diff --git a/atomics/T1078.004/T1078.004.yaml b/atomics/T1078.004/T1078.004.yaml
index be754fd2..e3a78123 100644
--- a/atomics/T1078.004/T1078.004.yaml
+++ b/atomics/T1078.004/T1078.004.yaml
@@ -117,3 +117,52 @@ atomic_tests:
       Remove-AzAutomationRunbook -AutomationAccountName #{automation_account_name} -Name #{runbook_name} -ResourceGroupName #{resource_group} -Force
       cd $PathToAtomicsFolder/T1078.004/src/T1078.004-2/
       terraform destroy -auto-approve
+
+- name: GCP - Create Custom IAM Role
+  description: |
+    This atomic will create a new IAM role. The default role permissions are: *IAM Service Account Get*. The idea for this Atomic came from a Rule published by the Elastic team.
+
+    Identifies an Identity and Access Management (IAM) custom role creation in Google Cloud Platform (GCP). 
+    Custom roles are user-defined, and allow for the bundling of one or more supported permissions to meet specific needs. 
+    Custom roles will not be updated automatically and could lead to privilege creep if not carefully scrutinized.
+    
+    This atomic will create a new IAM role. The default role permissions are: *IAM Service Account Get*
+    
+    Reference: https://github.com/elastic/detection-rules/blob/main/rules/integrations/gcp/initial_access_gcp_iam_custom_role_creation.toml
+    
+  supported_platforms:
+  - iaas:gcp
+  input_arguments:
+    project-id:
+      description: ID of the GCP Project you to execute the command against.
+      type: string
+      default: atomic-test-1
+    role-name:
+      description: The name of the role to be created.
+      type: string
+      default: AtomicRedTeamRole
+    role-description:
+      description: The description of the role to be created.
+      type: string
+      default: Atomic Red Team Custom IAM Role
+    roles:
+      description: List of roles to be applied
+      type: string
+      default: iam.serviceAccounts.get
+  executor:
+    name: sh
+    elevation_required: false
+    command: |
+      gcloud auth login --no-launch-browser
+      gcloud config set project #{project-id}
+      gcloud iam roles create #{role-name} --description="#{role-description}" --permissions=#{roles} --project=#{project-id}
+    cleanup_command: |
+      gcloud iam roles delete #{role-name} --project=#{project-id}
+  dependency_executor_name: sh
+  dependencies:
+  - description: |
+      Requires gcloud
+    prereq_command: |
+      if [ -x "$(command -v gcloud)" ]; then exit 0; else exit 1; fi;
+    get_prereq_command: |
+      echo "Please Install Google Cloud SDK before running this atomic test : https://cloud.google.com/sdk/docs/install"
\ No newline at end of file
diff --git a/atomics/T1098/T1098.yaml b/atomics/T1098/T1098.yaml
index 82039b5c..8c20e24b 100644
--- a/atomics/T1098/T1098.yaml
+++ b/atomics/T1098/T1098.yaml
@@ -945,3 +945,55 @@ atomic_tests:
       else {
           Write-Host -ForegroundColor Yellow "You must store the password of the current user by running the prerequisite commands first"
       }
+- name: GCP - Delete Service Account Key
+  description: |
+    This Atomic will: 
+      - Create a service account
+      - Create a service account key, 
+      - Store the result of retrieving a single key for that service account as a variable
+      - Pass that variable for deletion
+      - Delete the service account
+    
+    The idea for this Atomic came from a Rule published by the Elastic team.
+
+    Identifies the deletion of an Identity and Access Management (IAM) service account key in Google Cloud Platform (GCP).
+    Each service account is associated with two sets of public/private RSA key pairs that are used to authenticate. 
+    If a key is deleted, the application will no longer be able to access Google Cloud resources using that key. A security best practice is to rotate your service account keys regularly.
+
+    Reference: https://github.com/elastic/detection-rules/blob/main/rules/integrations/gcp/impact_gcp_storage_bucket_deleted.toml
+  supported_platforms:
+  - iaas:gcp
+  input_arguments:
+    project-id:
+      description: ID of the GCP Project you to execute the command against.
+      type: string
+      default: atomic-test-1
+    service-name:
+      description: The name of the service account.
+      type: string
+      default: atomic-service-account
+    key-path:
+      description: Path to the key to be created from create keys command.
+      type: string
+      default: /tmp/key.json
+  executor:
+    name: sh
+    elevation_required: false
+    command: |
+      gcloud auth login --no-launch-browser
+      gcloud config set project #{project-id}
+      gcloud iam service-accounts create #{service-name}
+      gcloud iam service-accounts keys create #{key-path} --iam-account=#{service-name}@#{project-id}.iam.gserviceaccount.com
+      KEY = gcloud iam service-accounts keys list --iam-account=#{service-name}@#{project-id}.iam.gserviceaccount.com --format="value(KEY_ID)" --limit=1
+      gcloud iam service-accounts keys delete $KEY --iam-account=#{service-name}@#{project-id}.iam.gserviceaccount.com --quiet
+      gcloud iam service-accounts delete #{service-name}@#{project-id}.iam.gserviceaccount.com --quiet
+    cleanup_command: |
+      rm #{key-path}
+  dependency_executor_name: sh
+  dependencies:
+  - description: |
+      Requires gcloud
+    prereq_command: |
+      if [ -x "$(command -v gcloud)" ]; then exit 0; else exit 1; fi;
+    get_prereq_command: |
+      echo "Please Install Google Cloud SDK before running this atomic test : https://cloud.google.com/sdk/docs/install"
\ No newline at end of file
diff --git a/atomics/T1485/T1485.yaml b/atomics/T1485/T1485.yaml
index 39b83d83..ebb252c0 100644
--- a/atomics/T1485/T1485.yaml
+++ b/atomics/T1485/T1485.yaml
@@ -66,3 +66,38 @@ atomic_tests:
     command: |
       cipher.exe /w:C:
     name: command_prompt
+- name: GCP - Delete Bucket
+  description: |
+    This Atomic will create a Google Storage Bucket then delete it. The idea for this Atomic came from a Rule published by the Elastic team.
+
+    Identifies when a Google Cloud Platform (GCP) storage bucket is deleted. An adversary may delete a storage bucket in order to disrupt their target's business operations.
+    This atomic will create a bucket then delete the bucket.
+
+    Reference: https://github.com/elastic/detection-rules/blob/main/rules/integrations/gcp/impact_gcp_storage_bucket_deleted.toml
+  supported_platforms:
+  - iaas:gcp
+  input_arguments:
+    project-id:
+      description: ID of the GCP Project you to execute the command against.
+      type: string
+      default: atomic-test-1
+    bucket-name:
+      description: The name of the bucket to delete.
+      type: string
+      default: atomic-red-team-bucket
+  executor:
+    name: sh
+    elevation_required: false
+    command: |
+      gcloud auth login --no-launch-browser
+      gcloud config set project #{project-id}
+      gcloud storage buckets create gs://#{bucket-name}
+      gcloud storage buckets delete gs://#{bucket-name}
+  dependency_executor_name: sh
+  dependencies:
+  - description: |
+      Requires gcloud
+    prereq_command: |
+      if [ -x "$(command -v gcloud)" ]; then exit 0; else exit 1; fi;
+    get_prereq_command: |
+      echo "Please Install Google Cloud SDK before running this atomic test : https://cloud.google.com/sdk/docs/install"
diff --git a/atomics/T1562.008/T1562.008.yaml b/atomics/T1562.008/T1562.008.yaml
index 56eecc89..d90f9cc2 100644
--- a/atomics/T1562.008/T1562.008.yaml
+++ b/atomics/T1562.008/T1562.008.yaml
@@ -439,3 +439,32 @@ atomic_tests:
       Disconnect-ExchangeOnline -Confirm:$false
     name: powershell
     elevation_required: false
+- name: GCP - Delete Activity Event Log
+  description: |
+    GCP provides 4 types of Cloud Audit Logs: Admin Activity, Data Access, System Events, and Policy Denied.
+    An adversary may attempt to delete logs in order to hide their activity. However, Admin Activity, System Events, and Policy Deny events logs cannot be deleted. 
+    
+    This Atomic attempts to delete the Activity Event log. An event is generated under the method name of `google.logging.v2.LoggingServiceV2.DeleteLog` with a Serverity of `ERROR`.
+  supported_platforms:
+  - iaas:gcp
+
+  input_arguments:
+    project-id:
+      description: ID of the GCP Project you to execute the command against.
+      type: string
+      default: atomic-project-1
+  executor:
+    name: sh
+    elevation_required: false
+    command: |
+      gcloud auth login --no-launch-browser
+      gcloud config set project #{project-id}
+      gcloud logging logs delete projects/#{project-id}/logs/cloudaudit.googleapis.com%2Factivity --quiet
+  dependency_executor_name: sh
+  dependencies:
+  - description: |
+      Requires gcloud
+    prereq_command: |
+      if [ -x "$(command -v gcloud)" ]; then exit 0; else exit 1; fi;
+    get_prereq_command: |
+      echo "Please Install Google Cloud SDK before running this atomic test : https://cloud.google.com/sdk/docs/install"
\ No newline at end of file