Stay organized with collections
Save and categorize content based on your preferences.
Issues are the most important security risks Security Command Center
Enterprise has found in your cloud environments. They're available in the
Risk section of the Security Operations console, giving you the opportunity to
respond quickly to vulnerabilities and threats.
Issues are discovered through virtual red teaming and
rule-based detections. For example, a detection with the name
High Risk CVE on GCE with direct access to a high value resource covers the
following situation:
A high risk, common vulnerability or exposure (CVE) has been found on a
Compute Engine VM in your cloud environment.
That compromised VM has access to a
high value resource
through a service account.
A detection can discover multiple instances of an issue.
By default in the Security Operations console, issues with the same
severity and detection are grouped together.
Issue sources
Issues are classified as medium, high, or critical severity,
and come from the following sources:
The security graph is a graph database that has cloud resources like assets,
identities, apps, and data assigned to its nodes, while the edges of the graph
determine the risk relationship between those resources following detection
rules. When a relationship risk is discovered, security graph generates
an issue.
Issue lifecycle
Issues remain active until they are resolved. They can be
resolved by fixing the findings referenced in the issues, or by
deleting the affected resources.
Inactive issues have a retention period of 90 days, after which they
are deleted.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-28 UTC."],[],[],null,["# Issues overview\n\n| Enterprise [service tier](/security-command-center/docs/service-tiers)\n\n*Issues* are the most important security risks Security Command Center\nEnterprise has found in your cloud environments. They're available in the\n**Risk** section of the Security Operations console, giving you the opportunity to\nrespond quickly to vulnerabilities and threats.\n\nIssues are discovered through virtual red teaming and\nrule-based *detections* . For example, a detection with the name\n**High Risk CVE on GCE with direct access to a high value resource** covers the\nfollowing situation:\n\n- A high risk, common vulnerability or exposure (CVE) has been found on a Compute Engine VM in your cloud environment.\n- That compromised VM has access to a [high value resource](/security-command-center/docs/attack-exposure-define-high-value-resource-set) through a service account.\n\nA detection can discover multiple instances of an issue.\nBy default in the Security Operations console, issues with the same\nseverity and detection are grouped together.\n\nIssue sources\n-------------\n\nIssues are classified as medium, high, or critical severity,\nand come from the following sources:\n\n- [Toxic combinations and chokepoints](/security-command-center/docs/toxic-combinations-overview)\n- [Predefined security graph rules](/security-command-center/docs/predefined-security-graph-rules)\n\nThe security graph is a graph database that has cloud resources like assets,\nidentities, apps, and data assigned to its nodes, while the edges of the graph\ndetermine the risk relationship between those resources following detection\nrules. When a relationship risk is discovered, security graph generates\nan issue.\n\nIssue lifecycle\n---------------\n\nIssues remain active until they are resolved. They can be\nresolved by fixing the findings referenced in the issues, or by\ndeleting the affected resources.\n\nInactive issues have a retention period of 90 days, after which they\nare deleted.\n\nWhat's next\n-----------\n\n[Manage and remediate issues](/security-command-center/docs/issues-manage-remediate)"]]
