⛅️ Simple CSPM Star
SimpleCSPM is a security tool for auditing Google Cloud using Google Sheets.
Quickly find all your publicly exposed buckets, VMs, functions, and more. Create recommended Organization Policies to prevent future accidental or malicious exposure. Reduce your attack surface by discovering unused service accounts, permissions, firewall rules, and even entire projects.
This project runs a Google App Script inside of Google Sheets to daily collect useful audit data from several sources in Google Cloud Platform (GCP) for Cloud Security Posture Management.
Google Sheets is used for maximum customizability and minimum operational maintenance requirements using “serverless” Google App Scripts.
The following sources in GCP are used to collect data:
- Cloud Asset Inventory
- Search All Assets
- Search IAM Policies
- Recommenders
- Insights
- API Keys API
I’m Peter C (@itspeterc), feel free to star this repository and follow me on Twitter for more cloud security insights!
Shout out to Matthew Bryant (@IAmMandatory) and his DEF CON 29 talk on Hacking G Suite: The Power of Dark Apps Script Magic for inspiring this project.
Install
- Make a copy of this Google Sheet by clicking “File” -> “Make a Copy”
- Update your GCP project to run from setting on the “Main” sheet
- Add the following GCP IAM roles for your user on your GCP project to run from
- roles/serviceusage.serviceUsageAdmin
- Enable “Service Usage API” on your GCP Project to run from
- Add the following GCP IAM roles for your user on your GCP organization
- roles/cloudasset.viewer
- roles/recommender.iamViewer
- roles/recommender.projectUtilViewer
- roles/recommender.cloudAssetInsightsViewer
- roles/recommender.firewallViewer
- roles/serviceusage.apiKeysViewer
- roles/securitycenter.findingsViewer
- Click “Run Audit”
- Approve Google Sheets Permissions to Run
- Click “Run Audit” Again
Customize
After making your own copy of the Google Sheet, click “Extensions” -> “Apps Script” to modify the javascript App Script code also included in this repository as Code.gs.
Audit Data not yet Collected
- Cloud Security Command Center (CSCC) Findings
- VM Manager Vulnerabilities