Our next-gen architecture is built to help you make sense of your ever-growing data. Watch a 4-min demo video!

Quick Start Security for GCP Cloud Function

GCP Cloud Function
GCP Cloud Function icon

Coralogix Extension For GCP Cloud Function Includes:

Alerts - 11

Stay on top of GCP Cloud Function key performance metrics. Keep everyone in the know with integration with Slack, PagerDuty and more.

Function was updated

This alert gets triggered when cloud function is updated. Impact If an adversary updates a function in your GCP (Google Cloud Platform) environment, it can result in various adverse impacts, The adversary could potentially introduce a backdoor into the function, allowing them to gain unauthorized access to sensitive data. Mitigation To mitigate the risks of an adversary updating a function in your GCP environment, it is important to implement access control measures to limit the permissions of the function to the minimum necessary for its intended purpose. MITRE Tactic: TA0005 MITRE Technique: T1564

IAM policy was configured

This alert gets triggered when an IAM policy is configured. Impact If an adversary configures a malicious IAM (Identity and Access Management) policy in your GCP (Google Cloud Platform) environment, it can result in various adverse impacts, The malicious IAM policy could be used to grant unauthorized access to resources, allowing the adversary to view or modify sensitive data. Mitigation To mitigate the risks of a malicious IAM policy, it is important to implement access control measures to limit the permissions of the IAM policy to the minimum necessary for its intended purpose. Regularly review and audit your IAM policies to ensure that they are up-to-date and aligned with your organization's security policies and best practices. MITRE Tactic: TA0003 MITRE Technique: T1098

Functions were listed

This alert gets triggered when Cloud functions are listed. Impact Enumeration of targets: The adversary could potentially identify vulnerable or high-value targets within your GCP environment, which could be further exploited. Privilege escalation: The adversary could potentially discover privileged functions and attempt to escalate their privileges to gain access to more resources and data than intended. Mitigation Implement access control measures to limit the permissions of the functions to the minimum necessary for their intended purpose. Remove any unused functions to reduce the potential attack surface of your GCP environment. MITRE Tactic: TA0043 MITRE Technique: T1593

Get IAM policy was executed

This alert gets triggered when get IAM policy is executed. Impact The malicious "get IAM policy" command could be designed to grant unauthorized access to a resource by modifying its policy. Mitigation Follow the principle of least privilege by ensuring that users and services only have access to the resources and actions they need to perform their functions, reducing the potential impact of a successful attack. MITRE Tactic: TA0004 MITRE Technique: T1078

Get Function was executed

This alert gets triggered when Get function is executed. Impact The malicious "get" function could be designed to steal sensitive data, such as personal information or financial data. The malicious "get" function could be designed to abuse resources, such as launching DDoS attacks or mining cryptocurrency. Mitigation Perform a code review of all Get functions before they are executed, to ensure that they do not contain any malicious code or vulnerabilities that could be exploited by an adversary. MITRE Tactic: TA0004 MITRE Technique: T1078

Upload Url was generated

This alert gets triggered when Upload url is generated. Impact The malicious upload URL could be used to upload malware or other malicious software to the server, which could compromise the system. The malicious upload URL could be used to gain unauthorized access to the server, by uploading files that contain malicious code or exploiting vulnerabilities in the system. Mitigation Implement access control measures to limit the permissions of the upload URL to the minimum necessary for its intended purpose. MITRE Tactic: TA0003 MITRE Technique: T1098

Download Url was generated

This alert gets triggered when Download Url is generated. Impact If an adversary generates a malicious download URL in GCP (Google Cloud Platform), it can result in various adverse impacts. The malicious download URL could be used to trick users into downloading and executing software that could steal sensitive information, such as usernames and passwords. The malicious download URL could be used to download large amounts of data or abuse resources, such as launching DDoS attacks. Mitigation Ensure that only authorised users have access to create and manage download URLs, and use strong credentials that are not easily guessable. MITRE Tactic: TA0003 MITRE Technique: T1098

Function was deleted

This alert gets triggered when cloud function is deleted. Impact The deletion of a critical Cloud Function can cause service downtime, resulting in disruption of operations, loss of revenue, and impact on customer experience. Mitigation Regularly backup your Cloud Function and associated data and implement recovery procedures to quickly restore your system in the event of a deletion. MITRE Tactic: TA0005 MITRE Technique: T1578

Function was created

This alert gets triggered when cloud function is created. Impact If an adversary creates a malicious Google Cloud Function in GCP (Google Cloud Platform), The malicious function could be designed to steal sensitive data, such as personal information or financial data. Mitigation Implement access control measures to limit the permissions of the Cloud Function to the minimum necessary for its intended purpose. This reduces the potential impact of a malicious Cloud Function. MITRE Tactic: TA0003 MITRE Technique: T1098

Function was called

This alert gets triggered when cloud function is called. Impact If an adversary gains control of a Google Cloud Function in GCP (Google Cloud Platform), they can potentially execute arbitrary code and perform various malicious activities, depending on the function's permissions and access to resources. Mitigation For mitigation, it is important to follow security best practices, such as applying the principle of least privilege to your Cloud Functions and regularly reviewing your access controls and permissions. It is also crucial to monitor your Cloud Functions for any suspicious activities or anomalous behaviour. MITRE Tactic: TA0004 MITRE Technique: T1078

No logs from GCP Cloud Function

This rule detects if there are no logs in the last 4 hours for GCP Cloud Function in the customer account. Note- This alert should configured with relevant app & subsystem. Impact Disabling logging is a tactic that adversaries might employ as part of various MITRE ATT&CK techniques to avoid detection, cover their tracks, or impede incident response investigations. Mitigation Address logging concerns to ensure comprehensive monitoring within the Coralogix SIEM system. MITRE Tactic: TA0005 MITRE Technique:T1562

Integration

Learn more about Coralogix's out-of-the-box integration with GCP Cloud Function in our documentation.

Read More
Schedule Demo