gcloud scc manage services update
- NAME
- gcloud scc manage services update - update a Security Command Center service
- SYNOPSIS
gcloud scc manage services updateSERVICE_NAME(--enablement-state=ENABLEMENT_STATE--module-config-file=PATH_TO_FILE)(--folder=FOLDER_ID|--organization=ORGANIZATION_ID|--parent=PARENT|--project=PROJECT_ID_OR_NUMBER)[--validate-only][GCLOUD_WIDE_FLAG …]
- DESCRIPTION
- Update the enablement state of the Security Center service and its correspondingmodules for the specified folder, project or organization.
- EXAMPLES
- To update a Security Center Service with name
shafor organization123, run:gcloudsccmanageservicesupdatesha--organization=organizations/123--enablement-state="ENABLED"To update a Security Center Service with name
shaand its modulesfor organization 123, run:gcloudsccmanageservicesupdatesha--organization=organizations/123--enablement-state="ENABLED"--module-config-file=module_config.yamlTo validate an update of Security Center Service with name
shaandits modules for organization 123, run:gcloudsccmanageservicesupdatesha--organization=organizations/123--enablement-state="ENABLED"--module-config-file=module_config.yaml--validate-only - POSITIONAL ARGUMENTS
SERVICE_NAME- The service name, provided either in lowercase hyphenated form (e.g.security-health-analytics), or in abbreviated form (e.g. sha) if applicable.
The list of supported services is:
- security-health-analytics (can be abbreviated as sha)
- event-threat-detection (can be abbreviated as etd)
- container-threat-detection (can be abbreviated as ctd)
- vm-threat-detection (can be abbreviated as vmtd)
- web-security-scanner (can be abbreviated as wss)
- vm-threat-detection-aws (can be abbreviated as vmtd-aws)
- cloud-run-threat-detection (can be abbreviated as crtd)
- vm-manager (can be abbreviated as vmm)
- ec2-vulnerability-assessment (can be abbreviated as ec2-va)
- gce-vulnerability-assessment (can be abbreviated as gce-va)
- azure-vulnerability-assessment (can be abbreviated as azure-va)
- notebook-security-scanner (can be abbreviated as nss)
- agent-engine-threat-detection (can be abbreviated as aetd)
- REQUIRED FLAGS
- At least one of these must be specified:
--enablement-state=ENABLEMENT_STATE- Sets the enablement state of the Security Center service. Valid options areENABLED, DISABLED, OR INHERITED. The INHERITED state is only valid when settingthe enablement state at the project or folder level.
--module-config-file=PATH_TO_FILE- Path to a JSON or YAML file that contains the module config to set for the givenmodule and service. Use a full or relative path to a local file containing thevalue of module_config_file.
- Exactly one of these must be specified:
--folder=FOLDER_ID- Folder associated with the custom module.
--organization=ORGANIZATION_ID- Organization associated with the custom module.
--parent=PARENT- Parent associated with the custom module. Can be one oforganizations/<id>, projects/<id or name>, folders/<id>
--project=PROJECT_ID_OR_NUMBER- Project associated with the custom module.
- At least one of these must be specified:
- OPTIONAL FLAGS
--validate-only- If present, the request is validated (including IAM checks) but no action istaken.
- GCLOUD WIDE FLAGS
- These flags are available to all commands:
--access-token-file,--account,--billing-project,--configuration,--flags-file,--flatten,--format,--help,--impersonate-service-account,--log-http,--project,--quiet,--trace-token,--user-output-enabled,--verbosity.Run
$gcloud helpfor details. - NOTES
- This variant is also available:
gcloudalphasccmanageservicesupdate
Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2025-11-18 UTC.