More Info:
Ensure Cloud Monitoring monitors dropped packets count for firewall.Risk Level
MediumAddress
Security, Performance Efficiency, ReliabilityCompliance Standards
CBPTriage and Remediation
Remediation
Using Console
Using Console
To remediate the misconfiguration of not monitoring dropped packets count for firewall in GCP using GCP console, please follow the below steps:
- Login to the GCP console.
- Select the project in which the firewall is configured.
- Navigate to the VPC Network page from the left-hand side menu.
- Click on the Firewall rules tab.
- Click on the Edit button (pencil icon) next to the firewall rule you want to modify.
- Scroll down to the Logs section and select the checkbox for “Log dropped packets.”
- Click on the Save button to save the changes.
Using CLI
Using CLI
To remediate the misconfiguration of dropped packets count for firewall in GCP using GCP CLI, follow the below steps:
- Open the GCP Cloud Shell.
-
Run the following command to list all the firewall rules in your project:
- Identify the firewall rule that needs to be modified.
-
Run the following command to update the firewall rule and enable logging for dropped packets:
Replace
[FIREWALL_RULE_NAME]
with the name of the firewall rule that needs to be modified. -
Verify that the logging is enabled for the firewall rule by running the following command:
Replace
[FIREWALL_RULE_NAME]
with the name of the firewall rule that was modified. - Check the logs in the Logging section of the GCP Console to ensure that the dropped packets count is being monitored.
Using Python
Using Python
To remediate the misconfiguration of not monitoring the dropped packet count for Firewall in GCP using Python, follow the below steps:
-
Install the required libraries:
-
Authenticate with GCP:
-
Import the necessary libraries:
-
Set the project ID and the client:
-
Define the metric descriptor:
-
Create the metric descriptor:
-
Define the time series data:
-
Write the time series data: