This rule monitors the creation of new open (public) Google Cloud Platform (GCP) Storage buckets by analyzing GCP PubSub events specifically tied to the `storage.setIamPermissions` method. The focus is on identifying when the `allUsers` member is added to the IAM permissions of storage buckets, indicating a significant security risk that may expose sensitive data to the public internet. This type of misconfiguration can potentially allow unauthorized users to access, modify, or delete data within the bucket, leading to data breaches and compliance issues. The detection is achieved by querying the relevant Google Cloud data, and the implementation requires setting up the Splunk Add-on for Google Cloud Platform to capture these events via Cloud Pub/Sub.