forked from ddbnomads/cloudarmorDashboard
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcloud_armor_feed.json
59 lines (58 loc) · 1.73 KB
/
cloud_armor_feed.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
#gcloud logging metrics create cloud_armor_feed --config-from-file=cloud_armor_feed.json
{
"name": "cloud_armor_feed",
"description": "Cloud Armor Feed",
"filter": "resource.type=\"http_load_balancer\"\n",
"metricDescriptor": {
"name": "projects/*/metricDescriptors/logging.googleapis.com/user/cloud_armor_feed",
"labels": [
{
"key": "user_agent",
"description": "User Agent"
},
{
"key": "URL",
"description": "request url"
},
{
"key": "referer",
"description": "referrer_value"
},
{
"key": "denied_by_cloud_armor",
"description": "Cloud Armor Action"
},
{
"key": "CloudArmorRuleTriggered",
"description": "Rule number that triggered"
},
{
"key": "deny_reason",
"description": "Policy Name"
},
{
"key": "request_method",
"description": "request method"
},
{
"key": "client_ip",
"description": "client ip address"
}
],
"metricKind": "DELTA",
"valueType": "INT64",
"unit": "1",
"description": "Cloud Armor Feed",
"type": "logging.googleapis.com/user/cloud_armor_feed"
},
"labelExtractors": {
"request_method": "EXTRACT(httpRequest.requestMethod)",
"deny_reason": "EXTRACT(jsonPayload.enforcedSecurityPolicy.name)",
"URL": "EXTRACT(httpRequest.requestUrl)",
"user_agent": "EXTRACT(httpRequest.userAgent)",
"client_ip": "EXTRACT(jsonPayload.remoteIp)",
"denied_by_cloud_armor": "EXTRACT(jsonPayload.enforcedSecurityPolicy.configuredAction)",
"CloudArmorRuleTriggered": "EXTRACT(jsonPayload.enforcedSecurityPolicy.priority)",
"referer": "EXTRACT(httpRequest.referer)"
},
}