gcloud alpha scc findings update

gcloud alpha scc findings update - update a Cloud Security Command Center finding
gcloud alpha scc findings update (FINDING : --organization=ORGANIZATION --source=SOURCE) [--event-time=EVENT_TIME] [--external-uri=EXTERNAL_URI] [--source-properties=[SOURCE_PROPERTIES,…]] [--state=STATE] [--update-mask=UPDATE_MASK] [GCLOUD_WIDE_FLAG]
(ALPHA) Update a Cloud Security Command Center finding.
Finding resource - The finding you want to update. The arguments in this group can be used to specify the attributes of this resource. This must be specified.
ID of the finding or fully qualified identifier for the finding. This positional must be specified if any of the other arguments in this group are specified.
(Optional) If the full resource name isn't provided e.g. organizations/123, then provide the organization id which is the suffix of the organization. Example: organizations/123, the id is 123.
(Optional) If the full resource name isn't provided e.g. organizations/123/sources/456, then provide the source id which is the suffix of the source. Example: organizations/123/sources/456, the id is 456.
Time at which the event took place. For example, if the finding represents an open firewall it would capture the time the open firewall was detected. If event-time is not provided, it will default to UTC version of NOW. For example 2019-02-28T07:00:00Z
URI that, if available, points to a web page outside of Cloud SCC (Security Command Center) where additional information about the finding can be found. This field is guaranteed to be either empty or a well formed URL.
Source specific properties. These properties are managed by the source that writes the finding. The key names in the source_properties map must be between 1 and 255 characters, and must start with a letter and contain alphanumeric characters or underscores only. For example "key1=val1,key2=val2"
State is one of: [ACTIVE, INACTIVE]. STATE must be one of: active, inactive, state-unspecified.
Optional: If left unspecified (default), an update-mask is automatically created using the flags specified in the command and only those values are updated. For example: --external-uri='<some-uri>' --event-time='<some-time>' would automatically generate --update-mask 'external_uri,event_time'. Note that as a result, only external-uri and event-time are updated for the given finding and everything else remains untouched. If you want to delete attributes/properties (that are not being changed in the update command) use an empty update-mask (''). That will delete all the mutable properties/attributes that aren't specified as flags in the update command. In the above example it would delete source-properties. State can be toggled from ACTIVE to INACTIVE and vice-versa but it cannot be deleted.
These flags are available to all commands: --account, --billing-project, --configuration, --flags-file, --flatten, --format, --help, --impersonate-service-account, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity.

Run $ gcloud help for details.

This command uses the securitycenter/v1 API. The full documentation for this API can be found at: https://console.cloud.google.com/apis/api/securitycenter.googleapis.com/overview
Update my-finding's state from ACTIVE to INACTIVE:
  $ gcloud alpha scc findings update my-finding \
      --organization=123456 --source=5678 --state INACTIVE

Override all source properties on my-finding:

  $ gcloud alpha scc findings update my-finding \
      --organization=123456 --source=5678 \
      --source-properties "propKey1=propVal1,propKey2=propVal2"

Selectively update a specific source property on my-finding:

  $ gcloud alpha scc findings update my-finding \
      --organization=123456 --source=5678 \
      --source-properties "propKey1=propVal1,propKey2=propVal2" \
      --update-mask "source_properties.propKey1"
This command is currently in ALPHA and may change without notice. If this command fails with API permission errors despite specifying the right project, you may be trying to access an API with an invitation-only early access whitelist.