admin/nuclei-templates
1
0
Fork 0
mirror of https://github.com/projectdiscovery/nuclei-templates.git synced 2026-02-14 14:43:29 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
e2e9901bf9ec94de03e5ed7490847aac0ccbc598
nuclei-templates/cloud/gcp/vpc/gcloud-firewall-rule-logging-not-enabled.yaml
Prince Chaddha ea7a5969c8 Revert "chore: update TemplateMan 🤖" 
This reverts commit c31d574176.
2025-05-27 10:39:47 +08:00

74 lines
2.3 KiB
YAML
Raw Blame History

id: gcloud-firewall-rule-logging-not-enabled
info:
name: Enable Logging for VPC Firewall Rules
author: princechaddha
severity: medium
description: |
Enable Virtual Private Cloud (VPC) firewall rule logging for each firewall rule whose connections you need to log. Firewall rule logging provides valuable insights into the source and destination of traffic, protocols, ports, and actions taken by the rules.
impact: |
Without firewall rule logging, it is difficult to analyze and monitor network traffic, making it challenging to troubleshoot and ensure compliance with security policies.
remediation: |
Enable logging for your VPC firewall rules to capture connection details, including traffic source, destination, and actions taken by the rules.
reference:
- https://cloud.google.com/vpc/docs/using-firewall-rules-logging
tags: cloud,devops,gcp,gcloud,google-cloud-vpc,firewall-logging,security,gcp-cloud-config
flow: |
code(1)
for(let projectId of iterate(template.projectIds)){
set("projectId", projectId)
code(2)
for(let network of iterate(template.networks)){
set("networkName", network)
code(3)
}
}
self-contained: true
code:
- engine:
- sh
- bash
source: |
gcloud projects list --format="json(projectId)"
extractors:
- type: json
name: projectIds
internal: true
json:
- '.[].projectId'
- engine:
- sh
- bash
source: |
gcloud compute networks list --project $projectId --format="json(name)"
extractors:
- type: json
name: networks
internal: true
json:
- '.[].name'
- engine:
- sh
- bash
source: |
gcloud compute firewall-rules list --filter="network=$networkName" --sort-by="priority" --format="json(name,disabled,direction,logConfig)"
matchers:
- type: word
words:
- '"enable": false'
- '"disabled": false'
condition: and
extractors:
- type: dsl
dsl:
- '"The firewall rule " + name + " in network " + networkName + " in project " + projectId + " does not have logging enabled."'
# digest: 4b0a00483046022100d5031c3dce754710cfcafe6f799a9421188b95c712f5d77b1b35c6783f1e22ad022100f9a2fbc7b3b8384572f1e2885ea08397e6567d15ead3f3208344aa4884d56f45:922c64590222798bb761d5b6d8e72950
Reference in New Issue View Git Blame Copy Permalink