Below you'll find a table of contents for the Integrated Services journey.
Security Command Center Premium (SCCP) has a number of integrated services that can be easily enabled to provide you with deep information about the security posture of your organization. We've already covered Web Security Scanner and VM Manager in the Onboarding section. In this section we will cover the implementation of Anomaly Detection and Sensitive Data Protection.
Anomaly Detection
Anomaly Detection uses behavior signals from outside your system to identify and display security anomalies for your projects and Virtual Machine instances.
See the Relevant Links section for more documentation regarding the prerequisites.
Anomaly Detection is enabled by default and requires no further action from you. It's just worth spending a moment to discuss what it is and how it works.
In order to anlyze any issues that Anomaly Detection finds, you will want to go to the Findings tab in SCC.
Sensitive Actions Service is a built-in service of the Security Command Center Premium tier that detects when actions are taken in your Google Cloud organization, folders, and projects that could be damaging to your business if they are taken by a malicious actor.
See the Relevant Links section for more documentation regarding the prerequisites.
Sensitive Actions Service automatically enabled on Security Command Center Premium Tier, no further action is required on your part.
Navigate to the Security Command Center console. Along the top of the SCC console you will see three tabs, select Findings.
Ensure you've selected the appropriate organization or project.
In the Quick Filters section, Source Display Name subsection, select Sensitive Actions Service.
To view the details of a Finding click the finding name under Category.
To display all findings about a specific user, copy the email address next to Principal Email, then close the Details pane.
In Query Builde, build the following query:
access.principal_email='USER_EMAIL'
. Replace
USER_EMAIL
with the email address you copied in step 6.