This guide describes how to enable Security Health Analytics to write security findings from Google Cloud Platform (GCP) native scanners to Cloud Security Command Center (Cloud SCC). Findings from Security Health Analytics scanners are searchable in the Cloud SCC dashboard and using the Cloud SCC API. When Security Health Analytics is enabled, scans automatically run twice each day, 12 hours apart.
Before you begin
- To enable Security Health Analytics, you must have the Security Center Admin Cloud Identity and Access Management (Cloud IAM) role.
- To access the Cloud SCC dashboard, you must have the Security Center Admin Viewer Cloud IAM role.
- To make changes to Cloud SCC, like adding marks, you must have an appropriate editor role, like Security Center Admin Editor.
Learn more about Cloud SCC roles.
Enabling Security Health Analytics
To view Security Health Analytics findings in Cloud SCC, you enable it as a security source. This step requires the Security Center Admin Cloud IAM role.
- Go to the Security Command Center Security Sources page in
the GCP Console.
Go to the Security Sources page
- Under Enabled, click to enable Security Health Analytics.
After you enable Security Health Analytics, you can view vulnerabilities in Cloud SCC. Security Health Analytics scans automatically run twice a day, 12 hours apart.
Special-case detector: Customer Supplied Encryption Keys
The DISK_CSEK_ENABLED scanner doesn't apply to all users. To use this scanner, you must mark the assets for which you want to use self-managed encryption keys.
To enable the DISK_CSEK_ENABLED scanner for specific assets, apply the security mark 'enforce_customer_supplied_disk_encryption_keys' to the asset with a value of 'true'.