Google Security Command Center

In ilert: Create a Google Security Command Center alert source

1. Go to Alert sources --> Alert sources and click on Create new alert source

   
2. Search for Google Security Command Center in the search field, click on the Google Security Command Center tile and click on Next.

   
3. Give your alert source a name, optionally assign teams and click Next.

4. Select an escalation policy by creating a new one or assigning an existing one.

   
5. Select you Alert grouping preference and click Continue setup. You may click Do not group alerts for now and change it later.

   
6. The next page show additional settings such as customer alert templates or notification prioritiy. Click on Finish setup for now.

7. On the final page, an API key and / or webhook URL will be generated that you will need later in this guide.

   

In Google Security Command Center: Sending notifications via Google Cloud Functions

1. Enable finding notifications for Pub/Sub with the following guide: https://cloud.google.com/security-command-center/docs/how-to-notifications#create-notification-config

2. Create following function example in Google Cloud Functions. Make sure to replace [WEBHOOK_URL]with the Url generated in this step.

1. Deploy the Google Cloud Function by running the following command in the terminal: gcloud functions deploy WebhookPubSub --runtime go116 --trigger-topic YOUR_PUBSUB_TOPIC Replace YOUR_PUBSUB_TOPIC with the actual Pub/Sub topic name that you want the Cloud Function to be triggered by.

FAQ

Will alerts in ilert be resolved automatically?

Yes, as soon as the state of an alert in Google Security Command Center is RESOLVED, the associated alert in ilert is resolved.