GCP Detect Oauth Token Abuse

Description

This search provides detection of possible GCP Oauth token abuse. GCP Oauth token without time limit can be exfiltrated and reused for keeping access sessions alive without further control of authentication, allowing attackers to access and move laterally.

   Help

GCP Detect Oauth Token Abuse Help

You must install splunk GCP add-on. This search works with gcp:pubsub:message logs

   Search

Open in Search