Finding classes

This page explains the finding classes that the Security Command Center services use to report security issues in your environment.

In finding definitions, the finding class is stored in the findingClass field. For more information about the findingClass field, see FindingClass.

Some findings do not include a finding class definition. Security Command Center classifies these findings as Finding class unspecified.

The classes include the following:

  • Threat
  • Vulnerability
  • Misconfiguration
  • Observation
  • SCC Error
  • Finding class unspecified

Threat class

Findings in the Threat class identify a potential active attack or other unwanted or malicious activity.

Findings in the Threat class should be investigated immediately.

For more information about findings in the Threat class, see Remediating threats.

Vulnerability class

Findings in the Vulnerability class identify a flaw or weakness in software programs that an attacker could use to gain access to or otherwise compromise your Google Cloud environment.

For more information about findings in the Vulnerability class, see Vulnerability findings.

Misconfiguration class

Findings in the Misconfiguration class identify vulnerabilities caused by the incorrect or suboptimal configuration of programs, assets, or other resources. In most cases, you can fix the problem by updating the configuration that is indicated in the findings.

Misconfigurations are a type of vulnerability. Most Misconfiguration findings from the built-in Security Command Center services are documented in Vulnerability findings.

Observation class

Findings in the Observation class describe an event, configuration detail, or other issue in your environment that might not be a problem in itself, but could be if your environment were to be compromised.

Security Command Center services that commonly issue observations include the following:

SCC error class

Findings in the SCC error class identify a problem in the configuration of Security Command Center or one of its services that prevents Security Command Center from detecting security issues in your Google Cloud environment.

For more information about findings in the SCC error class, see Overview of Security Command Center errors.

Finding class unspecified class

Findings in the Finding class unspecified class either do not have a value specified on the findingClass property or do not include the property at all.

To determine whether the finding identifies a threat, vulnerability, or other class of security issue, you need to review the finding and investigate the issue that it identifies.

Typically, the service that generates the finding determines the finding class and sets the findingClass property. We recommend that integrated and third-party service providers set the findingClass property, but doing so is not required.