Skip to main content
Skyhigh Security

Integrate Skyhigh CASB with Google Cloud Security Command Center

Google Cloud Security Command Center is a security management and data risk platform for GCP, designed to help security teams prevent, detect, and respond to threats in one location. It provides visibility for assets running in Google Cloud, as well as finding risky misconfigurations, so enterprises can reduce their exposure to threats.

To enable Skyhigh CASB  for Google Cloud Security Command Center, contact Skyhigh CASB Support

Prerequisites

You must add an Organization to GCP. 

Integrate Skyhigh CASB with Security Command Center

To integrate Skyhigh CASB with Google Cloud Security Command Center, perform the following steps:

  1. In GCP, go to IAM > Service Accounts. 
    gcp_1.png
  2. Create a new Service Account. 
    gcp_2.png
  3. Select a role. 
    gcp_3.png
  4. Grant users access to this service account. 
  5. Create a key. (You must create a key in order to integrate with Skyhigh CASB.)
    gcp_4.png
  6. Select JSON.
    gcp_5.png
  7. Download the JSON Key. Send the JSON Key and the Service Account to Skyhigh CASB Support.
  8. In GCP, go to Security > Security Command Center, select the Organization, and click Add Security Sources. (You must have an Organization already added to GCP to continue further.)
    gcp_6.png
  9. Search for Skyhigh Security Skyhigh CASB SCC
    gcp_7.png
  10. Sign up for the Skyhigh CASB SCC.
    gcp_8.png
  11. Select the Organization. 
    gcp_9.png
  12. Click Change. 
    gcp_10.png
  13. Select the project. 
    gcp_11.png
  14. Click Use an existing service account, select the service account created previously, and click Submit.
    gcp_12.png
  15. Check Settings to make sure the Security Sources are enabled. 
    gcp_13.png
    gcp_13_2.png

Note : To fetch the source ID , use following command : 

gcloud scc sources describe <Organization ID> --source-display-name="McAfee MVISION Cloud SCC"

Output :  canonicalName: organizations/<Organization ID>/sources/<Source ID>

  1. Share the Skyhigh CASB tenant ID, environment, source ID, (from the screen above) and JSON file (with key) for the service account with Skyhigh CASB Support.
  2. Navigate to the IAM page and add roles as shown for the respective user.
    gcp_14.png
  3. Go to https://console.developers.google.com/apis/api/securitycenter.googleapis.com/overview and enable Cloud Security Command Center.
    gcp_15.png
  4. Log in to Skyhigh CASB, go to Policy > On-Demand Scan, and run the Security Configuration Audit Scan For GCP.
    gcp_16.png
  5. In GCP, go to GCP > Security Command Center > FINDINGS > Source Type to see the Policy Incidents.
    gcp_17.png

 

  • Was this article helpful?