GCP - Firewall Remediation
This Playbook is part of the GCP Enrichment and Remediation Pack.#
Supported versions
Supported Cortex XSOAR versions: 6.5.0 and later.
This playbook adds new firewall rules with access only from private ip address range and blocks traffic that's exposed to public internet. For example, if RDP is exposed to the entire world, this playbook adds new firewall rules that only allows traffic from private ip address and blocks rest of the RDP traffic.
Dependencies#
This playbook uses the following sub-playbooks, integrations, and scripts.
Sub-playbooks#
This playbook does not use any sub-playbooks.
Integrations#
- Google Cloud Compute
Scripts#
- Set
Commands#
- gcp-compute-list-firewall
- gcp-compute-insert-firewall
- gcp-compute-add-network-tag
- gcp-compute-get-instance
Playbook Inputs#
| Name | Description | Default Value | Required |
|---|---|---|---|
| GcpInstance | The name of the GCP instance that has the public ip. | Required | |
| GcpZone | The zone of the GCP instance that is hosted in. | Required | |
| GcpNetwork | The VPC network of the GCP instance. | Required | |
| RemotePort | The remote port that is publicly exposed to. | alert.remoteport | Required |
| RemoteProtocol | The remote protocol that is publicly exposed to. | Required | |
| GcpProject | The name of the GCP project associated with the instance and related objects. | alert.asmcloud.Project | Required |
| instance_name | Google Cloud Compute integration instance to use if you have multiple instances configured (optional). | Optional |
Playbook Outputs#
There are no outputs for this playbook.
Playbook Image#
