Skip to content
TheCloud.Events

bigquery.jobs.insert

CSP: GCP
Tactics:
Collection Exfiltration
Techniques:
T1530T1537
Tags:
GCP BigQuery

Event

Creates and submits a BigQuery job (query, load, export, or copy) that accesses or transforms data in BigQuery datasets.

Security Context

  • Accessing cloud storage objects can expose sensitive data including backups, configuration files, application data, and customer information.
  • Transferring data to external cloud accounts or regions can bypass network-based data loss prevention controls and exfiltrate large volumes of data.

Log Source

Cloud Audit Logs

Sample Event

MITRE ATT&CK Mapping

Tactics: Collection Exfiltration

Techniques:
  • T1530 — Data from Cloud Storage — Adversaries may access data from cloud storage. Many IaaS providers offer solutions for online data object storage such as Amazon S3, Azure Storage, and Google Cloud Storage.
  • T1537 — Transfer Data to Cloud Account — Adversaries may exfiltrate data by transferring the data, including through sharing/syncing and creating backups of cloud environments, to another cloud account they control on the same service. A defender who is monitoring for large transfers to outside the cloud environment through normal file ...