Enable the CIEM detection service for other clouds
Stay organized with collections
Save and categorize content based on your preferences.
This page describes how to set up the Security Command Center Cloud Infrastructure Entitlement Management (CIEM)
detection service to detect identity issues in your deployments on other cloud
platforms, like Amazon Web Services (AWS) and Microsoft Azure (Preview).
The CIEM detection service generates findings that alert you to
potential identity and access security issues in your AWS and Microsoft
Azure environments, such as highly privileged identities (accounts).
Before you begin
Before you enable the CIEM detection service, complete
the following tasks:
To enable the CIEM detection service to produce findings for
your cloud providers, you must configure certain supporting components in
Security Command Center.
Use CIEM with AWS
To enable the CIEM detection service
for AWS, do the following:
Set up Amazon Web Services (AWS) integration: Connect your AWS environment
to Security Command Center. For instructions, see Connect to AWS.
Configure integrations: Set up optional
Security Command Center integrations such as connecting
to your ticketing systems:
To enable the CIEM detection service for Microsoft Azure, do the
following:
Set up Microsoft Azure integration: Connect your Microsoft Azure environment
to Security Command Center. For instructions,
see Connect to Microsoft Azure.
Configure integrations: Set up optional
Security Command Center integrations such as connecting
to your ticketing systems:
Most of the Security Command Center CIEM capabilities work by default
for your Google Cloud environment and don't require any additional
configuration. As part of Security Command Center's CIEM capabilities,
findings are produced automatically for Google Cloud as long as you
subscribe to Security Command Center.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-29 UTC."],[],[],null,["# Enable the CIEM detection service for other clouds\n\n| Enterprise [service tier](/security-command-center/docs/service-tiers) (not available if [data residency controls](docs/data-residency-support) are enabled)\n\nThis page describes how to set up the Security Command Center Cloud Infrastructure Entitlement Management (CIEM)\ndetection service to detect identity issues in your deployments on other cloud\nplatforms, like Amazon Web Services (AWS) and Microsoft Azure ([Preview](/products#product-launch-stages)).\n\nThe CIEM detection service generates findings that alert you to\npotential identity and access security issues in your AWS and Microsoft\nAzure environments, such as highly privileged identities (accounts).\n\nBefore you begin\n----------------\n\nBefore you enable the CIEM detection service, complete\nthe following tasks:\n\n- Purchase and activate the Enterprise tier of Security Command Center for your organization. For instructions, see [Activate the Security Command Center Enterprise tier](/security-command-center/docs/activate-enterprise-tier).\n- Learn about [Security Command Center's CIEM capabilities](/security-command-center/docs/ciem-overview).\n\nSet up permissions\n------------------\n\n\nTo get the permissions that\nyou need to enable CIEM,\n\nask your administrator to grant you the\nfollowing IAM roles on your Google Cloud organization:\n\n- Chronicle API Admin (roles/chronicle.admin)\n- Chronicle SOAR Admin (roles/chronicle.soarAdmin)\n- Chronicle Service Admin (roles/chroniclesm.admin)\n- Cloud Asset Owner (roles/cloudasset.owner)\n- Create Service Accounts (roles/iam.serviceAccountCreator)\n- Folder IAM Admin (roles/resourcemanager.folderIamAdmin)\n- IAM Recommender Admin (roles/recommender.iamAdmin)\n- Organization Administrator (roles/resourcemanager.organizationAdmin)\n- Organization Role Administrator (roles/iam.roleAdmin)\n- Project Creator (roles/resourcemanager.projectCreator)\n- Project IAM Admin (roles/resourcemanager.projectIamAdmin)\n- Security Admin (roles/iam.securityAdmin)\n- Security Center Admin (roles/securitycenter.admin)\n\n\nFor more information about granting roles, see [Manage access to projects, folders, and organizations](/iam/docs/granting-changing-revoking-access).\n\n\nYou might also be able to get\nthe required permissions through [custom\nroles](/iam/docs/creating-custom-roles) or other [predefined\nroles](/iam/docs/roles-overview#predefined).\n\nConfigure supporting components for CIEM\n----------------------------------------\n\nTo enable the CIEM detection service to produce findings for\nyour cloud providers, you must configure certain supporting components in\nSecurity Command Center.\n\n### Use CIEM with AWS\n\nTo enable the CIEM detection service\nfor AWS, do the following:\n\n- **Set up Amazon Web Services (AWS) integration** : Connect your AWS environment to Security Command Center. For instructions, see [Connect to AWS](/security-command-center/docs/connect-scc-to-aws).\n- **Configure integrations** : Set up optional Security Command Center integrations such as connecting to your ticketing systems:\n - To connect your ticketing system, [integrate Security Command Center Enterprise with ticketing systems](/security-command-center/docs/integrate-ticketing-systems).\n - To synchronize case data, [enable synchronization for cases](/security-command-center/docs/synchronize-case-data#enable-case-sync).\n- **Configure log ingestion** : To configure log ingestion appropriately for CIEM, [Configure AWS log ingestion for\n CIEM](/security-command-center/docs/connect-secops-aws#ciem-log-ingestion).\n\n### Use CIEM with Microsoft Azure\n\nTo enable the CIEM detection service for Microsoft Azure, do the\nfollowing:\n\n- **Set up Microsoft Azure integration** : Connect your Microsoft Azure environment to Security Command Center. For instructions, see [Connect to Microsoft Azure](/security-command-center/docs/connect-scc-to-azure).\n- **Configure integrations** : Set up optional Security Command Center integrations such as connecting to your ticketing systems:\n - To connect your ticketing system, [Integrate Security Command Center Enterprise with ticketing systems](/security-command-center/docs/integrate-ticketing-systems).\n - To synchronize case data, [enable synchronization for cases](/security-command-center/docs/synchronize-case-data#enable-case-sync).\n- **Configure log ingestion** : To configure log ingestion appropriately for CIEM, [Configure Microsoft Azure log ingestion for\n CIEM](/security-command-center/docs/connect-secops-azure#ciem-log-ingestion-azure).\n\n### Use CIEM with Google Cloud\n\nMost of the Security Command Center CIEM capabilities work by default\nfor your Google Cloud environment and don't require any additional\nconfiguration. As part of Security Command Center's CIEM capabilities,\nfindings are produced automatically for Google Cloud as long as you\nsubscribe to Security Command Center.\n\nWhat's next\n-----------\n\n- Learn how to [investigate identity and access findings](/security-command-center/docs/ciem-identity-access-findings).\n- Learn how to [review cases for identity and access issues](/security-command-center/docs/ciem-identity-access-cases).\n- Learn more about [Security Command Center roles](/security-command-center/docs/access-control)."]]
