Skip to main content
Documentation
Technology areas
close
AI and ML
Application development
Application hosting
Compute
Data analytics and pipelines
Databases
Distributed, hybrid, and multicloud
Generative AI
Industry solutions
Networking
Observability and monitoring
Security
Storage
Cross-product tools
close
Access and resources management
Costs and usage management
Google Cloud SDK, languages, frameworks, and tools
Infrastructure as code
Migration
Related sites
close
Google Cloud Home
Free Trial and Free Tier
Architecture Center
Blog
Contact Sales
Google Cloud Developer Center
Google Developer Center
Google Cloud Marketplace
Google Cloud Marketplace Documentation
Google Cloud Skills Boost
Google Cloud Solution Center
Google Cloud Support
Google Cloud Tech Youtube Channel
/
English
Deutsch
Español – América Latina
Français
Indonesia
Italiano
Português – Brasil
中文 – 简体
中文 – 繁體
日本語
한국어
Console
Sign in
Security Command Center
Guides
Reference
Samples
Resources
Contact Us
Start free
Documentation
Guides
Reference
Samples
Resources
Technology areas
More
Cross-product tools
More
Related sites
More
Console
Contact Us
Start free
Discover
Product overview
Service tiers
Data and infrastructure security overview
Activate Security Command Center
Activation overview
Data residency
Plan for data residency
Security Command Center regional endpoints
When to expect findings
Control access with IAM
Overview of access control with IAM
Control access with organization-level activations
Control access with project-level activations
Configure custom organization policies
Activate Security Command Center Standard or Premium
Activate Security Command Center Standard or Premium for an organization
Enable CMEK for Security Command Center
Activate Security Command Center Standard or Premium for a project
Feature availability with project-level activations
Activate Security Command Center Enterprise for an organization
Activate Security Command Center Enterprise
Connect to AWS for configuration and resource data collection
Connect to Azure for configuration and resource data collection
Control access to features in SecOps console pages
Map and authenticate users to enable SOAR-related features
Integrate Security Command Center Enterprise with ticketing systems
Connect to AWS for log data collection
Connect to Azure for log data collection
Enable sensitive data discovery
Integrate with Assured OSS
Advanced configuration for threat management
Update the Enterprise use case for SOAR
Configure additional Security Command Center Enterprise features
Manage SOAR settings
Update AWS connection settings
Use Security Command Center in the Google Cloud console
Configure Security Command Center
Choose security sources
Configure Security Command Center services
Provision Security Command Center resources with Terraform
Connect to other cloud providers
Amazon Web Services (AWS)
Connect to AWS for configuration and resource data collection
Modify the connector for AWS
Microsoft Azure
Connect to Azure for configuration and resource data collection
Modify the connector for Azure
Security Command Center best practices
Cryptomining detection best practices
Integrate with other products
Google Security Operations SOAR
Cortex XSOAR
Elastic Stack
Elastic Stack using Docker
QRadar
ServiceNow
Snyk
Splunk
Work with findings and assets
Review and manage findings in the console
Edit findings queries
Inspect assets monitored by Security Command Center
Mute findings
Mute findings
Migrate from static to dynamic mute rules
Annotate findings and assets with security marks
Configure notifications and exports
Export Security Command Center data
Enable finding notifications for Pub/Sub
Stream findings to BigQuery
Bulk export findings to BigQuery
Export logs to Cloud Logging
Enable real-time email and chat notifications
Finding reference
Finding classes
Finding severities
Finding states
Work with issues
Issues overview
Predefined security graph rules
Manage and remediate issues
Explore the security graph
Work with cases
Cases overview
Using the workdesk
Determine ownership for posture findings
Group findings in cases
Mute findings in cases
Assign tickets in cases
Working with alerts
Work with playbooks
Playbooks overview
Automate IAM recommendations using playbooks
Enable public bucket remediation
Manage security postures
Security posture overview
Manage a security posture
Posture templates
Secure by default, essentials
Secure by default, extended
Secure AI, essentials
Secure AI, extended
Google Cloud services
BigQuery
Cloud Storage, essentials
Cloud Storage, extended
VPC networking, essentials
VPC networking, extended
Compliance standards
CIS Benchmark 2.0
ISO 27001
NIST 800-53
PCI DSS
Validate infrastructure as code
Validate IaC against your policies
Supported asset types and policies for IaC validation
Integrate IaC validation with Cloud Build
Integrate IaC validation with Jenkins
Integrate IaC validation with GitHub Actions
Create a sample IaC validation report
Manage security posture resources by using custom constraints
Assess risk
Assess risk at a glance
Assess risk with attack exposure scores and attack paths
Overview
Define your high-value resource set
Risk Engine feature support
Identify high-sensitivity data with Sensitive Data Protection
Capture risk data
Risk reports overview
Download risk reports
Detect and investigate threats
Detect threats
Detect threats to GKE containers
Container Threat Detection overview
Test Container Threat Detection
Use Container Threat Detection
Detect threats to Cloud Run containers
Cloud Run Threat Detection overview
Use Cloud Run Threat Detection
Detect threats from event logging
Event Threat Detection overview
Test Event Threat Detection
Use Event Threat Detection
Allow Event Threat Detection to access VPC Service Controls perimeters
Custom modules for Event Threat Detection
Overview of custom modules for Event Threat Detection
Create and manage custom modules
Correlated Threats overview
Detect and review sensitive actions
Sensitive Actions Service overview
Test Sensitive Actions
Use Sensitive Actions
Detect threats to VMs
Virtual Machine Threat Detection overview
Using Virtual Machine Threat Detection
Allow VM Threat Detection to access VPC Service Controls perimeters
Enable Virtual Machine Threat Detection for AWS
Inspect a VM for signs of kernel memory tampering
Detect external anomalies
Threat findings reference
Threat findings index
AI
AI threat findings
Initial Access: Dormant Service Account Activity in AI Service
Persistence: New AI API Method
Persistence: New Geography for AI Service
Privilege Escalation: Anomalous Impersonation of Service Account for AI Admin Activity
Privilege Escalation: Anomalous Multistep Service Account Delegation for AI Admin Activity
Privilege Escalation: Anomalous Multistep Service Account Delegation for AI Data Access
Privilege Escalation: Anomalous Service Account Impersonator for AI Admin Activity