From 7605795a9fc6e4bb750ef5a26d6c284cf925b479 Mon Sep 17 00:00:00 2001
From: Austin Songer <austin@songer.pro>
Date: Sun, 15 Aug 2021 14:30:23 -0500
Subject: [PATCH 1/3] Create gcp_dns_zone_modified_or_deleted.yml

---
 rules/cloud/gcp/gcp_dns_zone_modified_or_deleted.yml | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 rules/cloud/gcp/gcp_dns_zone_modified_or_deleted.yml

diff --git a/rules/cloud/gcp/gcp_dns_zone_modified_or_deleted.yml b/rules/cloud/gcp/gcp_dns_zone_modified_or_deleted.yml
new file mode 100644
index 000000000..8b1378917
--- /dev/null
+++ b/rules/cloud/gcp/gcp_dns_zone_modified_or_deleted.yml
@@ -0,0 +1 @@
+

From e4314aa4b8ca93ada9970f1843e867cd4c3c581c Mon Sep 17 00:00:00 2001
From: Austin Songer <austin@songer.pro>
Date: Sun, 15 Aug 2021 16:01:10 -0500
Subject: [PATCH 2/3] Update gcp_dns_zone_modified_or_deleted.yml

---
 .../gcp/gcp_dns_zone_modified_or_deleted.yml  | 23 ++++++++++++++++++-
 1 file changed, 22 insertions(+), 1 deletion(-)

diff --git a/rules/cloud/gcp/gcp_dns_zone_modified_or_deleted.yml b/rules/cloud/gcp/gcp_dns_zone_modified_or_deleted.yml
index 8b1378917..519352c8a 100644
--- a/rules/cloud/gcp/gcp_dns_zone_modified_or_deleted.yml
+++ b/rules/cloud/gcp/gcp_dns_zone_modified_or_deleted.yml
@@ -1 +1,22 @@
-
+title: Google Cloud DNS Zone Modified or Deleted
+id: 28268a8f-191f-4c17-85b2-f5aa4fa829c3
+description: Identifies when a DNS Zone is modified or deleted in Google Cloud. 
+author: Austin Songer
+status: experimental
+date: 2021/08/15
+references:
+    - https://cloud.google.com/dns/docs/reference/v1/managedZones
+logsource:
+  service: gcp.audit
+detection:
+    selection:
+        gcp.audit.method_name: 
+            - Dns.ManagedZones.Delete
+            - Dns.ManagedZones.Update
+            - Dns.ManagedZones.Patch
+    condition: selection
+level: medium
+tags:
+    - attack.impact
+falsepositives:
+ - Unkown

From 219be99847037bd389f6e80b7745945e622efdcb Mon Sep 17 00:00:00 2001
From: Austin Songer <austin@songer.pro>
Date: Sun, 15 Aug 2021 16:02:04 -0500
Subject: [PATCH 3/3] Update gcp_dns_zone_modified_or_deleted.yml

---
 rules/cloud/gcp/gcp_dns_zone_modified_or_deleted.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rules/cloud/gcp/gcp_dns_zone_modified_or_deleted.yml b/rules/cloud/gcp/gcp_dns_zone_modified_or_deleted.yml
index 519352c8a..cbd763943 100644
--- a/rules/cloud/gcp/gcp_dns_zone_modified_or_deleted.yml
+++ b/rules/cloud/gcp/gcp_dns_zone_modified_or_deleted.yml
@@ -1,7 +1,7 @@
 title: Google Cloud DNS Zone Modified or Deleted
 id: 28268a8f-191f-4c17-85b2-f5aa4fa829c3
 description: Identifies when a DNS Zone is modified or deleted in Google Cloud. 
-author: Austin Songer
+author: Austin Songer @austinsonger
 status: experimental
 date: 2021/08/15
 references: