This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Ken1
Participant
‎2023-03-05 09:29 PM

Regarding GCP's disabled firewall rules

Hello.

My customer claims that even if he disables the Firewall rules in GCP, they are still detected by CGPM. Indeed, CGPM does not seem to change from the enabled state even if the rule is disabled.
Is this behavior correct?

 

GCP-firewall.png

CGPM Firewall.png

0 Kudos
2 Replies
Guyshteinberg
Employee
Employee
‎2023-03-09 03:18 AM

Hello,

 

The Security Group page UI wasn't modified with all GCP properties, it was done to keep the same concept as AWS and Azure.

To see the actual states you can always use the Compliance engine and the entity viewer that always have the updated information.

I will file a UI ticket to handle it or to add the entity viewer to the Security group so it will be easier to see the data.

 

Thanks,
Guy Shteinberg

Preview file
212 KB
0 Kudos
Ken1
Participant
‎2023-03-09 05:40 PM
In response to Guyshteinberg

Hi,

 

I used the entity viewer to verify that the inbound rules for the nics array have an enabled flag. However, the GCP rules do not seem to check for this flag. I think I need to add the condition "enabled = 'ture'" to the GSL, is this unnecessary?

 

Like this:

VMInstance where nics contain-any [inboundRules contain [ destinationPort<=3389 and destinationPortTo >=3389 and protocol in ('TCP','ALL') and enabled = 'true']] should not have nics contain-any [inboundRules contain [ destinationPort<=3389 and destinationPortTo >=3389 and protocol in ('TCP','ALL')] and inboundRules allowedHostsForPort(3389) > 32]

 

Thanks,

0 Kudos
UPCOMING CLOUDMATES EVENTS
    All CloudMates Events