Code Monkey home page Code Monkey logo

gcp-scc-finding-notification-log's Introduction

Log Findings on SCC Finding Notification

Step-by-Step

Open a Terminal

The rest of this tutorial will be performed in a terminal.

  1. Open a Cloud Shell Console, or a shell with the gcloud CLI installed.

  2. Clone this repository locally and make it the current working folder.

    $ git clone https://github.com/shadanan/gcp-scc-finding-notification-log.git
$ cd gcp-scc-finding-notification-log

  3. In the shell that we prepared at the beginning, set the org and project ID. The selected project is where the Cloud Function will execute form.

    $ export ORG_ID=<your org id>
$ export PROJECT_ID=<your project id>
$ gcloud config set project $PROJECT_ID

Configure the Pub/Sub Topic and Subscription

Cloud Pub/Sub is a real-time messaging service that enables messages to be sent and received between independent applications. A publisher creates a message and publishes it to a feed of messages called a topic. A subscriber receives these messages by way of a subscription. In our case, we'll have a Cloud Function that sends an email when High and Critical severity notifications are published to the topic.

  1. Create the topic where all the findings will be published.

    $ gcloud pubsub topics create scc-findings-topic
$ export TOPIC=projects/$PROJECT_ID/topics/scc-findings-topic

  2. Configure SCC to publish notifications to our topic.

    $ gcloud scc notifications create scc-findings-notify \
  --organization $ORG_ID --pubsub-topic $TOPIC

Publish the Cloud Function

  1. Deploy the scc-finding-notification-log cloud function. If you have not enabled Cloud Build API, then this command may fail. Follow the link in the error message to enable it and then try again.

    $ gcloud functions deploy scc-finding-notification-log \
  --entry-point=process_notification \
  --source=cf --trigger-topic=scc-findings-topic --runtime=python39

Test It Out

  1. In Security Command Center, manually deactivate and reactivate a high severity finding in order to trigger the cloud function. Ensure Show Only Active Findings is off so that the findings don't disappear after you deactivate one.

  2. Check the logs for the cloud function. There should be two log entries per notification. One displaying the base64 encoded payload, and the second displaying the decoded finding.

gcp-scc-finding-notification-log's People

Contributors

shadanan avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.