Skip to main content

Overview

WALT Carbon’s security scanning feature provides comprehensive vulnerability assessment and compliance monitoring for your Google Cloud Platform resources. This guide walks you through the essential configuration steps.
This is a required setup - security scanning must be configured before your platform is considered production-ready.

Prerequisites

Before configuring security scans, ensure:
  • You have Admin or Security Manager role in WALT Carbon
  • Your GCP organization has Security Command Center API enabled
  • WALT Carbon service account has Security Reviewer permissions

Step 1: Enable Security APIs

First, verify that required APIs are enabled in your GCP project: 
# Check if Security Command Center API is enabled
gcloud services list --enabled --filter="name:securitycenter.googleapis.com"

# Enable if not already enabled
gcloud services enable securitycenter.googleapis.com
gcloud services enable cloudasset.googleapis.com
WALT Carbon can automatically enable these APIs if you grant the necessary permissions during setup.

Step 2: Configure Service Account Permissions

Grant WALT Carbon’s service account the necessary permissions:
  1. Go to IAM & Admin > IAM in Google Cloud Console
  2. Find the WALT Carbon service account
  3. Add these roles:
    • Security Center Admin
    • Cloud Asset Viewer
    • Compute Security Admin

Step 3: Access Security Configuration

In your WALT Carbon platform:
  1. Navigate to Security > Configuration
  2. Click Set Up Security Scanning
  3. Select your GCP organization/project

Step 4: Configure Scan Settings

Basic Scan Configuration

1

Resource Scope

Select which GCP resources to scan:
  • ✅ Compute Engine instances
  • ✅ Cloud Storage buckets
  • ✅ Cloud SQL databases
  • ✅ IAM policies and permissions
  • ✅ Network security groups
2

Scan Frequency

Set your scanning schedule:
  • Daily: Recommended for production environments
  • Weekly: Suitable for development environments
  • On-demand: Manual scans only
3

Severity Levels

Configure which findings to report:
  • Critical: Always report
  • High: Always report
  • Medium: Report (recommended)
  • Low: Optional

Advanced Configuration

Resource Filters
  • Exclude test/development projects
  • Focus on production environments
  • Filter by resource labels or tags
Vulnerability Filters
  • Exclude known false positives
  • Custom severity scoring
  • Compliance framework alignment
Immediate Alerts
  • Critical vulnerabilities (Slack/Email)
  • New security findings (Email)
  • Compliance violations (Email)
Scheduled Reports
  • Weekly security summary
  • Monthly compliance report
  • Quarterly risk assessment
Security Team
  • All critical and high findings
  • Compliance status changes
  • Scan completion notifications
Development Teams
  • Findings specific to their projects
  • Remediation recommendations
  • Fix verification notifications

Step 5: Run Initial Scan

After configuration:
  1. Click Run Initial Scan
  2. Monitor scan progress in the Security Dashboard
  3. Initial scan may take 30-60 minutes depending on resource count
The first scan will establish your security baseline. Subsequent scans will focus on changes and new findings.

Step 6: Review and Prioritize Findings

Understanding Scan Results

Immediate Action Required
  • Publicly accessible resources with sensitive data
  • Unencrypted databases or storage
  • Overprivileged service accounts
  • Known vulnerabilities with active exploits

Remediation Workflow

  1. Triage: Review findings with your security team
  2. Prioritize: Use WALT Carbon’s risk scoring
  3. Assign: Delegate fixes to appropriate teams
  4. Track: Monitor remediation progress
  5. Verify: Confirm fixes with follow-up scans

Compliance Frameworks

WALT Carbon supports multiple compliance standards:

CIS Benchmarks

Center for Internet Security best practices

NIST Framework

National Institute of Standards and Technology

ISO 27001

International security management standard

SOC 2

Service Organization Control requirements

Monitoring and Maintenance

Regular Activities

1

Weekly Review

  • Review new findings
  • Check remediation progress
  • Update risk priorities
2

Monthly Assessment

  • Analyze security trends
  • Update scan configurations
  • Review compliance status
3

Quarterly Planning

  • Security posture evaluation
  • Policy updates
  • Training needs assessment

Performance Optimization

To optimize scan performance:
  • Schedule scans during low-usage periods
  • Exclude unnecessary resources from scans
  • Use incremental scanning for large environments
  • Batch remediation activities to reduce scan noise

Troubleshooting

Common Issues

Symptoms: Scans not completing or returning errorsSolutions:
  • Verify API permissions are correctly configured
  • Check service account has not been modified
  • Ensure APIs are enabled in target projects
  • Review resource quotas and limits
Symptoms: Expected resources not appearing in scansSolutions:
  • Verify resource scope configuration
  • Check IAM permissions for target resources
  • Confirm resources are in supported regions
  • Review resource labels and filters
Symptoms: Security findings not generating alertsSolutions:
  • Check notification settings and recipients
  • Verify email addresses and Slack channels
  • Review alert severity thresholds
  • Test notification channels manually

Best Practices

Security Scanning Best Practices
  1. Start Small: Begin with critical production resources
  2. Iterate: Gradually expand scope and refine settings
  3. Integrate: Embed security scanning into CI/CD pipelines
  4. Educate: Train teams on interpreting and acting on findings
  5. Measure: Track metrics like time-to-remediation and risk reduction

Next Steps

After completing security scan configuration:
  1. Set up BigQuery Analytics for advanced security reporting
  2. Configure 2FA for additional account security
  3. Explore Cost Management features for comprehensive platform utilization

Support

Need help with security scanning?
  • 📧 Security support: security@waltlabs.io
  • 📚 Knowledge base: Access in-platform help center
  • 🔧 Schedule consultation: Available through your account manager
Keep your security scan configuration up-to-date as your GCP environment evolves. Review and adjust settings quarterly or after major infrastructure changes.