LogForge Logo LogForge
Home Vendors Search Download Login
Vendors Google Cloud Platform Security Command Center Security Command Center Findings
Google Cloud Platform Logo

Security Command Center Findings

Security threats and compliance violations

Security findings from Google Cloud Security Command Center V2, including custom threats, vulnerabilities, and policy violations detected across GCP resources and projects.

security threat-detection gcp compliance cloud-security
JSON Format 19 Fields Medium Frequency Generator
Preview Sample View Schema

Overview

Security findings generated by Google Cloud Security Command Center V2, providing centralized visibility into security threats, misconfigurations, and compliance violations across Google Cloud Platform resources.

When Generated:

  • When Security Command Center detects a custom threat pattern
  • When security policies are violated
  • When anomalous activity is detected on GCP resources
  • When vulnerability scanners identify security issues
  • When compliance violations are detected

Security Relevance:

High

Compliance:

CIS Google Cloud Platform Foundation Benchmark ISO 27001 SOC 2 PCI DSS HIPAA

Frequency Notes:

Security findings are generated based on continuous monitoring of GCP resources. Frequency varies based on security posture, with more findings during active development periods and fewer during stable operations. Business hours typically see higher finding rates due to increased resource changes and deployments.

Resources

Tools

Generation Configuration

Base Frequency: 15 events/hour
Time Patterns:
business_hours night_hours weekend
Business Hours Multiplier: 2.0x
Night Hours Multiplier: 0.6x
Weekend Multiplier: 0.4x

Field Definitions

Complete field reference for this event type with data types, descriptions, and example values.

Field Name Type Required Format Description Example Possible Values
timestamp
Source: now() | iso8601
 DateTime Required ISO 8601 ISO 8601 timestamp when the log was generated 2025-08-22T15:17:36.446Z
product
Source: Static string
 String Required Product identifier for Security Command Center GOOGLE_SECURITY_COMMAND_CENTER_V2
type
Source: Static string
 String Required Type of security source (Security Graph, Security Health Analytics, etc.) Security Graph
severity
Source: random_choice(['Critical', 'High', 'Medium', 'Low'])
 String Required Overall severity level of the finding High
Critical — Critical severity requiring immediate attention
High — High severity requiring prompt attention
Medium — Medium severity requiring attention
Low — Low severity for informational purposes
title
Source: random_choice of common threat titles
 String Required Human-readable title describing the security finding Custom Threat
source_json.finding.canonicalName
Source: Constructed from random project ID, source ID, and finding hash
 String Required Canonical resource name of the finding in the project scope projects/224068114279/sources/9732761411165682985/locations/global/findings/0c686e1c1add482f88aa11e637e1938a
source_json.finding.category
Source: random_choice of security categories
 String Required Category classification of the security finding Custom Threat
Custom Threat — Custom threat pattern detected
Malware — Malware detected on resources
Data Exfiltration — Suspicious data transfer patterns
Unauthorized Access — Unauthorized access attempts or breaches
Privilege Escalation — Privilege escalation detected
source_json.finding.createTime
Source: now() | iso8601
 DateTime Required ISO 8601 Timestamp when the finding was first created 2025-08-22T15:17:36.446Z
source_json.finding.eventTime
Source: now().subtract(seconds=random_int(1, 300)) | iso8601
 DateTime Required ISO 8601 Timestamp when the security event occurred 2025-08-22T15:17:34.570Z
source_json.finding.externalUri
Source: Constructed GCP console URL with organization ID
 String Optional External URI for additional details about the finding https://console.cloud.google.com/security/command-center/findings
source_json.finding.mute
Source: random_choice(['UNDEFINED', 'MUTED', 'UNMUTED'])
 String Required Mute status of the finding UNDEFINED
UNDEFINED — Mute status not defined
MUTED — Finding is muted and won't trigger alerts
UNMUTED — Finding is active and will trigger alerts
source_json.finding.severity
Source: random_choice(['CRITICAL', 'HIGH', 'MEDIUM', 'LOW'])
 String Required Severity level in uppercase format HIGH
CRITICAL — Critical severity
HIGH — High severity
MEDIUM — Medium severity
LOW — Low severity
source_json.finding.state
Source: random_choice(['ACTIVE', 'INACTIVE'])
 String Required Current state of the security finding ACTIVE
ACTIVE — Finding is currently active
INACTIVE — Finding has been resolved or is no longer active
source_json.resource.cloudProvider
Source: Static string
 String Required Cloud provider identifier GOOGLE_CLOUD_PLATFORM
source_json.resource.displayName
Source: registry.get_organization_field('gcp_project_name') or random_string
 String Required Human-readable display name for the GCP project komand-211617
source_json.resource.gcpMetadata.organization
Source: Constructed from organization ID
 String Required GCP organization resource path organizations/635513451221
source_json.resource.gcpMetadata.parentDisplayName
Source: registry.get_organization().name
 String Required Display name of the parent organization komandops.org
source_json.resource.service
Source: random_choice of common GCP services
 String Required GCP service that owns the resource cloudresourcemanager.googleapis.com
source_json.resource.type
Source: random_choice of common GCP resource types
 String Required GCP resource type identifier google.cloud.resourcemanager.Project

Details

19
Fields
Medium
Frequency
5
Tags
scc_finding
Event Type
Tags:
security threat-detection gcp compliance cloud-security

Feedback

No ratings yet