Google Cloud Platform CSPM Configuration
Updated Sep 27, 2023Google Cloud Platform cloud environment scanning
Configure Google Cloud Platform (GCP) to enable Arctic Wolf® Cloud Security Posture Management (CSPM).
Requirements
- An active Managed Risk subscription
Steps
Step 1: Create a service account
-
Sign in to the Google Cloud Console with administrator credentials.
-
From the main menu, click IAM & admin > Service accounts.
-
Click CREATE SERVICE ACCOUNT.
-
In the Service account details section:
-
Service account name — Enter a short, descriptive name, such as
arctic-wolf-service-account
. -
Service account ID — (Optional) Enter a unique ID for the service account, such as
arcticwolfmonitoring
.Tip: A unique value is automatically generated when you specify a service account name.
-
Service account description — (Optional) Enter a description for the service account, such as
Used for Arctic Wolf monitoring
.
-
-
Click CREATE.
-
In the Service account permissions section:
- In the Select a role list, click Project > Viewer.
- Click CONTINUE.
-
On the Grant users access to the service account page, click DONE.
-
Find the service account that you created for the Arctic Wolf monitoring service.
-
Complete these steps:
- Expand the Actions menu for the service account, and click Manage keys.
- Select ADD KEY > Create new key.
- In the dialog box, click JSON for the key type.
- Click CREATE. The JSON file containing the service account credentials automatically downloads to your computer.
-
Record the name and filepath of the JSON download for later.
Step 2: Enable APIs in your project
-
If you have not already done so, sign in to the Google Cloud Console with administrator credentials.
-
In the navigation bar, click the Google APIs log to open the APIs & Services page.
-
In the search bar, enter
APIs & Services
and then select that page from the results. -
Enable each of these APIs in your project:
- Cloud DNS
- Stackdriver Monitoring
- Cloud Logging
- Compute Engine
- Cloud Key Management
- Cloud SQL Admin
- Kubernetes Engine
- Service Management
- Service Networking
To enable each API:
- In the API search box, enter the name of the API.
- Select the individual API entry in the search result.
- Click ENABLE to enable this API in the project.
Step 3: Provide credentials to Arctic Wolf
-
Sign in to the Arctic Wolf Unified Portal.
-
In the menu bar, click Telemetry Management > Connected Accounts.
-
Click Add Account +.
-
On the Add Account page, from the Account Type list, select Cloud Security Posture Management.
-
From the list of cloud services, select GCP CSPM.
-
On the Add Account page, complete these steps:
- Account Name — Enter a unique and descriptive name for the account.
- Open the JSON file that you downloaded as part of Create a service account.
- From the JSON file, copy the
project_id
value, and paste it into the Project ID field. - Upload the JSON file.
- Credential Expiry — (Optional) Enter the expiration date if the credentials have an expiry date.
-
Click Test and Submit Credentials.
After your Concierge Security® Team (CST) adds this account to your scan configuration, the connected account changes to Healthy.