Skip to main content

Google Cloud's Security Command Center (SCC) offers a unified dashboard for consolidating security findings and assets. But what if you need to add your own business context to these findings? That's where security marks come in. To incorporate your specific business context into these findings, security marks prove invaluable. With the recent GUI upgrade, Enterprise versions now necessitate API usage, while SCC Standard and Premium versions retain GUI functionality.

 

Security marks are custom key-value pairs you can use to annotate assets and findings in SCC. They allow you to add context like:

  • Priority: “priority: high”
  • Access Level: “access: confidential”
  • Application: “app: marketing-web-prod”
  • Incident Reference: “Incident-number: x2345”

This feature is incredibly powerful for filtering, managing policies, and integrating SCC data into your security workflows. While you can add marks through the Google Cloud console, the Enterprise version of SCC often requires programmatic management at scale. This is where the SCC API becomes your best friend.

For enterprise users, the SCC API provides the flexibility to automate the application of security marks. Instead of manually applying marks to thousands of assets or findings, you can write scripts to do it for you. This is crucial for maintaining consistency and efficiency in large-scale deployments.

 

The API allows you to:

  • Add new security marks to assets and findings.
  • Update existing marks.
  • Delete marks when they are no longer needed.
  • Filter and search for assets and findings based on their marks.

 

Adding a Security Mark with the gCloud

This example demonstrates a simple method for appending a mark to a finding, utilizing gCloud for the operation.

Locate and open the specific finding you wish to mark.

  • Identify the Target Finding: First, you need the full resource name of the finding you want to update. This typically looks like this: 
  • organizations/{organization_id}/sources/{source_id}/findings/{finding_id}
  • Tip: refer to the JSON view of the finding
  • Construct the Command: Your request will include the security marks you want to apply and an updateMask to specify which fields to modify, thereby preventing unintended changes.

Example (GCloud):

 

 gcloud scc findings update-marks {Finding's_ID} \


   --organization={Org_ID} \


   --location=global \


   --source={Source_ID} \


   --security-marks=key_a=au_js_test_03 \ 


   --update-mask=marks.key_a

 

This GCloud command will add the key-value pair “key_a=au_js_test_03” to your specified finding.

 

You can then use the SCC console to search for all findings with that specific mark, helping you to quickly track and manage related security issues.

To get started, follow the link below:

 https://cloud.google.com/security-command-center/docs/how-to-api-add-manage-security-marks

Be the first to reply!

Reply


Terms & ConditionsCookie settings
Privacy Policy Terms of Service Gen AI Policy Community Guidelines Cookie Settings

© 2025 Google. All rights reserved.