Get Started

Getting Started

Deploy

Onboard and Manage Accounts

Amazon Web Services (AWS)

Google Cloud Platform (GCP)

Microsoft Azure

Oracle Cloud Infrastructure (OCI)

Additional Providers

Collect and Integrate Data

Harvesting & Event-Driven Harvesting

Integrations

Understand Data

Visibility & Reporting

Inventory

Query Filters & Insights

Manage and Act on Data

Bots & Automation

Infrastructure as Code (IaC) Security

Cloud IAM Governance

Vulnerability Management

Workload Security

Manage System Settings

InsightCloudSec System Configuration

Developer Resources

APIs

Support

GCP Overview and Support

Google Cloud Platform (GCP) is one of the world’s leading public cloud providers, offering a variety of cloud services. After InsightCloudSec is successfully installed, you're ready to enable visibility into your target GCP Organization(s) and/or project(s). This documentation provides details about adding accounts, managing or deleting existing accounts, and what GCP services we support.

Frequently Asked Questions (FAQ)

The following frequently asked questions and answers should help you understand GCP in InsightCloudSec.

What does InsightCloudSec support from GCP?

As one of the leading public cloud service providers, InsightCloudSec provides broad support for GCP and we are always expanding. Review the full list of GCP-specific supported services in the GCP Support Reference section.

How do I start seeing my GCP environments in InsightCloudSec?

InsightCloudSec relies on a process called "harvesting" to pull data from various CSPs. Review GCP - Onboarding for details.

What do I do after my environments is being harvested?

After at least one GCP account is harvested by InsightCloudSec, you're free to configure additional GCP services as necessary to enhance, optimize, or further secure your experience. Review GCP Additional Configuration for more information.

How can I optimize harvesting?

InsightCloudSec harvesting is the term we use to describe the process of data collection from a selected cloud service provider (CSP) within InsightCloudSec. Check out our Harvesting Overview documentation to understand the basics and refer to Harvesting Strategies for details on specific strategies.

In addition, for GCP, InsightCloudSec offers Event-Driven Harvesting, which requires additional configuration but optimizes harvesting by only pulling in new data based on real-time notifications about resource and policy changes using a Cloud Asset Inventory feed, which triggers targeted harvesting using Pub/Sub. Review our GCP Event-Driven Harvesting documentation for more information.

Manage GCP Cloud Accounts

After initial configuration of the account in GCP, you can add the account to InsightCloudSec. In InsightCloudSec, you onboard a cloud account or organization using the onboarding wizard. Review Onboard an GCP Cloud Account or Onboard an GCP Organization for details.

Once an account is successfully being harvested by InsightCloudSec, it can be modified or deleted as necessary.

Modify: For general information about managing existing GCP Cloud accounts, check out the Clouds section and subsections on Cloud Account Setup & Management. Information about viewing the details of a single cloud account is available on the Cloud Account Detail Page.
Delete: Cloud accounts can be deleted through their individual Settings page.

GCP Support Reference

Supported Services

Included in this section are all of the GCP services (and their components) supported by InsightCloudSec. If you have questions related to GCP or specific services and their support contact us through the Customer Support Portal.


text
1
App Engine (Services, Versions)
2
Artifact Registry (Container Image)
3
BigQuery (Dataset)
4
Certificate Authority Service
5
Cloud Armor
6
Cloud Bigtable
7
Cloud Billing (Export)
8
Cloud CDN
9
Cloud Composer
10
Cloud Data Fusion
11
Cloud DNS (Zone)
12
Cloud Domains
13
Cloud Functions
14
Cloud Identity (Domain Groups, Domain Users, Group)
15
Cloud Interconnect
16
Cloud Key Management Service (Key, Key ring)
17
Cloud Load Balancing (Backend Services, Forwarding Rules, SSL Certificate, Target Proxies, URL Maps)
18
Cloud Logging (Bucket, Logs Storage, Logs Router Sinks)
19
Cloud NAT
20
Cloud Run
21
Cloud Spanner
22
Cloud SQL (Backup, Database)
23
Cloud Storage
24
Cloud VPN (VPN Gateway, VPN Tunnel)
25
Compute Engine (Autoscaler, Image, Instance, Reserved IP, Snapshot, SSH Key Pair)
26
Credentials (API Keys)
27
Data Loss Prevention (inspection job)
28
Dataflow Jobs
29
Dataproc
30
Filestore
31
Firewalls (Rules)
32
Google Kubernetes Engine
33
IAM (Role Permission Set, Service Account, Service Account Key, User)
34
Limit
35
Memorystore
36
Notebooks
37
Organization
38
Organization Policy
39
Persistent Disk
40
Project
41
Pub/Sub (Subscription, Topic)
42
Recommender (Insight, Recommendation)
43
Region
44
Secret
45
Security Command Center (Event Threat Detection)
46
Stackdriver Sink
47
Vertex AI (Custom training job)
48
Virtual Private Cloud (Network Interface, Network Peer, Subnet)

Recommended APIs

The following APIs can be enabled from the APIs and Services Library within the GCP Console and are recommended to harvest all of the services listed above. The Cloud Billing API remains optional and should not affect your ability to use InsightCloudSec.


text
1
Admin SDK API
2
API Keys API
3
App Engine Admin API
4
Artifact Registry API
5
BigQuery API
6
Cloud Asset API
7
- Container Registry
8
Cloud Bigtable API
9
Cloud Bigtable Admin API
10
Cloud Billing API*
11
Cloud Composer API
12
Cloud Data Fusion API
13
Cloud Data Loss Prevention (DLP) API
14
Cloud Dataflow API
15
Cloud Datafusion API
16
Cloud Dataproc API
17
Cloud Datastore
18
Cloud Deployment Manager V2 API
19
Cloud Domains API
20
Cloud DNS API
21
Cloud Filestore API
22
Cloud Functions API
23
Cloud Key Management Service (KMS) API
24
Cloud Logging API
25
Cloud Memorystore for Memcached API
26
Cloud Memorystore for Redis API
27
Cloud Monitoring API
28
Cloud Organization Policy API
29
Cloud Policy Analyzer API
30
Cloud Private Certificate Authority API
31
Cloud Pub/Sub API
32
Cloud Resource Manager API
33
Cloud Secrets API
34
Cloud Secrets Manager API
35
Cloud Spanner API
36
Cloud SQL Admin API
37
Cloud Storage
38
Compute Engine API
39
Compute Engine Instance Group Manager API
40
Compute Engine Instance Group Updater API
41
Compute Engine Instance Groups API
42
Container Analysis API
43
Dataflow API
44
Google+ API
45
Google Cloud SQL API
46
Google Cloud Storage JSON API
47
GOogle Cloud Storage API
48
Identity and Access Management (IAM) API
49
Identity Toolkit API
50
Kubernetes Engine API
51
Notebooks API
52
Org Policy API
53
Recommender API
54
Security Command Center API
55
Serverless VPC Access API
56
Service Management API
57
Service Usage API
58
Stackdriver Logging API

Did this page help you?

Amazon Web Services (AWS)

AWS Additional Configuration

Google Cloud Platform (GCP)

Onboard a GCP Account