Syensqo IS - Customer Support

Page tree

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

Explanation:

GCP SCC detects that BigQuery Data has been exported.



Resolution:

Further investigation is required to see which action to be performed.

The GCP Security team will need to evaluate based on the actions below:

ActionsFollow up

Check if the environment belongs to Production.
This is based on the assumption that all non-production enviroment should not contain production data.

Production - Inform owner

Non-Production - Don't have to inform owner.

See the table below for recommended action after investigation.

Yes / NoAction
Inform owner.Inform the owner about the activity and update the JIRA ticket's rememdiation action to be "Owner is being informed" and closed the ticket.
Don't have to inform owner.

Update the JIRA ticket's rememdiation action to be "Non-production environment. No action to be taken." and closed the ticket.


Pattern:

{
	"extractionAttempt": {
		"job": {
			"projectId": "xxx",
			"jobId": "xxx",
			"location": "xx"
		},
		"jobLink": "https://console.cloud.google.com/bigquery?j=bq:EU:xxx&project=xxx&page=queryresults",
		"sourceTable": {
			"projectId": "xxx",
			"datasetId": "_6dfcf38d2e4871bc0f28db275bdb846a85949f11",
			"tableId": "anon955db38d_b8ae_4c41_9b9d_225df2d76950",
			"resourceUri": "projects/xxx/datasets/xxx/tables/xxx"
		},
		"destinations": [{
				"originalUri": "gs://xx/report-bigquery/report-CSV-05-04-2022_16:36:57.csv",
				"collectionType": "GCS_BUCKET",
				"collectionName": "xxx",
				"objectName": "report-bigquery/report-CSV-05-04-2022_16:36:57.csv"
			}
		]
	},
	"principalEmail": "xxx@xxx.iam.gserviceaccount.com"
}


The best way to get IT support is to use the new Service One Platform.