Manage and remediate issues

Required roles

To get the permissions that you need to work with issues, ask your administrator to grant you the following IAM roles on the organization:

• To view issues, one of the following roles:
  • Security Center Findings Viewer ( roles/securitycenter.findingsViewer )
  • Security Center Issues Viewer ( roles/securitycenter.issuesViewer )
• To view, mute, and unmute issues: Security Center Issues Editor ( roles/securitycenter.issuesEditor )

For more information about granting roles, see Manage access to projects, folders, and organizations .

These predefined roles contain the permissions required to work with issues. To see the exact permissions that are required, expand the Required permissionssection:

Required permissions

The following permissions are required to work with issues:

• To view issues:
  • securitycenter.issues.get
  • securitycenter.issues.list
  • securitycenter.issues.group
  • securitycenter.issues.listFilterValues
• To mute and unmute issues: securitycenter.issues.mute

You might also be able to get these permissions with custom roles or other predefined roles .

View issues

You can find issues in two places:

• The Risk > Overviewpage. This page shows an at-a-glance view of the top risks found in your cloud environments, including issues.
• The Risk > Issuespage, which lists all issues found in your cloud environments. It also provides greater detail on each of the issues, including how to remediate them.

To view all issues, go to Risk > Issues.

To view individual issues, expand a detection group, and then click one of the issues in the group. The issue's details panel opens, which contains the following elements:

• A summary of the issue.
• An interactive attack path or evidence diagram.
• Findings related to the issue.
• A How to fixtab, which provides remediation steps.
• For toxic combinations and chokepoints, an Exposed valued resourcestab, which lists the high-valued resources that are affected by the issue.
• For security graph insights, an Impacted Resourcestab, which lists the resources that contribute to the issue. This tab displays if more than six resources contribute to an issue.
• A JSONtab, which provides the issue data in JSON format.

To step between issues in the queue, click the arrow icons next to the Take Actionsbutton.

Remediate issues

To remediate an issue, complete the following instructions:

1. To view all issues, go to Risk > Issues.
2. Select your Google Cloud organization.
3. By default, grouped issues are ranked by severity. Within the group, the issues are ranked by attack exposure score. To sort all issues by attack exposure score instead, disable Group by detections.
4. Select an issue.
5. Review the issue's description and evidence.
6. If there are related findings, view their details.
7. If multiple critical issues are found on a primary resource in a toxic combination or chokepoint, a message displays after the Evidencediagram. To optimize your remediation efforts, click Filter issues for this primary resourcein this message to focus on resolving issues for that specific resource. Click the back arrow near Add filterwhen you want to remove the filter.
8. Click Explore full attack pathsin the Evidencediagram for an in-depth understanding of the issue, and how the attack paths expose high-value resources.
9. Click How to fix, and follow the guidance to help mitigate the risk.

Mute issues

If the risk that's posed by an issue is acceptable to your business or you can't remediate it, you can choose to mute it. This tags the issue as muted, and records who muted the issue and when. You can only mute individual issues, not entire detections.

To mute an issue, complete the following steps:

1. Open an issue's details panel.
2. Click Take Actions.
3. Click Mute.
4. Enter the reason why you are muting the issue, and then click Mute.

After you've muted an issue, it can take a few minutes for this to be reflected in the issues list. After this, the issue won't show in the list with the default filters applied.

View muted issues

To view muted issues, click Add filter, and then add a Show muted issuesfilter with a value of Yes. Click Applyto apply the filter.

Unmute issues

To unmute an issue, complete the following steps:

1. Filter the view by muted issues .
2. Open the issue's details panel.
3. Click Take Actions.
4. Click Unmute.
5. Enter the reason why you are unmuting the issue, and then click Unmute.