Skip to main content
All CollectionsConnectorsCloud
Google Security Command Center Connector
Google Security Command Center Connector

Learn all about integrating Google Security Command Center into the Vulcan Platform

Updated over a week ago

Overview

About Google Security Command Center

Google Security Command Center helps you strengthen your security posture by evaluating your security and data attack surface; providing asset inventory and discovery; identifying misconfigurations, vulnerabilities, and threats; and helping you mitigate and remediate risks

Why integrate Google Security Command Center into the Vulcan platform?

The Google Security Command Center Connector by Vulcan integrates with the Google Security Command Center platform to pull and ingest assets type hosts, images, and cloud resources, as well as vulnerability data into your Vulcan Platform. Once the integration is complete, the Vulcan Platform scans the report's findings to correlate, consolidate, and contextualize the ingested data to impact risk and remediation priority.

Google Security Command Center Connector Details

Supported products

Category

Cloud

Ingested asset type(s)

Hosts

Images

Cloud Resources

Integration type

UNI directional (data is transferred from the Connector to the Vulcan Platform in one direction)

Supported version and type

SaaS (latest)


Connector Setup

Prerequisites and user permissions

Before you begin configuring the Connector, make sure you have the following:

  1. Google Security Command Center API User with the following permissions:

    • Security Center Assets Viewer

    • Security Center Findings Viewer

Generating JSON Keyfile

  1. In the Google Cloud console, go to Menu menu > IAM & Admin > Service Accounts.

  2. Click Create service account.

  3. Fill in the service account details, then click Create and continue.

  4. Assign the following roles to the service account:

    1. Security Center Assets Viewer

    2. Security Center Findings Viewer

  5. Click Continue.

  6. Click Done.

  7. Select your service account.

  8. Click Keys > Add key > Create new key.

  9. Select JSON, then click Create.

  10. The new public/private key pair is generated and downloaded to your machine as a new file. Make sure to save it in JSON format.

  11. Click Close.

Configuring the Google Security Command Center Connector

  1. Log in to your Vulcan Cyber dashboard and go to Connectors.

  2. Click on Add a Connector.

  3. Click on the Google Security Command Center icon.

  4. Set up the Connector as follows:

    • For JSON Keyfile, browse to upload the JSON key file you generated earlier.

    • For Projects, click Load Projects and select the relevant projects to sync the connector with.

    • (Optional )Check the "Fetch misconfiguration findings" checkbox to retrieve misconfiguration findings from the Google Security Command Center into the Vulcan Platform.
      Example:

  5. Click the Test Connectivity button to verify that Vulcan Cyber can connect to your Google Security Command Center instance, then click Create (or Save Changes).

  6. Inactive Assets: You can configure a Vulcan rule to consider inactive assets, and Vulcan will remove assets that do not appear in scans within the configured time range.

  7. Allow some time for the sync to complete. Then, you can review the sync status under Log on the Connector's setup page.

  8. To confirm the sync is complete, navigate to the Connectors page. Once the Google Security Command Center icon shows Connected, the sync is complete.


Google Security Command Center in the Vulcan Platform

Viewing Google Security Command Center vulnerabilities in the Vulcan Platform

To view vulnerabilities by Connector/Source:

  1. Go to the Vulnerabilities page.

  2. Use the Search or Filter input box to select the Vulnerability Source or Connector filter.

  3. Select Google Security Command Center from the vulnerability source/Connector list to filter results.

  4. Click on any vulnerability for more vulnerability details.

Viewing Google Security Command Center assets in the Vulcan Platform

To view assets by Connector/Source:

  1. Go to the Assets page.

  2. Click on the relevant asset type tab.

  3. Use the Search or filter input box to select Connector from the drop-down selection.

  4. Select Google Security Command Center from the Asset source/Connector list to filter results and view all synced assets.
    See the complete list of available asset filters per asset type

Taking Action on vulnerabilities and assets detected by Google Security Command Center

To take remediation action on vulnerabilities and assets detected by Google Security Command Center:

  1. Go to Vulnerabilities / Assets Page.

  2. Click on the Search and Filter input box and select Connector from the drop-down selection.

  3. Locate the Google Security Command (GCC) option to view all synced vulnerabilities/assets.

  4. Select the relevant Vulnerability/Asset.

Automating remediation actions on vulnerabilities detected by Google Security Command Center

Large environments quickly become unmanageable if constant manual attention and effort are necessary to remediate vulnerabilities. You can take advantage of the automation capabilities of Vulcan Cyber and the Google Security Command Center Connector.


From Google Security Command Center to the Vulcan Platform - Data Mapping

The Vulcan Platform integrates with Google Security Command Center through API to pull relevant vulnerabilities and assets data and map it into the Vulcan Platform pages and fields.

Host fields mapping

Google Security Command Center field

Vulcan field

asset.securityCenterProperties.resourceName

Asset uniqueness criteria

resourceDisplayName OR last section of resourceName (delimited by /)

Asset Name

resourceName

Asset Details

Host

Asset Type

networkInterfaces

Asset IP

createTime

Asset Created date

lifecycleState

Asset Status

resourceProjectDisplayName, labels, tags, resourceOwners, zone, resourceFolderDisplayName

Asset Tags - Vendor’s tags

vulnerability.cve.id (vulnerabilities) OR parentDisplayName + description (misconfigurations)

Vulnerability uniqueness criteria

vulnerability.cve.id (vulnerabilities) OR parentDisplayName (misconfiguration)

Vulnerability Title

description

Vulnerability Description

finding_class

parentDisplayName

category

Vulnerability Details

vulnerability.cve.cvssv3.baseScore

Fallback: severity (using the logic described in the Vulnerability Score Mapping section)

Vulnerability CVSS

finding.vulnerability.cve.id

Vulnerability CVE/S

asset id + name + vulnerability id

Asset-Vulnerability connection uniqueness criteria

createTime

Asset-Vulnerability connection First seen

eventTime

Asset-Vulnerability connection Last seen

vulnerability.cve.cvssv3.baseScore,

Fallback: severity (using the logic described in the Vulnerability Score Mapping section)

Asset-Vulnerability connection Score

state and mute (using the logic described in the Vulnerability Status Mapping section)

Asset-Vulnerability connection Status

finding_canonical_name

finding_external_uri

finding_securitymarks_name

finding_severity

finding_compliances

Asset-Vulnerability connection Info tooltip (from Assets screen)

Explanation + ExceptionInstructions

Solution uniqueness criteria

Fix from Google Security Command Center

Solution Title

Explanation + ExceptionInstructions

Solution Description

Image fields mapping

Google Security Command Center field

Vulcan field

asset.securityCenterProperties.resourceName

Asset uniqueness criteria

resourceDisplayName OR last section of resourceName (delimited by /)

Asset Name

resourceName

Asset Details

Image

Asset Type

Images (for ‘google.compute.Image') OR Registry (for 'google.containerregistry.Image’)

Asset Repository

lifecycleState

Asset Status

resourceDisplayName, resourceProjectDisplayName, labels, resourceOwners, resourceFolderDisplayName

Asset Tags - Vendor’s tags

asset.securityCenterProperties.resourceName

Asset Tags - Additional

vulnerability.cve.id (vulnerabilities) OR parentDisplayName + description (misconfigurations)

Vulnerability uniqueness criteria

vulnerability.cve.id (vulnerabilities) OR parentDisplayName (misconfigurations

Vulnerability Title

description

Vulnerability Description

finding_class

parentDisplayName

category

Vulnerability Details

vulnerability.cve.cvssv3.baseScore

Fallback: Severity (using the logic described in the Vulnerability Score Mapping section)

Vulnerability CVSS

finding.vulnerability.cve.id

Vulnerability CVE/S

asset id + name + vulnerability id

Asset-Vulnerability connection uniqueness criteria

createTime

Asset-Vulnerability connection First seen

eventTime

Asset-Vulnerability connection Last seen

vulnerability.cve.cvssv3.baseScore

Fallback: Severity (using the logic described in the Vulnerability Score Mapping section)

Asset-Vulnerability connection Score

state and mute (using the logic described in the Vulnerability Status Mapping section)

Asset-Vulnerability connection Status

finding_canonical_name

finding_external_uri

finding_securitymarks_name

finding_severity

finding_compliances

Asset-Vulnerability connection Info tooltip (from Assets screen)

Explanation + ExceptionInstructions

Solution uniqueness criteria

Fix from Google Security Command Center

Solution Title

Explanation + ExceptionInstructions

Solution Description

Cloud Resource fields mapping

Google Security Command Center field

Vulcan field

asset.securityCenterProperties.resourceName

Asset uniqueness criteria

resourceDisplayName OR last section of resourceName (delimited by /)

Asset Name

resourceName

Asset ID

Google

Asset Cloud (provider)

resourceName

Asset Details

Cloud resource

Asset Type

createTime

Asset Created date

lifecycleState

Asset Status

resourceProjectDisplayName, resourceOwners, resourceFolderDisplayName

Asset Tags - Vendor’s tags

vulnerability.cve.id (vulnerabilities) OR parentDisplayName + description (misconfigurations)

Vulnerability uniqueness criteria

vulnerability.cve.id (vulnerabilities) OR parentDisplayName (misconfigurations

Vulnerability Title

description

Vulnerability Description

finding_class

parentDisplayName

category

Vulnerability Details

vulnerability.cve.cvssv3.baseScore

Fallback: Severity (using the logic described in the Vulnerability Score Mapping section)

Vulnerability CVSS

finding.vulnerability.cve.id

Vulnerability CVE/S

asset id + name + vulnerability id

Asset-Vulnerability connection uniqueness criteria

createTime

Asset-Vulnerability connection First seen

eventTime

Asset-Vulnerability connection Last seen

vulnerability.cve.cvssv3.baseScore

Fallback: Severity (using the logic described in the Vulnerability Score Mapping section)

Asset-Vulnerability connection Score

state and mute (using the logic described in the Vulnerability Status Mapping section)

Asset-Vulnerability connection Status

finding_canonical_name

finding_external_uri

finding_securitymarks_name

finding_severity

finding_compliances

Asset-Vulnerability connection Info tool tip (from Assets screen)

Explanation + ExceptionInstructions

Solution uniqueness criteria

Fix from Google Security Command Center

Solution Fix Title

Explanation + ExceptionInstructions

Solution Description

Vulnerability status mapping

Google Security Command Center Status

Vulcan Status

state in [ACTIVE, STATE_UNSPECIFIED] AND mute != MUTED

Vulnerable

state == INACTIVE

Fixed

mute == MUTED AND state != INACTIVE

Ignored risk acknowledged

Vulnerability score mapping

Google Security Command Center score

Vulcan score

Critical

10

High

7

Medium

5

Low

3

SEVERITY_UNSPECIFIED

0

Status Update Mechanisms

Every day, the Vulcan Platform syncs with the vendor's platform to receive updates on existing vulnerabilities and assets and to retrieve new ones (if any added).

The table below lists how the status update mechanism works in the Google Security Command Center connector for the vulnerabilities and assets in the Vulcan Platform.

Update type in Vulcan

Mechanism (When?)

The asset is archived

- Asset not found on the connector's last sync

- Asset not seen for X days according to "Last Seen".

- Asset status on the connector's side indicates irrelevancy.

The vulnerability instance status changes to "Fixed"

- If the vulnerability no longer appears in the scan findings.

- Vulnerability status on the connector's side indicates irrelevancy (e.g., "INACTIVE").

Note: Asset or vulnerability updates on the vendor side are reflected on the Vulcan Platform only on the next scheduled connector sync (the next day).

API Endpoints in Use

API version: 1.0

Revision: 20230515

API

Use in Vulcan

Permissions required

User choice of which projects to retrieve data from

Security Center Assets Viewer

Assets

Security Center Assets Viewer

Vulnerabilities and asset-vulnerability connections

Security Center Findings Viewer

Did this answer your question?