CCSS (Common Configuration Scoring System) is a set of measures used to determine the severity of the rule.
Each rule is associated with a high-level category. For example IAM, Container, Monitoring, Logging, Network, etc.
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsLogging metric filter and alert for network route changes should be configured. Routes define the paths network traffic takes from a VM instance to another destination, which can be inside the same VPC network or outside of it. Monitoring changes to route tables helps prevent accidental or malicious changes that could result in either dropped packets or network hijacking.
Logging metric filter and alert for network route changes should be configured.
resource "google_logging_metric" "logging_metric" {
name = "logging_metric"
filter = "resource.type=\"gce_route\" AND protoPayload.methodName:\"compute.routes.delete\" OR protoPayload.methodName:\"compute.routes.insert\""
metric_descriptor {
value_type = "INT64"
metric_kind = "DELTA"
}
}
resource "google_monitoring_alert_policy" "alert_policy" {
depends_on = [google_logging_metric.logging_metric]
display_name = "Alert Policy"
combiner = "OR"
conditions {
display_name = "condition"
condition_threshold {
filter = "resource.type=\"global\" metric.type=\"logging.googleapis.com/user/logging_metric\""
duration = "60s"
comparison = "COMPARISON_GT"
}
}
}