Triage and Remediation
Remediation
Using Console
Using Console
To remediate the “Cloud SQL Admin Activity Audit Logging Should Be Enabled” misconfiguration for GCP using GCP console, please follow these steps:
- Open the Google Cloud Console and navigate to the Cloud SQL instances page.
- Select the instance you want to configure.
- Click on the “Edit” button at the top of the page.
- Scroll down to the “Database flags” section.
- Click on the “Add database flag” button.
- In the “Flag name” field, enter “log_admin_operations”.
- In the “Flag value” field, enter “on”.
- Click on the “Save” button at the bottom of the page.
Using CLI
Using CLI
To remediate the misconfiguration “Cloud SQL Admin Activity Audit Logging Should Be Enabled” in GCP using GCP CLI, follow the below steps:Replace This command will return a list of all the database flags that are set for the Cloud SQL instance. Verify that
- Open the Cloud Shell in the GCP console.
- Run the following command to enable Cloud SQL Admin Activity Audit Logging for all Cloud SQL instances in the default project:
[INSTANCE_NAME] with the name of your Cloud SQL instance.- Verify that the audit logging is enabled by running the following command:
log_admin_operations is set to on.- Repeat the above steps for all the Cloud SQL instances in your project.
Using Python
Using Python
To remediate the Cloud SQL Admin Activity Audit Logging misconfiguration in GCP using Python, you can follow the below steps:With these steps, you can remediate the Cloud SQL Admin Activity Audit Logging misconfiguration in GCP using Python.
- First, you need to import the required libraries and authenticate to your GCP account using service account credentials.
- Next, you need to create a filter that will identify the Cloud SQL Admin Activity Audit logs.
- Then, you need to check if there are any sinks already created for the logs.
- If there are no sinks created, you can create a new sink for the logs.
- Finally, you need to verify that the sink was created successfully.