|
| 1 | +#!/usr/bin/env python |
| 2 | +# |
| 3 | +# Copyright 2024 Google LLC |
| 4 | +# |
| 5 | +# Licensed under the Apache License, Version 2.0 (the "License"); |
| 6 | +# you may not use this file except in compliance with the License. |
| 7 | +# You may obtain a copy of the License at |
| 8 | +# |
| 9 | +# https://www.apache.org/licenses/LICENSE-2.0 |
| 10 | +# |
| 11 | +# Unless required by applicable law or agreed to in writing, software |
| 12 | +# distributed under the License is distributed on an "AS IS" BASIS, |
| 13 | +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 14 | +# See the License for the specific language governing permissions and |
| 15 | +# limitations under the License. |
| 16 | + |
| 17 | +import uuid |
| 18 | + |
| 19 | +from google.api_core.exceptions import GoogleAPICallError, NotFound |
| 20 | +from google.cloud import securitycentermanagement_v1 |
| 21 | +from google.protobuf.field_mask_pb2 import FieldMask |
| 22 | +from google.protobuf.struct_pb2 import Struct |
| 23 | + |
| 24 | + |
| 25 | +# [START securitycenter_create_event_threat_detection_custom_module] |
| 26 | +def create_event_threat_detection_custom_module(parent: str) -> securitycentermanagement_v1.EventThreatDetectionCustomModule: |
| 27 | + """ |
| 28 | + Creates a Event Threat Detection Custom Module. |
| 29 | +
|
| 30 | + This custom module creates a configurable bad IP type custom module, which can be used to detect and block malicious IP addresses. |
| 31 | +
|
| 32 | + Args: |
| 33 | + parent: Use any one of the following options: |
| 34 | + - organizations/{organization_id}/locations/{location_id} |
| 35 | + - folders/{folder_id}/locations/{location_id} |
| 36 | + - projects/{project_id}/locations/{location_id} |
| 37 | + Returns: |
| 38 | + EventThreatDetectionCustomModule |
| 39 | + """ |
| 40 | + client = securitycentermanagement_v1.SecurityCenterManagementClient() |
| 41 | + |
| 42 | + try: |
| 43 | + # Generate a unique suffix |
| 44 | + unique_suffix = str(uuid.uuid4()).replace("-", "_") |
| 45 | + # Create unique display name |
| 46 | + display_name = f"python_sample_etd_custom_module_{unique_suffix}" |
| 47 | + |
| 48 | + # Define the metadata and other config parameters as a dictionary |
| 49 | + config_map = { |
| 50 | + "metadata": { |
| 51 | + "severity": "MEDIUM", |
| 52 | + "description": "Sample custom module for testing purposes. Please do not delete.", |
| 53 | + "recommendation": "na", |
| 54 | + }, |
| 55 | + "ips": ["0.0.0.0"], |
| 56 | + } |
| 57 | + |
| 58 | + # Convert the dictionary to a Struct |
| 59 | + config_struct = Struct() |
| 60 | + config_struct.update(config_map) |
| 61 | + |
| 62 | + # Define the Event Threat Detection custom module configuration |
| 63 | + custom_module = securitycentermanagement_v1.EventThreatDetectionCustomModule( |
| 64 | + config=config_struct, |
| 65 | + display_name=display_name, |
| 66 | + enablement_state=securitycentermanagement_v1.EventThreatDetectionCustomModule.EnablementState.ENABLED, |
| 67 | + type_="CONFIGURABLE_BAD_IP", |
| 68 | + ) |
| 69 | + |
| 70 | + # Create the request |
| 71 | + request = securitycentermanagement_v1.CreateEventThreatDetectionCustomModuleRequest( |
| 72 | + parent=parent, |
| 73 | + event_threat_detection_custom_module=custom_module, |
| 74 | + ) |
| 75 | + |
| 76 | + # Make the API call |
| 77 | + response = client.create_event_threat_detection_custom_module(request=request) |
| 78 | + |
| 79 | + print(f"Created EventThreatDetectionCustomModule: {response.name}") |
| 80 | + return response |
| 81 | + |
| 82 | + except GoogleAPICallError as e: |
| 83 | + print(f"Failed to create EventThreatDetectionCustomModule: {e}") |
| 84 | + raise |
| 85 | + |
| 86 | +# [END securitycenter_create_event_threat_detection_custom_module] |
| 87 | + |
| 88 | + |
| 89 | +# [START securitycenter_get_event_threat_detection_custom_module] |
| 90 | +def get_event_threat_detection_custom_module(parent: str, module_id: str): |
| 91 | + """ |
| 92 | + Retrieves a Event Threat Detection custom module. |
| 93 | + Args: |
| 94 | + parent: Use any one of the following options: |
| 95 | + - organizations/{organization_id}/locations/{location_id} |
| 96 | + - folders/{folder_id}/locations/{location_id} |
| 97 | + - projects/{project_id}/locations/{location_id} |
| 98 | + Returns: |
| 99 | + The retrieved Event Threat Detection custom module. |
| 100 | + Raises: |
| 101 | + NotFound: If the specified custom module does not exist. |
| 102 | + """ |
| 103 | + client = securitycentermanagement_v1.SecurityCenterManagementClient() |
| 104 | + |
| 105 | + try: |
| 106 | + request = securitycentermanagement_v1.GetEventThreatDetectionCustomModuleRequest( |
| 107 | + name=f"{parent}/eventThreatDetectionCustomModules/{module_id}", |
| 108 | + ) |
| 109 | + |
| 110 | + response = client.get_event_threat_detection_custom_module(request=request) |
| 111 | + print(f"Retrieved Event Threat Detection Custom Module: {response.name}") |
| 112 | + return response |
| 113 | + except NotFound as e: |
| 114 | + print(f"Custom Module not found: {e.message}") |
| 115 | + raise e |
| 116 | +# [END securitycenter_get_event_threat_detection_custom_module] |
| 117 | + |
| 118 | + |
| 119 | +# [START securitycenter_list_event_threat_detection_custom_module] |
| 120 | +def list_event_threat_detection_custom_module(parent: str): |
| 121 | + """ |
| 122 | + Retrieves list of Event Threat Detection custom module. |
| 123 | + Args: |
| 124 | + parent: Use any one of the following options: |
| 125 | + - organizations/{organization_id}/locations/{location_id} |
| 126 | + - folders/{folder_id}/locations/{location_id} |
| 127 | + - projects/{project_id}/locations/{location_id} |
| 128 | + Returns: |
| 129 | + List of retrieved Event Threat Detection custom modules. |
| 130 | + Raises: |
| 131 | + NotFound: If the specified custom module does not exist. |
| 132 | + """ |
| 133 | + |
| 134 | + client = securitycentermanagement_v1.SecurityCenterManagementClient() |
| 135 | + |
| 136 | + try: |
| 137 | + request = securitycentermanagement_v1.ListEventThreatDetectionCustomModulesRequest( |
| 138 | + parent=parent, |
| 139 | + ) |
| 140 | + |
| 141 | + response = client.list_event_threat_detection_custom_modules(request=request) |
| 142 | + |
| 143 | + custom_modules = [] |
| 144 | + for custom_module in response: |
| 145 | + print(f"Custom Module: {custom_module.name}") |
| 146 | + custom_modules.append(custom_module) |
| 147 | + return custom_modules |
| 148 | + except NotFound as e: |
| 149 | + print(f"Parent resource not found: {parent}") |
| 150 | + raise e |
| 151 | + |
| 152 | +# [END securitycenter_list_event_threat_detection_custom_module] |
| 153 | + |
| 154 | + |
| 155 | +# [START securitycenter_update_event_threat_detection_custom_module] |
| 156 | +def update_event_threat_detection_custom_module(parent: str, module_id: str): |
| 157 | + """ |
| 158 | + Updates an Event Threat Detection Custom Module. |
| 159 | +
|
| 160 | + Args: |
| 161 | + parent: Use any one of the following options: |
| 162 | + - organizations/{organization_id}/locations/{location_id} |
| 163 | + - folders/{folder_id}/locations/{location_id} |
| 164 | + - projects/{project_id}/locations/{location_id} |
| 165 | + Returns: |
| 166 | + EventThreatDetectionCustomModule |
| 167 | + """ |
| 168 | + client = securitycentermanagement_v1.SecurityCenterManagementClient() |
| 169 | + |
| 170 | + try: |
| 171 | + |
| 172 | + custom_module = securitycentermanagement_v1.EventThreatDetectionCustomModule( |
| 173 | + name=f"{parent}/eventThreatDetectionCustomModules/{module_id}", |
| 174 | + enablement_state=securitycentermanagement_v1.EventThreatDetectionCustomModule.EnablementState.DISABLED, |
| 175 | + ) |
| 176 | + |
| 177 | + # Create the request |
| 178 | + request = securitycentermanagement_v1.UpdateEventThreatDetectionCustomModuleRequest( |
| 179 | + event_threat_detection_custom_module=custom_module, |
| 180 | + update_mask=FieldMask(paths=["enablement_state"]), |
| 181 | + ) |
| 182 | + |
| 183 | + # Make the API call |
| 184 | + response = client.update_event_threat_detection_custom_module(request=request) |
| 185 | + |
| 186 | + print(f"Updated EventThreatDetectionCustomModule: {response.name}") |
| 187 | + return response |
| 188 | + |
| 189 | + except Exception as e: |
| 190 | + print(f"Failed to update EventThreatDetectionCustomModule: {e}") |
| 191 | + raise |
| 192 | + |
| 193 | +# [END securitycenter_update_event_threat_detection_custom_module] |
| 194 | + |
| 195 | + |
| 196 | +# [START securitycenter_delete_event_threat_detection_custom_module] |
| 197 | +def delete_event_threat_detection_custom_module(parent: str, module_id: str): |
| 198 | + """ |
| 199 | + Deletes an Event Threat Detection custom module. |
| 200 | + Args: |
| 201 | + parent: Use any one of the following options: |
| 202 | + - organizations/{organization_id}/locations/{location_id} |
| 203 | + - folders/{folder_id}/locations/{location_id} |
| 204 | + - projects/{project_id}/locations/{location_id} |
| 205 | + Returns: |
| 206 | + Message that Event Threat Detection custom module is deleted. |
| 207 | + Raises: |
| 208 | + NotFound: If the specified custom module does not exist. |
| 209 | + """ |
| 210 | + client = securitycentermanagement_v1.SecurityCenterManagementClient() |
| 211 | + |
| 212 | + try: |
| 213 | + request = securitycentermanagement_v1.DeleteEventThreatDetectionCustomModuleRequest( |
| 214 | + name=f"{parent}/eventThreatDetectionCustomModules/{module_id}", |
| 215 | + ) |
| 216 | + |
| 217 | + client.delete_event_threat_detection_custom_module(request=request) |
| 218 | + print(f"Deleted Event Threat Detection Custom Module Successfully: {module_id}") |
| 219 | + except NotFound as e: |
| 220 | + print(f"Custom Module not found: {module_id}") |
| 221 | + raise e |
| 222 | +# [END securitycenter_delete_event_threat_detection_custom_module] |
0 commit comments