Questo contenuto non è disponibile nella lingua selezionata.
Chapter 13. Integrating with Google Cloud Security Command Center
If you are using Google Cloud Security Command Center (Cloud SCC), you can forward alerts from Red Hat Advanced Cluster Security for Kubernetes to Cloud SCC. This guide explains how to integrate Red Hat Advanced Cluster Security for Kubernetes with Cloud SCC.
The following steps represent a high-level workflow for integrating Red Hat Advanced Cluster Security for Kubernetes with Cloud SCC.
- Register a new security source with Google Cloud.
- Provide the source ID and service account key to Red Hat Advanced Cluster Security for Kubernetes.
- Identify the policies you want to send notifications for, and update the notification settings for those policies.
13.1. Configuring Google Cloud SCC
Start by adding Red Hat Advanced Cluster Security for Kubernetes as a trusted Cloud SCC source.
Procedure
- Follow the Adding vulnerability and threat sources to Cloud Security Command Center guide and add Red Hat Advanced Cluster Security for Kubernetes as a trusted Cloud SCC source. Make a note of the Source ID that Google Cloud creates for your Red Hat Advanced Cluster Security for Kubernetes integration. If you do not see a source ID after registering, you can find it on the Cloud SCC Security Sources page.
- Create a key for the service account you created, or the existing account you used, in the previous step. See Google Cloud’s guide to creating and managing service account keys for details.
13.2. Configuring Red Hat Advanced Cluster Security for Kubernetes for integrating with Google Cloud SCC
You can create a new Google Cloud SCC integration in Red Hat Advanced Cluster Security for Kubernetes by using the source ID and a Google service account.
Prerequisites
-
A service account with the
Security Center Findings Editor
IAM role on the organization level. See Access control with IAM for more information. - Either a workload identity or a Service account key (JSON) for the service account. See Creating a service account and Creating service account keys for more information.
Procedure
-
In the RHACS portal, go to Platform Configuration
Integrations. - Scroll down to the Notifier Integrations section and select Google Cloud SCC.
-
Click New Integration (
add
icon). - Enter a name for Integration Name.
- Enter the Cloud SCC Source ID.
- When using a workload identity, check Use workload identity. Otherwise, enter the contents of your service account key file into the Service account key (JSON) field.
- Select Create to generate the configuration.
13.3. Configuring policy notifications
Enable alert notifications for system policies.
Procedure
-
In the RHACS portal, go to Platform Configuration
Policy Management. - Select one or more policies for which you want to send alerts.
- Under Bulk actions, select Enable notification.
In the Enable notification window, select the Google Cloud SCC notifier.
NoteIf you have not configured any other integrations, the system displays a message that no notifiers are configured.
- Click Enable.
- Red Hat Advanced Cluster Security for Kubernetes sends notifications on an opt-in basis. To receive notifications, you must first assign a notifier to the policy.
- Notifications are only sent once for a given alert. If you have assigned a notifier to a policy, you will not receive a notification unless a violation generates a new alert.
Red Hat Advanced Cluster Security for Kubernetes creates a new alert for the following scenarios:
- A policy violation occurs for the first time in a deployment.
- A runtime-phase policy violation occurs in a deployment after you resolved the previous runtime alert for a policy in that deployment.