-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathadaptive_protection.json
41 lines (40 loc) · 1.33 KB
/
adaptive_protection.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
#gcloud logging metrics create adaptive_protection --config-from-file=adaptive_protection.json
{
"name": "adaptive_protection",
"description": "Info for adaptive protection alerts",
"filter": "resource.type=\"network_security_policy\"\n
severity=WARNING\n",
"metricDescriptor": {
"description": "Info for adaptive protection alerts",
"name": "projects/*/metricDescriptors/logging.googleapis.com/user/adaptive_protection",
"labels":[
{ "key": "timestamp" },
{ "key": "rule_expression"},
{ "key": "attackSize"},
{"key": "ruleStatus"},
{"key": "backendService"},
{
"key": "autodeploy",
"valueType": "BOOL"
},
{"key": "confidence"},
{"key": "attackSignatures"},
{"key": "alert_id"}
],
"metricKind": "DELTA",
"type": "logging.googleapis.com/user/adaptive_protection",
"unit": "1",
"valueType": "INT64"
},
"labelExtractors": {
"alert_id": "EXTRACT(jsonPayload.alertId)",
"attackSignatures": "EXTRACT(jsonPayload.headerSignatures)",
"attackSize": "EXTRACT(jsonPayload.attackSize)",
"autodeploy": "EXTRACT(jsonPayload.autoDeploy)",
"backendService": "EXTRACT(jsonPayload.backendService)",
"confidence": "EXTRACT(jsonPayload.confidence)",
"ruleStatus": "EXTRACT(jsonPayload.ruleStatus)",
"rule_expression": "EXTRACT(jsonPayload.suggestedRule.0.expression)",
"timestamp": "EXTRACT(timestamp)"
},
}