Skip to content

Latest commit

 

History

History
31 lines (27 loc) · 3.25 KB

custom-role-logging.md

File metadata and controls

31 lines (27 loc) · 3.25 KB

CloudSploit

GOOGLE / Logging / Custom Role Logging

Quick Info

Plugin Title Custom Role Logging
Cloud GOOGLE
Category Logging
Description Ensures that logging and log alerts exist for custom role creation and changes
More Info Project Ownership is the highest level of privilege on a project, any changes in custom role should be heavily monitored to prevent unauthorized changes.
GOOGLE Link https://cloud.google.com/logging/docs/logs-based-metrics/
Recommended Action Ensure that log alerts exist for custom role creation and changes.

Detailed Remediation Steps

  1. Log in to the Google Cloud Platform Console.
  2. Scroll down the left navigation panel and select the "Logging" option under the "STACKDRIVER."
  3. On the "Stack driver Logging" page, click on the "Logs-based metrics" option./br>
  4. On the "Logs-based metric" page, search the "System metrics" and "User-defined metrics" and check whether any metrics is there for "Custom Role Logging." If no such metrics is present then the logging and log alerts does not exist for custom role creation and changes.
  5. Repeat steps number 2 - 4 to check other GCP accounts.
  6. Navigate to the "Logging" option under the "STACKDRIVER", choose the "Logbased metrics" and click on the "CREATE METRIC" button at the top.
  7. On the "Metric editor" tab, enter the "Name" and "Description" accordingly and enter the field name under the "Label" as per the requirements and click on the "Done" button to save the "Label."
  8. Click on the "Create metric" button at the bottom to make the changes.
  9. On the "Logs-based metrics", under the "User-defined metrics" click on the 3 dots next to the newly created "Project Ownership Logging" metric and click on the "create alert from metric."
  10. On the "Create alert" page, select the "Aggregator" as per the requirement and select the "Configuration" from the dropdown menu accordingly.
  11. Enter the "Condition, Threshold and Minute" of the above "Configuration" accordingly and click on the "Save" button to make the changes.
  12. Once the settings are "Saved", enter the name of the alarm and select "Policy triggers" condition from the dropdown menu.
  13. Click on the "Save" button at the bottom to make the chanes.
  14. Repeat steps number 6 - 14 to ensure that log alerts exist for custom role creation and changes.