GCP & OCI Security Configuration Prerequisites
GCP Security Configuration Prerequisites
There are two types of options available on Google Cloud Platform (GCP):
- Standard – Only for Vulnerability detection.
- Premium – For Threat and Vulnerability detection.
Below is the list of permission needs to be enabled for security-related detection to take place
- The API for the Security Command Center in GCP needs to be enabled.
- The “securitycenteradmin” role needs to be enabled in the GCP console for CoreStack to process the threats or vulnerabilities based on which services are enabled.
- Once the service is enabled, the below permissions should also be enabled:
“securitycenter.findings.list”
“securitycenter.findingd.listFindingPropertyNames”
“securitycenter.sources.get”
“securitycenter.sources.list”
“resourcemanager.organizations.get”
We recommend manually validating whether all the permissions listed above are enabled after you enable the “securitycenteradmin” role.
Once the required permission is set up, the following steps need to be configured in CoreStack.
Step 1: Login to CoreStack and click on the Account Governancesection, then select the Security tab.
Step 2:Select Vulnerability Assessments Configuration, and the system will check if all the required permissions have been enabled. If they are, it will be highlighted in green. If they aren’t, it will be highlighted in red.
Step 3:Once all the required permissions are verified, click on Next.
Step 4:Under Security Command Center, enable Security Health Analytics to identify any vulnerabilities in the instance and Web Security Scanner to identify any vulnerabilities in Web Apps. You can choose to enable both or only one or the other based on your needs.
Similarly, select Threat Management Configuration to validate the permissions and configurations of threat management.
Step 5:Once all the required permissions are verified, click on Next.
Step 6: Under Security Command Center, enable Event Threat Detection to identify any threats from the logs and Container threat Detection to identify any threats in the containers. You can choose to enable both or only one or the other based on your needs.
Note: These changes should take around 24 hours to reflect in the system after the configuration is successful saved.
OCI Security Configuration Prerequisites
Currently, there is no validation of permissions done for OCI in CoreStack.
Below is the list of permission that needs to be enabled
- The Oracle VSS service is to be enabled.
Once the above permission is set up, the following steps need to be configured in CoreStack
Step 1: Login to CoreStack and click on the Account Governance section and then select the Security tab.
Step 2: Select Vulnerability Assessments Configuration, and the system will check if all the required permissions have been enabled. If they are, it will be highlighted in green. If they aren’t, it will be highlighted in red.
Step 3: Once all the required permissions is verified, click on Next.
There would be an option to enable Vulnerability Host Scan to identify any vulnerabilities.
Step 4: Click Save to validate and save the configuration. If the validation is unsuccessful, an alert will be displayed.
Note: The changes should take around 24 hours to reflect in the system after the configuration is successful saved.
Updated about 1 year ago