mirror of
https://github.com/imjasonh/gcloud-help
synced 2026-07-11 23:49:35 +00:00
166 lines
7 KiB
Text
166 lines
7 KiB
Text
NAME
|
|
gcloud alpha scc findings update - update a Security Command Center finding
|
|
|
|
SYNOPSIS
|
|
gcloud alpha scc findings update
|
|
(FINDING : --organization=ORGANIZATION --source=SOURCE)
|
|
[--event-time=EVENT_TIME] [--external-uri=EXTERNAL_URI]
|
|
[--location=LOCATION; default="global"]
|
|
[--source-properties=[KEY=VALUE,...]] [--state=STATE]
|
|
[--update-mask=UPDATE_MASK] [GCLOUD_WIDE_FLAG ...]
|
|
|
|
DESCRIPTION
|
|
(ALPHA) Update a Security Command Center finding.
|
|
|
|
EXAMPLES
|
|
Update testFinding's state from ACTIVE to INACTIVE:
|
|
|
|
$ gcloud alpha scc findings update `testFinding` \
|
|
--organization=123456 --source=5678 --state=INACTIVE
|
|
|
|
Update testFinding's state from ACTIVE to INACTIVE using project name for
|
|
example-project:
|
|
|
|
$ gcloud alpha scc findings update \
|
|
projects/example-project/sources/5678/findings/testFinding \
|
|
--state=INACTIVE
|
|
|
|
Update testFinding's state from ACTIVE to INACTIVE using folder name 456:
|
|
|
|
$ gcloud alpha scc findings update \
|
|
folders/456/sources/5678/findings/testFinding --state=INACTIVE
|
|
|
|
Override all source properties on testFinding:
|
|
|
|
$ gcloud alpha scc findings update `testFinding` \
|
|
--organization=123456 --source=5678 \
|
|
--source-properties="propKey1=propVal1,propKey2=propVal2"
|
|
|
|
Selectively update a specific source property on testFinding:
|
|
|
|
$ gcloud alpha scc findings update `testFinding` \
|
|
--organization=123456 --source=5678 \
|
|
--source-properties="propKey1=propVal1,propKey2=propVal2" \
|
|
--update-mask="source_properties.propKey1"
|
|
|
|
Update finding testFinding with location=eu, state from ACTIVE to INACTIVE:
|
|
|
|
$ gcloud alpha scc findings update `testFinding` \
|
|
--organization=123456 --source=5678 --state=INACTIVE \
|
|
--location=eu
|
|
|
|
POSITIONAL ARGUMENTS
|
|
Finding resource - The finding to be used for the SCC (Security Command
|
|
Center) command. The arguments in this group can be used to specify the
|
|
attributes of this resource.
|
|
|
|
This must be specified.
|
|
|
|
FINDING
|
|
ID of the finding or fully qualified identifier for the finding.
|
|
|
|
To set the finding attribute:
|
|
▸ provide the argument finding on the command line.
|
|
|
|
This positional argument must be specified if any of the other
|
|
arguments in this group are specified.
|
|
|
|
--organization=ORGANIZATION
|
|
(Optional) If the full resource name isn't provided e.g.
|
|
organizations/123, then provide the organization id which is the
|
|
suffix of the organization. Example: organizations/123, the id is
|
|
123.
|
|
|
|
To set the organization attribute:
|
|
▸ provide the argument finding on the command line with a fully
|
|
specified name;
|
|
▸ provide the argument --organization on the command line;
|
|
▸ Set the organization property in configuration using gcloud
|
|
config set scc/organization if it is not specified in command
|
|
line..
|
|
|
|
--source=SOURCE
|
|
(Optional) If the full resource name isn't provided e.g.
|
|
organizations/123/sources/456, then provide the source id which is
|
|
the suffix of the source. Example: organizations/123/sources/456, the
|
|
id is 456.
|
|
|
|
To set the source attribute:
|
|
▸ provide the argument finding on the command line with a fully
|
|
specified name;
|
|
▸ provide the argument --source on the command line.
|
|
|
|
FLAGS
|
|
--event-time=EVENT_TIME
|
|
Time at which the event took place. For example, if the finding
|
|
represents an open firewall it would capture the time the open firewall
|
|
was detected. If event-time is not provided, it will default to UTC
|
|
version of NOW. See $ gcloud topic datetimes for information on
|
|
supported time formats.
|
|
|
|
--external-uri=EXTERNAL_URI
|
|
URI that, if available, points to a web page outside of Cloud SCC
|
|
(Security Command Center) where additional information about the
|
|
finding can be found. This field is guaranteed to be either empty or a
|
|
well formed URL.
|
|
|
|
--location=LOCATION; default="global"
|
|
When data residency controls are enabled, this attribute specifies the
|
|
location in which the resource is located and applicable. The location
|
|
attribute can be provided as part of the fully specified resource name
|
|
or with the --location argument on the command line. The default
|
|
location is global.
|
|
|
|
The default location on this command is unrelated to the default
|
|
location that is specified when data residency controls are enabled for
|
|
Security Command Center.
|
|
|
|
--source-properties=[KEY=VALUE,...]
|
|
Source specific properties. These properties are managed by the source
|
|
that writes the finding. The key names in the source_properties map
|
|
must be between 1 and 255 characters, and must start with a letter and
|
|
contain alphanumeric characters or underscores only. For example
|
|
"key1=val1,key2=val2"
|
|
|
|
--state=STATE
|
|
State is one of: [ACTIVE, INACTIVE]. STATE must be one of: active,
|
|
inactive, state-unspecified.
|
|
|
|
--update-mask=UPDATE_MASK
|
|
Optional: If left unspecified (default), an update-mask is
|
|
automatically created using the flags specified in the command and only
|
|
those values are updated. For example: --external-uri='<some-uri>'
|
|
--event-time='<some-time>' would automatically generate
|
|
--update-mask='external_uri,event_time'. Note that as a result, only
|
|
external-uri and event-time are updated for the given finding and
|
|
everything else remains untouched. If you want to delete
|
|
attributes/properties (that are not being changed in the update
|
|
command) use an empty update-mask (''). That will delete all the
|
|
mutable properties/attributes that aren't specified as flags in the
|
|
update command. In the above example it would delete source-properties.
|
|
State can be toggled from ACTIVE to INACTIVE and vice-versa but it
|
|
cannot be deleted.
|
|
|
|
GCLOUD WIDE FLAGS
|
|
These flags are available to all commands: --access-token-file, --account,
|
|
--billing-project, --configuration, --flags-file, --flatten, --format,
|
|
--help, --impersonate-service-account, --log-http, --project, --quiet,
|
|
--trace-token, --user-output-enabled, --verbosity.
|
|
|
|
Run $ gcloud help for details.
|
|
|
|
API REFERENCE
|
|
This command uses the Security Command Center API. For more information,
|
|
see Security Command Center API.
|
|
(https://cloud.google.com/security-command-center/docs/reference/rest)
|
|
|
|
NOTES
|
|
This command is currently in alpha and might change without notice. If this
|
|
command fails with API permission errors despite specifying the correct
|
|
project, you might be trying to access an API with an invitation-only early
|
|
access allowlist. These variants are also available:
|
|
|
|
$ gcloud scc findings update
|
|
|
|
$ gcloud beta scc findings update
|
|
|