Skip to main content
Google Cloud Documentation
Technology areas
  • AI and ML
  • Application development
  • Application hosting
  • Compute
  • Data analytics and pipelines
  • Databases
  • Distributed, hybrid, and multicloud
  • Industry solutions
  • Migration
  • Networking
  • Observability and monitoring
  • Security
  • Storage
Cross-product tools
  • Access and resources management
  • Costs and usage management
  • Infrastructure as code
  • SDK, languages, frameworks, and tools
/
Console
  • English
  • Deutsch
  • Español – América Latina
  • Français
  • Português – Brasil
  • 中文 – 简体
  • 日本語
  • 한국어
Sign in
  • Security Command Center
Start free
Overview Guides Reference Samples Resources
Google Cloud Documentation
  • Technology areas
    • More
    • Overview
    • Guides
    • Reference
    • Samples
    • Resources
  • Cross-product tools
    • More
  • Console
  • Security Command Center
  • Findings and issues reference
    • Vulnerability findings reference
      • Vulnerability findings index
      • Vulnerability findings by detector
      • Remediate Security Health Analytics findings
    • Compliance Manager cloud control reference
    • Threat finding reference
      • Threat findings index
      • AI
        • AI threat findings
        • Command and Control: Steganography Tool Detected
        • Credential Access: AI Agent Anomalous Access to Metadata Service
        • Credential Access: Find Google Cloud Credentials
        • Credential Access: GPG Key Reconnaissance
        • Credential Access: Search Private Keys or Passwords
        • Defense Evasion: Base64 ELF File Command Line
        • Defense Evasion: Base64 Encoded Python Script Executed
        • Defense Evasion: Base64 Encoded Shell Script Executed
        • Defense Evasion: Folder Level TokenCreator Role Granted to AI Agent
        • Defense Evasion: Launch Code Compiler Tool In Container
        • Defense Evasion: Organization Level TokenCreator Role Granted to AI Agent
        • Defense Evasion: Project Level TokenCreator Role Granted to AI Agent
        • Discovery: AI Agent Evidence of Port Scanning
        • Discovery: AI Agent Service Account Self-Investigation
        • Discovery: AI Agent Unauthorized Service Account API Call
        • Execution: Added Malicious Binary Executed
        • Execution: Added Malicious Library Loaded
        • Execution: Built in Malicious Binary Executed
        • Execution: Container Escape
        • Execution: Fileless Execution in /memfd:
        • Execution: Kubernetes Attack Tool Execution
        • Execution: Local Reconnaissance Tool Execution
        • Execution: Malicious Python Executed
        • Execution: Modified Malicious Binary Executed
        • Execution: Modified Malicious Library Loaded
        • Execution: Netcat Remote Code Execution in Container
        • Execution: Possible Arbitrary Command Execution through CUPS (CVE-2024-47177)
        • Execution: Possible Remote Command Execution Detected
        • Execution: Program Run with Disallowed HTTP Proxy Env
        • Execution: Socat Reverse Shell Detected
        • Execution: Suspicious OpenSSL Shared Object Loaded
        • Exfiltration: AI Agent Initiated BigQuery Data Exfiltration to External Table
        • Exfiltration: AI Agent Initiated BigQuery Data Extraction
        • Exfiltration: AI Agent Initiated BigQuery VPC Perimeter Violation
        • Exfiltration: AI Agent Initiated Cloud SQL Exfiltration to External Bucket
        • Exfiltration: AI Agent Initiated Cloud SQL Exfiltration to Public Bucket
        • Exfiltration: Launch Remote File Copy Tools in Container
        • Impact: Detect Malicious Cmdlines
        • Impact: Remove Bulk Data from Disk
        • Impact: Suspicious crypto mining activity using the Stratum Protocol
        • Initial Access: AI Agent Identity Excessive Permission Denied Actions
        • Initial Access: Dormant Service Account Activity in AI Service
        • Malicious Script Executed
        • Malicious URL Observed
        • Persistence: New AI API Method
        • Persistence: New Geography for AI Service
        • Persistence: Sensitive AI Permission Added to Custom Role
        • Persistence: Sensitive Role Granted by AI Agent
        • Persistence: Sensitive Role Granted to External AI Agent
        • Privilege Escalation: AI Agent Cross-Project Access Token Generation
        • Privilege Escalation: AI Agent Cross-Project OpenID Token Generation
        • Privilege Escalation: AI Agent Token Generation Using Implicit Delegation
        • Privilege Escalation: AI Agent Token Generation Using signJwt
        • Privilege Escalation: Anomalous Impersonation of Service Account for AI Admin Activity
        • Privilege Escalation: Anomalous Multistep Service Account Delegation for AI Admin Activity
        • Privilege Escalation: Anomalous Multistep Service Account Delegation for AI Data Access
        • Privilege Escalation: Anomalous Service Account Impersonator for AI Admin Activity
        • Privilege Escalation: Anomalous Service Account Impersonator for AI Data Access
        • Privilege Escalation: Attempt to Abuse Sudo For Privilege Escalation (CVE-2019-14287)
        • Privilege Escalation: Polkit Local Privilege Escalation Vulnerability (CVE-2021-4034)
        • Privilege Escalation: Sudo Potential Privilege Escalation (CVE-2021-3156)
        • Reverse Shell
        • Unexpected Child Shell
      • Amazon EC2
        • Malware: Malicious file on disk
      • Backup and DR
        • Backup and DR threat findings
        • Impact: Deleted Google Cloud Backup and DR Backup
        • Impact: Deleted Google Cloud Backup and DR Vault
        • Impact: Deleted Google Cloud Backup and DR host
        • Impact: Deleted Google Cloud Backup and DR plan association
        • Impact: Google Cloud Backup and DR delete policy
        • Impact: Google Cloud Backup and DR delete profile
        • Impact: Google Cloud Backup and DR delete storage pool
        • Impact: Google Cloud Backup and DR delete template
        • Impact: Google Cloud Backup and DR expire all images
        • Impact: Google Cloud Backup and DR expire image
        • Impact: Google Cloud Backup and DR reduced backup expiration
        • Impact: Google Cloud Backup and DR reduced backup frequency
        • Impact: Google Cloud Backup and DR remove appliance
        • Impact: Google Cloud Backup and DR remove plan
      • BigQuery
        • BigQuery threat findings
        • Exfiltration: BigQuery Data Exfiltration
        • Exfiltration: BigQuery Data Extraction
        • Exfiltration: BigQuery Data to Google Drive
        • Exfiltration: Move to Public BigQuery resource
      • Cloud Run
        • Cloud Run threat findings
        • Command and Control: Steganography Tool Detected
        • Credential Access: Find {{gcp_name_abbr}} Credentials
        • Credential Access: GPG Key Reconnaissance
        • Credential Access: Search Private Keys or Passwords
        • Defense Evasion: Base64 ELF File Command Line
        • Defense Evasion: Base64 Encoded Bash Script Executed
        • Defense Evasion: Base64 Encoded Python Script Executed
        • Defense Evasion: Launch Code Compiler Tool In Container
        • Execution: Added Malicious Binary Executed
        • Execution: Added Malicious Library Loaded
        • Execution: Built in Malicious Binary Executed
        • Execution: Container Escape
        • Execution: Cryptomining Docker Image
        • Execution: Fileless Execution in /memfd:
        • Execution: Kubernetes Attack Tool Execution
        • Execution: Local Reconnaissance Tool Execution
        • Execution: Malicious Python executed
        • Execution: Modified Malicious Binary Executed
        • Execution: Modified Malicious Library Loaded
        • Execution: Netcat Remote Code Execution in Container
        • Execution: Possible Arbitrary Command Execution through CUPS (CVE-2024-47076)
        • Execution: Possible Remote Command Execution Detected
        • Execution: Program Run with Disallowed HTTP Proxy Env
        • Execution: Socat Reverse Shell Detected
        • Execution: Suspicious OpenSSL Shared Object Loaded
        • Exfiltration: Launch Remote File Copy Tools in Container
        • Impact: Cryptomining Commands
        • Impact: Detect Malicious Cmdlines
        • Impact: Remove Bulk Data From Disk
        • Impact: Suspicious crypto mining activity using the Stratum Protocol
        • Malicious Script Executed
        • Malicious URL Observed
        • Privilege Escalation: Abuse of Sudo For Privilege Escalation (CVE-2019-14287)
        • Privilege Escalation: Default Compute Engine Service Account SetIAMPolicy
        • Privilege Escalation: Polkit Local Privilege Escalation Vulnerability (CVE-2021-4034)
        • Privilege Escalation: Sudo Potential Privilege Escalation (CVE-2021-3156)
        • Reverse Shell
        • Unexpected Child Shell
      • Cloud Storage
        • Cloud Storage threat findings
        • Defense Evasion: GCS Bucket IP Filtering Modified
        • Defense Evasion: Project HTTP Policy Block Disabled
      • Compute Engine
        • Compute Engine threat findings
        • Brute force SSH
        • Defense Evasion: Rootkit
        • Defense Evasion: Unexpected ftrace handler
        • Defense Evasion: Unexpected interrupt handler
        • Defense Evasion: Unexpected kernel modules
        • Defense Evasion: Unexpected kernel read-only data modification
        • Defense Evasion: Unexpected kprobe handler
        • Defense Evasion: Unexpected processes in runqueue
        • Defense Evasion: Unexpected system call handler
        • Execution: Cryptocurrency Mining Hash Match
        • Execution: Cryptocurrency Mining YARA Rule
        • Execution: cryptocurrency mining combined detection
        • Impact: GPU Instance Created
        • Impact: Managed Instance Group Autoscaling Set To Maximum
        • Impact: Many Instances Created
        • Impact: Many Instances Deleted
        • Lateral Movement: Modified Boot Disk Attached to Instance
        • Lateral Movement: OS Patch Execution From Service Account
        • Malware: Malicious file on disk (YARA)
        • Persistence: GCE Admin Added SSH Key
        • Persistence: GCE Admin Added Startup Script
        • Persistence: Global Startup Script Added
        • Privilege Escalation: Global Shutdown Script Added
      • Database
        • Database threat findings
        • Credential Access: CloudDB Failed login from Anonymizing Proxy IP
        • Exfiltration: Cloud SQL Data Exfiltration
        • Exfiltration: Cloud SQL Over-Privileged Grant
        • Exfiltration: Cloud SQL Restore Backup to External Organization
        • Initial Access: CloudDB Successful login from Anonymizing Proxy IP
        • Initial Access: Database Superuser Writes to User Tables
        • Privilege Escalation: AlloyDB Database Superuser Writes to User Tables
        • Privilege Escalation: AlloyDB Over-Privileged Grant
      • Google Kubernetes Engine
        • GKE threat findings
        • Added Binary Executed
        • Added Library Loaded
        • Collection: Pam.d Modification
        • Command and Control: Piped Encoded Code Execution
        • Command and Control: Piped Encoded Download
        • Command and Control: Steganography Tool Detected
        • Credential Access: Access Sensitive Files On Nodes
        • Credential Access: Failed Attempt to Approve Kubernetes Certificate Signing Request (CSR)
        • Credential Access: Find Google Cloud Credentials
        • Credential Access: GPG Key Reconnaissance
        • Credential Access: Manually Approved Kubernetes Certificate Signing Request (CSR)
        • Credential Access: Search Private Keys or Passwords
        • Credential Access: Secrets Accessed In Kubernetes Namespace
        • Defense Evasion: Anonymous Sessions Granted Cluster Admin Access
        • Defense Evasion: Base64 ELF File Command Line
        • Defense Evasion: Base64 Encoded Python Script Executed
        • Defense Evasion: Base64 Encoded Shell Script Executed
        • Defense Evasion: Breakglass Workload Deployment Created
        • Defense Evasion: Breakglass Workload Deployment Updated
        • Defense Evasion: Disable or Modify Linux Audit System
        • Defense Evasion: Launch Code Compiler Tool In Container
        • Defense Evasion: Manually Deleted Certificate Signing Request (CSR)
        • Defense Evasion: Potential Kubernetes Pod Masquerading
        • Defense Evasion: Root Certificate Installed
        • Defense Evasion: Static Pod Created
        • Discovery: Can get sensitive Kubernetes object check
        • Execution: Added Malicious Binary Executed
        • Execution: Added Malicious Library Loaded
        • Execution: Built in Malicious Binary Executed
        • Execution: Container Escape
        • Execution: Fileless Execution in /memfd:
        • Execution: GKE launch excessively capable container
        • Execution: Ingress Nightmare Vulnerability Exploitation
        • Execution: Kubernetes Attack Tool Execution
        • Execution: Kubernetes Pod Created with Potential Reverse Shell Arguments
        • Execution: Local Reconnaissance Tool Execution
        • Execution: Malicious Python executed
        • Execution: Modified Malicious Binary Executed
        • Execution: Modified Malicious Library Loaded
        • Execution: Netcat Remote Code Execution in Container
        • Execution: Possible Arbitrary Command Execution through CUPS (CVE-2024-47076)
        • Execution: Possible Remote Command Execution Detected
        • Execution: Program Run with Disallowed HTTP Proxy Env
        • Execution: Socat Reverse Shell Detected
        • Execution: Suspicious Cron Modification
        • Execution: Suspicious Exec or Attach to a System Pod
        • Execution: Suspicious OpenSSL Shared Object Loaded
        • Execution: Workload triggered in sensitive namespace
        • Exfiltration: Launch Remote File Copy Tools in Container
        • Impact: Detect Malicious Cmdlines
        • Impact: GKE kube-dns modification detected
        • Impact: Remove Bulk Data From Disk
        • Impact: Suspicious Kubernetes Container Names - Cryptocurrency Mining
        • Impact: Suspicious crypto mining activity using the Stratum Protocol
        • Initial Access: Anonymous GKE Resource Created from the Internet
        • Initial Access: GKE NodePort service created
        • Initial Access: GKE Resource Modified Anonymously from the Internet
        • Initial Access: Successful API call made from a TOR proxy IP
        • Malicious Script Executed
        • Malicious URL Observed
        • Persistence: GKE Webhook Configuration Detected
        • Persistence: Modify ld.so.preload
        • Persistence: Service Account Created in sensitive namespace
        • Privilege Escalation: Abuse of Sudo For Privilege Escalation (CVE-2019-14287)
        • Privilege Escalation: Changes to sensitive Kubernetes RBAC objects
        • Privilege Escalation: ClusterRole with Privileged Verbs
        • Privilege Escalation: ClusterRoleBinding to Privileged Role
        • Privilege Escalation: Create Kubernetes CSR for master cert
        • Privilege Escalation: Creation of sensitive Kubernetes bindings
        • Privilege Escalation: Effectively Anonymous Users Granted GKE Cluster Access
        • Privilege Escalation: Fileless Execution in /dev/shm
        • Privilege Escalation: Get Kubernetes CSR with compromised bootstrap credentials
        • Privilege Escalation: Launch of privileged Kubernetes container
        • Privilege Escalation: Polkit Local Privilege Escalation Vulnerability (CVE-2021-4034)
        • Privilege Escalation: Sudo Potential Privilege Escalation (CVE-2021-3156)
        • Privilege Escalation: Suspicious Kubernetes Container Names - Exploitation and Escape
        • Privilege Escalation: Workload Created with a Sensitive Host Path Mount
        • Privilege Escalation: Workload with shareProcessNamespace enabled
        • Reverse Shell
        • Unexpected Child Shell
      • Google Workspace
        • Google Workspace threat findings
        • Initial Access: Account Disabled Hijacked
        • Initial Access: Disabled Password Leak
        • Initial Access: Government Based Attack
        • Initial Access: Suspicious Login Blocked
        • Persistence: SSO Enablement Toggle
        • Persistence: SSO Settings Changed
        • Persistence: Strong Authentication Disabled
        • Persistence: Two Step Verification Disabled
      • IAM
        • IAM threat findings
        • Account has leaked credentials
        • Defense Evasion: Modify VPC Service Control
        • Defense Evasion: Organization Policy Changed
        • Defense Evasion: Organization-Level Service Account Token Creator Role Added
        • Defense Evasion: Project-Level Service Account Token Creator Role Added
        • Defense Evasion: Remove Billing Admin
        • Discovery: Information Gathering Tool Used
        • Discovery: Service Account Self-Investigation
        • Discovery: Unauthorized Service Account API Call
        • Evasion: Access from Anonymizing Proxy
        • Impact: Billing Disabled (multiple projects)
        • Impact: Billing Disabled (single project)
        • Impact: Service API Disabled
        • Initial Access: Dormant Service Account Action
        • Initial Access: Dormant Service Account Key Created
        • Initial Access: Excessive Permission Denied Actions
        • Initial Access: Leaked Service Account Key Used
        • Persistence: Add Sensitive Role
        • Persistence: IAM Anomalous Grant
        • Persistence: New API Method
        • Persistence: New Geography
        • Persistence: New User Agent
        • Persistence: Project SSH Key Added
        • Persistence: Service Account Key Created
        • Persistence: Unmanaged Account Granted Sensitive Role
        • Privilege Escalation: Anomalous Impersonation of Service Account for Admin Activity
        • Privilege Escalation: Anomalous Multistep Service Account Delegation for Admin Activity
        • Privilege Escalation: Anomalous Multistep Service Account Delegation for Data Access
        • Privilege Escalation: Anomalous Service Account Impersonator for Admin Activity
        • Privilege Escalation: Anomalous Service Account Impersonator for Data Access
        • Privilege Escalation: Dormant Service Account Granted Sensitive Role
        • Privilege Escalation: External Member Added To Privileged Group
        • Privilege Escalation: Impersonation Role Granted For Dormant Service Account
        • Privilege Escalation: New Service Account is Owner or Editor
        • Privilege Escalation: Privileged Group Opened To Public
        • Privilege Escalation: Sensitive Role Granted To Hybrid Group
        • Privilege Escalation: Suspicious Cross-Project Permission Use
        • Privilege Escalation: Suspicious Token Generation (cross-project OpenID token)
        • Privilege Escalation: Suspicious Token Generation (cross-project access token)
        • Privilege Escalation: Suspicious Token Generation (implicit delegation)
        • Privilege Escalation: Suspicious Token Generation (signJwt)
        • Resource Development: Offensive Security Distro Activity
      • Network
        • Network threat findings
        • Active Scan: Log4j Vulnerable to RCE
        • Cloud IDS: THREAT_IDENTIFIER
        • Command and Control: DNS Tunneling
        • Defense Evasion: VPC Route Masquerade Attempt
        • Impact: VPC Firewall High Priority Block
        • Impact: VPC Firewall Mass Rule Deletion
        • Initial Access: Log4j Compromise Attempt
        • Log4j Malware: Bad Domain
        • Log4j Malware: Bad IP
        • Malware: Cryptomining Bad Domain
        • Malware: Cryptomining Bad IP
        • Malware: bad IP
        • Malware: bad domain
    • Predefined detection rules
    • Security Command Center error detector reference
      • Security Command Center errors
      • Security Command Center errors remediation
  • Security Command Center API
    • Authentication
    • Client libraries
    • Migrate to the v2 API
    • REST reference
      • Overview
      • v2
        • REST Resources
        • folders.assets
          • Overview
          • updateSecurityMarks
        • folders.findings
          • Overview
          • bulkMute
        • folders.locations.bigQueryExports
          • Overview
          • create
          • delete
          • get
          • list
          • patch
        • folders.locations.findings
          • Overview
          • bulkMute
        • folders.locations.muteConfigs
          • Overview
          • create
          • delete
          • get
          • list
          • patch
        • folders.locations.notificationConfigs
          • Overview
          • create
          • delete
          • get
          • list
          • patch
        • folders.muteConfigs
          • Overview
          • create
          • delete
          • get
          • list
          • patch
        • folders.sources
          • Overview
          • list
        • folders.sources.findings
          • Overview
          • group
          • list
          • patch
          • setMute
          • setState
          • updateSecurityMarks
        • folders.sources.findings.externalSystems
          • Overview
          • patch
        • folders.sources.locations.findings
          • Overview
          • export
          • group
          • list
          • patch
          • setMute
          • setState
          • updateSecurityMarks
        • folders.sources.locations.findings.externalSystems
          • Overview
          • patch
        • organizations.assets
          • Overview
          • updateSecurityMarks
        • organizations.attackPaths
          • Overview
          • list
        • organizations.findings
          • Overview
          • bulkMute
        • organizations.locations.bigQueryExports
          • Overview
          • create
          • delete
          • get
          • list
          • patch
        • organizations.locations.findings
          • Overview
          • bulkMute
        • organizations.locations.muteConfigs
          • Overview
          • create
          • delete
          • get
          • list
          • patch
        • organizations.locations.notificationConfigs
          • Overview
          • create
          • delete
          • get
          • list
          • patch
        • organizations.locations.resourceValueConfigs
          • Overview
          • batchCreate
          • delete
          • get
          • list
          • patch
        • organizations.locations.simulations
          • Overview
          • get
        • organizations.locations.simulations.attackExposureResults.attackPaths
          • Overview
          • list
        • organizations.locations.simulations.valuedResources
          • Overview
          • get
        • organizations.locations.simulations.valuedResources.attackPaths
          • Overview
          • list
        • organizations.muteConfigs
          • Overview
          • create
          • delete
          • get
          • list
          • patch
        • organizations.operations
          • Overview
          • cancel
          • delete
          • get
          • list
        • organizations.resourceValueConfigs
          • Overview
          • batchCreate
          • delete
          • get
          • list
          • patch
        • organizations.simulations
          • Overview
          • get
        • organizations.simulations.attackExposureResults.attackPaths
          • Overview
          • list
        • organizations.simulations.attackExposureResults.valuedResources
          • Overview
          • list
        • organizations.simulations.attackPaths
          • Overview
          • list
        • organizations.simulations.valuedResources
          • Overview
          • get
          • list
        • organizations.simulations.valuedResources.attackPaths
          • Overview
          • list
        • organizations.sources
          • Overview
          • create
          • get
          • getIamPolicy
          • list
          • patch
          • setIamPolicy
          • testIamPermissions
        • organizations.sources.findings
          • Overview
          • create
          • group
          • list
          • patch
          • setMute
          • setState
          • updateSecurityMarks
        • organizations.sources.findings.externalSystems
          • Overview
          • patch
        • organizations.sources.locations.findings
          • Overview
          • create
          • export
          • group
          • list
          • patch
          • setMute
          • setState
          • updateSecurityMarks
        • organizations.sources.locations.findings.externalSystems
          • Overview
          • patch
        • organizations.valuedResources
          • Overview
          • list
        • projects.assets
          • Overview
          • updateSecurityMarks
        • projects.findings
          • Overview
          • bulkMute
        • projects.locations.bigQueryExports
          • Overview
          • create
          • delete
          • get
          • list
          • patch
        • projects.locations.findings
          • Overview
          • bulkMute
        • projects.locations.muteConfigs
          • Overview
          • create
          • delete
          • get
          • list
          • patch
        • projects.locations.notificationConfigs
          • Overview
          • create
          • delete
          • get
          • list
          • patch
        • projects.muteConfigs
          • Overview
          • create
          • delete
          • get
          • list
          • patch
        • projects.sources
          • Overview
          • list
        • projects.sources.findings
          • Overview
          • group
          • list
          • patch
          • setMute
          • setState
          • updateSecurityMarks
        • projects.sources.findings.externalSystems
          • Overview
          • patch
        • projects.sources.locations.findings
          • Overview
          • export
          • group
          • list
          • patch
          • setMute
          • setState
          • updateSecurityMarks
        • projects.sources.locations.findings.externalSystems
          • Overview
          • patch
        • Types
        • BatchCreateResourceValueConfigsResponse
        • BigQueryDestination
        • BulkMuteFindingsResponse
        • CloudProvider
        • CreateResourceValueConfigRequest
        • CriticalityType
        • DomainCategory
        • EnvironmentType
        • ExportFindingsMetadata
        • ExportFindingsResponse
        • GroupFindingsResponse
        • Issue
        • IssueType
        • ListAttackPathsResponse
        • ListBigQueryExportsResponse
        • ListFindingsResponse
        • ListMuteConfigsResponse
        • ListNotificationConfigsResponse
        • ListResourceValueConfigsResponse
        • ListSourcesResponse
        • ListValuedResourcesResponse
        • MuteState
        • NotificationMessage
        • ResourceValueConfigMetadata
        • Severity
        • State
        • VulnerabilityCountBySeverity
        • VulnerabilitySnapshot
      • v1
        • REST Resources
        • folders.assets
          • Overview
          • group
          • list
          • updateSecurityMarks
        • folders.bigQueryExports
          • Overview
          • create
          • delete
          • get
          • list
          • patch
        • folders.eventThreatDetectionSettings
          • Overview
          • validateCustomModule
        • folders.eventThreatDetectionSettings.customModules
          • Overview
          • create
          • delete
          • get
          • list
          • listDescendant
          • patch
        • folders.eventThreatDetectionSettings.effectiveCustomModules
          • Overview
          • get
          • list
        • folders.findings
          • Overview
          • bulkMute
        • folders.locations.muteConfigs
          • Overview
          • delete
          • get
          • patch
        • folders.muteConfigs
          • Overview
          • create
          • delete
          • get
          • list
          • patch
        • folders.notificationConfigs
          • Overview
          • create
          • delete
          • get
          • list
          • patch
        • folders.securityHealthAnalyticsSettings.customModules
          • Overview
          • create
          • delete
          • get
          • list
          • listDescendant
          • patch
          • simulate
        • folders.securityHealthAnalyticsSettings.effectiveCustomModules
          • Overview
          • get
          • list
        • folders.sources
          • Overview
          • list
        • folders.sources.findings
          • Overview
          • group
          • list
          • patch
          • setMute
          • setState
          • updateSecurityMarks
        • folders.sources.findings.externalSystems
          • Overview
          • patch
        • organizations
          • Overview
          • getOrganizationSettings
          • updateOrganizationSettings
        • organizations.assets
          • Overview
          • group
          • list
          • runDiscovery
          • updateSecurityMarks
        • organizations.attackPaths
          • Overview
          • list
        • organizations.bigQueryExports
          • Overview
          • create
          • delete
          • get
          • list
          • patch
        • organizations.eventThreatDetectionSettings
          • Overview
          • validateCustomModule
        • organizations.eventThreatDetectionSettings.customModules
          • Overview
          • create
          • delete
          • get
          • list
          • listDescendant
          • patch
        • organizations.eventThreatDetectionSettings.effectiveCustomModules
          • Overview
          • get
          • list
        • organizations.findings
          • Overview
          • bulkMute
        • organizations.locations.muteConfigs
          • Overview
          • delete
          • get
          • patch
        • organizations.muteConfigs
          • Overview
          • create
          • delete
          • get
          • list
          • patch
        • organizations.notificationConfigs
          • Overview
          • create
          • delete
          • get
          • list
          • patch
        • organizations.operations
          • Overview
          • cancel
          • delete
          • get
          • list
        • organizations.resourceValueConfigs
          • Overview
          • batchCreate
          • delete
          • get
          • list
          • patch
        • organizations.securityHealthAnalyticsSettings.customModules
          • Overview
          • create
          • delete
          • get
          • list
          • listDescendant
          • patch
          • simulate
        • organizations.securityHealthAnalyticsSettings.effectiveCustomModules
          • Overview
          • get
          • list
        • organizations.simulations
          • Overview
          • get
        • organizations.simulations.attackExposureResults.attackPaths
          • Overview
          • list
        • organizations.simulations.attackExposureResults.valuedResources
          • Overview
          • list
        • organizations.simulations.attackPaths
          • Overview
          • list
        • organizations.simulations.valuedResources
          • Overview
          • get
          • list
        • organizations.simulations.valuedResources.attackPaths
          • Overview
          • list
        • organizations.sources
          • Overview
          • create
          • get
          • getIamPolicy
          • list
          • patch
          • setIamPolicy
          • testIamPermissions
        • organizations.sources.findings
          • Overview
          • create
          • group
          • list
          • patch
          • setMute
          • setState
          • updateSecurityMarks
        • organizations.sources.findings.externalSystems
          • Overview
          • patch
        • organizations.valuedResources
          • Overview
          • list
        • projects.assets
          • Overview
          • group
          • list
          • updateSecurityMarks
        • projects.bigQueryExports
          • Overview
          • create
          • delete
          • get
          • list
          • patch
        • projects.eventThreatDetectionSettings
          • Overview
          • validateCustomModule
        • projects.eventThreatDetectionSettings.customModules
          • Overview
          • create
          • delete
          • get
          • list
          • listDescendant
          • patch
        • projects.eventThreatDetectionSettings.effectiveCustomModules
          • Overview
          • get
          • list
        • projects.findings
          • Overview
          • bulkMute
        • projects.locations.muteConfigs
          • Overview
          • delete
          • get
          • patch
        • projects.muteConfigs
          • Overview
          • create
          • delete
          • get
          • list
          • patch
        • projects.notificationConfigs
          • Overview
          • create
          • delete
          • get
          • list
          • patch
        • projects.securityHealthAnalyticsSettings.customModules
          • Overview
          • create
          • delete
          • get
          • list
          • listDescendant
          • patch
          • simulate
        • projects.securityHealthAnalyticsSettings.effectiveCustomModules
          • Overview
          • get
          • list
        • projects.sources
          • Overview
          • list
        • projects.sources.findings
          • Overview
          • group
          • list
          • patch
          • setMute
          • setState
          • updateSecurityMarks
        • projects.sources.findings.externalSystems
          • Overview
          • patch
        • Types
        • BulkMuteFindingsResponse
        • CloudProvider
        • CustomConfig
        • Folder
        • GroupAssetsResponse
        • GroupFindingsResponse
        • GroupResult
        • ListAssetsResponse
        • ListAttackPathsResponse
        • ListBigQueryExportsResponse
        • ListDescendantEventThreatDetectionCustomModulesResponse
        • ListDescendantSecurityHealthAnalyticsCustomModulesResponse
        • ListEffectiveEventThreatDetectionCustomModulesResponse
        • ListEffectiveSecurityHealthAnalyticsCustomModulesResponse
        • ListEventThreatDetectionCustomModulesResponse
        • ListFindingsResponse
        • ListMuteConfigsResponse
        • ListNotificationConfigsResponse
        • ListSecurityHealthAnalyticsCustomModulesResponse
        • ListSourcesResponse
        • ListValuedResourcesResponse
        • MuteState
        • NotificationMessage
        • OrganizationSettings
        • ResourceValueConfigMetadata
        • RunAssetDiscoveryResponse
        • SimulateSecurityHealthAnalyticsCustomModuleResponse
        • SimulatedResource
        • State
        • ValidateEventThreatDetectionCustomModuleResponse
      • v1beta2
        • REST Resources
        • folders
          • Overview
          • getContainerThreatDetectionSettings
          • getEventThreatDetectionSettings
          • getRapidVulnerabilityDetectionSettings
          • getSecurityCenterSettings
          • getSecurityHealthAnalyticsSettings
          • getVirtualMachineThreatDetectionSettings
          • getWebSecurityScannerSettings
          • updateContainerThreatDetectionSettings
          • updateEventThreatDetectionSettings
          • updateRapidVulnerabilityDetectionSettings
          • updateSecurityHealthAnalyticsSettings
          • updateVirtualMachineThreatDetectionSettings
          • updateWebSecurityScannerSettings
        • folders.containerThreatDetectionSettings
          • Overview
          • calculate
        • folders.eventThreatDetectionSettings
          • Overview
          • calculate
        • folders.rapidVulnerabilityDetectionSettings
          • Overview
          • calculate
        • folders.securityHealthAnalyticsSettings
          • Overview
          • calculate
        • folders.virtualMachineThreatDetectionSettings
          • Overview
          • calculate
        • folders.webSecurityScannerSettings
          • Overview
          • calculate
        • organizations
          • Overview
          • getContainerThreatDetectionSettings
          • getEventThreatDetectionSettings
          • getRapidVulnerabilityDetectionSettings
          • getSecurityCenterSettings
          • getSecurityHealthAnalyticsSettings
          • getSubscription
          • getVirtualMachineThreatDetectionSettings
          • getWebSecurityScannerSettings
          • updateContainerThreatDetectionSettings
          • updateEventThreatDetectionSettings
          • updateRapidVulnerabilityDetectionSettings
          • updateSecurityHealthAnalyticsSettings
          • updateVirtualMachineThreatDetectionSettings
          • updateWebSecurityScannerSettings
        • organizations.containerThreatDetectionSettings
          • Overview
          • calculate
        • organizations.eventThreatDetectionSettings
          • Overview
          • calculate
        • organizations.rapidVulnerabilityDetectionSettings
          • Overview
          • calculate
        • organizations.securityHealthAnalyticsSettings
          • Overview
          • calculate
        • organizations.virtualMachineThreatDetectionSettings
          • Overview
          • calculate
        • organizations.webSecurityScannerSettings
          • Overview
          • calculate
        • projects
          • Overview
          • getContainerThreatDetectionSettings
          • getEventThreatDetectionSettings
          • getRapidVulnerabilityDetectionSettings
          • getSecurityCenterSettings
          • getSecurityHealthAnalyticsSettings
          • getVirtualMachineThreatDetectionSettings
          • getWebSecurityScannerSettings
          • updateContainerThreatDetectionSettings
          • updateEventThreatDetectionSettings
          • updateRapidVulnerabilityDetectionSettings
          • updateSecurityHealthAnalyticsSettings
          • updateVirtualMachineThreatDetectionSettings
          • updateWebSecurityScannerSettings
        • projects.containerThreatDetectionSettings
          • Overview
          • calculate
        • projects.eventThreatDetectionSettings
          • Overview
          • calculate
        • projects.locations.clusters
          • Overview
          • getContainerThreatDetectionSettings
          • updateContainerThreatDetectionSettings
        • projects.locations.clusters.containerThreatDetectionSettings
          • Overview
          • calculate
        • projects.rapidVulnerabilityDetectionSettings
          • Overview
          • calculate
        • projects.securityHealthAnalyticsSettings
          • Overview
          • calculate
        • projects.virtualMachineThreatDetectionSettings
          • Overview
          • calculate
        • projects.webSecurityScannerSettings
          • Overview
          • calculate
        • Types
        • Config
        • ContainerThreatDetectionSettings
        • EnablementState
        • EventThreatDetectionSettings
        • RapidVulnerabilityDetectionSettings
        • SecurityCenterSettings
        • SecurityHealthAnalyticsSettings
        • VirtualMachineThreatDetectionSettings
        • WebSecurityScannerSettings
      • v1beta1
        • REST Resources
        • organizations
          • Overview
          • getOrganizationSettings
          • updateOrganizationSettings
        • organizations.assets
          • Overview
          • group
          • list
          • runDiscovery
          • updateSecurityMarks
        • organizations.operations
          • Overview
          • cancel
          • delete
          • get
          • list
        • organizations.sources
          • Overview
          • create
          • get
          • getIamPolicy
          • list
          • patch
          • setIamPolicy
          • testIamPermissions
        • organizations.sources.findings
          • Overview
          • create
          • group
          • list
          • patch
          • setState
          • updateSecurityMarks
        • Types
        • GroupResult
        • OrganizationSettings
        • RunAssetDiscoveryResponse
        • State
      • v1p1beta1
        • REST Resources
        • folders.assets
          • Overview
          • group
          • list
          • updateSecurityMarks
        • folders.sources
          • Overview
          • list
        • folders.sources.findings
          • Overview
          • group
          • list
          • patch
          • setState
          • updateSecurityMarks
        • organizations
          • Overview
          • getOrganizationSettings
          • updateOrganizationSettings
        • organizations.assets
          • Overview
          • group
          • list
          • runDiscovery
          • updateSecurityMarks
        • organizations.notificationConfigs
          • Overview
          • create
          • delete
          • get
          • list
          • patch
        • organizations.operations
          • Overview
          • cancel
          • delete
          • get
          • list
        • organizations.sources
          • Overview
          • create
          • get
          • getIamPolicy
          • list
          • patch
          • setIamPolicy
          • testIamPermissions
        • organizations.sources.findings
          • Overview
          • create
          • group
          • list
          • patch
          • setState
          • updateSecurityMarks
        • projects.assets
          • Overview
          • group
          • list
          • updateSecurityMarks
        • projects.sources
          • Overview
          • list
        • projects.sources.findings
          • Overview
          • group
          • list
          • patch
          • setState
          • updateSecurityMarks
        • Types
        • Folder
        • GroupAssetsResponse
        • GroupFindingsResponse
        • GroupResult
        • ListAssetsResponse
        • ListFindingsResponse
        • ListSourcesResponse
        • NotificationMessage
        • OrganizationSettings
        • RunAssetDiscoveryResponse
        • State
      • Shared types
        • Types
        • AuditConfig
        • Binding
        • CancelOperationRequest
        • Code
        • DeleteOperationRequest
        • GetIamPolicyRequest
        • GetOperationRequest
        • ListOperationsRequest
        • ListOperationsResponse
        • LogType
        • Policy
        • SetIamPolicyRequest
        • TestIamPermissionsRequest
        • TestIamPermissionsResponse
  • Security Command Center Management API
    • Client libraries
    • REST reference
      • Overview
      • v1
        • REST Resources
        • folders.locations.effectiveEventThreatDetectionCustomModules
          • Overview
          • get
          • list
        • folders.locations.effectiveSecurityHealthAnalyticsCustomModules
          • Overview
          • get
          • list
        • folders.locations.eventThreatDetectionCustomModules
          • Overview
          • create
          • delete
          • get
          • list
          • listDescendant
          • patch
          • validate
        • folders.locations.securityCenterServices
          • Overview
          • get
          • list
          • patch
        • folders.locations.securityHealthAnalyticsCustomModules
          • Overview
          • create
          • delete
          • get
          • list
          • listDescendant
          • patch
          • simulate
        • organizations.locations
          • Overview
          • getBillingMetadata
        • organizations.locations.effectiveEventThreatDetectionCustomModules
          • Overview
          • get
          • list
        • organizations.locations.effectiveSecurityHealthAnalyticsCustomModules
          • Overview
          • get
          • list
        • organizations.locations.eventThreatDetectionCustomModules
          • Overview
          • create
          • delete
          • get
          • list
          • listDescendant
          • patch
          • validate
        • organizations.locations.operations
          • Overview
          • cancel
          • delete
          • get
          • list
        • organizations.locations.securityCenterServices
          • Overview
          • get
          • list
          • patch
        • organizations.locations.securityHealthAnalyticsCustomModules
          • Overview
          • create
          • delete
          • get
          • list
          • listDescendant
          • patch
          • simulate
        • projects.locations
          • Overview
          • get
          • getBillingMetadata
          • list
        • projects.locations.effectiveEventThreatDetectionCustomModules
          • Overview
          • get
          • list
        • projects.locations.effectiveSecurityHealthAnalyticsCustomModules
          • Overview
          • get
          • list
        • projects.locations.eventThreatDetectionCustomModules
          • Overview
          • create
          • delete
          • get
          • list
          • listDescendant
          • patch
          • validate
        • projects.locations.operations
          • Overview
          • cancel
          • delete
          • get
          • list
        • projects.locations.securityCenterServices
          • Overview
          • get
          • list
          • patch
        • projects.locations.securityHealthAnalyticsCustomModules
          • Overview
          • create
          • delete
          • get
          • list
          • listDescendant
          • patch
          • simulate
        • Types
        • BillingMetadata
        • Code
        • CustomConfig
        • ListDescendantEventThreatDetectionCustomModulesResponse
        • ListDescendantSecurityHealthAnalyticsCustomModulesResponse
        • ListEffectiveEventThreatDetectionCustomModulesResponse
        • ListEffectiveSecurityHealthAnalyticsCustomModulesResponse
        • ListEventThreatDetectionCustomModulesResponse
        • ListOperationsResponse
        • ListSecurityCenterServicesResponse
        • ListSecurityHealthAnalyticsCustomModulesResponse
        • SimulateSecurityHealthAnalyticsCustomModuleResponse
        • SimulatedResource
        • ValidateEventThreatDetectionCustomModuleResponse
  • Compliance Manager API
    • Client libraries
    • REST reference
      • Overview
      • v1
        • REST Resources
        • folders.locations
          • Overview
          • updateCmEnrollment
        • folders.locations.cmEnrollment
          • Overview
          • calculate
        • folders.locations.findingSummaries
          • Overview
          • list
        • folders.locations.frameworkAuditScopeReports
          • Overview
          • generateFrameworkAuditScopeReport
        • folders.locations.frameworkAudits
          • Overview
          • create
          • get
          • list
        • folders.locations.frameworkComplianceReports
          • Overview
          • aggregate
          • fetch
        • folders.locations.frameworkComplianceReports.controlComplianceSummaries
          • Overview
          • list
        • folders.locations.frameworkComplianceSummaries
          • Overview
          • list
        • folders.locations.operationDetails
          • Overview
          • get
        • organizations.locations
          • Overview
          • get
          • list
          • updateCmEnrollment
        • organizations.locations.cloudControlDeployments
          • Overview
          • get
          • list
        • organizations.locations.cloudControls
          • Overview
          • create
          • delete
          • get
          • list
          • patch
        • organizations.locations.cmEnrollment
          • Overview
          • calculate
        • organizations.locations.findingSummaries
          • Overview
          • list
        • organizations.locations.frameworkAuditScopeReports
          • Overview
          • generateFrameworkAuditScopeReport
        • organizations.locations.frameworkAudits
          • Overview
          • create
          • get
          • list
        • organizations.locations.frameworkComplianceReports
          • Overview
          • aggregate
          • fetch
        • organizations.locations.frameworkComplianceReports.controlComplianceSummaries
          • Overview
          • list
        • organizations.locations.frameworkComplianceSummaries
          • Overview
          • list
        • organizations.locations.frameworkDeployments
          • Overview
          • create
          • delete
          • get
          • list
        • organizations.locations.frameworks
          • Overview
          • create
          • delete
          • get
          • list
          • patch
        • organizations.locations.operationDetails
          • Overview
          • get
        • organizations.locations.operations
          • Overview
          • cancel
          • delete
          • get
          • list
        • projects.locations
          • Overview
          • get
          • list
          • updateCmEnrollment
        • projects.locations.cloudControlDeployments
          • Overview
          • get
          • list
        • projects.locations.cloudControls
          • Overview
          • create
          • delete
          • get
          • list
          • patch
        • projects.locations.cmEnrollment
          • Overview
          • calculate
        • projects.locations.findingSummaries
          • Overview
          • list
        • projects.locations.frameworkAuditScopeReports
          • Overview
          • generateFrameworkAuditScopeReport
        • projects.locations.frameworkAudits
          • Overview
          • create
          • get
          • list
        • projects.locations.frameworkComplianceReports
          • Overview
          • aggregate
          • fetch
        • projects.locations.frameworkComplianceReports.controlComplianceSummaries
          • Overview
          • list
        • projects.locations.frameworkComplianceSummaries
          • Overview
          • list
        • projects.locations.frameworkDeployments
          • Overview
          • create
          • delete
          • get
          • list
        • projects.locations.frameworks
          • Overview
          • create
          • delete
          • get
          • list
          • patch
        • projects.locations.operationDetails
          • Overview
          • get
        • projects.locations.operations
          • Overview
          • cancel
          • delete
          • get
          • list
        • Types
        • AggregateFrameworkComplianceReportResponse
        • CalculateEffectiveCmEnrollmentResponse
        • CloudControlDetails
        • CloudControlMetadata
        • CloudProvider
        • CmEnrollment
        • Code
        • ControlAssessmentDetails
        • DeploymentState
        • EnforcementMode
        • Format
        • FrameworkCategory
        • FrameworkComplianceSummaryView
        • FrameworkReference
        • FrameworkType
        • GenerateFrameworkAuditScopeReportResponse
        • Interval
        • ListCloudControlDeploymentsResponse
        • ListCloudControlsResponse
        • ListControlComplianceSummariesResponse
        • ListFindingSummariesResponse
        • ListFrameworkAuditsResponse
        • ListFrameworkComplianceSummariesResponse
        • ListFrameworkDeploymentsResponse
        • ListFrameworksResponse
        • ListLocationsResponse
        • ListOperationsResponse
        • OperationMetadata
        • ParamValue
        • Parameter
        • Rule
        • Severity
        • StringList
        • TargetResourceConfig
        • TargetResourceDetails
        • TargetResourceType
  • Security Posture API
    • REST reference
      • Overview
      • v1
        • REST Resources
        • organizations.locations.operations
          • Overview
          • cancel
          • delete
          • get
          • list
        • organizations.locations.postureDeployments
          • Overview
          • create
          • delete
          • get
          • list
          • patch
        • organizations.locations.postureTemplates
          • Overview
          • get
          • list
        • organizations.locations.postures
          • Overview
          • create
          • delete
          • extract
          • get
          • list
          • listRevisions
          • patch
        • organizations.locations.reports
          • Overview
          • createIaCValidationReport
          • get
          • list
        • Types
        • ActionType
        • Category
        • Code
        • Constraint
        • ConstraintType
        • EnablementState
        • IaCValidationReport
        • MethodType
        • OperationMetadata
        • Policy
        • PolicySet
        • Posture
        • PostureDeployment
        • Report
        • Severity
        • State
  • Web Security Scanner API
    • Authentication
    • REST reference
      • Overview
      • v1
        • REST Resources
        • projects.scanConfigs
          • Overview
          • create
          • delete
          • get
          • list
          • patch
          • start
        • projects.scanConfigs.scanRuns
          • Overview
          • get
          • list
          • stop
        • projects.scanConfigs.scanRuns.crawledUrls
          • Overview
          • list
        • projects.scanConfigs.scanRuns.findingTypeStats
          • Overview
          • list
        • projects.scanConfigs.scanRuns.findings
          • Overview
          • get
          • list
      • v1beta1
        • REST Resources
        • projects.scanConfigs
          • Overview
          • create
          • delete
          • get
          • list
          • patch
          • start
        • projects.scanConfigs.scanRuns
          • Overview
          • get
          • list
          • stop
        • projects.scanConfigs.scanRuns.crawledUrls
          • Overview
          • list
        • projects.scanConfigs.scanRuns.findingTypeStats
          • Overview
          • list
        • projects.scanConfigs.scanRuns.findings
          • Overview
          • get
          • list
  • gcloud CLI commands
  • AWS connector changelog
  • AI and ML
  • Application development
  • Application hosting
  • Compute
  • Data analytics and pipelines
  • Databases
  • Distributed, hybrid, and multicloud
  • Industry solutions
  • Migration
  • Networking
  • Observability and monitoring
  • Security
  • Storage
  • Access and resources management
  • Costs and usage management
  • Infrastructure as code
  • SDK, languages, frameworks, and tools
  • Home
  • Documentation
  • Security
  • Security Command Center
  • Reference

REST Resource: folders.sources Stay organized with collections Save and categorize content based on your preferences.

  • Resource
  • Methods

Resource

There is no persistent data associated with this resource.

Methods

list

Lists all sources belonging to an organization.

Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2025-05-14 UTC.

  • Products and pricing

    • See all products
    • Google Cloud pricing
    • Google Cloud Marketplace
    • Contact sales
  • Support

    • Community forums
    • Support
    • Release Notes
    • System status
  • Resources

    • GitHub
    • Getting Started with Google Cloud
    • Code samples
    • Cloud Architecture Center
    • Training and Certification
  • Engage

    • Blog
    • Events
    • X (Twitter)
    • Google Cloud on YouTube
    • Google Cloud Tech on YouTube
  • About Google
  • Privacy
  • Site terms
  • Google Cloud terms
  • Manage cookies
  • Our third decade of climate action: join us
  • Sign up for the Google Cloud newsletter Subscribe
  • English
  • Deutsch
  • Español – América Latina
  • Français
  • Português – Brasil
  • 中文 – 简体
  • 日本語
  • 한국어