def create_finding_with_source_properties(source_name): """Demonstrate creating a new finding with source properties. """ # [START securitycenter_create_finding_with_source_properties] import datetime from google.cloud import securitycenter from google.cloud.securitycenter_v1 import Finding from google.protobuf.struct_pb2 import Value # Create a new client. client = securitycenter.SecurityCenterClient() # source_name is the resource path for a source that has been # created previously (you can use list_sources to find a specific one). # Its format is: # source_name = "organizations/{organization_id}/sources/{source_id}" # e.g.: # source_name = "organizations/111122222444/sources/1234" # Controlled by caller. finding_id = "samplefindingid2" # The resource this finding applies to. The CSCC UI can link # the findings for a resource to the corresponding Asset of a resource # if there are matches. resource_name = "//cloudresourcemanager.googleapis.com/organizations/11232" # Define source properties values as protobuf "Value" objects. str_value = Value() str_value.string_value = "string_example" num_value = Value() num_value.number_value = 1234 # Use the current time as the finding "event time". event_time = datetime.datetime.now(tz=datetime.timezone.utc) finding = Finding( state=Finding.State.ACTIVE, resource_name=resource_name, category="MEDIUM_RISK_ONE", source_properties={ "s_value": "string_example", "n_value": 1234 }, event_time=event_time, ) created_finding = client.create_finding(request={ "parent": source_name, "finding_id": finding_id, "finding": finding }) print(created_finding)
def create_finding_with_source_properties(source_name): """Demonstrate creating a new finding with source properties. """ # [START create_finding_with_properties] from google.cloud import securitycenter from google.cloud.securitycenter_v1.proto.finding_pb2 import Finding from google.protobuf.timestamp_pb2 import Timestamp from google.protobuf.struct_pb2 import Value # Create a new client. client = securitycenter.SecurityCenterClient() # source_name is the resource path for a source that has been # created previously (you can use list_sources to find a specific one). # Its format is: # source_name = "organizations/{organization_id}/sources/{source_id}" # e.g.: # source_name = "organizations/111122222444/sources/1234" # Controlled by caller. finding_id = "samplefindingid2" # The resource this finding applies to. The CSCC UI can link # the findings for a resource to the corresponding Asset of a resource # if there are matches. resource_name = "//cloudresourcemanager.googleapis.com/organizations/11232" # Define source properties values as protobuf "Value" objects. str_value = Value() str_value.string_value = "string_example" num_value = Value() num_value.number_value = 1234 # Use the current time as the finding "event time". now_proto = Timestamp() now_proto.GetCurrentTime() created_finding = client.create_finding( source_name, finding_id, { "state": Finding.ACTIVE, "resource_name": resource_name, "category": "MEDIUM_RISK_ONE", "source_properties": { "s_value": str_value, "n_value": num_value }, "event_time": now_proto, }, ) print(created_finding)
def update_finding(source_name): # [START update_finding] from google.cloud import securitycenter from google.protobuf.struct_pb2 import Value from google.protobuf import field_mask_pb2 from google.protobuf.timestamp_pb2 import Timestamp client = securitycenter.SecurityCenterClient() # Only update the specific source property and event_time. event_time # is required for updates. field_mask = field_mask_pb2.FieldMask( paths=["source_properties.s_value", "event_time"]) value = Value() value.string_value = "new_string" # Set the update time to Now. This must be some time greater then the # event_time on the original finding. now_proto = Timestamp() now_proto.GetCurrentTime() # source_name is the resource path for a source that has been # created previously (you can use list_sources to find a specific one). # Its format is: # source_name = "organizations/{organization_id}/sources/{source_id}" # e.g.: # source_name = "organizations/111122222444/sources/1234" finding_name = "{}/findings/samplefindingid2".format(source_name) updated_finding = client.update_finding( { "name": finding_name, "source_properties": { "s_value": value }, "event_time": now_proto, }, update_mask=field_mask, ) print("New Source properties: {}, Event Time {}".format( updated_finding.source_properties, updated_finding.event_time.ToDatetime()))