Follow the GCP onboarding wizard, and Cortex creates a custom authentication template to be executed in GCP.
Notice
This feature is included with a Cortex XSIAM Premium license. It is also included with any other Cortex XSIAM license that has the Cloud Runtime Security or Cloud Posture Security add-ons.
For Cortex XSIAM NG SIEM, Cortex XSIAM Enterprise, and Cortex XSIAM Enterprise+ licenses, see How to onboard GCP with foundational configuration.
Use the cloud onboarding wizard to integrate a Google Cloud Platform (GCP) environment with Cortex XSIAM. The onboarding wizard requires minimal configuration to set up the integration. To complete the minimum configuration, define the scope of the GCP environment you are onboarding and specify the scan mode. Alternatively, configure the advanced settings for full control of the onboarding process.
Cortex XSIAM generates a Terraform authentication template based on the configuration settings. The authentication template establishes trust with GCP. The authentication template also grants required permissions to Cortex XSIAM. Execute the authentication template in GCP to complete the onboarding process. Executing the authentication template notifies Cortex XSIAM of the execution details. Cortex XSIAM then creates a new cloud instance.