Ensure that your project doesn't contain any unneeded persistent disks.
Risk Level: Low
Description
This plugin checks that the project does not contain any old or undesired Virtual Machine (VM) persistent disc snapshots. If the time span chosen as the threshold value is exceeded, the Virtual Machine disc snapshot is considered old.
About the Service
Google Cloud Compute Engine:
Google Cloud Compute Engine is a service that allows you to create Virtual Machines based on your preferences and run them on Google’s infrastructure. You can either use their predefined machines with certain default configurations or create your own custom Virtual Machine to meet your exact requirements. To know more, read here.
Impact
Monthly storage charges apply to virtual machine persistent disc snapshots as long as they are present in your Google Cloud Platform (GCP) projects, whether or not they are used. As a result, SentinelOne CNS strongly recommends removing any outdated virtual machine disc snapshots from your GCP projects to help reduce your Google Cloud storage charges.
Configuration Parameters
Snapshot Expiration Threshold: This parameter specifies the number of days after which the disk snapshots should be deleted. An issue is created when the snapshot creation date exceeds the provided threshold limit.
By default, the value is 180, therefore it will return a vulnerability alert 180 days after the snapshot creation.
Steps to Reproduce
Using GCP Console-
- Log In to your GCP Console.
- From the top navigation bar, select the GCP project you want to investigate.
- From the navigation panel on the left side of the console, go to Compute Engine and select Snapshots to view the list of all available snapshots in the project. You can use this link (https://console.cloud.google.com/compute/snapshots) to navigate directly if you’re already logged in.
- Check the Creation time of the snapshots and verify if it is higher than the threshold value set. If it is, then the snapshot is old and must be removed from your project.
- Repeat steps 4 and 5 for all the VM instances you want to investigate in the selected project.
- If you have multiple projects that you want to investigate, repeat steps 2-6 for each project in your GCP console.
Steps for Remediation
Follow the steps given below to delete all the old disk snapshots from your GCP project.
Using GCP Console-
- Log In to your GCP Console.
- From the top navigation bar, select the GCP project you want to investigate.
- From the navigation panel on the left side of the console, go to Compute Engine and select Snapshots to view the list of all available snapshots in the project. You can use this link (https://console.cloud.google.com/compute/snapshots) to navigate directly if you’re already logged in.
- Select all the snapshots you wish to delete and click on the delete button on the top bar. (In case you aren’t sure which snapshot needs to be deleted, follow the steps to reproduce listed above to determine which ones to select.)
- Click DELETE in the confirmation box to delete the selected snapshots.
- If you have multiple projects, repeat steps 2 to 5 for each project in your GCP console.