Event Threat Detection 커스텀 모듈 만들기

import (
	"context"
	"fmt"
	"io"
	"math/rand"
	"time"

	securitycentermanagement "cloud.google.com/go/securitycentermanagement/apiv1"
	securitycentermanagementpb "cloud.google.com/go/securitycentermanagement/apiv1/securitycentermanagementpb"
	"google.golang.org/protobuf/types/known/structpb"
)

// createEventThreatDetectionCustomModule creates a custom module for Event Threat Detection.
func createEventThreatDetectionCustomModule(w io.Writer, parent string) error {
	// parent: Use any one of the following options:
	// - organizations/{organization_id}/locations/{location_id}
	// - folders/{folder_id}/locations/{location_id}
	// - projects/{project_id}/locations/{location_id}

	ctx := context.Background()
	client, err := securitycentermanagement.NewClient(ctx)
	if err != nil {
		return fmt.Errorf("securitycentermanagement.NewClient: %w", err)
	}
	defer client.Close()

	// Seed the random number generator
	rand.Seed(time.Now().UnixNano())
	// Generate a unique suffix
	uniqueSuffix := fmt.Sprintf("%d-%d", time.Now().Unix(), rand.Intn(1000))
	// Create unique display name
	displayName := fmt.Sprintf("go_sample_etd_custom_module_%s", uniqueSuffix)

	// Define the metadata and other config parameters as a map
	configMap := map[string]interface{}{
		"metadata": map[string]interface{}{
			"severity": "MEDIUM",
			//Replace with the desired description.
			"description":    "Sample custom module for testing purpose. Please do not delete.",
			"recommendation": "na",
		},
		"ips": []interface{}{"0.0.0.0"},
	}

	// Convert the map to a Struct
	configStruct, err := structpb.NewStruct(configMap)
	if err != nil {
		return fmt.Errorf("structpb.NewStruct: %w", err)
	}

	// Define the Event Threat Detection custom module configuration
	customModule := &securitycentermanagementpb.EventThreatDetectionCustomModule{
		Config: configStruct,
		//Replace with desired Display Name.
		DisplayName:     displayName,
		EnablementState: securitycentermanagementpb.EventThreatDetectionCustomModule_ENABLED,
		Type:            "CONFIGURABLE_BAD_IP",
	}

	req := &securitycentermanagementpb.CreateEventThreatDetectionCustomModuleRequest{
		Parent:                           parent,
		EventThreatDetectionCustomModule: customModule,
	}

	module, err := client.CreateEventThreatDetectionCustomModule(ctx, req)
	if err != nil {
		return fmt.Errorf("failed to create EventThreatDetectionCustomModule: %w", err)
	}

	fmt.Fprintf(w, "Created EventThreatDetectionCustomModule: %s\n", module.Name)
	return nil
}

import com.google.cloud.securitycentermanagement.v1.CreateEventThreatDetectionCustomModuleRequest;
import com.google.cloud.securitycentermanagement.v1.EventThreatDetectionCustomModule;
import com.google.cloud.securitycentermanagement.v1.EventThreatDetectionCustomModule.EnablementState;
import com.google.cloud.securitycentermanagement.v1.SecurityCenterManagementClient;
import com.google.protobuf.ListValue;
import com.google.protobuf.Struct;
import com.google.protobuf.Value;
import java.io.IOException;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;

public class CreateEventThreatDetectionCustomModule {

  public static void main(String[] args) throws IOException {
    // https://cloud.google.com/security-command-center/docs/reference/security-center-management/rest/v1/organizations.locations.eventThreatDetectionCustomModules/create
    // TODO: Developer should replace project_id with a real project ID before running this code
    String projectId = "project_id";

    String customModuleDisplayName = "custom_module_display_name";

    createEventThreatDetectionCustomModule(projectId, customModuleDisplayName);
  }

  public static EventThreatDetectionCustomModule createEventThreatDetectionCustomModule(
      String projectId, String customModuleDisplayName) throws IOException {

    // Initialize client that will be used to send requests. This client only needs
    // to be created
    // once, and can be reused for multiple requests.
    try (SecurityCenterManagementClient client = SecurityCenterManagementClient.create()) {

      String parent = String.format("projects/%s/locations/global", projectId);

      // define the metadata and other config parameters severity, description,
      // recommendation and ips below
      Map<String, Value> metadata = new HashMap<>();
      metadata.put("severity", Value.newBuilder().setStringValue("MEDIUM").build());
      metadata.put(
          "description", Value.newBuilder().setStringValue("add your description here").build());
      metadata.put(
          "recommendation",
          Value.newBuilder().setStringValue("add your recommendation here").build());
      List<Value> ips = Arrays.asList(Value.newBuilder().setStringValue("0.0.0.0").build());

      Value metadataVal =
          Value.newBuilder()
              .setStructValue(Struct.newBuilder().putAllFields(metadata).build())
              .build();
      Value ipsValue =
          Value.newBuilder().setListValue(ListValue.newBuilder().addAllValues(ips).build()).build();

      Struct configStruct =
          Struct.newBuilder().putFields("metadata", metadataVal).putFields("ips", ipsValue).build();

      // define the Event Threat Detection custom module configuration, update the EnablementState
      // below
      EventThreatDetectionCustomModule eventThreatDetectionCustomModule =
          EventThreatDetectionCustomModule.newBuilder()
              .setConfig(configStruct)
              .setDisplayName(customModuleDisplayName)
              .setEnablementState(EnablementState.ENABLED)
              .setType("CONFIGURABLE_BAD_IP")
              .build();

      CreateEventThreatDetectionCustomModuleRequest request =
          CreateEventThreatDetectionCustomModuleRequest.newBuilder()
              .setParent(parent)
              .setEventThreatDetectionCustomModule(eventThreatDetectionCustomModule)
              .build();

      EventThreatDetectionCustomModule response =
          client.createEventThreatDetectionCustomModule(request);

      return response;
    }
  }
}