CCSS (Common Configuration Scoring System) is a set of measures used to determine the severity of the rule.
Each rule is associated with a high-level category. For example IAM, Container, Monitoring, Logging, Network, etc.
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsLogging metric filter and alert for network firewall rule changes should be configured. Create or Update Firewall rule events indicate network access changes. Configuring a metric filter and alert for these changes may reduce the time it takes to detect suspicious activity.
Logging metric filter and alert for network firewall rule changes should be configured.
resource "google_logging_metric" "logging_metric_437" {
name = "logging_metric_437"
filter = " resource.type=\"gce_firewall_rule\" AND protoPayload.methodName:\"compute.firewalls.patch\" OR protoPayload.methodName:\"compute.firewalls.insert\""
metric_descriptor {
value_type = "INT64"
metric_kind = "DELTA"
}
}
resource "google_monitoring_alert_policy" "alert_policy" {
depends_on = [google_logging_metric.logging_metric_437]
display_name = "Alert Policy"
combiner = "OR"
conditions {
display_name = "condition"
condition_threshold {
filter = "resource.type=\"global\" metric.type=\"logging.googleapis.com/user/logging_metric_437\""
duration = "60s"
comparison = "COMPARISON_GT"
}
}
}