in modules/scc-integration/src/gke-2-scc/main.go [163:227]
func createFindingWithProperties(l *AuditLog) error {
ctx := context.Background()
client, err := securitycenter.NewClient(ctx)
if err != nil {
return fmt.Errorf("securitycenter.NewClient: %w", err)
}
defer client.Close()
eventTime := timestamppb.New(l.Timestamp)
fid := fmt.Sprintf("%s-%s-%s-%s-%d", l.Resource.Labels.ProjectID, l.Resource.Labels.ClusterName, l.ProtoPayload.ResourceName, l.ProtoPayload.MethodName, l.Timestamp.Unix())
h := md5.Sum([]byte(fid))
fidsum := hex.EncodeToString(h[:])
fmt.Println(fidsum)
fconfig := GetFindingConfigForMethod(l.ProtoPayload.MethodName)
req := &securitycenterpb.CreateFindingRequest{
Parent: sourceId,
FindingId: fidsum,
Finding: &securitycenterpb.Finding{
State: securitycenterpb.Finding_ACTIVE,
ResourceName: l.ProtoPayload.ResourceName,
Category: (*fconfig).Category,
Severity: (*fconfig).Severity,
EventTime: eventTime,
Access: &securitycenterpb.Access{
PrincipalEmail: l.ProtoPayload.AuthenticationInfo.PrincipalEmail,
CallerIp: l.ProtoPayload.RequestMetadata.CallerIP,
MethodName: l.ProtoPayload.MethodName,
UserAgent: l.ProtoPayload.RequestMetadata.CallerSuppliedUserAgent,
ServiceName: l.ProtoPayload.ServiceName,
},
// Define key-value pair metadata to include with the finding.
SourceProperties: map[string]*structpb.Value{
"log_name": {
Kind: &structpb.Value_StringValue{StringValue: l.LogName},
},
"producer": {
Kind: &structpb.Value_StringValue{StringValue: l.Operation.Producer},
},
"cluster_name": {
Kind: &structpb.Value_StringValue{StringValue: l.Resource.Labels.ClusterName},
},
"location": {
Kind: &structpb.Value_StringValue{StringValue: l.Resource.Labels.Location},
},
"project_id": {
Kind: &structpb.Value_StringValue{StringValue: l.Resource.Labels.ProjectID},
},
},
},
}
finding, err := client.CreateFinding(ctx, req)
if err != nil {
return fmt.Errorf("CreateFinding: %w", err)
}
fmt.Printf("New finding created: %s => %s\n", finding.Name, req.String())
return nil
}