GCP Overview and Support
Copy link

Google Cloud Platform (GCP) is one of the world’s leading public cloud providers, offering a variety of cloud services. After Cloud Security (InsightCloudSec) is successfully installed, you’re ready to enable visibility into your target GCP Organization(s) and/or project(s). This documentation provides details about adding accounts, managing or deleting existing accounts, and what GCP services we support.

Frequently Asked Questions (FAQ)
Copy link

The following frequently asked questions and answers should help you understand GCP in Cloud Security (InsightCloudSec).

What does Cloud Security (InsightCloudSec) support from GCP?

What does Cloud Security (InsightCloudSec) support from GCP?
Copy link

As one of the leading public cloud service providers, Cloud Security (InsightCloudSec) provides broad support for GCP and we are always expanding. Review the full list of GCP-specific supported services in the GCP Support Reference section.

How do I start seeing my GCP environments in Cloud Security (InsightCloudSec)?

How do I start seeing my GCP environments in Cloud Security (InsightCloudSec)?
Copy link

Cloud Security (InsightCloudSec) relies on a process called “harvesting” to pull data from various CSPs. Review GCP - Onboarding for details.

What do I do after my environments is being harvested?

What do I do after my environments is being harvested?
Copy link

After at least one GCP account is harvested by Cloud Security (InsightCloudSec), you’re free to configure additional GCP services as necessary to enhance, optimize, or further secure your experience. Review GCP Additional Configuration for more information.

How can I optimize harvesting?

How can I optimize harvesting?
Copy link

Cloud Security (InsightCloudSec) harvesting is the term we use to describe the process of data collection from a selected cloud service provider (CSP) within Cloud Security (InsightCloudSec). Check out our Harvesting Overview documentation to understand the basics and refer to Harvesting Strategies for details on specific strategies.

In addition, for GCP, Cloud Security (InsightCloudSec) offers Event-Driven Harvesting, which requires additional configuration but optimizes harvesting by only pulling in new data based on real-time notifications about resource and policy changes using a Cloud Asset Inventory feed, which triggers targeted harvesting using Pub/Sub. Review our GCP Event-Driven Harvesting documentation for more information.

Manage GCP Cloud Accounts
Copy link

After initial configuration of the account in GCP, you can add the account to Cloud Security (InsightCloudSec). In Cloud Security (InsightCloudSec), you onboard a cloud account or organization using the onboarding wizard. Review Onboard an GCP Cloud Account or Onboard an GCP Organization for details.

Once an account is successfully being harvested by Cloud Security (InsightCloudSec), it can be modified or deleted as necessary.

GCP Support Reference
Copy link

Supported Services

Supported Services
Copy link

Included in this section are all of the GCP services (and their components) supported by Cloud Security (InsightCloudSec). If you have questions related to GCP or specific services and their support contact us through the Customer Support Portal.

App Engine (Services, Versions) Artifact Registry (Container Image) BigQuery (Dataset) Certificate Authority Service Cloud Armor Cloud Bigtable Cloud Billing (Export) Cloud CDN Cloud Composer Cloud Data Fusion Cloud DNS (Zone) Cloud Domains Cloud Functions Cloud Identity (Domain Groups, Domain Users, Group) Cloud Interconnect Cloud Key Management Service (Key, Key ring) Cloud Load Balancing (Backend Services, Forwarding Rules, SSL Certificate, Target Proxies, URL Maps) Cloud Logging (Bucket, Logs Storage, Logs Router Sinks) Cloud NAT Cloud Run Cloud Spanner Cloud SQL (Backup, Database) Cloud Storage Cloud VPN (VPN Gateway, VPN Tunnel) Compute Engine (Autoscaler, Image, Instance, Reserved IP, Snapshot, SSH Key Pair) Credentials (API Keys) Data Loss Prevention (inspection job) Dataflow Jobs Dataproc Filestore Firewalls (Rules) Google Kubernetes Engine IAM (Role Permission Set, Service Account, Service Account Key, User) Limit Memorystore Notebooks Organization Organization Policy Persistent Disk Project Pub/Sub (Subscription, Topic) Recommender (Insight, Recommendation) Region Secret Security Command Center (Event Threat Detection) Stackdriver Sink Vertex AI (Custom training job) Virtual Private Cloud (Network Interface, Network Peer, Subnet)