GCP workload discovery

Table of Contents


Twigs supports cloud-native discovery for Google Cloud Platform (GCP) i.e. using OS inventory management.


VM Manager needs to be enabled for the relevant GCP projects. VM Manager is a suite of tools provided by GCP that can be used to manage operating systems for large virtual machine (VM) fleets running Windows and Linux on Compute Engine. One of the features of the VM Manager is OS Inventory Management which enables GCP to keep an inventory of all VM instances and their associated metadata which can be used by ThreatWorx for vulnerability assessment.

The easiest way to enable VM Manager for your project is to follow the instructions for any running VM on your GCP project.

Enable VM Manager automatically for your project or VM

Google Cloud SDK is required. Please install it on the system that will run twigs, by following instructions mentioned here for your Operating System. The SDK provides tools (like the ‘gcloud’ CLI) which are used by twigs for discovering VM instances.


Once VM Manager is enabled for your compute instances in GCP, you can run twigs to ingest this collected inventory into your ThreatWorx instance by following the below mentioned steps:

  • Open a new shell / terminal
  • Check that twigs is installed and running properly by running below command:

twigs gcp -h

  • Sign in into your Google Cloud Platform instance using gcloud CLI as described here on the box where you will be running twigs.
  • You can run the command mentioned below:

twigs gcp [–enable_tracking_tags]

  • It is suggested that you enable_tracking_tags, which allows you to easily identify projects associated with discovered compute instances.
  • Note GCP cloud discovery may require some time depending on the number of compute instances in your GCP cloud setup.
  • After discovery is complete, you can login into ThreatWorx Console to view the newly discovered assets.