Google Security Command Center
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
| Attribute | Value |
|---|---|
| Connector ID | GoogleSCCDefinition |
| Publisher | Microsoft |
| Used in Solutions | Google Cloud Platform Security Command Center |
| Collection Method | Unknown |
| Connector Definition Files | GCPSecurityCommandCenter.json |
The Google Cloud Platform (GCP) Security Command Center is a comprehensive security and risk management platform for Google Cloud, ingested from Sentinel's connector. It offers features such as asset inventory and discovery, vulnerability and threat detection, and risk mitigation and remediation to help you gain insight into your organization's security and data attack surface. This integration enables you to perform tasks related to findings and assets more effectively.
Additional Information
📖 Setup Guide: Google Cloud Platform connectors - Connect GCP logs to Microsoft Sentinel
Tables Ingested
This connector ingests data into the following tables:
| Table | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|
GoogleCloudSCC |
✓ | ✓ | ? |
💡 Tip: Tables with Ingestion API support allow data ingestion via the Azure Monitor Data Collector API, which also enables custom transformations during ingestion.
Permissions
Resource Provider Permissions: - Workspace (Workspace): Read and Write permissions are required. - Keys (Workspace): Read permissions to shared keys for the workspace are required. See the documentation to learn more about workspace keys
Setup Instructions
⚠️ Note: These instructions were automatically generated from the connector's user interface definition file using AI and may not be fully accurate. Please verify all configuration steps in the Microsoft Sentinel portal.
1. Set up your GCP environment
You must have the following GCP resources defined and configured: topic, subscription for the topic, workload identity pool, workload identity provider and service account with permissions to get and consume from subscription.
Terraform provides API for the IAM that creates the resources. Link to Terraform scripts.
- Tenant ID: A unique identifier that is used as an input in the Terraform configuration within a GCP environment.: TenantId
Note: The value above is dynamically provided when these instructions are presented within Microsoft Sentinel.
2. Connect new collectors
To enable GCP SCC for Microsoft Sentinel, click the Add new collector button, fill the required information in the context pane and click on Connect. GCP Collector Management
📊 View GCP Collectors: A management interface displays your configured Google Cloud Platform data collectors.
➕ Add New Collector: Click "Add new collector" to configure a new GCP data connection.
💡 Portal-Only Feature: This configuration interface is only available in the Microsoft Sentinel portal.
GCP Connection Configuration
When you click "Add new collector" in the portal, you'll be prompted to provide: - Project ID: Your Google Cloud Platform project ID - Service Account: GCP service account credentials with appropriate permissions - Subscription: The Pub/Sub subscription to monitor for log data
💡 Portal-Only Feature: This configuration form is only available in the Microsoft Sentinel portal.
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊