Begin Scanning a Google Cloud Storage App
Before you begin scanning a Google Cloud Storage app, you must create a service account and enable Administrator and client API access. As you prepare the Google Cloud Storage account, take note of the following values that you need to setup the app within Aperture:
New Private Key
A P12 format private key certificate issued from your Google service account. This required certificate is uploaded in Aperture when adding the Google Cloud Storage app.
Private Key Password
The default password for the new private key.
The client ID is entered when enabling Google Cloud Storage domain-wide delegation, and in Aperture when adding the Google Cloud Storage app.
Google Administrator email
The email entered to create a service account in Google Cloud Storage, and in Aperture when adding the Google Cloud Storage app.
- Create a service account in Google for Google
- Log in to Google Developer Console as the Google
Cloud Storage administrator.If you have not used the Developer Console before, Agree to the Google Cloud Platform Terms of Service.
- At the top of the screen next to your most recent project name, click to open your projects list and then Create a new project.
- Select your organization (domain) and click to create your new project.
- Name your project Aperture Google Cloud Storage and Create the project.
- Click the and then Create Project: Aperture Google Cloud Storage.
- Search for Credentials.
- Select OAuth Consent screen and enter Aperture Google Cloud Storage in Product Name Shown to Users and Save the project.
- Select CredentialsCreate CredentialsService Account Key.
- Select New Service Account and
enter a service account name as Aperture Google Storage.
Select P12 as the Key Type and Create the service
account key.Select Create Without Role if a warning message displays.
- A default password and new private key are issued, Save the
new private key to your computer.Store the private key securely as the key cannot be recovered if lost, and is required for adding the Google Cloud Storage app in Aperture.
- Select CredentialsManage Service Accounts.
- Click the three dots to the right of the service account you created and select Edit.
- Enable G Suite Storage Domain-wide Delegation and Save the setting.
- Click View Client ID for Aperture
Google Storage.Note the value of the Client ID, and Save the ID.
- Log in to Google Developer Console as the Google Cloud Storage administrator.
- Enable API Access in Google Cloud Storage.
- In your account, select APIs & ServicesDashboardEnable APIs and Services.
- Select Google Cloud Storage Admin SDK API, and then Enable the API.
- Go back to DashboardAPIs & ServicesLibrary and Enable the following
- Google Cloud Resource Manager API.
- Google Cloud Storage.
- Google Cloud Pub/Sub API.
- Enable API Client access to Google Cloud Storage.
- In a new browser window, log in to Google Admin Account as the Google Cloud Storage Administrator.
- Select SecurityShow more.
- Select Advanced SettingsManage API Client Access.
- Enter the Client ID previously
noted in Client Name.Copy and paste the following scope in One or More API Scopes, and then Authorize access to data in Google services.
https://www.googleapis.com/auth/admin.directory.user.security,https://www.googleapis.com/auth/cloud-platform,https://www.googleapis.com/auth/devstorage.read_write,https://www.googleapis.com/auth/admin.directory.groupCode copied to clipboardUnable to copy due to lack of browser support.
- Add the Google Cloud Storage app.
- From the Aperture Dashboard, Add a Cloud App.
- Select Google Cloud Storage and then Click here to prepare your Google Cloud Storage Account.
- Enter the Google Administrator Email, the Service account ID previously noted, and click Certificate to browse and upload the P12 format private key certificate issued from your Google service account. Click Next.
- Review the initial project scan discoveries and select
the projects to monitor.If you Cancel the setup at any time, you must start over again.
- Enable Automatically scan new projects to scan all new projects.
- To select individual projects, select the Project to scan from the list.
- Save your scan setting to proceed scanning all discovered projects.
- Cancel if you do not want to proceed with scanning the discovered projects.
- Review the initial bucket scan discoveries and select
the buckets to monitor.
- Enable Scan all current and any new buckets to scan all new buckets.
- To select individual buckets, select the Bucket to scan from the list.
- Save your scan setting to proceed scanning all discovered buckets.
- Cancel if you do not want to proceed with scanning the discovered buckets.
- Define global scan settings.
- Add policy rules.When you add a new cloud app, the Aperture service automatically scans the app against the default data patterns and displays the match occurrences. As a best practice, consider the business use of your app to determine whether you want to Add a New Policy Rule for Content to look for risks unique to the new app.
- (Optional) Configure or edit a data pattern.When you add a new cloud app, the Aperture service automatically scans the app against the default data patterns and displays the match occurrences. You can Configure Data Patterns to identify specific strings of text, characters, words, or patterns to make it possible to find all instances of text that match a data pattern you specify.
- Start scanning the new Google Cloud Storage app for risks.
- Select SettingsCloud Apps & Scan Settings.
- In the Cloud Apps row that corresponds to the new Google Cloud Storage app, select ActionsStart Scanning.
- Monitor the results of the scan.As the Aperture service starts scanning files and matching them against enabled policy rules, Monitor Scan Results on the Dashboard to verify that your policy rules are effective.Monitoring the progress of the scan during the discovery phase allows you to Fine-Tune Policy to modify the match criteria and ensure better results.
- (Optional) To view the status of the Projects and Buckets that are currently being scanned, select SettingsCloud App and Scan Settings. Select a Google Cloud Storage App from the list of Cloud Apps and expand the ProjectsBuckets to view the scan details.
New Features Introduced in April 2018
New Features Introduced in April 2018 The following table provides a snapshot of new features introduced for Aperture™ in April 2018. Refer to the Aperture ...
Begin Scanning Third-Party Apps on the G Suite Marketplace
Begin Scanning Third-Party Apps on the G Suite Marketplace Before you begin scanning third-party apps, you must create a service account and enable Administrator and ...
Begin Scanning a Google Drive App
Add your Google Drive App to the Aperture service to begin scanning and monitoring assets for possible security risks. ...
New Features Introduced in June 2018
New Features Introduced in June 2018 The following table provides a snapshot of new features introduced for Aperture™ in June 2018. Refer to the Aperture ...
Add Cloud Apps to the Aperture Service
Add Cloud Apps to the Aperture Service To begin securing the Supported SaaS Applications The Aperture service provides a consistent security policy for your SaaS ...
Supported SaaS Applications
The Aperture service provides a consistent security policy for your SaaS applications to detect data exfiltration and malware propagation. ...
Begin Scanning a Microsoft Azure Storage App
Configure your Microsoft Azure Storage app to connect to the Aperture service to enable the monitoring and scanning of your resources. ...
Set Up Your GCP Account for the RedLock Service
Configure your GCP account to enable the RedLock service to ingest, analyze, and monitor the resources deployed within a project or at the organization level. ...
Begin Scanning a Gmail App
Begin Scanning a Gmail App To begin scanning a Gmail app: Enable the privileges required for communication between the Aperture service and the Gmail app. ...