Logging metric filter and alert for network firewall rule changes should be configured Affecting Cloud Platform service in Google
Severity Framework
Snyk CCSS
Rule category
Logging / Logging
Is your enviroment affected by this misconfiguration?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsFrameworks
CIS-Google
HIPAA
ISO-27001
NIST-800-53
PCI-DSS
SOC-2
- Snyk ID SNYK-CC-00437
- credit Snyk Research Team
Description
Logging metric filter and alert for network firewall rule changes should be configured. Create or Update Firewall rule events indicate network access changes. Configuring a metric filter and alert for these changes may reduce the time it takes to detect suspicious activity.
How to fix?
Logging metric filter and alert for network firewall rule changes should be configured.
Example Configuration
resource "google_logging_metric" "logging_metric_437" {
name = "logging_metric_437"
filter = " resource.type=\"gce_firewall_rule\" AND protoPayload.methodName:\"compute.firewalls.patch\" OR protoPayload.methodName:\"compute.firewalls.insert\""
metric_descriptor {
value_type = "INT64"
metric_kind = "DELTA"
}
}
resource "google_monitoring_alert_policy" "alert_policy" {
depends_on = [google_logging_metric.logging_metric_437]
display_name = "Alert Policy"
combiner = "OR"
conditions {
display_name = "condition"
condition_threshold {
filter = "resource.type=\"global\" metric.type=\"logging.googleapis.com/user/logging_metric_437\""
duration = "60s"
comparison = "COMPARISON_GT"
}
}
}