Search for Alerting Rule: GCP Tokens
Use the search tokens below that we provide during rule creation wizard.
Use a text value ##### to find GCP connectors based on the unique project ID associated with the connector at the time of creation.
Show connectors with this projectId
projectId: my-project-1513669048551
Select the region code from the drop-down menu. The drop-down menu options contains region code. For example, the region code for Singapore is asia-southeast1. For the complete mapping of region code to region, view GCP Region Mapping.
Example
Find resources in the asia-southeast1 (Singapore) region
region: asia-southeast1
Select the type of service.type code from the drop-down menu. For example, the service code for Compute Engine is COMPUTE_ENGINE. For the complete mapping of service type code to service type GCP Service Type Mapping.
Example
Show service type Compute Engine
service.type: COMPUTE_ENGINE
Select the type of resource type from the drop-down menu. The drop-down menu options contains of resource type code. For example, the service code for Cloud Function is CLOUD_FUNCTION. For the complete mapping of resource type code to resource type, view GCP Resource Type Mapping.
Example
Show resources of type Cloud Function
resource.type: CLOUD_FUNCTION
Use a text value ##### to find resources by the unique ID assigned to the resource.
Example
Show resources with ID acl-8e5198f5
resource.id: acl-8e5198f5
Use a text value ##### to show controls based on the unique control ID associated with the control at the time of creation.
Example
Show controls with this ID
cid: 205767712438
Use values within quotes to help you find controls with a certain name.
Examples
Show findings with this name
control.name: Avoid the use of the root account
Show any findings that contain parts of name
control.name: "Avoid the use of the root account"
control.criticalitycontrol.criticality
Select the control criticality (HIGH, MEDIUM, LOW) you're interested in.
Example
Show controls with High criticality
control.criticality: HIGH
Use control result value (FAIL) to view controls with specific result.
Example
Show controls that failed
control.result: FAIL
control.criticalitycontrol.criticality
Select the control criticality (HIGH, MEDIUM, LOW) you're interested in.
Example
Show controls with High criticality
control.criticality: HIGH
Use a date range or specific date to define when the resource was evaluated on.
Examples
Show resources discovered within certain dates
evaluatedOn: [2018-01-01 ... 2018-03-01]
Show resources updated starting 2018-10-01, ending 1 month ago
evaluatedOn: [2018-01-01 ... now-1m]
Show resources updated starting 2 weeks ago, ending 1 second ago
evaluatedOn: [now-2w ... now-1s]
Show resources discovered on specific date
evaluatedOn: 2018-01-08
Use a date range or specific date to define when the resource was last evaluated on.
Examples
Show resources last evaluated within certain dates
lastEvaluated: [2018-01-01 ... 2018-03-01]
Show resources last evaluated starting 2018-10-01, ending 1 month ago
lastEvaluated: [2018-01-01 ... now-1m]
Show resources last evaluated starting 2 weeks ago, ending 1 second ago
lastEvaluated: [now-2w ... now-1s]
Show resources last evaluated on specific date
lastEvaluated: 2018-01-08
Use a date range or specific date to define when the resource was first discovered and evaluated.
Examples
Show resources first evaluated within certain dates
firstEvaluated: [2018-01-01 ... 2018-03-01]
Show resources first evaluated starting 2018-10-01, ending 1 month ago
firstEvaluated: [2018-01-01 ... now-1m]
Show resources first evaluated starting 2 weeks ago, ending 1 second ago
firstEvaluated: [now-2w ... now-1s]
Show resources first evaluated on specific date
firstEvaluated: 2018-01-08
Use values within quotes to find a CIS or AWS policy by name.
Examples
Show findings with this name
policy.name: CIS Amazon Web Services Foundations Benchmark
Show any findings that contain parts of name
policy.name: "CIS Amazon Web Services Foundations Benchmark"
|
Code |
Region Name |
|
us-west1 |
Oregon |
|
us-west2 |
Los Angeles |
|
us-west3 |
Salt Lake City |
|
us-west4 |
Las Vegas |
|
us-central1 |
Iowa |
|
us-east1 |
South Carolina |
|
us-east4 |
N. Virginia |
|
northamerica-northeast1 |
Montreal |
|
europe-west2 |
London |
|
europe-west1 |
Belgium |
|
europe-west4 |
Netherlands |
|
europe-west3 |
Frankfurt |
|
europe-west6 |
Zürich |
|
europe-north1 |
Finland |
|
asia-south1 |
Mumbai |
|
asia-southeast1 |
Singapore |
|
asia-southeast2 |
Jakarta |
|
asia-east1 |
Taiwan |
|
asia-east2 |
Hong Kong |
|
asia-northeast1 |
Tokyo |
|
asia-northeast2 |
Osaka |
|
asia-northeast3 |
Seoul |
|
australia-southeast1 |
Sydney |
|
australia-southeast1 |
Sydney |
GCP Service Type Mapping
|
Code |
Service Type |
|
COMPUTE_ENGINE |
Compute Engine |
|
APP_ENGINE |
App Engine |
|
IAM |
IAM & Admin |
|
VIRTUAL_NETWORK |
VPC Network |
|
STORAGE |
Storage |
|
SQL |
SQL |
|
KUBERNETES |
Kubernetes Engine |
|
SUBNETWORK |
Subnetwork |
|
CLOUD_FUNCTION |
Cloud Function |
|
NETWORK_SERVICES |
Network Services |
|
BIGQUERY |
BigQuery |
|
LOGGING |
Logging |
GCP Resource Type Mapping
|
Code |
Resource Type |
|
VM_INSTANCE |
VM Instances |
|
NETWORK |
Networks |
|
SUBNETWORK |
Subnetworks |
|
FIREWALL_RULES |
Firewall Rules |
|
SERVICE_ACCOUNT |
Service Account |
|
PROJECT |
Project |
|
STORAGE |
Storage |
|
SQL |
SQL |
|
K8S_NODE |
K8S Node |
|
K8S_Cluste |
K8S Cluster |
|
CLOUD_FUNCTION |
Cloud Function |
|
VPC_CONNECTOR |
VPC Connector |
|
CLOUD_DNS |
Cloud DNS |
|
POSTGRESQL |
PostgreSQL |
|
MYSQL |
MySQL |
|
SQL_SERVER |
SQL Server |
|
DATASET |
Dataset |
|
TABLE |
Table |
|
LOGS_ROUTER |
Logs Router |
|
LOGS_BASED_METRICS |
Logs Based Metrics |