Wednesday, February 21, 2024

Asset Inventory for Security Teams

    The identification of all assets in any organisation is critical for several reasons. From a security point of view, this is essential for implementing proper protection. It enables organisations to establish appropriate security controls, access management policies, and incident response procedures to safeguard assets.
    I have created scripts that simplify the tasks associated with managing GCP Asset Inventory. I used Resource Manager and Cloud Asset APIs in order to create a central database. The choice of a spreadsheet interface was deliberate, driven by its simplicity. But it’s easy to switch to storing data in a database like big query or cloud sql. It’s also easy to use Looker Studio to present the results.
    I created 3 scripts at my GitHub project [1]. 00_main.gs - main script which setup asset inventory. 01_GCP_VM.gs - script used to manage information about compute engines and 02_GCP_GKE.gs - script used to manage information about GKE clusters and workloads.

Setup steps:
  1. Prepare the following information:
    1. GCP ORG ID
    2. ID of spreadsheet for cache database (just create new spreadsheet)
    3. ID of spreadsheet for inventory database (just create a new spreadsheet)
  2. Create a new project in Google Apps Script and place 3 files from my Github project. It is also required to create a Service Account in GCP with a role which can collect information from the GCP Resource Manager. The full setup is more complex and it can be a topic for a separate article). 
  3. Provide information from point 1 to 00_main.gs
  4. Configure config_scope in 00_main.gs. At the moment supported features are: Compute Engines (COMPUTE_ENGINES) and GKE Clusters (GKE_CLUSTERS) including Pods and Deployments.
  5. Run setup_cache_db() - in this step a temporary database of assets is created.
  6. OPTIONAL STEP: set priorities for GKE clusters (it is important when you have a prod and non-prod environment, non-prod must have lower priority). You can set priorities in cache.db.
  7. Run function run_asset_inventory from main.gs file - in this step script collects information about all assets and stores it in cache.db.
  8. Run setup_inventory_db function - in this step final asset inventory db is created. 
  9. Run run_scheduled_scan_vm_asset_inventory function from 01_GCP_VM.gs and run_scheduled_scan_gke_asset_inventory function from 02_GCP_GKE.gs. Both scripts copy information from cache.db to main inventory.
  10. The final step is creation triggers in the App Script console.

Source:
Posted by at No comments:
Labels: , , , , ,
Subscribe to: Posts (Atom)