>

Adding vulnerability and threat sources to Cloud Security Command Center

This page walks you through adding new vulnerability and threat sources, called security sources, to Cloud Security Command Center (Cloud SCC). In this context, a security source is a second or third-party security tool that provides security findings to Cloud SCC. If you're using other security tools, you can add them to Cloud SCC so you can have visibility into security tools findings in one, integrated place, so you can have a complete, holistic understanding of your organization's security risks, vulnerabilities, and threats.

After you complete this and configure security scans for your findings source, the results will display in the Finding Summary card on the Cloud SCC dashboard and in the Findings Inventory pages. If you want a custom dashboard card for your findings source, please contact the Cloud SCC team.

Before you begin

Before you can add a security source, the provider must complete registration as a Google Cloud Platform Marketplace partner. If the provider you want to use hasn't completed registration, you can refer them to the Onboarding as a Cloud SCC partner page for information about how to get started. To add a security source, you will need:

  • The following Cloud Identity and Access Management (Cloud IAM) roles:
    • Cloud SCC Security Center Admin - securitycenter.admin
    • Service Account Admin - roles/iam.serviceAccountAdmin
  • A Google Cloud Platform (GCP) project you want to use for the security source.

Adding a security source

Adding a new security source requires a service account for that source. When you add the new security source, you'll have the option to create a new service account, use your own existing service account, or use a service account from the source provider.

To add a new security source, follow the steps below:

  1. Go to the Google Cloud Platform Console Security Command Center.
    Go to the Security Command Center
  2. At the top of the dashboard, click Add Security Sources.
  3. The Marketplace page that appears displays security sources that are directly associated with Cloud SCC. If you don't see the security source you want to add, search for Security, then select the security source provider.
    1. If the provider requires you to have an account registered with them, you will see a link to the provider's website. If you don't already have an account registered, complete the provider's registration process.
      1. After you complete the registration process, repeat the preceding steps to return to the Cloud SCC Marketplace page and select the provider.
  4. On the security source provider's page that appears, click Visit [PROVIDER] Site to Sign Up.
  5. On the GCP Console Security Command Center page that appears, select the organization for which you want to use the security source.
  6. On the Create Service Account & Enable [PROVIDER] page that appears, accept the provider's service account, if available, or create or select your own service account that you want to use:
    • To create a service account:
      1. Select Create a new service account.
      2. Next to Project, click Change to select the project you want to use for this security source.
      3. Add a Service account name and Service account ID.
    • To use an existing service account:
      1. Select Use an existing service account, then select the service account you want to use from the Service account name drop-down list.
    • If the security source provider manages the service account, enter the Service account ID they provided.
  7. When you're finished adding service account information, click Submit or Accept.
  8. On the Source connect page that appears, click the link under Installation Steps for information about how to complete installation.
  9. When you're finished, click Done.

When configured correctly, the security source you added will be available in Cloud SCC and it will appear on the Security Command Center dashboard.

Changing provider service accounts

You can change the service account used for a third-party security source if needed, such as in the case of service account leakage or rotation. To change the service account for a security source, you need to update it in the Cloud SCC dashboard, and you'll need to follow the service provider's instructions to update the service account for their service.

  1. Go to the Google Cloud Platform Console Security Command Center Settings > Security Sources page.
    Go to the Security Sources page
  2. Next to the security source for which you want to change the service account, click the Enabled toggle to disable the security source, then click Edit.
  3. On the Edit [PROVIDER] panel that appears, enter the new service account, then click Submit.
  4. Next to the security source, click the Enabled toggle to enable the security source.

When configured correctly, the service account will be updated in Cloud SCC for the security source. Make sure that you also follow the source provider's instructions to update the service account information for their service.

What's next

Was this page helpful? Let us know how we did:

Send feedback about...

Cloud Security Command Center
Need help? Visit our support page.