Cloud Audit Logging Should Be Enabled
More Info:
Ensure that Cloud Audit Logging is configured properly across all services and all users from a project.Risk Level
MediumAddress
SecurityCompliance Standards
CISGCP, CBP, GDPR, NIST, HIPAA, ISO27001, SOC2, NISTCSF, PCIDSS, FedRAMPTriage and Remediation
Remediation
Using Console
Using Console
To remediate the “Cloud Audit Logging Should Be Enabled” misconfiguration for GCP using the GCP console, follow the steps below:
- Open the GCP Console and navigate to the project for which you want to enable audit logging.
- Click on the “Navigation Menu” button in the top left corner of the console and select “Logging” under the “TOOLS” section.
- In the Logging page, click on the “Log-based Metrics” tab.
- Click on the ”+ CREATE METRIC” button to create a new metric.
- In the “Create a Metric” page, enter a name for the metric (e.g., “audit-logs”), select “Admin Activity” under the “Log” dropdown menu, and select “Global” under the “Resource type” dropdown menu.
- Click on the “CREATE METRIC” button to create the metric.
- Click on the “Create Sink” button to create a new sink.
- In the “Create a Sink” page, enter a name for the sink (e.g., “audit-logs-sink”), select “BigQuery” under the “Sink Service” dropdown menu, and select the destination dataset and table where you want to store the audit logs.
- Click on the “CREATE SINK” button to create the sink.
- Click on the “View Sink” button to view the sink details.
- In the sink details page, click on the “EDIT” button to edit the sink configuration.
- In the “Edit a Sink” page, select “Include All Logs” under the “Filter” section and select the metric you created earlier under the “Log Metric” section.
- Click on the “SAVE” button to save the sink configuration.
- You have now enabled audit logging for your GCP project. The audit logs will be stored in the destination BigQuery table you specified in the sink configuration.
Using CLI
Using CLI
To remediate the misconfiguration “Cloud Audit Logging should be enabled” for GCP using GCP CLI, follow the below steps:If the value is true, then Cloud Audit Logging is enabled for your project.By following these steps, you can successfully remediate the misconfiguration “Cloud Audit Logging should be enabled” for GCP using GCP CLI.
- Open the Cloud Shell in the GCP console or install the GCP CLI on your local machine.
- Run the following command to enable Cloud Audit Logging for all services in your project:
- Replace the exempted_members field with the email addresses or domains of the users or groups that should be exempt from audit logging.
- Run the following command to verify that Cloud Audit Logging is enabled:
- Check the output for the following line:
Using Python
Using Python
To remediate the misconfiguration “Cloud Audit Logging Should Be Enabled” for GCP using Python, you can follow the below steps:This will enable audit logging for the GCP project and create a sink to collect the logs in a specified bucket. You can modify the sink name, destination URI, and filter as per your requirement.
- Import the required libraries:
- Authenticate and create a client object:
- Create a sink object for the logs to be collected:
- Check if the sink already exists:
- Enable audit logging for the project: