Google Cloud Security Command Center
Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel,
n'hésitez pas à nous contacter.
Overview
Google Cloud Security Command Center helps you strengthen your security posture by:
- Evaluating your security and data attack surface
- Providing asset inventory and discovery
- Identifying misconfigurations, vulnerabilities, and threats
- Helping you mitigate and remediate risks
Security Command Center uses services, such as Event Threat Detection and Security Health Analytics, to detect security issues in your environment. These services scan your logs and resources in Google Cloud, looking for threat indicators, software vulnerabilities, and misconfigurations. Services are also referred to as sources.
For more information, see Security sources.
When these services detect a threat, vulnerability, or misconfiguration, they issue a finding. A finding is a report or record of an individual threat, vulnerability, or misconfiguration that service has found in your Google Cloud environment. Findings show the issue that was detected, the Google Cloud resource that is affected by the issue, and guidance on how you can address the issue.
Setup
Installation
Before you start, ensure the following APIs are enabled for the projects you want to collect Google Cloud Security Command Center findings for:
Assign role to service accounts
A service account must have this role to retrieve findings from the GCP Security Command Center.
Logs may not show up due to a permissions denied error if this role is not enabled.
Assign the following role:
- Security Center Findings Viewer
NOTE:
If the same project is discovered by multiple service accounts, all attached service accounts
must have Security Center Findings Viewer Role added.
Failure to comply with this requirement may result in PermissionDenied errors. We will not be able to collect the
Security Findings for this project. Therefore, it is important to ensure that all service accounts have the necessary
permissions to access security findings for any project they are associated with.
Configuration
Google Cloud Security Command Center is included as part of the main Google Cloud Platform integration package.
If you haven’t already, follow this doc to set up the Google Cloud Platform integration first.
On the main Google Cloud Platform Integration tile:
- Open the Service Account and/or ProjectID corresponding to the project you are looking to pull security findings for.
- Under the Security Findings tab, Enable collection of security findings using the toggle.
Once enabled, your security findings may take up to 1 day to be collected.
Data Collected
Log collection
Google Cloud Security Command Center findings are collected as logs with the Google Cloud Security Command Center Client API.
Inside the Datadog Log Explorer, find Google Cloud Security Command Center logs with the following filter:
- Set
Findings
as the Service - Set
google.security.command.center
as the Source - The log status is Info.
Metrics
Google Cloud Security Command Center does not include any metrics.
Service Checks
Google Cloud Security Command Center does not include any service checks.
Events
Google Cloud Security Command Center does not include any events.
Troubleshooting
Need help? Contact Datadog support.
Further Reading
Additional helpful documentation, links, and articles: