Google Cloud Platform Security Command Center
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
| Attribute | Value |
|---|---|
| Publisher | Microsoft Corporation |
| Support Tier | Microsoft |
| Support Link | https://support.microsoft.com |
| Categories | domains |
| Version | 3.0.7 |
| Author | Microsoft - support@microsoft.com |
| First Published | 2023-09-11 |
| Solution Folder | Google Cloud Platform Security Command Center |
| Marketplace | Azure Marketplace · Popularity: 🟡 Low (47%) |
The Google Cloud Platform (GCP) Security Command Center is a comprehensive security and risk management platform for Google Cloud, ingested from Sentinel's connector. It offers features such as asset inventory and discovery, vulnerability and threat detection, and risk mitigation and remediation to help you gain insight into your organization's security and data attack surface. This integration enables you to perform tasks related to findings and assets more effectively.
Additional Information
📖 Setup Guide: Google Cloud Platform connectors - Connect GCP logs to Microsoft Sentinel
Contents
Data Connectors
This solution provides 1 data connector(s):
Tables Used
This solution uses 1 table(s):
| Table | Used By Connectors | Used By Content |
|---|---|---|
GoogleCloudSCC |
Google Security Command Center | Analytics, Hunting |
Content Items
This solution includes 10 content item(s):
| Content Type | Count |
|---|---|
| Analytic Rules | 5 |
| Hunting Queries | 5 |
Analytic Rules
| Name | Severity | Tactics | Tables Used |
|---|---|---|---|
| GCP Security Command Center - Detect DNSSEC disabled for DNS zones | Medium | Collection, CommandAndControl, DefenseEvasion | GoogleCloudSCC |
| GCP Security Command Center - Detect Firewall rules allowing unrestricted high-risk ports | High | InitialAccess, LateralMovement, Discovery | GoogleCloudSCC |
| GCP Security Command Center - Detect Open/Unrestricted API Keys | Medium | InitialAccess, CredentialAccess | GoogleCloudSCC |
| GCP Security Command Center - Detect Resources with Logging Disabled | Medium | DefenseEvasion | GoogleCloudSCC |
| GCP Security Command Center - Detect projects with API Keys present | Medium | CredentialAccess | GoogleCloudSCC |
Hunting Queries
| Name | Tactics | Tables Used |
|---|---|---|
| Identify Compute VMs with Secure Boot Disabled | ResourceDevelopment, DefenseEvasion | GoogleCloudSCC |
| Identify GCP Instances with Full API Access | PrivilegeEscalation | GoogleCloudSCC |
| Identify GCP Service Account with Overly Permissive Roles | PrivilegeEscalation, Persistence | GoogleCloudSCC |
| Identify GCP User-Managed Service Account Keys | CredentialAccess | GoogleCloudSCC |
| Identify Public GCP Storage Buckets | Exfiltration, Discovery | GoogleCloudSCC |
Release Notes
| Version | Date Modified (DD-MM-YYYY) | Change History |
|---|---|---|
| 3.0.7 | 11-11-2025 | Add New Analytic Rules and Hunting Queries |
| 3.0.6 | 12-11-2024 | Modified datatype query for Data Connector |
| 3.0.5 | 16-05-2024 | Modification in ** Data Connector ** |
| 3.0.4 | 28-02-2024 | Initial solution release |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊