SCC Vulnerability Findings
Software vulnerabilities and security weaknesses
Vulnerability findings from Google Cloud Security Command Center, including OS vulnerabilities, container vulnerabilities, web application vulnerabilities, and weak security configurations detected by various scanners.
Overview
Vulnerability findings identify flaws or weaknesses in software programs, containers, or configurations that attackers could exploit to compromise Google Cloud resources. These findings are generated by various Security Command Center scanners.
When Generated:
- Container Threat Detection identifies vulnerable packages in container images
- VM Manager detects OS-level vulnerabilities on compute instances
- Web Security Scanner finds application vulnerabilities
- Security Health Analytics identifies weak SSL ciphers or open firewall rules
- Vulnerability Assessment scans identify CVE vulnerabilities
Security Relevance:
HighCompliance:
Frequency Notes:
Vulnerability findings are generated during scheduled scans and continuous monitoring. Frequency depends on the number of resources, scan frequency, and vulnerability landscape. New vulnerabilities are typically discovered during business hours when scans are scheduled, but findings can appear at any time.
Resources
Documentation
- Vulnerability Findings Reference official
- Container Threat Detection official
- VM Manager Vulnerability Scanning official
- Web Security Scanner official
Generation Configuration
Field Definitions
Complete field reference for this event type with data types, descriptions, and example values.
| Field Name | Type | Required | Format | Description | Example | Possible Values |
|---|---|---|---|---|---|---|
|
name
Source: Constructed with 'vuln-' prefix
|
String | Required |
organizations/{org_id}/sources/{source_id}/locations/global/findings/vuln-{finding_id}
|
Full resource name of the vulnerability finding |
organizations/123456789/sources/9732761411165682985/locations/global/findings/vuln-abc123...
|
— |
|
category
|
String | Required | — | Vulnerability category classification |
OS_VULNERABILITY
|
OS_VULNERABILITY
— Operating system package vulnerability
CONTAINER_VULNERABILITY
— Container image vulnerability
WEB_APPLICATION_VULNERABILITY
— Web application security vulnerability
OPEN_FIREWALL
— Overly permissive firewall configuration
WEAK_SSL_CIPHER
— Weak SSL/TLS cipher configuration
|
|
sourceProperties.vulnerability.cve
Source: CVE object with ID, CVSSv3 scores, and references
|
Object | Required | — | Common Vulnerabilities and Exposures (CVE) information | — | — |
|
sourceProperties.vulnerability.cve.id
Source: CVE-{year}-{random_int(1000, 9999)}
|
String | Required |
CVE-YYYY-NNNN
|
CVE identifier |
CVE-2024-1234
|
— |
|
sourceProperties.vulnerability.cve.cvssv3.baseScore
Source: random_choice of common CVSS scores
|
Number | Required | — | CVSS v3 base score (0.0-10.0) |
7.5
|
— |
|
sourceProperties.vulnerability.vulnerablePackage
Source: Package object with name and version
|
Object | Required | — | Vulnerable package information | — | — |
|
sourceProperties.vulnerability.fixedPackage
Source: Package object with name, version, and type
|
Object | Optional | — | Fixed package version information | — | — |
|
sourceProperties.scannerName
|
String | Required | — | Scanner that identified the vulnerability |
Container Threat Detection
|
Container Threat Detection
— Container image vulnerability scanner
VM Manager
— VM OS vulnerability scanner
Web Security Scanner
— Web application vulnerability scanner
Security Health Analytics
— Configuration vulnerability scanner
|
|
severity
Source: random_weighted favoring MEDIUM (45%)
|
String | Required | — | Vulnerability severity level |
HIGH
|
CRITICAL
— Critical vulnerability (CVSS 9.0-10.0)
HIGH
— High severity vulnerability (CVSS 7.0-8.9)
MEDIUM
— Medium severity vulnerability (CVSS 4.0-6.9)
LOW
— Low severity vulnerability (CVSS 0.1-3.9)
|
|
findingClass
Source: Static 'VULNERABILITY'
|
String | Required | — | Finding class identifier |
VULNERABILITY
|
— |