Support Center > Search Results > SecureKnowledge Details
How to configure CloudGuard as a source for the Google Cloud Security Command Center (CSCC) Technical Level
Solution

You can configure CloudGuard to send compliance notifications to the Google Cloud Security Command Center (CSCC). With this configuration, you can view compliance issues for your Google cloud accounts (that have been onboarded to CloudGuard) on the CSCC.

To configure this, you must first onboard your Google cloud projects to CloudGuard. Follow these steps. Then, you must set up a Continuous Compliance policy to assess the Google project, and include a Notification policy for it that sends findings to the CSCC. You must also configure your Google project to accept findings from CloudGuard. This is described below.

Configure GCP

In your GCP account the following will be configured:

  • Set up a Service Account for CloudGuard (if not already set up)
  • Select CloudGuard from the GCP Marketplace
  • Create an integration that connects the GCP Service Account to a project (onboarded to CloudGuard)

Procedure

  1. In the GCP Dashboard, navigate to Security, and select Security Command Center.

  2. Open the menu in the toolbar

  3. Select the organization (with the icon )



  4. In the Security Command Center page, click ADD SECURITY SOURCES.

  5. Select the CloudGuard Integration for Cloud SCC



  6. Click Visit Check Point Software Technologies site to sign up



  7. Select the organization, and then click SELECT.


  8. Select the GCP Service Account connected to the GCP project that is onboarded to CloudGuard.

  9. Create an integration

  10. Copy the Source ID value (this will be needed in the configuration on CloudGuard, below).

Configure CloudGuard

In CloudGuard, perform:

  • Create a Notification Policy that sends findings to GCP SCC
  • Attach the policy to Continuous Compliance bundles (running on Google projects).

Procedure

  1. Navigate to the Notifications page in the Compliance & Governance menu.

  2. Click ADD NOTIFICATION.

  3. Enter a name & description for the policy (for example, GCP-SCC)

  4. In the Security Management System section, select Send findings to GCP Security Command Center


  5. Select the project that is associated with the GCP Service Account (above) from the list.

  6. Enter the Source ID from above.

  7. Click TEST to test the connection (the connection will be established only if the test is successful).

  8. Click SAVE.

  9. Select the Policies page in the Compliance & Governance menu.

  10. Click ADD POLICY.


  11. Select GCP for platform, and then click NEXT.

  12. Select the GCP project from which findings will be sent to GCP SCC, and then NEXT.

  13. Select the Ruleset to be applied to the project, and then NEXT.

  14. Select the Notification policy created above.

  15. Click SAVE. Repeat steps 10-14 for additional projects (they can all use the same Notification Policy).

Once this has been configured, CloudGuard will send an event to the SNS for every alert found in the compliance assessment of the selected GCP projects. These events will then be forwarded to the GCP SCC, and appear there. The alert will be sent only the first time it is detected, and not on subsequent assessments.

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment