We’ll be creating a Cloud Monitoring dashboard to better understand and monitor incoming traffic and attacks evaluated by Cloud Armor.
Having key metrics, rules and past incidents all in one picture, allows us to quickly identify patterns as well as improve and respond faster to future attacks.
Few notes before we start
- You will need basic terminal & Google Cloud skills to create and operate this visibility dashboard.
- We will be using log-based metrics which means that enabling of logs is required.
- Some dashboard widgets require the project to be enrolled in the Enterprise subscription, eg. Adaptive Protection, DDoS Visibility, etc.
Dashboard Configuration
Step 1
Create three Log-based Metrics from the following json files:
- https://github.com/ddbnomads/cloudarmorDashboard/blob/main/cloud_armor_feed.json
- https://github.com/ddbnomads/cloudarmorDashboard/blob/main/ddos_attack_started.json
- https://github.com/ddbnomads/cloudarmorDashboard/blob/main/adaptive_protection.json
gcloud logging metrics create cloud_armor_feed --config-from-file=cloud_armor_feed.json
gcloud logging metrics create ddos_attack_started --config-from-file=ddos_attack_started.json
gcloud logging metrics create adaptive_protection --config-from-file=adaptive_protection.json
Log-based metrics
Step 2
Create two Alerting policies from the following json files:
- https://github.com/ddbnomads/cloudarmorDashboard/blob/main/adaptive_protection_alert.json
- https://github.com/ddbnomads/cloudarmorDashboard/blob/main/Layer_3_Layer_4_DDOS_Alert.json
gcloud alpha monitoring policies create --policy-from-file=adaptive_protection_alert.json
gcloud alpha monitoring policies create --policy-from-file=Layer_3_Layer_4_DDOS_Alert.json
Step 3
The author made this story available to Medium members only.
If you’re new to Medium, create a new account to read this story on us.
Or, continue in mobile web
Sign up with email