Monitoring Google Cloud Armor Security Policies

Google Cloud Armor exports monitoring data from security policies to Stackdriver Monitoring. You can use monitoring metrics to check whether your policies are working as intended or to troubleshoot problems. For example, you can view the traffic that was blocked or allowed for each backend service. You can monitor the metrics of a single security policy (which can be applied to multiple backend services) or a single backend service.

In addition to the predefined dashboards in Stackdriver Monitoring, you can create custom dashboards, set up alert policies, and query the metrics through the Stackdriver Monitoring API.

On the Stackdriver Monitoring dashboard, Open Incidents are drive by the alerting policies you configure. Alerts appear as incidents on the dashboard when the alert is triggered. These are general functions of Stackdriver Monitoring.

There are no Stackdriver Monitoring logs for Security Command Center.

For complete information on Stackdriver Monitoring, see Stackdriver Monitoring documentation.

Viewing the monitoring dashboard

  1. Go to Monitoring in the Google Cloud Console.
    Go to Monitoring
  2. If Resources is shown in the navigation pane, then select Resources and then select Network Security Policies. Otherwise, select Dashboards and then select the dashboard named Network Security Policies.

  3. Click the name of your policy.

When you access the dashboard, you see overall metrics, such as per-policy breakdowns and metrics, on the right. When you click on a policy, you see details about the policy.

Defining alerting policies

You can create alerting policies to monitor the values of metrics and to notify you when those metrics violate a condition. The general steps for creating an alerting policy that monitors the Network Security Policy resource are listed below:

  1. In the Google Cloud Console, go to Monitoring or use the following button:
    Go to Monitoring
  2. Select Alerting and then select Create Policy.
  3. Enter a name for the alerting policy.
  4. Click Add Condition:
    1. The settings in the Target pane specify the resource and metric to be monitored. Click the text box to enable a menu and then select the resouce Network Security Policy. Next, select a metric from the metrics list.
    2. The settings in the Configuration pane of the alerting policy determine when the alert is triggered. Most fields in this pane is populated with default values. For more information on the fields in the pane, see Configuration in the alerting policy documentation.
    3. Click Save.
  5. (Optional) Click Add Notification Channel and enter your notification channel information.
  6. (Optional) Click Documentation and add any information that you want included in a notification message.
  7. Click Save.
For more information, see Alerting policies.

Defining Stackdriver custom dashboards

You can create custom Stackdriver Monitoring dashboards over Network Security Policy metrics:

  1. Go to Monitoring in the Google Cloud Console.
    Go to Monitoring
  2. Select Dashboards > Create Dashboard.
  3. Click Add Chart.
  4. Give the chart a title.
  5. Select metrics and filters. For metrics, the resource type is Network Security Policy.
  6. Click Save.

Metric reporting frequency and retention

Metrics for the Google Cloud Armor security policies are exported to Stackdriver Monitoring in 1-minute granularity batches. Monitoring data is retained for six weeks. The dashboard provides data analysis in the following default intervals:

  • 1H (one hour)
  • 6H (six hours)
  • 1D (one day)
  • 1W (one week)
  • 6W (six weeks)

Using the controls in the upper-right hand corner of the Stackdriver monitoring page, you can manually request analysis in any interval from 6W to 1 minute.

Monitoring metrics for Google Cloud Armor security policies

The following metrics are reported on the Google Cloud Armor security policies dashboard:

Metric Description
Request count The number of requests processed by a Google Cloud Armor security policy.
Preview request count The number of requests that match preview-mode rules. Preview requests are logged, but the corresponding action is not enforced.
The preview request counts are included in the above request count metric, because all requests are expected to match a configured non-preview rule or the default rule.

Filtering dimension for Google Cloud Armor security policies

Metrics are aggregated for each Google Cloud Armor security policy. You can filter aggregated metrics by the following dimensions:

Dimension Description
backend_target_name Track requests based on the backend target (service) that the traffic was destined to.
blocked Track requests based on whether they were allowed or blocked by the Google Cloud Armor security policy rules.
¿Te ha resultado útil esta página? Enviar comentarios:

Enviar comentarios sobre...

Google Cloud Armor Documentation