# Google Security Command Center Connect [Google Security Command Center](/integrations/inbound-integrations/google-security-command-center.md) to ilert to transport security findings, like misconfigurations or suspicious activity, as technical alerts to on-call personnel. This ensures immediate awareness, structured escalation, and a centralized view of security-related events for responders. ## In ilert: Create a Google Security Command Center alert source 1. Go to **Alert sources** --> **Alert sources** and click on **Create new alert source**

2. Search for **Google Security Command Center** in the search field, click on the Google Security Command Center tile and click on **Next**.

3. Give your alert source a name, optionally assign teams and click **Next**. 4. Select an **escalation policy** by creating a new one or assigning an existing one.

5. Select you [Alert grouping](/alerting/configure-alerting/alert-sources.md#alert-grouping) preference and click **Continue setup**. You may click **Do not group alerts** for now and change it later.

6. The next page show additional settings such as customer alert templates or notification prioritiy. Click on **Finish setup** for now. 7. On the final page, an API key and / or webhook URL will be generated that you will need later in this guide.

## In Google Security Command Center: Sending notifications via Google Cloud Functions 1. Enable finding notifications for Pub/Sub with the following guide: 2. Create following function example in Google Cloud Functions. Make sure to replace `[WEBHOOK_URL]`with the Url generated in [this step](#in-ilert-create-google-security-command-center-alert-source). {% tabs %} {% tab title="Go" %} ```go import ( "context" "log" "net/http" "github.com/go-resty/resty/v2" ) type PubSubMessage struct { Data []byte `json:"data"` } func WebhookPubSub(ctx context.Context, m PubSubMessage) { // Send the webhook request with the Pub/Sub message as the content webhookURL := "[WEBHOOK_URL]" client := resty.New() resp, err := client.R(). SetHeader("Content-Type", "application/json"). SetBody(m.Data). Post(webhookURL) if err != nil { log.Printf("Error creating webhook request: %v", err) return } // Check the webhook response if resp.StatusCode() != http.StatusAccepted { log.Printf("Webhook request failed with status code: %d", resp.StatusCode()) return } } ``` {% endtab %} {% endtabs %} 3. Deploy the Google Cloud Function by running the following command in the terminal:\ \ `gcloud functions deploy WebhookPubSub --runtime go116 --trigger-topic YOUR_PUBSUB_TOPIC`\ \ Replace `YOUR_PUBSUB_TOPIC` with the actual Pub/Sub topic name that you want the Cloud Function to be triggered by. ## FAQ **Will alerts in ilert be resolved automatically?** Yes, as soon as the state of an alert in Google Security Command Center is `RESOLVED`, the associated alert in ilert is resolved. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.ilert.com/integrations/inbound-integrations/google-security-command-center.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.