## https://sploitus.com/exploit?id=35553E73-B7E1-58F8-8779-EF61E1E8D061
This repository is a community-driven set of security analytics for auditing cloud usage and detecting threats to data & workloads in Google Cloud. It provides a list of sample security analytics for auditing cloud usage and for detecting threats to your data & workloads in Google Cloud. The repository includes YARA-L rules for Google Security Operations, SQL queries for BigQuery, and SQL queries for Log Analytics. The security use cases are grouped in 6 categories depending on underlying activity type and log sources. The repository is not meant to be a comprehensive set of threat detections, but a collection of community-contributed samples to get you started with detective controls.
The repository includes various security use cases, such as login & access patterns, IAM, keys & secrets admin activity, cloud provisioning activity, cloud workload usage, data usage, and network activity. Each use case includes a description, log source, audit, detect, and ATT&CK techniques. The repository is designed to be used in conjunction with threat prevention capabilities, such as Security Command Center, Cloud Armor, Identity-Aware Proxy, and Chrome Enterprise Premium.
The repository is a community-driven effort, and contributions are welcome. To contribute, follow the steps outlined in the CONTRIBUTING.md file, which includes adding a new security question, implementing a SQL query or Y