This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Announcements
Webinar May 29th: Log Ingestion: Bindplane + Google SecOps
Log in to ask a question

Security Command Center Enterprise: Step 2.1 - Visualization | Risk Overview

on ‎12-27-2024 07:17 AM - edited on ‎02-14-2025 01:53 PM by Community Manager

GCSCommunity
Staff
1 0 583

Table of Contents

SCCE_Journey_Visualization_01.png

The Security Command Center Enterprise overview dashboard can be used to find the most severely rated findings in your organization so that you can prioritize fixes.

Actions

Visualization_RiskOverview_01.png
Threat

The Risk Overview dashboard highlights the most critical security findings to help you prioritize threats effectively.

 
Show More

Steps
  1. In the Risk Overview section, users will see a dashboard of the several rated findings in their organization, so the can prioritize fixes.
  2. There users will see the Threat Cases widget to provide visualization to Triage and Investigate the latest threats with cases. 
  3. Users will see a graph with a count of Total Cases, and a Priority Rating Scale, listing Cases as:
    1. Critical
    2. High
    3. Medium
    4. Low
    5. Info
  4. Each Rating Scale will have the number of Cases associated with each Priority Rating Scale, where users can select to view the Cases List in the Google SecOps’ Cases feature.
  5. The Cases feature will be covered further in the Google SecOps Cases section of the Onboarding Journey.
  6. Users can click the View All Threat Cases link at the bottom-right of the Widget, to View All Threat Cases in Google SecOps, which will show the Cases. If users just click each grouping of Cases by Priority in the Widget, users will see a list of Cases by Name and ID number.
  7. This view gives users an overview of all cases and their associated Assignee.
  8. In the Threat Findings Widget users can see the list of High Risk Threats by finding Severity in a Graph. This will also list Cases by:
    1. Resource Type
    2. Category
    3. Project
  9. Users can click the View All Alerts link at the bottom-right of the Widget, to View All Alerts in Google SecOps to view the Threat Findings Alerts List in the Google SecOps Alerts & IOCs feature.
  10. The Alerts feature will be covered further in the Google SecOps Detection section of the Onboarding Journey.
Relevant Documentation Links
Visualization_RiskOverview_02.png
Vulnerability

The Vulnerability Cases widget provides key insights into your organization's most critical vulnerabilities, helping you prioritize fixes and track high-risk areas.

 
Show More

Steps
  1. The Vulnerability Cases widget provides visualization to Triage and Track an organization’s riskiest Vulnerabilities with Cases.
  2. Users will see a graph with a count of Total Cases, and a Priority Rating Scale, listing Cases as:
    1. Critical
    2. High
    3. Medium
    4. Low
    5. Info
  3. Each Rating Scale will have the number of Cases associated with each Priority Rating Scale, where users can view the Vulnerabilities List in the Google SCCE Cloud Platform’s Vulnerabilities by Case list by selecting Cases by Priority or by selecting View All Vulnerabilities by Case. This page will include Vulnerabilities Findings query results.
  4. Users can click the View All Vulnerability Cases link at the bottom-right of the Widget, to View All Vulnerability Cases in the Cases List in the Google SecOps’ Cases feature.
  5. The Cases feature will be covered further in the Google SecOps Detection section of the Onboarding Journey.
  6. In the Active Vulnerability Findings Widget, users will be able to visualize their highest risk Vulnerabilities by finding resource type.
  7. This view will provide a graph listing Vulnerabilities by:
    1. Findings by Attack Exposure Score
    2. Findings by Resource Type
  8. Below the graph is a list of Vulnerability Findings with an Attack Exposure Score. This list will display the:
    1. Category
    2. Attack Exposure Score
    3. Resource Path
    4. Case ID
    5. Resource
  9. Users can click the View All Findings with Attack Exposure link at the bottom-right of the Widget, to View All Findings with Attack Exposure in the Findings list of the Google SCCE Cloud Platform’s Findings feature. This page will include Vulnerabilities Findings Query Results.
  10. In the Top CVE Findings of your Virtual Machines, users can prioritize their highest risk CVEs by Impact and Exploitability.
  11. Users can click the View All CVE Findings link at the bottom-right of the Widget, to View CVE Findings in the Findings list of the Google SCCE Cloud Platform’s Risk Overview> Findings by CVE feature. This page will include Findings by CVE ID list, with an option to view in the Findings feature.
Relevant Documentation Links
Visualization_RiskOverview_03.png
Identity and Access

The Identity and Access widget highlights high-severity findings related to identity and access, enabling you to detect and mitigate security risks associated with permissions and controls.

 
Show More

Steps
  1. The Identity and Access Findings widget provides visualization of the Top Severity Identity and Access Findings by category.
  2. Users will see a list of Top Severity Identity and Access Findings. This list will display by:
    1. Severity
    2. Finding Category
    3. Cloud Provider
    4. Total Findings
  3. Users can click the View All Identity and Access Findings link at the bottom of the Widget, to View All Identity and Access Findings in the Findings list of the Google SCCE Cloud Platform’s Findings feature. This page will include Identity and Access Findings Query Results.
  4. Users will see an option to Review Access with Policy Analyzer for Google Cloud link at the bottom-right of the Widget. By clicking it users will be brought to the Policy Analyzer feature of the Google Cloud Console’s IAM & Admin page.
  5. The Policy Analyzer helps you answer "Who has access to a resource and what can they do?" It examines the user’s IAM Policy Settings, and then shows them how they affect each principal and resource.
  6. Users will create a Query in each section, based on the question template they have, by selecting:
    1. Create Query
    2. Create Custom Query
  7. After users configure their Query, users will select Analyze.
Relevant Documentation Links
Visualization_RiskOverview_04.png
AI Workload

AI Workload Findings allow users to review violations to secure AI policies, drift from intended AI policies, and security issues detected on AI resources.

 
Show More

Steps
  1. The AI Workload widget provides visualization of violations to secure AI policies.
  2. Users will see the following sections:
    1. Vulnerabilities
    2. Policy Drift

  3.  

    The Vulnerabilities section will have the following columns:
    1. Category
    2. Severity
    3. Resource
  4. Users can click the View all link at the bottom-right of the widget to View All of the AI Workload Vulnerabilities Findings in the Google SCCE Cloud Platform's Findings feature. This page will include AI Workload Vulnerabilities Findings Query Results.
  5. The Policy Drift section will have the following columns:
    1. Changed Policy
    2. Event Time
    3. Resource
  6. Users can click the View All link at the bottom-right of the widget, to View All in the AI Workload Policy Drift Findings list of the Google SCCE Cloud Platform’s Findings feature. This page will include AI Workload Policy Drift Findings Query Results.
Relevant Documentation Links
Visualization_RiskOverview_05.png
Data Security

Data security findings displays the top severity data security findings, by finding category.

 
Show More

Steps
  1. The Data Security widget provides visualization to severity data security findings.
  2. The Data Security section will have the following columns:
    1. Severity
    2. Findings Category
    3. Total Findings
  3. Users can click the View All Data Security Findings link at the bottom-right of the widget, to View All Data Security Findings in the Data Security Findings list of the Google SCCE Cloud Platform’s Findings feature. This page will include  Data Security Findings Query Results.
  4. Users can click the Review Detailed Data Posture in Sensitive Data Protection link at the bottom-right of the widget, to Review Detailed Data Posture in Sensitive Data Protection in the Sensitive Data Protection section of the Google SCCE Cloud Platform’s Data Protection feature.
  5. Users will be automatically be brought to the Discovery Dashboard of the Sensitive Data Protection page. This will display the following information:
    1. Product Coverage
    2. Sensitive Data Inventory Details
    3. Asset Locations
    4. InfoType Graphs
    5. Risk Over Time Graph
    6. Sensitivity Over Time Graph
  6. The Discovery Dashboard also allows users to view and make changes to the following sections:
    1. Profiles
    2. Scan Configurations
    3. Cost Estimates
    4. Service Connections
    5. Create Configurations
Relevant Documentation Links

Next Step: Security Command Center Enterprise: Step 2.2 - Visualization | Threats 

Previous Step: Security Command Center Enterprise: Step 2 - Visualization Overview 

Contributors
Version history
Last update:
‎02-14-2025 01:53 PM
Updated by:
Community Manager