Gcp cis benchmark11/5/2023 Well, it was fortunate they asked as it’s a super powerful feature of Chronicle - automatic and continuous enrichment of all log data from the customers source of truth, e.g., LDAP (Azure Active Directory), an identity platform (like Okta or Cloud Identity), or an employee HRIS system (like Workday). Where they were creating these service keysĮxample of Chronicle’s Context Enriched logs showing non log value attributes How they were creating service account keys The real identity of the user who was creating the service keys ![]() With an understanding of the Detection Rule logic, drilling down from the Enterprise Insights panel the customer was able to pivot and quickly understand: Note What’s the CIS 1.4 control about ? tl dr - don’t create and download service account keys. The gcp_managed_service_account_keys.yaral rule mapped to CIS 1.4 \*\* Copyright 2021 Google LLC\*\* Licensed under the Apache License, Version 2.0 (the “License”) \* you may not use this file except in compliance with the License.\* You may obtain a copy of the License at\*\* ()\*\* Unless required by applicable law or agreed to in writing, software\* distributed under the License is distributed on an “AS IS” BASIS,\* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\* See the License for the specific language governing permissions and\* limitations under the License.\*/rule gcp\_managed\_service\_account\_keys ![]() No more having to configure and manage sinks, no additional cost for storing that data, and no latency waiting for your log data to arrive. ![]() This was an important point for the customer as it removed the overhead of their having to manage ingesting GCP logs. The customer was able to quickly take advantage of Chronicle’s native integration for consuming GCP Cloud Audit Logging (CAL) and Cloud Asset Inventory (CAI) data into their Chronicle instance in near real-time. This particular Chronicle customer was able to quickly gain value from Google Chronicle by validating CIS 1.2 Controls against their Google Cloud Platform (GCP) environment, helping to drive a consistent and methodical compliance program. The benchmarks are developed by CIS alongside communities of cybersecurity experts within industry and research institutes. CIS benchmarks provide the baseline configurations to ensure compliance with industry-agreed cybersecurity standards. These benchmarks are a set of best-practice cybersecurity standards for a range of IT systems and products. There are many organizations that leverage CIS benchmarks to standardize minimum thresholds of compliance to run their IT operations and security. We want to share stories of how our customers are driving superior security outcomes using Google Chronicle, and building scalable, consistent, and effective detection and response programs.įor our first diary entry we wanted to highlight key feature favorites this particular customer loved -ĬIS violation detection content can be added in 3 easy stepsĭetection alerts are automatically enriched to make alerts actionableĬomplete flexibility to customize detection content exists right inside the product.Ĭheck out the video version of this diary entry. ![]() We are excited to launch Google Chronicle’s Security Analyst Diaries, a blog series capturing practitioner and security analyst focused use cases.
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |