Ensure Cloud Asset Inventory Is Enabled

MEDIUM

Description

Description:

GCP Cloud Asset Inventory is services that provides a historical view of GCP resources and IAM policies through a time-series database. The information recorded includes metadata on Google Cloud resources, metadata on policies set on Google Cloud projects or resources, and runtime information gathered within a Google Cloud resource.

Rationale:

The GCP resources and IAM policies captured by GCP Cloud Asset Inventory enables security analysis, resource change tracking, and compliance auditing.

It is recommended GCP Cloud Asset Inventory be enabled for all GCP projects.

Remediation

From Google Cloud Console

Enable the Cloud Asset API:

Go to 'API & Services/Library' by visiting https://console.cloud.google.com/apis/library
Search for 'Cloud Asset API' and select the result for Cloud Asset API
Click the 'ENABLE' button.

From Google Cloud CLI

Enable the Cloud Asset API:

Enable the Cloud Asset API through the services interface:

gcloud services enable cloudasset.googleapis.com

Policy Details

Rule Reference ID: AC_GCP_0337

CSP: GCP

Remediation Available: Yes

Domain: Logging and Monitoring

Resource: google_project_service

Resource Category: Management

Resource Type: Project

Frameworks

CIS Google Cloud Platform Foundations v1.3.0 Level 1
CIS Google Cloud Platform Foundations v2.0.0 Level 1
CSCv8
NIST-800-53
NIST-800-171
NIST-CSF
GDPR
HIPAA
CSCv7

Detections

Analytics