Mengelola tanda keamanan menggunakan Security Command Center API

Panduan ini menjelaskan cara menggunakan Security Command Center Security Command Center API untuk mengelola tanda keamanan. Tanda keamanan, atau "tanda", adalah anotasi yang dapat disesuaikan pada aset atau temuan di Security Command Center yang memungkinkan Anda menambahkan konteks bisnis Anda sendiri ke objek ini.

Anda hanya dapat menambahkan atau memperbarui tanda keamanan pada aset yang didukung oleh Security Command Center. Untuk daftar aset yang didukung Security Command Center, lihat Jenis aset yang didukung di Security Command Center.

Sebelum memulai

Sebelum dapat menggunakan tanda keamanan, Anda perlu Menyiapkan akun layanan dan SDK.

Untuk menambahkan atau mengubah tanda keamanan, Anda harus memiliki peran Identity and Access Management yang menyertakan izin untuk jenis tanda yang ingin digunakan:

  • Tanda aset: Penulis Tanda Keamanan Aset, securitycenter.assetSecurityMarksWriter
  • Menemukan tanda: Finding Security Marks Writer, securitycenter.findingSecurityMarksWriter

Untuk mengetahui informasi selengkapnya tentang peran IAM di Security Command Center, lihat Kontrol akses. Untuk mempelajari cara menggunakan tanda keamanan secara efektif, lihat Menggunakan tanda keamanan Security Command Center.

Menambahkan atau memperbarui tanda keamanan pada aset

Saat menggunakan Security Command Center API, menambahkan dan memperbarui tanda keamanan adalah operasi yang sama. Contoh di bawah menunjukkan cara menambahkan tanda keamanan untuk dua key-value pair (key_a, value_a) dan (key_b, value_b).

Kode berikut menggunakan mask kolom untuk memastikan bahwa hanya nilai tersebut yang diupdate. Jika mask kolom tidak diberikan, semua tanda keamanan akan dihapus sebelum menambahkan kunci dan nilai yang diberikan.

gcloud

  # ORGANIZATION=12344321
  # ASSET=43211234
  SECURITY_MARKS="key_a=value_a,key_b=value_b"
  UPDATE_MASK="marks.key_a,marks.key_b"

  gcloud scc assets update-marks $ASSET \
      --organization $ORGANIZATION \
      --security-marks $SECURITY_MARKS \
      --update-mask $UPDATE_MASK

Untuk contoh lainnya, jalankan:

  gcloud scc assets update-marks --help

Python

from google.cloud import securitycenter
from google.protobuf import field_mask_pb2

# Create a new client.
client = securitycenter.SecurityCenterClient()

# 'asset_name' is the resource path for an asset that exists in SCC.
# Specify the value of 'asset_name' in one of the following formats:
#   f"organizations/{org_id}/assets/{asset_id}"
#   f"projects/{project_id}/assets/{asset_id}"
#   f"folders/{folder_id}/assets/{asset_id}"
# asset_name = organizations/123123342/assets/12312321
marks_name = f"{asset_name}/securityMarks"

# Notice the suffix after "marks." in the field mask matches the keys
# in marks.
field_mask = field_mask_pb2.FieldMask(paths=["marks.key_a", "marks.key_b"])
marks = {"key_a": "value_a", "key_b": "value_b"}

updated_marks = client.update_security_marks(
    request={
        "security_marks": {"name": marks_name, "marks": marks},
        "update_mask": field_mask,
    }
)
print(updated_marks)

Java

static SecurityMarks addToAsset(String assetName) {
  try (SecurityCenterClient client = SecurityCenterClient.create()) {
    // Specify the value of 'assetName' in one of the following formats:
    //    String assetName = "organizations/{org-id}/assets/{asset-id}";
    //    String assetName = "projects/{project-id}/assets/{asset-id}";
    //    String assetName = "folders/{folder-id}/assets/{asset-id}";
    //
    // Start setting up a request to add security marks for an asset.
    ImmutableMap markMap = ImmutableMap.of("key_a", "value_a", "key_b", "value_b");

    // Add security marks and field mask for security marks.
    SecurityMarks securityMarks =
        SecurityMarks.newBuilder()
            .setName(assetName + "/securityMarks")
            .putAllMarks(markMap)
            .build();
    FieldMask updateMask =
        FieldMask.newBuilder().addPaths("marks.key_a").addPaths("marks.key_b").build();

    UpdateSecurityMarksRequest request =
        UpdateSecurityMarksRequest.newBuilder()
            .setSecurityMarks(securityMarks)
            .setUpdateMask(updateMask)
            .build();

    // Call the API.
    SecurityMarks response = client.updateSecurityMarks(request);

    System.out.println("Security Marks:");
    System.out.println(response);
    return response;
  } catch (IOException e) {
    throw new RuntimeException("Couldn't create client.", e);
  }
}

Go

import (
	"context"
	"fmt"
	"io"

	securitycenter "cloud.google.com/go/securitycenter/apiv1"
	"cloud.google.com/go/securitycenter/apiv1/securitycenterpb"
	"google.golang.org/genproto/protobuf/field_mask"
)

// addSecurityMarks adds/updates the security marks for the assetName.
// Specifically, it sets "key_a" and "key_b" to "value_a" and "value_b"
// respectively.  assetName is the resource path for an asset.
func addSecurityMarks(w io.Writer, assetName string) error {
	// Specify the value of 'assetName' in one of the following formats:
	// 		assetName := "organizations/{org_id}/assets/{asset_id}"
	//		assetName := "projects/{project_id}/assets/{asset_id}"
	//		assetName := "folders/{folder_id}/assets/{asset_id}"
	// Instantiate a context and a security service client to make API calls.
	ctx := context.Background()
	client, err := securitycenter.NewClient(ctx)
	if err != nil {
		return fmt.Errorf("securitycenter.NewClient: %w", err)
	}
	defer client.Close() // Closing the client safely cleans up background resources.

	req := &securitycenterpb.UpdateSecurityMarksRequest{
		// If not set or empty, all marks would be cleared before
		// adding the new marks below.
		UpdateMask: &field_mask.FieldMask{
			Paths: []string{"marks.key_a", "marks.key_b"},
		},
		SecurityMarks: &securitycenterpb.SecurityMarks{
			Name: fmt.Sprintf("%s/securityMarks", assetName),
			// Note keys correspond to the last part of each path.
			Marks: map[string]string{"key_a": "value_a", "key_b": "value_b"},
		},
	}
	updatedMarks, err := client.UpdateSecurityMarks(ctx, req)
	if err != nil {
		return fmt.Errorf("UpdateSecurityMarks: %w", err)
	}

	fmt.Fprintf(w, "Updated marks: %s\n", updatedMarks.Name)
	for k, v := range updatedMarks.Marks {
		fmt.Fprintf(w, "%s = %s\n", k, v)
	}
	return nil

}

Node.js

// Imports the Google Cloud client library.
const {SecurityCenterClient} = require('@google-cloud/security-center');

// Creates a new client.
const client = new SecurityCenterClient();

async function addSecurityMarks() {
  // assetName is the full resource path for the asset to update.
  /*
   * TODO(developer): Uncomment the following lines
   */
  // Specify the value of 'assetName' in one of the following formats:
  //    `organizations/${org-id}/assets/${asset-id}`;
  //    `projects/${project-id}/assets/${asset-id}`;
  //    `folders/${folder-id}/assets/${asset-id}`;
  // const assetName = "organizations/123123342/assets/12312321";
  const [newMarks] = await client.updateSecurityMarks({
    securityMarks: {
      name: `${assetName}/securityMarks`,
      marks: {key_a: 'value_a', key_b: 'value_b'},
    },
    // Only update the marks with these keys.
    updateMask: {paths: ['marks.key_a', 'marks.key_b']},
  });

  console.log('New marks: %', newMarks);
}
addSecurityMarks();

Baca Mengelola kebijakan untuk mengetahui informasi tentang tanda aset khusus untuk detektor Security Health Analytics.

Menghapus tanda keamanan pada aset

Penghapusan tanda keamanan tertentu dilakukan dengan cara yang sama dengan menambahkan atau mengupdatenya, khususnya memanggil update dengan mask kolom, tetapi tanpa nilai yang sesuai. Pada contoh di bawah, tanda keamanan dengan kunci key_a dan key_b akan dihapus.

gcloud

  # ORGANIZATION=12344321
  # ASSET=43211234
  UPDATE_MASK="marks.key_a,marks.key_b"

  gcloud scc assets update-marks $ASSET \
      --organization $ORGANIZATION \
      --update-mask $UPDATE_MASK

Untuk contoh lainnya, jalankan:

  gcloud scc assets update-marks --help

Python

from google.cloud import securitycenter
from google.protobuf import field_mask_pb2

# Create a new client.
client = securitycenter.SecurityCenterClient()

# 'asset_name' is the resource path for an asset that exists in SCC.
# Specify the value of 'asset_name' in one of the following formats:
#   f"organizations/{org_id}/assets/{asset_id}"
#   f"projects/{project_id}/assets/{asset_id}"
#   f"folders/{folder_id}/assets/{asset_id}"
# asset_name = organizations/123123342/assets/12312321
marks_name = f"{asset_name}/securityMarks"

field_mask = field_mask_pb2.FieldMask(paths=["marks.key_a", "marks.key_b"])

updated_marks = client.update_security_marks(
    request={
        "security_marks": {
            "name": marks_name
            # Note, no marks specified, so the specified values in
            # the fields masks will be deleted.
        },
        "update_mask": field_mask,
    }
)
print(updated_marks)

Java

static SecurityMarks clearFromAsset(String assetName) {
  try (SecurityCenterClient client = SecurityCenterClient.create()) {
    // Specify the value of 'assetName' in one of the following formats:
    //    String assetName = "organizations/{org-id}/assets/{asset-id}";
    //    String assetName = "projects/{project-id}/assets/{asset-id}";
    //    String assetName = "folders/{folder-id}/assets/{asset-id}";
    // Start setting up a request to clear security marks for an asset.
    // Create security mark and field mask for clearing security marks.
    SecurityMarks securityMarks =
        SecurityMarks.newBuilder().setName(assetName + "/securityMarks").build();
    FieldMask updateMask =
        FieldMask.newBuilder().addPaths("marks.key_a").addPaths("marks.key_b").build();

    UpdateSecurityMarksRequest request =
        UpdateSecurityMarksRequest.newBuilder()
            .setSecurityMarks(securityMarks)
            .setUpdateMask(updateMask)
            .build();

    // Call the API.
    SecurityMarks response = client.updateSecurityMarks(request);

    System.out.println("Security Marks cleared:");
    System.out.println(response);
    return response;
  } catch (IOException e) {
    throw new RuntimeException("Couldn't create client.", e);
  }
}

Go

import (
	"context"
	"fmt"
	"io"

	securitycenter "cloud.google.com/go/securitycenter/apiv1"
	"cloud.google.com/go/securitycenter/apiv1/securitycenterpb"
	"google.golang.org/genproto/protobuf/field_mask"
)

// deleteSecurityMarks deletes security marks "key_a" and  "key_b" from
// assetName's marks. assetName is the resource path for an asset.
func deleteSecurityMarks(w io.Writer, assetName string) error {
	// Specify the value of 'assetName' in one of the following formats:
	// 		assetName := "organizations/{org_id}/assets/{asset_id}"
	//		assetName := "projects/{project_id}/assets/{asset_id}"
	//		assetName := "folders/{folder_id}/assets/{asset_id}"
	// Instantiate a context and a security service client to make API calls.
	ctx := context.Background()
	client, err := securitycenter.NewClient(ctx)
	if err != nil {
		return fmt.Errorf("securitycenter.NewClient: %w", err)
	}
	defer client.Close() // Closing the client safely cleans up background resources.

	req := &securitycenterpb.UpdateSecurityMarksRequest{
		// If not set or empty, all marks would be cleared.
		UpdateMask: &field_mask.FieldMask{
			Paths: []string{"marks.key_a", "marks.key_b"},
		},
		SecurityMarks: &securitycenterpb.SecurityMarks{
			Name: fmt.Sprintf("%s/securityMarks", assetName),
			// Intentionally not setting marks with the
			// corresponding field mask deletes them.
		},
	}
	updatedMarks, err := client.UpdateSecurityMarks(ctx, req)
	if err != nil {
		return fmt.Errorf("UpdateSecurityMarks: %w", err)
	}

	fmt.Fprintf(w, "Updated marks: %s\n", updatedMarks.Name)
	for k, v := range updatedMarks.Marks {
		fmt.Fprintf(w, "%s = %s\n", k, v)
	}
	return nil
}

Node.js

// Imports the Google Cloud client library.
const {SecurityCenterClient} = require('@google-cloud/security-center');

// Creates a new client.
const client = new SecurityCenterClient();

async function deleteSecurityMarks() {
  // assetName is the full resource path for the asset to update.
  /*
   * TODO(developer): Uncomment the following lines
   */
  // Specify the value of 'assetName' in one of the following formats:
  //    `organizations/${org-id}/assets/${asset-id}`;
  //    `projects/${project-id}/assets/${asset-id}`;
  //    `folders/${folder-id}/assets/${asset-id}`;
  // const assetName = "organizations/123123342/assets/12312321";
  const [newMarks] = await client.updateSecurityMarks({
    securityMarks: {
      name: `${assetName}/securityMarks`,
      // Intentionally, not setting marks to delete them.
    },
    // Only delete marks for the following keys.
    updateMask: {paths: ['marks.key_a', 'marks.key_b']},
  });

  console.log('Updated marks: %j', newMarks);
}
deleteSecurityMarks();

Menambahkan dan menghapus tanda keamanan dalam permintaan yang sama

Teknik untuk menambahkan dan memperbarui tanda keamanan serta menghapus tanda keamanan dapat digabungkan ke dalam permintaan yang sama. Pada contoh di bawah, key_a diperbarui saat key_b dihapus.

gcloud

  # ORGANIZATION=12344321
  # ASSET=43211234
  SECURITY_MARKS="key_a=new_value_for_a"
  UPDATE_MASK="marks.key_a,marks.key_b"

  gcloud scc assets update-marks $ASSET \
      --organization $ORGANIZATION \
      --security-marks $SECURITY_MARKS \
      --update-mask $UPDATE_MASK

Untuk contoh lainnya, jalankan:

  gcloud scc assets update-marks --help

gcloud

  # ORGANIZATION=12344321
  # ASSET=43211234
  SECURITY_MARKS="key_a=new_value_for_a"
  UPDATE_MASK="marks.key_a,marks.key_b"

  gcloud scc assets update-marks $ASSET \
      --organization $ORGANIZATION \
      --security-marks $SECURITY_MARKS \
      --update-mask $UPDATE_MASK

Untuk contoh lainnya, jalankan:

  gcloud scc assets update-marks --help

Python

from google.cloud import securitycenter
from google.protobuf import field_mask_pb2

client = securitycenter.SecurityCenterClient()
# 'asset_name' is the resource path for an asset that exists in SCC.
# Specify the value of 'asset_name' in one of the following formats:
#   f"organizations/{org_id}/assets/{asset_id}"
#   f"projects/{project_id}/assets/{asset_id}"
#   f"folders/{folder_id}/assets/{asset_id}"
# asset_name = organizations/123123342/assets/12312321
marks_name = f"{asset_name}/securityMarks"

field_mask = field_mask_pb2.FieldMask(paths=["marks.key_a", "marks.key_b"])
marks = {"key_a": "new_value_for_a"}

updated_marks = client.update_security_marks(
    request={
        "security_marks": {"name": marks_name, "marks": marks},
        "update_mask": field_mask,
    }
)
print(updated_marks)

Java

static SecurityMarks deleteAndUpdateMarks(String assetName) {
  try (SecurityCenterClient client = SecurityCenterClient.create()) {
    // Specify the value of 'assetName' in one of the following formats:
    //    String assetName = "organizations/{org-id}/assets/{asset-id}";
    //    String assetName = "projects/{project-id}/assets/{asset-id}";
    //    String assetName = "folders/{folder-id}/assets/{asset-id}";
    // Start setting up a request to clear and update security marks for an asset.
    // Create security mark and field mask for clearing security marks.
    SecurityMarks securityMarks =
        SecurityMarks.newBuilder()
            .setName(assetName + "/securityMarks")
            .putMarks("key_a", "new_value_for_a")
            .build();
    FieldMask updateMask =
        FieldMask.newBuilder().addPaths("marks.key_a").addPaths("marks.key_b").build();

    UpdateSecurityMarksRequest request =
        UpdateSecurityMarksRequest.newBuilder()
            .setSecurityMarks(securityMarks)
            .setUpdateMask(updateMask)
            .build();

    // Call the API.
    SecurityMarks response = client.updateSecurityMarks(request);

    System.out.println("Security Marks updated and cleared:");
    System.out.println(response);
    return response;
  } catch (IOException e) {
    throw new RuntimeException("Couldn't create client.", e);
  }
}

Go

import (
	"context"
	"fmt"
	"io"

	securitycenter "cloud.google.com/go/securitycenter/apiv1"
	"cloud.google.com/go/securitycenter/apiv1/securitycenterpb"
	"google.golang.org/genproto/protobuf/field_mask"
)

// addDeleteSecurityMarks adds/updates "key_a" and deletes  "key_b" from
// assetName's securityMarks. assetName is the resource path for an asset.
func addDeleteSecurityMarks(w io.Writer, assetName string) error {
	// Specify the value of 'assetName' in one of the following formats:
	// 		assetName := "organizations/{org_id}/assets/{asset_id}"
	//		assetName := "projects/{project_id}/assets/{asset_id}"
	//		assetName := "folders/{folder_id}/assets/{asset_id}"
	// Instantiate a context and a security service client to make API calls.
	ctx := context.Background()
	client, err := securitycenter.NewClient(ctx)
	if err != nil {
		return fmt.Errorf("securitycenter.NewClient: %w", err)
	}
	defer client.Close() // Closing the client safely cleans up background resources.

	req := &securitycenterpb.UpdateSecurityMarksRequest{
		// If not set or empty, all marks would be cleared.
		UpdateMask: &field_mask.FieldMask{
			Paths: []string{"marks.key_a", "marks.key_b"},
		},
		SecurityMarks: &securitycenterpb.SecurityMarks{
			Name: fmt.Sprintf("%s/securityMarks", assetName),
			// Intentionally not setting marks for key_b to
			// delete it.
			Marks: map[string]string{"key_a": "new_value_a"},
		},
	}

	updatedMarks, err := client.UpdateSecurityMarks(ctx, req)
	if err != nil {
		return fmt.Errorf("UpdateSecurityMarks: %w", err)
	}

	fmt.Fprintf(w, "Updated marks: %s\n", updatedMarks.Name)
	for k, v := range updatedMarks.Marks {
		fmt.Fprintf(w, "%s = %s\n", k, v)
	}
	return nil
}

Node.js

// Imports the Google Cloud client library.
const {SecurityCenterClient} = require('@google-cloud/security-center');

// Creates a new client.
const client = new SecurityCenterClient();

async function addDeleteSecurityMarks() {
  // assetName is the full resource path for the asset to update.
  // Specify the value of 'assetName' in one of the following formats:
  //    `organizations/${org-id}/assets/${asset-id}`;
  //    `projects/${project-id}/assets/${asset-id}`;
  //    `folders/${folder-id}/assets/${asset-id}`;
  const [newMarks] = await client.updateSecurityMarks({
    securityMarks: {
      name: `${assetName}/securityMarks`,
      marks: {key_a: 'new_value_a'},
    },
    // Only update the enableAssetDiscovery field.
    updateMask: {paths: ['marks.key_a', 'marks.key_b']},
  });

  console.log('New marks: %j', newMarks);
}
addDeleteSecurityMarks();

Menambahkan Tanda Keamanan ke Temuan

Menambahkan, memperbarui, dan menghapus tanda keamanan pada temuan mengikuti proses yang sama dengan memperbarui tanda keamanan pada aset. Satu-satunya perubahan adalah nama resource yang digunakan dalam panggilan API. Alih-alih resource aset, Anda memberikan nama resource temuan.

Misalnya, untuk memperbarui tanda keamanan pada temuan, gunakan kode berikut:

gcloud

  # ORGANIZATION=12344321
  # SOURCE=43211234
  # FINDING_ID=testfindingid
  SECURITY_MARKS="key_a=value_a,key_b=value_b"
  UPDATE_MASK="marks.key_a,marks.key_b"

  gcloud scc findings update-marks $FINDING_ID \
      --source $SOURCE \
      --organization $ORGANIZATION \
      --security-marks $SECURITY_MARKS \
      --update-mask $UPDATE_MASK

Untuk contoh lainnya, jalankan:

  gcloud scc findings update-marks --help

Python

from google.cloud import securitycenter
from google.protobuf import field_mask_pb2

client = securitycenter.SecurityCenterClient()
# 'finding_name' is the resource path for a finding that exists in SCC.
# Specify the value of 'asset_name' in one of the following formats:
#   f"organizations/{org_id}/assets/{asset_id}"
#   f"projects/{project_id}/assets/{asset_id}"
#   f"folders/{folder_id}/assets/{asset_id}"
# finding_name = "organizations/1112/sources/1234/findings/findingid"
finding_marks_name = f"{finding_name}/securityMarks"

# Notice the suffix after "marks." in the field mask matches the keys
# in marks.
field_mask = field_mask_pb2.FieldMask(
    paths=["marks.finding_key_a", "marks.finding_key_b"]
)
marks = {"finding_key_a": "value_a", "finding_key_b": "value_b"}

updated_marks = client.update_security_marks(
    request={
        "security_marks": {"name": finding_marks_name, "marks": marks},
        "update_mask": field_mask,
    }
)

Java

static SecurityMarks addToFinding(FindingName findingName) {
  try (SecurityCenterClient client = SecurityCenterClient.create()) {
    // Start setting up a request to add security marks for a finding.
    ImmutableMap markMap = ImmutableMap.of("key_a", "value_a", "key_b", "value_b");

    // Specify the value of 'findingName' in one of the following formats:
    //    FindingName.ofOrganizationSourceFindingName("org-id", "source", "finding-id");
    //    FindingName.ofProjectSourceFindingName("project-id", "source", "finding-id");
    //    FindingName.ofFolderSourceFindingName("folder-id", "source", "finding-id");
    // Add security marks and field mask for security marks.
    SecurityMarks securityMarks =
        SecurityMarks.newBuilder()
            .setName(findingName + "/securityMarks")
            .putAllMarks(markMap)
            .build();
    FieldMask updateMask =
        FieldMask.newBuilder().addPaths("marks.key_a").addPaths("marks.key_b").build();

    UpdateSecurityMarksRequest request =
        UpdateSecurityMarksRequest.newBuilder()
            .setSecurityMarks(securityMarks)
            .setUpdateMask(updateMask)
            .build();

    // Call the API.
    SecurityMarks response = client.updateSecurityMarks(request);

    System.out.println("Security Marks:");
    System.out.println(response);
    return response;
  } catch (IOException e) {
    throw new RuntimeException("Couldn't create client.", e);
  }
}

Go

import (
	"context"
	"fmt"
	"io"

	securitycenter "cloud.google.com/go/securitycenter/apiv1"
	"cloud.google.com/go/securitycenter/apiv1/securitycenterpb"
	"google.golang.org/genproto/protobuf/field_mask"
)

// addSecurityMarks adds/updates security marks for the findingName and
// returns the updated marks. Specifically, it sets "key_a" an "key_b" to
// "value_a" and "value_b" respectively. findingName is the resource path for
// the finding to add marks to.
func addSecurityMarks(w io.Writer, findingName string) error {
	// Specify the value of 'findingName' in one of the following formats:
	// 		"organizations/{orgId}/sources/{sourceId}/findings/{findingId}"
	// 		"projects/{projectId}/sources/{sourceId}/findings/{findingId}"
	// 		"folders/{folderId}/sources/{sourceId}/findings/{findingId}"
	// Instantiate a context and a security service client to make API calls.
	ctx := context.Background()
	client, err := securitycenter.NewClient(ctx)
	if err != nil {
		return fmt.Errorf("securitycenter.NewClient: %w", err)
	}
	defer client.Close() // Closing the client safely cleans up background resources.

	req := &securitycenterpb.UpdateSecurityMarksRequest{
		// If not set or empty, all marks would be cleared before
		// adding the new marks below.
		UpdateMask: &field_mask.FieldMask{
			Paths: []string{"marks.key_a", "marks.key_b"},
		},
		SecurityMarks: &securitycenterpb.SecurityMarks{
			Name: fmt.Sprintf("%s/securityMarks", findingName),
			// Note keys correspond to the last part of each path.
			Marks: map[string]string{"key_a": "value_a", "key_b": "value_b"},
		},
	}

	updatedMarks, err := client.UpdateSecurityMarks(ctx, req)
	if err != nil {
		return fmt.Errorf("UpdateSecurityMarks: %w", err)
	}

	fmt.Fprintf(w, "Updated marks: %s\n", updatedMarks.Name)
	for k, v := range updatedMarks.Marks {
		fmt.Fprintf(w, "%s = %s\n", k, v)
	}
	return nil
}

Node.js

// Imports the Google Cloud client library.
const {SecurityCenterClient} = require('@google-cloud/security-center');

// Creates a new client.
const client = new SecurityCenterClient();

async function addFindingSecurityMarks() {
  // findingName is the full resource path for the finding to update.
  /*
   * TODO(developer): Uncomment the following lines
   */
  // Specify the value of 'findingName' in one of the following formats:
  //    `organizations/${org-id}/assets/${asset-id}/findings/${finding-id}`;
  //    `projects/${project-id}/assets/${asset-id}/findings/${finding-id}`;
  //    `folders/${folder-id}/assets/${asset-id}/findings/${finding-id}`;
  const [newMarks] = await client.updateSecurityMarks({
    securityMarks: {
      name: `${findingName}/securityMarks`,
      marks: {key_a: 'value_a', key_b: 'value_b'},
    },
    // Only update the marks with these keys.
    updateMask: {paths: ['marks.key_a', 'marks.key_b']},
  });

  console.log('New marks: %j', newMarks);
}
addFindingSecurityMarks();

Tanda keamanan diproses selama pemindaian batch, yang berjalan dua kali sehari, dan tidak secara real time. Mungkin ada penundaan 12 hingga 24 jam sebelum tanda keamanan diproses dan kebijakan penegakan yang menyelesaikan atau membuka kembali temuan diterapkan.

Mencantumkan aset dengan filter tanda keamanan

Setelah ditetapkan pada aset, tanda keamanan dapat digunakan dalam argumen filter ke panggilan API ListAssets. Misalnya, guna membuat kueri untuk semua aset yang berisi key_a = value_a, gunakan kode berikut:

gcloud

  # ORGANIZATION=12344321
  FILTER="security_marks.marks.key_a = \"value_a\""

  gcloud scc assets list $ORGANIZATION \
      --filter "$FILTER"

Untuk contoh lainnya, jalankan:

  gcloud scc assets list --help

Python

from google.cloud import securitycenter

client = securitycenter.SecurityCenterClient()

# 'parent' must be in one of the following formats:
#   "organizations/{organization_id}"
#   "projects/{project_id}"
#   "folders/{folder_id}"
parent = f"organizations/{organization_id}"

marks_filter = 'security_marks.marks.key_a = "value_a"'
# Call the API and print results.
asset_iterator = client.list_assets(
    request={"parent": parent, "filter": marks_filter}
)
for i, asset_result in enumerate(asset_iterator):
    print(i, asset_result)

Java

static ImmutableList<ListAssetsResult> listAssetsWithQueryMarks(
    OrganizationName organizationName) {
  try (SecurityCenterClient client = SecurityCenterClient.create()) {
    // Start setting up a request to list all assets filtered by a specific security mark.
    // Parent must be in one of the following formats:
    //    OrganizationName organizationName = OrganizationName.of("organization-id");
    //    ProjectName projectName = ProjectName.of("project-id");
    //    FolderName folderName = FolderName.of("folder-id");
    ListAssetsRequest request =
        ListAssetsRequest.newBuilder()
            .setParent(organizationName.toString())
            .setFilter("security_marks.marks.key_a = \"value_a\"")
            .build();

    // Call the API.
    ListAssetsPagedResponse response = client.listAssets(request);

    // This creates one list for all assets.  If your organization has a large number of assets
    // this can cause out of memory issues.  You can process them batches by returning
    // the Iterable returned response.iterateAll() directly.
    ImmutableList<ListAssetsResult> results = ImmutableList.copyOf(response.iterateAll());
    System.out.println("Assets with security mark - key_a=value_a:");
    System.out.println(results);
    return results;
  } catch (IOException e) {
    throw new RuntimeException("Couldn't create client.", e);
  }
}

Go

import (
	"context"
	"fmt"
	"io"

	securitycenter "cloud.google.com/go/securitycenter/apiv1"
	"cloud.google.com/go/securitycenter/apiv1/securitycenterpb"
	"google.golang.org/api/iterator"
)

// listAssetsWithMarks prints assets that have a mark of key_a equal to value_a
// to w for orgID.  orgID is the numeric Organization ID.
func listAssetsWithMarks(w io.Writer, orgID string) error {
	// orgID := "12321311"
	// Instantiate a context and a security service client to make API calls.
	ctx := context.Background()
	client, err := securitycenter.NewClient(ctx)
	if err != nil {
		return fmt.Errorf("securitycenter.NewClient: %w", err)
	}
	defer client.Close() // Closing the client safely cleans up background resources.

	req := &securitycenterpb.ListAssetsRequest{
		// Parent must be in one of the following formats:
		//		"organizations/{orgId}"
		//		"projects/{projectId}"
		//		"folders/{folderId}"
		Parent: fmt.Sprintf("organizations/%s", orgID),
		Filter: `security_marks.marks.key_a = "value_a"`,
	}

	it := client.ListAssets(ctx, req)
	for {
		result, err := it.Next()
		if err == iterator.Done {
			break
		}
		if err != nil {
			return fmt.Errorf("ListAssets: %w", err)
		}
		asset := result.Asset
		properties := asset.SecurityCenterProperties
		fmt.Fprintf(w, "Asset Name: %s, ", asset.Name)
		fmt.Fprintf(w, "Resource Name %s, ", properties.ResourceName)
		fmt.Fprintf(w, "Resource Type %s\n", properties.ResourceType)
	}
	return nil
}

Node.js

// Imports the Google Cloud client library.
const {SecurityCenterClient} = require('@google-cloud/security-center');

// Creates a new client.
const client = new SecurityCenterClient();
//  organizationId is the numeric ID of the organization.
/*
 * TODO(developer): Uncomment the following lines
 */
// parent: must be in one of the following formats:
//    `organizations/${organization_id}`
//    `projects/${project_id}`
//    `folders/${folder_id}`
const parent = `organizations/${organizationId}`;

// Call the API with automatic pagination.
async function listAssetsWithSecurityMarks() {
  const [response] = await client.listAssets({
    parent: parent,
    filter: 'security_marks.marks.key_a="value_a"',
  });
  let count = 0;
  Array.from(response).forEach(result =>
    console.log(
      `${++count} ${result.asset.name} ${
        result.asset.securityCenterProperties.resourceName
      }`
    )
  );
}

listAssetsWithSecurityMarks();

Mencantumkan temuan dengan filter tanda keamanan

Setelah ditetapkan pada temuan, tanda keamanan dapat digunakan dalam argumen filter ke panggilan API ListFindings. Misalnya, untuk mengkueri semua aset tempat key_a != value_a, gunakan kode berikut:

gcloud

  # ORGANIZATION=12344321
  # SOURCE=43211234
  FILTER="NOT security_marks.marks.key_a=\"value_a\""

  gcloud scc findings list $ORGANIZATION \
      --source $SOURCE \
      --filter "$FILTER"

Untuk contoh lainnya, jalankan:

  gcloud scc findings list --help

Python

from google.cloud import securitycenter

client = securitycenter.SecurityCenterClient()

# 'source_name' is the resource path for a source that has been
# created previously (you can use list_sources to find a specific one).
# Its format is:
# source_name = "{parent}/sources/{source_id}"
# 'parent' must be in one of the following formats:
#   "organizations/{organization_id}"
#   "projects/{project_id}"
#   "folders/{folder_id}"
# source_name = "organizations/111122222444/sources/1234"
marks_filter = 'NOT security_marks.marks.finding_key_a="value_a"'

# Call the API and print results.
finding_iterator = client.list_findings(
    request={"parent": source_name, "filter": marks_filter}
)
for i, finding_result in enumerate(finding_iterator):
    print(i, finding_result)

Java

static ImmutableList<ListFindingsResult> listFindingsWithQueryMarks(SourceName sourceName) {
  try (SecurityCenterClient client = SecurityCenterClient.create()) {
    // Start setting up a request to list all findings filtered by a specific security mark.
    //
    // 'parent' must be in one of the following formats:
    //    * OrganizationName organizationName = OrganizationName.of("organization-id");
    //      String parent = organizationName.getOrganization();
    //    * ProjectName projectName = ProjectName.of("project-id");
    //      String parent = projectName.getProject();
    //    * FolderName folderName = FolderName.of("folder-id");
    //      String parent = folderName.getFolder();
    // SourceName sourceName = SourceName.of(parent, {source-id});

    String filter = "NOT security_marks.marks.key_a=\"value_a\"";

    ListFindingsRequest.Builder request =
        ListFindingsRequest.newBuilder().setParent(sourceName.toString()).setFilter(filter);

    // Call the API.
    ListFindingsPagedResponse response = client.listFindings(request.build());

    // This creates one list for all findings in the filter.If your organization has a large
    // number of
    // findings this can cause out of memory issues.  You can process them batches by returning
    // the Iterable returned response.iterateAll() directly.
    ImmutableList<ListFindingsResult> results = ImmutableList.copyOf(response.iterateAll());
    System.out.println("Findings with security mark - key_a=value_a:");
    System.out.println(results);
    return results;
  } catch (IOException e) {
    throw new RuntimeException("Couldn't create client.", e);
  }
}

Go

import (
	"context"
	"fmt"
	"io"

	securitycenter "cloud.google.com/go/securitycenter/apiv1"
	"cloud.google.com/go/securitycenter/apiv1/securitycenterpb"
	"google.golang.org/api/iterator"
)

// listFindingsWithMarks prints findings that don't have a security mark
// key_a equal to value_a to w.  sourceName is the full resource name
// of the source to search for findings under.
func listFindingsWithMarks(w io.Writer, sourceName string) error {
	// sourceName := "{parent}/sources/{sourceId}"
	// where,
	// Parent must be in one of the following formats:
	//		"organizations/{orgId}"
	//		"projects/{projectId}"
	//		"folders/{folderId}"
	// Instantiate a context and a security service client to make API calls.
	ctx := context.Background()
	client, err := securitycenter.NewClient(ctx)
	if err != nil {
		return fmt.Errorf("securitycenter.NewClient: %w", err)
	}
	defer client.Close() // Closing the client safely cleans up background resources.

	req := &securitycenterpb.ListFindingsRequest{
		Parent: sourceName,
		Filter: `NOT security_marks.marks.key_a="value_a"`,
	}
	it := client.ListFindings(ctx, req)
	for {
		result, err := it.Next()
		if err == iterator.Done {
			break
		}
		if err != nil {
			return fmt.Errorf("it.Next: %w", err)
		}
		finding := result.Finding
		fmt.Fprintf(w, "Finding Name: %s, ", finding.Name)
		fmt.Fprintf(w, "Resource Name %s, ", finding.ResourceName)
		fmt.Fprintf(w, "Category: %s\n", finding.Category)
	}
	return nil
}

Node.js

// Imports the Google Cloud client library.
const {SecurityCenterClient} = require('@google-cloud/security-center');

// Creates a new client.
const client = new SecurityCenterClient();
//  sourceName is the full resource path of the source to search for
//  findings.
/*
 * TODO(developer): Uncomment the following lines
 */
// const sourceName = `${parent}/sources/${sourceId}`;
// where,
// parent: must be in one of the following formats:
//    `organizations/${organization_id}`
//    `projects/${project_id}`
//    `folders/${folder_id}`

async function listFindingsWithSecurityMarks() {
  const [response] = await client.listFindings({
    // List findings across all sources.
    parent: sourceName,
    filter: 'NOT security_marks.marks.key_a="value_a"',
  });
  let count = 0;
  Array.from(response).forEach(result =>
    console.log(
      `${++count} ${result.finding.name} ${result.finding.resourceName}`
    )
  );
}
listFindingsWithSecurityMarks();

Langkah selanjutnya