forked from elastic/security-docs
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
8.10 CSPM onboarding updates (elastic#3806)
* First draft. TOC updates and GCP instructions * fixes filename * adds details to Findings pages * minor edit * Updated tags * minor title change * Update docs/cloud-native-security/cspm-get-started-gcp.asciidoc Co-authored-by: Uri Weisman <[email protected]> * Update docs/cloud-native-security/cspm-get-started-gcp.asciidoc Co-authored-by: Uri Weisman <[email protected]> * updating the main CSPM page to be more accurate with the required agent version * adds CSPM for AWS organization steps, addresses CSPM for GCP feedback * formatting update * minor edits * test code blocks * test * test * format * minor edits * minor formatting update * Incorporates Tinsae's feedback * image updates * minor edits * edit finish manual setup section * Update docs/cloud-native-security/cspm-get-started-aws.asciidoc * Update docs/cloud-native-security/cspm-get-started-gcp.asciidoc * Update docs/cloud-native-security/cspm-get-started-gcp.asciidoc * minor edit * minor edit --------- Co-authored-by: nastasha.solomon <[email protected]> Co-authored-by: Tin <[email protected]> Co-authored-by: Uri Weisman <[email protected]> Co-authored-by: tinnytintin10 <[email protected]>
- Loading branch information
1 parent
051ee0d
commit b3a83a6
Showing
9 changed files
with
239 additions
and
30 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,82 @@ | ||
[[cspm-get-started-gcp]] | ||
= Get started with CSPM for GCP | ||
|
||
[discrete] | ||
[[cspm-overview-gcp]] | ||
== Overview | ||
|
||
This page explains how to get started monitoring the security posture of your cloud assets using the Cloud Security Posture Management (CSPM) feature. | ||
|
||
.Requirements | ||
[sidebar] | ||
-- | ||
* The CSPM integration is available to all {ecloud} users. On-premise deployments require an https://www.elastic.co/pricing[Enterprise subscription]. | ||
* To view posture data, you need `read` privileges for the following {es} indices: | ||
** `logs-cloud_security_posture.findings_latest-*` | ||
** `logs-cloud_security_posture.scores-*` | ||
** `Logs-cloud_security_posture.findings` | ||
* The user who gives the CSPM integration GCP permissions must be a GCP project `admin`. | ||
-- | ||
|
||
[discrete] | ||
[[cspm-setup-gcp]] | ||
== Set up CSPM for GCP | ||
|
||
To set up CSPM for GCP, first add the CSPM integration, then enable cloud account access. | ||
|
||
|
||
[discrete] | ||
[[cspm-add-and-name-integration-gcp]] | ||
=== Add your CSPM integration | ||
. From the Elastic Security *Get started* page, click *Add integrations*. | ||
. Search for `CSPM`, then click on the result. | ||
. Click *Add Cloud Security Posture Management (CSPM)*. | ||
. Give your integration a name that matches the purpose or team of the GCP account you want to monitor, for example, `dev-gcp-project`. | ||
|
||
[discrete] | ||
[[cspm-set-up-cloud-access-section-gcp]] | ||
=== Set up cloud account access | ||
To setup CSPM for a GCP project, you will need to have admin privileges for the project. | ||
|
||
For most users, the simplest option is to use a Google Cloud Shell script to automatically provision the necessary resources and permissions in your GCP account. This method, as well as two manual options, are described below. | ||
|
||
[discrete] | ||
[[cspm-set-up-cloudshell]] | ||
=== Cloud Shell script setup (recommended) | ||
|
||
. Under **Setup Access**, select **Google Cloud Shell**. | ||
. Under **Where to add this integration**: | ||
.. Select **New Hosts**. | ||
.. Name the {agent} policy. Use a name that matches the purpose or team of the cloud account or accounts you want to monitor. For example, `dev-gcp-account`. | ||
.. Click **Save and continue**, then **Add {agent} to your hosts**. The **Add agent** wizard appears and provides {agent} binaries, which you can download and deploy to a VM in your GCP account. | ||
. Click **Save and continue**. | ||
. Copy the command that appears, then click **Launch Google Cloud Shell**. It opens in a new window. | ||
. Check the box to trust Elastic's `cloudbeat` repo, then click **Confirm** | ||
+ | ||
image::images/cspm-cloudshell-trust.png[The cloud shell confirmation popup] | ||
+ | ||
. In Google Cloud Shell, execute the command you copied earlier. Once it finishes, return to {kib} and wait for the confirmation of data received from your new integration. Then you can click **View Assets** to see your data. | ||
|
||
NOTE: During Cloud Shell setup, the CSPM integration adds roles to Google's default service account, which enables custom role creation and attachment of the service account to a compute instance. | ||
After setup, these roles are removed from the service account. If you attempt to delete the deployment but find the deployment manager lacks necessary permissions, consider adding the missing roles to the service account: | ||
https://cloud.google.com/iam/docs/understanding-roles#resourcemanager.projectIamAdmin[Project IAM Admin], https://cloud.google.com/iam/docs/understanding-roles#iam.roleAdmin[Role Administrator]. | ||
|
||
[discrete] | ||
[[cspm-set-up-manual-gcp]] | ||
=== Manual setup | ||
|
||
. Under **Setup Access** select **Manual**. | ||
. Enter your GCP **Project ID**. | ||
. Select either **Credentials File** or **Credentials JSON**. | ||
. Enter the credentials information in your selected format. | ||
. Under **Where to add this integration**, | ||
.. If you want to monitor a GCP project where you have not yet deployed {agent}: | ||
... Select **New Hosts**. | ||
... Name the {agent} policy. Use a name that matches the purpose or team of the cloud account or accounts you want to monitor. For example, `dev-gcp-account`. | ||
... Click **Save and continue**, then **Add {agent} to your hosts**. The **Add agent** wizard appears and provides {agent} binaries, which you can download and deploy to a VM in your GCP account. | ||
.. If you want to monitor a GCP project where you have already deployed {agent}: | ||
... Select **Existing hosts**. | ||
... Select an agent policy that applies the GCP project you want to monitor. | ||
. Click **Save and continue**. | ||
|
||
Wait for the confirmation that {kib} received data from your new integration. Then you can click **View Assets** to see your data. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Oops, something went wrong.