This page describes how to set up the Security Command Center Cloud Infrastructure Entitlement Management (CIEM) detection service to detect identity issues in your deployments on other cloud platforms, like Amazon Web Services (AWS) and Microsoft Azure (Preview).
The CIEM detection service generates findings that alert you to potential identity and access security issues in your AWS and Microsoft Azure environments, such as highly privileged identities (accounts).
Before you begin
Before you enable the CIEM detection service, complete the following tasks:
- Purchase and activate the Enterprise tier of Security Command Center for your organization. For instructions, see Activate the Security Command Center Enterprise tier.
- Learn about Security Command Center's CIEM capabilities.
Set up permissions
To get the permissions that you need to enable CIEM, ask your administrator to grant you the following IAM roles on your Google Cloud organization:
- Chronicle API Admin (roles/chronicle.admin)
- Chronicle SOAR Admin (roles/chronicle.soarAdmin)
- Chronicle Service Admin (roles/chroniclesm.admin)
- Cloud Asset Owner (roles/cloudasset.owner)
- Create Service Accounts (roles/iam.serviceAccountCreator)
- Folder IAM Admin (roles/resourcemanager.folderIamAdmin)
- IAM Recommender Admin (roles/recommender.iamAdmin)
- Organization Administrator (roles/resourcemanager.organizationAdmin)
- Organization Role Administrator (roles/iam.roleAdmin)
- Project Creator (roles/resourcemanager.projectCreator)
- Project IAM Admin (roles/resourcemanager.projectIamAdmin)
- Security Admin (roles/iam.securityAdmin)
- Security Center Admin (roles/securitycenter.admin)
For more information about granting roles, see Manage access to projects, folders, and organizations.
You might also be able to get the required permissions through custom roles or other predefined roles.
Configure supporting components for CIEM
To enable the CIEM detection service to produce findings for your cloud providers, you must configure certain supporting components in Security Command Center.
Use CIEM with AWS
To enable the CIEM detection service for AWS, do the following:
- Set up Amazon Web Services (AWS) integration: Connect your AWS environment to Security Command Center. For instructions, see Connect to AWS.
- Configure integrations: Set up optional
Security Command Center integrations such as connecting
to your ticketing systems:
- To connect your ticketing system, integrate Security Command Center Enterprise with ticketing systems.
- To synchronize case data, enable synchronization for cases.
- Configure log ingestion: To configure log ingestion appropriately for CIEM, Configure AWS log ingestion for CIEM.
Use CIEM with Microsoft Azure
To enable the CIEM detection service for Microsoft Azure, do the following:
- Set up Microsoft Azure integration: Connect your Microsoft Azure environment to Security Command Center. For instructions, see Connect to Microsoft Azure.
- Configure integrations: Set up optional
Security Command Center integrations such as connecting
to your ticketing systems:
- To connect your ticketing system, Integrate Security Command Center Enterprise with ticketing systems.
- To synchronize case data, enable synchronization for cases.
- Configure log ingestion: To configure log ingestion appropriately for CIEM, Configure Microsoft Azure log ingestion for CIEM.
Use CIEM with Google Cloud
Most of the Security Command Center CIEM capabilities work by default for your Google Cloud environment and don't require any additional configuration. As part of Security Command Center's CIEM capabilities, findings are produced automatically for Google Cloud as long as you subscribe to Security Command Center.
What's next
- Learn how to investigate identity and access findings.
- Learn how to review cases for identity and access issues.
- Learn more about Security Command Center roles.