After you set up Forseti Security, use these guides to configure its features.
Configure Forseti global and module-specific settings by updating the centrally-maintained configuration file. This includes basic configuration, and configuration for Inventory, Scanner, and Enforcer.
Configure Inventory to collect and store information about your Google Cloud Platform (GCP) resources. Inventory helps you understand your resources and take action to conserve resources, reduce cost, and minimize security risk.
Configure Scanner to monitor your GCP resources for rule violations. Scanner uses the information from Inventory to regularly compare role-based access policies for your resources.
Configure Notifier to dispatch a variety of messages through various channels and varying formats alerting you to events in your environment.
Configuring Real-Time Enforcer
Configure Real-Time Enforcer to automatically remediate non-compliant configurations in targeted Google Cloud Platform (GCP) resources.
Configure Cloud Profiler to view and analyze CPU usage and memory-allocation of your Forseti application on a Google Cloud Platform (GCP) interface.
Configuring Forseti Visualizer
Configure Forseti Visualizer to better understand your GCP organization structure, and to gain insights into policy adherence through identification of violations.
Enabling G Suite data collection
Enable the data collection of G Suite for processing by Forseti Inventory. G Suite access helps ensure right people are in the right group, and is required for Forseti.
Configure Config Validator Scanner to scan for non-compliant resources in your Google Cloud Platform (GCP) infrastructure.
Migrating Python Scanners to Rego Constraints
Migrate current Forseti scanners to Rego constraints for use by Config Validator Scanner.