Policy: GCP > Turbot > Event Handlers > Logging > Sink > Compiled Filter > @turbot/gcp-network

GCP logs advanced filter used to specify a subset of log entries that is forwarded to the Guardrails Event Handlers by the logging sink on behalf of GCP Network.

Resource Types

This policy targets the following resource types:

GCP > Project

Primary Policy

This policy is used with the following primary policy:

GCP > Turbot > Event Handlers > Logging > Sink > Compiled Filter

Policy Specification

Schema Type	`string`
Default	((resource.type = gce_ssl_certificate AND (protoPayload.authorizationInfo.permission = compute.sslCertificates.create OR protoPayload.authorizationInfo.permission = compute.sslCertificates.delete)) OR (resource.type = gce_target_https_proxy AND (protoPayload.authorizationInfo.permission = compute.targetHttpsProxies.create OR protoPayload.authorizationInfo.permission = compute.targetHttpProxies.delete)) OR (resource.type = gce_target_ssl_proxy AND (protoPayload.authorizationInfo.permission = compute.targetSslProxies.create OR protoPayload.authorizationInfo.permission = compute.targetSslProxies.delete OR protoPayload.authorizationInfo.permission = compute.targetSslProxies.update)) OR (resource.type = gce_packet_mirroring AND (protoPayload.authorizationInfo.permission = compute.packetMirrorings.create OR protoPayload.authorizationInfo.permission = compute.packetMirrorings.delete OR protoPayload.authorizationInfo.permission = compute.packetMirrorings.update)) OR (resource.type = gce_url_map AND (protoPayload.authorizationInfo.permission = compute.urlMaps.create OR protoPayload.authorizationInfo.permission = compute.urlMaps.delete OR protoPayload.authorizationInfo.permission = compute.urlMaps.update)) OR (resource.type = gce_target_pool AND (protoPayload.authorizationInfo.permission = compute.targetPools.create OR protoPayload.authorizationInfo.permission = compute.targetPools.delete OR protoPayload.authorizationInfo.permission = compute.targetPools.update)) OR (resource.type = gce_forwarding_rule AND (protoPayload.authorizationInfo.permission = compute.forwardingRules.create OR protoPayload.authorizationInfo.permission = compute.forwardingRules.delete OR protoPayload.authorizationInfo.permission = compute.forwardingRules.setLabels OR protoPayload.authorizationInfo.permission = compute.forwardingRules.setTarget OR protoPayload.authorizationInfo.permission = compute.globalForwardingRules.create OR protoPayload.authorizationInfo.permission = compute.globalForwardingRules.delete OR protoPayload.authorizationInfo.permission = compute.globalForwardingRules.setLabels OR protoPayload.authorizationInfo.permission = compute.globalForwardingRules.setTarget)) OR (resource.type = gce_network AND (protoPayload.authorizationInfo.permission = compute.networks.create OR protoPayload.authorizationInfo.permission = compute.networks.delete OR protoPayload.authorizationInfo.permission = compute.networks.removePeering OR protoPayload.authorizationInfo.permission = compute.networks.switchToCustomMode OR protoPayload.authorizationInfo.permission = compute.networks.update OR protoPayload.authorizationInfo.permission = compute.networks.updatePolicy)) OR (resource.type = gce_route AND (protoPayload.authorizationInfo.permission = compute.routes.create OR protoPayload.authorizationInfo.permission = compute.routes.delete)) OR (resource.type = gce_subnetwork AND (protoPayload.authorizationInfo.permission = compute.subnetworks.create OR protoPayload.authorizationInfo.permission = compute.subnetworks.delete OR protoPayload.authorizationInfo.permission = compute.subnetworks.expandIpCidrRange OR protoPayload.authorizationInfo.permission = compute.subnetworks.setIamPolicy OR protoPayload.authorizationInfo.permission = compute.subnetworks.setPrivateIpGoogleAccess OR protoPayload.authorizationInfo.permission = compute.subnetworks.update OR protoPayload.authorizationInfo.permission = compute.subnetworks.updatePolicy)) OR (resource.type = gce_reserved_address AND (protoPayload.authorizationInfo.permission = compute.addresses.create OR protoPayload.authorizationInfo.permission = compute.addresses.createInternal OR protoPayload.authorizationInfo.permission = compute.addresses.delete OR protoPayload.authorizationInfo.permission = compute.addresses.deleteInternal OR protoPayload.authorizationInfo.permission = compute.addresses.setLabels OR protoPayload.authorizationInfo.permission = compute.globalAddresses.create OR protoPayload.authorizationInfo.permission = compute.globalAddresses.createInternal OR protoPayload.authorizationInfo.permission = compute.globalAddresses.delete OR protoPayload.authorizationInfo.permission = compute.globalAddresses.deleteInternal OR protoPayload.authorizationInfo.permission = compute.globalAddresses.setLabels)) OR (resource.type = gce_backend_bucket AND (protoPayload.authorizationInfo.permission = compute.backendBuckets.create OR protoPayload.authorizationInfo.permission = compute.backendBuckets.delete OR protoPayload.authorizationInfo.permission = compute.backendBuckets.update)) OR (resource.type = gce_backend_service AND (protoPayload.authorizationInfo.permission = compute.backendServices.create OR protoPayload.authorizationInfo.permission = compute.backendServices.delete OR protoPayload.authorizationInfo.permission = compute.backendServices.update OR protoPayload.authorizationInfo.permission = compute.backendServices.setSecurityPolicy)) OR (resource.type = gce_firewall_rule AND (protoPayload.authorizationInfo.permission = compute.firewalls.create OR protoPayload.authorizationInfo.permission = compute.firewalls.delete OR protoPayload.authorizationInfo.permission = compute.firewalls.update)) OR (resource.type = gce_router AND (protoPayload.authorizationInfo.permission = compute.routers.create OR protoPayload.authorizationInfo.permission = compute.routers.delete OR protoPayload.authorizationInfo.permission = compute.routers.update)) OR (resource.type = vpn_tunnel AND (protoPayload.authorizationInfo.permission = compute.vpnTunnels.create OR protoPayload.authorizationInfo.permission = compute.vpnTunnels.delete OR protoPayload.authorizationInfo.permission = compute.vpnTunnels.setLabels)) OR (resource.type = vpn_gateway AND (protoPayload.authorizationInfo.permission = compute.targetVpnGateways.create OR protoPayload.authorizationInfo.permission = compute.targetVpnGateways.delete OR protoPayload.authorizationInfo.permission = compute.targetVpnGateways.setLabels OR protoPayload.authorizationInfo.permission = compute.targetVpnGateways.update)) AND severity>=INFO )

Schema Type

string

Default

((resource.type = gce_ssl_certificate AND (protoPayload.authorizationInfo.permission = compute.sslCertificates.create OR protoPayload.authorizationInfo.permission = compute.sslCertificates.delete)) OR (resource.type = gce_target_https_proxy AND (protoPayload.authorizationInfo.permission = compute.targetHttpsProxies.create OR protoPayload.authorizationInfo.permission = compute.targetHttpProxies.delete)) OR (resource.type = gce_target_ssl_proxy AND (protoPayload.authorizationInfo.permission = compute.targetSslProxies.create OR protoPayload.authorizationInfo.permission = compute.targetSslProxies.delete OR protoPayload.authorizationInfo.permission = compute.targetSslProxies.update)) OR (resource.type = gce_packet_mirroring AND (protoPayload.authorizationInfo.permission = compute.packetMirrorings.create OR protoPayload.authorizationInfo.permission = compute.packetMirrorings.delete OR protoPayload.authorizationInfo.permission = compute.packetMirrorings.update)) OR (resource.type = gce_url_map AND (protoPayload.authorizationInfo.permission = compute.urlMaps.create OR protoPayload.authorizationInfo.permission = compute.urlMaps.delete OR protoPayload.authorizationInfo.permission = compute.urlMaps.update)) OR (resource.type = gce_target_pool AND (protoPayload.authorizationInfo.permission = compute.targetPools.create OR protoPayload.authorizationInfo.permission = compute.targetPools.delete OR protoPayload.authorizationInfo.permission = compute.targetPools.update)) OR (resource.type = gce_forwarding_rule AND (protoPayload.authorizationInfo.permission = compute.forwardingRules.create OR protoPayload.authorizationInfo.permission = compute.forwardingRules.delete OR protoPayload.authorizationInfo.permission = compute.forwardingRules.setLabels OR protoPayload.authorizationInfo.permission = compute.forwardingRules.setTarget OR protoPayload.authorizationInfo.permission = compute.globalForwardingRules.create OR protoPayload.authorizationInfo.permission = compute.globalForwardingRules.delete OR protoPayload.authorizationInfo.permission = compute.globalForwardingRules.setLabels OR protoPayload.authorizationInfo.permission = compute.globalForwardingRules.setTarget)) OR (resource.type = gce_network AND (protoPayload.authorizationInfo.permission = compute.networks.create OR protoPayload.authorizationInfo.permission = compute.networks.delete OR protoPayload.authorizationInfo.permission = compute.networks.removePeering OR protoPayload.authorizationInfo.permission = compute.networks.switchToCustomMode OR protoPayload.authorizationInfo.permission = compute.networks.update OR protoPayload.authorizationInfo.permission = compute.networks.updatePolicy)) OR (resource.type = gce_route AND (protoPayload.authorizationInfo.permission = compute.routes.create OR protoPayload.authorizationInfo.permission = compute.routes.delete)) OR (resource.type = gce_subnetwork AND (protoPayload.authorizationInfo.permission = compute.subnetworks.create OR protoPayload.authorizationInfo.permission = compute.subnetworks.delete OR protoPayload.authorizationInfo.permission = compute.subnetworks.expandIpCidrRange OR protoPayload.authorizationInfo.permission = compute.subnetworks.setIamPolicy OR protoPayload.authorizationInfo.permission = compute.subnetworks.setPrivateIpGoogleAccess OR protoPayload.authorizationInfo.permission = compute.subnetworks.update OR protoPayload.authorizationInfo.permission = compute.subnetworks.updatePolicy)) OR (resource.type = gce_reserved_address AND (protoPayload.authorizationInfo.permission = compute.addresses.create OR protoPayload.authorizationInfo.permission = compute.addresses.createInternal OR protoPayload.authorizationInfo.permission = compute.addresses.delete OR protoPayload.authorizationInfo.permission = compute.addresses.deleteInternal OR protoPayload.authorizationInfo.permission = compute.addresses.setLabels OR protoPayload.authorizationInfo.permission = compute.globalAddresses.create OR protoPayload.authorizationInfo.permission = compute.globalAddresses.createInternal OR protoPayload.authorizationInfo.permission = compute.globalAddresses.delete OR protoPayload.authorizationInfo.permission = compute.globalAddresses.deleteInternal OR protoPayload.authorizationInfo.permission = compute.globalAddresses.setLabels)) OR (resource.type = gce_backend_bucket AND (protoPayload.authorizationInfo.permission = compute.backendBuckets.create OR protoPayload.authorizationInfo.permission = compute.backendBuckets.delete OR protoPayload.authorizationInfo.permission = compute.backendBuckets.update)) OR (resource.type = gce_backend_service AND (protoPayload.authorizationInfo.permission = compute.backendServices.create OR protoPayload.authorizationInfo.permission = compute.backendServices.delete OR protoPayload.authorizationInfo.permission = compute.backendServices.update OR protoPayload.authorizationInfo.permission = compute.backendServices.setSecurityPolicy)) OR (resource.type = gce_firewall_rule AND (protoPayload.authorizationInfo.permission = compute.firewalls.create OR protoPayload.authorizationInfo.permission = compute.firewalls.delete OR protoPayload.authorizationInfo.permission = compute.firewalls.update)) OR (resource.type = gce_router AND (protoPayload.authorizationInfo.permission = compute.routers.create OR protoPayload.authorizationInfo.permission = compute.routers.delete OR protoPayload.authorizationInfo.permission = compute.routers.update)) OR (resource.type = vpn_tunnel AND (protoPayload.authorizationInfo.permission = compute.vpnTunnels.create OR protoPayload.authorizationInfo.permission = compute.vpnTunnels.delete OR protoPayload.authorizationInfo.permission = compute.vpnTunnels.setLabels)) OR (resource.type = vpn_gateway AND (protoPayload.authorizationInfo.permission = compute.targetVpnGateways.create OR protoPayload.authorizationInfo.permission = compute.targetVpnGateways.delete OR protoPayload.authorizationInfo.permission = compute.targetVpnGateways.setLabels OR protoPayload.authorizationInfo.permission = compute.targetVpnGateways.update)) AND severity>=INFO )

In Your Workspace

Policy Settings by Type report

Developers

Category URI

tmod:@turbot/turbot#/control/categories/configured

Policy Type URI

tmod:@turbot/gcp-network#/policy/types/networkEventPatterns

GraphQL

query policyType(id: "tmod:@turbot/gcp-network#/policy/types/networkEventPatterns") { … }

query policySettings(filter: "policyTypeId:'tmod:@turbot/gcp-network#/policy/types/networkEventPatterns'") { … }

query policyValues(filter: "policyTypeId:'tmod:@turbot/gcp-network#/policy/types/networkEventPatterns'") { … }

CLI

Get Policy Type

turbot graphql policy-type --id "tmod:@turbot/gcp-network#/policy/types/networkEventPatterns"

Get Policy Settings

turbot graphql policy-settings --filter "policyTypeId:tmod:@turbot/gcp-network#/policy/types/networkEventPatterns"