Some Security Command Center features—detection services and finding categories—require access to logs, data, resources, or even other services outside of the scope of a single project, so are not available with project-level activations.
Many such features can be enabled by activating the Standard tier of Security Command Center (Security Command Center Standard) in the parent organization. However, a few of the listed features are not available at all with project-level activations.
Activating Security Command Center Standard, which is free of charge, enables the Standard-tier features for your entire organization, including all projects.
The following sections list the Security Command Center services and finding categories that require organization-level activations by service tier.
Features you can enable by activating the Standard tier in the parent organization
This section lists the features that you can enable for a project-level activation of Security Command Center by activating Security Command Center Standard in the parent organization.
Security Health Analytics findings
To enable the following Standard-tier finding categories for a project-level activation of Security Command Center Premium, activate Security Command Center Standard in the parent organization, which enables the finding for all projects in the organization:
MFA not enforcedPublic log bucket
You can enable the following Premium-tier finding categories in project-level activations of Security Command Center Premium by activating Security Command Center Standard in the parent organization:
Audit config not monitoredBucket IAM not monitoredCluster private Google access disabledCUSTOM_ORG_POLICY_VIOLATIONCustom role not monitoredDefault networkDNS logging disabledEgress deny rule not setFirewall not monitoredHTTP load balancerKMS project has ownerLegacy networkLocked retention policy not setLog not exportedNetwork not monitoredObject versioning disabledOrg policy Confidential VM policyOrg policy location restrictionOS login disabledOwner not monitoredPod security policy disabledRoute not monitoredSQL instance not monitoredToo many KMS usersWeak SSL policy
For the complete list of Security Health Analytics findings, see Vulnerabilities findings.
Event Threat Detection findings
You can enable the following Premium-tier finding categories in project-level activations of Security Command Center Premium by activating Security Command Center Standard in the parent organization:
Exfiltration: BigQuery data extractionExfiltration: CloudSQL data exfiltration
For a complete list of Event Threat Detection finding categories, see Event Threat Detection rules.
Integrated Google Cloud services
To enable the publication of findings from the following integrated Google Cloud services in a project-level activation of Security Command Center Premium, activate Security Command Center Standard in the parent organization, which enables the services for all projects in the organization:
You can enable the publication of findings from the following integrated Premium-tier Google Cloud service in project-level Premium-tier activations by activating Security Command Center Standard in the parent organization:
Integrations with third party services
You can enable the publication of findings from third-party services in project-level activations by activating Security Command Center Standard in the parent organization.
Features unavailable with project-level Premium-tier activations
Features listed in this section are Premium-tier features that require an organization-level activation of Security Command Center Premium. These features are not available with project-level Premium-tier activations.
Security Health Analytics finding categories unavailable with project-level activations
The following Security Health Analytics findings require organization-level activations of Security Command Center Premium:
Audit logging disabledKMS role separationRedis role used on orgService account role separation
For the complete list of Security Health Analytics findings, see Vulnerabilities findings.
Event Threat Detection finding categories unavailable with project-level activations
The following Event Threat Detection findings require organization-level activations of Security Command Center Premium:
Defense evasion: modify VPC service controlInitial access: account disabled hijackedInitial access: disabled password leakInitial access: government based attackInitial access: suspicious login blockedPersistence: new geographyPersistence: new user agentPersistence: SSO enablement togglePersistence: SSO settings changedPersistence: strong authentication disabledPersistence: two step verification disabledPrivilege escalation: external member added to privileged groupPrivilege escalation: privileged group opened to publicPrivilege escalation: sensitive role granted to hybrid groupPrivilege escalation: suspicious cross-project permission usePrivilege escalation: suspicious token generation
For a complete list of Event Threat Detection finding categories, see Event Threat Detection rules.
Sensitive Actions Service finding categories unavailable with project-level activations
The following Sensitive Actions Service findings require organization-level activations of Security Command Center Premium:
Defense Evasion: Organization Policy ChangedDefense Evasion: Remove Billing AdminPersistence: Add Sensitive Role
For a complete list of Sensitive Actions Service finding categories, see Sensitive Actions Service findings.
Attack path simulations
Attack path simulations, a Premium-tier feature, are not available with project-level activations of Security Command Center. Attack path simulations generate attack exposure scores and attack paths for vulnerability and misconfiguration findings.
Security posture
Security posture management, a Premium-tier feature, isn't available with project-level activations of Security Command Center. The security posture service lets you define, assess, and monitor the overall status of your security in Google Cloud.