Big savings, Better ROI! Exclusive discounts on ManageEngine Products!* Boost your business *T&C apply
    Click here to shrink
    Click here to expand Click here to expand

    Attack Surface Analyzer for Google Cloud Directory

    With the Attack Surface Analyzer, you can detect threats within your Google Cloud directory and enhance cloud security.

    Listed below are the services tracked by the Attack Surface Analyzer for Google Cloud directory:

    • GCP Compute Engine
    • GCP VPC Networks
    • GCP Big Query
    • GCP Network Services
    • GCP Cloud Storage
    • GCP KMS
    • GCP SQL
    • GCP Logging
    • GCP Kubernetes Engine
    • GCP Organization
    • GCP App Engine
    • GCP Cloud Function
    • GCP Composer
    • GCP Dataproc
    • GCP Cloud Run
    • GCP Big Table
    • GCP Deployment Manager
    • GCP Pub/Sub
    • GCP FileStore
    • GCP Spanner
    • GCP AlloyDB
    • GCP Batch
    • GCP Build
    • GCP API and Services
    • GCP DataFlow
    • GCP Load Balancing
    • GCP API Keys
    • GCP IAM
    • GCP Projects

    Prerequisites

    For the Attack Surface Analyzer to function seamlessly, the ADAudit Plus server should have a working internet connection. Additionally, the outbound HTTPS port 443 needs to be opened on the ADAudit Plus server to communicate with Google Cloud Directory.

    Before configuring your Google Cloud Directory for attack surface analysis in ADAudit Plus, you will need to:

    Note: ADAudit Plus supports project-based Google Cloud directory configuration for attack surface analysis.

    Create a custom role

    1. Open the Google Cloud console and select the project for which you want to create a custom role.
    2. In the top-right, find and select the Activate Cloud Shell icon.
    3. Attack Surface Analyzer for Amazon Web Services

    4. Within the Cloud Shell Terminal, select Open editor on the top menu.
    5. Attack Surface Analyzer for Amazon Web Services

    6. In the left pane, find and select the New File... icon and create a new YAML file with a suitable name. For example: roleCreation.yaml.
    7. Attack Surface Analyzer for Amazon Web Services

    8. Copy the permission statement from this file and paste it in the YAML file that you just created.
    9. Note: Ensure that you don't modify the indentation when pasting the permission statement.

    10. In the permission statement that you just pasted in the YAML file:
      • Find the line containing title: "ROLE_NAME" and replace "ROLE_NAME" with a suitable title of your choice. For example: Test_Role.
      • Find the line containing description: "ROLE_DESCRIPTION" and replace "ROLE_DECRIPTION" with a suitable description of your choice.
    11. Click Open Terminal from the top menu to go back to the Cloud Shell Terminal.
    12. Attack Surface Analyzer for Amazon Web Services

    13. Execute the following command to create the custom role at the organization level:
    14. gcloud iam roles create ROLE_ID --organization=ORGANIZATION_ID --file=YAML_FILE_PATH

      For example: gcloud iam roles create Test_Role --organization=********* --file=roleCreation.yaml

      In the above command:

      • Replace ROLE_ID with the title that you used in the YAML file in step five.
      • Replace ORGANIZATION_ID with the Project ID.
      • Attack Surface Analyzer for Amazon Web Services

      • Replace YAML_FILE_PATH with the name of the YAML file that you created in step four.
    15. In the Authorise Cloud Shell pop-up that appears, click AUTHORISE.
    16. In the Google Cloud console, navigate to the IAM and admin section, select Roles from the left pane, and ensure that the role you just created is listed.
    17. Attack Surface Analyzer for Amazon Web Services

    Create a service account

    1. Open the Google Cloud console and select the project for which you want to create a service account.
    2. Navigate to the IAM and admin section, select Service accounts from the left pane, and click +CREATE SERVICE ACCOUNT.
    3. Attack Surface Analyzer for Amazon Web Services

    4. Under Service account details, enter a suitable Service account name and a Service account description. The Service account ID will be generated automatically based on the service account name.
    5. Click CREATE AND CONTINUE.
    6. Attack Surface Analyzer for Amazon Web Services

    7. Under Grant this service account access to the project, click Select a role, choose Custom, and select the role that you created earlier.
    8. Click CONTINUE, and then click DONE.
    9. Attack Surface Analyzer for Amazon Web Services

    10. Once the service account is created, select it, navigate to the KEYS tab, click ADD KEY, and select Create new key from the drop-down.
    11. Attack Surface Analyzer for Amazon Web Services

    12. Choose JSON as the key type and click CREATE. This will create a JSON key file for your service account and save it to your local machine.
    13. Attack Surface Analyzer for Amazon Web Services

    14. Open the JSON file to find the Client Email, Project ID, and Private Key values, which will be needed when configuring the Google Cloud directory in ADAudit Plus.

    Note: Remember to keep this JSON key file secure as it contains sensitive information and grants access to your Google Cloud directory resources. If it is ever compromised, you should regenerate the key and update any services that are using it.

    Configure the Google Cloud directory in ADAudit Plus

    1. Log in to your ADAudit Plus web console.
    2. Navigate to the Cloud Directory tab > Attack Surface Analyzer > Configuration > Cloud Directory.
    3. Click +Add Cloud Directory in the top-right.
    4. Select Google Cloud from the Add Cloud Directory pop-up.
    5. Attack Surface Analyzer for Amazon Web Services

    6. Enter the Display Name, Client Email, Project ID, and Private Key values found in the service account JSON key file that you downloaded.
    7. Select the Audit Log check box if you want to fetch and monitor all activities happening within your Google Cloud directory environment, and then click Next.
    8. Attack Surface Analyzer for Amazon Web Services

    9. Review your settings and click Finish.

    Don't see what you're looking for?

    •  

      Visit our community

      Post your questions in the forum.

       
    •  

      Request additional resources

      Send us your requirements.

       
    •  

      Need implementation assistance?

      Try onboarding

       

    On this page

    Get download link