| Cloud Security Threat | Log Source | Rule Level | Rule ID | Action |
|---|---|---|---|---|
| 🚦 Login & Access Patterns , 🔑 IAM, Keys & Secrets Changes | ||||
| GCP IAM Role Deleted | Cloud Audit Logs - IAM Audit Logs | 3 | 65063 | Low Severity Security Events, no Action required in Normal Circumstances if there is no other related Ongoing Security Incident. If there is an Ongoing Security Incident, these category of Events are essential to investigate the related events and activities. |
| GCP IAM Service Account Key Deleted | Cloud Audit Logs - IAM Audit Logs | 3 | 65072 | |
| GCP IAM Custom Role Created | Cloud Audit Logs - IAM Audit Logs | 3 | 65073 | |
| GCP Service Account Deleted | Cloud Audit Logs - IAM Audit Logs | 3 | 65064 | |
| GCP Service Account Disabled | Cloud Audit Logs - IAM Audit Logs | 3 | 65065 | |
| GCP New Service Account Created | Cloud Audit Logs - IAM Audit Logs | 3 | 65070 | |
| GCP 2 StepVerificationDisable Event | Audit Logs - Workspace Audit Logs | 10 | 100005 | |
| GCP 2 StepVerificationEnroll Event | Audit Logs - Workspace Audit Logs | 3 | 100006 | |
| GCP accountDisabledPasswordLeak Event | Audit Logs - Workspace Audit Logs | 10 | 100007 | |
| GCP accountDisabledSpammingThroughRelay Event | Audit Logs - Workspace Audit Logs | 10 | 100008 | |
| GCP accountDisabledSpamming Event | Audit Logs - Workspace Audit Logs | 10 | 100009 | |
| GCP accountDisabledHijacked Event | Audit Logs - Workspace Audit Logs | 10 | 100010 | |
| GCP emailForwardingOutOfDomain Event | Audit Logs - Workspace Audit Logs | 10 | 100011 | |
| GCP govAttackWarning Event | Audit Logs - Workspace Audit Logs | 10 | 100012 | |
| GCP loginChallenge Event | Audit Logs - Workspace Audit Logs | 3 | 100013 | |
| GCP loginFailure Event | Audit Logs - Workspace Audit Logs | 3 | 100014 | |
| GCP loginVerification Event | Audit Logs - Workspace Audit Logs | 3 | 100015 | |
| GCP logout Event | Audit Logs - Workspace Audit Logs | 3 | 100016 | |
| GCP loginSuccess Event | Audit Logs - Workspace Audit Logs | 3 | 100017 | |
| GCP passwordEdit Event | Audit Logs - Workspace Audit Logs | 5 | 100018 | |
| GCP recoveryEmailEdit Event | Audit Logs - Workspace Audit Logs | 5 | 100019 | |
| GCP recoveryPhoneEdit Event | Audit Logs - Workspace Audit Logs | 5 | 100020 | |
| GCP recoverySecretQaEdit Event | Audit Logs - Workspace Audit Logs | 5 | 100021 | |
| GCP riskySensitiveActionAllowed Event | Audit Logs - Workspace Audit Logs | 5 | 100022 | |
| GCP riskySensitiveActionBlocked Event | Audit Logs - Workspace Audit Logs | 5 | 100023 | |
| GCP suspiciousLogin Event | Audit Logs - Workspace Audit Logs | 10 | 100024 | |
| GCP suspiciousLoginLessSecureApp Event | Audit Logs - Workspace Audit Logs | 10 | 100025 | |
| GCP suspiciousProgrammaticLogin Event | Audit Logs - Workspace Audit Logs | 10 | 100026 | |
| GCP SamlLoginFailed Event | Audit Logs - Workspace Audit Logs | 3 | 100027 | |
| GCP SamlLoginSucceeded Event | Audit Logs - Workspace Audit Logs | 3 | 100028 | |
| 🚦 GCP Admin Events 🔑 | ||||
| GCP Admin changeApplicationSetting Event | Audit Logs - Workspace Admin | 100029 | ||
| GCP Admin deleteApplicationSetting Event | Audit Logs - Workspace Admin | 100030 | ||
| GCP Admin deleteManagedConfiguration Event | Audit Logs - Workspace Admin | 100031 | ||
| GCP Admin changeContactsSetting Event | Audit Logs - Workspace Admin | 100032 | ||
| GCP Admin assignRole Event | Audit Logs - Workspace Admin | 100033 | ||
| GCP Admin createRole Event | Audit Logs - Workspace Admin | 100034 | ||
| GCP Admin deleteRole Event | Audit Logs - Workspace Admin | 100035 | ||
| GCP Admin addPrivilege Event | Audit Logs - Workspace Admin | 100036 | ||
| GCP Admin removePrivilege Event | Audit Logs - Workspace Admin | 100037 | ||
| GCP Admin renameRole Event | Audit Logs - Workspace Admin | 100038 | ||
| GCP Admin updateRole Event | Audit Logs - Workspace Admin | 100039 | ||
| GCP Admin unassignRole Event | Audit Logs - Workspace Admin | 100040 | ||
| GCP Admin deleteDevice Event | Audit Logs - Workspace Admin | 100041 | ||
| GCP Admin moveDeviceToOrgUnit Event | Audit Logs - Workspace Admin | 100042 | ||
| GCP Admin transferDocumentOwnership Event | Audit Logs - Workspace Admin | 100043 | ||
| GCP Admin driveDataRestore Event | Audit Logs - Workspace Admin | 100044 | ||
| GCP Admin changeDocsSetting Event | Audit Logs - Workspace Admin | 100045 | ||
| GCP Admin changeAccountAutoRenewal Event | Audit Logs - Workspace Admin | 100046 | ||
| GCP Admin addApplication Event | Audit Logs - Workspace Admin | 100047 | ||
| GCP Admin addApplicationToWhitelist Event | Audit Logs - Workspace Admin | 100048 | ||
| GCP Admin deleteAlert Event | Audit Logs - Workspace Admin | 100049 | ||
| GCP Admin addDomainAlias Event | Audit Logs - Workspace Admin | 100050 | ||
| GCP Admin verifyDomainAliasMx Event | Audit Logs - Workspace Admin | 100051 | ||
| GCP Admin verifyDomainAlias Event | Audit Logs - Workspace Admin | 100052 | ||
| GCP Admin toggleAllowAdminPasswordReset Event | Audit Logs - Workspace Admin | 100053 | ||
| GCP Admin enableApiAccess Event | Audit Logs - Workspace Admin | 100054 | ||
| GCP Admin authorizeApiClientAccess Event | Audit Logs - Workspace Admin | 100055 | ||
| GCP Admin changePrimaryDomain Event | Audit Logs - Workspace Admin | 100056 | ||
| GCP Admin changeWhitelistSetting Event | Audit Logs - Workspace Admin | 100057 | ||
| GCP Admin changeDataProtectionOfficerContactInfo Event | Audit Logs - Workspace Admin | 100058 | ||
| GCP Admin changeDomainName Event | Audit Logs - Workspace Admin | 100059 | ||
| GCP Admin addTrustedDomains Event | Audit Logs - Workspace Admin | 100060 | ||
| GCP Admin removeTrustedDomains Event | Audit Logs - Workspace Admin | 100061 | ||
| GCP Admin toggleEnableOauthConsumerKey Event | Audit Logs - Workspace Admin | 100062 | ||
| GCP Admin toggleSsoEnabled Event | Audit Logs - Workspace Admin | 100063 | ||
| GCP Admin toggleSsl Event | Audit Logs - Workspace Admin | 100064 | ||
| GCP Admin changeLoginActivityTrace Event | Audit Logs - Workspace Admin | 100065 | ||
| GCP Admin mxRecordVerificationClaim Event | Audit Logs - Workspace Admin | 100066 | ||
| GCP Admin regenerateOauthConsumerSecret Event | Audit Logs - Workspace Admin | 100067 | ||
| GCP Admin changeOrganizationName Event | Audit Logs - Workspace Admin | 100068 | ||
| GCP Admin updateDomainPrimaryAdminEmail Event | Audit Logs - Workspace Admin | 100069 | ||
| GCP Admin removeApplicationFromWhitelist Event | Audit Logs - Workspace Admin | 100070 | ||
| GCP Admin createRule Event | Audit Logs - Workspace Admin | 100071 | ||
| GCP Admin deleteRule Event | Audit Logs - Workspace Admin | 100072 | ||
| GCP Admin addSecondaryDomain Event | Audit Logs - Workspace Admin | 100073 | ||
| GCP Admin verifySecondaryDomainMx Event | Audit Logs - Workspace Admin | 100074 | ||
| GCP Admin verifySecondaryDomain Event | Audit Logs - Workspace Admin | 100075 | ||
| GCP Admin changeSsoSettings Event | Audit Logs - Workspace Admin | 100076 | ||
| GCP Admin generatePin Event | Audit Logs - Workspace Admin | 100077 | ||
| GCP Admin updateRule Event | Audit Logs - Workspace Admin | 100078 | ||
| GCP Admin dropFromQuarantine Event | Audit Logs - Workspace Admin | 100079 | ||
| GCP Admin emailLogSearch Event | Audit Logs - Workspace Admin | 100080 | ||
| GCP Admin emailUndelete Event | Audit Logs - Workspace Admin | 100081 | ||
| GCP Admin changeEmailSetting Event | Audit Logs - Workspace Admin | 100082 | ||
| GCP Admin changeGmailSetting Event | Audit Logs - Workspace Admin | 100083 | ||
| GCP Admin createGmailSetting Event | Audit Logs - Workspace Admin | 100084 | ||
| GCP Admin deleteGmailSetting Event | Audit Logs - Workspace Admin | 100085 | ||
| GCP Admin rejectFromQuarantine Event | Audit Logs - Workspace Admin | 100086 | ||
| GCP Admin releaseFromQuarantine Event | Audit Logs - Workspace Admin | 100087 | ||
| GCP Admin createGroup Event | Audit Logs - Workspace Admin | 100088 | ||
| GCP Admin deleteGroup Event | Audit Logs - Workspace Admin | 100089 | ||
| GCP Admin changeGroupDescription Event | Audit Logs - Workspace Admin | 100090 | ||
| GCP Admin groupListDownload Event | Audit Logs - Workspace Admin | 100091 | ||
| GCP Admin addGroupMember Event | Audit Logs - Workspace Admin | 100092 | ||
| GCP Admin removeGroupMember Event | Audit Logs - Workspace Admin | 100093 | ||
| GCP Admin updateGroupMember Event | Audit Logs - Workspace Admin | 100094 | ||
| GCP Admin updateGroupMemberDeliverySettings Event | Audit Logs - Workspace Admin | 100095 | ||
| GCP Admin updateGroupMemberDeliverySettingsCanEmailOverride Event | Audit Logs - Workspace Admin | 100096 | ||
| GCP Admin groupMemberBulkUpload Event | Audit Logs - Workspace Admin | 100097 | ||
| GCP Admin groupMembersDownload Event | Audit Logs - Workspace Admin | 100098 | ||
| GCP Admin changeGroupName Event | Audit Logs - Workspace Admin | 100099 | ||
| GCP Admin whitelistedGroupsUpdated Event | Audit Logs - Workspace Admin | 100100 | ||
| GCP Admin companyDevicesBulkCreation Event | Audit Logs - Workspace Admin | 100101 | ||
| GCP Admin companyOwnedDeviceBlocked Event | Audit Logs - Workspace Admin | 100102 | ||
| GCP Admin companyDeviceDeletion Event | Audit Logs - Workspace Admin | 100103 | ||
| GCP Admin companyOwnedDeviceUnblocked Event | Audit Logs - Workspace Admin | 100104 | ||
| GCP Admin companyOwnedDeviceWiped Event | Audit Logs - Workspace Admin | 100105 | ||
| GCP Admin removeMobileApplicationFromWhitelist Event | Audit Logs - Workspace Admin | 100106 | ||
| GCP Admin addMobileApplicationToWhitelist Event | Audit Logs - Workspace Admin | 100107 | ||
| GCP Admin mobileDeviceApprove Event | Audit Logs - Workspace Admin | 100108 | ||
| GCP Admin mobileDeviceBlock Event | Audit Logs - Workspace Admin | 100109 | ||
| GCP Admin mobileDeviceDelete Event | Audit Logs - Workspace Admin | 100110 | ||
| GCP Admin mobileDeviceWipe Event | Audit Logs - Workspace Admin | 100111 | ||
| GCP Admin changeAdminRestrictionsPin Event | Audit Logs - Workspace Admin | 100112 | ||
| GCP Admin changeMobileWirelessNetworkPassword Event | Audit Logs - Workspace Admin | 100113 | ||
| GCP Admin enrollForGoogleDeviceManagement Event | Audit Logs - Workspace Admin | 100114 | ||
| GCP Admin mobileAccountWipe Event | Audit Logs - Workspace Admin | 100115 | ||
| GCP Admin mobileDeviceCancelWipeThenApprove Event | Audit Logs - Workspace Admin | 100116 | ||
| GCP Admin mobileDeviceCancelWipeThenBlock Event | Audit Logs - Workspace Admin | 100117 | ||
| GCP Admin createOrgUnit Event | Audit Logs - Workspace Admin | 100118 | ||
| GCP Admin removeOrgUnit Event | Audit Logs - Workspace Admin | 100119 | ||
| GCP Admin moveOrgUnit Event | Audit Logs - Workspace Admin | 100120 | ||
| GCP Admin securityInvestigationAction Event | Audit Logs - Workspace Admin | 100121 | ||
| GCP Admin securityInvestigationActionCancellation Event | Audit Logs - Workspace Admin | 100122 | ||
| GCP Admin securityInvestigationActionCompletion Event | Audit Logs - Workspace Admin | 100123 | ||
| GCP Admin securityInvestigationActionVerificationConfirmation Event | Audit Logs - Workspace Admin | 100124 | ||
| GCP Admin securityInvestigationActionVerificationRequest Event | Audit Logs - Workspace Admin | 100125 | ||
| GCP Admin securityInvestigationChartCreate Event | Audit Logs - Workspace Admin | 100126 | ||
| GCP Admin securityInvestigationContentAccess Event | Audit Logs - Workspace Admin | 100127 | ||
| GCP Admin securityInvestigationDownloadAttachment Event | Audit Logs - Workspace Admin | 100128 | ||
| GCP Admin securityInvestigationExportActionResults Event | Audit Logs - Workspace Admin | 100129 | ||
| GCP Admin securityInvestigationExportQuery Event | Audit Logs - Workspace Admin | 100130 | ||
| GCP Admin securityInvestigationObjectDeleteInvestigation Event | Audit Logs - Workspace Admin | 100131 | ||
| GCP Admin securityInvestigationObjectOwnershipTransfer Event | Audit Logs - Workspace Admin | 100132 | ||
| GCP Admin securityInvestigationObjectSaveInvestigation Event | Audit Logs - Workspace Admin | 100133 | ||
| GCP Admin securityInvestigationSettingUpdate Event | Audit Logs - Workspace Admin | 100134 | ||
| GCP Admin addToTrustedOauth2Apps Event | Audit Logs - Workspace Admin | 100135 | ||
| GCP Admin allowAspWithout2Sv Event | Audit Logs - Workspace Admin | 100136 | ||
| GCP Admin allowServiceForOauth2Access Event | Audit Logs - Workspace Admin | 100137 | ||
| GCP Admin allowStrongAuthentication Event | Audit Logs - Workspace Admin | 100138 | ||
| GCP Admin blockOnDeviceAccess Event | Audit Logs - Workspace Admin | 100139 | ||
| GCP Admin changeAllowedTwoStepVerificationMethods Event | Audit Logs - Workspace Admin | 100140 | ||
| GCP Admin changeTwoStepVerificationEnrollmentPeriodDuration Event | Audit Logs - Workspace Admin | 100141 | ||
| GCP Admin changeTwoStepVerificationFrequency Event | Audit Logs - Workspace Admin | 100142 | ||
| GCP Admin changeTwoStepVerificationGracePeriodDuration Event | Audit Logs - Workspace Admin | 100143 | ||
| GCP Admin disallowServiceForOauth2Access Event | Audit Logs - Workspace Admin | 100144 | ||
| GCP Admin enableNonAdminUserPasswordRecovery Event | Audit Logs - Workspace Admin | 100145 | ||
| GCP Admin enforceStrongAuthentication Event | Audit Logs - Workspace Admin | 100146 | ||
| GCP Admin removeFromTrustedOauth2Apps Event | Audit Logs - Workspace Admin | 100147 | ||
| GCP Admin trustDomainOwnedOauth2Apps Event | Audit Logs - Workspace Admin | 100148 | ||
| GCP Admin unblockOnDeviceAccess Event | Audit Logs - Workspace Admin | 100149 | ||
| GCP Admin untrustDomainOwnedOauth2Apps Event | Audit Logs - Workspace Admin | 100150 | ||
| GCP Admin weakProgrammaticLoginSettingsChanged Event | Audit Logs - Workspace Admin | 100151 | ||
| GCP Admin addWebAddress Event | Audit Logs - Workspace Admin | 100152 | ||
| GCP Admin deleteWebAddress Event | Audit Logs - Workspace Admin | 100153 | ||
| GCP Admin changeSitesSetting Event | Audit Logs - Workspace Admin | 100154 | ||
| GCP Admin delete2SvScratchCodes Event | Audit Logs - Workspace Admin | 100155 | ||
| GCP Admin generate2SvScratchCodes Event | Audit Logs - Workspace Admin | 100156 | ||
| GCP Admin revoke3LoDeviceTokens Event | Audit Logs - Workspace Admin | 100157 | ||
| GCP Admin revoke3LoToken Event | Audit Logs - Workspace Admin | 100158 | ||
| GCP Admin addRecoveryEmail Event | Audit Logs - Workspace Admin | 100159 | ||
| GCP Admin addRecoveryPhone Event | Audit Logs - Workspace Admin | 100160 | ||
| GCP Admin grantAdminPrivilege Event | Audit Logs - Workspace Admin | 100161 | ||
| GCP Admin revokeAdminPrivilege Event | Audit Logs - Workspace Admin | 100162 | ||
| GCP Admin bulkUpload Event | Audit Logs - Workspace Admin | 100163 | ||
| GCP Admin cancelUserInvite Event | Audit Logs - Workspace Admin | 100164 | ||
| GCP Admin enableUserIpWhitelist Event | Audit Logs - Workspace Admin | 100165 | ||
| GCP Admin changeUserOrganization Event | Audit Logs - Workspace Admin | 100166 | ||
| GCP Admin changeUserPhoneNumber Event | Audit Logs - Workspace Admin | 100167 | ||
| GCP Admin changeRecoveryEmail Event | Audit Logs - Workspace Admin | 100168 | ||
| GCP Admin changeRecoveryPhone Event | Audit Logs - Workspace Admin | 100169 | ||
| GCP Admin createDataTransferRequest Event | Audit Logs - Workspace Admin | 100170 | ||
| GCP Admin grantDelegatedAdminPrivileges Event | Audit Logs - Workspace Admin | 100171 | ||
| GCP Admin deleteAccountInfoDump Event | Audit Logs - Workspace Admin | 100172 | ||
| GCP Admin deleteEmailMonitor Event | Audit Logs - Workspace Admin | 100173 | ||
| GCP Admin deleteMailboxDump Event | Audit Logs - Workspace Admin | 100174 | ||
| GCP Admin changeFirstName Event | Audit Logs - Workspace Admin | 100175 | ||
| GCP Admin gmailResetUser Event | Audit Logs - Workspace Admin | 100176 | ||
| GCP Admin changeLastName Event | Audit Logs - Workspace Admin | 100177 | ||
| GCP Admin mailRoutingDestinationAdded Event | Audit Logs - Workspace Admin | 100178 | ||
| GCP Admin mailRoutingDestinationRemoved Event | Audit Logs - Workspace Admin | 100179 | ||
| GCP Admin changePassword Event | Audit Logs - Workspace Admin | 100180 | ||
| GCP Admin changePasswordOnNextLogin Event | Audit Logs - Workspace Admin | 100181 | ||
| GCP Admin removeRecoveryEmail Event | Audit Logs - Workspace Admin | 100182 | ||
| GCP Admin removeRecoveryPhone Event | Audit Logs - Workspace Admin | 100183 | ||
| GCP Admin requestAccountInfo Event | Audit Logs - Workspace Admin | 100184 | ||
| GCP Admin requestMailboxDump Event | Audit Logs - Workspace Admin | 100185 | ||
| GCP Admin resendUserInvite Event | Audit Logs - Workspace Admin | 100186 | ||
| GCP Admin resetSigninCookies Event | Audit Logs - Workspace Admin | 100187 | ||
| GCP Admin securityKeyRegisteredForUser Event | Audit Logs - Workspace Admin | 100188 | ||
| GCP Admin revokeSecurityKey Event | Audit Logs - Workspace Admin | 100189 | ||
| GCP Admin userInvite Event | Audit Logs - Workspace Admin | 100190 | ||
| GCP Admin viewTempPassword Event | Audit Logs - Workspace Admin | 100191 | ||
| GCP Admin turnOff2StepVerification Event | Audit Logs - Workspace Admin | 100192 | ||
| GCP Admin unblockUserSession Event | Audit Logs - Workspace Admin | 100193 | ||
| GCP Admin unenrollUserFromTitanium Event | Audit Logs - Workspace Admin | 100194 | ||
| GCP Admin archiveUser Event | Audit Logs - Workspace Admin | 100195 | ||
| GCP Admin createUser Event | Audit Logs - Workspace Admin | 100196 | ||
| GCP Admin deleteUser Event | Audit Logs - Workspace Admin | 100197 | ||
| GCP Admin downgradeUserFromGplus Event | Audit Logs - Workspace Admin | 100198 | ||
| GCP Admin userEnrolledInTwoStepVerification Event | Audit Logs - Workspace Admin | 100199 | ||
| GCP Admin downloadUserlistCsv Event | Audit Logs - Workspace Admin | 100200 | ||
| GCP Admin moveUserToOrgUnit Event | Audit Logs - Workspace Admin | 100201 | ||
| GCP Admin userPutInTwoStepVerificationGracePeriod Event | Audit Logs - Workspace Admin | 100202 | ||
| GCP Admin renameUser Event | Audit Logs - Workspace Admin | 100203 | ||
| GCP Admin unenrollUserFromStrongAuth Event | Audit Logs - Workspace Admin | 100204 | ||
| GCP Admin suspendUser Event | Audit Logs - Workspace Admin | 100205 | ||
| GCP Admin unarchiveUser Event | Audit Logs - Workspace Admin | 100206 | ||
| GCP Admin undeleteUser Event | Audit Logs - Workspace Admin | 100207 | ||
| GCP Admin unsuspendUser Event | Audit Logs - Workspace Admin | 100208 | ||
| GCP Admin upgradeUserToGplus Event | Audit Logs - Workspace Admin | 100209 | ||
| GCP Admin usersBulkUpload Event | Audit Logs - Workspace Admin | 100210 | ||
| GCP Admin Groups Service UpdateGroup Event | Audit Logs - Workspace Admin | 100211 | ||
| GCP Admin MemberShip Service UpdateMembership Event | Audit Logs - Workspace Admin | 100212 | ||
| 🏗️ Cloud Provisioning Activity | ||||
| GCP Logging Bucket Deleted | 3 | 65056 | Low Severity Security Events, no Action required in Normal Circumstances if there is no other related Ongoing Security Incident. If there is an Ongoing Security Incident, these category of Events are essential to investigate the related events and activities. |
|
| GCP Logging Sink Deleted | 3 | 65057 | ||
| GCP Storage Bucket Permissions Modified | 3 | 65061 | ||
| GCP FireWall Rule Deleted | Cloud Audit Logs | 3 | 65054 | |
| GCP FireWall Rule Modified | Cloud Audit Logs | 3 | 65055 | |
| ⚡ Network Activity | ||||
| GCP VPC firewall : DENY rule triggered | 5 | 65048 | For events above Rule Level > 10 , Check events details in Wazuh-GCP Dashboard Check if User Identification can be established Check associated GCP Project and try to confirm if activity is expected OR Not. For High and Critical Severity events, check source IP and Look for Indicators of Compromise (IoC). |
|
| TSIG Signature Failure Source IP,Location | 7 | 65031 | ||
| Key NOT Recognized source IP, Location | 7 | 65032 | ||
| Signature out of time window with source IP | 7 | 65033 | ||
| Bad TKEY mode with source IP | 7 | 65034 | ||
| Bad/Missing Server Cookie with source IP | 7 | 65038 | ||
| GCP Critical Event with Source IP | 9 | 65008 | ||
| Server not authoritative for zone with source IP | 10 | 65027 | ||
| Bad OPT version with source IP | 10 | 65030 | ||
| GCP Emergency Event from VM | 12 | 65017 | ||
| Unable to process query due to a problem with the name server with source IP | 12 | 65020 |
-
Notifications
You must be signed in to change notification settings - Fork 1
mandeeps13k/wazuh-custom-rules
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
About
Custom Rules created for GCP Events detection in Wazuh-SIEM
Resources
Stars
Watchers
Forks
Releases
No releases published
Packages 0
No packages published