You can enable the Shielded VM service on your Compute Engine VM instances to help defend against rootkits and bootkits. Shielded VM leverages advanced platform security capabilities such as Secure Boot, Virtual trusted platform module(vTPM)-enabled Measured Boot, and Integrity monitoring.
For a more detailed overview, see Key concepts for Shielded VM.
You can monitor the integrity of your Shielded VMs in some of the following ways:
You can use Cloud Monitoring to monitor the boot integrity of Shielded VM instances. Next, you can identify the cause of an integrity validation failure, and update the integrity policy baseline accordingly.
You can also use a Cloud Functions trigger to automatically act on integrity monitoring events.