Cloud Security

Overview

Manage Google Cloud Platform (GCP) account registration, configuration, and monitoring for CrowdStrike Falcon Cloud Security (CSPM). These cmdlets enable you to connect GCP projects, configure service accounts, and monitor security posture across your GCP infrastructure.

Prerequisites

CSPM registration: Read - Required for retrieval operations
CSPM registration: Write - Required for account provisioning and modifications

Get-FalconCloudGcpAccount

Search for registered Falcon Cloud Security GCP accounts.

Get-FalconCloudGcpAccount

Get-FalconCloudGcpAccount [-Id <string[]>] [-ParentType <string>] [-ScanType <string>] [-Status <string>] [-Sort <string>] [-Limit <int32>] [-Offset <int32>] [-All] [-Total]

Parameters

string[]

GCP resource identifier

ParentType

string

GCP hierarchy parent type. Valid values: Folder, Organization, Project

ScanType

string

Scan type. Valid values: dry, full

Status

string

Account status. Valid values: operational, provisioned

Sort

string

Property and direction to sort results

Limit

int32

Maximum number of results per request (default: 100)

Offset

int32

Position to begin retrieving results

All

switch

Repeat requests until all available results are retrieved

Total

switch

Display total result count instead of results

Example

# Get all GCP accounts
Get-FalconCloudGcpAccount -All

# Get operational projects
Get-FalconCloudGcpAccount -ParentType Project -Status operational

# Get accounts by organization
Get-FalconCloudGcpAccount -ParentType Organization

New-FalconCloudGcpAccount

Create a Falcon Cloud Security GCP account.

New-FalconCloudGcpAccount

New-FalconCloudGcpAccount [-ParentId <string>] [-ParentType <string>] [-ServiceAccountId <int32>] [-ServiceAccountCondition <hashtable[]>] [-ProjectId <string>] [-ClientId <string>] [-ClientEmail <string>] [-PrivateKeyId <string>] [-PrivateKey <string>]

Parameters

ParentId

string

Parent identifier

ParentType

string

Parent type

ServiceAccountId

int32

Service account identifier

ServiceAccountCondition

hashtable[]

Service account conditions

ProjectId

string

Project identifier

ClientId

string

Client identifier

ClientEmail

string

Client email

PrivateKeyId

string

Private key identifier

PrivateKey

string

Private key

Example

# Create GCP account with service account credentials
New-FalconCloudGcpAccount -ProjectId my-gcp-project -ClientId 123456789 -ClientEmail service@project.iam.gserviceaccount.com -PrivateKeyId abc123 -PrivateKey '-----BEGIN PRIVATE KEY-----...'

Edit-FalconCloudGcpAccount

Modify an existing Falcon Cloud Security GCP account.

Edit-FalconCloudGcpAccount

Edit-FalconCloudGcpAccount [-ParentId <string>] [-Environment <string>] [-ServiceAccount <object>]

Parameters

ParentId

string

GCP parent identifier

Environment

string

GCP environment

ServiceAccount

object

GCP service account object

Example

# Update GCP account environment
Edit-FalconCloudGcpAccount -ParentId my-parent-id -Environment production

Remove-FalconCloudGcpAccount

Remove Falcon Cloud Security GCP accounts.

Remove-FalconCloudGcpAccount

Remove-FalconCloudGcpAccount -Id <string[]>

Parameters

string[]

required

GCP resource identifier

Example

# Remove GCP account
Remove-FalconCloudGcpAccount -Id my-gcp-project-id

Get-FalconCloudGcpServiceAccount

Retrieve service account and email information for a Falcon Cloud Security GCP service account.

Get-FalconCloudGcpServiceAccount

Get-FalconCloudGcpServiceAccount -Id <string>

Parameters

string

required

GCP service account identifier

Example

# Get service account details
Get-FalconCloudGcpServiceAccount -Id my-service-account-id

Edit-FalconCloudGcpServiceAccount

Modify a Falcon Cloud Security GCP service account.

Edit-FalconCloudGcpServiceAccount

Edit-FalconCloudGcpServiceAccount -ServiceAccountId <int32> -ServiceAccountCondition <hashtable[]> -ProjectId <string> -ClientId <string> -ClientEmail <string> -PrivateKeyId <string> -PrivateKey <string>

Parameters

ServiceAccountId

int32

required

Service account identifier

ServiceAccountCondition

hashtable[]

required

Service account conditions

ProjectId

string

required

Project identifier

ClientId

string

required

Client identifier

ClientEmail

string

required

Client email

PrivateKeyId

string

required

Private key identifier

PrivateKey

string

required

Private key

Example

# Update service account
Edit-FalconCloudGcpServiceAccount -ServiceAccountId 12345 -ProjectId my-project -ClientId 123456789 -ClientEmail service@project.iam.gserviceaccount.com -PrivateKeyId abc123 -PrivateKey '-----BEGIN PRIVATE KEY-----...'

Test-FalconCloudGcpServiceAccount

Validate the credentials for a Falcon Cloud Security GCP service account.

Test-FalconCloudGcpServiceAccount

Test-FalconCloudGcpServiceAccount -ServiceAccountId <int32> -ServiceAccountCondition <hashtable[]> -ProjectId <string> -ClientId <string> -ClientEmail <string> -PrivateKeyId <string> -PrivateKey <string>

Parameters

ServiceAccountId

int32

required

Service account identifier

ServiceAccountCondition

hashtable[]

required

Service account conditions

ProjectId

string

required

Project identifier

ClientId

string

required

Client identifier

ClientEmail

string

required

Client email

PrivateKeyId

string

required

Private key identifier

PrivateKey

string

required

Private key

Example

# Validate service account credentials
Test-FalconCloudGcpServiceAccount -ServiceAccountId 12345 -ProjectId my-project -ClientId 123456789 -ClientEmail service@project.iam.gserviceaccount.com -PrivateKeyId abc123 -PrivateKey '-----BEGIN PRIVATE KEY-----...'

Invoke-FalconCloudGcpHealthCheck

Perform a synchronous health check for a Falcon Cloud Security GCP parent account.

Invoke-FalconCloudGcpHealthCheck

Invoke-FalconCloudGcpHealthCheck [-ParentId <string>]

Parameters

ParentId

string

GCP parent account identifier

Example

# Run health check
Invoke-FalconCloudGcpHealthCheck -ParentId my-parent-id

Receive-FalconCloudGcpScript

Download a Bash script which grants Falcon Cloud Security access using Google Cloud Shell.

Receive-FalconCloudGcpScript

Receive-FalconCloudGcpScript [-Id <string[]>] [-ParentType <string>] -Path <string> [-Force]

Parameters

string[]

GCP resource identifier

ParentType

string

GCP hierarchy parent type. Valid values: Folder, Organization, Project

Path

string

required

Destination path for the script (.sh extension)

Force

switch

Overwrite existing file when present

Example

# Download GCP registration script
Receive-FalconCloudGcpScript -Path ./gcp-register.sh -ParentType Project -Id my-project-id

# Download for organization
Receive-FalconCloudGcpScript -Path ./gcp-org.sh -ParentType Organization

Overview

Authentication

Alerts & Detections

Host Management

Real-time Response

Threat Intelligence

Policy Management

Identity & Access

Security Operations

Monitoring & Analysis

Utilities

​Overview

​Prerequisites

​Get-FalconCloudGcpAccount

​Parameters

​Example

​New-FalconCloudGcpAccount

​Parameters

​Example

​Edit-FalconCloudGcpAccount

​Parameters

​Example

​Remove-FalconCloudGcpAccount

​Parameters

​Example

​Get-FalconCloudGcpServiceAccount

​Parameters

​Example

​Edit-FalconCloudGcpServiceAccount

​Parameters

​Example

​Test-FalconCloudGcpServiceAccount

​Parameters

​Example

​Invoke-FalconCloudGcpHealthCheck

​Parameters

​Example

​Receive-FalconCloudGcpScript

​Parameters

​Example

​Related Resources

Build docs developers (and LLMs) love

Overview

Prerequisites

Get-FalconCloudGcpAccount

Parameters

Example

New-FalconCloudGcpAccount

Parameters

Example

Edit-FalconCloudGcpAccount

Parameters

Example

Remove-FalconCloudGcpAccount

Parameters

Example

Get-FalconCloudGcpServiceAccount

Parameters

Example

Edit-FalconCloudGcpServiceAccount

Parameters

Example

Test-FalconCloudGcpServiceAccount

Parameters

Example

Invoke-FalconCloudGcpHealthCheck

Parameters

Example

Receive-FalconCloudGcpScript

Parameters

Example

Related Resources