Our next-gen architecture is built to help you make sense of your ever-growing data. Watch a 4-min demo video!

Quick Start Security for GCP Cloud Firebase

GCP Cloud Firebase
GCP Cloud Firebase icon

Coralogix Extension For GCP Cloud Firebase Includes:

Alerts - 12

Stay on top of GCP Cloud Firebase key performance metrics. Keep everyone in the know with integration with Slack, PagerDuty and more.

SHA certificate was deleted

This alert detects the deletion of a SHA certificate. Impact If a SHA certificate used to secure a website is deleted by an adversary, users who attempt to access the site may receive a warning message or be unable to access the site at all, depending on their web browser's security settings. This could cause reputational damage to the affected organization, as well as lost revenue if the site is used for e-commerce or other business purposes. Mitigation To mitigate the risk of deleted SHA certificates, it is important to follow best practices for certificate management and security, such as regularly backing up certificates and keeping them in secure storage, and implementing access controls and monitoring to detect unauthorized access or modifications to the certificates. MITRE Tactic: TA0005 MITRE Technique: T1578

SHA certificate was created

This alert detects the creation of a SHA certificate. Impact SHA certificates are used to verify the authenticity and integrity of digital information, such as website certificates or software updates. If an adversary were to create a fraudulent SHA certificate, they could use it to impersonate a legitimate entity and potentially gain access to sensitive information or systems. Mitigation To mitigate the risk of fraudulent SHA certificates, it is important to follow best practices for certificate management and security, such as regularly checking for certificate revocations, verifying the authenticity of certificates before trusting them, and using secure encryption protocols to protect sensitive information. MITRE Tactic: TA0003 MITRE Technique: T1098

Android app configuration was fetched

This alert detects the fetching of the android apps' configuration. Impact App configuration details typically include information such as API keys, endpoints, and other sensitive information that is used to configure the app and connect to backend systems or services. If an adversary were able to obtain this information, they could potentially use it to gain unauthorized access to the backend systems or services, or to launch attacks against the app or the underlying systems. Mitigation To mitigate the risks associated with the fetching of Android app configuration details by an adversary, it is important to follow best practices for app security, such as implementing access controls and monitoring to detect unauthorized access or modifications to the app configuration, using secure encryption protocols to protect sensitive information, and regularly testing and patching vulnerabilities in the app and its underlying systems. MITRE Tactic: TA0007 MITRE Technique: T1087

Admin SDK config was fetched

This alert detects if Admin sdk config was fetched. Impact The Admin SDK config is a set of configuration settings used by the Firebase Admin SDK to authenticate and authorize administrative access to Firebase projects and associated services. This configuration contains sensitive information such as API keys, service account credentials, and other secrets that are used to authenticate and authorize administrative access to Firebase services. If an adversary were able to fetch the Admin SDK config, they could potentially use the information contained in the configuration to gain unauthorized access to Firebase services and the data stored within those services. This could lead to data breaches, identity theft, or other negative consequences. Mitigation For mitigation, Organizations should also regularly review and audit their system configurations and access controls to ensure that they are properly configured and secure. Developers should also follow best practices for application security, such as encrypting sensitive information and using secure coding practices. Additionally, it is important to limit access to the Admin SDK config to only authorized personnel who have a legitimate need to access the configuration. MITRE Tactic: TA0007 MITRE Technique: T1087

Android app was updated

This alert detects the updation of an android app. Impact If the app that was updated was a legitimate app, the update could potentially introduce new vulnerabilities or malicious code, such as spyware or malware, which could be used to gather sensitive information or perform other unauthorized activities without the user's knowledge or consent. This could potentially lead to data breaches, identity theft, or other negative consequences. Mitigation For mitigation, Organizations and developers should also follow best practices for app development and security, such as regularly testing and scanning apps for vulnerabilities and monitoring for any unusual activity or changes in app behavior. MITRE Tactic: TA0042 MITRE Technique: T1583

Android app was undeleted

This alert detects if the android app gets undeleted. Impact If the app that was undeleted was a malicious app that the organization had previously removed due to suspicious behavior, the app could potentially continue to gather sensitive information or perform other malicious activities without the user's knowledge or consent. This could potentially lead to data breaches, identity theft, or other negative consequences. Mitigation To mitigate the risks associated with the undeletion of an Android app by an adversary, it is important to follow best practices for mobile device security, such as regularly updating and patching the operating system and installed apps, using a reputable antivirus software. MITRE Tactic: TA0005 MITRE Technique: T1578

Android app was removed

This alert detects the removal of android app. Impact If the app that was removed was a part of a larger system or network, such as a mobile device management (MDM) system or a corporate network, the removal could potentially disrupt the functioning of the entire system or network, leading to lost productivity, data loss, or other negative consequences. Mitigation For mitigation, Organization should be vigilant in monitoring their accounts and systems for signs of suspicious activity and should regularly back up important data to minimize the impact of any potential data loss. MITRE Tactic: TA0003 MITRE Technique: T1078

SHA certificates were listed

This alert detects the listing of SHA certificates. Impact An adversary could use a compromised SHA certificate to impersonate a trusted website or network device, potentially tricking users into providing sensitive information or installing malware. Additionally, an adversary could potentially use the information obtained to launch targeted attacks against the affected systems or networks, such as phishing attacks or social engineering scams. Mitigation For mitigation, it is important to monitor systems and networks for signs of suspicious activity and to regularly review and revoke any compromised or suspicious SHA certificates. MITRE Tactic: TA0043 MITRE Technique: T1593

Android apps were listed

This alert detects the listing of android apps. Impact If the adversary is able to list the apps running in the background, they may be able to obtain sensitive information that is being processed by those apps, such as passwords or personal data. This could potentially lead to data breaches or other security incidents. In some cases, an adversary may use the list of installed apps as part of a larger attack, such as a malware attack that targets a specific app or app category. Mitigation To mitigate the risks associated with the listing of Android apps by an adversary, it is important to follow best practices for mobile device security, such as regularly updating and patching the operating system and installed apps, using a reputable antivirus software. MITRE Tactic: TA0043 MITRE Technique: T1593

Android app details were fetched

This alert detects the fetching of the android apps' details. Impact If an adversary were able to fetch the details of an Android app, it could potentially have several negative impacts, if the app in question contains sensitive information, such as financial or personal data, the adversary could use this information for identity theft or financial fraud. Mitigation To mitigate the risks associated with the fetching of Android app details by an adversary, it is important to follow best practices for app security, such as regular vulnerability scanning and penetration testing, encryption of sensitive data, and the use of secure authentication protocols. MITRE Tactic: TA0007 MITRE Technique: T1087

Android App was created

This alert detects the creation of an android app. Impact If an adversary created an Android app using Firebase, it could potentially have several negative impacts, depending on the capabilities and intentions of the app. If the app was designed to be malicious, it could compromise the security of the Firebase platform and the data stored within it. Mitigation To mitigate these risks, it is important to follow best practices for app development and security, such as thoroughly vetting third-party libraries and frameworks, using secure authentication and encryption protocols, and regularly testing for vulnerabilities and exploits. MITRE Tactic: TA0003 MITRE Technique: T1098

GCP Cloud Firebase- No logs from GCP Cloud Firebase

This rule detects if there are no logs in the last 12 hours for GCP Cloud Firebase in the customer account. Note- This alert should configured with relevant app & subsystem. Impact Disabling logging is a tactic that adversaries might employ as part of various MITRE ATT&CK techniques to avoid detection, cover their tracks, or impede incident response investigations. Mitigation Address logging concerns to ensure comprehensive monitoring within the Coralogix SIEM system. MITRE Tactic: TA0005 MITRE Technique:T1562

Integration

Learn more about Coralogix's out-of-the-box integration with GCP Cloud Firebase in our documentation.

Read More
Schedule Demo