Triage and Remediation
Remediation
Using Console
Using Console
To remediate the misconfiguration “Network Route Change Log Alerts Should Be Enabled” for GCP using GCP console, follow these steps:
- Open the GCP console and navigate to the Logging section.
- Click on “Logs Explorer” in the left-hand menu.
- In the search bar at the top of the page, type “route” and press enter.
- Select the “GCE_NETWORK_ROUTE” log type from the dropdown menu.
- Click on the “Create Metric” button.
- Name the metric “route-change” and set the aggregation to “Count”.
- Click on the “Create” button to create the metric.
- In the left-hand menu, click on “Alerting”.
- Click on the “Create Policy” button.
- Name the policy “route-change-alert” and set the “Resource Type” to “GCE Instance”.
- Under “Conditions”, click on “Add Condition”.
- Select “Metric Threshold” as the condition type.
- Set the “Metric” to “route-change” and set the “Aggregation” to “Count”.
- Set the “Threshold” to “1” and the “For” duration to “1 minute”.
- Click on “Add” to add the condition.
- Under “Notifications”, click on “Add Notification”.
- Select the notification method you want to use (e.g. email, SMS, etc.) and enter the appropriate information.
- Click on “Save” to save the policy.
Using CLI
Using CLI
To remediate the misconfiguration “Network Route Change Log Alerts Should Be Enabled” for GCP using GCP CLI, please follow the below steps:
- Open the Cloud Shell in the GCP Console.
-
Run the following command to enable route change log alerts for your project:
Note: Replace ROUTE_CHANGE_LOGS_STORAGE_BUCKET_NAME and PROJECT_ID with your own values.
-
Run the following command to grant the logs writer role to the sink service account:
Note: Replace PROJECT_ID and SINK_SERVICE_ACCOUNT with your own values.
-
Run the following command to create a log metric for the route change logs:
Note: Replace ROUTE_CHANGE_LOGS_METRIC_NAME and PROJECT_ID with your own values.
-
Run the following command to create an alert policy for the route change logs:
Note: Replace ROUTE_CHANGE_LOGS_METRIC_NAME, CHANNEL_NAME, and PROJECT_ID with your own values.
-
Verify that the alert policy is created successfully by running the following command:
Note: Replace PROJECT_ID with your own value.
Using Python
Using Python
To remediate the misconfiguration “Network Route Change Log Alerts Should Be Enabled” for GCP using Python, follow the below steps:Note: Replace
- Import the required libraries:
- Set the project ID for which you want to enable the Network Route Change Log Alerts:
- Initialize the Logging client:
- Create a request to get the existing sink for the project:
- Check if the sink already exists. If it exists, update it with the required configuration. If it doesn’t exist, create a new sink with the required configuration:
your-sink-name and your-topic-name with the desired names for your sink and topic.- Confirm that the sink is created or updated successfully by checking the Stackdriver Logging console.