This page explains the finding classes that the Security Command Centerservices use to report security issues in your environment.

In finding definitions, the finding class is stored in thefindingClassfield. For more information about thefindingClass field, seeFindingClass.

Some findings don't include a finding class definition. Security Command Centerclassifies these findings asFinding class unspecified.

The classes include the following:

• Chokepoint
• Misconfiguration
• Observation
• Posture violation
• SCC Error
• Threat
• Toxic combination
• Vulnerability
• Finding class unspecified

Chokepoint class

Findings in theChokepoint class identify a resource or resource group where high-risk attack paths converge, based on attack path simulations.

Remediating a chokepoint finding might remediate multiple toxic combinations.

For more information aboutChokepoint class findings, seeToxic combinations and chokepoints overview.

Misconfiguration class

Findings in theMisconfiguration class identify vulnerabilities caused bythe incorrect or suboptimal configuration of programs, assets, or otherresources. In most cases, you can fixthe problem by updating the configuration that is indicated in the findings.

Misconfigurations are a type of vulnerability. MostMisconfiguration findingsfrom the built-in Security Command Center services are documented inVulnerability findings.

Observation class

Findings in theObservation class describe an event, configurationdetail, or other issue in your environment that might not be a problemin itself, but could be if your environment were to be compromised.

Security Command Center services that commonly generate observations include thefollowing:

• Sensitive Data Protection
• Sensitive Actions Service

Posture violation class

Findings in thePosture violation class describe resource configurations thatdon't align with your organization'ssecurityposture or aCompliance Manager cloudcontrol.

SCC error class

Findings in theSCC error class identify a problem in the configurationof Security Command Center or one of its services that preventsSecurity Command Center from detecting security issues in yourGoogle Cloud environment.

For more information about findings in theSCC error class, seeOverview of Security Command Center errors.

Threat class

Findings in theThreat class identify a potential active attackor other unwanted or malicious activity.

Findings in theThreat class should be investigated immediately.

For more information about findings in theThreat class, seeRemediating threats.

Toxic combination class

Findings in theToxic combination class identify a group of securityissues that, when they occur together, create a path to one or more ofyour high-value resources that a determined attacker could potentiallyuse to reach and compromise those resources.

For more information aboutToxic combination class findings, seeToxic combinations and chokepoints overview.

Vulnerability class

Findings in theVulnerability class identify a flaw or weakness in softwareprograms that an attacker could use to gain access to orotherwise compromise your Google Cloud environment.

For more information about findings in theVulnerability class, seeVulnerability findings.

Finding class unspecified class

Findings in theFinding class unspecified class either don't havea value specified on thefindingClass property or don't include theproperty at all.

To determine whether the finding identifies a threat, vulnerability, orother class of security issue, you need to review the finding andinvestigate the issue that it identifies.

Typically, the service that generates the finding determines the findingclass and sets thefindingClass property. We recommend that integratedand third-party service providers set thefindingClass property, butdoing so is not required.