General how-to guides
-
Authentication
How to authenticate to Security Command Center.
-
Access control with IAM
Identity and Access Management (IAM) permissions and roles for Security Command Center.
-
Audit logging
Cloud Audit Logs information for Security Command Center.
-
Migrate from legacy Security Command Center products
Migrate from legacy Security Command Center and Event Threat Detection products to Security Command Center's Standard tier or Premium tier.
Using Security Command Center
-
Configuring Security Command Center
Access Security Command Center settings to enable or disable security sources, manage which sources apply to which resources, and set up logging.
-
Using the Security Command Center dashboard
Access Security Command Center, and use some basic features to configure the display and review your Google Cloud resources.
-
Using security marks
Add security marks to assets or findings so you can search, select, or filter using the mark.
-
Exporting Security Command Center data
Use the Google Cloud console or Security Command Center API to export asset or finding data.
-
Setting up finding notifications for Pub/Sub
Use the Security Command Center API to set up notifications that send findings updates and new findings to a Pub/Sub topic.
-
Exporting findings to BigQuery for analysis
Configure Security Command Center to export findings to BigQuery so that you can analyze them over time.
-
Mute findings in Security Command Center
Use the Google Cloud console or Security Command Center API to hide or automatically suppress findings.
-
Installing Security Command Center tools
Learn about how Security Command Center tools add new functionality, and complete pre-install steps to prepare your project to use the tools.
Detecting security threats
-
Testing Container Threat Detection
Test the end-to-end Container Threat Detection experience by triggering each of the detectors.
-
Using Container Threat Detection
Learn how to view Container Threat Detection findings in the Security Command Center dashboard.
-
Testing Event Threat Detection
Test the end-to-end Event Threat Detection experience by triggering the IAM anomalous grant detector.
-
Using Event Threat Detection
Learn about the types of findings that Event Threat Detection produces and how to review them in the Security Command Center dashboard.
-
Using VM Threat Detection
Learn about the types of findings that VM Threat Detection produces and how to review them in the Security Command Center dashboard.
-
Anomaly Detection
Learn about how Anomaly Detection detects security anomalies for your projects and Virtual Machine (VM) instances.
-
Investigating and responding to threats
Investigate Event Threat Detection and Container Threat Detection findings and research attack methods to develop response plans.
Preventing security threats
-
Using Security Health Analytics
Learn how to use Security Health Analytics to manage vulnerability findings.
-
Remediating Security Health Analytics findings
Learn about suggested remediations for Security Health Analytics vulnerability findings.
-
Using Web Security Scanner
Review Web Security Scanner managed scan findings in the Security Command Center dashboard.
-
Setting up custom scans using Web Security Scanner
Create and manage custom scans, avoid undesirable results, and interpret scan results for App Engine, Compute Engine, and Google Kubernetes Engine apps.
-
Remediating Web Security Scanner findings
Learn about suggested remediation for Web Security Scanner findings.
-
Using Rapid Vulnerability Detection
How to detect, review, and remediate vulnerabilities by using Rapid Vulnerability Detection.
-
Sending Cloud DLP results to Security Command Center
Learn how Cloud DLP can output scan results to Security Command Center.
-
Sending Forseti Security results to Security Command Center
Learn how Forseti can output Forseti scan results to Security Command Center.
-
Using Secured Landing Zone
Learn how to use Secured Landing Zone to manage findings related to blueprint policy violations.
-
Remediating Secured Landing Zone findings
Learn about suggested remediations for Secured Landing Zone findings.
Using the Security Command Center API
-
Accessing Security Command Center programmatically
Access Security Command Center using the Security Command Center Python library.
-
Security Command Center API Migration Guide
Migrate from Security Command Center v1beta1 API to Security Command Center v1 API.
-
Configuring asset discovery
Use the Security Command Center API to turn asset discovery on or off for an organization.
-
Listing assets
Use the Security Command Center API to get metadata about an organization's assets.
-
Listing security findings
Use the Security Command Center API to get an organization's findings.
-
Creating and managing security findings
Use the Security Command Center API to create and update an organization's findings.
-
Adding and managing security marks
Use the Security Command Center API to add, update, and delete customizable annotations on assets or findings.
-
Creating and managing security sources
Use the Security Command Center API to create and manage security sources for an organization to generate findings.
-
Creating and managing Notification Configs
Use the Security Command Center API to create, get, update, delete, or list a
NotificationConfig, and receive Pub/Sub notifications. -
Filtering notifications
Use the Security Command Center API to create notifications filters and see examples of the Pub/Sub messages that's returned.
Setting up SIEM and SOAR integrations
-
Sending Security Command Center data to Cortex XSOAR
Connect Security Command Center to Cortex XSOAR.
-
Sending assets and findings to Elastic Stack
Connect Security Command Center to Elastic Stack.
-
Exporting assets and findings with Docker and Elastic Stack
Connect Security Command Center to Docker and Elastic Stack.
-
Connecting Security Command Center to IBM QRadar
Connect Security Command Center to IBM QRadar.