Mitigate Threats and Vulnerabilities
with Security Command Center | Task
2. Configure SCC settings at the
project level | Expert curated
questions and answers |Guaranteed
success
GSP1124
Comprehensive Task Guide: Configuring SCC Settings at the Project
Level
Objective
This guide provides a step-by-step walkthrough for Task 2: Configure
SCC Settings at the Project Level, covering:
✔ Accessing SCC Settings
✔ Understanding SCC Services (Sources)
✔ Enabling/Disabling Security Health Analytics (SHA) Modules
✔ Practical Implications of Configurations
Step 1: Access SCC Settings
1. Navigate to SCC:
o Open Google Cloud Console > Security > Security
Command Center.
, o Ensure you are on the Risk Overview dashboard.
2. Open Settings:
o Click Settings (⚙️
) in the top-right corner.
o Select the Services tab (default view).
Step 2: Understand SCC Services (Sources)
SCC services (also called sources) are modules that detect threats and
vulnerabilities.
Edition
Service Function
Required
Security Health Detects misconfigurations (e.g., Standard &
Analytics (SHA) open firewalls, weak IAM). Premium
Web Security Scans web apps for OWASP Top
Premium
Scanner (WSS) 10 vulnerabilities.
Container Threat
Monitors GKE for runtime attacks. Premium
Detection (CTD)
Event Threat Analyzes Cloud/Audit logs for
Premium
Detection (ETD) threats.
VM Threat Scans VM memory for malware
Premium
Detection (e.g., cryptominers).
Note: This lab uses SCC Premium, so all services are available.
Step 3: Configure Security Health Analytics (SHA)
A. Access SHA Settings
1. Click Manage settings under Security Health Analytics.
2. Navigate to the Modules tab.
B. Enable a Specific Module
, Scenario: Enable detection for missing VPC Flow Logs.
1. Filter Modules:
o In the search bar, type:
Copy
VPC_FLOW_LOGS_SETTINGS_NOT_RECOMMENDED
o Press Enter.
2. Enable the Module:
o From the Status dropdown, select Enable.
What This Does:
o SHA will now flag subnets where enableFlowLogs=false or is
missing.
o Findings appear under Vulnerabilities > Networking.
3. Apply Changes:
o Click Save (changes take effect within 15-30 mins).
Step 4: Validate Configuration
1. Check for New Findings:
o Return to Risk Overview.
o Navigate to Vulnerabilities > Findings by category.
o Look
for VPC_FLOW_LOGS_SETTINGS_NOT_RECOMMENDED under Net
working.
2. Remediate Findings (Optional):
o If flagged, enable Flow Logs:
bash
Copy
gcloud compute networks subnets update SUBNET_NAME \
--region=REGION --enable-flow-logs
with Security Command Center | Task
2. Configure SCC settings at the
project level | Expert curated
questions and answers |Guaranteed
success
GSP1124
Comprehensive Task Guide: Configuring SCC Settings at the Project
Level
Objective
This guide provides a step-by-step walkthrough for Task 2: Configure
SCC Settings at the Project Level, covering:
✔ Accessing SCC Settings
✔ Understanding SCC Services (Sources)
✔ Enabling/Disabling Security Health Analytics (SHA) Modules
✔ Practical Implications of Configurations
Step 1: Access SCC Settings
1. Navigate to SCC:
o Open Google Cloud Console > Security > Security
Command Center.
, o Ensure you are on the Risk Overview dashboard.
2. Open Settings:
o Click Settings (⚙️
) in the top-right corner.
o Select the Services tab (default view).
Step 2: Understand SCC Services (Sources)
SCC services (also called sources) are modules that detect threats and
vulnerabilities.
Edition
Service Function
Required
Security Health Detects misconfigurations (e.g., Standard &
Analytics (SHA) open firewalls, weak IAM). Premium
Web Security Scans web apps for OWASP Top
Premium
Scanner (WSS) 10 vulnerabilities.
Container Threat
Monitors GKE for runtime attacks. Premium
Detection (CTD)
Event Threat Analyzes Cloud/Audit logs for
Premium
Detection (ETD) threats.
VM Threat Scans VM memory for malware
Premium
Detection (e.g., cryptominers).
Note: This lab uses SCC Premium, so all services are available.
Step 3: Configure Security Health Analytics (SHA)
A. Access SHA Settings
1. Click Manage settings under Security Health Analytics.
2. Navigate to the Modules tab.
B. Enable a Specific Module
, Scenario: Enable detection for missing VPC Flow Logs.
1. Filter Modules:
o In the search bar, type:
Copy
VPC_FLOW_LOGS_SETTINGS_NOT_RECOMMENDED
o Press Enter.
2. Enable the Module:
o From the Status dropdown, select Enable.
What This Does:
o SHA will now flag subnets where enableFlowLogs=false or is
missing.
o Findings appear under Vulnerabilities > Networking.
3. Apply Changes:
o Click Save (changes take effect within 15-30 mins).
Step 4: Validate Configuration
1. Check for New Findings:
o Return to Risk Overview.
o Navigate to Vulnerabilities > Findings by category.
o Look
for VPC_FLOW_LOGS_SETTINGS_NOT_RECOMMENDED under Net
working.
2. Remediate Findings (Optional):
o If flagged, enable Flow Logs:
bash
Copy
gcloud compute networks subnets update SUBNET_NAME \
--region=REGION --enable-flow-logs
