.png?fit=max&auto=format&n=tsMQJyneJ1xquFUo&q=85&s=4d401cc03b547d99b6f75a6bd170c334){kind=spacer}
Documentation Index
Fetch the complete documentation index at: https://help.dsalta.com/llms.txt
Use this file to discover all available pages before exploring further.
Overview
Google Cloud Platform (GCP) provides a suite of cloud computing services including Compute Engine, Cloud SQL, GKE, BigQuery, Cloud Storage, and more. DSALTA integrates with GCP to monitor IAM configuration, infrastructure security, encryption, logging, and compliance across your GCP environment.Read-only access. DSALTA never modifies, creates, or deletes resources in your Google Cloud Platform (GCP) environment. All API access is strictly read-only.
Integration Details
| Property | Value |
|---|---|
| Category | Cloud Infrastructure |
| Data Library Modules | Access, Inventory, Vulnerabilities, Incidents |
| Authentication | Service Account with Viewer and Security Center roles |
| Sync Frequency | Every 24 hours (manual sync available) |
| Permissions | Read-only |
What Data DSALTA Collects
When you connect Google Cloud Platform (GCP), DSALTA automatically collects the following data on every sync cycle:- IAM users, service accounts, and roles
- Compute instances, Cloud SQL databases
- GKE clusters and node configurations
- Cloud Storage buckets and BigQuery datasets
- Firestore, Bigtable, Cloud Spanner instances
- Security Command Center findings
- VPC subnet flow logs and audit logs
- KMS encryption key configuration
Key Use Cases
- Verify MFA for all GCP users
- Monitor Cloud SQL encryption and backup status
- Ensure GKE clusters have logging and monitoring
- Detect resources exposed to the internet
- Track Security Command Center findings resolution
- Verify KMS key rotation and service account hygiene
How to Connect
Navigate to Integrations
Go to Settings → Integrations in your DSALTA dashboard and find Google Cloud Platform (GCP) in the catalog.
Authenticate
Follow the on-screen instructions to authenticate with your Google Cloud Platform (GCP) account. Admin-level access is required for the initial setup.
Configure Scope
Select which accounts, projects, or resources DSALTA should monitor. You can adjust this later from the integration settings.
Automated Compliance Tests
When you connect Google Cloud Platform (GCP), DSALTA automatically generates the following compliance tests. Each test runs every 24 hours and produces pass/fail evidence for your auditor.| Test | Description |
|---|---|
| GCP users should have MFA enabled | Checks that MFA is enabled for all GCP user accounts. |
| GCP should redirect HTTP to HTTPS | Checks that GCP redirects HTTP traffic to HTTPS. |
| GCP should be on HTTPS | Checks that GCP services are accessible over HTTPS. |
| Google Security Command Center should be enabled | Checks that Google Security Command Center is enabled. |
| Reported incidents should be closed in Security Command Center | Checks that incidents detected in Google Security Command Center are closed. |
| GCP bucket storage should be encrypted | Checks that GCP Cloud Storage buckets are encrypted at rest. |
| GCP VPC subnet flow logs should be captured | Checks that VPC subnet flow logs are enabled in GCP. |
| GCP Kubernetes clusters should have logging and monitoring enabled | Checks that GCP Kubernetes clusters have logging and cloud monitoring enabled. |
| GKE Kubernetes Web UI Dashboard should be disabled | Checks that the Kubernetes Web UI Dashboard is disabled in GKE. |
| GKE Metadata Server should be enabled | Checks that GKE Metadata Server is enabled on node pools. |
| GCP Firestore read frequency should be monitored | Checks that GCP Firestore read frequency is being monitored. |
| GCP Firestore write frequency should be monitored | Checks that GCP Firestore write frequency is being monitored. |
| GCP Compute instance CPU utilization should be monitored | Checks that GCP Compute instance CPU utilization is being monitored. |
| GCP Compute instances should be protected from direct internet traffic | Checks that GCP Compute instances are not directly exposed to the internet. |
| GCP Cloud SQL CPU utilization should be monitored | Checks that GCP Cloud SQL CPU utilization is being monitored. |
| GCP Cloud SQL should be encrypted | Checks that GCP Cloud SQL databases are encrypted at rest. |
| GCP Cloud SQL memory utilization should be monitored | Checks that GCP Cloud SQL memory utilization is being monitored. |
| GCP Cloud SQL backup should be enabled | Checks that GCP Cloud SQL automated backups are enabled. |
| GCP Cloud SQL should be protected from direct internet traffic | Checks that GCP Cloud SQL instances are not directly exposed to the internet. |
| GCP Cloud SQL connections should require SSL | Checks that GCP Cloud SQL requires SSL for all connections. |
| GCP Cloud Spanner should be encrypted | Checks that GCP Cloud Spanner databases are encrypted at rest. |
| GCP Bigtable should be encrypted | Checks that GCP Bigtable instances are encrypted at rest. |
| GCP Bigtable CPU utilization should be monitored | Checks that GCP Bigtable CPU utilization is being monitored. |
| GCP Bigtable storage utilization should be monitored | Checks that GCP Bigtable storage utilization is being monitored. |
| GCP Cloud Storage buckets should be protected from direct internet traffic | Checks that GCP Cloud Storage buckets are not publicly accessible. |
| GCP BigQuery datasets should be protected from direct internet traffic | Checks that GCP BigQuery datasets are not publicly accessible. |
| GCP Cloud Storage should have uniform bucket-level access enabled | Checks that GCP Cloud Storage buckets have uniform bucket-level access enabled. |
| GCP BigQuery storage should be encrypted | Checks that GCP BigQuery storage is encrypted at rest. |
| GCP KMS encryption keys should be protected from direct internet traffic | Checks that GCP KMS encryption keys are not directly exposed to the internet. |
| GCP KMS encryption keys should be rotated within 90 days | Checks that GCP KMS encryption keys are rotated within 90 days. |
| GCP essential contacts should be configured | Checks that GCP essential contacts are configured for the project. |
| GCP log sink should be configured for all log entries | Checks that a GCP log sink is configured to capture all log entries. |
| GCP service account keys should only be GCP-managed | Checks that GCP service account keys are GCP-managed only. |
| GCP service account user-managed keys should be rotated every 90 days | Checks that user-managed GCP service account keys are rotated within 90 days. |
| GCP service accounts should not have admin privileges | Checks that GCP service accounts do not have admin-level privileges. |
| GCP service account user role should not be assigned at project level | Checks that the GCP service account user/token creator role is not assigned at the project level. |
| Infrastructure entities should be classified | Checks that all GCP infrastructure entities are classified by criticality. |
| Reported incidents should be closed in DSALTA | Checks that incidents reported in GCP Security Command Center are resolved in DSALTA. |
| Users should be identified | Checks that GCP users are identified and documented. |
| User access to critical systems should be valid | Checks that users with access to critical systems are authorized in GCP. |
| Google Security Command Center vulnerability alerts should be resolved within SLA | Checks that Google Security Command Center vulnerability alerts are resolved within SLA. |
Tests run automatically every 24 hours. Failed tests generate alerts and appear in your compliance dashboard with remediation guidance. All test results are stored as audit evidence with timestamps.
Compliance Frameworks
This integration provides evidence for the following compliance frameworks:SOC 2
Access controls, monitoring, and change management evidence.
ISO 27001
Asset management, access control, and operations security evidence.
GDPR
Access records and data processing evidence.
Troubleshooting
Integration shows Disconnected
Integration shows Disconnected
Re-authenticate by going to Settings → Integrations → Google Cloud Platform (GCP) and clicking Reconnect. This usually happens when API tokens expire or permissions change.
Data is not syncing
Data is not syncing
Verify that the connected account still has the required admin permissions. Try a manual sync from the integration settings page. If the issue persists, check your Google Cloud Platform (GCP) API rate limits.
Tests are not generating
Tests are not generating
Tests generate after the first successful data sync. If sync completed but tests are missing, ensure the relevant features are configured in Google Cloud Platform (GCP) (e.g., GuardDuty must be enabled in AWS for GuardDuty tests to appear).
Some users are missing from the sync
Some users are missing from the sync
DSALTA syncs all users visible to the connected admin account. If users are missing, verify they are within the scope you configured during setup. Suspended or deleted accounts may not appear.