CCSS (Common Configuration Scoring System) is a set of measures used to determine the severity of the rule.
Each rule is associated with a high-level category. For example IAM, Container, Monitoring, Logging, Network, etc.
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsLogging metric filter and alert for network changes should be configured. Network traffic flow can be impacted when a network is created, modified, or deleted, or when a network peering connection is created or deleted. Such changes can also indicate suspicious activity. Monitoring changes to VPCs can help detect anomalous actions and ensure traffic flow is not impacted.
Logging metric filter and alert for network changes should be configured.
resource "google_logging_metric" "logging_metric" {
name = "logging_metric"
filter = "resource.type=gce_network AND protoPayload.methodName:\"compute.networks.insert\" OR protoPayload.methodName:\"compute.networks.patch\" OR protoPayload.methodName:\"compute.networks.delete\" OR protoPayload.methodName:\"compute.networks.removePeering\" OR protoPayload.methodName:\"compute.networks.addPeering\""
metric_descriptor {
value_type = "INT64"
metric_kind = "DELTA"
}
}
resource "google_monitoring_alert_policy" "alert_policy" {
depends_on = [google_logging_metric.logging_metric]
display_name = "Alert Policy"
combiner = "OR"
conditions {
display_name = "condition"
condition_threshold {
filter = "resource.type=\"global\" metric.type=\"logging.googleapis.com/user/logging_metric\""
duration = "60s"
comparison = "COMPARISON_GT"
}
}
}