Benchmark: 10.2 Implement automated audit trails for all system components to reconstruct the events
Description
GCP customers are responsible for configuring logging parameters, when available. Customers are responsible to log and monitor their GCE, and GKE instances, systems and applications in alignment with PCI DSS requirements.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-gcp-complianceStart the Powerpipe server:
steampipe service startpowerpipe serverOpen http://localhost:9033 in your browser and select 10.2 Implement automated audit trails for all system components to reconstruct the events.
Run this benchmark in your terminal:
powerpipe benchmark run gcp_compliance.benchmark.pci_dss_v321_requirement_10_2Snapshot and share results via Turbot Pipes:
powerpipe benchmark run gcp_compliance.benchmark.pci_dss_v321_requirement_10_2 --shareBenchmarks
- 10.2.2 All actions taken by any individual with root or administrative privileges
- 10.2.7 Creation and deletion of system-level objects
Controls
- Ensure that Cloud Audit Logging is configured properly across all services and all users from a project
- Ensure compute firewall rule have logging enabled
- Ensure VPC Flow logs is enabled for every subnet in VPC Network
- GKE clusters logging should be enabled