Google Cloud Pemberi Rekomendasi
Dokumen ini memberikan panduan untuk membantu Anda mengonfigurasi dan mengintegrasikan Google Cloud Recommender dengan Google Security Operations.
Prasyarat
Pastikan Anda menyelesaikan semua langkah prasyarat sebelum mengonfigurasi integrasi.
Membuat dan mengonfigurasi peran IAM
Di konsol Google Cloud , buka halaman IAM Roles.
Klik Buat peran untuk membuat peran kustom dengan izin yang diperlukan untuk integrasi.
Untuk peran khusus baru, berikan Judul, Deskripsi, dan ID unik.
Tetapkan Role Launch Stage ke General Availability.
Tambahkan izin berikut ke peran yang dibuat:
iam.roles.createiam.roles.deleteiam.roles.getiam.roles.listiam.roles.undeleteiam.roles.updateiam.serviceAccounts.createiam.serviceAccounts.deleteiam.serviceAccounts.disableiam.serviceAccounts.enableiam.serviceAccounts.getiam.serviceAccounts.getIamPolicyiam.serviceAccounts.listiam.serviceAccounts.setIamPolicyiam.serviceAccounts.undeleteiam.serviceAccounts.updaterecommender.iamPolicyInsights.getrecommender.iamPolicyInsights.listrecommender.iamPolicyLateralMovementInsights.getrecommender.iamPolicyLateralMovementInsights.listrecommender.iamPolicyRecommendations.getrecommender.iamPolicyRecommendations.listrecommender.iamPolicyRecommendations.updaterecommender.iamServiceAccountInsights.getrecommender.iamServiceAccountInsights.listrecommender.locations.getrecommender.locations.listresourcemanager.folders.getresourcemanager.folders.getIamPolicyresourcemanager.folders.setIamPolicyresourcemanager.organizations.getresourcemanager.organizations.getIamPolicyresourcemanager.organizations.setIamPolicyresourcemanager.projects.getresourcemanager.projects.getIamPolicyresourcemanager.projects.listresourcemanager.projects.setIamPolicysecuritycenter.assets.listsecuritycenter.findings.groupsecuritycenter.findings.listsecuritycenter.findings.listFindingPropertyNamessecuritycenter.findings.setMutesecuritycenter.findings.setStatesecuritycenter.sources.getsecuritycenter.sources.listsecuritycenter.userinterfacemetadata.get
Klik Buat.
Membuat akun layanan
Untuk membuat akun layanan, ikuti prosedur membuat akun layanan.
Setelah membuat akun layanan, download akun tersebut sebagai file JSON. Anda harus memberikan konten file JSON yang didownload saat mengonfigurasi parameter integrasi.
Mengintegrasikan Google Cloud Recommender dengan Google SecOps
Untuk mendapatkan petunjuk mendetail tentang cara mengonfigurasi integrasi di Google SecOps SOAR, lihat Mengonfigurasi integrasi.
Input integrasi
Untuk mengonfigurasi integrasi, gunakan parameter berikut:
| Parameter | |
|---|---|
API Root |
Wajib
Root API dari Google Cloud layanan Recommender. Nilai defaultnya adalah |
Organization ID |
Opsional
ID organisasi yang harus digunakan dengan integrasi Pemberi Rekomendasi. Google Cloud |
User's Service Account |
Wajib
Konten akun layanan Recommender Google Cloud . Pastikan untuk memberikan konten lengkap file JSON akun layanan yang telah Anda download saat membuat akun layanan. |
Verify SSL |
Opsional
Jika dicentang, parameter akan memverifikasi apakah sertifikat SSL untuk menghubungkan ke server Google Cloud Recommender valid. Dicentang secara default. |
Tindakan
Menerapkan rekomendasi IAM
Terapkan rekomendasi IAM berdasarkan input yang diberikan.
Tindakan ini hanya berfungsi dengan google.iam.policy.Recommender
rekomendasi.
Entity
Tindakan tidak dijalankan pada entity.
Input tindakan
Untuk mengonfigurasi tindakan, gunakan parameter berikut:
| Parameter | |
|---|---|
IAM Recommendations JSON |
Wajib
Hasil JSON rekomendasi. Hasil JSON dapat diberikan sebagai placeholder dari tindakan List recommendations atau Get recommendation. |
Output tindakan
| Jenis output tindakan | |
|---|---|
| Lampiran repositori kasus | T/A |
| Link repositori kasus | T/A |
| Tabel repositori kasus | T/A |
| Tabel pengayaan | T/A |
| Insight entitas | T/A |
| Insight | T/A |
| Hasil JSON | Tersedia |
| Widget OOTB | T/A |
| Hasil skrip | Tersedia |
Hasil skrip
| Nama hasil skrip | Nilai |
|---|---|
| is_success | Benar/Salah |
Hasil JSON
{
"applied_recommendations": [
{
"name": "projects/PROJECT_ID/locations/global/recommenders/google.iam.policy.Recommender/recommendations/217d3019-bae5-4a52-9968-787fdd546a53",
"description": "Replace the current role with a smaller role to cover the permissions needed.",
"lastRefreshTime": "2023-07-28T07:00:00Z",
"primaryImpact": {
"category": "SECURITY",
"securityProjection": {
"details": {
"revokedIamPermissionsCount": 610
}
}
},
"content": {
"operationGroups": [
{
"operations": [
{
"action": "add",
"resourceType": "cloudresourcemanager.googleapis.com/Project",
"resource": "//cloudresourcemanager.googleapis.com/projects/PROJECT_ID",
"path": "/iamPolicy/bindings/*/members/-",
"value": "USER_ID@example.com",
"pathFilters": {
"/iamPolicy/bindings/*/condition/expression": "",
"/iamPolicy/bindings/*/role": "roles/compute.instanceAdmin"
}
},
{
"action": "remove",
"resourceType": "cloudresourcemanager.googleapis.com/Project",
"resource": "//cloudresourcemanager.googleapis.com/projects/PROJECT_ID",
"path": "/iamPolicy/bindings/*/members/*",
"pathFilters": {
"/iamPolicy/bindings/*/condition/expression": "",
"/iamPolicy/bindings/*/members/*": "USER_ID@example.com",
"/iamPolicy/bindings/*/role": "roles/compute.admin"
}
}
]
}
],
"overview": {
"resource": "//cloudresourcemanager.googleapis.com/projects/PROJECT_ID",
"member": "user:USER_ID@example.com",
"removedRole": "roles/compute.admin",
"addedRoles": [
"roles/compute.instanceAdmin"
],
"minimumObservationPeriodInDays": "0"
}
},
"stateInfo": {
"state": "SUCCEEDED",
"stateMetadata": {
"applied_by": "bulk_apply_by_automated_script-2023-08-11"
}
},
"etag": "\"892d57ee41baa03e\"",
"recommenderSubtype": "REPLACE_ROLE",
"associatedInsights": [
{
"insight": "projects/PROJECT_ID/locations/global/insightTypes/google.iam.policy.Insight/insights/INSIGHT_ID"
}
],
"priority": "P4"
},
{
"name": "projects/PROJECT_ID/locations/global/recommenders/google.iam.policy.Recommender/recommendations/RECOMMENDATION_ID",
"description": "Replace the current role with a smaller role to cover the permissions needed.",
"lastRefreshTime": "2023-07-28T07:00:00Z",
"primaryImpact": {
"category": "SECURITY",
"securityProjection": {
"details": {
"revokedIamPermissionsCount": 19
}
}
},
"content": {
"operationGroups": [
{
"operations": [
{
"action": "add",
"resourceType": "cloudresourcemanager.googleapis.com/Project",
"resource": "//cloudresourcemanager.googleapis.com/projects/PROJECT_ID",
"path": "/iamPolicy/bindings/*/members/-",
"value": "user:USER_ID@example.com",
"pathFilters": {
"/iamPolicy/bindings/*/condition/expression": "",
"/iamPolicy/bindings/*/role": "roles/storage.objectAdmin"
}
},
{
"action": "remove",
"resourceType": "cloudresourcemanager.googleapis.com/Project",
"resource": "//cloudresourcemanager.googleapis.com/projects/PROJECT_ID",
"path": "/iamPolicy/bindings/*/members/*",
"pathFilters": {
"/iamPolicy/bindings/*/condition/expression": "",
"/iamPolicy/bindings/*/members/*": "user:USER_ID@example.com",
"/iamPolicy/bindings/*/role": "roles/storage.admin"
}
}
]
}
],
"overview": {
"resource": "//cloudresourcemanager.googleapis.com/projects/PROJECT_ID",
"member": "user:USER_ID@example.com",
"removedRole": "roles/storage.admin",
"addedRoles": [
"roles/storage.objectAdmin"
],
"minimumObservationPeriodInDays": "0"
}
},
"stateInfo": {
"state": "SUCCEEDED",
"stateMetadata": {
"applied_by": "bulk_apply_by_automated_script-2023-08-11"
}
},
"etag": "\"af7635ffeb512998\"",
"recommenderSubtype": "REPLACE_ROLE",
"associatedInsights": [
{
"insight": "projects/PROJECT_ID/locations/global/insightTypes/google.iam.policy.Insight/insights/INSIGHT_ID"
}
],
"priority": "P4"
}
],
"failed_recommendations": []
}
Repositori kasus
Tindakan ini memberikan pesan output berikut:
| Pesan output | Deskripsi pesan |
|---|---|
Successfully applied provided IAM recommendations. |
Tindakan berhasil. |
Successfully applied provided IAM recommendation, but some of the
recommendations were not applied. |
Tindakan berhasil. |
No provided IAM recommendations were applied. |
Rekomendasi gagal. |
Error executing action ACTION_NAME. |
Tindakan menampilkan error. |
Mendapatkan rekomendasi
Mendapatkan rekomendasi tertentu dari layanan Google Cloud Recommender service.
Entity
Tindakan tidak dijalankan pada entity.
Input tindakan
Untuk mengonfigurasi tindakan, gunakan parameter berikut:
| Parameter | |
|---|---|
Recommendation name |
Wajib
Menentukan nama rekomendasi yang akan ditampilkan. Tindakan ini menerima beberapa nilai sebagai string yang dipisahkan koma. Contoh input yang diharapkan:
projects/projectname/locations/global/recommenders/google.iam.policy.Recommender/recommendations/0f262740-bf4a-4c3d-9573-0da3345cf3f7
|
Output tindakan
| Jenis output tindakan | |
|---|---|
| Lampiran repositori kasus | T/A |
| Link repositori kasus | T/A |
| Tabel repositori kasus | T/A |
| Tabel pengayaan | T/A |
| Insight entitas | T/A |
| Insight | T/A |
| Hasil JSON | Tersedia |
| Widget OOTB | T/A |
| Hasil skrip | Tersedia |
Hasil skrip
| Nama hasil skrip | Nilai |
|---|---|
| is_success | Benar/Salah |
Hasil JSON
[
{
"name": "name",
"description": "This role has not been used during the observation window.",
"lastRefreshTime": "2023-07-28T07:00:00Z",
"primaryImpact": {
"category": "SECURITY",
"securityProjection": {
"details": {
"revokedIamPermissionsCount": 68
}
}
},
"content": {
"operationGroups": [
{
"operations": [
{
"action": "remove",
"resourceType": "cloudresourcemanager.googleapis.com/Project",
"resource": "//cloudresourcemanager.googleapis.com/projects/PROJECT_ID",
"path": "/iamPolicy/bindings/*/members/*",
"pathFilters": {
"/iamPolicy/bindings/*/condition/expression": "",
"/iamPolicy/bindings/*/members/*": "serviceAccount:SERVICE_ACCOUNT_ID.iam.gserviceaccount.com",
"/iamPolicy/bindings/*/role": "roles/monitoring.admin"
}
}
]
}
],
"overview": {
"resource": "//cloudresourcemanager.googleapis.com/projects/PROJECT_ID",
"member": "serviceAccount:SERVICE_ACCOUNT_ID.iam.gserviceaccount.com",
"removedRole": "roles/monitoring.admin",
"minimumObservationPeriodInDays": "0"
}
},
"stateInfo": {
"state": "ACTIVE"
},
"etag": "",
"recommenderSubtype": "REMOVE_ROLE",
"associatedInsights": [
{
"insight": "projects/PROJECT_ID/locations/global/insightTypes/google.iam.policy.Insight/insights/"
}
],
"priority": "P4"
}
]
Repositori kasus
Tindakan ini memberikan pesan output berikut:
| Pesan output | Deskripsi pesan |
|---|---|
Successfully found recommendation in the Google Cloud Recommender
service. |
Tindakan berhasil. |
No recommendations were found in the Google Cloud Recommender
service.
|
Data tidak tersedia. |
Error executing action ACTION_NAME. |
Tindakan menampilkan error. |
Daftar rekomendasi
Mencantumkan rekomendasi yang tersedia di layanan Pemberi Rekomendasi Google Cloud .
Entity
Tindakan tidak dijalankan pada entity.
Input tindakan
Untuk mengonfigurasi tindakan, gunakan parameter berikut:
| Parameter | |
|---|---|
Recommendation Filter |
Opsional
Menentukan filter untuk mengambil rekomendasi. Parameter harus berupa string dalam salah satu format berikut:
Jika tidak ada nilai yang diberikan, tindakan akan mengambil project ID dari akun layanan yang dikonfigurasi. |
Recommendation Location |
Wajib
Menentukan Google Cloud lokasi untuk mengambil rekomendasi. Default-nya adalah |
Recommendation State |
Opsional
Menentukan status rekomendasi yang akan ditampilkan. Default-nya adalah Nilainya dapat berupa:
|
Recommendation Priority |
Opsional
Menentukan prioritas rekomendasi yang akan ditampilkan. Beberapa nilai dapat ditentukan sebagai string yang dipisahkan koma. |
Recommender Subtype |
Opsional
Menentukan subjenis pemberi rekomendasi yang ditampilkan. Default-nya adalah Nilainya dapat berupa:
|
Max Records To Return |
Opsional
Menentukan jumlah kumpulan data yang akan ditampilkan. Jika tidak ada nilai yang diberikan, tindakan akan menampilkan 50 data secara default. |
Output tindakan
| Jenis output tindakan | |
|---|---|
| Lampiran repositori kasus | T/A |
| Link repositori kasus | T/A |
| Tabel repositori kasus | Tersedia |
| Tabel pengayaan | T/A |
| Insight entitas | T/A |
| Insight | T/A |
| Hasil JSON | Tersedia |
| Widget OOTB | T/A |
| Hasil skrip | Tersedia |
Hasil skrip
| Nama hasil skrip | Nilai |
|---|---|
| is_success | Benar/Salah |
Hasil JSON
[
{
"name": "name",
"description": "This role has not been used during the observation window.",
"lastRefreshTime": "2023-07-27T07:00:00Z",
"primaryImpact": {
"category": "SECURITY",
"securityProjection": {
"details": {
"revokedIamPermissionsCount": 68
}
}
},
"content": {
"operationGroups": [
{
"operations": [
{
"action": "remove",
"resourceType": "cloudresourcemanager.googleapis.com/Project",
"resource": "//cloudresourcemanager.googleapis.com/projects",
"path": "/iamPolicy/bindings/*/members/*",
"pathFilters": {
"/iamPolicy/bindings/*/condition/expression": "",
"/iamPolicy/bindings/*/members/*": "serviceAccount:SERVICE_ACCOUNT_ID",
"/iamPolicy/bindings/*/role": "roles/monitoring.admin"
}
}
]
}
],
"overview": {
"resource": "//cloudresourcemanager.googleapis.com/",
"member": "serviceAccount:SERVICE_ACCOUNT_ID",
"removedRole": "roles/monitoring.admin",
"minimumObservationPeriodInDays": "0"
}
},
"stateInfo": {
"state": "ACTIVE"
},
"etag": "",
"recommenderSubtype": "REMOVE_ROLE",
"associatedInsights": [
{
"insight": "projects/i/locations/global/insightTypes/"
}
],
"priority": "P4"
},
{
"name": "name",
"description": "This role has not been used during the observation window.",
"lastRefreshTime": "2023-07-27T07:00:00Z",
"primaryImpact": {
"category": "SECURITY",
"securityProjection": {
"details": {
"revokedIamPermissionsCount": 5
}
}
},
"content": {
"operationGroups": [
{
"operations": [
{
"action": "remove",
"resourceType": "cloudresourcemanager.googleapis.com/Project",
"resource": "//cloudresourcemanager.googleapis.com/projects/PROJECT_ID",
"path": "/iamPolicy/bindings/*/members/*",
"pathFilters": {
"/iamPolicy/bindings/*/condition/expression": "",
"/iamPolicy/bindings/*/members/*": "user:USER_ID@example.com",
"/iamPolicy/bindings/*/role": "roles/chroniclesm.admin"
}
}
]
}
],
"overview": {
"resource": "//cloudresourcemanager.googleapis.com/projects",
"member": "user:USER_ID@example.com",
"removedRole": "roles/chroniclesm.admin",
"minimumObservationPeriodInDays": "0"
}
},
"stateInfo": {
"state": "ACTIVE"
},
"etag": "",
"recommenderSubtype": "REMOVE_ROLE",
"associatedInsights": [
{
"insight": "projects"
}
],
"priority": "P4"
}
]
Repositori kasus
Tindakan ini memberikan pesan output berikut:
| Pesan output | Deskripsi pesan |
|---|---|
Successfully found recommendations for the provided criteria in
the Google Cloud Recommender service. |
Tindakan berhasil. |
No recommendations were found for the provided criteria in the
Google Cloud Recommender service. |
Data tidak tersedia. |
Error executing action ACTION_NAME. |
Tindakan menampilkan error. |
Tindakan ini menyediakan tabel dinding kasus berikut:
| Rekomendasi yang Tersedia | |
|---|---|
| Kolom |
|
Ping
Uji konektivitas ke layanan Recommender dengan parameter yang diberikan di halaman konfigurasi integrasi pada tab Google SecOps Marketplace. Google Cloud
Entity
Tindakan tidak dijalankan pada entity.
Input tindakan
T/A
Output tindakan
| Jenis output tindakan | |
|---|---|
| Lampiran repositori kasus | T/A |
| Link repositori kasus | T/A |
| Tabel repositori kasus | T/A |
| Tabel pengayaan | T/A |
| Insight entitas | T/A |
| Insight | T/A |
| Hasil JSON | T/A |
| Widget OOTB | T/A |
| Hasil skrip | Tersedia |
Hasil skrip
| Nama hasil skrip | Nilai |
|---|---|
| is_success | Benar/Salah |
Repositori kasus
Tindakan ini memberikan pesan output berikut:
| Pesan output | Deskripsi pesan |
|---|---|
Successfully connected to the Google Cloud Recommender service
with the provided connection parameters! |
Tindakan berhasil. |
Failed to connect to the Google Cloud Recommender service!
|
Tindakan menampilkan error. |
Memperbarui rekomendasi
Perbarui rekomendasi di layanan Pemberi rekomendasi Google Cloud .
Entity
Tindakan tidak dijalankan pada entity.
Input tindakan
Gunakan parameter berikut untuk mengonfigurasi tindakan:
| Parameter | |
|---|---|
Recommendation name |
Wajib
Menentukan nama rekomendasi yang akan diperbarui. Tindakan ini menerima beberapa nilai sebagai string yang dipisahkan koma. Contoh input yang diharapkan:
|
Recommendation State |
Opsional
Menentukan status rekomendasi yang akan diubah. Default-nya adalah Nilainya dapat berupa:
|
Recommendation Result |
Opsional
Menentukan hasil rekomendasi yang akan diubah. Default-nya adalah Nilainya dapat berupa:
|
Output tindakan
| Jenis output tindakan | |
|---|---|
| Lampiran repositori kasus | T/A |
| Link repositori kasus | T/A |
| Tabel repositori kasus | T/A |
| Tabel pengayaan | T/A |
| Insight entitas | T/A |
| Insight | T/A |
| Hasil JSON | Tersedia |
| Widget OOTB | T/A |
| Hasil skrip | Tersedia |
Hasil skrip
| Nama hasil skrip | Nilai |
|---|---|
| is_success | Benar/Salah |
Hasil JSON
[
{
"name": "name",
"description": "This role has not been used during the observation window.",
"lastRefreshTime": "2023-07-28T07:00:00Z",
"primaryImpact": {
"category": "SECURITY",
"securityProjection": {
"details": {
"revokedIamPermissionsCount": 68
}
}
},
"content": {
"operationGroups": [
{
"operations": [
{
"action": "remove",
"resourceType": "cloudresourcemanager.googleapis.com/Project",
"resource": "//cloudresourcemanager.googleapis.com/projects/PROJECT_ID",
"path": "/iamPolicy/bindings/*/members/*",
"pathFilters": {
"/iamPolicy/bindings/*/condition/expression": "",
"/iamPolicy/bindings/*/members/*": "serviceAccount:SERVICE_ACCOUNT_ID.iam.gserviceaccount.com",
"/iamPolicy/bindings/*/role": "roles/monitoring.admin"
}
}
]
}
],
"overview": {
"resource": "//cloudresourcemanager.googleapis.com/projects/PROJECT_ID",
"member": "serviceAccount:SERVICE_ACCOUNT_ID.iam.gserviceaccount.com",
"removedRole": "roles/monitoring.admin",
"minimumObservationPeriodInDays": "0"
}
},
"stateInfo": {
"state": "ACTIVE"
},
"etag": "",
"recommenderSubtype": "REMOVE_ROLE",
"associatedInsights": [
{
"insight": "projects/PROJECT_ID/locations/global/insightTypes/google.iam.policy.Insight/insights/"
}
],
"priority": "P4"
}
]
Repositori kasus
Tindakan ini memberikan pesan output berikut:
| Pesan output | Deskripsi pesan |
|---|---|
Successfully updated recommendation in the Google Cloud
Recommender service. |
Tindakan berhasil. |
No recommendations were found in the Google Cloud Recommender
service.
|
Data tidak tersedia. |
Error executing action ACTION_NAME. |
Tindakan menampilkan error. |
Perlu bantuan lain? Dapatkan jawaban dari anggota Komunitas dan profesional Google SecOps.