Update finding source properties
Stay organized with collections
Save and categorize content based on your preferences.
Demonstrates how to update source properties for a finding
Code sample
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],[],[],[],null,["# Update finding source properties\n\nDemonstrates how to update source properties for a finding\n\nCode sample\n-----------\n\n### Go\n\n\nTo authenticate to Security Command Center, set up Application Default Credentials.\nFor more information, see\n\n[Set up authentication for a local development environment](/docs/authentication/set-up-adc-local-dev-environment).\n\n import (\n \t\"context\"\n \t\"fmt\"\n \t\"io\"\n \t\"time\"\n\n \tsecuritycenter \"cloud.google.com/go/securitycenter/apiv1\"\n \t\"cloud.google.com/go/securitycenter/apiv1/securitycenterpb\"\n \t\"github.com/golang/protobuf/ptypes\"\n \tstructpb \"github.com/golang/protobuf/ptypes/struct\"\n \t\"google.golang.org/genproto/protobuf/field_mask\"\n )\n\n // updateFindingSourceProperties demonstrates how to update a security finding\n // in CSCC. findingName is the full resource name of the finding to update.\n func updateFindingSourceProperties(w io.Writer, findingName string) error {\n \t// findingName := \"organizations/111122222444/sources/1234/findings/findingid\"\n \t// Instantiate a context and a security service client to make API calls.\n \tctx := context.Background()\n \tclient, err := securitycenter.https://cloud.google.com/go/docs/reference/cloud.google.com/go/securitycenter/latest/apiv1.html#cloud_google_com_go_securitycenter_apiv1_Client_NewClient(ctx)\n \tif err != nil {\n \t\treturn fmt.Errorf(\"securitycenter.NewClient: %w\", err)\n \t}\n \tdefer client.https://cloud.google.com/go/docs/reference/cloud.google.com/go/securitycenter/latest/apiv1.html#cloud_google_com_go_securitycenter_apiv1_Client_Close() // Closing the client safely cleans up background resources.\n \t// Use now as the eventTime for the security finding.\n \teventTime, err := ptypes.TimestampProto(time.Now())\n \tif err != nil {\n \t\treturn fmt.Errorf(\"TimestampProto: %w\", err)\n \t}\n\n \treq := &securitycenterpb.UpdateFindingRequest{\n \t\tFinding: &securitycenterpb.Finding{\n \t\t\tName: findingName,\n \t\t\tEventTime: eventTime,\n \t\t\tSourceProperties: map[string]*structpb.Value{\n \t\t\t\t\"s_value\": {\n \t\t\t\t\tKind: &structpb.Value_StringValue{StringValue: \"new_string_example\"},\n \t\t\t\t},\n \t\t\t},\n \t\t},\n \t\t// Needed to only update the specific source property s_value\n \t\t// and EventTime. EventTime is a required field.\n \t\tUpdateMask: &field_mask.FieldMask{\n \t\t\tPaths: []string{\"event_time\", \"source_properties.s_value\"},\n \t\t},\n \t}\n\n \tfinding, err := client.UpdateFinding(ctx, req)\n \tif err != nil {\n \t\treturn fmt.Errorf(\"UpdateFinding: %w\", err)\n \t}\n \tfmt.Fprintf(w, \"Finding updated: %s\\n\", finding.Name)\n \tfmt.Fprintf(w, \"Finding state: %v\\n\", finding.State)\n \tfmt.Fprintf(w, \"Event time (Epoch Seconds): %d\\n\", eventTime.Seconds)\n \tfmt.Fprintf(w, \"Source Properties:\\n\")\n \tfor k, v := range finding.SourceProperties {\n \t\tfmt.Fprintf(w, \"%s = %v\\n\", k, v)\n \t}\n \treturn nil\n }\n\n### Java\n\n\nTo authenticate to Security Command Center, set up Application Default Credentials.\nFor more information, see\n\n[Set up authentication for a local development environment](/docs/authentication/set-up-adc-local-dev-environment).\n\n static Finding updateFinding(FindingName findingName) {\n try (SecurityCenterClient client = SecurityCenterClient.create()) {\n // FindingName findingName = FindingName.of(/*organization=*/\"123234324\",\n // /*source=*/\"423432321\", /*findingId=*/\"samplefindingid2\");\n\n // Use the current time as the finding \"event time\".\n Instant eventTime = Instant.now();\n\n // Define source properties values as protobuf \"Value\" objects.\n Value stringValue = Value.newBuilder().setStringValue(\"value\").build();\n\n FieldMask updateMask =\n FieldMask.newBuilder()\n .addPaths(\"event_time\")\n .addPaths(\"source_properties.stringKey\")\n .build();\n\n Finding finding =\n Finding.newBuilder()\n .setName(findingName.toString())\n .setEventTime(\n Timestamp.newBuilder()\n .setSeconds(eventTime.getEpochSecond())\n .setNanos(eventTime.getNano()))\n .putSourceProperties(\"stringKey\", stringValue)\n .build();\n\n UpdateFindingRequest.Builder request =\n UpdateFindingRequest.newBuilder().setFinding(finding).setUpdateMask(updateMask);\n\n // Call the API.\n Finding response = client.updateFinding(request.build());\n\n System.out.println(\"Updated Finding: \" + response);\n return response;\n } catch (IOException e) {\n throw new RuntimeException(\"Couldn't create client.\", e);\n }\n }\n\n### Node.js\n\n\nTo authenticate to Security Command Center, set up Application Default Credentials.\nFor more information, see\n\n[Set up authentication for a local development environment](/docs/authentication/set-up-adc-local-dev-environment).\n\n // Imports the Google Cloud client library.\n const {SecurityCenterClient} = require('https://cloud.google.com/nodejs/docs/reference/security-center/latest/overview.html');\n\n // Creates a new client.\n const client = new https://cloud.google.com/nodejs/docs/reference/security-center/latest/overview.html();\n\n // findingName is the full resource name of the finding to update.\n /*\n * TODO(developer): Uncomment the following lines\n */\n // const findingName =\n // \"organizations/111122222444/sources/1234/findings/findingid\";\n\n // Use now as the eventTime for the security finding.\n const eventTime = new Date();\n console.log(findingName);\n async function updateFinding() {\n const [newFinding] = await client.updateFinding({\n updateMask: {paths: ['event_time', 'source_properties.s_value']},\n finding: {\n name: findingName,\n // The time associated with discovering the issue.\n eventTime: {\n seconds: Math.floor(eventTime.getTime() / 1000),\n nanos: (eventTime.getTime() % 1000) * 1e6,\n },\n sourceProperties: {\n s_value: {stringValue: 'new_string_example'},\n },\n },\n });\n console.log('Updated Finding: %j', newFinding);\n }\n updateFinding();\n\n### Python\n\n\nTo authenticate to Security Command Center, set up Application Default Credentials.\nFor more information, see\n\n[Set up authentication for a local development environment](/docs/authentication/set-up-adc-local-dev-environment).\n\n from datetime import datetime, timezone\n\n from google.cloud import securitycenter_v1\n from google.cloud.securitycenter_v1 import Finding\n from google.protobuf import field_mask_pb2\n\n client = securitycenter_v1.SecurityCenterClient()\n # Only update the specific source property and event_time. event_time\n # is required for updates.\n field_mask = field_mask_pb2.FieldMask(\n paths=[\"source_properties.s_value\", \"event_time\"]\n )\n\n # Set the update time to Now. This must be some time greater then the\n # event_time on the original finding.\n event_time = datetime.now(tz=timezone.utc)\n\n # 'source_name' is the resource path for a source that has been\n # created previously (you can use list_sources to find a specific one).\n # Its format is:\n # source_name = \"organizations/{organization_id}/sources/{source_id}\"\n # e.g.:\n # source_name = \"organizations/111122222444/sources/1234\"\n finding_name = f\"{source_name}/findings/samplefindingid2\"\n finding = Finding(\n name=finding_name,\n source_properties={\"s_value\": \"new_string\"},\n event_time=event_time,\n )\n updated_finding = client.https://cloud.google.com/python/docs/reference/securitycenter/latest/google.cloud.securitycenter_v1.services.security_center.SecurityCenterClient.html#google_cloud_securitycenter_v1_services_security_center_SecurityCenterClient_update_finding(\n request={\"finding\": finding, \"update_mask\": field_mask}\n )\n\n print(\n \"New Source properties: {}, Event Time {}\".format(\n updated_finding.source_properties, updated_finding.event_time\n )\n )\n\nWhat's next\n-----------\n\n\nTo search and filter code samples for other Google Cloud products, see the\n[Google Cloud sample browser](/docs/samples?product=securitycenter)."]]