skills/bagelhole/devops-security-agent-skills/gcp-audit-logs

gcp-audit-logs

SKILL.md

GCP Audit Logs

Audit GCP activity with Cloud Audit Logs.

Audit Log Types

log_types:
  admin_activity:
    - Always enabled
    - API calls that modify resources
    - No charge
    
  data_access:
    - Must be enabled
    - Read/write data operations
    - Can be high volume
    
  system_event:
    - Always enabled
    - GCP system actions
    
  policy_denied:
    - Always enabled
    - Access denials

Enable Data Access Logs

# Enable for all services
gcloud logging sinks create audit-sink \
  storage.googleapis.com/audit-logs-bucket \
  --log-filter='logName:"cloudaudit.googleapis.com"'

# IAM policy for data access logs
gcloud projects get-iam-policy PROJECT_ID > policy.yaml
# Add auditConfigs section
gcloud projects set-iam-policy PROJECT_ID policy.yaml

BigQuery Analysis

-- Query audit logs from BigQuery export
SELECT
  timestamp,
  protopayload_auditlog.authenticationInfo.principalEmail,
  protopayload_auditlog.methodName,
  resource.labels.project_id
FROM `project.dataset.cloudaudit_googleapis_com_activity_*`
WHERE timestamp > TIMESTAMP_SUB(CURRENT_TIMESTAMP(), INTERVAL 7 DAY)
  AND protopayload_auditlog.methodName LIKE '%delete%'
ORDER BY timestamp DESC

Best Practices

Export to BigQuery for analysis
Configure log retention
Enable data access logs for sensitive resources
Set up alerting policies

Weekly Installs

13

Repository

bagelhole/devop…t-skills

GitHub Stars

13

First Seen

Feb 4, 2026

Security Audits

Gen Agent Trust HubPass

Installed on

codex13

opencode12

claude-code11

github-copilot11

kimi-cli11

gemini-cli11