Update an Event Threat Detection custom module

Sample code for updating Event Threat Detection custom modules.

Code sample

Go

To authenticate to Security Command Center, set up Application Default Credentials. For more information, see Set up authentication for a local development environment. 


import (
	"context"
	"fmt"
	"io"

	securitycentermanagement "cloud.google.com/go/securitycentermanagement/apiv1"
	securitycentermanagementpb "cloud.google.com/go/securitycentermanagement/apiv1/securitycentermanagementpb"
	fieldmaskpb "google.golang.org/protobuf/types/known/fieldmaskpb"
)

// updateEventThreatDetectionCustomModule updates a custom module for Event Threat Detection.
func updateEventThreatDetectionCustomModule(w io.Writer, parent string, customModuleID string) error {
	// parent: Use any one of the following options:
	// - organizations/{organization_id}/locations/{location_id}
	// - folders/{folder_id}/locations/{location_id}
	// - projects/{project_id}/locations/{location_id}

	ctx := context.Background()
	client, err := securitycentermanagement.NewClient(ctx)
	if err != nil {
		return fmt.Errorf("securitycentermanagement.NewClient: %w", err)
	}
	defer client.Close()

	// Define the custom module configuration
	customModule := &securitycentermanagementpb.EventThreatDetectionCustomModule{
		Name:            fmt.Sprintf("%s/eventThreatDetectionCustomModules/%s", parent, customModuleID),
		EnablementState: securitycentermanagementpb.EventThreatDetectionCustomModule_DISABLED,
	}

	req := &securitycentermanagementpb.UpdateEventThreatDetectionCustomModuleRequest{
		UpdateMask: &fieldmaskpb.FieldMask{
			Paths: []string{
				"enablement_state",
			},
		},
		EventThreatDetectionCustomModule: customModule,
	}

	module, err := client.UpdateEventThreatDetectionCustomModule(ctx, req)
	if err != nil {
		return fmt.Errorf("failed to update EventThreatDetectionCustomModule: %w", err)
	}

	fmt.Fprintf(w, "Updated EventThreatDetectionCustomModule: %s\n", module.Name)
	return nil
}

Java

To authenticate to Security Command Center, set up Application Default Credentials. For more information, see Set up authentication for a local development environment. 

import com.google.cloud.securitycentermanagement.v1.EventThreatDetectionCustomModule;
import com.google.cloud.securitycentermanagement.v1.EventThreatDetectionCustomModule.EnablementState;
import com.google.cloud.securitycentermanagement.v1.SecurityCenterManagementClient;
import com.google.cloud.securitycentermanagement.v1.UpdateEventThreatDetectionCustomModuleRequest;
import com.google.protobuf.FieldMask;
import java.io.IOException;

public class UpdateEventThreatDetectionCustomModule {

  public static void main(String[] args) throws IOException {
    // TODO: Developer should replace project_id with a real project ID before running this code
    String projectId = "project_id";

    String customModuleId = "custom_module_id";

    updateEventThreatDetectionCustomModule(projectId, customModuleId);
  }

  public static EventThreatDetectionCustomModule updateEventThreatDetectionCustomModule(
      String projectId, String customModuleId) throws IOException {

    // Initialize client that will be used to send requests. This client only needs
    // to be created
    // once, and can be reused for multiple requests.
    try (SecurityCenterManagementClient client = SecurityCenterManagementClient.create()) {

      String qualifiedModuleName =
          String.format(
              "projects/%s/locations/global/eventThreatDetectionCustomModules/%s",
              projectId, customModuleId);

      // Define the event threat detection custom module configuration, update the
      // DisplayName and EnablementState accordingly.
      EventThreatDetectionCustomModule eventThreatDetectionCustomModule =
          EventThreatDetectionCustomModule.newBuilder()
              .setName(qualifiedModuleName)
              .setDisplayName("updated_custom_module_name")
              .setEnablementState(EnablementState.DISABLED)
              .build();

      // Set the field mask to specify which properties should be updated. In the below example we
      // are updating displayName and EnablementState
      // https://cloud.google.com/security-command-center/docs/reference/security-center-management/rest/v1/organizations.locations.eventThreatDetectionCustomModules/patch#query-parameters
      // https://protobuf.dev/reference/protobuf/google.protobuf/#field-mask
      FieldMask fieldMask =
          FieldMask.newBuilder().addPaths("display_name").addPaths("enablement_state").build();

      UpdateEventThreatDetectionCustomModuleRequest request =
          UpdateEventThreatDetectionCustomModuleRequest.newBuilder()
              .setEventThreatDetectionCustomModule(eventThreatDetectionCustomModule)
              .setUpdateMask(fieldMask)
              .build();

      EventThreatDetectionCustomModule response =
          client.updateEventThreatDetectionCustomModule(request);

      return response;
    }
  }
}

What's next

To search and filter code samples for other Google Cloud products, see the Google Cloud sample browser.