LoFP / storage buckets being enumerated may be performed by a system administrator. verify whether the user identity, user agent, and/or hostname should be making changes in your environment.

Techniques

Sample rules

Google Cloud Storage Buckets Enumeration

• source: sigma
• technicques:

Description

Detects when storage bucket is enumerated in Google Cloud.

Detection logic

condition: selection
selection:
  gcp.audit.method_name:
  - storage.buckets.list
  - storage.buckets.listChannels