Skip to main content

GCP - Firewall Remediation

This Playbook is part of the GCP Enrichment and Remediation Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.5.0 and later.

This playbook adds new firewall rules with access only from private ip address range and blocks traffic that's exposed to public internet. For example, if RDP is exposed to the entire world, this playbook adds new firewall rules that only allows traffic from private ip address and blocks rest of the RDP traffic.

Dependencies#

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks#

This playbook does not use any sub-playbooks.

Integrations#

  • Google Cloud Compute

Scripts#

This playbook does not use any scripts.

Commands#

  • gcp-compute-insert-firewall
  • gcp-compute-get-instance
  • gcp-compute-list-firewall
  • gcp-compute-add-network-tag

Playbook Inputs#


NameDescriptionDefault ValueRequired
GcpInstanceThe name of the GCP instance that has the public ip.Required
GcpZoneThe zone of the GCP instance that is hosted in.Required
GcpNetworkThe VPC network of the GCP instance.Required
RemotePortThe remote port that is publicly exposed to.alert.remoteportRequired
RemoteProtocolThe remote protocol that is publicly exposed to.Required

Playbook Outputs#


There are no outputs for this playbook.

Playbook Image#


GCP - Firewall Remediation