Notifier can dispatch a variety of messages through various channels and varying formats to you to events in your Google Cloud Platform (GCP) environment.
Types of notifications
Channels used to notify
The possible formats of notifications
This is a count of what resources have been crawled into inventory, and output to a Cloud Storage bucket.
To configure how you want Notifier to send the Inventory Summary, follow the steps below:
Navigate to the
If you want the notifier to upload the inventory summary to a Cloud Storage
notifier: inventory: gcs_summary: enabled: true data_format: csv gcs_path: gs://path_to_foo_bucket
If you want the notifier to send the inventory summary via email, edit
notifier: inventory: email_summary: enabled: true sendgrid_api_key: <SENDGRID_API_KEY> sender: <SENDER EMAIL> recipient: <RECIPIENT EMAIL>
To configure how you want Notifier to send violation notifications, follow the steps below:
On a per-resources basis, the options below are available. You can use any combination of notifiers for each resource.
The following example shows how to update a
.yaml file to add email, Slack,
and Cloud Storage notifier for Cloud SQL violations:
notifier: resources: - resource: cloudsql_acl_violations should_notify: true notifiers: - name: gcs_violations configuration: data_format: csv gcs_path: gs://path_to_foo_bucket - name: email_violations configuration: data_format: csv sendgrid_api_key: foobar_key sender: email@example.com recipient: firstname.lastname@example.org,email@example.com,firstname.lastname@example.org - name: slack_webhook configuration: data_format: json webhook_url: https://hooks.slack.com/services/foobar
Forseti Security can configured to send violations to Cloud Security Command Center (Cloud SCC).
Cloud SCC API is now in public beta. Please see the steps below to setup and configure. The previous alpha API will no longer be supported for setup.
Security Center Admin
Security Center Sources Admin
Service Account Admin
Add Security Sources on the Cloud SCC Beta Dashboard.
Find the Forseti Cloud SCC Connector in Cloud Marketplace.
Security Center Findings Editorrole)
Security Center Findings Editorrole, which is required to write to the Cloud SCC Beta API to surface the findings in the Cloud SCC.
API & Services -> Library)
gcloud services enable securitycenter.googleapis.com
configs/forseti_conf_server.yaml, as follows:
forseti-security/configs/forseti_conf_server.yamlfrom the GCS bucket.
Navigate to the
The options below are available for you to configure:
organizations/12345. Used only in
Forseti Security can send email notifications using the SendGrid API. SendGrid is the suggested free email service provider for GCP. For information about how to get 12,000 free emails every month, see Sending email with SendGrid.
To use SendGrid to send email notifications for Forseti Security, follow the process below:
Note that SendGrid automatically includes an invisible tracking pixel in your emails. This may cause email warnings about opening images. To disable this, disable SendGrid Open Tracking.