gcp-audit-logs
1
总安装量
1
周安装量
#50545
全站排名
安装命令
npx skills add https://github.com/bagelhole/devops-security-agent-skills --skill gcp-audit-logs
Agent 安装分布
opencode
1
codex
1
claude-code
1
Skill 文档
GCP Audit Logs
Audit GCP activity with Cloud Audit Logs.
Audit Log Types
log_types:
admin_activity:
- Always enabled
- API calls that modify resources
- No charge
data_access:
- Must be enabled
- Read/write data operations
- Can be high volume
system_event:
- Always enabled
- GCP system actions
policy_denied:
- Always enabled
- Access denials
Enable Data Access Logs
# Enable for all services
gcloud logging sinks create audit-sink \
storage.googleapis.com/audit-logs-bucket \
--log-filter='logName:"cloudaudit.googleapis.com"'
# IAM policy for data access logs
gcloud projects get-iam-policy PROJECT_ID > policy.yaml
# Add auditConfigs section
gcloud projects set-iam-policy PROJECT_ID policy.yaml
BigQuery Analysis
-- Query audit logs from BigQuery export
SELECT
timestamp,
protopayload_auditlog.authenticationInfo.principalEmail,
protopayload_auditlog.methodName,
resource.labels.project_id
FROM `project.dataset.cloudaudit_googleapis_com_activity_*`
WHERE timestamp > TIMESTAMP_SUB(CURRENT_TIMESTAMP(), INTERVAL 7 DAY)
AND protopayload_auditlog.methodName LIKE '%delete%'
ORDER BY timestamp DESC
Best Practices
- Export to BigQuery for analysis
- Configure log retention
- Enable data access logs for sensitive resources
- Set up alerting policies