services / Google Cloud / Cloud Logging Sinks
Logging sinks control how logs are routed. They can be used to export logs to Cloud Storage, BigQuery, a Cloud Logging bucket, or a Pub/Sub topic.
logging.sinks.update
Updating a log sink can update the filter used to exclude logs from being routed by the sink. This can impair defenses by allowing an attacker to filter out their activity in the system.
Risks
Scope: MEDIUM
This privilege may grant access to confidential data, or its exploit can incur operational cost.
Links
Contributed by P0 Security
© 2023–present P0 Security and contributors to the IAM Privilege Catalog