Comments (1)
abaio-westhill
commented on June 21, 2024
1
Adding the following GCP Services/Components to the Auditors
Firebase: do not use default firebase service account
AlloyDB: do not use default alloy service account, ensure continuous backup & recovery is enabled, ensured automated backups are enabled
BigQuery: do not use default bq service account, use policy tags for column level access
BigTable: do not use default service account
Cloud Spanner: do not use default service account
Cloud Functions: do not use default service account, good to require auth depending on use case, require HTTPS, depending on use case only allow internal traffic so traffic is routed through VPC, place in a VPC network so egress traffic is routed through VPC, enable HTTP/2 and session affinity, enforce binary authorization for deployment
Cloud Run - do not use default service account, best to force internal access so traffic has to flow through VPC depening on use case, require authentication depending on use case
GKE (GKE Autopilot will enable a lot of these by default): Binary Auth, CPANs, NetPol, no use GKE default svc acct, PSP controller, Shield GKE, Release Channel K8s, Secure Boot, GCE legacy metadata api disabled, Legacy Auth disabled, IntegMon enabled
GCS: enable bucket logging, depending on use case do not allow public access, enable versioning, enable retention policy, do not use default service account
IAM Service Accounts: should be rotated on some recurring schedule, do not use primitive roles
from electriceye.
Related Issues (20)
- Finish Servicenow SSPM
- [PFR] New Output & Shodan business logic HOT 1
- [PFR] Asset Management
- Add Oracle Cloud Infrastructure Auditors
- External Attack Surface Management Reverse DNS redux
- New AWS Auditors!
- Rewrite regional service availability check
- ElectricEye Plugin title & asset management cleanup
- Documentation Cleanup
- Docker revamp and TOML reference CLI
- Fix multi-outputs, add new outputs
- The Great Big Remapping (and The Great Big New-Mapping)
- DevOps Toolchains
- Add Vulnerability Intelligence functionality to ElectricEye
- Version 1 M365 Auditors
- [PFR] Future Controls Mapping HOT 3
- [PFR] Add Salesforce to ElectricEye SSPM catalog
- Opensearch Audit Boto Parameter Validation Issue HOT 1
- [PFR] Google Workspaces and Google Cloud HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from electriceye.