As a Cloud admin or account owner, you can onboard a single or multiple Google Cloud service accounts (through a project) with minimal privileges and Google specific data into Carbon Black Cloud. Connecting Carbon Black Cloud to your Google project allows you to monitor and detect potential malicious activities, vulnerabilities, or compliance issues about your Google Cloud applications (workloads).
To onboard a Google project and access the Google Cloud Platform (GCP) from Carbon Black Cloud, first, you must create a GCP service account and add the Storage Object Viewer role to the GCP bucket for the newly created service account. The GCP service account is what our Carbon Black Cloud console authenticates with to access GCP resources. Then, configure a workload identity federation by creating a workload identity pool. By leveraging workload identity federation, organizations can optimize, manage, and secure their communication between Carbon Black Cloud and GCP.
Once you onboard your Google Cloud project, you can perform full sync of your Google Cloud resources in the project and create an event mechanism to keep Carbon Black Cloud and your public cloud service account resources in sync for inventory.
Carbon Black Cloud provides scripts for an automated Google Cloud service account onboarding. For details, see Onboard Your Google Cloud Project by Using Scripts.