演示如何创建忽略规则,这是一种使用过滤条件自动忽略未来发现结果的配置
深入探索
如需查看包含此代码示例的详细文档,请参阅以下内容:
代码示例
Go
如需向 Security Command Center 进行身份验证,请设置应用默认凭据。 如需了解详情,请参阅为本地开发环境设置身份验证。
import (
"context"
"fmt"
"io"
securitycenter "cloud.google.com/go/securitycenter/apiv1"
"cloud.google.com/go/securitycenter/apiv1/securitycenterpb"
)
// createMuteRule: Creates a mute configuration under a given scope that will mute
// all new findings that match a given filter.
// Existing findings will not be muted.
func createMuteRule(w io.Writer, parent string, muteConfigId string) error {
// parent: Use any one of the following options:
// - organizations/{organization_id}
// - folders/{folder_id}
// - projects/{project_id}
// parent := fmt.Sprintf("projects/%s", "your-google-cloud-project-id")
// muteConfigId: Set a random id; max of 63 chars.
// muteConfigId := "random-mute-id-" + uuid.New().String()
ctx := context.Background()
client, err := securitycenter.NewClient(ctx)
if err != nil {
return fmt.Errorf("securitycenter.NewClient: %w", err)
}
defer client.Close()
muteConfig := &securitycenterpb.MuteConfig{
Description: "Mute low-medium IAM grants excluding 'compute' ",
// Set mute rule(s).
// To construct mute rules and for supported properties, see:
// https://cloud.google.com/security-command-center/docs/how-to-mute-findings#create_mute_rules
Filter: "severity=\"LOW\" OR severity=\"MEDIUM\" AND " +
"category=\"Persistence: IAM Anomalous Grant\" AND " +
"-resource.type:\"compute\"",
}
req := &securitycenterpb.CreateMuteConfigRequest{
Parent: parent,
MuteConfigId: muteConfigId,
MuteConfig: muteConfig,
}
response, err := client.CreateMuteConfig(ctx, req)
if err != nil {
return fmt.Errorf("failed to create mute rule: %w", err)
}
fmt.Fprintf(w, "Mute rule created successfully: %s", response.Name)
return nil
}
Java
如需向 Security Command Center 进行身份验证,请设置应用默认凭据。 如需了解详情,请参阅为本地开发环境设置身份验证。
import com.google.cloud.securitycenter.v1.CreateMuteConfigRequest;
import com.google.cloud.securitycenter.v1.MuteConfig;
import com.google.cloud.securitycenter.v1.SecurityCenterClient;
import java.io.IOException;
import java.util.UUID;
public class CreateMuteRule {
public static void main(String[] args) {
// TODO: Replace the variables within {}
// parentPath: Use any one of the following options:
// - organizations/{organization_id}
// - folders/{folder_id}
// - projects/{project_id}
String parentPath = String.format("projects/%s", "your-google-cloud-project-id");
// muteConfigId: Set a random id; max of 63 chars.
String muteConfigId = "random-mute-id-" + UUID.randomUUID();
createMuteRule(parentPath, muteConfigId);
}
// Creates a mute configuration under a given scope that will mute
// all new findings that match a given filter.
// Existing findings will not be muted.
public static void createMuteRule(String parentPath, String muteConfigId) {
// Initialize client that will be used to send requests. This client only needs to be created
// once, and can be reused for multiple requests. After completing all of your requests, call
// the "close" method on the client to safely clean up any remaining background resources.
try (SecurityCenterClient client = SecurityCenterClient.create()) {
MuteConfig muteConfig =
MuteConfig.newBuilder()
.setDescription("Mute low-medium IAM grants excluding 'compute' ")
// Set mute rule(s).
// To construct mute rules and for supported properties, see:
// https://cloud.google.com/security-command-center/docs/how-to-mute-findings#create_mute_rules
.setFilter(
"severity=\"LOW\" OR severity=\"MEDIUM\" AND "
+ "category=\"Persistence: IAM Anomalous Grant\" AND "
+ "-resource.type:\"compute\"")
.build();
CreateMuteConfigRequest request =
CreateMuteConfigRequest.newBuilder()
.setParent(parentPath)
.setMuteConfigId(muteConfigId)
.setMuteConfig(muteConfig)
.build();
// ExecutionException is thrown if the below call fails.
MuteConfig response = client.createMuteConfig(request);
System.out.println("Mute rule created successfully: " + response.getName());
} catch (IOException e) {
System.out.println("Mute rule creation failed! \n Exception: " + e);
}
}
}
Python
如需向 Security Command Center 进行身份验证,请设置应用默认凭据。 如需了解详情,请参阅为本地开发环境设置身份验证。
def create_mute_rule(parent_path: str, mute_config_id: str) -> None:
"""
Creates a mute configuration under a given scope that will mute
all new findings that match a given filter.
Existing findings will NOT BE muted.
Args:
parent_path: use any one of the following options:
- organizations/{organization_id}
- folders/{folder_id}
- projects/{project_id}
mute_config_id: Set a unique id; max of 63 chars.
"""
from google.cloud import securitycenter
client = securitycenter.SecurityCenterClient()
mute_config = securitycenter.MuteConfig()
mute_config.description = "Mute low-medium IAM grants excluding 'compute' "
# Set mute rule(s).
# To construct mute rules and for supported properties, see:
# https://cloud.google.com/security-command-center/docs/how-to-mute-findings#create_mute_rules
mute_config.filter = (
'severity="LOW" OR severity="MEDIUM" AND '
'category="Persistence: IAM Anomalous Grant" AND '
'-resource.type:"compute"'
)
request = securitycenter.CreateMuteConfigRequest()
request.parent = parent_path
request.mute_config_id = mute_config_id
request.mute_config = mute_config
mute_config = client.create_mute_config(request=request)
print(f"Mute rule created successfully: {mute_config.name}")
后续步骤
如需搜索和过滤其他 Google Cloud 产品的代码示例,请参阅 Google Cloud 示例浏览器。