GCP Introduction
GCP Pricing
GCP Threats
GCP Misconfigurations
- Getting Started with GCP Audit
- CloudSql Audit
- Cloud Tasks Monitoring
- Dataflow Monitoring
- Function Monitoring
- Monitoring Compliance
- PubSubLite Monitoring
- Spanner Monitoring
- NoSQL Monitoring
- Compute Audit
- IAM Audit
- BigQuery Monitoring
- CDN Monitoring
- DNS Monitoring
- KMS Monitoring
- Kubernetes Audit
- Load Balancer Monitoring
- Log Monitoring
- Storage Audit
- Pub/Sub Monitoring
- VPC Audit
- IAM Deep Dive
GCP Threats
Bigtable Tables Should Have Audit Logging Enabled
More Info:
DATA_READ, DATA_WRITE and ADMIN_READ logs should be enabled on Cloud Bigtable tables
Risk Level
Medium
Address
Operational Maturity, Security
Compliance Standards
HITRUST
Triage and Remediation
Remediation
To remediate “Bigtable Tables Should Have Audit Logging Enabled” for GCP using GCP console, follow these steps:
-
Open the GCP Console and navigate to the Bigtable instance for which you want to enable audit logging.
-
Click on the “Edit” button on the top of the page.
-
In the “Edit instance” page, scroll down to the “Cloud audit logs” section and click on the “Add logging” button.
-
In the “Add logging” dialog box, select the “All Cloud Audit Logs” option and click on the “Save” button.
-
Once you have enabled audit logging for the Bigtable instance, you can view the logs in the Cloud Logging console.
Note: Enabling audit logging for Bigtable tables is a best practice recommended by Google to help you monitor and troubleshoot your Bigtable instances.
To remediate the misconfiguration of Bigtable Tables not having Audit Logging enabled in GCP using GCP CLI, follow the below steps:
-
Open the Cloud Shell in your GCP console.
-
Run the following command to enable audit logging for Bigtable Tables:
gcloud beta bigtable tables set-iam-policy <instance-id> <table-id> \ --policy-file=- <<EOF { "bindings": [ { "role": "roles/bigtable.reader", "members": [ "user:[email protected]" ] } ], "auditConfigs": [ { "auditLogConfigs": [ { "logType": "DATA_READ", "exemptedMembers": [ "user:[email protected]" ] } ], "service": "bigtable.googleapis.com" } ] } EOFReplace
<instance-id>and<table-id>with your specific instance and table IDs respectively. -
This command will set an IAM policy for the specified Bigtable table and enable audit logging for the “DATA_READ” log type.
-
Verify that audit logging is enabled for the Bigtable table by running the following command:
gcloud beta bigtable tables get-iam-policy <instance-id> <table-id> \ --format=json | jq '.auditConfigs'This command will display the audit logging configurations for the specified table.
With these steps, you have successfully remediated the misconfiguration of Bigtable Tables not having Audit Logging enabled in GCP using GCP CLI.
To remediate the misconfiguration “Bigtable Tables Should Have Audit Logging Enabled” for GCP using Python, follow the below steps:
Step 1: Import the necessary libraries and authenticate the user using the below code:
from google.cloud import bigtable
from google.oauth2 import service_account
credentials = service_account.Credentials.from_service_account_file('path/to/credentials.json')
client = bigtable.Client(project='project-id', credentials=credentials)
Step 2: List all the Bigtable instances in the project using the below code:
instances = client.list_instances()
for instance in instances:
print(instance.name)
Step 3: Select the instance for which you want to enable audit logging and list all the tables in that instance using the below code:
instance = client.instance('instance-id')
tables = instance.list_tables()
for table in tables:
print(table.name)
Step 4: Enable audit logging for all the tables in the selected instance using the below code:
instance = client.instance('instance-id')
tables = instance.list_tables()
for table in tables:
table.set_iam_policy({
'bindings': [{
'role': 'roles/bigtable.reader',
'members': ['user:[email protected]'],
}],
'auditConfigs': [{
'auditLogConfigs': [{
'logType': 'DATA_READ',
}, {
'logType': 'DATA_WRITE',
}],
'service': 'bigtable.googleapis.com',
}],
})
Note: Replace ‘instance-id’ with the actual ID of the instance for which you want to enable audit logging and replace ‘user:[email protected]’ with the email address of the user for whom you want to enable audit logging.
Step 5: Verify that audit logging is enabled for all the tables in the selected instance using the below code:
instance = client.instance('instance-id')
tables = instance.list_tables()
for table in tables:
policy = table.get_iam_policy()
print(policy)
This will print the IAM policy for each table, which should include the auditConfigs section with the logType and service specified.
By following the above steps, you can remediate the misconfiguration “Bigtable Tables Should Have Audit Logging Enabled” for GCP using Python.