Hello @Riya_Lamba,

Welcome to Google Cloud Community!

Start by reviewing the details of the finding, such as the name, category, resource, and severity. This step helps you to better understand the nature of the threat and its potential effects on the organization.

To review threat findings in the Google Cloud console, follow these steps:

1. 
   

   In the Google Cloud console, go to the Security Command Center Findings page.

   
   


2. 
   

   If necessary, select your Google Cloud project, folder, or organization.

   
   
    
   
   


3. 
   

   In the Quick filters section, click an appropriate filter to display the finding that you need in the Findings query results table. For example, if you select Event Threat Detection or Container Threat Detection in the Source display name subsection, only findings from the selected service appear in the results.

   
   

   The table is populated with findings for the source you selected.

   
   


4. 
   

   To view details of a specific finding, click the finding name under Category. The finding details pane expands to display a summary of the finding's details.

   
   


5. 
   

   To view the finding's JSON definition, click the JSON tab.

   
   

Findings provide the names and numeric identifiers of resources involved in an incident, along with environment variables and asset properties. You can use that information to quickly isolate affected resources and determine the potential scope of an event.

To aid in your investigation, threat findings also contain links to the following external resources:

• MITRE ATT&CK framework entries. The framework explains techniques for attacks against cloud resources and provides remediation guidance.


• VirusTotal, an Alphabet-owned service that provides context on potentially malicious files, URLs, domains, and IP addresses.

The following sections outline potential responses to threat findings.

Additional info
Security Command Center Overview
Understand threat findings