We know that keeping the targets you want to monitor for security weaknesses up to date can be a bit of a pain...
New instances are constantly being spun up in Google Cloud Platform, others are being closed down, keeping track of it all can easily become a full time job!
Enable Google Cloud APIs
In order for the Google Cloud integration to work, you'll need to enable some APIs using the GCP console.
Select your project, then under 'APIs & Services' click 'Enable APIs and Services':
Use the search to to find the following APIs and enable them:
Compute Engine API (required to sync external and ephemeral IP addresses)
Cloud Resource Manager API (required to sync external and ephemeral IP addresses
Google Cloud DNS API (required to sync Google Cloud DNS records)
Connect Google Cloud Platform to your Intruder account
You can connect your Intruder account in two ways, depending on your intended configuration:
Sync all projects by using OAuth
Sync individual projects by adding a key for a service account
1) Connect Google Cloud Platform using OAuth
Head to the Targets page > Add Targets > Cloud Accounts Sync > Google Cloud
Sign into a Google account that has access to Google Cloud Platform:
Grant Intruder access to your Google Cloud Platform account:
We require access to the following scopes:
View your DNS records hosted by Google Cloud DNS
Provides read-only access to Google Cloud DNS records, which is required to list your DNS hostnames.
View your Google Compute Engine resources
Provides read-only access to Compute Engine resources, which is required to list your external IP addresses.
View your Cloud Platform projects
Allows us to iterate over the projects associated with your Google account and check each project for external IP addresses.
2) Connect Google Cloud Platform by adding a key for a service account
Go to the IAM & Admin menu in your GCP console:
Click on Service Accounts and then click Create Service Account:
Give your new service account name and a description, then click create:
Grant the service account Compute Network Viewer and DNS Reader permissions to your project, these are required to list your external IP addresses and DNS hostnames:
Click the Create Key button to download the key file for your new service account:
Select to create the key in JSON format and download the key file and keep it in a safe place. This key grants read access to your project.
Finally, upload the key file for the service account to the Intruder portal:
And you're done! 🥳
Renaming your cloud ID
Just head to your Targets page, hit Settings and then click 'Edit'.
Automating Instance Scanning (CloudBot)
Keeping track of new instances when they are added to the portal and ensuring you scan them can be time-consuming. To simplify this, we have the 'Auto-add targets' functionality which adds/removes cloud targets in the Intruder portal to reflect your GCP Account, and also the 'Auto-scan targets' option, shown in red below.
This allows you to automatically kick off a scan on any new cloud instances that are added to your account, as soon as they are discovered which avoids the need for manual intervention to kick off a scan.
Note: Google Cloud Platform integration is only available for customers on our Pro and Vanguard plans.
Intruder is a Google Cloud Technology Partner.