Begin Scanning a Google Cloud Storage App
Before you begin scanning a Google Cloud Storage app, you must create a service account and enable Administrator and client API access. As you prepare the Google Cloud Storage account, take note of the following values that you need to setup the app on Prisma SaaS:
New Private Key
A P12 format private key certificate issued from your Google service account. This required certificate is uploaded on Prisma SaaS when adding the Google Cloud Storage app.
Private Key Password
The default password for the new private key.
The client ID is entered when enabling Google Cloud Storage domain-wide delegation, and on Prisma SaaS when adding the Google Cloud Storage app.
Google Administrator email
The email entered to create a service account in Google Cloud Storage, and on Prisma SaaS when adding the Google Cloud Storage app.
- Create a service account in Google for Google Cloud Storage.
- Log in to Google Developer Console as the Google Cloud Storage administrator.If you have not used the Developer Console before,Agreeto the Google Cloud Platform Terms of Service.
- At the top of the screen next to your most recent project name, open your projects list, and thenCreate a new project.
- Select your organization (domain) and add your new project.
- Name your project andCreate.
- Click Notifications andCreate Project: <project name>.
- Search forCredentials.
- SelectOAuth Consent screenand enterPrisma SaaS Google Cloud StorageinProduct Name Shown to UsersandSavethe project.
- Select.CredentialsCreate CredentialsService Account Key
- SelectNew Service Accountand enter a service account name. SelectP12forKey TypeandCreatethe service account key.SelectCreate Without Roleif a warning message displays.
- When the default password and new private key are issued,Saveto your computer.Store the private key securely because the key cannot be recovered if lost, and is required for adding the Google Cloud Storage app on Prisma SaaS.
- Select.CredentialsManage Service Accounts
- Click the three dots to the right of the service account you created and selectEdit.
- Enable G Suite Storage Domain-wide DelegationandSavethe setting.
- ClickView Client IDfor<project name>.Note the value of the Client ID, andSavethe ID.
- Enable API Access in Google Cloud Storage.
- In your account, select.APIs & ServicesDashboardEnable APIs and Services
- Select Google Cloud StorageAdmin SDK API, and thenEnablethe API.
- Go back toandDashboardAPIs & ServicesLibraryEnablethe following APIs:
- Google Cloud Resource Manager API.
- Google Cloud Storage.
- Google Cloud Pub/Sub API.
- Enable API Client access to Google Cloud Storage.
- In a new browser window, log in to Google Admin Account as the Google Cloud Storage Administrator.
- Select.SecurityShow more
- Select.Advanced SettingsManage API Client Access
- Enter theClient IDpreviously noted inClient Name.Copy and paste the following scope inOne or More API Scopes, and thenAuthorizeaccess to data in Google services.https://www.googleapis.com/auth/admin.directory.user.security,https://www.googleapis.com/auth/cloud-platform,https://www.googleapis.com/auth/devstorage.read_write,https://www.googleapis.com/auth/admin.directory.group
- Add the Google Cloud Storage app.
- From the Prisma SaaSDashboard,Add a Cloud App.
- SelectGoogle Cloud Storageand thenClick here to prepare your Google Cloud Storage Account.
- Enter the GoogleAdministrator Email, theService account IDpreviously noted, and clickCertificateto browse and upload the P12 format private key certificate issued from your Google service account. ClickNext.
- Review the initial project scan discoveries and select the projects to monitor.If youCancelthe setup at any time, you must start over again.
- EnableAutomatically scan new projectsto scan all new projects.
- To select individual projects, select theProjectto scan from the list.
- Saveyour scan setting to proceed scanning all discovered projects.
- Cancelif you do not want to proceed with scanning the discovered projects.
- Review the initial bucket scan discoveries and select the buckets to monitor.
- EnableScan all current and any new bucketsto scan all new buckets.
- To select individual buckets, select theBucketto scan from the list.
- Saveyour scan setting to proceed scanning all discovered buckets.
- Cancelif you do not want to proceed with scanning the discovered buckets.
- Add policy rules.When you add a new cloud app, Prisma SaaS automatically scans the app against the default data patterns and displays the match occurrences. As a best practice, consider the business use of Google Storage to determine whether you need to add new asset rules, security control rules, or user activity rules to look for risks unique to the new app.
- (Optional)Configure or edit a data pattern.When you add a new cloud app, Prisma SaaS automatically scans the app against the default data patterns and displays the match occurrences. You can Configure Data Patterns to identify specific strings of text, characters, words, or patterns to make it possible to find all instances of text that match a data pattern you specify.
- Start scanning the new Google Cloud Storage app for risks.
- Select.SettingsCloud Apps & Scan Settings
- In the Cloud Apps row that corresponds to the new Google Cloud Storage app, select.ActionsStart Scanning
- Monitor the results of the scan.As Prisma SaaS starts scanning files and matching them against enabled policy rules, Monitor Scan Results on the Dashboard to verify that your policy rules are effective.Monitoring the progress of the scan during the discovery phase allows you to Fine-Tune Policy to modify the match criteria and ensure better results.
- (Optional)To view the status of theProjectsandBucketsthat are currently being scanned, select. Select a Google Cloud Storage App from the list ofSettingsCloud App and Scan SettingsCloud Appsand expand theProjectsBucketsto view the scan details.
Recommended For You
Recommended videos not found.