Demonstrates how to list findings for specific points in time
Code sample
Go
To authenticate to Security Command Center, set up Application Default Credentials. For more information, see Set up authentication for a local development environment .
import
(
"context"
"fmt"
"io"
"time"
securitycenter
"cloud.google.com/go/securitycenter/apiv1"
"cloud.google.com/go/securitycenter/apiv1/securitycenterpb"
"github.com/golang/protobuf/ptypes"
"google.golang.org/api/iterator"
)
// listFindingsAtTime prints findings that where present for a specific source
// as of five days ago to w. sourceName is the full resource name of the
// source to search for findings under.
func
listFindingsAtTime
(
w
io
.
Writer
,
sourceName
string
)
error
{
// Specific source:
// sourceName := "{parent}/sources/{sourceId}"
// All sources:
// sourceName := "{parent}/sources/-"
// where,
// Parent must be in one of the following formats:
// "organizations/{orgId}"
// "projects/{projectId}"
// "folders/{folderId}"
ctx
:=
context
.
Background
()
client
,
err
:=
securitycenter
.
NewClient
(
ctx
)
if
err
!=
nil
{
return
fmt
.
Errorf
(
"securitycenter.NewClient: %w"
,
err
)
}
defer
client
.
Close
()
// Closing the client safely cleans up background resources.
fiveDaysAgo
,
err
:=
ptypes
.
TimestampProto
(
time
.
Now
().
AddDate
(
0
,
0
,
-
5
))
if
err
!=
nil
{
return
fmt
.
Errorf
(
"Error converting five days ago: %w"
,
err
)
}
req
:=
& securitycenterpb
.
ListFindingsRequest
{
Parent
:
sourceName
,
ReadTime
:
fiveDaysAgo
,
}
it
:=
client
.
ListFindings
(
ctx
,
req
)
for
{
result
,
err
:=
it
.
Next
()
if
err
==
iterator
.
Done
{
break
}
if
err
!=
nil
{
return
fmt
.
Errorf
(
"it.Next: %w"
,
err
)
}
finding
:=
result
.
Finding
fmt
.
Fprintf
(
w
,
"Finding Name: %s, "
,
finding
.
Name
)
fmt
.
Fprintf
(
w
,
"Resource Name %s, "
,
finding
.
ResourceName
)
fmt
.
Fprintf
(
w
,
"Category: %s\n"
,
finding
.
Category
)
}
return
nil
}
Java
To authenticate to Security Command Center, set up Application Default Credentials. For more information, see Set up authentication for a local development environment .
static
ImmutableList<ListFindingsResult>
listFindingsAtTime
(
SourceName
sourceName
)
{
try
(
SecurityCenterClient
client
=
SecurityCenterClient
.
create
())
{
// parentId: must be one of the following:
// "organization-id"
// "project-id"
// "folder-id"
// SourceName sourceName = SourceName.of(parentId, sourceId);
// 5 days ago
Instant
fiveDaysAgo
=
Instant
.
now
().
minus
(
Duration
.
ofDays
(
5
));
ListFindingsRequest
.
Builder
request
=
ListFindingsRequest
.
newBuilder
()
.
setParent
(
sourceName
.
toString
())
.
setReadTime
(
Timestamp
.
newBuilder
()
.
setSeconds
(
fiveDaysAgo
.
getEpochSecond
())
.
setNanos
(
fiveDaysAgo
.
getNano
()));
// Call the API.
ListFindingsPagedResponse
response
=
client
.
listFindings
(
request
.
build
());
// This creates one list for all findings. If your organization has a large number of
// findings this can cause out of memory issues. You can process them in incrementally
// by returning the Iterable returned response.iterateAll() directly.
ImmutableList<ListFindingsResult>
results
=
ImmutableList
.
copyOf
(
response
.
iterateAll
());
System
.
out
.
println
(
"Findings:"
);
System
.
out
.
println
(
results
);
return
results
;
}
catch
(
IOException
e
)
{
throw
new
RuntimeException
(
"Couldn't create client."
,
e
);
}
}
Node.js
To authenticate to Security Command Center, set up Application Default Credentials. For more information, see Set up authentication for a local development environment .
// Imports the Google Cloud client library.
const
{
SecurityCenterClient
}
=
require
(
' @google-cloud/security-center
'
);
// Creates a new client.
const
client
=
new
SecurityCenterClient
();
// sourceName is the fully qualified source name to search for findings
// under.
/*
* TODO(developer): Uncomment the following lines
*/
// const sourceName = `${parent}/sources/${sourceId}`;
// where,
// parent: must be in one of the following formats:
// `organizations/${organization_id}`
// `projects/${project_id}`
// `folders/${folder_id}`
const
fiveDaysAgo
=
new
Date
();
fiveDaysAgo
.
setDate
(
fiveDaysAgo
.
getDate
()
-
5
);
async
function
listFindingsAtTime
()
{
const
[
response
]
=
await
client
.
listFindings
({
// List findings across all sources.
parent
:
sourceName
,
//commented readTime as it is not supported, refer below link
//https://cloud.google.com/security-command-center/docs/release-notes#April_15_2024
// readTime: {
// seconds: Math.floor(fiveDaysAgo.getTime() / 1000),
// nanos: (fiveDaysAgo.getTime() % 1000) * 1e6,
// },
});
let
count
=
0
;
Array
.
from
(
response
).
forEach
(
result
=
>
console
.
log
(
`
${
++
count
}
${
result
.
finding
.
name
}
${
result
.
finding
.
resourceName
}
`
)
);
}
listFindingsAtTime
();
Python
To authenticate to Security Command Center, set up Application Default Credentials. For more information, see Set up authentication for a local development environment .
from
datetime
import
datetime
,
timedelta
,
timezone
from
google.cloud
import
securitycenter_v1
# Create a new client.
# More info about SecurityCenterClient:
# https://cloud.google.com/python/docs/reference/securitycenter/latest/google.cloud.securitycenter_v1.services.security_center.SecurityCenterClient
client
=
securitycenter_v1
.
SecurityCenterClient
()
# 'source_name' is the resource path for a source that has been
# created previously (you can use list_sources to find a specific one).
# Its format is:
# source_name = f"{parent}/sources/{source_id}"
# 'parent' must be in one of the following formats:
# "organizations/{organization_id}"
# "projects/{project_id}"
# "folders/{folder_id}"
# You an also use a wild-card "-" for all sources:
# source_name = "organizations/111122222444/sources/-"
five_days_ago
=
datetime
.
now
(
timezone
.
utc
)
-
timedelta
(
days
=
5
)
timestamp_milliseconds
=
int
(
five_days_ago
.
timestamp
()
*
1000
)
# More details about the request syntax:
# https://cloud.google.com/security-command-center/docs/reference/rest/v1/folders.sources.findings/list
finding_result_iterator
=
client
.
list_findings
(
request
=
{
"parent"
:
source_name
,
"filter"
:
f
"event_time <
{
timestamp_milliseconds
}
"
,
}
)
for
i
,
finding_result
in
enumerate
(
finding_result_iterator
):
print
(
"
{}
: name:
{}
resource:
{}
"
.
format
(
i
,
finding_result
.
finding
.
name
,
finding_result
.
finding
.
resource_name
)
)
What's next
To search and filter code samples for other Google Cloud products, see the Google Cloud sample browser .
