LinkedIn
Twitter
Table of Contents
Below you'll find a table of contents for the onboarding journey.
- Table of Contents
- Prerequisites
- Actions
- Activate - Organization Level
- Activate - Project Level
- Web Security Scanner
- VM Manager
- Findings
When deploying Security Command Center Premium (SCCP) you have two options:
- Deploying at the organization level
- Deploying at the project level
The level you choose to deploy SCCP at highly depends on your organization structure, project structure, and the scope and nature of your work. Activating SCCP at the organization level is considered a best practice because it provides the most complete protection for your business by allowing SCCP to access and scan resources and assets across all of the folders and projects in the organization. For further information to help you make your decision, please read this linked document.
Prerequisites
- Entitlement for Security Command Center Premium
- Organization created in Google Cloud
- Define High-Value Assets
Actions
Activate - Organization Level
In order to utilize Security Command Center Premium you will need to activate it at the organization or project level. It is best practice to deploy at the organization level to ensure SCCP can access and scan resources at every level of the organization, rather than just one project.
Show More
Prerequisites
See the Relevant Links section for more documentation regarding the prerequisites.
- Existing Organization
- Proper IAM Credentials
- Verify Organization Policies
Steps
-
Navigate to Security Command Center in the Google Console
-
Choose the Organization from the organization list > the Get Security Command Center window opens.
-
Select the appropriate tier, then review the services you want SCC to access and scan.
-
Grant the required IAM roles to the service agents:
-
securitycenter.serviceAgent
-
roles/containerthreatdetection.serviceAgent
-
-
Review the configuration in the Complete Setup window, then click Finish.
Relevant Links
- Prerequisite: https://cloud.google.com/security-command-center/docs/activate-scc-overview
- Prerequisite: https://cloud.google.com/resource-manager/docs/creating-managing-organization
- Prerequisite: https://cloud.google.com/security-command-center/docs/activate-scc-for-an-organization#set_up_permis...
- Prerequisite: https://cloud.google.com/security-command-center/docs/activate-scc-for-an-organization#verify_organi...
- All Steps: https://cloud.google.com/security-command-center/docs/activate-scc-for-an-organization
Activate - Project Level
In order to utilize Security Command Center Premium you will need to activate it at the organization or project level. Although it is best practice to implement at the organization level, sometimes it makes sense to do so at the project level.
Show More
Prerequisites
See the Relevant Links section for more documentation regarding the prerequisites.
- Existing Organization
- Existing Project
- Proper IAM Credentials
- Verify Organization Policies
Steps
-
Follow the linked steps to determine if SCC is active in your Organization: | Docs
-
If SCC is not active in your organization, proceed with the steps below.
-
If SCC is active in your organization, please follow the linked documentation to implement SCC appropriately.
-
-
Navigate to Security Command Center in the Google Console.
-
Choose the Project you intend to activate SCC on.
-
Select the appropriate tier, then review the services you want SCC to access and scan.
-
Grant the required IAM roles to the service agents: | Docs
-
securitycenter.serviceAgent
-
roles/containerthreatdetection.serviceAgent
-
-
Review the configuration in the Complete Setup window, then click Finish.
Relevant Links
- Prerequisite: https://cloud.google.com/security-command-center/docs/activate-scc-overview
- Prerequisite: https://cloud.google.com/resource-manager/docs/creating-managing-organization
- Prerequisite: https://cloud.google.com/resource-manager/docs/creating-managing-projects
- Prerequisite: https://cloud.google.com/security-command-center/docs/activate-scc-for-a-project#iam_user_roles
- Prerequisite: https://cloud.google.com/security-command-center/docs/activate-scc-for-an-organization#verify_organi...
- Prerequisite: https://cloud.google.com/security-command-center/docs/activate-scc-for-a-project#project-activation-...
- 1: https://cloud.google.com/security-command-center/docs/activate-scc-for-a-project#scc-already-active
- 2-6: https://cloud.google.com/security-command-center/docs/activate-scc-for-an-organization
- 5: https://cloud.google.com/security-command-center/docs/activate-scc-for-a-project#grant-permissions
Web Security Scanner
Web Security Scanner is one of several built-in services for SCC that can quickly be enabled within your SCC deployment.
Show More
Prerequisites
See the Relevant Links section for more documentation regarding the prerequisites.
- SCC Deployed in Organization or Project.
Steps
-
In the Security Command Center console, select the appropriate Organization or Project.
-
Click the Gear icon for Settings.
-
For the Web Security Scanner service, click Manage Settings.
-
On the Service Enablement tab, find the resource for which you need to enable the service. You can enable on an organization, folder, or project.
-
Set the service to Enable, Disable, or Inherit. Inherit would inherit it's settings from the parent resource (i.e. a Project would inherit from its Organization).
Relevant Links
VM Manager
Virtual Machine Threat Detection, a built-in service of Security Command Center Premium, provides threat detection through hypervisor-level instrumentation and persistent disk analysis. VM Threat Detection detects potentially malicious applications, such as cryptocurrency mining software, kernel-mode rootkits, and malware running in compromised cloud environments.
Show More
Prerequisites
See the Relevant Links section for more documentation regarding the prerequisites.
- SCC Deployed in Organization or Project.
Steps
-
In the Security Command Center console, select the appropriate Organization or Project.
-
Click the Gear icon for Settings.
-
For the Web Security Scanner service, click Manage Settings.
-
On the Service Enablement tab, find the resource for which you need to enable the service. You can enable on an organization, folder, or project.
-
Set the service to Enable, Disable, or Inherit. Inherit would inherit it's settings from the parent resource (i.e. a Project would inherit from its Organization).
Relevant Links
Findings
A finding is a record of a security issue that Security Command Center services create when they detect security a issue.
Show More
Prerequisites
See the Relevant Links section for more documentation regarding the prerequisites.
- SCC Deployed in Organization or Project.
Steps
-
Navigate to the Security Command Center console. On the right hand side you will see the Findings Summary pane. Along the top of the SCC console you will see three tabs, select Findings.
-
You can see the Findings search query in the Findings query results panel. Modify the query to adjust your search to include items you're looking for.
-
Note: you can modify the time range of the search by clicking on the Time Range drop down menu.
-
-
Utilize the filtering function to help find specific Findings that you are interested in.
-
Once you've found a Finding that you would like to view more information on, click it. You will be able to look at all of the details and fields associated with the finding, including its raw JSON format. | Docs