Google Cloud

Sectona supports discovery of assets in Google Cloud Platform by sing the Google Cloud Discovery. It provides the real-time visibility and inventory of Google Cloud assets. The discovery refreshes according to a schedule set by the user. Make sure that the account has permissions at the root server level to ensure all target assets are discoverable. If you assign permissions on a folder in the target environment, you will not see the contained assets unless permissions are also defined on the parent resource pool. As a best practice, it is recommended that the account be given read-only access.

Refer section Configuring Credentials for more details before executing this discovery scan.

Requirement	Description
Credential	This discovery method also requires Service Account Key. Refer to Creating and managing service account keys for this activity. Recommended permission for Google Service Account with Read Permissions.

Adding a Google Cloud scan job

Select New Asset Discovery Job as Google Cloud in +Asset Discovery Tab

Attributes	Description
Job Details
Job Title	Enter a unique title for your scan job. For e.g. Production instances
Project	Enter the `project_id` that you get from configuration (JSON) file.
Service Account Email	Enter the `client_email` that you get from configuration (JSON) file.
Service Account Key	Enter the `private_key_id` that you get from configuration (JSON) file.
Subscriptions	Provide the value as NA
Schedule type	Select a schedule type whether you would like to initiate this job once or recurring job. If you select a recurring job, you can choose days this job must be executed on. For e.g. You want to schedule job every 2nd day at 5.00 p.m. from 1st Jan 2018 to scan your network ,include following details: Recur every: 2 days Task Start: 01 Jan 2018 Schedule Start Time: 4:30 pm to 5:15 pm
Task Start	The day when the discovery job will start
Scheduled Time	You can either choose the "Any" or schedule a proper time from when to start the task and when to end the task
Action
On board assets	To start a scan manually with an option to add assets to specify profiles, click the Onboard asset as 'No'. If you wish to include assets automatically to existing group and attributes, select option 'Yes'
Asset description(optional)	Added text will be included in every asset description field
Location(optional)	Added location field will be included in every asset location. You can configure system management location Configuring location tagging
Criticality level(optional)	Added critical field will be included in every asset. This is important while structuring reports and notifications
Tags (optional)	You can associate an asset with your desired single or multiple tags like Infosec, Banking Core Server, ATM Switches, etc. Refer to section Tags for more information about adding context with tags.
Checkout policy	The option is selected as default as one can choose its policy by unchecking the default option and selecting the policy from the drop-down list available.
Rotation policy	The option is selected as default as one can choose its policy by unchecking the default option and selecting the policy from the drop-down list available
Reconciliation policy	The option is selected as default as one can choose its policy by unchecking the default option and selecting the policy from the drop-down list available.
Config value 1	The configuration value can be assigned here.
Config value 2	The configuration value can be assigned here.
Config value 3	The configuration value can be assigned here.
Config value 4	The configuration value can be assigned here.
Exclude from Account Discovery	When ticked, the accounts of this asset will be excluded from the Discovery job.
Owner(optional)	If you have listed owner information of all the assets, please include here