Quickstart: Setting up Cloud SCC

This page walks you through setting up Cloud Security Command Center (Cloud SCC) for your organization for the first time. If Cloud SCC is already set up for your organization, go to the Quickstart: Using the dashboard.

Before you begin

To set up Cloud SCC for your organization for the first time, you must have the following Cloud Identity and Access Management (Cloud IAM) roles that include appropriate permissions:

  • Organization Administrator role - roles/resourcemanager.organizationAdmin. Learn more about managing organizations.

  • Security Center Admin role - roles/securitycenter.admin. You must add this role for yourself even if you're the organization owner.

If your organization policies are set to restrict identities by domain:

  • You must be signed in to the GCP Console on an account that's in an allowed domain;
  • Your service accounts must be in an allowed domain, or members of a group within your domain. This enables you to allow @*.gserveraccount.com services access to resources when domain restricted sharing is enabled.

Learn more about Cloud SCC roles.

To add these roles:

  1. Go to the IAM & Admin page in the GCP Console.
    Go to the IAM & Admin page
  2. Click the Project selector drop-down list at the top of the page.
  3. On the Select from dialog that appears, select the organization for which you want to enable Cloud SCC.
  4. On the IAM page, next to your username, click Edit.
  5. On the Edit permissions panel that appears, add the necessary roles:
    1. Click Add another role. Select Resource Manager > Organization Administrator. If you don't have permissions to add the role, ask your organization super admin to grant you the role.
    2. Click Add another role. Select Security Command Center > Security Center Admin.
    3. When you're finished adding roles, click Save.

Learn more about Cloud SCC roles.

Setting up Cloud SCC for your organization

To set up Cloud SCC for your organization, you'll enable the Cloud SCC dashboard, and then enable security sources to surface findings in the Cloud SCC dashboard.

Step 1: Enable the Cloud SCC dashboard

  1. Go to the Security Command Center page in the GCP Console.
    Go to the Security Command Center page
  2. On the Organization drop-down list, select the organization for which you want to enable Cloud SCC, and then click Select.
  3. On the Enable asset discovery page that appears, select All current and future projects, and then click Enable. A message should display that Cloud SCC is beginning asset discovery.

    • A message might display that you must have the Security Center Admin and Organization Admin roles. If you already have these roles, check if your organization policies are set to restrict identities by domain, and verify that you're signed in to an account that's in an allowed domain.
    • If you're using an @*.gserveraccount.com service account, add the service account as an identity in a group within an allowed domain.

After asset discovery is complete, Cloud SCC will display your supported GCP assets. This might take a few minutes, and you might need to refresh the page to display the assets.

Step 2: Enable security sources

To view findings in the Cloud SCC dashboard, you need to enable the security scanners you're using as security sources. Cloud Anomaly Detection findings are automatically available, and Cloud Security Scanner findings will be available if you've completed the Cloud Security Scanner quickstart.

To enable a security source, follow the steps below:

  1. Go to the Security Command Center page in the GCP Console.
    Go to the Security Command Center page
  2. Click Settings, and then select the Security Sources tab.
  3. Under Enabled, click to enable a security source.

Findings for the security sources you select will display in the Findings cards on the Cloud SCC dashboard.

What's next

Czy ta strona była pomocna? Podziel się z nami swoją opinią:

Wyślij opinię na temat...

Cloud Security Command Center
Potrzebujesz pomocy? Odwiedź naszą stronę wsparcia.