This page explains the finding classes that the Security Command Center services use to report security issues in your environment.
In finding definitions, the finding class is stored in the findingClass
field. For more information about the findingClass
field, see
FindingClass
.
Some findings do not include a finding class definition. Security Command Center
classifies these findings as Finding class unspecified
.
The classes include the following:
Threat
Vulnerability
Misconfiguration
Observation
SCC Error
Finding class unspecified
Threat
class
Findings in the Threat
class identify a potential active attack
or other unwanted or malicious activity.
Findings in the Threat
class should be investigated immediately.
For more information about findings in the Threat
class, see
Remediating threats.
Vulnerability
class
Findings in the Vulnerability
class identify a flaw or weakness in software
programs that an attacker could use to gain access to or
otherwise compromise your Google Cloud environment.
For more information about findings in the Vulnerability
class, see
Vulnerability findings.
Misconfiguration
class
Findings in the Misconfiguration
class identify vulnerabilities caused by
the incorrect or suboptimal configuration of programs, assets, or other
resources. In most cases, you can fix
the problem by updating the configuration that is indicated in the findings.
Misconfigurations are a type of vulnerability. Most Misconfiguration
findings
from the built-in Security Command Center services are
documented in Vulnerability findings.
Observation
class
Findings in the Observation
class describe an event, configuration
detail, or other issue in your environment that might not be a problem
in itself, but could be if your environment were to be compromised.
Security Command Center services that commonly issue observations include the following:
SCC error
class
Findings in the SCC error
class identify a problem in the configuration
of Security Command Center or one of its services that prevents
Security Command Center from detecting security issues in your
Google Cloud environment.
For more information about findings in the SCC error
class, see
Overview of Security Command Center errors.
Finding class unspecified
class
Findings in the Finding class unspecified
class either do not have
a value specified on the findingClass
property or do not include the
property at all.
To determine whether the finding identifies a threat, vulnerability, or other class of security issue, you need to review the finding and investigate the issue that it identifies.
Typically, the service that generates the finding determines the finding
class and sets the findingClass
property. We recommend that integrated
and third-party service providers set the findingClass
property, but
doing so is not required.