Create a finding
Stay organized with collections
Save and categorize content based on your preferences.
Demonstrates how to create a new finding
Code sample
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],[],[],[],null,["# Create a finding\n\nDemonstrates how to create a new finding\n\nCode sample\n-----------\n\n### Go\n\n\nTo authenticate to Security Command Center, set up Application Default Credentials.\nFor more information, see\n\n[Set up authentication for a local development environment](/docs/authentication/set-up-adc-local-dev-environment).\n\n import (\n \t\"context\"\n \t\"fmt\"\n \t\"io\"\n \t\"time\"\n\n \tsecuritycenter \"cloud.google.com/go/securitycenter/apiv1\"\n \t\"cloud.google.com/go/securitycenter/apiv1/securitycenterpb\"\n \t\"github.com/golang/protobuf/ptypes\"\n )\n\n // createFinding demonstrates how to create a new security finding in CSCC.\n // sourceName is the full resource name of the source the finding should\n // be associated with.\n func createFinding(w io.Writer, sourceName string) error {\n \t// sourceName := \"organizations/111122222444/sources/1234\"\n \t// Instantiate a context and a security service client to make API calls.\n \tctx := context.Background()\n \tclient, err := securitycenter.https://cloud.google.com/go/docs/reference/cloud.google.com/go/securitycenter/latest/apiv1.html#cloud_google_com_go_securitycenter_apiv1_Client_NewClient(ctx)\n \tif err != nil {\n \t\treturn fmt.Errorf(\"securitycenter.NewClient: %w\", err)\n \t}\n \tdefer client.https://cloud.google.com/go/docs/reference/cloud.google.com/go/securitycenter/latest/apiv1.html#cloud_google_com_go_securitycenter_apiv1_Client_Close() // Closing the client safely cleans up background resources.\n \t// Use now as the eventTime for the security finding.\n \teventTime, err := ptypes.TimestampProto(time.Now())\n \tif err != nil {\n \t\treturn fmt.Errorf(\"TimestampProto: %w\", err)\n \t}\n\n \treq := &securitycenterpb.CreateFindingRequest{\n \t\tParent: sourceName,\n \t\tFindingId: \"samplefindingid\",\n \t\tFinding: &securitycenterpb.Finding{\n \t\t\tState: securitycenterpb.https://cloud.google.com/go/docs/reference/cloud.google.com/go/securitycenter/latest/apiv1/securitycenterpb.html#cloud_google_com_go_securitycenter_apiv1_securitycenterpb_Finding_STATE_UNSPECIFIED_Finding_ACTIVE_Finding_INACTIVE,\n \t\t\t// Resource the finding is associated with. This is an\n \t\t\t// example any resource identifier can be used.\n \t\t\tResourceName: \"//cloudresourcemanager.googleapis.com/organizations/11232\",\n \t\t\t// A free-form category.\n \t\t\tCategory: \"MEDIUM_RISK_ONE\",\n \t\t\t// The time associated with discovering the issue.\n \t\t\tEventTime: eventTime,\n \t\t},\n \t}\n \tfinding, err := client.CreateFinding(ctx, req)\n \tif err != nil {\n \t\treturn fmt.Errorf(\"CreateFinding: %w\", err)\n \t}\n \tfmt.Fprintf(w, \"New finding created: %s\\n\", finding.Name)\n \tfmt.Fprintf(w, \"Event time (Epoch Seconds): %d\\n\", eventTime.Seconds)\n \treturn nil\n }\n\n### Java\n\n\nTo authenticate to Security Command Center, set up Application Default Credentials.\nFor more information, see\n\n[Set up authentication for a local development environment](/docs/authentication/set-up-adc-local-dev-environment).\n\n static Finding createFinding(SourceName sourceName, String findingId) {\n try (SecurityCenterClient client = SecurityCenterClient.create()) {\n // SourceName sourceName = SourceName.of(/*organization=*/\"123234324\",/*source=*/\n // \"423432321\");\n // String findingId = \"samplefindingid\";\n\n // Use the current time as the finding \"event time\".\n Instant eventTime = Instant.now();\n\n // The resource this finding applies to. The CSCC UI can link\n // the findings for a resource to the corresponding Asset of a resource\n // if there are matches.\n String resourceName = \"//cloudresourcemanager.googleapis.com/organizations/11232\";\n\n // Start setting up a request to create a finding in a source.\n Finding finding =\n Finding.newBuilder()\n .setParent(sourceName.toString())\n .setState(State.ACTIVE)\n .setResourceName(resourceName)\n .setEventTime(\n Timestamp.newBuilder()\n .setSeconds(eventTime.getEpochSecond())\n .setNanos(eventTime.getNano()))\n .setCategory(\"MEDIUM_RISK_ONE\")\n .build();\n\n // Call the API.\n Finding response = client.createFinding(sourceName, findingId, finding);\n\n System.out.println(\"Created Finding: \" + response);\n return response;\n } catch (IOException e) {\n throw new RuntimeException(\"Couldn't create client.\", e);\n }\n }\n\n### Node.js\n\n\nTo authenticate to Security Command Center, set up Application Default Credentials.\nFor more information, see\n\n[Set up authentication for a local development environment](/docs/authentication/set-up-adc-local-dev-environment).\n\n // Imports the Google Cloud client library.\n const {SecurityCenterClient} = require('https://cloud.google.com/nodejs/docs/reference/security-center/latest/overview.html');\n\n // Creates a new client.\n const client = new https://cloud.google.com/nodejs/docs/reference/security-center/latest/overview.html();\n // sourceName is the full resource name of the source the finding should\n // be associated with.\n /*\n * TODO(developer): Uncomment the following lines\n */\n // const sourceName = \"organizations/111122222444/sources/1234\";\n\n // Use now as the eventTime for the security finding.\n const eventTime = new Date();\n async function createFinding() {\n const [newFinding] = await client.createFinding({\n parent: sourceName,\n findingId: 'samplefindingid',\n finding: {\n state: 'ACTIVE',\n // Resource the finding is associated with. This is an\n // example any resource identifier can be used.\n resourceName:\n '//cloudresourcemanager.googleapis.com/organizations/11232',\n // A free-form category.\n category: 'MEDIUM_RISK_ONE',\n // The time associated with discovering the issue.\n eventTime: {\n seconds: Math.floor(eventTime.getTime() / 1000),\n nanos: (eventTime.getTime() % 1000) * 1e6,\n },\n },\n });\n console.log('New finding created: %j', newFinding);\n }\n await createFinding();\n\n### Python\n\n\nTo authenticate to Security Command Center, set up Application Default Credentials.\nFor more information, see\n\n[Set up authentication for a local development environment](/docs/authentication/set-up-adc-local-dev-environment).\n\n from datetime import datetime, timezone\n\n from google.cloud import securitycenter_v1\n from google.cloud.securitycenter_v1 import Finding\n\n # Create a new client.\n client = securitycenter_v1.SecurityCenterClient()\n\n # Use the current time as the finding \"event time\".\n event_time = datetime.now(tz=timezone.utc)\n\n # 'source_name' is the resource path for a source that has been\n # created previously (you can use list_sources to find a specific one).\n # Its format is:\n # source_name = \"organizations/{organization_id}/sources/{source_id}\"\n # e.g.:\n # source_name = \"organizations/111122222444/sources/1234\"\n\n # The resource this finding applies to. The CSCC UI can link\n # the findings for a resource to the corresponding Asset of a resource\n # if there are matches.\n resource_name = \"//cloudresourcemanager.googleapis.com/organizations/11232\"\n\n finding = Finding(\n state=Finding.State.ACTIVE,\n resource_name=resource_name,\n category=\"MEDIUM_RISK_ONE\",\n event_time=event_time,\n )\n\n # Call The API.\n created_finding = client.https://cloud.google.com/python/docs/reference/securitycenter/latest/google.cloud.securitycenter_v1.services.security_center.SecurityCenterClient.html#google_cloud_securitycenter_v1_services_security_center_SecurityCenterClient_create_finding(\n request={\"parent\": source_name, \"finding_id\": finding_id, \"finding\": finding}\n )\n print(created_finding)\n\nWhat's next\n-----------\n\n\nTo search and filter code samples for other Google Cloud products, see the\n[Google Cloud sample browser](/docs/samples?product=securitycenter)."]]
