Demonstrates how to create a mute rule, which is a configuration that uses a filter to automatically mute future findings
Code sample
Go
To authenticate to Security Command Center, set up Application Default Credentials. For more information, see Set up authentication for a local development environment .
import
(
"context"
"fmt"
"io"
securitycenter
"cloud.google.com/go/securitycenter/apiv1"
"cloud.google.com/go/securitycenter/apiv1/securitycenterpb"
)
// createMuteRule: Creates a mute configuration under a given scope that will mute
// all new findings that match a given filter.
// Existing findings will not be muted.
func
createMuteRule
(
w
io
.
Writer
,
parent
string
,
muteConfigId
string
)
error
{
// parent: Use any one of the following options:
// - organizations/{organization_id}
// - folders/{folder_id}
// - projects/{project_id}
// parent := fmt.Sprintf("projects/%s", "your-google-cloud-project-id")
// muteConfigId: Set a random id; max of 63 chars.
// muteConfigId := "random-mute-id-" + uuid.New().String()
ctx
:=
context
.
Background
()
client
,
err
:=
securitycenter
.
NewClient
(
ctx
)
if
err
!=
nil
{
return
fmt
.
Errorf
(
"securitycenter.NewClient: %w"
,
err
)
}
defer
client
.
Close
()
muteConfig
:=
& securitycenterpb
.
MuteConfig
{
Description
:
"Mute low-medium IAM grants excluding 'compute' "
,
// Set mute rule(s).
// To construct mute rules and for supported properties, see:
// https://cloud.google.com/security-command-center/docs/how-to-mute-findings#create_mute_rules
Filter
:
"severity=\"LOW\" OR severity=\"MEDIUM\" AND "
+
"category=\"Persistence: IAM Anomalous Grant\" AND "
+
"-resource.type:\"compute\""
,
}
req
:=
& securitycenterpb
.
CreateMuteConfigRequest
{
Parent
:
parent
,
MuteConfigId
:
muteConfigId
,
MuteConfig
:
muteConfig
,
}
response
,
err
:=
client
.
CreateMuteConfig
(
ctx
,
req
)
if
err
!=
nil
{
return
fmt
.
Errorf
(
"failed to create mute rule: %w"
,
err
)
}
fmt
.
Fprintf
(
w
,
"Mute rule created successfully: %s"
,
response
.
Name
)
return
nil
}
Java
To authenticate to Security Command Center, set up Application Default Credentials. For more information, see Set up authentication for a local development environment .
import
com.google.cloud.securitycenter.v1. CreateMuteConfigRequest
;
import
com.google.cloud.securitycenter.v1. MuteConfig
;
import
com.google.cloud.securitycenter.v1. SecurityCenterClient
;
import
java.io.IOException
;
import
java.util.UUID
;
public
class
CreateMuteRule
{
public
static
void
main
(
String
[]
args
)
{
// TODO: Replace the variables within {}
// parentPath: Use any one of the following options:
// - organizations/{organization_id}
// - folders/{folder_id}
// - projects/{project_id}
String
parentPath
=
String
.
format
(
"projects/%s"
,
"your-google-cloud-project-id"
);
// muteConfigId: Set a random id; max of 63 chars.
String
muteConfigId
=
"random-mute-id-"
+
UUID
.
randomUUID
();
createMuteRule
(
parentPath
,
muteConfigId
);
}
// Creates a mute configuration under a given scope that will mute
// all new findings that match a given filter.
// Existing findings will not be muted.
public
static
void
createMuteRule
(
String
parentPath
,
String
muteConfigId
)
{
// Initialize client that will be used to send requests. This client only needs to be created
// once, and can be reused for multiple requests. After completing all of your requests, call
// the "close" method on the client to safely clean up any remaining background resources.
try
(
SecurityCenterClient
client
=
SecurityCenterClient
.
create
())
{
MuteConfig
muteConfig
=
MuteConfig
.
newBuilder
()
.
setDescription
(
"Mute low-medium IAM grants excluding 'compute' "
)
// Set mute rule(s).
// To construct mute rules and for supported properties, see:
// https://cloud.google.com/security-command-center/docs/how-to-mute-findings#create_mute_rules
.
setFilter
(
"severity=\"LOW\" OR severity=\"MEDIUM\" AND "
+
"category=\"Persistence: IAM Anomalous Grant\" AND "
+
"-resource.type:\"compute\""
)
.
build
();
CreateMuteConfigRequest
request
=
CreateMuteConfigRequest
.
newBuilder
()
.
setParent
(
parentPath
)
.
setMuteConfigId
(
muteConfigId
)
.
setMuteConfig
(
muteConfig
)
.
build
();
// ExecutionException is thrown if the below call fails.
MuteConfig
response
=
client
.
createMuteConfig
(
request
);
System
.
out
.
println
(
"Mute rule created successfully: "
+
response
.
getName
());
}
catch
(
IOException
e
)
{
System
.
out
.
println
(
"Mute rule creation failed! \n Exception: "
+
e
);
}
}
}
Python
To authenticate to Security Command Center, set up Application Default Credentials. For more information, see Set up authentication for a local development environment .
def
create_mute_rule
(
parent_path
:
str
,
mute_config_id
:
str
)
-
> None
:
"""
Creates a mute configuration under a given scope that will mute
all new findings that match a given filter.
Existing findings will NOT BE muted.
Args:
parent_path: use any one of the following options:
- organizations/{organization_id}
- folders/{folder_id}
- projects/{project_id}
mute_config_id: Set a unique id; max of 63 chars.
"""
from
google.cloud
import
securitycenter
client
=
securitycenter
.
SecurityCenterClient
()
mute_config
=
securitycenter
.
MuteConfig
()
mute_config
.
description
=
"Mute low-medium IAM grants excluding 'compute' "
# Set mute rule(s).
# To construct mute rules and for supported properties, see:
# https://cloud.google.com/security-command-center/docs/how-to-mute-findings#create_mute_rules
mute_config
.
filter
=
(
'severity="LOW" OR severity="MEDIUM" AND '
'category="Persistence: IAM Anomalous Grant" AND '
'-resource.type:"compute"'
)
request
=
securitycenter
.
CreateMuteConfigRequest
()
request
.
parent
=
parent_path
request
.
mute_config_id
=
mute_config_id
request
.
mute_config
=
mute_config
mute_config
=
client
.
create_mute_config
(
request
=
request
)
print
(
f
"Mute rule created successfully:
{
mute_config
.
name
}
"
)
What's next
To search and filter code samples for other Google Cloud products, see the Google Cloud sample browser .
