LoFP / storage buckets being modified or deleted may be performed by a system administrator. verify whether the user identity, user agent, and/or hostname should be making changes in your environment.

Techniques

Sample rules

Google Cloud Storage Buckets Modified or Deleted

• source: sigma
• technicques:

Description

Detects when storage bucket is modified or deleted in Google Cloud.

Detection logic

condition: selection
selection:
  gcp.audit.method_name:
  - storage.buckets.delete
  - storage.buckets.insert
  - storage.buckets.update
  - storage.buckets.patch