Console
    Contact Us Start free

    Mute findings in cases

    The SCC Enterprise - Urgent Posture Findings Connectoringests all findings into cases, but you might notice specific findings that appear irrelevant to your project or indicate an expected behavior. In this case, the flow of negligible findings might overcomplicate the security analyst workload and prevent analysts from effectively responding to important vulnerabilities. Instead of being constantly notified about the existing irrelevant findings in Security Command Center Enterprise, you can mute them.

    When you mute findings for cases, you prevent them from appearing in cases. You can mute findings in bulk by running a manual action on a case or mute an individual finding by running a manual action on the specific alert.

    Mute multiple findings

    If you mute all findings in a case, Security Command Center automatically closes the case.

    To mute multiple findings in a case, complete the following steps:

    1. In the Google Cloud console, open Risk > Cases.
    2. Select a case containing the findings to mute.
    3. In the Case Overviewtab, click Manual Action.
    4. In the manual action Searchfield, input Update Finding .

    5. In the search results under the GoogleSecurityCommandCenterintegration, select the Update Findingaction. The action dialog window opens.

      By default, the Run on Alertsparameter is set to the All Alertsvalue.

    6. Optional: To change the Run on Alertsparameter default settings, select the relevant finding types from the drop-down list.

    7. To configure the Finding Nameparameter, input the following placeholder: [Alert.TicketID]

      The placeholder dynamically retrieves finding names that correspond to selected alerts.

    8. To mute findings, set the Mute Statusparameter to Mute.

    9. Click Execute.

    Mute an individual finding

    Muting an individual finding requires you to run the Update Finding action on a specific alert in the case. The action doesn't affect other alerts in the case.

    To mute an individual finding, complete the following steps:

    1. In the Google Cloud console, go to Risk > Casesto open the Security Operations console Cases listpage.
    2. Select a case containing the findings to mute.
    3. In a case, select the alert containing a finding to mute.
    4. In an alert, go to the Eventstab.
    5. To retrieve a Finding Namefrom an event, click View More. The detailed view of the event opens.
    6. Under the Highlighted Fieldssection, find a Namefield name. Click its value to see the full finding name.

    7. Copy the full finding name value in the following format:

       organizations/ ORGANIZATION_ID 
/sources/ SOURCE_ID 
/finding/ FINDING_ID

    8. In the Alert Overviewtab of the selected alert, click Manual Action.

    9. In the manual action Searchfield, enter Update Finding .

    10. In the search results under the GoogleSecurityCommandCenterintegration, select the Update Findingaction. The action dialog window opens.

      By default, the Run on Alertsparameter is set to the selected alert value.

    11. To configure the Finding Nameparameter, paste the Namevalue that you've copied from the event detailed view.

    12. To mute a finding, set the Mute Statusparameter to Mute.

    13. Click Execute.

    What's next?
    Create a Mobile Website
    View Site in Mobile | Classic
    Share by: