Logo of Trend Micro
Use the Conformity Knowledge Base AI to help improve your Cloud Posture

Enable Security Command Center API

Trend Cloud One™ – Conformity is a continuous assurance tool that provides peace of mind for your cloud infrastructure, delivering over 1000 automated best practice checks.

Risk Level: High (act today)
Rule ID: CloudAPI-002

To access historical security findings and asset data in Security Command Center, ensure that the Security Command Center API is enabled within your Google Cloud account.

This rule resolution is part of the Conformity Security & Compliance tool for GCP.

Security

Security Command Center provides comprehensive support for assessing and comprehending attack vectors within your Google Cloud account. By safeguarding your cloud assets, it empowers you to identify vulnerabilities and threats across your diverse cloud setups and streamline their resolution. Leveraging integration with various Google Cloud services, Security Command Center efficiently identifies security concerns through methods including resource metadata scans, cloud log analysis, container inspection, and virtual machine scrutiny. Enabling the Security Command Center API enhances security by providing centralized visibility into threats and vulnerabilities across your cloud infrastructure.

Audit

To determine if the Security Command Center API is enabled for your GCP projects, perform the following operations:

Using GCP Console

01 Sign in to the Google Cloud Management Console.

02 Navigate to the API Library console available at https://console.cloud.google.com/apis/library.

03 Select the GCP project that you want to examine from the console top navigation bar.

04 Under Welcome to the API Library, use the Search for API & Services search box and search for the Security Command Center API.

05 Click on the Security Command Center API box to open the API overview page.

06 On the API overview page, search for the MANAGE button to determine the current status of the API. If the MANAGE button is not available, instead the ENABLE button is displayed, the Security Command Center API is not enabled for the selected GCP project.

07 Repeat steps no. 3 – 6 for each GCP project available in your Google Cloud account.

Using GCP CLI

01 Run projects list command (Windows/macOS/Linux) with custom query filters to list the ID of each GCP project available within your Google Cloud account: 

gcloud projects list 
  --format="table(projectId)"

02 The command output should return the requested GCP project identifier(s): 

PROJECT_ID
cc-web-app-project-112233
cc-bigdata-project-123123

03 Run services list command (Windows/macOS/Linux) with the ID of the GCP project that you want to examine as the identifier parameter and custom filtering to determine if the Security Command Center API is enabled for the selected project: 

gcloud services list
  --project cc-web-app-project-112233
  --enabled
  --filter=name:securitycenter.googleapis.com

04 The command output should return the name and the title of the requested API: 

Listed 0 items.

If the services list command output returns Listed 0 items., as shown in the output example above, the Security Command Center API is not enabled for the selected GCP project.

05 Repeat steps no. 3 and 4 for each GCP project created within your Google Cloud account.

Remediation / Resolution

To enable the Security Command Center API for your GCP projects, perform the following operations:

Using GCP Console

01 Sign in to the Google Cloud Management Console.

02 Navigate to the API Library console available at https://console.cloud.google.com/apis/library.

03 Select the GCP project that you want to access from the console top navigation bar.

04 Under Welcome to the API Library, use the Search for API & Services search box and search for the Security Command Center API.

05 Click on the Security Command Center API box to open the API overview page.

06 On the API overview page, choose ENABLE to enable the Security Command Center API for your GCP project.

07 Repeat steps no. 3 – 6 for each GCP project available in your Google Cloud account.

Using GCP CLI

01 Run services enable command (Windows/macOS/Linux) using the ID of the GCP project that you want to access as the identifier parameter, to enable the Security Command Center API for the selected project: 

gcloud services enable securitycenter.googleapis.com
  --project cc-web-app-project-112233

02 If successful, the command output should return the ID and status of the performed operation: 

Operation "operations/acat.p0-123456789012-abcd1234-abcd-1234-abcd-1234abcd1234" finished successfully.

03 Repeat steps no. 1 and 2 for each GCP project created within your Google Cloud account.

References

Publication date May 1, 2024

Related CloudAPI rules