Stay organized with collections
Save and categorize content based on your preferences.
This page explains how to view threats detected by the firewall endpoint for
the intercepted traffic by using the Google Cloud console.
Firewall endpoints perform signature-based threat detection and prevention on
the intercepted traffic from your virtual machine (VM) instances.
Cloud Next Generation Firewall provides default
threat signatures, supported threat severity levels, and threat overrides that
you use to identify malicious activity and prevent network attacks.
Use the Threat page to view threats detected in your network during a
specific timeframe.
To view a summary of the threats observed during a specific period in your
network, go to the Cloud NGFW Dashboard.
To get permissions that you need to view the threat page, ask your
administrator to grant you the necessary Identity and Access Management (IAM) roles on your
organization. For more information about granting roles, see
Manage access.
View threats
Permissions required for this task
To perform this task, you must have been granted the following permissions
or one of the following IAM roles on your organization.
Permissions
networksecurity.securityProfiles.create
Roles
compute.networkAdmin
Console
In the Google Cloud console, go to the Threats page.
Select the timeframe for which you want to view the threats detected. You
can select the duration from 1 hour to 30 days.
Threats detected during the selected timeframe are displayed.
Optional: To further refine the listed threats, select one or more of
the following filters:
Severity
Alert time on
Alert time before
Alert time after
Threat name
Threat type
To view logs for a specific threat, click View audit log next to the
threat name.
The Cloud Logging page appears that displays the detailed logs for
the selected threat. To understand the threat log structure, see
Threat logs.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-07 UTC."],[[["\u003cp\u003eThis page outlines the process of viewing threats detected by firewall endpoints in the Google Cloud console, which perform signature-based threat detection on traffic from your virtual machine (VM) instances.\u003c/p\u003e\n"],["\u003cp\u003eYou can access a summary of network threats within a specified time period through the Cloud NGFW Dashboard.\u003c/p\u003e\n"],["\u003cp\u003eTo view threats, users need to navigate to the \u003cstrong\u003eThreats\u003c/strong\u003e page in the Google Cloud console and must have the required IAM permissions or roles within their organization.\u003c/p\u003e\n"],["\u003cp\u003eThe listed threats can be refined by applying filters such as severity, alert time, threat name, and threat type, allowing for a more focused analysis.\u003c/p\u003e\n"],["\u003cp\u003eYou can view audit logs for each specific threat detected by clicking "View audit log", and the cloud logging page will display the detail logs.\u003c/p\u003e\n"]]],[],null,[]]
