Google Cloud Security Command Center is a security management and data risk platform for GCP, designed to help security teams prevent, detect, and respond to threats in one location. It provides visibility for assets running in Google Cloud, as well as finding risky misconfigurations, so enterprises can reduce their exposure to threats.
To enable MVISION Cloud for Google Cloud Security Command Center, contact MVISION Cloud Support.
You must add an Organization to GCP.
Integrate MVISION Cloud with Security Command Center
To integrate MVISION Cloud with Google Cloud Security Command Center, perform the following steps:
- In GCP, go to IAM > Service Accounts.
- Create a new Service Account.
- Select a role.
- Grant users access to this service account.
- Create a key. (You must create a key in order to integrate with MVISION Cloud.)
- Select JSON.
- Download the JSON Key. Send the JSON Key and the Service Account to MVISION Cloud Support.
- In GCP, go to Security > Security Command Center, select the Organization, and click Add Security Sources. (You must have an Organization already added to GCP to continue further.)
- Search for McAfee MVISION Cloud SCC.
- Sign up for the MVISION Cloud SCC.
- Select the Organization.
- Click Change.
- Select the project.
- Click Use an existing service account, select the service account created previously, and click Submit.
- Check Settings to make sure the Security Sources are enabled.
- Share the MVISION Cloud tenant ID, environment, source ID, (from the screen above) and JSON file (with key) for the service account with MVISION Cloud Support.
- Navigate to the IAM page and add roles as shown for the respective user.
- Go to https://console.developers.google.com/apis/api/securitycenter.googleapis.com/overview and enable Cloud Security Command Center.
- Log in to MVISION Cloud, go to Policy > On-Demand Scan, and run the Security Configuration Audit Scan For GCP.
- In GCP, go to GCP > Security Command Center > FINDINGS > Source Type to see the Policy Incidents.