Vendors Google Cloud Platform Security Command Center SCC Chokepoint Findings

SCC Chokepoint Findings

Critical attack path convergence points

Chokepoint findings from Google Cloud Security Command Center Security Graph, identifying resources or resource groups where high-risk attack paths converge based on attack path simulations.

chokepoint attack-path risk-assessment security-graph gcp

JSON Format 7 Fields Low Frequency Generator

Preview Sample View Schema

Overview

Chokepoint findings identify a resource or resource group where high-risk attack paths converge, based on attack path simulations. Remediating a chokepoint finding might remediate multiple toxic combinations.

When Generated:

Single network path provides access to multiple high-value resources
Service account acts as gateway to multiple sensitive data sources
Firewall rule creates single point of access for critical systems
IAM role grants access to multiple critical resources through one principal
Load balancer routes traffic to all backend services without segmentation

Security Relevance:

Critical

Compliance:

NIST 800-53 (SC-7, AC-3) ISO 27001 (A.13.1.1, A.9.1.2) CIS GCP Foundation 2.0 SOC 2 (CC6.1)

Frequency Notes:

Chokepoint findings are generated by Security Graph analysis when attack path simulations identify convergence points. These are rare but critical findings that represent single points of failure in security architecture. Remediating chokepoints can eliminate multiple attack paths simultaneously.

Resources

Documentation

Finding Classes - Chokepoint official
Toxic Combinations and Chokepoints Overview official
Security Graph official

Generation Configuration

Base Frequency: 3 events/hour

Time Patterns:

business_hours night_hours weekend

Business Hours Multiplier: 1.1x

Night Hours Multiplier: 0.95x

Weekend Multiplier: 0.8x

Field Definitions

Complete field reference for this event type with data types, descriptions, and example values.

Field Name	Type	Required	Format	Description	Example	Possible Values
name Source: Constructed with 'chokepoint-' prefix	String	Required	`organizations/{org_id}/sources/{source_id}/locations/global/findings/chokepoint-{finding_id}`	Full resource name of the chokepoint finding	`organizations/123456789/sources/9732761411165682985/locations/global/findings/chokepoint-abc123...`	—
category	String	Required	—	Chokepoint category	`NETWORK_CHOKEPOINT`	`NETWORK_CHOKEPOINT` — Network resource creates chokepoint `IAM_CHOKEPOINT` — IAM resource creates chokepoint `DATA_ACCESS_CHOKEPOINT` — Data access resource creates chokepoint `SERVICE_CHOKEPOINT` — Service resource creates chokepoint
sourceProperties.chokepoint Source: Object with description, chokepointType, criticality, affectedResources, attackExposureScore, and remediationGuidance	Object	Required	—	Chokepoint details	—	—
sourceProperties.chokepoint.affectedResources Source: Array of resource objects with resourceName, resourceType, and sensitivity	Array	Required	—	Array of high-value resources accessible through the chokepoint	—	—
sourceProperties.chokepoint.attackExposureScore Source: random_choice([8, 9, 10])	Integer	Required	—	Attack exposure score (0-10)	`10`	—
severity Source: random_weighted favoring CRITICAL (60%)	String	Required	—	Chokepoint severity level	`CRITICAL`	`CRITICAL` — Critical chokepoint `HIGH` — High severity chokepoint `MEDIUM` — Medium severity chokepoint
findingClass Source: Static 'CHOKEPOINT'	String	Required	—	Finding class identifier	`CHOKEPOINT`	—

Details

Fields

Low

Frequency

Feedback

No ratings yet