Below you'll find a table of contents for the onboarding journey.
When deploying Security Command Center Premium (SCCP) you have two options:
The level you choose to deploy SCCP at highly depends on your organization structure, project structure, and the scope and nature of your work. Activating SCCP at the organization level is considered a best practice because it provides the most complete protection for your business by allowing SCCP to access and scan resources and assets across all of the folders and projects in the organization. For further information to help you make your decision, please read this linked document.
In order to utilize Security Command Center Premium you will need to activate it at the organization or project level. It is best practice to deploy at the organization level to ensure SCCP can access and scan resources at every level of the organization, rather than just one project.
See the Relevant Links section for more documentation regarding the prerequisites.
Navigate to Security Command Center in the Google Console
Choose the Organization from the organization list > the Get Security Command Center window opens.
Select the appropriate tier, then review the services you want SCC to access and scan.
Grant the required IAM roles to the service agents:
securitycenter.serviceAgent
roles/containerthreatdetection.serviceAgent
Review the configuration in the Complete Setup window, then click Finish.
In order to utilize Security Command Center Premium you will need to activate it at the organization or project level. Although it is best practice to implement at the organization level, sometimes it makes sense to do so at the project level.
See the Relevant Links section for more documentation regarding the prerequisites.
Follow the linked steps to determine if SCC is active in your Organization: | Docs
If SCC is not active in your organization, proceed with the steps below.
If SCC is active in your organization, please follow the linked documentation to implement SCC appropriately.
Navigate to Security Command Center in the Google Console.
Choose the Project you intend to activate SCC on.
Select the appropriate tier, then review the services you want SCC to access and scan.
Grant the required IAM roles to the service agents: | Docs
securitycenter.serviceAgent
roles/containerthreatdetection.serviceAgent
Review the configuration in the Complete Setup window, then click Finish.
Web Security Scanner is one of several built-in services for SCC that can quickly be enabled within your SCC deployment.
See the Relevant Links section for more documentation regarding the prerequisites.
In the Security Command Center console, select the appropriate Organization or Project.
Click the Gear icon for Settings.
For the Web Security Scanner service, click Manage Settings.
On the Service Enablement tab, find the resource for which you need to enable the service. You can enable on an organization, folder, or project.
Set the service to Enable, Disable, or Inherit. Inherit would inherit it's settings from the parent resource (i.e. a Project would inherit from its Organization).
Virtual Machine Threat Detection, a built-in service of Security Command Center Premium, provides threat detection through hypervisor-level instrumentation and persistent disk analysis. VM Threat Detection detects potentially malicious applications, such as cryptocurrency mining software, kernel-mode rootkits, and malware running in compromised cloud environments.
See the Relevant Links section for more documentation regarding the prerequisites.
In the Security Command Center console, select the appropriate Organization or Project.
Click the Gear icon for Settings.
For the Web Security Scanner service, click Manage Settings.
On the Service Enablement tab, find the resource for which you need to enable the service. You can enable on an organization, folder, or project.
Set the service to Enable, Disable, or Inherit. Inherit would inherit it's settings from the parent resource (i.e. a Project would inherit from its Organization).
A finding is a record of a security issue that Security Command Center services create when they detect security a issue.
See the Relevant Links section for more documentation regarding the prerequisites.
Navigate to the Security Command Center console. On the right hand side you will see the Findings Summary pane. Along the top of the SCC console you will see three tabs, select Findings.
You can see the Findings search query in the Findings query results panel. Modify the query to adjust your search to include items you're looking for.
Note: you can modify the time range of the search by clicking on the Time Range drop down menu.
Utilize the filtering function to help find specific Findings that you are interested in.
Once you've found a Finding that you would like to view more information on, click it. You will be able to look at all of the details and fields associated with the finding, including its raw JSON format. | Docs