>

Adding vulnerability and threat sources to Cloud Security Command Center

This page walks you through adding new vulnerability and threat sources, called security sources, to Cloud Security Command Center (Cloud SCC). In this context, a security source is a second or third-party security tool that provides security findings to Cloud SCC.

You can add Google Cloud Platform (GCP) native security sources to Cloud SCC along with other, third-party security tools. This enables you to have a complete view of your organization's security risks, vulnerabilities, and threats.

To add a new security source, you complete its integration guide, and then enable it as a security source in the Cloud SCC dashboard.

Adding a GCP native security source

Google Cloud Platform (GCP) offers the following native security sources that integrate with Cloud SCC:

Anomaly Detection findings are automatically available in Cloud SCC. Findings from other native security sources are available after you complete their integration guides, linked in the preceding list. To view findings from security sources, you need to enable each security source in the Cloud SCC dashboard.

To enable a security source, follow the steps below:

  1. Go to the Security Command Center Security Sources page in the GCP Console.
    Go to the Security Sources page
  2. Select the organization for which you want to add a security source.
  3. Under Enabled, click to enable a security source.

Findings for the security sources you select are displayed on the Findings page in the Cloud SCC dashboard.

Adding a third-party security source

Cloud SCC can display findings from third-party security sources that have registered as a GCP Marketplace partner. Third-party security partners that are already registered include the following:

  • Acalvio
  • Capsule8
  • Cavirin
  • Chef
  • Check Point CloudGuard Dome9
  • Cloudflare
  • CloudQuest
  • McAfee
  • Qualys
  • Reblaze
  • Redlock by Palo Alto Networks
  • StackRox
  • Tenable.io
  • Twistlock

If you want to integrate a security source that isn't already registered as a GCP Marketplace partner, ask your provider to complete the guide to Onboard as a Cloud SCC partner.

To add a new third-party security source to Cloud SCC, you set up the security source, and then enable it in the Cloud SCC dashboard.

Before you begin

To add a security source for a registered GCP Marketplace partner, you need:

  • The following Cloud Identity and Access Management (Cloud IAM) roles:
    • Security Center Admin - roles/securitycenter.admin
    • Service Account Admin - roles/iam.serviceAccountAdmin
  • A Google Cloud Platform (GCP) project that you want to use for the security source.

Step 1: Setting up a security source

To set up a third-party security source, you need a service account for that source. When you add the new security source, you can choose from the following service account options:

  • Create a service account.
  • Use your own existing service account.
  • Use a service account from the source provider.

To set up a new security source that's already registered as a GCP Marketplace partner, follow the steps below:

  1. Go to the Security Command Center Services Marketplace page in the GCP Console.
    Go to the Marketplace page
  2. The Marketplace page displays security sources that are directly associated with Cloud SCC.
    • If you don't see the security source that you want to add, search for Security, and then select the security source provider.
    • If the security source provider isn't registered in the GCP Marketplace, ask your provider to complete the guide to Onboard as a Cloud SCC partner.
  3. On the security source provider page in the GCP Marketplace, follow any provider setup instructions in the Overview.
  4. After you complete the provider's setup process, click Visit [provider name] site to sign up on the provider's Marketplace page.
  5. On the GCP Console Security Command Center page that appears, select the organization for which you want to use the security source.
  6. On the Create Service Account & Enable [provider name] Security Events page that appears, accept the provider's service account, if available, or create or select your own service account that you want to use:
    • To create a service account:
      1. Select Create a new service account.
      2. Next to Project, click Change to select the project you want to use for this security source.
      3. Add a Service account name and Service account ID.
    • To use an existing service account:
      1. Select Use an existing service account, then select the service account you want to use from the Service account name drop-down list.
    • If the security source provider manages the service account, enter the Service account ID they provided.
  7. When you're finished adding service account information, click Submit or Accept.
  8. On the Source connect page that appears, click the link under Installation Steps for information about how to complete installation.
  9. When you're finished, click Done.

When configured correctly, the security source you added is available in Cloud SCC.

Step 2: Enabling the security source

After you set up a new security source, you need to enable it in the Cloud SCC dashboard.

To enable a security source, follow the steps below:

  1. Go to the Security Command Center Security Sources page in the GCP Console.
    Go to the Security Sources page
  2. Select the organization for which you want to add a security source.
  3. Under Enabled, click to enable a security source.

Findings for the security sources you select are displayed on the Findings page in the Cloud SCC dashboard.

Changing provider service accounts

You can change the service account used for a third-party security source, for example to address service account leakage or rotation. To change the service account for a security source, you need to update it in the Cloud SCC dashboard, and then follow the service provider's instructions to update the service account for their service.

  1. Go to the Security Command Center Security Sources page in the GCP Console.
    Go to the Security Sources page
  2. Under Enabled, click to temporarily disable the security source for which you want to change the service account.
  3. Next to the service account name, click Edit.
  4. On the Edit [provider name] panel that appears, enter the new service account, then click Submit.
  5. Under Enabled, click to enable the security source.

When configured correctly, the service account for the security source is updated in Cloud SCC. You must also follow the source provider's instructions to update the service account information for their service.

What's next

Was this page helpful? Let us know how we did:

Send feedback about...

Cloud Security Command Center
Need help? Visit our support page.