Google Cloud Security Command Center (SCC)

Google Cloud Security Command Center (SCC) aggregates vulnerability, misconfiguration, and threat findings across your GCP resources. Connecting SCC to Radiant Security streams these findings in as alerts for Radiant AI triage.

SCC can be scoped two ways, and each requires a different setup path:

• Organization-wide. SCC monitors all projects in your GCP organization.

• Project-wide. SCC monitors a single GCP project.

The setup steps in this article cover both scopes. Differences are called out where they apply.

At the end of setup, you will provide Radiant with the following values:

Prerequisites

• You have Organization Admin access in Google Cloud

• You can access the GCP project where the service account will be created

Enable the SCC API

1. In the Google Cloud console, open the Enable access to API page.

2. Select the correct project:

   1. If SCC is scoped to a project, select that project.

   2. If SCC is scoped organization-wide, select any project in which you can create a service account. The location of the service account does not affect the connector.

3. Click Next, then click Enable.

Create a service account

Create a service account in the project where you enabled the API. This account retrieves findings from the SCC API.

1. In the Google Cloud console,, go to IAM & Admin > Service Accounts.

1. Confirm the project from the previous step is selected.

2. Click + Create service account and enter the following:

   • Service account name: Radiant-Connector

   • Service account ID: radiant-connector (auto-generated)

   • Service account description: Account used to retrieve security findings from SCC

3. Copy the service account Email address. You will need it in a later step.

4. Click Create and Continue.

5. Under Grant this service account access to project, open the Select a role drop-down. Search for and select Security Center Admin Viewer.

6. Skip the optional third step and click Done.

Create a service account key

1. On the Service Accounts page, click the newly created account.

2. Open the Keys tab, then click Add Key > Create new key.

3. For Key type, select JSON, then click Create.

4. The JSON file downloads automatically. Save it in a secure location. You will upload it to Radiant in the final step.

Grant organization-wide access

1. In the Google Cloud console, go to IAM & Admin and switch to the organization scope.

2. Click + Grant Access.

3. Under Add principals, paste the service account email address you copied earlier into the New principals field.

4. Under Assign roles, open the Role drop-down. Search for and select Security Center Admin Viewer.

5. Click Save.

Add the data connector in Radiant Security

1. Log in to Radiant Security.

2. From the navigation menu, click Settings > Data Connectors, then click + Add Connector.

3. Search for and select GCP Security Command Center (SCC), then click Data Feeds.

4. Under Select your data feeds, select the GCP Security Command Center (SCC) feed and click Credentials.

5. Under Credential Name, enter an identifiable name (e.g., GCP Radiant Credentials).

6. Enter the GCP organization ID.

7. If you are using project-wide scope, enter the GCP project ID.

8. Under Upload JSON File, upload the GCP credentials JSON file you downloaded earlier.

9. Click Add Connector.

Verify ingestion

After Google Cloud Security Command Center begins forwarding, confirm alerts are reaching Radiant.

1. In Radiant, navigate to Log Management.

2. Filter by rs_connectorType:"gcp_scc".

3. Confirm recent alerts appear.