Assigned
Status Update
No update yet.
Comments
li...@google.com
dp...@google.com
Hello,
Thank you for reaching out. I'm going to create an internal feature request. Please keep in mind that this feature request has to be analyzed and considered by the product team and I can't provide you ETA for it to be delivered. However, you can keep track of the status by following this thread.
Description
Problem you have encountered: It seems like in many cases the authenticationInfo and violationReason details are available, but intentionally stripped by Google.
What you expected to happen: I understand the reasons why authenticationInfo does not appear in the provided cases.
According to this GCP documentation:https://cloud.google.com/logging/docs/audit#user-id
"The caller's principal email address is redacted from audit logs if all of these conditions are met:
This is a read-only operation.
The operation fails with a "permission denied" error.
If the identity is a service account, and the identity isn't a member of the Google Cloud organization associated with the resource. If the identity isn't a service account, then this condition doesn't apply."
According to this GCP documentation:https://cloud.google.com/vpc-service-controls/docs/troubleshooting#debugging
Sometimes the audit logs doesn't present all the details and that's really important to me.
Please note that from a security review perspective, that is info that I would still like to see in the audit logs when possible. It provides much more useable context when actions from outside the perimeter are blocked. It seems like in many cases that information is available, but intentionally stripped by Google as I previously mentioned.
Steps to reproduce: N/A