As part of your organization's zero trust strategy, you use Identity-Aware Proxy (IAP) to protect multiple applications. You need to ingest logs into a Security Information and Event Management (SIEM) system so that you are alerted to possible intrusions.
Which logs should you analyze?
To effectively monitor and detect possible intrusions related to IAP-protected applications, Policy Denied audit logs provide the most relevant insights. These logs contain records of access attempts that were denied by IAP policies, helping to identify unauthorized access attempts and potential intrusions. Analyzing these logs aligns with your zero trust strategy by enabling you to track access violations and unauthorized attempts, which is crucial for timely alerts in your SIEM system.
The data_access log name only appears if there was traffic to your resource after you enabled Cloud Audit Logs for IAP. Click to expand the date and time of the access you want to review. Authorized access has a blue i icon. Unauthorized access has an orange !! icon. " https://cloud.google.com/iap/docs/audit-log-howto
Answer is B
B. Policy Denied audit logs: These logs contain records of access attempts that were denied by IAP policies. Analyzing these logs can help identify unauthorized access attempts and potential intrusion attempts blocked by IAP.
https://cloud.google.com/iap/docs/audit-log-howto#viewing_audit
A is fire
B. Policy Denied audit logs can show when unauthorized users or devices tried to access protected applications and were blocked, which is crucial for identifying and responding to threats. As part of a zero trust strategy, leveraging Identity-Aware Proxy (IAP) involves closely monitoring and analyzing logs to detect potential intrusions and unauthorized activities.
To effectively monitor and detect possible intrusions related to IAP-protected applications, focusing on Policy Denied audit logs provides the most relevant insights into access control and denial events. These logs help you track access violations and unauthorized attempts, aligning with your zero trust strategy and enabling timely alerts in your SIEM system.