GCP Detect Oauth Token Abuse
This search provides detection of possible GCP Oauth token abuse. GCP Oauth token without time limit can be exfiltrated and reused for keeping access sessions alive without further control of authentication, allowing attackers to access and move laterally.
This content is not mapped to any local saved search. Add mapping
GCP Detect Oauth Token Abuse Help
You must install splunk GCP add-on. This search works with gcp:pubsub:message logs
Open in Search