diff --git a/.script/tests/KqlvalidationsTests/CustomTables/GCP_IAM_CL.json b/.script/tests/KqlvalidationsTests/CustomTables/GCP_IAM_CL.json new file mode 100644 index 0000000000..229525b819 --- /dev/null +++ b/.script/tests/KqlvalidationsTests/CustomTables/GCP_IAM_CL.json @@ -0,0 +1,309 @@ +{ + "Name": "GCP_IAM_CL", + "Properties": [ + { + "Name": "payload_status_code_d", + "Type": "Double" + }, + { + "Name": "payload_status_message_s", + "Type": "String" + }, + { + "Name": "payload_request_key_types_s", + "Type": "String" + }, + { + "Name": "payload_serviceData_permissionDelta_removedPermissions_s", + "Type": "String" + }, + { + "Name": "payload_request_update_mask_paths_s", + "Type": "String" + }, + { + "Name": "resource_labels_topic_id_s", + "Type": "String" + }, + { + "Name": "payload_serviceData_policyDelta_bindingDeltas_s", + "Type": "String" + }, + { + "Name": "payload_request_policy_auditConfigs_s", + "Type": "String" + }, + { + "Name": "payload_request_policy_etag_s", + "Type": "String" + }, + { + "Name": "payload_request_policy_bindings_s", + "Type": "String" + }, + { + "Name": "payload_request_resource_s", + "Type": "String" + }, + { + "Name": "payload_response_bindings_s", + "Type": "String" + }, + { + "Name": "payload_response_auditConfigs_s", + "Type": "String" + }, + { + "Name": "payload_request_page_size_d", + "Type": "Double" + }, + { + "Name": "payload_request_remove_deleted_service_accounts_b", + "Type": "Boolean" + }, + { + "Name": "payload_request_view_d", + "Type": "Double" + }, + { + "Name": "payload_request_parent_s", + "Type": "String" + }, + { + "Name": "payload_request_show_deleted_b", + "Type": "Boolean" + }, + { + "Name": "resource_labels_role_name_s", + "Type": "String" + }, + { + "Name": "payload_serviceData__type_s", + "Type": "String" + }, + { + "Name": "payload_serviceData_permissionDelta_addedPermissions_s", + "Type": "String" + }, + { + "Name": "payload_request_role_included_permissions_s", + "Type": "String" + }, + { + "Name": "payload_request_role_title_s", + "Type": "String" + }, + { + "Name": "payload_request_role_description_s", + "Type": "String" + }, + { + "Name": "payload_request_role_id_s", + "Type": "String" + }, + { + "Name": "payload_response_group_name_s", + "Type": "String" + }, + { + "Name": "payload_response_included_permissions_s", + "Type": "String" + }, + { + "Name": "payload_response_title_s", + "Type": "String" + }, + { + "Name": "payload_response_group_title_s", + "Type": "String" + }, + { + "Name": "log_name_s", + "Type": "String" + }, + { + "Name": "insert_id_s", + "Type": "String" + }, + { + "Name": "severity_s", + "Type": "String" + }, + { + "Name": "timestamp_t", + "Type": "DateTime" + }, + { + "Name": "resource_type_s", + "Type": "String" + }, + { + "Name": "resource_labels_email_id_s", + "Type": "String" + }, + { + "Name": "resource_labels_project_id_s", + "Type": "String" + }, + { + "Name": "resource_labels_unique_id_s", + "Type": "String" + }, + { + "Name": "payload__type_s", + "Type": "String" + }, + { + "Name": "payload_authenticationInfo_principalEmail_s", + "Type": "String" + }, + { + "Name": "payload_authenticationInfo_principalSubject_s", + "Type": "String" + }, + { + "Name": "payload_requestMetadata_callerIp_s", + "Type": "String" + }, + { + "Name": "payload_requestMetadata_callerSuppliedUserAgent_s", + "Type": "String" + }, + { + "Name": "payload_requestMetadata_requestAttributes_time_s", + "Type": "String" + }, + { + "Name": "payload_serviceName_s", + "Type": "String" + }, + { + "Name": "payload_methodName_s", + "Type": "String" + }, + { + "Name": "payload_authorizationInfo_s", + "Type": "String" + }, + { + "Name": "payload_resourceName_s", + "Type": "String" + }, + { + "Name": "payload_request__type_s", + "Type": "String" + }, + { + "Name": "payload_request_name_s", + "Type": "String" + }, + { + "Name": "payload_request_account_id_s", + "Type": "String" + }, + { + "Name": "payload_request_service_account_description_s", + "Type": "String" + }, + { + "Name": "payload_request_service_account_display_name_s", + "Type": "String" + }, + { + "Name": "payload_response_oauth2_client_id_s", + "Type": "String" + }, + { + "Name": "payload_response_name_s", + "Type": "String" + }, + { + "Name": "payload_response_etag_s", + "Type": "String" + }, + { + "Name": "payload_response_unique_id_s", + "Type": "String" + }, + { + "Name": "payload_response_description_s", + "Type": "String" + }, + { + "Name": "payload_response_project_id_s", + "Type": "String" + }, + { + "Name": "payload_response_display_name_s", + "Type": "String" + }, + { + "Name": "payload_response__type_s", + "Type": "String" + }, + { + "Name": "payload_response_email_s", + "Type": "String" + }, + { + "Name": "payload_request_private_key_type_d", + "Type": "Double" + }, + { + "Name": "payload_response_valid_before_time_seconds_d", + "Type": "Double" + }, + { + "Name": "payload_response_valid_after_time_seconds_d", + "Type": "Double" + }, + { + "Name": "payload_response_key_type_d", + "Type": "Double" + }, + { + "Name": "payload_response_key_origin_d", + "Type": "Double" + }, + { + "Name": "payload_response_private_key_type_d", + "Type": "Double" + }, + { + "Name": "payload_response_key_algorithm_d", + "Type": "Double" + }, + { + "Name": "resource_labels_service_s", + "Type": "String" + }, + { + "Name": "resource_labels_version_s", + "Type": "String" + }, + { + "Name": "resource_labels_location_s", + "Type": "String" + }, + { + "Name": "resource_labels_method_s", + "Type": "String" + }, + { + "Name": "payload_request_full_resource_name_s", + "Type": "String" + }, + { + "Name": "payload_request_options_requested_policy_version_d", + "Type": "Double" + }, + { + "Name": "payload_request_skip_visibility_check_b", + "Type": "Boolean" + }, + { + "Name": "payload_request_page_token_s", + "Type": "String" + } + ] +} \ No newline at end of file diff --git a/Sample Data/Custom/GCP_IAM_CL.json b/Sample Data/Custom/GCP_IAM_CL.json new file mode 100644 index 0000000000..c80e8546d9 --- /dev/null +++ b/Sample Data/Custom/GCP_IAM_CL.json @@ -0,0 +1,872 @@ +[ + { + "TenantId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated [UTC]": "6/3/2021, 4:11:48.323 PM", + "Computer": "", + "RawData": "", + "payload_status_code_d": "", + "payload_status_message_s": "", + "payload_request_key_types_s": "", + "payload_serviceData_permissionDelta_removedPermissions_s": "", + "payload_request_update_mask_paths_s": "", + "resource_labels_topic_id_s": "", + "payload_serviceData_policyDelta_bindingDeltas_s": "", + "payload_request_policy_auditConfigs_s": "", + "payload_request_policy_etag_s": "", + "payload_request_policy_bindings_s": "", + "payload_request_resource_s": "", + "payload_response_bindings_s": "", + "payload_response_auditConfigs_s": "", + "payload_request_page_size_d": "100", + "payload_request_remove_deleted_service_accounts_b": "true", + "payload_request_view_d": "", + "payload_request_parent_s": "", + "payload_request_show_deleted_b": "", + "resource_labels_role_name_s": "", + "payload_serviceData__type_s": "", + "payload_serviceData_permissionDelta_addedPermissions_s": "", + "payload_request_role_included_permissions_s": "", + "payload_request_role_title_s": "", + "payload_request_role_description_s": "", + "payload_request_role_id_s": "", + "payload_response_group_name_s": "", + "payload_response_included_permissions_s": "", + "payload_response_title_s": "", + "payload_response_group_title_s": "", + "log_name_s": "projects/test-api-project-111111/logs/cloudaudit.googleapis.com%2Fdata_access", + "insert_id_s": "4gbrtie66gza", + "severity_s": "INFO", + "timestamp_t [UTC]": "5/27/2021, 5:13:43.707 PM", + "resource_type_s": "api", + "resource_labels_email_id_s": "", + "resource_labels_project_id_s": "test-api-project-111111", + "resource_labels_unique_id_s": "", + "payload__type_s": "type.googleapis.com/google.cloud.audit.AuditLog", + "payload_authenticationInfo_principalEmail_s": "test@example.com", + "payload_authenticationInfo_principalSubject_s": "user:test@example.com", + "payload_requestMetadata_callerIp_s": "10.10.10.10", + "payload_requestMetadata_callerSuppliedUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36,gzip(gfe)", + "payload_requestMetadata_requestAttributes_time_s": "2021-05-27T17:13:43.843455400Z", + "payload_serviceName_s": "iam.googleapis.com", + "payload_methodName_s": "google.iam.admin.v1.ListServiceAccounts", + "payload_authorizationInfo_s": "[\n {\n \"resource\": \"projects/test-api-project-111111\",\n \"permission\": \"iam.serviceAccounts.list\",\n \"granted\": true,\n \"resourceAttributes\": {}\n }\n]", + "payload_resourceName_s": "projects/test-api-project-111111", + "payload_request__type_s": "type.googleapis.com/google.iam.admin.v1.ListServiceAccountsRequest", + "payload_request_name_s": "projects/test-api-project-111111", + "payload_request_account_id_s": "", + "payload_request_service_account_description_s": "", + "payload_request_service_account_display_name_s": "", + "payload_response_oauth2_client_id_s": "", + "payload_response_name_s": "", + "payload_response_etag_s": "", + "payload_response_unique_id_s": "", + "payload_response_description_s": "", + "payload_response_project_id_s": "", + "payload_response_display_name_s": "", + "payload_response__type_s": "", + "payload_response_email_s": "", + "payload_request_private_key_type_d": "", + "payload_response_valid_before_time_seconds_d": "", + "payload_response_valid_after_time_seconds_d": "", + "payload_response_key_type_d": "", + "payload_response_key_origin_d": "", + "payload_response_private_key_type_d": "", + "payload_response_key_algorithm_d": "", + "resource_labels_service_s": "iam.googleapis.com", + "resource_labels_version_s": "v1", + "resource_labels_location_s": "global", + "resource_labels_method_s": "google.iam.admin.v1.ListServiceAccounts", + "payload_request_full_resource_name_s": "", + "payload_request_options_requested_policy_version_d": "", + "payload_request_skip_visibility_check_b": "", + "payload_request_page_token_s": "", + "Type": "GCP_IAM_CL", + "_ResourceId": "" + }, + { + "TenantId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated [UTC]": "6/3/2021, 4:11:48.323 PM", + "Computer": "", + "RawData": "", + "payload_status_code_d": "", + "payload_status_message_s": "", + "payload_request_key_types_s": "[\n 1\n]", + "payload_serviceData_permissionDelta_removedPermissions_s": "", + "payload_request_update_mask_paths_s": "", + "resource_labels_topic_id_s": "", + "payload_serviceData_policyDelta_bindingDeltas_s": "", + "payload_request_policy_auditConfigs_s": "", + "payload_request_policy_etag_s": "", + "payload_request_policy_bindings_s": "", + "payload_request_resource_s": "", + "payload_response_bindings_s": "", + "payload_response_auditConfigs_s": "", + "payload_request_page_size_d": "", + "payload_request_remove_deleted_service_accounts_b": "", + "payload_request_view_d": "", + "payload_request_parent_s": "", + "payload_request_show_deleted_b": "", + "resource_labels_role_name_s": "", + "payload_serviceData__type_s": "", + "payload_serviceData_permissionDelta_addedPermissions_s": "", + "payload_request_role_included_permissions_s": "", + "payload_request_role_title_s": "", + "payload_request_role_description_s": "", + "payload_request_role_id_s": "", + "payload_response_group_name_s": "", + "payload_response_included_permissions_s": "", + "payload_response_title_s": "", + "payload_response_group_title_s": "", + "log_name_s": "projects/test-api-project-111111/logs/cloudaudit.googleapis.com%2Fdata_access", + "insert_id_s": "vczv22e67ud9", + "severity_s": "INFO", + "timestamp_t [UTC]": "5/27/2021, 5:13:44.139 PM", + "resource_type_s": "service_account", + "resource_labels_email_id_s": "testloggingapi@test-api-project-111111.iam.gserviceaccount.com", + "resource_labels_project_id_s": "test-api-project-111111", + "resource_labels_unique_id_s": "111111111111111111111", + "payload__type_s": "type.googleapis.com/google.cloud.audit.AuditLog", + "payload_authenticationInfo_principalEmail_s": "test@example.com", + "payload_authenticationInfo_principalSubject_s": "", + "payload_requestMetadata_callerIp_s": "10.10.10.10", + "payload_requestMetadata_callerSuppliedUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36,gzip(gfe)", + "payload_requestMetadata_requestAttributes_time_s": "2021-05-27T17:13:44.247883026Z", + "payload_serviceName_s": "iam.googleapis.com", + "payload_methodName_s": "google.iam.admin.v1.ListServiceAccountKeys", + "payload_authorizationInfo_s": "[\n {\n \"resource\": \"projects/-/serviceAccounts/111111111111111111111\",\n \"permission\": \"iam.serviceAccountKeys.list\",\n \"granted\": true,\n \"resourceAttributes\": {\n \"name\": \"projects/-/serviceAccounts/111111111111111111111\"\n }\n }\n]", + "payload_resourceName_s": "projects/-/serviceAccounts/111111111111111111111", + "payload_request__type_s": "type.googleapis.com/google.iam.admin.v1.ListServiceAccountKeysRequest", + "payload_request_name_s": "projects/test-api-project-111111/serviceAccounts/111111111111111111111", + "payload_request_account_id_s": "", + "payload_request_service_account_description_s": "", + "payload_request_service_account_display_name_s": "", + "payload_response_oauth2_client_id_s": "", + "payload_response_name_s": "", + "payload_response_etag_s": "", + "payload_response_unique_id_s": "", + "payload_response_description_s": "", + "payload_response_project_id_s": "", + "payload_response_display_name_s": "", + "payload_response__type_s": "type.googleapis.com/google.iam.admin.v1.ListServiceAccountKeysResponse", + "payload_response_email_s": "", + "payload_request_private_key_type_d": "", + "payload_response_valid_before_time_seconds_d": "", + "payload_response_valid_after_time_seconds_d": "", + "payload_response_key_type_d": "", + "payload_response_key_origin_d": "", + "payload_response_private_key_type_d": "", + "payload_response_key_algorithm_d": "", + "resource_labels_service_s": "", + "resource_labels_version_s": "", + "resource_labels_location_s": "", + "resource_labels_method_s": "", + "payload_request_full_resource_name_s": "", + "payload_request_options_requested_policy_version_d": "", + "payload_request_skip_visibility_check_b": "", + "payload_request_page_token_s": "", + "Type": "GCP_IAM_CL", + "_ResourceId": "" + }, + { + "TenantId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated [UTC]": "6/3/2021, 4:11:48.323 PM", + "Computer": "", + "RawData": "", + "payload_status_code_d": "", + "payload_status_message_s": "", + "payload_request_key_types_s": "[\n 1\n]", + "payload_serviceData_permissionDelta_removedPermissions_s": "", + "payload_request_update_mask_paths_s": "", + "resource_labels_topic_id_s": "", + "payload_serviceData_policyDelta_bindingDeltas_s": "", + "payload_request_policy_auditConfigs_s": "", + "payload_request_policy_etag_s": "", + "payload_request_policy_bindings_s": "", + "payload_request_resource_s": "", + "payload_response_bindings_s": "", + "payload_response_auditConfigs_s": "", + "payload_request_page_size_d": "", + "payload_request_remove_deleted_service_accounts_b": "", + "payload_request_view_d": "", + "payload_request_parent_s": "", + "payload_request_show_deleted_b": "", + "resource_labels_role_name_s": "", + "payload_serviceData__type_s": "", + "payload_serviceData_permissionDelta_addedPermissions_s": "", + "payload_request_role_included_permissions_s": "", + "payload_request_role_title_s": "", + "payload_request_role_description_s": "", + "payload_request_role_id_s": "", + "payload_response_group_name_s": "", + "payload_response_included_permissions_s": "", + "payload_response_title_s": "", + "payload_response_group_title_s": "", + "log_name_s": "projects/test-api-project-111111/logs/cloudaudit.googleapis.com%2Fdata_access", + "insert_id_s": "yz5xgqe677ov", + "severity_s": "INFO", + "timestamp_t [UTC]": "5/27/2021, 5:13:44.139 PM", + "resource_type_s": "service_account", + "resource_labels_email_id_s": "pubsub-test-account2@test-api-project-111111.iam.gserviceaccount.com", + "resource_labels_project_id_s": "test-api-project-111111", + "resource_labels_unique_id_s": "000000000000000000000", + "payload__type_s": "type.googleapis.com/google.cloud.audit.AuditLog", + "payload_authenticationInfo_principalEmail_s": "test@example.com", + "payload_authenticationInfo_principalSubject_s": "", + "payload_requestMetadata_callerIp_s": "10.10.10.10", + "payload_requestMetadata_callerSuppliedUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36,gzip(gfe)", + "payload_requestMetadata_requestAttributes_time_s": "2021-05-27T17:13:44.245514979Z", + "payload_serviceName_s": "iam.googleapis.com", + "payload_methodName_s": "google.iam.admin.v1.ListServiceAccountKeys", + "payload_authorizationInfo_s": "[\n {\n \"resource\": \"projects/-/serviceAccounts/000000000000000000000\",\n \"permission\": \"iam.serviceAccountKeys.list\",\n \"granted\": true,\n \"resourceAttributes\": {\n \"name\": \"projects/-/serviceAccounts/000000000000000000000\"\n }\n }\n]", + "payload_resourceName_s": "projects/-/serviceAccounts/000000000000000000000", + "payload_request__type_s": "type.googleapis.com/google.iam.admin.v1.ListServiceAccountKeysRequest", + "payload_request_name_s": "projects/test-api-project-111111/serviceAccounts/000000000000000000000", + "payload_request_account_id_s": "", + "payload_request_service_account_description_s": "", + "payload_request_service_account_display_name_s": "", + "payload_response_oauth2_client_id_s": "", + "payload_response_name_s": "", + "payload_response_etag_s": "", + "payload_response_unique_id_s": "", + "payload_response_description_s": "", + "payload_response_project_id_s": "", + "payload_response_display_name_s": "", + "payload_response__type_s": "type.googleapis.com/google.iam.admin.v1.ListServiceAccountKeysResponse", + "payload_response_email_s": "", + "payload_request_private_key_type_d": "", + "payload_response_valid_before_time_seconds_d": "", + "payload_response_valid_after_time_seconds_d": "", + "payload_response_key_type_d": "", + "payload_response_key_origin_d": "", + "payload_response_private_key_type_d": "", + "payload_response_key_algorithm_d": "", + "resource_labels_service_s": "", + "resource_labels_version_s": "", + "resource_labels_location_s": "", + "resource_labels_method_s": "", + "payload_request_full_resource_name_s": "", + "payload_request_options_requested_policy_version_d": "", + "payload_request_skip_visibility_check_b": "", + "payload_request_page_token_s": "", + "Type": "GCP_IAM_CL", + "_ResourceId": "" + }, + { + "TenantId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated [UTC]": "6/3/2021, 4:11:48.323 PM", + "Computer": "", + "RawData": "", + "payload_status_code_d": "", + "payload_status_message_s": "", + "payload_request_key_types_s": "[\n 1\n]", + "payload_serviceData_permissionDelta_removedPermissions_s": "", + "payload_request_update_mask_paths_s": "", + "resource_labels_topic_id_s": "", + "payload_serviceData_policyDelta_bindingDeltas_s": "", + "payload_request_policy_auditConfigs_s": "", + "payload_request_policy_etag_s": "", + "payload_request_policy_bindings_s": "", + "payload_request_resource_s": "", + "payload_response_bindings_s": "", + "payload_response_auditConfigs_s": "", + "payload_request_page_size_d": "", + "payload_request_remove_deleted_service_accounts_b": "", + "payload_request_view_d": "", + "payload_request_parent_s": "", + "payload_request_show_deleted_b": "", + "resource_labels_role_name_s": "", + "payload_serviceData__type_s": "", + "payload_serviceData_permissionDelta_addedPermissions_s": "", + "payload_request_role_included_permissions_s": "", + "payload_request_role_title_s": "", + "payload_request_role_description_s": "", + "payload_request_role_id_s": "", + "payload_response_group_name_s": "", + "payload_response_included_permissions_s": "", + "payload_response_title_s": "", + "payload_response_group_title_s": "", + "log_name_s": "projects/test-api-project-111111/logs/cloudaudit.googleapis.com%2Fdata_access", + "insert_id_s": "x0tz2ie66sbu", + "severity_s": "INFO", + "timestamp_t [UTC]": "5/27/2021, 5:13:44.141 PM", + "resource_type_s": "service_account", + "resource_labels_email_id_s": "testloggingapi2@test-api-project-111111.iam.gserviceaccount.com", + "resource_labels_project_id_s": "test-api-project-111111", + "resource_labels_unique_id_s": "113245997248201920622", + "payload__type_s": "type.googleapis.com/google.cloud.audit.AuditLog", + "payload_authenticationInfo_principalEmail_s": "test@example.com", + "payload_authenticationInfo_principalSubject_s": "", + "payload_requestMetadata_callerIp_s": "10.10.10.10", + "payload_requestMetadata_callerSuppliedUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36,gzip(gfe)", + "payload_requestMetadata_requestAttributes_time_s": "2021-05-27T17:13:44.243284757Z", + "payload_serviceName_s": "iam.googleapis.com", + "payload_methodName_s": "google.iam.admin.v1.ListServiceAccountKeys", + "payload_authorizationInfo_s": "[\n {\n \"resource\": \"projects/-/serviceAccounts/113245997248201920622\",\n \"permission\": \"iam.serviceAccountKeys.list\",\n \"granted\": true,\n \"resourceAttributes\": {\n \"name\": \"projects/-/serviceAccounts/113245997248201920622\"\n }\n }\n]", + "payload_resourceName_s": "projects/-/serviceAccounts/113245997248201920622", + "payload_request__type_s": "type.googleapis.com/google.iam.admin.v1.ListServiceAccountKeysRequest", + "payload_request_name_s": "projects/test-api-project-111111/serviceAccounts/113245997248201920622", + "payload_request_account_id_s": "", + "payload_request_service_account_description_s": "", + "payload_request_service_account_display_name_s": "", + "payload_response_oauth2_client_id_s": "", + "payload_response_name_s": "", + "payload_response_etag_s": "", + "payload_response_unique_id_s": "", + "payload_response_description_s": "", + "payload_response_project_id_s": "", + "payload_response_display_name_s": "", + "payload_response__type_s": "type.googleapis.com/google.iam.admin.v1.ListServiceAccountKeysResponse", + "payload_response_email_s": "", + "payload_request_private_key_type_d": "", + "payload_response_valid_before_time_seconds_d": "", + "payload_response_valid_after_time_seconds_d": "", + "payload_response_key_type_d": "", + "payload_response_key_origin_d": "", + "payload_response_private_key_type_d": "", + "payload_response_key_algorithm_d": "", + "resource_labels_service_s": "", + "resource_labels_version_s": "", + "resource_labels_location_s": "", + "resource_labels_method_s": "", + "payload_request_full_resource_name_s": "", + "payload_request_options_requested_policy_version_d": "", + "payload_request_skip_visibility_check_b": "", + "payload_request_page_token_s": "", + "Type": "GCP_IAM_CL", + "_ResourceId": "" + }, + { + "TenantId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated [UTC]": "6/3/2021, 4:11:48.323 PM", + "Computer": "", + "RawData": "", + "payload_status_code_d": "", + "payload_status_message_s": "", + "payload_request_key_types_s": "[\n 1\n]", + "payload_serviceData_permissionDelta_removedPermissions_s": "", + "payload_request_update_mask_paths_s": "", + "resource_labels_topic_id_s": "", + "payload_serviceData_policyDelta_bindingDeltas_s": "", + "payload_request_policy_auditConfigs_s": "", + "payload_request_policy_etag_s": "", + "payload_request_policy_bindings_s": "", + "payload_request_resource_s": "", + "payload_response_bindings_s": "", + "payload_response_auditConfigs_s": "", + "payload_request_page_size_d": "", + "payload_request_remove_deleted_service_accounts_b": "", + "payload_request_view_d": "", + "payload_request_parent_s": "", + "payload_request_show_deleted_b": "", + "resource_labels_role_name_s": "", + "payload_serviceData__type_s": "", + "payload_serviceData_permissionDelta_addedPermissions_s": "", + "payload_request_role_included_permissions_s": "", + "payload_request_role_title_s": "", + "payload_request_role_description_s": "", + "payload_request_role_id_s": "", + "payload_response_group_name_s": "", + "payload_response_included_permissions_s": "", + "payload_response_title_s": "", + "payload_response_group_title_s": "", + "log_name_s": "projects/test-api-project-111111/logs/cloudaudit.googleapis.com%2Fdata_access", + "insert_id_s": "x0tz2ie66sbv", + "severity_s": "INFO", + "timestamp_t [UTC]": "5/27/2021, 5:13:44.144 PM", + "resource_type_s": "service_account", + "resource_labels_email_id_s": "iam-logs-to-azure-sentinel-acc@test-api-project-111111.iam.gserviceaccount.com", + "resource_labels_project_id_s": "test-api-project-111111", + "resource_labels_unique_id_s": "103635188767181747491", + "payload__type_s": "type.googleapis.com/google.cloud.audit.AuditLog", + "payload_authenticationInfo_principalEmail_s": "test@example.com", + "payload_authenticationInfo_principalSubject_s": "", + "payload_requestMetadata_callerIp_s": "10.10.10.10", + "payload_requestMetadata_callerSuppliedUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36,gzip(gfe)", + "payload_requestMetadata_requestAttributes_time_s": "2021-05-27T17:13:44.246183964Z", + "payload_serviceName_s": "iam.googleapis.com", + "payload_methodName_s": "google.iam.admin.v1.ListServiceAccountKeys", + "payload_authorizationInfo_s": "[\n {\n \"resource\": \"projects/-/serviceAccounts/103635188767181747491\",\n \"permission\": \"iam.serviceAccountKeys.list\",\n \"granted\": true,\n \"resourceAttributes\": {\n \"name\": \"projects/-/serviceAccounts/103635188767181747491\"\n }\n }\n]", + "payload_resourceName_s": "projects/-/serviceAccounts/103635188767181747491", + "payload_request__type_s": "type.googleapis.com/google.iam.admin.v1.ListServiceAccountKeysRequest", + "payload_request_name_s": "projects/test-api-project-111111/serviceAccounts/103635188767181747491", + "payload_request_account_id_s": "", + "payload_request_service_account_description_s": "", + "payload_request_service_account_display_name_s": "", + "payload_response_oauth2_client_id_s": "", + "payload_response_name_s": "", + "payload_response_etag_s": "", + "payload_response_unique_id_s": "", + "payload_response_description_s": "", + "payload_response_project_id_s": "", + "payload_response_display_name_s": "", + "payload_response__type_s": "type.googleapis.com/google.iam.admin.v1.ListServiceAccountKeysResponse", + "payload_response_email_s": "", + "payload_request_private_key_type_d": "", + "payload_response_valid_before_time_seconds_d": "", + "payload_response_valid_after_time_seconds_d": "", + "payload_response_key_type_d": "", + "payload_response_key_origin_d": "", + "payload_response_private_key_type_d": "", + "payload_response_key_algorithm_d": "", + "resource_labels_service_s": "", + "resource_labels_version_s": "", + "resource_labels_location_s": "", + "resource_labels_method_s": "", + "payload_request_full_resource_name_s": "", + "payload_request_options_requested_policy_version_d": "", + "payload_request_skip_visibility_check_b": "", + "payload_request_page_token_s": "", + "Type": "GCP_IAM_CL", + "_ResourceId": "" + }, + { + "TenantId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated [UTC]": "6/3/2021, 4:11:48.323 PM", + "Computer": "", + "RawData": "", + "payload_status_code_d": "", + "payload_status_message_s": "", + "payload_request_key_types_s": "[\n 1\n]", + "payload_serviceData_permissionDelta_removedPermissions_s": "", + "payload_request_update_mask_paths_s": "", + "resource_labels_topic_id_s": "", + "payload_serviceData_policyDelta_bindingDeltas_s": "", + "payload_request_policy_auditConfigs_s": "", + "payload_request_policy_etag_s": "", + "payload_request_policy_bindings_s": "", + "payload_request_resource_s": "", + "payload_response_bindings_s": "", + "payload_response_auditConfigs_s": "", + "payload_request_page_size_d": "", + "payload_request_remove_deleted_service_accounts_b": "", + "payload_request_view_d": "", + "payload_request_parent_s": "", + "payload_request_show_deleted_b": "", + "resource_labels_role_name_s": "", + "payload_serviceData__type_s": "", + "payload_serviceData_permissionDelta_addedPermissions_s": "", + "payload_request_role_included_permissions_s": "", + "payload_request_role_title_s": "", + "payload_request_role_description_s": "", + "payload_request_role_id_s": "", + "payload_response_group_name_s": "", + "payload_response_included_permissions_s": "", + "payload_response_title_s": "", + "payload_response_group_title_s": "", + "log_name_s": "projects/test-api-project-111111/logs/cloudaudit.googleapis.com%2Fdata_access", + "insert_id_s": "x0tz2ie66snw", + "severity_s": "INFO", + "timestamp_t [UTC]": "5/27/2021, 5:13:51.297 PM", + "resource_type_s": "service_account", + "resource_labels_email_id_s": "testloggingapi@test-api-project-111111.iam.gserviceaccount.com", + "resource_labels_project_id_s": "test-api-project-111111", + "resource_labels_unique_id_s": "111111111111111111111", + "payload__type_s": "type.googleapis.com/google.cloud.audit.AuditLog", + "payload_authenticationInfo_principalEmail_s": "test@example.com", + "payload_authenticationInfo_principalSubject_s": "user:test@example.com", + "payload_requestMetadata_callerIp_s": "10.10.10.10", + "payload_requestMetadata_callerSuppliedUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36,gzip(gfe)", + "payload_requestMetadata_requestAttributes_time_s": "2021-05-27T17:13:51.342725418Z", + "payload_serviceName_s": "iam.googleapis.com", + "payload_methodName_s": "google.iam.admin.v1.ListServiceAccountKeys", + "payload_authorizationInfo_s": "[\n {\n \"resource\": \"projects/-/serviceAccounts/111111111111111111111\",\n \"permission\": \"iam.serviceAccountKeys.list\",\n \"granted\": true,\n \"resourceAttributes\": {\n \"name\": \"projects/-/serviceAccounts/111111111111111111111\"\n }\n }\n]", + "payload_resourceName_s": "projects/-/serviceAccounts/111111111111111111111", + "payload_request__type_s": "type.googleapis.com/google.iam.admin.v1.ListServiceAccountKeysRequest", + "payload_request_name_s": "projects/test-api-project-111111/serviceAccounts/111111111111111111111", + "payload_request_account_id_s": "", + "payload_request_service_account_description_s": "", + "payload_request_service_account_display_name_s": "", + "payload_response_oauth2_client_id_s": "", + "payload_response_name_s": "", + "payload_response_etag_s": "", + "payload_response_unique_id_s": "", + "payload_response_description_s": "", + "payload_response_project_id_s": "", + "payload_response_display_name_s": "", + "payload_response__type_s": "type.googleapis.com/google.iam.admin.v1.ListServiceAccountKeysResponse", + "payload_response_email_s": "", + "payload_request_private_key_type_d": "", + "payload_response_valid_before_time_seconds_d": "", + "payload_response_valid_after_time_seconds_d": "", + "payload_response_key_type_d": "", + "payload_response_key_origin_d": "", + "payload_response_private_key_type_d": "", + "payload_response_key_algorithm_d": "", + "resource_labels_service_s": "", + "resource_labels_version_s": "", + "resource_labels_location_s": "", + "resource_labels_method_s": "", + "payload_request_full_resource_name_s": "", + "payload_request_options_requested_policy_version_d": "", + "payload_request_skip_visibility_check_b": "", + "payload_request_page_token_s": "", + "Type": "GCP_IAM_CL", + "_ResourceId": "" + }, + { + "TenantId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated [UTC]": "6/3/2021, 4:11:48.323 PM", + "Computer": "", + "RawData": "", + "payload_status_code_d": "", + "payload_status_message_s": "", + "payload_request_key_types_s": "", + "payload_serviceData_permissionDelta_removedPermissions_s": "", + "payload_request_update_mask_paths_s": "", + "resource_labels_topic_id_s": "", + "payload_serviceData_policyDelta_bindingDeltas_s": "", + "payload_request_policy_auditConfigs_s": "", + "payload_request_policy_etag_s": "", + "payload_request_policy_bindings_s": "", + "payload_request_resource_s": "", + "payload_response_bindings_s": "", + "payload_response_auditConfigs_s": "", + "payload_request_page_size_d": "100", + "payload_request_remove_deleted_service_accounts_b": "true", + "payload_request_view_d": "", + "payload_request_parent_s": "", + "payload_request_show_deleted_b": "", + "resource_labels_role_name_s": "", + "payload_serviceData__type_s": "", + "payload_serviceData_permissionDelta_addedPermissions_s": "", + "payload_request_role_included_permissions_s": "", + "payload_request_role_title_s": "", + "payload_request_role_description_s": "", + "payload_request_role_id_s": "", + "payload_response_group_name_s": "", + "payload_response_included_permissions_s": "", + "payload_response_title_s": "", + "payload_response_group_title_s": "", + "log_name_s": "projects/test-api-project-111111/logs/cloudaudit.googleapis.com%2Fdata_access", + "insert_id_s": "vczv22eixrhb", + "severity_s": "INFO", + "timestamp_t [UTC]": "5/31/2021, 8:34:05.331 AM", + "resource_type_s": "api", + "resource_labels_email_id_s": "", + "resource_labels_project_id_s": "test-api-project-111111", + "resource_labels_unique_id_s": "", + "payload__type_s": "type.googleapis.com/google.cloud.audit.AuditLog", + "payload_authenticationInfo_principalEmail_s": "test@example.com", + "payload_authenticationInfo_principalSubject_s": "user:test@example.com", + "payload_requestMetadata_callerIp_s": "10.10.10.10", + "payload_requestMetadata_callerSuppliedUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36,gzip(gfe)", + "payload_requestMetadata_requestAttributes_time_s": "2021-05-31T08:34:05.445668910Z", + "payload_serviceName_s": "iam.googleapis.com", + "payload_methodName_s": "google.iam.admin.v1.ListServiceAccounts", + "payload_authorizationInfo_s": "[\n {\n \"resource\": \"projects/test-api-project-111111\",\n \"permission\": \"iam.serviceAccounts.list\",\n \"granted\": true,\n \"resourceAttributes\": {}\n }\n]", + "payload_resourceName_s": "projects/test-api-project-111111", + "payload_request__type_s": "type.googleapis.com/google.iam.admin.v1.ListServiceAccountsRequest", + "payload_request_name_s": "projects/test-api-project-111111", + "payload_request_account_id_s": "", + "payload_request_service_account_description_s": "", + "payload_request_service_account_display_name_s": "", + "payload_response_oauth2_client_id_s": "", + "payload_response_name_s": "", + "payload_response_etag_s": "", + "payload_response_unique_id_s": "", + "payload_response_description_s": "", + "payload_response_project_id_s": "", + "payload_response_display_name_s": "", + "payload_response__type_s": "", + "payload_response_email_s": "", + "payload_request_private_key_type_d": "", + "payload_response_valid_before_time_seconds_d": "", + "payload_response_valid_after_time_seconds_d": "", + "payload_response_key_type_d": "", + "payload_response_key_origin_d": "", + "payload_response_private_key_type_d": "", + "payload_response_key_algorithm_d": "", + "resource_labels_service_s": "iam.googleapis.com", + "resource_labels_version_s": "v1", + "resource_labels_location_s": "global", + "resource_labels_method_s": "google.iam.admin.v1.ListServiceAccounts", + "payload_request_full_resource_name_s": "", + "payload_request_options_requested_policy_version_d": "", + "payload_request_skip_visibility_check_b": "", + "payload_request_page_token_s": "", + "Type": "GCP_IAM_CL", + "_ResourceId": "" + }, + { + "TenantId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated [UTC]": "6/3/2021, 4:11:48.323 PM", + "Computer": "", + "RawData": "", + "payload_status_code_d": "", + "payload_status_message_s": "", + "payload_request_key_types_s": "", + "payload_serviceData_permissionDelta_removedPermissions_s": "", + "payload_request_update_mask_paths_s": "", + "resource_labels_topic_id_s": "", + "payload_serviceData_policyDelta_bindingDeltas_s": "", + "payload_request_policy_auditConfigs_s": "", + "payload_request_policy_etag_s": "", + "payload_request_policy_bindings_s": "", + "payload_request_resource_s": "", + "payload_response_bindings_s": "", + "payload_response_auditConfigs_s": "", + "payload_request_page_size_d": "100", + "payload_request_remove_deleted_service_accounts_b": "true", + "payload_request_view_d": "", + "payload_request_parent_s": "", + "payload_request_show_deleted_b": "", + "resource_labels_role_name_s": "", + "payload_serviceData__type_s": "", + "payload_serviceData_permissionDelta_addedPermissions_s": "", + "payload_request_role_included_permissions_s": "", + "payload_request_role_title_s": "", + "payload_request_role_description_s": "", + "payload_request_role_id_s": "", + "payload_response_group_name_s": "", + "payload_response_included_permissions_s": "", + "payload_response_title_s": "", + "payload_response_group_title_s": "", + "log_name_s": "projects/test-api-project-111111/logs/cloudaudit.googleapis.com%2Fdata_access", + "insert_id_s": "4gbrtieiwlp2", + "severity_s": "INFO", + "timestamp_t [UTC]": "5/31/2021, 8:34:05.619 AM", + "resource_type_s": "api", + "resource_labels_email_id_s": "", + "resource_labels_project_id_s": "test-api-project-111111", + "resource_labels_unique_id_s": "", + "payload__type_s": "type.googleapis.com/google.cloud.audit.AuditLog", + "payload_authenticationInfo_principalEmail_s": "test@example.com", + "payload_authenticationInfo_principalSubject_s": "user:test@example.com", + "payload_requestMetadata_callerIp_s": "10.10.10.10", + "payload_requestMetadata_callerSuppliedUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36,gzip(gfe)", + "payload_requestMetadata_requestAttributes_time_s": "2021-05-31T08:34:05.742510752Z", + "payload_serviceName_s": "iam.googleapis.com", + "payload_methodName_s": "google.iam.admin.v1.ListServiceAccounts", + "payload_authorizationInfo_s": "[\n {\n \"resource\": \"projects/test-api-project-111111\",\n \"permission\": \"iam.serviceAccounts.list\",\n \"granted\": true,\n \"resourceAttributes\": {}\n }\n]", + "payload_resourceName_s": "projects/test-api-project-111111", + "payload_request__type_s": "type.googleapis.com/google.iam.admin.v1.ListServiceAccountsRequest", + "payload_request_name_s": "projects/test-api-project-111111", + "payload_request_account_id_s": "", + "payload_request_service_account_description_s": "", + "payload_request_service_account_display_name_s": "", + "payload_response_oauth2_client_id_s": "", + "payload_response_name_s": "", + "payload_response_etag_s": "", + "payload_response_unique_id_s": "", + "payload_response_description_s": "", + "payload_response_project_id_s": "", + "payload_response_display_name_s": "", + "payload_response__type_s": "", + "payload_response_email_s": "", + "payload_request_private_key_type_d": "", + "payload_response_valid_before_time_seconds_d": "", + "payload_response_valid_after_time_seconds_d": "", + "payload_response_key_type_d": "", + "payload_response_key_origin_d": "", + "payload_response_private_key_type_d": "", + "payload_response_key_algorithm_d": "", + "resource_labels_service_s": "iam.googleapis.com", + "resource_labels_version_s": "v1", + "resource_labels_location_s": "global", + "resource_labels_method_s": "google.iam.admin.v1.ListServiceAccounts", + "payload_request_full_resource_name_s": "", + "payload_request_options_requested_policy_version_d": "", + "payload_request_skip_visibility_check_b": "", + "payload_request_page_token_s": "", + "Type": "GCP_IAM_CL", + "_ResourceId": "" + }, + { + "TenantId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated [UTC]": "6/3/2021, 4:11:48.323 PM", + "Computer": "", + "RawData": "", + "payload_status_code_d": "", + "payload_status_message_s": "", + "payload_request_key_types_s": "", + "payload_serviceData_permissionDelta_removedPermissions_s": "", + "payload_request_update_mask_paths_s": "", + "resource_labels_topic_id_s": "", + "payload_serviceData_policyDelta_bindingDeltas_s": "", + "payload_request_policy_auditConfigs_s": "", + "payload_request_policy_etag_s": "", + "payload_request_policy_bindings_s": "", + "payload_request_resource_s": "", + "payload_response_bindings_s": "", + "payload_response_auditConfigs_s": "", + "payload_request_page_size_d": "", + "payload_request_remove_deleted_service_accounts_b": "", + "payload_request_view_d": "", + "payload_request_parent_s": "", + "payload_request_show_deleted_b": "", + "resource_labels_role_name_s": "", + "payload_serviceData__type_s": "", + "payload_serviceData_permissionDelta_addedPermissions_s": "", + "payload_request_role_included_permissions_s": "", + "payload_request_role_title_s": "", + "payload_request_role_description_s": "", + "payload_request_role_id_s": "", + "payload_response_group_name_s": "", + "payload_response_included_permissions_s": "", + "payload_response_title_s": "", + "payload_response_group_title_s": "", + "log_name_s": "projects/test-api-project-111111/logs/cloudaudit.googleapis.com%2Fdata_access", + "insert_id_s": "1k1z7a9e27hvy", + "severity_s": "INFO", + "timestamp_t [UTC]": "6/3/2021, 12:49:49.595 PM", + "resource_type_s": "api", + "resource_labels_email_id_s": "", + "resource_labels_project_id_s": "test-api-project-111111", + "resource_labels_unique_id_s": "", + "payload__type_s": "type.googleapis.com/google.cloud.audit.AuditLog", + "payload_authenticationInfo_principalEmail_s": "test@example.com", + "payload_authenticationInfo_principalSubject_s": "user:test@example.com", + "payload_requestMetadata_callerIp_s": "10.10.10.10", + "payload_requestMetadata_callerSuppliedUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36,gzip(gfe)", + "payload_requestMetadata_requestAttributes_time_s": "2021-06-03T12:49:49.767497201Z", + "payload_serviceName_s": "iam.googleapis.com", + "payload_methodName_s": "google.iam.admin.v1.QueryGrantableRoles", + "payload_authorizationInfo_s": "[\n {\n \"resource\": \"projects/test-api-project-111111\",\n \"permission\": \"resourcemanager.projects.getIamPolicy\",\n \"granted\": true,\n \"resourceAttributes\": {}\n }\n]", + "payload_resourceName_s": "//cloudresourcemanager.googleapis.com/projects/test-api-project-111111", + "payload_request__type_s": "type.googleapis.com/google.iam.admin.v1.QueryGrantableRolesRequest", + "payload_request_name_s": "", + "payload_request_account_id_s": "", + "payload_request_service_account_description_s": "", + "payload_request_service_account_display_name_s": "", + "payload_response_oauth2_client_id_s": "", + "payload_response_name_s": "", + "payload_response_etag_s": "", + "payload_response_unique_id_s": "", + "payload_response_description_s": "", + "payload_response_project_id_s": "", + "payload_response_display_name_s": "", + "payload_response__type_s": "", + "payload_response_email_s": "", + "payload_request_private_key_type_d": "", + "payload_response_valid_before_time_seconds_d": "", + "payload_response_valid_after_time_seconds_d": "", + "payload_response_key_type_d": "", + "payload_response_key_origin_d": "", + "payload_response_private_key_type_d": "", + "payload_response_key_algorithm_d": "", + "resource_labels_service_s": "iam.googleapis.com", + "resource_labels_version_s": "v1", + "resource_labels_location_s": "global", + "resource_labels_method_s": "google.iam.admin.v1.QueryGrantableRoles", + "payload_request_full_resource_name_s": "//cloudresourcemanager.googleapis.com/projects/test-api-project-111111", + "payload_request_options_requested_policy_version_d": "", + "payload_request_skip_visibility_check_b": "true", + "payload_request_page_token_s": "", + "Type": "GCP_IAM_CL", + "_ResourceId": "" + }, + { + "TenantId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated [UTC]": "6/3/2021, 4:11:48.323 PM", + "Computer": "", + "RawData": "", + "payload_status_code_d": "", + "payload_status_message_s": "", + "payload_request_key_types_s": "", + "payload_serviceData_permissionDelta_removedPermissions_s": "", + "payload_request_update_mask_paths_s": "", + "resource_labels_topic_id_s": "", + "payload_serviceData_policyDelta_bindingDeltas_s": "", + "payload_request_policy_auditConfigs_s": "", + "payload_request_policy_etag_s": "", + "payload_request_policy_bindings_s": "", + "payload_request_resource_s": "", + "payload_response_bindings_s": "", + "payload_response_auditConfigs_s": "", + "payload_request_page_size_d": "", + "payload_request_remove_deleted_service_accounts_b": "", + "payload_request_view_d": "", + "payload_request_parent_s": "", + "payload_request_show_deleted_b": "", + "resource_labels_role_name_s": "", + "payload_serviceData__type_s": "", + "payload_serviceData_permissionDelta_addedPermissions_s": "", + "payload_request_role_included_permissions_s": "", + "payload_request_role_title_s": "", + "payload_request_role_description_s": "", + "payload_request_role_id_s": "", + "payload_response_group_name_s": "", + "payload_response_included_permissions_s": "", + "payload_response_title_s": "", + "payload_response_group_title_s": "", + "log_name_s": "projects/test-api-project-111111/logs/cloudaudit.googleapis.com%2Fdata_access", + "insert_id_s": "1k1z7a9e27hw2", + "severity_s": "INFO", + "timestamp_t [UTC]": "6/3/2021, 12:49:49.596 PM", + "resource_type_s": "api", + "resource_labels_email_id_s": "", + "resource_labels_project_id_s": "test-api-project-111111", + "resource_labels_unique_id_s": "", + "payload__type_s": "type.googleapis.com/google.cloud.audit.AuditLog", + "payload_authenticationInfo_principalEmail_s": "test@example.com", + "payload_authenticationInfo_principalSubject_s": "user:test@example.com", + "payload_requestMetadata_callerIp_s": "10.10.10.10", + "payload_requestMetadata_callerSuppliedUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36,gzip(gfe)", + "payload_requestMetadata_requestAttributes_time_s": "2021-06-03T12:49:49.804206251Z", + "payload_serviceName_s": "iam.googleapis.com", + "payload_methodName_s": "google.iam.admin.v1.QueryGrantableRoles", + "payload_authorizationInfo_s": "[\n {\n \"resource\": \"projects/test-api-project-111111\",\n \"permission\": \"resourcemanager.projects.getIamPolicy\",\n \"granted\": true,\n \"resourceAttributes\": {}\n }\n]", + "payload_resourceName_s": "//cloudresourcemanager.googleapis.com/projects/test-api-project-111111", + "payload_request__type_s": "type.googleapis.com/google.iam.admin.v1.QueryGrantableRolesRequest", + "payload_request_name_s": "", + "payload_request_account_id_s": "", + "payload_request_service_account_description_s": "", + "payload_request_service_account_display_name_s": "", + "payload_response_oauth2_client_id_s": "", + "payload_response_name_s": "", + "payload_response_etag_s": "", + "payload_response_unique_id_s": "", + "payload_response_description_s": "", + "payload_response_project_id_s": "", + "payload_response_display_name_s": "", + "payload_response__type_s": "", + "payload_response_email_s": "", + "payload_request_private_key_type_d": "", + "payload_response_valid_before_time_seconds_d": "", + "payload_response_valid_after_time_seconds_d": "", + "payload_response_key_type_d": "", + "payload_response_key_origin_d": "", + "payload_response_private_key_type_d": "", + "payload_response_key_algorithm_d": "", + "resource_labels_service_s": "iam.googleapis.com", + "resource_labels_version_s": "v1", + "resource_labels_location_s": "global", + "resource_labels_method_s": "google.iam.admin.v1.QueryGrantableRoles", + "payload_request_full_resource_name_s": "//cloudresourcemanager.googleapis.com/projects/test-api-project-111111", + "payload_request_options_requested_policy_version_d": "", + "payload_request_skip_visibility_check_b": "", + "payload_request_page_token_s": "", + "Type": "GCP_IAM_CL", + "_ResourceId": "" + } +] \ No newline at end of file