Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Security Command Center is Google Cloud's centralized vulnerability and threat reporting service. Security Command Center helps you strengthen your security posture by evaluating your security and data attack surface; providing asset inventory and discovery; identifying misconfigurations, vulnerabilities, and threats; and helping you mitigate and remediate risks.

Device Information

 Entity

Particulars

Vendor Name

Google

Product Name

Security Command Center

Type of Device

Cloud

Collection Method

Log Type

 Ingestion label

Preferred Logging Protocol - Format

Log Collection Method

N/A

GCP_SECURITYCENTER_THREAT

API - JSON

C2C

Device Configuration

Before you can ingest your Google Cloud data into your Chronicle instance, you must complete the following steps:

  • Contact your Chronicle representative and obtain the one-time access code you need to ingest your GCP telemetry.

  • Grant the following IAM roles required for you to access the Chronicle section:

    • Chronicle Service Admin (roles/chroniclesm.admin): IAM role for performing all activities.

    • Chronicle Service Viewer (roles/chroniclesm.viewer): IAM role to only view the state of ingestion.

    • Security Center Admin Editor (roles/securitycenter.adminEditor): Required to enable the ingestion of Cloud Asset Metadata.

To Granting IAM Roles:

To grant IAM roles using Google Cloud console, complete the following steps:

  1. Log on to the Google Cloud Organization you want to connect to and navigate to the IAM screen using Products > IAM & Admin > IAM.

  2. From the IAM screen, select the user and click Edit Member.

If you are not in the Organization view of IAM, the Edit Member button is disabled, and you need to navigate to the organization's IAM screen.

  1. In the Edit Permissions screen, click Add Another Role and search for Chronicle to find the IAM roles.

  2. Once you have assigned the roles, click Save.

Enabling To Enable Google Cloud data ingestion:Data Ingestion

To enable data ingestion from your Google Cloud organization into your Chronicle account, complete the following steps:

  1. Navigate to the Chronicle page for the Google Cloud console.
    Go to the Chronicle page

  2. Enter your one-time access code in the 1-time Chronicle access code field.

  3. Check the box labeled Select I consent to the terms and conditions of Chronicle's usage of my Google Cloud data.

  4. Click Connect Chronicle. Your Google Cloud data is now going to be sent to Chronicle.

...

  1. Once Google cloud connected to Chronicle, you need to enable “Google Cloud Logging”. See Google Cloud Logging, see below screenshot.

...

  1. click on Save.

We have referred, vendor documentation for the steps.https://cloud.google.com/chronicle/docs/ingestion/cloud/ingest-gcp-logs

...