Link Google SecOps to Google Cloud services

Google SecOps depends on Google Cloud services for certain capabilities, such as authentication. This document describes how to configure a Google SecOps instance to bind to these Google Cloud services. It provides information for users who are configuring a new Google SecOps instance and those who are migrating an existing Google SecOps instance.

Before you begin

Before you configure a Google SecOps instance with Google Cloud services, you must do the following:

• Create a Google Cloud project and enable the Google Security Operations API. See Configure a Google Cloud project for Google SecOps for more information.

• Configure an SSO provider for the Google SecOps instance. See Configure a third-party identity provider for Google Security Operations.

• Make sure you have the permissions to perform the steps in this document. For information about required permissions for each phase of the onboarding process, see Required roles.

Complete one of the following sections depending on whether you are a new or an existing customer.

If you want to bind a Google Security Operations instance created for a managed security service provider (MSSPs), contact your Google SecOps Customer Engineer for help. The configuration requires assistance from a Google Security Operations representative.

Migrate an existing Google SecOps instance

The following procedure describes how to connect an existing Google SecOps instance with a Google Cloud project and configure SSO using IAM workforce identity federation services.

1. Sign in to Google SecOps.

2. In the navigation bar, select Settings > SIEM Settings.

3. Click Google Cloud Platform.

4. Enter the Google Cloud project ID to link the project to the Google SecOps instance.

5. Click Generate Link.

6. Click Connect to Google Cloud Platform. The Google Cloud console opens. If you entered an incorrect Google Cloud project ID in the Google SecOps application, return to the Google Cloud Platform page in Google SecOps and enter the correct project ID.

7. From Google Cloud console, go to Security > Google SecOps.

8. Verify the service account that was created for the Google Cloud project.

9. Select the workforce provider you want to use for the Google SecOps instance. You set this up when configuring workforce identity federation.

10. Right-click the Test SSO setup link, and then open it in a private or incognito window.

    • If you see a login screen, then SSO setup is successful.
    • If you don't see a login screen, check the configuration of the third-party identity provider. See Configure a third-party identity provider for Google SecOps.

After you complete these steps to bind the Google Cloud project to Google SecOps, you can examine the Google Cloud project data in Google SecOps, letting you to closely monitor your project for any type of security compromise.

Configure a new Google SecOps instance

The following procedure describes how to set up a new Google SecOps instance for the first time, after configuring the Google Cloud project and IAM workforce identity federation services to link to Google SecOps.

If you are a new Google SecOps customer, complete the following steps:

1. Create a Google Cloud project and enable the Google SecOps API. See Configure a Google Cloud project for Google SecOps for more information.

2. Provide your Google SecOps Customer Engineer with the project ID you plan to bind to the Google SecOps instance. After Google SecOps Customer Engineer initiates the process, you receive a confirmation email.

3. Open the Google Cloud console, and then select the Google Cloud project that you provided in the previous step.

4. Go to Security > Google SecOps.

5. If you have not enabled the Google SecOps API, you will see a Getting Started button. Click the Getting Started button and then complete the guided steps to enable the Google SecOps API.

6. In the Company Information section, enter your company information, and then click Next.

7. Review the service account information, and then click Next. Google SecOps creates a service account in the project and sets the required roles and permissions.

8. Select the workforce provider, and then click Next. You created the workforce provider when you configured workforce identity federation.

9. Expand the Terms of Service. If you agree to the terms, click Start setup.

   It may take up to 15 minutes for the Google Security Operations instance to be provisioned. You will receive a notification after the instance is successfully provisioned. If the setup fails, contact your Google Cloud customer representative.

Change single sign on (SSO) configuration

Complete the following steps to change the SSO configuration for Google SecOps:

1. Open the Google Cloud console, and then select the Google Cloud project that is bound to Google SecOps.

2. Go to Security > Google SecOps.

3. On the Overview page, click the Single Sign-On tab. This page displays the identity providers you configured when Configuring a third-party identity provider for Google SecOps.

4. Use the Single Sign-On menu to change SSO providers.

5. Right-click the Test SSO setup link, and then open a private or incognito window.

   • If you see a login screen, then SSO setup is successful. Continue with the next step.
   • If you don't see a login screen, check the configuration of the third-party identity provider. See Configure a third-party identity provider for Google SecOps.

6. Return to Google Cloud console, click the Security > Google SecOps > Overview page, and then click the Single Sign-On tab.

7. Click Save at the bottom of the page to update the new provider.

8. Check that you can sign in to Google SecOps.