View threats

This page explains how to view threats detected by the firewall endpoint for the intercepted traffic by using the Google Cloud console.

Firewall endpoints perform signature-based threat detection and prevention on the intercepted traffic from your virtual machine (VM) instances. Cloud Next Generation Firewall provides default threat signatures, supported threat severity levels, and threat overrides that you use to identify malicious activity and prevent network attacks. Use the Threat page to view threats detected in your network during a specific timeframe.

To view a summary of the threats observed during a specific period in your network, go to the Cloud NGFW Dashboard.

To learn more about threats, see Threat signatures overview.

Roles and permissions

To get permissions that you need to view the threat page, ask your administrator to grant you the necessary Identity and Access Management (IAM) roles on your organization. For more information about granting roles, see Manage access.

View threats


  1. In the Google Cloud console, go to the Threats page.

    Go to Threats

  2. If necessary, select your Google Cloud project.

  3. Select the timeframe for which you want to view the threats detected. You can select the duration from 1 hour to 30 days. Threats detected during the selected timeframe are displayed.

  4. Optional: To further refine the listed threats, select one or more of the following filters:

    • Severity
    • Alert time on
    • Alert time before
    • Alert time after
    • Threat name
    • Threat type
  5. To view logs for a specific threat, click View audit log next to the threat name. The Cloud Logging page appears that displays the detailed logs for the selected threat. To understand the threat log structure, see Threat logs.

What's next