feat(securitycenter): Add Resource SCC Management API Org ETD Custom … #3941
Conversation
…Module code samples
|
Here is the summary of changes. You are about to add 5 region tags.
This comment is generated by snippet-bot.
|
product-auto-label
bot
added
api: securitycenter
![code-review-assist[bot]](https://avatars.githubusercontent.com/in/1008254?s=60&v=4){kind=small}
There was a problem hiding this comment.
Hi @lovenishs04 and reviewers,
I'm currently reviewing this pull request and will provide my feedback in a few minutes. In the meantime, I'm providing this summary of the pull request's content to help you and other reviewers quickly understand the changes and intent.
This pull request, feat(securitycenter): Add Resource SCC Management API Org ETD Custom …, aims to add code samples for the Security Command Center (SCC) Management API's Organization Event Threat Detection Custom Module. Specifically, it includes samples for creating, deleting, listing, getting, and updating custom modules.
Here's a breakdown of the changes:
- New files added:
security-center/snippets/management_api/createEventThreatDetectionCustomModule.js(lines 1-89): Adds a function to create a new event threat detection custom module. This includes setting metadata (severity, description, recommendation), and IP addresses.security-center/snippets/management_api/deleteEventThreatDetectionCustomModule.js(lines 1-57): Adds a function to delete an existing custom module.security-center/snippets/management_api/getEventThreatDetectionCustomModule.js(lines 1-54): Adds a function to retrieve an existing custom module.security-center/snippets/management_api/listEventThreatDetectionCustomModules.js(lines 1-58): Adds a function to list all custom modules under a given parent resource.security-center/snippets/management_api/updateEventThreatDetectionCustomModule.js(lines 1-67): Adds a function to update an existing custom module (specifically, the enablement state).security-center/snippets/system-test/management_api/eventThreatDetectionCustomModule.test.js(lines 1-181): Adds comprehensive tests for all the above functions.
security-center/snippets/package.json(line 18): Adds@google-cloud/securitycentermanagementas a dependency.
The pull request addresses issues b/347347710, b/347347103, b/347347367, b/347347656, and b/347347732. The author has also completed the provided checklist.
And now, a little haiku to lighten the mood:
Code flows like a stream,
Tests run, a green light appears,
Joy fills the coder's heart.
|
Gemini encountered an error creating the review. You can try again by commenting |
There was a problem hiding this comment.
Hi @lovenishs04 and reviewers,
I'm currently reviewing this pull request and will provide feedback shortly. In the meantime, here's a summary to help everyone get up to speed:
This pull request, feat(securitycenter): Add Resource SCC Management API Org ETD Custom …, aims to add code samples for the Security Command Center (SCC) Management API's Organization Event Threat Detection Custom Module. Specifically, it includes samples for creating, deleting, listing, getting, and updating custom modules.
Here's a breakdown of the changes:
- New files added:
security-center/snippets/management_api/createEventThreatDetectionCustomModule.js(lines 1-89): Implements the creation of a new event threat detection custom module.security-center/snippets/management_api/deleteEventThreatDetectionCustomModule.js(lines 1-57): Implements the deletion of an existing event threat detection custom module.security-center/snippets/management_api/getEventThreatDetectionCustomModule.js(lines 1-54): Implements retrieving an existing event threat detection custom module.security-center/snippets/management_api/listEventThreatDetectionCustomModules.js(lines 1-58): Implements listing all event threat detection custom modules under a given parent resource.security-center/snippets/management_api/updateEventThreatDetectionCustomModule.js(lines 1-67): Implements updating an existing event threat detection custom module.security-center/snippets/system-test/management_api/eventThreatDetectionCustomModule.test.js(lines 1-181): Adds comprehensive test cases for all the above functions.
security-center/snippets/package.json(lines 14-18): Updated dependencies to include@google-cloud/securitycentermanagement.
The PR addresses issues b/347347710, b/347347103, b/347347367, b/347347656, and b/347347732.
The author has indicated that all tests and lint checks have passed. They've also followed the contribution guidelines and updated relevant files (CODEOWNERS, GitHub Actions workflow).
I'll be looking at the code more closely to ensure functionality and adherence to best practices. I'll post my full review soon.
A little haiku to brighten your day:
Code flows like a stream,
Tests pass, a joyful green light,
Bugs flee in the night.
|
Gemini encountered an error creating the review. You can try again by commenting |
There was a problem hiding this comment.
Hi @lovenishs04 and reviewers,
I'm currently reviewing this pull request and will provide feedback shortly. In the meantime, here's a summary to help everyone get up to speed:
This pull request, feat(securitycenter): Add Resource SCC Management API Org ETD Custom …, aims to add code samples for the Security Command Center (SCC) Management API's Organization Event Threat Detection Custom Module. Specifically, it includes samples for creating, deleting, listing, getting, and updating custom modules.
Here's a breakdown of the changes:
- New files added:
security-center/snippets/management_api/createEventThreatDetectionCustomModule.js(lines 1-89): Implements the creation of a new event threat detection custom module.security-center/snippets/management_api/deleteEventThreatDetectionCustomModule.js(lines 1-57): Implements the deletion of an existing event threat detection custom module.security-center/snippets/management_api/getEventThreatDetectionCustomModule.js(lines 1-54): Implements retrieving an existing event threat detection custom module.security-center/snippets/management_api/listEventThreatDetectionCustomModules.js(lines 1-58): Implements listing all event threat detection custom modules under a given parent resource.security-center/snippets/management_api/updateEventThreatDetectionCustomModule.js(lines 1-67): Implements updating an existing event threat detection custom module.security-center/snippets/system-test/management_api/eventThreatDetectionCustomModule.test.js(lines 1-181): Adds comprehensive tests for the new functionality.
security-center/snippets/package.json(lines 14-18): Added a dependency for@google-cloud/securitycentermanagement.
The pull request addresses issues b/347347710, b/347347103, b/347347367, b/347347656, and b/347347732.
The author has indicated that all tests and linting checks have passed. They've also followed the contribution guidelines and updated relevant files like CODEOWNERS and GitHub Actions workflows.
I'll be looking for things like code clarity, error handling, and test coverage in my full review.
A little haiku to lighten the mood:
Code flows like a stream,
Tests run green, a joyful sight,
Bugs flee in the night.
|
Gemini encountered an error creating the review. You can try again by commenting |
There was a problem hiding this comment.
Hi @lovenishs04 and reviewers,
I'm currently reviewing this pull request and will provide my feedback in a few minutes. In the meantime, I'm providing this summary of the pull request's content to help you and other reviewers quickly understand the changes and intent.
This pull request, feat(securitycenter): Add Resource SCC Management API Org ETD Custom …, aims to add code samples for the Security Command Center (SCC) Management API's Organization Event Threat Detection Custom Module. Specifically, it includes samples for creating, deleting, listing, getting, and updating custom modules.
Here's a summary of the changes:
- New files added:
security-center/snippets/management_api/createEventThreatDetectionCustomModule.js(lines 1-89): Implements the creation of a new event threat detection custom module.security-center/snippets/management_api/deleteEventThreatDetectionCustomModule.js(lines 1-57): Implements the deletion of an existing event threat detection custom module.security-center/snippets/management_api/getEventThreatDetectionCustomModule.js(lines 1-54): Implements retrieving an existing event threat detection custom module.security-center/snippets/management_api/listEventThreatDetectionCustomModules.js(lines 1-58): Implements listing all event threat detection custom modules under a given parent resource.security-center/snippets/management_api/updateEventThreatDetectionCustomModule.js(lines 1-67): Implements updating an existing event threat detection custom module.security-center/snippets/system-test/management_api/eventThreatDetectionCustomModule.test.js(lines 1-181): Adds comprehensive tests for the new functionality.
security-center/snippets/package.json(line 18): Added a dependency for@google-cloud/securitycentermanagement.
The pull request addresses issues b/347347710, b/347347103, b/347347367, b/347347656, and b/347347732. The author has also included a checklist to ensure all necessary steps have been followed.
I'll be providing a more detailed review shortly. In the meantime, let me know if you have any questions.
And now, a little haiku to lighten the mood:
Code flows like a stream,
Tests run, a green light appears,
Bugs flee in the night.
|
Gemini encountered an error creating the review. You can try again by commenting |
|
@code-review-assist review |
|
Gemini encountered an error creating the review. You can try again by commenting |
|
|
||
| // define the metadata and other config parameters severity, description, | ||
| // recommendation and ips below | ||
| const config = { |
There was a problem hiding this comment.
please make this more useful for users by using a real example in the config. based on the documentation for this feature at https://cloud.google.com/security-command-center/docs/use-custom-modules-etd
{
"metadata": {
"severity": "LOW",
"description": "Flagged by Cymbal as malicious",
"recommendation": "Contact the owner of the relevant project."
},
"ips": [
"192.0.2.1",
"192.0.2.0/24"
]
}
Might be a reasonable option (I mean the fields in use not the actual copy pasta that I've done above)
|
|
||
| // define the metadata and other config parameters severity, description, | ||
| // recommendation and ips below | ||
| const config = { |
There was a problem hiding this comment.
can you pull all the config into a separate function rather than bundling it all here? this would make this more reusable
| const eventThreatDetectionCustomModule = { | ||
| displayName: customModuleDisplayName, | ||
| enablementState: 'ENABLED', | ||
| type: 'CONFIGURABLE_BAD_IP', |
There was a problem hiding this comment.
oh good. my recommendation above seems even more useful based on the fact that this is the type which matches the documentation. This feels like type is probably customizable too here?
There was a problem hiding this comment.
I can see this module type in the documentation also https://cloud.google.com/security-command-center/docs/reference/security-center-management/rest/v1/folders.locations.eventThreatDetectionCustomModules#EventThreatDetectionCustomModule
| const client = new SecurityCenterManagementClient(); | ||
|
|
||
| /** | ||
| * Required. The name of the parent resource of the list event threat detection custom module. Its |
There was a problem hiding this comment.
This is confusing to me. I don't understand why/when a user would provide a parent resource. The documentation for this isn't super clear but doesn't seem to use this description either (maybe this is new).
If I think about this from a user perspective, I'm looking to see all the event threat detection custom modules I've created.
I may be looking at the wrong documentation here https://cloud.google.com/security-command-center/docs/use-custom-modules-etd#gcloud_2
but
Replace the following:
RESOURCE_FLAG: the scope in which you want to list custom modules; one of organization, folder, or project.
RESOURCE_ID: the ID of the resource; that is, the organization ID, folder ID, or project ID.
The results include the following:
All residential Event Threat Detection custom modules.
All inherited Event Threat Detection custom modules. For example, when you list custom modules at the project level, the custom modules created in that project's parent folders and organization are included in the results.
Each item in the results includes the module's name, status, and properties. The properties differ for each module.
The name of each module contains its custom module ID. Many gcloud operations on this page require the custom module ID.
Can you update this sample to be more descriptive?
Right now this seems like it will retrieve all the event threat detection custom modules that are in the specified organizationId and location. If someone provides the project id or folder id that might also include inherited ones as well? (this I'm pulling from the documentation but it's not really clear at all)
Or is the expectation that the user provides the parent details in order to find all the details they want for a child resource that they are actually interested in?
There was a problem hiding this comment.
Yes users may provide the details in order to find the custom modules whether at the organizations, folders or projects level and below is the format.
organizations/{organization}/locations/{location}
folders/{folder}/locations/{location}
projects/{project}/locations/{location}
for more details, you may check this documentation https://cloud.google.com/security-command-center/docs/reference/security-center-management/rest/v1/organizations.locations.eventThreatDetectionCustomModules/list
|
closing this PR, has raised the same PR from the main branch #3943 |
…Module code samples
Description
Fixes # b/347347710, b/347347103, b/347347367, b/347347656, b/347347732
This PR adds SCC Managament API Org Event Threat Detection Custom Module Code Samples for Create, Delete, List ,Get & Update.
Note: Before submitting a pull request, please open an issue for discussion if you are not associated with Google.
Checklist
npm test(see Testing)npm run lint(see Style)GoogleCloudPlatform/nodejs-docs-samples. Not a fork.