Google Cloud Platform cloud environment scanning

Configure Google Cloud Platform (GCP) to enable Arctic Wolf® Cloud Security Posture Management (CSPM).

Requirements

• An active Managed Risk subscription

Steps

1. Create a service account.
2. Enable APIs in your project
3. Provide credentials to Arctic Wolf

Step 1: Create a service account

1. Sign in to the Google Cloud Console with administrator credentials.

2. From the main menu, click IAM & admin > Service accounts.

3. Click CREATE SERVICE ACCOUNT.

4. In the Service account details section:

   • Service account name — Enter a short, descriptive name, such as arctic-wolf-service-account.

   • Service account ID — (Optional) Enter a unique ID for the service account, such as arcticwolfmonitoring.

     Tip: A unique value is automatically generated when you specify a service account name.

   • Service account description — (Optional) Enter a description for the service account, such as Used for Arctic Wolf monitoring.

5. Click CREATE.

6. In the Service account permissions section:

   1. In the Select a role list, click Project > Viewer.
   2. Click CONTINUE.

7. On the Grant users access to the service account page, click DONE.

8. Find the service account that you created for the Arctic Wolf monitoring service.

9. Complete these steps:

   1. Expand the Actions menu for the service account, and click Manage keys.
   2. Select ADD KEY > Create new key.
   3. In the dialog box, click JSON for the key type.
   4. Click CREATE. The JSON file containing the service account credentials automatically downloads to your computer.

10. Record the name and filepath of the JSON download for later.

Step 2: Enable APIs in your project

1. If you have not already done so, sign in to the Google Cloud Console with administrator credentials.

2. In the navigation bar, click the Google APIs log to open the APIs & Services page.

3. In the search bar, enter APIs & Services and then select that page from the results.

4. Enable each of these APIs in your project:

   • Cloud DNS
   • Stackdriver Monitoring
   • Cloud Logging
   • Compute Engine
   • Cloud Key Management
   • Cloud SQL Admin
   • Kubernetes Engine
   • Service Management
   • Service Networking

   To enable each API:

   1. In the API search box, enter the name of the API.
   2. Select the individual API entry in the search result.
   3. Click ENABLE to enable this API in the project.

Step 3: Provide credentials to Arctic Wolf

1. Sign in to the Arctic Wolf Unified Portal.

2. In the menu bar, click Telemetry Management > Connected Accounts.

3. Click Add Account +.

4. On the Add Account page, from the Account Type list, select Cloud Security Posture Management.

5. From the list of cloud services, select GCP CSPM.

6. On the Add Account page, complete these steps:

   1. Account Name — Enter a unique and descriptive name for the account.
   2. Open the JSON file that you downloaded as part of Create a service account.
   3. From the JSON file, copy the project_id value, and paste it into the Project ID field.
   4. Upload the JSON file.
   5. Credential Expiry — (Optional) Enter the expiration date if the credentials have an expiry date.

7. Click Test and Submit Credentials.

After your Concierge Security® Team (CST) adds this account to your scan configuration, the connected account changes to Healthy.

See also

• Creating and managing service accounts