1. Introduction
Hello! We are a writer team from Definer Inc.
In this issue, you are wondering about the use of Anomaly detection.
Let's take a look at the actual screens and resources to explain in detail.
In this issue, you are wondering about the use of Anomaly detection.
Let's take a look at the actual screens and resources to explain in detail.
2. Purpose/Use Cases
This article summarizes information and practices that can be helpful when you want to use Audit Logs (Audit Logs) to detect anomalies in GCP.
3. About Audit Logs in Google Cloud
Cloud providers such as GCP, AWS, and Azure offer audit logs.
This is a detailed record of events (such as API call history) that are occurring in your account.
Google Cloud's Audit Logs include four types of logs.
・Management Activity Audit Logs
These logs are related to API calls that modify resource settings or metadata.
For example, a user creating a VM instance or changing Identity and Access Management (IAM) permissions.
This log is always written and cannot be disabled or edited.
・Data Access Audit Log
This log records resource settings and API calls that reference metadata.
This log is turned off by default due to the possibility of data size bloat and cost.
・System Event Audit Log
Actions that Google Cloud takes to change the configuration of a resource are written to this log.
This log is always written and cannot be disabled or edited.
・Policy Rejection Audit Log
Logs when a user or service account is denied access by Google Cloud due to a security policy violation.
This log is enabled by default, but can be disabled.
This is a detailed record of events (such as API call history) that are occurring in your account.
Google Cloud's Audit Logs include four types of logs.
・Management Activity Audit Logs
These logs are related to API calls that modify resource settings or metadata.
For example, a user creating a VM instance or changing Identity and Access Management (IAM) permissions.
This log is always written and cannot be disabled or edited.
・Data Access Audit Log
This log records resource settings and API calls that reference metadata.
This log is turned off by default due to the possibility of data size bloat and cost.
・System Event Audit Log
Actions that Google Cloud takes to change the configuration of a resource are written to this log.
This log is always written and cannot be disabled or edited.
・Policy Rejection Audit Log
Logs when a user or service account is denied access by Google Cloud due to a security policy violation.
This log is enabled by default, but can be disabled.
4. Audit Logs monitoring settings
Next, we will set up monitoring for specific API calls.
(1) Create an alert
Log in to Google Cloud and access "Log Explorer".
Filter specific API calls and go to "Create Alert".
Under Notification Channels, select the channels you wish to be notified about and click "Save".
There are many options for notification channels, including Slack, Email, SMS and Pub/Sub.
In this case, we chose Email.
(2) Confirmation of Notification
We have confirmed that you can receive an Email when you call the corresponding API!
(1) Create an alert
Log in to Google Cloud and access "Log Explorer".
Filter specific API calls and go to "Create Alert".
Under Notification Channels, select the channels you wish to be notified about and click "Save".
There are many options for notification channels, including Slack, Email, SMS and Pub/Sub.
In this case, we chose Email.
(2) Confirmation of Notification
We have confirmed that you can receive an Email when you call the corresponding API!
5. Cited/Referenced Articles
6. About the proprietary solution "PrismScaler"
・PrismScaler is a web service that enables the construction of multi-cloud infrastructures such as AWS, Azure, and GCP in just three steps, without requiring development and operation.
・PrismScaler is a web service that enables multi-cloud infrastructure construction such as AWS, Azure, GCP, etc. in just 3 steps without development and operation.
・The solution is designed for a wide range of usage scenarios such as cloud infrastructure construction/cloud migration, cloud maintenance and operation, and cost optimization, and can easily realize more than several hundred high-quality general-purpose cloud infrastructures by appropriately combining IaaS and PaaS.
・PrismScaler is a web service that enables multi-cloud infrastructure construction such as AWS, Azure, GCP, etc. in just 3 steps without development and operation.
・The solution is designed for a wide range of usage scenarios such as cloud infrastructure construction/cloud migration, cloud maintenance and operation, and cost optimization, and can easily realize more than several hundred high-quality general-purpose cloud infrastructures by appropriately combining IaaS and PaaS.
7. Contact us
This article provides useful introductory information free of charge. For consultation and inquiries, please contact "Definer Inc".
8. Regarding Definer
・Definer Inc. provides one-stop solutions from upstream to downstream of IT.
・We are committed to providing integrated support for advanced IT technologies such as AI and cloud IT infrastructure, from consulting to requirement definition/design development/implementation, and maintenance and operation.
・We are committed to providing integrated support for advanced IT technologies such as AI and cloud IT infrastructure, from consulting to requirement definition, design development, implementation, maintenance, and operation.
・PrismScaler is a high-quality, rapid, "auto-configuration," "auto-monitoring," "problem detection," and "configuration visualization" for multi-cloud/IT infrastructure such as AWS, Azure, and GCP.
・We are committed to providing integrated support for advanced IT technologies such as AI and cloud IT infrastructure, from consulting to requirement definition/design development/implementation, and maintenance and operation.
・We are committed to providing integrated support for advanced IT technologies such as AI and cloud IT infrastructure, from consulting to requirement definition, design development, implementation, maintenance, and operation.
・PrismScaler is a high-quality, rapid, "auto-configuration," "auto-monitoring," "problem detection," and "configuration visualization" for multi-cloud/IT infrastructure such as AWS, Azure, and GCP.