Logging and monitoring

No monitoring for VPC Network Firewall rule changes

Description

Monitoring for Create or Update Firewall rule events gives insight to network access changes and may reduce the time it takes to detect suspicious activity.
  • Recommended Mitigation

    In the User-defined Metrics section, ensure that at least one metric is present with filter text: resource.type=""gce_firewall_rule"" AND jsonPayload.event_subtype=""compute.firewalls.patch"" OR jsonPayload.event_subtype=""compute.firewalls.insert""