Supported services

All the services get the data pulling logs from Google Cloud Pub/Sub.

Audited resources

Google Cloud maintains three audit logs for each Google Cloud project, folder and organization: Admin Activity, Data Access and System Event.

These logs can be filtered on Kibana by logName:

  • Admin Activity audit logs contain log entries for API calls or other administrative actions that modify the configuration or metadata of resources.

  • Data Access audit logs contain API calls that read the configuration or metadata of resources, as well as user-driven API calls that create, modify or read user-provided resource data.

  • System Event audit logs contain log entries for Google Cloud administrative actions that modify the configuration of resources. These audit logs are generated by Google system. Therefore, no direct user action will drive them.

If you want to take a look at all the supported Google services with audit logs by the Wazuh GCP module, check this link.

DNS queries

Wazuh has default rules for DNS queries to a private DNS handled by the Google Cloud DNS service.