Our next-gen architecture is built to help you make sense of your ever-growing data. Watch a 4-min demo video!

Quick Start Security for GCP Cloud Domains

GCP Cloud Domains
GCP Cloud Domains icon

Out-of-the-Box Security For GCP Cloud Domains Includes:

Alerts - 5

Stay on top of GCP Cloud Domains key performance metrics. Keep everyone in the know with integration with Slack, PagerDuty and more.

A New SSL Policy was Deleted

This alert gets triggered when the SSL policy is deleted. SSL policies govern the process by which load balancers negotiate SSL with clients. For more precise control over SSL/TLS versions and ciphers, you can establish policies and associate them with HTTPS and SSL load balancers. Impact If such an event is triggered in a production account, it could have a critical impact on operational services, including network disruption, service downtime, and compromised security connections. Mitigation Examine the deletion tags, and if this pertains to a critical account, contact the user to obtain a business justification. Based on the justification, close the event or get a DNS policy created with the same configurations and apply the changes to the impacted services. MITRE Tactic: TA0040 MITRE Technique: T1565

A Backend Service was Deleted

This alert gets triggered when a backend service is deleted. A backend service determines the distribution of traffic in Cloud Load Balancing. The configuration of the backend service includes a set of parameters, such as the protocol for connecting to backends, diverse distribution and session settings, health checks, and timeouts. Impact If such an event occurs in a production account, it can have a significant impact on operational services, including integration issues, network disruptions, and service downtime. Mitigation Examine the service to determine if it was part of scheduled testing as indicated by the tags. If it was, consider the case closed. Otherwise, promptly reach out to the user, seek justification, and if it was an error, take immediate action to either restore from a backup or reconfigure the service. MITRE Tactic: TA0040 MITRE Technique: T1565

An Internet Facing Load Balancer was Configured

This alert gets triggered when a new internet-facing external LB is configured. An internet-facing load balancer possesses a publicly resolvable DNS name, enabling it to direct requests from clients on the internet to the EC2 instances registered with the load balancer. Impact Monitoring and reviewing the configurations of the externally facing load balancer is highly crucial. Internet-facing load balancers play a role in directing requests from clients over the Internet. In the case of an internal load balancer, its nodes are equipped with only private IP addresses. Misconfigurations can lead to disruptions in the route/traffic workflow, potentially causing redirection to an unauthorized or misconfigured domain. Mitigation Examine the load balancer settings and confirm adherence to corporate policies. If any discrepancies are identified, contact the user to rectify the configuration in accordance with the established policies and best practices. MITRE Tactic: TA0040 MITRE Technique: T1565

A New Backend Service was Configured

This alert gets triggered when a new backend service is configured. A backend service outlines the method by which Cloud Load Balancing allocates traffic. The configuration of the backend service encompasses a range of parameters, including the protocol employed for connecting to backends, diverse distribution and session settings, health checks, and timeouts. Impact A misconfiguration in the backend can lead to various operational issues, including protocol misconfiguration, failed connections, unmanaged sessions, and significant impacts on deployed services related to health status checks and timeout configuration. Mitigation Examine the configuration of the backend service, and verify compliance with corporate policies. If any misconfigurations are identified, contact the user to rectify and align with the established policy and best practices. MITRE Tactic: TA0040 MITRE Technique: T1565

A New Cloud NAT Gateway with Router was Configured

This alert gets triggered when a new cloud NAT gateway with the router connection is created. Cloud NAT (network address translation) enables specific resources within Google Cloud to establish outbound connections to the Internet or other Virtual Private Cloud (VPC) networks. Cloud NAT supports address translation exclusively for established inbound response packets and does not permit unsolicited inbound connections. Impact This denotes the outbound connection or VPC network. Therefore, it is crucial to verify the NAT settings and router configuration details; otherwise, it may result in traffic being directed towards unauthorized and insecure connections, potentially providing a gateway for attackers to infiltrate the systems. Mitigation Examine the configuration to ensure compliance with corporate policies. If any misconfigurations are identified, contact the user to rectify and align with the established policy and best practices. MITRE Tactic: TA0040 MITRE Technique: T1565

Documentation

Learn more about Coralogix's out-of-the-box integration with GCP Cloud Domains in our documentation.

Read More
Schedule Demo