Skip to main content

Table of Contents

 

134454i466FE3E74B975D52.png

The Security Command Center Enterprise’s Assets dashboard allows you to discover and view your assets in real time. This includes App Engine, BigQuery, Cloud SQL, Cloud Storage, Compute Engine, Cloud Identity and Access Management, Google Kubernetes Engine and many more. You also have visibility into previous discovery scans at any time to identify new, changed or deleted assets with ease.

 

Prerequisites

  • Enable the Cloud Asset Inventory API

 

Actions

134455iE98881B56847725E.png
Resource

Now, let's explore the Assets dashboard in SCCE, which provides real-time visibility into your assets across Google Cloud, including App Engine, BigQuery, Compute Engine, and more.

 

 

Prerequisites
  • Enable the Cloud Asset Inventory API

Steps
  1. Users will see the Assets dashboard with the following three options at the top of the dashboard:
    1. Resource
    2. High Value Resource Set
    3. Asset Query
  2. On the Resource option, users will see on the left-side of the dashboard, a Quick Filters panel that allows users to Filter selections by:
    1. Resource Type
    2. Project
    3. Location
  3. To minimize the the Quick Filters panel, users will select the Toggle Panel button. 134458iC89B58726A23F791.png
  4. At the top-right of the Resource option, users will see the options to:
    1. Set Security Marks
    2. Export (CSV)
  5. The Resource option will display the results of their Resources in the following columns:
    1. Display Name
    2. Project ID
    3. Resource Type
    4. Location
    5. State
    6. Created
    7. Last Updated
    8. Security Marks
    9. Resource Owners
    10. Labels
  6. If users select a Resource, by clicking the Display Name, they will see a Details page of the selected Resource, with the following tabs:
    1. Summary
    2. Findings
    3. Change History
    4. Full Metadata
    5. IAM Policies
  7. The Details page of a selected Resource will have a Take Action button 134459iE6E9DD3D4F63C939.pngat the top-right of the page, that will allow users to:
    1. Copy Link to this Resource View
    2. Send Feedback
  8. The Summary tab will display:
    1. Resource Details
    2. Security Details
    3. Security Marks
    4. Labels
  9. The Findings tab will display a list with the following columns:
    1. Category
    2. Source Display Name
    3. Create Time
    4. Event Time
  10. Users will be able to select the View in Finding Inventory button 134460i05B524EC7E81F327.pngat the top-right of the Findings tab page.
  11. The Change History tab will display the Resource History with a timeline graph, where users can select a Start Time (Date/ Time group) and an End Time (Date/ Time group), that can be reset.
  12. In the Change History tab page, users can also Select a Record to Compare134461iDD883F82B7818F5E.pngbetween two Records, in a Text Editor panel, when they select a specific Record in the Resource History.
  13. The Full Metadata tab will display Source Properties as:
    1. Ancestors
    2. Resource
  14. Users can select to Filter by:
    1. Property
    2. Value
  15. The IAM Policies tab will display Policies by:
    1. Property Name
    2. Property Value
  16. Users can select to Filter by:
    1. Principal
    2. Roles
Relevant Documentation Links

 

 
134456i7D74B376F9E1D78C.png
High Value Resource Set

The Security Command Center Enterprise’s Assets dashboard allows you to discover and view your assets in real time. As a part of attack path simulations, Security Command Center calculates attack exposure scores for the findings that affect your high-value resource set. During the last attack path simulation, your high-value resource set included the resource instances that are listed in the High Value Resource Set dashboard.

 

 

Prerequisites
  • Enable the Cloud Asset Inventory API

Steps
  1. At the top of the High Value Resource Set dashboard, users will see a Date/ Time group, of the last Attack Path Simulation, displayed in a banner. 
  2. On the right-side of the banner, users will see the View Configurations button. 134462i24E7B5B54B53D4CA.png
  3. Selecting View Configurations will bring users to the Settings function of the Risk Overview dashboard, that can also be selected from any of the Feature dashboards. There users can:
    1. View Valued Resources
    2. Create New Configuration
    3. View Valued Resources Used in Last Simulation
  4. In the High Value Resource Set tab, users will see three assigned Resource Instance Sets:
    1. Google
    2. Amazon Web Services (AWS)
    3. Microsoft Azure
  5. Each Resource Instance Set has the following columns:
    1. Resource Name
    2. Attack Exposure Score
    3. Resource Value
    4. Resource Type
    5. Matching Configurations

  6. When users select the text of a Resource Name, they will see a new page displaying the details or configuration information of the selected Resource.

    Example: Virtual Machines will direct users to VM Instances dashboard in the Google Cloud Console’s Findings Virtual Machines feature.
  7.  When users select the text of the Attack Exposure Score, they will see a new page called Attack Path Simulation Details, displaying two View Panels:
    1. Attack Paths
    2. Attack Path Mini Map
  8. Users will also see in the Attack Path Simulation Details:
    1. Attack Exposure Score
    2. Resource Value
    3. Attack Path List
    4. Attack Path Map w/ Nodes
Relevant Documentation Links

 

 
134457i7A2D95A64AC87FBF.png
Asset Query

The Security Command Center Enterprise’s Assets dashboard includes new Asset Query functionality designed to make it easier for IT and security teams to identify assets in large, complex environments.

 

 

Prerequisites
  • Enable the Cloud Asset Inventory API

Steps
  1. At the left-side of the Asset Query dashboard, users will see a Select Table panel that has:
    1. Search Function
    2. Resource Tables list
    3. More Tables
      • IAM Policy
      • Org Policy
      • Access Policy
      • OS Inventory
      • Relationship
  2. To minimize the the Select Table panel, users will select the Toggle Panel button. 134463iF93A22220F151EA7.png
  3. In the main section of the Asset Query dashboard, users will have the following options:
    1. Run
    2. Add Time Condition
    3. Enter Job ID
    4. Format
  4. In the Edit Query section of the dashboard, users will see a Query Text Editor, which can be collapsed by selecting the Collapse Editor Toggle134464i7117A56A481730B1.png
  5. Below the Query Text Editor is the Query Library, that contains several pre-configured Queries .
  6. To apply a Query, users can select the Apply Query button 134465i9F8A467038C502C2.pngto the right of each pre-configured Query. The three dots to the right of the Apply Query button allows users to apply More Actions, that includes:
    1. View Details
    2. Learn More
Relevant Documentation Links

 

 

Next Step: Security Command Center Enterprise: Step 3.3 - Investigation | Findings 

Previous Step: Security Command Center Enterprise: Step 3.1 - Investigation | Web Security Scanner 

Be the first to reply!
Terms & ConditionsCookie settingsAccessibility statement
Privacy Policy Terms of Service Gen AI Policy Community Guidelines Cookie Settings

© 2025 Google. All rights reserved.