def update_finding(source_name): # [START update_finding] import datetime from google.cloud import securitycenter from google.cloud.securitycenter_v1 import Finding from google.protobuf import field_mask_pb2 client = securitycenter.SecurityCenterClient() # Only update the specific source property and event_time. event_time # is required for updates. field_mask = field_mask_pb2.FieldMask( paths=["source_properties.s_value", "event_time"] ) # Set the update time to Now. This must be some time greater then the # event_time on the original finding. event_time = datetime.datetime.now() # source_name is the resource path for a source that has been # created previously (you can use list_sources to find a specific one). # Its format is: # source_name = "organizations/{organization_id}/sources/{source_id}" # e.g.: # source_name = "organizations/111122222444/sources/1234" finding_name = "{}/findings/samplefindingid2".format(source_name) finding = Finding( name=finding_name, source_properties={"s_value": "new_string"}, event_time=event_time, ) updated_finding = client.update_finding( request={ "finding": finding, "update_mask": field_mask, } ) print( "New Source properties: {}, Event Time {}".format( updated_finding.source_properties, updated_finding.event_time ) )
def get_notification_config(organization_id, notification_config_id): # [START scc_get_notification_config] from google.cloud import securitycenter as securitycenter client = securitycenter.SecurityCenterClient() # TODO: organization_id = "your-org-id" # TODO: notification_config_id = "your-config-id" notification_config_name = "organizations/{org_id}/notificationConfigs/{config_id}".format( org_id=organization_id, config_id=notification_config_id ) notification_config = client.get_notification_config( request={"name": notification_config_name} ) print("Got notification config: {}".format(notification_config)) # [END scc_get_notification_config] return notification_config
def list_all_findings(organization_id): # [START list_all_findings] from google.cloud import securitycenter # Create a client. client = securitycenter.SecurityCenterClient() # organization_id is the numeric ID of the organization. e.g.: # organization_id = "111122222444" org_name = "organizations/{org_id}".format(org_id=organization_id) # The "sources/-" suffix lists findings across all sources. You # also use a specific source_name instead. all_sources = "{org_name}/sources/-".format(org_name=org_name) finding_result_iterator = client.list_findings(all_sources) for i, finding_result in enumerate(finding_result_iterator): print("{}: name: {} resource: {}".format( i, finding_result.finding.name, finding_result.finding.resource_name)) # [END list_all_findings] return i
def create_source(organization_id): """Create a new findings source. """ # [START create_source] from google.cloud import securitycenter client = securitycenter.SecurityCenterClient() # organization_id is the numeric ID of the organization. e.g.: # organization_id = "111122222444" org_name = "organizations/{org_id}".format(org_id=organization_id) created = client.create_source( request={ "parent": org_name, "source": { "display_name": "Customized Display Name", "description": "A new custom source that does X", }, } ) print("Created Source: {}".format(created.name))
def list_assets_with_filters(organization_id): """Demonstrate listing assets with a filter.""" i = 0 # [START demo_list_assets_with_filter] from google.cloud import securitycenter client = securitycenter.SecurityCenterClient() # organization_id is the numeric ID of the organization. # organization_id = "1234567777" org_name = "organizations/{org_id}".format(org_id=organization_id) project_filter = ("security_center_properties.resource_type=" + '"google.cloud.resourcemanager.Project"') # Call the API and print results. asset_iterator = client.list_assets(org_name, filter_=project_filter) for i, asset_result in enumerate(asset_iterator): print(i, asset_result) # [END demo_list_assets_with_filter] return i
def update_finding(source_name): # [START update_finding] from google.cloud import securitycenter from google.protobuf.struct_pb2 import Value from google.protobuf import field_mask_pb2 from google.protobuf.timestamp_pb2 import Timestamp client = securitycenter.SecurityCenterClient() # Only update the specific source property and event_time. event_time # is required for updates. field_mask = field_mask_pb2.FieldMask( paths=["source_properties.s_value", "event_time"]) value = Value() value.string_value = "new_string" # Set the update time to Now. This must be some time greater then the # event_time on the original finding. now_proto = Timestamp() now_proto.GetCurrentTime() # source_name is the resource path for a source that has been # created previously (you can use list_sources to find a specific one). # Its format is: # source_name = "organizations/{organization_id}/sources/{source_id}" # e.g.: # source_name = "organizations/111122222444/sources/1234" finding_name = "{}/findings/samplefindingid2".format(source_name) updated_finding = client.update_finding( { "name": finding_name, "source_properties": { "s_value": value }, "event_time": now_proto, }, update_mask=field_mask, ) print("New Source properties: {}, Event Time {}".format( updated_finding.source_properties, updated_finding.event_time.ToDatetime()))
def group_all_findings(organization_id): """Demonstrates grouping all findings across an organization.""" i = 0 # [START group_all_findings] from google.cloud import securitycenter # Create a client. client = securitycenter.SecurityCenterClient() # organization_id is the numeric ID of the organization. e.g.: # organization_id = "111122222444" org_name = "organizations/{org_id}".format(org_id=organization_id) # The "sources/-" suffix lists findings across all sources. You # also use a specific source_name instead. all_sources = "{org_name}/sources/-".format(org_name=org_name) group_result_iterator = client.group_findings(all_sources, group_by="category") for i, group_result in enumerate(group_result_iterator): print((i + 1), group_result) # [END group_all_findings] return i
def add_user_to_source(source_name): """Gives a user findingsEditor permission to the source.""" user_email = "*****@*****.**" # [START securitycenter_set_source_iam] from google.cloud import securitycenter from google.iam.v1 import policy_pb2 client = securitycenter.SecurityCenterClient() # source_name is the resource path for a source that has been # created previously (you can use list_sources to find a specific one). # Its format is: # source_name = "organizations/{organization_id}/sources/{source_id}" # e.g.: # source_name = "organizations/111122222444/sources/1234" # Get the old policy so we can do an incremental update. old_policy = client.get_iam_policy(request={"resource": source_name}) print("Old Policy: {}".format(old_policy)) # Setup a new IAM binding. binding = policy_pb2.Binding() binding.role = "roles/securitycenter.findingsEditor" # user_email is an e-mail address known to Cloud IAM (e.g. a gmail address). # user_mail = [email protected] binding.members.append("user:{}".format(user_email)) # Setting the e-tag avoids over-write existing policy updated = client.set_iam_policy( request={ "resource": source_name, "policy": { "etag": old_policy.etag, "bindings": [binding] }, }) print("Updated Policy: {}".format(updated)) # [END securitycenter_set_source_iam] return binding, updated
def update_notification_config(organization_id, notification_config_id, pubsub_topic): # [START scc_update_notification_config] from google.cloud import securitycenter as securitycenter from google.protobuf import field_mask_pb2 client = securitycenter.SecurityCenterClient() # TODO organization_id = "your-org-id" # TODO notification_config_id = "config-id-to-update" # TODO pubsub_topic = "projects/{new-project}/topics/{new-topic}" # If updating a pubsub_topic, ensure this ServiceAccount has the # "pubsub.topics.setIamPolicy" permission on the new topic. notification_config_name = "organizations/{org_id}/notificationConfigs/{config_id}".format( org_id=organization_id, config_id=notification_config_id ) updated_description = "New updated description" updated_filter = 'state = "INACTIVE"' # Only description and pubsub_topic can be updated. field_mask = field_mask_pb2.FieldMask( paths=["description", "pubsub_topic", "streaming_config.filter"] ) updated_notification_config = client.update_notification_config( request={ "notification_config": { "name": notification_config_name, "description": updated_description, "pubsub_topic": pubsub_topic, "streaming_config": {"filter": updated_filter}, }, "update_mask": field_mask, } ) print(updated_notification_config) # [END scc_update_notification_config] return updated_notification_config
def group_assets(organization_id): """Demonstrates grouping all assets by type. """ i = 0 # [START group_all_assets] from google.cloud import securitycenter client = securitycenter.SecurityCenterClient() # organization_id is the numeric ID of the organization. # organization_id = "1234567777" org_name = "organizations/{org_id}".format(org_id=organization_id) group_by_type = "security_center_properties.resource_type" result_iterator = client.group_assets(request={ "parent": org_name, "group_by": group_by_type }) for i, result in enumerate(result_iterator): print((i + 1), result) # [END group_all_assets] return i
def test_group_filtered_assets(organization_id): """Demonstrates grouping assets by type with a filter. """ # [START group_all_assets] from google.cloud import securitycenter client = securitycenter.SecurityCenterClient() # organization_id is the numeric ID of the organization. # organization_id = "1234567777" org_name = "organizations/{org_id}".format(org_id=organization_id) group_by_type = "security_center_properties.resource_type" only_projects = ("security_center_properties.resource_type=" + '"google.cloud.resourcemanager.Project"') result_iterator = client.group_assets(org_name, group_by=group_by_type, filter_=only_projects) for i, result in enumerate(result_iterator): print((i + 1), result) # [END group_all_assets] # only one asset type is a project assert i == 0
def test_list_assets_with_query_marks(organization_id, asset_name): """Lists assets with a filter on security marks. """ test_add_to_asset(asset_name) # [START demo_list_assets_with_security_marks] from google.cloud import securitycenter client = securitycenter.SecurityCenterClient() # organization_id is the numeric ID of the organization. # organization_id=1234567777 org_name = "organizations/{org_id}".format(org_id=organization_id) marks_filter = 'security_marks.marks.key_a = "value_a"' # Call the API and print results. asset_iterator = client.list_assets(org_name, filter_=marks_filter) # Call the API and print results. asset_iterator = client.list_assets(org_name, filter_=marks_filter) for i, asset_result in enumerate(asset_iterator): print(i, asset_result) # [END demo_list_assets_with_security_marks] assert i >= 0
def asset_name(organization_id): """Returns a random asset name from existing assets.""" from google.cloud import securitycenter client = securitycenter.SecurityCenterClient() # organization_id is the numeric ID of the organization. # organization_id=1234567777 org_name = "organizations/{org_id}".format(org_id=organization_id) assets = list(client.list_assets(org_name)) # Select a random asset to avoid collision between integration tests. asset = (random.sample(assets, 1)[0]).asset.name # Set fresh marks. update = client.update_security_marks({ "name": "{}/securityMarks".format(asset), "marks": { "other": "other_val" } }) assert update.marks == {"other": "other_val"} return asset
def trouble_shoot(source_name): """Demonstrate calling test_iam_permissions to determine if the service account has the correct permisions.""" # [START securitycenter_test_iam] from google.cloud import securitycenter # Create a client. client = securitycenter.SecurityCenterClient() # source_name is the resource path for a source that has been # created previously (you can use list_sources to find a specific one). # Its format is: # source_name = "organizations/{organization_id}/sources/{source_id}" # e.g.: # source_name = "organizations/111122222444/sources/1234" # Check for permssions to call create_finding or update_finding. permission_response = client.test_iam_permissions( request={ "resource": source_name, "permissions": ["securitycenter.findings.update"], }) print("Permision to create or update findings? {}".format( len(permission_response.permissions) > 0)) # [END securitycenter_test_iam] assert len(permission_response.permissions) > 0 # [START securitycenter_test_iam] # Check for permissions necessary to call set_finding_state. permission_response = client.test_iam_permissions( request={ "resource": source_name, "permissions": ["securitycenter.findings.setState"], }) print("Permision to update state? {}".format( len(permission_response.permissions) > 0)) # [END securitycenter_test_iam] return permission_response assert len(permission_response.permissions) > 0
def group_filtered_findings(source_name): """Demonstrates grouping all findings across an organization.""" i = 0 # [START group_filtered_findings] from google.cloud import securitycenter # Create a client. client = securitycenter.SecurityCenterClient() # source_name is the resource path for a source that has been # created previously (you can use list_sources to find a specific one). # Its format is: # source_name = "organizations/{organization_id}/sources/{source_id}" # e.g.: # source_name = "organizations/111122222444/sources/1234" group_result_iterator = client.group_findings(source_name, group_by="category", filter_='state="ACTIVE"') for i, group_result in enumerate(group_result_iterator): print((i + 1), group_result) # [END group_filtered_findings] return i
def test_group_assets_by_changes(organization_id): """Demonstrates grouping assets by there changes over a period of time.""" # [START group_all_assets_by_change] from datetime import timedelta from google.cloud import securitycenter from google.protobuf.duration_pb2 import Duration client = securitycenter.SecurityCenterClient() duration_proto = Duration() duration_proto.FromTimedelta(timedelta(days=5)) # organization_id is the numeric ID of the organization. # organization_id = "1234567777" org_name = "organizations/{org_id}".format(org_id=organization_id) result_iterator = client.group_assets(org_name, group_by="state_change", compare_duration=duration_proto) for i, result in enumerate(result_iterator): print((i + 1), result) # [END group_all_assets_by_change] # only one asset type is a project assert i >= 0
def update_asset_discovery_org_settings(organization_id): """Example showing how to update the asset discovery configuration for an organization.""" # [START update_org_settings] from google.cloud import securitycenter from google.protobuf import field_mask_pb2 # Create the client client = securitycenter.SecurityCenterClient() # organization_id is numeric ID for the organization. e.g. # organization_id = "111112223333" org_settings_name = "organizations/{org_id}/organizationSettings".format( org_id=organization_id ) # Only update the enable_asset_discovery_value (leave others untouched). field_mask = field_mask_pb2.FieldMask(paths=["enable_asset_discovery"]) # Call the service. updated = client.update_organization_settings( {"name": org_settings_name, "enable_asset_discovery": True}, update_mask=field_mask, ) print("Asset Discovery Enabled? {}".format(updated.enable_asset_discovery)) # [END update_org_settings] return updated
def test_delete_and_update_marks(asset_name): """Updates and deletes security marks from an asset in the same call.""" # Make sure they are there first test_add_to_asset(asset_name) # [START delete_and_update_marks] from google.cloud import securitycenter from google.protobuf import field_mask_pb2 client = securitycenter.SecurityCenterClient() # asset_name is the resource path for an asset that exists in CSCC. # Its format is "organization/{organization_id}/assets/{asset_id} # e.g.: # asset_name = organizations/123123342/assets/12312321 marks_name = "{}/securityMarks".format(asset_name) field_mask = field_mask_pb2.FieldMask(paths=["marks.key_a", "marks.key_b"]) marks = {"key_a": "new_value_for_a"} updated_marks = client.update_security_marks( {"name": marks_name, "marks": marks}, update_mask=field_mask ) print(updated_marks) # [END delete_and_update_marks] assert updated_marks.marks == {"key_a": "new_value_for_a", "other": "other_val"}
def finding_name(source_name): """Creates a new finding a returns it name.""" from google.cloud import securitycenter from google.cloud.securitycenter_v1.proto.finding_pb2 import Finding from google.protobuf.timestamp_pb2 import Timestamp client = securitycenter.SecurityCenterClient() now_proto = Timestamp() now_proto.GetCurrentTime() finding = client.create_finding( source_name, "scfinding", { "state": Finding.ACTIVE, "category": "C1", "event_time": now_proto, "resource_name": "//cloudresourcemanager.googleapis.com/organizations/11232", }, ) client.create_finding( source_name, "untouched", { "state": Finding.ACTIVE, "category": "MEDIUM_RISK_ONE", "event_time": now_proto, }, ) return finding.name
from google.cloud import securitycenter organization_id= client = securitycenter.SecurityCenterClient() project_filter = ( "security_center_properties.resource_type= \"google.cloud.bigquery.Dataset\"" ) asset_iterator = client.list_assets( request={"parent": f"organizations/{organization_id}", "filter": project_filter} ) from itertools import groupby sort = sorted(asset_iterator, key=lambda x: x.asset.resource_properties["location"]) for group, dataset in groupby(sort, lambda x: x.asset.resource_properties["location"]): print(f"======== {group} ======") for d in dataset: print(d.asset.resource_properties["id"])