- NAME
-
- gcloud scc findings update - update a Security Command Center finding
- SYNOPSIS
-
-
gcloud scc findings updateFINDING[--event-time=EVENT_TIME] [--external-uri=EXTERNAL_URI] [--___location=LOCATION; default="global"] [--source=SOURCE; default="-"] [--source-properties=[KEY=VALUE,…]] [--state=STATE] [--update-mask=UPDATE_MASK] [--folder=FOLDER|--organization=ORGANIZATION|--project=PROJECT] [GCLOUD_WIDE_FLAG …]
-
- DESCRIPTION
- Update a Security Command Center finding.
- EXAMPLES
-
Update testFinding's state from
ACTIVEtoINACTIVE:gcloud scc findings update `testFinding` --organization=123456 --source=5678 --state=INACTIVEUpdate testFinding's state from
ACTIVEtoINACTIVEusing project name for example-project:gcloud scc findings update projects/example-project/sources/5678/findings/testFinding --state=INACTIVEUpdate testFinding's state from
ACTIVEtoINACTIVEusing folder name456:gcloud scc findings update folders/456/sources/5678/findings/testFinding --state=INACTIVEOverride all source properties on
testFinding:gcloud scc findings update `testFinding` --organization=123456 --source=5678 --source-properties="propKey1=propVal1,propKey2=propVal2"Selectively update a specific source property on
testFinding:gcloud scc findings update `testFinding` --organization=123456 --source=5678 --source-properties="propKey1=propVal1,propKey2=propVal2" --update-mask="source_properties.propKey1"Update finding
testFindingwith___location=eu, state fromACTIVEtoINACTIVE:gcloud scc findings update `testFinding` --organization=123456 --source=5678 --state=INACTIVE --___location=eu - POSITIONAL ARGUMENTS
-
FINDING- ID of the finding or fully qualified identifier for the finding.
- FLAGS
-
--event-time=EVENT_TIME-
Time at which the event took place. For example, if the finding represents an
open firewall it would capture the time the open firewall was detected. If
event-time is not provided, it will default to UTC version of NOW. See
$ gcloud topic datetimesfor information on supported time formats. --external-uri=EXTERNAL_URI- URI that, if available, points to a web page outside of Cloud SCC (Security Command Center) where additional information about the finding can be found. This field is guaranteed to be either empty or a well formed URL.
--___location=LOCATION; default="global"-
When data residency controls are enabled, this attribute specifies the ___location
in which the resource is located and applicable. The
___locationattribute can be provided as part of the fully specified resource name or with the--___locationargument on the command line. The default ___location isglobal. NOTE: If you override the endpoint to a regional endpoint you must specify the correct data ___location using this flag. The default ___location on this command is unrelated to the default ___location that is specified when data residency controls are enabled for Security Command Center. --source=SOURCE; default="-"- Source id. Defaults to all sources.
--source-properties=[KEY=VALUE,…]- Source specific properties. These properties are managed by the source that writes the finding. The key names in the source_properties map must be between 1 and 255 characters, and must start with a letter and contain alphanumeric characters or underscores only. For example "key1=val1,key2=val2"
--state=STATE-
State is one of: [ACTIVE, INACTIVE].
STATEmust be one of:active,inactive,state-unspecified. --update-mask=UPDATE_MASK- Optional: If left unspecified (default), an update-mask is automatically created using the flags specified in the command and only those values are updated. For example: --external-uri='<some-uri>' --event-time='<some-time>' would automatically generate --update-mask='external_uri,event_time'. Note that as a result, only external-uri and event-time are updated for the given finding and everything else remains untouched. If you want to delete attributes/properties (that are not being changed in the update command) use an empty update-mask (''). That will delete all the mutable properties/attributes that aren't specified as flags in the update command. In the above example it would delete source-properties. State can be toggled from ACTIVE to INACTIVE and vice-versa but it cannot be deleted.
-
At most one of these can be specified:
--folder=FOLDER- The folder ID (e.g., 456) that contains the finding.
--organization=ORGANIZATION- The organization ID (e.g., 123) that contains the finding.
--project=PROJECT- The project ID (e.g., example-project) that contains the finding.
- GCLOUD WIDE FLAGS
-
These flags are available to all commands:
--access-token-file,--account,--billing-project,--configuration,--flags-file,--flatten,--format,--help,--impersonate-service-account,--log-http,--project,--quiet,--trace-token,--user-output-enabled,--verbosity.Run
$ gcloud helpfor details. - API REFERENCE
- This command uses the Security Command Center API. For more information, see Security Command Center API.
- NOTES
-
These variants are also available:
gcloud alpha scc findings updategcloud beta scc findings update
gcloud scc findings update
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2025-05-13 UTC.