GCP Security Command Center (SCC)

Set up the GCP Security Command Center data connector.

In this guide, you'll configure the integration between Radiant and Google Cloud Security Command Center (SCC). This setup allows Radiant Security to continuously monitor for vulnerabilities, misconfigurations, and threats, offering visibility into the security posture of your GCP resources. SCC aggregates data from various GCP services, helping Radiant Security quickly triage and investigate potential security incidents.

There are two visibility scenarios when it comes to SCC scope: organization-wide and project-wide. We support data collection for both cases, but they require different steps. This guide outlines the specific actions needed for each visibility scenario.

At the end of this configuration, you will provide Radiant Security with these values:

Organization-Wide
Project-Wide

ADC Credentials (json file)

ADC Credentials (json file)

Organization ID

Organization ID

-

Project ID

Prerequisites

Enable the SCC API

  1. In Google Cloud console, go to Enable access to API by following this link: Enable access to API.

  2. Make sure you are in the right project:

    1. If SCC is set up within a project, select this project.

    2. If SCC is domain-wide, select a project where you will later be able to create a service account. The location of this service account is an organizational decision and does not impact the connector

  3. Click Next and Enable.

Create a service account

You’ll need to create a service account on a project that can retrieve logs from the API, regardless of your SCC visibility.

  1. In the Google Cloud console, navigate to IAM & Admin > Service Accounts.

  2. Select the project where you enabled the API in the previous step.

  3. Click + Create service account and add the following information:

    1. Service account name: Radiant-Connector

    2. Service account ID: radiant-connector (This is an auto-generated field.)

    3. Service account description: Account used to retrieve security logs from SCC

  4. Copy the Email address, you’ll need it later. Click Create and Continue.

  5. In the Grant this service account access to project section, click the drop-down for Select a role, search for and select the Security Center Admin Viewer role.

  6. Skip the third step and click Done.

Create a service account key

  1. While still in the Service Accounts page in the Google Cloud console, click the newly created account.

  2. Click the Keys tab and click Add Key > Create new Key.

  3. For Key type, select JSON and click Create.

  4. The JSON file will download automatically, be sure to save it in a secure place.

Grant access for a domain-wide SCC

Note: You may skip this step if SCC is project-wide.

  1. In the Google Cloud console, navigate to IAM & Admin, make sure that you are are in the organization scope.

  2. Click + Grant Access.

  3. In the Add principals section in the New principals field, enter the principal of the service account that you copied in the Create a service account step.

  4. In the Assign roles section, click the Role drop-down, search for and select the Security Center Admin Viewer role.

  5. Click Save.

Add the data connector in Radiant Security

  1. Log in to Radiant Security.

  2. From the navigation menu, click Settings > Data Connectors and click + Add Connector.

  3. Search for and select the GCP Security Command Center (SCC) option and then click Data Feeds.

  4. Under Select your data feeds, select the GCP Security Command Center (SCC) data feed and click Credentials.

  5. Under Credential Name, give the credential an identifiable name (e.g. GCP Radiant Credentials).

  6. Enter the GCP organization ID.

  7. If applicable, enter the GCP project ID.

  8. For Upload JSON File, upload the GCP credentials JSON file you downloaded in the Create a service account step.

  9. Click Add Connector.

PreviousGCP Audit LogsNextGoogle Workspace

Last updated