Cloud Security Posture Management Manual (Google Cloud Platform)

Go to > Cyber Incident Monitoring

Note: To set up CSPM for a GCP project, you need admin privileges for the project.

To authenticate manually and monitor a GCP organization, you must:

In the top-right corner, click on the Cloud Shell Icon

You should be seeing the image below

Run this command to select the GCP project where you want to create the service account:
gcloud config set project <PROJECT_ID>

gcloud iam service-accounts create <SA_NAME> \

--description="Elastic agent service account for CSPM" \

--display-name="Elastic agent service account for CSPM" \

--project=<PROJECT_ID>

Replace <ORG_ID> and <PROJECT_ID> in the commands below:

Assign the necessary roles to the service account at Organization Level:
gcloud organizations add-iam-policy-binding <ORG_ID> \
--member=serviceAccount:<SA_NAME>@<PROJECT_ID>.iam.gserviceaccount.com \
--role=roles/cloudasset.viewer
gcloud organizations add-iam-policy-binding <ORG_ID> \
--member=serviceAccount:<SA_NAME>@<PROJECT_ID>.iam.gserviceaccount.com \
--role=roles/browser
Assign the necessary roles to the service account at Project Level:
gcloud projects add-iam-policy-binding <PROJECT_ID> \
--member=serviceAccount:<SA_NAME>@<PROJECT_ID>.iam.gserviceaccount.com \
--role=roles/cloudasset.viewer
gcloud projects add-iam-policy-binding <PROJECT_ID> \
--member=serviceAccount:<SA_NAME>@<PROJECT_ID>.iam.gserviceaccount.com \
--role=roles/browser

Note: The Cloud Asset Viewer role grants read access to cloud asset metadata. The Browser role grants read access to the project hierarchy.

gcloud iam service-accounts keys create <KEY_FILE> \

--iam-account=<SA_NAME>@<PROJECT_ID>.iam.gserviceaccount.com

Project ID (the project where you want to provision the compute instance that will run CSPM)
Credentials JSON values

If you need further assistance, kindly contact our support at support@cytechint.com for prompt assistance and guidance.