This detection rule captures and alerts on destructive actions executed within Google Cloud Platform's BigQuery service. Specifically, it targets queries or jobs that employ destructive operations such as UPDATE, DELETE, DROP, ALTER, or TRUNCATE. The rule operates on logs generated by BigQuery's audit logging capabilities, specifically the GCP Audit Log types, monitoring for events that indicate potentially harmful commands being issued to databases. When a detected query matches the destructive criteria, it triggers an alert based on specified conditions. The aim is to help organizations maintain the integrity of their data by detecting unintended or malicious database alterations as they occur.Historically, these operations can lead to critical data loss, thus warranting real-time monitoring and alerts to specified administrators or security teams for further action. The rule includes a deduplication period to minimize alert fatigue and is configurable to adjust the number of allowed occurrences of such queries before triggering a notification.