Add details

Author: maxvp

src/content/docs/cloudflare-one/applications/casb/casb-integrations/gcp-cloud-storage.mdx

@@ -16,8 +16,8 @@ import { Render } from "~/components";
 
 ## Integration prerequisites
 
-- A GCP account using Cloud Storage
-- For initial setup, access to the GCP account with permission to create a new IAM Role with the scopes listed below.
+- A GCP account using Cloud Storage.
+- For initial setup, access to the GCP account with permission to create a new Service Account with the scopes listed below.
 
 ## Integration permissions
 
@@ -30,14 +30,14 @@ These permissions follow the principle of least privilege to ensure that only th
 
 ## Compute account
 
-You can connect an AWS compute account to your CASB integration to perform [Data Loss Prevention](/cloudflare-one/policies/data-loss-prevention/) scans within your S3 bucket and avoid data egress. CASB will scan any objects that exist in the bucket at the time of configuration.
+You can connect an GCP compute account to your CASB integration to perform [Data Loss Prevention](/cloudflare-one/policies/data-loss-prevention/) scans within your Cloud Storage bucket and avoid data egress. CASB will scan any objects that exist in the bucket at the time of configuration.
 
 ### Add a compute account
 
-To connect a compute account to your AWS integration:
+To connect a compute account to your GCP integration:
 
 1. In [Zero Trust](https://one.dash.cloudflare.com), go to **CASB** > **Integrations**.
-2. Find and select your AWS integration.
+2. Find and select your GCP integration.
 3. Select **Open connection instructions**.
 4. Follow the instructions provided to connect a new compute account.
 5. Select **Refresh**.
@@ -46,10 +46,10 @@ You can only connect one computer account to an integration. To remove a compute
 
 ### Configure compute account scanning
 
-Once your AWS compute account has successfully connected to your CASB integration, you can configure where and how to scan for sensitive data:
+Once your GCP compute account has successfully connected to your CASB integration, you can configure where and how to scan for sensitive data:
 
 1. In [Zero Trust](https://one.dash.cloudflare.com), go to **CASB** > **Integrations**.
-2. Find and select your AWS integration.
+2. Find and select your GCP integration.
 3. Select **Create new configuration**.
 4. In **Resources**, choose the buckets you want to scan. Select **Continue**.
 5. Choose the file types, sampling percentage, and [DLP profiles](/cloudflare-one/policies/data-loss-prevention/dlp-profiles/) to scan for.
@@ -59,100 +59,40 @@ Once your AWS compute account has successfully connected to your CASB integratio
 
 CASB will take up to an hour to begin scanning. To view the scan results, go to **CASB** > **Content** > **Cloud**.
 
-To manage your resources, go to **CASB** > **Integrations**, then find and select your AWS integration. From here, you can pause all or individual scans, add or remove resources, and change scan settings.
+To manage your resources, go to **CASB** > **Integrations**, then find and select your GCP integration. From here, you can pause all or individual scans, add or remove resources, and change scan settings.
 
 For more information, refer to [Content findings](/cloudflare-one/applications/casb/manage-findings/#content-findings).
 
 ## Security findings
 
 <Render
 	file="casb/security-findings"
-	params={{ integrationName: "AWS S3", slugRelativePath: "aws-s3" }}
+	params={{
+		integrationName: "GCP Cloud Storage",
+		slugRelativePath: "gcp-cloud-storage",
+	}}
 />
 
-### S3 Bucket security
-
-Flag security issues in S3 Buckets, including overpermissioning, access policies, and user security best practices.
-
-| Finding type                                             | FindingTypeID                          | Severity |
-| -------------------------------------------------------- | -------------------------------------- | -------- |
-| S3 Bucket ACL Allows Any Authenticated User to Write     | `09bc7d1f-e682-43bc-a4ce-e6e03b408244` | Critical |
-| S3 Bucket ACL Allows Any Authenticated User to Write ACP | `9392a460-c566-4e0d-b06b-01d87dc84d7c` | Critical |
-| S3 Bucket ACL Allows Public ACP Write                    | `5b792c7f-2546-4fcd-96dc-a58a53fea7e0` | Critical |
-| S3 Bucket ACL Allows Public Write                        | `f50ae197-fa0a-4caa-be95-79aed91eed63` | Critical |
-| S3 Bucket Policy Allows Any Authenticated User to Write  | `70fe0596-28bc-41dd-a2c3-1486fb0fb1dd` | Critical |
-| S3 Bucket Policy Allows Public Write                     | `5e2aac4b-d8be-43dc-b324-84fdf63f760e` | Critical |
-| S3 Bucket Publicly Accessible                            | `6b1276e3-88e8-4150-a4d5-1b8273f11078` | Critical |
-| S3 Bucket ACL Allows Any Authenticated User to Read      | `fda31c4d-24dc-43d4-8a84-a1a9e1df01a1` | High     |
-| S3 Bucket ACL Allows Any Authenticated User to Read ACP  | `7232e46b-3539-4080-b905-022f1091556c` | High     |
-| S3 Bucket ACL Allows Public ACP Read                     | `e324242c-5feb-41a3-8d91-f70611471fad` | High     |
-| S3 Bucket ACL Allows Public Read                         | `f8c9f979-29f0-4ada-b09e-a149937a55d4` | High     |
-| S3 Bucket Policy Allows Any Authenticated User to Read   | `c6b3a745-b535-45ea-b2c0-ba8a139ca634` | High     |
-| S3 Bucket Policy Allows Public Read                      | `f3915412-eef9-47d9-8448-e04462de8ba2` | High     |
-| S3 Bucket Without MFA Delete Enabled                     | `f108bd28-9870-453f-a439-01818e85bdc7` | High     |
-| S3 Bucket Without Server-Side Encryption (SSE)           | `7817b383-79c3-44ca-8d5d-e01748afe75b` | High     |
-| S3 Bucket Encryption in Transit Disabled                 | `0b3227dd-63d3-46bc-97b3-e62d9c11567a` | Medium   |
-| S3 Bucket MFA Delete Disabled                            | `518697ff-3f7e-463e-acf3-79d106599f0e` | Medium   |
-| S3 Bucket ACL Allows Public List                         | `e3c8a170-7817-4151-bd01-55442f4416ea` | Medium   |
-| S3 Bucket Objects Can Be Public                          | `0ff170dc-be6b-46fa-a1cf-95ca7d067f4b` | Medium   |
-| S3 Bucket Policy Allows Any Authenticated AWS User       | `264be783-7fe1-4f50-aee7-d8df370b7b77` | Medium   |
-| S3 Bucket Policy Allows Any Authenticated User to Delete | `4431eaeb-63e3-43c1-a4bc-029f09da66fd` | Medium   |
-| S3 Bucket Policy Allows Any Authenticated User to List   | `319c9715-b86d-4215-bdfa-c5d9b3a5cc83` | Medium   |
-| S3 Bucket Policy Allows Public Delete                    | `bbbeacbc-6692-4121-a785-d634da1e5c56` | Medium   |
-| S3 Bucket Policy Allows Public List                      | `f7ae03e3-1303-4404-b6f5-a7f97e52105e` | Medium   |
-| S3 Bucket Server Side Encryption Disabled                | `d69ab398-fba8-4e71-bf49-60af48d00cbc` | Medium   |
-| S3 Bucket Without Access Logging                         | `67d0995d-7b4a-40c5-a43f-7a98d20faac6` | Medium   |
-| S3 Bucket Without AWS CloudTrail Logging                 | `89366ebe-ca0b-45fc-a9cb-135674e0a49b` | Medium   |
-| S3 Bucket Without Cross-Region Replication               | `d4e5c815-33e3-4a01-b852-fe040d51ee55` | Medium   |
-| S3 Bucket Without Default Encryption                     | `fb7a41af-294c-4e9b-a6ca-a1fed35542d6` | Medium   |
-| S3 Bucket Without Lifecycle Policies                     | `2df6f1b8-e41c-4ab5-a466-992ce485a367` | Medium   |
-| S3 Bucket Without Object-Level Logging                   | `9af2594c-3999-49c9-bd3d-2f4b091f99c0` | Medium   |
-| S3 Bucket Without Replication Enabled                    | `cb61ef18-a498-456c-985c-78a45e19f4fe` | Medium   |
-| S3 Bucket Without Versioning Enabled                     | `95e1284f-a514-4396-bf64-cd003818790c` | Medium   |
-| S3 Bucket Access Logging Disabled                        | `84ba76fa-4703-490e-ab75-1b554993c054` | Low      |
-| S3 Bucket Lifecycle Disabled                             | `970d2ca8-e189-42a8-8e86-9f674fcb1aea` | Low      |
-| S3 Bucket Policy Not Existent                            | `3e1d0535-d82f-4ed1-9664-d2c50905db17` | Low      |
-| S3 Bucket Versioning Disabled                            | `4e976e0d-b545-4c4a-99c5-a2f5d9a6f3d8` | Low      |
-
-### IAM Policies
-
-Identify AWS IAM-related security issues that could affect S3 Bucket and Object security.
-
-| Finding type                                                    | FindingTypeID                          | Severity |
-| --------------------------------------------------------------- | -------------------------------------- | -------- |
-| IAM Account Password Policy Does Not Exist                      | `e39ee4da-eed5-49d0-95f7-b423884b858c` | Critical |
-| IAM Account Password Policy Doesn't Require Lowercase Letters   | `9278444b-0c38-4ed0-8127-f3f25444811c` | High     |
-| IAM Account Password Policy Doesn't Require Passwords to Expire | `5be79a96-4570-45cf-8ba3-1abe62802d16` | High     |
-| IAM Account Password Policy Doesn't Require Symbols             | `dd17afa3-4d4c-49e4-84c3-e829af9fff97` | High     |
-| IAM Account Password Policy Doesn't Require Uppercase Letters   | `e4976e53-bab5-4276-a1d3-1d85ebfd4d57` | High     |
-| IAM Account Password Policy Max Age is greater than 90 days     | `4e1092a0-7092-405f-a991-537d8c371440` | High     |
-| IAM Account Password Policy Minimum Length is less than 8       | `2a2fa181-7beb-48ba-bc8d-8f1170c6062c` | High     |
-| IAM Account Password Policy Re-use Prevention is less than 5    | `a4791a20-373f-44d3-9f6e-e61f1685fe05` | High     |
-| IAM Role with Cross-Account Access                              | `8de72710-b23a-4d94-915e-26ef7249d21e` | High     |
-| IAM Access Key Inactive over 90 Days                            | `37d1adb1-8e37-4708-a849-e06945c60802` | Medium   |
-| IAM Access Key Not Rotated over 90 Days                         | `d2caf571-4c99-4da7-a21c-4384f8cb4e5c` | Medium   |
-| IAM User Console Login Inactive Over 90 Days                    | `82b50a4d-8582-4766-9bad-f41b441bf336` | Medium   |
-| IAM User MFA Disabled                                           | `4679563f-5975-4c68-9dbf-896810ec8de9` | Medium   |
-| IAM User Password Older Than 90 Days                            | `c5376384-e4e4-4b2c-af84-12d6740939f0` | Medium   |
-| IAM Account Password Policy Doesn't Require Numbers             | `15c65813-c7e6-4b22-95b3-b3942c8b8924` | Low      |
-
-### Root User Management
-
-Detect security issues related to the use of an IAM Root User, which has the ability to access and configure important settings.
-
-| Finding type                                      | FindingTypeID                          | Severity |
-| ------------------------------------------------- | -------------------------------------- | -------- |
-| AWS Root User Access Key Used within Last 90 Days | `9d23c002-aece-42b5-b082-2b51fab8d7c1` | Critical |
-| AWS Root User has Access Keys                     | `1b788d31-ed56-4008-b136-6993f38e4d1c` | Critical |
-| AWS Root User Logged in within Last 90 Days       | `e9959d6e-edc9-4ea3-9113-3c30b02a811e` | Critical |
-| AWS Root User MFA Disabled                        | `19abe0ee-e8bd-4e3b-9ee9-ea5c64fe769c` | Critical |
-
-### Certificates
-
-Catch certificate-related issues and risks to prevent malicious compromise of internal resources.
-
-| Finding type                           | FindingTypeID                          | Severity |
-| -------------------------------------- | -------------------------------------- | -------- |
-| ACM Certificate Expired                | `30ce0a22-eb3d-457d-bc59-6468f9bb4c4f` | Critical |
-| ACM Certificate Has Domain Wildcard    | `d313bc0c-a2fb-41d8-b5a8-ef2704bb5570` | High     |
-| ACM Certificate Expires within 30 days | `cd93f2c1-9b07-4e6c-964c-79f3a64d56ac` | Medium   |
+### Cloud Storage Bucket security
+
+Flag security issues in Cloud Storage Buckets, including overpermissioning, access policies, and user security best practices.
+
+| Finding type                                                                     | FindingTypeID                          | Severity |
+| -------------------------------------------------------------------------------- | -------------------------------------- | -------- |
+| Google Cloud Platform: GCS Bucket Allows Public Write                            | `4583f5a9-a343-4e2f-a8b3-9237a911f337` | Critical |
+| Google Cloud Platform: GCS Bucket IAM Policy Allows Public Access                | `032c1e88-0cff-47f6-8d75-046e0a7330de` | Critical |
+| Google Cloud Platform: GCS Bucket Publicly Accessible                            | `cc028a95-46d4-4156-ac11-bc5713529824` | Critical |
+| Google Cloud Platform: Public Access Prevention Enabled But Policy Grants Public | `cc02680e-9cc3-49d1-99d5-29d425bf142f` | Critical |
+| Google Cloud Platform: GCS Bucket ACL Grants All Authenticated Users Access      | `e1a588af-0500-482e-b59d-fd2693ce7fc0` | Critical |
+| Google Cloud Platform: GCS Bucket ACL Grants All Users Public Access             | `1904c004-8d4f-470e-9460-e77db23d6a86` | Critical |
+| Google Cloud Platform: Public Access Prevention but ACL Grants allUsers          | `fcf2e27e-673f-4cd2-9b76-ec89c4c5872c` | Critical |
+| Google Cloud Platform: GCS Bucket Versioning Disabled                            | `bd66e214-f205-4e00-bd68-121dad0a7988` | High     |
+| Google Cloud Platform: GCS Bucket Without KMS Encryption                         | `0105d9c4-1a01-4b65-b33e-df6c55905147` | High     |
+| Google Cloud Platform: GCS Uniform Bucket-Level Access Disabled                  | `6960b459-aa9e-4b41-84f6-26cdb75a1995` | High     |
+| Google Cloud Platform: GCS Bucket IAM Policy Allows Public Read                  | `10420f34-8fdd-49cb-8d38-096a2de5824f` | High     |
+| Google Cloud Platform: GCS Bucket Lacks Lifecycle Rules                          | `edcd5a8b-b128-404b-8207-23a80f669b65` | Medium   |
+| Google Cloud Platform: GCS Bucket Logging Disabled                               | `d26f43c8-9406-481c-8c8b-1a7f05f3cc27` | Medium   |
+| Google Cloud Platform: GCS Bucket Not Using 'Soft Delete'                        | `5542ed8e-77a6-43c1-8b9e-935e66009d34` | Medium   |
+| Google Cloud Platform: GCS Bucket Retention Policy Disabled                      | `2d4a247c-8adb-4f2b-ae58-3568d633cb81` | Medium   |
+| Google Cloud Platform: GCS Bucket IAM Policy Not Version 3                       | `ade2ede6-08c7-4962-b084-f6a29ee4a5b8` | Low      |
+| Google Cloud Platform: GCS Bucket IAM Policy Using Legacy Roles                  | `11a592b9-4f51-4a1a-9925-a48a5ed01521` | Low      |