Update GCP-VPC-Flow-logs-for-the-subnet-is-set-to-Off.json

policies/GCP-VPC-Flow-logs-for-the-subnet-is-set-to-Off.json

@@ -7,7 +7,7 @@
   "name": "GCP VPC Flow logs for the subnet is set to Off",
   "description": "This policy identifies the subnets in VPC Network which have Flow logs disabled. Flow logs enable the capturing of information about the IP traffic going to and from network interfaces in VPC Subnets.  It is recommended to enable the flow logs which can be used for network monitoring, forensics, real-time security analysis.",
   "rule.criteria": "4e0039a6-ead7-4a28-8041-ef4889c312df",
-  "searchModel.query": "config from cloud.resource where cloud.type = 'gcp' AND api.name = 'gcloud-compute-networks-subnets-list' AND json.rule = purpose does not contain INTERNAL_HTTPS_LOAD_BALANCER and purpose does not contain REGIONAL_MANAGED_PROXY and (enableFlowLogs is false or enableFlowLogs does not exist)",
+  "searchModel.query": "config from cloud.resource where cloud.type = 'gcp' AND api.name = 'gcloud-compute-networks-subnets-list' AND json.rule = purpose does not contain INTERNAL_HTTPS_LOAD_BALANCER and purpose does not contain REGIONAL_MANAGED_PROXY and purpose does not contain GLOBAL_MANAGED_PROXY and (enableFlowLogs is false or enableFlowLogs does not exist)",
   "recommendation": "1. Login to GCP Portal\n2. Goto VPC Network (on Left Panel)\n3. Select the reported VPC network and then click on the alerted subnet \n4. On 'Subnet details' page, click on 'EDIT'\n5. Set 'Flow Logs' to value 'On'\n6. Click on 'SAVE'.",
   "remediable": true,
   "remediation.cliScriptTemplate": "gcloud compute networks subnets update ${resourceName} --project=${account} --region ${region} --enable-flow-logs",
@@ -50,4 +50,4 @@
     "Sarbanes Oxley Act (SOX)",
     "Secure Controls Framework (SCF) - 2022.2.1"
   ]
-}
+}