Logging metric filter and alert for network changes should be configured Affecting Cloud Platform service in Google


Severity

0.0
medium
0
10
Severity Framework
Snyk CCSS
Rule category
Logging/ Logging

Is your environment affected by this misconfiguration?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
Frameworks
CIS-GoogleHIPAAISO-27001NIST-800-53PCI-DSSSOC-2
  • Snyk IDSNYK-CC-00439
  • creditSnyk Research Team

Description

Logging metric filter and alert for network changes should be configured. Network traffic flow can be impacted when a network is created, modified, or deleted, or when a network peering connection is created or deleted. Such changes can also indicate suspicious activity. Monitoring changes to VPCs can help detect anomalous actions and ensure traffic flow is not impacted.

How to fix?

Logging metric filter and alert for network changes should be configured.

Example Configuration

resource "google_logging_metric" "logging_metric" {
  name   = "logging_metric"
  filter = "resource.type=gce_network AND protoPayload.methodName:\"compute.networks.insert\" OR protoPayload.methodName:\"compute.networks.patch\" OR protoPayload.methodName:\"compute.networks.delete\" OR protoPayload.methodName:\"compute.networks.removePeering\" OR protoPayload.methodName:\"compute.networks.addPeering\""

  metric_descriptor {
    value_type  = "INT64"
    metric_kind = "DELTA"
  }
}

resource "google_monitoring_alert_policy" "alert_policy" {
  depends_on   = [google_logging_metric.logging_metric]
  display_name = "Alert Policy"
  combiner     = "OR"
  conditions {
    display_name = "condition"
    condition_threshold {
      filter     = "resource.type=\"global\" metric.type=\"logging.googleapis.com/user/logging_metric\""
      duration   = "60s"
      comparison = "COMPARISON_GT"
    }
  }
}