Aqua CSPM

Audit Configuration Logging

Quick Info

Plugin TitleAudit Configuration Logging
CloudGOOGLE
CategoryLogging
DescriptionEnsures that logging and log alerts exist for audit configuration changes.
More InfoProject Ownership is the highest level of privilege on a project, any changes in audit configuration should be heavily monitored to prevent unauthorized changes.
GOOGLE Linkhttps://cloud.google.com/logging/docs/logs-based-metrics/
Recommended ActionEnsure that log alerts exist for audit configuration changes.

Detailed Remediation Steps

  1. Log into the Google Cloud Platform Console.
  2. Scroll down the left navigation panel and select the “Logging” option under the “STACKDRIVER."
  3. On the “Stack driver Logging” page, click on the dropdown menu below the “CREATE METRIC” and choose the “Metric type” from the menu to choose the “Audit Configuration Changes."
  4. If the “Audit Configuration changes” contains no logs information, then the selected metric don’t have logging and log alerts exist for audit configuration changes.
  5. Repeat steps number 2 - 4 to check other “Metric type” in the accounts.
  6. Navigate to the “Logging” option under the “STACKDRIVER”, click on the dropdown menu below the “CREATE METRIC” and choose the “Metric type” from the menu to choose the “Audit Configuration Changes” to create a new metric for logging and log alerts.
  7. Click on the “CREATE METRIC” at the top to create a new metric.
  8. On the “Metric editor” tab, enter the “Name” and “Description” accordingly and enter the field name under the “Label” as per the requirements and click on the “Done” button to save the “Label."
  9. Click on the “Create metric” button at the bottom to make the changes.
  10. Repeat steps number 6 - 9 to ensure that log alerts exist for audit configuration changes.