import (
"context"
"fmt"
"io"
"time"
securitycenter "cloud.google.com/go/securitycenter/apiv1"
"github.com/golang/protobuf/ptypes"
securitycenterpb "google.golang.org/genproto/googleapis/cloud/securitycenter/v1"
)
// updateFindingState demonstrates how to update a security finding's state
// in CSCC. findingName is the full resource name of the finding to update.
func setFindingState(w io.Writer, findingName string) error {
// findingName := "organizations/111122222444/sources/1234"
// Instantiate a context and a security service client to make API calls.
ctx := context.Background()
client, err := securitycenter.NewClient(ctx)
if err != nil {
return fmt.Errorf("securitycenter.NewClient: %v", err)
}
defer client.Close() // Closing the client safely cleans up background resources.
// Use now as the eventTime for the security finding.
now, err := ptypes.TimestampProto(time.Now())
if err != nil {
return fmt.Errorf("TimestampProto: %v", err)
}
req := &securitycenterpb.SetFindingStateRequest{
Name: findingName,
State: securitycenterpb.Finding_INACTIVE,
// New state is effective immediately.
StartTime: now,
}
finding, err := client.SetFindingState(ctx, req)
if err != nil {
return fmt.Errorf("SetFindingState: %v", err)
}
fmt.Fprintf(w, "Finding updated: %s\n", finding.Name)
fmt.Fprintf(w, "Finding state: %v\n", finding.State)
fmt.Fprintf(w, "Event time (Epoch Seconds): %d\n", finding.EventTime.Seconds)
return nil
}
// Imports the Google Cloud client library.
const {SecurityCenterClient} = require('@google-cloud/security-center');
// Creates a new client.
const client = new SecurityCenterClient();
// findingName is the full resource name of the source the finding should
// be associated with.
/*
* TODO(developer): Uncomment the following lines
*/
// const findingName =
// "organizations/111122222444/sources/1234/findings/findingid";
async function setFindingState() {
const eventTime = new Date();
const [updatedFinding] = await client.setFindingState({
name: findingName,
state: 'INACTIVE',
// use now as the time when the new state takes effect.
startTime: {
seconds: Math.floor(eventTime.getTime() / 1000),
nanos: (eventTime.getTime() % 1000) * 1e6,
},
});
console.log('Updated Finding: %j', updatedFinding);
}
setFindingState();
import datetime
from google.cloud import securitycenter
from google.cloud.securitycenter_v1 import Finding
# Create a client.
client = securitycenter.SecurityCenterClient()
# source_name is the resource path for a source that has been
# created previously (you can use list_sources to find a specific one).
# Its format is:
# source_name = "organizations/{organization_id}/sources/{source_id}"
# e.g.:
# source_name = "organizations/111122222444/sources/1234"
finding_name = "{}/findings/samplefindingid2".format(source_name)
# Call the API to change the finding state to inactive as of now.
new_finding = client.set_finding_state(
request={
"name": finding_name,
"state": Finding.State.INACTIVE,
"start_time": datetime.datetime.now(tz=datetime.timezone.utc),
}
)
print(f"New state: {new_finding.state}")
