This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Security Command Center Premium: Step 2 - Integrated Services

3 weeks ago Edited 3 weeks ago

andras
Staff
1 0 47

Table of Contents

Below you'll find a table of contents for the Integrated Services journey.

scc-integrated-services.png

 

Security Command Center Premium (SCCP) has a number of integrated services that can be easily enabled to provide you with deep information about the security posture of your organization. We've already covered Web Security Scanner and VM Manager in the Onboarding section. In this section we will cover the implementation of Anomaly Detection and Sensitive Data Protection.

Prerequisites

  • Security Command Center Premium activated at the Organization or Project level.
  • Data ingestion into SCCP happening successfully.

Actions

scc-integrated-services-anomaly.png Anomaly Detection

Anomaly Detection uses behavior signals from outside your system to identify and display security anomalies for your projects and Virtual Machine instances.

 
Show More
Prerequisites

See the Relevant Links section for more documentation regarding the prerequisites.

  • SCC enabled at the organization level (Anomaly Detection not available at the Project level).
Steps

  1. Anomaly Detection is enabled by default and requires no further action from you. It's just worth spending a moment to discuss what it is and how it works.

  2. In order to anlyze any issues that Anomaly Detection finds, you will want to go to the Findings tab in SCC.

Relevant Links

scc-integrated-services-sensitive-actions.png

Sensitive Actions Service

Sensitive Actions Service is a built-in service of the Security Command Center Premium tier that detects when actions are taken in your Google Cloud organization, folders, and projects that could be damaging to your business if they are taken by a malicious actor.

Show More
Prerequisites

See the Relevant Links section for more documentation regarding the prerequisites.

  • Security Command Center Premium Tier.
Steps

  1. Sensitive Actions Service automatically enabled on Security Command Center Premium Tier, no further action is required on your part.

  2. Navigate to the Security Command Center console. Along the top of the SCC console you will see three tabs, select Findings.

  3. Ensure you've selected the appropriate organization or project.

  4. In the Quick Filters section, Source Display Name subsection, select Sensitive Actions Service.

  5. To view the details of a Finding click the finding name under Category.

  6. To display all findings about a specific user, copy the email address next to Principal Email, then close the Details pane.

  7. In Query Builde, build the following query:

    access.principal_email='USER_EMAIL'

    . Replace

    USER_EMAIL

    with the email address you copied in step 6.

Relevant Links
Topic Labels
Contributors
Version history
Last update:
3 weeks ago
Updated by: