mirror of
https://github.com/imjasonh/gcloud-help
synced 2026-07-08 02:25:19 +00:00
138 lines
5.4 KiB
Text
138 lines
5.4 KiB
Text
NAME
|
|
gcloud scc findings create - create a Cloud Security Command Center finding
|
|
|
|
SYNOPSIS
|
|
gcloud scc findings create
|
|
(FINDING : --organization=ORGANIZATION --source=SOURCE)
|
|
--category=CATEGORY --event-time=EVENT_TIME
|
|
--resource-name=RESOURCE_NAME [--external-uri=EXTERNAL_URI]
|
|
[--source-properties=[SOURCE_PROPERTIES,...]] [--state=STATE]
|
|
[GCLOUD_WIDE_FLAG ...]
|
|
|
|
DESCRIPTION
|
|
Create a Cloud Security Command Center finding.
|
|
|
|
EXAMPLES
|
|
Create an ACTIVE my-finding with category: XSS_SCRIPTING attached to
|
|
example-project under organization 123456 and source 5678:
|
|
|
|
$ gcloud scc findings create my-finding --organization=123456 \
|
|
--source=5678 --state=ACTIVE --category='XSS_SCRIPTING' \
|
|
--event-time=2023-01-11T07:00:06.861Z \
|
|
--resource-name='//cloudresourcemanager.googleapis.com/projects/\
|
|
example-project'
|
|
|
|
Create an ACTIVE my-finding attached to example-project under project
|
|
example-project and source 5678:
|
|
|
|
$ gcloud scc findings create \
|
|
projects/example-project/sources/5678/findings/my-finding \
|
|
--state=ACTIVE --category='XSS_SCRIPTING' \
|
|
--event-time=2023-01-11T07:00:06.861Z \
|
|
--resource-name='//cloudresourcemanager.googleapis.com/projects/\
|
|
example-project'
|
|
|
|
Create an ACTIVE my-finding attached to example-project under folder 456
|
|
and source 5678:
|
|
|
|
$ gcloud scc findings create \
|
|
folders/456/sources/5678/findings/my-finding --state=ACTIVE \
|
|
--category='XSS_SCRIPTING' \
|
|
--event-time=2023-01-11T07:00:06.861Z \
|
|
--resource-name='//cloudresourcemanager.googleapis.com/projects/\
|
|
example-project'
|
|
|
|
POSITIONAL ARGUMENTS
|
|
Finding resource - The finding to be used for the SCC (Security Command
|
|
Center) command. The arguments in this group can be used to specify the
|
|
attributes of this resource.
|
|
|
|
This must be specified.
|
|
|
|
FINDING
|
|
ID of the finding or fully qualified identifier for the finding.
|
|
|
|
To set the finding attribute:
|
|
▸ provide the argument finding on the command line.
|
|
|
|
This positional argument must be specified if any of the other
|
|
arguments in this group are specified.
|
|
|
|
--organization=ORGANIZATION
|
|
(Optional) If the full resource name isn't provided e.g.
|
|
organizations/123, then provide the organization id which is the
|
|
suffix of the organization. Example: organizations/123, the id is
|
|
123.
|
|
|
|
To set the organization attribute:
|
|
▸ provide the argument finding on the command line with a fully
|
|
specified name;
|
|
▸ provide the argument --organization on the command line;
|
|
▸ Set the organization property in configuration using gcloud
|
|
config set scc/organization if it is not specified in command
|
|
line..
|
|
|
|
--source=SOURCE
|
|
(Optional) If the full resource name isn't provided e.g.
|
|
organizations/123/sources/456, then provide the source id which is
|
|
the suffix of the source. Example: organizations/123/sources/456, the
|
|
id is 456.
|
|
|
|
To set the source attribute:
|
|
▸ provide the argument finding on the command line with a fully
|
|
specified name;
|
|
▸ provide the argument --source on the command line.
|
|
|
|
REQUIRED FLAGS
|
|
--category=CATEGORY
|
|
Taxonomy group within findings from a given source. Example:
|
|
XSS_SCRIPTING
|
|
|
|
--event-time=EVENT_TIME
|
|
Time at which the event took place. For example, if the finding
|
|
represents an open firewall it would capture the time the open firewall
|
|
was detected. If event-time is not provided, it will default to UTC
|
|
version of NOW. See $ gcloud topic datetimes for information on
|
|
supported time formats.
|
|
|
|
--resource-name=RESOURCE_NAME
|
|
Full resource name of the Google Cloud Platform resource this finding
|
|
is for.
|
|
|
|
OPTIONAL FLAGS
|
|
--external-uri=EXTERNAL_URI
|
|
URI that, if available, points to a web page outside of Cloud SCC
|
|
(Security Command Center) where additional information about the
|
|
finding can be found. This field is guaranteed to be either empty or a
|
|
well formed URL.
|
|
|
|
--source-properties=[SOURCE_PROPERTIES,...]
|
|
Source specific properties. These properties are managed by the source
|
|
that writes the finding. The key names in the source_properties map
|
|
must be between 1 and 255 characters, and must start with a letter and
|
|
contain alphanumeric characters or underscores only. For example
|
|
"key1=val1,key2=val2"
|
|
|
|
--state=STATE
|
|
State is one of: [ACTIVE, INACTIVE]. STATE must be one of: active,
|
|
inactive, state-unspecified.
|
|
|
|
GCLOUD WIDE FLAGS
|
|
These flags are available to all commands: --access-token-file, --account,
|
|
--billing-project, --configuration, --flags-file, --flatten, --format,
|
|
--help, --impersonate-service-account, --log-http, --project, --quiet,
|
|
--trace-token, --user-output-enabled, --verbosity.
|
|
|
|
Run $ gcloud help for details.
|
|
|
|
API REFERENCE
|
|
This command uses the securitycenter/v1 API. The full documentation for
|
|
this API can be found at: https://cloud.google.com/security-command-center
|
|
|
|
NOTES
|
|
These variants are also available:
|
|
|
|
$ gcloud alpha scc findings create
|
|
|
|
$ gcloud beta scc findings create
|
|
|