forked from GoogleCloudPlatform/professional-services
-
Notifications
You must be signed in to change notification settings - Fork 0
/
scc.py
82 lines (73 loc) · 3.31 KB
/
scc.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
from .base import Output, NotConfiguredException
import json
from googleapiclient import discovery, errors
class SccOutput(Output):
def output(self):
if 'vars' in self.output_config:
additional_vars = self._jinja_expand_dict(
self.output_config['vars'], 'vars')
self.jinja_environment.globals = {
**additional_vars,
**self.jinja_environment.globals
}
if 'source' not in self.output_config:
raise NotConfiguredException(
'No Security Command Center source defined in configuration.')
source = self._jinja_expand_string(self.output_config['source'],
'source')
if 'finding_id' not in self.output_config:
raise NotConfiguredException(
'No Security Command Center finding ID defined in configuration.'
)
finding_id = self._jinja_expand_string(
str(self.output_config['finding_id']), 'finding_id')
if 'finding' not in self.output_config:
raise NotConfiguredException(
'No Security Command center finding content defined in configuration.'
)
finding = self._jinja_expand_dict(self.output_config['finding'],
'finding')
finding['name'] = '%s/findings/%s' % (source, finding_id)
if 'sourceProperties' in finding:
if not isinstance(finding['sourceProperties'], dict):
try:
props = json.loads(finding['sourceProperties'])
finding['sourceProperties'] = props
except Exception:
pass
scc_service = discovery.build('securitycenter',
'v1',
http=self._get_branded_http())
request = scc_service.organizations().sources().findings().create(
parent=source, findingId=finding_id, body=finding)
try:
request.execute()
except errors.HttpError as exc:
if exc.resp.status == 409:
self.logger.warn('Finding already in Security Command Center.',
extra={
'source': source,
'finding_id': finding_id
})
return
else:
raise (exc)
self.logger.info('Finding sent to Security Command Center!',
extra={
'source': source,
'finding_id': finding_id,
'finding': finding
})