Prisma Cloud Remediation - GCP Kubernetes Engine Misconfiguration

This playbook remediates Prisma Cloud GCP Kubernetes Engine alerts. It calls sub-playbooks that perform the actual remediation steps.

Remediation:

  • GCP Kubernetes Engine Clusters Basic Authentication is set to Enabled
  • GCP Kubernetes Engine Clusters have HTTP load balancing disabled
  • GCP Kubernetes Engine Clusters have Legacy Authorization enabled
  • GCP Kubernetes Engine Clusters have Master authorized networks disabled
  • GCP Kubernetes Engine Clusters have Network policy disabled
  • GCP Kubernetes Engine Clusters have Stackdriver Logging disabled
  • GCP Kubernetes Engine Clusters have Stackdriver Monitoring disabled
  • GCP Kubernetes Engine Clusters have binary authorization disabled
  • GCP Kubernetes Engine Clusters web UI/Dashboard is set to Enabled
  • GCP Kubernetes cluster intra-node visibility disabled

Dependencies

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks

  • Prisma Cloud Remediation - GCP Kubernetes Engine Cluster Misconfiguration

Integrations

  • RedLock

Scripts

This playbook does not use any scripts.

Commands

  • closeInvestigation
  • redlock-dismiss-alerts

Playbook Inputs


NameDescriptionDefault ValueRequired
AutoRemediateKubernetesEngineExecute GCP Kubernetes Engine remediation automatically?noOptional
policyIdGrab the Prima Cloud policy Id.incident.labels.policyOptional

Playbook Outputs


There are no outputs for this playbook.

Playbook Image


Prisma Cloud Remediation - GCP Kubernetes Engine Misconfiguration