>

Exporting Cloud SCC data

This guide describes how to export Cloud Security Command Center (Cloud SCC) data, including assets, findings, and security marks. Cloud SCC enables you to export data using the Cloud SCC API, or by using the Google Cloud Platform Console.

Before you begin

To export Cloud SCC data, you will need the following:

  • A Cloud Identity and Access Management (Cloud IAM) role that includes the permissions of the Security Center Admin Viewer role.
  • A GCP project in which you can create a new Cloud Storage bucket and write the export data.

Export data using the GCP Console

This section describes how to export Cloud SCC data to a JSON file using the GCP Console. When you use the GCP Console to export Cloud SCC data, Cloud SCC will obtain credentials or permissions to write to the Cloud Storage bucket automatically when you click Export.

Exporting data

To export a JSON file to a Cloud Storage bucket, follow the steps below. If you don't already have a Cloud Storage bucket you want to use, you can create one during the export process.

Finding and Asset data are exported in separate operations. If you want to filter the exported data, select the filters you want to use on the Assets or Findings tab before you export.

  1. Go to the GCP Console Security Command Center page.
    Go to the Security Command Center page
  2. Click Export.
  3. On the Export page that appears, configure the export:
    1. On the Entity Type drop-down list, select the kind of data that you want to export.
    2. On the Group Results By drop-down list, select how you want to group the export data.
      • The Filters list displays the filters you have selected for the entity type, if any.
    3. Under Display Results From, select the timestamp of the data you want to export.
    4. Under Export to, select the project to which you want to export the data.
    5. In the Export Path box, click Browse.
    6. On the Select object panel that appears, select an existing Cloud Storage bucket or click Create new bucket.
      1. To create a new bucket, enter a file name to save the data to in the File name box.
    7. After you select or create a bucket, click Select.
  4. When you're finished configuring the export, click Export JSON. If you selected an existing file in the bucket, the Confirm Overwrite dialog will display.
    • To overwrite the existing file, click Confirm.
    • To change the file you're writing to, click Cancel, then click Browse in the Export Path box and select or create a different file.

The configured data will be saved to the Cloud Storage bucket you specified.

Downloading exported data

To download the exported JSON data, follow the steps below:

  1. Go to the Cloud Storage bucket:
    • On the GCP Console, click the Export Notification. OR
    • Go to the GCP Console Storage Browser page and select the project and bucket to which you exported data.
  2. To download the JSON file, click the file name you entered when you exported the data.
  3. On the Save File dialog that appears, select the location where you want to save the JSON, and then click Save.

The JSON file is downloaded to the location you specified.

Export data using the Cloud SCC API

Exporting assets, findings, and marks using the Cloud SCC API uses the following methods:

  • ListAssets
  • GroupAssets
  • ListFindings
  • GroupFindings

If you specify a value in the groupBy field, then the GroupAssets or GroupFindings method is used. If you don't specify a groupBy value, then the ListAssets or ListFindings method is used.

These APIs return either assets or findings with their full set of properties, attributes, and associated marks in JSON format. Output from these APIs will be written to the storage location you specify, with the option to select the current reference time.

Was this page helpful? Let us know how we did:

Send feedback about...

Cloud Security Command Center
Need help? Visit our support page.