本文档介绍了 Security Center Management API 的审核日志记录。 Google Cloud 服务会生成审核日志,以记录 Google Cloud 资源中的管理和访问活动。如需详细了解 Cloud Audit Logs,请参阅以下内容:
服务名称
Security Center Management API 审核日志使用服务名称 securitycentermanagement.googleapis.com。
针对此服务的过滤条件:
protoPayload.serviceName="securitycentermanagement.googleapis.com"
方法(按权限类型)
每个 IAM 权限都有一个 type 属性,该属性的值是一个枚举,可以是以下四个值之一:ADMIN_READ、ADMIN_WRITE、DATA_READ 或 DATA_WRITE。当您调用某个方法时,Security Center Management API 会生成一个审核日志,其类别取决于执行该方法所需权限的 type 属性。需要 IAM 权限且 type 属性值为 DATA_READ、DATA_WRITE 或 ADMIN_READ 的方法会生成数据访问审核日志。需要 IAM 权限且 type 属性值为 ADMIN_WRITE 的方法会生成管理员活动审核日志。
| 权限类型 | 方法 |
|---|---|
ADMIN_READ |
google.cloud.securitycentermanagement.v1.SecurityCenterManagement.GetEffectiveEventThreatDetectionCustomModulegoogle.cloud.securitycentermanagement.v1.SecurityCenterManagement.GetEffectiveSecurityHealthAnalyticsCustomModulegoogle.cloud.securitycentermanagement.v1.SecurityCenterManagement.GetEventThreatDetectionCustomModulegoogle.cloud.securitycentermanagement.v1.SecurityCenterManagement.GetSecurityCenterServicegoogle.cloud.securitycentermanagement.v1.SecurityCenterManagement.GetSecurityHealthAnalyticsCustomModulegoogle.cloud.securitycentermanagement.v1.SecurityCenterManagement.ListDescendantEventThreatDetectionCustomModulesgoogle.cloud.securitycentermanagement.v1.SecurityCenterManagement.ListDescendantSecurityHealthAnalyticsCustomModulesgoogle.cloud.securitycentermanagement.v1.SecurityCenterManagement.ListEffectiveEventThreatDetectionCustomModulesgoogle.cloud.securitycentermanagement.v1.SecurityCenterManagement.ListEffectiveSecurityHealthAnalyticsCustomModulesgoogle.cloud.securitycentermanagement.v1.SecurityCenterManagement.ListEventThreatDetectionCustomModulesgoogle.cloud.securitycentermanagement.v1.SecurityCenterManagement.ListSecurityCenterServicesgoogle.cloud.securitycentermanagement.v1.SecurityCenterManagement.ListSecurityHealthAnalyticsCustomModulesgoogle.cloud.securitycentermanagement.v1.SecurityCenterManagement.SimulateSecurityHealthAnalyticsCustomModulegoogle.cloud.securitycentermanagement.v1.SecurityCenterManagement.ValidateEventThreatDetectionCustomModule |
ADMIN_WRITE |
google.cloud.securitycentermanagement.v1.SecurityCenterManagement.CreateEventThreatDetectionCustomModulegoogle.cloud.securitycentermanagement.v1.SecurityCenterManagement.CreateSecurityHealthAnalyticsCustomModulegoogle.cloud.securitycentermanagement.v1.SecurityCenterManagement.DeleteEventThreatDetectionCustomModulegoogle.cloud.securitycentermanagement.v1.SecurityCenterManagement.DeleteSecurityHealthAnalyticsCustomModulegoogle.cloud.securitycentermanagement.v1.SecurityCenterManagement.UpdateEventThreatDetectionCustomModulegoogle.cloud.securitycentermanagement.v1.SecurityCenterManagement.UpdateSecurityCenterServicegoogle.cloud.securitycentermanagement.v1.SecurityCenterManagement.UpdateSecurityHealthAnalyticsCustomModule |
API 接口审核日志
如需了解如何针对每种方法评估权限以及评估哪些权限,请参阅 Security Center Management API 的 Identity and Access Management 文档。
google.cloud.securitycentermanagement.v1.SecurityCenterManagement
以下审核日志与属于 google.cloud.securitycentermanagement.v1.SecurityCenterManagement 的方法相关联。
CreateEventThreatDetectionCustomModule
- 方法:
google.cloud.securitycentermanagement.v1.SecurityCenterManagement.CreateEventThreatDetectionCustomModule - 审核日志类型:管理员活动
- 权限:
securitycentermanagement.eventThreatDetectionCustomModules.create - ADMIN_WRITE
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycentermanagement.v1.SecurityCenterManagement.CreateEventThreatDetectionCustomModule"
CreateSecurityHealthAnalyticsCustomModule
- 方法:
google.cloud.securitycentermanagement.v1.SecurityCenterManagement.CreateSecurityHealthAnalyticsCustomModule - 审核日志类型:管理员活动
- 权限:
securitycentermanagement.securityHealthAnalyticsCustomModules.create - ADMIN_WRITE
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycentermanagement.v1.SecurityCenterManagement.CreateSecurityHealthAnalyticsCustomModule"
DeleteEventThreatDetectionCustomModule
- 方法:
google.cloud.securitycentermanagement.v1.SecurityCenterManagement.DeleteEventThreatDetectionCustomModule - 审核日志类型:管理员活动
- 权限:
securitycentermanagement.eventThreatDetectionCustomModules.delete - ADMIN_WRITE
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycentermanagement.v1.SecurityCenterManagement.DeleteEventThreatDetectionCustomModule"
DeleteSecurityHealthAnalyticsCustomModule
- 方法:
google.cloud.securitycentermanagement.v1.SecurityCenterManagement.DeleteSecurityHealthAnalyticsCustomModule - 审核日志类型:管理员活动
- 权限:
securitycentermanagement.securityHealthAnalyticsCustomModules.delete - ADMIN_WRITE
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycentermanagement.v1.SecurityCenterManagement.DeleteSecurityHealthAnalyticsCustomModule"
GetEffectiveEventThreatDetectionCustomModule
- 方法:
google.cloud.securitycentermanagement.v1.SecurityCenterManagement.GetEffectiveEventThreatDetectionCustomModule - 审核日志类型:数据访问
- 权限:
securitycentermanagement.effectiveEventThreatDetectionCustomModules.get - ADMIN_READ
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycentermanagement.v1.SecurityCenterManagement.GetEffectiveEventThreatDetectionCustomModule"
GetEffectiveSecurityHealthAnalyticsCustomModule
- 方法:
google.cloud.securitycentermanagement.v1.SecurityCenterManagement.GetEffectiveSecurityHealthAnalyticsCustomModule - 审核日志类型:数据访问
- 权限:
securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.get - ADMIN_READ
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycentermanagement.v1.SecurityCenterManagement.GetEffectiveSecurityHealthAnalyticsCustomModule"
GetEventThreatDetectionCustomModule
- 方法:
google.cloud.securitycentermanagement.v1.SecurityCenterManagement.GetEventThreatDetectionCustomModule - 审核日志类型:数据访问
- 权限:
securitycentermanagement.eventThreatDetectionCustomModules.get - ADMIN_READ
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycentermanagement.v1.SecurityCenterManagement.GetEventThreatDetectionCustomModule"
GetSecurityCenterService
- 方法:
google.cloud.securitycentermanagement.v1.SecurityCenterManagement.GetSecurityCenterService - 审核日志类型:数据访问
- 权限:
securitycentermanagement.securityCenterServices.get - ADMIN_READ
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycentermanagement.v1.SecurityCenterManagement.GetSecurityCenterService"
GetSecurityHealthAnalyticsCustomModule
- 方法:
google.cloud.securitycentermanagement.v1.SecurityCenterManagement.GetSecurityHealthAnalyticsCustomModule - 审核日志类型:数据访问
- 权限:
securitycentermanagement.securityHealthAnalyticsCustomModules.get - ADMIN_READ
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycentermanagement.v1.SecurityCenterManagement.GetSecurityHealthAnalyticsCustomModule"
ListDescendantEventThreatDetectionCustomModules
- 方法:
google.cloud.securitycentermanagement.v1.SecurityCenterManagement.ListDescendantEventThreatDetectionCustomModules - 审核日志类型:数据访问
- 权限:
securitycentermanagement.eventThreatDetectionCustomModules.list - ADMIN_READ
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycentermanagement.v1.SecurityCenterManagement.ListDescendantEventThreatDetectionCustomModules"
ListDescendantSecurityHealthAnalyticsCustomModules
- 方法:
google.cloud.securitycentermanagement.v1.SecurityCenterManagement.ListDescendantSecurityHealthAnalyticsCustomModules - 审核日志类型:数据访问
- 权限:
securitycentermanagement.securityHealthAnalyticsCustomModules.list - ADMIN_READ
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycentermanagement.v1.SecurityCenterManagement.ListDescendantSecurityHealthAnalyticsCustomModules"
ListEffectiveEventThreatDetectionCustomModules
- 方法:
google.cloud.securitycentermanagement.v1.SecurityCenterManagement.ListEffectiveEventThreatDetectionCustomModules - 审核日志类型:数据访问
- 权限:
securitycentermanagement.effectiveEventThreatDetectionCustomModules.list - ADMIN_READ
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycentermanagement.v1.SecurityCenterManagement.ListEffectiveEventThreatDetectionCustomModules"
ListEffectiveSecurityHealthAnalyticsCustomModules
- 方法:
google.cloud.securitycentermanagement.v1.SecurityCenterManagement.ListEffectiveSecurityHealthAnalyticsCustomModules - 审核日志类型:数据访问
- 权限:
securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.list - ADMIN_READ
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycentermanagement.v1.SecurityCenterManagement.ListEffectiveSecurityHealthAnalyticsCustomModules"
ListEventThreatDetectionCustomModules
- 方法:
google.cloud.securitycentermanagement.v1.SecurityCenterManagement.ListEventThreatDetectionCustomModules - 审核日志类型:数据访问
- 权限:
securitycentermanagement.eventThreatDetectionCustomModules.list - ADMIN_READ
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycentermanagement.v1.SecurityCenterManagement.ListEventThreatDetectionCustomModules"
ListSecurityCenterServices
- 方法:
google.cloud.securitycentermanagement.v1.SecurityCenterManagement.ListSecurityCenterServices - 审核日志类型:数据访问
- 权限:
securitycentermanagement.securityCenterServices.list - ADMIN_READ
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycentermanagement.v1.SecurityCenterManagement.ListSecurityCenterServices"
ListSecurityHealthAnalyticsCustomModules
- 方法:
google.cloud.securitycentermanagement.v1.SecurityCenterManagement.ListSecurityHealthAnalyticsCustomModules - 审核日志类型:数据访问
- 权限:
securitycentermanagement.securityHealthAnalyticsCustomModules.list - ADMIN_READ
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycentermanagement.v1.SecurityCenterManagement.ListSecurityHealthAnalyticsCustomModules"
SimulateSecurityHealthAnalyticsCustomModule
- 方法:
google.cloud.securitycentermanagement.v1.SecurityCenterManagement.SimulateSecurityHealthAnalyticsCustomModule - 审核日志类型:数据访问
- 权限:
securitycentermanagement.securityHealthAnalyticsCustomModules.simulate - ADMIN_READ
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycentermanagement.v1.SecurityCenterManagement.SimulateSecurityHealthAnalyticsCustomModule"
UpdateEventThreatDetectionCustomModule
- 方法:
google.cloud.securitycentermanagement.v1.SecurityCenterManagement.UpdateEventThreatDetectionCustomModule - 审核日志类型:管理员活动
- 权限:
securitycentermanagement.eventThreatDetectionCustomModules.update - ADMIN_WRITE
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycentermanagement.v1.SecurityCenterManagement.UpdateEventThreatDetectionCustomModule"
UpdateSecurityCenterService
- 方法:
google.cloud.securitycentermanagement.v1.SecurityCenterManagement.UpdateSecurityCenterService - 审核日志类型:管理员活动
- 权限:
securitycentermanagement.securityCenterServices.update - ADMIN_WRITE
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycentermanagement.v1.SecurityCenterManagement.UpdateSecurityCenterService"
UpdateSecurityHealthAnalyticsCustomModule
- 方法:
google.cloud.securitycentermanagement.v1.SecurityCenterManagement.UpdateSecurityHealthAnalyticsCustomModule - 审核日志类型:管理员活动
- 权限:
securitycentermanagement.securityHealthAnalyticsCustomModules.update - ADMIN_WRITE
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycentermanagement.v1.SecurityCenterManagement.UpdateSecurityHealthAnalyticsCustomModule"
ValidateEventThreatDetectionCustomModule
- 方法:
google.cloud.securitycentermanagement.v1.SecurityCenterManagement.ValidateEventThreatDetectionCustomModule - 审核日志类型:数据访问
- 权限:
securitycentermanagement.eventThreatDetectionCustomModules.validate - ADMIN_READ
- 方法是长时间运行的操作或流式传输操作:否。
- 此方法的过滤条件:
protoPayload.methodName="google.cloud.securitycentermanagement.v1.SecurityCenterManagement.ValidateEventThreatDetectionCustomModule"