Skip to main content

Netskope Help

Configure Google Cloud Platform on Netskope UI

Once you have enabled log ingestion on your Google Cloud Platform (GCP) environment, you can now create a GCP app instance on the Netskope UI.

Note

Before you begin this procedure, ensure that the JSON private key file and the service account of logs router (for organization/folder)/writer identity (for project) are handy with you.

  1. Log in to your Netskope tenant UI.

  2. Navigate to Settings > API-enabled Protection > IaaS.

  3. Select the GCP icon and click Setup.

    The New Setup pop-up window opens.

  4. In the New Setup pop-up window, enter the following details:

    • Under Instance Name, enter the name of the GCP instance.

    • Under Admin Email, enter the email address of the GCP administrator to receive email alerts, notifications, etc.

    • Under Connection Type, select Stackdriver.

      Note

      You can uncheck Security Posture.

    • Under Cloud Provider Information,

      • upload the JSON private key of the service account you created earlier.

      • Under Writer Identity, enter the service account of logs router (for organization/folder) / writer identity (for project) copied from logs router.

        Note

        The writer identity format should be serviceAccount:<value>@gcp-sa-logging.iam.gserviceaccount.com.

  5. Click Save, and then click Grant Access for the GCP instance you just created.

Refresh your browser, and you should see a green check icon next to the instance name.

Next, you can setup rule-based or machine learning-based policies by going to Policies > Behavior Analytics. To learn more: Behavior Analytics Policies.