Manage and remediate issues

Stay organized with collections Save and categorize content based on your preferences.

Required roles

To get the permissions that you need to work with issues, ask your administrator to grant you the following IAM roles on the organization:

• To view issues, one of the following roles:
  • Security Center Findings Viewer (roles/securitycenter.findingsViewer)
  • Security Center Issues Viewer (roles/securitycenter.issuesViewer)
• To view, mute, and unmute issues: Security Center Issues Editor (roles/securitycenter.issuesEditor)

For more information about granting roles, see Manage access to projects, folders, and organizations.

These predefined roles contain the permissions required to work with issues. To see the exact permissions that are required, expand the Required permissions section:

Required permissions

The following permissions are required to work with issues:

• To view issues:
  • securitycenter.issues.get
  • securitycenter.issues.list
  • securitycenter.issues.group
  • securitycenter.issues.listFilterValues
• To mute and unmute issues: securitycenter.issues.mute

You might also be able to get these permissions with custom roles or other predefined roles.

View issues

You can find issues in two places:

• The Risk > Overview page. This page shows an at-a-glance view of the top risks found in your cloud environments, including issues.
• The Risk > Issues page, which lists all issues found in your cloud environments. It also provides greater detail on each of the issues, including how to remediate them.

To view all issues, go to Risk > Issues.

To view individual issues, expand a detection group, and then click one of the issues in the group. The issue's details panel opens, which contains the following elements:

• A summary of the issue.
• An interactive attack path or evidence diagram.
• Findings related to the issue.
• A How to fix tab, which provides remediation steps.
• For toxic combinations and chokepoints (Preview), an Exposed valued resources tab, which lists the high-valued resources that are affected by the issue.
• For security graph insights, an Impacted Resources tab, which lists the resources that contribute to the issue. This tab displays if more than six resources contribute to an issue.
• A JSON tab, which provides the issue data in JSON format.

To step between issues in the queue, click the arrow icons next to the Take Actions button.

Remediate issues

To remediate an issue, complete the following instructions:

1. To view all issues, go to Risk > Issues.
2. Select your Google Cloud organization.
3. By default, grouped issues are ranked by severity. Within the group, the issues are ranked by attack exposure score. To sort all issues by attack exposure score instead, disable Group by detections.
4. Select an issue.
5. Review the issue's description and evidence.
6. If there are related findings, view their details.
7. If multiple critical issues are found on a primary resource in a toxic combination or chokepoint (Preview), a message displays after the Evidence diagram. To optimize your remediation efforts, click Filter issues for this primary resource in this message to focus on resolving issues for that specific resource. Click the back arrow near Add filter when you want to remove the filter.
8. Click Explore full attack paths in the Evidence diagram for an in-depth understanding of the issue, and how the attack paths expose high-value resources.
9. Click How to fix, and follow the guidance to help mitigate the risk.

Mute issues

If the risk that's posed by an issue is acceptable to your business or you can't remediate it, you can choose to mute it. This tags the issue as muted, and records who muted the issue and when. You can only mute individual issues, not entire detections.

To mute an issue, complete the following steps:

1. Open an issue's details panel.
2. Click Take Actions.
3. Click Mute.
4. Enter the reason why you are muting the issue, and then click Mute.

After you've muted an issue, it can take a few minutes for this to be reflected in the issues list. After this, the issue won't show in the list with the default filters applied.

View muted issues

To view muted issues, click Add filter, and then add a Show muted issues filter with a value of Yes. Click Apply to apply the filter.

Unmute issues

To unmute an issue, complete the following steps:

1. Filter the view by muted issues.
2. Open the issue's details panel.
3. Click Take Actions.
4. Click Unmute.
5. Enter the reason why you are unmuting the issue, and then click Unmute.