Documentation ¶
Overview ¶
Package exec is the entry point for security automation Cloud Functions.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func RevokeExternalGrantsFolders ¶
RevokeExternalGrantsFolders is the entry point for IAM revoker Cloud Function.
This Cloud Function will be triggered when Event Threat Detection detects an anomalous IAM grant. Once triggered this function will attempt to revoke the external members added to the policy if they match the provided list of disallowed domains. Additionally this method will only remove members if the project they were added to is within the specified folders. This configuration allows you to take a remediation action only on specific members and folders. For example, you may have a folder "development" where users can experiment without strict policies. However in your "production" folder you may want to revoke any grants that ETD finds as long as they match the domains you specify.
Permissions required ¶
By default the service account used can only revoke projects that are found within the folder ID specified within `action-revoke-member-folders.tf`.
func SnapshotDisk ¶
SnapshotDisk is the entry point for the auto creation of GCE snapshots Cloud Function.
This Cloud Function will respond to Event Threat Detection **bad IP** findings. Once a bad IP finding is received this Cloud Function will look for any existing disk snapshots for the affected instance. If there are recent snapshots then no action is taken. If we have not taken a snapshot recently, take a new snapshot for each disk within the instance.
Permissions required ¶
By default the service account can only be used to create snapshots for the projects specified in `action-snaphot-disk.tf`
TODO: Support assigning roles at the folder and organization level.
Types ¶
This section is empty.
Directories ¶
Path | Synopsis |
---|---|
Package clients holds client libraries used by security automation Cloud Functions.
|
Package clients holds client libraries used by security automation Cloud Functions. |
stubs
Package stubs provides testable stubs for clients.
|
Package stubs provides testable stubs for clients. |
Package cloudfunctions provides the implementation of automated actions.
|
Package cloudfunctions provides the implementation of automated actions. |
Package entities holds commonly used methods used in security automation.
|
Package entities holds commonly used methods used in security automation. |