GCP Overview and Support
Google Cloud Platform (GCP) is one of the world’s leading public cloud providers, offering a variety of cloud services. After InsightCloudSec is successfully installed, you're ready to enable visibility into your target GCP Organization(s) and/or project(s). This documentation provides details about adding accounts, managing or deleting existing accounts, and what GCP services we support.
GCP In InsightCloudSec: Frequently Asked Questions (FAQ)
The following frequently asked questions and answers should help you understand GCP in InsightCloudSec.
What does InsightCloudSec support from GCP?
What does InsightCloudSec support from GCP?
As one of the leading public cloud service providers, InsightCloudSec provides broad support for GCP and we are always expanding. Review the full list of AWS-specific supported services on the GCP Support Reference page.
How do I start seeing my GCP environment(s) in InsightCloudSec?
How do I start seeing my GCP environment(s) in InsightCloudSec?
InsightCloudSec relies on a process called "harvesting" to pull data from various CSPs. Review GCP - Onboarding for details.
What do I do after my environment(s) is being harvested?
What do I do after my environment(s) is being harvested?
After at least one GCP account is harvested by InsightCloudSec, you're free to configure additional GCP services as necessary to enhance, optimize, or further secure your experience. Review GCP Additional Configuration for more information.
How can I optimize harvesting?
How can I optimize harvesting?
InsightCloudSec harvesting is the term we use to describe the process of data collection from a selected cloud service provider (CSP) within InsightCloudSec. Check out our Harvesting Overview documentation to understand the basics and refer to Harvesting Strategies for details on specific strategies.
In addition, for GCP, InsightCloudSec offers Event-Driven Harvesting, which requires additional configuration but optimizes harvesting by only pulling in new data based on real-time notifications about resource and policy changes using a Cloud Asset Inventory feed, which triggers targeted harvesting via Pub/Sub. Review our GCP Event-Driven Harvesting documentation for more information.
Manage cloud accounts
After initial configuration of the account in GCP, you can add the account to InsightCloudSec. You can manage and delete existing accounts in InsightCloudSec.
Add a new GCP cloud account
Add a new GCP cloud account
Onboard a cloud account using the cloud account onboarding wizard. Go to Connect a GCP Cloud Account to get started.
New GCP Onboarding
As of InsightCloudSec version 23.4.11, a new GCP onboarding experience is available. This experience replaces the old setup experience and you will not be able to access it.
Managing an existing GCP cloud account
Managing an existing GCP cloud account
Read the following for information on managing an existing GCP Cloud Account:
- For general information about managing existing GCP Cloud accounts, check out the Clouds section and subsections on Cloud Account Setup & Management.
- Information about viewing the details of a single cloud account is available on the Cloud Account Detail Page.
- You can add always add additional GCP cloud accounts through the GCP - Onboarding
Deleting GCP cloud accounts
Deleting GCP cloud accounts
Cloud accounts can be deleted through their individual page.
If you onboard GCP Projects individually and not via GCP Organizations, any GCP projects deleted through the GCP console will be marked as invalid and harvesting will be paused. You will need to manually remove these projects from InsightCloudSec.
Supported Services
Listed below are all of the GCP services (and their components) supported by InsightCloudSec. If you have questions related to GCP or specific services and their support contact us through the Customer Support Portal.
List of supported services
text
1Artifact Registry (Container Image)2BigQuery (Dataset)3Certificate Authority Service4Cloud Armor5Cloud Bigtable6Cloud Billing (Export)7Cloud CDN8Cloud Composer9Cloud Data Fusion10Cloud DNS (Zone)11Cloud Domains12Cloud Functions13Cloud Identity (Domain Groups, Domain Users, Group)14Cloud Interconnect15Cloud Key Management Service (Key, Key ring)16Cloud Load Balancing (Backend Services, Forwarding Rules, SSL Certificate, Target Proxies, URL Maps)17Cloud Logging (Bucket, Logs Storage, Logs Router Sinks)18Cloud NAT19Cloud Run20Cloud Spanner21Cloud SQL (Backup, Database)22Cloud Storage23Cloud VPN (VPN Gateway, VPN Tunnel)24Compute Engine (Autoscaler, Image, Instance, Reserved IP, Snapshot, SSH Key Pair)25Credentials (API Keys)26Data Loss Prevention (inspection job)27Dataflow Jobs28Dataproc29Filestore30Firewalls (Rules)31Google Kubernetes Engine32IAM (Role Permission Set, Service Account, Service Account Key, User)33Limit34Memorystore35Notebooks36Organization37Persistent Disk38Project39Pub/Sub (Subscription, Topic)40Recommender (Insight, Recommendation)41Region42Secret43Security Command Center (Event Threat Detection)44Stackdriver Sink45Virtual Private Cloud (Network Interface, Network Peer, Subnet)
For a list of support services/resources for GCP and across all of our supported Cloud Service Providers, check out our Resource Matrix.
Recommended APIs
The following APIs can be enabled from the APIs and Services Library within the GCP Console and are recommended to harvest all of the services listed above. The Cloud Billing API remains optional and should not affect your ability to use InsightCloudSec.
List of recommended APIs
text
1Admin SDK API2API Keys API3Artifact Registry API4BigQuery API5Certificate Authority Service API6Cloud Asset API7- Container Registry8Cloud Bigtable Admin API9Cloud Billing API*10Cloud Composer API11Cloud Data Fusion API12Cloud Data Loss Prevention (DLP) API13Cloud Dataproc API14Cloud Deployment Manager V2 API15Cloud Domains API16Cloud DNS API17Cloud Filestore API18Cloud Functions API19Cloud Key Management Service (KMS) API20Cloud Logging API21Cloud Memorystore for Memcached API22Cloud Memorystore for Redis API23Cloud Monitoring API24Cloud Policy Analyzer API25Cloud Pub/Sub API26Cloud Resource Manager API27Cloud Secrets Manager API28Cloud Spanner API29Cloud SQL30Cloud SQL Admin API31Cloud Storage32Compute Engine API33Compute Engine Instance Group Manager API34Compute Engine Instance Group Updater API35Compute Engine Instance Groups API36Container Analysis API37Dataflow API38Google+ API39Identity and Access Management (IAM) API40Identity Toolkit API41Kubernetes Engine API42Notebooks API43Org Policy API44Recommender API45Security Command Center API46Serverless VPC Access API47Service Management API48Service Usage API