DocumentationAPI ReferenceRelease Notes

GCP Onboarding

Suggest Edits

Panoptica’s frictionless solution quickly scans your cloud resources, covering virtual machines, containers, and serverless deployments. Integration is agentless, secure, and easy to set up. Panoptica can connect to a project, a folder, or an organization in your Google Cloud Platform (GCP) environment by adding a Service Account principal, and providing it with the required permissions.

📘

Note:

Sufficient privileges to your Google environment are required in order to execute the script.

To get started, select Settings in the navigation pane, then the Accounts tab.
Choose Google Cloud Platform, and follow the on-screen steps, which are detailed below.

Onboarding Steps

First choose the GCP resource that you would like to connect to Panoptica: Project, Folder or Organization.

Click the option you've chosen to expand the instructions below:

Project - click to expand

Project

If you have selected Project as the deployment type, first input the Project ID of the project you wish to onboard.

Skip the step regarding CVE and Malware scanning, since that is only supported in Folder and Organization setups.

There are two methods you can use to define the Panoptica Service Account in your project: via the GCP console, or with gcloud commands.

Option A: Manually from GCP console

  1. Log into your GCP project, and select IAM & Admin in the navigation menu.
  2. On the IAM tab, click GRANT ACCESS to pop up the window where you configure access.
  1. Return to Panoptica's GCP account page and click the Service Account link to copy the account details to your clipboard.
  2. Paste the Service Account into the New principals field in GCP.
  1. Add the following roles for the Panoptica principal. Click +Add Another Role to open additional rows.
    1. Role Viewer
    2. Security Reviewer
    3. Compute Admin (if you're enabling snapshot scan)
  1. Click "Save"

Option B: Using gcloud commands

  1. Click the gcloud link on Panoptica's GCP account page to copy the deployment commands.
  2. Log into your GCP portal, and launch Cloud Shell from the top navigation bar.
  1. Paste the GCP Deployment Commands you copied from the Panoptica platform into the Cloud Shell terminal.
  2. Run the commands to assign the required roles to the Panoptica service account principal.

Finally, type the Display Name that you want to appear in Panoptica's platform.

Folder - click to expand

Folder

If you have selected Folder as the deployment type, first input the Folder ID, so it is automatically included in the CLI commands.

Next, decide whether you want Panoptica to scan your GCP resources for CVEs and malware. If you forego the vulnerability and malware scanning, Panoptica will still be able to provide inventory, attack path analysis, root cause analysis, and more.

Note that this feature requires creating a dedicated project with Compute Admin permissions. Panoptica supports scanning Virtual Machines Instances for CVE's & Malware without installing any agent on the instance.

Finally, follow these steps to deploy Panoptica in your folder:

  1. Click the gcloud link on Panoptica's GCP account page to copy the deployment commands.
  2. Log into your GCP portal, and launch Cloud Shell from the top navigation bar.
  1. Paste the GCP Deployment Commands you copied from the Panoptica platform into the Cloud Shell terminal.
  2. Run the commands to assign the required roles to the Panoptica service account principal.
Organization - click to expand

Organization

If you have selected Organization as the deployment type, first input the Organization ID, so it is automatically included in the CLI commands.

Next, decide whether you want Panoptica to scan your GCP resources for CVEs and malware. If you forego the vulnerability and malware scanning, Panoptica will still be able to provide inventory, attack path analysis, root cause analysis, and more.

Note that this feature requires creating a dedicated project with Compute Admin permissions. Panoptica supports scanning Virtual Machines Instances for CVE's & Malware without installing any agent on the instance.

Finally, follow these steps to deploy Panoptica in your organization:

  1. Click the gcloud link on Panoptica's GCP account page to copy the deployment commands.
  2. Log into your GCP portal, and launch Cloud Shell from the top navigation bar.
  1. Paste the GCP Deployment Commands you copied from the Panoptica platform into the Cloud Shell terminal.
  2. Run the commands to assign the required roles to the Panoptica service account principal.

Before finishing, click Check Credentials to make sure everything is in order.

If it is, the Finish & Start Scan button will become active. Click it to, well, finish and start scanning.

Updated 2 days ago