gcp.armor-policy

Cloud Armor Policy

Cloud Armor is GCP’s WAF technology providing DDOS and Layer 7 (SQLi, XSS) rules based protection for load balancers and public ip VMs.

GC resource: https://cloud.google.com/compute/docs/reference/rest/v1/securityPolicies

Filters

event

list-item

metrics

reduce

scc-findings

value

metrics

Supports metrics filters on resources.

All resources that have cloud watch metrics are supported.

Docs on cloud watch metrics

Google Supported Metrics https://cloud.google.com/monitoring/api/metrics_gcp
Custom Metrics https://cloud.google.com/monitoring/api/v3/metric-model#intro-custom-metrics

- name: firewall-hit-count
  resource: gcp.firewall
  filters:
  - type: metrics
    name: firewallinsights.googleapis.com/subnet/firewall_hit_count
    aligner: ALIGN_COUNT
    days: 14
    value: 1
    op: greater-than

Permissions - monitoring.timeSeries.list

Actions

notify

post-finding

webhook