Im new on this field and i need some help. There is no log when the rules hit by attack. can anyone help me with this? where i can find kind of log of blocking by rules when attack happened? i've been reading the documentation and still got nothing, i'm so glad if you guys can help me
If you are using Cloud Armor with a load balancer on the stackdriver logs [1] you can see if some policy was applied.
On [2] you can find a log example:
jsonPayload: {
@type: "type.googleapis.com/google.cloud.loadbalancing.type.LoadBalancerLogEntry"
enforcedSecurityPolicy: {
configuredAction: "DENY"
name: "my-policy"
outcome: "DENY"
priority: 50
}
statusDetails: "denied_by_security_policy"
}
On the log you can see the configured action ACCEPT or DENY and the policy name.