Google Cloud Platform Environment Scanning

Configuration Guide

Updated Dec 1, 2022

Google Cloud Platform Environment Scanning

GCP environment scanning Direct link to this section

If you are an Arctic Wolf® Managed Risk customer, you can configure scanning for your Google Cloud Platform (GCP) environment configurations to improve your Cloud Security Posture Management (CSPM).

Create a service account Direct link to this section

Tip: See Creating and managing service accounts in the Google Cloud documentation for more information.

  1. Sign in to the Google Cloud console.

  2. Click menu, and then select IAM & admin > Service accounts to open the Service account management page.

  3. Click CREATE SERVICE ACCOUNT to open the Create Service account page.

  4. In the Service account details section:

    1. In the Service account name field, enter a name for the service account, such as Arctic Wolf Security Audit.
    2. (Optional) In the Service account description field, enter a description, such as Arctic Wolf API Access.
    3. Click CREATE.

  5. In the Service account permissions section:

    1. In the Select a role list, click Project > Viewer.
    2. Click CONTINUE.

  6. On the Grant users access to the service account page, click DONE.

  7. On the Service accounts page, open the Actions menu for the service account that you just created and select Create key.

    1. In the dialog box, verify that JSON is the selected key type.
    2. Click CREATE. This automatically downloads the service account key .json file onto your device.

  8. Record the name of the downloaded .json file to provide to Arctic Wolf later.

  9. In the navigation bar, click the Google APIs logo to open the APIs & Services page.

  10. In the search bar, type APIs & Services and then select that page from the results.

  11. Enable APIs in your project:

    1. In the API search box, type Cloud DNS as the first API to enable.
    2. Select the indivual API entry in the search result.
    3. Click ENABLE to enable this API in the project.
    4. Repeat these steps for each API below:
      • Stackdriver Monitoring
      • Cloud Logging
      • Compute Engine
      • Cloud Key Management
      • Cloud SQL Admin
      • Kubernetes Engine
      • Service Management
      • Service Networking

  12. Proceed to Provide credentials to Arctic Wolf.

Provide credentials to Arctic Wolf Direct link to this section

  1. Sign in to the Arctic Wolf Portal.

  2. Select Connected Accounts in the banner menu to open the Connected Accounts page.

    Connected Accounts menu

  3. Select +Add Account to open the Add Account form.

  4. Select Cloud Security Posture Management as the Account Type.

  5. Select Google Cloud, and then fill in the form:

    1. Account Name — Enter a unique name for this cloud account.
    2. Project ID — Open the .json file that you downloaded as part of Create a service account, copy the project_id value, and paste it into the Portal form.
    3. Upload the .json file.

  6. Select Submit to CST.

  7. When prompted with the confirmation message, review your submission, and then select Done. You are returned to the Connected Accounts page.

  8. Verify that the newly-submitted credential entry appears in the cloud services list with the status Connection Pending.

After your Concierge Security® Team adds this account to your scan configuration, the status of your credentials changes to Connected.