GCP Security Command Center

Set up the GCP Security Command Center connector on Radiant Security.

Overview

By integrating with Security Command Center (SCC), Radiant Security continuously monitors for vulnerabilities, misconfigurations, and threats, providing visibility into the security posture of your GCP resources. SCC aggregates and analyzes data from various GCP services, enabling Radiant Security to quickly triage and investigate potential security incidents.

There are two visibility scenarios when it comes to SCC scope: organization-wide and project-wide. We support data collection for both cases, but they require different steps. This guide outlines the specific actions needed for each visibility scenario.

You’ll need to complete the following steps:

• Enable the SCC API
• Create a service account
• Create a service account key
• Grant access for a domain-wide SCC
• Add the data connector in Radiant Security

At the end of this configuration, you will provide Radiant Security with these values:

Prerequisites

You need to be an Organization Admin to perform the following tasks.

Enable the SCC API

1. In the Google Cloud console, go to Enable access to API by following this link: Enable access to API.
2. Make sure you are in the right project:
   1. If SCC is set up within a project (project-wide), select this project.
   2. If SCC is domain-wide, select a project where you will later be able to create a service account. The location of this service account is an organizational decision and does not impact the connector.
3. Click Next and Enable.

Create a service account

You’ll need to create a service account on a project that can retrieve logs from the API, regardless of your SCC visibility.

1.   In the Google Cloud console, navigate to IAM & Admin > Service Accounts.
2.   Select the project where you enabled the API in the previous step.
3.   Click + Create service account and add the following information: Service account name: Radiant-Connector Service account ID: radiant-connector (This is an auto-generated field.) Service account description: Account used to retrieve security logs from SCC 4.   Copy the Email address, you'll need it later. Click Create and Continue.
5.   In the Grant this service account access to project section, click the drop-down for Select a role, search for and select the Security Center Admin Viewer role.
6.   Skip the third step and click Done.

Create a service account key

1.   While still in the Service Accounts page in the Google Cloud console, click the newly created account.
2.   Click the Keys tab and click Add Key > Create new Key.
3.   For Key type, select JSON and click Create.
4.   The JSON file will download automatically, be sure to save it in a secure place.

Grant access for a domain-wide SCC

1.   In the Google Cloud console, navigate to IAM & Admin, make sure that you are are in the organization scope.
2.   Click + Grant Access.
3.   In the Add principals section in the New principals field, enter the principal of the service account that you copied in the Create a service account step. 4.   In the Assign roles section, click the Role drop-down, search for and select the Security Center Admin Viewer role.
5.   Click Save.

Add the data connector in Radiant Security

1.   Log in to Radiant Security.
2.   From the navigation menu, click Settings > Data Connectors and click + Add Connector.
3.   Search for and select the GCP Security Command Center (SCC) option and then click Data Feeds.
4.   Click Credentials.
5.   Under Credential Name, give the credential an identifiable name (e.g. GCP Radiant Credentials).
6.   Fill in the GCP organization ID. 7.   If applicable, enter the GCP project ID. 8.   For Upload JSON File, upload the GCP credentials JSON file you downloaded in the Create a service account step.
9.   Click Add Connector.

We value your opinion. Did you find this article helpful? Share your thoughts by clicking here or reach to our Product and Customer Success teams at support@radiantsecurity.ai 

Last updated: 2024-08-23