Policy: GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.05 - Ensure That the Log Metric Filter and Alerts Exist for Audit Configuration Changes

Configures auditing against a CIS Benchmark item.

Level: 1

Google Cloud Platform (GCP) services write audit log entries to the Admin Activity and Data Access logs to help answer the questions of, "who did what, where, and when?" within GCP projects.

Cloud audit logging records information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by GCP services. Cloud audit logging provides a history of GCP API calls for an account, including API calls made via the console, SDKs, command-line tools, and other GCP services.

Resource Types

This policy targets the following resource types:

GCP > Project

Primary Policy

This policy is used with the following primary policy:

GCP > CIS v2.0 > 2 - Logging and Monitoring

Controls

Policy Specification

Schema Type	`string`
Default	`Per GCP > CIS v2.0 > 2 - Logging and Monitoring`
Valid Values [YAML]	`Per GCP > CIS v2.0 > 2 - Logging and Monitoring` `Skip` `Check: Benchmark`

In Your Workspace

Policy Settings by Type report

Developers

Category URI

tmod:@turbot/cis#/control/categories/v070603

Policy Type URI

tmod:@turbot/gcp-cisv2-0#/policy/types/r0205

GraphQL

query policyType(id: "tmod:@turbot/gcp-cisv2-0#/policy/types/r0205") { … }

query policySettings(filter: "policyTypeId:'tmod:@turbot/gcp-cisv2-0#/policy/types/r0205'") { … }

query policyValues(filter: "policyTypeId:'tmod:@turbot/gcp-cisv2-0#/policy/types/r0205'") { … }

CLI

Get Policy Type

turbot graphql policy-type --id "tmod:@turbot/gcp-cisv2-0#/policy/types/r0205"

Get Policy Settings

turbot graphql policy-settings --filter "policyTypeId:tmod:@turbot/gcp-cisv2-0#/policy/types/r0205"