Release Notes

This page documents production updates to Cloud Security Command Center (Cloud SCC). You can periodically check this page for announcements about new or updated features, bug fixes, known issues, and deprecated functionality.

To get the latest product updates delivered to you, add the URL of this page to your feed reader.

August 20, 2019

The following Security Health Analytics finding type names have changed:

Old Name New Name
LOGGING_DISABLED CLUSTER_LOGGING_DISABLED
MONITORING_DISABLED CLUSTER_MONITORING_DISABLED
NO_ROOT_PASSWORD SQL_NO_ROOT_PASSWORD
WEAK_ROOT_PASSWORD SQL_WEAK_ROOT_PASSWORD

May 10, 2019

Using VPC Service Controls currently blocks Cloud SCC asset discovery inside VPC Service perimeters for the following asset types:

  • Compute Engine
    • Addresses
    • Routes
    • VPN Tunnels
  • Cloud Storage Buckets
  • GKE Clusters

This is expected to be fixed in a future release.

For information about troubleshooting access issues, see VPC Service Controls Troubleshooting. To work around the access to these assets, see Granting access from the internet with access levels.

April 10, 2019

Cloud SCC is now in general availability (GA). These release notes include updated items from beta and new items for GA.

ListAssetResult has changed.

GroupFindingsResponse now includes totalSize.

gcloud command-line tool support for Cloud SCC is now available.

There are now client libraries available for C#, Go, Java, Node.JS, PHP, Python, and Ruby.

Previously only active state findings were shown in the UI. You can now also choose to show inactive state findings.

ListFindings and GroupFindings now supports comparison between two points in time. For more information, see the compareDuration parameter.

Assets now include Cloud IAM information for organizations, projects, Compute Engine, Cloud Storage, and others where applicable. Cloud IAM Policy information can be searched, filtered, and joined with all other Asset information and Security Marks.

Native integration with Security Health Analytics for native managed vulnerability scanning.

Native integration with Event Threat Detection for log-based threat detection.

Native integrations with Phishing Protection.

The Cloud SCC dashboard now enables you to select whether just active state findings are displayed or both active and inactive.

The Cloud SCC dashboard now enables you to set active or inactive state for each finding.

The Cloud SCC dashboard now enables you to perform a time-diff query for a fixed set of time periods.

You can now export Cloud SCC data as filtered Asset or Findings data to the Cloud Storage bucket and project you select.

Hello World example app is expanded to include Cloud Functions functions for: removing bucket ACLs, deleting firewall rules, and creating a VM snapshot.

New example apps are available for:

  • Integrations with Access Transparency Logs, Audit Logging, and Binary Authorization.
  • Connecting to Splunk.

For more information, see Installing Cloud SCC tools.

Additional security partner integrations through [Marketplace](https://console.cloud.google.com/marketplace/details/google-cloud-platform/cloud-security-command-center.

Sorting on Asset ID column on the asset page doesn't work as expected.

Sorting on the following findings page columns doesn't work as expected:

  • eventTime
  • source property
  • security mark
  • id
  • externalUri

Sorting isn't supported for source properties and security marks on the findings changed page.

After you've created a new asset, the new asset won't appear in Cloud SCC until it's re-scanned. To see current asset state before the daily re-scan, trigger an on-demand re-scan and then wait at least 5 minutes to see the new asset appear in Cloud SCC.

After you've made a Cloud IAM policy change on an asset, the updated policy won't appear in Cloud SCC until it's re-scanned. To see current Cloud IAM policy before the daily re-scan, trigger an on-demand re-scan and then wait at least 10 minutes to see the updated Cloud IAM policies in Cloud SCC.

Code examples are still in progress for C#, Node.js, PHP, and Ruby.

Hai trovato utile questa pagina? Facci sapere cosa ne pensi:

Invia feedback per...

Cloud Security Command Center
Hai bisogno di assistenza? Visita la nostra pagina di assistenza.