arrow_back

Mitigate Threats and Vulnerabilities with Security Command Center: Challenge Lab

Join Sign in
Test and share your knowledge with our community!
done
Get access to over 700 hands-on labs, skill badges, and courses

Mitigate Threats and Vulnerabilities with Security Command Center: Challenge Lab

Lab 1 hour universal_currency_alt 1 Credit show_chart Intermediate
Test and share your knowledge with our community!
done
Get access to over 700 hands-on labs, skill badges, and courses

GSP382

Google Cloud self-paced labs logo

Overview

In a challenge lab you’re given a scenario and a set of tasks. Instead of following step-by-step instructions, you will use the skills learned from the labs in the course to figure out how to complete the tasks on your own! An automated scoring system (shown on this page) will provide feedback on whether you have completed your tasks correctly.

When you take a challenge lab, you will not be taught new Google Cloud concepts. You are expected to extend your learned skills, like changing default values and reading and researching error messages to fix your own mistakes.

To score 100% you must successfully complete all tasks within the time period!

This lab is recommended for students who have enrolled in the Mitigate Threats and Vulnerabilities with Security Command Center skill badge. Are you ready for the challenge?

Topics tested

  • Create mute rules for Cymbal Bank
  • Analyze and fix Cymbal Bank's high vulnerability findings
  • Identify application vulnerabilities with SCC's security scanning features
  • Export Cymbal Bank Findings to a Google Cloud Storage Bucket

Setup and requirements

Before you click the Start Lab button

Read these instructions. Labs are timed and you cannot pause them. The timer, which starts when you click Start Lab, shows how long Google Cloud resources will be made available to you.

This hands-on lab lets you do the lab activities yourself in a real cloud environment, not in a simulation or demo environment. It does so by giving you new, temporary credentials that you use to sign in and access Google Cloud for the duration of the lab.

To complete this lab, you need:

  • Access to a standard internet browser (Chrome browser recommended).
Note: Use an Incognito or private browser window to run this lab. This prevents any conflicts between your personal account and the Student account, which may cause extra charges incurred to your personal account.
  • Time to complete the lab---remember, once you start, you cannot pause a lab.
Note: If you already have your own personal Google Cloud account or project, do not use it for this lab to avoid extra charges to your account.

Challenge scenario

5ce916afc496a60c.jpeg

Cymbal Bank is an American retail bank with over 2,000 branches in all 50 states. It offers comprehensive debit and credit services that are built on top of a robust payments platform. Cymbal Bank is a digitally transforming legacy financial services institution.

Cymbal Bank was founded in 1920 under the name Troxler. Cymbal Group acquired the company in 1975 after it had been investing heavily in Cymbal Group's proprietary ATMs. As the bank grew into a national leader, they put strategic emphasis on modernizing the customer experience both in-person at their branches and digitally through an app they released in 2014. Cymbal Bank employs 42,000 people nationwide and, in 2019, reported $24 billion in revenue.

In this challenge, you are a cloud security engineer tasked with securing Cymbal Bank's Google Cloud environment by leveraging Security Command Center's features. You have performed these tasks in previous labs. Now, it's your turn to demonstrate your proficiency with Security Command Center by implementing advanced threat detection and mitigation strategies, optimizing access controls, and ensuring compliance with industry regulations and best practices.

Task 1. Configure the environment

First, make some baseline configurations to Cymbal Bank's environment, so you can implement robust security controls with Security Command Center.

  1. Open the navigation menu and select Security > Security Command Center > Findings.
  2. From the time range selector, select Last 180 days. Your output should be similar to the following:
Active vulnerabilities graph over 180 days Warning: For all SCC interfaces you interact in this challenge lab, ensure that the time range selected is always set to 180 days! If you don't configure this properly, you may not be able to identify or verify any of the requirements for a task.

Task 2. Create mute rules for Cymbal Bank

Cymbal Bank is not interested in surfacing findings against certain resources in their Google Cloud environment.

  1. For this task, create three mute rules that address the following:
Name Finding Description
muting-flow-log-findings Flow logs disabled Rule for muting VPC Flow Logs
muting-audit-logging-findings Audit logging disabled Rule for muting audit logs
muting-admin-sa-findings Admin service account Rule for muting admin service account findings
Warning: Ensure that the time range selected is always set to 180 days! If you don't configure this properly, you may not be able to identify or verify any of the requirements for a task. Note: You can find what to place in your Finding Query by exploring the Finding's details in SCC.

Click Check my progress to verify the objective.

Create mute rules for Cymbal Bank

Task 3. Analyze and fix Cymbal Bank's high vulnerability findings

Cymbal Bank wants to remove two high severity Findings in their Google Cloud environment. You are tasked with using SCC to identify and follow the steps laid out to fix the following high severity Findings so they are no longer vulnerable:

  • Open SSH port
  • Open RDP port

Ensure that these rules are not facing the public internet. You can use the IP address 35.235.240.0/20 as a replacement for the ones facing the public internet.

Click Check my progress to verify the objective.

Fix Cymbal Bank's high vulnerability findings

Task 4. Identify application vulnerabilities with SCC's security scanning features

In addition to resolving any infrastructure findings, you also need to identify any application vulnerabilities. In many cases, application vulnerabilities can be introduced unknowingly, so as a cloud security engineer you want to be especially diligent of any new web applications running in your environment.

Cymbal Bank wants to test-run Web Security Scanner against a sample application deployed in this environment to ensure it is functioning properly. When you started this lab, a Terraform script deployed a sample banking web application running on a Google Compute Engine instance.

To run a Web Security scan, the External IP of the Compute Engine VM Instance needs to be static.

  1. Open the Navigation menu and select Compute Engine > VM instances. Click on edit.

  2. In the Network Interface section, expand the default network.

  3. Click the "External IPv4 address" dropdown and click Reserve Static External IP address .

  4. Give it the name static-ip and click Reserve.

  5. Click Save.

  6. Find the external IP address of the instance.

  7. Replace YOUR_EXTERNAL_IP in the URL field below with that IP address, and open the URL in a new browser tab:

http://<YOUR_EXTERNAL_IP>:8080

A Cymbal Bank corporate banking portal with a web form should appear.

Cymbal Bank web page

For this task, run a Web Security scan against this application's URL (with port 8080).

Click Check my progress to verify the objective.

Run a Web Security Scan

Task 5. Export Cymbal Bank Findings to Google Cloud Storage

Cymbal Bank wants to keep information about security incidents, vulnerabilities and misconfigurations for several years for auditing purposes. As a Cloud Security Engineer, your final task is to export all existing Findings to a Google Cloud Storage Bucket with the following specifications:

  • Bucket name: scc-export-bucket-
  • Location type: regional
  • Location:

The export should have the following properties:

  • Filename: findings.jsonl
  • Format: JSONL
  • Time Range: All time

Click Check my progress to verify the objective.

Export Cymbal Bank Findings to Google Cloud Storage

Congratulations!

By completing this challenge lab, you proved that you can create mute rules, analyze and fix high vulnerability findings, identify application vulnerabilities with SCC's security scanning features., and export Findings to a Google Cloud Storage bucket.

Mitigate Threats and Vulnerabilities with Security Command Center skill badge

Earn your next skill badge

This self-paced lab is part of the Mitigate Threats and Vulnerabilities with Security Command Center skill badge. Completing this skill badge earns you the badge above to recognize your achievement. Share your badge on your resume and social platforms, and announce your accomplishment using #GoogleCloudBadge.

This skill badge is part of Google Cloud’s Professional Cloud Security Engineer learning path. If you have already completed the other skill badges in this learning path, search the catalog for other skill badges in which you can enroll.

Google Cloud training and certification

...helps you make the most of Google Cloud technologies. Our classes include technical skills and best practices to help you get up to speed quickly and continue your learning journey. We offer fundamental to advanced level training, with on-demand, live, and virtual options to suit your busy schedule. Certifications help you validate and prove your skill and expertise in Google Cloud technologies.

Manual Last Updated April 26, 2024

Lab Last Tested November 21, 2023

Copyright 2024 Google LLC All rights reserved. Google and the Google logo are trademarks of Google LLC. All other company and product names may be trademarks of the respective companies with which they are associated.