Google Cloud Platform Environment Scanning
GCP environment scanning Direct link to this section
If you are an Arctic Wolf® Managed Risk customer, you can configure scanning for your Google Cloud Platform (GCP) environment configurations to improve your Cloud Security Posture Management (CSPM).
Create a service account Direct link to this section
Tip: See Creating and managing service accounts in the Google Cloud documentation for more information.
-
Sign in to the Google Cloud console.
-
Click menu, and then select IAM & admin > Service accounts to open the Service account management page.
-
Click CREATE SERVICE ACCOUNT to open the Create Service account page.
-
In the Service account details section:
- In the Service account name field, enter a name for the service account, such as
Arctic Wolf Security Audit
. - (Optional) In the Service account description field, enter a description, such as
Arctic Wolf API Access
. - Click CREATE.
- In the Service account name field, enter a name for the service account, such as
-
In the Service account permissions section:
- In the Select a role list, click Project > Viewer.
- Click CONTINUE.
-
On the Grant users access to the service account page, click DONE.
-
On the Service accounts page, open the Actions menu for the service account that you just created and select Create key.
- In the dialog box, verify that JSON is the selected key type.
- Click CREATE.
This automatically downloads the service account key
.json
file onto your device.
-
Record the name of the downloaded
.json
file to provide to Arctic Wolf later. -
In the navigation bar, click the Google APIs logo to open the APIs & Services page.
-
In the search bar, type
APIs & Services
and then select that page from the results. -
Enable APIs in your project:
- In the API search box, type
Cloud DNS
as the first API to enable. - Select the indivual API entry in the search result.
- Click ENABLE to enable this API in the project.
- Repeat these steps for each API below:
- Stackdriver Monitoring
- Cloud Logging
- Compute Engine
- Cloud Key Management
- Cloud SQL Admin
- Kubernetes Engine
- Service Management
- Service Networking
- In the API search box, type
-
Proceed to Provide credentials to Arctic Wolf.
Provide credentials to Arctic Wolf Direct link to this section
-
Sign in to the Arctic Wolf Portal.
-
Select Connected Accounts in the banner menu to open the Connected Accounts page.
-
Select +Add Account to open the Add Account form.
-
Select Cloud Security Posture Management as the Account Type.
-
Select Google Cloud, and then fill in the form:
- Account Name — Enter a unique name for this cloud account.
- Project ID — Open the
.json
file that you downloaded as part of Create a service account, copy theproject_id
value, and paste it into the Portal form. - Upload the
.json
file.
-
Select Submit to CST.
-
When prompted with the confirmation message, review your submission, and then select Done. You are returned to the Connected Accounts page.
-
Verify that the newly-submitted credential entry appears in the cloud services list with the status Connection Pending.
After your Concierge Security® Team adds this account to your scan configuration, the status of your credentials changes to Connected.