Stay organized with collections
Save and categorize content based on your preferences.
This page explains how to view threats detected by the firewall endpoint for
the intercepted traffic by using the Google Cloud console.
Firewall endpoints perform signature-based threat detection and prevention on
the intercepted traffic from your virtual machine (VM) instances.
Cloud Next Generation Firewall provides default
threat signatures, supported threat severity levels, and threat overrides that
you use to identify malicious activity and prevent network attacks.
Use the Threat page to view threats detected in your network during a
specific timeframe.
To view a summary of the threats observed during a specific period in your
network, go to the Cloud NGFW Dashboard.
To get permissions that you need to view the threat page, ask your
administrator to grant you the necessary Identity and Access Management (IAM) roles on your
organization. For more information about granting roles, see
Manage access.
View threats
Permissions required for this task
To perform this task, you must have been granted the following permissions
or one of the following IAM roles on your organization.
Permissions
networksecurity.securityProfiles.create
Roles
compute.networkAdmin
Console
In the Google Cloud console, go to the Threats page.
Select the timeframe for which you want to view the threats detected. You
can select the duration from 1 hour to 30 days.
Threats detected during the selected timeframe are displayed.
Optional: To further refine the listed threats, select one or more of
the following filters:
Severity
Alert time on
Alert time before
Alert time after
Threat name
Threat type
To view logs for a specific threat, click View audit log next to the
threat name.
The Cloud Logging page appears that displays the detailed logs for
the selected threat. To understand the threat log structure, see
Threat logs.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-29 UTC."],[[["\u003cp\u003eThis page outlines the process of viewing threats detected by firewall endpoints in the Google Cloud console, which perform signature-based threat detection on traffic from your virtual machine (VM) instances.\u003c/p\u003e\n"],["\u003cp\u003eYou can access a summary of network threats within a specified time period through the Cloud NGFW Dashboard.\u003c/p\u003e\n"],["\u003cp\u003eTo view threats, users need to navigate to the \u003cstrong\u003eThreats\u003c/strong\u003e page in the Google Cloud console and must have the required IAM permissions or roles within their organization.\u003c/p\u003e\n"],["\u003cp\u003eThe listed threats can be refined by applying filters such as severity, alert time, threat name, and threat type, allowing for a more focused analysis.\u003c/p\u003e\n"],["\u003cp\u003eYou can view audit logs for each specific threat detected by clicking "View audit log", and the cloud logging page will display the detail logs.\u003c/p\u003e\n"]]],[],null,["# View threats\n\nThis page explains how to view threats detected by the firewall endpoint for\nthe intercepted traffic by using the Google Cloud console.\n\nFirewall endpoints perform signature-based threat detection and prevention on\nthe intercepted traffic from your virtual machine (VM) instances.\nCloud Next Generation Firewall provides default\nthreat signatures, supported threat severity levels, and threat overrides that\nyou use to identify malicious activity and prevent network attacks.\nUse the **Threat** page to view threats detected in your network during a\nspecific timeframe.\n\nTo view a summary of the threats observed during a specific period in your\nnetwork, go to the Cloud NGFW [Dashboard](https://console.cloud.google.com/net-security/firewall-manager/dashboard/cards).\n\nTo learn more about threats, see [Threat signatures overview](/firewall/docs/about-threats).\n\nRoles and permissions\n---------------------\n\nTo get permissions that you need to view the threat page, ask your\nadministrator to grant you the necessary Identity and Access Management (IAM) roles on your\norganization. For more information about granting roles, see\n[Manage access](/iam/docs/granting-changing-revoking-access).\n\nView threats\n------------\n\n#### Permissions required for this task\n\nTo perform this task, you must have been granted the following permissions\n*or* one of the following IAM roles on your organization.\n\n**Permissions**\n\n- `networksecurity.securityProfiles.create`\n\n**Roles**\n\n- `compute.networkAdmin` \n\n### Console\n\n1. In the Google Cloud console, go to the **Threats** page.\n\n [Go to Threats](https://console.cloud.google.com/net-security/threats/list)\n2. If necessary, select your Google Cloud project.\n\n3. Select the timeframe for which you want to view the threats detected. You\n can select the duration from 1 hour to 30 days.\n Threats detected during the selected timeframe are displayed.\n\n4. Optional: To further refine the listed threats, select one or more of\n the following filters:\n\n - Severity\n - Alert time on\n - Alert time before\n - Alert time after\n - Threat name\n - Threat type\n5. To view logs for a specific threat, click **View audit log** next to the\n threat name.\n The Cloud Logging page appears that displays the detailed logs for\n the selected threat. To understand the threat log structure, see\n [Threat logs](/firewall/docs/threat_logs).\n\nWhat's next\n-----------\n\n- [Create and manage security profiles](/firewall/docs/configure-security-profiles)\n- [Create and manage security profile groups](/firewall/docs/configure-security-profile-groups)\n- [Create and manage firewall endpoints](/firewall/docs/configure-firewall-endpoints)\n- [Create and manage firewall endpoint associations](/firewall/docs/configure-firewall-endpoint-associations)"]]
