Search for Alerting Rule: GCP Tokens 

Use the search tokens below that we provide during rule creation wizard.

projectId

Use a text value ##### to find GCP connectors based on the unique project ID associated with the connector at the time of creation.

Show connectors with this projectId

projectId: my-project-1513669048551

region

Select the region code from the drop-down menu. The drop-down menu options contains region code. For example, the region code for Singapore is asia-southeast1. For the complete mapping of region code to region, view GCP Region Mapping.

Example

Find resources in the asia-southeast1 (Singapore) region

region: asia-southeast1

service.type

Select the type of service.type code from the drop-down menu. For example, the service code for Compute Engine is COMPUTE_ENGINE. For the complete mapping of service type code to service type GCP Service Type Mapping.

Example

Show service type Compute Engine

service.type: COMPUTE_ENGINE

resource.type

Select the type of resource type from the drop-down menu. The drop-down menu options contains of resource type code. For example, the service code for Cloud Function is CLOUD_FUNCTION. For the complete mapping of resource type code to resource type, view GCP Resource Type Mapping.

Example

Show resources of type Cloud Function

resource.type: CLOUD_FUNCTION

resource.id

Use a text value ##### to find resources by the unique ID assigned to the resource.

Example

Show resources with ID acl-8e5198f5

resource.id: acl-8e5198f5

cid

Use a text value ##### to show controls based on the unique control ID associated with the control at the time of creation.

Example

Show controls with this ID

cid: 205767712438

control.name

Use values within quotes to help you find controls with a certain name.

Examples

Show findings with this name

control.name: Avoid the use of the root account

Show any findings that contain parts of name

control.name: "Avoid the use of the root account"

control.criticality

Select the control criticality (HIGH, MEDIUM, LOW) you're interested in.

Example

Show controls with High criticality

control.criticality: HIGH

control.result

Select the control result you're interested in: PASS or FAIL.

Examples

Show controls that passed

control.result: PASS

Show controls that failed

control.result: FAIL

control.criticality

Select the control criticality (HIGH, MEDIUM, LOW) you're interested in.

Example

Show controls with High criticality

control.criticality: HIGH

evaluatedOn

Use a date range or specific date to define when the resource was evaluated on.

Examples

Show resources discovered within certain dates

evaluatedOn: [2018-01-01 ... 2018-03-01]

Show resources updated starting 2018-10-01, ending 1 month ago

evaluatedOn: [2018-01-01 ... now-1m]

Show resources updated starting 2 weeks ago, ending 1 second ago

evaluatedOn: [now-2w ... now-1s]

Show resources discovered on specific date

evaluatedOn: 2018-01-08

lastEvaluated

Use a date range or specific date to define when the resource was last evaluated on.

Examples

Show resources last evaluated within certain dates

lastEvaluated: [2018-01-01 ... 2018-03-01]

Show resources last evaluated starting 2018-10-01, ending 1 month ago

lastEvaluated: [2018-01-01 ... now-1m]

Show resources last evaluated starting 2 weeks ago, ending 1 second ago

lastEvaluated: [now-2w ... now-1s]

Show resources last evaluated on specific date

lastEvaluated: 2018-01-08

firstEvaluated

Use a date range or specific date to define when the resource was first discovered and evaluated.

Examples

Show resources first evaluated within certain dates

firstEvaluated: [2018-01-01 ... 2018-03-01]

Show resources first evaluated starting 2018-10-01, ending 1 month ago

firstEvaluated: [2018-01-01 ... now-1m]

Show resources first evaluated starting 2 weeks ago, ending 1 second ago

firstEvaluated: [now-2w ... now-1s]

Show resources first evaluated on specific date

firstEvaluated: 2018-01-08

policy.name

Use values within quotes to find a CIS or AWS policy by name.

Examples

Show findings with this name

policy.name: CIS Amazon Web Services Foundations Benchmark

Show any findings that contain parts of name

policy.name: "CIS Amazon Web Services Foundations Benchmark"

GCP Region Mapping

Code

Region Name

us-west1

 Oregon

us-west2

 Los Angeles

us-west3

 Salt Lake City

us-west4

 Las Vegas

us-central1

 Iowa

us-east1

 South Carolina

us-east4

 N. Virginia

northamerica-northeast1

 Montreal

europe-west2

 London

europe-west1

 Belgium

europe-west4

 Netherlands

europe-west3

 Frankfurt

europe-west6

 Zürich

europe-north1

 Finland

asia-south1

 Mumbai

asia-southeast1

 Singapore

asia-southeast2

 Jakarta

asia-east1

 Taiwan

asia-east2

 Hong Kong

asia-northeast1

 Tokyo

asia-northeast2

 Osaka

asia-northeast3

 Seoul

australia-southeast1

 Sydney

australia-southeast1

 Sydney

 

 

GCP Service Type Mapping

Code

Service Type

COMPUTE_ENGINE

Compute Engine

APP_ENGINE

App Engine

IAM

IAM & Admin

VIRTUAL_NETWORK

VPC Network

STORAGE

Storage

SQL

SQL

KUBERNETES

Kubernetes Engine

SUBNETWORK

Subnetwork

CLOUD_FUNCTION

Cloud Function

NETWORK_SERVICES

Network Services

BIGQUERY

BigQuery

LOGGING

Logging

GCP Resource Type Mapping

Code

Resource Type

VM_INSTANCE

VM Instances

NETWORK

Networks

SUBNETWORK

Subnetworks

FIREWALL_RULES

Firewall Rules

SERVICE_ACCOUNT

Service Account

PROJECT

Project

STORAGE

Storage

SQL

SQL

K8S_NODE

K8S Node

K8S_Cluste

K8S Cluster

CLOUD_FUNCTION

Cloud Function

VPC_CONNECTOR

VPC Connector

CLOUD_DNS

Cloud DNS

POSTGRESQL

PostgreSQL

MYSQL

MySQL

SQL_SERVER

SQL Server

DATASET

Dataset

TABLE

Table

LOGS_ROUTER

Logs Router

LOGS_BASED_METRICS

Logs Based Metrics