Security Command Center CIEM 大部分的功能預設適用於 Google Cloud 環境,不需要額外設定。只要訂閱 Security Command Center,系統就會自動產生發現項目,這是 Security Command Center CIEM 功能的一部分。 Google Cloud
[[["容易理解","easyToUnderstand","thumb-up"],["確實解決了我的問題","solvedMyProblem","thumb-up"],["其他","otherUp","thumb-up"]],[["難以理解","hardToUnderstand","thumb-down"],["資訊或程式碼範例有誤","incorrectInformationOrSampleCode","thumb-down"],["缺少我需要的資訊/範例","missingTheInformationSamplesINeed","thumb-down"],["翻譯問題","translationIssue","thumb-down"],["其他","otherDown","thumb-down"]],["上次更新時間:2025-08-21 (世界標準時間)。"],[],[],null,["# Enable the CIEM detection service for other clouds\n\n| Enterprise [service tier](/security-command-center/docs/service-tiers) (not available if [data residency controls](docs/data-residency-support) are enabled)\n\nThis page describes how to set up the Security Command Center Cloud Infrastructure Entitlement Management (CIEM)\ndetection service to detect identity issues in your deployments on other cloud\nplatforms, like Amazon Web Services (AWS) and Microsoft Azure ([Preview](/products#product-launch-stages)).\n\nThe CIEM detection service generates findings that alert you to\npotential identity and access security issues in your AWS and Microsoft\nAzure environments, such as highly privileged identities (accounts).\n\nBefore you begin\n----------------\n\nBefore you enable the CIEM detection service, complete\nthe following tasks:\n\n- Purchase and activate the Enterprise tier of Security Command Center for your organization. For instructions, see [Activate the Security Command Center Enterprise tier](/security-command-center/docs/activate-enterprise-tier).\n- Learn about [Security Command Center's CIEM capabilities](/security-command-center/docs/ciem-overview).\n\nSet up permissions\n------------------\n\n\nTo get the permissions that\nyou need to enable CIEM,\n\nask your administrator to grant you the\nfollowing IAM roles on your Google Cloud organization:\n\n- Chronicle API Admin (roles/chronicle.admin)\n- Chronicle SOAR Admin (roles/chronicle.soarAdmin)\n- Chronicle Service Admin (roles/chroniclesm.admin)\n- Cloud Asset Owner (roles/cloudasset.owner)\n- Create Service Accounts (roles/iam.serviceAccountCreator)\n- Folder IAM Admin (roles/resourcemanager.folderIamAdmin)\n- IAM Recommender Admin (roles/recommender.iamAdmin)\n- Organization Administrator (roles/resourcemanager.organizationAdmin)\n- Organization Role Administrator (roles/iam.roleAdmin)\n- Project Creator (roles/resourcemanager.projectCreator)\n- Project IAM Admin (roles/resourcemanager.projectIamAdmin)\n- Security Admin (roles/iam.securityAdmin)\n- Security Center Admin (roles/securitycenter.admin)\n\n\nFor more information about granting roles, see [Manage access to projects, folders, and organizations](/iam/docs/granting-changing-revoking-access).\n\n\nYou might also be able to get\nthe required permissions through [custom\nroles](/iam/docs/creating-custom-roles) or other [predefined\nroles](/iam/docs/roles-overview#predefined).\n\nConfigure supporting components for CIEM\n----------------------------------------\n\nTo enable the CIEM detection service to produce findings for\nyour cloud providers, you must configure certain supporting components in\nSecurity Command Center.\n\n### Use CIEM with AWS\n\nTo enable the CIEM detection service\nfor AWS, do the following:\n\n- **Set up Amazon Web Services (AWS) integration** : Connect your AWS environment to Security Command Center. For instructions, see [Connect to AWS](/security-command-center/docs/connect-scc-to-aws).\n- **Configure integrations** : Set up optional Security Command Center integrations such as connecting to your ticketing systems:\n - To connect your ticketing system, [integrate Security Command Center Enterprise with ticketing systems](/security-command-center/docs/integrate-ticketing-systems).\n - To synchronize case data, [enable synchronization for cases](/security-command-center/docs/synchronize-case-data#enable-case-sync).\n- **Configure log ingestion** : To configure log ingestion appropriately for CIEM, [Configure AWS log ingestion for\n CIEM](/security-command-center/docs/connect-secops-aws#ciem-log-ingestion).\n\n### Use CIEM with Microsoft Azure\n\nTo enable the CIEM detection service for Microsoft Azure, do the\nfollowing:\n\n- **Set up Microsoft Azure integration** : Connect your Microsoft Azure environment to Security Command Center. For instructions, see [Connect to Microsoft Azure](/security-command-center/docs/connect-scc-to-azure).\n- **Configure integrations** : Set up optional Security Command Center integrations such as connecting to your ticketing systems:\n - To connect your ticketing system, [Integrate Security Command Center Enterprise with ticketing systems](/security-command-center/docs/integrate-ticketing-systems).\n - To synchronize case data, [enable synchronization for cases](/security-command-center/docs/synchronize-case-data#enable-case-sync).\n- **Configure log ingestion** : To configure log ingestion appropriately for CIEM, [Configure Microsoft Azure log ingestion for\n CIEM](/security-command-center/docs/connect-secops-azure#ciem-log-ingestion-azure).\n\n### Use CIEM with Google Cloud\n\nMost of the Security Command Center CIEM capabilities work by default\nfor your Google Cloud environment and don't require any additional\nconfiguration. As part of Security Command Center's CIEM capabilities,\nfindings are produced automatically for Google Cloud as long as you\nsubscribe to Security Command Center.\n\nWhat's next\n-----------\n\n- Learn how to [investigate identity and access findings](/security-command-center/docs/ciem-identity-access-findings).\n- Learn how to [review cases for identity and access issues](/security-command-center/docs/ciem-identity-access-cases).\n- Learn more about [Security Command Center roles](/security-command-center/docs/access-control)."]]
