Google GCP
Last updated
Was this helpful?
Last updated
Was this helpful?
This is a combined document for enabling the Dropzone AI Data Source and Alert Source for GCP (Google Cloud Platform).
The Dropzone AI platform integrates with GCP (Google Cloud Platform) APIs for ingesting alerts and enriching investigations with data from GCP such as VM and service account information. This document describes how to set up API credentials and install them into the Dropzone platform.
To enable these integrations you will perform the following actions:
Determine which section of your GCP environment to enable Dropzone visibility
Grant IAM access to the Dropzone service account
Enable the Alert and Data sources
Dropzone requires some IAM access to query your GCP environment.
You will later be granting the Dropzone service account access to a portion of your GCP evironment at either a folder level or the whole organization.
In the screenshot below if you were to grant access via the production folder then access would be for the Project FreezeRay project, and any other folders or projects you add to production in the future. However it would not be available to alligator-apples. If you grant access via the top level org, example.net then it would apply to all folders and projects going forward.
When enabling the integration you will be supplying the ID of the top level folder or organization, and Dropzone will recurse through all objects thereunder when making Data Source queries.
When you've chosen your folder or org, record the ID value for use later in the Dropzone UI where it is called "Parent Resource"."
You will need the email address of the Dropzone service account.
Navigate to your Dropzone AI tenant home page e.g. https://mycompany.dropzone.ai
Click System > Integrations
Click "Data Sources" in the top left corner
Find the GCP tile and click "Connect"
Record the "SERVICE ACCOUNT EMAIL" field for use in the GCP Console interface
Go to the GCP cloud console https://console.cloud.google.com
Click the current project dropdown
Click "All"
Select the organization or the folder you've chosen for Dropzone visibility
Navigate to "IAM & Admin" > IAM from the left menu
In "New principals", input the email address you copied earlier from the Dropzone UI "SERVICE ACCOUNT EMAIL"
Click on "Select a role"
Add the following roles:
Continue adding roles via the "ADD ANOTHER ROLE" button until complete
Click "SAVE"
The Data source integration allows Dropzone AI to interact with your GCP environment to gather information for use in investigation analysis and interactive chat.
You'll need the following information:
Parent Resource
The ID of the org or folder where you granted Dropzone access
To enable the Data Source integration, do the following:
Navigate to your Dropzone AI tenant home page e.g. https://mycompany.dropzone.ai
Click System > Integrations
Click "Data Sources" in the top left corner
Find the GCP tile and click "Connect"
Input the "Parent Resource" ID
Select the "Parent Resource Type" that matches the resource you've selected (folder or organization)
Select the "Default Zone". This is used for queries (such as finding VMs) when a zone is not specified
Click "Test & Save" to finish
If you have any errors engage your Dropzone AI support representative.
The Alert Source integration allows Dropzone AI to pull alerts from GCP for investigation.
You'll need the following information:
Parent Resource
The ID of the org or folder where you granted Dropzone access
To enable the Alert Source integration, do the following:
Navigate to your Dropzone AI tenant home page e.g. https://mycompany.dropzone.ai
Click System > Integrations
Click "Alert Sources" in the top left corner
Find the "GCP" tile and click "Connect"
Input the "Parent Resource" ID
Select the "Parent Resource Type" that matches the resource you've selected (folder or organization)
Click "Test & Save" to finish
You should begin ingesting alerts immediately.
If you have any errors or questions, engage your Dropzone AI support representative.
