LoFP LoFP / sql database being modified or deleted may be performed by a system administrator.

Techniques

Sample rules

Google Cloud SQL Database Modified or Deleted

Description

Detect when a Cloud SQL DB has been modified or deleted.

Detection logic

condition: selection
selection:
  gcp.audit.method_name:
  - cloudsql.instances.create
  - cloudsql.instances.delete
  - cloudsql.users.update
  - cloudsql.users.delete