Configure CloudGuard Dome9 as a source for the Google Cloud Security Command Center (CSCC)
You can configure CloudGuard Dome9 to send compliance notifications to the Google Cloud Security Command Center (CSCC). With this configuration, you can view compliance issues for your Google cloud accounts (that have been onboarded to Dome9) on the CSCC.
To configure this, you must first onboard your Google cloud projects to Dome9. Follow these steps. Then, you must set up a Continuous Compliance policy to assess the Google project, and include a Notification policy for it that sends findings to the CSCC. You must also configure your Google project to accept findings from Dome9. This is described below.
In your GCP acccount the following will be configured:
- Set up a Service Account for Dome9 (if not already set up)
- Select CloudGuard Dome9 from the GCP Marketplace
- Create an integration that connects the GCP Service Account to a project (onboarded to Dome9)
- In the GCP Dashboard, navigate to Security, and select Security Command Center.
- Open the menu in the toolbar
- Select the organization (with the icon )
- In the Security Command Center page, click ADD SECURITY SOURCES.
- Select the CloudGuard Dome9 Integration for Cloud SCC
- Click Visit Check Point Software Technologies site to sign up
- Select the organization, and then click SELECT.
- Select the GCP Service Account connected to the GCP project that is onboarded to Dome9
- Create an integration
- Copy the Source ID value (this will be needed in the configuration on Dome9, below).
On Dome, you will do the following:
- Create a Notification Policy that sends findings to GCP SCC
- Attach the policy to Continuous Compliance bundles (running on Google projects).
- Navigate to the Notifications page in the Compliance & Governance menu.
- Click ADD NOTIFICATION.
- Enter a name & description for the pollcy (for example, GCP-SCC)
- In the Security Management System section, select Send findings to GCP Security Command Center
- Select the project that is associated with the GCP Service Account (above) from the list.
- Enter the Source ID from above.
- Click TEST to test the connection (the connection will be established only if the test is successful).
- Click SAVE.
- Select the Policies page in the Compliance & Governance menu.
- Click ADD POLICY.
- Select GCP for platform, and then click NEXT.
- Select the GCP project from which findings will be sent to GCP SCC, and then NEXT.
- Select the Ruleset to be applied to the project, and then NEXT.
- Select the Notification policy created above.
- Click SAVE. Repeat steps 10-14 for additional projects (they can all use the same Notification Policy).
Once this has been configured, Dome9 will send an event to the SNS for every alert found in the compliance assessment of the selected GCP projects. These events will then be forwarded to the GCP SCC, and appear there. The alert will be sent only the first time it is detected, and not on subsequent assessments.