Benchmark: DE.CM-1
Description
The network is monitored to detect potential cybersecurity events.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-gcp-complianceStart the Powerpipe server:
steampipe service startpowerpipe serverOpen http://localhost:9033 in your browser and select DE.CM-1.
Run this benchmark in your terminal:
powerpipe benchmark run gcp_compliance.benchmark.nist_csf_v10_de_cm_1Snapshot and share results via Turbot Pipes:
powerpipe benchmark run gcp_compliance.benchmark.nist_csf_v10_de_cm_1 --shareControls
- Ensure 'log_error_verbosity' database flag for Alloy DB instance is set to 'DEFAULT' or stricter
- Ensure 'log_min_error_statement' database flag for Alloy DB instance is set to 'Error' or stricter
- Ensure that the 'Log_min_messages' Flag for a Alloy DB Instance is set at minimum to 'Warning'
- Ensure VPC Flow logs is enabled for every subnet in VPC Network
- Ensure that the 'log_connections' database flag for Cloud SQL PostgreSQL instance is set to 'on'
- Ensure that the 'log_disconnections' database flag for Cloud SQL PostgreSQL instance is set to 'on'
- Ensure 'log_error_verbosity' database flag for Cloud SQL PostgreSQL instance is set to 'DEFAULT' or stricter
- Ensure that the 'log_min_duration_statement' database flag for Cloud SQL PostgreSQL instance is set to '-1' (disabled)
- Ensure 'log_min_error_statement' database flag for Cloud SQL PostgreSQL instance is set to 'Error' or stricter
- Ensure that the 'Log_min_messages' Flag for a Cloud SQL PostgreSQL Instance is set at minimum to 'Warning'
- Ensure 'log_statement' database flag for Cloud SQL PostgreSQL instance is set appropriately