Skip to main content

Pre-requisites

User Organization must define Owner or Security Admin role (roles/owner or roles/securitycenter.admin) in your GCP organization.
User must have Organization Admin permissions to enable services at the organization level.

Enable Security Command Center

Enabling Security Command Center will actively monitor your GCP environment for threats and vulnerabilities.
1

Access GCC

  1. Log in to your Google Cloud Console.
  2. Click on the left navigation menu (hamburger icon).
  3. Select the “Security” tab.
    \     images/GCPSCC2.png
  4. To select the organization where you want to enable SCC, click on Select a project > ALL.
    Organization is displayed at the top-level and all the projects are indented
  5. Copy the organization ID displayed next to the organization’s Name.\ images/GCPSCC7.png
2

Enable Security Command Center API

  1. In the Navigation menu, go to APIs & ServicesLibrary.
  2. Search for Security Command Center API.
  3. Click Enable.
3

Select Service Tier

  1. Select your organization, and enter keyword “Security” in the search bar.
  2. Select the Security Command Center.\ images/GCPSCC3.png
  3. Click on “GET THE SECURITY COMMAND CENTER”.
  4. Select Service Tier, preferably Premium (Paid) for your organization.

    SCC Editions: Standard vs. Premium
    FeatureStandard (Free)Premium (Paid)
    Security Health Analytics✅ Basic✅ Advanced
    Event Threat Detection❌ No✅ Yes
    Container & VM Threat Detection❌ No✅ Yes
    Continuous Compliance Monitoring❌ No✅ Yes
    Automated Security Insights❌ No✅ Yes
  5. Click Next.
  6. On the next page, review the detection you want to enable.
    AirMDR recommends selecting all.
4

Configure Security Sources

  1. Set Up Built-in Security Services
    • SCC integrates with:
      • Security Health Analytics
      • Event Threat Detection
      • VM Threat Detection
      • Container Threat Detection
    • Configure these services based on your security requirements.
      Event Threat Detection is mandatory.
  2. Enable Third-Party Integrations (Optional)
    • Navigate to Integrations and configure security tools like SIEM, Threat Intelligence, etc.
  3. Click Next.
  4. On the next page, click Grant roles automatically to complete the setup.
You can view your findings in the findings tab on the left side.

Create a Service Account

1

Open Google Cloud Console

  1. Go to Google Cloud Console.
  2. Select your project. For example: AirMDR
    Project (Service account) is mandatory to enable API.
  3. Create a project, if there is no existing
    • Go to Google Cloud Console with the same credentials used to log in.
    • Click Select a projectNew Project.
    • Enter:
      • Project Name (e.g., AirMDR)
      • Organization (if applicable).
    • Click Create.
2

Create a Service Account

  1. Go to Google Cloud Console.
  2. Select AirMDR project.
  3. Open APIs & Services → Go to Credentials→ Create Credentials → Click Service Accounts.
  4. Click Create Service Account.
  5. Enter the required information:
    • Service Account Name: (e.g., airmdr-agent)
    • Service Account ID : (e.g., airmdr-agent)
    • Click Create and Continue.
  6. Generate a Key File
    • In the Service Accounts list, click on the created service account
    • Go to KeysAdd KeyCreate new key
    • Choose JSON, then Create
    • A .json key file will be downloaded.
      Make sure to copy and save the JSON Key file securely
  7. Assign IAM Roles
    By default, the Owner role will be applied to this service account based on inheritance from the project
    • Add roles as required for Security Command Center:
      • Security Admin (roles/securitycenter.admin) → Allows managing SCC.
      • Viewer (roles/viewer) → Grants read access.
      • Security Analyst (roles/securitycenter.analyst) → (Optional) For security monitoring.
      • Pub/Sub Publisher (roles/pubsub.publisher) → (Optional) For security alerts.
    • Click ContinueDone.
      When finished, you should have a service account named airmdr-agent, credentials for this service account in a JSON file saved to your host.
3

Enable Security Command Center API

  1. Go to Google Cloud Console.
  2. Select AirMDR project, go to APIs & ServicesEnabled APIs & Services.
  3. Search for Security Command Center API from the Library page.
  4. Click Enable.
4

Assign the Required IAM Role

The Security Command Center Viewer role (roles/securitycenter.viewer) allows the service account to read SCC findings.
  1. Go to Google Cloud ConsoleOrganization in the top left corner.
  2. Select AirMDR project.
  3. Go to IAM & AdminVIEW BY PRINCIPALSGRANT ACCESS.
    \ images/GCPSCC6.png
  4. Search and select airmdr-agent.
  5. Click Add.
    or
  6. Enter the client service account email (e.g., scc-service-account@my-security-project.iam.gserviceaccount.com).
  7. Assign the role:
    • Security Command Center Viewer (roles/securitycenter.viewer)
  8. Click Save.
5

Service Account

Email the service account .json file and the Organization_ID to the AirMDR operations team mailto:mdr-ops@airmdr.com or self-configure in AirMDR Integrations Dashboard.

Configure GCP Security Command Center API in AirMDR Integrations Dashboard

  1. Navigate to AirMDR, provide the credentials and click Login.
  2. Navigate to the AirMDR Integrations Dashboard in the left navigation pane and select Integrations.
    \     images/Duo7.png
  3. Use the search option, enter the keyword “Google Cloud Provider”, select the Connections tab, and click the + Create icon.
    \     images/GCPSCC5.png
  4. Enter the generated organization ID, provide the contents of the JSON file with Service Account credentials in the Authentication Details field params, and click Create.
    \     images/GCPSCC4.png