Skip to content
This repository has been archived by the owner on Jun 25, 2024. It is now read-only.

changes to section 3 #601

Merged
merged 1 commit into from
Jun 23, 2023
Merged

changes to section 3 #601

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
49 changes: 49 additions & 0 deletions jupiterone/questions/questions.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -573,6 +573,55 @@ questions:
requirements:
- '3.7'

- id: integration-question-google-vpc-flow-logs-for-every-VPC-subnet
title: Ensure that VPC Flow Logs is Enabled for Every Subnet in a VPC Network
description: >
Flow Logs is a feature that enables users to capture information about the IP traffic going to and from network interfaces in the organization's VPC Subnets. Once a flow log is created, the user can view and retrieve its data in Stackdriver Logging. It is recommended that Flow Logs be enabled for every business-critical VPC subnet.
queries:
- name: good
query: |
find google_compute_subnetwork WITH flowLogsEnabled = true
- name: bad
query: |
find google_compute_subnetwork WITH flowLogsEnabled != true
tags:
- google-cloud
- VPC-flowlogs
- logging
compliance:
- standard: CIS Google Cloud Foundations 1.1
requirements:
- '3.8'
- standard: CIS Google Cloud Platform Foundation Benchmark 1.3
requirements:
- '3.8'
- standard: CIS Google Cloud Platform Foundation Benchmark 2.0.0
requirements:
- '3.8'

- id: integration-question-google-IAP-allow-google-IP-addresses
title: Use Identity Aware Proxy (IAP) to Ensure Only Traffic From Google IP Addresses are 'Allowed'
description: >
IAP authenticates the user requests to your apps via a Google single sign in. You can then manage these users with permissions to control access. It is recommended to use both IAP permissions and firewalls to restrict this access to your apps with sensitive information.
queries:
- name: good
query: |
find Service with displayName="Cloud Identity-Aware Proxy API" and enabled = true
- name: bad
query: |
find Service with displayName="Cloud Identity-Aware Proxy API" and enabled != true
tags:
- google-cloud
- google-IAP
- Networking
compliance:
- standard: CIS Google Cloud Platform Foundation Benchmark 1.3
requirements:
- '3.10'
- standard: CIS Google Cloud Platform Foundation Benchmark 2.0.0
requirements:
- '3.10'

- id: integration-question-google-cloud-firewall-deny-all
title: Which Google Cloud networks do not have a default Deny All egress rule for firewalls?
description: >
Expand Down