Introduction to GCP Events

Aqua CSPM Events provides real-time visibility into the activities happening inside of your GCP account. You can monitor the events and get notified of any problems within your GCP services. GCP events are handled through GCP log router and Pub/Sub topic. 


To read more about Events, see Real-Time Events Overview.


Setting up Events

Follow the below steps to configure Events for your AWS account


Step 1: Ensure your GCP account is connected

  • Follow the onboarding steps to ensure your GCP account is connected to Aqua CSPM.
  • Ensure that your account appears on the Cloud Accounts page and is "enabled" for scanning.


Step 2: Begin the Events connection process

  • From the Aqua CSPM console, navigate to the Event Connection Wizard.
  • Select your GCP account from the drop-down list.


If your account is not in the list, repeat step 1 to ensure it is properly connected and scanning.


Step 3: Complete the Events connection process

  • Ensure that you are logged into your google cloud account in the proper project with permission to create pub-sub and log router resources.
  • Run the following shell script in google cloud shell:
scriptPath='https://s3.amazonaws.com/cloudsploit-remediation-resources/production/google/events.sh' && eventUUID='0dde6eec-1b11-426b-9dd0-9983980fb779' && curl $scriptPath -O && sed -i 's/\r$//' events.sh && sh events.sh $eventUUID
  • When the script finishes running the event service should be connected.


Step 4: Validate the Events connection

  • Once you complete the deployment, you can monitor the Events page for any new events produced in your GCP account.
  • To trigger a test event, try adding a security group rule to an existing security group and then deleting it. This will trigger the Events service and save the event.