After you set up Forseti Security, use these guides to configure its features.

General configuration

Configure Forseti global and module-specific settings by updating the centrally-maintained configuration file. This includes basic configuration, and configuration for Inventory, Scanner, and Enforcer.

Configuring Inventory

Configure Inventory to collect and store information about your Google Cloud Platform (GCP) resources. Inventory helps you understand your resources and take action to conserve resources, reduce cost, and minimize security risk.

Configuring Scanner

Configure Scanner to monitor your GCP resources for rule violations. Scanner uses the information from Inventory to regularly compare role-based access policies for your resources.

Configuring Notifier

Configure Notifier to dispatch a variety of messages through various channels and varying formats alerting you to events in your environment.

Configuring Real-Time Enforcer

Configure Real-Time Enforcer to automatically remediate non-compliant configurations in targeted Google Cloud Platform (GCP) resources.

Configuring Cloud Profiler

Configure Cloud Profiler to view and analyze CPU usage and memory-allocation of your Forseti application on a Google Cloud Platform (GCP) interface.

Configuring Forseti Visualizer

Configure Forseti Visualizer to better understand your GCP organization structure, and to gain insights into policy adherence through identification of violations.

Enabling G Suite data collection

Enable the data collection of G Suite for processing by Forseti Inventory. G Suite access helps ensure right people are in the right group, and is required for Forseti.

Configuring Config Validator

Configure Config Validator Scanner to scan for non-compliant resources in your Google Cloud Platform (GCP) infrastructure.

Migrating Python Scanners to Rego Constraints

Migrate current Forseti scanners to Rego constraints for use by Config Validator Scanner.