Skip to content
/ monitoring-alerting-4-security-events Public

Create a monitoring and alerting system for security events, such as unauthorized IAM access or policy violations.

License

GPL-3.0 license
1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

tyagraj777/monitoring-alerting-4-security-events

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
Screenshot-alert-policy-active-console.jpg
Screenshot-alert-policy-active-console.jpg
 
 
Screenshot-alert-policy-details.jpg
Screenshot-alert-policy-details.jpg
 
 
Screenshot-gcp-console-log-sink.jpg
Screenshot-gcp-console-log-sink.jpg
 
 
Screenshot-generate-sample-event.gif
Screenshot-generate-sample-event.gif
 
 
Screenshot-incident-capture.jpg
Screenshot-incident-capture.jpg
 
 
Screenshot-infracost.jpg
Screenshot-infracost.jpg
 
 
Screenshot-log-subscription-topic.jpg
Screenshot-log-subscription-topic.jpg
 
 
Screenshot-more-alert-metric.jpg
Screenshot-more-alert-metric.jpg
 
 
Screenshot-policy-update-log.jpg
Screenshot-policy-update-log.jpg
 
 
Screenshot-pubsub-subscription-console.jpg
Screenshot-pubsub-subscription-console.jpg
 
 
Screenshot-terraform-output.jpg
Screenshot-terraform-output.jpg
 
 
Screenshot-use-test-script-to-trigger-alert-for-policy-update.jpg
Screenshot-use-test-script-to-trigger-alert-for-policy-update.jpg
 
 
alert-sms-mail-from-trigger.jpg
alert-sms-mail-from-trigger.jpg
 
 
detail-alert-mail-frm-trigger.jpg
detail-alert-mail-frm-trigger.jpg
 
 
log-based-mtric-need-set-manual.jpg
log-based-mtric-need-set-manual.jpg
 
 
main.tf
main.tf
 
 
test-terraform-setup2.sh
test-terraform-setup2.sh
 
 
variables.tf
variables.tf
 
 

Repository files navigation

monitoring-alerting-4-sec-events

Create a monitoring and alerting system for security events, such as unauthorized access or policy violations.

To simulate the IAM policy change event use provided shell script "test-terraform-setup2" it will pull all variables from "terraform.tfvars"

you need to update both file prior to running terraform validate, plan, apply

Script Overview

Terraform Initialization and Application:

  1. terraform init initializes the Terraform environment, ensuring the required modules and providers are ready.

terraform apply -auto-approve applies the Terraform configuration to provision the infrastructure without user prompts.

  1. Retrieve Terraform Outputs:

Variables like PROJECT_ID, REGION, and ALERT_EMAIL are fetched using "terraform.tfvars". These are used to interact with the GCP services.

  1. Test Steps:

  • Publish a Test Message: Publishes a test message to a Pub/Sub topic to ensure it's set up correctly.

  • Simulate IAM Policy Change: Adds an IAM role binding to simulate a change that triggers logging and alerts.

  • Log Entry Simulation: Writes an error log entry to verify if logging and metrics capture the event.

  • Check Logs-Based Metric: Uses gcloud logging metrics describe to verify the custom metric based on logs.

  • Test Alert Notifications: Simulates testing of alerting policies with the specified IAM change condition.

  • Completion Message: Outputs "Test completed" when all steps are executed.

Outputs Test completed. when all steps are executed.

About

Create a monitoring and alerting system for security events, such as unauthorized IAM access or policy violations.

Resources

Readme

License

GPL-3.0 license
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages