As a Cloud security administrator, you can secure your Google Cloud (GCP) workloads at the time of rollout through sensor installation scripts for the Ansible, Chef, or Puppet configuration management tools.

You can use the Carbon Black Cloud console to download the customized sensor install script and install it as part of the GCP instance initialization. You can also install the sensor on an already existing in the Carbon Black Cloud console for GCP VM instances by using the sensor installation script.

Procedure

  1. On the left navigation pane, go to Inventory > Public Cloud > GCP.
  2. On the GCP Workloads page, click the Sensor Options dropdown menu, and select Download sensor install scripts.
    The Download Sensor Install Scripts windows opens.
  3. Locate the OS version for your instance and use the Sensor Version dropdown menu to select the related sensor version to install.
    The scripts are customized with pre-populated Org Keys and selected platform details.
  4. Click Download Scripts.
  5. After the package downloads, unzip it.
  6. Go to the cloud-platform-scripts > GCP folder.
    It contains one script for Unix-based platforms and one PowerShell script for Windows.
  7. Create a virtual machine (VM) and use the sensor installation script (automation_startup_linux.sh for Linux VM or automation_startup_windows.ps1 for Windows VM) that is relevant to the configuration management tool in your environment.
    The following steps show how to create a GCP instance that has a script running as a part of the instance initialization:
    1. Go to the Google Cloud console, select your project and go to the Compute Engine > VM Instances page.
    2. On the VM instances page, click Create Instance.
    3. Enter a name for the new instance in the Name text box and select the machine type in the Machine configuration section.
    4. Locate the Boot disk section and click Change.
      Specify the image that matches the OS you selected in the Carbon Black Cloud console when you downloaded the install script.
    5. On the Boot disk page, specify the operating system, its version, and the license type, and click Select.
    6. Expand Advanced options > Management and paste the content of the sensor installation script into the Automation text box.
    7. To tag your instance, click on the Add Tags > Select Scope option and define the key-value pairs.
      For example:
      Key Value
      Environment Production
    8. Click Create.
      The user data script runs and the sensor is installed as part of the instance initialization.

Results

After the sensor installs, the instance appears on the Inventory > Public Cloud > GCP > Enabled tab in the Carbon Black Cloud console.