本文說明 Security Center Management API 的稽核記錄功能。 Google Cloud 服務會產生稽核記錄,用以記錄 Google Cloud 資源中的管理和存取活動。如要進一步瞭解 Cloud 稽核記錄,請參閱以下內容:
服務名稱
Security Center Management API 稽核記錄會使用服務名稱 securitycentermanagement.googleapis.com。如要篩選此服務,請使用:
protoPayload.serviceName="securitycentermanagement.googleapis.com"
按權限類型劃分的方法
每個 IAM 權限都具有 type 屬性,其值為以下四個列舉值之一:ADMIN_READ、ADMIN_WRITE、DATA_READ 或 DATA_WRITE。呼叫方法時,Security Center Management API 會產生一筆稽核記錄,記錄類別依執行該方法所需權限的 type 屬性而定。若方法需要的 IAM 權限,type 屬性值為 DATA_READ、DATA_WRITE 或 ADMIN_READ,就會產生資料存取稽核記錄;如果所需 IAM 權限的 type 屬性值為 ADMIN_WRITE,則會產生管理員活動稽核記錄。
| 權限類型 | 方法 |
|---|---|
ADMIN_READ |
google.cloud.securitycentermanagement.v1.SecurityCenterManagement.GetEffectiveEventThreatDetectionCustomModulegoogle.cloud.securitycentermanagement.v1.SecurityCenterManagement.GetEffectiveSecurityHealthAnalyticsCustomModulegoogle.cloud.securitycentermanagement.v1.SecurityCenterManagement.GetEventThreatDetectionCustomModulegoogle.cloud.securitycentermanagement.v1.SecurityCenterManagement.GetSecurityCenterServicegoogle.cloud.securitycentermanagement.v1.SecurityCenterManagement.GetSecurityHealthAnalyticsCustomModulegoogle.cloud.securitycentermanagement.v1.SecurityCenterManagement.ListDescendantEventThreatDetectionCustomModulesgoogle.cloud.securitycentermanagement.v1.SecurityCenterManagement.ListDescendantSecurityHealthAnalyticsCustomModulesgoogle.cloud.securitycentermanagement.v1.SecurityCenterManagement.ListEffectiveEventThreatDetectionCustomModulesgoogle.cloud.securitycentermanagement.v1.SecurityCenterManagement.ListEffectiveSecurityHealthAnalyticsCustomModulesgoogle.cloud.securitycentermanagement.v1.SecurityCenterManagement.ListEventThreatDetectionCustomModulesgoogle.cloud.securitycentermanagement.v1.SecurityCenterManagement.ListSecurityCenterServicesgoogle.cloud.securitycentermanagement.v1.SecurityCenterManagement.ListSecurityHealthAnalyticsCustomModulesgoogle.cloud.securitycentermanagement.v1.SecurityCenterManagement.SimulateSecurityHealthAnalyticsCustomModulegoogle.cloud.securitycentermanagement.v1.SecurityCenterManagement.ValidateEventThreatDetectionCustomModule |
ADMIN_WRITE |
google.cloud.securitycentermanagement.v1.SecurityCenterManagement.CreateEventThreatDetectionCustomModulegoogle.cloud.securitycentermanagement.v1.SecurityCenterManagement.CreateSecurityHealthAnalyticsCustomModulegoogle.cloud.securitycentermanagement.v1.SecurityCenterManagement.DeleteEventThreatDetectionCustomModulegoogle.cloud.securitycentermanagement.v1.SecurityCenterManagement.DeleteSecurityHealthAnalyticsCustomModulegoogle.cloud.securitycentermanagement.v1.SecurityCenterManagement.UpdateEventThreatDetectionCustomModulegoogle.cloud.securitycentermanagement.v1.SecurityCenterManagement.UpdateSecurityCenterServicegoogle.cloud.securitycentermanagement.v1.SecurityCenterManagement.UpdateSecurityHealthAnalyticsCustomModule |
API 介面稽核記錄
如要瞭解各方法所需的權限及評估方式,請參閱 Security Center Management API 的 Identity and Access Management 說明文件。
google.cloud.securitycentermanagement.v1.SecurityCenterManagement
屬於 google.cloud.securitycentermanagement.v1.SecurityCenterManagement 的方法會產生以下稽核記錄。
CreateEventThreatDetectionCustomModule
- 方法:
google.cloud.securitycentermanagement.v1.SecurityCenterManagement.CreateEventThreatDetectionCustomModule - 稽核記錄類型:管理員活動
- 權限:
securitycentermanagement.eventThreatDetectionCustomModules.create - ADMIN_WRITE
- 方法的作業種類:
非長時間執行或串流作業。
- 篩選條件:
protoPayload.methodName="google.cloud.securitycentermanagement.v1.SecurityCenterManagement.CreateEventThreatDetectionCustomModule"
CreateSecurityHealthAnalyticsCustomModule
- 方法:
google.cloud.securitycentermanagement.v1.SecurityCenterManagement.CreateSecurityHealthAnalyticsCustomModule - 稽核記錄類型:管理員活動
- 權限:
securitycentermanagement.securityHealthAnalyticsCustomModules.create - ADMIN_WRITE
- 方法的作業種類:
非長時間執行或串流作業。
- 篩選條件:
protoPayload.methodName="google.cloud.securitycentermanagement.v1.SecurityCenterManagement.CreateSecurityHealthAnalyticsCustomModule"
DeleteEventThreatDetectionCustomModule
- 方法:
google.cloud.securitycentermanagement.v1.SecurityCenterManagement.DeleteEventThreatDetectionCustomModule - 稽核記錄類型:管理員活動
- 權限:
securitycentermanagement.eventThreatDetectionCustomModules.delete - ADMIN_WRITE
- 方法的作業種類:
非長時間執行或串流作業。
- 篩選條件:
protoPayload.methodName="google.cloud.securitycentermanagement.v1.SecurityCenterManagement.DeleteEventThreatDetectionCustomModule"
DeleteSecurityHealthAnalyticsCustomModule
- 方法:
google.cloud.securitycentermanagement.v1.SecurityCenterManagement.DeleteSecurityHealthAnalyticsCustomModule - 稽核記錄類型:管理員活動
- 權限:
securitycentermanagement.securityHealthAnalyticsCustomModules.delete - ADMIN_WRITE
- 方法的作業種類:
非長時間執行或串流作業。
- 篩選條件:
protoPayload.methodName="google.cloud.securitycentermanagement.v1.SecurityCenterManagement.DeleteSecurityHealthAnalyticsCustomModule"
GetEffectiveEventThreatDetectionCustomModule
- 方法:
google.cloud.securitycentermanagement.v1.SecurityCenterManagement.GetEffectiveEventThreatDetectionCustomModule - 稽核記錄類型:資料存取
- 權限:
securitycentermanagement.effectiveEventThreatDetectionCustomModules.get - ADMIN_READ
- 方法的作業種類:
非長時間執行或串流作業。
- 篩選條件:
protoPayload.methodName="google.cloud.securitycentermanagement.v1.SecurityCenterManagement.GetEffectiveEventThreatDetectionCustomModule"
GetEffectiveSecurityHealthAnalyticsCustomModule
- 方法:
google.cloud.securitycentermanagement.v1.SecurityCenterManagement.GetEffectiveSecurityHealthAnalyticsCustomModule - 稽核記錄類型:資料存取
- 權限:
securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.get - ADMIN_READ
- 方法的作業種類:
非長時間執行或串流作業。
- 篩選條件:
protoPayload.methodName="google.cloud.securitycentermanagement.v1.SecurityCenterManagement.GetEffectiveSecurityHealthAnalyticsCustomModule"
GetEventThreatDetectionCustomModule
- 方法:
google.cloud.securitycentermanagement.v1.SecurityCenterManagement.GetEventThreatDetectionCustomModule - 稽核記錄類型:資料存取
- 權限:
securitycentermanagement.eventThreatDetectionCustomModules.get - ADMIN_READ
- 方法的作業種類:
非長時間執行或串流作業。
- 篩選條件:
protoPayload.methodName="google.cloud.securitycentermanagement.v1.SecurityCenterManagement.GetEventThreatDetectionCustomModule"
GetSecurityCenterService
- 方法:
google.cloud.securitycentermanagement.v1.SecurityCenterManagement.GetSecurityCenterService - 稽核記錄類型:資料存取
- 權限:
securitycentermanagement.securityCenterServices.get - ADMIN_READ
- 方法的作業種類:
非長時間執行或串流作業。
- 篩選條件:
protoPayload.methodName="google.cloud.securitycentermanagement.v1.SecurityCenterManagement.GetSecurityCenterService"
GetSecurityHealthAnalyticsCustomModule
- 方法:
google.cloud.securitycentermanagement.v1.SecurityCenterManagement.GetSecurityHealthAnalyticsCustomModule - 稽核記錄類型:資料存取
- 權限:
securitycentermanagement.securityHealthAnalyticsCustomModules.get - ADMIN_READ
- 方法的作業種類:
非長時間執行或串流作業。
- 篩選條件:
protoPayload.methodName="google.cloud.securitycentermanagement.v1.SecurityCenterManagement.GetSecurityHealthAnalyticsCustomModule"
ListDescendantEventThreatDetectionCustomModules
- 方法:
google.cloud.securitycentermanagement.v1.SecurityCenterManagement.ListDescendantEventThreatDetectionCustomModules - 稽核記錄類型:資料存取
- 權限:
securitycentermanagement.eventThreatDetectionCustomModules.list - ADMIN_READ
- 方法的作業種類:
非長時間執行或串流作業。
- 篩選條件:
protoPayload.methodName="google.cloud.securitycentermanagement.v1.SecurityCenterManagement.ListDescendantEventThreatDetectionCustomModules"
ListDescendantSecurityHealthAnalyticsCustomModules
- 方法:
google.cloud.securitycentermanagement.v1.SecurityCenterManagement.ListDescendantSecurityHealthAnalyticsCustomModules - 稽核記錄類型:資料存取
- 權限:
securitycentermanagement.securityHealthAnalyticsCustomModules.list - ADMIN_READ
- 方法的作業種類:
非長時間執行或串流作業。
- 篩選條件:
protoPayload.methodName="google.cloud.securitycentermanagement.v1.SecurityCenterManagement.ListDescendantSecurityHealthAnalyticsCustomModules"
ListEffectiveEventThreatDetectionCustomModules
- 方法:
google.cloud.securitycentermanagement.v1.SecurityCenterManagement.ListEffectiveEventThreatDetectionCustomModules - 稽核記錄類型:資料存取
- 權限:
securitycentermanagement.effectiveEventThreatDetectionCustomModules.list - ADMIN_READ
- 方法的作業種類:
非長時間執行或串流作業。
- 篩選條件:
protoPayload.methodName="google.cloud.securitycentermanagement.v1.SecurityCenterManagement.ListEffectiveEventThreatDetectionCustomModules"
ListEffectiveSecurityHealthAnalyticsCustomModules
- 方法:
google.cloud.securitycentermanagement.v1.SecurityCenterManagement.ListEffectiveSecurityHealthAnalyticsCustomModules - 稽核記錄類型:資料存取
- 權限:
securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.list - ADMIN_READ
- 方法的作業種類:
非長時間執行或串流作業。
- 篩選條件:
protoPayload.methodName="google.cloud.securitycentermanagement.v1.SecurityCenterManagement.ListEffectiveSecurityHealthAnalyticsCustomModules"
ListEventThreatDetectionCustomModules
- 方法:
google.cloud.securitycentermanagement.v1.SecurityCenterManagement.ListEventThreatDetectionCustomModules - 稽核記錄類型:資料存取
- 權限:
securitycentermanagement.eventThreatDetectionCustomModules.list - ADMIN_READ
- 方法的作業種類:
非長時間執行或串流作業。
- 篩選條件:
protoPayload.methodName="google.cloud.securitycentermanagement.v1.SecurityCenterManagement.ListEventThreatDetectionCustomModules"
ListSecurityCenterServices
- 方法:
google.cloud.securitycentermanagement.v1.SecurityCenterManagement.ListSecurityCenterServices - 稽核記錄類型:資料存取
- 權限:
securitycentermanagement.securityCenterServices.list - ADMIN_READ
- 方法的作業種類:
非長時間執行或串流作業。
- 篩選條件:
protoPayload.methodName="google.cloud.securitycentermanagement.v1.SecurityCenterManagement.ListSecurityCenterServices"
ListSecurityHealthAnalyticsCustomModules
- 方法:
google.cloud.securitycentermanagement.v1.SecurityCenterManagement.ListSecurityHealthAnalyticsCustomModules - 稽核記錄類型:資料存取
- 權限:
securitycentermanagement.securityHealthAnalyticsCustomModules.list - ADMIN_READ
- 方法的作業種類:
非長時間執行或串流作業。
- 篩選條件:
protoPayload.methodName="google.cloud.securitycentermanagement.v1.SecurityCenterManagement.ListSecurityHealthAnalyticsCustomModules"
SimulateSecurityHealthAnalyticsCustomModule
- 方法:
google.cloud.securitycentermanagement.v1.SecurityCenterManagement.SimulateSecurityHealthAnalyticsCustomModule - 稽核記錄類型:資料存取
- 權限:
securitycentermanagement.securityHealthAnalyticsCustomModules.simulate - ADMIN_READ
- 方法的作業種類:
非長時間執行或串流作業。
- 篩選條件:
protoPayload.methodName="google.cloud.securitycentermanagement.v1.SecurityCenterManagement.SimulateSecurityHealthAnalyticsCustomModule"
UpdateEventThreatDetectionCustomModule
- 方法:
google.cloud.securitycentermanagement.v1.SecurityCenterManagement.UpdateEventThreatDetectionCustomModule - 稽核記錄類型:管理員活動
- 權限:
securitycentermanagement.eventThreatDetectionCustomModules.update - ADMIN_WRITE
- 方法的作業種類:
非長時間執行或串流作業。
- 篩選條件:
protoPayload.methodName="google.cloud.securitycentermanagement.v1.SecurityCenterManagement.UpdateEventThreatDetectionCustomModule"
UpdateSecurityCenterService
- 方法:
google.cloud.securitycentermanagement.v1.SecurityCenterManagement.UpdateSecurityCenterService - 稽核記錄類型:管理員活動
- 權限:
securitycentermanagement.securityCenterServices.update - ADMIN_WRITE
- 方法的作業種類:
非長時間執行或串流作業。
- 篩選條件:
protoPayload.methodName="google.cloud.securitycentermanagement.v1.SecurityCenterManagement.UpdateSecurityCenterService"
UpdateSecurityHealthAnalyticsCustomModule
- 方法:
google.cloud.securitycentermanagement.v1.SecurityCenterManagement.UpdateSecurityHealthAnalyticsCustomModule - 稽核記錄類型:管理員活動
- 權限:
securitycentermanagement.securityHealthAnalyticsCustomModules.update - ADMIN_WRITE
- 方法的作業種類:
非長時間執行或串流作業。
- 篩選條件:
protoPayload.methodName="google.cloud.securitycentermanagement.v1.SecurityCenterManagement.UpdateSecurityHealthAnalyticsCustomModule"
ValidateEventThreatDetectionCustomModule
- 方法:
google.cloud.securitycentermanagement.v1.SecurityCenterManagement.ValidateEventThreatDetectionCustomModule - 稽核記錄類型:資料存取
- 權限:
securitycentermanagement.eventThreatDetectionCustomModules.validate - ADMIN_READ
- 方法的作業種類:
非長時間執行或串流作業。
- 此方法的篩選條件:
protoPayload.methodName="google.cloud.securitycentermanagement.v1.SecurityCenterManagement.ValidateEventThreatDetectionCustomModule"