Network Route Change Log Alerts Should Be Enabled
Ensures that logging and log alerts exist for VPC network route changes.
Ensures that logging and log alerts exist for VPC network route changes.
Ensures that logging and log alerts exist for VPC network changes.
Ensures that logging and log alerts exist for firewall rule changes.
Ensures that logging and log alerts exist for SQL configuration changes. Project Ownership is the highest level of privilege on a project, any changes in SQL configurations should be heavily monitored to prevent unauthorized changes.
Ensures that logging and log alerts exist for project ownership assignments and changes. Project Ownership is the highest level of privilege on a project, any changes in project ownership should be heavily monitored to prevent unauthorized changes.
Ensures that logging and log alerts exist for audit configuration changes. Project Ownership is the highest level of privilege on a project, any changes in audit configuration should be heavily monitored to prevent unauthorized changes.
Ensures that logging and log alerts exist for storage permission changes. Storage permissions include access to the buckets that store the logs, any changes in storage permissions should be heavily monitored to prevent unauthorized changes.
Ensure that the log metric filter and alerts exist for Custom Role changes.
Ensure that Cloud Audit Logging is configured properly across all services and all users from a project.
Ensure that sinks are configured for all log entries.
Ensure that retention policies on log buckets are configured using Bucket Locks.
Ensure that Cloud SQL Data Access Logging is configured properly across all users from a project.
Ensure that Cloud SQL Admin Activity Audit Logging is configured properly across all projects.
Ensure that Cloud SQL System Event Audit Logging is configured properly across all projects.
Security monitoring and forensics cannot depend solely on IP addresses from VPC flow logs, especially when considering the dynamic IP usage of cloud resources, HTTP virtual host routing, and other technology that can obscure the DNS name used by a client from the IP address. Monitoring of Cloud DNS logs provides visibility to DNS names requested by the clients within the VPC. These logs can be monitored for anomalous domain names, evaluated against threat intelligence, and Note: For full capture of DNS, firewall must block egress UDP/53 (DNS) and TCP/443 (DNS over HTTPS) to prevent client from using external DNS name server for resolution.
The GCP resources and IAM policies captured by GCP Cloud Asset Inventory enables security analysis, resource change tracking, and compliance auditing.
Controlling access to your information is one of the foundations of information security. Google Employees do have access to your organizations' projects for support reasons. With Access Approval, organizations can then be certain that their information is accessed by only approved Google Personnel.