Stay organized with collections
Save and categorize content based on your preferences.
Can I limit who views which projects?
Yes. Permissions for Security Command Center can be applied at the organization,
folder, and project level. For more information on Security Command Center roles,
see Access control.
How can I export data?
To export data from Security Command Center, use the
API or the Google Cloud console. For more
information about using the Google Cloud console, see
Exporting Security Command Center data.
Does Security Command Center support more assets like
BigQuery?
Security Command Center supports discovery and inventory of
BigQuery datasets. A future release will add support for
BigQuery tables. We prioritize the addition of new products
and resources based on customer feedback and demand.
Does Security Command Center support alerting and setting alert policies?
The Security Command Center API includes a notifications feature that sends
information to a Pub/Sub topic to provide findings updates and new
findings within minutes. Notifications include all finding information
displayed in the Google Cloud console. To get started, see
Setting up finding notifications.
Security Command Center also provides an App Engine application that
enables you to define custom queries for the
Notifier app. The Notifier
app and other Security Command Center tools become obsolete as their full
functionalities are added to Security Command Center features. For now, you can
use the app to publish your queries to a user-defined
Pub/Sub topic and integrate the feed with email and SMS.
Support is offered on best-effort basis only for all Security Command Center
tools.
When are new features released, and when can we expect bug fixes?
Security Command Center is in GA, so we release regular
bug fixes and functionality as available.
How fresh is the Security Command Center data that's displayed in the
Google Cloud console?
Data freshness depends on finding source and the time of the most recent
asset scan. For more information, see the assets and findings sections on
the
using Security Command Center
page.
Why is the OPEN_FIREWALL module not producing findings for some of my
firewall rules containing the source IP range 0.0.0.0/0 ?
Your firewall rule may contain a destination port which explicitly does
not produce findings.
There may be several reasons why findings are not being created.
The firewall rule may be configured as a DENY rule.
Your firewall rule may permit network traffic that utilizes protocols or
ports explicitly ignored by the module.
Findings are created for rules allowing traffic from any IP addresses
(0.0.0.0/0) of any protocol or to any port (applicable to TCP, UDP, and
SCTP protocols) with the exceptions noted below.
Findings aren't created for the following protocols:
ICMP
TCP 443 (HTTPS)
TCP 22 (SSH)
SCTP 22 (SSH)
TCP 3389 (RDP)
UDP 3389 (RDP)
Which types of findings are set to INACTIVE automatically, and which types
of findings need to be marked as INACTIVE manually?
A finding's type determines whether or not Security Command Center
automatically sets the state field of a finding to
INACTIVE after it is resolved. The following list explains
the different finding types and whether Security Command Center sets
the finding's state to INACTIVE automatically or not:
Vulnerability findings
Vulnerability findings are
automatically updated to INACTIVE after the remediation steps for
vulnerabilities are completed. Vulnerability findings are also
automatically updated to INACTIVE if the vulnerable asset is deleted.
Security Health Analytics and Web Security Scanner detectors generate vulnerability
findings that are available in Security Command Center. When they are enabled
in Security Command Center, integrated services, like VM Manager, also
generate vulnerability findings.
Threat findings
Threat findings represent
observation of one or more events, like execution of a process or initiation
of a network connection.
After a threat finding is resolved, Security Command Center does not
automatically set the state to INACTIVE.
The state of a threat finding remains active unless you change the
state manually.
Threats differ from vulnerabilities in that they are
dynamic and indicate a possible active exploit against one or
more resources, which is why your security personnel must use the
information in Security Command Center findings to determine the best
ways to remediate issues and secure resources against future attacks.
If your investigation determines that a threat finding is a
false positive, consider creating a mute rule
for the finding instead and leaving the state as ACTIVE.
Error Findings
Error findings are automatically marked as
INACTIVE after issues in the configuration are remediated. Error detectors
generate findings that point to issues in the configuration of your
Security Command Center environment. These configuration issues prevent
services (also known as finding providers or sources) from generating findings.
Who do I contact if I have questions about Security Command Center service tiers?
For questions regarding Security Command Center service tiers,
please contact your account representative or contact Google Cloud sales.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-28 UTC."],[],[],null,["# Frequently asked questions\n\n| Standard, Premium, and Enterprise [service tiers](/security-command-center/docs/service-tiers)\n\n\nCan I limit who views which projects?\n:\n Yes. Permissions for Security Command Center can be applied at the organization,\n folder, and project level. For more information on Security Command Center roles,\n see [Access control](/security-command-center/docs/access-control).\n\n\nHow can I export data?\n:\n To export data from Security Command Center, use the\n [API](/security-command-center/docs/reference/rest) or the Google Cloud console. For more\n information about using the Google Cloud console, see\n [Exporting Security Command Center data](/security-command-center/docs/how-to-export-data).\n\nDoes Security Command Center support more assets like\nBigQuery?\n:\n Security Command Center supports discovery and inventory of\n BigQuery datasets. A future release will add support for\n BigQuery tables. We prioritize the addition of new products\n and resources based on customer feedback and demand.\n\n\nDoes Security Command Center support alerting and setting alert policies?\n\n:\n The Security Command Center API includes a notifications feature that sends\n information to a Pub/Sub topic to provide findings updates and new\n findings within minutes. Notifications include all finding information\n displayed in the Google Cloud console. To get started, see\n [Setting up finding notifications](/security-command-center/docs/how-to-notifications).\n\n\n Security Command Center also provides an App Engine application that\n enables you to define custom queries for the\n [Notifier app](/security-command-center/docs/how-to-cloud-scc-tools#notifier). The Notifier\n app and other Security Command Center tools become obsolete as their full\n functionalities are added to Security Command Center features. For now, you can\n use the app to publish your queries to a user-defined\n Pub/Sub topic and integrate the feed with email and SMS.\n Support is offered on best-effort basis only for all Security Command Center\n tools.\n\n\nWhen are new features released, and when can we expect bug fixes?\n:\n Security Command Center is in GA, so we release regular\n bug fixes and functionality as available.\n\n\nHow fresh is the Security Command Center data that's displayed in the\nGoogle Cloud console?\n:\n Data freshness depends on finding source and the time of the most recent\n asset scan. For more information, see the assets and findings sections on\n the\n [using Security Command Center](/security-command-center/docs/how-to-use-security-command-center)\n page.\n\n\nWhy is the OPEN_FIREWALL module not producing findings for some of my\nfirewall rules containing the source IP range 0.0.0.0/0 ?\n\n: Your firewall rule may contain a destination port which explicitly does\n not produce findings.\n\n There may be several reasons why findings are not being created.\n The firewall rule may be configured as a DENY rule.\n Your firewall rule may permit network traffic that utilizes protocols or\n ports explicitly ignored by the module.\n Findings are created for rules allowing traffic from any IP addresses\n (0.0.0.0/0) of any protocol or to any port (applicable to TCP, UDP, and\n SCTP protocols) with the exceptions noted below.\n\n Findings aren't created for the following protocols:\n\n - ICMP\n - TCP 443 (HTTPS)\n - TCP 22 (SSH)\n - SCTP 22 (SSH)\n - TCP 3389 (RDP)\n - UDP 3389 (RDP)\n\n\nWhich types of findings are set to `INACTIVE` automatically, and which types\nof findings need to be marked as `INACTIVE` manually?\n\n: A finding's type determines whether or not Security Command Center\n automatically sets the `state` field of a finding to\n `INACTIVE` after it is resolved. The following list explains\n the different finding types and whether Security Command Center sets\n the finding's state to `INACTIVE` automatically or not:\n\n **Vulnerability findings**\n\n\n [Vulnerability findings](/security-command-center/docs/concepts-vulnerabilities-findings) are\n automatically updated to `INACTIVE` after the remediation steps for\n vulnerabilities are completed. Vulnerability findings are also\n automatically updated to `INACTIVE` if the vulnerable asset is deleted.\n Security Health Analytics and Web Security Scanner detectors generate vulnerability\n findings that are available in Security Command Center. When they are enabled\n in Security Command Center, integrated services, like VM Manager, also\n generate vulnerability findings.\n **Threat findings**\n\n\n [Threat findings](/security-command-center/docs/how-to-investigate-threats) represent\n observation of one or more events, like execution of a process or initiation\n of a network connection.\n\n\n After a threat finding is resolved, Security Command Center does not\n automatically set the `state` to `INACTIVE`.\n The state of a threat finding remains active unless you change the\n state manually.\n\n Threats differ from vulnerabilities in that they are\n dynamic and indicate a possible active exploit against one or\n more resources, which is why your security personnel must use the\n information in Security Command Center findings to determine the best\n ways to remediate issues and secure resources against future attacks.\n\n If your investigation determines that a threat finding is a\n false positive, consider creating a [mute rule](/security-command-center/docs/how-to-mute-findings#mute_findings)\n for the finding instead and leaving the state as `ACTIVE`.\n **Error Findings**\n\n\n [Error findings](/security-command-center/docs/concepts-scc-errors) are automatically marked as\n `INACTIVE` after issues in the configuration are remediated. Error detectors\n generate findings that point to issues in the configuration of your\n Security Command Center environment. These configuration issues prevent\n [services](/security-command-center/docs/how-to-configure-security-command-center#services) (also known as finding providers or [sources](/security-command-center/docs/concepts-security-sources)) from generating findings.\n\n\nWho do I contact if I have questions about Security Command Center service tiers?\n:\n For questions regarding Security Command Center service tiers,\n please contact your account representative or contact [Google Cloud sales](/contact)."]]
