Integrate with Google Cloud Security Command Center

Integrate StackRox with Google Cloud Security Command Center (Cloud SCC).

If you are using Google Cloud Security Command Center (Cloud SCC), you can forward alerts from the StackRox Kubernetes Security Platform to Cloud SCC. This guide explains how to integrate the StackRox Kubernetes Security Platform with Cloud SCC.

To forward alerts from the StackRox Kubernetes Security Platform to Cloud SCC:

  1. Register a new Security Source with Google Cloud. See Configure Cloud SCC.
  2. Provide the Source ID and service account key to the StackRox Kubernetes Security Platform. See Configure the StackRox Kubernetes Security Platform.
  3. Identify policies for which you want to send notifications, and update the notification settings for those policies. See Configure policy notifications.

Alerts in Google Cloud SCC
Alerts in Google Cloud SCC

Configure Cloud SCC

  1. Follow the Adding vulnerability and threat sources to Cloud Security Command Center guide and add StackRox as a trusted Cloud SCC source. Note down the Source ID that Google Cloud creates for your StackRox integration. If you don’t see a Source ID after registering, you can find it on the Cloud SCC Security Sources page.
    View Security Sources
    View Security Sources
  2. Create a key for the service account you created, or the existing account you used, in the previous step. See Google Cloud’s guide to creating and managing service account keys for details.

Configure the StackRox Kubernetes Security Platform

Create a new integration in the StackRox Kubernetes Security Platform by using the Source ID and service account key.

  1. Navigate to Platform Configuration > Integrations.
  2. Under the Plugins section, select Google Cloud SCC.
  3. Select the New Integration icon.
  4. Enter a name for Integration Name.
  5. Enter the Cloud SCC Source ID and Service Account Key (JSON).
  6. Select Create (save icon) to create the configuration.

Configure policy notifications

  1. Navigate to Platform Configuration > System policies.
  2. Select the check boxes for one or more policies for which you want to send alerts.
  3. Select Enable Notifications or Actions > Enable Notification (depends upon the StackRox Kubernetes Security Platform version you are using).
  4. In the Enable Notifications dialog, select the check box for the Cloud SCC notifier (same as the Integration Name). If you haven’t configured any other integrations, you’ll see the message No notifiers configured!.
    Configure policy notifications
    Configure policy notifications
  5. Select Enable.
  • The StackRox Kubernetes Security Platform sends notifications on an opt-in basis. To receive notifications, you must first assign a notifier to the policy.

  • Notifications are only sent once for a given alert. If you have assigned a notifier to a policy, you won’t receive a notification unless a violation generates a new alert. The StackRox Kubernetes Security Platform creates a new alert when:

    • a policy violation occurs for the first time in a deployment, or
    • a runtime-phase policy violation occurs in a deployment after you resolved the previous runtime alert for that policy in that deployment.

Questions?

We're happy to help! Reach out to us to discuss questions, issues, or feature requests.

© 2021 StackRox Inc. All rights reserved.