The Security Command Center API enables you to control whether asset discovery for Security Command Center is turned on or off for an organization. This guide shows you how to get an organization's current configuration settings and use the API to turn on asset discovery.
Asset discovery is not required unless you are using the deprecated asset functionality of the Security Command Center API or the asset-related Security Command Center commands of the Google Cloud CLI. Asset discovery does not affect the assets that are displayed on the Assetspage.
The IAM roles for Security Command Center can be granted at the organization, folder, or project level. Your ability to view, edit, create, or update findings, assets, and security sources depends on the level for which you are granted access. To learn more about Security Command Center roles, see Access control .
Before you begin
Before you configure asset discovery, you need to authenticate with the Security Command Center API .
Getting organization settings configuration
Python
from
google.cloud
import
securitycenter
client
=
securitycenter
.
SecurityCenterClient
()
# organization_id is numeric ID for the organization. e.g.
# organization_id = "111112223333"
org_settings_name
=
client
.
organization_settings_path
(
organization_id
)
org_settings
=
client
.
get_organization_settings
(
request
=
{
"name"
:
org_settings_name
})
print
(
org_settings
)
Java
static
OrganizationSettings
getOrganizationSettings
(
OrganizationName
organizationName
)
{
try
(
SecurityCenterClient
client
=
SecurityCenterClient
.
create
())
{
// Start setting up a request to get OrganizationSettings for.
// OrganizationName organizationName = OrganizationName.of(/*organizationId=*/"123234324");
GetOrganizationSettingsRequest
.
Builder
request
=
GetOrganizationSettingsRequest
.
newBuilder
()
.
setName
(
organizationName
.
toString
()
+
"/organizationSettings"
);
// Call the API.
OrganizationSettings
response
=
client
.
getOrganizationSettings
(
request
.
build
());
System
.
out
.
println
(
"Organization Settings:"
);
System
.
out
.
println
(
response
);
return
response
;
}
catch
(
IOException
e
)
{
throw
new
RuntimeException
(
"Couldn't create client."
,
e
);
}
}
Go
import
(
"context"
"fmt"
"io"
securitycenter
"cloud.google.com/go/securitycenter/apiv1"
"cloud.google.com/go/securitycenter/apiv1/securitycenterpb"
)
// getOrgSettings gets and prints the current organization asset discovery
// settings to w. orgID is the numeric Organization ID.
func
getOrgSettings
(
w
io
.
Writer
,
orgID
string
)
error
{
// orgID := "12321311"
// Instantiate a context and a security service client to make API calls.
ctx
:=
context
.
Background
()
client
,
err
:=
securitycenter
.
NewClient
(
ctx
)
if
err
!=
nil
{
return
fmt
.
Errorf
(
"securitycenter.NewClient: %w"
,
err
)
}
defer
client
.
Close
()
// Closing the client safely cleans up background resources.
req
:=
& securitycenterpb
.
GetOrganizationSettingsRequest
{
Name
:
fmt
.
Sprintf
(
"organizations/%s/organizationSettings"
,
orgID
),
}
settings
,
err
:=
client
.
GetOrganizationSettings
(
ctx
,
req
)
if
err
!=
nil
{
return
fmt
.
Errorf
(
"GetOrganizationSettings: %w"
,
err
)
}
fmt
.
Fprintf
(
w
,
"Retrieved Settings for: %s\n"
,
settings
.
Name
)
fmt
.
Fprintf
(
w
,
"Asset Discovery on? %v"
,
settings
.
EnableAssetDiscovery
)
return
nil
}
Node.js
// Imports the Google Cloud client library.
const
{
SecurityCenterClient
}
=
require
(
' @google-cloud/security-center
'
);
// Creates a new client.
const
client
=
new
SecurityCenterClient
();
async
function
getOrgSettings
()
{
// organizationId is the numeric ID of the organization.
/*
* TODO(developer): Uncomment the following lines
*/
// const organizaionId = "111122222444";
const
orgName
=
client
.
organizationPath
(
organizationId
);
const
[
settings
]
=
await
client
.
getOrganizationSettings
({
name
:
`
${
orgName
}
/organizationSettings`
,
});
console
.
log
(
'Current settings: %j'
,
settings
);
}
getOrgSettings
();
Turning on asset discovery
The API call below uses a field mask so only the setting for asset discovery is turned on or off.
Python
from
google.cloud
import
securitycenter
from
google.protobuf
import
field_mask_pb2
# Create the client
client
=
securitycenter
.
SecurityCenterClient
()
# organization_id is numeric ID for the organization. e.g.
# organization_id = "111112223333"
org_settings_name
=
"organizations/
{org_id}
/organizationSettings"
.
format
(
org_id
=
organization_id
)
# Only update the enable_asset_discovery_value (leave others untouched).
field_mask
=
field_mask_pb2
.
FieldMask
(
paths
=
[
"enable_asset_discovery"
])
# Call the service.
updated
=
client
.
update_organization_settings
(
request
=
{
"organization_settings"
:
{
"name"
:
org_settings_name
,
"enable_asset_discovery"
:
True
,
},
"update_mask"
:
field_mask
,
}
)
print
(
f
"Asset Discovery Enabled?
{
updated
.
enable_asset_discovery
}
"
)
Java
static
OrganizationSettings
updateOrganizationSettings
(
OrganizationName
organizationName
)
{
try
(
SecurityCenterClient
client
=
SecurityCenterClient
.
create
())
{
// Start setting up a request to update OrganizationSettings for.
// OrganizationName organizationName = OrganizationName.of(/*organizationId=*/"123234324");
OrganizationSettings
organizationSettings
=
OrganizationSettings
.
newBuilder
()
.
setName
(
organizationName
.
toString
()
+
"/organizationSettings"
)
.
setEnableAssetDiscovery
(
true
)
.
build
();
FieldMask
updateMask
=
FieldMask
.
newBuilder
().
addPaths
(
"enable_asset_discovery"
).
build
();
UpdateOrganizationSettingsRequest
.
Builder
request
=
UpdateOrganizationSettingsRequest
.
newBuilder
()
.
setOrganizationSettings
(
organizationSettings
)
.
setUpdateMask
(
updateMask
);
// Call the API.
OrganizationSettings
response
=
client
.
updateOrganizationSettings
(
request
.
build
());
System
.
out
.
println
(
"Organization Settings have been updated:"
);
System
.
out
.
println
(
response
);
return
response
;
}
catch
(
IOException
e
)
{
throw
new
RuntimeException
(
"Couldn't create client."
,
e
);
}
}
Go
import
(
"context"
"fmt"
"io"
securitycenter
"cloud.google.com/go/securitycenter/apiv1"
"cloud.google.com/go/securitycenter/apiv1/securitycenterpb"
"google.golang.org/genproto/protobuf/field_mask"
)
// Turns on asset discovery for orgID and prints out updated settings to w.
// settings. orgID is the numeric Organization ID.
func
enableAssetDiscovery
(
w
io
.
Writer
,
orgID
string
)
error
{
// orgID := "12321311"
// Instantiate a context and a security service client to make API calls.
ctx
:=
context
.
Background
()
client
,
err
:=
securitycenter
.
NewClient
(
ctx
)
if
err
!=
nil
{
return
fmt
.
Errorf
(
"securitycenter.NewClient: %w"
,
err
)
}
defer
client
.
Close
()
// Closing the client safely cleans up background resources.
req
:=
& securitycenterpb
.
UpdateOrganizationSettingsRequest
{
OrganizationSettings
:
& securitycenterpb
.
OrganizationSettings
{
Name
:
fmt
.
Sprintf
(
"organizations/%s/organizationSettings"
,
orgID
),
EnableAssetDiscovery
:
true
,
},
// Only update the asset discovery setting.
UpdateMask
:
& field_mask
.
FieldMask
{
Paths
:
[]
string
{
"enable_asset_discovery"
},
},
}
settings
,
err
:=
client
.
UpdateOrganizationSettings
(
ctx
,
req
)
if
err
!=
nil
{
return
fmt
.
Errorf
(
"UpdateOrganizationSettings: %w"
,
err
)
}
fmt
.
Fprintf
(
w
,
"Updated Settings for: %s\n"
,
settings
.
Name
)
fmt
.
Fprintf
(
w
,
"Asset discovery on? %v\n"
,
settings
.
EnableAssetDiscovery
)
return
nil
}
Node.js
// Imports the Google Cloud client library.
const
{
SecurityCenterClient
}
=
require
(
' @google-cloud/security-center
'
);
// Creates a new client.
const
client
=
new
SecurityCenterClient
();
async
function
updateOrgSettings
()
{
// organizationId is the numeric ID of the organization.
/*
* TODO(developer): Uncomment the following lines
*/
// const organizationId = "111122222444";
const
orgName
=
client
.
organizationPath
(
organizationId
);
const
[
newSettings
]
=
await
client
.
updateOrganizationSettings
({
organizationSettings
:
{
name
:
`
${
orgName
}
/organizationSettings`
,
enableAssetDiscovery
:
true
,
},
// Only update the enableAssetDiscovery field.
updateMask
:
{
paths
:
[
'enable_asset_discovery'
]},
});
console
.
log
(
'New settings: %j'
,
newSettings
);
}
updateOrgSettings
();
