Configure Google Cloud Platform on Netskope UI
Once you have enabled log ingestion on your Google Cloud Platform (GCP) environment, you can now create a GCP app instance on the Netskope UI.
Note
Before you begin this procedure, ensure that the JSON private key file and the service account of logs router (for organization/folder)/writer identity (for project) are handy with you.
Log in to your Netskope tenant UI.
Navigate to Settings > API-enabled Protection > IaaS.
Select the GCP icon and click Setup.
The New Setup pop-up window opens.
In the New Setup pop-up window, enter the following details:
Under Instance Name, enter the name of the GCP instance.
Under Admin Email, enter the email address of the GCP administrator to receive email alerts, notifications, etc.
Under Connection Type, select Stackdriver.
Note
You can uncheck Security Posture.
Under Cloud Provider Information,
upload the JSON private key of the service account you created earlier.
Under Writer Identity, enter the service account of logs router (for organization/folder) / writer identity (for project) copied from logs router.
Note
The writer identity format should be
serviceAccount:<value>@gcp-sa-logging.iam.gserviceaccount.com.
Click Save, and then click Grant Access for the GCP instance you just created.
Refresh your browser, and you should see a green check icon next to the instance name.
Next, you can setup rule-based or machine learning-based policies by going to Policies > Behavior Analytics. To learn more: Behavior Analytics Policies.