Automatic recon and defense
"Automating security" has been a buzzphrase in the world of information security since the dawn of Cloud. It refers to a wide range of products which provide security by monitoring logs and bringing intelligence into processing. The Google Cloud APIs provide us with a plethora of options to monitor and take actions programmatically against events.
For this recipe, let us suppose that someone has compromised our programmatic access to GCP and has started launching unauthorized instances in our project. We'll need a way to identify such incidents and take defensive action against such events. We'll make some assumptions as follows:
- Regular users of the account are allowed only to create
g1-smallandn1-standardmachines - The controls on user access for the above are set using IAM, which are not covered as part of this recipe
- The authority under which the Python program will run is not compromised; that is, the authority exists on a different security plane than that...
