From 270d7264a7167279e3cc1ad53beab1f2cd92b7f9 Mon Sep 17 00:00:00 2001 From: mikiodehartj1 <113941652+mikiodehartj1@users.noreply.github.com> Date: Wed, 3 May 2023 14:40:37 -0600 Subject: [PATCH] changes to section 1 --- jupiterone/questions/questions.yaml | 108 ++++++++++++++++++++++++++++ 1 file changed, 108 insertions(+) diff --git a/jupiterone/questions/questions.yaml b/jupiterone/questions/questions.yaml index 56b48c56..01c796f8 100644 --- a/jupiterone/questions/questions.yaml +++ b/jupiterone/questions/questions.yaml @@ -130,6 +130,59 @@ questions: - standard: CIS Google Cloud Foundations 1.1 requirements: - '1.1' + +- id: integration-question-google-mfa-enabled-non-service-accounts + title: Ensure that Multi-Factor Authentication is 'Enabled' for All Non-Service Accounts + description: > + Setup multi-factor authentication for Google Cloud Platform accounts. + queries: + - name: good + query: | + FIND google_user WITH mfaEnabled=true or isEnrolledIn2Sv=true + - name: bad + query: | + FIND google_user WITH mfaEnabled!=true AND isEnrolledIn2Sv!=true + tags: + - google-cloud + - service-account + - mfa + compliance: + - standard: CIS Google Cloud Foundations 1.1 + requirements: + - '1.2' + - standard: CIS Google Cloud Platform Foundation Benchmark 1.3 + requirements: + - '1.2' + - standard: CIS Google Cloud Platform Foundation Benchmark 2.0.0 + requirements: + - '1.2' + +- id: integration-question-google-ske-enabled-for-admin-accounts + title: Ensure that Security Key Enforcement is Enabled for All Admin Accounts + description: > + Setup Security Key Enforcement for Google Cloud Platform admin accounts. + queries: + - name: good + query: | + FIND google_user WITH admin = true OR isAdmin = true OR isDelegatedAdmin = true AND isEnforcedIn2Sv = true + - name: bad + query: | + FIND google_user WITH admin = true OR isAdmin = true OR isDelegatedAdmin = true AND isEnforcedIn2Sv = true + tags: + - google-cloud + - admin-account + - security-key-enforcement + compliance: + - standard: CIS Google Cloud Foundations 1.1 + requirements: + - '1.3' + - standard: CIS Google Cloud Platform Foundation Benchmark 1.3 + requirements: + - '1.3' + - standard: CIS Google Cloud Platform Foundation Benchmark 2.0.0 + requirements: + - '1.3' + - id: integration-question-google-cloud-managed-service-account-keys title: Ensure that there are only GCP-managed service account keys for each service account description: @@ -148,6 +201,7 @@ questions: - standard: CIS Google Cloud Foundations 1.1 requirements: - '1.4' + - id: integration-question-google-cloud-service-account-non-admin title: Ensure that Service Account has no Admin privileges description: @@ -197,6 +251,7 @@ questions: - standard: CIS Google Cloud Foundations 1.1 requirements: - '1.5' + - id: integration-question-google-cloud-iam-not-assigned-user-token-roles-project-level title: Ensure that IAM users are not assigned the Service Account User or Service Account Token Creator roles at project level description: > @@ -238,6 +293,7 @@ questions: - standard: CIS Google Cloud Foundations 1.1 requirements: - '1.6' + - id: integration-question-google-cloud-user-managed-external-keys-service-account-rotation-period title: Ensure user-managed/external keys for service accounts are rotated every 90 days or less description: > @@ -335,6 +391,58 @@ questions: requirements: - '1.10' +- id: integration-question-google-dataproc-cmek + title: Ensure that Dataproc Cluster is encrypted using Customer-Managed Encryption Key + description: > + When you use Dataproc, cluster and job data is stored on Persistent Disks (PDs) associated with the Compute Engine VMs in your cluster and in a Cloud Storage staging bucket. This PD and bucket data is encrypted using a Google-generated data encryption key (DEK) and key encryption key (KEK). The CMEK feature allows you to create, use, and revoke the key encryption key (KEK). Google still controls the data encryption key (DEK). + queries: + - name: good + query: | + FIND google_dataproc_cluster WITH encrypted = true AND kmsKeyName ~= "cmek" + - name: bad + query: | + FIND google_dataproc_cluster WITH encrypted != true OR kmsKeyName !~= "cmek" + tags: + - google-cloud + - customer-managed-encryption-key + - encryption + compliance: + - standard: CIS Google Cloud Foundations 1.1 + requirements: + - '1.17' + - standard: CIS Google Cloud Platform Foundation Benchmark 1.3 + requirements: + - '1.17' + - standard: CIS Google Cloud Platform Foundation Benchmark 2.0.0 + requirements: + - '1.17' + +- id: integration-question-google-secret-manager + title: Ensure Secrets are Not Stored in Cloud Functions Environment Variables by Using Secret Manager + description: > + Google Cloud Functions allow you to host serverless code that is executed when an event is triggered, without the requiring the management a host operating system. + queries: + - name: good + query: | + find google_cloud_project /* google_cloud_project THAT HAS google_secret_manager_secret */ + - name: bad + query: | + + tags: + - google-cloud + - secret-manager + - cloud-functions + compliance: + - standard: CIS Google Cloud Foundations 1.1 + requirements: + - '1.18' + - standard: CIS Google Cloud Platform Foundation Benchmark 1.3 + requirements: + - '1.18' + - standard: CIS Google Cloud Platform Foundation Benchmark 2.0.0 + requirements: + - '1.18' + - id: integration-question-google-cloud-iam-all-user-policies title: Which policies are bound to “allUsers” or “allAuthenticatedUsers”? description: >