Hi @jeremyross2001,

Welcome to Google Cloud Community!

Firebase integrates with Google Cloud Logging (formerly Stackdriver), allowing you to export logs using Log Router sinks for further analysis or storage. You can forward logs from Cloud Logging to various destinations such as Pub/Sub for SIEM ingestion, BigQuery for analysis, Cloud Storage for bulk storage, or third-party tools like Splunk, Datadog, and QRadar through Pub/Sub or HTTP endpoints.

This guide walks you through routing logs to a centralized destination based on your preferred security analytics platform—whether that's Log Analytics, BigQuery, Google Security Operations, or a third-party security information and event management (SIEM) technology.

Types of Firebase Logs You Can Export to SIEM

- Security logs:

Firebase Authentication events capture key security-related events such as sign-ins, sign-outs, and failed login attempts, along with associated errors, exceptions, and potential security threats.

- Cloud Run Functions Logs:

Cloud Functions for Firebase generates detailed logs covering function invocations, execution times, errors, warnings, and latency metrics. These include operational logs such as start/end times and status (success or error), application-level logs from your code (e.g., console.log or console.error), and security-relevant logs if errors suggest potential attacks.

- Logs Analytics:

User event logs from Google Analytics for Firebase, typically accessed via BigQuery export, capture in-app user interactions like screen views, events, and conversions. While primarily used for product analytics, this behavioral data can be processed to uncover potential security insights, though it's not commonly used as raw input for SIEM systems.

If you need further assistance, you can reach out to Google Cloud Support at any time.

Was this helpful? If so, please accept this answer as “Solution”. If you need additional assistance, reply here within 2 business days and I’ll be happy to help.