This detection rule identifies unauthorized invitations of external users as project owners in Google Cloud Platform (GCP) projects by monitoring the InsertProjectOwnershipInvite API event in GCP Audit Logs. The primary focus of the rule is on security, as inviting external users for ownership without proper authorization can significantly increase the security risks associated with GCP projects. The rule specifies that when an external user (identified by a non-organization email) is invited as an owner, it should trigger a high-severity alert, prompting an investigation of the invitation. The investigation process should ensure verification and authorization of the invitation to prevent potential security breaches. If unauthorized access is detected, the relevant actions should be taken to revoke the access promptly. This rule plays an essential role in maintaining the integrity of GCP project settings and protecting sensitive resources from unauthorized external influences.