GCP Overview and Support
Google Cloud Platform (GCP) is one of the world’s leading public cloud providers, offering a variety of cloud services. After InsightCloudSec is successfully installed, you're ready to enable visibility into your target GCP Organization(s) and/or project(s). This documentation provides details about adding accounts, managing or deleting existing accounts, and what GCP services we support.
Frequently Asked Questions (FAQ)
The following frequently asked questions and answers should help you understand GCP in InsightCloudSec.
What does InsightCloudSec support from GCP?
What does InsightCloudSec support from GCP?
As one of the leading public cloud service providers, InsightCloudSec provides broad support for GCP and we are always expanding. Review the full list of GCP-specific supported services in the GCP Support Reference section.
How do I start seeing my GCP environments in InsightCloudSec?
How do I start seeing my GCP environments in InsightCloudSec?
InsightCloudSec relies on a process called "harvesting" to pull data from various CSPs. Review GCP - Onboarding for details.
What do I do after my environments is being harvested?
What do I do after my environments is being harvested?
After at least one GCP account is harvested by InsightCloudSec, you're free to configure additional GCP services as necessary to enhance, optimize, or further secure your experience. Review GCP Additional Configuration for more information.
How can I optimize harvesting?
How can I optimize harvesting?
InsightCloudSec harvesting is the term we use to describe the process of data collection from a selected cloud service provider (CSP) within InsightCloudSec. Check out our Harvesting Overview documentation to understand the basics and refer to Harvesting Strategies for details on specific strategies.
In addition, for GCP, InsightCloudSec offers Event-Driven Harvesting, which requires additional configuration but optimizes harvesting by only pulling in new data based on real-time notifications about resource and policy changes using a Cloud Asset Inventory feed, which triggers targeted harvesting using Pub/Sub. Review our GCP Event-Driven Harvesting documentation for more information.
Manage GCP Cloud Accounts
After initial configuration of the account in GCP, you can add the account to InsightCloudSec. In InsightCloudSec, you onboard a cloud account or organization using the onboarding wizard. Review Onboard an GCP Cloud Account or Onboard an GCP Organization for details.
Once an account is successfully being harvested by InsightCloudSec, it can be modified or deleted as necessary.
- Modify: For general information about managing existing GCP Cloud accounts, check out the Clouds section and subsections on Cloud Account Setup & Management. Information about viewing the details of a single cloud account is available on the Cloud Account Detail Page.
- Delete: Cloud accounts can be deleted through their individual Settings page.
GCP Support Reference
Supported Services
Supported Services
Included in this section are all of the GCP services (and their components) supported by InsightCloudSec. If you have questions related to GCP or specific services and their support contact us through the Customer Support Portal.
text
1App Engine (Services, Versions)2Artifact Registry (Container Image)3BigQuery (Dataset)4Certificate Authority Service5Cloud Armor6Cloud Bigtable7Cloud Billing (Export)8Cloud CDN9Cloud Composer10Cloud Data Fusion11Cloud DNS (Zone)12Cloud Domains13Cloud Functions14Cloud Identity (Domain Groups, Domain Users, Group)15Cloud Interconnect16Cloud Key Management Service (Key, Key ring)17Cloud Load Balancing (Backend Services, Forwarding Rules, SSL Certificate, Target Proxies, URL Maps)18Cloud Logging (Bucket, Logs Storage, Logs Router Sinks)19Cloud NAT20Cloud Run21Cloud Spanner22Cloud SQL (Backup, Database)23Cloud Storage24Cloud VPN (VPN Gateway, VPN Tunnel)25Compute Engine (Autoscaler, Image, Instance, Reserved IP, Snapshot, SSH Key Pair)26Credentials (API Keys)27Data Loss Prevention (inspection job)28Dataflow Jobs29Dataproc30Filestore31Firewalls (Rules)32Google Kubernetes Engine33IAM (Role Permission Set, Service Account, Service Account Key, User)34Limit35Memorystore36Notebooks37Organization38Persistent Disk39Project40Pub/Sub (Subscription, Topic)41Recommender (Insight, Recommendation)42Region43Secret44Security Command Center (Event Threat Detection)45Stackdriver Sink46Vertex AI (Custom training job)47Virtual Private Cloud (Network Interface, Network Peer, Subnet)
Recommended APIs
Recommended APIs
The following APIs can be enabled from the APIs and Services Library within the GCP Console and are recommended to harvest all of the services listed above. The Cloud Billing API remains optional and should not affect your ability to use InsightCloudSec.
text
1Admin SDK API2API Keys API3Artifact Registry API4BigQuery API5Certificate Authority Service API6Cloud Asset API7- Container Registry8Cloud Bigtable Admin API9Cloud Billing API*10Cloud Composer API11Cloud Data Fusion API12Cloud Data Loss Prevention (DLP) API13Cloud Dataproc API14Cloud Deployment Manager V2 API15Cloud Domains API16Cloud DNS API17Cloud Filestore API18Cloud Functions API19Cloud Key Management Service (KMS) API20Cloud Logging API21Cloud Memorystore for Memcached API22Cloud Memorystore for Redis API23Cloud Monitoring API24Cloud Policy Analyzer API25Cloud Pub/Sub API26Cloud Resource Manager API27Cloud Secrets Manager API28Cloud Spanner API29Cloud SQL30Cloud SQL Admin API31Cloud Storage32Compute Engine API33Compute Engine Instance Group Manager API34Compute Engine Instance Group Updater API35Compute Engine Instance Groups API36Container Analysis API37Dataflow API38Google+ API39Identity and Access Management (IAM) API40Identity Toolkit API41Kubernetes Engine API42Notebooks API43Org Policy API44Recommender API45Security Command Center API46Serverless VPC Access API47Service Management API48Service Usage API