SOC2 - GN-89 Provide Evidence of GCP Storage

[JenRed777]

Due: February 1, 2022 Sourcegraph uses a logging tool to log, continuously monitor, and retain account activity related to user actions throughout the production environment. Logs are stored encrypted and access to logs is restricted to those who require access to perform their job duties.

Provide a walkthrough of how to view logs. Cloud: "How can I see if a user deleted the production database" Managed Instance: "How can I see if a user deleted the production database"

[github-actions[bot]]

Heads up @daxmc99 @JenRed777 @danieldides - the "team/devops" label was applied to this issue.

[filiphaftek]

@JenRed777 should this be included in handbook?

2. How to audit logs

GCP documentation

How and where are logs stored - documented in excel.

2.1. How to search audit logs for particular event:

Note: example for CloudSQL instance connect action via GCP web console.

• go to GCP console
• choose from filter pane or type: resource.type="cloudsql_database"
• choose audit log type i.e. activity or type: log_name="projects/sourcegraph-dev/logs/cloudaudit.googleapis.com%2Factivity"
• narrow down to particular instance (if needed) i.e. resource.labels.database_id="sourcegraph-dev:sg-cloud-732a936743"
• choose particular PG action i.e. protoPayload.methodName="cloudsql.instances.connect" Note: if particular actions has to be found, please use PG audit log operation types

[filiphaftek]

@JenRed777 created document

[daxmc99]

Needs managed instance portion added

[daxmc99]

Syncing with @sourcegraph/security to see if we can couple this with their current managed instance work

[JenRed777]

Asked @ferozsalam a few questions in slack to complete the document How long are the logs stored for? What GCP bucket are they being sent to? Are they stored int he same GCP project as the sourcegrpah.com GCP audit logs?

[ferozsalam]

Hey @JenRed777 - have replied on Slack!

[JenRed777]

This one is complete