With support for multiple development languages and a serverless environment, Google App Engine allows you to build applications on the cloud.
Though App Engine improves flexibility, scalability, and collaboration of application development, it does come with security risks. All application logs and request logs of the App Engine should be monitored to ensure no malicious activities take place in your cloud infrastructure.
App Engine generates request logs for every request that is handled by your applications. These request logs hold crucial information such as Project ID, HTTP version, application ID, instance key, request status, and more. They also give you the severity of an application event (Debug, Warning, Critical, Error, and Info).
If you need to troubleshoot an operational issue or want to know more about a security issue, such as unauthorized changes made to the application code, it's essential that you check and analyze these request logs.
You can analyze these logs by opening the Log Viewer of the Cloud console, selecting GAE Application from the drop-down box as the resource type, and performing basic and advanced searches. However, searching these logs to find the relationship between incidents and to spot anomalies is time-consuming and often ineffective.
Log360 is a comprehensive security information and event management (SIEM) solution that interprets and analyzes Google App Engine logs and provides insights on critical events in the form of intuitive reports containing graphs and charts. These dashboards help you spot unusual events instantly as well as dig deeper into incidents.
For all App Engine events, Log360 leverages its machine learning capabilities to generate a risk score. An event with a high-risk score indicates that it's worth investigating.
If your App Engine is flooded with a huge number of HTTP requests to access a critical project, it could be a potential threat to your infrastructure. In this circumstance, Log360 will raise an alert to notify you in real time via SMS and email, helping you quickly respond so you can prevent a breach or an attack.