BLACKSHIELD

Guia público

Deploy Network Sensor on GCP

Stream live traffic using Packet Mirroring, deploy sensor VM with Terraform, and ingest findings via the managed SIEM connector. Público: Platform engineers, GCP administrators, security engineers. Tempo típico de configuração: 10 minutes.

quickstart

Use isto se

Stream live traffic using Packet Mirroring, deploy sensor VM with Terraform, and ingest findings via the managed SIEM connector.

Audience
Platform engineers, GCP administrators, security engineers
Typical time
10 minutes

Antes de começar

  • You have a GCP project with production VMs running workloads.
  • You have created an ingestion API key in Settings → API Keys with Ingestion scope.
  • You have the gcloud CLI configured with appropriate permissions to create compute resources.

Caminho rápido

Copy a working starter, run it in your environment, then come back here for the deeper rollout details.

Obtém o bundle de código fonte

Descarrega os ficheiros exatos usados neste guia ou executa o instalador de um só comando para os escrever localmente antes do deploy.

GCP network sensor Terraform source

Creates the GCP Terraform project under `deploy/gcp-network-sensor/` with the current platform API URL prefilled for packet mirroring-based network telemetry ingestion.

deploy/gcp-network-sensor/
bash
BLACKSHIELD_NETWORK_SENSOR_IMAGE=public.ecr.aws/blackshield-security/network-sensor:1.0.0 \
BLACKSHIELD_API_URL=https://api.blackshield.chaplau.com \
bash <(curl -fsSL https://blackshield.chaplau.com/source-bundles/gcp-network-sensor.sh)
cd deploy/gcp-network-sensor
Descarregar fonte

Executar isto

gcp-packet-mirroring.sh

bash
#!/bin/bash
# Set up GCP Packet Mirroring

PROJECT_ID="my-project"

gcloud compute health-checks create tcp network-sensor-health \
  --port=8080 \
  --project="$PROJECT_ID"

Entender e personalizar

Use the guided steps below when you want to tailor the rollout, validate ownership, or expand the deployment safely.

Passo 1

Configure Packet Mirroring

Set up packet mirroring policy to duplicate traffic from production VMs to the sensor instance.

  • Create a backend service with health check (TCP port 8080 or custom port).
  • Create a forwarding rule and internal load balancer as the packet mirroring target.
  • Define packet mirroring policy to capture traffic from source VMs (use tags or network filters).
  • Enable ALL_IPV4_TRAFFIC or restrict to specific ports; verify mirroring is active.

Como é o sucesso

Enable ALL_IPV4_TRAFFIC or restrict to specific ports; verify mirroring is active.

Open GCP network sensor prep

Passo 2

Deploy sensor VM with Terraform

Use the source bundle on this page to download the GCP network sensor Terraform project and deploy it.

  • Use the source bundle on this page to download the GCP network sensor Terraform project into deploy/gcp-network-sensor/ with `api_url` already prefilled for your deployed platform.
  • Copy terraform.tfvars.example to terraform.tfvars and customize: GCP project ID, region, VPC network, subnet, and API key.
  • Run: terraform init && terraform apply — creates instance group, firewall rules, service account, health checks, and managed identity.
  • The VMs automatically pull the sensor image and start ingestion.

Como é o sucesso

The VMs automatically pull the sensor image and start ingestion.

GCP Deployment Guide

Passo 3

Verify ingestion

Confirm the sensor is capturing traffic and streaming findings to the platform.

  • SSH to the VM: gcloud compute ssh [instance-name] --zone [zone]
  • Check container logs: docker logs -f $(docker ps -q)
  • Verify packet mirroring: look for 'listening on VXLAN' or 'capture interface ready'.
  • Check the platform Findings view for network-based alerts within 5 minutes.

Como é o sucesso

Check the platform Findings view for network-based alerts within 5 minutes.

View Findings · Requer login

Como é o sucesso

  • Findings are flowing to the platform with scanner=network (GCP) in the Findings view.
  • Packet mirroring policy shows 'ACTIVE' status.
  • Sensor VM CPU and memory utilization are within expected ranges.
Deploy Network Sensor on GCP | Documentação BlackShield