GCP Detect Oauth Token Abuse


This search provides detection of possible GCP Oauth token abuse. GCP Oauth token without time limit can be exfiltrated and reused for keeping access sessions alive without further control of authentication, allowing attackers to access and move laterally.


GCP Detect Oauth Token Abuse Help

You must install splunk GCP add-on. This search works with gcp:pubsub:message logs


Open in Search