"resource_labels_unique_id_s": "000000000000000000000",
"payload__type_s": "type.googleapis.com/google.cloud.audit.AuditLog",
"payload_authenticationInfo_principalEmail_s": "test@example.com",
"payload_authenticationInfo_principalSubject_s": "",
"payload_requestMetadata_callerIp_s": "10.10.10.10",
"payload_requestMetadata_callerSuppliedUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36,gzip(gfe)",
"payload_requestMetadata_requestAttributes_time_s": "2021-05-27T17:13:44.245514979Z",
"payload_serviceName_s": "iam.googleapis.com",
"payload_methodName_s": "google.iam.admin.v1.ListServiceAccountKeys",
"payload_authorizationInfo_s": "[\n {\n \"resource\": \"projects/-/serviceAccounts/000000000000000000000\",\n \"permission\": \"iam.serviceAccountKeys.list\",\n \"granted\": true,\n \"resourceAttributes\": {\n \"name\": \"projects/-/serviceAccounts/000000000000000000000\"\n }\n }\n]",
"payload_resourceName_s": "projects/-/serviceAccounts/000000000000000000000",
"payload_request__type_s": "type.googleapis.com/google.iam.admin.v1.ListServiceAccountKeysRequest",
"payload_request_name_s": "projects/test-api-project-111111/serviceAccounts/000000000000000000000",
"payload_request_account_id_s": "",
"payload_request_service_account_description_s": "",
"payload_request_service_account_display_name_s": "",
"payload_response_oauth2_client_id_s": "",
"payload_response_name_s": "",
"payload_response_etag_s": "",
"payload_response_unique_id_s": "",
"payload_response_description_s": "",
"payload_response_project_id_s": "",
"payload_response_display_name_s": "",
"payload_response__type_s": "type.googleapis.com/google.iam.admin.v1.ListServiceAccountKeysResponse",
"payload_response_email_s": "",
"payload_request_private_key_type_d": "",
"payload_response_valid_before_time_seconds_d": "",
"payload_response_valid_after_time_seconds_d": "",
"payload_response_key_type_d": "",
"payload_response_key_origin_d": "",
"payload_response_private_key_type_d": "",
"payload_response_key_algorithm_d": "",
"resource_labels_service_s": "",
"resource_labels_version_s": "",
"resource_labels_location_s": "",
"resource_labels_method_s": "",
"payload_request_full_resource_name_s": "",
"payload_request_options_requested_policy_version_d": "",
"payload_request_skip_visibility_check_b": "",
"payload_request_page_token_s": "",
"Type": "GCP_IAM_CL",
"_ResourceId": ""
},
{
"TenantId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated [UTC]": "6/3/2021, 4:11:48.323 PM",
"Computer": "",
"RawData": "",
"payload_status_code_d": "",
"payload_status_message_s": "",
"payload_request_key_types_s": "[\n 1\n]",
"payload_serviceData_permissionDelta_removedPermissions_s": "",
"payload_request_update_mask_paths_s": "",
"resource_labels_topic_id_s": "",
"payload_serviceData_policyDelta_bindingDeltas_s": "",
"payload_request_policy_auditConfigs_s": "",
"payload_request_policy_etag_s": "",
"payload_request_policy_bindings_s": "",
"payload_request_resource_s": "",
"payload_response_bindings_s": "",
"payload_response_auditConfigs_s": "",
"payload_request_page_size_d": "",
"payload_request_remove_deleted_service_accounts_b": "",
"payload_request_view_d": "",
"payload_request_parent_s": "",
"payload_request_show_deleted_b": "",
"resource_labels_role_name_s": "",
"payload_serviceData__type_s": "",
"payload_serviceData_permissionDelta_addedPermissions_s": "",
"payload_request_role_included_permissions_s": "",
"payload_request_role_title_s": "",
"payload_request_role_description_s": "",
"payload_request_role_id_s": "",
"payload_response_group_name_s": "",
"payload_response_included_permissions_s": "",
"payload_response_title_s": "",
"payload_response_group_title_s": "",
"log_name_s": "projects/test-api-project-111111/logs/cloudaudit.googleapis.com%2Fdata_access",
"insert_id_s": "x0tz2ie66sbu",
"severity_s": "INFO",
"timestamp_t [UTC]": "5/27/2021, 5:13:44.141 PM",
"resource_type_s": "service_account",
"resource_labels_email_id_s": "testloggingapi2@test-api-project-111111.iam.gserviceaccount.com",
"resource_labels_project_id_s": "test-api-project-111111",
"resource_labels_unique_id_s": "113245997248201920622",
"payload__type_s": "type.googleapis.com/google.cloud.audit.AuditLog",
"payload_authenticationInfo_principalEmail_s": "test@example.com",
"payload_authenticationInfo_principalSubject_s": "",
"payload_requestMetadata_callerIp_s": "10.10.10.10",
"payload_requestMetadata_callerSuppliedUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36,gzip(gfe)",
"payload_requestMetadata_requestAttributes_time_s": "2021-05-27T17:13:44.243284757Z",
"payload_serviceName_s": "iam.googleapis.com",
"payload_methodName_s": "google.iam.admin.v1.ListServiceAccountKeys",
"payload_authorizationInfo_s": "[\n {\n \"resource\": \"projects/-/serviceAccounts/113245997248201920622\",\n \"permission\": \"iam.serviceAccountKeys.list\",\n \"granted\": true,\n \"resourceAttributes\": {\n \"name\": \"projects/-/serviceAccounts/113245997248201920622\"\n }\n }\n]",
"payload_resourceName_s": "projects/-/serviceAccounts/113245997248201920622",
"payload_request__type_s": "type.googleapis.com/google.iam.admin.v1.ListServiceAccountKeysRequest",
"payload_request_name_s": "projects/test-api-project-111111/serviceAccounts/113245997248201920622",
"payload_request_account_id_s": "",
"payload_request_service_account_description_s": "",
"payload_request_service_account_display_name_s": "",
"payload_response_oauth2_client_id_s": "",
"payload_response_name_s": "",
"payload_response_etag_s": "",
"payload_response_unique_id_s": "",
"payload_response_description_s": "",
"payload_response_project_id_s": "",
"payload_response_display_name_s": "",
"payload_response__type_s": "type.googleapis.com/google.iam.admin.v1.ListServiceAccountKeysResponse",
"payload_response_email_s": "",
"payload_request_private_key_type_d": "",
"payload_response_valid_before_time_seconds_d": "",
"payload_response_valid_after_time_seconds_d": "",
"payload_response_key_type_d": "",
"payload_response_key_origin_d": "",
"payload_response_private_key_type_d": "",
"payload_response_key_algorithm_d": "",
"resource_labels_service_s": "",
"resource_labels_version_s": "",
"resource_labels_location_s": "",
"resource_labels_method_s": "",
"payload_request_full_resource_name_s": "",
"payload_request_options_requested_policy_version_d": "",
"payload_request_skip_visibility_check_b": "",
"payload_request_page_token_s": "",
"Type": "GCP_IAM_CL",
"_ResourceId": ""
},
{
"TenantId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated [UTC]": "6/3/2021, 4:11:48.323 PM",
"Computer": "",
"RawData": "",
"payload_status_code_d": "",
"payload_status_message_s": "",
"payload_request_key_types_s": "[\n 1\n]",
"payload_serviceData_permissionDelta_removedPermissions_s": "",
"payload_request_update_mask_paths_s": "",
"resource_labels_topic_id_s": "",
"payload_serviceData_policyDelta_bindingDeltas_s": "",
"payload_request_policy_auditConfigs_s": "",
"payload_request_policy_etag_s": "",
"payload_request_policy_bindings_s": "",
"payload_request_resource_s": "",
"payload_response_bindings_s": "",
"payload_response_auditConfigs_s": "",
"payload_request_page_size_d": "",
"payload_request_remove_deleted_service_accounts_b": "",
"payload_request_view_d": "",
"payload_request_parent_s": "",
"payload_request_show_deleted_b": "",
"resource_labels_role_name_s": "",
"payload_serviceData__type_s": "",
"payload_serviceData_permissionDelta_addedPermissions_s": "",
"payload_request_role_included_permissions_s": "",
"payload_request_role_title_s": "",
"payload_request_role_description_s": "",
"payload_request_role_id_s": "",
"payload_response_group_name_s": "",
"payload_response_included_permissions_s": "",
"payload_response_title_s": "",
"payload_response_group_title_s": "",
"log_name_s": "projects/test-api-project-111111/logs/cloudaudit.googleapis.com%2Fdata_access",
"insert_id_s": "x0tz2ie66sbv",
"severity_s": "INFO",
"timestamp_t [UTC]": "5/27/2021, 5:13:44.144 PM",
"resource_type_s": "service_account",
"resource_labels_email_id_s": "iam-logs-to-azure-sentinel-acc@test-api-project-111111.iam.gserviceaccount.com",
"resource_labels_project_id_s": "test-api-project-111111",
"resource_labels_unique_id_s": "103635188767181747491",
"payload__type_s": "type.googleapis.com/google.cloud.audit.AuditLog",
"payload_authenticationInfo_principalEmail_s": "test@example.com",
"payload_authenticationInfo_principalSubject_s": "",
"payload_requestMetadata_callerIp_s": "10.10.10.10",
"payload_requestMetadata_callerSuppliedUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36,gzip(gfe)",
"payload_requestMetadata_requestAttributes_time_s": "2021-05-27T17:13:44.246183964Z",
"payload_serviceName_s": "iam.googleapis.com",
"payload_methodName_s": "google.iam.admin.v1.ListServiceAccountKeys",
"payload_authorizationInfo_s": "[\n {\n \"resource\": \"projects/-/serviceAccounts/103635188767181747491\",\n \"permission\": \"iam.serviceAccountKeys.list\",\n \"granted\": true,\n \"resourceAttributes\": {\n \"name\": \"projects/-/serviceAccounts/103635188767181747491\"\n }\n }\n]",
"payload_resourceName_s": "projects/-/serviceAccounts/103635188767181747491",
"payload_request__type_s": "type.googleapis.com/google.iam.admin.v1.ListServiceAccountKeysRequest",
"payload_request_name_s": "projects/test-api-project-111111/serviceAccounts/103635188767181747491",
"payload_request_account_id_s": "",
"payload_request_service_account_description_s": "",
"payload_request_service_account_display_name_s": "",
"payload_response_oauth2_client_id_s": "",
"payload_response_name_s": "",
"payload_response_etag_s": "",
"payload_response_unique_id_s": "",
"payload_response_description_s": "",
"payload_response_project_id_s": "",
"payload_response_display_name_s": "",
"payload_response__type_s": "type.googleapis.com/google.iam.admin.v1.ListServiceAccountKeysResponse",
"payload_response_email_s": "",
"payload_request_private_key_type_d": "",
"payload_response_valid_before_time_seconds_d": "",
"payload_response_valid_after_time_seconds_d": "",
"payload_response_key_type_d": "",
"payload_response_key_origin_d": "",
"payload_response_private_key_type_d": "",
"payload_response_key_algorithm_d": "",
"resource_labels_service_s": "",
"resource_labels_version_s": "",
"resource_labels_location_s": "",
"resource_labels_method_s": "",
"payload_request_full_resource_name_s": "",
"payload_request_options_requested_policy_version_d": "",
"payload_request_skip_visibility_check_b": "",
"payload_request_page_token_s": "",
"Type": "GCP_IAM_CL",
"_ResourceId": ""
},
{
"TenantId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated [UTC]": "6/3/2021, 4:11:48.323 PM",
"Computer": "",
"RawData": "",
"payload_status_code_d": "",
"payload_status_message_s": "",
"payload_request_key_types_s": "[\n 1\n]",
"payload_serviceData_permissionDelta_removedPermissions_s": "",
"payload_request_update_mask_paths_s": "",
"resource_labels_topic_id_s": "",
"payload_serviceData_policyDelta_bindingDeltas_s": "",
"payload_request_policy_auditConfigs_s": "",
"payload_request_policy_etag_s": "",
"payload_request_policy_bindings_s": "",
"payload_request_resource_s": "",
"payload_response_bindings_s": "",
"payload_response_auditConfigs_s": "",
"payload_request_page_size_d": "",
"payload_request_remove_deleted_service_accounts_b": "",
"payload_request_view_d": "",
"payload_request_parent_s": "",
"payload_request_show_deleted_b": "",
"resource_labels_role_name_s": "",
"payload_serviceData__type_s": "",
"payload_serviceData_permissionDelta_addedPermissions_s": "",
"payload_request_role_included_permissions_s": "",
"payload_request_role_title_s": "",
"payload_request_role_description_s": "",
"payload_request_role_id_s": "",
"payload_response_group_name_s": "",
"payload_response_included_permissions_s": "",
"payload_response_title_s": "",
"payload_response_group_title_s": "",
"log_name_s": "projects/test-api-project-111111/logs/cloudaudit.googleapis.com%2Fdata_access",
"insert_id_s": "x0tz2ie66snw",
"severity_s": "INFO",
"timestamp_t [UTC]": "5/27/2021, 5:13:51.297 PM",
"resource_type_s": "service_account",
"resource_labels_email_id_s": "testloggingapi@test-api-project-111111.iam.gserviceaccount.com",
"resource_labels_project_id_s": "test-api-project-111111",
"resource_labels_unique_id_s": "111111111111111111111",
"payload__type_s": "type.googleapis.com/google.cloud.audit.AuditLog",
"payload_authenticationInfo_principalEmail_s": "test@example.com",
"payload_authenticationInfo_principalSubject_s": "user:test@example.com",
"payload_requestMetadata_callerIp_s": "10.10.10.10",
"payload_requestMetadata_callerSuppliedUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36,gzip(gfe)",
"payload_requestMetadata_requestAttributes_time_s": "2021-05-27T17:13:51.342725418Z",
"payload_serviceName_s": "iam.googleapis.com",
"payload_methodName_s": "google.iam.admin.v1.ListServiceAccountKeys",
"payload_authorizationInfo_s": "[\n {\n \"resource\": \"projects/-/serviceAccounts/111111111111111111111\",\n \"permission\": \"iam.serviceAccountKeys.list\",\n \"granted\": true,\n \"resourceAttributes\": {\n \"name\": \"projects/-/serviceAccounts/111111111111111111111\"\n }\n }\n]",
"payload_resourceName_s": "projects/-/serviceAccounts/111111111111111111111",
"payload_request__type_s": "type.googleapis.com/google.iam.admin.v1.ListServiceAccountKeysRequest",
"payload_request_name_s": "projects/test-api-project-111111/serviceAccounts/111111111111111111111",
"payload_request_account_id_s": "",
"payload_request_service_account_description_s": "",
"payload_request_service_account_display_name_s": "",
"payload_response_oauth2_client_id_s": "",
"payload_response_name_s": "",
"payload_response_etag_s": "",
"payload_response_unique_id_s": "",
"payload_response_description_s": "",
"payload_response_project_id_s": "",
"payload_response_display_name_s": "",
"payload_response__type_s": "type.googleapis.com/google.iam.admin.v1.ListServiceAccountKeysResponse",
"payload_response_email_s": "",
"payload_request_private_key_type_d": "",
"payload_response_valid_before_time_seconds_d": "",
"payload_response_valid_after_time_seconds_d": "",
"payload_response_key_type_d": "",
"payload_response_key_origin_d": "",
"payload_response_private_key_type_d": "",
"payload_response_key_algorithm_d": "",
"resource_labels_service_s": "",
"resource_labels_version_s": "",
"resource_labels_location_s": "",
"resource_labels_method_s": "",
"payload_request_full_resource_name_s": "",
"payload_request_options_requested_policy_version_d": "",
"payload_request_skip_visibility_check_b": "",
"payload_request_page_token_s": "",
"Type": "GCP_IAM_CL",
"_ResourceId": ""
},
{
"TenantId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated [UTC]": "6/3/2021, 4:11:48.323 PM",
"Computer": "",
"RawData": "",
"payload_status_code_d": "",
"payload_status_message_s": "",
"payload_request_key_types_s": "",
"payload_serviceData_permissionDelta_removedPermissions_s": "",
"payload_request_update_mask_paths_s": "",
"resource_labels_topic_id_s": "",
"payload_serviceData_policyDelta_bindingDeltas_s": "",
"payload_request_policy_auditConfigs_s": "",
"payload_request_policy_etag_s": "",
"payload_request_policy_bindings_s": "",
"payload_request_resource_s": "",
"payload_response_bindings_s": "",
"payload_response_auditConfigs_s": "",
"payload_request_page_size_d": "100",
"payload_request_remove_deleted_service_accounts_b": "true",
"payload_request_view_d": "",
"payload_request_parent_s": "",
"payload_request_show_deleted_b": "",
"resource_labels_role_name_s": "",
"payload_serviceData__type_s": "",
"payload_serviceData_permissionDelta_addedPermissions_s": "",
"payload_request_role_included_permissions_s": "",
"payload_request_role_title_s": "",
"payload_request_role_description_s": "",
"payload_request_role_id_s": "",
"payload_response_group_name_s": "",
"payload_response_included_permissions_s": "",
"payload_response_title_s": "",
"payload_response_group_title_s": "",
"log_name_s": "projects/test-api-project-111111/logs/cloudaudit.googleapis.com%2Fdata_access",
"insert_id_s": "vczv22eixrhb",
"severity_s": "INFO",
"timestamp_t [UTC]": "5/31/2021, 8:34:05.331 AM",
"resource_type_s": "api",
"resource_labels_email_id_s": "",
"resource_labels_project_id_s": "test-api-project-111111",
"resource_labels_unique_id_s": "",
"payload__type_s": "type.googleapis.com/google.cloud.audit.AuditLog",
"payload_authenticationInfo_principalEmail_s": "test@example.com",
"payload_authenticationInfo_principalSubject_s": "user:test@example.com",
"payload_requestMetadata_callerIp_s": "10.10.10.10",
"payload_requestMetadata_callerSuppliedUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36,gzip(gfe)",
"payload_requestMetadata_requestAttributes_time_s": "2021-05-31T08:34:05.445668910Z",
"payload_serviceName_s": "iam.googleapis.com",
"payload_methodName_s": "google.iam.admin.v1.ListServiceAccounts",
"payload_authorizationInfo_s": "[\n {\n \"resource\": \"projects/test-api-project-111111\",\n \"permission\": \"iam.serviceAccounts.list\",\n \"granted\": true,\n \"resourceAttributes\": {}\n }\n]",
"payload_resourceName_s": "projects/test-api-project-111111",
"payload_request__type_s": "type.googleapis.com/google.iam.admin.v1.ListServiceAccountsRequest",
"payload_request_name_s": "projects/test-api-project-111111",
"payload_request_account_id_s": "",
"payload_request_service_account_description_s": "",
"payload_request_service_account_display_name_s": "",
"payload_response_oauth2_client_id_s": "",
"payload_response_name_s": "",
"payload_response_etag_s": "",
"payload_response_unique_id_s": "",
"payload_response_description_s": "",
"payload_response_project_id_s": "",
"payload_response_display_name_s": "",
"payload_response__type_s": "",
"payload_response_email_s": "",
"payload_request_private_key_type_d": "",
"payload_response_valid_before_time_seconds_d": "",
"payload_response_valid_after_time_seconds_d": "",
"payload_response_key_type_d": "",
"payload_response_key_origin_d": "",
"payload_response_private_key_type_d": "",
"payload_response_key_algorithm_d": "",
"resource_labels_service_s": "iam.googleapis.com",
"resource_labels_version_s": "v1",
"resource_labels_location_s": "global",
"resource_labels_method_s": "google.iam.admin.v1.ListServiceAccounts",
"payload_request_full_resource_name_s": "",
"payload_request_options_requested_policy_version_d": "",
"payload_request_skip_visibility_check_b": "",
"payload_request_page_token_s": "",
"Type": "GCP_IAM_CL",
"_ResourceId": ""
},
{
"TenantId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated [UTC]": "6/3/2021, 4:11:48.323 PM",
"Computer": "",
"RawData": "",
"payload_status_code_d": "",
"payload_status_message_s": "",
"payload_request_key_types_s": "",
"payload_serviceData_permissionDelta_removedPermissions_s": "",
"payload_request_update_mask_paths_s": "",
"resource_labels_topic_id_s": "",
"payload_serviceData_policyDelta_bindingDeltas_s": "",
"payload_request_policy_auditConfigs_s": "",
"payload_request_policy_etag_s": "",
"payload_request_policy_bindings_s": "",
"payload_request_resource_s": "",
"payload_response_bindings_s": "",
"payload_response_auditConfigs_s": "",
"payload_request_page_size_d": "100",
"payload_request_remove_deleted_service_accounts_b": "true",
"payload_request_view_d": "",
"payload_request_parent_s": "",
"payload_request_show_deleted_b": "",
"resource_labels_role_name_s": "",
"payload_serviceData__type_s": "",
"payload_serviceData_permissionDelta_addedPermissions_s": "",
"payload_request_role_included_permissions_s": "",
"payload_request_role_title_s": "",
"payload_request_role_description_s": "",
"payload_request_role_id_s": "",
"payload_response_group_name_s": "",
"payload_response_included_permissions_s": "",
"payload_response_title_s": "",
"payload_response_group_title_s": "",
"log_name_s": "projects/test-api-project-111111/logs/cloudaudit.googleapis.com%2Fdata_access",
"insert_id_s": "4gbrtieiwlp2",
"severity_s": "INFO",
"timestamp_t [UTC]": "5/31/2021, 8:34:05.619 AM",
"resource_type_s": "api",
"resource_labels_email_id_s": "",
"resource_labels_project_id_s": "test-api-project-111111",
"resource_labels_unique_id_s": "",
"payload__type_s": "type.googleapis.com/google.cloud.audit.AuditLog",
"payload_authenticationInfo_principalEmail_s": "test@example.com",
"payload_authenticationInfo_principalSubject_s": "user:test@example.com",
"payload_requestMetadata_callerIp_s": "10.10.10.10",
"payload_requestMetadata_callerSuppliedUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36,gzip(gfe)",
"payload_requestMetadata_requestAttributes_time_s": "2021-05-31T08:34:05.742510752Z",
"payload_serviceName_s": "iam.googleapis.com",
"payload_methodName_s": "google.iam.admin.v1.ListServiceAccounts",
"payload_authorizationInfo_s": "[\n {\n \"resource\": \"projects/test-api-project-111111\",\n \"permission\": \"iam.serviceAccounts.list\",\n \"granted\": true,\n \"resourceAttributes\": {}\n }\n]",
"payload_resourceName_s": "projects/test-api-project-111111",
"payload_request__type_s": "type.googleapis.com/google.iam.admin.v1.ListServiceAccountsRequest",
"payload_request_name_s": "projects/test-api-project-111111",
"payload_request_account_id_s": "",
"payload_request_service_account_description_s": "",
"payload_request_service_account_display_name_s": "",
"payload_response_oauth2_client_id_s": "",
"payload_response_name_s": "",
"payload_response_etag_s": "",
"payload_response_unique_id_s": "",
"payload_response_description_s": "",
"payload_response_project_id_s": "",
"payload_response_display_name_s": "",
"payload_response__type_s": "",
"payload_response_email_s": "",
"payload_request_private_key_type_d": "",
"payload_response_valid_before_time_seconds_d": "",
"payload_response_valid_after_time_seconds_d": "",
"payload_response_key_type_d": "",
"payload_response_key_origin_d": "",
"payload_response_private_key_type_d": "",
"payload_response_key_algorithm_d": "",
"resource_labels_service_s": "iam.googleapis.com",
"resource_labels_version_s": "v1",
"resource_labels_location_s": "global",
"resource_labels_method_s": "google.iam.admin.v1.ListServiceAccounts",
"payload_request_full_resource_name_s": "",
"payload_request_options_requested_policy_version_d": "",
"payload_request_skip_visibility_check_b": "",
"payload_request_page_token_s": "",
"Type": "GCP_IAM_CL",
"_ResourceId": ""
},
{
"TenantId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated [UTC]": "6/3/2021, 4:11:48.323 PM",
"Computer": "",
"RawData": "",
"payload_status_code_d": "",
"payload_status_message_s": "",
"payload_request_key_types_s": "",
"payload_serviceData_permissionDelta_removedPermissions_s": "",
"payload_request_update_mask_paths_s": "",
"resource_labels_topic_id_s": "",
"payload_serviceData_policyDelta_bindingDeltas_s": "",
"payload_request_policy_auditConfigs_s": "",
"payload_request_policy_etag_s": "",
"payload_request_policy_bindings_s": "",
"payload_request_resource_s": "",
"payload_response_bindings_s": "",
"payload_response_auditConfigs_s": "",
"payload_request_page_size_d": "",
"payload_request_remove_deleted_service_accounts_b": "",
"payload_request_view_d": "",
"payload_request_parent_s": "",
"payload_request_show_deleted_b": "",
"resource_labels_role_name_s": "",
"payload_serviceData__type_s": "",
"payload_serviceData_permissionDelta_addedPermissions_s": "",
"payload_request_role_included_permissions_s": "",
"payload_request_role_title_s": "",
"payload_request_role_description_s": "",
"payload_request_role_id_s": "",
"payload_response_group_name_s": "",
"payload_response_included_permissions_s": "",
"payload_response_title_s": "",
"payload_response_group_title_s": "",
"log_name_s": "projects/test-api-project-111111/logs/cloudaudit.googleapis.com%2Fdata_access",
"insert_id_s": "1k1z7a9e27hvy",
"severity_s": "INFO",
"timestamp_t [UTC]": "6/3/2021, 12:49:49.595 PM",
"resource_type_s": "api",
"resource_labels_email_id_s": "",
"resource_labels_project_id_s": "test-api-project-111111",
"resource_labels_unique_id_s": "",
"payload__type_s": "type.googleapis.com/google.cloud.audit.AuditLog",
"payload_authenticationInfo_principalEmail_s": "test@example.com",
"payload_authenticationInfo_principalSubject_s": "user:test@example.com",
"payload_requestMetadata_callerIp_s": "10.10.10.10",
"payload_requestMetadata_callerSuppliedUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36,gzip(gfe)",
"payload_requestMetadata_requestAttributes_time_s": "2021-06-03T12:49:49.767497201Z",
"payload_serviceName_s": "iam.googleapis.com",
"payload_methodName_s": "google.iam.admin.v1.QueryGrantableRoles",
"payload_authorizationInfo_s": "[\n {\n \"resource\": \"projects/test-api-project-111111\",\n \"permission\": \"resourcemanager.projects.getIamPolicy\",\n \"granted\": true,\n \"resourceAttributes\": {}\n }\n]",
"payload_resourceName_s": "//cloudresourcemanager.googleapis.com/projects/test-api-project-111111",
"payload_request__type_s": "type.googleapis.com/google.iam.admin.v1.QueryGrantableRolesRequest",
"payload_request_name_s": "",
"payload_request_account_id_s": "",
"payload_request_service_account_description_s": "",
"payload_request_service_account_display_name_s": "",
"payload_response_oauth2_client_id_s": "",
"payload_response_name_s": "",
"payload_response_etag_s": "",
"payload_response_unique_id_s": "",
"payload_response_description_s": "",
"payload_response_project_id_s": "",
"payload_response_display_name_s": "",
"payload_response__type_s": "",
"payload_response_email_s": "",
"payload_request_private_key_type_d": "",
"payload_response_valid_before_time_seconds_d": "",
"payload_response_valid_after_time_seconds_d": "",
"payload_response_key_type_d": "",
"payload_response_key_origin_d": "",
"payload_response_private_key_type_d": "",
"payload_response_key_algorithm_d": "",
"resource_labels_service_s": "iam.googleapis.com",
"resource_labels_version_s": "v1",
"resource_labels_location_s": "global",
"resource_labels_method_s": "google.iam.admin.v1.QueryGrantableRoles",
"payload_request_full_resource_name_s": "//cloudresourcemanager.googleapis.com/projects/test-api-project-111111",
"payload_request_options_requested_policy_version_d": "",
"payload_request_skip_visibility_check_b": "true",
"payload_request_page_token_s": "",
"Type": "GCP_IAM_CL",
"_ResourceId": ""
},
{
"TenantId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated [UTC]": "6/3/2021, 4:11:48.323 PM",
"Computer": "",
"RawData": "",
"payload_status_code_d": "",
"payload_status_message_s": "",
"payload_request_key_types_s": "",
"payload_serviceData_permissionDelta_removedPermissions_s": "",
"payload_request_update_mask_paths_s": "",
"resource_labels_topic_id_s": "",
"payload_serviceData_policyDelta_bindingDeltas_s": "",
"payload_request_policy_auditConfigs_s": "",
"payload_request_policy_etag_s": "",
"payload_request_policy_bindings_s": "",
"payload_request_resource_s": "",
"payload_response_bindings_s": "",
"payload_response_auditConfigs_s": "",
"payload_request_page_size_d": "",
"payload_request_remove_deleted_service_accounts_b": "",
"payload_request_view_d": "",
"payload_request_parent_s": "",
"payload_request_show_deleted_b": "",
"resource_labels_role_name_s": "",
"payload_serviceData__type_s": "",
"payload_serviceData_permissionDelta_addedPermissions_s": "",
"payload_request_role_included_permissions_s": "",
"payload_request_role_title_s": "",
"payload_request_role_description_s": "",
"payload_request_role_id_s": "",
"payload_response_group_name_s": "",
"payload_response_included_permissions_s": "",
"payload_response_title_s": "",
"payload_response_group_title_s": "",
"log_name_s": "projects/test-api-project-111111/logs/cloudaudit.googleapis.com%2Fdata_access",
"insert_id_s": "1k1z7a9e27hw2",
"severity_s": "INFO",
"timestamp_t [UTC]": "6/3/2021, 12:49:49.596 PM",
"resource_type_s": "api",
"resource_labels_email_id_s": "",
"resource_labels_project_id_s": "test-api-project-111111",
"resource_labels_unique_id_s": "",
"payload__type_s": "type.googleapis.com/google.cloud.audit.AuditLog",
"payload_authenticationInfo_principalEmail_s": "test@example.com",
"payload_authenticationInfo_principalSubject_s": "user:test@example.com",
"payload_requestMetadata_callerIp_s": "10.10.10.10",
"payload_requestMetadata_callerSuppliedUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36,gzip(gfe)",
"payload_requestMetadata_requestAttributes_time_s": "2021-06-03T12:49:49.804206251Z",
"payload_serviceName_s": "iam.googleapis.com",
"payload_methodName_s": "google.iam.admin.v1.QueryGrantableRoles",
"payload_authorizationInfo_s": "[\n {\n \"resource\": \"projects/test-api-project-111111\",\n \"permission\": \"resourcemanager.projects.getIamPolicy\",\n \"granted\": true,\n \"resourceAttributes\": {}\n }\n]",
"payload_resourceName_s": "//cloudresourcemanager.googleapis.com/projects/test-api-project-111111",
"payload_request__type_s": "type.googleapis.com/google.iam.admin.v1.QueryGrantableRolesRequest",
"payload_request_name_s": "",
"payload_request_account_id_s": "",
"payload_request_service_account_description_s": "",
"payload_request_service_account_display_name_s": "",
"payload_response_oauth2_client_id_s": "",
"payload_response_name_s": "",
"payload_response_etag_s": "",
"payload_response_unique_id_s": "",
"payload_response_description_s": "",
"payload_response_project_id_s": "",
"payload_response_display_name_s": "",
"payload_response__type_s": "",
"payload_response_email_s": "",
"payload_request_private_key_type_d": "",
"payload_response_valid_before_time_seconds_d": "",
"payload_response_valid_after_time_seconds_d": "",
"payload_response_key_type_d": "",
"payload_response_key_origin_d": "",
"payload_response_private_key_type_d": "",
"payload_response_key_algorithm_d": "",
"resource_labels_service_s": "iam.googleapis.com",
"resource_labels_version_s": "v1",
"resource_labels_location_s": "global",
"resource_labels_method_s": "google.iam.admin.v1.QueryGrantableRoles",
"payload_request_full_resource_name_s": "//cloudresourcemanager.googleapis.com/projects/test-api-project-111111",
"payload_request_options_requested_policy_version_d": "",
"payload_request_skip_visibility_check_b": "",
"payload_request_page_token_s": "",
"Type": "GCP_IAM_CL",
"_ResourceId": ""
}
]