diff --git a/security-command-center/snippets/src/main/java/management/api/CreateEventThreatDetectionCustomModule.java b/security-command-center/snippets/src/main/java/management/api/CreateEventThreatDetectionCustomModule.java new file mode 100644 index 00000000000..3e0fb3125b4 --- /dev/null +++ b/security-command-center/snippets/src/main/java/management/api/CreateEventThreatDetectionCustomModule.java @@ -0,0 +1,97 @@ +/* + * Copyright 2024 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package management.api; + +// [START securitycenter_create_event_threat_detection_custom_module] +import com.google.cloud.securitycentermanagement.v1.CreateEventThreatDetectionCustomModuleRequest; +import com.google.cloud.securitycentermanagement.v1.EventThreatDetectionCustomModule; +import com.google.cloud.securitycentermanagement.v1.EventThreatDetectionCustomModule.EnablementState; +import com.google.cloud.securitycentermanagement.v1.SecurityCenterManagementClient; +import com.google.protobuf.ListValue; +import com.google.protobuf.Struct; +import com.google.protobuf.Value; +import java.io.IOException; +import java.util.Arrays; +import java.util.HashMap; +import java.util.List; +import java.util.Map; + +public class CreateEventThreatDetectionCustomModule { + + public static void main(String[] args) throws IOException { + // https://cloud.google.com/security-command-center/docs/reference/security-center-management/rest/v1/organizations.locations.eventThreatDetectionCustomModules/create + // TODO: Developer should replace project_id with a real project ID before running this code + String projectId = "project_id"; + + String customModuleDisplayName = "custom_module_display_name"; + + createEventThreatDetectionCustomModule(projectId, customModuleDisplayName); + } + + public static EventThreatDetectionCustomModule createEventThreatDetectionCustomModule( + String projectId, String customModuleDisplayName) throws IOException { + + // Initialize client that will be used to send requests. This client only needs + // to be created + // once, and can be reused for multiple requests. + try (SecurityCenterManagementClient client = SecurityCenterManagementClient.create()) { + + // define the metadata and other config parameters severity, description, + // recommendation and ips below + Map metadata = new HashMap<>(); + metadata.put("severity", Value.newBuilder().setStringValue("MEDIUM").build()); + metadata.put( + "description", Value.newBuilder().setStringValue("add your description here").build()); + metadata.put( + "recommendation", + Value.newBuilder().setStringValue("add your recommendation here").build()); + List ips = Arrays.asList(Value.newBuilder().setStringValue("0.0.0.0").build()); + + Value metadataVal = + Value.newBuilder() + .setStructValue(Struct.newBuilder().putAllFields(metadata).build()) + .build(); + Value ipsValue = + Value.newBuilder().setListValue(ListValue.newBuilder().addAllValues(ips).build()).build(); + + Struct configStruct = + Struct.newBuilder().putFields("metadata", metadataVal).putFields("ips", ipsValue).build(); + + // define the Event Threat Detection custom module configuration, update the EnablementState + // below + EventThreatDetectionCustomModule eventThreatDetectionCustomModule = + EventThreatDetectionCustomModule.newBuilder() + .setConfig(configStruct) + .setDisplayName(customModuleDisplayName) + .setEnablementState(EnablementState.ENABLED) + .setType("CONFIGURABLE_BAD_IP") + .build(); + + CreateEventThreatDetectionCustomModuleRequest request = + CreateEventThreatDetectionCustomModuleRequest.newBuilder() + .setParent(String.format("projects/%s/locations/global", projectId)) + .setEventThreatDetectionCustomModule(eventThreatDetectionCustomModule) + .build(); + + EventThreatDetectionCustomModule response = + client.createEventThreatDetectionCustomModule(request); + + return response; + } + } +} +// [END securitycenter_create_event_threat_detection_custom_module] diff --git a/security-command-center/snippets/src/main/java/management/api/DeleteEventThreatDetectionCustomModule.java b/security-command-center/snippets/src/main/java/management/api/DeleteEventThreatDetectionCustomModule.java new file mode 100644 index 00000000000..650b0d32a60 --- /dev/null +++ b/security-command-center/snippets/src/main/java/management/api/DeleteEventThreatDetectionCustomModule.java @@ -0,0 +1,58 @@ +/* + * Copyright 2024 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package management.api; + +// [START securitycenter_delete_event_threat_detection_custom_module] +import com.google.cloud.securitycentermanagement.v1.DeleteEventThreatDetectionCustomModuleRequest; +import com.google.cloud.securitycentermanagement.v1.SecurityCenterManagementClient; +import java.io.IOException; + +public class DeleteEventThreatDetectionCustomModule { + + public static void main(String[] args) throws IOException { + // https://cloud.google.com/security-command-center/docs/reference/security-center-management/rest/v1/organizations.locations.eventThreatDetectionCustomModules/delete + // TODO: Developer should replace project_id with a real project ID before running this code + String projectId = "project_id"; + + String customModuleId = "custom_module_id"; + + deleteEventThreatDetectionCustomModule(projectId, customModuleId); + } + + public static boolean deleteEventThreatDetectionCustomModule( + String projectId, String customModuleId) throws IOException { + + // Initialize client that will be used to send requests. This client only needs + // to be created + // once, and can be reused for multiple requests. + try (SecurityCenterManagementClient client = SecurityCenterManagementClient.create()) { + + String name = + String.format( + "projects/%s/locations/global/eventThreatDetectionCustomModules/%s", + projectId, customModuleId); + + DeleteEventThreatDetectionCustomModuleRequest request = + DeleteEventThreatDetectionCustomModuleRequest.newBuilder().setName(name).build(); + + client.deleteEventThreatDetectionCustomModule(request); + + return true; + } + } +} +// [END securitycenter_delete_event_threat_detection_custom_module] diff --git a/security-command-center/snippets/src/main/java/management/api/GetEventThreatDetectionCustomModule.java b/security-command-center/snippets/src/main/java/management/api/GetEventThreatDetectionCustomModule.java new file mode 100644 index 00000000000..1c9af776fba --- /dev/null +++ b/security-command-center/snippets/src/main/java/management/api/GetEventThreatDetectionCustomModule.java @@ -0,0 +1,60 @@ +/* + * Copyright 2024 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package management.api; + +// [START securitycenter_get_event_threat_detection_custom_module] +import com.google.cloud.securitycentermanagement.v1.EventThreatDetectionCustomModule; +import com.google.cloud.securitycentermanagement.v1.GetEventThreatDetectionCustomModuleRequest; +import com.google.cloud.securitycentermanagement.v1.SecurityCenterManagementClient; +import java.io.IOException; + +public class GetEventThreatDetectionCustomModule { + + public static void main(String[] args) throws IOException { + // https://cloud.google.com/security-command-center/docs/reference/security-center-management/rest/v1/organizations.locations.eventThreatDetectionCustomModules/get + // TODO: Developer should replace project_id with a real project ID before running this code + String projectId = "project_id"; + + String customModuleId = "custom_module_id"; + + getEventThreatDetectionCustomModule(projectId, customModuleId); + } + + public static EventThreatDetectionCustomModule getEventThreatDetectionCustomModule( + String projectId, String customModuleId) throws IOException { + + // Initialize client that will be used to send requests. This client only needs + // to be created + // once, and can be reused for multiple requests. + try (SecurityCenterManagementClient client = SecurityCenterManagementClient.create()) { + + String name = + String.format( + "projects/%s/locations/global/eventThreatDetectionCustomModules/%s", + projectId, customModuleId); + + GetEventThreatDetectionCustomModuleRequest request = + GetEventThreatDetectionCustomModuleRequest.newBuilder().setName(name).build(); + + EventThreatDetectionCustomModule response = + client.getEventThreatDetectionCustomModule(request); + + return response; + } + } +} +// [END securitycenter_get_event_threat_detection_custom_module] diff --git a/security-command-center/snippets/src/main/java/management/api/ListEventThreatDetectionCustomModules.java b/security-command-center/snippets/src/main/java/management/api/ListEventThreatDetectionCustomModules.java new file mode 100644 index 00000000000..ed2dfb01118 --- /dev/null +++ b/security-command-center/snippets/src/main/java/management/api/ListEventThreatDetectionCustomModules.java @@ -0,0 +1,55 @@ +/* + * Copyright 2024 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package management.api; + +// [START securitycenter_list_event_threat_detection_custom_module] +import com.google.cloud.securitycentermanagement.v1.ListEventThreatDetectionCustomModulesRequest; +import com.google.cloud.securitycentermanagement.v1.SecurityCenterManagementClient; +import com.google.cloud.securitycentermanagement.v1.SecurityCenterManagementClient.ListEventThreatDetectionCustomModulesPagedResponse; +import java.io.IOException; + +public class ListEventThreatDetectionCustomModules { + + public static void main(String[] args) throws IOException { + // https://cloud.google.com/security-command-center/docs/reference/security-center-management/rest/v1/organizations.locations.eventThreatDetectionCustomModules/list + // TODO: Developer should replace project_id with a real project ID before running this code + String projectId = "project_id"; + + listEventThreatDetectionCustomModules(projectId); + } + + public static ListEventThreatDetectionCustomModulesPagedResponse + listEventThreatDetectionCustomModules(String projectId) throws IOException { + + // Initialize client that will be used to send requests. This client only needs + // to be created + // once, and can be reused for multiple requests. + try (SecurityCenterManagementClient client = SecurityCenterManagementClient.create()) { + + ListEventThreatDetectionCustomModulesRequest request = + ListEventThreatDetectionCustomModulesRequest.newBuilder() + .setParent(String.format("projects/%s/locations/global", projectId)) + .build(); + + ListEventThreatDetectionCustomModulesPagedResponse response = + client.listEventThreatDetectionCustomModules(request); + + return response; + } + } +} +// [END securitycenter_list_event_threat_detection_custom_module] diff --git a/security-command-center/snippets/src/test/java/management/api/EventThreatDetectionCustomModuleTest.java b/security-command-center/snippets/src/test/java/management/api/EventThreatDetectionCustomModuleTest.java new file mode 100644 index 00000000000..4f6330a572f --- /dev/null +++ b/security-command-center/snippets/src/test/java/management/api/EventThreatDetectionCustomModuleTest.java @@ -0,0 +1,168 @@ +/* + * Copyright 2024 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package management.api; + +import static com.google.common.truth.Truth.assertThat; +import static com.google.common.truth.Truth.assertWithMessage; +import static org.junit.Assert.assertNotNull; +import static org.junit.Assert.assertTrue; + +import com.google.cloud.securitycentermanagement.v1.EventThreatDetectionCustomModule; +import com.google.cloud.securitycentermanagement.v1.ListEventThreatDetectionCustomModulesRequest; +import com.google.cloud.securitycentermanagement.v1.SecurityCenterManagementClient; +import com.google.cloud.securitycentermanagement.v1.SecurityCenterManagementClient.ListEventThreatDetectionCustomModulesPagedResponse; +import com.google.cloud.testing.junit4.MultipleAttemptsRule; +import com.google.common.base.Strings; +import java.io.IOException; +import java.util.UUID; +import java.util.regex.Matcher; +import java.util.regex.Pattern; +import java.util.stream.StreamSupport; +import org.junit.AfterClass; +import org.junit.BeforeClass; +import org.junit.Rule; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.junit.runners.JUnit4; + +@RunWith(JUnit4.class) +public class EventThreatDetectionCustomModuleTest { + // TODO(Developer): Replace the below variable + private static final String PROJECT_ID = System.getenv("SCC_PROJECT_ID"); + private static final String CUSTOM_MODULE_DISPLAY_NAME = + "java_sample_etd_custom_module_test_" + UUID.randomUUID(); + private static final int MAX_ATTEMPT_COUNT = 3; + private static final int INITIAL_BACKOFF_MILLIS = 120000; // 2 minutes + + @Rule + public final MultipleAttemptsRule multipleAttemptsRule = + new MultipleAttemptsRule(MAX_ATTEMPT_COUNT, INITIAL_BACKOFF_MILLIS); + + // Check if the required environment variables are set. + public static void requireEnvVar(String envVarName) { + assertWithMessage(String.format("Missing environment variable '%s' ", envVarName)) + .that(System.getenv(envVarName)) + .isNotEmpty(); + } + + @BeforeClass + public static void setUp() { + requireEnvVar("GOOGLE_APPLICATION_CREDENTIALS"); + requireEnvVar("SCC_PROJECT_ID"); + } + + @AfterClass + public static void cleanUp() throws IOException { + // Perform cleanup after running tests + cleanupExistingCustomModules(); + } + + // cleanupExistingCustomModules clean up all the existing custom module + private static void cleanupExistingCustomModules() throws IOException { + try (SecurityCenterManagementClient client = SecurityCenterManagementClient.create()) { + ListEventThreatDetectionCustomModulesRequest request = + ListEventThreatDetectionCustomModulesRequest.newBuilder() + .setParent(String.format("projects/%s/locations/global", PROJECT_ID)) + .build(); + ListEventThreatDetectionCustomModulesPagedResponse response = + client.listEventThreatDetectionCustomModules(request); + // Iterate over the response and delete custom module one by one which start with + // java_sample_custom_module + for (EventThreatDetectionCustomModule module : response.iterateAll()) { + try { + if (module.getDisplayName().startsWith("java_sample_etd_custom_module")) { + String customModuleId = extractCustomModuleId(module.getName()); + deleteCustomModule(PROJECT_ID, customModuleId); + } + } catch (Exception e) { + System.err.println("Failed to delete module: " + module.getDisplayName()); + e.printStackTrace(); + } + } + } catch (Exception e) { + System.err.println("Failed to process cleanupExistingCustomModules."); + e.printStackTrace(); + } + } + + // extractCustomModuleID extracts the custom module Id from the full name and below regex will + // parses suffix after the last slash character. + private static String extractCustomModuleId(String customModuleFullName) { + if (!Strings.isNullOrEmpty(customModuleFullName)) { + Pattern pattern = Pattern.compile(".*/([^/]+)$"); + Matcher matcher = pattern.matcher(customModuleFullName); + if (matcher.find()) { + return matcher.group(1); + } + } + return ""; + } + + // deleteCustomModule method is for deleting the custom module + private static void deleteCustomModule(String projectId, String customModuleId) + throws IOException { + if (!Strings.isNullOrEmpty(projectId) && !Strings.isNullOrEmpty(customModuleId)) { + DeleteEventThreatDetectionCustomModule.deleteEventThreatDetectionCustomModule( + projectId, customModuleId); + } + } + + @Test + public void testCreateEventThreatDetectionCustomModule() throws IOException { + EventThreatDetectionCustomModule response = + CreateEventThreatDetectionCustomModule.createEventThreatDetectionCustomModule( + PROJECT_ID, CUSTOM_MODULE_DISPLAY_NAME); + assertNotNull(response); + assertThat(response.getDisplayName()).isEqualTo(CUSTOM_MODULE_DISPLAY_NAME); + } + + @Test + public void testDeleteEventThreatDetectionCustomModule() throws IOException { + EventThreatDetectionCustomModule response = + CreateEventThreatDetectionCustomModule.createEventThreatDetectionCustomModule( + PROJECT_ID, CUSTOM_MODULE_DISPLAY_NAME); + String customModuleId = extractCustomModuleId(response.getName()); + assertTrue( + DeleteEventThreatDetectionCustomModule.deleteEventThreatDetectionCustomModule( + PROJECT_ID, customModuleId)); + } + + @Test + public void testListEventThreatDetectionCustomModules() throws IOException { + CreateEventThreatDetectionCustomModule.createEventThreatDetectionCustomModule( + PROJECT_ID, CUSTOM_MODULE_DISPLAY_NAME); + ListEventThreatDetectionCustomModulesPagedResponse response = + ListEventThreatDetectionCustomModules.listEventThreatDetectionCustomModules(PROJECT_ID); + assertTrue( + StreamSupport.stream(response.iterateAll().spliterator(), false) + .anyMatch(module -> CUSTOM_MODULE_DISPLAY_NAME.equals(module.getDisplayName()))); + } + + @Test + public void testGetEventThreatDetectionCustomModule() throws IOException { + EventThreatDetectionCustomModule response = + CreateEventThreatDetectionCustomModule.createEventThreatDetectionCustomModule( + PROJECT_ID, CUSTOM_MODULE_DISPLAY_NAME); + String customModuleId = extractCustomModuleId(response.getName()); + EventThreatDetectionCustomModule getCustomModuleResponse = + GetEventThreatDetectionCustomModule.getEventThreatDetectionCustomModule( + PROJECT_ID, customModuleId); + + assertThat(getCustomModuleResponse.getDisplayName()).isEqualTo(CUSTOM_MODULE_DISPLAY_NAME); + assertThat(extractCustomModuleId(getCustomModuleResponse.getName())).isEqualTo(customModuleId); + } +}