이 가이드에서는 Security Command Center API를 사용하여 발견 항목을 만들고 업데이트하는 방법을 안내합니다.
시작하기 전에
발견 항목을 만들고 업데이트하기 전에 다음 작업을 완료해야 합니다.
이 가이드를 완료하려면 보안 소스에 대한 Identity and Access Management (IAM) 역할 securitycenter.findingsEditor이 있어야 합니다. 자세한 내용은 액세스 제어 및 보안 소스 만들기 및 관리를 참조하세요.
보안 표시를 사용하는 발견 항목을 만들려면 사용할 표시 종류의 권한이 포함된 IAM 역할도 있어야 합니다.
- 애셋 마크: 애셋 보안 표시 작성자,
securitycenter.assetSecurityMarksWriter - 발견 항목: 발견 항목 보안 표시 작성자,
securitycenter.findingSecurityMarksWriter
표시에 대한 자세한 내용은 Security Command Center 보안 표시 사용을 참조하세요.
발견 항목 만들기
소스에 대한 활성 발견 항목을 만듭니다.
gcloud
# ORGANIZATION=12344321
# SOURCE=43211234
# FINDING_ID=testfindingid
# EVENT_TIME follows the format YYYY-MM-DDThh:mm:ss.ffffffZ
EVENT_TIME=2019-02-28T07:00:06.861Z
STATE=ACTIVE
CATEGORY=MEDIUM_RISK_ONE
gcloud scc findings create $FINDING_ID \
--source $SOURCE \
--organization $ORGANIZATION \
--state $STATE \
--category $CATEGORY \
--event-time $EVENT_TIME
더 많은 예시를 보려면 다음을 실행하세요.
gcloud scc findings create --help
Python
from google.cloud import securitycenter
from google.cloud.securitycenter_v1 import CreateFindingRequest, Finding
import datetime
# Create a new client.
client = securitycenter.SecurityCenterClient()
# Use the current time as the finding "event time".
event_time = datetime.datetime.now()
# source_name is the resource path for a source that has been
# created previously (you can use list_sources to find a specific one).
# Its format is:
# source_name = "organizations/{organization_id}/sources/{source_id}"
# e.g.:
# source_name = "organizations/111122222444/sources/1234"
# Controlled by caller.
finding_id = "samplefindingid"
# The resource this finding applies to. The CSCC UI can link
# the findings for a resource to the corresponding Asset of a resource
# if there are matches.
resource_name = "//cloudresourcemanager.googleapis.com/organizations/11232"
finding = Finding(
state=Finding.State.ACTIVE,
resource_name=resource_name,
category="MEDIUM_RISK_ONE",
event_time=event_time,
)
request = CreateFindingRequest(
parent=source_name,
finding_id=finding_id,
finding=finding,
)
# Call The API.
created_finding = client.create_finding(
request=request
)
print(created_finding)자바
static Finding createFinding(SourceName sourceName, String findingId) {
try (SecurityCenterClient client = SecurityCenterClient.create()) {
// SourceName sourceName = SourceName.of(/*organization=*/"123234324",/*source=*/
// "423432321");
// String findingId = "samplefindingid";
// Use the current time as the finding "event time".
Instant eventTime = Instant.now();
// The resource this finding applies to. The CSCC UI can link
// the findings for a resource to the corresponding Asset of a resource
// if there are matches.
String resourceName = "//cloudresourcemanager.googleapis.com/organizations/11232";
// Start setting up a request to create a finding in a source.
Finding finding =
Finding.newBuilder()
.setParent(sourceName.toString())
.setState(State.ACTIVE)
.setResourceName(resourceName)
.setEventTime(
Timestamp.newBuilder()
.setSeconds(eventTime.getEpochSecond())
.setNanos(eventTime.getNano()))
.setCategory("MEDIUM_RISK_ONE")
.build();
// Call the API.
Finding response = client.createFinding(sourceName, findingId, finding);
System.out.println("Created Finding: " + response);
return response;
} catch (IOException e) {
throw new RuntimeException("Couldn't create client.", e);
}
}Go
import (
"context"
"fmt"
"io"
"time"
securitycenter "cloud.google.com/go/securitycenter/apiv1"
"github.com/golang/protobuf/ptypes"
securitycenterpb "google.golang.org/genproto/googleapis/cloud/securitycenter/v1"
)
// createFinding demonstrates how to create a new security finding in CSCC.
// sourceName is the full resource name of the source the finding should
// be associated with.
func createFinding(w io.Writer, sourceName string) error {
// sourceName := "organizations/111122222444/sources/1234"
// Instantiate a context and a security service client to make API calls.
ctx := context.Background()
client, err := securitycenter.NewClient(ctx)
if err != nil {
return fmt.Errorf("securitycenter.NewClient: %v", err)
}
defer client.Close() // Closing the client safely cleans up background resources.
// Use now as the eventTime for the security finding.
eventTime, err := ptypes.TimestampProto(time.Now())
if err != nil {
return fmt.Errorf("TimestampProto: %v", err)
}
req := &securitycenterpb.CreateFindingRequest{
Parent: sourceName,
FindingId: "samplefindingid",
Finding: &securitycenterpb.Finding{
State: securitycenterpb.Finding_ACTIVE,
// Resource the finding is associated with. This is an
// example any resource identifier can be used.
ResourceName: "//cloudresourcemanager.googleapis.com/organizations/11232",
// A free-form category.
Category: "MEDIUM_RISK_ONE",
// The time associated with discovering the issue.
EventTime: eventTime,
},
}
finding, err := client.CreateFinding(ctx, req)
if err != nil {
return fmt.Errorf("CreateFinding: %v", err)
}
fmt.Fprintf(w, "New finding created: %s\n", finding.Name)
fmt.Fprintf(w, "Event time (Epoch Seconds): %d\n", eventTime.Seconds)
return nil
}
Node.js
// Imports the Google Cloud client library.
const {SecurityCenterClient} = require('@google-cloud/security-center');
// Creates a new client.
const client = new SecurityCenterClient();
// sourceName is the full resource name of the source the finding should
// be associated with.
/*
* TODO(developer): Uncomment the following lines
*/
// const sourceName = "organizations/111122222444/sources/1234";
// Use now as the eventTime for the security finding.
const eventTime = new Date();
async function createFinding() {
const [newFinding] = await client.createFinding({
parent: sourceName,
findingId: 'samplefindingid',
finding: {
state: 'ACTIVE',
// Resource the finding is associated with. This is an
// example any resource identifier can be used.
resourceName:
'//cloudresourcemanager.googleapis.com/organizations/11232',
// A free-form category.
category: 'MEDIUM_RISK_ONE',
// The time associated with discovering the issue.
eventTime: {
seconds: Math.floor(eventTime.getTime() / 1000),
nanos: (eventTime.getTime() % 1000) * 1e6,
},
},
});
console.log('New finding created: %j', newFinding);
}
createFinding();발견 항목 데이터가 Security Command Center에 저장되는 기간에 대한 자세한 내용은 발견 항목 보관을 참조하세요.
소스 속성으로 발견 항목 만들기
Security Command Center에서는 소스가 '소스 속성'이라는 키-값 메타데이터를 통해 발견 항목에 컨텍스트를 추가할 수 있도록 합니다. 소스 속성은 생성 시 초기화할 수 있습니다. 아래 예시에서는 소스 속성을 사용하여 발견 항목을 만드는 방법을 보여줍니다.
소스 속성으로 발견 항목을 만듭니다. source_properties 맵에서 키 이름의 길이는 1~255자여야 하며 문자로 시작하고 영숫자 문자 또는 밑줄만 포함해야 합니다.
Security Command Center는 부울, 숫자, 문자열 값만 지원합니다.
gcloud
# ORGANIZATION=12344321
# SOURCE=43211234
# FINDING_ID=testfindingid
# EVENT_TIME follows the format YYYY-MM-DDThh:mm:ss.ffffffZ
EVENT_TIME=2019-02-28T07:00:06.861Z
STATE=ACTIVE
CATEGORY=MEDIUM_RISK_ONE
SOURCE_PROPERTY_KEY=gcloud_client_test
SOURCE_PROPERTY_VALUE=value
gcloud scc findings create $FINDING_ID \
--source $SOURCE \
--organization $ORGANIZATION \
--state $STATE \
--category $CATEGORY \
--event-time $EVENT_TIME \
--source-properties $SOURCE_PROPERTY_KEY=$SOURCE_PROPERTY_VALUE
- 쉼표로 구분된 키-값 쌍 목록을 사용하여 소스 속성을 더 추가할 수 있습니다.
더 많은 예시를 보려면 다음을 실행하세요.
gcloud scc findings create --help
Python
import datetime
from google.cloud import securitycenter
from google.cloud.securitycenter_v1 import Finding
from google.protobuf.struct_pb2 import Value
# Create a new client.
client = securitycenter.SecurityCenterClient()
# source_name is the resource path for a source that has been
# created previously (you can use list_sources to find a specific one).
# Its format is:
# source_name = "organizations/{organization_id}/sources/{source_id}"
# e.g.:
# source_name = "organizations/111122222444/sources/1234"
# Controlled by caller.
finding_id = "samplefindingid2"
# The resource this finding applies to. The CSCC UI can link
# the findings for a resource to the corresponding Asset of a resource
# if there are matches.
resource_name = "//cloudresourcemanager.googleapis.com/organizations/11232"
# Define source properties values as protobuf "Value" objects.
str_value = Value()
str_value.string_value = "string_example"
num_value = Value()
num_value.number_value = 1234
# Use the current time as the finding "event time".
event_time = datetime.datetime.now()
finding = Finding(
state=Finding.State.ACTIVE,
resource_name=resource_name,
category="MEDIUM_RISK_ONE",
source_properties={"s_value": "string_example", "n_value": 1234},
event_time=event_time,
)
created_finding = client.create_finding(
request={
"parent": source_name,
"finding_id": finding_id,
"finding": finding
}
)
print(created_finding)자바
static Finding createFindingWithSourceProperties(SourceName sourceName) {
try (SecurityCenterClient client = SecurityCenterClient.create()) {
// SourceName sourceName = SourceName.of(/*organization=*/"123234324",/*source=*/
// "423432321");
// Use the current time as the finding "event time".
Instant eventTime = Instant.now();
// Controlled by caller.
String findingId = "samplefindingid2";
// The resource this finding applies to. The CSCC UI can link
// the findings for a resource to the corresponding Asset of a resource
// if there are matches.
String resourceName = "//cloudresourcemanager.googleapis.com/organizations/11232";
// Define source properties values as protobuf "Value" objects.
Value stringValue = Value.newBuilder().setStringValue("stringExample").build();
Value numValue = Value.newBuilder().setNumberValue(1234).build();
ImmutableMap<String, Value> sourceProperties =
ImmutableMap.of("stringKey", stringValue, "numKey", numValue);
// Start setting up a request to create a finding in a source.
Finding finding =
Finding.newBuilder()
.setParent(sourceName.toString())
.setState(State.ACTIVE)
.setResourceName(resourceName)
.setEventTime(
Timestamp.newBuilder()
.setSeconds(eventTime.getEpochSecond())
.setNanos(eventTime.getNano()))
.putAllSourceProperties(sourceProperties)
.build();
// Call the API.
Finding response = client.createFinding(sourceName, findingId, finding);
System.out.println("Created Finding with Source Properties: " + response);
return response;
} catch (IOException e) {
throw new RuntimeException("Couldn't create client.", e);
}
}Go
import (
"context"
"fmt"
"io"
"time"
securitycenter "cloud.google.com/go/securitycenter/apiv1"
"github.com/golang/protobuf/ptypes"
structpb "github.com/golang/protobuf/ptypes/struct"
securitycenterpb "google.golang.org/genproto/googleapis/cloud/securitycenter/v1"
)
// createFindingWithProperties demonstrates how to create a new security
// finding in CSCC that includes additional metadata via sourceProperties.
// sourceName is the full resource name of the source the finding should be
// associated with.
func createFindingWithProperties(w io.Writer, sourceName string) error {
// sourceName := "organizations/111122222444/sources/1234"
// Instantiate a context and a security service client to make API calls.
ctx := context.Background()
client, err := securitycenter.NewClient(ctx)
if err != nil {
return fmt.Errorf("securitycenter.NewClient: %v", err)
}
defer client.Close() // Closing the client safely cleans up background resources.
// Use now as the eventTime for the security finding.
eventTime, err := ptypes.TimestampProto(time.Now())
if err != nil {
return fmt.Errorf("TimestampProto: %v", err)
}
req := &securitycenterpb.CreateFindingRequest{
Parent: sourceName,
FindingId: "samplefindingprops",
Finding: &securitycenterpb.Finding{
State: securitycenterpb.Finding_ACTIVE,
// Resource the finding is associated with. This is an
// example any resource identifier can be used.
ResourceName: "//cloudresourcemanager.googleapis.com/organizations/11232",
// A free-form category.Error converting now
Category: "MEDIUM_RISK_ONE",
// The time associated with discovering the issue.
EventTime: eventTime,
// Define key-value pair metadata to include with the finding.
SourceProperties: map[string]*structpb.Value{
"s_value": {
Kind: &structpb.Value_StringValue{StringValue: "string_example"},
},
"n_value": {
Kind: &structpb.Value_NumberValue{NumberValue: 1234},
},
},
},
}
finding, err := client.CreateFinding(ctx, req)
if err != nil {
return fmt.Errorf("CreateFinding: %v", err)
}
fmt.Fprintf(w, "New finding created: %s\n", finding.Name)
fmt.Fprintf(w, "Event time (Epoch Seconds): %d\n", eventTime.Seconds)
fmt.Fprintf(w, "Source Properties:\n")
for k, v := range finding.SourceProperties {
fmt.Fprintf(w, "%s = %v\n", k, v)
}
return nil
}
Node.js
// Imports the Google Cloud client library.
const {SecurityCenterClient} = require('@google-cloud/security-center');
// Creates a new client.
const client = new SecurityCenterClient();
// sourceName is the full resource name of the source the finding should
// be associated with.
/*
* TODO(developer): Uncomment the following lines
*/
// const sourceName = "organizations/111122222444/sources/1234";
// Use now as the eventTime for the security finding.
const eventTime = new Date();
async function createFinding() {
const [newFinding] = await client.createFinding({
parent: sourceName,
findingId: 'findingwithprops',
finding: {
state: 'ACTIVE',
// Resource the finding is associated with. This is an
// example any resource identifier can be used.
resourceName:
'//cloudresourcemanager.googleapis.com/organizations/11232',
// A free-form category.
category: 'MEDIUM_RISK_ONE',
// The time associated with discovering the issue.
eventTime: {
seconds: Math.floor(eventTime.getTime() / 1000),
nanos: (eventTime.getTime() % 1000) * 1e6,
},
sourceProperties: {
s_value: {stringValue: 'string_example'},
n_value: {numberValue: 1234},
},
},
});
console.log('New finding created: %j', newFinding);
}
createFinding();발견 항목의 소스 속성 업데이트
이 예시에서는 개별 소스 속성 및 이벤트 시간을 업데이트하는 방법을 보여줍니다. 필드 마스크를 사용하여 특정 필드만 업데이트합니다. 필드 마스크가 없으면 발견 항목의 모든 변경 가능한 필드를 새 값으로 대체합니다.
새 발견 항목을 만들 때와 마찬가지로 source_properties 맵에서 키 이름은 1~255자여야 하며 문자로 시작하고 영숫자 문자 또는 밑줄만 포함해야 합니다. Security Command Center는 부울, 숫자, 문자열 값만 지원합니다.
gcloud
# ORGANIZATION=12344321
# SOURCE=43211234
# FINDING_ID=testfindingid
# EVENT_TIME follows the format YYYY-MM-DDThh:mm:ss.ffffffZ
EVENT_TIME=2019-02-28T08:00:06.861Z
SOURCE_PROPERTY_KEY=gcloud_client_test
SOURCE_PROPERTY_VALUE=VALUE
UPDATE_MASK=source_properties,event_time
gcloud scc findings update $FINDING_ID \
--source $SOURCE \
--organization $ORGANIZATION \
--event-time $EVENT_TIME \
--source-properties $SOURCE_PROPERTY_KEY=$SOURCE_PROPERTY_VALUE \
--update-mask=$UPDATE_MASK
- --update-mask ''(비어 있음)를 사용하여 모든 변경 가능한 필드를 재정의합니다.
- 쉼표로 구분된 키-값 쌍 목록을 사용하여 소스 속성을 더 추가할 수 있습니다.
더 많은 예시를 보려면 다음을 실행하세요.
gcloud scc findings update --help
Python
import datetime
from google.cloud import securitycenter
from google.cloud.securitycenter_v1 import Finding
from google.protobuf import field_mask_pb2
client = securitycenter.SecurityCenterClient()
# Only update the specific source property and event_time. event_time
# is required for updates.
field_mask = field_mask_pb2.FieldMask(
paths=["source_properties.s_value", "event_time"]
)
# Set the update time to Now. This must be some time greater then the
# event_time on the original finding.
event_time = datetime.datetime.now()
# source_name is the resource path for a source that has been
# created previously (you can use list_sources to find a specific one).
# Its format is:
# source_name = "organizations/{organization_id}/sources/{source_id}"
# e.g.:
# source_name = "organizations/111122222444/sources/1234"
finding_name = "{}/findings/samplefindingid2".format(source_name)
finding = Finding(
name=finding_name,
source_properties={"s_value": "new_string"},
event_time=event_time,
)
updated_finding = client.update_finding(
request={
"finding": finding,
"update_mask": field_mask,
}
)
print(
"New Source properties: {}, Event Time {}".format(
updated_finding.source_properties, updated_finding.event_time
)
)자바
static Finding updateFinding(FindingName findingName) {
try (SecurityCenterClient client = SecurityCenterClient.create()) {
// FindingName findingName = FindingName.of(/*organization=*/"123234324",
// /*source=*/"423432321", /*findingId=*/"samplefindingid2");
// Use the current time as the finding "event time".
Instant eventTime = Instant.now();
// Define source properties values as protobuf "Value" objects.
Value stringValue = Value.newBuilder().setStringValue("value").build();
FieldMask updateMask =
FieldMask.newBuilder()
.addPaths("event_time")
.addPaths("source_properties.stringKey")
.build();
Finding finding =
Finding.newBuilder()
.setName(findingName.toString())
.setEventTime(
Timestamp.newBuilder()
.setSeconds(eventTime.getEpochSecond())
.setNanos(eventTime.getNano()))
.putSourceProperties("stringKey", stringValue)
.build();
UpdateFindingRequest.Builder request =
UpdateFindingRequest.newBuilder().setFinding(finding).setUpdateMask(updateMask);
// Call the API.
Finding response = client.updateFinding(request.build());
System.out.println("Updated Finding: " + response);
return response;
} catch (IOException e) {
throw new RuntimeException("Couldn't create client.", e);
}
}Go
import (
"context"
"fmt"
"io"
"time"
securitycenter "cloud.google.com/go/securitycenter/apiv1"
"github.com/golang/protobuf/ptypes"
structpb "github.com/golang/protobuf/ptypes/struct"
securitycenterpb "google.golang.org/genproto/googleapis/cloud/securitycenter/v1"
"google.golang.org/genproto/protobuf/field_mask"
)
// updateFindingSourceProperties demonstrates how to update a security finding
// in CSCC. findingName is the full resource name of the finding to update.
func updateFindingSourceProperties(w io.Writer, findingName string) error {
// findingName := "organizations/111122222444/sources/1234/findings/findingid"
// Instantiate a context and a security service client to make API calls.
ctx := context.Background()
client, err := securitycenter.NewClient(ctx)
if err != nil {
return fmt.Errorf("securitycenter.NewClient: %v", err)
}
defer client.Close() // Closing the client safely cleans up background resources.
// Use now as the eventTime for the security finding.
eventTime, err := ptypes.TimestampProto(time.Now())
if err != nil {
return fmt.Errorf("TimestampProto: %v", err)
}
req := &securitycenterpb.UpdateFindingRequest{
Finding: &securitycenterpb.Finding{
Name: findingName,
EventTime: eventTime,
SourceProperties: map[string]*structpb.Value{
"s_value": {
Kind: &structpb.Value_StringValue{StringValue: "new_string_example"},
},
},
},
// Needed to only update the specific source property s_value
// and EventTime. EventTime is a required field.
UpdateMask: &field_mask.FieldMask{
Paths: []string{"event_time", "source_properties.s_value"},
},
}
finding, err := client.UpdateFinding(ctx, req)
if err != nil {
return fmt.Errorf("UpdateFinding: %v", err)
}
fmt.Fprintf(w, "Finding updated: %s\n", finding.Name)
fmt.Fprintf(w, "Finding state: %v\n", finding.State)
fmt.Fprintf(w, "Event time (Epoch Seconds): %d\n", eventTime.Seconds)
fmt.Fprintf(w, "Source Properties:\n")
for k, v := range finding.SourceProperties {
fmt.Fprintf(w, "%s = %v\n", k, v)
}
return nil
}
Node.js
// Imports the Google Cloud client library.
const {SecurityCenterClient} = require('@google-cloud/security-center');
// Creates a new client.
const client = new SecurityCenterClient();
// findingName is the full resource name of the finding to update.
/*
* TODO(developer): Uncomment the following lines
*/
// const findingName =
// "organizations/111122222444/sources/1234/findings/findingid";
// Use now as the eventTime for the security finding.
const eventTime = new Date();
console.log(findingName);
async function updateFinding() {
const [newFinding] = await client.updateFinding({
updateMask: {paths: ['event_time', 'source_properties.s_value']},
finding: {
name: findingName,
// The time associated with discovering the issue.
eventTime: {
seconds: Math.floor(eventTime.getTime() / 1000),
nanos: (eventTime.getTime() % 1000) * 1e6,
},
sourceProperties: {
s_value: {stringValue: 'new_string_example'},
},
},
});
console.log('Updated Finding: %j', newFinding);
}
updateFinding();발견 항목의 상태 업데이트
또한 Security Command Center는 발견 항목의 상태만 업데이트하는 API를 제공합니다. 이 API는 발견 항목의 상태만 업데이트하는 수단을 제공하기 위해 존재합니다. 이 API는 권한 있는 주 구성원이 발견 항목의 다른 부분이 아닌 상태만 수정할 수 있도록 하는 간단한 API입니다. 아래 예시에서는 발견 항목의 상태를 비활성으로 변경하는 방법을 보여줍니다.
gcloud
# ORGANIZATION=12344321
# SOURCE=43211234
# FINDING_ID=testfindingid
# EVENT_TIME follows the format YYYY-MM-DDThh:mm:ss.ffffffZ
EVENT_TIME=2019-02-28T09:00:06.861Z
STATE=INACTIVE
gcloud scc findings update $FINDING_ID \
--source $SOURCE \
--organization $ORGANIZATION \
--state $STATE \
--event-time $EVENT_TIME
더 많은 예시를 보려면 다음을 실행하세요.
gcloud scc findings update --help
Python
import datetime
from google.cloud import securitycenter
from google.cloud.securitycenter_v1 import Finding
# Create a client.
client = securitycenter.SecurityCenterClient()
# source_name is the resource path for a source that has been
# created previously (you can use list_sources to find a specific one).
# Its format is:
# source_name = "organizations/{organization_id}/sources/{source_id}"
# e.g.:
# source_name = "organizations/111122222444/sources/1234"
finding_name = "{}/findings/samplefindingid2".format(source_name)
# Call the API to change the finding state to inactive as of now.
new_finding = client.set_finding_state(
request={
"name": finding_name,
"state": Finding.State.INACTIVE,
"start_time": datetime.datetime.now(),
}
)
print(f"New state: {new_finding.state}")자바
static Finding setFindingState(FindingName findingName) {
try (SecurityCenterClient client = SecurityCenterClient.create()) {
// FindingName findingName = FindingName.of(/*organization=*/"123234324",
// /*source=*/"423432321", /*findingId=*/"samplefindingid2");
// Use the current time as the finding "event time".
Instant eventTime = Instant.now();
Finding response =
client.setFindingState(
findingName,
State.INACTIVE,
Timestamp.newBuilder()
.setSeconds(eventTime.getEpochSecond())
.setNanos(eventTime.getNano())
.build());
System.out.println("Updated Finding: " + response);
return response;
} catch (IOException e) {
throw new RuntimeException("Couldn't create client.", e);
}
}Go
import (
"context"
"fmt"
"io"
"time"
securitycenter "cloud.google.com/go/securitycenter/apiv1"
"github.com/golang/protobuf/ptypes"
securitycenterpb "google.golang.org/genproto/googleapis/cloud/securitycenter/v1"
)
// updateFindingState demonstrates how to update a security finding's state
// in CSCC. findingName is the full resource name of the finding to update.
func setFindingState(w io.Writer, findingName string) error {
// findingName := "organizations/111122222444/sources/1234"
// Instantiate a context and a security service client to make API calls.
ctx := context.Background()
client, err := securitycenter.NewClient(ctx)
if err != nil {
return fmt.Errorf("securitycenter.NewClient: %v", err)
}
defer client.Close() // Closing the client safely cleans up background resources.
// Use now as the eventTime for the security finding.
now, err := ptypes.TimestampProto(time.Now())
if err != nil {
return fmt.Errorf("TimestampProto: %v", err)
}
req := &securitycenterpb.SetFindingStateRequest{
Name: findingName,
State: securitycenterpb.Finding_INACTIVE,
// New state is effective immediately.
StartTime: now,
}
finding, err := client.SetFindingState(ctx, req)
if err != nil {
return fmt.Errorf("SetFindingState: %v", err)
}
fmt.Fprintf(w, "Finding updated: %s\n", finding.Name)
fmt.Fprintf(w, "Finding state: %v\n", finding.State)
fmt.Fprintf(w, "Event time (Epoch Seconds): %d\n", finding.EventTime.Seconds)
return nil
}
Node.js
// Imports the Google Cloud client library.
const {SecurityCenterClient} = require('@google-cloud/security-center');
// Creates a new client.
const client = new SecurityCenterClient();
// findingName is the full resource name of the source the finding should
// be associated with.
/*
* TODO(developer): Uncomment the following lines
*/
// const findingName =
// "organizations/111122222444/sources/1234/findings/findingid";
async function setFindingState() {
const eventTime = new Date();
const [updatedFinding] = await client.setFindingState({
name: findingName,
state: 'INACTIVE',
// use now as the time when the new state takes effect.
startTime: {
seconds: Math.floor(eventTime.getTime() / 1000),
nanos: (eventTime.getTime() % 1000) * 1e6,
},
});
console.log('Updated Finding: %j', updatedFinding);
}
setFindingState();발견 항목 권한 확인
발견 항목을 만들고 업데이트하려면 다음 IAM 권한 중 하나가 필요합니다.
- 발견 항목 만들기 및 업데이트:
securitycenter.findings.update - 발견 항목만 업데이트:
securitycenter.findings.setState
소스에 대한 발견 항목을 만들 수 없는 경우 다음 코드를 사용하여 계정에 시작하기 전에 섹션에 나열된 필수 권한이 있는지 확인합니다. 필요한 권한이 없는 경우 보안 소스 만들기 및 관리를 참조하여 적절한 IAM 정책을 설정합니다.
Python
from google.cloud import securitycenter
# Create a client.
client = securitycenter.SecurityCenterClient()
# source_name is the resource path for a source that has been
# created previously (you can use list_sources to find a specific one).
# Its format is:
# source_name = "organizations/{organization_id}/sources/{source_id}"
# e.g.:
# source_name = "organizations/111122222444/sources/1234"
# Check for permssions to call create_finding or update_finding.
permission_response = client.test_iam_permissions(
request={
"resource": source_name,
"permissions": ["securitycenter.findings.update"],
}
)
print(
"Permision to create or update findings? {}".format(
len(permission_response.permissions) > 0
)
)
# Check for permissions necessary to call set_finding_state.
permission_response = client.test_iam_permissions(
request={
"resource": source_name,
"permissions": ["securitycenter.findings.setState"],
}
)
print(
"Permision to update state? {}".format(len(permission_response.permissions) > 0)
)자바
static TestIamPermissionsResponse testIamPermissions(SourceName sourceName) {
try (SecurityCenterClient client = SecurityCenterClient.create()) {
// SourceName sourceName = SourceName.of(/*organizationId=*/"123234324",
// /*sourceId=*/"423432321");
// Iam permission to test.
List<String> permissionsToTest = new ArrayList<>();
permissionsToTest.add("securitycenter.findings.update");
// Call the API.
TestIamPermissionsResponse response =
client.testIamPermissions(sourceName.toString(), permissionsToTest);
System.out.println("IAM Permission:");
System.out.println(response);
return response;
} catch (IOException e) {
throw new RuntimeException("Couldn't create client.", e);
}
}Go
import (
"context"
"fmt"
"io"
securitycenter "cloud.google.com/go/securitycenter/apiv1"
iam "google.golang.org/genproto/googleapis/iam/v1"
)
// testIam demonstrates how to determine if your service user has appropriate
// access to create and update findings, it writes permissions to w.
// sourceName is the full resource name of the source to test for permissions.
func testIam(w io.Writer, sourceName string) error {
// sourceName := "organizations/111122222444/sources/1234"
// Instantiate a context and a security service client to make API calls.
ctx := context.Background()
client, err := securitycenter.NewClient(ctx)
if err != nil {
return fmt.Errorf("securitycenter.NewClient: %v", err)
}
defer client.Close() // Closing the client safely cleans up background resources.
// Check for create/update Permissions.
req := &iam.TestIamPermissionsRequest{
Resource: sourceName,
Permissions: []string{"securitycenter.findings.update"},
}
policy, err := client.TestIamPermissions(ctx, req)
if err != nil {
return fmt.Errorf("Error getting IAM policy: %v", err)
}
fmt.Fprintf(w, "Permision to create/update findings? %t",
len(policy.Permissions) > 0)
// Check for updating state Permissions
req = &iam.TestIamPermissionsRequest{
Resource: sourceName,
Permissions: []string{"securitycenter.findings.setState"},
}
policy, err = client.TestIamPermissions(ctx, req)
if err != nil {
return fmt.Errorf("Error getting IAM policy: %v", err)
}
fmt.Fprintf(w, "Permision to update state? %t",
len(policy.Permissions) > 0)
return nil
}
Node.js
// Imports the Google Cloud client library.
const {SecurityCenterClient} = require('@google-cloud/security-center');
// Creates a new client.
const client = new SecurityCenterClient();
// sourceName is the full resource name of the source to test for permissions.
/*
* TODO(developer): Uncomment the following lines
*/
// const sourceName = "organizations/111122222444/sources/1234";
async function testIam() {
{
const [policy] = await client.testIamPermissions({
resource: sourceName,
permissions: ['securitycenter.findings.update'],
});
console.log(
`Permissions to create/update findings? ${
policy.permissions.length > 0
}`
);
}
{
const [policy] = await client.testIamPermissions({
resource: sourceName,
permissions: ['securitycenter.findings.setState'],
});
console.log(
`Permissions to update state? ${policy.permissions.length > 0}`
);
}
}
testIam();