Accessing Cloud SCC programmatically

This section walks you through accessing Cloud Security Command Center (Cloud SCC) programmatically using Cloud Shell to get the client library and authenticate a service account. This guide uses the Python library, and includes example calls for Python and Java.

Before you begin

To complete this guide, you'll need the following:

A Cloud Identity and Access Management (Cloud IAM) role that includes an appropriate editor role, like Security Center Admin Editor. For more information about Cloud SCC Cloud IAM roles, see Access control.
To complete this guide, you'll need an existing directory path in which a service account private key can be stored. This path is in the context of your Cloud Shell environment, such as /home/myuser/mykeys/.

Accessing Cloud SCC

To access Cloud SCC programmatically, you'll use Cloud Shell to get the client library and authenticate a service account.

Setting up environment variables

Go to the Google Cloud Platform Console.
Go to the Google Cloud Platform Console
Click Activate Cloud Shell.
Run the following commands to set environment variables:
1. Set your organization name:
```
ORG_ID=YOUR_ORGANIZATION_ID
```
2. Set the project ID for which Cloud SCC is enabled:
```
PROJECT_ID=Cloud SCC-ENABLED_PROJECT_ID
```
3. Set the custom ID you want to use for a new service account, such as SCC-SA:
```
SERVICE_ACCOUNT=CUSTOM_ID
```
4. Set the path in which the service account key should be stored, such as /home/myuser/mykeys/SERVICE_ACCOUNT.json:
```
KEY_LOCATION=FULL_PATH
```

Installing the Python library

[Optional] Before you install the Python library, we recommend using Virtualenv to create an isolated Python environment.
```
virtualenv onboarding_example
source onboarding_example/bin/activate
      
```
Install pip to manage the Python library installation.
Run the following commands to install the Python library:
```
pip install google-cloud-securitycenter
      
```

Setting up a service account

The Python library takes a private key from a service account to be used by the client. The service account must have the organization level role securitycenter.adminEditor.

Create a service account that's associated with your project ID:

gcloud iam service-accounts create SERVICE_ACCOUNT  --display-name
 "Service Account for USER"  --project PROJECT_ID

Create a key to associate with the service account. The key will be used for the life of the service and persistently stored at the KEY_LOCATION you specify.
```
gcloud iam service-accounts keys create KEY_LOCATION  --iam-account
 SERVICE_ACCOUNT@PROJECT_ID.iam.gserviceaccount.com
      
```

Grant the service account the securitycenter.adminEditor role for the organization.

gcloud beta organizations add-iam-policy-binding $ORG_ID
  --member="serviceAccount:SERVICE_ACCOUNT@PROJECT_ID.iam.gserviceaccount.com"
  --role='roles/securitycenter.adminEditor'

Starting the service

Start the interactive Python shell and set up imports, variables, and helper function.

$ python
from google.cloud import securitycenter
from google.oauth2 import service_account
from google.protobuf import timestamp_pb2, duration_pb2, struct_pb2
from datetime import datetime, timedelta
from google.cloud.securitycenter_v1beta1 import enums
from google.protobuf import field_mask_pb2
from google.protobuf.struct_pb2 import Value
from google.iam.v1 import policy_pb2

ORGANIZATION = "organizations/TO_BE_UPDATED"
credentials = service_account.Credentials.from_service_account_file(
  'KEY_LOCATION')
scoped_credentials = credentials.with_scopes(
  ['https://www.googleapis.com/auth/cloud-platform'])
client = securitycenter.SecurityCenterClient(credentials = scoped_credentials)
def print_iterator( resource_iterator ):
  for asset in resource_iterator:
    print(asset)
def unix_time_millis(dt):
  return int((dt - datetime.utcfromtimestamp(0)).total_seconds())

Example calls

Python

Most of the following example calls use the print_iterator defined above to print results. In the following examples, the : operator performs partial and substring matching.

Organization Operations

Get all settings for an Organization:

client.get_organization_settings([ORGANIZATION] + '/organizationSettings')

Enable Asset Discovery on ORGANIZATION:

field_mask = field_mask_pb2.FieldMask(paths=['enable_asset_discovery'])
client.update_organization_settings({'name':
 [ORGANIZATION] + '/organizationSettings', 'enable_asset_discovery':
  True} , update_mask=field_mask)

Cloud IAM Operations

Get Cloud IAM policy for a source:

client.get_iam_policy([SOURCE])

Test the permissions a caller has on a source:

client.test_iam_permissions([SOURCE], [[PERMISSION_1], [PERMISSION_2]])

Set Cloud IAM policy for a source:

old_policy = client.get_iam_policy([SOURCE])
binding = policy_pb2.Binding()
binding.role = [ROLE]
binding.members.append([MEMBER_1])
binding.members.append([MEMBER_2])
# Include the old etag, so the policy doesn't overwrite the existing
# policy completely.
client.set_iam_policy([SOURCE],
  {'etag': old_policy.etag, 'bindings': [binding]})

Projects

Return a summary of all the organization's projects:

print_iterator(client.list_assets([ORGANIZATION], filter_ =
 'security_center_properties.resource_type = '
 '"google.cloud.resourcemanager.Project"'))

Return a summary of all projects owned by [OWNER]:

print_iterator(client.list_assets([ORGANIZATION], filter_ =
 'security_center_properties.resource_type = '
 '"google.cloud.resourcemanager.Project" AND '
 'security_center_properties.resource_owners : "[OWNER]"'))

Return a comparison of all projects owned by [OWNER] between yesterday and now:

print_iterator(client.list_assets([ORGANIZATION], filter_ =
 'security_center_properties.resource_type = '
 '"google.cloud.resourcemanager.Project" AND '
 'security_center_properties.resource_owners : "[OWNER]"',
 compare_duration = duration_pb2.Duration(seconds=60*60*24*7)))

Return a summary of all projects between last week and now:

print_iterator(client.list_assets([ORGANIZATION],
 filter_ = 'security_center_properties.resource_type = '
 '"google.cloud.resourcemanager.Project"',
 compare_duration = duration_pb2.Duration(seconds=60*60*24*7)))

Return a summary of all projects between five and eight days ago:

print_iterator(client.list_assets([ORGANIZATION],
 filter_ = 'security_center_properties.resource_type = '
 '"google.cloud.resourcemanager.Project"',
 compare_duration = duration_pb2.Duration(seconds=60*60*24*3),
 read_time =
 timestamp_pb2.Timestamp(seconds=unix_time_millis(datetime.now()
 - timedelta(days = 5)))))

Return all projects that include dev in the name:

print_iterator(client.list_assets([ORGANIZATION], filter_ =
'security_center_properties.resource_type = '
'"google.cloud.resourcemanager.Project" AND '
'resource_properties.name : "dev"'))

Return all projects that include prod3 in the name AND mark.type of qa:

print_iterator(client.list_assets([ORGANIZATION], filter_ =
'security_center_properties.resource_type = '
'"google.cloud.resourcemanager.Project" AND resource_properties.name : '
'"prod3" AND security_marks.marks.type: "qa"'))

Resources

Return the current state of all resources and marks:

print_iterator(client.list_assets([ORGANIZATION]))

Return the state of all resources and marks that were snapshotted at 6 days, 4 hours, and 10 minutes ago:

print_iterator(client.list_assets([ORGANIZATION],read_time =
 timestamp_pb2.Timestamp(seconds=unix_time_millis(datetime.now() -
 timedelta(days = 6, hours = 4, minutes = 10)))))

Return all resources in only [PROJECT_A_RESOURCE_NAME] and [PROJECT_B_RESOURCE_NAME], where the [RESOURCE_NAME] is the resource_name value from the Cloud SCC asset details, in the form of //cloudresourcemanager.googleapis.com/projects/[RESOURCE_NUMBER]:

print_iterator(client.list_assets([ORGANIZATION], filter_ =
'security_center_properties.resource_parent : '
'"[PROJECT_A_RESOURCE_NAME]" OR '
'security_center_properties.resource_parent : '
'"[PROJECT_B_RESOURCE_NAME]"'))

Return all firewall rules across the organization that have open HTTP ports:

print_iterator(client.list_assets([ORGANIZATION], filter_ =
'security_center_properties.resource_type = "google.compute.Firewall" '
'AND resource_properties.name = "default-allow-http"'))

Return all images across the organization that include Debia in the name:

print_iterator(client.list_assets([ORGANIZATION], filter_ =
 'security_center_properties.resource_type = "google.compute.Image" '
 'AND resource_properties.name : "Debia"'))

Sources

Create a source with display name DISPLAY_NAME:

client.create_source([ORGANIZATION],
 {'display_name': [DISPLAY_NAME]})

Get a source with name SOURCE:

client.get_source([SOURCE])

Update a source's display_name:

field_mask = field_mask_pb2.FieldMask(paths=['display_name'])
client.update_source({'name': [SOURCE], 'display_name':
 [UPDATED_DISPLAY_NAME]}, update_mask=field_mask)

List all sources under an Organization:

print_iterator(client.list_sources([ORGANIZATION]))

Findings

Create an active finding for a Source. The account that's creating the finding must have the Cloud IAM role securitycenter.findingsEditor on the Source. The key names in the source_properties map must be between 1 and 255 characters, and must start with a letter and contain alphanumeric characters or underscores only.

client.create_finding([SOURCE], [FINDING_ID],
 {'state': enums.Finding.State.ACTIVE, 'category':'MEDIUM_RISK_ONE',
 'event_time':
  timestamp_pb2.Timestamp(seconds=unix_time_millis(datetime.now()))})

Create a finding with source properties. The key names in the source_properties map must be between 1 and 255 characters, and must start with a letter and contain alphanumeric characters or underscores only.

value = Value()
value.string_value = [SOURCE_PROPERTY_VALUE]
client.create_finding([SOURCE], [FINDING_ID],
 {'state': enums.Finding.State.ACTIVE, 'category':'MEDIUM_RISK_ONE',
  'source_properties': {'python_client_test': value}, 'event_time':
  timestamp_pb2.Timestamp(seconds=unix_time_millis(datetime.now()))})

List all Findings under an Organization:

print_iterator(client.list_findings([ORGANIZATION] + '/sources/-'))

List all Findings under a specific Source with mark testA and value valueA:

print_iterator(client.list_findings([SOURCE],

filter_='security_marks.marks.testA="valueA"'))

Return a summary of all findings 5 days ago for a source:

print_iterator(client.list_findings([SOURCE], read_time =
 timestamp_pb2.Timestamp(seconds=unix_time_millis(datetime.now() -
 timedelta(days = 5)))))

Update a finding's state to inactive:

client.set_finding_state([FINDING], enums.Finding.State.INACTIVE,
 start_time = timestamp_pb2.Timestamp(seconds=unix_time_millis(datetime.now())))

Update a finding's source properties. The key names in the source_properties map must be between 1 and 255 characters, and must start with a letter and contain alphanumeric characters or underscores only.

field_mask = field_mask_pb2.FieldMask(paths=['source_properties',
 'event_time'])
VALUE = Value()
 value.string_value = [SOURCE_PROPERTY_VALUE]
client.update_finding({'name': [FINDING], 'source_properties':
 {'python_client_test': VALUE}}, update_mask=field_mask)

List Asset Security Marks

Return all assets with mark.group equal to foo:

print_iterator(client.list_assets([ORGANIZATION], filter_ =
 'security_marks.marks.group = "foo"'))

Return all assets for which mark.group is NOT equal to bar:

print_iterator(client.list_assets([ORGANIZATION], filter_ =
 'NOT security_marks.marks.group = "bar"'))

Return all assets for which mark.status is equal to assigned AND mark.assignee is NOT equal to kevin:

print_iterator(client.list_assets([ORGANIZATION], filter_ =
 'security_marks.marks.assigned = "True" AND NOT '
 'security_marks.marks.assignee = "Kevin"'))

List Finding Security Marks

Return all findings with mark.group equal to foo:

print_iterator(client.list_findings([SOURCE], filter_ =
 'security_marks.marks.group = "foo"'))

Modify Asset Security Marks

Add marks to the asset with keys test_a and test_b and values value_a and value_b:

field_mask = \
 field_mask_pb2.FieldMask(paths=['marks.' + testA, 'marks.' + testB])
client.update_security_marks({
 'name' : [ASSET] + '/securityMarks',
 'marks': {testA : valueA, testB : valueB}
 }, update_mask=field_mask)

Remove all marks from the asset with key test_a or test_b:

field_mask = \
 field_mask_pb2.FieldMask(paths=['marks.' + testA, 'marks.' + testB])
client.modify_asset({'name' :
 [ASSET] + '/securityMarks'} update_mask=field_mask)

Add and remove marks from the asset in a single request:

Remove all marks from the asset with keys my_key_a or my_key_b.
Add two marks with keys test_a and test_b and values value_a and value_b.

field_mask = \
 field_mask_pb2.FieldMask(paths=['marks.' + testA, 'marks.' + testB,
 'marks.' + myKeya, 'marks.' + myKeyB])
client.update_security_marks({
 'name' : [ASSET] + '/securityMarks',
 'marks': {testA : valueA, testB : valueB}
 }, update_mask=field_mask)

Modify Finding Security Marks

Add marks to a finding with keys test_a and test_b and values value_a and value_b.

field_mask = \
 field_mask_pb2.FieldMask(paths=['marks.' + testA, 'marks.' + testB])
client.update_security_marks({
 'name' : [FINDING] + '/securityMarks',
 'marks': {testA : valueA, testB : valueB}
 }, update_mask=field_mask)

Java

To include the Cloud SCC Java library as a dependency in your project, select an artifact from the Maven repository.

To run the operations below, import the following:

import com.google.api.gax.core.FixedCredentialsProvider;
import com.google.auth.oauth2.ServiceAccountCredentials;
import com.google.cloud.securitycenter.v1beta1.Finding;
import com.google.cloud.securitycenter.v1beta1.Finding.State;
import com.google.cloud.securitycenter.v1beta1.FindingName;
import com.google.cloud.securitycenter.v1beta1.ListAssetsRequest;
import com.google.cloud.securitycenter.v1beta1.ListAssetsResponse.ListAssetsResult;
import com.google.cloud.securitycenter.v1beta1.ListFindingsRequest;
import com.google.cloud.securitycenter.v1beta1.OrganizationName;
import com.google.cloud.securitycenter.v1beta1.OrganizationSettings;
import com.google.cloud.securitycenter.v1beta1.OrganizationSettingsName;
import com.google.cloud.securitycenter.v1beta1.SecurityCenterClient;
import com.google.cloud.securitycenter.v1beta1.SecurityCenterClient.ListAssetsPagedResponse;
import com.google.cloud.securitycenter.v1beta1.SecurityCenterClient.ListFindingsPagedResponse;
import com.google.cloud.securitycenter.v1beta1.SecurityCenterClient.ListSourcesPagedResponse;
import com.google.cloud.securitycenter.v1beta1.SecurityCenterSettings;
import com.google.cloud.securitycenter.v1beta1.SecurityMarks;
import com.google.cloud.securitycenter.v1beta1.Source;
import com.google.cloud.securitycenter.v1beta1.SourceName;
import com.google.cloud.securitycenter.v1beta1.UpdateFindingRequest;
import com.google.cloud.securitycenter.v1beta1.UpdateOrganizationSettingsRequest;
import com.google.cloud.securitycenter.v1beta1.UpdateSecurityMarksRequest;
import com.google.cloud.securitycenter.v1beta1.UpdateSourceRequest;
import com.google.iam.v1.Binding;
import com.google.iam.v1.Policy;
import com.google.iam.v1.TestIamPermissionsResponse;
import com.google.protobuf.Duration;
import com.google.protobuf.FieldMask;
import com.google.protobuf.Timestamp;
import com.google.protobuf.Value;
import java.io.FileInputStream;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.Date;
import java.util.List;

Then set the main method:

  public static void main(String[] args) throws Exception {
    ServiceAccountCredentials credentials =
        ServiceAccountCredentials.fromStream(new FileInputStream(PATH_TO_JSON_KEY));
    FixedCredentialsProvider fixedCredentialsProvider =
        FixedCredentialsProvider.create(credentials);
    SecurityCenterSettings settings =
        SecurityCenterSettings.newBuilder()
            .setCredentialsProvider(fixedCredentialsProvider)
            .build();
    try (SecurityCenterClient securityCenterClient = SecurityCenterClient.create(settings)) {
      System.out.println(getOrganizationSettings(securityCenterClient));
    }
  }

Organization Operations

Get all settings for an Organization:

private static OrganizationSettings getOrganizationSettings(
  SecurityCenterClient securityCenterClient) {
 return securityCenterClient.getOrganizationSettings(ORGANIZATION_SETTINGS_NAME);
}

Enable Asset Discovery on ORGANIZATION:

private static OrganizationSettings updateOrganizationSettings_enableAssetDiscovery(
  SecurityCenterClient securityCenterClient) {
FieldMask updateMask = FieldMask.newBuilder().addPaths("enable_asset_discovery").build();
  OrganizationSettings organizationSettings =
    securityCenterClient.getOrganizationSettings(ORGANIZATION_SETTINGS_NAME);
  UpdateOrganizationSettingsRequest request =
    UpdateOrganizationSettingsRequest.newBuilder()
        .setOrganizationSettings(organizationSettings.toBuilder().setEnableAssetDiscovery(true))
        .setUpdateMask(updateMask)
        .build();
return securityCenterClient.updateOrganizationSettings(request);
}

Cloud IAM Operations

Get Cloud IAM policy for a source:

private static Policy getIamPolicy(SecurityCenterClient securityCenterClient) {
 return securityCenterClient.getIamPolicy(SOURCE_NAME);
}

Test the permissions a caller has on a source:

private static TestIamPermissionsResponse testIamPermissiopns(
  SecurityCenterClient securityCenterClient) {
 ArrayList permissionsToTest = new ArrayList<>();
 permissionsToTest.add(IAM_PERMISSION_1);
 permissionsToTest.add(IAM_PERMISSION_2);
 return securityCenterClient.testIamPermissions(SOURCE_NAME, permissionsToTest);
}

Set Cloud IAM policy for a source:

private static Policy setIamPolicy(SecurityCenterClient securityCenterClient) {
 Policy oldPolicy = securityCenterClient.getIamPolicy(SOURCE_NAME);
 return securityCenterClient.setIamPolicy(
    SOURCE_NAME,
    oldPolicy
        .toBuilder()
        .addBindings(
            Binding.newBuilder()
                .addMembers("user:" + USER_ACCOUNT)
                .setRole("roles/owner")
                .build())
        .build());
}

Projects

Return a summary of all the organization's projects:

private static List listAssets_filterByProject(
  SecurityCenterClient securityCenterClient) {
 String projectsFilter =
    "security_center_properties.resource_type=\"google.cloud.resourcemanager.Project\"";
 ListAssetsRequest request =
ListAssetsRequest.newBuilder().setParent(ORGANIZATION).setFilter(projectsFilter).build();
  ListAssetsPagedResponse response = securityCenterClient.listAssets(request);
  List assets = new ArrayList<>();
  response.iterateAll().forEach(assets::add);
  return assets;
}

Return a summary of all projects owned by OWNER:

private static List listAssets_filterByProject_filterOnOwner(
  SecurityCenterClient securityCenterClient) {
 String projectsFilter =
    "security_center_properties.resource_type=\"google.cloud.resourcemanager.Project\" AND "
        + "security_center_properties.resource_owners : \"riskdashboard.prober\"";
 ListAssetsRequest request =
    ListAssetsRequest.newBuilder().setParent(ORGANIZATION).setFilter(projectsFilter).build();
  ListAssetsPagedResponse response = securityCenterClient.listAssets(request);
  List assets = new ArrayList<>();
  response.iterateAll().forEach(assets::add);
  return assets;
}

Return a comparison of all projects owned by OWNER between yesterday and now:

private static List listAssets_filterByProject_filterOnOwner_compareToYesterday(
  SecurityCenterClient securityCenterClient) {
 String projectsFilter =
    "security_center_properties.resource_type=\"google.cloud.resourcemanager.Project\" AND "
        + "security_center_properties.resource_owners : \"riskdashboard.prober\"";
 Duration oneDayDuration = Duration.newBuilder().setSeconds(60 * 60 * 24).build();
 ListAssetsRequest request =
    ListAssetsRequest.newBuilder()
        .setParent(ORGANIZATION)
        .setFilter(projectsFilter)
        .setCompareDuration(oneDayDuration)
        .build();
 ListAssetsPagedResponse response = securityCenterClient.listAssets(request);
 List assets = new ArrayList<>();
 response.iterateAll().forEach(assets::add);
 return assets;
}

Return a summary of all projects between last week and now:

private static List listAssets_filterByProject_compareWithLastWeek(
  SecurityCenterClient securityCenterClient) {
 String projectsFilter =
    "security_center_properties.resource_type=\"google.cloud.resourcemanager.Project\"";
 Duration oneWeekDuration = Duration.newBuilder().setSeconds(60 * 60 * 24 * 7).build();
 ListAssetsRequest request =
    ListAssetsRequest.newBuilder()
        .setParent(ORGANIZATION)
        .setFilter(projectsFilter)
        .setCompareDuration(oneWeekDuration)
        .build();
 ListAssetsPagedResponse response = securityCenterClient.listAssets(request);
 List assets = new ArrayList<>();
 response.iterateAll().forEach(assets::add);
 return assets;
}

Return a summary of all projects between five and eight days ago:

private static List listAssets_filterByProject_compareFrom5To8DaysAgo(
  SecurityCenterClient securityCenterClient) {
 String projectsFilter =
    "security_center_properties.resource_type=\"google.cloud.resourcemanager.Project\"";
 Timestamp fiveDaysAgo = getTimestampWithSecondsSubtracted(60 * 60 * 24 * 5);
 System.out.println(fiveDaysAgo);
 Duration threeDayDuration = Duration.newBuilder().setSeconds(60 * 60 * 24 * 3).build();
 ListAssetsRequest request =
    ListAssetsRequest.newBuilder()
        .setParent(ORGANIZATION)
        .setFilter(projectsFilter)
        .setReadTime(fiveDaysAgo)
        .setCompareDuration(threeDayDuration)
        .build();
 ListAssetsPagedResponse response = securityCenterClient.listAssets(request);
 List assets = new ArrayList<>();
 response.iterateAll().forEach(assets::add);
 return assets;
}

Return all projects that include dev in the name:

private static List listAssets_filterByProject_filterResourceProperty(
  SecurityCenterClient securityCenterClient) {
 String projectsFilter =
    "security_center_properties.resource_type=\"google.cloud.resourcemanager.Project\" AND "
        + "resource_properties.name: \"dev\"";
 ListAssetsRequest request =
    ListAssetsRequest.newBuilder().setParent(ORGANIZATION).setFilter(projectsFilter).build();
 ListAssetsPagedResponse response = securityCenterClient.listAssets(request);
 List assets = new ArrayList<>();
 response.iterateAll().forEach(assets::add);
 return assets;
}

Return all projects that have a mark.type of qa:

private static List
 listAssets_allProjects_filterSecurityCenterProperty_filterSecurityMark(
  SecurityCenterClient securityCenterClient) {
 String projectsFilter =
    "security_center_properties.resource_type=\"google.cloud.resourcemanager.Project\" AND "
        + "securitymarks.marks.type: \"qa\"";
 ListAssetsRequest request =
    ListAssetsRequest.newBuilder().setParent(ORGANIZATION).setFilter(projectsFilter).build();
 ListAssetsPagedResponse response = securityCenterClient.listAssets(request);
 List assets = new ArrayList<>();
 response.iterateAll().forEach(assets::add);
 return assets;
}

Resources

Return the current state of all resources and marks:

private static List listAssets(SecurityCenterClient securityCenterClient) {
  ListAssetsRequest request = ListAssetsRequest.newBuilder().setParent(ORGANIZATION).build();
  ListAssetsPagedResponse response = securityCenterClient.listAssets(request);
  List assets = new ArrayList<>();
  response.iterateAll().forEach(assets::add);
  return assets;
}

Return the state of all resources and marks that were snapshotted at 6 days, 4 hours, and 10 minutes ago:

private static List listAssets_aboutAWeekAgo(
  SecurityCenterClient securityCenterClient) {
 Timestamp timestamp =
    getTimestampWithSecondsSubtracted((60 * 60 * 24 * 6) + (60 * 60 * 4) + (60 * 10));
 ListAssetsRequest request =
    ListAssetsRequest.newBuilder().setParent(ORGANIZATION).setReadTime(timestamp).build();
 ListAssetsPagedResponse response = securityCenterClient.listAssets(request);
 List assets = new ArrayList<>();
 response.iterateAll().forEach(assets::add);
 return assets;
}

Return all resources in only PROJECT_A_ID and PROJECT_B_ID:

private static List listAssets_filterByParent(
  SecurityCenterClient securityCenterClient) {
 String filter =
    "security_center_properties.resource_parent: \"PROJECT_A\" OR "
        + "security_center_properties.resource_parent: \"PROJECT_B\"";
 ListAssetsRequest request =
    ListAssetsRequest.newBuilder().setParent(ORGANIZATION).setFilter(filter).build();
 ListAssetsPagedResponse response = securityCenterClient.listAssets(request);
 List assets = new ArrayList<>();
 response.iterateAll().forEach(assets::add);
 return assets;
}

Return all firewall rules across the organization that have open HTTP ports:

private static List listAssets_filterByFirewall_filterByResourceProperty(
  SecurityCenterClient securityCenterClient) {
 String filter =
    "security_center_properties.resource_type: \"google.compute.Firewall\" AND "
        + "resource_properties.name: \"default-allow-http\"";
 ListAssetsRequest request =
    ListAssetsRequest.newBuilder().setParent(ORGANIZATION).setFilter(filter).build();
 ListAssetsPagedResponse response = securityCenterClient.listAssets(request);
 List assets = new ArrayList<>();
 response.iterateAll().forEach(assets::add);
 return assets;
}

Return all images across the organization that include Debia in the name:

private static List listAssets_filterByImage_filterByResourceProperty(
  SecurityCenterClient securityCenterClient) {
 String filter =
    "security_center_properties.resource_type: \"google.compute.Image\" AND "
        + "resource_properties.name: \"Debia\"";
 ListAssetsRequest request =
    ListAssetsRequest.newBuilder().setParent(ORGANIZATION).setFilter(filter).build();
 ListAssetsPagedResponse response = securityCenterClient.listAssets(request);
 List assets = new ArrayList<>();
 response.iterateAll().forEach(assets::add);
 return assets;
}

Sources

Create a source with display name DISPLAY_NAME:

private static Source getSource(SecurityCenterClient securityCenterClient) {
 return securityCenterClient.getSource(DISPLAY_NAME);
}

Update a source's display_name:

private static Source updateSource(SecurityCenterClient securityCenterClient) {
 FieldMask updateMask = FieldMask.newBuilder().addPaths("display_name").build();
 Source oldSource = securityCenterClient.getSource(SOURCE_NAME);
 UpdateSourceRequest request =
    UpdateSourceRequest.newBuilder()
        .setSource(oldSource.toBuilder().setDisplayName("UpdatedJavaClientSource"))
        .setUpdateMask(updateMask)
        .build();
 return securityCenterClient.updateSource(request);
}

List all sources under an Organization:

private static List listAllSources(SecurityCenterClient securityCenterClient) {
 ListSourcesPagedResponse response = securityCenterClient.listSources(ORGANIZATION_NAME);
 List results = new ArrayList<>();
 response.iterateAll().forEach(results::add);
 return results;
}

Findings

Create an active finding for a Source. The account that's creating the finding must have the Cloud IAM permission securitycenter.findingsEditor on the Source. The key names in the source_properties map must be between 1 and 255 characters, and must start with a letter and contain alphanumeric characters or underscores only.

private static Finding createFinding(SecurityCenterClient securityCenterClient) {
 String findingId = "JavaClientFinding";
 Finding finding =
    Finding.newBuilder()
        .setState(State.ACTIVE)
        .setCategory("MEDIUM_RISK_ONE")
        .setEventTime(getTimestampWithSecondsSubtracted(0))
        .build();
 return securityCenterClient.createFinding(SOURCE_NAME, findingId, finding);
}

private static Finding createFinding_withSourceProperties(
  SecurityCenterClient securityCenterClient) {
 String findingId = "JavaClientFinding2";
 String sourcePropertyKey = "java_client_source_property_on_creation";
 Value sourcePropertyValue =
    Value.newBuilder().setStringValue("java_client_source_property_value_on_creation").build();
 Finding finding =
    Finding.newBuilder()
        .setState(State.ACTIVE)
        .setCategory("MEDIUM_RISK_ONE")
        .setEventTime(getTimestampWithSecondsSubtracted(0))
        .putSourceProperties(sourcePropertyKey, sourcePropertyValue)
        .build();
 return securityCenterClient.createFinding(SOURCE_NAME, findingId, finding);
}

List all Findings under an Organization:

private static List listFindings_allFindingsForOrganization(
  SecurityCenterClient securityCenterClient) {
 ListFindingsRequest request =
    ListFindingsRequest.newBuilder().setParent(ORGANIZATION + "/sources/-").build();
 ListFindingsPagedResponse response = securityCenterClient.listFindings(request);
 List results = new ArrayList<>();
 response.iterateAll().forEach(results::add);
 return results;
}

List all Findings under a specific Source with mark testA and value valueA:

private static List listFindings_allFindingsForSource_filterBySecurityMarks(
  SecurityCenterClient securityCenterClient) {
 String filter = "security_marks.marks.testA=\"valueA\"";
 ListFindingsRequest request =
    ListFindingsRequest.newBuilder().setParent(SOURCE).setFilter(filter).build();
 ListFindingsPagedResponse response = securityCenterClient.listFindings(request);
 List results = new ArrayList<>();
 response.iterateAll().forEach(results::add);
 return results;
}

Return a summary of all findings 5 days ago for a source:

private static List listFindings_allFindingsForSource_fiveDaysAgo(
  SecurityCenterClient securityCenterClient) {
 Timestamp timestamp = getTimestampWithSecondsSubtracted(60 * 60 * 24 * 5);
 ListFindingsRequest request =
    ListFindingsRequest.newBuilder().setParent(SOURCE).setReadTime(timestamp).build();
 ListFindingsPagedResponse response = securityCenterClient.listFindings(request);
 List results = new ArrayList<>();
 response.iterateAll().forEach(results::add);
 return results;
}

Update a finding's state to inactive:

private static Finding setFindingStateToInactive(SecurityCenterClient securityCenterClient) {
 return securityCenterClient.setFindingState(
    FINDING_NAME, State.INACTIVE, getTimestampWithSecondsSubtracted(0));
}

private static Finding updateFinding_addSourceProperties(
  SecurityCenterClient securityCenterClient) {
 FieldMask updateMask =
    FieldMask.newBuilder().addPaths("source_properties").addPaths("event_time").build();
 String sourcePropertyKey = "java_client_source_property_key";
 Value sourcePropertyValue =
    Value.newBuilder().setStringValue("java_client_source_property_value").build();
 Finding finding =
    Finding.newBuilder()
        .setName(FINDING)
        .setParent(SOURCE)
        .setEventTime(getTimestampWithSecondsSubtracted(0))
        .putSourceProperties(sourcePropertyKey, sourcePropertyValue)
        .build();
 UpdateFindingRequest request =
    UpdateFindingRequest.newBuilder().setFinding(finding).setUpdateMask(updateMask).build();
 return securityCenterClient.updateFinding(request);
}

List Asset Security Marks

Return all assets with marks.group equal to foo:

private static List listAssets_filterByResourceMark(
  SecurityCenterClient securityCenterClient) {
 String filter = "security_marks.marks.group=\"foo\"";
 ListAssetsRequest request =
    ListAssetsRequest.newBuilder().setParent(ORGANIZATION).setFilter(filter).build();
 ListAssetsPagedResponse response = securityCenterClient.listAssets(request);
 List results = new ArrayList<>();
 response.iterateAll().forEach(results::add);
 return results;
}

Return all assets for which marks.group is NOT equal to bar:

private static List listAssets_filterByNotResourceMark(
  SecurityCenterClient securityCenterClient) {
 String filter = "NOT security_marks.marks.group=\"bar\"";
 ListAssetsRequest request =
    ListAssetsRequest.newBuilder().setParent(ORGANIZATION).setFilter(filter).build();
 ListAssetsPagedResponse response = securityCenterClient.listAssets(request);
 List results = new ArrayList<>();
 response.iterateAll().forEach(results::add);
 return results;
}

Return all assets for which mark.status is equal to assigned AND mark.assignee is NOT equal to kevin:

private static List listAssets_filterByResourceMarkTwice(
  SecurityCenterClient securityCenterClient) {
 String filter =
    "security_marks.marks.assigned=\"True\" AND security_marks.marks.assignee=\"Kevin\"";
 ListAssetsRequest request =
    ListAssetsRequest.newBuilder().setParent(ORGANIZATION).setFilter(filter).build();
 ListAssetsPagedResponse response = securityCenterClient.listAssets(request);
 List results = new ArrayList<>();
 response.iterateAll().forEach(results::add);
 return results;
}

List Finding Security Marks

Return all findings with mark.group equal to foo:

private static List listFindings_filterByResourceMark(
  SecurityCenterClient securityCenterClient) {
 String filter = "security_marks.marks.group=\"foo\"";
 ListFindingsRequest request =
    ListFindingsRequest.newBuilder().setParent(ORGANIZATION).setFilter(filter).build();
 ListFindingsPagedResponse response = securityCenterClient.listFindings(request);
 List results = new ArrayList<>();
 response.iterateAll().forEach(results::add);
 return results;
}

Modify Asset Security Marks

Add marks to the asset with keys test_a and test_b and values value_a and value_b:

private static SecurityMarks updateSecurityMarks_assets_addNewMarks(
  SecurityCenterClient securityCenterClent) {
 SecurityMarks securityMarks =
    SecurityMarks.newBuilder()
        .setName(ASSET + SECURITY_MARKS_SUFFIX)
        .putMarks("testA", "valueA")
        .putMarks("testB", "valueB")
        .build();
 FieldMask updateMask =
    FieldMask.newBuilder().addPaths("marks.testA").addPaths("marks.testB").build();
 UpdateSecurityMarksRequest request =
    UpdateSecurityMarksRequest.newBuilder()
        .setSecurityMarks(securityMarks)
        .setUpdateMask(updateMask)
        .setStartTime(getTimestampWithSecondsSubtracted(0))
        .build();
 return securityCenterClent.updateSecurityMarks(request);
}

Remove all marks from the asset with key test_a or test_b:

private static SecurityMarks updateSecurityMarks_assets_removeOldMarks(
  SecurityCenterClient securityCenterClent) {
 SecurityMarks securityMarks =
    SecurityMarks.newBuilder().setName(ASSET + SECURITY_MARKS_SUFFIX).build();
 FieldMask updateMask =
    FieldMask.newBuilder().addPaths("marks.testA").addPaths("marks.testB").build();
 UpdateSecurityMarksRequest request =
    UpdateSecurityMarksRequest.newBuilder()
        .setSecurityMarks(securityMarks)
        .setUpdateMask(updateMask)
        .setStartTime(getTimestampWithSecondsSubtracted(0))
        .build();
 return securityCenterClent.updateSecurityMarks(request);
}

Add and remove marks from the asset in a single request:

Remove all marks from the asset with keys my_key_a or my_key_b.
Add two marks with keys test_a and test_b and values value_a and value_b.

 private static SecurityMarks updateSecurityMarks_assets_addAndRemoveMarks(
  SecurityCenterClient securityCenterClent) {
  SecurityMarks securityMarks =
    SecurityMarks.newBuilder()
        .setName(ASSET + SECURITY_MARKS_SUFFIX)
        .putMarks("testA", "valueA")
        .putMarks("testB", "valueB")
        .build();
  FieldMask updateMask =
    FieldMask.newBuilder()
        .addPaths("marks.testA")
        .addPaths("marks.testB")
        .addPaths("marks.myKeyA")
        .addPaths("marks.myKeyB")
        .build();
  UpdateSecurityMarksRequest request =
    UpdateSecurityMarksRequest.newBuilder()
        .setSecurityMarks(securityMarks)
        .setUpdateMask(updateMask)
        .setStartTime(getTimestampWithSecondsSubtracted(0))
        .build();
  return securityCenterClent.updateSecurityMarks(request);
}

Modify Finding Security Marks

Add marks to a finding with keys test_a and test_b and values value_a and value_b.

private static SecurityMarks updateSecurityMarks_findings_addNewMarks(
  SecurityCenterClient securityCenterClent) {
 SecurityMarks securityMarks =
    SecurityMarks.newBuilder()
        .setName(FINDING + SECURITY_MARKS_SUFFIX)
        .putMarks("testA", "valueA")
        .putMarks("testB", "valueB")
        .build();
 FieldMask updateMask =
    FieldMask.newBuilder().addPaths("marks.testA").addPaths("marks.testB").build();
 UpdateSecurityMarksRequest request =
    UpdateSecurityMarksRequest.newBuilder()
        .setSecurityMarks(securityMarks)
        .setUpdateMask(updateMask)
        .setStartTime(getTimestampWithSecondsSubtracted(0))
        .build();
 return securityCenterClent.updateSecurityMarks(request);
}

Helpers

Return a timestamp with seconds added to the current epoch time.

private static Timestamp getTimestampWithSecondsSubtracted(int seconds) {
 Calendar cal = Calendar.getInstance();
 cal.setTimeInMillis(new Date().getTime());
 cal.add(Calendar.SECOND, -1 * seconds);
 return Timestamp.newBuilder().setSeconds(cal.getTimeInMillis() / 1000).build();
}

Go

These samples use the following variables:

var ORGANIZATION = "organizations/[ORGANIZATION_ID]"
// Where ORGANIZATION_ID is the organization ID number from the
// GCP Console Manage Resources page.

var ORGANIZATION_SETTINGS = ORGANIZATION + "/organizationSettings"
var SOURCE = ORGANIZATION + "/sources/[SOURCE_ID]"
// Where SOURCE_ID is the source ID number returned by the
// organizations.sources.list method or found on the Cloud SCC
// dashboard Security Sources page.

var FINDING = SOURCE + "/findings/[FINDING_ID]"
// Where FINDING_ID is the unique finding ID number returned by the
// organizations.sources.findings.list method or found on the Cloud SCC
// dashboard Finding Details page.

var ASSET = ORGANIZATION + "/assets/[ASSET_ID]"
// Where ASSET_ID is the unique asset ID number returned by the
// organizations.assets.list method or found on the Cloud SCC dashboard
// Assets page.

var ASSET_MARK = ASSET + "/securityMarks"
var FINDING_MARK = FINDING + "/securityMarks"
var ASSET_MARK = [ASSET] + "/securityMarks"
var FINDING_MARK = [FINDING] + "/securityMarks"

func main() {
  ctx := context.Background()
  c, err := securitycenter.NewClient(ctx)

  if err != nil {
    fmt.Println("Error instantiating client")
    return
  }

  org_operations(c, ctx)
  iam_operations(c, ctx)
  project_operations(c, ctx)
  resource_operations(c, ctx)
  source_operations(c, ctx)
  findings_operations(c, ctx)
  list_asset_marks_operations(c, ctx)
  list_finding_marks(c, ctx)
  asset_marks_operations(c, ctx)
  finding_marks_operations(c, ctx)

}

To run the operations below, import the following:

import (
  "cloud.google.com/go/securitycenter/apiv1beta1"
  "context"
  "fmt"
  "github.com/golang/protobuf/ptypes/duration"
  "github.com/golang/protobuf/ptypes/struct"
  "github.com/golang/protobuf/ptypes/timestamp"
  "google.golang.org/api/iterator"
  securitycenterpb
    "google.golang.org/genproto/googleapis/cloud/securitycenter/v1beta1"
  "google.golang.org/genproto/googleapis/iam/v1"
  "google.golang.org/genproto/protobuf/field_mask"
  "time"
)

Organization Operations


func org_operations(client *securitycenter.Client, ctx context.Context)
{

// Get all settings for an organization
  fmt.Println("\nGet all settings for an organization")
  orgName := [ORGANIZATION_SETTINGS]
  getOrgSettingsReq := securitycenterpb.GetOrganizationSettingsRequest{}
  getOrgSettingsReq.Name = orgName
  print_organization_settings(client.GetOrganizationSettings(ctx,
    &getOrgSettingsReq))

// Enable Asset Discovery on [ORGANIZATION]
  fmt.Println("\nEnable Asset Discovery")
  field_mask := field_mask.FieldMask{}
  field_mask.Paths = []string{"enable_asset_discovery"}
  organizationSettings := securitycenterpb.OrganizationSettings{}
  organizationSettings.Name = orgName
  organizationSettings.EnableAssetDiscovery = true
  updateOrgSettingsReq :=
    securitycenterpb.UpdateOrganizationSettingsRequest{}
  updateOrgSettingsReq.OrganizationSettings = &organizationSettings
  updateOrgSettingsReq.UpdateMask = &field_mask
  print_organization_settings(client.UpdateOrganizationSettings(ctx,
    &updateOrgSettingsReq))

}

Cloud IAM Operations


  func iam_operations(client *securitycenter.Client, ctx context.Context)
  {

  // Get IAM Policy for a Source
    fmt.Println("\nGet IAM Policy")
    getIamPolicyRequest := iam.GetIamPolicyRequest{}
    getIamPolicyRequest.Resource = [SOURCE]
    fmt.Println(client.GetIamPolicy(ctx, &getIamPolicyRequest))

  // Test what permissions the caller has on the source
    fmt.Println("\nTest IAM Policy")
    testIamPermissionsRequest := iam.TestIamPermissionsRequest{}
    testIamPermissionsRequest.Resource = [SOURCE]
    testIamPermissionsRequest.Permissions = []string
      {"securitycenter.sources.update", "securitycenter.sources.get"}
    fmt.Println(client.TestIamPermissions(ctx, &testIamPermissionsRequest))

  // Set IAM Policy for a Source
    fmt.Println("Set IAM Policy")
    old_policy, err := client.GetIamPolicy(ctx, &getIamPolicyRequest)
    // Include the old etag, otherwise the policy will overwrite the
    // existing policy completely.
    new_policy := iam.Policy{}
    binding := iam.Binding{}
    binding.Role = "roles/owner"
    binding.Members = []string{"user:glinsman@google.com"}
    new_policy.Etag = old_policy.Etag
    new_policy.Bindings = []*iam.Binding{&binding}
    setIamPolicyRequest := iam.SetIamPolicyRequest{}
    setIamPolicyRequest.Resource = [SOURCE]
    setIamPolicyRequest.Policy = &new_policy
    fmt.Println(client.SetIamPolicy(ctx, &setIamPolicyRequest))

    if err != nil {
      fmt.Println("Error setting IAM Policy")
      }

    }

Projects


func project_operations(client *securitycenter.Client, ctx context.Context)
  {

// All Org Projects:
  fmt.Println("All projects")
  listAssetsRequest1 := securitycenterpb.ListAssetsRequest{}
  listAssetsRequest1.Parent = [ORGANIZATION]
  listAssetsRequest1.Filter = "security_center_properties.resource_type
    = \"google.cloud.resourcemanager.Project\""
  print_assets(client.ListAssets(ctx, &listAssetsRequest1))

// All Org Projects owned by [OWNER]:
  fmt.Println("\nAll projects owned by [OWNER]")
  listAssetsRequest2 := securitycenterpb.ListAssetsRequest{}
  listAssetsRequest2.Parent = [ORGANIZATION]
  listAssetsRequest2.Filter = "security_center_properties.resource_type
    = \"google.cloud.resourcemanager.Project\" AND
    security_center_properties.resource_owners :
    \"user:riskdashboard.prober@cscc-prober-org.joonix.net\""
  print_assets(client.ListAssets(ctx, &listAssetsRequest2))

// Return a comparison of all projects owned by [OWNER] between
// yesterday and now:
  fmt.Println("\nAll projects owned by [OWNER] between yesterday and now")
  duration1 := duration.Duration{}
  duration1.Seconds = 60 * 60 * 24
  listAssetsRequest3 := securitycenterpb.ListAssetsRequest{}
  listAssetsRequest3.Parent = [ORGANIZATION]
  listAssetsRequest3.Filter = "security_center_properties.resource_type
    = \"google.cloud.resourcemanager.Project\" AND
    security_center_properties.resource_owners :
    \"user:riskdashboard.prober@cscc-prober-org.joonix.net\""
  listAssetsRequest3.CompareDuration = &duration1
  print_assets(client.ListAssets(ctx, &listAssetsRequest3))

// Return a summary of all projects between last week and now:
  fmt.Println("\nAll projects between last week and now")
  duration2 := duration.Duration{}
  duration2.Seconds = 60 * 60 * 24 * 7
  listAssetsRequest4 := securitycenterpb.ListAssetsRequest{}
  listAssetsRequest4.Parent = [ORGANIZATION]
  listAssetsRequest4.Filter = "security_center_properties.resource_type
    = \"google.cloud.resourcemanager.Project\""
  listAssetsRequest4.CompareDuration = &duration2
  print_assets(client.ListAssets(ctx, &listAssetsRequest4))

// Return a summary of all projects between five and eight days ago:
  fmt.Println("\nAll projects between 5 and 8 days ago")
  duration3 := duration.Duration{}
  duration3.Seconds = 60 * 60 * 24 * 3
  time1 := time.Now().AddDate(0, 0, -5)
  timeStamp1 := timestamp.Timestamp{}
  timeStamp1.Seconds = time1.Unix()
  listAssetsRequest5 := securitycenterpb.ListAssetsRequest{}
  listAssetsRequest5.Parent = [ORGANIZATION]
  listAssetsRequest5.Filter = "security_center_properties.resource_type
    = \"google.cloud.resourcemanager.Project\""
  listAssetsRequest5.CompareDuration = &duration3
  listAssetsRequest5.ReadTime = &timeStamp1
  print_assets(client.ListAssets(ctx, &listAssetsRequest5))

// Return all projects that include dev in the name:
  fmt.Println("\nAll projects that include dev in name")
  listAssetsRequest6 := securitycenterpb.ListAssetsRequest{}
  listAssetsRequest6.Parent = [ORGANIZATION]
  listAssetsRequest6.Filter = "security_center_properties.resource_type
    = \"google.cloud.resourcemanager.Project\" AND
    resource_properties.name : \"dev\""
  print_assets(client.ListAssets(ctx, &listAssetsRequest6))

// Return all projects that include prod3 in the name AND
// security_marks.marks.type of qa:
  fmt.Println("\nAll projects that include prod3 in the name AND
    security_marks.marks.type of qa")
  listAssetsRequest7 := securitycenterpb.ListAssetsRequest{}
  listAssetsRequest7.Parent = [ORGANIZATION]
  listAssetsRequest7.Filter = "security_center_properties.resource_type
    = \"google.cloud.resourcemanager.Project\" AND
    resource_properties.name : \"prod3\" AND security_marks.marks.type:
    \"qa\""
  print_assets(client.ListAssets(ctx, &listAssetsRequest7))

// Return a summary of all projects between 100 days ago and now:
  fmt.Println("\nAll projects 100 days ago")
  duration4 := duration.Duration{}
  duration4.Seconds = 60 * 60 * 24 * 100
  listAssetsRequest8 := securitycenterpb.ListAssetsRequest{}
  listAssetsRequest8.Parent = [ORGANIZATION]
  listAssetsRequest8.Filter = "security_center_properties.resource_type
    = \"google.cloud.resourcemanager.Project\""
  listAssetsRequest8.CompareDuration = &duration4
  print_assets(client.ListAssets(ctx, &listAssetsRequest8))

}

Resources


func resource_operations(client *securitycenter.Client,
  ctx context.Context) {

// Return the current state of all resources and marks:
  fmt.Println("\nCurrent state of all resources and marks")
  listAssetsRequest1 := securitycenterpb.ListAssetsRequest{}
  listAssetsRequest1.Parent = [ORGANIZATION]
  print_assets(client.ListAssets(ctx, &listAssetsRequest1))

// Return the state of all resources and marks that were snapshotted at
// 6 days ago:
  fmt.Println
    ("\nState of all resources and marks that were snapshotted at 6 days
    ago")
  time1 := time.Now().AddDate(0, 0, -6)
  timeStamp1 := timestamp.Timestamp{}
  timeStamp1.Seconds = time1.Unix()
  listAssetsRequest2 := securitycenterpb.ListAssetsRequest{}
  listAssetsRequest2.Parent = [ORGANIZATION]
  listAssetsRequest2.ReadTime = &timeStamp1
  print_assets(client.ListAssets(ctx, &listAssetsRequest2))

// Return all resources in only [PROJECT_A_ID] and [PROJECT_B_ID]:
  fmt.Println("\nAll resources in only [PROJECT_A_ID] or
    [PROJECT_B_ID]")
  listAssetsRequest3 := securitycenterpb.ListAssetsRequest{}
  listAssetsRequest3.Parent = [ORGANIZATION]
  listAssetsRequest3.Filter =
    "security_center_properties.resource_parent : \"[PROJECT_A_ID]\" OR
    security_center_properties.resource_parent : \"[PROJECT_B_ID]\""
  print_assets(client.ListAssets(ctx, &listAssetsRequest3))

// Return all firewall rules across the organization that have open
// HTTP ports:
  fmt.Println("\nAll firewall rules across the organization that have
    open HTTP ports")
  listAssetsRequest4 := securitycenterpb.ListAssetsRequest{}
  listAssetsRequest4.Parent = [ORGANIZATION]
  listAssetsRequest4.Filter = "security_center_properties.resource_type
    = \"google.compute.Firewall\" AND resource_properties.name =
    \"default-allow-http\""
  print_assets(client.ListAssets(ctx, &listAssetsRequest4))

// Return all images across the organization that include Debia in the
// name:
  fmt.Println("\nall images across the organization that include Debia
    in the name")
  listAssetsRequest5 := securitycenterpb.ListAssetsRequest{}
  listAssetsRequest5.Parent = [ORGANIZATION]
  listAssetsRequest5.Filter = "security_center_properties.resource_type
    = \"google.compute.Image\" AND resource_properties.name : \"Debia\""
  print_assets(client.ListAssets(ctx, &listAssetsRequest5))

}

Sources


func source_operations(client *securitycenter.Client,
  ctx context.Context) {

// Create a source with display name [DISPLAY_NAME]
  fmt.Println("\nCreate a source with display name [DISPLAY_NAME]")
  source := securitycenterpb.Source{}
  source.Name = [SOURCE]
  source.DisplayName = "sourceDisplayName"
  createSourceRequest := securitycenterpb.CreateSourceRequest{}
  createSourceRequest.Parent = [ORGANIZATION]
  createSourceRequest.Source = &source
  fmt.Println(client.CreateSource(ctx, &createSourceRequest))

// Get a source with name [SOURCE]
  fmt.Println("\nGet a source with name [SOURCE]")
  getSourceRequest := securitycenterpb.GetSourceRequest{}
  getSourceRequest.Name = [SOURCE]
  fmt.Println(client.GetSource(ctx, &getSourceRequest))

// Update a source's display_name
  fmt.Println("\nUpdate a source's display_name")
  source.DisplayName = "newDisplayName"
  field_mask1 := field_mask.FieldMask{}
  field_mask1.Paths = []string{"display_name"}
  updateSourceRequest := securitycenterpb.UpdateSourceRequest{}
  updateSourceRequest.Source = &source
  updateSourceRequest.UpdateMask = &field_mask1
  fmt.Println(client.UpdateSource(ctx, &updateSourceRequest))

// List all Sources under an organization
  fmt.Println("\nList all sources under an organization")
  listSourcesRequest := securitycenterpb.ListSourcesRequest{}
  listSourcesRequest.Parent = [ORGANIZATION]
  print_source_count(client.ListSources(ctx, &listSourcesRequest))

}

Findings


func findings_operations(client *securitycenter.Client,
  ctx context.Context) {

// Create an active finding for a source. IMPORTANT: This requires the
// Cloud IAM permission "securitycenter.findings.update" on the source.
  fmt.Println("\nCreate an active finding for a source")
  value1 := structpb.Value{}
  value1.Kind = &structpb.Value_StringValue{"TestValue1"}
  time1 := time.Now()
  timeStamp1 := timestamp.Timestamp{}
  timeStamp1.Seconds = time1.Unix()
  finding := securitycenterpb.Finding{}
  finding.State = securitycenterpb.Finding_ACTIVE
  finding.Category = "MEDIUM_RISK_ONE"
  finding.EventTime = &timeStamp1
  finding.SourceProperties = map[string]*structpb.Value{
    "go_client_test": &value1}
  createFindingRequest := securitycenterpb.CreateFindingRequest{}
  createFindingRequest.Parent = [SOURCE]
  createFindingRequest.FindingId = "UniqueFindingID"
  createFindingRequest.Finding = &finding
  fmt.Println(client.CreateFinding(ctx, &createFindingRequest))

// List all findings under an organization
  fmt.Println("\nList all findings under an organization")
  listFindingsRequest1 := securitycenterpb.ListFindingsRequest{}
  listFindingsRequest1.Parent = "organizations/[ORGANIZATION_ID]/sources/-"
  print_finding(client.ListFindings(ctx, &listFindingsRequest1))

// List all findings under a specific source
  fmt.Println("\nList all findings under a specific source")
  listFindingsRequest2 := securitycenterpb.ListFindingsRequest{}
  listFindingsRequest2.Parent = [SOURCE]
  print_finding(client.ListFindings(ctx, &listFindingsRequest2))

// List all findings under a specific source with mark testA and value
// valueA
  fmt.Println("\nList all findings under a specific source with mark
    testA and value valueA")
  listFindingsRequest3 := securitycenterpb.ListFindingsRequest{}
  listFindingsRequest3.Parent = [SOURCE]
  listFindingsRequest3.Filter = "security_marks.marks.testA=\"valueA\""
  print_finding(client.ListFindings(ctx, &listFindingsRequest3))

// Return a summary of all findings 5 days ago for a source:
  fmt.Println("\nReturn a summary of all findings 5 days ago for a
    source:")
  time2 := time.Now().AddDate(0, 0, -5)
  timeStamp2 := timestamp.Timestamp{}
  timeStamp2.Seconds = time2.Unix()
  listFindingsRequest4 := securitycenterpb.ListFindingsRequest{}
  listFindingsRequest4.Parent = [SOURCE]
  listFindingsRequest4.ReadTime = &timeStamp2
  print_finding(client.ListFindings(ctx, &listFindingsRequest4))

// Update a finding's state to inactive
  fmt.Println("\nUpdate a findings state to inactive")
  time3 := time.Now()
  timeStamp3 := timestamp.Timestamp{}
  timeStamp3.Seconds = time3.Unix()
  setFindingStateRequest := securitycenterpb.SetFindingStateRequest{}
  setFindingStateRequest.Name = [FINDING]
  setFindingStateRequest.State = securitycenterpb.Finding_INACTIVE
  setFindingStateRequest.StartTime = &timeStamp3
  fmt.Println(client.SetFindingState(ctx, &setFindingStateRequest))

// Update a finding's source properties
  fmt.Println("\nUpdate a findings source properties")
  value2 := structpb.Value{}
  value2.Kind = &structpb.Value_StringValue{"TestValue2"}
  timestamp4 := timestamp.Timestamp{}
  timestamp4.Seconds = time.Now().Unix()
  finding2 := securitycenterpb.Finding{}
  finding2.Name = [FINDING]
  finding2.SourceProperties = map[string]*structpb.Value{
    "go_client_test": &value2}
  finding2.EventTime = ×tamp4
  updateMask := field_mask.FieldMask{}
  updateMask.Paths = []string{"source_properties", "event_time"}
  updateFindingRequest := securitycenterpb.UpdateFindingRequest{}
  updateFindingRequest.Finding = &finding2
  updateFindingRequest.UpdateMask = &updateMask
  fmt.Println(client.UpdateFinding(ctx, &updateFindingRequest))

}

List Asset Security Marks


func list_asset_marks_operations(client *securitycenter.Client,
  ctx context.Context) {

// Return all assets with mark.group equal to foo:
  fmt.Println("\nReturn all assets with mark.group equal to foo:")
  listAssetsRequest1 := securitycenterpb.ListAssetsRequest{}
  listAssetsRequest1.Parent = [ORGANIZATION]
  listAssetsRequest1.Filter = "security_marks.marks.group = \"foo\""
  print_assets(client.ListAssets(ctx, &listAssetsRequest1))

// Return all assets with mark.group not equal to bar:
  fmt.Println("\nReturn all assets with mark.group not equal to bar:")
  listAssetsRequest2 := securitycenterpb.ListAssetsRequest{}
  listAssetsRequest2.Parent = [ORGANIZATION]
  listAssetsRequest2.Filter = "NOT security_marks.marks.group = \"bar\""
  print_assets(client.ListAssets(ctx, &listAssetsRequest2))

// Return all assets with mark.status equal to assigned and
// mark.assignee not equal to Kevin:
  fmt.Println("\nReturn all assets with mark.status equal to assigned
    and mark.assignee not equal to Kevin:")
  listAssetsRequest3 := securitycenterpb.ListAssetsRequest{}
  listAssetsRequest3.Parent = [ORGANIZATION]
  listAssetsRequest3.Filter = "security_marks.marks.assigned = \"True\"
    AND NOT security_marks.marks.assignee = \"Kevin\""
  print_assets(client.ListAssets(ctx, &listAssetsRequest3))

}

List Finding Security Marks


func list_finding_marks(client *securitycenter.Client,
  ctx context.Context) {

// Return all findings with mark.group equal to foo:
  fmt.Println("\nReturn all findings with mark.group equal to foo:")
  listFindingsRequest := securitycenterpb.ListFindingsRequest{}
  listFindingsRequest.Parent = [SOURCE]
  listFindingsRequest.Filter = "NOT security_marks.marks.group = \"foo\""
  print_finding(client.ListFindings(ctx, &listFindingsRequest))

}

Modify Asset Security Marks


func asset_marks_operations(client *securitycenter.Client,
  ctx context.Context) {

  testA, testB := "keyA", "keyB"
  valueA, valueB := "valueA", "valueB"

// Add marks to an asset with keys testA and testB and values valueA and
// valueB:
  fmt.Println("\nAdd marks to an asset with keys testA and testB and
    values valueA and valueB:")
  field_mask1 := field_mask.FieldMask{}
  field_mask1.Paths = []string{"marks." + testA, "marks." + testB}
  securityMarks := securitycenterpb.SecurityMarks{}
  securityMarks.Name = ASSET_MARK
  securityMarks.Marks = map[string]string{testA: valueA, testB: valueB}
  updateSecurityMarksRequest1 :=
    securitycenterpb.UpdateSecurityMarksRequest{}
  updateSecurityMarksRequest1.SecurityMarks = &securityMarks
  updateSecurityMarksRequest1.UpdateMask = &field_mask1
  fmt.Println(client.UpdateSecurityMarks(ctx, &updateSecurityMarksRequest1))

// Remove all marks from the asset with key testA or testB:
  fmt.Println("\nRemove all marks from the asset with key testA
    or testB:")
  field_mask2 := field_mask.FieldMask{}
  field_mask2.Paths = []string{"marks." + testA, "marks." + testB}
  securityMarks2 := securitycenterpb.SecurityMarks{}
  securityMarks2.Name = ASSET_MARK
  updateSecurityMarksRequest2 :=
    securitycenterpb.UpdateSecurityMarksRequest{}
  updateSecurityMarksRequest2.SecurityMarks = &securityMarks2
  updateSecurityMarksRequest2.UpdateMask = &field_mask2
  fmt.Println(client.UpdateSecurityMarks(ctx, &updateSecurityMarksRequest2))

}

Modify Finding Security Marks


func finding_marks_operations(client *securitycenter.Client,
  ctx context.Context) {

  testA, testB := "keyA", "keyB"
  valueA, valueB := "valueA", "valueB"

// Add marks to an asset with keys testA and testB and values valueA and
// valueB:
  fmt.Println("\nAdd marks to an asset with keys testA and testB and
    values valueA and valueB:")
  field_mask1 := field_mask.FieldMask{}
  field_mask1.Paths = []string{"marks." + testA, "marks." + testB}
  securityMarks := securitycenterpb.SecurityMarks{}
  securityMarks.Name = FINDING_MARK
  securityMarks.Marks = map[string]string{testA: valueA, testB: valueB}
  updateSecurityMarksRequest :=
    securitycenterpb.UpdateSecurityMarksRequest{}
  updateSecurityMarksRequest.SecurityMarks = &securityMarks
  updateSecurityMarksRequest.UpdateMask = &field_mask1
  fmt.Println(client.UpdateSecurityMarks(ctx, &updateSecurityMarksRequest))

// Remove all marks from the asset with key testA or testB:
  fmt.Println("\nRemove all marks from the asset with key testA or testB:")
  field_mask2 := field_mask.FieldMask{}
  field_mask2.Paths = []string{"marks." + testA, "marks." + testB}
  securityMarks2 := securitycenterpb.SecurityMarks{}
  securityMarks2.Name = FINDING_MARK

  updateSecurityMarksRequest2 :=
    securitycenterpb.UpdateSecurityMarksRequest{}
  updateSecurityMarksRequest2.SecurityMarks = &securityMarks2
  updateSecurityMarksRequest2.UpdateMask = &field_mask2
  fmt.Println(client.UpdateSecurityMarks(ctx, &updateSecurityMarksRequest2))

}

Helpers


// Return a list of assets:
  func print_assets(assets
    *securitycenter.ListAssetsResponse_ListAssetsResultIterator) {

    for {

      asset, err := assets.Next()

      if err != nil {
        fmt.Println(err)
        break
      }

      if err == iterator.Done {
        break
      } else {
        fmt.Println(asset)
      }

    }

    fmt.Println("Done printing assets\n")

  }

// Return a count of sources:
  func print_source_count(sources *securitycenter.SourceIterator) {

    count := 0

    for {

      _, err := sources.Next()

      if err != nil {
        fmt.Println(err)
        break
      }

      if err == iterator.Done {
        fmt.Println(count)
        break
      } else {
        count += 1
        // Takes awhile, just so we know it's alive
        if count%1000 == 0 {
          fmt.Println(count)
        }
      }

    }

  }

// Return a list of findings:
  func print_finding(findings *securitycenter.FindingIterator) {

    for {

      finding, err := findings.Next()

      if err != nil {
        fmt.Println(err)
        break
      }

      if err == iterator.Done {
        break
      } else {
        fmt.Println(finding)
      }

    }

  }

// Return organization settings:
  func print_organization_settings(organizationSettings
    *securitycenterpb.OrganizationSettings, err error) {

    fmt.Println(organizationSettings)
    fmt.Println("Done printing organization settings\n")

  }

Before you begin

Accessing Cloud SCC

Setting up environment variables

Installing the Python library

Setting up a service account

Starting the service

Example calls

Python

Organization Operations

Cloud IAM Operations

Projects

Resources

Sources

Findings

List Asset Security Marks

List Finding Security Marks

Modify Asset Security Marks

Modify Finding Security Marks

Java

Organization Operations

Cloud IAM Operations

Projects

Resources

Sources

Findings

List Asset Security Marks

List Finding Security Marks

Modify Asset Security Marks

Modify Finding Security Marks

Helpers

Go

Organization Operations

Cloud IAM Operations

Projects

Resources

Sources

Findings

List Asset Security Marks

List Finding Security Marks

Modify Asset Security Marks

Modify Finding Security Marks

Helpers

Send feedback about...