GCP SCC detect new user agent that access to the GCP project.
*User Agent:
In computing, a user agent is any software, acting on behalf of a user, which "retrieves, renders and facilitates end-user interaction with Web content." A user agent is therefore a special kind of software agent. Some prominent examples of user agents are web browsers and email readers.
Verify if the reported user agent is valid and used by the principal email.
If is not, it could mean that hacker is trying to access to this resource.
| Yes / No | Action |
|---|---|
| Yes, it is a valid access | Update the JIRA ticket to be false positive. |
| No, it is not a valid access | The principal email could be compromised. Revoke the permission from GCP IAM and escalate to the *security team. |
{
"anomalousSoftware": {
"anomalousSoftwareClassification": ["firebase-cli"],
"callerUserAgent": "FirebaseCLI/7.4.0,gzip(gfe)",
"principalEmail": "xx@xx.com",
"notSeenInLast": "2592000s",
"typicalUserAgents": ["gcloud"],
"rawUserAgent": "FirebaseCLI/7.4.0,gzip(gfe)",
"callerIp": "xx.xx.xx.xx"
}
} |