HEX
Server: Apache/2.4.65 (Ubuntu)
System: Linux ielts-store-v2 6.8.0-1036-gcp #38~22.04.1-Ubuntu SMP Thu Aug 14 01:19:18 UTC 2025 x86_64
User: root (0)
PHP: 7.2.34-54+ubuntu20.04.1+deb.sury.org+1
Disabled: pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,
$ pwd: /snap/google-cloud-cli/current/help/man/man1/
Upload Files
File: //snap/google-cloud-cli/current/help/man/man1/gcloud_alpha_scc_findings_create.1
.TH "GCLOUD_ALPHA_SCC_FINDINGS_CREATE" 1



.SH "NAME"
.HP
gcloud alpha scc findings create \- create a Security Command Center finding



.SH "SYNOPSIS"
.HP
\f5gcloud alpha scc findings create\fR (\fIFINDING\fR\ :\ \fB\-\-organization\fR=\fIORGANIZATION\fR\ \fB\-\-source\fR=\fISOURCE\fR) \fB\-\-category\fR=\fICATEGORY\fR \fB\-\-event\-time\fR=\fIEVENT_TIME\fR \fB\-\-resource\-name\fR=\fIRESOURCE_NAME\fR [\fB\-\-external\-uri\fR=\fIEXTERNAL_URI\fR] [\fB\-\-location\fR=\fILOCATION\fR;\ default="global"] [\fB\-\-source\-properties\fR=[\fIKEY\fR=\fIVALUE\fR,...]] [\fB\-\-state\fR=\fISTATE\fR] [\fIGCLOUD_WIDE_FLAG\ ...\fR]



.SH "DESCRIPTION"

\fB(ALPHA)\fR Create a Security Command Center finding.



.SH "EXAMPLES"

Create an ACTIVE finding \f5testFinding\fR with category: XSS_SCRIPTING attached
to project with project number \f59876\fR under organization \f5123456\fR and
source \f55678\fR:

.RS 2m
$ gcloud alpha scc findings create `testFinding` \e
    \-\-organization=123456 \-\-source=5678 \-\-state=ACTIVE \e
    \-\-category='XSS_SCRIPTING' \e
    \-\-event\-time=2023\-01\-11T07:00:06.861Z \e
    \-\-resource\-name='//cloudresourcemanager.googleapis.com/projects/\e
9876'
.RE

Create an ACTIVE finding \f5testFinding\fR with category: XSS_SCRIPTING attached
to project with project number \f59876\fR under organization \f5123456\fR and
source \f55678\fR using the full resource name:

.RS 2m
$ gcloud alpha scc findings create \e
    organizations/123456/sources/5678/findings/testFinding \e
    \-\-state=ACTIVE \-\-category='XSS_SCRIPTING' \e
    \-\-event\-time=2023\-01\-11T07:00:06.861Z \e
    \-\-resource\-name='//cloudresourcemanager.googleapis.com/projects/\e
9876'
.RE

Create an ACTIVE finding \f5testFinding\fR with category: \f5XSS_SCRIPTING\fR
attached to project with project number`9876\f5 under organization \fR123456\f5,
source \fR5678\f5 and \fRlocation=eu\f5:

.RS 2m
$ gcloud alpha scc findings create `testFinding` \e
    \-\-organization=123456 \-\-source=5678 \-\-state=ACTIVE \e
    \-\-category='XSS_SCRIPTING' \e
    \-\-event\-time=2023\-01\-11T07:00:06.861Z \e
    \-\-resource\-name='//cloudresourcemanager.googleapis.com/projects/\e
9876' \-\-location=eu
.RE


\fR

.SH "POSITIONAL ARGUMENTS"

.RS 2m
.TP 2m

Finding resource \- The finding to be used for the SCC (Security Command Center)
command. The arguments in this group can be used to specify the attributes of
this resource.

This must be specified.


.RS 2m
.TP 2m
\fIFINDING\fR

ID of the finding or fully qualified identifier for the finding.

To set the \f5finding\fR attribute:
.RS 2m
.IP "\(bu" 2m
provide the argument \f5finding\fR on the command line.
.RE
.sp

This positional argument must be specified if any of the other arguments in this
group are specified.

.TP 2m
\fB\-\-organization\fR=\fIORGANIZATION\fR

(Optional) If the full resource name isn't provided e.g. organizations/123, then
provide the organization id which is the suffix of the organization. Example:
organizations/123, the id is 123.

To set the \f5organization\fR attribute:
.RS 2m
.IP "\(bu" 2m
provide the argument \f5finding\fR on the command line with a fully specified
name;
.IP "\(bu" 2m
provide the argument \f5\-\-organization\fR on the command line;
.IP "\(bu" 2m
Set the organization property in configuration using \f5gcloud config set
scc/organization\fR if it is not specified in command line..
.RE
.sp

.TP 2m
\fB\-\-source\fR=\fISOURCE\fR

(Optional) If the full resource name isn't provided e.g.
organizations/123/sources/456, then provide the source id which is the suffix of
the source. Example: organizations/123/sources/456, the id is 456.

To set the \f5source\fR attribute:
.RS 2m
.IP "\(bu" 2m
provide the argument \f5finding\fR on the command line with a fully specified
name;
.IP "\(bu" 2m
provide the argument \f5\-\-source\fR on the command line.
.RE
.sp


.RE
.RE
.sp

.SH "REQUIRED FLAGS"

.RS 2m
.TP 2m
\fB\-\-category\fR=\fICATEGORY\fR

Taxonomy group within findings from a given source. Example: XSS_SCRIPTING

.TP 2m
\fB\-\-event\-time\fR=\fIEVENT_TIME\fR

Time at which the event took place. For example, if the finding represents an
open firewall it would capture the time the open firewall was detected. If
event\-time is not provided, it will default to UTC version of NOW. See \f5$
gcloud topic datetimes\fR for information on supported time formats.

.TP 2m
\fB\-\-resource\-name\fR=\fIRESOURCE_NAME\fR

Full resource name of the Google Cloud Platform resource this finding is for.


.RE
.sp

.SH "OPTIONAL FLAGS"

.RS 2m
.TP 2m
\fB\-\-external\-uri\fR=\fIEXTERNAL_URI\fR

URI that, if available, points to a web page outside of Cloud SCC (Security
Command Center) where additional information about the finding can be found.
This field is guaranteed to be either empty or a well formed URL.

.TP 2m
\fB\-\-location\fR=\fILOCATION\fR; default="global"

When data residency controls are enabled, this attribute specifies the location
in which the resource is located and applicable. The \f5location\fR attribute
can be provided as part of the fully specified resource name or with the
\f5\-\-location\fR argument on the command line. The default location is
\f5global\fR.

NOTE: If you override the endpoint to a regional endpoint
(https://cloud.google.com/security\-command\-center/docs/reference/rest/index.html?rep_location=global#regional\-service\-endpoint)
you must specify the correct data location
(https://cloud.google.com/security\-command\-center/docs/data\-residency\-support#locations)
using this flag. The default location on this command is unrelated to the
default location that is specified when data residency controls are enabled for
Security Command Center.

NOTE: If no location is specified, the default location is \f5global\fR AND the
request will be routed to the SCC V1 API. To use the SCC V2 API \- please
explicitly specify the flag.

.TP 2m
\fB\-\-source\-properties\fR=[\fIKEY\fR=\fIVALUE\fR,...]

Source specific properties. These properties are managed by the source that
writes the finding. The key names in the source_properties map must be between 1
and 255 characters, and must start with a letter and contain alphanumeric
characters or underscores only. For example "key1=val1,key2=val2"

.TP 2m
\fB\-\-state\fR=\fISTATE\fR

State is one of: [ACTIVE, INACTIVE]. \fISTATE\fR must be one of: \fBactive\fR,
\fBinactive\fR, \fBstate\-unspecified\fR.


.RE
.sp

.SH "GCLOUD WIDE FLAGS"

These flags are available to all commands: \-\-access\-token\-file, \-\-account,
\-\-billing\-project, \-\-configuration, \-\-flags\-file, \-\-flatten,
\-\-format, \-\-help, \-\-impersonate\-service\-account, \-\-log\-http,
\-\-project, \-\-quiet, \-\-trace\-token, \-\-user\-output\-enabled,
\-\-verbosity.

Run \fB$ gcloud help\fR for details.



.SH "API REFERENCE"

This command uses the Security Command Center API. For more information, see
Security Command Center API.
(https://cloud.google.com/security\-command\-center/docs/reference/rest)



.SH "NOTES"

This command is currently in alpha and might change without notice. If this
command fails with API permission errors despite specifying the correct project,
you might be trying to access an API with an invitation\-only early access
allowlist. These variants are also available:

.RS 2m
$ gcloud scc findings create
.RE

.RS 2m
$ gcloud beta scc findings create
.RE
@ Telegram