WebsiteTest Drive

Google GCP

This is a combined document for enabling the Dropzone AI Data Source and Alert Source for GCP (Google Cloud Platform).

The Dropzone AI platform integrates with GCP (Google Cloud Platform) APIs for ingesting alerts and enriching investigations with data from GCP such as VM and service account information. This document describes how to set up API credentials and install them into the Dropzone platform.

Integration Overview

To enable these integrations you will perform the following actions:

  • Determine which section of your GCP environment to enable Dropzone visibility

  • Grant IAM access to the Dropzone service account

  • Enable the Alert and Data sources

Determine Dropzone Visibilty Scope

Dropzone requires some IAM access to query your GCP environment.

You will later be granting the Dropzone service account access to a portion of your GCP evironment at either a folder level or the whole organization.

In the screenshot below if you were to grant access via the production folder then access would be for the Project FreezeRay project, and any other folders or projects you add to production in the future. However it would not be available to alligator-apples. If you grant access via the top level org, example.net then it would apply to all folders and projects going forward.

Resource Selection

When enabling the integration you will be supplying the ID of the top level folder or organization, and Dropzone will recurse through all objects thereunder when making Data Source queries.

When you've chosen your folder or org, record the ID value for use later in the Dropzone UI where it is called "Parent Resource"."

Identify the service account email address

You will need the email address of the Dropzone service account.

  • Navigate to your Dropzone AI tenant home page e.g. https://mycompany.dropzone.app

  • In the bottom left hand corner, click Settings > Integrations

Integrations Dropdown

  • Click "Available"

Click Available

  • In the Search bar, search GCP, then click "Configure"

The GCP Tile

  • Record the "SERVICE ACCOUNT EMAIL" field for use in the GCP Console interface

SERVICE ACCOUNT EMAIL

Grant GCP Access to Dropzone Service Account

Project Dropdown

  • Click the current project dropdown

  • Click "All"

  • Select the organization or the folder you've chosen for Dropzone visibility

Resource Selection

  • Navigate to "IAM & Admin" > IAM from the left menu

IAM & Admin Menu

  • In "New principals", input the email address you copied earlier from the Dropzone UI "SERVICE ACCOUNT EMAIL"

Input email address from the Dropzone UI Service Account Email

Click on "Select a role"

  • Add the following roles:

Role Name
Purpose
Used By

Security Center Admin Viewer

View GCP entity details and configurations

Alert Source Integration

Browser

View GCP resources

Data Source Integration

Cloud Asset Viewer

View cloud assets

Data Source Integration

Compute Viewer

View compute resources

Data Source Integration

Folder Viewer

View folders

Data Source Integration

Logs Viewer

View GCP logs

Data Source Integration

Organization Role Viewer*

View organization roles

Data Source Integration

Organization Viewer*

View organization resources

Data Source Integration

Private Logs Viewer

View private logs

Data Source Integration

Security Reviewer

Review security configurations

Data Source Integration

Storage Object Viewer

View storage objects

Data Source Integration

Tag Viewer

View tags

Data Source Integration

* These roles should only be included if the top-level parent is an organization.

  • Continue adding roles via the "ADD ANOTHER ROLE" button until complete

Add another role

  • Click "SAVE"

Enable The Dropzone Data Source Integration

The Data source integration allows Dropzone AI to interact with your GCP environment to gather information for use in investigation analysis and interactive chat.

You'll need the following information:

Dropzone Field
Source

Parent Resource

The ID of the org or folder where you granted Dropzone access

To enable the Data Source integration, do the following:

  • Navigate to your Dropzone AI tenant home page e.g. https://mycompany.dropzone.app

  • In the bottom left hand corner, click Settings > Integrations

Integrations Dropdown

  • Click "Available"

Click Available

  • In the Search bar, search GCP, then click "Configure"

The GCP Tile

  • Under the Data Source heading, input the "Parent Resource" ID

  • Select the "Parent Resource Type" that matches the resource you've selected (folder or organization)

  • Select the "Default Zone". This is used for queries (such as finding VMs) when a zone is not specified

The GCP Data Source configuration

  • Click "Test & Save" to finish

If you have any errors engage your Dropzone AI support representative.

Enable The Dropzone Alert Source Integration

The Alert Source integration allows Dropzone AI to pull alerts from GCP for investigation.

You'll need the following information:

Dropzone Field
Source

Parent Resource

The ID of the org or folder where you granted Dropzone access

To enable the Alert Source integration, do the following:

  • Navigate to your Dropzone AI tenant home page e.g. https://mycompany.dropzone.app

  • In the bottom left hand corner, click Settings > Integrations

Integrations Dropdown

  • Click "Available"

Click Available

  • In the Search bar, search GCP, then click "Configure"

The GCP Tile

  • Under the Alert Source heading, input the "Parent Resource" ID

  • Select the "Parent Resource Type" that matches the resource you've selected (folder or organization)

The GCP Alert Source configuration

  • Click "Test & Save" to finish

You should begin ingesting alerts immediately.

If you have any errors or questions, engage your Dropzone AI support representative.

PreviousGoogle WorkspaceNextJira

Last updated

Was this helpful?