Google Security Command Center

Introduction

Security Command Center is Google Cloud's centralized vulnerability and threat reporting service. Security Command Center helps you strengthen your security posture by evaluating your security and data attack surface; providing asset inventory and discovery; identifying misconfigurations, vulnerabilities and threats; and helping you mitigate and remediate risks

What we are going to cover

We will cover how to use Google Security Command Center and a step by step guide for analysing the findings and take actions.

Requirements

Security Command Center requires an organization resource that is associated with a domain and, if you want to use the Premium tier, a billing account. You also need the below Indentity and Access Management (IAM) roles:

  • Organization Admin roles/resourcemanager.organizationAdmin

  • Security Center Admin roles/securitycenter.admin

  • Security Admin roles/iam.securityAdmin

  • Create Service Accounts roles/iam.serviceAccountCreator

Steps to audit

  • Choose your tier The Security Command Center tier you select determines the features that are available to you and the cost of using Security Command Center. There are two tiers available Standard and Premium.

  • Choose Services All built-in services are enabled by default at the organization level for the tier you selected. Each service scans all supported resources and report findings for your entire organization.

  • Choose Resources By default, resources inherit the service settings for the organization. All enabled services run scans for all supported resources in your organization. This configuration is the optimal operating mode to ensure that new and changed resources are automatically discovered and protected.

  • Grant Permissions For Security command center to work properly a service account is created in the following format:

    service-org-ORGANIZATION_ID@security-center-api.iam.gserviceaccount.com

Where ORGANIZATION_ID with the numerical identifier of your organization. This service account should have the following IAM roles attached at the organization level

  • securitycenter.serviceAgent

  • serviceusage.serviceUsageAdmin

  • cloudfunctions.serviceAgent

Grant this roles to the service account of the security command center.

  • Wait for the scans to complete When you finish setup, Security Command Center starts an initial asset scan, after which you can use the dashboard to review and remediate Google Cloud security and data risks across your organization.

Aditional references

Google Security Command Center Security Command Center - Setup

PreviousScoutSuite for AWS and Google CloudNextPacu

Last updated