You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
An IAM account sent multiple requests to perform a wide distinct number of GCP Cloud actions in a short time frame while receiving the error codes. This could indicate an account attempting to enumerate their access across the GCP account.
Additional Details
Detail
Value
Type
Threshold
Category
Initial Access
Apply Risk to Entities
user_username, srcDevice_ip
Signal Name
GCP Audit Unauthorized API Calls
Summary Expression
User: {{user_username}} attempted to perform multiple distinct actions with failure