>

Configuring asset discovery using the Security Command Center API

The Security Command Center (Security Command Center) API enables you to control whether asset discovery is turned on or off for an organization. This guide shows you how to get an organization's current configuration settings and use the API to turn on asset discovery.

Before you begin

Before you configure asset discovery, you'll need to complete the following:

Getting organization settings configuration

Python

from google.cloud import securitycenter

client = securitycenter.SecurityCenterClient()
# organization_id is numeric ID for the organization. e.g.
# organization_id = "111112223333"
org_settings_name = "organizations/{org_id}/organizationSettings".format(
    org_id=organization_id
)

org_settings = client.get_organization_settings(org_settings_name)
print(org_settings)

Java

static OrganizationSettings getOrganizationSettings(OrganizationName organizationName) {
  try (SecurityCenterClient client = SecurityCenterClient.create()) {
    // Start setting up a request to get OrganizationSettings for.
    // OrganizationName organizationName = OrganizationName.of(/*organizationId=*/"123234324");
    GetOrganizationSettingsRequest.Builder request =
        GetOrganizationSettingsRequest.newBuilder()
            .setName(organizationName.toString() + "/organizationSettings");

    // Call the API.
    OrganizationSettings response = client.getOrganizationSettings(request.build());

    System.out.println("Organization Settings:");
    System.out.println(response);
    return response;
  } catch (IOException e) {
    throw new RuntimeException("Couldn't create client.", e);
  }
}

Go

import (
	"context"
	"fmt"
	"io"

	securitycenter "cloud.google.com/go/securitycenter/apiv1"
	securitycenterpb "google.golang.org/genproto/googleapis/cloud/securitycenter/v1"
)

// getOrgSettings gets and prints the current organization asset discovery
// settings to w. orgID is the numeric Organization ID.
func getOrgSettings(w io.Writer, orgID string) error {
	// orgID := "12321311"
	// Instantiate a context and a security service client to make API calls.
	ctx := context.Background()
	client, err := securitycenter.NewClient(ctx)
	if err != nil {
		return fmt.Errorf("securitycenter.NewClient: %v", err)
	}
	defer client.Close() // Closing the client safely cleans up background resources.

	req := &securitycenterpb.GetOrganizationSettingsRequest{
		Name: fmt.Sprintf("organizations/%s/organizationSettings", orgID),
	}
	settings, err := client.GetOrganizationSettings(ctx, req)
	if err != nil {
		return fmt.Errorf("GetOrganizationSettings: %v", err)
	}
	fmt.Fprintf(w, "Retrieved Settings for: %s\n", settings.Name)
	fmt.Fprintf(w, "Asset Discovery on? %v", settings.EnableAssetDiscovery)
	return nil
}

Node.js

// Imports the Google Cloud client library.
const {SecurityCenterClient} = require('@google-cloud/security-center');

// Creates a new client.
const client = new SecurityCenterClient();

async function getOrgSettings() {
  //  organizationId is the numeric ID of the organization.
  /*
   * TODO(developer): Uncomment the following lines
   */
  // const organizaionId = "111122222444";
  const orgName = client.organizationPath(organizationId);
  const [settings] = await client.getOrganizationSettings({
    name: `${orgName}/organizationSettings`,
  });

  console.log('Current settings: %j', settings);
}
getOrgSettings();

Turning on asset discovery

The API call below uses a field mask so only the setting for asset discovery is turned on or off.

Python

from google.cloud import securitycenter
from google.protobuf import field_mask_pb2

# Create the client
client = securitycenter.SecurityCenterClient()
# organization_id is numeric ID for the organization. e.g.
# organization_id = "111112223333"
org_settings_name = "organizations/{org_id}/organizationSettings".format(
    org_id=organization_id
)
# Only update the enable_asset_discovery_value (leave others untouched).
field_mask = field_mask_pb2.FieldMask(paths=["enable_asset_discovery"])
# Call the service.
updated = client.update_organization_settings(
    {"name": org_settings_name, "enable_asset_discovery": True},
    update_mask=field_mask,
)
print("Asset Discovery Enabled? {}".format(updated.enable_asset_discovery))

Java

static OrganizationSettings updateOrganizationSettings(OrganizationName organizationName) {
  try (SecurityCenterClient client = SecurityCenterClient.create()) {
    // Start setting up a request to update OrganizationSettings for.
    // OrganizationName organizationName = OrganizationName.of(/*organizationId=*/"123234324");
    OrganizationSettings organizationSettings =
        OrganizationSettings.newBuilder()
            .setName(organizationName.toString() + "/organizationSettings")
            .setEnableAssetDiscovery(true)
            .build();
    FieldMask updateMask = FieldMask.newBuilder().addPaths("enable_asset_discovery").build();

    UpdateOrganizationSettingsRequest.Builder request =
        UpdateOrganizationSettingsRequest.newBuilder()
            .setOrganizationSettings(organizationSettings)
            .setUpdateMask(updateMask);

    // Call the API.
    OrganizationSettings response = client.updateOrganizationSettings(request.build());

    System.out.println("Organization Settings have been updated:");
    System.out.println(response);
    return response;
  } catch (IOException e) {
    throw new RuntimeException("Couldn't create client.", e);
  }
}

Go

import (
	"context"
	"fmt"
	"io"

	securitycenter "cloud.google.com/go/securitycenter/apiv1"
	securitycenterpb "google.golang.org/genproto/googleapis/cloud/securitycenter/v1"
	"google.golang.org/genproto/protobuf/field_mask"
)

// Turns on asset discovery for orgID and prints out updated settings to w.
// settings. orgID is the numeric Organization ID.
func enableAssetDiscovery(w io.Writer, orgID string) error {
	// orgID := "12321311"
	// Instantiate a context and a security service client to make API calls.
	ctx := context.Background()
	client, err := securitycenter.NewClient(ctx)
	if err != nil {
		return fmt.Errorf("securitycenter.NewClient: %v", err)
	}
	defer client.Close() // Closing the client safely cleans up background resources.

	req := &securitycenterpb.UpdateOrganizationSettingsRequest{
		OrganizationSettings: &securitycenterpb.OrganizationSettings{
			Name:                 fmt.Sprintf("organizations/%s/organizationSettings", orgID),
			EnableAssetDiscovery: true,
		},
		// Only update the asset discovery setting.
		UpdateMask: &field_mask.FieldMask{
			Paths: []string{"enable_asset_discovery"},
		},
	}
	settings, err := client.UpdateOrganizationSettings(ctx, req)
	if err != nil {
		return fmt.Errorf("UpdateOrganizationSettings: %v", err)
	}
	fmt.Fprintf(w, "Updated Settings for: %s\n", settings.Name)
	fmt.Fprintf(w, "Asset discovery on? %v\n", settings.EnableAssetDiscovery)
	return nil
}

Node.js

// Imports the Google Cloud client library.
const {SecurityCenterClient} = require('@google-cloud/security-center');

// Creates a new client.
const client = new SecurityCenterClient();

async function updateOrgSettings() {
  //  organizationId is the numeric ID of the organization.
  /*
   * TODO(developer): Uncomment the following lines
   */
  // const organizationId = "111122222444";
  const orgName = client.organizationPath(organizationId);
  const [newSettings] = await client.updateOrganizationSettings({
    organizationSettings: {
      name: `${orgName}/organizationSettings`,
      enableAssetDiscovery: true,
    },
    // Only update the enableAssetDiscovery field.
    updateMask: {paths: ['enable_asset_discovery']},
  });

  console.log('New settings: %j', newSettings);
}
updateOrgSettings();
Was this page helpful? Let us know how we did:

Send feedback about...

Cloud Security Command Center
Need help? Visit our support page.