Skip to main content

Google Security Command Center

Google Cloud

The Google Security Center connector integrates with Google Cloud Security Command Center (SCC), Cloud Asset Inventory, and the in-cluster Kubernetes API to give Brinqa a unified view of GCP exposure. It pulls SCC findings (vulnerabilities, misconfiguration violations, threat alerts) and the cloud assets they target — compute instances, networks, firewalls, GKE clusters, Cloud SQL, Cloud Run / Cloud Functions / App Engine, load balancers, IAM bindings, and project-level metadata — then dives into each GKE cluster's API server to enumerate namespaces, pods, service accounts (Workload Identity), services, ingresses, deployments, daemonsets, and RBAC roles. The result is one connected graph spanning GCP control-plane state and in-cluster posture, suitable for blast-radius analysis.

Data retrieved from Google Security Command Center

Connector ObjectRequiredMaps to Data Model
VulnerabilityYesVulnerability
Vulnerability DefinitionYesVulnerability Definition
ViolationYesViolation
Violation DefinitionYesViolation Definition
AlertYesAlert
Alert DefinitionYesAlert Definition
ProjectYesCloud Resource
BucketYesCloud Resource
RepositoryYesCloud Resource
ServiceAccountYesCloud Resource
Compute InstanceYesHost
FirewallYesCloud Resource
DiskYesCloud Resource
AddressYesCloud Resource
NetworkYesCloud Resource
Node PoolYesCloud Resource
Compute ProjectYesCloud Resource
GKEClusterYesCloud Resource
K8s NamespaceYesCloud Resource
K8s PodYesCloud Resource
K8s ServiceAccountYesCloud Resource
K8s ServiceYesCloud Resource
K8s IngressYesCloud Resource
K8s DeploymentYesCloud Resource
K8s DaemonSetYesCloud Resource
K8s RoleYesCloud Resource
K8s RoleBindingYesCloud Resource
Cloud Run ServiceYesCloud Resource
Cloud FunctionYesCloud Resource
App Engine ApplicationYesCloud Resource
SQL InstanceYesHost
Forwarding RuleYesCloud Resource
Backend ServiceYesCloud Resource
Target PoolYesCloud Resource
Instance GroupYesCloud Resource
IAM BindingYesCloud Resource

Model relationships

note

For detailed steps on how to view the data retrieved from Google Security Command Center in the Brinqa Platform, see How to view your data.