The USM Anywhere Sensor provides operational visibility into the security of your Google Cloud Platform (GCP) environment. Based on the collected log information, USM Anywhere analyzes the data generated by your GCP environment and provides real-time alerting to identify malicious activity. The sensor is deployed into your GCP environment to provide ultimate control over the installation and the data contained within it, while avoiding any external access to your environment.All USM Anywhere Sensors allow for authenticated scans of by leveraging stored credentials that you define in USM Anywhere. This enables USM Anywhere to detect potential vulnerabilities, installed software packages, and running processes and services.The GCP Sensor does not require you to install a sensor for every GCP project you wish to monitor. If you have multiple projects under a single GCP organization, the sensor can be configured to handle multiple projects within that organization.
USM Anywhere analyzes these logs in these stages:Stage 1: Collects logs from systems and software running in your environmentStage 2: Configures log line processing and generates events
Includes IP addresses and timestamps culled from extracted log-line data
Adds other data to the event, such as security context and environmental information
LevelBlue distributes the GCP Sensor as a Google Cloud Deployment Manager template specifically for the Google Virtual Private Cloud (VPC).The deployment process for an initial USM Anywhere Sensor in your GCP environment consists of these primary tasks:
