GCP

Overview

Visualize and analyze GCP resources, including projects, buckets, instances, VMs, and databases. Gain actionable insights into resource utilization, governance, and security posture. Monitor resource visibility, identify misconfigurations, ensure compliance with organizational policies, and detect vulnerabilities in infrastructure and data.

Configurations

Configuration
Description

Blueprint Account Name

A human-readable name for your account that will be used to identify this account across the application.

Gcp Project ID

The unique identifier for your Google Cloud project.

Service Type

The type of GCP service you are integrating with (e.g., Compute Engine, Storage, etc.).

Client ID

The ID of the client associated with the service account for authentication.

Client Email

The email address associated with the service account used for authentication.

Private Key ID

The unique identifier for the private key associated with the service account.

Private Key

The private key used to authenticate the service account.

Url

The endpoint URL for the GCP service you are connecting to (if applicable).

Regions

The GCP regions where resources will be discovered and monitored.

Data Crawl Frequency

The frequency at which Kaleidoscope will crawl the account for resources.

Event Crawl Frequency

The frequency at which Kaleidoscope will crawl for events and activity logs.

Permissions

The GCP blueprint requires a Service Account with appropriate IAM roles. You can create a service account by clicking here. Please ensure that you give the service account a descriptive name and assign the required IAM roles.

When creating the service account, you will need to:

  1. Create the service account

  2. Assign the required IAM roles

  3. Generate and download a JSON key file

  4. Extract the Client ID, Client Email, Private Key ID, and Private Key from the JSON file

Schema Model

Resources
Source Entity
Normalized Entity
Description

Attached Disk

gcp.compute.AttachedDisk

Storage

A disk attached to a GCP compute instance.

Compute Attributes

gcp.compute.ComputeAttributes

Attributes

Attributes of a GCP compute resource.

Disk

gcp.compute.Disk

Storage

A persistent disk in GCP compute.

Firewall

gcp.compute.Firewall

Firewall

A firewall for controlling network traffic.

Firewall Rule

gcp.compute.FirewallRule

Rule

A rule defining firewall behavior.

IP Range

gcp.compute.IPRange

IPRange

A range of IPs defined for a network.

Instance

gcp.compute.Instance

Instance

A virtual machine instance in GCP.

Network

gcp.compute.Network

Network

A virtual network in GCP.

Network Interface

gcp.compute.NetworkInterface

Interface

A network interface for compute resources.

Subnetwork

gcp.compute.Subnetwork

Subnetwork

A subnetwork within a GCP virtual network.

DNS Attributes

gcp.dns.DNSAttributes

Attributes

Attributes of a DNS resource in GCP.

DNS Key Spec

gcp.dns.DnsKeySpec

KeySpec

Specification of a DNS key in GCP.

Managed Zone

gcp.dns.ManagedZone

Zone

A managed DNS zone in GCP.

Managed Zone Cloud Logging Config

gcp.dns.ManagedZoneCloudLoggingConfig

LoggingConfig

Logging configuration for a DNS zone.

Managed Zone DNS Sec Config

gcp.dns.ManagedZoneDnsSecConfig

DNSConfig

DNS security configuration for a zone.

Managed Zone Forwarding Config

gcp.dns.ManagedZoneForwardingConfig

ForwardingConfig

Forwarding configuration for a DNS zone.

Managed Zone Forwarding Config NameServer

gcp.dns.ManagedZoneForwardingConfigNameServerTarget

NameServerTarget

A target name server for forwarding config.

Managed Zone Peering Config

gcp.dns.ManagedZonePeeringConfig

PeeringConfig

Peering configuration for a DNS zone.

Managed Zone Peering Config Target Network

gcp.dns.ManagedZonePeeringConfigTargetNetwork

TargetNetwork

A target network for peering config.

Managed Zone Private Visibility Config

gcp.dns.ManagedZonePrivateVisibilityConfig

VisibilityConfig

Configuration for private visibility.

Managed Zone Private Visibility Config GKE

gcp.dns.ManagedZonePrivateVisibilityConfigGKECluster

GKEVisibility

GKE cluster configuration for visibility.

Managed Zone Private Visibility Config Network

gcp.dns.ManagedZonePrivateVisibilityConfigNetwork

NetworkVisibility

Network visibility configuration.

Managed Zone Reverse Lookup Config

gcp.dns.ManagedZoneReverseLookupConfig

ReverseLookup

Configuration for reverse DNS lookup.

Managed Zone Service Directory Config

gcp.dns.ManagedZoneServiceDirectoryConfig

ServiceDirectory

Service directory configuration for a zone.

Resource Record Set

gcp.dns.ResourceRecordSet

RecordSet

A set of DNS resource records.

GKE Attributes

gcp.gke.GKEAttributes

Attributes

Attributes of a GKE resource.

GKE Cluster

gcp.gke.GKECluster

Cluster

A Kubernetes cluster in GCP.

GKE Node Config

gcp.gke.GKENodeConfig

NodeConfig

Configuration for a GKE node.

GKE Node Pool

gcp.gke.GKENodePool

NodePool

A node pool in a GKE cluster.

ACL Rule

gcp.storage.ACLRule

Rule

Access control list rule for storage.

Autoclass

gcp.storage.Autoclass

Class

Autoclass configuration for storage.

Bucket

gcp.storage.Bucket

Storage

A storage bucket in GCP.

Bucket Encryption

gcp.storage.BucketEncryption

Encryption

Encryption settings for a bucket.

Bucket Logging

gcp.storage.BucketLogging

Logging

Logging settings for a bucket.

Bucket Policy Only

gcp.storage.BucketPolicyOnly

Policy

Policy configuration for a bucket.

CORS

gcp.storage.CORS

CORS

Cross-origin resource sharing configuration.

Custom Placement Config

gcp.storage.CustomPlacementConfig

PlacementConfig

Custom placement configuration.

Lifecycle

gcp.storage.Lifecycle

Lifecycle

Lifecycle rules for storage.

Lifecycle Action

gcp.storage.LifecycleAction

Action

An action defined in a lifecycle rule.

Lifecycle Condition

gcp.storage.LifecycleCondition

Condition

A condition defined in a lifecycle rule.

Lifecycle Rule

gcp.storage.LifecycleRule

Rule

A rule in a storage lifecycle policy.

Object

gcp.storage.Object

Object

An object stored in a GCP bucket.

Project Team

gcp.storage.ProjectTeam

Team

A project team configuration.

Retention Policy

gcp.storage.RetentionPolicy

RetentionPolicy

Retention policy for a storage bucket.

Soft Delete Policy

gcp.storage.SoftDeletePolicy

SoftDeletePolicy

Soft delete policy for storage.

Storage Attributes

gcp.storage.StorageAttributes

Attributes

Attributes of a storage resource.

Events

Event
Description

k8s_container

Monitors and manages Kubernetes containers running in GKE clusters.

k8s_cluster

Represents a Google Kubernetes Engine (GKE) cluster.

cloud_composer_environment

Refers to an instance of Cloud Composer, used for workflow orchestration.

k8s_node

Represents a node in a Kubernetes cluster.

dns_managed_zone

Refers to a DNS managed zone in Google Cloud DNS.

k8s_pod

Tracks and manages individual pods in a Kubernetes cluster.

cloudsql_database

Represents a Cloud SQL database instance.

apigateway.googleapis.com/Gateway

Represents an API Gateway deployment in Google Cloud.

cloud_run_revision

Represents a specific revision of a Cloud Run service.

gce_instance

Refers to a Compute Engine virtual machine instance.

gce_instance_group_manager

Manages instance groups in Compute Engine.

gke_nodepool

Refers to a group of nodes within a GKE cluster.

gce_instance_template

Defines a template for Compute Engine instances.

gce_instance_group

Represents a managed or unmanaged instance group in Compute Engine.

networking.googleapis.com/Location

Provides networking details based on geographic location.

audited_resource

Tracks resources audited in Google Cloud's Audit Logs.

PreviousAzure DevOpsNextGithub

Last updated

Was this helpful?