From e4314aa4b8ca93ada9970f1843e867cd4c3c581c Mon Sep 17 00:00:00 2001
From: Austin Songer <austin@songer.pro>
Date: Sun, 15 Aug 2021 16:01:10 -0500
Subject: [PATCH] Update gcp_dns_zone_modified_or_deleted.yml

---
 .../gcp/gcp_dns_zone_modified_or_deleted.yml  | 23 ++++++++++++++++++-
 1 file changed, 22 insertions(+), 1 deletion(-)

diff --git a/rules/cloud/gcp/gcp_dns_zone_modified_or_deleted.yml b/rules/cloud/gcp/gcp_dns_zone_modified_or_deleted.yml
index 8b1378917..519352c8a 100644
--- a/rules/cloud/gcp/gcp_dns_zone_modified_or_deleted.yml
+++ b/rules/cloud/gcp/gcp_dns_zone_modified_or_deleted.yml
@@ -1 +1,22 @@
-
+title: Google Cloud DNS Zone Modified or Deleted
+id: 28268a8f-191f-4c17-85b2-f5aa4fa829c3
+description: Identifies when a DNS Zone is modified or deleted in Google Cloud. 
+author: Austin Songer
+status: experimental
+date: 2021/08/15
+references:
+    - https://cloud.google.com/dns/docs/reference/v1/managedZones
+logsource:
+  service: gcp.audit
+detection:
+    selection:
+        gcp.audit.method_name: 
+            - Dns.ManagedZones.Delete
+            - Dns.ManagedZones.Update
+            - Dns.ManagedZones.Patch
+    condition: selection
+level: medium
+tags:
+    - attack.impact
+falsepositives:
+ - Unkown