Skip to content

Commit

Permalink
Add references to rules (gcp_audit_rules)
Browse files Browse the repository at this point in the history
  • Loading branch information
@akozlovets098
akozlovets098 committed Dec 11, 2023
1 parent cb2653b commit 2ffcc41
Show file tree
Hide file tree
Showing 3 changed files with 4 additions and 4 deletions.
4 changes: 2 additions & 2 deletions rules/gcp_audit_rules/gcp_bigquery_large_scan.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,9 +3,9 @@ Description: Detect any BigQuery query that is doing a very large scan (> 1 GB).
DisplayName: "GCP BigQuery Large Scan"
Enabled: true
Filename: gcp_bigquery_large_scan.py
Reference:
Reference: https://cloud.google.com/bigquery/docs/running-queries
Severity: Info
Tests: https://cloud.google.com/bigquery/docs/running-queries
Tests:
- ExpectedResult: false
Log:
insertid: ABCDEFGHIJKL
Expand Down
2 changes: 1 addition & 1 deletion rules/gcp_audit_rules/gcp_destructive_queries.yml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
AnalysisType: rule
Description: Detect any destructive BigQuery queries or jobs such as update, delete, drop, alter or truncate.
DisplayName: "'GCP Destructive Queries '"
DisplayName: "GCP Destructive Queries"
Enabled: true
Filename: gcp_destructive_queries.py
Reference: https://cloud.google.com/bigquery/docs/managing-tables
Expand Down
2 changes: 1 addition & 1 deletion rules/gcp_audit_rules/gcp_unused_regions.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ Severity: Medium
Description: >
Adversaries may create cloud instances in unused geographic service regions in order to evade detection.
Runbook: Validate the user making the request and the resource created.
Reference: https://attack.mitre.org/techniques/T1535/
Reference: https://cloud.google.com/docs/geography-and-regions
SummaryAttributes:
- severity
- p_any_ip_addresses
Expand Down

0 comments on commit 2ffcc41

Please sign in to comment.