Security Command Center Enterprise consoles

The Security Command Center Enterprise tier includes two consoles: the Google Cloud console and the Security Operations console.

You can sign in to both consoles using the same username and credentials.

Google Cloud console

The Google Cloud console lets you perform tasks such as the following:

  • Activate Security Command Center.
  • Set up Identity and Access Management (IAM) permissions for all Security Command Center users.
  • Configure AWS connectivity for vulnerability management.
  • Work with and export findings.
  • Manage security postures.
  • Assess risks with attack exposure scores.
  • Identify high-sensitivity data with Sensitive Data Protection.
  • Detect and remediate individual findings directly.
  • Configure Security Health Analytics, Web Security Scanner, and other Google Cloud integrated services.
  • Assess and report on your compliance with common security standards or benchmarks.
  • View and search your Google Cloud assets.

You can access the Security Command Center content in the Google Cloud console from the Risk Overview page.

Go to Security Command Center

The following image shows the Security Command Center content in the Google Cloud console.

The Google Cloud console.

Security Operations console

The Security Operations console lets you perform tasks such as the following:

  • Configure AWS connectivity for threat detection.
  • Configure users and groups for incident management.
  • Configure security orchestration, automation, and response (SOAR) settings.
  • Configure data ingestion into the security information and event management (SIEM).
  • Investigate and remediate individual findings for your Google Cloud organization and AWS environment.
  • Work with issues, the most important security risks Security Command Center Enterprise has found in your cloud environments.
  • Work with cases, which includes grouping findings, assigning tickets, and working with alerts.
  • Use an automated sequence of steps known as playbooks to remediate problems.
  • Use Workdesk to manage actions and tasks waiting for you from open cases and playbooks.

You can access the Security Operations console from the following URL:

https://CUSTOMER_SUBDOMAIN.backstory.chronicle.security`

Replace CUSTOMER_SUBDOMAIN with your customer-specific identifier. You can determine your identifier using one of the following methods:

  • In the setup guide in the Google Cloud console, step 4 to step 6 redirect to the Security Operations console. To access the setup guide, complete the following:

    1. Go to the Security Command Center Setup guide.

      Go to Setup guide

    2. Select the organization where Security Command Center is activated.

    3. Click the link in any of the following steps:

      • Step 4: Set up users and groups
      • Step 5: Configure integrations
      • Step 6: Configure log ingestion

  • In the Google Cloud console, click one of the case links. To access a case link, complete the following:

    1. Go to the Vulnerabilities by case page.

      Go to Vulnerabilities by case

    2. Select the organization where Security Command Center is activated.

    3. Click any link under the Case Id column in the Vulnerability findings table.

  • In the Google Cloud console, access the link on the Google Security Operations administration settings page. This method requires you to know the management project that was used to activate Security Command Center Enterprise for your organization.

    1. Go to the Google SecOps page.

      Go to Vulnerabilities by case

    2. Select your organization's management project.

    3. Click Go to Google Security Operations.

The following image shows the Security Operations console.

The Security Operations console.

What's next