This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

How to easily differentiate between different classes of Findings in SCC?

Posted on 12-12-2023 01:55 PM
andras
Staff
Reply posted on --/--/---- --:-- AM

SCC comes with a wealth of security monitors, threat detection rules and tools to check for vulnerabilities and misconfigurations.

Resources, architecture and configuration will differ per organization (or even per project) and there’s no ‘one fits all’ way to manage and categorize these findings; however I’ve found the table below a useful guide for these detector classes when discussing or working with different GCP environments.

Hope you find this useful on your security journey with SCC and if you have any questions or comments please feel free to add to this post.

Classes.png

 * For Misconfigurations we would normally recommend using a filter to concentrate on high and critical priorities to start with to avoid findings overload

** There’s another Class which we not included in the table: Finding class unspecified class

Findings in the Finding class unspecified class either do not have a value specified on the findingClass property or do not include the property at all

3 1 635
Topic Labels
1 REPLY 1

Posted on --/--/---- --:-- AM
Tabindanoor
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

The Security Command Center (SCC) offers a diverse set of security monitors, threat detection rules, and tools to identify vulnerabilities and misconfigurations in Google Cloud environments. The provided table serves as a valuable guide for managing and categorizing findings based on detector classes, recognizing that resources, architecture, and configurations vary across organizations and projects. It emphasizes filtering for high and critical priorities when dealing with misconfigurations to prevent information overload. Additionally, it mentions a class not included in the table, the "Finding class unspecified class," which represents findings without a specified value in the findingClass property or lacks the property altogether. This information aims to enhance understanding and effectiveness in navigating and addressing security issues within GCP environments using SCC.

0 Likes