Predefined posture for BigQuery, essentials

This page describes the detective policies that are included in the v1.0 version of the predefined posture for BigQuery, essentials. This posture includes a policy set that defines the Security Health Analytics detectors that apply to BigQuery workloads.

You can use this predefined posture to configure a security posture that helps protect BigQuery resources. You can deploy this predefined posture without making any changes.

Security Health Analytics detectors

The following table describes the Security Health Analytics detectors that are included in this posture.

Detector name	Description
`BIGQUERY_TABLE_CMEK_DISABLED`	This detector checks whether a BigQuery table isn't configured to use a customer-managed encryption key (CMEK). For more information, see Dataset vulnerability findings.
`PUBLIC_DATASET`	This detector checks whether a dataset is configured to be open to public access. For more information, see Dataset vulnerability findings.

View the posture template

To view the posture template for BigQuery, essentials, do the following:

gcloud

Before using any of the command data below, make the following replacements:

ORGANIZATION_ID: the numeric ID of the organization

Execute the gcloud scc posture-templates describe command:

Linux, macOS, or Cloud Shell

gcloud scc posture-templates describe \
    organizations/ORGANIZATION_ID/locations/global/postureTemplates/big_query_essential

Windows (PowerShell)

gcloud scc posture-templates describe `
    organizations/ORGANIZATION_ID/locations/global/postureTemplates/big_query_essential

Windows (cmd.exe)

gcloud scc posture-templates describe ^
    organizations/ORGANIZATION_ID/locations/global/postureTemplates/big_query_essential

The response contains the posture template.

REST

Before using any of the request data, make the following replacements:

ORGANIZATION_ID: the numeric ID of the organization

HTTP method and URL:

GET https://securityposture.googleapis.com/v1/organizations/ORGANIZATION_ID/locations/global/postureTemplates/big_query_essential

To send your request, expand one of these options:

curl (Linux, macOS, or Cloud Shell)

Note: The following command assumes that you have logged in to the gcloud CLI with your user account by running gcloud init or gcloud auth login , or by using Cloud Shell, which automatically logs you into the gcloud CLI . You can check the currently active account by running gcloud auth list.

Execute the following command:

curl -X GET \
     -H "Authorization: Bearer $(gcloud auth print-access-token)" \
     "https://securityposture.googleapis.com/v1/organizations/ORGANIZATION_ID/locations/global/postureTemplates/big_query_essential"

PowerShell (Windows)

Note: The following command assumes that you have logged in to the gcloud CLI with your user account by running gcloud init or gcloud auth login . You can check the currently active account by running gcloud auth list.

Execute the following command:

$cred = gcloud auth print-access-token
$headers = @{ "Authorization" = "Bearer $cred" }

Invoke-WebRequest `
    -Method GET `
    -Headers $headers `
    -Uri "https://securityposture.googleapis.com/v1/organizations/ORGANIZATION_ID/locations/global/postureTemplates/big_query_essential" | Select-Object -Expand Content

The response contains the posture template.

What's next

Create a security posture using this predefined posture.