Google Cloud Platform CSPM Configuration

Updated Oct 31, 2023

Configure Google Cloud Platform environment scanning

You can configure Google Cloud Platform (GCP)® to enable Arctic Wolf® Cloud Security Posture Management (CSPM).

Requirements

Steps

  1. Create a service account.
  2. Enable APIs in your project.
  3. Provide your GCP credentials to Arctic Wolf.

Step 1: Create a service account

  1. Sign in to the Google Cloud Console with administrator permissions.

  2. In the main menu, click IAM & admin > Service accounts.

  3. Click CREATE SERVICE ACCOUNT.

  4. In the Service account details section, configure these settings:

    • Service account name — Enter a name for the service account. For example, arctic-wolf-service-account.

    • Service account ID — (Optional) Enter a unique ID for the service account. For example, arcticwolfmonitoring.

      Tip: A unique value is automatically generated when you specify a service account name.

    • Service account description — (Optional) Enter a description for the service account. For example, Used for Arctic Wolf monitoring.

  5. Click CREATE.

  6. In the Service account permissions section, in the Select a role list, select Project > Viewer.

  7. Click CONTINUE.

  8. On the Grant users access to the service account page, click DONE.

  9. On the Service Accounts page, for the service account that you created, complete these steps:

    1. Click Actions > Manage keys.

    2. In the ADD KEY list, select Create new key.

    3. In the dialog, select the JSON option.

    4. Click CREATE.

      The JSON file containing the service account credentials automatically downloads to your computer.

  10. Copy the JSON file name and path to a safe, encrypted location. You will provide it to Arctic Wolf later.

Step 2: Enable APIs in your project

  1. Sign in to the Google Cloud Console with administrator permissions.

  2. In the navigation menu, click Google APIs.

    The APIs & Services page opens.

  3. In the search bar, enter APIs & Services.

  4. In the search results, select APIs & Services.

  5. For each API that you want to enable, complete these steps:

    1. In the API search bar, enter the name of the API.
    2. Select the API entry in the search result.
    3. Click ENABLE to enable this API in the project.
    4. Repeat these steps for each of these APIs in your project:
      • Cloud DNS
      • Stackdriver Monitoring
      • Cloud Logging
      • Compute Engine
      • Cloud Key Management
      • Cloud SQL Admin
      • Kubernetes Engine
      • Service Management
      • Service Networking

Step 3: Provide credentials to Arctic Wolf

  1. Sign in to the Arctic Wolf Unified Portal.

  2. Click Telemetry Management > Connected Accounts.

  3. Click Add Account +.

  4. On the Add Account page, in the Account Type list, select Cloud Security Posture Management.

  5. In the Cloud Services list, select GCP CSPM.

  6. On the Add Account page, configure these settings:

    • Account Name — Enter a unique and descriptive name for the account.
    • Project ID — Enter the project_id value from the JSON file you downloaded as part of Create a service account, and then upload the JSON file.
    • Credential Expiry — (Optional) Enter the credential expiration date, if applicable.
  7. Click Test and submit credentials.

After your Concierge Security® Team (CST) adds this account to your scan configuration, the connected account changes to Healthy.

See also