Issues are notable security risks that Security Command Center Premium and Enterprise have identified in your cloud environments. They're available in the Security Command Center section (Premium) or the Risk section (Enterprise) of the Google Cloud console, giving you the opportunity to respond quickly to vulnerabilities and threats.
Issues are discovered through virtual red teaming and rule-based detections. For example, a detection with the name High Risk CVE on GCE with direct access to a high value resource covers the following situation:
- A high-risk, common vulnerability or exposure (CVE) has been identified on a Compute Engine VM in your cloud environment.
- That compromised VM has access to a high value resource through a service account.
A detection can discover multiple instances of an issue. By default, in the Google Cloud console, issues with the same severity and detection are grouped together.
Issue sources
Issues are classified as medium, high, or critical severity, and come from the following sources:
Issue lifecycle
Issues remain active until they are resolved. You can resolve issues by fixing the findings referenced in the issues or by deleting the affected resources.
Inactive issues have a retention period of 90 days, after which they are deleted. For Correlated Threats issues (Preview), the retention period is 14 days.
View application-related information on the Issues page
When viewing the Issues page for an organization, you can see information about the App Hub application if the primary resource in the issue is registered in an application.
The Select app menu lets you display only issues where the primary resource is registered in the application that you selected. The None value displays issues found in resources that are not related to an application.
When you select a resource in an issue group, the Overview panel displays the application name.