Get Started

Getting Started

Deploy

Onboard and Manage Accounts

Amazon Web Services (AWS)

Google Cloud Platform (GCP)

Microsoft Azure

Oracle Cloud Infrastructure (OCI)

Additional Providers

Collect and Integrate Data

Harvesting & Event-Driven Harvesting

Integrations

Understand Data

Visibility & Reporting

Inventory

Query Filters & Insights

Manage and Act on Data

Bots & Automation

Infrastructure as Code (IaC) Security

Cloud IAM Governance

Vulnerability Management

Workload Security

Manage System Settings

InsightCloudSec System Configuration

Developer Resources

APIs

Support

GCP Overview and Support

Google Cloud Platform (GCP) is one of the world’s leading public cloud providers, offering a variety of cloud services. After InsightCloudSec is successfully installed, you're ready to enable visibility into your target GCP Organization(s) and/or project(s). This documentation provides details about adding accounts, managing or deleting existing accounts, and what GCP services we support.

GCP In InsightCloudSec: Frequently Asked Questions (FAQ)

The following frequently asked questions and answers should help you understand GCP in InsightCloudSec.

What does InsightCloudSec support from GCP?

As one of the leading public cloud service providers, InsightCloudSec provides broad support for GCP and we are always expanding. Review the full list of AWS-specific supported services on the GCP Support Reference page.

How do I start seeing my GCP environment(s) in InsightCloudSec?

InsightCloudSec relies on a process called "harvesting" to pull data from various CSPs. Review GCP - Onboarding for details.

What do I do after my environment(s) is being harvested?

After at least one GCP account is harvested by InsightCloudSec, you're free to configure additional GCP services as necessary to enhance, optimize, or further secure your experience. Review GCP Additional Configuration for more information.

How can I optimize harvesting?

InsightCloudSec harvesting is the term we use to describe the process of data collection from a selected cloud service provider (CSP) within InsightCloudSec. Check out our Harvesting Overview documentation to understand the basics and refer to Harvesting Strategies for details on specific strategies.

In addition, for GCP, InsightCloudSec offers Event-Driven Harvesting, which requires additional configuration but optimizes harvesting by only pulling in new data based on real-time notifications about resource and policy changes using a Cloud Asset Inventory feed, which triggers targeted harvesting via Pub/Sub. Review our GCP Event-Driven Harvesting documentation for more information.

Manage cloud accounts

After initial configuration of the account in GCP, you can add the account to InsightCloudSec. You can manage and delete existing accounts in InsightCloudSec.

Add a new GCP cloud account

Onboard a cloud account using the cloud account onboarding wizard. Go to Connect a GCP Cloud Account to get started.

New GCP Onboarding

As of InsightCloudSec version 23.4.11, a new GCP onboarding experience is available. This experience replaces the old setup experience and you will not be able to access it.

Managing an existing GCP cloud account

Read the following for information on managing an existing GCP Cloud Account:

For general information about managing existing GCP Cloud accounts, check out the Clouds section and subsections on Cloud Account Setup & Management.
Information about viewing the details of a single cloud account is available on the Cloud Account Detail Page.
You can add always add additional GCP cloud accounts through the GCP - Onboarding

Deleting GCP cloud accounts

Cloud accounts can be deleted through their individual page.

If you onboard GCP Projects individually and not via GCP Organizations, any GCP projects deleted through the GCP console will be marked as invalid and harvesting will be paused. You will need to manually remove these projects from InsightCloudSec.

Supported Services

Listed below are all of the GCP services (and their components) supported by InsightCloudSec. If you have questions related to GCP or specific services and their support contact us through the Customer Support Portal.

List of supported services


text
1
Artifact Registry (Container Image)
2
BigQuery (Dataset)
3
Certificate Authority Service
4
Cloud Armor
5
Cloud Bigtable
6
Cloud Billing (Export)
7
Cloud CDN
8
Cloud Composer
9
Cloud Data Fusion
10
Cloud DNS (Zone)
11
Cloud Domains
12
Cloud Functions
13
Cloud Identity (Domain Groups, Domain Users, Group)
14
Cloud Interconnect
15
Cloud Key Management Service (Key, Key ring)
16
Cloud Load Balancing (Backend Services, Forwarding Rules, SSL Certificate, Target Proxies, URL Maps)
17
Cloud Logging (Bucket, Logs Storage, Logs Router Sinks)
18
Cloud NAT
19
Cloud Run
20
Cloud Spanner
21
Cloud SQL (Backup, Database)
22
Cloud Storage
23
Cloud VPN (VPN Gateway, VPN Tunnel)
24
Compute Engine (Autoscaler, Image, Instance, Reserved IP, Snapshot, SSH Key Pair)
25
Credentials (API Keys)
26
Data Loss Prevention (inspection job)
27
Dataflow Jobs
28
Dataproc
29
Filestore
30
Firewalls (Rules)
31
Google Kubernetes Engine
32
IAM (Role Permission Set, Service Account, Service Account Key, User)
33
Limit
34
Memorystore
35
Notebooks
36
Organization
37
Persistent Disk
38
Project
39
Pub/Sub (Subscription, Topic)
40
Recommender (Insight, Recommendation)
41
Region
42
Secret
43
Security Command Center (Event Threat Detection)
44
Stackdriver Sink
45
Virtual Private Cloud (Network Interface, Network Peer, Subnet)

For a list of support services/resources for GCP and across all of our supported Cloud Service Providers, check out our Resource Matrix.

Recommended APIs

The following APIs can be enabled from the APIs and Services Library within the GCP Console and are recommended to harvest all of the services listed above. The Cloud Billing API remains optional and should not affect your ability to use InsightCloudSec.

List of recommended APIs


text
1
Admin SDK API
2
API Keys API
3
Artifact Registry API
4
BigQuery API
5
Certificate Authority Service API
6
Cloud Asset API
7
- Container Registry
8
Cloud Bigtable Admin API
9
Cloud Billing API*
10
Cloud Composer API
11
Cloud Data Fusion API
12
Cloud Data Loss Prevention (DLP) API
13
Cloud Dataproc API
14
Cloud Deployment Manager V2 API
15
Cloud Domains API
16
Cloud DNS API
17
Cloud Filestore API
18
Cloud Functions API
19
Cloud Key Management Service (KMS) API
20
Cloud Logging API
21
Cloud Memorystore for Memcached API
22
Cloud Memorystore for Redis API
23
Cloud Monitoring API
24
Cloud Policy Analyzer API
25
Cloud Pub/Sub API
26
Cloud Resource Manager API
27
Cloud Secrets Manager API
28
Cloud Spanner API
29
Cloud SQL
30
Cloud SQL Admin API
31
Cloud Storage
32
Compute Engine API
33
Compute Engine Instance Group Manager API
34
Compute Engine Instance Group Updater API
35
Compute Engine Instance Groups API
36
Container Analysis API
37
Dataflow API
38
Google+ API
39
Identity and Access Management (IAM) API
40
Identity Toolkit API
41
Kubernetes Engine API
42
Notebooks API
43
Org Policy API
44
Recommender API
45
Security Command Center API
46
Serverless VPC Access API
47
Service Management API
48
Service Usage API

Did this page help you?

Amazon Web Services (AWS)

AWS Additional Configuration

Google Cloud Platform (GCP)

Onboard a GCP Account