Google GCP

The Dropzone AI platform integrates with GCP (Google Cloud Platform) APIs for ingesting alerts and enriching investigations with data from GCP such as VM and service account information. This document describes how to set up API credentials and install them into the Dropzone platform.

Integration Overview

To enable these integrations you will perform the following actions:

  • Determine which section of your GCP environment to enable Dropzone visibility

  • Grant IAM access to the Dropzone service account

  • Enable the Alert and Data sources

Determine Dropzone Visibilty Scope

Dropzone requires some IAM access to query your GCP environment.

You will later be granting the Dropzone service account access to a portion of your GCP evironment at either a folder level or the whole organization.

In the screenshot below if you were to grant access via the production folder then access would be for the Project FreezeRay project, and any other folders or projects you add to production in the future. However it would not be available to alligator-apples. If you grant access via the top level org, example.net then it would apply to all folders and projects going forward.

Resource Selection

When enabling the integration you will be supplying the ID of the top level folder or organization, and Dropzone will recurse through all objects thereunder when making Data Source queries.

When you've chosen your folder or org, record the ID value for use later in the Dropzone UI where it is called "Parent Resource"."

Identify the service account email address

You will need the email address of the Dropzone service account.

  • Navigate to your Dropzone AI tenant home page e.g. https://mycompany.dropzone.app

  • In the bottom left hand corner, click Settings > Integrations

Integrations Dropdown
  • Click "Available"

Click Available
  • In the Search bar, search GCP, then click "Configure"

The GCP Tile
  • Record the "SERVICE ACCOUNT EMAIL" field for use in the GCP Console interface

SERVICE ACCOUNT EMAIL

Grant GCP Access to Dropzone Service Account

Project Dropdown
  • Click the current project dropdown

  • Click "All"

  • Select the organization or the folder you've chosen for Dropzone visibility

Resource Selection
  • Navigate to "IAM & Admin" > IAM from the left menu

IAM & Admin Menu
  • In "New principals", input the email address you copied earlier from the Dropzone UI "SERVICE ACCOUNT EMAIL"

Input email address from the Dropzone UI Service Account Email

Click on "Select a role"

  • Add the following roles:

Role Name
Purpose
Used By

View GCP entity details and configurations

Alert Source Integration

View GCP resources

Data Source Integration

View cloud assets

Data Source Integration

View compute resources

Data Source Integration

View folders

Data Source Integration

View GCP logs

Data Source Integration

View organization roles

Data Source Integration

View organization resources

Data Source Integration

View private logs

Data Source Integration

Review security configurations

Data Source Integration

View storage objects

Data Source Integration

View tags

Data Source Integration

* These roles should only be included if the top-level parent is an organization.

  • Continue adding roles via the "ADD ANOTHER ROLE" button until complete

Add another role
  • Click "SAVE"

Enable The Dropzone Data Source Integration

The Data source integration allows Dropzone AI to interact with your GCP environment to gather information for use in investigation analysis and interactive chat.

You'll need the following information:

Dropzone Field
Source

Parent Resource

The ID of the org or folder where you granted Dropzone access

To enable the Data Source integration, do the following:

  • Navigate to your Dropzone AI tenant home page e.g. https://mycompany.dropzone.app

  • In the bottom left hand corner, click Settings > Integrations

Integrations Dropdown
  • Click "Available"

Click Available
  • In the Search bar, search GCP, then click "Configure"

The GCP Tile
  • Under the Data Source heading, input the "Parent Resource" ID

  • Select the "Parent Resource Type" that matches the resource you've selected (folder or organization)

  • Select the "Default Zone". This is used for queries (such as finding VMs) when a zone is not specified

The GCP Data Source configuration
  • Click "Test & Save" to finish

If you have any errors engage your Dropzone AI support representative.

Enable The Dropzone Alert Source Integration

The Alert Source integration allows Dropzone AI to pull alerts from GCP for investigation.

You'll need the following information:

Dropzone Field
Source

Parent Resource

The ID of the org or folder where you granted Dropzone access

To enable the Alert Source integration, do the following:

  • Navigate to your Dropzone AI tenant home page e.g. https://mycompany.dropzone.app

  • In the bottom left hand corner, click Settings > Integrations

Integrations Dropdown
  • Click "Available"

Click Available
  • In the Search bar, search GCP, then click "Configure"

The GCP Tile
  • Under the Alert Source heading, input the "Parent Resource" ID

  • Select the "Parent Resource Type" that matches the resource you've selected (folder or organization)

The GCP Alert Source configuration
  • Click "Test & Save" to finish

You should begin ingesting alerts immediately.

If you have any errors or questions, engage your Dropzone AI support representative.

Last updated

Was this helpful?