GCP 安全命令中心 API - 如何获取 source_properties
GCP Security Command Center API - how to get source_properties
当您在 Google 控制台、Security Command Center、Findings 时,您可以单击一个项目以查看详细信息。有一个部分列出了“属性”和“源属性”。我想获得其中一些价值。下面的代码取自此页面 (https://cloud.google.com/security-command-center/docs/how-to-api-list-findings) 并进行了修改以获得我需要的内容:
from google.cloud import securitycenter
client = securitycenter.SecurityCenterClient()
organization_id = "<my organization id>"
org_name = "organizations/{org_id}".format(org_id=organization_id)
finding_result_iterator = client.list_findings(request={"parent": all_sources, "filter": 'severity="HIGH"'})
for i, finding_result in enumerate(finding_result_iterator):
sourceId = finding_result.finding.resource_name
title = finding_result.finding.category
alertTime = finding_result.finding.event_time
serviceName = finding_result.resource.type_
description = ""
additionalInfo = ""
我想从 Source Properties 获取“解释”和“推荐”值,但我不知道从哪里获取它们。参考页显示了循环中每个 finding_result 的输出。控制台显示这些属性,但我不知道如何获取它们,我一直在互联网上搜索答案。我希望这里有人有答案。
所以,我对我的问题有点不耐烦,无论是在这里还是在 Google 支持下。当我收紧我的电话过滤器时,我发现确实有我正在寻找的两个值的记录。对于那些感兴趣的人,我在下面包含了一些垃圾测试代码。
from google.cloud import securitycenter
client = securitycenter.SecurityCenterClient()
organization_id = "<my org id>"
org_name = "organizations/{org_id}".format(org_id=organization_id)
all_sources = "{org_name}/sources/-".format(org_name=org_name)
finding_result_iterator = client.list_findings(request={"parent": all_sources, "filter": 'severity="HIGH" AND state="ACTIVE" AND category!="Persistence: IAM Anomalous Grant" AND category!="MFA_NOT_ENFORCED"'})
for i, finding_result in enumerate(finding_result_iterator):
sourceId = finding_result.finding.resource_name
projectId = finding_result.resource.project_display_name
title = finding_result.finding.category
alertTime = finding_result.finding.event_time
serviceName = finding_result.resource.type_
description = ""
additionalInfo = ""
externalUri = ""
if hasattr(finding_result.finding,"external_uri"):
externalUri = finding_result.finding.external_uri
sourceProps = finding_result.finding.source_properties
for item in sourceProps:
if (item == "Explanation"):
description = str(sourceProps[item])
if (item == "Recommendation"):
additionalInfo = str(sourceProps[item])
print("TITLE: " + title)
print(" PROJECT ID: " + projectId)
print(" DESCRIPTION: " + description)
print(" SOURCE ID: " + sourceId)
print(" ALERT TIME: {}".format(alertTime))
print(" SERVICE NAME: " + serviceName)
print(" ADDITIONAL INFO: Recommendation: " + additionalInfo)
if len(externalUri) > 0:
print(", External URI: " + externalUri)
if i < 1:
break
所以虽然这个问题有点浪费,但代码可能会帮助其他人尝试使用安全命令中心 API。
当您在 Google 控制台、Security Command Center、Findings 时,您可以单击一个项目以查看详细信息。有一个部分列出了“属性”和“源属性”。我想获得其中一些价值。下面的代码取自此页面 (https://cloud.google.com/security-command-center/docs/how-to-api-list-findings) 并进行了修改以获得我需要的内容:
from google.cloud import securitycenter
client = securitycenter.SecurityCenterClient()
organization_id = "<my organization id>"
org_name = "organizations/{org_id}".format(org_id=organization_id)
finding_result_iterator = client.list_findings(request={"parent": all_sources, "filter": 'severity="HIGH"'})
for i, finding_result in enumerate(finding_result_iterator):
sourceId = finding_result.finding.resource_name
title = finding_result.finding.category
alertTime = finding_result.finding.event_time
serviceName = finding_result.resource.type_
description = ""
additionalInfo = ""
我想从 Source Properties 获取“解释”和“推荐”值,但我不知道从哪里获取它们。参考页显示了循环中每个 finding_result 的输出。控制台显示这些属性,但我不知道如何获取它们,我一直在互联网上搜索答案。我希望这里有人有答案。
所以,我对我的问题有点不耐烦,无论是在这里还是在 Google 支持下。当我收紧我的电话过滤器时,我发现确实有我正在寻找的两个值的记录。对于那些感兴趣的人,我在下面包含了一些垃圾测试代码。
from google.cloud import securitycenter
client = securitycenter.SecurityCenterClient()
organization_id = "<my org id>"
org_name = "organizations/{org_id}".format(org_id=organization_id)
all_sources = "{org_name}/sources/-".format(org_name=org_name)
finding_result_iterator = client.list_findings(request={"parent": all_sources, "filter": 'severity="HIGH" AND state="ACTIVE" AND category!="Persistence: IAM Anomalous Grant" AND category!="MFA_NOT_ENFORCED"'})
for i, finding_result in enumerate(finding_result_iterator):
sourceId = finding_result.finding.resource_name
projectId = finding_result.resource.project_display_name
title = finding_result.finding.category
alertTime = finding_result.finding.event_time
serviceName = finding_result.resource.type_
description = ""
additionalInfo = ""
externalUri = ""
if hasattr(finding_result.finding,"external_uri"):
externalUri = finding_result.finding.external_uri
sourceProps = finding_result.finding.source_properties
for item in sourceProps:
if (item == "Explanation"):
description = str(sourceProps[item])
if (item == "Recommendation"):
additionalInfo = str(sourceProps[item])
print("TITLE: " + title)
print(" PROJECT ID: " + projectId)
print(" DESCRIPTION: " + description)
print(" SOURCE ID: " + sourceId)
print(" ALERT TIME: {}".format(alertTime))
print(" SERVICE NAME: " + serviceName)
print(" ADDITIONAL INFO: Recommendation: " + additionalInfo)
if len(externalUri) > 0:
print(", External URI: " + externalUri)
if i < 1:
break
所以虽然这个问题有点浪费,但代码可能会帮助其他人尝试使用安全命令中心 API。