This article leads you through the process of generating a test Google Cloud Platform (GCP) threat to ensure data flow.
Red Canary uses a similar test to the European Institute for Computer Anti-Virus Research (EICAR) with GCP Cloud Audit Logs to provide data flow validation testing.
These tasks can be performed via the gcloud cli tool or the Google Cloud Console.
Generating a Threat using the GCLOUD CLI
- Log in to GCP via the gcloud cli tool.
- To trigger a detection run the following command, and replace <YOUR_PROJECT> with a project monitored by Red Canary. The firewall rule does not need to filter network traffic on any of your assets.
gcloud compute --project=<YOUR_PROJECT> firewall-rules create red-canary-test --description=rccar-27b29a4f6dd69ce1ca944d5c961daed8db30bb439b210a560a43c83a8cace217-rccar --direction=EGRESS --priority=1000 --network=default --action=ALLOW --rules=icmp --destination-ranges=192.168.2.0/24 --target-tags=not-a-real-tag
Clean up
The test firewall rule can be deleted by running the following command replacing <YOUR_PROJECT> with the project used above.
gcloud compute --project=<YOUR_PROJECT> firewall-rules delete red-canary-test
Google Cloud Web Console
- Log in to the Google Cloud Console.
- Ensure you’ve selected a Project monitored by Red Canary.
- Navigate to Firewall Policies in Network Security.
- Click Create Firewall Rule.
- Enter the following for the firewall rule description: rccar-27b29a4f6dd69ce1ca944d5c961daed8db30bb439b210a560a43c83a8cace217-rccar
- For the remainder of the firewall rule, enter any values you are comfortable with. The firewall rule is not required to perform any real filtering in your network.
- Click Create.
Clean up
Select the newly created firewall rule and click DELETE.
Comments
0 comments
Please sign in to leave a comment.