This section covers offering description
Check setup options, details, troubleshooting, and validation steps under Installations - Cloud - GCP

Available Features

  • Threat detection based on GCP Cloud Audit Logs integration
  • Compliance Security Posture Management (CSPM), including CIS GCP and CIS GKE Benchmark compliance assessments
  • GCP Cloud Container scanning
  • Image scanning on GCP

Threat Detection Based on GCP Cloud Audit Logs

Threat Detection leverages audit logs from GCP Cloud Audit logs plus Falco rules to detect threats as soon as they occur and bring governance, compliance, and risk auditing for your cloud accounts.

A rich set of Falco rules, a GCP Best Practices default policy, and a GCP policy type for creating customized policies are included. These correspond to security standards and benchmarks such as: NIST 800-53, PCI DSS, SOC 2, MITRE ATT&CK®, and Google Cloud Security best practices.

CSPM/Compliance with CIS GKE and CIS GCP Benchmarks

A new cloud compliance standard has been added to the Sysdig compliance feature -  CIS GCP benchmarks. These assessments are based on an  open-source engine - Cloud Custodian - in Sysdig’s Cloud Security Posture Management (CSPM) engine.

The assessments evaluate your Google Cloud services  against the benchmark requirements and  returns the results and remediation activities you need to fix misconfigurations in your cloud environment.

GCP Cloud Container Scanning

GCP Cloud Container Scanning uses a PubSub topic to automatically detect any container image pushed to registries on Google Container Registry or Google Artifact Registry, as well as images deployed to Google Cloud Run. An ephemeral Google Cloud Build pipeline is then created to scan that image so a vulnerability report is available in your Sysdig backend.

Topics in This Section
Auditlog Falco rules