Google GCP

The Dropzone AI platform integrates with GCP (Google Cloud Platform) APIs for ingesting alerts and enriching investigations with data from GCP such as VM and service account information. This document describes how to set up API credentials and install them into the Dropzone platform.

Integration Overview

To enable these integrations you will perform the following actions:

• Determine which section of your GCP environment to enable Dropzone visibility

• Grant IAM access to the Dropzone service account

• Enable the Alert and Data sources

Determine Dropzone Visibilty Scope

Dropzone requires some IAM access to query your GCP environment.

You will later be granting the Dropzone service account access to a portion of your GCP evironment at either a folder level or the whole organization.

In the screenshot below if you were to grant access via the production folder then access would be for the Project FreezeRay project, and any other folders or projects you add to production in the future. However it would not be available to alligator-apples. If you grant access via the top level org, example.net then it would apply to all folders and projects going forward.

When enabling the integration you will be supplying the ID of the top level folder or organization, and Dropzone will recurse through all objects thereunder when making Data Source queries.

When you've chosen your folder or org, record the ID value for use later in the Dropzone UI where it is called "Parent Resource"."

Identify the service account email address

You will need the email address of the Dropzone service account.

• Navigate to your Dropzone AI tenant home page e.g. https://mycompany.dropzone.ai

• Click System > Integrations

• Click "Data Sources" in the top left corner

• Find the GCP tile and click "Connect"

• Record the "SERVICE ACCOUNT EMAIL" field for use in the GCP Console interface

Grant GCP Access to Dropzone Service Account

• Go to the GCP cloud console https://console.cloud.google.com

• Click the current project dropdown

• Click "All"

• Select the organization or the folder you've chosen for Dropzone visibility

• Navigate to "IAM & Admin" > IAM from the left menu

• In "New principals", input the email address you copied earlier from the Dropzone UI "SERVICE ACCOUNT EMAIL"

Click on "Select a role"

• Add the following roles:

• Continue adding roles via the "ADD ANOTHER ROLE" button until complete

• Click "SAVE"

Enable The Dropzone Data Source Integration

The Data source integration allows Dropzone AI to interact with your GCP environment to gather information for use in investigation analysis and interactive chat.

You'll need the following information:

To enable the Data Source integration, do the following:

• Navigate to your Dropzone AI tenant home page e.g. https://mycompany.dropzone.ai

• Click System > Integrations

• Click "Data Sources" in the top left corner

• Find the GCP tile and click "Connect"

• Input the "Parent Resource" ID

• Select the "Parent Resource Type" that matches the resource you've selected (folder or organization)

• Select the "Default Zone". This is used for queries (such as finding VMs) when a zone is not specified

• Click "Test & Save" to finish

If you have any errors engage your Dropzone AI support representative.

Enable The Dropzone Alert Source Integration

The Alert Source integration allows Dropzone AI to pull alerts from GCP for investigation.

You'll need the following information:

To enable the Alert Source integration, do the following:

• Navigate to your Dropzone AI tenant home page e.g. https://mycompany.dropzone.ai

• Click System > Integrations

• Click "Alert Sources" in the top left corner

• Find the "GCP" tile and click "Connect"

• Input the "Parent Resource" ID

• Select the "Parent Resource Type" that matches the resource you've selected (folder or organization)

• Click "Test & Save" to finish

You should begin ingesting alerts immediately.

If you have any errors or questions, engage your Dropzone AI support representative.