# GCP

The **GCP Infrastructure Monitors** section helps you monitor critical metrics and configurations across your GCP workloads to ensure high availability, system integrity, and compliance with regulatory standards.

Sprinto integrates with **Google Cloud Monitoring (Stackdriver)** to automatically detect key infrastructure metrics and misconfigurations. This allows your team to receive alerts and resolve issues before they escalate into compliance failures.

***

#### What does Sprinto monitor?

<table><thead><tr><th width="166.55859375">Service</th><th>Monitored Metric / Check</th></tr></thead><tbody><tr><td>Cloud SQL</td><td>CPU utilisation, memory usage, available storage, public access configuration</td></tr><tr><td>Compute Engine</td><td>CPU utilisation, protection from direct internet traffic</td></tr><tr><td>Firestore</td><td>Read and write frequency monitoring</td></tr></tbody></table>

***

#### Monitors and How to Resolve Them

**1. Monitor GCP Cloud SQL CPU and Memory Usage**

* Go to **GCP Console > Monitoring > Metrics Explorer**
* Select resource type: `Cloud SQL Database`
* Choose metrics:
  * `database/cpu/utilization`
  * `database/memory/utilization`
* Set alerting policies based on thresholds
* Upload metric graphs and alert rules as evidence

**2. Monitor Freeable Storage on Cloud SQL**

* Same steps as above
* Metric: `database/disk/bytes_used`
* Compare against provisioned size
* Add storage or set up alerts as needed

**3. Protect Cloud SQL from Direct Internet Access**

* Navigate to **Cloud SQL > Connections**
* Disable “Public IP”
* Ensure Private IP is used via VPC
* Upload screenshot of updated configuration

**4. Monitor GCP Compute Instance CPU Utilisation**

* Go to **Monitoring > Metrics Explorer**
* Select resource type: `gce_instance`
* Metric: `compute.googleapis.com/instance/cpu/utilization`
* Upload metric screenshot and alert configuration

**5. Protect Compute Instances from Public Access**

* Open **VPC Network > Firewall Rules**
* Identify any rules that allow `0.0.0.0/0` for SSH (port 22) or RDP (port 3389)
* Restrict access to approved IPs
* Upload updated rule configuration

**6. Monitor Firestore Read Frequency**

* Go to **Monitoring > Metrics Explorer**
* Resource: `cloud_firestore_database`
* Metric: `document/read_count`
* Set thresholds based on expected usage pattern
* Upload charts as evidence

**7. Monitor Firestore Write Frequency**

* Same as above
* Metric: `document/write_count`

***

#### Accepted Evidence

<table><thead><tr><th width="249.59375">Type</th><th>Description</th></tr></thead><tbody><tr><td>Metric Screenshot</td><td>Graph showing monitored value over time (e.g. CPU, memory, read/write)</td></tr><tr><td>Alert Policy Config</td><td>JSON or screenshot showing alert thresholds and triggers</td></tr><tr><td>Firewall / Network Screenshot</td><td>Proof of no public access configuration</td></tr></tbody></table>

***

#### Compliance Mapping

<table><thead><tr><th width="230.69921875">Control Category</th><th width="344.5546875">Frameworks Supported</th></tr></thead><tbody><tr><td>Infrastructure Monitoring</td><td>ISO 27001 A.12.4.1, SOC 2 CC7.2</td></tr><tr><td>Network Security</td><td>ISO 27001 A.13.1.1, SOC 2 CC6.6</td></tr><tr><td>Availability Management</td><td>HIPAA §164.308(a)(7), PCI DSS 11.5</td></tr></tbody></table>