GCP workspace (gsuite) information

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

GCP workspace (gsuite) information

L1 Bithead

Hello,

 

Enabled the IAM module and added the Google Workspace (GSuite) group reader role to the prisma service account but have been not able to find the query to get group members or other workspace information. Only information I currently get is the cloudresourcemanager api results. 

 

Also is it possible to get from workspace reports which accounts have 2SV enabled?

3 REPLIES 3

L2 Linker

You must have administrator access to Google Workspace (GSuite) to grant Prisma Cloud Service Accounts the permissions to ingest data from groups on Google Workspace (GSuite). The permissions required for ingesting data on groups is either the predefined role Group Reader, or a custom role with groups:read permission.

 

Could you please provide me the RQL you are using.

 

Hi,

Our administrator added group reader to the prisma account

.CLimachi1_0-1673651450294.png

But reading through the docs can´t find the RQL for getting the workspace specific information

https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-rql-reference/rql-reference/iam-q...

 

For example changing the following with a group in workspace returns no results

config from iam where dest.cloud.type = 'GCP' and source.cloud.resource.type = 'user' and grantedby.cloud.entity.name = 'your group name'

 

 

CLimachi1_1-1673652371725.png

Hello ,

 

There was fix that was going on for this. Could you please give it a try again and see if you are able to get any results.

 

Regards,

  • 1223 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!