Configuring Google Cloud Environment Scanning

Configuration Guide

Overview

This document describes how to configure scanning for your Google Cloud Platform (GCP) environment configurations. Cloud scans are part of your Cloud Security Posture Management (CSPM).

Note: You are only able to configure cloud scanning if you are an Arctic Wolf® Managed Risk customer.

Creating a service account

To create a service account:

  1. Sign in to the Google Cloud console.

  2. Click menu, and then select IAM & admin > Service accounts to open the Service account management page.

  3. Click CREATE SERVICE ACCOUNT to open the Create Service account page.

  4. In the Service account details section:

    1. Enter a name for the service account in the Service account name field, such as Arctic Wolf Security Audit.

    2. (Optional) Enter a description in the Service account description field, such as Arctic Wolf API Access.

    3. Click CREATE.

  5. In the Service account permissions section:

    1. In the Select a role list, click Project > Viewer.

    2. Click CONTINUE.

  6. In the Grant users access to the service account page, click DONE.

  7. On the Service accounts page, open the Actions menu for the service account that you just created and select Create key.

    1. In the dialog box, verify that JSON is the selected key type.

    2. Click CREATE.

    Note: This automatically downloads the .json file containing the service account credentials onto your computer.

  8. Record the name of the downloaded .json file to provide to Arctic Wolf later.

  9. Click Google APIs in the banner to open the APIs & Services page.

    Google APIs selected

  10. In the search bar, type APIs & Services and then select that page from the results.

    Tip: The results update dynamically as you type.

  11. Enable APIs in your project:

    1. One at a time, type the name of each API in the API search box:

      • Cloud DNS

      • Stackdriver Monitoring

      • Cloud Logging

      • Compute Engine

      • Cloud Key Management

      • Cloud SQL Admin

      • Kubernetes Engine

      • Service Management

      • Service Networking

    2. Select the indivual API entry in the search result.

    3. Click ENABLE to enable this API in the project.

Providing credentials to Arctic Wolf

To submit your credentials on the Arctic Wolf Portal:

  1. Sign in to the Arctic Wolf Portal.

  2. Select Connected Accounts in the banner menu to open the Connected Accounts page.

    Connected Accounts menu

  3. Select + Add Account to open the Add Account form.

  4. Select Cloud Security Posture Management as the Account Type.

  5. Select Google Cloud, and then fill in the form:

    1. Enter an Account Name.

    2. Open the .json file that you downloaded as part of Creating a service account and copy and paste the Project ID value.

    3. Close the .json file.

    4. Upload the .json file.

    Google Cloud credential form

  6. Click Submit to CST.

  7. When prompted with the confirmation message, review your submission and then click Done. This returns you to the Connected Accounts page.

  8. Verify that the newly-submitted credential entry appears in the cloud services list with the status Connection Pending.

After your Concierge Security® Team (CST) adds this account to your scan configuration, the status of your credentials changes to Connected.