Security Command Center BigQuery Export
Security Command Center BigQuery Export in GCP lets you automatically export security findings, assets, and events from Security Command Center to BigQuery. This enables large‑scale analysis, custom reporting, and integration with analytics or SIEM workflows using SQL. It is useful for long‑term storage, trend analysis, and correlating security data across your environment.
gcp.securitycenter_big_query_export
Fields
| Title | ID | Type | Data Type | Description |
|---|
| _key | core | string | |
| ancestors | core | array<string> | |
| create_time | core | timestamp | Output only. The time at which the BigQuery export was created. This field is set by the server and will be ignored if provided on export on creation. |
| datadog_display_name | core | string | |
| dataset | core | string | The dataset to write findings' updates to. Its format is "projects/[project_id]/datasets/[bigquery_dataset_id]". BigQuery Dataset unique ID must contain only letters (a-z, A-Z), numbers (0-9), or underscores (_). |
| description | core | string | The description of the export (max of 1024 characters). |
| filter | core | string | Expression that defines the filter to apply across create/update events of findings. The expression is a list of zero or more restrictions combined via logical operators `AND` and `OR`. Parentheses are supported, and `OR` has higher precedence than `AND`. Restrictions have the form ` ` and may have a `-` character in front of them to indicate negation. The fields map to those defined in the corresponding resource. The supported operators are: * `=` for all value types. * `>`, `<`, `>=`, `<=` for integer values. * `:`, meaning substring matching, for strings. The supported value types are: * string literals in quotes. * integer literals without quotes. * boolean literals `true` and `false` without quotes. |
| labels | core | array<string> | |
| most_recent_editor | core | string | Output only. Email address of the user who last edited the BigQuery export. This field is set by the server and will be ignored if provided on export creation or update. |
| name | core | string | The relative resource name of this export. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name. Example format: "organizations/{organization_id}/bigQueryExports/{export_id}" Example format: "folders/{folder_id}/bigQueryExports/{export_id}" Example format: "projects/{project_id}/bigQueryExports/{export_id}" This field is provided in responses, and is ignored when provided in create requests. |
| organization_id | core | string | |
| parent | core | string | |
| principal | core | string | Output only. The service account that needs permission to create table and upload data to the BigQuery dataset. |
| project_id | core | string | |
| project_number | core | string | |
| region_id | core | string | |
| resource_name | core | string | |
| tags | core | hstore_csv | |
| update_time | core | timestamp | Output only. The most recent time at which the BigQuery export was updated. This field is set by the server and will be ignored if provided on export creation or update. |
| zone_id | core | string | |
