Coder Social home page Coder Social logo

jasonbisson / google_cloud_scc_settings Goto Github PK

View Code? Open in Web Editor NEW
1.0 1.0 0.0 6 KB

To address this Mitre technique of impairing defenses, I've created a tactical script that enables the four core services at the organization, folder, and projects levels.

Shell 100.00%

google_cloud_scc_settings's Introduction

Enable Secure Command Center Settings

Purpose

While Security Command Center provides a wonderful set of curated findings, the question eventually comes up about making sure Security Command Center services stay enabled to keep the findings flowing to your favorite SEIM. To address this Mitre technique of impairing defenses, I've created a tactical script that enables the four core services at the organization, folder, and projects levels. The script is intentionally modular and straightforward to pick which services or layers your team wants to enable. Hopefully, the settings API will transition to a terraform resource in the future, but for now, this should help address the gap.

Prerequisites

Install gcloud

Download the latest gcloud SDK https://cloud.google.com/sdk/docs/

Require security command center permissions

cloudasset.assets.searchAllResources

securitycenter.containerthreatdetectionsettings.calculate
securitycenter.containerthreatdetectionsettings.update

securitycenter.eventthreatdetectionsettings.calculate
securitycenter.eventthreatdetectionsettings.update

securitycenter.securityhealthanalyticssettings.calculate
securitycenter.securityhealthanalyticssettings.update

securitycenter.websecurityscannersettings.calculate
securitycenter.websecurityscannersettings.update

Update SCC write settings api quota

How to update Security Command Center quotas

Set required organization name variable

#List organizations the identity has access to. 
$ gcloud organizations list --format=[no-heading] |  awk '{print $1}'

#Set variable the organization name
$ export org_name="example.com"

Update default variable to remove services

By default the script will enable all four scc services, which might not be desired especially for container threat detection. If desired the variable can be updated in the script.

export services=("container-threat-detection" "event-threat-detection" "security-health-analytics" "web-security-scanner")

Implementation

Run script to enable all services at the organization,folder,and projects layers

$ ./enable_scc_services.sh

Analyze the details of the modules of the services at the organization,folder,and projects layers

$ ./describe_scc_services_status.sh

Detective logging alerts

protoPayload.authorizationInfo.permission="securitycenter.securityhealthanalyticssettings.update" AND protoPayload.request.securityHealthAnalyticsSettings.serviceEnablementState="DISABLED"

protoPayload.authorizationInfo.permission="securitycenter.websecurityscannersettings.update" AND protoPayload.request.websecurityscannersettings.serviceEnablementState="DISABLED"

protoPayload.authorizationInfo.permission="securitycenter.eventthreatdetectionsettings.update" AND protoPayload.request.eventthreatdetectionsettings.serviceEnablementState="DISABLED"

protoPayload.authorizationInfo.permission="securitycenter.containerthreatdetectionsettings.update" AND protoPayload.request.containerthreatdetectionsettings.serviceEnablementState="DISABLED"

External Documentation

Security Health Analytics detectors disabled by default

How to configure Security Command Center

google_cloud_scc_settings's People

Stargazers

Gomez avatar

Watchers

Jason Bisson avatar

google_cloud_scc_settings's Issues

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.