This page provides a list of reference guides and techniques for managing Security Health Analytics vulnerability findings using Cloud Security Command Center (Cloud SCC).
Filtering findings in Cloud Security Command Center
A large organization could have many vulnerability findings across their deployment to review, triage, and track. By using Cloud SCC with the available filters, you can focus on the highest severity vulnerabilities across your organization, and review vulnerabilities by asset type, security mark, and more.
Example: Filtering findings by severity and project
To view the highest severity Security Health Analytics findings:
- Go to the Cloud SCC Findings page in the Google Cloud Platform Console (GCP Console). Go to the Findings page
- In the Filter box, enter
source_properties.SeverityLevel:HIGH. You can also use SeverityLevel values of
You can apply additional filters, like reviewing vulnerabilities for a specific
project ID. For example:
After you filter your selection to the vulnerabilities that are important to you, you can select the vulnerability in Cloud SCC to view detailed information about the finding. This includes a description of the vulnerability and the risk, and recommendations for remediation.
Marking assets and findings with security marks
You can add custom properties to findings and assets in Cloud SCC by using security marks. Security marks enable you to identify high-priority areas of interest like production projects, tag findings with bug and incident tracking numbers, and more.
Whitelisting Security Health Analytics findings using security marks
You can whitelist assets in Security Health Analytics so that a scanner doesn't create a security finding for the asset. When you whitelist an asset, the finding is marked as resolved when the next scan runs. This could be helpful when you don't want to review security findings for projects that are isolated or fall within acceptable business parameters.
To whitelist an asset, add a security mark
allow_[FINDING_TYPE] for a specific
finding type. For example, for the finding type
SSL_NOT_ENFORCED, use the
For a full list of finding types, see Viewing vulnerabilities and threats.
To learn more about Security Marks and techniques for using them, see Using Cloud SCC security marks.
Programmatically Manage Findings
gcloud command-line tool with the Cloud SCC SDK enables you to
automate anything you can do in the Cloud SCC dashboard. You can
also remediate many findings using the
gcloud tool. For more
information, review the documentation for the resource types described in each