Quick Start Security for GCP Cloud Function
Thank you!
We got your information.
Coralogix Extension For GCP Cloud Function Includes:
Alerts - 10
Stay on top of GCP Cloud Function key performance metrics. Keep everyone in the know with integration with Slack, PagerDuty and more.
Function was updated
This alert gets triggered when cloud function is updated. Impact If an adversary updates a function in your GCP (Google Cloud Platform) environment, it can result in various adverse impacts, The adversary could potentially introduce a backdoor into the function, allowing them to gain unauthorized access to sensitive data. Mitigation To mitigate the risks of an adversary updating a function in your GCP environment, it is important to implement access control measures to limit the permissions of the function to the minimum necessary for its intended purpose. MITRE Tactic: TA0005 MITRE Technique: T1564
IAM policy was configured
This alert gets triggered when an IAM policy is configured. Impact If an adversary configures a malicious IAM (Identity and Access Management) policy in your GCP (Google Cloud Platform) environment, it can result in various adverse impacts, The malicious IAM policy could be used to grant unauthorized access to resources, allowing the adversary to view or modify sensitive data. Mitigation To mitigate the risks of a malicious IAM policy, it is important to implement access control measures to limit the permissions of the IAM policy to the minimum necessary for its intended purpose. Regularly review and audit your IAM policies to ensure that they are up-to-date and aligned with your organization's security policies and best practices. MITRE Tactic: TA0003 MITRE Technique: T1098
Functions were listed
This alert gets triggered when Cloud functions are listed. Impact Enumeration of targets: The adversary could potentially identify vulnerable or high-value targets within your GCP environment, which could be further exploited. Privilege escalation: The adversary could potentially discover privileged functions and attempt to escalate their privileges to gain access to more resources and data than intended. Mitigation Implement access control measures to limit the permissions of the functions to the minimum necessary for their intended purpose. Remove any unused functions to reduce the potential attack surface of your GCP environment. MITRE Tactic: TA0043 MITRE Technique: T1593
Get IAM policy was executed
This alert gets triggered when get IAM policy is executed. Impact The malicious "get IAM policy" command could be designed to grant unauthorized access to a resource by modifying its policy. Mitigation Follow the principle of least privilege by ensuring that users and services only have access to the resources and actions they need to perform their functions, reducing the potential impact of a successful attack. MITRE Tactic: TA0004 MITRE Technique: T1078
Get Function was executed
This alert gets triggered when Get function is executed. Impact The malicious "get" function could be designed to steal sensitive data, such as personal information or financial data. The malicious "get" function could be designed to abuse resources, such as launching DDoS attacks or mining cryptocurrency. Mitigation Perform a code review of all Get functions before they are executed, to ensure that they do not contain any malicious code or vulnerabilities that could be exploited by an adversary. MITRE Tactic: TA0004 MITRE Technique: T1078
Upload Url was generated
This alert gets triggered when Upload url is generated. Impact The malicious upload URL could be used to upload malware or other malicious software to the server, which could compromise the system. The malicious upload URL could be used to gain unauthorized access to the server, by uploading files that contain malicious code or exploiting vulnerabilities in the system. Mitigation Implement access control measures to limit the permissions of the upload URL to the minimum necessary for its intended purpose. MITRE Tactic: TA0003 MITRE Technique: T1098
Download Url was generated
This alert gets triggered when Download Url is generated. Impact If an adversary generates a malicious download URL in GCP (Google Cloud Platform), it can result in various adverse impacts. The malicious download URL could be used to trick users into downloading and executing software that could steal sensitive information, such as usernames and passwords. The malicious download URL could be used to download large amounts of data or abuse resources, such as launching DDoS attacks. Mitigation Ensure that only authorised users have access to create and manage download URLs, and use strong credentials that are not easily guessable. MITRE Tactic: TA0003 MITRE Technique: T1098
Function was deleted
This alert gets triggered when cloud function is deleted. Impact The deletion of a critical Cloud Function can cause service downtime, resulting in disruption of operations, loss of revenue, and impact on customer experience. Mitigation Regularly backup your Cloud Function and associated data and implement recovery procedures to quickly restore your system in the event of a deletion. MITRE Tactic: TA0005 MITRE Technique: T1578
Function was created
This alert gets triggered when cloud function is created. Impact If an adversary creates a malicious Google Cloud Function in GCP (Google Cloud Platform), The malicious function could be designed to steal sensitive data, such as personal information or financial data. Mitigation Implement access control measures to limit the permissions of the Cloud Function to the minimum necessary for its intended purpose. This reduces the potential impact of a malicious Cloud Function. MITRE Tactic: TA0003 MITRE Technique: T1098
Function was called
This alert gets triggered when cloud function is called. Impact If an adversary gains control of a Google Cloud Function in GCP (Google Cloud Platform), they can potentially execute arbitrary code and perform various malicious activities, depending on the function's permissions and access to resources. Mitigation For mitigation, it is important to follow security best practices, such as applying the principle of least privilege to your Cloud Functions and regularly reviewing your access controls and permissions. It is also crucial to monitor your Cloud Functions for any suspicious activities or anomalous behaviour. MITRE Tactic: TA0004 MITRE Technique: T1078
Integration
Learn more about Coralogix's out-of-the-box integration with GCP Cloud Function in our documentation.