Action Required: Suspicious Activity Observed on Google Cloud Project

These are the GCP’s recommended steps when a user faces that warning message:

-Stop the instance immediately.

-Notify impacted users; they might be wondering why your service is down.

-Identify the source of the vulnerability by analyzing the behavior of your instance and the software you've installed.

-Ensure that all the software is up to date. Check for any known vulnerabilities in the software installed on your machine and take proactive steps to apply the latest security patches.

-Adopt additional security measures to ensure that your project is not compromised by a third party and then completely reinstall your project.

-Follow the guidelines in What can I do to protect my instance? (above) to ensure your project is secure going forward.

-If you received a warning from Google Cloud Platform about suspicious behavior by your project, appeal the warning by going to the Google Cloud -Platform console and explaining the steps you took to secure the instance.

GCP does not have visibility into what is installed on your instance or what software caused the issue. You are responsible for investigating the source of vulnerability and taking steps to mitigate it. If you need any additional support to troubleshoot the issue please refer to the Cloud Platform Support page Cloud Platform Support.

You can visit the following GCP’s official information URL as a reference Securing instances: