Export Data to a Google Cloud Storage Bucket
The Mondoo Google Cloud Storage integration lets you continuously export your space data, such as assets and vulnerabilities, to a Cloud Storage bucket. The export runs approximately every 24 hours.
Requirements
-
A GCP account
-
Editor or Owner access to the space from which you want to export data
Create a service account for your Google Cloud Storage integration
To access the data it needs, your Cloud Storage integration needs a GCP service account. To learn about service accounts, read Understanding service accounts in the Google documentation.
-
Create a new GCP service account for the Mondoo integration to use.
For instructions, read Creating and managing service accounts in the Google documentation.
Note the email address created for the new service account.
-
Create a JSON key for the service account.
For instructions, read Create and manage service account keys in the Google documentation.
Save the JSON file that downloads to your workstation when you create the key. You need it to configure the integration (in the next section below).
Create a Cloud Storage bucket
Your Cloud Storage integration needs a bucket to which to export data. To learn about buckets, read About Cloud Storage buckets in the Google documentation.
Create a new GCP Cloud Storage bucket for the Mondoo integration to use. For instructions, read Create buckets in the Google documentation.
-
Assign the "Storage Object Creator" role (roles/storage.objectCreator) for the bucket to the GCP service account you created in the instructions above.
For instructions, read Manage access to projects, folders, and organizations in the Google documentation.
For a description of the permissions that the "Storage Object Creator" role grants, read Understanding roles in the Google documentation.
Add a new Cloud Storage integration
-
Access the Integrations > Add > GCP Cloud Storage Bucket page in one of two ways:
-
New space setup: After creating a new Mondoo account or creating a new space, the initial setup guide welcomes you. Select BROWSE INTEGRATIONS and then select GCP Cloud Storage Bucket.
-
INTEGRATIONS page: Navigate to INTEGRATIONS. Under Exports, select GCP Cloud Storage Bucket.
-
-
In the Choose an integration name box, enter a name for the integration. Make it a name that lets you easily recognize the GCP project and bucket.
-
Identify the Cloud Storage bucket to which to export data.
In the Bucket name box, enter the ID of the bucket you created in the previous section.
-
Under Export as, choose whether to export in JSONL or CSV format.
-
Under Provide your Google service account config, upload the GCP service account's JSON key that you downloaded in the previous section:
Drag the file and drop it in the Drag and drop your .json file here box.
OR
In the Drag and drop your .json file here box, select the cloud icon and choose the file to upload.
-
To complete the integration, select the CREATE EXPORT button.
Mondoo begins exporting information from your space. When this initial export completes, the integration status becomes ACTIVE. Mondoo performs an export approximately every 24 hours.
View your Cloud Storage integration
-
In the side navigation bar, under Integrations, select Cloud Storage.
-
In the list of Cloud Storage integrations, select the integration you want to view.
Statuses
The possible statuses for a Cloud Storage integration are:
- pending: The integration has been created but not yet run.
- active: The integration is active/healthy.
- error: Mondoo detected an error during export.
Export data to Cloud Storage at any time
Mondoo exports your data to the bucket approximately every 24 hours. You can also manually export data at any time. Use the SCHEDULE NOW button to request an export right away. Mondoo begins the export as soon as possible.
Remove an integration
To remove an integration, select the trash can icon. A confirmation prompt displays. Once you confirm the deletion, Mondoo removes the configured integration and stops triggering exports to the bucket.
Mondoo does not delete your GCP Cloud Storage bucket or existing exported data. You must delete the bucket manually.