Adding a Google Cloud project (January 2025 update)

Procedure

1. Sign in to the Trend Vision One console.
2. In a new tab in the same browser session, sign in to the Google Cloud project you want to connect and access the Cloud Shell.
3. In the Trend Vision One console, go to Cloud Security → Cloud Accounts → Google Cloud.
4. Click Add Project.
   The Add Google Cloud Project screen appears.
5. Specify a Project name for the project which appears in the Cloud Accounts list.
   The project name only appears in the Cloud Accounts app.
6. Specify the Project ID.
7. Specify a Description to help identify the purpose of the connection.
8. Select the region to deploy the terraform script.

   Important The selected region must be the same as your Cloud Shell region. Attempting to run a terraform script for a different region can cause the deployment to fail. The default region is based on your Trend Vision One region.

9. Click Next.
10. Choose which Features and Permissions to enable on the account.
    • Core Features: Connect your Google Cloud project to Trend Vision One to discover your cloud assets and rapidly identify risks such as compliance and security best practice violations on your cloud infrastructure.
    • Agentless Vulnerability & Threat Detection: Deploy Agentless Vulnerability & Threat Detection in your Google Cloud project to discover vulnerabilities and malware in your Google Cloud VM instances, Disks, and Google Artifact Registry images with zero impact to your applications.
      Select the regions you want to deploy the feature to.

    For more information about each feature and permission, see Google Cloud features and permissions.
11. Click Next.
12. In Google Cloud Shell, access the command line interface.

    Note The Connect Google Cloud Project screen in the Trend Vision One console provides a set of commands to help complete the following steps. To complete the connection process, you must copy each command provided in the screen to enable the Done button.

13. Access the project you want to connect.
    Copy the command or type gcloud config set project [project ID] where [project ID] is the Project ID you want to connect.
14. Create a new directory for the deployment folder within the project you want to connect, then access the folder.
    Copy the command or type mkdir [Project ID] && cd [Project ID].

    Note Trend Micro recommends using the Project ID as the name for the deployment folder. While you can specify any directory name you want, you must ensure the folder has a unique name and that there are no other terraform files in the deployment folder.

15. Choose your upload method.
    • To use a command to upload the template directly to your CloudShell, select Upload via CLI.
      Copy and paste the curl command into your CloudShell interface to retrieve the template package. The command is dynamically generated based on your account and region.
    • To download the template first and upload from your local machine, select Manual Upload.
      Click Download the Terraform Template to save the template to your local machine. Make sure your CloudShell environment is set to the same region you selected for the terraform deployment before uploading the package.
16. Extract the template using the command in the Add Google Cloud Project screen.
    The .zip file name contains a randomly generated number. Copy the command to extract the file.
17. Access the deployment folder.
    Copy the command or type cd cloud-account-management-terraform-package.

    Important The resource creation script must be the only terraform file in the directory. Having more than one terraform file in the folder interferes with deployment process and might cause the connection to fail.

18. Run the deployment script.
    • If you are deploying without enabling Agentless Vulnerability & Threat Detection, type the command ./deploy.sh.
    • If you are deploying with Agentless Vulnerability & Threat Detection enabled, use one of the following commands to specify sidecar project and billing handling. For more information about sidecar projects, see Get started with Agentless Vulnerability & Threat Detection in Google Cloud.
      • To allow Trend Vision One to automatically detect your Google Cloud billing info and create a sidecar project, type the command ./deploy.sh without any parameters.
      • To specify your Google Cloud billing info and allow Trend Vision One to create a sidecar project, type the command ./deploy.sh --billing_account "[billingID]".
      • To specify a sidecar project, type the command ./deploy.sh --sidecar_project_id "[sidecarID]". Trend Vision One does not require your Google Cloud billing info if you specify the sidecar project.
      • To specify both your billing info and sidecar project, type the command ./deploy.sh --billing_account "[billingID]" --sidecar_project_id "[sidecarID]"
      • To deploy all resources to your connected project without using a sidecar project, type the command ./deploy.sh --billing_account "[billingID]" --sidecar_project_id "[projectID]"

    Important To manually specify a sidecar project, you must have a sidecar project configured before updating. If you are not using a sidecar project, the projectID parameter must be the same as the project you are connecting.

    Google Cloud Shell begins the terraform process to deploy Trend Vision One security resources.
19. In the Trend Vision One console, in the Add Google Cloud Project screen, click Done.

    Note If the Done button is not enabled, make sure you have copied the command line for each step on the screen.

    The connection process might take a few moments to complete. You can refresh the Cloud Accounts screen to check the status of your added project.