GCP Security Command Center is a service provided by GCP that scans your projects for misconfigurations, vulnerabilities, and other threats to your cloud resources.
VMware Aria Automation for Secure Clouds can use an integration to ingest and display findings from GCP Security Command Center alongside native findings from the service. This allows you to more easily correlate GCP Security Command Center-based findings with other, related vulnerabilities for the same resource.
Read further for instructions to enable and secure a GCP Security Command Center integration for VMware Aria Automation for Secure Clouds.
Take note of the following before you enable integration with GCP Security Command Center:
GCP Security Command Center integrations are created automatically when you onboard a GCP project into VMware Aria Automation for Secure Clouds. Configuration involves enabling the integration and ensuring the service is active to allow ingestion of findings from GCP Security Command Center.
From the VMware Aria Automation for Secure Clouds browser client, navigate to Settings > Integrations.
Locate the GCP Security Command Center integration and select View Details.
Select your desired cloud account and click the Enable toggle to activate the integration.
Verify your cloud account is in Healthy status.
You are now ready to begin ingesting findings from GCP Security Command Center. If your integration doesn't work, ensure that you have GCP Security Command Center enabled in your GCP console. If it still isn't working, reach out to your support representative.
During and after configuration, the Status indicator is an important way to tell if your integration is working correctly. There are several possible statuses for your integration, each corresponding to a particular scenario.
VMware Aria Automation for Secure Clouds can ingest threat and vulnerability type findings from GCP Security Command Center. Review the GCP documentation to learn more about both type of finding.
You can quickly view findings of either type from GCP Security Command Center by taking the following actions in the VMware Aria Automation for Secure Clouds browser client:
Select your preferred view from the Findings tab.
Open the filter list, then select GCP Command Centers under Finding Source.
Under Finding Type, select Vulnerability or Threat to see either type of finding. If you want to see both, don't make a selection here.
Click Apply.
You should now see a list of all findings ingested from your GCP Security Command Center integration.
If you don't see any findings, see if you've enabled event stream or not; it may take up to 12 hours before VMware Aria Automation for Secure Clouds can update with additional findings if event stream isn't active. You may also need to wait for GCP Security Command Center to detect findings from your resources if you recently enabled the service.