Deploying the GCP Sensor
After you review the requirements and make sure that your Google Cloud environment is configured as needed, you can deploy the Google Cloud Platform (GCP) Sensor. Using the Deployment Manager template provided by AT&T Cybersecurity, you automatically deploy USM Anywhere as a service into your environment.
The following procedure describes how to launch the GCP Sensor when provisioning the USM Anywhere service for the first time. In this process, you launch the USM Anywhere product from the GCP console using the Google Cloud Deployment Manager template.
To create a new sensor in the GCP console
- Download the template and schema file from: http://downloads.alienvault.cloud/usm-anywhere/sensor-images/usm-saas-sensor-gcp.zip.
- In the GCP console, ensure that you have selected the project in which you want to deploy your new USM Anywhere Sensor.
- Open the Deployment Manager page under Tools in the left navigation pane, and click Type Registry.
- Click Add Composite Type and enter the following information:
- Name: A unique name for your composite type
- Template: A link to the template file you downloaded
- Schema: A link to the schema file you downloaded
- Click Create, and then Deploy
This takes you to the New Composite Type Deployment page, which guides you through the steps for deploying the USM Anywhere Sensor on the virtual machine (VM).
- On the New Composite Type Deployment page, enter the following information:
- Deployment Name: A unique name for your new sensor.
Important: Be sure to use a unique name, or you may overwrite an existing sensor with this deployment.
- Zone: The zone to which your new sensor will be deployed. See the Google Cloud documentation for a list of the valid zones.
- Network: The virtual private cloud (VPC) network to which you are deploying your new sensor.
- Subnetwork: The name of the GCP subnetwork in which to deploy the sensor.
- Public IP: Select this checkbox to deploy the sensor to a public IP.
By default, this checkbox is not selected. If you leave the checkbox deselected, your sensor will be deployed to a private IP.
Note: Iif you are deploying with a private IP address, you will still need to connect to your sensor via HTTP for its initial configuration.
- IP Ranges: Specify to which range of IPs your firewall rules apply.
- Service Account: Reference the service account for this sensor using the email address associated with that service account.
- SSH Key: A public RSA key for this sensor to use.
- Security Group: Specifically allow or disallow traffic for certain services.
- Use the checkboxes provided to select the security groups you want to apply.
Each security group in the list includes a description of its purpose.
- When you have entered all of the required information for your new GCP Sensor, click Deploy.
- After the deployment has finished, locate the sensor's IP address by going to Overview and clicking the view option next to Layout.
Note: Make note of this IP address so that you have it for configuring your data sources to send data to the GCP Sensor.
- Click the IP address link to launch the USM Anywhere Sensor Setup page.