List findings by time
Stay organized with collections
Save and categorize content based on your preferences.
Demonstrates how to list findings for specific points in time
Code sample
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],[],[],[],null,["# List findings by time\n\nDemonstrates how to list findings for specific points in time\n\nCode sample\n-----------\n\n### Go\n\n\nTo authenticate to Security Command Center, set up Application Default Credentials.\nFor more information, see\n\n[Set up authentication for a local development environment](/docs/authentication/set-up-adc-local-dev-environment).\n\n import (\n \t\"context\"\n \t\"fmt\"\n \t\"io\"\n \t\"time\"\n\n \tsecuritycenter \"cloud.google.com/go/securitycenter/apiv1\"\n \t\"cloud.google.com/go/securitycenter/apiv1/securitycenterpb\"\n \t\"github.com/golang/protobuf/ptypes\"\n \t\"google.golang.org/api/iterator\"\n )\n\n // listFindingsAtTime prints findings that where present for a specific source\n // as of five days ago to w. sourceName is the full resource name of the\n // source to search for findings under.\n func listFindingsAtTime(w io.Writer, sourceName string) error {\n \t// Specific source:\n \t// \t\tsourceName := \"{parent}/sources/{sourceId}\"\n \t// All sources:\n \t// \t\tsourceName := \"{parent}/sources/-\"\n \t// where,\n \t// Parent must be in one of the following formats:\n \t//\t\t\"organizations/{orgId}\"\n \t//\t\t\"projects/{projectId}\"\n \t//\t\t\"folders/{folderId}\"\n \tctx := context.Background()\n \tclient, err := securitycenter.https://cloud.google.com/go/docs/reference/cloud.google.com/go/securitycenter/latest/apiv1.html#cloud_google_com_go_securitycenter_apiv1_Client_NewClient(ctx)\n \tif err != nil {\n \t\treturn fmt.Errorf(\"securitycenter.NewClient: %w\", err)\n \t}\n \tdefer client.https://cloud.google.com/go/docs/reference/cloud.google.com/go/securitycenter/latest/apiv1.html#cloud_google_com_go_securitycenter_apiv1_Client_Close() // Closing the client safely cleans up background resources.\n \tfiveDaysAgo, err := ptypes.TimestampProto(time.Now().AddDate(0, 0, -5))\n \tif err != nil {\n \t\treturn fmt.Errorf(\"Error converting five days ago: %w\", err)\n \t}\n\n \treq := &securitycenterpb.ListFindingsRequest{\n \t\tParent: sourceName,\n \t\tReadTime: fiveDaysAgo,\n \t}\n \tit := client.ListFindings(ctx, req)\n \tfor {\n \t\tresult, err := it.Next()\n \t\tif err == iterator.Done {\n \t\t\tbreak\n \t\t}\n \t\tif err != nil {\n \t\t\treturn fmt.Errorf(\"it.Next: %w\", err)\n \t\t}\n \t\tfinding := result.Finding\n \t\tfmt.Fprintf(w, \"Finding Name: %s, \", finding.Name)\n \t\tfmt.Fprintf(w, \"Resource Name %s, \", finding.ResourceName)\n \t\tfmt.Fprintf(w, \"Category: %s\\n\", finding.Category)\n \t}\n \treturn nil\n }\n\n### Java\n\n\nTo authenticate to Security Command Center, set up Application Default Credentials.\nFor more information, see\n\n[Set up authentication for a local development environment](/docs/authentication/set-up-adc-local-dev-environment).\n\n static ImmutableList\u003cListFindingsResult\u003e listFindingsAtTime(SourceName sourceName) {\n try (SecurityCenterClient client = SecurityCenterClient.create()) {\n // parentId: must be one of the following:\n // \"organization-id\"\n // \"project-id\"\n // \"folder-id\"\n // SourceName sourceName = SourceName.of(parentId, sourceId);\n\n // 5 days ago\n Instant fiveDaysAgo = Instant.now().minus(Duration.ofDays(5));\n\n ListFindingsRequest.Builder request =\n ListFindingsRequest.newBuilder()\n .setParent(sourceName.toString())\n .setReadTime(\n Timestamp.newBuilder()\n .setSeconds(fiveDaysAgo.getEpochSecond())\n .setNanos(fiveDaysAgo.getNano()));\n\n // Call the API.\n ListFindingsPagedResponse response = client.listFindings(request.build());\n\n // This creates one list for all findings. If your organization has a large number of\n // findings this can cause out of memory issues. You can process them in incrementally\n // by returning the Iterable returned response.iterateAll() directly.\n ImmutableList\u003cListFindingsResult\u003e results = ImmutableList.copyOf(response.iterateAll());\n System.out.println(\"Findings:\");\n System.out.println(results);\n return results;\n } catch (IOException e) {\n throw new RuntimeException(\"Couldn't create client.\", e);\n }\n }\n\n### Node.js\n\n\nTo authenticate to Security Command Center, set up Application Default Credentials.\nFor more information, see\n\n[Set up authentication for a local development environment](/docs/authentication/set-up-adc-local-dev-environment).\n\n // Imports the Google Cloud client library.\n const {SecurityCenterClient} = require('https://cloud.google.com/nodejs/docs/reference/security-center/latest/overview.html');\n\n // Creates a new client.\n const client = new https://cloud.google.com/nodejs/docs/reference/security-center/latest/overview.html();\n // sourceName is the fully qualified source name to search for findings\n // under.\n /*\n * TODO(developer): Uncomment the following lines\n */\n // const sourceName = `${parent}/sources/${sourceId}`;\n // where,\n // parent: must be in one of the following formats:\n // `organizations/${organization_id}`\n // `projects/${project_id}`\n // `folders/${folder_id}`\n const fiveDaysAgo = new Date();\n fiveDaysAgo.setDate(fiveDaysAgo.getDate() - 5);\n\n async function listFindingsAtTime() {\n const [response] = await client.listFindings({\n // List findings across all sources.\n parent: sourceName,\n //commented readTime as it is not supported, refer below link\n //https://cloud.google.com/security-command-center/docs/release-notes#April_15_2024\n // readTime: {\n // seconds: Math.floor(fiveDaysAgo.getTime() / 1000),\n // nanos: (fiveDaysAgo.getTime() % 1000) * 1e6,\n // },\n });\n let count = 0;\n Array.from(response).forEach(result =\u003e\n console.log(\n `${++count} ${result.finding.name} ${result.finding.resourceName}`\n )\n );\n }\n listFindingsAtTime();\n\n### Python\n\n\nTo authenticate to Security Command Center, set up Application Default Credentials.\nFor more information, see\n\n[Set up authentication for a local development environment](/docs/authentication/set-up-adc-local-dev-environment).\n\n from datetime import datetime, timedelta, timezone\n\n from google.cloud import securitycenter_v1\n\n # Create a new client.\n # More info about SecurityCenterClient:\n # https://cloud.google.com/python/docs/reference/securitycenter/latest/google.cloud.securitycenter_v1.services.security_center.SecurityCenterClient\n client = securitycenter_v1.SecurityCenterClient()\n\n # 'source_name' is the resource path for a source that has been\n # created previously (you can use list_sources to find a specific one).\n # Its format is:\n # source_name = f\"{parent}/sources/{source_id}\"\n # 'parent' must be in one of the following formats:\n # \"organizations/{organization_id}\"\n # \"projects/{project_id}\"\n # \"folders/{folder_id}\"\n # You an also use a wild-card \"-\" for all sources:\n # source_name = \"organizations/111122222444/sources/-\"\n\n five_days_ago = datetime.now(timezone.utc) - timedelta(days=5)\n timestamp_milliseconds = int(five_days_ago.timestamp() * 1000)\n\n # More details about the request syntax:\n # https://cloud.google.com/security-command-center/docs/reference/rest/v1/folders.sources.findings/list\n finding_result_iterator = client.https://cloud.google.com/python/docs/reference/securitycenter/latest/google.cloud.securitycenter_v1.services.security_center.SecurityCenterClient.html#google_cloud_securitycenter_v1_services_security_center_SecurityCenterClient_list_findings(\n request={\n \"parent\": source_name,\n \"filter\": f\"event_time \u003c {timestamp_milliseconds}\",\n }\n )\n\n for i, finding_result in enumerate(finding_result_iterator):\n print(\n \"{}: name: {} resource: {}\".format(\n i, finding_result.finding.name, finding_result.finding.resource_name\n )\n )\n\nWhat's next\n-----------\n\n\nTo search and filter code samples for other Google Cloud products, see the\n[Google Cloud sample browser](/docs/samples?product=securitycenter)."]]