This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Security Command Center Premium: Step 4 - Outbound Integrations

3 weeks ago Edited 3 weeks ago

andras
Staff
1 0 52

Table of Contents

Below you'll find a table of contents for the Outbound Integrations journey.

scc-outbound.png

 

 

Security Command Center Premium is powerful in and of itself, but when coupled with Chronicle, BigQuery, or third party tooling, you can achieve a very powerful, holistic, view of your security landscape. Combining all of your security data into a platform like Chronicle SecOps gives you the ability to review, analyze and respond to events in a much faster manner.

Prerequisites

  • Security Command Center Premium activated at the Organization or Project level.
  • All systems set to UTC time.

Actions

scc-outbound-big-query.png BigQuery Integration

When you enable exporting of Security Command Center findings to BigQuery, new findings that are written to Security Command Center are exported to a BigQuery table in near real time. You can then integrate the data into existing workflows and create custom analyses. You can enable this feature at the organization, folder, and project levels to export findings based on your requirements.

Show More
Prerequisites

See the Relevant Links section for more documentation regarding the prerequisites.

  • Configure Permissions
  • Create BigQuery Dataset
  • Enable SCC API
Steps

  1. In the Google Cloud Console, select the Project that you enabled the SCC API for.

  2. Click Activate cloud shell.

  3. To create a new export configuration, run this command:

    gcloud scc bqexports create BIG_QUERY_EXPORT --dataset=DATASET_NAME --folder=FOLDER_ID | --organization=ORGANIZATION_ID | --project=PROJECT_ID [--description=DESCRIPTION] [--filter=FILTER]

    .

    1. Replace

      BIG_QUERY_EXPORT

      ,

      DATASET_NAME

      ,

      FOLDER_ID

      ,

      ORGANIZATION_ID

      ,

      PROJECT_ID

      ,

      DESCRIPTION

      , and

      FILTER

      .

  4. You should see a BigQuery dataset about 15 minutes after running the previous command.

    1. Note: If you use VPC Service Controls, please follow the steps in the linked documentation to create an ingress rule for BigQuery.

Relevant Links

scc-outbound-chronicle.png

 Chronicle Integration

Integrating Security Command Center Premium with your SIEM system provides several significant benefits that enhance your organization's overall security posture: Centralized Security Monitoring, Improved threat detection, Accelerated incident response, and Compliance Reporting.

Show More
Prerequisites

See the Relevant Links section for more documentation regarding the prerequisites.

  • Security Command Center Premium Tier
  • Chronicle SIEM or SecOps Deployment
  • One-time access code from your Google CE
Steps

  1. FIXME

  2. FIXME

Relevant Links

scc-outbound-pub-sub.png

Pub/Sub

Notifications send findings and finding updates to a Pub/Sub topic within minutes. Security Command Center API notifications include all of the finding information that is displayed by Security Command Center in the Google Cloud console. Pub/Sub is useful if your organization or project utilizes a 3rd party SIEM platform.

 
Show More
Prerequisites

See the Relevant Links section for more documentation regarding the prerequisites.

  • Apply proper IAM Credentials
  • Enable SCC API (If not completed in previous steps)
Steps

  1. Create a Pub/Sub topic in the Google Cloud Pub/Sub. | Docs

  2. [Optional] If your organization utilizes VPC Service Controls, please complete the steps in the linked docs. | Docs

  3. Create a

    NotificationConfig

    . | Docs

Relevant Links

Complete!

scc-journey-complete.png

 

 

Your journey is now complete.

Topic Labels
Contributors
Version history
Last update:
3 weeks ago
Updated by: