SCC comes with a wealth of security monitors, threat detection rules and tools to check for vulnerabilities and misconfigurations.
Resources, architecture and configuration will differ per organization (or even per project) and there’s no ‘one fits all’ way to manage and categorize these findings; however I’ve found the table below a useful guide for these detector classes when discussing or working with different GCP environments.
Hope you find this useful on your security journey with SCC and if you have any questions or comments please feel free to add to this post.
* For Misconfigurations we would normally recommend using a filter to concentrate on high and critical priorities to start with to avoid findings overload
** There’s another Class which we not included in the table: Finding class unspecified class
Findings in the Finding class unspecified class either do not have a value specified on the findingClass property or do not include the property at all