{"id":23557630,"url":"https://github.com/softspring/tf-google-cloud-scan-attack-detector","last_synced_at":"2026-01-25T10:31:30.799Z","repository":{"id":269430511,"uuid":"907388836","full_name":"softspring/tf-google-cloud-scan-attack-detector","owner":"softspring","description":"Terraform recipe to implement a scanning attacks detector","archived":false,"fork":false,"pushed_at":"2024-12-27T10:19:04.000Z","size":21,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-05-16T00:41:29.081Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/softspring.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2024-12-23T13:20:34.000Z","updated_at":"2024-12-27T10:19:08.000Z","dependencies_parsed_at":"2024-12-23T14:33:12.149Z","dependency_job_id":"a5e8bfa5-9c51-46aa-a439-1f28d4468867","html_url":"https://github.com/softspring/tf-google-cloud-scan-attack-detector","commit_stats":null,"previous_names":["softspring/tf-google-cloud-scan-attack-detector"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/softspring/tf-google-cloud-scan-attack-detector","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/softspring%2Ftf-google-cloud-scan-attack-detector","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/softspring%2Ftf-google-cloud-scan-attack-detector/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/softspring%2Ftf-google-cloud-scan-attack-detector/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/softspring%2Ftf-google-cloud-scan-attack-detector/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/softspring","download_url":"https://codeload.github.com/softspring/tf-google-cloud-scan-attack-detector/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/softspring%2Ftf-google-cloud-scan-attack-detector/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28751816,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-25T10:25:12.305Z","status":"ssl_error","status_checked_at":"2026-01-25T10:25:11.933Z","response_time":113,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-12-26T15:15:04.943Z","updated_at":"2026-01-25T10:31:30.776Z","avatar_url":"https://github.com/softspring.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Scanning Attack Detector Terraform Module\n\nThis Terraform module creates a Scanning Attack detector on Google Cloud Platform (GCP). It sets up logging sinks \nand Pub/Sub topics to monitor and detect scanning attacks based on the 404 response code (Not Found).\n\n## Usage\n\n```hcl\ndata \"google_storage_bucket\" \"artifacts\" {\n  name = \"your-gcp-bucket-name-for-artifacts\"\n}\n\ndata \"google_redis_instance\" \"redis\" {\n  project = \"your-gcp-project-id\"\n  name    = \"your-redis-instance-name\"\n}\n\ndata \"google_vpc_access_connector\" \"connector\" {\n  project = \"your-gcp-project-id\"\n  name    = \"your-vpc-access-connector-name\"\n}\n\nmodule \"scanning_attack_detector\" {\n  source  = \"github.com/softspring/tf-google-cloud-scan-attack-detector\"\n  project = \"your-gcp-project-id\"\n  region  = \"europe-west1\"\n\n  temporary_artifact_bucket_name = data.google_storage_bucket.artifacts.name\n\n  not_found_request_window = 60\n  not_found_request_limit  = 10\n\n  sink_filter = \"protoPayload.status=404 OR httpRequest.status=404\"\n\n  redis_host     = data.google_redis_instance.redis.host\n  redis_port     = data.google_redis_instance.redis.port\n  redis_database = 15\n\n  redis_vpc_connector_id              = data.google_vpc_access_connector.connector.id\n  redis_vpc_connector_egress_settings = \"PRIVATE_RANGES_ONLY\"\n}\n```\n\n## Variables\n\n- `project`: (Required) The GCP project to deploy to.\n- `region`: (Optional) The GCP region to deploy to. Default is `europe-west1`.\n- `resource_prefix`: (Optional) The prefix to use for all resources. Default is `scan-attack-detector`.\n- `not_found_request_window`: (Optional) The time window to check for not found requests. Default is `60`.\n- `not_found_request_limit`: (Optional) The limit of not found requests in the time window to trigger an attack. Default is `10`.\n- `sink_filter`: (Optional) The filter to use for the sink. Default is `protoPayload.status=404 OR httpRequest.status=404`.\n- `temporary_artifact_bucket_name`: (Required) The name of the bucket to use for temporary artifacts.\n- `redis_host`: (Required) The host of the Redis instance.\n- `redis_port`: (Required) The port of the Redis instance. Default is `6379`.\n- `redis_database`: (Required) The database to use in the Redis instance. Default is `0`.\n- `redis_vpc_connector_id`: (Optional) The ID of the VPC Access Connector to use for the Redis instance. Default is `null`.\n- `redis_vpc_connector_egress_settings`: (Optional) The egress settings to use for the VPC Access Connector. Default is `null`.\n\n## Outputs\n\n- `not_found_request_window`: The time window to check for not found requests.\n- `not_found_request_limit`: The limit of not found requests in the time window to trigger an attack.\n- `sink_filter`: The filter to use for the sink.\n- `attack_detector_function`: The name of the Cloud Function created to detect attacks.\n- `attack_detected_topic`: The name of the Pub/Sub topic to publish detected attacks.\n\n## Resources Created\n\n- `google_logging_project_sink.notfound_sink`: A logging sink to capture 404 requests.\n- `google_pubsub_topic.income_notfound_request`: A Pub/Sub topic to handle incoming 404 requests.\n\n## Requirements\n\n- Your GCP project must have the `Logging Admin` role on the service account (in other case, you will see \"logging.sinks.create\" permission error).\n\n## License\n\nThis project is licensed under the MIT License.","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsoftspring%2Ftf-google-cloud-scan-attack-detector","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsoftspring%2Ftf-google-cloud-scan-attack-detector","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsoftspring%2Ftf-google-cloud-scan-attack-detector/lists"}