This guide walks you through using the Security Command Center API to create a source to generate findings. When you add a source, Security Command Center creates appropriate sources and assigns them the relevant permissions.
The IAM roles for Security Command Center can be granted at the organization, folder, or project level. Your ability to view, edit, create, or update findings, assets, and security sources depends on the level for which you are granted access. To learn more about Security Command Center roles, see Access control.
Before you begin
Before you set up a source, you need to authenticate with the Security Command Center API.
Creating a source
This example shows how to create a source with a specific display name and description that is used in Security Command Center.
The server automatically assigns an ID to the source.
REST
In the API, make a request to the organizations.sources.create
method. The request body contains an instance of Source
.
POST https://securitycenter.googleapis.com/v2/organizations/ORGANIZATION_ID/sources { "name": "SOURCE_NAME", "description": "SOURCE_DESCRIPTION", "displayName": "DISPLAY_NAME" }
Replace the following:
ORGANIZATION_ID
: your organization ID.SOURCE_NAME
: the name of the source.SOURCE_DESCRIPTION
: a description of the source (max: 1,024 characters).DISPLAY_NAME
: the display name of the source (between one and 64 characters).
Go
Java
Node.js
Python
The source is not visible in the Security Command Center console until it generates findings. You can verify it was created by following the instructions in Get a specific source.
Updating a source
You can update a source's display name and description after it's created. You can also use a field mask to update only one field. The example below uses a field mask to only update the display name, leaving the description unchanged.
REST
In the API, make a request to the organizations.sources.patch
method.
The request body contains an instance of Source
.
PATCH https://securitycenter.googleapis.com/v2/organizations/ORGANIZATION_ID/sources/SOURCE_ID?updateMask=displayName -d { "description": "SOURCE_DESCRIPTION", "displayName": "DISPLAY_NAME", }
Replace the following:
ORGANIZATION_ID
: your organization ID.SOURCE_ID
: the source ID; to learn how to find a source ID, see Getting the source ID.SOURCE_DESCRIPTION
: a description of the source (max: 1024 characters).DISPLAY_NAME
: the display name of the source (between one and 64 characters).
Go
Java
Node.js
Get a specific source
Verify that a source is created or updated appropriately by querying Security Command Center with the source's absolute resource name:
gcloud
gcloud scc sources describe ORGANIZATION_ID --source=SOURCE_ID
Replace the following:
ORGANIZATION_ID
: your organization ID.SOURCE_ID
: the source ID.
REST
In the API, make a request to the organizations.sources.get
method:
GET https://securitycenter.googleapis.com/v2/organizations/ORGANIZATION_ID/sources/SOURCE_ID
Replace the following:
ORGANIZATION_ID
: your organization ID.SOURCE_ID
: the source ID.
Go
Java
Node.js
Python
Listing Sources
Security Command Center enables you to list a specific source, and to list all sources currently available in an organization:
REST
In the API, make a request to the organizations.sources.list
method:
GET https://securitycenter.googleapis.com/v2/organizations/ORGANIZATION_ID/sources
Replace the following:
ORGANIZATION_ID
: your organization ID.
Go
Java
Node.js
What's next
Learn more about Accessing Security Command Center using an SDK.