Below you'll find a table of contents for the Outbound Integrations journey.
Security Command Center Premium is powerful in and of itself, but when coupled with Chronicle, BigQuery, or third party tooling, you can achieve a very powerful, holistic, view of your security landscape. Combining all of your security data into a platform like Chronicle SecOps gives you the ability to review, analyze and respond to events in a much faster manner.
When you enable exporting of Security Command Center findings to BigQuery, new findings that are written to Security Command Center are exported to a BigQuery table in near real time. You can then integrate the data into existing workflows and create custom analyses. You can enable this feature at the organization, folder, and project levels to export findings based on your requirements.
See the Relevant Links section for more documentation regarding the prerequisites.
In the Google Cloud Console, select the Project that you enabled the SCC API for.
Click Activate cloud shell.
To create a new export configuration, run this command:
gcloud scc bqexports create BIG_QUERY_EXPORT --dataset=DATASET_NAME --folder=FOLDER_ID | --organization=ORGANIZATION_ID | --project=PROJECT_ID [--description=DESCRIPTION] [--filter=FILTER]
.
Replace
BIG_QUERY_EXPORT
,
DATASET_NAME
,
FOLDER_ID
,
ORGANIZATION_ID
,
PROJECT_ID
,
DESCRIPTION
, and
FILTER
.
You should see a BigQuery dataset about 15 minutes after running the previous command.
Note: If you use VPC Service Controls, please follow the steps in the linked documentation to create an ingress rule for BigQuery.
Integrating Security Command Center Premium with your SIEM system provides several significant benefits that enhance your organization's overall security posture: Centralized Security Monitoring, Improved threat detection, Accelerated incident response, and Compliance Reporting.
See the Relevant Links section for more documentation regarding the prerequisites.
Google SecOps is linked to your GCP Organization
Your account has been granted the chronicle Service Admin and Security Center Admin editor organizational roles https://cloud.google.com/chronicle/docs/ingestion/cloud/ingest-gcp-logs#grant_iam_roles
Notifications send findings and finding updates to a Pub/Sub topic within minutes. Security Command Center API notifications include all of the finding information that is displayed by Security Command Center in the Google Cloud console. Pub/Sub is useful if your organization or project utilizes a 3rd party SIEM platform.
See the Relevant Links section for more documentation regarding the prerequisites.
Create a Pub/Sub topic in the Google Cloud Pub/Sub. | Docs
[Optional] If your organization utilizes VPC Service Controls, please complete the steps in the linked docs. | Docs
Create a
NotificationConfig
. | Docs
Your journey is now complete.