Skip to main content

๐Ÿ’ผ 2 Logging and Monitoring

  • Contextual name: ๐Ÿ’ผ 2 Logging and Monitoring
  • ID: /frameworks/cis-gcp-v2.0.0/02
  • Located in: ๐Ÿ’ผ CIS GCP v2.0.0

Descriptionโ€‹

This section covers recommendations addressing Logging and Monitoring on Google Cloud Platform.

Similarโ€‹

  • Internal
    • ID: dec-b-096741b1

Sub Sectionsโ€‹

SectionSub SectionsInternal RulesPoliciesFlags
๐Ÿ’ผ 2.1 Ensure That Cloud Audit Logging Is Configured Properly - Level 1 (Automated)
๐Ÿ’ผ 2.2 Ensure That Sinks Are Configured for All Log Entries - Level 1 (Automated)
๐Ÿ’ผ 2.3 Ensure That Retention Policies on Cloud Storage Buckets Used for Exporting Logs Are Configured Using Bucket Lock - Level 2 (Automated)
๐Ÿ’ผ 2.4 Ensure Log Metric Filter and Alerts Exist for Project Ownership Assignments/Changes - Level 1 (Automated)
๐Ÿ’ผ 2.5 Ensure That the Log Metric Filter and Alerts Exist for Audit Configuration Changes - Level 1 (Automated)
๐Ÿ’ผ 2.6 Ensure That the Log Metric Filter and Alerts Exist for Custom Role Changes - Level 1 (Automated)
๐Ÿ’ผ 2.7 Ensure That the Log Metric Filter and Alerts Exist for VPC Network Firewall Rule Changes - Level 2 (Automated)
๐Ÿ’ผ 2.8 Ensure That the Log Metric Filter and Alerts Exist for VPC Network Route Changes - Level 2 (Automated)
๐Ÿ’ผ 2.9 Ensure That the Log Metric Filter and Alerts Exist for VPC Network Changes - Level 2 (Automated)
๐Ÿ’ผ 2.10 Ensure That the Log Metric Filter and Alerts Exist for Cloud Storage IAM Permission Changes - Level 2 (Automated)
๐Ÿ’ผ 2.11 Ensure That the Log Metric Filter and Alerts Exist for SQL Instance Configuration Changes - Level 2 (Automated)
๐Ÿ’ผ 2.12 Ensure That Cloud DNS Logging Is Enabled for All VPC Networks - Level 1 (Automated)
๐Ÿ’ผ 2.13 Ensure Cloud Asset Inventory Is Enabled - Level 1 (Automated)
๐Ÿ’ผ 2.14 Ensure 'Access Transparency' is 'Enabled' - Level 2 (Manual)
๐Ÿ’ผ 2.15 Ensure 'Access Approval' is 'Enabled' - Level 2 (Automated)
๐Ÿ’ผ 2.16 Ensure Logging is enabled for HTTP(S) Load Balancer - Level 2 (Automated)