Integrate Prisma Cloud with Google Cloud Security Command Center (SCC)

Learn how to integrate Prisma™ Cloud with Google Cloud Security Command Center (SCC).
Integrate Prisma™ Cloud with Google Cloud Security Command Center (SCC) for centralized visibility into security and compliance risks associatedwith your cloud assets on the Google Cloud Platform (GCP).
You can setup this integration for a GCP Organization that you are monitoring with Prisma Cloud. The alerts generated by Prisma Cloud for GCP accounts basedon your alert rule are posted to Cloud SCC. To show the Prisma Cloud alerts in Google Could SCC for cloud accounts of other cloud types (such as AWSand Azure), contact Prisma Cloud support (ppc-help@paloaltonetworks.com).
  1. The service account you use to onboard the GCP Organization into Prisma Cloud should include Viewer, Organization Viewer, and Security Center Findings Editor roles.
  2. To view assets and findings on the Cloud SCC console, enable the
    Cloud Security Command Center API
    .
    1. Go to the GCP Console API Library and select your GCP project.
      Make sure to enable the
      Cloud Security Command Center API
      in the project that owns the Service Account that you will use to onboard the GCP Organization into Prisma Cloud.
    2. Enable APIs and Services
      .
    3. Enablethe
      Cloud Security Command Center API
      .
  3. Sign up for the Prisma Cloud SCC solution on the Google console.
    A security center administrator can setup this integration on the Google console.
    1. Go to the Google Console and search for
      Prisma Cloud CSCC
      .
    2. Visit Palo Alto Networks site to Signup
      .
      cscc-signup-prisma-cloud.png
    3. Select the organization that you onboarded into Prisma Cloud.
    4. Select the
      Service account
      you used to onboard the GCP Organization.
      cscc-select-service-account.png
    5. Copy the
      Source ID
      . You need the
      Source ID
      when you setup this integration in Prisma Cloud.
    6. Click
      Done
      .
  4. Set up Cloud SCC as one of the integration channels in Prisma Cloud.
    1. Log in to Prisma Cloud.
    2. Select
      Settings
      Integrations
      .
    3. Create a
      +New Integration
      .
    4. Select
      CSCC
      as the
      Integration Type
      .
    5. Specify a meaningful
      Integration Name
      and
      Description
      .
    6. Enter the
      Source ID
      that you copied when you signed up for Prisma Cloud SCC.
      cscc-add-integration-in-prisma-cloud.png
    7. Select the
      GCP Organization
      .
    8. Click
      Next
      and then
      Test
      .
      For a successful integration, you must configure adequate permissions for the service account (as listed above). After you successfully set up the integration, the status (
      Settings
      Integrations
      )turns red when there are any issues and turns green when thereare no issues or all issuesare resolved.
  5. Create an Alert Rule or modify an existing rule to send alerts to Google Cloud SCC. See Send Prisma Cloud Alert Notifications to Third-Party Tools.
  6. View alerts in Cloud SCC.
    1. Go to the Google Console and select
      Security
      Security Command Center
      .
      cscc-security-command-center.png
    2. Click
      Findings
      to view the alerts.
      cscc-findings.png
    3. Select the rule to see the details about the alerts.
      cscc-alerts.png

Related Documentation