Monitoring Google Cloud Platform

Overview

Google Cloud Platform (GCP) is Google's cloud solution. TOS Aurora monitors GCP for policy revision changes.

To see which TOS features are supported for your device, review the feature support table.

The GCP project allows Google users to manage and create their virtual machines (VMs), assign them to a specific virtual private cloud (VPC). The VPCs contain firewalls which define security rules and restricts access between VMs, and specify the supported objects and services.

Prerequisites

  • Since every GCP project has a different project ID, verify that you have the project ID of your GCP project. You need this ID to monitor the required projects.

  • Generate a service account key in a JSON format for your GCP project and save it on your system.

  • Before you start, make sure that the GCP service account that you use for TOS Aurora monitoring has permission to run these commands: (TOS Aurora requires minimum permissive privileges to monitor devices.)

    • Policy Visibility only:

      compute.firewalls.list
      compute.instances.list
      compute.networks.list
      compute.projects.get
      compute.subnetworks.list
      resourcemanager.projects.get
      serviceusage.services.list
      compute.firewalls.list compute.instances.list compute.networks.list compute.projects.get compute.subnetworks.list resourcemanager.projects.get serviceusage.services.list
    • Policy Visibility and Topology:

      compute.firewalls.list
      compute.instances.list
      compute.interconnectAttachments.list
      compute.interconnects.list
      compute.networks.list
      compute.projects.get
      compute.routers.get
      compute.routers.list
      compute.routes.get
      compute.routes.list
      compute.subnetworks.list
      compute.vpnGateways.list
      compute.vpnTunnels.list
      resourcemanager.projects.get
      serviceusage.services.list
      compute.firewalls.list compute.instances.list compute.interconnectAttachments.list compute.interconnects.list compute.networks.list compute.projects.get compute.routers.get compute.routers.list compute.routes.get compute.routes.list compute.subnetworks.list compute.vpnGateways.list compute.vpnTunnels.list resourcemanager.projects.get serviceusage.services.list

Add a Device

  1. Select Google Cloud > GCP Project:

  2. Configure the device settings:

    • Device Type: This value is preloaded as Google GCP Project.

    • Name for Display: Name of the GCP project.

    • Domain: Available only if you have configured your system for managing multi-domains and All Domains is currently selected. Select the domain to which to add the device. The Domain can only be entered when adding a device; to change the Domain, you must migrate the device.

  3. Click Next.
  4. Specify the Project ID of your GCP project.

  5. Click Browse and import JSON file to upload the file that contains the GCP service account key (see Prerequisites).

  6. Select the Proxy check box to add the ability to connect SecureTrack to the GCP Project device using a local proxy server.

    The proxy acts as an intermediary between the client and the server, providing secure access to resources while protecting the server from threats such as malware.

    If you connect to the device with a proxy server, select Proxy and enter the relevant credentials.

  7. Click Next.
  8. In Monitoring Settings, do one of the following:

    • Select Default to use real-time monitoring and timing settings from the Timing page.

    Otherwise, select Custom and configure the monitoring mode and settings.

    • In Periodic Polling, select Custom settings and configure the Polling frequency - the frequency at which TOS Aurora fetches the configuration from each device.

      If you select 1 day, you can then select the exact time (hour and minute) for the daily polling.

  9. Click Next
  10. Save the configuration.

    The GCP project now appears in the Monitored Devices list.

Configure a Monitored Device

After you add a device, further configuration options are available.

Options vary depending on your environment.

Example

  • Edit configuration: Use the wizard to modify selected device settings. See Add a Device in this topic.

  • Delete this device: Type yes to confirm that you want to delete the device.

  • Import Virtual Private Clouds: Select the Virtual Private Clouds to be added.

  • Migrate (ST servers): Available in distributed deployments. Select the server where the device will be monitored and click Migrate.

  • Migrate (Domains): Available in multi-domain deployments. Select the domain where the device will be monitored and click Migrate.

How Do I Get Here?

SecureTrack > Monitoring > Manage Devices