Onboarding as a Security Command Center partner

Complete Security Command Center partner onboarding by creating a Google Cloud Marketplace solution and completing pre-setup steps. The guide covers the following use cases:

  • Onboarding using a customer's service account: your customer owns the service account and you write data for your customer.
  • Onboarding for self-service customers: your customer owns the service account and writes their own data using an app you provide.

Before you begin

Before you create a Cloud Marketplace solution, you need to sign up for the technology partner program:

  • If you aren't already signed up as a partner, sign up to list your products on Cloud Marketplace, and complete the corresponding business and service agreements.
  • If you're already signed up as a partner, email cloud-partner-onboarding@google.com to get started with a Security Command Center listing. Your project is added to the access control list that lets you create a Managed Listing - Billed by Partner (also known as Standalone SaaS).

Onboarding using a customer's service account

This section describes how to complete onboarding in the following scenario:

  • You want to write Security Command Center data on behalf of your customer;
  • You're using a service account key from the customer.

To set up the Cloud Marketplace solution using the customer's service account, follow the steps below:

  1. Go to the Cloud Console Partner Portal Solutions page.
    Go to the Solutions page
  2. To create a new solution, click Add Solution.
  3. In the New solution window that appears, complete the following:
    1. Add a Solution name and make note of the Solution ID. The solution name cannot be more than 32 characters.
    2. Under Solution type, select Managed service, then click Create.
  4. To view the solution details, click the Solution ID on the Solutions page.
  5. Next to Solution Metadata, click Edit.
  6. In the Edit solution metadata panel that appears, add the solution metadata.
    1. Under Search metadata, enter "Security Command Center".
    2. If you want to test your solution before customers can access it, select the Hide solution from end users checkbox under Solution visibility. After you test your solution, you can clear the checkbox.
    3. Click Save.
  7. Next to Solution details, click Edit.
  8. In the Edit solution details panel that appears, add signup instructions for your customer:

    1. Under Signup URL, enter the signup URL in the following format:

      https://console.cloud.google.com/security/command-center/source-registration;partnerId=[PARTNER_ID];solutionId=[SOLUTION_ID]
      

      Where the variables correspond to the following:

      • [PARTNER_ID] is the ID assigned to you when you enrolled as a Cloud Marketplace partner.
      • [SOLUTION_ID] is the ID assigned to the solution you created in the previous steps.
    2. In the Solution description box, add details about tasks that your customer should complete after they register. This section supports hyperlinks to external websites. You should include the following information:

      • How to generate a service account key for the service account by using the guide to creating and managing service account keys.
      • How to sign in to your website and provide you with the sourceId and service account key.
    3. On the Category ID drop-down list, select Security Command Center Services

    4. Click Save.

  9. After you've finished setting up your solution, contact cloud-partners@google.com to approve the solution.

  10. Use the Security Command Center API to write data to Security Command Center.

After your customer uses the signup URL to provide their sourceId and service account key, you can use them to write Security Command Center data. When your customer adds your security tool as a new security source, your security findings will be displayed on the Security Command Center dashboard.

Onboarding for self-service customers

This solution describes how to complete onboarding in the following scenario:

  • You do not want to write Security Command Center data on behalf of a customer;
  • You want your customer to write Security Command Center data on their own, using an app you provide;
  • Your customer will use their own service account.

To set up the Cloud Marketplace solution for a self-service customer, follow the steps below:

  1. Go to the Cloud Console Solutions page.
    Go to the Solutions page
  2. To create a new solution, click Add Solution.
  3. In the New solution window that appears, complete the following:
    1. Add a Solution name and make note of the Solution ID. The solution name cannot be more than 32 characters.
    2. Under Solution type, select Managed service, then click Create.
  4. To view the solution details, click the Solution ID on the Solutions page .
  5. Next to Solution Metadata, click Edit.
  6. In the Edit solution metadata panel, add the solution metadata.

    1. Under Search metadata, enter "Security Command Center".
    2. If you want to test your solution before customers can access it, select the Hide solution from end users checkbox under Solution visibility. After you test your solution, you can clear the checkbox.
    3. Click Save.
  7. Next to Solution details, click Edit.

  8. In the Edit solution details panel that appears, add signup instructions for your customer:

    1. Under Signup URL, enter the signup URL in the following format:

      https://console.cloud.google.com/security/command-center/source-registration;partnerId=[PARTNER_ID];solutionId=[SOLUTION_ID]
      

      Where the variables correspond to the following:

      • [PARTNER_ID] is the ID assigned to you when you enrolled as a Cloud Marketplace partner.
      • [SOLUTION_ID] is the ID assigned to the solution you created in the previous steps.
    2. In the Solution description box, add details about tasks that your customer should complete after they register. This section supports hyperlinks to external websites. You should include the following information:

      • Where to download your app to write Security Command Center data.
      • How to set up, sign in and authenticate, and run your app.
      • Where to paste the sourceId.
      • How to use the Security Command Center service account credentials in your app. For example, you might have the customer start a VM as the service account and run the app inside the VM.
    3. On the Category ID drop-down list, select Security Command Center Services

    4. Click Save.

  9. After you've finished setting up your solution, contact cloud-partners@google.com to approve the solution.

  10. Use the Security Command Center API to enable your customers to write data to Security Command Center using your app.

After your customer sets up the app, they'll be able to use your app to write their Security Command Center data.

What's next