Frequently asked questions

Can I limit who views which projects?
Yes. Permissions for Security Command Center can be applied at the organization, folder, and project level. For more information on Security Command Center roles, see Access control.
How can I export data?
To export data from Security Command Center, use the API or the Google Cloud Console. For more information about using the Cloud Console, see Exporting Security Command Center data.
Does Security Command Center support more assets like BigQuery?
Security Command Center supports discovery and inventory of BigQuery datasets. A future release will add support for BigQuery tables. We prioritize the addition of new products and resources based on customer feedback and demand.
Does Security Command Center support alerting and setting alert policies?

The Security Command Center API includes a notifications feature that sends information to a Pub/Sub topic to provide findings updates and new findings within minutes. Notifications include all finding information displayed in the Security Command Center dashboard. To get started, see Setting up finding notifications.

Security Command Center also provides an App Engine application that enables you to define custom queries for the Notifier app. The Notifier app and other Security Command Center tools become obsolete as their full functionalities are added to Security Command Center features. For now, you can use the app to publish your queries to a user-defined Pub/Sub topic and integrate the feed with email and SMS. Support is offered on best-effort basis only for all Security Command Center tools.

When are new features released, and when can we expect bug fixes?
Security Command Center is in GA, so we release regular bug fixes and functionality as available.
How fresh is the data that's displayed in the Security Command Center dashboard?
Data freshness depends on finding source and the time of the most recent asset scan. For more information, see the assets and findings sections on the using Security Command Center page.
Why is the OPEN_FIREWALL module not producing findings for some of my firewall rules containing the source IP range ?
Your firewall rule may contain a destination port which explicitly does not produce findings. There may be several reasons why findings are not being created. The firewall rule may be configured as a DENY rule. Your firewall rule may permit network traffic that utilizes protocols or ports explicitly ignored by the module. Findings are created for rules allowing traffic from any IP addresses ( of any protocol or to any port (applicable to TCP, UDP, and SCTP protocols) with the exceptions noted below. Findings are not created for + ICMP + TCP 443 (HTTPS) + TCP 22 (SSH) + SCTP 22 (SSH) + TCP 3389 (RDP) + UDP 3389 (RDP)