- Print
- DarkLight
Google Security Command Center
Security Command Center is Google Cloud's centralized vulnerability and threat reporting service. Security Command Center helps you strengthen your security posture by evaluating your security and data attack surface; providing asset inventory and discovery; identifying misconfigurations, vulnerabilities and threats; and helping you mitigate and remediate risks.
Integration Method: API
Tables: Compliance Finding, Detection Finding, Vulnerability Finding
This integration has been tested against the Security Command Center API v2.
Google Security Command Center Configuration
Login to your Google Cloud Platform console.
Ensure that the plan activation of Google Security Command Center is done on the organization level. For step-by-step instructions on enabling and configuring Security Command Center for an organization, see one of the following:
After ensuring that the Google SCC service is activated on an organization-level, we need to get the service account's credentials for accessing the service via REST calls.
To generate service-account credentials, or to view the public credentials that you've already generated, do the following:
First, create a service account:
Open the Service accounts page
If prompted, select a project, or create a new one.
Click add Create service account.
Under Service account details, type a name, ID, and description for the service account, then click Create and continue.
Click Done.
Next, create a service account key:
Click the email address for the service account you created.
Click the Keys tab.
In the Add key drop-down list, select Create new key.
Click Create.
Your new public/private key pair is generated and downloaded to your machine; it serves as the only copy of the private key. You are responsible for storing it securely. If you lose this key pair, you will need to generate a new one.
To assign roles to the newly created service account, follow below steps:
Go to the Google Cloud Console: Open Google Cloud Console.
In the left-hand navigation pane, click on "IAM & Admin".
Then select "IAM".
Ensure you have selected the correct organization from the project/organization selector at the top of the page.
Click on the "Add" button at the top of the IAM page.
In the "New members" field, enter the email address of the service account you created.
In the "Select a role" dropdown, choose the appropriate role(s) you want to assign to the service account. You can search for roles or browse through the categories. The roles mentioned below are the minimum required roles for accessing Google SCC API.
Organization Admin
Security Center Admin Viewer
Click the "Save" button to apply the role to the service account.
DataBee Configuration
Log into the DataBee console, navigate to Data > Data sources and click on the Add New Data Source button
Search for the Google Security Command Center option using the search bar in the Add New Data Source page.
Select the API Ingest option and enter appropriate details in the Configure Data source form. After that click on Next button.
In the configuration details dialog, enter the following:
Authorization Method: Google OAuth2
API Base URL: Replace the <instance> placeholder with value based on the location of your GCP account as listed below.
global: securitycenter
me-central-2: securitycenter.me-central2.rep
Organization ID: Enter the org id. Refer to link for more information.
Token URL: Enter https://oauth2.googleapis.com/token
Private Key: Paste the private key inside the Service Account JSON file downloaded earlier.
Client Email: Enter the email address during the service account creation process
Example:
Correct Format: MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAA
Incorrect Format: -----BEGIN PRIVATE KEY----\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAA\n-----END PRIVATE KEY-----\n
Admin Email: Enter the email address of the user for which the application is requesting delegated access. If there is no domain-wide authority delegated to the service account, enter the same email as entered in Client Email field.
Click Submit