Still can't find what you're looking for?GCP Compute Engine
When creating a GCP integration with Cloudhouse Guardian (Guardian), you can choose to detect and add your Google Compute Engine (GCE) to Guardian for monitoring. The following topic describes how to configure your GCE(s) in Guardian; what aspects of the GCE you want to be scanned, how they should be scanned, and where that data should be stored. For more information on how to set up an GCP integration, see GCP Integration.
When detecting a GCE via Guardian, you can choose to detect one or both of the following node types:
|
Node Types |
Description |
|---|---|
| Instance nodes |
This option detects any Windows or Linux nodes within your GCE(s). |
|
Configuration data nodes |
This option detects the GCE configuration data associated with the GCE(s). |
These nodes represent the GCE instance and its associated configuration. For more information on the differences between these nodes, see below.
GCP Integration
On the GCP Integration page, if the Compute Engine checkbox is selected from the list of Check Things You Want To Detect checkboxes, the following options are displayed:
|
Option |
Description |
|---|---|
| Detect Compute Engine Virtual Machines (e.g the Windows/Linux VMs) checkbox |
The option to detect the GCE instances, that is, the operating system and its associated components. For example, users, services, and packages. If selected, the Operating System column in the Detected tab (Inventory > Detected) displays the nodes as 'A type one Windows' or 'A type of Linux'. |
| Host name property drop-down list |
The name of the GCP property that will be used to detect the nodes. Select an option from the drop-down list. |
| Detect Compute Engine Virtual Machine Configurations checkbox |
The option to detect the GCE configuration data associated with the GCE. This option detects any security groups, policies, storage properties, load balancers, and other options attached to the GCP GCE virtual machine. If selected, once the integration is created, any detected configuration data node(s) are displayed with 'Config' appended to its name and the OS type is 'GCP Compute Engine VM Configuration' to differentiate it from the associated instance. For example, 'Windows Server 2022 Config'. |
Once the correct values have been set for the above fields, you can choose the Detection Options for your integration. By default, any detected nodes are displayed within the Detected tab of your Guardian instance, with the appended identifier attributed to that GCE instance's node type.
If you choose to promote a detected node to the Monitored tab (Inventory > Monitored) for regular scanning, it will be automatically added to the corresponding dynamic node group. For example, configuration nodes are added to ‘GCP Compute Engine Virtual Machine Configuration’ node groups regardless of whether they are Windows or Linux.
Note: If a Windows node group is not present in your Guardian instance, it will be automatically created upon the addition of a monitored Windows node. For more information, see Node Groups.
However, if you choose to select the Automatically start monitoring and scanning newly detected nodes checkbox, all detected nodes are added to the Monitored tab. Here, they are automatically added to the corresponding Windows, Linux, or GCP Compute Engine Virtual Machine Configuration node groups.
Once you have set the correct values for the Compute Engine options displayed, you can continue completing the options to add the GCP integration to the Integrations tab (