Overview


From GXP to the Vulcan Platform - Fields Mapping

GCP field

Vulcan field

Value Example

Name under Asset Details

Asset Name

-

Asset details:

  • Instance Id

  • Creation time

  • Zone

  • Primary internal IP address

  • External IP address

  • network tags

  • image

Asset Details

-

State

state

"Running"


Required User Permissions

  • For project level: The required permission for a given Member in a given Project is Viewer

  • For organization level: The required user permission is Viewer.


Prerequisites

First, you need to retrieve the JSON file on the organizational level from the GCP platform:

  1. Go to your GCP Platform and select a random project under the relevant organization.

  2. Enable cloud resource manager API for the selected project in the address. For {project_id} in the URL, insert your project id:
    https://console.developers.google.com/apis/api/cloudresourcemanager.googleapis.com/overview?project={project_id}

  3. Go to Service Accounts > Create Service Account

  4. Fill in the service account details as follows:

    • Service account details: vulcan.com

    • Service account I|D: vulcan-com

  5. Click Done.

  6. Go to your organization's board.

  7. Go to IAM > Add.

  8. For "New Principals", select the email address of the service account you generated in the previous steps, and then grant the Viewer role.
    Note: In the example below, the organization "vulcancyber.com" is just an example. You need to select the name of your organization.

    Note: The Viewer role gives view access to most Google Cloud resources. if you have an organizational resource that is not included in the Viewer role, you need to add the corresponded role for this resource. You can check if your resource is under the Viewer role here:

    IAM permissions reference | IAM Documentation | Google Cloud

  9. Go back to the project you selected in step 1.

  10. Select Service accounts and then select the account vulcan.com from the table.

  11. Click on Keys > Add new Key

  12. Select the JSON file option, and then click Create.

  13. Save the created JSON file somewhere you can later access.


Configure the GCP Connector

  1. Log in to your Vulcan Cyber dashboard and go to Connectors.

  2. Click on Add a Connector.

  3. Click on the GCP icon.

  4. Set up the connector as follows:

    • JSON Keyfile: upload the JSON file you created earlier.

    • Click Load Project and select the relevant projects in the organization.

    • Select the relevant Zones where resources can be deployed, depending on how widely you want to distribute the resources.

      • To retrieve the zones from the GCP platform:

        • Choose a project > Click the dropdown and select compute engine > Zones.

    • For Inactive assets, define which assets should appear in the Vulcan platform according to last seen or asset status.

  5. Click Create/Save Changes, and that's it! GCP connector is all set up.

  6. Allow some time for the sync to complete. You can review the sync status under Log.

  7. To confirm the sync is complete, navigate to the Connectors tab to check the sync status. Once the GCP icon shows Connected, the connection is complete.


API calls

For a given project PROJECT and ZONE, we call the following API calls:

  1. https://content.googleapis.com/compute/v1/projects/PROJECT/global/firewalls

  2. https://content.googleapis.com/compute/v1/projects/PROJECT/zones/ZONE/disks

  3. https://content.googleapis.com/compute/v1/projects/PROJECT/zones/ZONE/instances

Did this answer your question?