本文說明 Security Center Management API 的稽核記錄。 Google Cloud 服務會產生稽核記錄,記錄 Google Cloud 資源中的管理和存取活動。如要進一步瞭解 Cloud 稽核記錄,請參閱下列文章:
服務名稱
Security Center Management API 稽核記錄使用的服務名稱為 securitycentermanagement.googleapis.com。
篩選這項服務:
protoPayload.serviceName="securitycentermanagement.googleapis.com"
依權限類型劃分的方法
每個 IAM 權限都有 type 屬性,其值為列舉,可以是下列四個值之一:ADMIN_READ、ADMIN_WRITE、DATA_READ 或 DATA_WRITE。呼叫方法時,Security Center Management API 會產生稽核記錄,記錄的類別取決於執行方法所需的權限的 type 屬性。如果方法需要 IAM 權限,且 type 屬性值為 DATA_READ、DATA_WRITE 或 ADMIN_READ,就會產生「資料存取」稽核記錄。需要 IAM 權限且 type 屬性值為 ADMIN_WRITE 的方法會產生管理員活動稽核記錄。
| 權限類型 | 方法 |
|---|---|
ADMIN_READ |
google.cloud.securitycentermanagement.v1.SecurityCenterManagement.GetEffectiveEventThreatDetectionCustomModulegoogle.cloud.securitycentermanagement.v1.SecurityCenterManagement.GetEffectiveSecurityHealthAnalyticsCustomModulegoogle.cloud.securitycentermanagement.v1.SecurityCenterManagement.GetEventThreatDetectionCustomModulegoogle.cloud.securitycentermanagement.v1.SecurityCenterManagement.GetSecurityCenterServicegoogle.cloud.securitycentermanagement.v1.SecurityCenterManagement.GetSecurityHealthAnalyticsCustomModulegoogle.cloud.securitycentermanagement.v1.SecurityCenterManagement.ListDescendantEventThreatDetectionCustomModulesgoogle.cloud.securitycentermanagement.v1.SecurityCenterManagement.ListDescendantSecurityHealthAnalyticsCustomModulesgoogle.cloud.securitycentermanagement.v1.SecurityCenterManagement.ListEffectiveEventThreatDetectionCustomModulesgoogle.cloud.securitycentermanagement.v1.SecurityCenterManagement.ListEffectiveSecurityHealthAnalyticsCustomModulesgoogle.cloud.securitycentermanagement.v1.SecurityCenterManagement.ListEventThreatDetectionCustomModulesgoogle.cloud.securitycentermanagement.v1.SecurityCenterManagement.ListSecurityCenterServicesgoogle.cloud.securitycentermanagement.v1.SecurityCenterManagement.ListSecurityHealthAnalyticsCustomModulesgoogle.cloud.securitycentermanagement.v1.SecurityCenterManagement.SimulateSecurityHealthAnalyticsCustomModulegoogle.cloud.securitycentermanagement.v1.SecurityCenterManagement.ValidateEventThreatDetectionCustomModule |
ADMIN_WRITE |
google.cloud.securitycentermanagement.v1.SecurityCenterManagement.CreateEventThreatDetectionCustomModulegoogle.cloud.securitycentermanagement.v1.SecurityCenterManagement.CreateSecurityHealthAnalyticsCustomModulegoogle.cloud.securitycentermanagement.v1.SecurityCenterManagement.DeleteEventThreatDetectionCustomModulegoogle.cloud.securitycentermanagement.v1.SecurityCenterManagement.DeleteSecurityHealthAnalyticsCustomModulegoogle.cloud.securitycentermanagement.v1.SecurityCenterManagement.UpdateEventThreatDetectionCustomModulegoogle.cloud.securitycentermanagement.v1.SecurityCenterManagement.UpdateSecurityCenterServicegoogle.cloud.securitycentermanagement.v1.SecurityCenterManagement.UpdateSecurityHealthAnalyticsCustomModule |
API 介面稽核記錄
如要瞭解每種方法評估權限的方式和內容,請參閱 Security Center Management API 的身分與存取權管理說明文件。
google.cloud.securitycentermanagement.v1.SecurityCenterManagement
下列稽核記錄與屬於 google.cloud.securitycentermanagement.v1.SecurityCenterManagement 的方法相關聯。
CreateEventThreatDetectionCustomModule
- 方法:
google.cloud.securitycentermanagement.v1.SecurityCenterManagement.CreateEventThreatDetectionCustomModule - 稽核記錄類型:管理員活動
- 權限:
securitycentermanagement.eventThreatDetectionCustomModules.create - ADMIN_WRITE
- 方法是長時間執行的作業或串流作業:
否。
- 篩選這個方法:
protoPayload.methodName="google.cloud.securitycentermanagement.v1.SecurityCenterManagement.CreateEventThreatDetectionCustomModule"
CreateSecurityHealthAnalyticsCustomModule
- 方法:
google.cloud.securitycentermanagement.v1.SecurityCenterManagement.CreateSecurityHealthAnalyticsCustomModule - 稽核記錄類型:管理員活動
- 權限:
securitycentermanagement.securityHealthAnalyticsCustomModules.create - ADMIN_WRITE
- 方法是長時間執行的作業或串流作業:
否。
- 篩選這個方法:
protoPayload.methodName="google.cloud.securitycentermanagement.v1.SecurityCenterManagement.CreateSecurityHealthAnalyticsCustomModule"
DeleteEventThreatDetectionCustomModule
- 方法:
google.cloud.securitycentermanagement.v1.SecurityCenterManagement.DeleteEventThreatDetectionCustomModule - 稽核記錄類型:管理員活動
- 權限:
securitycentermanagement.eventThreatDetectionCustomModules.delete - ADMIN_WRITE
- 方法是長時間執行的作業或串流作業:
否。
- 篩選這個方法:
protoPayload.methodName="google.cloud.securitycentermanagement.v1.SecurityCenterManagement.DeleteEventThreatDetectionCustomModule"
DeleteSecurityHealthAnalyticsCustomModule
- 方法:
google.cloud.securitycentermanagement.v1.SecurityCenterManagement.DeleteSecurityHealthAnalyticsCustomModule - 稽核記錄類型:管理員活動
- 權限:
securitycentermanagement.securityHealthAnalyticsCustomModules.delete - ADMIN_WRITE
- 方法是長時間執行的作業或串流作業:
否。
- 篩選這個方法:
protoPayload.methodName="google.cloud.securitycentermanagement.v1.SecurityCenterManagement.DeleteSecurityHealthAnalyticsCustomModule"
GetEffectiveEventThreatDetectionCustomModule
- 方法:
google.cloud.securitycentermanagement.v1.SecurityCenterManagement.GetEffectiveEventThreatDetectionCustomModule - 稽核記錄類型:資料存取
- 權限:
securitycentermanagement.effectiveEventThreatDetectionCustomModules.get - ADMIN_READ
- 方法是長時間執行的作業或串流作業:
否。
- 篩選這個方法:
protoPayload.methodName="google.cloud.securitycentermanagement.v1.SecurityCenterManagement.GetEffectiveEventThreatDetectionCustomModule"
GetEffectiveSecurityHealthAnalyticsCustomModule
- 方法:
google.cloud.securitycentermanagement.v1.SecurityCenterManagement.GetEffectiveSecurityHealthAnalyticsCustomModule - 稽核記錄類型:資料存取
- 權限:
securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.get - ADMIN_READ
- 方法是長時間執行的作業或串流作業:
否。
- 篩選這個方法:
protoPayload.methodName="google.cloud.securitycentermanagement.v1.SecurityCenterManagement.GetEffectiveSecurityHealthAnalyticsCustomModule"
GetEventThreatDetectionCustomModule
- 方法:
google.cloud.securitycentermanagement.v1.SecurityCenterManagement.GetEventThreatDetectionCustomModule - 稽核記錄類型:資料存取
- 權限:
securitycentermanagement.eventThreatDetectionCustomModules.get - ADMIN_READ
- 方法是長時間執行的作業或串流作業:
否。
- 篩選這個方法:
protoPayload.methodName="google.cloud.securitycentermanagement.v1.SecurityCenterManagement.GetEventThreatDetectionCustomModule"
GetSecurityCenterService
- 方法:
google.cloud.securitycentermanagement.v1.SecurityCenterManagement.GetSecurityCenterService - 稽核記錄類型:資料存取
- 權限:
securitycentermanagement.securityCenterServices.get - ADMIN_READ
- 方法是長時間執行的作業或串流作業:
否。
- 篩選這個方法:
protoPayload.methodName="google.cloud.securitycentermanagement.v1.SecurityCenterManagement.GetSecurityCenterService"
GetSecurityHealthAnalyticsCustomModule
- 方法:
google.cloud.securitycentermanagement.v1.SecurityCenterManagement.GetSecurityHealthAnalyticsCustomModule - 稽核記錄類型:資料存取
- 權限:
securitycentermanagement.securityHealthAnalyticsCustomModules.get - ADMIN_READ
- 方法是長時間執行的作業或串流作業:
否。
- 篩選這個方法:
protoPayload.methodName="google.cloud.securitycentermanagement.v1.SecurityCenterManagement.GetSecurityHealthAnalyticsCustomModule"
ListDescendantEventThreatDetectionCustomModules
- 方法:
google.cloud.securitycentermanagement.v1.SecurityCenterManagement.ListDescendantEventThreatDetectionCustomModules - 稽核記錄類型:資料存取
- 權限:
securitycentermanagement.eventThreatDetectionCustomModules.list - ADMIN_READ
- 方法是長時間執行的作業或串流作業:
否。
- 篩選這個方法:
protoPayload.methodName="google.cloud.securitycentermanagement.v1.SecurityCenterManagement.ListDescendantEventThreatDetectionCustomModules"
ListDescendantSecurityHealthAnalyticsCustomModules
- 方法:
google.cloud.securitycentermanagement.v1.SecurityCenterManagement.ListDescendantSecurityHealthAnalyticsCustomModules - 稽核記錄類型:資料存取
- 權限:
securitycentermanagement.securityHealthAnalyticsCustomModules.list - ADMIN_READ
- 方法是長時間執行的作業或串流作業:
否。
- 篩選這個方法:
protoPayload.methodName="google.cloud.securitycentermanagement.v1.SecurityCenterManagement.ListDescendantSecurityHealthAnalyticsCustomModules"
ListEffectiveEventThreatDetectionCustomModules
- 方法:
google.cloud.securitycentermanagement.v1.SecurityCenterManagement.ListEffectiveEventThreatDetectionCustomModules - 稽核記錄類型:資料存取
- 權限:
securitycentermanagement.effectiveEventThreatDetectionCustomModules.list - ADMIN_READ
- 方法是長時間執行的作業或串流作業:
否。
- 篩選這個方法:
protoPayload.methodName="google.cloud.securitycentermanagement.v1.SecurityCenterManagement.ListEffectiveEventThreatDetectionCustomModules"
ListEffectiveSecurityHealthAnalyticsCustomModules
- 方法:
google.cloud.securitycentermanagement.v1.SecurityCenterManagement.ListEffectiveSecurityHealthAnalyticsCustomModules - 稽核記錄類型:資料存取
- 權限:
securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.list - ADMIN_READ
- 方法是長時間執行的作業或串流作業:
否。
- 篩選這個方法:
protoPayload.methodName="google.cloud.securitycentermanagement.v1.SecurityCenterManagement.ListEffectiveSecurityHealthAnalyticsCustomModules"
ListEventThreatDetectionCustomModules
- 方法:
google.cloud.securitycentermanagement.v1.SecurityCenterManagement.ListEventThreatDetectionCustomModules - 稽核記錄類型:資料存取
- 權限:
securitycentermanagement.eventThreatDetectionCustomModules.list - ADMIN_READ
- 方法是長時間執行的作業或串流作業:
否。
- 篩選這個方法:
protoPayload.methodName="google.cloud.securitycentermanagement.v1.SecurityCenterManagement.ListEventThreatDetectionCustomModules"
ListSecurityCenterServices
- 方法:
google.cloud.securitycentermanagement.v1.SecurityCenterManagement.ListSecurityCenterServices - 稽核記錄類型:資料存取
- 權限:
securitycentermanagement.securityCenterServices.list - ADMIN_READ
- 方法是長時間執行的作業或串流作業:
否。
- 篩選這個方法:
protoPayload.methodName="google.cloud.securitycentermanagement.v1.SecurityCenterManagement.ListSecurityCenterServices"
ListSecurityHealthAnalyticsCustomModules
- 方法:
google.cloud.securitycentermanagement.v1.SecurityCenterManagement.ListSecurityHealthAnalyticsCustomModules - 稽核記錄類型:資料存取
- 權限:
securitycentermanagement.securityHealthAnalyticsCustomModules.list - ADMIN_READ
- 方法是長時間執行的作業或串流作業:
否。
- 篩選這個方法:
protoPayload.methodName="google.cloud.securitycentermanagement.v1.SecurityCenterManagement.ListSecurityHealthAnalyticsCustomModules"
SimulateSecurityHealthAnalyticsCustomModule
- 方法:
google.cloud.securitycentermanagement.v1.SecurityCenterManagement.SimulateSecurityHealthAnalyticsCustomModule - 稽核記錄類型:資料存取
- 權限:
securitycentermanagement.securityHealthAnalyticsCustomModules.simulate - ADMIN_READ
- 方法是長時間執行的作業或串流作業:
否。
- 篩選這個方法:
protoPayload.methodName="google.cloud.securitycentermanagement.v1.SecurityCenterManagement.SimulateSecurityHealthAnalyticsCustomModule"
UpdateEventThreatDetectionCustomModule
- 方法:
google.cloud.securitycentermanagement.v1.SecurityCenterManagement.UpdateEventThreatDetectionCustomModule - 稽核記錄類型:管理員活動
- 權限:
securitycentermanagement.eventThreatDetectionCustomModules.update - ADMIN_WRITE
- 方法是長時間執行的作業或串流作業:
否。
- 篩選這個方法:
protoPayload.methodName="google.cloud.securitycentermanagement.v1.SecurityCenterManagement.UpdateEventThreatDetectionCustomModule"
UpdateSecurityCenterService
- 方法:
google.cloud.securitycentermanagement.v1.SecurityCenterManagement.UpdateSecurityCenterService - 稽核記錄類型:管理員活動
- 權限:
securitycentermanagement.securityCenterServices.update - ADMIN_WRITE
- 方法是長時間執行的作業或串流作業:
否。
- 篩選這個方法:
protoPayload.methodName="google.cloud.securitycentermanagement.v1.SecurityCenterManagement.UpdateSecurityCenterService"
UpdateSecurityHealthAnalyticsCustomModule
- 方法:
google.cloud.securitycentermanagement.v1.SecurityCenterManagement.UpdateSecurityHealthAnalyticsCustomModule - 稽核記錄類型:管理員活動
- 權限:
securitycentermanagement.securityHealthAnalyticsCustomModules.update - ADMIN_WRITE
- 方法是長時間執行的作業或串流作業:
否。
- 篩選這個方法:
protoPayload.methodName="google.cloud.securitycentermanagement.v1.SecurityCenterManagement.UpdateSecurityHealthAnalyticsCustomModule"
ValidateEventThreatDetectionCustomModule
- 方法:
google.cloud.securitycentermanagement.v1.SecurityCenterManagement.ValidateEventThreatDetectionCustomModule - 稽核記錄類型:資料存取
- 權限:
securitycentermanagement.eventThreatDetectionCustomModules.validate - ADMIN_READ
- 方法是長時間執行的作業或串流作業:
否。
- 篩選這個方法:
protoPayload.methodName="google.cloud.securitycentermanagement.v1.SecurityCenterManagement.ValidateEventThreatDetectionCustomModule"