gcloud scc manage services describe

NAME
gcloud scc manage services describe - get the details of a Security Command Center service
SYNOPSIS
gcloud scc manage services describeSERVICE_NAME(--folder=FOLDER_ID    |--organization=ORGANIZATION_ID    |--parent=PARENT    |--project=PROJECT_ID_OR_NUMBER)[--filter-modules=FILTER_MODULES][GCLOUD_WIDE_FLAG]
DESCRIPTION
Get the details of a Security Command Center service. It resolves INHERITEDenablement states to ENABLED or DISABLED for services at ancestor levels. Forexample, if the service is enabled at the ancestor level, services for all childresources will have the enablement state set to ENABLED.
EXAMPLES
To get the details of a Security Command Center service with namesha for organization123, run:
gcloudsccmanageservicesdescribesha--organization=123

To get the details of a Security Command Center service with namesha for folder456, run:

gcloudsccmanageservicesdescribesha--folder=456

To get the details of a Security Command Center service with IDshafor project789, run:

gcloudsccmanageservicesdescribesha--project=789

You can also specify the parent more generally:

gcloudsccmanageservicesdescribesha--parent=organizations/123

To get the details of modules,[ABC, DEF] of a Security CommandCenter service with namesha for organization123,run:

gcloudsccmanageservicesdescribesha--module-list=[ABC,DEF]--organization=123
POSITIONAL ARGUMENTS
SERVICE_NAME
The service name, provided either in lowercase hyphenated form (e.g.security-health-analytics), or in abbreviated form (e.g. sha) if applicable.

The list of supported services is:

  • security-health-analytics (can be abbreviated as sha)
  • event-threat-detection (can be abbreviated as etd)
  • container-threat-detection (can be abbreviated as ctd)
  • vm-threat-detection (can be abbreviated as vmtd)
  • web-security-scanner (can be abbreviated as wss)
  • vm-threat-detection-aws (can be abbreviated as vmtd-aws)
  • cloud-run-threat-detection (can be abbreviated as crtd)
  • vm-manager (can be abbreviated as vmm)
  • ec2-vulnerability-assessment (can be abbreviated as ec2-va)
  • gce-vulnerability-assessment (can be abbreviated as gce-va)
  • azure-vulnerability-assessment (can be abbreviated as azure-va)
  • notebook-security-scanner (can be abbreviated as nss)
  • agent-engine-threat-detection (can be abbreviated as aetd)
REQUIRED FLAGS
Exactly one of these must be specified:
--folder=FOLDER_ID
Folder associated with the custom module.
--organization=ORGANIZATION_ID
Organization associated with the custom module.
--parent=PARENT
Parent associated with the custom module. Can be one oforganizations/<id>, projects/<id or name>, folders/<id>
--project=PROJECT_ID_OR_NUMBER
Project associated with the custom module.
OPTIONAL FLAGS
--filter-modules=FILTER_MODULES
If provided, only prints module information for modules specified in the list.Provided as a comma separated list of module names in SCREAMING_SNAKE_CASEformat (e.g. WEB_UI_ENABLED, API_KEY_NOT_ROTATED). A single module name is alsovalid.
GCLOUD WIDE FLAGS
These flags are available to all commands:--access-token-file,--account,--billing-project,--configuration,--flags-file,--flatten,--format,--help,--impersonate-service-account,--log-http,--project,--quiet,--trace-token,--user-output-enabled,--verbosity.

Run$gcloud help for details.

NOTES
This variant is also available:
gcloudalphasccmanageservicesdescribe

Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2025-11-18 UTC.