Issues are the most important security risks Security Command Center Enterprise has found in your cloud environments. They're available in the Risk section of the Security Operations console, giving you the opportunity to respond quickly to vulnerabilities and threats.
Issues are discovered through virtual red teaming and rule-based detections. For example, a detection with the name High Risk CVE on GCE with direct access to a high value resource covers the following situation:
- A high risk, common vulnerability or exposure (CVE) has been found on a Compute Engine VM in your cloud environment.
- That compromised VM has access to a high value resource through a service account.
A detection can discover multiple instances of an issue. By default in the Security Operations console, issues with the same severity and detection are grouped together.
Issue sources
Issues are classified as medium, high, or critical severity, and come from the following sources:
- Toxic combinations and chokepoints (Preview)
- Security graph insights.
The security graph is a graph database that has cloud resources like assets, identities, apps, and data assigned to its nodes, while the edges of the graph determine the risk relationship between those resources following detection rules. When a relationship risk is discovered, security graph generates an issue.
Issue lifecycle
Issues remain active until they are resolved. They can be resolved by fixing the findings referenced in the issues, or by deleting the affected resources.
Inactive issues have a retention period of 90 days, after which they are deleted.