This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Email alerting - security command center notification

on ‎09-18-2024 04:31 AM

raghavendras
Staff
1 0 153

In this blog post I'll be providing insights about the email notification for findings generated within the security command center Standard / premium tier. 

Although SCC doesn't have a straightforward out of the box email notification channel integrated within the SCC console, there are few options available from SCC to make this possible. With SCC we have an option to choose which is known as  continuous exports and this is limited to either pub/sub topic or slack channel.

From pub/sub topic using cloud function(event trigger mechanism) we can further integrate with sendgrid email api, SMS, Slack, WebEx, and other services.

Note: After we set up a continuous export in SCC to pub/sub the existing messages will not be pushed / sent to pub/sub topic. Only the newly triggered /identified threats,  findings etc., will be visible in the pub/sub topic messages.

Now let's take a look at how this can be done in real time:

  1. Login to the SCC console, in the landing page click settings and navigate to “CONTINUOUS EXPORTS

raghavendras_1-1726658600963.png

2. Click on “CREATE CONTINUOUS EXPORT”

3. Select Cloud Pub/Sub

4. In the Export to Pub/Sub, provide the name for “Continuous Export”

5. Select the referenced project where the already created pub/sub exist or where it will be created

raghavendras_2-1726658756214.png

In the drop down menu of “Select a Cloud Pub/Sub topic” choose the topic if any created for this purpose or click on “Create Topic”

raghavendras_3-1726658794471.png

  • Input the “Topic ID”
  • We can leave the rest fields as “Blank”
  • Click on “Create”
  • In the GCP console launch pub/sub and view the recently created Topic in the “Topics” section
  • Click on the Topic that was created this will land to the “subscriptions” tab
  • Here we need to create a new subscription
  • Click on “CREATE SUBSCRIPTION”
  • Input the “Subscription ID”
  • Choose the “Delivery type” as 
  • This will pop-up a side window “ Create topic”

Choose the “Delivery type” as

raghavendras_4-1726658902479.png

  • Click on the subscription created 
  • Review - “METRICS”, “DETAILS”, “MESSAGES” 
  • We should be able to see metrics of messages available in the subscription
  • In the “Messages” tab we can view the actual SCC finding message will all its details
  • If there are any newly available finding in the SCC, in real time this will be made available in the subscription “MESSAGES”
  • Go back to the Topics section in the main window of Pub/sub
  • Click on “TRIGGER CLOUD FUNCTION”

raghavendras_5-1726658965084.png

Enable on required API’s

 

In the “Runtime, build, connections and security setting choose the runtime of preferred choice based on the code

For the demo reference we used send grid email api. Please find below instructions on how to further progress with the demo code and deploy the cloud function. 

https://cloud.google.com/security-command-center/docs/how-to-enable-real-time-notifications#setting_... 

This sample code tested will send emails to the notified email id’s mentioned in the code. 

Conclusion:

In this blog post we have attempted to establish how to send email notifications for SCC findings with regards to threats, vulnerabilities, misconfiguration, risks etc.,

Topic Labels
Contributors
Version history
Last update:
‎09-18-2024 04:31 AM
Updated by: