Does this tool connect to my GCP account?

No. This tool runs entirely in your browser and generates configuration JSON that you can copy and paste into your infrastructure-as-code templates, CLI commands, or cloud console. It never connects to any cloud account or sends data externally.

Are the generated configurations production-ready?

The tool produces syntactically valid configurations based on current GCP service specifications. Always review generated configs against your organization security policies and test in a non-production environment before deploying.

GCP SCC Finding Builder

IAM & SecurityGCP

Build Security Command Center finding filter configurations with severity, category, and indicators.

Last verified: May 2026

Security Command Center Configuration

Build Security Command Center finding filter configurations with severity, category, and indicator details.

Required Fields

parentfindingIdfinding.statefinding.categoryfinding.severityfinding.resourceName

{
  "parent": "organizations/123456789/sources/987654321",
  "findingId": "threat-2026-03-14-001",
  "finding": {
    "state": "ACTIVE",
    "category": "MALWARE",
    "severity": "HIGH",
    "resourceName": "//compute.googleapis.com/projects/my-project/zones/us-central1-a/instances/web-server-01",
    "externalUri": "https://security.example.com/findings/threat-001",
    "sourceProperties": {
      "scannerName": "SECURITY_HEALTH_ANALYTICS",
      "detectionPriority": "HIGH",
      "recommendation": "Isolate affected instance and investigate lateral movement"
    },
    "eventTime": "2026-03-14T10:30:00Z",
    "findingClass": "THREAT",
    "indicator": {
      "ipAddresses": ["198.51.100.45"],
      "domains": ["malware.example.com"]
    },
    "vulnerability": {
      "cve": {
        "id": "CVE-2026-12345",
        "references": [
          {
            "source": "NVD",
            "uri": "https://nvd.nist.gov/vuln/detail/CVE-2026-12345"
          }
        ]
      }
    },
    "mute": "UNMUTED"
  }
}

Generated Output

Output will appear here...

See It in Action

Your security team has 5,000+ open findings in SCC across the organization — most are noise. The builder generates targeted filters: 'CRITICAL severity AND state=ACTIVE AND age >24h AND production folders only' = 12 actionable findings. Saved as a dashboard, the security team focuses on these instead of drowning in the full list. Mean-time-to-resolution drops dramatically because attention is on real high-priority issues.

What This Tool Does

Build Security Command Center finding filter configurations with severity, category, and indicators. This tool helps GCP engineers generate valid configurations quickly without consulting documentation, reducing errors and accelerating infrastructure deployment. All processing runs in your browser with no data sent to external servers.

Technical Details

The builder constructs SCC finding filter expressions for use in queries, alert rules, and saved dashboards. Filters use SCC's filter syntax matching: severity (CRITICAL/HIGH/MEDIUM/LOW), category (e.g., MISCONFIGURATION, VULNERABILITY, MALWARE), state (ACTIVE/INACTIVE/MUTED), resource type, time ranges, and custom indicators. Output is the filter expression usable in `gcloud scc findings list` and Terraform google_scc_notification_config resources.

Common Use Cases

1Generating gcp scc finding configurations for new infrastructure deployments.
2Validating existing configurations against best practices before applying changes.
3Learning GCP service configuration patterns through interactive examples.
4Accelerating infrastructure-as-code development by producing correct JSON/YAML starting points.

Common Questions

Does this tool connect to my GCP account?: No. This tool runs entirely in your browser and generates configuration JSON that you can copy and paste into your infrastructure-as-code templates, CLI commands, or cloud console. It never connects to any cloud account or sends data externally.
Are the generated configurations production-ready?: The tool produces syntactically valid configurations based on current GCP service specifications. Always review generated configs against your organization security policies and test in a non-production environment before deploying.

Expert Tips

TIP

SCC Premium tier costs ~$0.65/asset/month and includes Event Threat Detection, Container Threat Detection, and Web Security Scanner — substantially more than Standard tier (free, basic vulnerability findings only). For organizations subject to SOC 2 / PCI / HIPAA, Premium pays for itself.

TIP

Filter findings aggressively in dashboards. Default views show every finding which causes alert fatigue. Build saved filters for: 'critical findings unresolved >7 days' (high priority), 'high-severity production-only', 'compliance-relevant only'. Each team sees their relevant subset.

TIP

Mute irrelevant findings instead of leaving them open. SCC's mute feature is the right way to handle 'this finding doesn't apply to us' (e.g., 'public bucket' findings on intentionally-public CDN buckets). Muting documents the decision for audit; ignoring the finding leaves it forever in 'open' state.

Related Learning Guides

GCP Org Policy Reference8 min read
GCP IAM Role Finder5 min read

Was this tool helpful?

Disclaimer: This tool runs entirely in your browser. No data is sent to our servers. Always verify outputs before using them in production. AWS, Azure, and GCP are trademarks of their respective owners.