Configure Google Cloud Platform environment scanning

You can configure Google Cloud Platform (GCP)® to enable Arctic Wolf® Cloud Security Posture Management (CSPM).

These resources are required:

  • An active Managed Risk subscription
  • Access to the Google Cloud console with administrator permissions

Create a service account

  1. Sign in to the Google Cloud Console with administrator permissions.
  2. In the main menu, click IAM & admin > Service accounts.
  3. Click CREATE SERVICE ACCOUNT.
  4. In the Service account details section, configure these settings:
    • Service account name — Enter a name for the service account. For example, arctic-wolf-service-account.
    • Service account ID — (Optional) Enter a unique ID for the service account. For example, arcticwolfmonitoring.
      Tip:

      A unique value is automatically generated when you specify a service account name.

    • Service account description — (Optional) Enter a description for the service account. For example, Used for Arctic Wolf monitoring.
  5. Click CREATE.
  6. In the Service account permissions section, in the Select a role list, select Project > Viewer.
  7. Click CONTINUE.
  8. On the Grant users access to the service account page, click DONE.
  9. On the Service Accounts page, for the service account that you created, complete these steps:
    1. Click Actions > Manage keys.
    2. In the Add key list, select Create new key.
      Note: If you receive an error similar to Service account key creation is disabled, you must ask an administrator with the Organization Policy Administrator role to disable the iam.disableServiceAccountKeyCreation constraint. For more information, see Create and delete service account keys.
    3. In the dialog, select the JSON option.
    4. Click Create.

      The JSON file containing the service account credentials automatically downloads to your computer.

  10. Copy the JSON filename and path to a safe, encrypted location to provide to Arctic Wolf later.

Enable APIs in your project

  1. Sign in to the Google Cloud Console with administrator permissions.
  2. In the navigation menu, click Google APIs.

    The APIs & Services page opens.

  3. In the search bar, enter APIs & Services.
  4. In the search results, select APIs & Services.
  5. For each API that you want to enable, complete these steps:
    1. In the API search bar, enter the name of the API.
    2. Select the API entry in the search result.
    3. Click ENABLE to enable this API in the project.
    4. Repeat these steps for each of these APIs in your project:
      • Cloud DNS
      • Stackdriver Monitoring
      • Cloud Logging
      • Compute Engine
      • Cloud Key Management
      • Cloud SQL Admin
      • Kubernetes Engine
      • Service Management
      • Service Networking

Provide your GCP credentials to Arctic Wolf

  1. Sign in to the Arctic Wolf Unified Portal.
  2. In the navigation menu, click Data Collection > Cloud Scanners.
  3. Click + Add Account.
  4. Click Azure.
  5. Click Next: Add Account Information.
  6. Configure these settings:
    • Account Name — Enter a unique and descriptive name for the account.
    • Project ID — Enter the project_id value from the JSON file you downloaded as part of Create a service account.
    • JSON Credential File — Click to upload the JSON file you downloaded as part of Create a service account.
  7. Click Submit.
    A ticket is created so that your Concierge Security® Team (CST) can finalize the configuration of the account. At any time, you can click Tickets & Alerts to view the status of your ticket in the Unified Portal.