Logging and monitoring

No monitoring for Cloud Storage IAM permission changes

Risk Level

Informational (4)

Platform(s)

Description

It is recommended that a metric filter and alarm be established for Cloud Storage Bucket IAM changes. Monitoring changes to cloud storage bucket permissions may reduce the time needed to detect and correct permissions on sensitive cloud storage buckets and objects inside the bucket.
  • Recommended Mitigation

    In the User-defined Metrics section, ensure that at least one metric is present with filter text: resource.type=gcs_bucket AND protoPayload.methodName=""storage.setIamPermissions""