Review cases for identity and access issues

This page explains how to review cases corresponding to identity and access findings in Security Command Center.

Security Command Center automatically creates cases for threat findings, toxic combinations, and findings related to toxic combinations.

Before you begin

Make sure you have completed the following tasks before continuing:

View case details

To view the case details of an identity and access misconfiguration case from the Findings page, take the following steps:

  1. In the Google Cloud console, select Findings in the navigation.
  2. Click Identity to display a pre-filtered query for identity and access findings.
  3. Identify a finding with a value in the Case ID column.
  4. Do one of the following to open the case details:

    • Click the value in the Case ID column.
    • Click the finding name in the Category column. In the Finding details pane, go to the Case information section. Click the case ID number in the Case ID row.

    The Cases window opens and displays details about the case, including the following information:

    • List of alert events associated with the case
    • Playbooks attached to the alert
    • A finding description
    • Next steps for remediation
    • Information about the impacted asset
    • Ticket information (if you connected your ticketing system to Security Command Center)
  5. If you have connected Security Command Center to Jira or ServiceNow, you can use the ticket ID link to navigate to your ticketing system.

  6. Check the Case Wall tab for details about the activity performed on the case and included alerts.

  7. Check the Case Overview tab for a full overview of the case.

On the Cases page, you can see all cases created for your environment, not just identity and access cases. You can navigate all existing cases in the cases list on the left side of the page. You can also search and filter the list to make it easier to identify cases to focus on.

For more information on working with cases, see Cases overview.

What's next