Security Command Center API를 사용하면 조직에서 Security Command Center의 애셋 검색을 사용 설정할지 여부를 제어할 수 있습니다. 이 가이드에서는 조직의 현재 구성 설정을 가져오고 API를 사용하여 애셋 검색을 사용 설정하는 방법을 보여줍니다.
애셋 검색은 Security Command Center API의 지원 중단된 애셋 기능을 사용하거나 Google Cloud CLI의 애셋 관련 Security Command Center 명령어를 사용하지 않는 한 필수가 아닙니다. 애셋 검색은 애셋 페이지에 표시된 애셋에 영향을 주지 않습니다.
Security Command Center의 IAM 역할은 조직, 폴더, 프로젝트 수준에서 부여할 수 있습니다. 발견 항목, 애셋, 보안 소스를 보거나 수정하거나 만들거나 업데이트할 수 있는 기능은 액세스 권한이 부여된 수준에 따라 다릅니다. Security Command Center 역할에 대해 자세히 알아보려면 액세스 제어를 참조하세요.
fromgoogle.cloudimportsecuritycenterclient=securitycenter.SecurityCenterClient()# organization_id is numeric ID for the organization. e.g.# organization_id = "111112223333"org_settings_name=client.organization_settings_path(organization_id)org_settings=client.get_organization_settings(request={"name":org_settings_name})print(org_settings)
자바
staticOrganizationSettingsgetOrganizationSettings(OrganizationNameorganizationName){try(SecurityCenterClientclient=SecurityCenterClient.create()){// Start setting up a request to get OrganizationSettings for.// OrganizationName organizationName = OrganizationName.of(/*organizationId=*/"123234324");GetOrganizationSettingsRequest.Builderrequest=GetOrganizationSettingsRequest.newBuilder().setName(organizationName.toString()+"/organizationSettings");// Call the API.OrganizationSettingsresponse=client.getOrganizationSettings(request.build());System.out.println("Organization Settings:");System.out.println(response);returnresponse;}catch(IOExceptione){thrownewRuntimeException("Couldn't create client.",e);}}
Go
import("context""fmt""io"securitycenter"cloud.google.com/go/securitycenter/apiv1""cloud.google.com/go/securitycenter/apiv1/securitycenterpb")// getOrgSettings gets and prints the current organization asset discovery// settings to w. orgID is the numeric Organization ID.funcgetOrgSettings(wio.Writer,orgIDstring)error{// orgID := "12321311"// Instantiate a context and a security service client to make API calls.ctx:=context.Background()client,err:=securitycenter.NewClient(ctx)iferr!=nil{returnfmt.Errorf("securitycenter.NewClient: %w",err)}deferclient.Close()// Closing the client safely cleans up background resources.req:=&securitycenterpb.GetOrganizationSettingsRequest{Name:fmt.Sprintf("organizations/%s/organizationSettings",orgID),}settings,err:=client.GetOrganizationSettings(ctx,req)iferr!=nil{returnfmt.Errorf("GetOrganizationSettings: %w",err)}fmt.Fprintf(w,"Retrieved Settings for: %s\n",settings.Name)fmt.Fprintf(w,"Asset Discovery on? %v",settings.EnableAssetDiscovery)returnnil}
Node.js
// Imports the Google Cloud client library.const{SecurityCenterClient}=require('@google-cloud/security-center');// Creates a new client.constclient=newSecurityCenterClient();asyncfunctiongetOrgSettings(){// organizationId is the numeric ID of the organization./* * TODO(developer): Uncomment the following lines */// const organizaionId = "111122222444";constorgName=client.organizationPath(organizationId);const[settings]=awaitclient.getOrganizationSettings({name:`${orgName}/organizationSettings`,});console.log('Current settings: %j',settings);}getOrgSettings();
애셋 검색 사용 설정
아래 API 호출은 필드 마스크를 사용하므로 애셋 검색 설정만 사용 설정되거나 중지됩니다.
Python
fromgoogle.cloudimportsecuritycenterfromgoogle.protobufimportfield_mask_pb2# Create the clientclient=securitycenter.SecurityCenterClient()# organization_id is numeric ID for the organization. e.g.# organization_id = "111112223333"org_settings_name="organizations/{org_id}/organizationSettings".format(org_id=organization_id)# Only update the enable_asset_discovery_value (leave others untouched).field_mask=field_mask_pb2.FieldMask(paths=["enable_asset_discovery"])# Call the service.updated=client.update_organization_settings(request={"organization_settings":{"name":org_settings_name,"enable_asset_discovery":True,},"update_mask":field_mask,})print(f"Asset Discovery Enabled? {updated.enable_asset_discovery}")
자바
staticOrganizationSettingsupdateOrganizationSettings(OrganizationNameorganizationName){try(SecurityCenterClientclient=SecurityCenterClient.create()){// Start setting up a request to update OrganizationSettings for.// OrganizationName organizationName = OrganizationName.of(/*organizationId=*/"123234324");OrganizationSettingsorganizationSettings=OrganizationSettings.newBuilder().setName(organizationName.toString()+"/organizationSettings").setEnableAssetDiscovery(true).build();FieldMaskupdateMask=FieldMask.newBuilder().addPaths("enable_asset_discovery").build();UpdateOrganizationSettingsRequest.Builderrequest=UpdateOrganizationSettingsRequest.newBuilder().setOrganizationSettings(organizationSettings).setUpdateMask(updateMask);// Call the API.OrganizationSettingsresponse=client.updateOrganizationSettings(request.build());System.out.println("Organization Settings have been updated:");System.out.println(response);returnresponse;}catch(IOExceptione){thrownewRuntimeException("Couldn't create client.",e);}}
Go
import("context""fmt""io"securitycenter"cloud.google.com/go/securitycenter/apiv1""cloud.google.com/go/securitycenter/apiv1/securitycenterpb""google.golang.org/genproto/protobuf/field_mask")// Turns on asset discovery for orgID and prints out updated settings to w.// settings. orgID is the numeric Organization ID.funcenableAssetDiscovery(wio.Writer,orgIDstring)error{// orgID := "12321311"// Instantiate a context and a security service client to make API calls.ctx:=context.Background()client,err:=securitycenter.NewClient(ctx)iferr!=nil{returnfmt.Errorf("securitycenter.NewClient: %w",err)}deferclient.Close()// Closing the client safely cleans up background resources.req:=&securitycenterpb.UpdateOrganizationSettingsRequest{OrganizationSettings:&securitycenterpb.OrganizationSettings{Name:fmt.Sprintf("organizations/%s/organizationSettings",orgID),EnableAssetDiscovery:true,},// Only update the asset discovery setting.UpdateMask:&field_mask.FieldMask{Paths:[]string{"enable_asset_discovery"},},}settings,err:=client.UpdateOrganizationSettings(ctx,req)iferr!=nil{returnfmt.Errorf("UpdateOrganizationSettings: %w",err)}fmt.Fprintf(w,"Updated Settings for: %s\n",settings.Name)fmt.Fprintf(w,"Asset discovery on? %v\n",settings.EnableAssetDiscovery)returnnil}
Node.js
// Imports the Google Cloud client library.const{SecurityCenterClient}=require('@google-cloud/security-center');// Creates a new client.constclient=newSecurityCenterClient();asyncfunctionupdateOrgSettings(){// organizationId is the numeric ID of the organization./* * TODO(developer): Uncomment the following lines */// const organizationId = "111122222444";constorgName=client.organizationPath(organizationId);const[newSettings]=awaitclient.updateOrganizationSettings({organizationSettings:{name:`${orgName}/organizationSettings`,enableAssetDiscovery:true,},// Only update the enableAssetDiscovery field.updateMask:{paths:['enable_asset_discovery']},});console.log('New settings: %j',newSettings);}updateOrgSettings();
