Notifier can dispatch a variety of messages through various channels and varying formats to you to events in your Google Cloud Platform (GCP) environment.
Types of notifications
Channels used to notify
The possible formats of notifications
Forseti security provides an interface to add the email connector of your
choice. The email_connector
information will be used when sending out
all email notifications.
To configure email_connector
, follow the steps below:
forseti-security/configs/server/forseti_conf_server.yaml
.notifier
> email_connector
section.If you want the notifier to send violations and/or inventory summary via email, provide the corresponding values for all the fields mentioned below.
name
auth
api_key
api_secret
campaign
sender
recipient
john@mycompany.com,jane@mycompany.com
.data_format
csv
or json
.To configure other email connector, name
and auth
fields should be modified
accordingly.
notifier:
email_connector:
name: sendgrid
auth:
api_key: {SENDGRID_API_KEY}
sender: {SENDER EMAIL}
recipient: {RECIPIENT EMAIL}
data_format: csv
To configure other email connector, name
and auth
fields should be modified
accordingly.
notifier:
email_connector:
name: mailjet
auth:
api_key: {Mailjet_API_KEY}
api_secret: {Mailjet_API_secret}
campaign: {Mailjet_Campaign}
sender: {SENDER EMAIL}
recipient: {RECIPIENT EMAIL}
data_format: csv
This is a count of what resources have been crawled into inventory, and output to a Cloud Storage bucket.
To configure how you want Notifier to send the Inventory Summary, follow the steps below:
Open forseti-security/configs/server/forseti_conf_server.yaml
.
Navigate to the notifier
> inventory
section.
If you want the notifier to upload the inventory summary to a Cloud Storage
bucket, edit gcs_summary
:
enabled
true
or false
.gcs_path
gs://
.notifier:
inventory:
gcs_summary:
enabled: true
data_format: csv
gcs_path: gs://path_to_foo_bucket
If you want the notifier to send the inventory summary via email, edit
email_summary
:
enabled
true
or false
notifier:
inventory:
email_summary:
enabled: true
To configure how you want Notifier to send violation notifications, follow the steps below:
forseti-security/configs/server/forseti_conf_server.yaml
.notifier
> resources
section.On a per-resources basis, the options below are available. You can use any combination of notifiers for each resource.
should_notify
true
or false
name
email_violations
, or slack_webhook
.data_format
csv
or json
.json
type.gcs_path
gs://
.webhook_url
Note: To send violation notifications via email, you need to use name
field only. Connector details needs to be provided in the email_connector
section.
The following example shows how to update a .yaml
file to add email, Slack,
and Cloud Storage notifier for Cloud SQL violations:
notifier:
resources:
- resource: cloudsql_acl_violations
should_notify: true
notifiers:
- name: gcs_violations
configuration:
data_format: csv
gcs_path: gs://path_to_foo_bucket
- name: email_violations
- name: slack_webhook
configuration:
data_format: json
webhook_url: https://hooks.slack.com/services/foobar
Forseti Security can be configured to send violations to Cloud Security Command Center (Cloud SCC).
Cloud SCC API is now Generally Available (GA). Please see the steps below to setup and configure.
Organization Admin
Security Center Admin
Security Center Sources Admin
Service Account Admin
Select Add Security Sources
on the Cloud SCC Dashboard.
Find the Forseti Cloud SCC Connector in Cloud Marketplace.
Security Center Findings Editor
role)Security
Center Findings Editor
role, which is required to write to the Cloud SCC API
to surface the findings in the Cloud SCC.API & Services -> Library
)gcloud services enable securitycenter.googleapis.com
Using Terraform
cscc_violations_enabled
true
or false
cscc_source_id
<organizations/ORG_ID/sources/SOURCE_ID>
To verify violations appear in the Cloud SCC Dashboard, run the notifier after you have built an inventory and run the scanner.
Forseti Security can send email notifications using the SendGrid or Mailjet API. SendGrid is the suggested free email service provider for GCP. For information about how to get 12,000 free emails every month, see Sending email with SendGrid.
To use SendGrid to send email notifications for Forseti Security, follow the process below:
email_connector
section in forseti_conf_server.yaml
to provide
SendGrid specific details.Note that SendGrid automatically includes an invisible tracking pixel in your emails. This may cause email warnings about opening images. To disable this, disable SendGrid Open Tracking.
To use Mailjet, you should have a contract with mailjet then collect an API Key, an API secret and optionnaly a campaign name if you want to be able to use a specific campaign tag for foresti.
sendgrid_connector.py
under
google.cloud.forseti.common.util.email
.EMAIL_CONNECTOR_FACTORY
in email_factory.py
with the
new connector and connector specific class that was created.email_connector
section under notifier
in
forseti_conf_server.yaml
with configuration details of the new connector.