GCP LPA Usage

Assuming you have properly configured a GCP Project or Organization and are harvesting Recommendation Findings, you should be able to access GCP LPA findings as follows:

From the Inventory > Resources page on your InsightCloudSec platform, navigate to the Identity & Management tab. The principal activity view can only be accessed on the Cloud User and Cloud Role resources.

Once you've selected the desired resource, click the vertical three dots to open the context menu, then select Principal Activity. This opens a side pane listing all of the actions taken by the selected user or role.

Principal Activity

Principal Activity Details

The Principal Activity pane contains permissions that have been used within the last 90 days. This provides useful information to support remediation of risk but should be used in conjunction with additional context of the Principal being assessed.

Note

This data is based on a calculation using GCP Recommendations and doesn’t provide a full assessment of the Principals' activity.

Permissions

Remediation

  • Click the + to review details about the remediation/recommendation.
  • If you have the appropriate permissions, click Apply Recommendation to apply a given recommendation.

Considerations Before Editing

Prior to making changes to a user or role based on this information we recommend the following:

  • Have the information assessed by a qualified reviewer with knowledge of your specific infrastructure and implementation to avoid unwanted impacts (e.g. loss of required permission)
  • Ensure that you have an existing process to revert or remediate issues prior to making changes

Detailed Permission Usage (JSON)

The Detailed Permission Usage JSON file includes the following information for the given principal:

  • The permission name
  • The status of the permission (used or unused)

If you want to programmatically collect this information, review the List Principal Activity and List Principal Permissions endpoints.