Logging and monitoring

VPC with Cloud DNS logging disabled

Risk Level

Informational (4)

Platform(s)
Compliance Frameworks

Description

We have found that {GcpVpc} VPC doesn't have a DNS policy with cloud logging enabled. Cloud DNS logging records the queries from the name servers within your VPC to Stackdriver. Logged queries can come from Compute Engine VMs, GKE containers, or other GCP resources provisioned within the VPC. Monitoring of Cloud DNS logs provides visibility to DNS names requested by the clients within the VPC. These logs can be monitored for anomalous domain names, evaluated against threat intelligence, etc.
  • Recommended Mitigation

    Configure DNS policy with cloud logging enabled