Bigtable Tables Should Have Audit Logging Enabled

More Info:

DATA_READ, DATA_WRITE and ADMIN_READ logs should be enabled on Cloud Bigtable tables

Risk Level

Medium

Address

Operational Maturity, Security

Compliance Standards

HITRUST

Triage and Remediation

Remediation

Using Console

Using CLI

To remediate the misconfiguration of Bigtable Tables not having Audit Logging enabled in GCP using GCP CLI, follow the below steps:

Open the Cloud Shell in your GCP console.

Run the following command to enable audit logging for Bigtable Tables:

gcloud beta bigtable tables set-iam-policy <instance-id> <table-id> \
--policy-file=- <<EOF
{
  "bindings": [
    {
      "role": "roles/bigtable.reader",
      "members": [
        "user:[email protected]"
      ]
    }
  ],
  "auditConfigs": [
    {
      "auditLogConfigs": [
        {
          "logType": "DATA_READ",
          "exemptedMembers": [
            "user:[email protected]"
          ]
        }
      ],
      "service": "bigtable.googleapis.com"
    }
  ]
}
EOF

Replace <instance-id> and <table-id> with your specific instance and table IDs respectively.

This command will set an IAM policy for the specified Bigtable table and enable audit logging for the “DATA_READ” log type.
Verify that audit logging is enabled for the Bigtable table by running the following command:
```
gcloud beta bigtable tables get-iam-policy <instance-id> <table-id> \
--format=json | jq '.auditConfigs'
```
This command will display the audit logging configurations for the specified table.

With these steps, you have successfully remediated the misconfiguration of Bigtable Tables not having Audit Logging enabled in GCP using GCP CLI.

Using Python

To remediate the misconfiguration “Bigtable Tables Should Have Audit Logging Enabled” for GCP using Python, follow the below steps:Step 1: Import the necessary libraries and authenticate the user using the below code:

from google.cloud import bigtable
from google.oauth2 import service_account

credentials = service_account.Credentials.from_service_account_file('path/to/credentials.json')
client = bigtable.Client(project='project-id', credentials=credentials)

Step 2: List all the Bigtable instances in the project using the below code:

instances = client.list_instances()
for instance in instances:
    print(instance.name)

Step 3: Select the instance for which you want to enable audit logging and list all the tables in that instance using the below code:

instance = client.instance('instance-id')
tables = instance.list_tables()
for table in tables:
    print(table.name)

Step 4: Enable audit logging for all the tables in the selected instance using the below code:

instance = client.instance('instance-id')
tables = instance.list_tables()
for table in tables:
    table.set_iam_policy({
        'bindings': [{
            'role': 'roles/bigtable.reader',
            'members': ['user:[email protected]'],
        }],
        'auditConfigs': [{
            'auditLogConfigs': [{
                'logType': 'DATA_READ',
            }, {
                'logType': 'DATA_WRITE',
            }],
            'service': 'bigtable.googleapis.com',
        }],
    })

Note: Replace ‘instance-id’ with the actual ID of the instance for which you want to enable audit logging and replace ‘user:[email protected]’ with the email address of the user for whom you want to enable audit logging.Step 5: Verify that audit logging is enabled for all the tables in the selected instance using the below code:

instance = client.instance('instance-id')
tables = instance.list_tables()
for table in tables:
    policy = table.get_iam_policy()
    print(policy)

This will print the IAM policy for each table, which should include the auditConfigs section with the logType and service specified.By following the above steps, you can remediate the misconfiguration “Bigtable Tables Should Have Audit Logging Enabled” for GCP using Python.

Additional Reading:

https://cloud.google.com/bigtable/docs/audit-logging

GCP Introduction

GCP Pricing

GCP Threats

GCP Misconfigurations

Resources

GCP Threats

Bigtable Tables Should Have Audit Logging Enabled

More Info:

Risk Level

Address

Compliance Standards

Triage and Remediation

Remediation

Additional Reading:

GCP Introduction

GCP Pricing

GCP Threats

GCP Misconfigurations

Resources

GCP Threats

​More Info:

​Risk Level

​Address

​Compliance Standards

​Triage and Remediation

​Remediation

​Additional Reading:

More Info:

Risk Level

Address

Compliance Standards

Triage and Remediation

Remediation

Additional Reading: