Top CVE findings on your virtual machines

subrahmanyam425 · 06-20-2024 03:51 AM

Hi,

I am facing issue with Security Command Center(RiskOverview) page and given detailed steps as below.

I have permissions for Security Command Center(SCC) with "Enterprise" at Organization level and "Premium" at Project level.
But I could not be able to see any information in "RiskOver" page for "Top CVE findings on your virtual machines".
I have gone through various SCC documentations and changed IAM permissions for my account to see the information for "Top CVE findings on your virtual machines".
After trying a lot of ways, I came to here for a solution. Please suggest how to proceed further and if any other information is required from myside, please let me know. I will provide the required information.

Thanks and regards,
Subrahmanyam

vaskenh

Hi @subrahmanyam425 . This feature requires enabling VM Manager. Please see the below documentation on VM Manager and the associated setup process.

https://cloud.google.com/security-command-center/docs/concepts-security-sources#vm_manager

subrahmanyam425

Hi @vaskenh

I have previously followed it and also enabled VM manager API in my current project as well but that solution did not work for me.. I was able to see all components in Risk Overview page(SCC) except the "Top CVE findings on your virtual machines". For better understanding, I am attaching a screenshot.

For your information, I have installed xz-utils vulnerability and also see CVE under compute engine( under OS_Info). But the same(CVEs) are not reflecting in Findings page as well as "Top CVE findings on your virtual machines".

andras

I was having a look through the notes on this topic and trying to narrow down where the issue maybe.

Can you see the Vulnerabilities for the instance under the VM instance details?

Can you see the Vulnerability when looking for Vulnerabilities in your Findings List?