Security Command Center Enterprise consoles

The Security Command Center Enterprise tier includes two consoles: the Google Cloud console and the Security Operations console.

You can log in to both consoles using the same username and credentials.

Google Cloud console

The Google Cloud console lets you perform tasks such as the following:

  • Activate Security Command Center.
  • Set up Identity and Access Management (IAM) permissions for all Security Command Center users.
  • Configure AWS connectivity for vulnerability management.
  • Work with and export findings.
  • Manage security postures.
  • Assess risks with attack exposure scores.
  • Identify high-sensitivity data with Sensitive Data Protection.
  • Detect and remediate individual findings directly.
  • Configure Security Health Analytics, Web Security Scanner, and other Google Cloud integrated services.
  • Assess and report on your compliance with common security standards or benchmarks.
  • View and search your Google Cloud assets.

You can access the Security Command Center content in the Google Cloud console from the Risk Overview page.

Go to Security Command Center

The following image shows the Security Command Center content in the Google Cloud console.

The Google Cloud console.

Security Operations console

The Security Operations console lets you perform tasks such as the following:

  • Configure AWS connectivity for threat detection.
  • Configure users and groups for incident management.
  • Configure security orchestration, automation, and response (SOAR) settings.
  • Configure data ingestion into the security information and event management (SIEM).
  • Investigate and remediate individual findings for your Google Cloud organization and AWS environment.
  • Work with cases, which includes grouping findings, assigning tickets, and working with alerts.
  • Use an automated sequence of steps known as playbooks to remediate issues.
  • Use Workdesk to manage actions and tasks waiting for you from open cases and playbooks.

You can access the Security Operations console from https://customer_subdomain.backstory.chronicle.security, where customer_subdomain is your customer-specific identifier. You can determine your URL using one of the following methods:

  • In the setup guide in the Google Cloud console, step 4 to step 6 redirect to the Security Operations console. To access the setup guide, complete the following:

    1. Go to the Security Command Center Risk Overview page.

      Go to Overview

    2. Click View setup guide.

  • In the Google Cloud console, click one of the case links. To access a case link, complete the following:

    1. From the Security Command Center Risk Overview page, go to the Vulnerabilities by case dashboard.

      Go to Vulnerabilities by case

    2. Click View all vulnerability cases.

  • In the Google Cloud console, access the link on the Chronicle SecOps page.

    1. Go to the Chronicle SecOps page.

      Go to Chronicle SecOps

    2. Click Go to Chronicle.

The following image shows the Security Operations console.

The Security Operations console.

What's next