This page describes how to set up the Security Command Center Cloud Infrastructure Entitlement Management (CIEM) detection service to detect identity issues in Google Cloud and other cloud platforms, like Amazon Web Services (AWS) and Microsoft Azure (Preview).
The CIEM detection service generates findings that alert you to potential identity and access security issues, such as highly privileged identities (accounts).
Before you begin
Before you enable the CIEM detection service, complete the following tasks:
Purchase and activate Security Command Center for your organization. For instructions, see one of the following:
- Activate the Security Command Center Standard tier for an organization.
- Activate the Security Command Center Premium tier for an organization.
- Activate the Security Command Center Enterprise tier.
Learn about Security Command Center's CIEM capabilities.
Set up permissions
The following sections describe the permissions required to configure CIEM.
Permissions for Standard-legacy, Standard, and Premium tier activations
After you activate Security Command Center, no additional permissions are needed to configure CIEM. For more information, see Configure CIEM with Google Cloud.
Permissions for Enterprise tier activations
To get the permissions that you need to enable CIEM, ask your administrator to grant you the following IAM roles on your Google Cloud organization:
- Chronicle API Admin (roles/chronicle.admin)
- Chronicle SOAR Admin (roles/chronicle.soarAdmin)
- Chronicle Service Admin (roles/chroniclesm.admin)
- Cloud Asset Owner (roles/cloudasset.owner)
- Create Service Accounts (roles/iam.serviceAccountCreator)
- Folder IAM Admin (roles/resourcemanager.folderIamAdmin)
- IAM Recommender Admin (roles/recommender.iamAdmin)
- Organization Administrator (roles/resourcemanager.organizationAdmin)
- Organization Role Administrator (roles/iam.roleAdmin)
- Project Creator (roles/resourcemanager.projectCreator)
- Project IAM Admin (roles/resourcemanager.projectIamAdmin)
- Security Admin (roles/iam.securityAdmin)
- Security Center Admin (roles/securitycenter.admin)
For more information about granting roles, see Manage access to projects, folders, and organizations.
You might also be able to get the required permissions through custom roles or other predefined roles.
Configure CIEM for Google Cloud
Cloud Infrastructure Entitlement Management services are enabled by default in your Google Cloud environment and don't require additional configuration.
After you activate Security Command Center, these services generate and publish findings related to Google Cloud resources to Security Command Center.
Configure CIEM for AWS
To enable the CIEM detection service for AWS, do the following:
- Set up Amazon Web Services (AWS) integration: Connect your AWS environment to Security Command Center. For instructions, see Connect to AWS.
- Configure integrations: Set up optional
Security Command Center integrations such as connecting
to your ticketing systems:
- To connect your ticketing system, integrate Security Command Center Enterprise with ticketing systems.
- To synchronize case data, enable synchronization for cases.
- Configure log ingestion: To configure log ingestion appropriately for CIEM, Configure AWS log ingestion for CIEM.
Configure CIEM for Microsoft Azure
To enable the CIEM detection service for Microsoft Azure, do the following:
- Set up Microsoft Azure integration: Connect your Microsoft Azure environment to Security Command Center. For instructions, see Connect to Microsoft Azure.
- Configure integrations: Set up optional
Security Command Center integrations such as connecting
to your ticketing systems:
- To connect your ticketing system, Integrate Security Command Center Enterprise with ticketing systems.
- To synchronize case data, enable synchronization for cases.
- Configure log ingestion: See Configure Microsoft Azure log ingestion for CIEM.
What's next
- Learn how to investigate identity and access findings.
- Learn how to review cases for identity and access issues.
- Learn more about Security Command Center roles.