Benchmark: Audit Record Reduction And Report Generation (AU-7)
Description
Support for real-time audit review, analysis, and reporting requirements without altering original audit records.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-gcp-compliance
Start the Powerpipe server:
steampipe service startpowerpipe server
Open http://localhost:9033 in your browser and select Audit Record Reduction And Report Generation (AU-7).
Run this benchmark in your terminal:
powerpipe benchmark run gcp_compliance.benchmark.nist_800_53_rev_5_au_7
Snapshot and share results via Turbot Pipes:
powerpipe benchmark run gcp_compliance.benchmark.nist_800_53_rev_5_au_7 --share
Controls
- Ensure 'log_error_verbosity' database flag for Alloy DB instance is set to 'DEFAULT' or stricter
- Ensure 'log_min_error_statement' database flag for Alloy DB instance is set to 'Error' or stricter
- Ensure that the 'Log_min_messages' Flag for a Alloy DB Instance is set at minimum to 'Warning'
- Ensure that Cloud Audit Logging is configured properly across all services and all users from a project
- Ensure that Cloud DNS logging is enabled for all VPC networks
- Ensure that the log metric filter and alerts exist for Audit Configuration changes
- Ensure that the log metric filter and alerts exist for Custom Role changes
- Ensure that the log metric filter and alerts exist for VPC Network Firewall rule changes
- Ensure that the log metric filter and alerts exist for VPC network changes
- Ensure that the log metric filter and alerts exist for VPC network route changes
- Ensure log metric filter and alerts exist for project ownership assignments/changes
- Ensure that the log metric filter and alerts exist for SQL instance configuration changes
- Ensure that the log metric filter and alerts exist for Cloud Storage IAM permission changes
- Ensure that sinks are configured for all log entries
- Ensure that the 'log_connections' database flag for Cloud SQL PostgreSQL instance is set to 'on'
- Ensure that the 'log_disconnections' database flag for Cloud SQL PostgreSQL instance is set to 'on'
- Ensure 'log_error_verbosity' database flag for Cloud SQL PostgreSQL instance is set to 'DEFAULT' or stricter
- Ensure that the 'log_min_duration_statement' database flag for Cloud SQL PostgreSQL instance is set to '-1' (disabled)
- Ensure 'log_min_error_statement' database flag for Cloud SQL PostgreSQL instance is set to 'Error' or stricter
- Ensure that the 'Log_min_messages' Flag for a Cloud SQL PostgreSQL Instance is set at minimum to 'Warning'
- Ensure 'log_statement' database flag for Cloud SQL PostgreSQL instance is set appropriately