Security Command Center API

Name: Security Command Center API API
Brand: Security Command Center API
Availability: InStock

✓ Official Vendor SpecSecurityThreat Detectionoauth234 EndpointsREST

For Agents

List, mute, and triage GCP security findings, group assets, and stream new findings to Pub/Sub or BigQuery for AI agents.

Quickstart

Get started with Security Command Center API in minutes using your preferred integration method.

# Add to your MCP client config (Claude Desktop, Cursor, Windsurf)
{
  "jentic": {
    "url": "https://api.jentic.com/mcp",
    "auth": "oauth"
  }
}

# Then ask your agent:
"list active high severity findings in security command center"

# → Jentic returns the GET /events tool with parameter schema, agent executes.

Capabilities

What an agent can do with Security Command Center API API.

List and filter findings across an organization, folder, or project by category, severity, and state

Mute findings or set their state to ACTIVE or INACTIVE for triage workflows

Group assets and findings by arbitrary fields to produce posture summaries

Manage notification configs that publish new or updated findings to a Pub/Sub topic

GET STARTED

Start building with Security Command Center API API

Explore with Jentic

View OpenAPI Document

Use for: List all HIGH severity findings opened in the last 7 days, Mute a finding that has been triaged as a false positive, Set up a Pub/Sub notification for new findings in my organization, Group findings by category to see the top issue types

Not supported: Does not handle log ingestion, asset inventory enumeration, or IAM policy changes — use for surfacing, triaging, and routing GCP security findings only.

Security Command Center (SCC) is Google Cloud's centralized vulnerability and threat reporting service for GCP organizations. The API gives programmatic access to assets, findings, sources, and notification configs — the same data surfaced in the SCC dashboard. Agents can list and filter findings, mute or change finding state, group assets and findings, manage notification configs that stream events to Pub/Sub, and run BigQuery exports.

Use Cases

Patterns agents use Security Command Center API API for, with concrete tasks.

★ Centralized Cloud Security Posture

Pull findings from Security Command Center into a SIEM, ticketing system, or agent-driven posture dashboard. The API exposes assets across the GCP organization plus findings from built-in detectors (SHA, ETD, WSS, Container Threat Detection) and partner sources, with rich filtering and grouping. Most teams replace screen-scraping the SCC UI with a daily API sync.

Call POST /v1/organizations/{orgId}/sources/-/findings:group with groupBy='category,severity' and filter='state="ACTIVE"' to summarise active findings.

Automated Triage and Mute

Build automation that mutes known-benign findings (like internal IPs flagged as public-exposed test resources) so analysts only see actionable items. The setMute action records the rationale and stops downstream notifications, while setState lets you mark findings as INACTIVE once underlying issues are fixed. Mute rules and per-finding mutes are both supported.

Call POST /v1/{name}:setMute with muteState='MUTED' on a finding identified as a false positive, then POST setState with state='INACTIVE'.

Streaming Findings to Pub/Sub

Create a notification config so that every new or updated finding matching a filter is published to a Pub/Sub topic. Downstream subscribers (Cloud Run, BigQuery, on-prem SOC) get near-real-time delivery and can replay messages. This is the standard pattern for integrating SCC with custom incident response pipelines.

Call POST /v1/organizations/{orgId}/notificationConfigs with pubsubTopic and a filter like 'severity="HIGH" OR severity="CRITICAL"'.

AI Agent Security Co-Pilot

An AI agent acts as a co-pilot to a security team, reading new findings each morning, grouping them by category, drafting Jira tickets for the top issues, and muting recurring noise. Through Jentic the agent searches for SCC operations by intent and never holds raw GCP service account keys.

List ACTIVE findings with severity in (HIGH, CRITICAL), group by category, then for each top category create a Jira ticket and call setMute on duplicates.

Key Endpoints

34 endpoints — security command center (scc) is google cloud's centralized vulnerability and threat reporting service for gcp organizations.

METHOD

PATH

DESCRIPTION

GET

/v1/{+parent}/sources/-/findings

List findings under an org, folder, or project

POST

/v1/{+parent}/sources/-/findings:group

Group findings by arbitrary fields

POST

/v1/{+name}:setMute

Mute or unmute a finding

POST

/v1/{+name}:setState

Set a finding state to ACTIVE or INACTIVE

POST

/v1/{+parent}/notificationConfigs

Create a Pub/Sub notification config

POST

/v1/{+parent}/bigQueryExports

Create a BigQuery export for findings

GET

/v1/{+parent}/sources/-/findings

List findings under an org, folder, or project

POST

/v1/{+parent}/sources/-/findings:group

Group findings by arbitrary fields

POST

/v1/{+name}:setMute

Mute or unmute a finding

POST

/v1/{+name}:setState

Set a finding state to ACTIVE or INACTIVE

POST

/v1/{+parent}/notificationConfigs

Create a Pub/Sub notification config

Why though Jentic?

Three things that make agents converge on Jentic-routed access.

Credential isolation

GCP service account credentials and OAuth tokens are stored encrypted in the Jentic MAXsystem vault. Agents call SCC with a short-lived scoped access token and never see the underlying service account key material.

Intent-based discovery

Agents search Jentic by intent (e.g. 'list active high severity gcp findings') and Jentic returns the matching findings:list operation with its filter schema, so the agent does not need to learn SCC's filter DSL upfront.

Time to first call

Direct integration: 2-4 days to set up org-level IAM, sources, and notification plumbing. Through Jentic: under 1 hour — search, load, execute.

Related APIs

Alternatives and complements available in the Jentic catalogue.

Complementary

Google Cloud Asset Inventory API

Inventories every GCP resource so SCC findings can be correlated with asset metadata and ownership.

Use Cloud Asset Inventory to enumerate or search resources. Use Security Command Center for the security findings against them.

Complementary

Google Cloud Logging API

Provides the underlying audit and platform logs that complement SCC findings during incident investigation.

Use Cloud Logging when the agent needs raw audit events. Use SCC when it needs curated security findings.

Alternative

AWS Security Hub

AWS's equivalent CSPM and findings aggregator.

Choose Security Hub for AWS workloads. Choose SCC for Google Cloud.

Alternative

AWS GuardDuty

AWS's threat detection service, narrower than Security Hub's aggregator role.

Choose GuardDuty for AWS-native threat detection. Use SCC for Google Cloud threat and vulnerability findings.

FAQs

Specific to using Security Command Center API API through Jentic.

What authentication does the Security Command Center API use?

SCC uses OAuth 2.0 with the cloud-platform scope and IAM permissions like roles/securitycenter.findingsViewer or findingsEditor at the organization level. Through Jentic these credentials are stored encrypted in MAXsystem and a scoped token is provided at execution.

Can I bulk mute findings with the Security Command Center API?

Yes. POST /v1/{name}:bulkMute accepts a filter expression (e.g. category and resource attributes) and a muteAnnotation, then mutes every matching finding asynchronously and returns a long-running operation.

What are the rate limits for the Security Command Center API?

Google enforces a default per-organization quota of 600 read requests per minute and 60 write requests per minute, with separate group/list call budgets. Quotas can be raised via the Cloud Console quota page.

How do I subscribe to new findings through Jentic?

Run the Jentic search query 'create a security command center notification config', load the POST /v1/organizations/{org}/notificationConfigs operation, and execute it with your Pub/Sub topic and filter. New matching findings will publish to the topic in near real time.

Does SCC support folder- and project-level finding queries?

Yes. Findings can be listed under organizations/{org}/sources/-, folders/{folder}/sources/-, or projects/{project}/sources/- parents. Filters use the standard SCC filter syntax.

Can the API export findings to BigQuery for analytics?

Yes. Create a BigQueryExport resource under your organization or project that points at a target dataset; SCC will stream finding events to a structured table. List and update operations on bigQueryExports let you manage them over time.