Release Notes

This page documents production updates to Security Command Center (Security Command Center). You can periodically check this page for announcements about new or updated features, bug fixes, known issues, and deprecated functionality.

To get the latest product updates delivered to you, add the URL of this page to your feed reader, or add the feed URL directly:

November 11, 2019

Cloud SCC now supports full JSON with arrays and JSON objects as potential property types. This includes support for sorting on JSON object sub-fields, and filtering on:

  • Array elements
  • Full JSON objects with partial string match
  • JSON object sub-fields

Learn more about Filtering and sorting findings.

October 14, 2019

Security Health Analytics is now in beta and can now be enabled in the Sources Management page of Cloud SCC.

A new Vulnerabilities tab in Cloud SCC displays a dashboard that summarizes Security Health Analytics findings. This dashboard includes information about CIS benchmarks and recommended remediations.

Security Health Analytics no longer requires separate service account setup or permissions. Instead, it uses the Cloud SCC service account that's created for you during signup.

August 20, 2019

The following Security Health Analytics finding type names have changed:

Old Name New Name

May 10, 2019

Using VPC Service Controls currently blocks Cloud SCC asset discovery inside VPC Service perimeters for the following asset types:

  • Compute Engine
    • Addresses
    • Routes
    • VPN Tunnels
  • Cloud Storage Buckets
  • GKE Clusters

This is expected to be fixed in a future release.

For information about troubleshooting access issues, see VPC Service Controls Troubleshooting. To work around the access to these assets, see Granting access from the internet with access levels.

April 10, 2019

Cloud SCC is now in general availability (GA). These release notes include updated items from beta and new items for GA.

ListAssetResult has changed.

GroupFindingsResponse now includes totalSize.

gcloud command-line tool support for Cloud SCC is now available.

There are now client libraries available for C#, Go, Java, Node.JS, PHP, Python, and Ruby.

Previously only active state findings were shown in the UI. You can now also choose to show inactive state findings.

ListFindings and GroupFindings now supports comparison between two points in time. For more information, see the compareDuration parameter.

Assets now include Cloud IAM information for organizations, projects, Compute Engine, Cloud Storage, and others where applicable. Cloud IAM Policy information can be searched, filtered, and joined with all other Asset information and Security Marks.

Native integration with Security Health Analytics for native managed vulnerability scanning.

Native integration with Event Threat Detection for log-based threat detection.

Native integrations with Phishing Protection.

The Cloud SCC dashboard now enables you to select whether just active state findings are displayed or both active and inactive.

The Cloud SCC dashboard now enables you to set active or inactive state for each finding.

The Cloud SCC dashboard now enables you to perform a time-diff query for a fixed set of time periods.

You can now export Cloud SCC data as filtered Asset or Findings data to the Cloud Storage bucket and project you select.

Hello World example app is expanded to include Cloud Functions functions for: removing bucket ACLs, deleting firewall rules, and creating a VM snapshot.

New example apps are available for:

  • Integrations with Access Transparency Logs, Audit Logging, and Binary Authorization.
  • Connecting to Splunk.

For more information, see Installing Cloud SCC tools.

Additional security partner integrations through [Marketplace](

Sorting on Asset ID column on the asset page doesn't work as expected.

Sorting on the following findings page columns doesn't work as expected:

  • eventTime
  • source property
  • security mark
  • id
  • externalUri

Sorting isn't supported for source properties and security marks on the findings changed page.

After you've created a new asset, the new asset won't appear in Cloud SCC until it's re-scanned. To see current asset state before the daily re-scan, trigger an on-demand re-scan and then wait at least 5 minutes to see the new asset appear in Cloud SCC.

After you've made a Cloud IAM policy change on an asset, the updated policy won't appear in Cloud SCC until it's re-scanned. To see current Cloud IAM policy before the daily re-scan, trigger an on-demand re-scan and then wait at least 10 minutes to see the updated Cloud IAM policies in Cloud SCC.

Code examples are still in progress for C#, Node.js, PHP, and Ruby.

¿Te sirvió esta página? Envíanos tu opinión:

Enviar comentarios sobre…

Cloud Security Command Center
¿Necesitas ayuda? Visita nuestra página de asistencia.