This playbook provides response actions to GCP. The following are available for execution automatically/manually:

Dependencies

This playbook uses the following sub-playbooks, integrations, and scripts.

This playbook does not use any integrations.

Playbook Inputs

Name	Description	Default Value	Required
accessKeyRemediationType	Choose the remediation type for the user's access key. Disable - For disabling the user's access key. Delete - For deleting user's access key.	Disable	Optional
userRemediationType	Choose the remediation type for the user involved. Delete - For deleting the user. Disable - For disabling the user.	Disable	Optional
resourceRemediationType	Choose the remediation type for the instances created. Stop - For stopping the instances. Delete - For deleting the instances.	Stop	Optional
autoResourceRemediation	Whether to execute the resource remediation flow automatically.	False	Optional
autoUserRemediation	Whether to execute the user remediation flow automatically.	False	Optional
autoAccessKeyRemediation	Whether to execute the access key remediation flow automatically.	False	Optional
autoBlockIndicators	Whether to block the indicators automatically.	False	Optional
resourceName	The resource name to take action on.		Optional
resourceZone	The resource's zone.		Optional
username	The username to take action on.		Optional
accessKeyName	The access key name in the following format: projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}		Optional
sourceIP	The source IP address of the attacker.		Optional

There are no outputs for this playbook.