How to integrate GCP Security Command Center with VMware Aria Automation for Secure Clouds

GCP Security Command Center is a service provided by GCP that scans your projects for misconfigurations, vulnerabilities, and other threats to your cloud resources.

VMware Aria Automation for Secure Clouds can use an integration to ingest and display findings from GCP Security Command Center alongside native findings from the service. This allows you to more easily correlate GCP Security Command Center-based findings with other, related vulnerabilities for the same resource.

Read further for instructions to enable and secure a GCP Security Command Center integration for VMware Aria Automation for Secure Clouds.

Before you start

Take note of the following before you enable integration with GCP Security Command Center:

• You must enable GCP Security Command Center for the integration to function. Note that this incurs an additional cost from GCP if you weren't already making use of the service.

Configure your GCP Security Command Center integration

GCP Security Command Center integrations are created automatically when you onboard a GCP project into VMware Aria Automation for Secure Clouds. Configuration involves enabling the integration and ensuring the service is active to allow ingestion of findings from GCP Security Command Center.

1. From the VMware Aria Automation for Secure Clouds browser client, navigate to Settings > Integrations.

2. Locate the GCP Security Command Center integration and select View Details.

3. Select your desired cloud account and click the Enable toggle to activate the integration.

4. Verify your cloud account is in Healthy status.

You are now ready to begin ingesting findings from GCP Security Command Center. If your integration doesn't work, ensure that you have GCP Security Command Center enabled in your GCP console. If it still isn't working, reach out to your support representative.

Understand GCP Security Command Center status

During and after configuration, the Status indicator is an important way to tell if your integration is working correctly. There are several possible statuses for your integration, each corresponding to a particular scenario.

• Healthy - This status is indicated by a green checkmark with a circle around it. A healthy status means VMware Aria Automation for Secure Clouds is connected to GCP Security Command Center and is able to receive data.
• Not triggered - This status is indicated by a yellow exclamation point with a triangle around it. A not triggered status is most often seen when GCP Security Command Center has just been enabled and VMware Aria Automation for Secure Clouds is still populating findings. Depending on the time your last system inventory, tt may take up to twelve hours for findings to populate, after which the status should change to healthy.
• Not connected - This status is indicated by a red exclamation point with a circle around it. A not connected status means VMware Aria Automation for Secure Clouds can't communicate with GCP Security Command Center, likely because it hasn't been enabled for your cloud account in the GCP console.
• Disabled - This status is indicated by a gray minus sign with a circle around it. The disable status only appears when you've disabled the GCP Security Command Center integration in VMware Aria Automation for Secure Clouds.

Review findings from GCP Security Command Center

VMware Aria Automation for Secure Clouds can ingest threat and vulnerability type findings from GCP Security Command Center. Review the GCP documentation to learn more about both type of finding.

You can quickly view findings of either type from GCP Security Command Center by taking the following actions in the VMware Aria Automation for Secure Clouds browser client:

1. Select your preferred view from the Findings tab.

2. Open the filter list, then select GCP Command Centers under Finding Source.

3. Under Finding Type, select Vulnerability or Threat to see either type of finding. If you want to see both, don't make a selection here.

4. Click Apply.

You should now see a list of all findings ingested from your GCP Security Command Center integration.

If you don't see any findings, see if you've enabled event stream or not; it may take up to 12 hours before VMware Aria Automation for Secure Clouds can update with additional findings if event stream isn't active. You may also need to wait for GCP Security Command Center to detect findings from your resources if you recently enabled the service.