Google Cloud SCC

Receive Google Cloud Security Command Center threat and vulnerability findings via Pub/Sub.

InboundCloud Platforms
Start Free Trial

Quick Setup

Copy Webhook URL

Go to your Alert24 dashboard and copy the webhook URL for Google Cloud SCC.

Configure Google Cloud SCC

Add the webhook URL in your Google Cloud SCC settings.

Auto-Detected

Alert24 auto-detects Google Cloud SCC payloads and maps them to incidents.

Step-by-Step Setup Instructions

Google Cloud SCC Webhook Setup

1.In Google Cloud Console, go to Security → Security Command Center
2.Create a NotificationConfig for the findings you want to receive:
gcloud scc notifications create alert24-notifications \
  --organization=<ORG_ID> \
  --pubsub-topic=projects/<PROJECT_ID>/topics/scc-findings \
  --filter='state="ACTIVE"'
3.Create a Pub/Sub push subscription on the topic:
gcloud pubsub subscriptions create alert24-push \
  --topic=scc-findings \
  --push-endpoint=<WEBHOOK_URL>
4.Findings will be delivered as base64-encoded Pub/Sub messages

Example Webhook Payload

This is a sample payload that Google Cloud SCC sends to Alert24 when an alert fires.

{
  "message": {
    "data": "eyJub3RpZmljYXRpb25Db25maWdOYW1lIjoib3JnYW5pemF0aW9ucy8xMjM0L25vdGlmaWNhdGlvbkNvbmZpZ3MvYWxlcnQyNCJ9",
    "messageId": "1234567890",
    "publishTime": "2024-01-15T10:30:00Z"
  },
  "subscription": "projects/my-project/subscriptions/alert24-push",
  "notificationConfigName": "organizations/123456789/notificationConfigs/alert24",
  "finding": {
    "name": "organizations/123456789/sources/1/findings/abc123",
    "state": "ACTIVE",
    "category": "PERSISTENCE: New API Key Created",
    "findingClass": "THREAT",
    "severity": "HIGH"
  }
}

How Alert24 Maps Google Cloud SCC Data

Status Field

finding.state

Message Field

finding.category

Auto-Create Incidents

Yes

Auto-Resolve Incidents

Yes

Status Mapping

Alert24 StatusGoogle Cloud SCC Values
operational
INACTIVE
down
ACTIVE

Connect Google Cloud SCC to Alert24 in minutes

Free plan includes 5 monitors, 1 status page, and incident management. No credit card required.

Start Free TrialSee Pricing

More Cloud Platforms Integrations

AWS CloudWatch

Inbound

Receive CloudWatch alarm notifications via SNS webhook.

Azure Monitor

Inbound

Receive Azure Monitor alerts and log Activity Log changes to correlate infrastructure changes with incidents.

Azure Service Health

Inbound

Receive Azure Service Health incident, maintenance, and advisory notifications.

Azure Resource Health

Inbound

Receive Azure Resource Health notifications for individual resource availability.

Google Cloud Monitoring

Inbound

Receive Google Cloud Monitoring (formerly Stackdriver) alerts.

Google Cloud Audit Logs

Inbound

Log GCP Audit Log events as changes via Pub/Sub push to correlate infrastructure changes with incidents.