InsightCloudSec Docs

Welcome to the InsightCloudSec Docs!

InsightCloudSec by Rapid7 (formerly DivvyCloud) is a Cloud-Native Security Platform that provides real-time analysis and automated remediation for continuous security and compliance for your multi-cloud environment.

For questions reach out to us through [email protected].

Take Me to the Docs!    Release Notes

Projects (GCP)

Integrating a GCP Project with InsightCloudSec

This page walks through the steps required to add a single GCP account, also known as a project, into InsightCloudSec. Read more about Google Cloud Projects here.

In addition, we also support adding multiple GCP projects (aka organizations) to InsightCloudSec. Review the details of that setup on the Organizations (GCP) page.

Otherwise, refer to the steps below to get set up.


Before you get started you will want to make sure you have the following:

  • A functioning InsightCloudSec Installation with the appropriate admin permissions
  • The appropriate permissions to access the resources you will need from Google

If you have questions or concerns, reach out to us at [email protected].

Adding a GCP Project through the Google Console

1. To access the API Manager, log in to the GCP console. Verify that you have selected the organization and the project you wish to add to InsightCloudSec.


Project ID

Note the Project ID; you will need this when adding the cloud account to InsightCloudSec.

Google Project IDGoogle Project ID

Google Project ID

2. To access the APIs & Services dashboard, select API & Services from the left navigation and click "Dashboard".

API & Services DashboardAPI & Services Dashboard

API & Services Dashboard

3. Enable APIs — Once you have selected Dashboard, you will see a list of APIs that are currently enabled.

Currently enabled APIsCurrently enabled APIs

Currently enabled APIs


Cloud Asset Inventory - Required Permissions

Note that the Cloud Asset API must be enabled with appropriate permissions for GCP's Cloud Asset Inventory to function properly. Reach out to your CSM or [email protected] if you require any assistance in configuring this required API.

If you do not have all of the recommended APIs enabled, select "Enable APIs and Services". Otherwise, skip to step 6.

Enable APIs and ServicesEnable APIs and Services

Enable APIs and Services

4. In the Google API Library, enter the name of the missing API in the search box. Select the searched for API. (The example below shows just one match; multiple API matches may be shown in card format.)

5. You will see a description of the API. Once you have reviewed the information, select "Enable." Repeat the process until you have added all of the missing APIs.

6. Once you have verified your enabled APIs, you will need to create an additional custom role to ensure appropriate access. Go to "Roles --> Create Role --> Add Permissions".

  • Utilizing the Filter field, select the following permissions:
    • storage.buckets.get
    • storage.buckets.getIAMPolicy
    • bigquery.tables.get
    • bigquery.tables.list
    • cloudasset.assets.listResource
  • Click "Add".
  • Update the role's Title, Description, ID, and Role launch stage, then click "Create". We recommend a name and ID that includes InsightCloudSec so it's easier to find later.
Add Custom RoleAdd Custom Role

Add Custom Role

7. Click on Credentials on the navigation menu (from the API Services Dashboard).

Create credentialsCreate credentials

Create credentials

8. Click on the "Create credentials" button and select "Service account" from the drop-down menu.
Note: this navigates to the IAM & Admin section of the Google Cloud Platform Dashboard.

Service account detailsService account details

Service account details

9. Complete the "Service account details" as follows, click "Create" when you're finished.

  • Service account name - the name you want to provide for the service account
  • ID - the service account ID
  • Service account description - a description of the account's purpose

10. Under Service Account permissions click on "Select a role".

  • Select either "Project-->Viewer" to give InsightCloudSec the scope to view all cloud resources, or select "Project -->Editor" to allow InsightCloudSec to view and act upon all cloud resources.
  • Select the custom role you created in Step #6 (e.g. InsightCloudSecStorage).
  • Add any conditions (optional), if desired.
Service account permissionsService account permissions

Service account permissions

11. Click Continue to save your role selection.

12. To finish the process to "Create Service Account", click "Create Key".

  • Select JSON as your key type. (This allows InsightCloudSec to call APIs programmatically.)
  • If you want to configure the "Grant users access to this service account (optional)", consult with your local administrator to confirm details, or reach out to support-insigh[email protected] with questions.

13. Click "Done" to complete this process and confirm that your Service Account Key has been created. You should see a confirmation message with the name of your JSON key. (This also automatically downloads the key.)


Store this JSON in a secure place; the JSON contains the only copy of the keys.

Complete the creation of your keyComplete the creation of your key

Complete the creation of your key

Adding a GCP Project to InsightCloudSec

1. Go to your InsightCloudSec account. Navigate to the Clouds Listing Page "Cloud --> Clouds". Click on "Add Cloud" in the upper right.

Add a CloudAdd a Cloud

Add a Cloud

2. Enter Cloud Information:

  • Select "Google Cloud Platform" in the Select Technology dropbox.
  • Name your cloud account.
  • Provide your project ID from Setup on Google Console Step 1.
  • Enter the JSON from the credentials you created and saved earlier.
  • Enter an admin Email if you want to manage IAM and the Google Cloud Directory.
  • Optionally, select a harvesting strategy to use for this project.
GCP Add a Cloud FormGCP Add a Cloud Form

GCP Add a Cloud Form

3. Complete the optional validation step for permissions.



Both AWS and GCP include the ability to optionally validate permissions before adding a new cloud account. To review those steps, visit the instructions provided under Cloud Account Setup.

4. Add any Badges you would like to this particular cloud account. Badges provide a way to assign additional metadata about resources within the InsightCloudSec platform. They are key/value pairs which can be used for filtering and identifying resources from parent cloud account.

5. Select "Add Cloud".

6. Confirm the addition of your GCP cloud account. You should see a notification that indicates you have successfully added a cloud account.

  • InsightCloudSec will begin harvesting immediately and the data should start to surface after five minutes or so, depending upon the size of your cloud account.
  • You can also confirm that your cloud account is added by returning to the Clouds main page, selecting the "Listing" tab, and confirming that your newly added cloud account is listed.

Updated 15 days ago

Projects (GCP)

Integrating a GCP Project with InsightCloudSec

Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.