{
	"id": "4777dbfb-734b-40b2-a9b5-eb2d90dbc14c",
	"created_at": "2026-04-06T00:20:03.504492Z",
	"updated_at": "2026-04-10T13:12:44.885107Z",
	"deleted_at": null,
	"sha1_hash": "fdd3e08c039c83342bf17fba29baa981601db295",
	"title": "Use Security Command Center in the Google Cloud console",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 128950,
	"plain_text": "Use Security Command Center in the Google Cloud console\r\nArchived: 2026-04-05 23:12:20 UTC\r\nThis page provides an overview of Security Command Center in the Google Cloud console, describes the\r\nnavigation, and gives an overview of top-level pages.\r\nIf you haven't set up Security Command Center, see one of the following for instructions about how to activate it:\r\nTo activate the Standard or Premium tier, see Overview of activating Security Command Center.\r\nTo activate the Enterprise tier, see Activate the Security Command Center Enterprise tier.\r\nFor a general overview of Security Command Center, see Security Command Center overview.\r\nIf Security Command Center was recently activated, it might take time for data to appear. For information about\r\nthe scan frequency of Security Command Center services, see When to expect findings in Security Command\r\nCenter.\r\nRequired IAM permissions\r\nTo use Security Command Center with all service tiers, you must have an Identity and Access Management (IAM)\r\nrole that includes appropriate permissions:\r\nSecurity Center Admin Viewer ( roles/securitycenter.adminViewer ) lets you view Security Command\r\nCenter.\r\nSecurity Center Admin Editor ( roles/securitycenter.adminEditor ) lets you view Security Command\r\nCenter and make changes.\r\nYou must have one of the following:\r\nSecurity Center Admin ( roles/securitycenter.admin )\r\nSecurity Center Admin Editor ( roles/securitycenter.adminEditor )\r\nSecurity Center Viewer ( roles/securitycenter.adminViewer )\r\nSecurity Center Admin Viewer ( roles/securitycenter.adminViewer ) lets you view Security Command\r\nCenter.\r\nSecurity Center Admin Editor ( roles/securitycenter.adminEditor ) lets you view Security Command\r\nCenter and make changes.\r\nSecurity Center Admin Viewer ( roles/securitycenter.adminViewer ) lets you view Security Command\r\nCenter.\r\nSecurity Center Admin Editor ( roles/securitycenter.adminEditor ) lets you view Security Command\r\nCenter and make changes.\r\nChronicle Service Viewer ( roles/chroniclesm.viewer ) lets you view the associated Google SecOps\r\ninstance.\r\nhttps://cloud.google.com/security-command-center/docs/quickstart-scc-dashboard\r\nPage 1 of 9\n\nYou also need any of the following IAM roles:\r\nChronicle SOAR Admin ( roles/chronicle.soarAdmin )\r\nChronicle SOAR Threat Manager ( roles/chronicle.soarThreatManager )\r\nChronicle SOAR Vulnerability Manager ( roles/chronicle.soarVulnerabilityManager )\r\nTo enable access to SOAR-related features, you must also map these Identity and Access Management roles to a\r\nSOC role, Permission group, and Environment on the Settings \u003e SOAR settings page. For more information,\r\nsee Map and authorize users using IAM.\r\nIf your organization policies are set to restrict identities by domain, you must be signed in to the Google Cloud\r\nconsole on an account that's in an allowed domain.\r\nThe IAM roles for Security Command Center can be granted at the organization, folder, or project level. Your\r\nability to view, edit, create, or update findings, assets, and security sources depends on the level for which you are\r\ngranted access. To learn more about Security Command Center roles, see Access control.\r\nTo access Security Command Center in the Google Cloud console:\r\n1. Go to Security Command Center:\r\nGo to Security Command Center\r\nIf data residency is enabled and your organization uses the jurisdictional Google Cloud console, see About\r\nthe jurisdictional Google Cloud console.\r\n2. Select the project or organization that you want to view.\r\nIf Security Command Center is active in the organization or project you select, the Risk overview page\r\nappears.\r\nIf Security Command Center is not active, you are invited to activate it. For more information about\r\nactivating Security Command Center, see one of the following:\r\nStandard, Standard-legacy, or Premium: Overview of activating Security Command Center.\r\nEnterprise: Activate the Security Command Center Enterprise tier.\r\nSecurity Command Center navigation\r\nThe following describes the navigation in Security Command Center. The navigation differs depending on your\r\nSecurity Command Center service tier. The tasks that you can perform also depend on services that are enabled\r\nand the IAM permissions that you are granted.\r\nClick a link for an explanation of the page.\r\nThe following describes the navigation in Security Command Center Standard-legacy service tier.\r\nRisk overview\r\nhttps://cloud.google.com/security-command-center/docs/quickstart-scc-dashboard\r\nPage 2 of 9\n\nIssues page: Prompts you to upgrade to the Premium service tier.\r\nThreats: Prompts you to upgrade to the Premium service tier.\r\nCompliance: Prompts you to upgrade to the Premium service tier.\r\nAssets\r\nFindings\r\nSources\r\nPosture Management: Prompts you to upgrade to the Premium service tier.\r\nSettings\r\nThe following describes the navigation in Security Command Center Standard.\r\nRisk overview\r\nIssues page: Prompts you to upgrade to the Premium service tier.\r\nThreats: Prompts you to upgrade to the Premium service tier.\r\nCompliance\r\nAssets\r\nFindings\r\nSources\r\nPosture Management: Prompts you to upgrade to the Premium service tier.\r\nSettings\r\nThe following describes the navigation in Security Command Center Premium.\r\nRisk overview\r\nGraph Search\r\nIssues page\r\nFindings\r\nAssets\r\nCompliance\r\nPosture Management\r\nSources\r\nSettings\r\nIn the Security Command Center Enterprise left navigation, Cases links to pages in the Google Security\r\nOperations tenant that was configured during Security Command Center Enterprise activation.\r\nFor information about the features available in Google Security Operations, see Security Command Center\r\nEnterprise links to the Security Operations console.\r\nRisk overview\r\nGraph Search\r\nIssues page\r\nFindings\r\nAssets\r\nCompliance\r\nhttps://cloud.google.com/security-command-center/docs/quickstart-scc-dashboard\r\nPage 3 of 9\n\nPosture Management\r\nSources\r\nSettings\r\nSetup Guide\r\nCases\r\nRisk overview\r\nThe Risk overview page serves as your first-contact security dashboard, highlighting high-priority risks in your\r\ncloud environments identified by all built-in and integrated services.\r\nThe views on the Risk overview page differ depending on your service tier.\r\nLearn more about each investigative view by selecting one of the following views:\r\nAll risk: shows misconfiguration findings.\r\nVulnerabilities: displays vulnerabilities and related CVE information.\r\nIdentity: shows a summary of identity and access findings by category.\r\nThreats: Prompts you to upgrade to the Premium service tier.\r\nLearn more about each investigative view by selecting one of the following views:\r\nAll risk: shows misconfiguration findings.\r\nVulnerabilities: displays vulnerabilities and related CVE information.\r\nIdentity: shows a summary of identity and access findings by category.\r\nData: displays information about your data security posture.\r\nThreats: Prompts you to upgrade to the Premium service tier.\r\nLearn more about each investigative view by selecting one of the following views:\r\nAll risk: shows all data.\r\nVulnerabilities: displays vulnerabilities and related CVE information.\r\nIdentity: shows a summary of identity and access findings by category.\r\nData: displays information about your data security posture.\r\nAI Security: shows AI-related findings and security posture data.\r\nThreats: shows threat-related findings.\r\nLearn more about each investigative view by selecting one of the following views:\r\nAll risk: shows all data.\r\nVulnerabilities: displays vulnerabilities and related CVE information.\r\nIdentity: shows a summary of identity and access findings by category.\r\nData: displays information about your data security posture.\r\nAI Security: shows AI-related findings and security posture data.\r\nThreats: shows threat-related findings.\r\nhttps://cloud.google.com/security-command-center/docs/quickstart-scc-dashboard\r\nPage 4 of 9\n\nAssets\r\nThe Assets page provides a detailed display of all Google Cloud resources, also called assets, in your project or\r\norganization.\r\nFor more information about how to work with assets on the Assets page, see Work with resources in the console.\r\nCompliance\r\nBy default, when you activate Security Command Center, you enable Compliance Manager. The Compliance\r\npage shows the following tabs: Configure (New), Monitor (New), and Audit (New). These tabs let you create\r\nand apply cloud controls and frameworks, monitor your environment, and complete audits.\r\nIf you activated Security Command Center before Compliance Manager was generally available and you don't\r\nenable Compliance Manager, the Compliance page shows a Monitor tab only. This tab shows all industry\r\nbenchmarks that Security Command Center supports using Security Health Analytics and the percentage of\r\npassing benchmark controls. For more information about how Security Command Center supports compliance\r\nmanagement if Compliance Manager isn't enabled, see Assess compliance without Compliance Manager.\r\nFindings\r\nOn the Findings page, you can query, review, mute, and mark Security Command Center findings, the records that\r\nSecurity Command Center services create when they detect a security issue in your environment. For more\r\ninformation about how to work with findings on the Findings page, see Review and manage findings.\r\nGraph Search\r\nSecurity graph in Security Command Center is a database that understands and maps the relationships between\r\nyour cloud resources, their configurations, and associated security risks. These risks include vulnerabilities, access\r\npermissions, data sensitivity, and network exposure. This graph offers a comprehensive view of your cloud assets\r\nand their interdependencies.\r\nOn the Graph Search page, you can query the Security graph to proactively identify and monitor potential\r\nsecurity vulnerabilities within your environment.\r\nIssues\r\nIssues are the most important security risks that Security Command Center finds in your cloud environments,\r\ngiving you the opportunity to respond quickly to vulnerabilities and threats. Security Command Center discovers\r\nissues through virtual red teaming and rule-based detections. For information about investigating issues, see Issues\r\noverview.\r\nPosture management\r\nOn the Posture page, you can view details about the security postures that you created in your organization and\r\napply the postures to an organization, folder, or project. You can also view the available predefined posture\r\nhttps://cloud.google.com/security-command-center/docs/quickstart-scc-dashboard\r\nPage 5 of 9\n\ntemplates.\r\nSettings\r\nOpen the Settings page from the Settings link in the navigation. The Settings page lets you configure Security\r\nCommand Center, including the following:\r\nAdditional Security Command Center services\r\nMulti-cloud connectors\r\nHigh-value resource sets\r\nMute findings rules\r\nContinuous data exports\r\nSCC setup guide\r\nThe Setup guide page lets you activate Security Command Center Enterprise and configure additional services.\r\nFor more information, see Activate the Security Command Center Enterprise tier.\r\nSources\r\nThe Sources page contains cards that provide a summary of assets and findings from the security sources you\r\nhave enabled. The card for each security source shows some of the findings from that source. You can click the\r\nfinding category name to view all findings in that category.\r\nFindings by source\r\nThe Findings by source card displays a count of each category of finding that your enabled security sources\r\nprovide.\r\nTo view details about the findings from a specific source, click the source name.\r\nTo view details about all findings, click the Findings page, where you can group findings or view details\r\nabout an individual finding.\r\nSource summaries\r\nBelow the Findings by source card, separate cards appear for any built-in, integrated, and third-party sources you\r\nenabled. Each card provides counts of active findings for that source.\r\nThreats\r\nThreats are potentially harmful events in your cloud resources. Security Command Center displays threats in\r\ndifferent views, depending on your service tier.\r\nThe Threats page is not supported in Security Command Center Standard and Standard-legacy. You can view\r\nthreat findings on the Findings page.\r\nhttps://cloud.google.com/security-command-center/docs/quickstart-scc-dashboard\r\nPage 6 of 9\n\nIn Security Command Center Premium, the Threats navigation link opens the Risk Overview \u003e Threats\r\ndashboard.\r\nIn Security Command Center Enterprise, you view threats in the Risk Overview \u003e Threats dashboard.\r\nLegacy Vulnerabilities page\r\nThe legacy Vulnerabilities page lists all of the misconfiguration and software vulnerability findings that the built-in detection services of Security Command Center run in your cloud environments. For each listed detector, the\r\nnumber of active findings is displayed.\r\nTo view the Vulnerabilities page in Security Command Center, do the following:\r\n1. In the Google Cloud console, go to the Risk overview page.\r\nGo to Risk overview\r\n2. On the Risk Overview page, click Vulnerabilities.\r\n3. On the Vulnerabilities dashboard, click Go to legacy page.\r\nVulnerability detection services\r\nThe Vulnerabilities page lists detectors for the following built-in detection services of Security Command Center:\r\nNotebook Security Scanner (Preview)\r\nSecurity Health Analytics\r\nVulnerability Assessment for Amazon Web Services (AWS)\r\nWeb Security Scanner\r\nOther Google Cloud services that are integrated with Security Command Center also detect software\r\nvulnerabilities and misconfigurations. The findings from a selection of these services are also displayed on the\r\nVulnerabilities page. For more information about the services that produce vulnerability findings in Security\r\nCommand Center, see Detection services.\r\nInformation about vulnerability detector categories\r\nFor each misconfiguration or software vulnerability detector, the Vulnerabilities page shows the following\r\ninformation:\r\nStatus: an icon indicates whether the detector is active and whether the detector found a finding that needs\r\nto be addressed. When you hold the pointer over the status icon, a tooltip displays the date and time the\r\ndetector found the result or information about how to validate the recommendation.\r\nLast scanned: the date and time of the last scan for the detector.\r\nCategory: the category or type of vulnerability. For a list of the categories that each Security Command\r\nCenter service detects, see the following:\r\nNotebook Security Scanner findings (Preview)\r\nhttps://cloud.google.com/security-command-center/docs/quickstart-scc-dashboard\r\nPage 7 of 9\n\nSecurity Health Analytics findings\r\nVulnerability Assessment for AWS findings\r\nWeb Security Scanner findings\r\nRecommendation: a summary of how to remediate the finding. For more information, see the following:\r\nRemediating Security Health Analytics findings.\r\nRemediating Web Security Scanner findings\r\nReview and resolve package vulnerability findings\r\nActive: the total number of findings in the category.\r\nStandards: the compliance benchmark that the finding category applies to, if any. For more information\r\nabout benchmarks, see Vulnerabilities findings.\r\nFiltering vulnerability findings\r\nA large organization might have many vulnerability findings across their deployment to review, triage, and track.\r\nBy using filters that are available on the Security Command Center Vulnerabilities and Findings pages in the\r\nGoogle Cloud console, you can focus on the highest severity vulnerabilities across your organization, and review\r\nvulnerabilities by asset type, project, and more.\r\nFor more information about filtering vulnerability findings, see Filter vulnerability findings in Security Command\r\nCenter.\r\nLinks to the Security Operations console\r\nThe Security Command Center Enterprise tier includes features available on both the Google Cloud console pages\r\nand on Security Operations console pages.\r\nYou sign in to the Google Cloud console and navigate to Security Operations console pages from the Google\r\nCloud console navigation. This section describes the tasks that you can perform on each page and the navigation\r\nlinks that open Security Operations console pages.\r\nFor information about Google Security Operations features available with the Security Command Center\r\nEnterprise tier, see Google SecOps features in Security Command Center Enterprise.\r\nThe Google Cloud console pages let you perform tasks such as the following:\r\nActivate Security Command Center.\r\nSet up Identity and Access Management (IAM) permissions for all Security Command Center users.\r\nConnect to other cloud environments to collect resource and configuration data.\r\nWork with and export findings.\r\nAssess risks with attack exposure scores.\r\nWork with issues, the most important security risks Security Command Center Enterprise has found in your\r\ncloud environments.\r\nhttps://cloud.google.com/security-command-center/docs/quickstart-scc-dashboard\r\nPage 8 of 9\n\nIdentify high-sensitivity data with Sensitive Data Protection.\r\nInvestigate and remediate individual findings.\r\nConfigure Security Health Analytics, Web Security Scanner, and other Google Cloud integrated services.\r\nManage security postures.\r\nConfigure cloud controls and frameworks.\r\nManage a data security posture.\r\nAssess and report on your compliance with common security standards or benchmarks.\r\nView and search your Google Cloud assets.\r\nThe Security Operations console page lets you perform tasks such as the following:\r\nConnect to other cloud environments to collect log data for curated detections in security information and\r\nevent management (SIEM).\r\nConfigure security orchestration, automation, and response (SOAR) settings.\r\nConfigure users and groups for incident and case management.\r\nWork with cases, which includes grouping findings, assigning tickets, and working with alerts.\r\nUse an automated sequence of steps known as playbooks to remediate problems.\r\nUse Workdesk to manage actions and tasks waiting for you from open cases and playbooks.\r\nhttps://CUSTOMER_SUBDOMAIN.backstory.chronicle.security/cases\r\nWhere CUSTOMER_SUBDOMAIN is your customer-specific identifier.\r\nCases\r\nIn the Security Operations console, you use cases to obtain details about findings, attach playbooks to finding\r\nalerts, apply automatic threat responses, and track the remediation of security issues.\r\nFor information, see Cases overview in Google Security Operations documentation.\r\nWhat's next\r\nLearn about detection services.\r\nLearn how to use security marks.\r\nLearn how to configure Security Command Center services.\r\nSource: https://cloud.google.com/security-command-center/docs/quickstart-scc-dashboard\r\nhttps://cloud.google.com/security-command-center/docs/quickstart-scc-dashboard\r\nPage 9 of 9",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://cloud.google.com/security-command-center/docs/quickstart-scc-dashboard"
	],
	"report_names": [
		"quickstart-scc-dashboard"
	],
	"threat_actors": [],
	"ts_created_at": 1775434803,
	"ts_updated_at": 1775826764,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/fdd3e08c039c83342bf17fba29baa981601db295.pdf",
		"text": "https://archive.orkl.eu/fdd3e08c039c83342bf17fba29baa981601db295.txt",
		"img": "https://archive.orkl.eu/fdd3e08c039c83342bf17fba29baa981601db295.jpg"
	}
}