You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Rules: GCP Audit IAM DisableServiceAccount Observed
Description
Identifies when a service account is disabled in Google Cloud Platform (GCP). A service account is a special type of account used by an application or a virtual machine (VM) instance, not a person. Applications use service accounts to make authorized API calls, authorized as either the service account itself, or as G Suite or Cloud Identity users through domain-wide delegation. An adversary may disable a service account in order to disrupt to disrupt their target's business operations.
Additional Details
Detail
Value
Type
Templated Match
Category
Impact
Apply Risk to Entities
user_username, srcDevice_ip
Signal Name
GCP Audit IAM DisableServiceAccount Observed
Summary Expression
User: {{user_username}} performed action: {{action}}