This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
When deploying Security Command Center Premium (SCCP) you have two options:
Deploying at the organization level
Deploying at the project level
The level you choose to deploy SCCP at highly depends on your organization structure, project structure, and the scope and nature of your work. Activating SCCP at the organization level is considered a best practice because it provides the most complete protection for your business by allowing SCCP to access and scan resources and assets across all of the folders and projects in the organization. For further information to help you make your decision, please read this linked document.
Prerequisites
Entitlement for Security Command Center Premium
Organization created in Google Cloud
Define High-Value Assets
Actions
Activate - Organization Level
In order to utilize Security Command Center Premium you will need to activate it at the organization or project level. It is best practice to deploy at the organization level to ensure SCCP can access and scan resources at every level of the organization, rather than just one project.
In order to utilize Security Command Center Premium you will need to activate it at the organization or project level. Although it is best practice to implement at the organization level, sometimes it makes sense to do so at the project level.
See the Relevant Links section for more documentation regarding the prerequisites.
SCC Deployed in Organization or Project.
Steps
In the Security Command Center console, select the appropriate Organization or Project.
Click the Gear icon for Settings.
For the Web Security Scanner service, click Manage Settings.
On the Service Enablement tab, find the resource for which you need to enable the service. You can enable on an organization, folder, or project.
Set the service to Enable, Disable, or Inherit. Inherit would inherit it's settings from the parent resource (i.e. a Project would inherit from its Organization).
Virtual Machine Threat Detection, a built-in service of Security Command Center Premium, provides threat detection through hypervisor-level instrumentation and persistent disk analysis. VM Threat Detection detects potentially malicious applications, such as cryptocurrency mining software, kernel-mode rootkits, and malware running in compromised cloud environments.
See the Relevant Links section for more documentation regarding the prerequisites.
SCC Deployed in Organization or Project.
Steps
In the Security Command Center console, select the appropriate Organization or Project.
Click the Gear icon for Settings.
For the Web Security Scanner service, click Manage Settings.
On the Service Enablement tab, find the resource for which you need to enable the service. You can enable on an organization, folder, or project.
Set the service to Enable, Disable, or Inherit. Inherit would inherit it's settings from the parent resource (i.e. a Project would inherit from its Organization).
See the Relevant Links section for more documentation regarding the prerequisites.
SCC Deployed in Organization or Project.
Steps
Navigate to the Security Command Center console. On the right hand side you will see the Findings Summary pane. Along the top of the SCC console you will see three tabs, select Findings.
You can see the Findings search query in the Findings query results panel. Modify the query to adjust your search to include items you're looking for.
Note: you can modify the time range of the search by clicking on the Time Range drop down menu.
Utilize the filtering function to help find specific Findings that you are interested in.
Once you've found a Finding that you would like to view more information on, click it. You will be able to look at all of the details and fields associated with the finding, including its raw JSON format. | Docs