Create a mute rule
Stay organized with collections
Save and categorize content based on your preferences.
Demonstrates how to create a mute rule, which is a configuration that uses a filter to automatically mute future findings
Code sample
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],[],[],[],null,["# Create a mute rule\n\nDemonstrates how to create a mute rule, which is a configuration that uses a filter to automatically mute future findings\n\nCode sample\n-----------\n\n### Go\n\n\nTo authenticate to Security Command Center, set up Application Default Credentials.\nFor more information, see\n\n[Set up authentication for a local development environment](/docs/authentication/set-up-adc-local-dev-environment).\n\n\n import (\n \t\"context\"\n \t\"fmt\"\n \t\"io\"\n\n \tsecuritycenter \"cloud.google.com/go/securitycenter/apiv1\"\n \t\"cloud.google.com/go/securitycenter/apiv1/securitycenterpb\"\n )\n\n // createMuteRule: Creates a mute configuration under a given scope that will mute\n // all new findings that match a given filter.\n // Existing findings will not be muted.\n func createMuteRule(w io.Writer, parent string, muteConfigId string) error {\n \t// parent: Use any one of the following options:\n \t// - organizations/{organization_id}\n \t// - folders/{folder_id}\n \t// - projects/{project_id}\n \t// parent := fmt.Sprintf(\"projects/%s\", \"your-google-cloud-project-id\")\n \t// muteConfigId: Set a random id; max of 63 chars.\n \t// muteConfigId := \"random-mute-id-\" + uuid.New().String()\n \tctx := context.Background()\n \tclient, err := securitycenter.https://cloud.google.com/go/docs/reference/cloud.google.com/go/securitycenter/latest/apiv1.html#cloud_google_com_go_securitycenter_apiv1_Client_NewClient(ctx)\n \tif err != nil {\n \t\treturn fmt.Errorf(\"securitycenter.NewClient: %w\", err)\n \t}\n \tdefer client.https://cloud.google.com/go/docs/reference/cloud.google.com/go/securitycenter/latest/apiv1.html#cloud_google_com_go_securitycenter_apiv1_Client_Close()\n\n \tmuteConfig := &securitycenterpb.MuteConfig{\n \t\tDescription: \"Mute low-medium IAM grants excluding 'compute' \",\n \t\t// Set mute rule(s).\n \t\t// To construct mute rules and for supported properties, see:\n \t\t// https://cloud.google.com/security-command-center/docs/how-to-mute-findings#create_mute_rules\n \t\tFilter: \"severity=\\\"LOW\\\" OR severity=\\\"MEDIUM\\\" AND \" +\n \t\t\t\"category=\\\"Persistence: IAM Anomalous Grant\\\" AND \" +\n \t\t\t\"-resource.type:\\\"compute\\\"\",\n \t}\n\n \treq := &securitycenterpb.CreateMuteConfigRequest{\n \t\tParent: parent,\n \t\tMuteConfigId: muteConfigId,\n \t\tMuteConfig: muteConfig,\n \t}\n\n \tresponse, err := client.CreateMuteConfig(ctx, req)\n \tif err != nil {\n \t\treturn fmt.Errorf(\"failed to create mute rule: %w\", err)\n \t}\n \tfmt.Fprintf(w, \"Mute rule created successfully: %s\", response.Name)\n \treturn nil\n }\n\n### Java\n\n\nTo authenticate to Security Command Center, set up Application Default Credentials.\nFor more information, see\n\n[Set up authentication for a local development environment](/docs/authentication/set-up-adc-local-dev-environment).\n\n\n import com.google.cloud.securitycenter.v1.https://cloud.google.com/java/docs/reference/google-cloud-securitycenter/latest/com.google.cloud.securitycenter.v1.CreateMuteConfigRequest.html;\n import com.google.cloud.securitycenter.v1.https://cloud.google.com/java/docs/reference/google-cloud-securitycenter/latest/com.google.cloud.securitycenter.v1.MuteConfig.html;\n import com.google.cloud.securitycenter.v1.https://cloud.google.com/java/docs/reference/google-cloud-securitycenter/latest/com.google.cloud.securitycenter.v1.SecurityCenterClient.html;\n import java.io.IOException;\n import java.util.UUID;\n\n public class CreateMuteRule {\n\n public static void main(String[] args) {\n // TODO: Replace the variables within {}\n\n // parentPath: Use any one of the following options:\n // - organizations/{organization_id}\n // - folders/{folder_id}\n // - projects/{project_id}\n String parentPath = String.format(\"projects/%s\", \"your-google-cloud-project-id\");\n\n // muteConfigId: Set a random id; max of 63 chars.\n String muteConfigId = \"random-mute-id-\" + UUID.randomUUID();\n createMuteRule(parentPath, muteConfigId);\n }\n\n // Creates a mute configuration under a given scope that will mute\n // all new findings that match a given filter.\n // Existing findings will not be muted.\n public static void createMuteRule(String parentPath, String muteConfigId) {\n // Initialize client that will be used to send requests. This client only needs to be created\n // once, and can be reused for multiple requests. After completing all of your requests, call\n // the \"close\" method on the client to safely clean up any remaining background resources.\n try (https://cloud.google.com/java/docs/reference/google-cloud-securitycenter/latest/com.google.cloud.securitycenter.v1.SecurityCenterClient.html client = https://cloud.google.com/java/docs/reference/google-cloud-securitycenter/latest/com.google.cloud.securitycenter.v1.SecurityCenterClient.html.create()) {\n\n https://cloud.google.com/java/docs/reference/google-cloud-securitycenter/latest/com.google.cloud.securitycenter.v1.MuteConfig.html muteConfig =\n https://cloud.google.com/java/docs/reference/google-cloud-securitycenter/latest/com.google.cloud.securitycenter.v1.MuteConfig.html.newBuilder()\n .setDescription(\"Mute low-medium IAM grants excluding 'compute' \")\n // Set mute rule(s).\n // To construct mute rules and for supported properties, see:\n // https://cloud.google.com/security-command-center/docs/how-to-mute-findings#create_mute_rules\n .setFilter(\n \"severity=\\\"LOW\\\" OR severity=\\\"MEDIUM\\\" AND \"\n + \"category=\\\"Persistence: IAM Anomalous Grant\\\" AND \"\n + \"-resource.type:\\\"compute\\\"\")\n .build();\n\n https://cloud.google.com/java/docs/reference/google-cloud-securitycenter/latest/com.google.cloud.securitycenter.v1.CreateMuteConfigRequest.html request =\n https://cloud.google.com/java/docs/reference/google-cloud-securitycenter/latest/com.google.cloud.securitycenter.v1.CreateMuteConfigRequest.html.newBuilder()\n .setParent(parentPath)\n .https://cloud.google.com/java/docs/reference/google-cloud-securitycenter/latest/com.google.cloud.securitycenter.v1.CreateMuteConfigRequest.Builder.html#com_google_cloud_securitycenter_v1_CreateMuteConfigRequest_Builder_setMuteConfigId_java_lang_String_(muteConfigId)\n .setMuteConfig(muteConfig)\n .build();\n\n // ExecutionException is thrown if the below call fails.\n https://cloud.google.com/java/docs/reference/google-cloud-securitycenter/latest/com.google.cloud.securitycenter.v1.MuteConfig.html response = client.createMuteConfig(request);\n System.out.println(\"Mute rule created successfully: \" + response.https://cloud.google.com/java/docs/reference/google-cloud-securitycenter/latest/com.google.cloud.securitycenter.v1.MuteConfig.html#com_google_cloud_securitycenter_v1_MuteConfig_getName__());\n } catch (IOException e) {\n System.out.println(\"Mute rule creation failed! \\n Exception: \" + e);\n }\n }\n }\n\n### Python\n\n\nTo authenticate to Security Command Center, set up Application Default Credentials.\nFor more information, see\n\n[Set up authentication for a local development environment](/docs/authentication/set-up-adc-local-dev-environment).\n\n\n\n def create_mute_rule(parent_path: str, mute_config_id: str) -\u003e None:\n \"\"\"\n Creates a mute configuration under a given scope that will mute\n all new findings that match a given filter.\n Existing findings will NOT BE muted.\n Args:\n parent_path: use any one of the following options:\n - organizations/{organization_id}\n - folders/{folder_id}\n - projects/{project_id}\n mute_config_id: Set a unique id; max of 63 chars.\n \"\"\"\n\n from google.cloud import securitycenter\n\n client = securitycenter.SecurityCenterClient()\n\n mute_config = securitycenter.https://cloud.google.com/python/docs/reference/securitycenter/latest/google.cloud.securitycenter_v1.types.MuteConfig.html()\n mute_config.description = \"Mute low-medium IAM grants excluding 'compute' \"\n # Set mute rule(s).\n # To construct mute rules and for supported properties, see:\n # https://cloud.google.com/security-command-center/docs/how-to-mute-findings#create_mute_rules\n mute_config.filter = (\n 'severity=\"LOW\" OR severity=\"MEDIUM\" AND '\n 'category=\"Persistence: IAM Anomalous Grant\" AND '\n '-resource.type:\"compute\"'\n )\n\n request = securitycenter.https://cloud.google.com/python/docs/reference/securitycenter/latest/google.cloud.securitycenter_v1.types.CreateMuteConfigRequest.html()\n request.parent = parent_path\n request.mute_config_id = mute_config_id\n request.mute_config = mute_config\n\n mute_config = client.https://cloud.google.com/python/docs/reference/securitycenter/latest/google.cloud.securitycenter_v1.services.security_center.SecurityCenterClient.html#google_cloud_securitycenter_v1_services_security_center_SecurityCenterClient_create_mute_config(request=request)\n print(f\"Mute rule created successfully: {mute_config.name}\")\n\nWhat's next\n-----------\n\n\nTo search and filter code samples for other Google Cloud products, see the\n[Google Cloud sample browser](/docs/samples?product=securitycenter)."]]
