More Info:

Ensure Cloud Monitoring notification channels are verified.

Risk Level

Low

Address

Operational Maturity, Security

Compliance Standards

CBP

Triage and Remediation

Remediation

Using Console

To remediate the misconfiguration “Cloud Monitoring Notification Channels Should Be Verified” in GCP using GCP console, please follow the below steps:
  1. Login to the GCP console (https://console.cloud.google.com/).
  2. Navigate to the “Monitoring” section from the left-hand side menu.
  3. Click on the “Notification channels” option under “Alerting” section.
  4. Verify that all the notification channels listed are verified. If there are any unverified notification channels, follow the below steps:
    • Click on the unverified notification channel.
    • Click on the “Verify” button.
    • Follow the instructions to verify the notification channel.
  5. Once all the notification channels are verified, the misconfiguration “Cloud Monitoring Notification Channels Should Be Verified” is remediated.
Note: It is recommended to periodically verify the notification channels to ensure that they are working as expected.

To remediate the misconfiguration of unverified notification channels in GCP using GCP CLI, follow the below steps:Step 1: Open the Google Cloud Console and navigate to the Cloud Monitoring page.Step 2: Click on the “Notification Channels” tab.Step 3: Identify the notification channels that are unverified.Step 4: Open the Google Cloud Shell.Step 5: Run the following command to verify a notification channel:
gcloud alpha monitoring channels verify [CHANNEL_ID]
Replace [CHANNEL_ID] with the ID of the notification channel that you want to verify.Step 6: Repeat step 5 for all the unverified notification channels.Step 7: Verify that all the notification channels are now verified by running the following command:
gcloud alpha monitoring channels list
This will list all the notification channels in your GCP project along with their verification status.Step 8: Once all the notification channels are verified, the misconfiguration is remediated.Note: You can also verify notification channels using the GCP Console. To do so, open the Cloud Monitoring page, click on the “Notification Channels” tab, select an unverified channel, and click on the “Verify” button.
To remediate the “Cloud Monitoring Notification Channels Should Be Verified” misconfiguration in GCP using Python, you can follow the below steps:Step 1: Install the required Python libraries
pip install google-auth google-auth-oauthlib google-auth-httplib2 google-cloud-monitoring google-cloud-logging
Step 2: Authenticate with GCP using Python
from google.oauth2 import service_account
from google.cloud import monitoring_v3

# Replace [PATH_TO_SERVICE_ACCOUNT_FILE] with the path to the service account file.
credentials = service_account.Credentials.from_service_account_file('[PATH_TO_SERVICE_ACCOUNT_FILE]')

# Create a client object for the Google Cloud Monitoring API
client = monitoring_v3.MetricServiceClient(credentials=credentials)
Step 3: Get the list of notification channels
from google.cloud import monitoring_v3

# Replace [PROJECT_ID] with your GCP project ID.
project_name = f"projects/{[PROJECT_ID]}"

# Get the list of notification channels
channels = client.list_notification_channels(project_name)
for channel in channels:
    print(channel)
Step 4: Verify each notification channel
from google.cloud import monitoring_v3

# Replace [PROJECT_ID] with your GCP project ID.
project_name = f"projects/{[PROJECT_ID]}"

# Get the list of notification channels
channels = client.list_notification_channels(project_name)

for channel in channels:
    if not channel.verified:
        # Verify the notification channel
        client.verify_notification_channel(channel.name)
        print(f"Verified notification channel: {channel.name}")
By following these steps, you can remediate the “Cloud Monitoring Notification Channels Should Be Verified” misconfiguration in GCP using Python.