Google Cloud Re-identifies Sensitive Information
Identifies when sensitive information is re-identified in google Cloud.
Sigma rule (View on GitHub)
1title: Google Cloud Re-identifies Sensitive Information
2id: 234f9f48-904b-4736-a34c-55d23919e4b7
3status: test
4description: Identifies when sensitive information is re-identified in google Cloud.
5references:
6 - https://cloud.google.com/dlp/docs/reference/rest/v2/projects.content/reidentify
7author: Austin Songer @austinsonger
8date: 2021-08-15
9modified: 2022-10-09
10tags:
11 - attack.impact
12 - attack.t1565
13logsource:
14 product: gcp
15 service: gcp.audit
16detection:
17 selection:
18 gcp.audit.method_name: projects.content.reidentify
19 condition: selection
20falsepositives:
21 - Unknown
22level: medium
References
-
parent string Required. Parent resource name. The format of this value varies depending on whether you have specified a processing location: Projects scope, location specified: projects/{projectId}...
Read More
Related rules
- AWS EC2 Disable EBS Encryption
- Powershell Add Name Resolution Policy Table Rule
- AADInternals PowerShell Cmdlets Execution - ProccessCreation
- AADInternals PowerShell Cmdlets Execution - PsScript
- AWS EFS Fileshare Modified or Deleted