[EXTERNAL] Cloud Asset Inventory product updates | May 13th, 2021

[Sophia Yang]

Google Cloud Asset Inventory Updates | May 13th, 2021

ASSET SERVICES

GA launch: Asset Insights

As part of the effort in bringing more insights into your assets for you, Cloud Asset Inventory just launched 7 types of Asset Insights through the Active Assist platform to GA. This initial set of asset insights focuses on proactively detecting anomalies within your organization’s IAM policies, which may be opportunities for improving security pasture. The insights can be aggregated from the Organization, Folder or Project level. [Documentation]

The 7 types of Asset Insights are: 

• External members in IAM policies. 

• External users that impersonate your service accounts.

• External members as policy editors.

• External users who can view cloud storage buckets.

• Terminated users/groups that are still in IAM policies

• IAM policies containing all users or all authenticated users.

• Projects with only terminated users as owners.

GA launch: Policy Analyzer to support time based IAM Conditions

Policy Analyzer just got more powerful with the IAM Conditions support! You can set accessTime in your request to evaluate IAM access more accurately. For example, a user might only be granted access during a certain time each day. With the help of the new IAM condition support, you can successfully analyze the user’s access based on a specific time to reduce “false positives”. The Conditions support is currently only available through API and CLI. [Documentation]

ASSET COVERAGE

More Assets are available through Export, Realtime, Search and Analysis

The following resource types are now publicly available through the Export APIs (ExportAssets and BatchGetAssetsHistory) and the Feed API:

• Cloud AI Platform (Unified)

• aiplatform.googleapis.com/BatchPredictionJob

• aiplatform.googleapis.com/CustomJob

• aiplatform.googleapis.com/DataLabelingJob

• aiplatform.googleapis.com/Dataset

• aiplatform.googleapis.com/Endpoint

• aiplatform.googleapis.com/HyperparameterTuningJob

• aiplatform.googleapis.com/Model

• aiplatform.googleapis.com/SpecialistPool

• aiplatform.googleapis.com/TrainingPipeline

• Cloud Document AI

• documentai.googleapis.com/HumanReviewConfig

• documentai.googleapis.com/LabelerPool

• documentai.googleapis.com/Processor

The following resource types are now publicly available through the resource search API (SearchAllResources) and policy search API (SearchAllIamPolicies):

• Service Usage

• serviceusage.googleapis.com/Service

• Cloud Data Fusion

• datafusion.googleapis.com/Instance

The following resource types are now publicly available through the analyze policy APIs (AnalyzeIamPolicy and AnalyzeIamPolicyLongrunning):

• Cloud Composer

• composer.googleapis.com/Environment

• Cloud Run

• run.googleapis.com/Service

• run.googleapis.com/Revision

• Cloud TPU

• tpu.googleapis.com/Node

• Cloud Storage

• storage.googleapis.com/Bucket

If you have any questions or feedback, please email gcp-asset-inventory...@googlegroups.com.

To receive product updates from Asset Inventory,  please join our mailing list here.

Thanks very much,

Google Cloud Asset Inventory team

--

                                                                                            

• Sophia Yang • Product Manager • Google Cloud Asset Inventory and Search • xiao...@google.com