diff --git a/solutions/security/cloud/integrations/google-security-command-center.md b/solutions/security/cloud/integrations/google-security-command-center.md new file mode 100644 index 0000000000..d570a92ede --- /dev/null +++ b/solutions/security/cloud/integrations/google-security-command-center.md @@ -0,0 +1,23 @@ +--- +applies_to: + stack: ga 9.2 + serverless: + security: all +products: + - id: security + - id: cloud-serverless +--- + +# Google Security Command Center + +This page explains how to make data from the Google Security Command Center integration appear in the following workflows within {{elastic-sec}}: + +- **Findings page**: Data appears on the [Findings page's](/solutions/security/cloud/findings-page.md) **Vulnerabilities** tab and **Misconfigurations** tab. +- **Alert and Entity details flyouts**: Data appears in the **Insights** section of the [Alert](/solutions/security/detect-and-alert/view-detection-alert-details.md#insights-section) and [Entity](/solutions/security/advanced-entity-analytics/view-entity-details.md#insights) details flyouts. + + +In order for Google Security Command Center data to appear in these workflows: + +* Follow the steps to [set up the Google Security Command Center integration](https://www.elastic.co/docs/reference/integrations/google_scc). +* Make sure the integration version is at least 2.0.0. +* Ensure you have `read` privileges for the following indices: `security_solution-*.misconfiguration_latest`, `security_solution-*.vulnerability_latest`. \ No newline at end of file diff --git a/solutions/toc.yml b/solutions/toc.yml index 325671d671..dbd11cb1ab 100644 --- a/solutions/toc.yml +++ b/solutions/toc.yml @@ -682,6 +682,8 @@ toc: - file: security/cloud/integration-tenablevm.md - file: security/cloud/integration-rapid7.md - file: security/cloud/integrations/aws-config-integration.md + - file: security/cloud/integrations/google-security-command-center.md + - file: security/investigate.md children: - file: security/investigate/timeline.md