CrowdStrike: How to enable CrowdStrike Cloud Security Posture Management for GCP Projects
Overview
To enable CrowdStrike CSPM for any cloud we must have Falcon Horizon subscription purchased or already enabled.
This Falcon Horizon product actually comes under CrowdStrike Cloud Security Solution:
- Falcon Horizon
- Container and Kubernetes Security
- Cloud Workloads Discovery
About Falcon Horizon
- Falcon Horizon gives visibility into your entire cloud infrastructure.
- Falcon Horizon continuously monitors your cloud services for critical security issues, common errors and pattern of suspicious behaviour.
- Compliance enforcement via Falcon Horizon policy help us to keep cloud environment secure.
- Avoid breaches and make sure that your cloud security configuration meets industry recommendations.
- Use this to triage findings and find recommendations so you can close the gaps and keep your cloud data secure
Register GCP Project with Falcon Horizon
The first step using the CrowdStrike Cloud Security Posture Management Platform (CSPM) is to register your GCP project with Falcon Horizon.
When registering Falcon Horizon is granted limited read-only access to your cloud environment.
Prerequisites
Ensure below GCP APIs are enabled in GCP project before registering GCP project(s):
- cloudresourcemanager.googleapis.com
- logging.googleapis.com
- cloudasset.googleapis.com
- compute.googleapis.com
- sqladmin.googleapis.com
- apengine.googleapis.com
Implementation
- Login to your GCP project console
- Navigate to IAM and Admin > Service Accounts
- Click create Service Account
- On the service account page , enter service account name , description and click on Create and Continue
- Add Browser, Viewer and Cloud Asset Viewer roles to Service Account and click on Done
- Within the service account page, search for the newly created service account and click to open to see details
- Click the KEYS tab
- Click the ADD KEY dropdown and select create new key
- Ensure JSON is selected and click Create
- This will download this newly created service account in JSON format to upload in Falcon Cloud Accounts Registration page.
- Login and Navigate to CrowdStrike Cloud Security Posture page
- Select GCP Tab and Click on “Add new GCP Account” button
- Upload service account key file and click Submit
Post Implementation
Once you register GCP project to Falcon Horizon for CSPM then wait for few minutes for Falcon Horizon to monitor GCP Cloud project services and based on the pulled metadata it will create dashboard.
- Login to Falcon CrowdStrike Account
- Click on three horizontal lines at the top left
- Select Cloud Security > Cloud Security Posture
- You will see dashboard something like this.
Thanks for reading this article. Follow me if you really enjoyed reading this article.