NAME

gcloud scc findings create - create a Cloud Security Command Center finding

SYNOPSIS

gcloud scc findings create (FINDING : --organization=ORGANIZATION --source=SOURCE) --category=CATEGORY --event-time=EVENT_TIME --resource-name=RESOURCE_NAME [--external-uri=EXTERNAL_URI] [--source-properties=[SOURCE_PROPERTIES,...]] [--state=STATE] [GCLOUD_WIDE_FLAG ...]

DESCRIPTION

Create a Cloud Security Command Center finding.

EXAMPLES

Create an ACTIVE my-finding with category: XSS_SCRIPTING attached to example-project under organization 123456 and source 5678:

$ gcloud scc findings create my-finding --organization=123456 \ --source=5678 --state=ACTIVE --category='XSS_SCRIPTING' \ --event-time=2023-01-11T07:00:06.861Z \ --resource-name='//cloudresourcemanager.googleapis.com/projects/\ example-project'

Create an ACTIVE my-finding attached to example-project under project example-project and source 5678:

$ gcloud scc findings create \ projects/example-project/sources/5678/findings/my-finding \ --state=ACTIVE --category='XSS_SCRIPTING' \ --event-time=2023-01-11T07:00:06.861Z \ --resource-name='//cloudresourcemanager.googleapis.com/projects/\ example-project'

Create an ACTIVE my-finding attached to example-project under folder 456 and source 5678:

$ gcloud scc findings create \ folders/456/sources/5678/findings/my-finding --state=ACTIVE \ --category='XSS_SCRIPTING' \ --event-time=2023-01-11T07:00:06.861Z \ --resource-name='//cloudresourcemanager.googleapis.com/projects/\ example-project'

POSITIONAL ARGUMENTS

Finding resource - The finding to be used for the SCC (Security Command Center)

command. The arguments in this group can be used to specify the attributes of this resource.

This must be specified.

FINDING

ID of the finding or fully qualified identifier for the finding. To set the finding attribute:

  • provide the argument finding on the command line.

This positional argument must be specified if any of the other arguments in this group are specified.

--organization=ORGANIZATION

(Optional) If the full resource name isn't provided e.g. organizations/123, then provide the organization id which is the suffix of the organization. Example: organizations/123, the id is 123.

To set the organization attribute:

  • provide the argument finding on the command line with a fully specified name;

  • provide the argument --organization on the command line;

  • Set the organization property in configuration using gcloud config set scc/organization if it is not specified in command line..

--source=SOURCE

(Optional) If the full resource name isn't provided e.g. organizations/123/sources/456, then provide the source id which is the suffix of the source. Example: organizations/123/sources/456, the id is 456.

To set the source attribute:

  • provide the argument finding on the command line with a fully specified name;

  • provide the argument --source on the command line.

REQUIRED FLAGS

--category=CATEGORY

Taxonomy group within findings from a given source. Example: XSS_SCRIPTING

--event-time=EVENT_TIME

Time at which the issue is detected or the finding is created, in the following format: YYYY-MM-DDThh:mm:ss.ffffffZ. Example: 2023-01-11T07:00:06.861Z

--resource-name=RESOURCE_NAME

Full resource name of the Google Cloud Platform resource this finding is for.

OPTIONAL FLAGS

--external-uri=EXTERNAL_URI

URI that, if available, points to a web page outside of Cloud SCC (Security Command Center) where additional information about the finding can be found. This field is guaranteed to be either empty or a well formed URL.

--source-properties=[SOURCE_PROPERTIES,...]

Source specific properties. These properties are managed by the source that writes the finding. The key names in the source_properties map must be between 1 and 255 characters, and must start with a letter and contain alphanumeric characters or underscores only. For example "key1=val1,key2=val2"

--state=STATE

State is one of: [ACTIVE, INACTIVE]. STATE must be one of: active, inactive, state-unspecified.

GCLOUD WIDE FLAGS

These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, --help, --impersonate-service-account, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity.

Run $ gcloud help for details.

API REFERENCE

This command uses the securitycenter/v1 API. The full documentation for this API can be found at: https://cloud.google.com/security-command-center

NOTES

These variants are also available:

$ gcloud alpha scc findings create

$ gcloud beta scc findings create