Configuration change alert
IAM role change alerts
VPC network changes
Cloud Storage IAM permission changes
SQL instance configuration changes
VPC network route changes
VPC network firewall rule changes
Custom Role changes
Audit configuration changes
Hello Hari,
The path to move forward is indeed the use of log based metrics, you only need to find exactly the filter for what you are trying to achieve.
For example I have set up a metric with the filter [1] to detect when a change is made to the roles of an user in a project.
Please have a look at our documentation regarding creating charts and alerts [2] and creating counter metrics [3].
Have a nice day!
[1] protoPayload.serviceData.policyDelta.bindingDeltas.action=ADD
[2] - https://cloud.google.com/logging/docs/logs-based-metrics/charts-and-alerts
[3] - https://cloud.google.com/logging/docs/logs-based-metrics/counter-metrics#creating_a_counter_metric