Skip to content
/ scc-slack-messages Public

Slack messages for Google Security Command Center Findings

License

MIT license
17 stars 4 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

gschaeffer/scc-slack-messages

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

12 Commits
.vscode
.vscode
 
 
app
app
 
 
img
img
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
deploy_func.sh
deploy_func.sh
 
 

Repository files navigation

SCC Findings Bot
Slack Messages for SCC Findings

FeaturesRequirementsInstallationCleanup

Features

Google Security Command Center (SCC) surfaces security issues in the form of Findings. This Slack Message handler extends the visibility of those Findings by presenting them into a Slack Channel.

Slack Message Example

The projects is a Google Cloud Function that is triggered by SCC Findings sent to a PubSub Topic. The PubSub configuration may be set up using the related project https://github.com/gschaeffer/scc-alerts. The default filter is for high severity Findings.

Requirements

SCC Notifications must be set up. That process is simplified using the related project https://github.com/gschaeffer/scc-alerts.

Installation

Set the project value for the gcloud commands.

PROJECT="[REPLACE_WITH_PROJECT_ID]"

gcloud config set core/project $PROJECT
# Verify the change
gcloud config get-value core/project

Enable services

# Enable the services if it is not already enabled
gcloud services enable secretmanager.googleapis.com

gcloud services enable cloudfunctions.googleapis.com

gcloud services enable cloudbuild.googleapis.com

Create secrets in Cloud Secret Manager.

# Enable Secret Manager
gcloud services enable secretmanager.googleapis.com

# Create secret 'slack-token'; replace value including brackets.
print "[SECRET_VALUE]" | gcloud secrets create slack-handler-token --data-file=- --replication-policy user-managed --locations us-central1

# Create secret 'slack-channel'; replace value including brackets.
print "[SECRET_VALUE]" | gcloud secrets create slack-handler-channel --data-file=- --replication-policy user-managed --locations us-central1

Grant service account of the Cloud Function access to the secrets.

# slack-handler-token
gcloud secrets add-iam-policy-binding slack-handler-token --member serviceAccount:$(gcloud config get-value project)@appspot.gserviceaccount.com --role roles/secretmanager.secretAccessor --condition None

# slack-handler-channel
gcloud secrets add-iam-policy-binding slack-handler-channel --member serviceAccount:$(gcloud config get-value project)@appspot.gserviceaccount.com --role roles/secretmanager.secretAccessor --condition None

Deploy the cloud function

# Clone the repo
git clone https://github.com/gschaeffer/scc-slack-messages

# Update the project id using the PROJECT var set above
sed -i '' "s/PROJECT_ID/${PROJECT}/" deploy_func.sh

# Deploy the Cloud Function
./deploy_func.sh

Cleanup

To remove resources use the gcloud scripts below.

# Remove the Cloud Function 
gcloud functions delete 

# Remove the secrets
gcloud secrets delete slack-handler-token
gcloud secrets delete slack-handler-channel

References

About

Slack messages for Google Security Command Center Findings

Resources

Readme

License

MIT license
Activity

Stars

17 stars

Watchers

3 watching

Forks

4 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages