| Plugin Title | Storage Permissions Logging |
| Cloud | |
| Category | Logging |
| Description | Ensures that logging and log alerts exist for storage permission changes |
| More Info | Storage permissions include access to the buckets that store the logs, any changes in storage permissions should be heavily monitored to prevent unauthorized changes. |
| GOOGLE Link | https://cloud.google.com/logging/docs/logs-based-metrics/ |
| Recommended Action | Ensure that log alerts exist for storage permission changes. |
- Log into the Google Cloud Platform Console.
- Navigate to "Logbased metrics" under "Logging" (https://console.cloud.google.com/logs/metrics?walkthrough_id=panels--logging--query) and click on the "CREATE METRIC" button at the top.
- On the "Metric editor" tab, enter the "Name" as "StoragePermissionLogging". For the required filter field, enter: resource.type=gcs_bucket AND protoPayload.methodName="storage.setIamPermissions"
- Click on the "Create metric" button at the bottom to create the logging metric.
- On the "Logs-based metrics", under the "User-defined metrics" click on the 3 dots next to the newly created metric and click on the "create alert from metric."
- On the "Create alert" page, select the "rolling-window function" to 'max' and select the "Configuration" from the dropdown menu accordingly.
- Once the settings are "Saved", enter the name of the alarm.
- Click on the "Save" button at the bottom to make the chanes.