diff --git a/mmv1/products/securitycentermanagement/OrganizationEventThreatDetectionCustomModule.yaml b/mmv1/products/securitycentermanagement/OrganizationEventThreatDetectionCustomModule.yaml
new file mode 100644
index 000000000000..d5b4f9bc0992
--- /dev/null
+++ b/mmv1/products/securitycentermanagement/OrganizationEventThreatDetectionCustomModule.yaml
@@ -0,0 +1,111 @@
+# Copyright 2024 Google Inc.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+--- !ruby/object:Api::Resource
+name: 'OrganizationEventThreatDetectionCustomModule'
+description: |
+  Represents an instance of an Event Threat Detection custom module, including
+  its full module name, display name, enablement state, and last updated time.
+  You can create a custom module at the organization level only.
+references: !ruby/object:Api::Resource::ReferenceLinks
+  guides:
+    'Overview of custom modules for Event Threat Detection': 'https://cloud.google.com/security-command-center/docs/custom-modules-etd-overview'
+  api: 'https://cloud.google.com/security-command-center/docs/reference/security-center-management/rest/v1/organizations.locations.eventThreatDetectionCustomModules'
+base_url: 'organizations/{{organization}}/locations/{{location}}/eventThreatDetectionCustomModules'
+self_link: 'organizations/{{organization}}/locations/{{location}}/eventThreatDetectionCustomModules/{{name}}'
+mutex: 'organizations/{{organization}}/locations/{{location}}/eventThreatDetectionCustomModules'
+update_verb: :PATCH
+update_mask: true
+examples:
+  - !ruby/object:Provider::Terraform::Examples
+    name: "scc_management_organization_event_threat_detection_custom_module"
+    primary_resource_id: "example"
+    # Has a handwritten update test
+    skip_test: true
+    vars:
+      display_name: basic_custom_module
+      type: 'CONFIGURABLE_BAD_IP'
+    test_env_vars:
+      org_id: :ORG_ID
+
+parameters:
+  - !ruby/object:Api::Type::String
+    name: 'organization'
+    immutable: true
+    required: true
+    url_param_only: true
+    description: |
+      Numerical ID of the parent organization.
+
+  - !ruby/object:Api::Type::String
+    name: 'location'
+    immutable: true
+    required: false
+    url_param_only: true
+    default_value: 'global'
+    description: |
+      Location ID of the parent organization. Only global is supported at the moment.
+
+
+properties:
+  - !ruby/object:Api::Type::String
+    name: 'name'
+    output: true
+    custom_flatten: templates/terraform/custom_flatten/name_from_self_link.erb
+    description: |
+      The resource name of the Event Threat Detection custom module.
+      Its format is "organizations/{organization}/locations/{location}/eventThreatDetectionCustomModules/{eventThreatDetectionCustomModule}".
+  - !ruby/object:Api::Type::String
+    name: 'config'
+    required: false
+    custom_expand: 'templates/terraform/custom_expand/json_schema.erb'
+    custom_flatten: 'templates/terraform/custom_flatten/json_schema.erb'
+    state_func:
+      'func(v interface{}) string { s, _ := structure.NormalizeJsonString(v);
+      return s }'
+    description: |
+      Config for the module. For the resident module, its config value is defined at this level.
+      For the inherited module, its config value is inherited from the ancestor module.
+    validation: !ruby/object:Provider::Terraform::Validation
+      function: 'validation.StringIsJSON'
+  - !ruby/object:Api::Type::Enum
+    name: 'enablementState'
+    required: false
+    description: |
+      The state of enablement for the module at the given level of the hierarchy.
+    values:
+      - :ENABLED
+      - :DISABLED
+  - !ruby/object:Api::Type::String
+    name: 'type'
+    immutable: true
+    required: false
+    description: |
+      Immutable. Type for the module. e.g. CONFIGURABLE_BAD_IP.
+  - !ruby/object:Api::Type::String
+    name: 'displayName'
+    description: |
+      The human readable name to be displayed for the module.
+  - !ruby/object:Api::Type::String
+    name: 'updateTime'
+    output: true
+    description: |
+      The time at which the custom module was last updated.
+
+      A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and
+      up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
+  - !ruby/object:Api::Type::String
+    name: 'lastEditor'
+    output: true
+    description: |
+      The editor that last updated the custom module
diff --git a/mmv1/products/securitycentermanagement/product.yaml b/mmv1/products/securitycentermanagement/product.yaml
new file mode 100644
index 000000000000..1f8d5f92b745
--- /dev/null
+++ b/mmv1/products/securitycentermanagement/product.yaml
@@ -0,0 +1,23 @@
+# Copyright 2024 Google Inc.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+--- !ruby/object:Api::Product
+name: SecurityCenterManagement
+display_name: Security Command Center Management (SCC)
+legacy_name: scc_management
+versions:
+  - !ruby/object:Api::Product::Version
+    name: ga
+    base_url: https://securitycentermanagement.googleapis.com/v1/
+scopes:
+  - https://www.googleapis.com/auth/cloud-platform
diff --git a/mmv1/templates/terraform/examples/scc_management_organization_event_threat_detection_custom_module.tf.erb b/mmv1/templates/terraform/examples/scc_management_organization_event_threat_detection_custom_module.tf.erb
new file mode 100644
index 000000000000..ad7fed178439
--- /dev/null
+++ b/mmv1/templates/terraform/examples/scc_management_organization_event_threat_detection_custom_module.tf.erb
@@ -0,0 +1,19 @@
+resource "google_scc_management_organization_event_threat_detection_custom_module" "<%= ctx[:primary_resource_id] %>" {
+  organization = "<%= ctx[:test_env_vars]['org_id'] %>"
+  location = "global"
+  display_name = "<%= ctx[:vars]['display_name'] %>"
+  enablement_state = "ENABLED"
+  type = "<%= ctx[:vars]['type'] %>"
+  description = "My Event Threat Detection Custom Module"
+  config = jsonencode({
+    "metadata": {
+      "severity": "LOW",
+      "description": "Flagged by Forcepoint as malicious",
+      "recommendation": "Contact the owner of the relevant project."
+    },
+    "ips": [
+      "192.0.2.1",
+      "192.0.2.0/24"
+    ]
+  })
+}
diff --git a/mmv1/third_party/terraform/.teamcity/components/inputs/services_beta.kt b/mmv1/third_party/terraform/.teamcity/components/inputs/services_beta.kt
index 1ca3c967249c..8360ae4c1224 100644
--- a/mmv1/third_party/terraform/.teamcity/components/inputs/services_beta.kt
+++ b/mmv1/third_party/terraform/.teamcity/components/inputs/services_beta.kt
@@ -616,6 +616,11 @@ var ServicesListBeta = mapOf(
         "displayName" to "Securitycenter",
         "path" to "./google-beta/services/securitycenter"
     ),
+    "securitycentermanagement" to mapOf(
+        "name" to "securitycentermanagement",
+        "displayName" to "Securitycentermanagement",
+        "path" to "./google-beta/services/securitycentermanagement"
+    ),
     "securityposture" to mapOf(
         "name" to "securityposture",
         "displayName" to "Securityposture",
diff --git a/mmv1/third_party/terraform/.teamcity/components/inputs/services_ga.kt b/mmv1/third_party/terraform/.teamcity/components/inputs/services_ga.kt
index 64b7c62fe060..b29b26b26855 100644
--- a/mmv1/third_party/terraform/.teamcity/components/inputs/services_ga.kt
+++ b/mmv1/third_party/terraform/.teamcity/components/inputs/services_ga.kt
@@ -611,6 +611,11 @@ var ServicesListGa = mapOf(
         "displayName" to "Securitycenter",
         "path" to "./google/services/securitycenter"
     ),
+    "securitycentermanagement" to mapOf(
+        "name" to "securitycentermanagement",
+        "displayName" to "Securitycentermanagement",
+        "path" to "./google/services/securitycentermanagement"
+    ),
     "securityposture" to mapOf(
         "name" to "securityposture",
         "displayName" to "Securityposture",
diff --git a/mmv1/third_party/terraform/services/securitycentermanagement/resource_scc_management_organization_event_threat_detection_custom_module_test.go b/mmv1/third_party/terraform/services/securitycentermanagement/resource_scc_management_organization_event_threat_detection_custom_module_test.go
new file mode 100644
index 000000000000..1f6354341093
--- /dev/null
+++ b/mmv1/third_party/terraform/services/securitycentermanagement/resource_scc_management_organization_event_threat_detection_custom_module_test.go
@@ -0,0 +1,138 @@
+package securitycentermanagement_test
+
+import (
+	"fmt"
+	"strings"
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/terraform"
+
+	"github.com/hashicorp/terraform-provider-google/google/acctest"
+	"github.com/hashicorp/terraform-provider-google/google/envvar"
+	"github.com/hashicorp/terraform-provider-google/google/tpgresource"
+	transport_tpg "github.com/hashicorp/terraform-provider-google/google/transport"
+)
+
+func TestAccSecurityCenterManagementOrganizationEventThreatDetectionCustomModule(t *testing.T) {
+	t.Parallel()
+
+	context := map[string]interface{}{
+		"org_id":        envvar.GetTestOrgFromEnv(t),
+		"location":      "global",
+		"random_suffix": acctest.RandString(t, 10),
+	}
+
+	acctest.VcrTest(t, resource.TestCase{
+		PreCheck:                 func() { acctest.AccTestPreCheck(t) },
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t),
+		CheckDestroy:             testAccSecurityCenterManagementOrganizationEventThreatDetectionCustomModuleDestroyProducer(t),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccSecurityCenterManagementOrganizationEventThreatDetectionCustomModule__sccOrganizationCustomModuleExample(context),
+			},
+			{
+				ResourceName:            "google_scc_management_organization_event_threat_detection_custom_module.example",
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"organization", "location"},
+			},
+			{
+				Config: testAccSecurityCenterManagementOrganizationEventThreatDetectionCustomModule_sccOrganizationCustomModuleUpdate(context),
+			},
+			{
+				ResourceName:            "google_scc_management_organization_event_threat_detection_custom_module.example",
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"organization", "location"},
+			},
+		},
+	})
+}
+
+func testAccSecurityCenterManagementOrganizationEventThreatDetectionCustomModule__sccOrganizationCustomModuleExample(context map[string]interface{}) string {
+	return acctest.Nprintf(`
+resource "google_scc_management_organization_event_threat_detection_custom_module" "example" {
+	organization = "%{org_id}"
+	location = "%{location}"
+	display_name = "tf_test_custom_module%{random_suffix}"
+	enablement_state = "ENABLED"
+	type = "CONFIGURABLE_BAD_IP"
+	config = <<EOF
+              {"metadata": {
+				"severity": "LOW",
+				"description": "Flagged by Forcepoint as malicious",
+				"recommendation": "Contact the owner of the relevant project."
+			  },
+			  "ips": [
+				"192.0.2.1",
+				"192.0.2.0/24"
+			  ]}
+            EOF
+}
+`, context)
+}
+
+func testAccSecurityCenterManagementOrganizationEventThreatDetectionCustomModule_sccOrganizationCustomModuleUpdate(context map[string]interface{}) string {
+	return acctest.Nprintf(`
+resource "google_scc_management_organization_event_threat_detection_custom_module" "example" {
+	organization = "%{org_id}"
+	location = "%{location}"
+	display_name = "tf_test_custom_module%{random_suffix}_updated"
+	enablement_state = "DISABLED"
+	type = "CONFIGURABLE_BAD_IP"
+	config = <<EOF
+              {"metadata": {
+				"severity": "MEDIUM",
+				"description": "Flagged by Forcepoint as malicious",
+				"recommendation": "Contact the owner of the relevant project."
+			  },
+			  "ips": [
+				"192.0.2.1"
+			  ]}
+            EOF
+}
+`, context)
+}
+
+func testAccSecurityCenterManagementOrganizationEventThreatDetectionCustomModuleDestroyProducer(t *testing.T) func(s *terraform.State) error {
+	return func(s *terraform.State) error {
+		for name, rs := range s.RootModule().Resources {
+			if rs.Type != "google_scc_management_organization_event_threat_detection_custom_module" {
+				continue
+			}
+			if strings.HasPrefix(name, "data.") {
+				continue
+			}
+
+			config := acctest.GoogleProviderConfig(t)
+
+			location := rs.Primary.Attributes["location"]
+
+			url, err := tpgresource.ReplaceVarsForTest(config, rs, fmt.Sprintf("{{SecurityCenterBasePath}}organizations/{{organization}}/locations/%s/eventThreatDetectionCustomModules/{{name}}", location))
+
+			if err != nil {
+				return err
+			}
+
+			billingProject := ""
+
+			if config.BillingProject != "" {
+				billingProject = config.BillingProject
+			}
+
+			_, err = transport_tpg.SendRequest(transport_tpg.SendRequestOptions{
+				Config:    config,
+				Method:    "GET",
+				Project:   billingProject,
+				RawURL:    url,
+				UserAgent: config.UserAgent,
+			})
+			if err == nil {
+				return fmt.Errorf("ManagementOrganizationEventThreatDetectionCustomModule still exists at %s", url)
+			}
+		}
+
+		return nil
+	}
+}