GCP Client ID
Service Name: Google Cloud Platform
Service Description: Google Cloud Platform (GCP) is a suite of cloud computing services that runs on the same infrastructure that Google uses internally for its end-user products, offering a wide range of services including computing, data storage, data analytics, and machine learning.
Service Address: https://cloud.google.com/
Validation Type: NHI Enriched
IP Allow list: Does not exist
Secret Access Scope: Grants access to Google APIs on behalf of a user or application. Used for OAuth 2.0 authentication flows.
Secret Revokement URL: https://console.cloud.google.com/apis/credentials
Secret Example: 123456789012-abcdefghijklmnopqrstuvwxyz123456.apps.googleusercontent.com
Suspicious Activity Investigation Instructions:
- Check Google Cloud Console audit logs for unusual API calls or authentication attempts
- Review the OAuth consent screen settings for unauthorized changes
- Examine API usage metrics for unusual spikes in activity
- Check for unauthorized redirect URIs in the client configuration
- Review project activity for any unauthorized resource creation or access
Mitigation Instructions:
- Navigate to the Google Cloud Console and go to the APIs & Services > Credentials section
- Locate the compromised OAuth client ID
- Click on the client ID to view its details
- Click "Delete" to revoke the client ID
- Create a new client ID with proper restrictions if needed
- Update any applications using the old client ID with the new credentials
- Review and update security settings for the project