Cloud Security Rules

RULE	SERVICE GROUP
M Packet mirroring resource in use	Compute Engine
M PostgreSQL 'log_min_error_statement' database flag is not set appropriately	Cloud SQL
M PostgreSQL 'log_min_messages' database flag is not set appropriately	Cloud SQL
M Project-wide SSH keys are allowed	Compute Engine
M Public IP is assigned to compute instance	Compute Engine
M Public IP is assigned to SQL database instance	Cloud SQL
M Serial port is enabled	Compute Engine
M Service account uses user-managed service account keys	Network
M SQL statements with sensitive information may be logged	Cloud SQL
M SSL policy allows weak algorithms	Compute Engine
M Temporary file information is not logged	Cloud SQL
M The default network for a project should be deleted	Network
M The log_checkpoints setting is disabled on PostgreSQL DB	Cloud SQL
M The log_disconnections setting is disabled on PostgreSQL DB	Cloud SQL
M The log_lock_waits setting is disabled on PostgreSQL DB	Cloud SQL
M Uniform bucket-level access is disabled	Cloud Storage
M VPC flow logs for VPC network subnets are disabled	Compute Engine
L Cloud SQL for MySQL allows all users to see database names	Cloud SQL
L Compute firewall allows open egress	Compute Engine
L GKE Alias IP disabled	Kubernetes (Container) Engine
L GKE cluster labels are missing	Kubernetes (Container) Engine
L GKE Node Pool auto repair is disabled	Kubernetes (Container) Engine
L GKE Node Pool auto upgrade disabled	Kubernetes (Container) Engine
L GKE Node pool does not use a container-optimized OS	Kubernetes (Container) Engine
L GKE PodSecurityPolicy controller is disabled	Kubernetes (Container) Engine
L GKE Shield is disabled	Kubernetes (Container) Engine
L Instance IP assignment is not set to private	Compute Engine
L OS Login is disabled on instance	Compute Engine
L Shielded VM is disabled	Compute Engine

AWS

Azure

Google

Kubernetes