GCP BigQuery Should Have User Activity Logging Enabled
More Info:
Ensure that BigQuery User Activity Audit Logging is configured properly across all projects.Risk Level
MediumAddress
SecurityCompliance Standards
CISGCP, CBP, GDPR, HIPAA, ISO27001Triage and Remediation
Remediation
Using Console
Using Console
To remediate the misconfiguration “GCP BigQuery Should Have User Activity Logging Enabled” for GCP using GCP console, follow the below steps:
- Open the GCP console and navigate to the BigQuery service.
- Click on the “Navigation Menu” icon on the top-left corner of the console.
- From the menu, select “BigQuery”.
- In the BigQuery console, click on the “Settings” icon on the left-hand side panel.
- Click on the “Audit logs” tab.
- Under the “Audit logs” tab, click on the “Configure” button.
- In the “Configure audit logs” window, select the checkbox next to “Data access”.
- Select the checkbox next to “Cloud audit logs”.
- Click on the “Save” button.
- Once the configuration is saved, the user activity logging for BigQuery is enabled.
Using CLI
Using CLI
To remediate the misconfiguration “GCP BigQuery Should Have User Activity Logging Enabled” for GCP using GCP CLI, follow the below steps:Step 1: Open the command prompt or terminal on your local machine.Step 2: Authenticate to your GCP account using the below command:Step 3: Set the project to the project for which you want to enable user activity logging using the below command:Step 4: Enable the BigQuery API using the below command:Step 5: Enable user activity logging for BigQuery using the below command:Note: Replace [SINK_NAME], [PROJECT_ID], and [DATASET_ID] with your desired values.Step 6: Verify that the user activity logging is enabled for BigQuery using the below command:This will display the details of the logging sink that you just created.By following these steps, you can remediate the misconfiguration “GCP BigQuery Should Have User Activity Logging Enabled” for GCP using GCP CLI.
Using Python
Using Python
To remediate the misconfiguration “GCP BigQuery Should Have User Activity Logging Enabled”, you can follow these steps:
- Open the GCP Console and navigate to the BigQuery service.
- Click on the “Logs” tab in the left-hand menu.
- Click on the “Audit Logs” tab.
- Click on the “Create Sink” button.
- Select the “BigQuery” destination.
- Choose the project and dataset where you want to store the audit logs.
- Click on the “Create Sink” button.
- Open the Cloud Shell or terminal on your local machine and install the Google Cloud SDK.
- Authenticate using your GCP account credentials by running the command
gcloud auth login. - Set the project ID by running the command
gcloud config set project PROJECT_ID. - Create a new Python file and import the necessary libraries:
- Initialize the Logging client:
- Define the BigQuery dataset ID and table ID where you want to store the audit logs:
- Define the Sink ID for the BigQuery sink:
- Create a new Sink object for the BigQuery sink:
- Update the Sink configuration:
- Verify that the Sink configuration was updated successfully by checking the response:
- Run the Python script to remediate the misconfiguration.