def update_finding(source_name):
# [START update_finding]
import datetime
from google.cloud import securitycenter
from google.cloud.securitycenter_v1 import Finding
from google.protobuf import field_mask_pb2
client = securitycenter.SecurityCenterClient()
# Only update the specific source property and event_time. event_time
# is required for updates.
field_mask = field_mask_pb2.FieldMask(
paths=["source_properties.s_value", "event_time"]
)
# Set the update time to Now. This must be some time greater then the
# event_time on the original finding.
event_time = datetime.datetime.now()
# source_name is the resource path for a source that has been
# created previously (you can use list_sources to find a specific one).
# Its format is:
# source_name = "organizations/{organization_id}/sources/{source_id}"
# e.g.:
# source_name = "organizations/111122222444/sources/1234"
finding_name = "{}/findings/samplefindingid2".format(source_name)
finding = Finding(
name=finding_name,
source_properties={"s_value": "new_string"},
event_time=event_time,
)
updated_finding = client.update_finding(
request={
"finding": finding,
"update_mask": field_mask,
}
)
print(
"New Source properties: {}, Event Time {}".format(
updated_finding.source_properties, updated_finding.event_time
)
)
def get_notification_config(organization_id, notification_config_id):
# [START scc_get_notification_config]
from google.cloud import securitycenter as securitycenter
client = securitycenter.SecurityCenterClient()
# TODO: organization_id = "your-org-id"
# TODO: notification_config_id = "your-config-id"
notification_config_name = "organizations/{org_id}/notificationConfigs/{config_id}".format(
org_id=organization_id, config_id=notification_config_id
)
notification_config = client.get_notification_config(
request={"name": notification_config_name}
)
print("Got notification config: {}".format(notification_config))
# [END scc_get_notification_config]
return notification_config
def list_all_findings(organization_id):
# [START list_all_findings]
from google.cloud import securitycenter
# Create a client.
client = securitycenter.SecurityCenterClient()
# organization_id is the numeric ID of the organization. e.g.:
# organization_id = "111122222444"
org_name = "organizations/{org_id}".format(org_id=organization_id)
# The "sources/-" suffix lists findings across all sources. You
# also use a specific source_name instead.
all_sources = "{org_name}/sources/-".format(org_name=org_name)
finding_result_iterator = client.list_findings(all_sources)
for i, finding_result in enumerate(finding_result_iterator):
print("{}: name: {} resource: {}".format(
i, finding_result.finding.name,
finding_result.finding.resource_name))
# [END list_all_findings]
return i
def create_source(organization_id):
"""Create a new findings source. """
# [START create_source]
from google.cloud import securitycenter
client = securitycenter.SecurityCenterClient()
# organization_id is the numeric ID of the organization. e.g.:
# organization_id = "111122222444"
org_name = "organizations/{org_id}".format(org_id=organization_id)
created = client.create_source(
request={
"parent": org_name,
"source": {
"display_name": "Customized Display Name",
"description": "A new custom source that does X",
},
}
)
print("Created Source: {}".format(created.name))
def list_assets_with_filters(organization_id):
"""Demonstrate listing assets with a filter."""
i = 0
# [START demo_list_assets_with_filter]
from google.cloud import securitycenter
client = securitycenter.SecurityCenterClient()
# organization_id is the numeric ID of the organization.
# organization_id = "1234567777"
org_name = "organizations/{org_id}".format(org_id=organization_id)
project_filter = ("security_center_properties.resource_type=" +
'"google.cloud.resourcemanager.Project"')
# Call the API and print results.
asset_iterator = client.list_assets(org_name, filter_=project_filter)
for i, asset_result in enumerate(asset_iterator):
print(i, asset_result)
# [END demo_list_assets_with_filter]
return i
def update_finding(source_name):
# [START update_finding]
from google.cloud import securitycenter
from google.protobuf.struct_pb2 import Value
from google.protobuf import field_mask_pb2
from google.protobuf.timestamp_pb2 import Timestamp
client = securitycenter.SecurityCenterClient()
# Only update the specific source property and event_time. event_time
# is required for updates.
field_mask = field_mask_pb2.FieldMask(
paths=["source_properties.s_value", "event_time"])
value = Value()
value.string_value = "new_string"
# Set the update time to Now. This must be some time greater then the
# event_time on the original finding.
now_proto = Timestamp()
now_proto.GetCurrentTime()
# source_name is the resource path for a source that has been
# created previously (you can use list_sources to find a specific one).
# Its format is:
# source_name = "organizations/{organization_id}/sources/{source_id}"
# e.g.:
# source_name = "organizations/111122222444/sources/1234"
finding_name = "{}/findings/samplefindingid2".format(source_name)
updated_finding = client.update_finding(
{
"name": finding_name,
"source_properties": {
"s_value": value
},
"event_time": now_proto,
},
update_mask=field_mask,
)
print("New Source properties: {}, Event Time {}".format(
updated_finding.source_properties,
updated_finding.event_time.ToDatetime()))
def group_all_findings(organization_id):
"""Demonstrates grouping all findings across an organization."""
i = 0
# [START group_all_findings]
from google.cloud import securitycenter
# Create a client.
client = securitycenter.SecurityCenterClient()
# organization_id is the numeric ID of the organization. e.g.:
# organization_id = "111122222444"
org_name = "organizations/{org_id}".format(org_id=organization_id)
# The "sources/-" suffix lists findings across all sources. You
# also use a specific source_name instead.
all_sources = "{org_name}/sources/-".format(org_name=org_name)
group_result_iterator = client.group_findings(all_sources,
group_by="category")
for i, group_result in enumerate(group_result_iterator):
print((i + 1), group_result)
# [END group_all_findings]
return i
def add_user_to_source(source_name):
"""Gives a user findingsEditor permission to the source."""
user_email = "*****@*****.**"
# [START securitycenter_set_source_iam]
from google.cloud import securitycenter
from google.iam.v1 import policy_pb2
client = securitycenter.SecurityCenterClient()
# source_name is the resource path for a source that has been
# created previously (you can use list_sources to find a specific one).
# Its format is:
# source_name = "organizations/{organization_id}/sources/{source_id}"
# e.g.:
# source_name = "organizations/111122222444/sources/1234"
# Get the old policy so we can do an incremental update.
old_policy = client.get_iam_policy(request={"resource": source_name})
print("Old Policy: {}".format(old_policy))
# Setup a new IAM binding.
binding = policy_pb2.Binding()
binding.role = "roles/securitycenter.findingsEditor"
# user_email is an e-mail address known to Cloud IAM (e.g. a gmail address).
# user_mail = [email protected]
binding.members.append("user:{}".format(user_email))
# Setting the e-tag avoids over-write existing policy
updated = client.set_iam_policy(
request={
"resource": source_name,
"policy": {
"etag": old_policy.etag,
"bindings": [binding]
},
})
print("Updated Policy: {}".format(updated))
# [END securitycenter_set_source_iam]
return binding, updated
def update_notification_config(organization_id, notification_config_id, pubsub_topic):
# [START scc_update_notification_config]
from google.cloud import securitycenter as securitycenter
from google.protobuf import field_mask_pb2
client = securitycenter.SecurityCenterClient()
# TODO organization_id = "your-org-id"
# TODO notification_config_id = "config-id-to-update"
# TODO pubsub_topic = "projects/{new-project}/topics/{new-topic}"
# If updating a pubsub_topic, ensure this ServiceAccount has the
# "pubsub.topics.setIamPolicy" permission on the new topic.
notification_config_name = "organizations/{org_id}/notificationConfigs/{config_id}".format(
org_id=organization_id, config_id=notification_config_id
)
updated_description = "New updated description"
updated_filter = 'state = "INACTIVE"'
# Only description and pubsub_topic can be updated.
field_mask = field_mask_pb2.FieldMask(
paths=["description", "pubsub_topic", "streaming_config.filter"]
)
updated_notification_config = client.update_notification_config(
request={
"notification_config": {
"name": notification_config_name,
"description": updated_description,
"pubsub_topic": pubsub_topic,
"streaming_config": {"filter": updated_filter},
},
"update_mask": field_mask,
}
)
print(updated_notification_config)
# [END scc_update_notification_config]
return updated_notification_config
def group_assets(organization_id):
"""Demonstrates grouping all assets by type. """
i = 0
# [START group_all_assets]
from google.cloud import securitycenter
client = securitycenter.SecurityCenterClient()
# organization_id is the numeric ID of the organization.
# organization_id = "1234567777"
org_name = "organizations/{org_id}".format(org_id=organization_id)
group_by_type = "security_center_properties.resource_type"
result_iterator = client.group_assets(request={
"parent": org_name,
"group_by": group_by_type
})
for i, result in enumerate(result_iterator):
print((i + 1), result)
# [END group_all_assets]
return i
def test_group_filtered_assets(organization_id):
"""Demonstrates grouping assets by type with a filter. """
# [START group_all_assets]
from google.cloud import securitycenter
client = securitycenter.SecurityCenterClient()
# organization_id is the numeric ID of the organization.
# organization_id = "1234567777"
org_name = "organizations/{org_id}".format(org_id=organization_id)
group_by_type = "security_center_properties.resource_type"
only_projects = ("security_center_properties.resource_type=" +
'"google.cloud.resourcemanager.Project"')
result_iterator = client.group_assets(org_name,
group_by=group_by_type,
filter_=only_projects)
for i, result in enumerate(result_iterator):
print((i + 1), result)
# [END group_all_assets]
# only one asset type is a project
assert i == 0
def test_list_assets_with_query_marks(organization_id, asset_name):
"""Lists assets with a filter on security marks. """
test_add_to_asset(asset_name)
# [START demo_list_assets_with_security_marks]
from google.cloud import securitycenter
client = securitycenter.SecurityCenterClient()
# organization_id is the numeric ID of the organization.
# organization_id=1234567777
org_name = "organizations/{org_id}".format(org_id=organization_id)
marks_filter = 'security_marks.marks.key_a = "value_a"'
# Call the API and print results.
asset_iterator = client.list_assets(org_name, filter_=marks_filter)
# Call the API and print results.
asset_iterator = client.list_assets(org_name, filter_=marks_filter)
for i, asset_result in enumerate(asset_iterator):
print(i, asset_result)
# [END demo_list_assets_with_security_marks]
assert i >= 0
def asset_name(organization_id):
"""Returns a random asset name from existing assets."""
from google.cloud import securitycenter
client = securitycenter.SecurityCenterClient()
# organization_id is the numeric ID of the organization.
# organization_id=1234567777
org_name = "organizations/{org_id}".format(org_id=organization_id)
assets = list(client.list_assets(org_name))
# Select a random asset to avoid collision between integration tests.
asset = (random.sample(assets, 1)[0]).asset.name
# Set fresh marks.
update = client.update_security_marks({
"name":
"{}/securityMarks".format(asset),
"marks": {
"other": "other_val"
}
})
assert update.marks == {"other": "other_val"}
return asset
def trouble_shoot(source_name):
"""Demonstrate calling test_iam_permissions to determine if the
service account has the correct permisions."""
# [START securitycenter_test_iam]
from google.cloud import securitycenter
# Create a client.
client = securitycenter.SecurityCenterClient()
# source_name is the resource path for a source that has been
# created previously (you can use list_sources to find a specific one).
# Its format is:
# source_name = "organizations/{organization_id}/sources/{source_id}"
# e.g.:
# source_name = "organizations/111122222444/sources/1234"
# Check for permssions to call create_finding or update_finding.
permission_response = client.test_iam_permissions(
request={
"resource": source_name,
"permissions": ["securitycenter.findings.update"],
})
print("Permision to create or update findings? {}".format(
len(permission_response.permissions) > 0))
# [END securitycenter_test_iam]
assert len(permission_response.permissions) > 0
# [START securitycenter_test_iam]
# Check for permissions necessary to call set_finding_state.
permission_response = client.test_iam_permissions(
request={
"resource": source_name,
"permissions": ["securitycenter.findings.setState"],
})
print("Permision to update state? {}".format(
len(permission_response.permissions) > 0))
# [END securitycenter_test_iam]
return permission_response
assert len(permission_response.permissions) > 0
def group_filtered_findings(source_name):
"""Demonstrates grouping all findings across an organization."""
i = 0
# [START group_filtered_findings]
from google.cloud import securitycenter
# Create a client.
client = securitycenter.SecurityCenterClient()
# source_name is the resource path for a source that has been
# created previously (you can use list_sources to find a specific one).
# Its format is:
# source_name = "organizations/{organization_id}/sources/{source_id}"
# e.g.:
# source_name = "organizations/111122222444/sources/1234"
group_result_iterator = client.group_findings(source_name,
group_by="category",
filter_='state="ACTIVE"')
for i, group_result in enumerate(group_result_iterator):
print((i + 1), group_result)
# [END group_filtered_findings]
return i
def test_group_assets_by_changes(organization_id):
"""Demonstrates grouping assets by there changes over a period of time."""
# [START group_all_assets_by_change]
from datetime import timedelta
from google.cloud import securitycenter
from google.protobuf.duration_pb2 import Duration
client = securitycenter.SecurityCenterClient()
duration_proto = Duration()
duration_proto.FromTimedelta(timedelta(days=5))
# organization_id is the numeric ID of the organization.
# organization_id = "1234567777"
org_name = "organizations/{org_id}".format(org_id=organization_id)
result_iterator = client.group_assets(org_name,
group_by="state_change",
compare_duration=duration_proto)
for i, result in enumerate(result_iterator):
print((i + 1), result)
# [END group_all_assets_by_change]
# only one asset type is a project
assert i >= 0
def update_asset_discovery_org_settings(organization_id):
"""Example showing how to update the asset discovery configuration
for an organization."""
# [START update_org_settings]
from google.cloud import securitycenter
from google.protobuf import field_mask_pb2
# Create the client
client = securitycenter.SecurityCenterClient()
# organization_id is numeric ID for the organization. e.g.
# organization_id = "111112223333"
org_settings_name = "organizations/{org_id}/organizationSettings".format(
org_id=organization_id
)
# Only update the enable_asset_discovery_value (leave others untouched).
field_mask = field_mask_pb2.FieldMask(paths=["enable_asset_discovery"])
# Call the service.
updated = client.update_organization_settings(
{"name": org_settings_name, "enable_asset_discovery": True},
update_mask=field_mask,
)
print("Asset Discovery Enabled? {}".format(updated.enable_asset_discovery))
# [END update_org_settings]
return updated
def test_delete_and_update_marks(asset_name):
"""Updates and deletes security marks from an asset in the same call."""
# Make sure they are there first
test_add_to_asset(asset_name)
# [START delete_and_update_marks]
from google.cloud import securitycenter
from google.protobuf import field_mask_pb2
client = securitycenter.SecurityCenterClient()
# asset_name is the resource path for an asset that exists in CSCC.
# Its format is "organization/{organization_id}/assets/{asset_id}
# e.g.:
# asset_name = organizations/123123342/assets/12312321
marks_name = "{}/securityMarks".format(asset_name)
field_mask = field_mask_pb2.FieldMask(paths=["marks.key_a", "marks.key_b"])
marks = {"key_a": "new_value_for_a"}
updated_marks = client.update_security_marks(
{"name": marks_name, "marks": marks}, update_mask=field_mask
)
print(updated_marks)
# [END delete_and_update_marks]
assert updated_marks.marks == {"key_a": "new_value_for_a", "other": "other_val"}
def finding_name(source_name):
"""Creates a new finding a returns it name."""
from google.cloud import securitycenter
from google.cloud.securitycenter_v1.proto.finding_pb2 import Finding
from google.protobuf.timestamp_pb2 import Timestamp
client = securitycenter.SecurityCenterClient()
now_proto = Timestamp()
now_proto.GetCurrentTime()
finding = client.create_finding(
source_name,
"scfinding",
{
"state":
Finding.ACTIVE,
"category":
"C1",
"event_time":
now_proto,
"resource_name":
"//cloudresourcemanager.googleapis.com/organizations/11232",
},
)
client.create_finding(
source_name,
"untouched",
{
"state": Finding.ACTIVE,
"category": "MEDIUM_RISK_ONE",
"event_time": now_proto,
},
)
return finding.name
from google.cloud import securitycenter
organization_id=
client = securitycenter.SecurityCenterClient()
project_filter = (
"security_center_properties.resource_type= \"google.cloud.bigquery.Dataset\""
)
asset_iterator = client.list_assets(
request={"parent": f"organizations/{organization_id}", "filter": project_filter}
)
from itertools import groupby
sort = sorted(asset_iterator, key=lambda x: x.asset.resource_properties["location"])
for group, dataset in groupby(sort, lambda x: x.asset.resource_properties["location"]):
print(f"======== {group} ======")
for d in dataset:
print(d.asset.resource_properties["id"])
