Quickstart: Using the dashboard

This page walks you through accessing Cloud Security Command Center (Cloud SCC), configuring the display, and reviewing your Google Cloud Platform (GCP) resources. If Cloud SCC is not already set up for your organization, complete the Quickstart: Setting up Cloud SCC first.

Before you begin

To use Cloud SCC, you must have a Cloud Identity and Access Management (Cloud IAM) role that includes appropriate permissions:

  • To view Cloud SCC, you must have the Security Center Admin Viewer Cloud IAM role.
  • To make changes to Cloud SCC, you must have an appropriate editor role, like Security Center Admin Editor.

If your organization policies are set to restrict identities by domain, you must be signed in to the GCP Console on an account that's in an allowed domain.

Learn more about Cloud SCC roles.

Accessing the dashboard

This section walks through accessing Cloud SCC and viewing Assets and Findings for your Google Cloud Platform (GCP) resources.

To access the Cloud SCC dashboard:

  1. Go to the Cloud SCC page in the GCP Console.
    Go to the Security Command Center page
  2. Select the organization you want to review.

The Cloud SCC dashboard displays a basic overview of potential security risk findings. The dashboard includes the summary cards described below.

Viewing Assets

Assets are the GCP resources for your organization. The Assets Summary card displays a count of each type of asset in your organization as of the most recent scan. The display includes new, deleted, and total assets for the time period you specify. You can view the summary as a table or a graphical chart.

  • To view the summary for a recent time range, select one from the drop-down list on the Assets card.
  • To view the summary for a specific date and time, click View all assets, and then select the date and time on the time drop-down list.
  • To view your organization's tree hierarchy, click an asset type or View all assets.
  • To view details about an individual asset, select the Assets tab, and then click the asset name.

Learn more about Using the Assets display.

Viewing Findings

Findings are possible security risks. The Findings Summary card displays a count of each category of finding that the enabled finding sources provide.

  • To view details about the findings from a specific source, click the source name.
  • To view details about all findings, select the Findings tab.

On the Findings tab, you can group Findings or view details. Grouping by source type can help you identify which detector is the source. You can also group by detection category type, like cross-site scripting (XSS) or coin-mining.

  • To group Findings, toggle between View by options.
  • To view details about findings in a specific category, click the name under category.

Learn more about Using Findings.

Running common queries

This section describes how to run common queries to review your resources using Cloud SCC.

You can only select these filters in the Cloud SCC dashboard if your organization has the related resource type. If you receive the "Choose one of the suggested keys" error message, your organization might not have that resource type.

Find buckets with public legacy ACLs

  1. Go to the Cloud SCC Assets page in the GCP Console.
    Go to the Assets page
  2. In the Filter by text box:
    1. Type resource_properties.acl:allUsers, and then press Enter.
    2. Click the Filter by text box, and then select OR on the drop-down list.
    3. Type resource_properties.acl:allAuthenticatedUsers, and then press Enter.

Find firewall rules with SSH port 22 open

The following filter finds firewall rules with SSH port 22 open from any network.

  1. Go to the Cloud SCC Assets page in the GCP Console.
    Go to the Assets page
  2. In the Filter by text box:
    1. Type resource_properties.allowed:22, and then press Enter.
    2. Click the Filter by text box, and then select OR on the drop-down list.
    3. Type resource_properties.sourceRange:0.0.0.0/0, and then press Enter.

Find VMs with public IP addresses

  1. Go to the Cloud SCC Assets page in the GCP Console.
    Go to the Assets page
  2. In the Filter by text box, enter resource_properties.networkInterface:externalIP.

Find resource owners outside your organization

  1. Go to the Cloud SCC Assets page in the GCP Console.
    Go to the Assets page
  2. In the Filter by text box, enter resourceOwners:@**[YOUR_DOMAIN]**.

Find and monitor OS state in VMs

  1. Go to the Cloud SCC Assets page in the GCP Console.
    Go to the Assets page
  2. In the Filter by text box, enter resource_properties.disk:licenses.
  3. On the the list of displayed resources, click Columns, and then select disk under Resource Properties.

Cloud SCC Settings

In Cloud SCC settings, you can configure monitoring, permissions, and security sources. To access settings, click Settings on the Cloud SCC dashboard, and then select the tab you want to configure.

Asset Monitoring

By default, Cloud SCC discovers assets within each project during asset discovery. On the Asset Monitoring tab, you can include or exclude specific projects to be scanned for asset discovery. To configure asset monitoring select one of the available options:

  • All current and future projects: the default state in which assets within all your projects are scanned for asset discovery.
  • Include projects: select specific projects that will be scanned for asset discovery.
  • Exclude projects: select specific projects that won't be scanned for asset discovery.

After you save changes to Asset Monitoring, asset discovery will run and refresh the Assets display.

Permissions

On the Permissions tab, you can view and configure Cloud IAM roles for Cloud SCC. You can list permissions by Members or by Roles. To add or remove Cloud SCC Cloud IAM roles for a user, click Edit . In the Edit permissions panel that appears, add or remove roles.

Security Sources

Cloud SCC includes default sources like Cloud Anomaly Detection, Cloud Security Scanner, and Cloud DLP Data Discovery. On the Security Sources tab, you add new sources or enable and disable existing ones:

For more information about the security sources available in Cloud SCC, see viewing vulnerabilities and threats.

What's next

Was this page helpful? Let us know how we did:

Send feedback about...

Cloud Security Command Center
Need help? Visit our support page.