SECBERUS is completely agentless and uses a read-only API permission to securely access your GCP metadata. In order to create a GCP data source in Secberus you will need administrator access to the Google Cloud console.
SETUP ORGANIZATIONS FIRST
Secberus uses "Organizations" to allow users to segment visibility, posture, teams, and actions within the platform.
Cloud environments only exist within Organizations, so it is important to make sure you setup your organizational structure first before onboarding cloud environments to those specific Organizations.
Click here to Setup Organizations.
What to Expect
Connecting a GCP account takes about 5 minutes and requires administrative access to the cloud environment you wish to connect.
- From the GCP console, select IAM & Admin and click Service Accounts.
- Select + CREATE SERVICE ACCOUNT.
- Populate the Service account name and Service account description fields, then click CREATE AND CONTINUE.
- Using the Role selector to select the Basic > Viewer role.
- With the Role set to Viewer click the CONTINUE button.
- Leave the optional fields blank for step 3, and select the DONE button.
- Select the newly created service account from the Service accounts screen.
- With the service account open, select the KEYS tab and use the ADD KEY menu to Create new key.
- In the Create private key window leave the Key type as JSON and click CREATE.
- The private key will be saved to your computer. Save this file for the next steps.
- Go to the Secberus application and select Data sources under Settings and click the GCP icon under Add new data source.
- Populate the Name field for the new data source. Open the json file from step 10 and copy the project_id value from the json into the Projects field.
- Finally, select the json from step 10 and click Connect.
You have successfully onboarded a data source for your Google Cloud Platform account. You can now add more GCP accounts, onboard other cloud provider accounts, or apply a policy to this GCP account. Additionally, you can view the connection status of each data source monitored once Secberus begins collection resource data for evaluation.
Updated 2 days ago