×

If you are using Google Cloud Security Command Center (Cloud SCC), you can forward alerts from Red Hat Advanced Cluster Security for Kubernetes to Cloud SCC. This guide explains how to integrate Red Hat Advanced Cluster Security for Kubernetes with Cloud SCC.

The following steps represent a high-level workflow for integrating Red Hat Advanced Cluster Security for Kubernetes with Cloud SCC.

  1. Register a new security source with Google Cloud.

  2. Provide the source ID and service account key to Red Hat Advanced Cluster Security for Kubernetes.

  3. Identify the policies you want to send notifications for, and update the notification settings for those policies.

Configuring Google Cloud SCC

Start by adding Red Hat Advanced Cluster Security for Kubernetes as a trusted Cloud SCC source.

Procedure
  1. Follow the Adding vulnerability and threat sources to Cloud Security Command Center guide and add Red Hat Advanced Cluster Security for Kubernetes as a trusted Cloud SCC source. Make a note of the Source ID that Google Cloud creates for your Red Hat Advanced Cluster Security for Kubernetes integration. If you do not see a source ID after registering, you can find it on the Cloud SCC Security Sources page.

  2. Create a key for the service account you created, or the existing account you used, in the previous step. See Google Cloud’s guide to creating and managing service account keys for details.

Configuring Red Hat Advanced Cluster Security for Kubernetes for integrating with Google Cloud SCC

Create a new Google Cloud SCC integration in Red Hat Advanced Cluster Security for Kubernetes by using the Source ID and service account key.

Procedure
  1. On the RHACS portal, navigate to Platform ConfigurationIntegrations.

  2. Scroll down to the Notifier Integrations section and select Google Cloud SCC.

  3. Click New Integration (add icon).

  4. Enter a name for Integration Name.

  5. Enter the Cloud SCC Source ID and Service Account Key (JSON).

  6. Select Create (save icon) to create the configuration.

Configuring policy notifications

Enable alert notifications for system policies.

Procedure
  1. On the RHACS portal, navigate to Platform ConfigurationSystem policies.

  2. Select the check boxes for one or more policies that you want to send alerts for.

  3. Select ActionsEnable Notification.

  4. In the Enable Notifications dialog box, select the check box for the Google Cloud SCC notifier.

    If you have not configured any other integrations, you will see No notifiers configured!.

  5. Click Enable.

  • Red Hat Advanced Cluster Security for Kubernetes sends notifications on an opt-in basis. To receive notifications, you must first assign a notifier to the policy.

  • Notifications are only sent once for a given alert. If you have assigned a notifier to a policy, you will not receive a notification unless a violation generates a new alert.

  • Red Hat Advanced Cluster Security for Kubernetes creates a new alert when:

    • A policy violation occurs for the first time in a deployment.

    • A runtime-phase policy violation occurs in a deployment after you resolved the previous runtime alert for a policy in that deployment.