>

Adding vulnerability and threat sources to Cloud Security Command Center

This page walks you through adding new vulnerability and threat sources, called security sources, to Cloud Security Command Center (Cloud SCC). In this context, a security source is a second or third-party security tool that provides security findings to Cloud SCC. If you use other security tools, you can add them to Cloud SCC and gain visibility into security tools findings in one, integrated place. This enables you to have a complete understanding of your organization's security risks, vulnerabilities, and threats.

After you add a new security source and configure security scans for the source, results are displayed in the Cloud SCC dashboard on the Finding Summary card and in the Findings Inventory pages. If you want a custom dashboard card for your findings source, contact the Cloud SCC team.

Before you begin

Before you can add a security source, the provider must complete registration as a GCP Marketplace partner. If the provider you want to use hasn't completed registration, refer them to the Onboarding as a Cloud SCC partner page for information about how to get started.

To add a security source for a registered GCP Marketplace partner, you need:

  • The following Cloud Identity and Access Management (Cloud IAM) roles:
    • Cloud SCC Security Center Admin - securitycenter.admin
    • Service Account Admin - roles/iam.serviceAccountAdmin
  • A Google Cloud Platform (GCP) project you want to use for the security source.

Adding a security source

To a new security source, you need a service account for that source. When you add the new security source, you can choose from the following service account options:

  • Create a service account
  • Use your own existing service account
  • Use a service account from the source provider

To add a new security source, follow the steps below:

  1. Go to the Security Command Center in the Google Cloud Platform Console.
    Go to the Security Command Center
  2. At the top of the dashboard, click Add Security Sources.
  3. The Marketplace page that appears displays security sources that are directly associated with Cloud SCC. If you don't see the security source you want to add, search for Security, and then select the security source provider.
    1. If the provider requires you to have an account registered with them, the page displays a link to the provider's website. If you don't already have an account registered, complete the provider's registration process.
    2. After you complete the registration process, repeat the preceding steps to return to the Cloud SCC Marketplace page and select the provider.
  4. On the security source provider's page that appears, click Visit [PROVIDER] Site to Sign Up.
  5. On the GCP Console Security Command Center page that appears, select the organization for which you want to use the security source.
  6. On the Create Service Account & Enable [PROVIDER] page that appears, accept the provider's service account, if available, or create or select your own service account that you want to use:
    • To create a service account:
      1. Select Create a new service account.
      2. Next to Project, click Change to select the project you want to use for this security source.
      3. Add a Service account name and Service account ID.
    • To use an existing service account:
      1. Select Use an existing service account, then select the service account you want to use from the Service account name drop-down list.
    • If the security source provider manages the service account, enter the Service account ID they provided.
  7. When you're finished adding service account information, click Submit or Accept.
  8. On the Source connect page that appears, click the link under Installation Steps for information about how to complete installation.
  9. When you're finished, click Done.

When configured correctly, the security source you added will be available in Cloud SCC and it will appear on the Security Command Center dashboard.

Changing provider service accounts

You can change the service account used for a third-party security source, for example to address service account leakage or rotation. To change the service account for a security source, you need to update it in the Cloud SCC dashboard, and follow the service provider's instructions to update the service account for their service.

  1. Go to the Security Command Center Security Sources page in the GCP Console.
    Go to the Security Sources page
  2. Under Enabled, click to temporarily disable the security source for which you want to change the service account.
  3. Next to the service account name, click Edit.
  4. On the Edit [PROVIDER] panel that appears, enter the new service account, then click Submit.
  5. Under Enabled, click to enable the security source.

When configured correctly, the service account for the security source is updated in Cloud SCC. You must also follow the source provider's instructions to update the service account information for their service.

What's next

Was this page helpful? Let us know how we did:

Send feedback about...

Cloud Security Command Center
Need help? Visit our support page.