...
You must have a GCP project with a VPC containing at least one private subnet.
The VPC must be configured for Cloud NAT to allow Blue Hexagon virtual appliances deployed in the private subnet to reach out to the Blue Hexagon cloud.
The Blue Hexagon deployment manager template creates a 0.0.0.0/0 outbound firewall rule to allow outbound communications with the Blue Hexagon cloud - do not remove this.
[Preferred] The
gcloudcommand line tool to deploy the Blue Hexagon for GCP Deployment Manager package. Follow instructions here to install. The following command may be useful.Code Block curl https://sdk.cloud.google.com | bash
GCP Security Audit Setup
Step 1: Enable API
Login to the GCP account you wish to connect with Blue Hexagon and enable (e.g. via cloud shell) the following APIs.
| Code Block |
|---|
gcloud services enable appengine.googleapis.com bigquery.googleapis.com cloudfunctions.googleapis.com cloudresourcemanager.googleapis.com cloudkms.googleapis.com compute.googleapis.com container.googleapis.com dataflow.googleapis.com dns.googleapis.com dataproc.googleapis.com iam.googleapis.com sqladmin.googleapis.com storage-component.googleapis.com recommender.googleapis.com monitoring.googleapis.com logging.googleapis.com serviceusage.googleapis.comĀ |
Step 2: Create Service Account
Name the service account, e.g. bluehexagonsecurity
Grant the service account the following permissions:
Viewer
Security Reviewer
Storage Object Viewer
Step 3: Create and Export JSON Key File
...
Share the JSON key file with your Blue Hexagon representative, who will complete the registration for you.
Deploying Blue Hexagon Network Threat Defense
Blue Hexagon is deployed as an autoscaling managed instance group behind an internal load balancer in a subnet in your VPC.
...