1
0
Fork 0
mirror of https://github.com/imjasonh/gcloud-help synced 2026-07-08 02:25:19 +00:00
gcloud-help/gcloud/scc/findings/create
2023-06-02 10:25:45 +00:00

138 lines
5.4 KiB
Text

NAME
gcloud scc findings create - create a Cloud Security Command Center finding
SYNOPSIS
gcloud scc findings create
(FINDING : --organization=ORGANIZATION --source=SOURCE)
--category=CATEGORY --event-time=EVENT_TIME
--resource-name=RESOURCE_NAME [--external-uri=EXTERNAL_URI]
[--source-properties=[SOURCE_PROPERTIES,...]] [--state=STATE]
[GCLOUD_WIDE_FLAG ...]
DESCRIPTION
Create a Cloud Security Command Center finding.
EXAMPLES
Create an ACTIVE my-finding with category: XSS_SCRIPTING attached to
example-project under organization 123456 and source 5678:
$ gcloud scc findings create my-finding --organization=123456 \
--source=5678 --state=ACTIVE --category='XSS_SCRIPTING' \
--event-time=2023-01-11T07:00:06.861Z \
--resource-name='//cloudresourcemanager.googleapis.com/projects/\
example-project'
Create an ACTIVE my-finding attached to example-project under project
example-project and source 5678:
$ gcloud scc findings create \
projects/example-project/sources/5678/findings/my-finding \
--state=ACTIVE --category='XSS_SCRIPTING' \
--event-time=2023-01-11T07:00:06.861Z \
--resource-name='//cloudresourcemanager.googleapis.com/projects/\
example-project'
Create an ACTIVE my-finding attached to example-project under folder 456
and source 5678:
$ gcloud scc findings create \
folders/456/sources/5678/findings/my-finding --state=ACTIVE \
--category='XSS_SCRIPTING' \
--event-time=2023-01-11T07:00:06.861Z \
--resource-name='//cloudresourcemanager.googleapis.com/projects/\
example-project'
POSITIONAL ARGUMENTS
Finding resource - The finding to be used for the SCC (Security Command
Center) command. The arguments in this group can be used to specify the
attributes of this resource.
This must be specified.
FINDING
ID of the finding or fully qualified identifier for the finding.
To set the finding attribute:
▸ provide the argument finding on the command line.
This positional argument must be specified if any of the other
arguments in this group are specified.
--organization=ORGANIZATION
(Optional) If the full resource name isn't provided e.g.
organizations/123, then provide the organization id which is the
suffix of the organization. Example: organizations/123, the id is
123.
To set the organization attribute:
▸ provide the argument finding on the command line with a fully
specified name;
▸ provide the argument --organization on the command line;
▸ Set the organization property in configuration using gcloud
config set scc/organization if it is not specified in command
line..
--source=SOURCE
(Optional) If the full resource name isn't provided e.g.
organizations/123/sources/456, then provide the source id which is
the suffix of the source. Example: organizations/123/sources/456, the
id is 456.
To set the source attribute:
▸ provide the argument finding on the command line with a fully
specified name;
▸ provide the argument --source on the command line.
REQUIRED FLAGS
--category=CATEGORY
Taxonomy group within findings from a given source. Example:
XSS_SCRIPTING
--event-time=EVENT_TIME
Time at which the event took place. For example, if the finding
represents an open firewall it would capture the time the open firewall
was detected. If event-time is not provided, it will default to UTC
version of NOW. See $ gcloud topic datetimes for information on
supported time formats.
--resource-name=RESOURCE_NAME
Full resource name of the Google Cloud Platform resource this finding
is for.
OPTIONAL FLAGS
--external-uri=EXTERNAL_URI
URI that, if available, points to a web page outside of Cloud SCC
(Security Command Center) where additional information about the
finding can be found. This field is guaranteed to be either empty or a
well formed URL.
--source-properties=[SOURCE_PROPERTIES,...]
Source specific properties. These properties are managed by the source
that writes the finding. The key names in the source_properties map
must be between 1 and 255 characters, and must start with a letter and
contain alphanumeric characters or underscores only. For example
"key1=val1,key2=val2"
--state=STATE
State is one of: [ACTIVE, INACTIVE]. STATE must be one of: active,
inactive, state-unspecified.
GCLOUD WIDE FLAGS
These flags are available to all commands: --access-token-file, --account,
--billing-project, --configuration, --flags-file, --flatten, --format,
--help, --impersonate-service-account, --log-http, --project, --quiet,
--trace-token, --user-output-enabled, --verbosity.
Run $ gcloud help for details.
API REFERENCE
This command uses the securitycenter/v1 API. The full documentation for
this API can be found at: https://cloud.google.com/security-command-center
NOTES
These variants are also available:
$ gcloud alpha scc findings create
$ gcloud beta scc findings create