diff --git a/plugins/gcpaudit/CHANGELOG.md b/plugins/gcpaudit/CHANGELOG.md
index 989c4548..d9fe6c95 100644
--- a/plugins/gcpaudit/CHANGELOG.md
+++ b/plugins/gcpaudit/CHANGELOG.md
@@ -1,5 +1,14 @@
 # Changelog
 
+## v0.5.0
+
+* [`7b0fdac`](https://github.com/falcosecurity/plugins/pull/544/commits/7b0fdac41655ae89cbfb8f5e18e76f852d8ced5d) update(plugins/gcpaudit): bump plugin version to 0.5.0
+
+* [`931f068`](https://github.com/falcosecurity/plugins/pull/544/commits/931f0688edbe90f1d571bfcb200dd5ecb553903c) chore(plugins/gcpaudit): update readme with new field
+
+* [`3f345b6`](https://github.com/falcosecurity/plugins/pull/544/commits/3f345b6468f8f22316e01913c6ca651aba9b2db8) feat(plugins/gcpaudit): add gcp.resourceLabels field
+
+
 ## v0.4.0
 
 * [`92ee2d3`](https://github.com/falcosecurity/plugins/commit/92ee2d33) update(plugins/gcpaudit): upgrade sdk and deps
diff --git a/plugins/gcpaudit/README.md b/plugins/gcpaudit/README.md
index c9366023..79470a6b 100644
--- a/plugins/gcpaudit/README.md
+++ b/plugins/gcpaudit/README.md
@@ -111,6 +111,7 @@ For more details about what Cloud logging log queries, see the [GCP official doc
 | `gcp.projectId`               | `string` | None | GCP project ID                                  |
 | `gcp.resourceName`            | `string` | None | GCP resource name                               |
 | `gcp.resourceType`            | `string` | None | GCP resource type                               |
+| `gcp.resourceLabels`          | `string` | None | GCP resource labels                             |
 | `gcp.storage.bucket`          | `string` | None | GCP bucket name                                 |
 <!-- /README-PLUGIN-FIELDS -->
 
diff --git a/plugins/gcpaudit/pkg/gcpaudit/extract.go b/plugins/gcpaudit/pkg/gcpaudit/extract.go
index 99b59fbe..e4fc9e24 100644
--- a/plugins/gcpaudit/pkg/gcpaudit/extract.go
+++ b/plugins/gcpaudit/pkg/gcpaudit/extract.go
@@ -48,6 +48,7 @@ func (p *Plugin) Fields() []sdk.FieldEntry {
 		{Type: "string", Name: "gcp.projectId", Display: "Project ID", Desc: "GCP project ID"},
 		{Type: "string", Name: "gcp.resourceName", Display: "Resource Name", Desc: "GCP resource name"},
 		{Type: "string", Name: "gcp.resourceType", Display: "Resource Type", Desc: "GCP resource type"},
+		{Type: "string", Name: "gcp.resourceLabels", Display: "Resource Labels", Desc: "GCP resource labels"},
 		{Type: "string", Name: "gcp.storage.bucket", Display: "Bucket Name", Desc: "GCP bucket name"},
 	}
 }
@@ -225,6 +226,12 @@ func (p *Plugin) Extract(req sdk.ExtractRequest, evt sdk.EventReader) error {
 			req.SetValue(string(resourceType))
 		}
 
+	case "gcp.resourceLabels":
+		resourceLabels := p.jdata.Get("resource").Get("labels").MarshalTo(nil)
+		if resourceLabels != nil && len(resourceLabels) > 0 {
+			req.SetValue(string(resourceLabels))
+		}
+
 	case "gcp.storage.bucket":
 		bucket := p.jdata.Get("resource").Get("labels").GetStringBytes("bucket_name")
 		if bucket != nil {
diff --git a/plugins/gcpaudit/pkg/gcpaudit/gcpaudit.go b/plugins/gcpaudit/pkg/gcpaudit/gcpaudit.go
index 993aee9d..1d4bfa73 100644
--- a/plugins/gcpaudit/pkg/gcpaudit/gcpaudit.go
+++ b/plugins/gcpaudit/pkg/gcpaudit/gcpaudit.go
@@ -30,7 +30,7 @@ const (
 	PluginName               = "gcpaudit"
 	PluginDescription        = "Read GCP Audit Logs"
 	PluginContact            = "github.com/falcosecurity/plugins"
-	PluginVersion            = "0.4.0"
+	PluginVersion            = "0.5.0"
 	PluginEventSource        = "gcp_auditlog"
 )