GCP Detect Oauth Token Abuse
This search provides detection of possible GCP Oauth token abuse. GCP Oauth token without time limit can be exfiltrated and reused for keeping access sessions alive without further control of authentication, allowing attackers to access and move laterally.
GCP Detect Oauth Token Abuse Help
You must install splunk GCP add-on. This search works with gcp:pubsub:message logs
Open in Search