admin/nuclei-templates
1
0
Fork 0
mirror of https://github.com/projectdiscovery/nuclei-templates.git synced 2026-02-11 05:03:18 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
e2e9901bf9ec94de03e5ed7490847aac0ccbc598
nuclei-templates/cloud/gcp/vpc/gcloud-exclude-metadata-from-firewall-logging.yaml
Prince Chaddha ea7a5969c8 Revert "chore: update TemplateMan 🤖" 
This reverts commit c31d574176.
2025-05-27 10:39:47 +08:00

74 lines
2.3 KiB
YAML
Raw Blame History

id: gcloud-exclude-metadata-from-firewall-logging
info:
name: Exclude Metadata from Firewall Logging
author: princechaddha
severity: medium
description: |
Ensure that Virtual Private Cloud (VPC) firewall logging is not configured to include logging metadata to reduce log file size and optimize cloud storage costs. Including metadata in firewall logs can lead to unnecessary storage costs without significant benefits.
impact: |
Including metadata in firewall logging increases log file sizes, leading to higher storage costs and potential inefficiencies in log analysis.
remediation: |
Update the VPC firewall logging configuration to exclude metadata from the logs and reduce storage costs while maintaining logging efficiency.
reference:
- https://cloud.google.com/vpc/docs/using-firewall-rules-logging
tags: cloud,devops,gcp,gcloud,google-cloud-vpc,firewall-logging,security,gcp-cloud-config
flow: |
code(1)
for(let projectId of iterate(template.projectIds)){
set("projectId", projectId)
code(2)
for(let network of iterate(template.networks)){
set("networkName", network)
code(3)
}
}
self-contained: true
code:
- engine:
- sh
- bash
source: |
gcloud projects list --format="json(projectId)"
extractors:
- type: json
name: projectIds
internal: true
json:
- '.[].projectId'
- engine:
- sh
- bash
source: |
gcloud compute networks list --project $projectId --format="json(name)"
extractors:
- type: json
name: networks
internal: true
json:
- '.[].name'
- engine:
- sh
- bash
source: |
gcloud compute firewall-rules list --filter="network=$networkName" --sort-by="priority" --format="json(name,disabled,logConfig)"
matchers:
- type: word
words:
- "enable': True"
- "INCLUDE_ALL_METADATA"
condition: and
extractors:
- type: dsl
dsl:
- '"The firewall rule in network " + networkName + " in project " + projectId + " has logging metadata set to INCLUDE_ALL_METADATA."'
# digest: 4b0a00483046022100c74b93f6dba2a32c541ab110c7f36c696f2abf584d388faf57831ba0bd8d27ad02210091e2c4b608989e3d533446513f85fcbe95955ac8a51be1754136ee5834473ab6:922c64590222798bb761d5b6d8e72950
Reference in New Issue View Git Blame Copy Permalink