This page walks you through accessing the Cloud Security Command Center (Cloud SCC) Assets display to review your organization's Google Cloud Platform (GCP) resources.
Before you begin
To access the Cloud SCC assets display, you must have a Cloud Identity and Access Management (Cloud IAM) role that includes the permissions of the Security Center Assets Viewer role.
For more information about Cloud SCC Cloud IAM roles, see Access control.
Accessing the assets display
To access the assets display:
- Go to the Google Cloud Platform Console Security Command Center.
Go to the Security Command Center
- Select the organization you want to review.
- On the Security Command Center dashboard that appears, click the Assets tab.
The Cloud SCC assets detailed list view is displayed.
The assets display enables you to view assets for the entire organization or you can view assets only within a specific project, asset type, or change type. For a detailed view of attributes, resource properties, and findings on a specific asset, click the asset name under the resource_properties.name column.
Viewing by project
By default, assets are displayed in the organization and project hierarchy. To view assets associated with a specific resource, under View by Project, select the organization or project you want to review.
Viewing by asset type
To view your assets grouped by resource type, under the Assets tab, click Asset type. Assets are displayed in categories like application, bucket, project, and service. The following asset types are currently supported:
- Resource Manager
- App Engine
- Compute Engine
- Cloud DNS
- Cloud IAM
- Cloud Pub/Sub
- Cloud Spanner
- Cloud Storage
- Google Kubernetes Engine
- Container Registry
To view individual resources for a specific asset type, under View by Asset type, select the asset type you want to review. All of the assets in that category are displayed in the middle panel. To view details of a specific asset, click the asset.
Viewing by asset changed
To view new and deleted assets, under the Assets tab, click Asset changed. All assets are displayed, including sub-groups for new and deleted assets. You can select a time range for which results are displayed by clicking the drop-down list at the top of the assets list.
Viewing by Cloud IAM policy
Cloud SCC displays Cloud Identity and Access Management (Cloud IAM) policies for assets on the Assets tab under the iamPolicy column. To view Cloud IAM policy details for a specific asset, click Show/Hide next to the asset. Cloud IAM policies are also displayed on the asset details panel when you click the asset name under the resource_properties.name column.
Configuring the assets display
By default, the assets display includes the following columns:
- Asset name:
- Asset type:
- Asset owner:
- Any marks added to the asset:
- The Cloud Identity and Access Management (Cloud IAM) policies on the asset:
In a given session, you can hide any column except for
property.name, and you
can select more asset detail columns to display:
- To select the asset columns you want to display, click Columns.
- In the menu that appears, select the columns you want to display.
- To hide a column, click the column name to uncheck it.
To control the screen space for the Assets display, you can change the following options:
- Hide the GCP Console left side panel by clicking the left arrow.
- Resize the asset display columns by dragging the dividing line left or right.
- Hide the Marks right side panel by clicking Hide Info Panel.
To change the date and time of the results that the assets display includes, click the date and time drop-down, then select the date and time you want.
Sorting the assets display
To sort the assets display, click the column heading for the value by which you want to sort. Columns are sorted by numeric and then alphabetical order.