Extend your security view from the edge.
Google Cloud Security Command Center makes use of organization and project-level IAM permissions. As such, the person who deploys this integration will need to have the Organization Admin role.
If you run into errors, the cause is most like your permissions scope. Fix these by modifying
cd cloudflare-security-events/deployment vim .env.yml
Unless otherwise specified during onboarding,
.env.yml looks inside the project (PROJECT_ID) for the BigQuery table and Cloud Storage bucket:
// default settings – cloudflare_logs.camiliame_logs must be under active-incline-183216 for this to work PROJECT_ID: active-incline-183216 GCLOUD_ORG: '1065635207347' CREDENTIALS: ./scc_key.json BUCKET_NAME: cloudflare-logs-bucket BQ_DATASET: cloudflare_dataset.events_table SERVICE_ACCOUNT: gcp-gcp-admin BASE_DIR: /usr/local/scc-serverless DEPLOYMENT_DIR: /usr/local/scc-serverless/deployment
You can reassign environment variables to be project-specific like this:
Note: if you don't have Logpush setup to stream logs in Google Cloud Storage, reach out to your customer success manager or go here if you know what you're doing: https://dash.cloudflare.com?analytics
gcloud config set project MY_PROJECT
cd cloudflare-security-events npm install
cfse scc post