Explanation:

GCP SCC detects that a service account had multiple failed attempts.



Resolution:

Further investigation is required to see which action to be performed.

The GCP Security team will need to evaluate based on the actions below:

ActionsFollow up

Check if the caller IP of the reported findings if it is under exception. If not under 


Exceptions
If the finding is generated by the gitlab-runner's IP, the finding can be deem as the pipeline is having problem. Close the finding.
CE: 172.32.0.0/21
EE: 172.36.0.0/21
 

Production - Inform owner

Non-Production - Don't have to inform owner.

See the table below for recommended action after investigation.

Yes / NoAction
Inform owner.Inform the owner about the activity and update the JIRA ticket's rememdiation action to be "Owner is being informed" and closed the ticket.
Don't have to inform owner.

Update the JIRA ticket's rememdiation action to be "Non-production environment. No action to be taken." and closed the ticket.






Pattern:

N/A