Search for Alerting Rule: GCP Tokens

Use the search tokens below that we provide during rule creation wizard.

projectIdprojectId

Use a text value ##### to find GCP connectors based on the unique project ID associated with the connector at the time of creation.

Show connectors with this projectId

projectId: my-project-1513669048551

regionregion

Select the region code from the drop-down menu. The drop-down menu options contains region code. For example, the region code for Singapore is asia-southeast1. For the complete mapping of region code to region, view GCP Region Mapping.

Example

Find resources in the asia-southeast1 (Singapore) region

region: asia-southeast1

service.typeservice.type

Select the type of service.type code from the drop-down menu. For example, the service code for Compute Engine is COMPUTE_ENGINE. For the complete mapping of service type code to service type GCP Service Type Mapping.

Example

Show service type Compute Engine

service.type: COMPUTE_ENGINE

resource.typeresource.type

Select the type of resource type from the drop-down menu. The drop-down menu options contains of resource type code. For example, the service code for Cloud Function is CLOUD_FUNCTION. For the complete mapping of resource type code to resource type, view GCP Resource Type Mapping.

Example

Show resources of type Cloud Function

resource.type: CLOUD_FUNCTION

resource.idresource.id

Use a text value ##### to find resources by the unique ID assigned to the resource.

Example

Show resources with ID acl-8e5198f5

resource.id: acl-8e5198f5

cidcid

Use a text value ##### to show controls based on the unique control ID associated with the control at the time of creation.

Example

Show controls with this ID

cid: 205767712438

control.namecontrol.name

Use values within quotes to help you find controls with a certain name.

Examples

Show findings with this name

control.name: Avoid the use of the root account

Show any findings that contain parts of name

control.name: "Avoid the use of the root account"

control.criticalitycontrol.criticality

Select the control criticality (HIGH, MEDIUM, LOW) you're interested in.

Example

Show controls with High criticality

control.criticality: HIGH

control.resultcontrol.result

Use control result value (FAIL) to view controls with specific result.

Example

Show controls that failed

control.result: FAIL

control.criticalitycontrol.criticality

Select the control criticality (HIGH, MEDIUM, LOW) you're interested in.

Example

Show controls with High criticality

control.criticality: HIGH

evaluatedOnevaluatedOn

Use a date range or specific date to define when the resource was evaluated on.

Examples

Show resources discovered within certain dates

evaluatedOn: [2018-01-01 ... 2018-03-01]

Show resources updated starting 2018-10-01, ending 1 month ago

evaluatedOn: [2018-01-01 ... now-1m]

Show resources updated starting 2 weeks ago, ending 1 second ago

evaluatedOn: [now-2w ... now-1s]

Show resources discovered on specific date

evaluatedOn: 2018-01-08

lastEvaluatedlastEvaluated

Use a date range or specific date to define when the resource was last evaluated on.

Examples

Show resources last evaluated within certain dates

lastEvaluated: [2018-01-01 ... 2018-03-01]

Show resources last evaluated starting 2018-10-01, ending 1 month ago

lastEvaluated: [2018-01-01 ... now-1m]

Show resources last evaluated starting 2 weeks ago, ending 1 second ago

lastEvaluated: [now-2w ... now-1s]

Show resources last evaluated on specific date

lastEvaluated: 2018-01-08

firstEvaluatedfirstEvaluated

Use a date range or specific date to define when the resource was first discovered and evaluated.

Examples

Show resources first evaluated within certain dates

firstEvaluated: [2018-01-01 ... 2018-03-01]

Show resources first evaluated starting 2018-10-01, ending 1 month ago

firstEvaluated: [2018-01-01 ... now-1m]

Show resources first evaluated starting 2 weeks ago, ending 1 second ago

firstEvaluated: [now-2w ... now-1s]

Show resources first evaluated on specific date

firstEvaluated: 2018-01-08

policy.namepolicy.name

Use values within quotes to find a CIS or AWS policy by name.

Examples

Show findings with this name

policy.name: CIS Amazon Web Services Foundations Benchmark

Show any findings that contain parts of name

policy.name: "CIS Amazon Web Services Foundations Benchmark"

GCP Region Mapping

Code	Region Name
us-west1	Oregon
us-west2	Los Angeles
us-west3	Salt Lake City
us-west4	Las Vegas
us-central1	Iowa
us-east1	South Carolina
us-east4	N. Virginia
northamerica-northeast1	Montreal
europe-west2	London
europe-west1	Belgium
europe-west4	Netherlands
europe-west3	Frankfurt
europe-west6	Zürich
europe-north1	Finland
asia-south1	Mumbai
asia-southeast1	Singapore
asia-southeast2	Jakarta
asia-east1	Taiwan
asia-east2	Hong Kong
asia-northeast1	Tokyo
asia-northeast2	Osaka
asia-northeast3	Seoul
australia-southeast1	Sydney
australia-southeast1	Sydney

GCP Service Type Mapping

Code	Service Type
COMPUTE_ENGINE	Compute Engine
APP_ENGINE	App Engine
IAM	IAM & Admin
VIRTUAL_NETWORK	VPC Network
STORAGE	Storage
SQL	SQL
KUBERNETES	Kubernetes Engine
SUBNETWORK	Subnetwork
CLOUD_FUNCTION	Cloud Function
NETWORK_SERVICES	Network Services
BIGQUERY	BigQuery
LOGGING	Logging

GCP Resource Type Mapping

Code	Resource Type
VM_INSTANCE	VM Instances
NETWORK	Networks
SUBNETWORK	Subnetworks
FIREWALL_RULES	Firewall Rules
SERVICE_ACCOUNT	Service Account
PROJECT	Project
STORAGE	Storage
SQL	SQL
K8S_NODE	K8S Node
K8S_Cluste	K8S Cluster
CLOUD_FUNCTION	Cloud Function
VPC_CONNECTOR	VPC Connector
CLOUD_DNS	Cloud DNS
POSTGRESQL	PostgreSQL
MYSQL	MySQL
SQL_SERVER	SQL Server
DATASET	Dataset
TABLE	Table
LOGS_ROUTER	Logs Router
LOGS_BASED_METRICS	Logs Based Metrics