소스 속성으로 발견 항목 만들기

sourceProperties를 통해 추가 메타데이터가 포함된 새로운 보안 발견 항목을 만드는 방법을 설명합니다.

코드 샘플

Go

Security Command Center에 인증하려면 애플리케이션 기본 사용자 인증 정보를 설정합니다. 자세한 내용은 로컬 개발 환경의 인증 설정을 참조하세요. 

import (
	"context"
	"fmt"
	"io"
	"time"

	securitycenter "cloud.google.com/go/securitycenter/apiv1"
	"cloud.google.com/go/securitycenter/apiv1/securitycenterpb"
	"github.com/golang/protobuf/ptypes"
	structpb "github.com/golang/protobuf/ptypes/struct"
)

// createFindingWithProperties demonstrates how to create a new security
// finding in CSCC that includes additional metadata via sourceProperties.
// sourceName is the full resource name of the source the finding should be
// associated with.
func createFindingWithProperties(w io.Writer, sourceName string) error {
	// sourceName := "organizations/111122222444/sources/1234"
	// Instantiate a context and a security service client to make API calls.
	ctx := context.Background()
	client, err := securitycenter.NewClient(ctx)
	if err != nil {
		return fmt.Errorf("securitycenter.NewClient: %w", err)
	}
	defer client.Close() // Closing the client safely cleans up background resources.
	// Use now as the eventTime for the security finding.
	eventTime, err := ptypes.TimestampProto(time.Now())
	if err != nil {
		return fmt.Errorf("TimestampProto: %w", err)
	}

	req := &securitycenterpb.CreateFindingRequest{
		Parent:    sourceName,
		FindingId: "samplefindingprops",
		Finding: &securitycenterpb.Finding{
			State: securitycenterpb.Finding_ACTIVE,
			// Resource the finding is associated with.  This is an
			// example any resource identifier can be used.
			ResourceName: "//cloudresourcemanager.googleapis.com/organizations/11232",
			// A free-form category.Error converting now
			Category: "MEDIUM_RISK_ONE",
			// The time associated with discovering the issue.
			EventTime: eventTime,
			// Define key-value pair metadata to include with the finding.
			SourceProperties: map[string]*structpb.Value{
				"s_value": {
					Kind: &structpb.Value_StringValue{StringValue: "string_example"},
				},
				"n_value": {
					Kind: &structpb.Value_NumberValue{NumberValue: 1234},
				},
			},
		},
	}

	finding, err := client.CreateFinding(ctx, req)
	if err != nil {
		return fmt.Errorf("CreateFinding: %w", err)
	}
	fmt.Fprintf(w, "New finding created: %s\n", finding.Name)
	fmt.Fprintf(w, "Event time (Epoch Seconds): %d\n", eventTime.Seconds)
	fmt.Fprintf(w, "Source Properties:\n")
	for k, v := range finding.SourceProperties {
		fmt.Fprintf(w, "%s = %v\n", k, v)
	}

	return nil
}

Java

Security Command Center에 인증하려면 애플리케이션 기본 사용자 인증 정보를 설정합니다. 자세한 내용은 로컬 개발 환경의 인증 설정을 참조하세요. 

static Finding createFindingWithSourceProperties(SourceName sourceName) {
  try (SecurityCenterClient client = SecurityCenterClient.create()) {
    // SourceName sourceName = SourceName.of(/*organization=*/"123234324",/*source=*/
    // "423432321");

    // Use the current time as the finding "event time".
    Instant eventTime = Instant.now();

    // Controlled by caller.
    String findingId = "samplefindingid2";

    // The resource this finding applies to.  The CSCC UI can link
    // the findings for a resource to the corresponding Asset of a resource
    // if there are matches.
    String resourceName = "//cloudresourcemanager.googleapis.com/organizations/11232";

    // Define source properties values as protobuf "Value" objects.
    Value stringValue = Value.newBuilder().setStringValue("stringExample").build();
    Value numValue = Value.newBuilder().setNumberValue(1234).build();
    ImmutableMap<String, Value> sourceProperties =
        ImmutableMap.of("stringKey", stringValue, "numKey", numValue);

    // Start setting up a request to create a finding in a source.
    Finding finding =
        Finding.newBuilder()
            .setParent(sourceName.toString())
            .setState(State.ACTIVE)
            .setResourceName(resourceName)
            .setEventTime(
                Timestamp.newBuilder()
                    .setSeconds(eventTime.getEpochSecond())
                    .setNanos(eventTime.getNano()))
            .putAllSourceProperties(sourceProperties)
            .build();

    // Call the API.
    Finding response = client.createFinding(sourceName, findingId, finding);

    System.out.println("Created Finding with Source Properties: " + response);
    return response;
  } catch (IOException e) {
    throw new RuntimeException("Couldn't create client.", e);
  }
}

Node.js

Security Command Center에 인증하려면 애플리케이션 기본 사용자 인증 정보를 설정합니다. 자세한 내용은 로컬 개발 환경의 인증 설정을 참조하세요. 

// Imports the Google Cloud client library.
const {SecurityCenterClient} = require('@google-cloud/security-center');

// Creates a new client.
const client = new SecurityCenterClient();
// sourceName is the full resource name of the source the finding should
// be associated with.
/*
 * TODO(developer): Uncomment the following lines
 */
// const sourceName = "organizations/111122222444/sources/1234";

// Use now as the eventTime for the security finding.
const eventTime = new Date();
async function createFinding() {
  const [newFinding] = await client.createFinding({
    parent: sourceName,
    findingId: 'findingwithprops',
    finding: {
      state: 'ACTIVE',
      // Resource the finding is associated with.  This is an
      // example any resource identifier can be used.
      resourceName:
        '//cloudresourcemanager.googleapis.com/organizations/11232',
      // A free-form category.
      category: 'MEDIUM_RISK_ONE',
      // The time associated with discovering the issue.
      eventTime: {
        seconds: Math.floor(eventTime.getTime() / 1000),
        nanos: (eventTime.getTime() % 1000) * 1e6,
      },
      sourceProperties: {
        s_value: {stringValue: 'string_example'},
        n_value: {numberValue: 1234},
      },
    },
  });
  console.log('New finding created: %j', newFinding);
}
createFinding();

Python

Security Command Center에 인증하려면 애플리케이션 기본 사용자 인증 정보를 설정합니다. 자세한 내용은 로컬 개발 환경의 인증 설정을 참조하세요. 

from datetime import datetime, timezone

from google.cloud import securitycenter_v1
from google.cloud.securitycenter_v1 import Finding
from google.protobuf.struct_pb2 import Value

# Create a new client.
client = securitycenter_v1.SecurityCenterClient()

# 'source_name' is the resource path for a source that has been
# created previously (you can use list_sources to find a specific one).
# Its format is:
# source_name = "organizations/{organization_id}/sources/{source_id}"
# e.g.:
# source_name = "organizations/111122222444/sources/1234"

# Controlled by caller.
finding_id = "samplefindingid2"

# The resource this finding applies to.  The CSCC UI can link
# the findings for a resource to the corresponding Asset of a resource
# if there are matches.
resource_name = "//cloudresourcemanager.googleapis.com/organizations/11232"

# Define source properties values as protobuf "Value" objects.
str_value = Value()
str_value.string_value = "string_example"
num_value = Value()
num_value.number_value = 1234

# Use the current time as the finding "event time".
event_time = datetime.now(tz=timezone.utc)

finding = Finding(
    state=Finding.State.ACTIVE,
    resource_name=resource_name,
    category="MEDIUM_RISK_ONE",
    source_properties={"s_value": "string_example", "n_value": 1234},
    event_time=event_time,
)

created_finding = client.create_finding(
    request={"parent": source_name, "finding_id": finding_id, "finding": finding}
)
print(created_finding)

다음 단계

다른 Google Cloud 제품의 코드 샘플을 검색하고 필터링하려면 Google Cloud 샘플 브라우저 참조하기