Powered by

# Google Cloud Platform (GCP)

EASM supports GCP integrations to expand the functionality of various EASM capabilities. EASM can identify a range of exposures and cloud security vulnerabilities.

These and future GCP-focused EASM capabilities can be enabled by following the integration steps below.

# Service Account

EASM integrates into GCP by using impersonating a service account in your account. To enable that, you'll need to create a new service account, give it the required IAM permissions within your account, and allow EASM to impersonate this account.

# Custom Role Creation

  1. Login to your GCP console and navigate to your project.

  2. Navigate to the "IAM & Admin" section, and then Roles"

  3. Select "Create Role".

  4. Enter a Title (e.g., NetSPI EASM), and select "Add Permissions".

  5. In the Add Permissions modal, search for and add the following permissions:

    • compute.instances.list
    • compute.zones.list
    • compute.addresses.list
    • storage.buckets.get
    • storage.buckets.getIamPolicy
    • storage.buckets.list
    • storage.objects.get
    • storage.objects.getIamPolicy
    • storage.objects.list

  6. Select "Create".

# Service Account Creation

  1. Login to your GCP console and navigate to your project.
  2. Navigate to the "IAM & Admin" section, and then "Service Accounts".
  3. Select "Create Service Account" and fill in any required information. Take note of the "Email address" underneath "Service account ID" since you will need this later.
  4. Select "Create and Continue".
  5. Under the "Grant this service account access to project" heading, add the following roles using the drop-down menus:
    • DNS Reader
    • Cloud Domains Viewer
    • Service Account Token Creator
    • NetSPI EASM (the custom role created in the "Custom Role Creation" section above)
  6. Select "Done".
  7. From the list of service accounts, select the new account you just created, and navigate to the "Permissions" tab.
  8. Select "Grant Access"
    • In the "Add principals" section, input netspi-EASM-production@EASM-production-397420.iam.gserviceaccount.com
    • In the "Assign Roles" section, select the role "Service Account Token Creator"
  9. Select "Save".

# Enable APIs

  1. Navigate to GCP console and select your project from the dropdown menu.
  2. SelectEnable APIs and Services.
  3. Using the provided user interface, enable the following APIs:
  • Compute Engine API
  • Cloud Resource Manager API
  • Cloud Domains API

# Add Account to EASM

  1. Log into the NetSPI Platform.
  2. Select or hover EASM in the left navigation and select Assets to display the Assets page.
  3. Select Cloud Account from the Assets list on the left side of the page and then select the Add Cloud Account button.
  4. From there, provide a logical name for the account, the GCP project ID, and the Service Account e-mail address noted in step #3 above.
  5. Select Add.

© Copyright 2025. All rights reserved.