Vendors Google Cloud Platform Security Command Center SCC Misconfiguration Findings

SCC Misconfiguration Findings

Security configuration issues

Misconfiguration findings from Google Cloud Security Command Center Security Health Analytics, identifying incorrect or suboptimal configurations of GCP resources that create security vulnerabilities.

misconfiguration compliance security-posture configuration gcp

JSON Format 8 Fields Medium Frequency Generator

Preview Sample View Schema

Overview

Misconfiguration findings identify vulnerabilities caused by incorrect or suboptimal configuration of GCP resources. These findings can typically be fixed by updating the resource configuration to follow security best practices.

When Generated:

Cloud Storage buckets have public access enabled
Service accounts have overly permissive IAM roles
Firewall rules allow unrestricted access (0.0.0.0/0)
Compute instances use legacy networks
SSL/TLS policies use weak ciphers
Audit logging is disabled for critical services
Resources have public IP addresses unnecessarily

Security Relevance:

High

Compliance:

CIS GCP Foundation 2.0 NIST 800-53 (CM-6, AC-3) ISO 27001 (A.9.1.2) PCI-DSS (1.2, 2.1) SOC 2 (CC6.1)

Frequency Notes:

Misconfiguration findings are generated during continuous security posture assessments. Frequency increases during business hours when resources are actively being created or modified. Findings may reactivate if configurations are reverted to insecure states.

Resources

Documentation

Security Health Analytics official
Vulnerability Findings (includes misconfigurations) official
Remediate Configuration Error Findings official

Generation Configuration

Base Frequency: 25 events/hour

Time Patterns:

business_hours night_hours weekend

Business Hours Multiplier: 1.4x

Night Hours Multiplier: 0.9x

Weekend Multiplier: 0.6x

Field Definitions

Complete field reference for this event type with data types, descriptions, and example values.

Field Name	Type	Required	Format	Description	Example	Possible Values
name Source: Constructed with 'misconfig-' prefix	String	Required	`organizations/{org_id}/sources/{source_id}/locations/global/findings/misconfig-{finding_id}`	Full resource name of the misconfiguration finding	`organizations/123456789/sources/9732761411165682985/locations/global/findings/misconfig-abc123...`	—
category	String	Required	—	Misconfiguration category	`PUBLIC_BUCKET_ACL`	`PUBLIC_BUCKET_ACL` — Cloud Storage bucket with public access `ADMIN_SERVICE_ACCOUNT` — Service account with admin privileges `OPEN_FIREWALL` — Firewall rule allowing unrestricted access `OPEN_SSH_PORT` — SSH port open to public internet `LEGACY_NETWORK` — Resource using legacy network `WEAK_SSL_POLICY` — Weak SSL/TLS cipher configuration `PUBLIC_IP_ADDRESS` — Unnecessary public IP address `LOGGING_DISABLED` — Audit logging disabled
sourceProperties.Recommendation Source: Context-specific recommendation based on category	String	Required	—	Remediation recommendation for the misconfiguration	`Remove public access from Cloud Storage bucket and implement authenticated access controls`	—
sourceProperties.compliance Source: Compliance object with standard, version, and control	Object	Optional	—	Compliance standard and control information	—	—
sourceProperties.violationDetails Source: Object with observedValue, expectedValue, and assessmentTime	Object	Required	—	Details of the configuration violation	—	—
sourceProperties.ReactivationCount Source: random_int(0, 5)	Integer	Optional	—	Number of times this finding has been reactivated	`2`	—
severity Source: random_weighted favoring MEDIUM (50%)	String	Required	—	Misconfiguration severity level	`MEDIUM`	`CRITICAL` — Critical misconfiguration requiring immediate fix `HIGH` — High severity misconfiguration `MEDIUM` — Medium severity misconfiguration `LOW` — Low severity misconfiguration
findingClass Source: Static 'MISCONFIGURATION'	String	Required	—	Finding class identifier	`MISCONFIGURATION`	—

Details

Fields

Medium

Frequency

Feedback

No ratings yet