From b52721f2e2346c5b8396e1a186b565fbe5bbbec0 Mon Sep 17 00:00:00 2001 From: lovenishs04 Date: Thu, 28 Nov 2024 06:19:07 +0000 Subject: [PATCH 1/5] sample codes for event threat detection custom modules --- ...reateEventThreatDetectionCustomModule.java | 103 +++++++++++ ...eleteEventThreatDetectionCustomModule.java | 58 ++++++ .../GetEventThreatDetectionCustomModule.java | 60 +++++++ ...ListEventThreatDetectionCustomModules.java | 55 ++++++ .../EventThreatDetectionCustomModuleTest.java | 166 ++++++++++++++++++ 5 files changed, 442 insertions(+) create mode 100644 security-command-center/snippets/src/main/java/management/api/CreateEventThreatDetectionCustomModule.java create mode 100644 security-command-center/snippets/src/main/java/management/api/DeleteEventThreatDetectionCustomModule.java create mode 100644 security-command-center/snippets/src/main/java/management/api/GetEventThreatDetectionCustomModule.java create mode 100644 security-command-center/snippets/src/main/java/management/api/ListEventThreatDetectionCustomModules.java create mode 100644 security-command-center/snippets/src/test/java/management/api/EventThreatDetectionCustomModuleTest.java diff --git a/security-command-center/snippets/src/main/java/management/api/CreateEventThreatDetectionCustomModule.java b/security-command-center/snippets/src/main/java/management/api/CreateEventThreatDetectionCustomModule.java new file mode 100644 index 00000000000..de671ad55e1 --- /dev/null +++ b/security-command-center/snippets/src/main/java/management/api/CreateEventThreatDetectionCustomModule.java @@ -0,0 +1,103 @@ +/* + * Copyright 2024 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package management.api; + +// [START securitycenter_create_event_threat_detection_custom_module] +import com.google.cloud.securitycentermanagement.v1.CreateEventThreatDetectionCustomModuleRequest; +import com.google.cloud.securitycentermanagement.v1.EventThreatDetectionCustomModule; +import com.google.cloud.securitycentermanagement.v1.EventThreatDetectionCustomModule.EnablementState; +import com.google.cloud.securitycentermanagement.v1.SecurityCenterManagementClient; +import com.google.protobuf.ListValue; +import com.google.protobuf.Struct; +import com.google.protobuf.Value; +import java.io.IOException; + +public class CreateEventThreatDetectionCustomModule { + + public static void main(String[] args) throws IOException { + // https://cloud.google.com/security-command-center/docs/reference/security-center-management/rest/v1/organizations.locations.eventThreatDetectionCustomModules/create + // TODO: Developer should replace project_id with a real project ID before running this code + String projectId = "project_id"; + + String customModuleDisplayName = "custom_module_display_name"; + + createEventThreatDetectionCustomModule(projectId, customModuleDisplayName); + } + + public static EventThreatDetectionCustomModule createEventThreatDetectionCustomModule( + String projectId, String customModuleDisplayName) throws IOException { + + // Initialize client that will be used to send requests. This client only needs + // to be created + // once, and can be reused for multiple requests. + try (SecurityCenterManagementClient client = SecurityCenterManagementClient.create()) { + + String name = + String.format( + "projects/%s/locations/global/eventThreatDetectionCustomModules/%s", + projectId, "custom_module"); + + // define the metadata and other config parameters severity, description, + // recommendation below + Struct metadataStruct = + Struct.newBuilder() + .putFields("severity", Value.newBuilder().setStringValue("MEDIUM").build()) + .putFields( + "description", + Value.newBuilder().setStringValue("add your description here").build()) + .putFields( + "recommendation", + Value.newBuilder().setStringValue("add your recommendation here").build()) + .build(); + Struct configStruct = + Struct.newBuilder() + .putFields("metadata", Value.newBuilder().setStructValue(metadataStruct).build()) + .putFields( + "ips", + Value.newBuilder() + .setListValue( + ListValue.newBuilder() + .addValues(Value.newBuilder().setStringValue("0.0.0.0").build()) + .build()) + .build()) + .build(); + + // define the Event Threat Detection custom module configuration, update the EnablementState + // below + EventThreatDetectionCustomModule eventThreatDetectionCustomModule = + EventThreatDetectionCustomModule.newBuilder() + .setName(name) + .setConfig(configStruct) + .setDisplayName(customModuleDisplayName) + .setEnablementState(EnablementState.ENABLED) + .setType("CONFIGURABLE_BAD_IP") + .build(); + + CreateEventThreatDetectionCustomModuleRequest request = + CreateEventThreatDetectionCustomModuleRequest.newBuilder() + .setParent(String.format("projects/%s/locations/global", projectId)) + .setEventThreatDetectionCustomModule(eventThreatDetectionCustomModule) + .build(); + + EventThreatDetectionCustomModule response = + client.createEventThreatDetectionCustomModule(request); + + return response; + } + } +} +// [END securitycenter_create_event_threat_detection_custom_module] diff --git a/security-command-center/snippets/src/main/java/management/api/DeleteEventThreatDetectionCustomModule.java b/security-command-center/snippets/src/main/java/management/api/DeleteEventThreatDetectionCustomModule.java new file mode 100644 index 00000000000..650b0d32a60 --- /dev/null +++ b/security-command-center/snippets/src/main/java/management/api/DeleteEventThreatDetectionCustomModule.java @@ -0,0 +1,58 @@ +/* + * Copyright 2024 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package management.api; + +// [START securitycenter_delete_event_threat_detection_custom_module] +import com.google.cloud.securitycentermanagement.v1.DeleteEventThreatDetectionCustomModuleRequest; +import com.google.cloud.securitycentermanagement.v1.SecurityCenterManagementClient; +import java.io.IOException; + +public class DeleteEventThreatDetectionCustomModule { + + public static void main(String[] args) throws IOException { + // https://cloud.google.com/security-command-center/docs/reference/security-center-management/rest/v1/organizations.locations.eventThreatDetectionCustomModules/delete + // TODO: Developer should replace project_id with a real project ID before running this code + String projectId = "project_id"; + + String customModuleId = "custom_module_id"; + + deleteEventThreatDetectionCustomModule(projectId, customModuleId); + } + + public static boolean deleteEventThreatDetectionCustomModule( + String projectId, String customModuleId) throws IOException { + + // Initialize client that will be used to send requests. This client only needs + // to be created + // once, and can be reused for multiple requests. + try (SecurityCenterManagementClient client = SecurityCenterManagementClient.create()) { + + String name = + String.format( + "projects/%s/locations/global/eventThreatDetectionCustomModules/%s", + projectId, customModuleId); + + DeleteEventThreatDetectionCustomModuleRequest request = + DeleteEventThreatDetectionCustomModuleRequest.newBuilder().setName(name).build(); + + client.deleteEventThreatDetectionCustomModule(request); + + return true; + } + } +} +// [END securitycenter_delete_event_threat_detection_custom_module] diff --git a/security-command-center/snippets/src/main/java/management/api/GetEventThreatDetectionCustomModule.java b/security-command-center/snippets/src/main/java/management/api/GetEventThreatDetectionCustomModule.java new file mode 100644 index 00000000000..1c9af776fba --- /dev/null +++ b/security-command-center/snippets/src/main/java/management/api/GetEventThreatDetectionCustomModule.java @@ -0,0 +1,60 @@ +/* + * Copyright 2024 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package management.api; + +// [START securitycenter_get_event_threat_detection_custom_module] +import com.google.cloud.securitycentermanagement.v1.EventThreatDetectionCustomModule; +import com.google.cloud.securitycentermanagement.v1.GetEventThreatDetectionCustomModuleRequest; +import com.google.cloud.securitycentermanagement.v1.SecurityCenterManagementClient; +import java.io.IOException; + +public class GetEventThreatDetectionCustomModule { + + public static void main(String[] args) throws IOException { + // https://cloud.google.com/security-command-center/docs/reference/security-center-management/rest/v1/organizations.locations.eventThreatDetectionCustomModules/get + // TODO: Developer should replace project_id with a real project ID before running this code + String projectId = "project_id"; + + String customModuleId = "custom_module_id"; + + getEventThreatDetectionCustomModule(projectId, customModuleId); + } + + public static EventThreatDetectionCustomModule getEventThreatDetectionCustomModule( + String projectId, String customModuleId) throws IOException { + + // Initialize client that will be used to send requests. This client only needs + // to be created + // once, and can be reused for multiple requests. + try (SecurityCenterManagementClient client = SecurityCenterManagementClient.create()) { + + String name = + String.format( + "projects/%s/locations/global/eventThreatDetectionCustomModules/%s", + projectId, customModuleId); + + GetEventThreatDetectionCustomModuleRequest request = + GetEventThreatDetectionCustomModuleRequest.newBuilder().setName(name).build(); + + EventThreatDetectionCustomModule response = + client.getEventThreatDetectionCustomModule(request); + + return response; + } + } +} +// [END securitycenter_get_event_threat_detection_custom_module] diff --git a/security-command-center/snippets/src/main/java/management/api/ListEventThreatDetectionCustomModules.java b/security-command-center/snippets/src/main/java/management/api/ListEventThreatDetectionCustomModules.java new file mode 100644 index 00000000000..ed2dfb01118 --- /dev/null +++ b/security-command-center/snippets/src/main/java/management/api/ListEventThreatDetectionCustomModules.java @@ -0,0 +1,55 @@ +/* + * Copyright 2024 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package management.api; + +// [START securitycenter_list_event_threat_detection_custom_module] +import com.google.cloud.securitycentermanagement.v1.ListEventThreatDetectionCustomModulesRequest; +import com.google.cloud.securitycentermanagement.v1.SecurityCenterManagementClient; +import com.google.cloud.securitycentermanagement.v1.SecurityCenterManagementClient.ListEventThreatDetectionCustomModulesPagedResponse; +import java.io.IOException; + +public class ListEventThreatDetectionCustomModules { + + public static void main(String[] args) throws IOException { + // https://cloud.google.com/security-command-center/docs/reference/security-center-management/rest/v1/organizations.locations.eventThreatDetectionCustomModules/list + // TODO: Developer should replace project_id with a real project ID before running this code + String projectId = "project_id"; + + listEventThreatDetectionCustomModules(projectId); + } + + public static ListEventThreatDetectionCustomModulesPagedResponse + listEventThreatDetectionCustomModules(String projectId) throws IOException { + + // Initialize client that will be used to send requests. This client only needs + // to be created + // once, and can be reused for multiple requests. + try (SecurityCenterManagementClient client = SecurityCenterManagementClient.create()) { + + ListEventThreatDetectionCustomModulesRequest request = + ListEventThreatDetectionCustomModulesRequest.newBuilder() + .setParent(String.format("projects/%s/locations/global", projectId)) + .build(); + + ListEventThreatDetectionCustomModulesPagedResponse response = + client.listEventThreatDetectionCustomModules(request); + + return response; + } + } +} +// [END securitycenter_list_event_threat_detection_custom_module] diff --git a/security-command-center/snippets/src/test/java/management/api/EventThreatDetectionCustomModuleTest.java b/security-command-center/snippets/src/test/java/management/api/EventThreatDetectionCustomModuleTest.java new file mode 100644 index 00000000000..82115592f6c --- /dev/null +++ b/security-command-center/snippets/src/test/java/management/api/EventThreatDetectionCustomModuleTest.java @@ -0,0 +1,166 @@ +/* + * Copyright 2024 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package management.api; + +import static com.google.common.truth.Truth.assertThat; +import static com.google.common.truth.Truth.assertWithMessage; +import static org.junit.Assert.assertNotNull; +import static org.junit.Assert.assertTrue; + +import com.google.cloud.securitycentermanagement.v1.EventThreatDetectionCustomModule; +import com.google.cloud.securitycentermanagement.v1.ListEventThreatDetectionCustomModulesRequest; +import com.google.cloud.securitycentermanagement.v1.SecurityCenterManagementClient; +import com.google.cloud.securitycentermanagement.v1.SecurityCenterManagementClient.ListEventThreatDetectionCustomModulesPagedResponse; +import com.google.cloud.testing.junit4.MultipleAttemptsRule; +import com.google.common.base.Strings; +import java.io.IOException; +import java.util.regex.Matcher; +import java.util.regex.Pattern; +import java.util.stream.StreamSupport; +import org.junit.AfterClass; +import org.junit.BeforeClass; +import org.junit.Rule; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.junit.runners.JUnit4; + +@RunWith(JUnit4.class) +public class EventThreatDetectionCustomModuleTest { + // TODO(Developer): Replace the below variable + private static final String PROJECT_ID = System.getenv("SCC_PROJECT_ID"); + private static final String CUSTOM_MODULE_DISPLAY_NAME = "java_sample_custom_module_test"; + private static final int MAX_ATTEMPT_COUNT = 3; + private static final int INITIAL_BACKOFF_MILLIS = 120000; // 2 minutes + + @Rule + public final MultipleAttemptsRule multipleAttemptsRule = + new MultipleAttemptsRule(MAX_ATTEMPT_COUNT, INITIAL_BACKOFF_MILLIS); + + // Check if the required environment variables are set. + public static void requireEnvVar(String envVarName) { + assertWithMessage(String.format("Missing environment variable '%s' ", envVarName)) + .that(System.getenv(envVarName)) + .isNotEmpty(); + } + + @BeforeClass + public static void setUp() { + requireEnvVar("GOOGLE_APPLICATION_CREDENTIALS"); + requireEnvVar("SCC_PROJECT_ID"); + } + + @AfterClass + public static void cleanUp() throws IOException { + // Perform cleanup after running tests + cleanupExistingCustomModules(); + } + + // cleanupExistingCustomModules clean up all the existing custom module + private static void cleanupExistingCustomModules() throws IOException { + try (SecurityCenterManagementClient client = SecurityCenterManagementClient.create()) { + ListEventThreatDetectionCustomModulesRequest request = + ListEventThreatDetectionCustomModulesRequest.newBuilder() + .setParent(String.format("projects/%s/locations/global", PROJECT_ID)) + .build(); + ListEventThreatDetectionCustomModulesPagedResponse response = + client.listEventThreatDetectionCustomModules(request); + // Iterate over the response and delete custom module one by one which start with + // java_sample_custom_module + for (EventThreatDetectionCustomModule module : response.iterateAll()) { + if (module.getDisplayName().startsWith("java_sample_custom_module")) { + String customModuleId = extractCustomModuleId(module.getName()); + deleteCustomModule(PROJECT_ID, customModuleId); + } + } + } + } + + // extractCustomModuleID extracts the custom module Id from the full name + private static String extractCustomModuleId(String customModuleFullName) { + if (!Strings.isNullOrEmpty(customModuleFullName)) { + Pattern pattern = Pattern.compile(".*/([^/]+)$"); + Matcher matcher = pattern.matcher(customModuleFullName); + if (matcher.find()) { + return matcher.group(1); + } + } + return ""; + } + + // createCustomModule method is for creating the custom module + private static EventThreatDetectionCustomModule createCustomModule( + String projectId, String customModuleDisplayName) throws IOException { + if (!Strings.isNullOrEmpty(projectId) && !Strings.isNullOrEmpty(customModuleDisplayName)) { + EventThreatDetectionCustomModule response = + CreateEventThreatDetectionCustomModule.createEventThreatDetectionCustomModule( + projectId, customModuleDisplayName); + return response; + } + return null; + } + + // deleteCustomModule method is for deleting the custom module + private static void deleteCustomModule(String projectId, String customModuleId) + throws IOException { + if (!Strings.isNullOrEmpty(projectId) && !Strings.isNullOrEmpty(customModuleId)) { + DeleteEventThreatDetectionCustomModule.deleteEventThreatDetectionCustomModule( + projectId, customModuleId); + } + } + + @Test + public void testCreateEventThreatDetectionCustomModule() throws IOException { + EventThreatDetectionCustomModule response = + CreateEventThreatDetectionCustomModule.createEventThreatDetectionCustomModule( + PROJECT_ID, CUSTOM_MODULE_DISPLAY_NAME); + assertNotNull(response); + assertThat(response.getDisplayName()).isEqualTo(CUSTOM_MODULE_DISPLAY_NAME); + } + + @Test + public void testDeleteEventThreatDetectionCustomModule() throws IOException { + EventThreatDetectionCustomModule response = + createCustomModule(PROJECT_ID, CUSTOM_MODULE_DISPLAY_NAME); + String customModuleId = extractCustomModuleId(response.getName()); + assertTrue( + DeleteEventThreatDetectionCustomModule.deleteEventThreatDetectionCustomModule( + PROJECT_ID, customModuleId)); + } + + @Test + public void testListEventThreatDetectionCustomModules() throws IOException { + createCustomModule(PROJECT_ID, CUSTOM_MODULE_DISPLAY_NAME); + ListEventThreatDetectionCustomModulesPagedResponse response = + ListEventThreatDetectionCustomModules.listEventThreatDetectionCustomModules(PROJECT_ID); + assertTrue( + StreamSupport.stream(response.iterateAll().spliterator(), false) + .anyMatch(module -> CUSTOM_MODULE_DISPLAY_NAME.equals(module.getDisplayName()))); + } + + @Test + public void testGetEventThreatDetectionCustomModule() throws IOException { + EventThreatDetectionCustomModule response = + createCustomModule(PROJECT_ID, CUSTOM_MODULE_DISPLAY_NAME); + String customModuleId = extractCustomModuleId(response.getName()); + EventThreatDetectionCustomModule getCustomModuleResponse = + GetEventThreatDetectionCustomModule.getEventThreatDetectionCustomModule( + PROJECT_ID, customModuleId); + + assertThat(getCustomModuleResponse.getDisplayName()).isEqualTo(CUSTOM_MODULE_DISPLAY_NAME); + assertThat(extractCustomModuleId(getCustomModuleResponse.getName())).isEqualTo(customModuleId); + } +} From 8b7c1f5122de2aa3e3af926b05da2acb532126d3 Mon Sep 17 00:00:00 2001 From: lovenishs04 Date: Thu, 12 Dec 2024 06:37:56 +0000 Subject: [PATCH 2/5] addressed comments --- ...reateEventThreatDetectionCustomModule.java | 23 ++++++++++--------- .../EventThreatDetectionCustomModuleTest.java | 17 ++++++++++---- 2 files changed, 25 insertions(+), 15 deletions(-) diff --git a/security-command-center/snippets/src/main/java/management/api/CreateEventThreatDetectionCustomModule.java b/security-command-center/snippets/src/main/java/management/api/CreateEventThreatDetectionCustomModule.java index de671ad55e1..d3e9327644e 100644 --- a/security-command-center/snippets/src/main/java/management/api/CreateEventThreatDetectionCustomModule.java +++ b/security-command-center/snippets/src/main/java/management/api/CreateEventThreatDetectionCustomModule.java @@ -25,6 +25,8 @@ import com.google.protobuf.Struct; import com.google.protobuf.Value; import java.io.IOException; +import java.util.HashMap; +import java.util.Map; public class CreateEventThreatDetectionCustomModule { @@ -52,17 +54,16 @@ public static EventThreatDetectionCustomModule createEventThreatDetectionCustomM projectId, "custom_module"); // define the metadata and other config parameters severity, description, - // recommendation below - Struct metadataStruct = - Struct.newBuilder() - .putFields("severity", Value.newBuilder().setStringValue("MEDIUM").build()) - .putFields( - "description", - Value.newBuilder().setStringValue("add your description here").build()) - .putFields( - "recommendation", - Value.newBuilder().setStringValue("add your recommendation here").build()) - .build(); + // recommendation and ips below + Map metadata = new HashMap<>(); + metadata.put("severity", Value.newBuilder().setStringValue("MEDIUM").build()); + metadata.put( + "description", Value.newBuilder().setStringValue("add your description here").build()); + metadata.put( + "recommendation", + Value.newBuilder().setStringValue("add your recommendation here").build()); + Struct metadataStruct = Struct.newBuilder().putAllFields(metadata).build(); + Struct configStruct = Struct.newBuilder() .putFields("metadata", Value.newBuilder().setStructValue(metadataStruct).build()) diff --git a/security-command-center/snippets/src/test/java/management/api/EventThreatDetectionCustomModuleTest.java b/security-command-center/snippets/src/test/java/management/api/EventThreatDetectionCustomModuleTest.java index 82115592f6c..c4dede71936 100644 --- a/security-command-center/snippets/src/test/java/management/api/EventThreatDetectionCustomModuleTest.java +++ b/security-command-center/snippets/src/test/java/management/api/EventThreatDetectionCustomModuleTest.java @@ -81,15 +81,24 @@ private static void cleanupExistingCustomModules() throws IOException { // Iterate over the response and delete custom module one by one which start with // java_sample_custom_module for (EventThreatDetectionCustomModule module : response.iterateAll()) { - if (module.getDisplayName().startsWith("java_sample_custom_module")) { - String customModuleId = extractCustomModuleId(module.getName()); - deleteCustomModule(PROJECT_ID, customModuleId); + try { + if (module.getDisplayName().startsWith("java_sample_custom_module")) { + String customModuleId = extractCustomModuleId(module.getName()); + deleteCustomModule(PROJECT_ID, customModuleId); + } + } catch (Exception e) { + System.err.println("Failed to delete module: " + module.getDisplayName()); + e.printStackTrace(); } } + } catch (Exception e) { + System.err.println("Failed to process cleanupExistingCustomModules."); + e.printStackTrace(); } } - // extractCustomModuleID extracts the custom module Id from the full name + // extractCustomModuleID extracts the custom module Id from the full name and below regex will + // parses suffix after the last slash character. private static String extractCustomModuleId(String customModuleFullName) { if (!Strings.isNullOrEmpty(customModuleFullName)) { Pattern pattern = Pattern.compile(".*/([^/]+)$"); From 60ebdb0b605edd4e154c7f930118061ad5e1d03c Mon Sep 17 00:00:00 2001 From: lovenishs04 Date: Mon, 16 Dec 2024 08:01:29 +0000 Subject: [PATCH 3/5] addressed comments --- .../api/CreateEventThreatDetectionCustomModule.java | 6 ------ 1 file changed, 6 deletions(-) diff --git a/security-command-center/snippets/src/main/java/management/api/CreateEventThreatDetectionCustomModule.java b/security-command-center/snippets/src/main/java/management/api/CreateEventThreatDetectionCustomModule.java index d3e9327644e..5e21149e0be 100644 --- a/security-command-center/snippets/src/main/java/management/api/CreateEventThreatDetectionCustomModule.java +++ b/security-command-center/snippets/src/main/java/management/api/CreateEventThreatDetectionCustomModule.java @@ -48,11 +48,6 @@ public static EventThreatDetectionCustomModule createEventThreatDetectionCustomM // once, and can be reused for multiple requests. try (SecurityCenterManagementClient client = SecurityCenterManagementClient.create()) { - String name = - String.format( - "projects/%s/locations/global/eventThreatDetectionCustomModules/%s", - projectId, "custom_module"); - // define the metadata and other config parameters severity, description, // recommendation and ips below Map metadata = new HashMap<>(); @@ -81,7 +76,6 @@ public static EventThreatDetectionCustomModule createEventThreatDetectionCustomM // below EventThreatDetectionCustomModule eventThreatDetectionCustomModule = EventThreatDetectionCustomModule.newBuilder() - .setName(name) .setConfig(configStruct) .setDisplayName(customModuleDisplayName) .setEnablementState(EnablementState.ENABLED) From 86121e081007f79f26679e9218296998e6147482 Mon Sep 17 00:00:00 2001 From: lovenishs04 Date: Fri, 20 Dec 2024 05:58:26 +0000 Subject: [PATCH 4/5] addressed comments --- ...reateEventThreatDetectionCustomModule.java | 23 ++++++++--------- .../EventThreatDetectionCustomModuleTest.java | 25 ++++++------------- 2 files changed, 19 insertions(+), 29 deletions(-) diff --git a/security-command-center/snippets/src/main/java/management/api/CreateEventThreatDetectionCustomModule.java b/security-command-center/snippets/src/main/java/management/api/CreateEventThreatDetectionCustomModule.java index 5e21149e0be..3e0fb3125b4 100644 --- a/security-command-center/snippets/src/main/java/management/api/CreateEventThreatDetectionCustomModule.java +++ b/security-command-center/snippets/src/main/java/management/api/CreateEventThreatDetectionCustomModule.java @@ -25,7 +25,9 @@ import com.google.protobuf.Struct; import com.google.protobuf.Value; import java.io.IOException; +import java.util.Arrays; import java.util.HashMap; +import java.util.List; import java.util.Map; public class CreateEventThreatDetectionCustomModule { @@ -57,20 +59,17 @@ public static EventThreatDetectionCustomModule createEventThreatDetectionCustomM metadata.put( "recommendation", Value.newBuilder().setStringValue("add your recommendation here").build()); - Struct metadataStruct = Struct.newBuilder().putAllFields(metadata).build(); + List ips = Arrays.asList(Value.newBuilder().setStringValue("0.0.0.0").build()); + + Value metadataVal = + Value.newBuilder() + .setStructValue(Struct.newBuilder().putAllFields(metadata).build()) + .build(); + Value ipsValue = + Value.newBuilder().setListValue(ListValue.newBuilder().addAllValues(ips).build()).build(); Struct configStruct = - Struct.newBuilder() - .putFields("metadata", Value.newBuilder().setStructValue(metadataStruct).build()) - .putFields( - "ips", - Value.newBuilder() - .setListValue( - ListValue.newBuilder() - .addValues(Value.newBuilder().setStringValue("0.0.0.0").build()) - .build()) - .build()) - .build(); + Struct.newBuilder().putFields("metadata", metadataVal).putFields("ips", ipsValue).build(); // define the Event Threat Detection custom module configuration, update the EnablementState // below diff --git a/security-command-center/snippets/src/test/java/management/api/EventThreatDetectionCustomModuleTest.java b/security-command-center/snippets/src/test/java/management/api/EventThreatDetectionCustomModuleTest.java index c4dede71936..2e981ee7e8c 100644 --- a/security-command-center/snippets/src/test/java/management/api/EventThreatDetectionCustomModuleTest.java +++ b/security-command-center/snippets/src/test/java/management/api/EventThreatDetectionCustomModuleTest.java @@ -42,7 +42,7 @@ public class EventThreatDetectionCustomModuleTest { // TODO(Developer): Replace the below variable private static final String PROJECT_ID = System.getenv("SCC_PROJECT_ID"); - private static final String CUSTOM_MODULE_DISPLAY_NAME = "java_sample_custom_module_test"; + private static final String CUSTOM_MODULE_DISPLAY_NAME = "etd_java_sample_custom_module_test"; private static final int MAX_ATTEMPT_COUNT = 3; private static final int INITIAL_BACKOFF_MILLIS = 120000; // 2 minutes @@ -82,7 +82,7 @@ private static void cleanupExistingCustomModules() throws IOException { // java_sample_custom_module for (EventThreatDetectionCustomModule module : response.iterateAll()) { try { - if (module.getDisplayName().startsWith("java_sample_custom_module")) { + if (module.getDisplayName().startsWith("etd_java_sample_custom_module")) { String customModuleId = extractCustomModuleId(module.getName()); deleteCustomModule(PROJECT_ID, customModuleId); } @@ -110,18 +110,6 @@ private static String extractCustomModuleId(String customModuleFullName) { return ""; } - // createCustomModule method is for creating the custom module - private static EventThreatDetectionCustomModule createCustomModule( - String projectId, String customModuleDisplayName) throws IOException { - if (!Strings.isNullOrEmpty(projectId) && !Strings.isNullOrEmpty(customModuleDisplayName)) { - EventThreatDetectionCustomModule response = - CreateEventThreatDetectionCustomModule.createEventThreatDetectionCustomModule( - projectId, customModuleDisplayName); - return response; - } - return null; - } - // deleteCustomModule method is for deleting the custom module private static void deleteCustomModule(String projectId, String customModuleId) throws IOException { @@ -143,7 +131,8 @@ public void testCreateEventThreatDetectionCustomModule() throws IOException { @Test public void testDeleteEventThreatDetectionCustomModule() throws IOException { EventThreatDetectionCustomModule response = - createCustomModule(PROJECT_ID, CUSTOM_MODULE_DISPLAY_NAME); + CreateEventThreatDetectionCustomModule.createEventThreatDetectionCustomModule( + PROJECT_ID, CUSTOM_MODULE_DISPLAY_NAME); String customModuleId = extractCustomModuleId(response.getName()); assertTrue( DeleteEventThreatDetectionCustomModule.deleteEventThreatDetectionCustomModule( @@ -152,7 +141,8 @@ public void testDeleteEventThreatDetectionCustomModule() throws IOException { @Test public void testListEventThreatDetectionCustomModules() throws IOException { - createCustomModule(PROJECT_ID, CUSTOM_MODULE_DISPLAY_NAME); + CreateEventThreatDetectionCustomModule.createEventThreatDetectionCustomModule( + PROJECT_ID, CUSTOM_MODULE_DISPLAY_NAME); ListEventThreatDetectionCustomModulesPagedResponse response = ListEventThreatDetectionCustomModules.listEventThreatDetectionCustomModules(PROJECT_ID); assertTrue( @@ -163,7 +153,8 @@ public void testListEventThreatDetectionCustomModules() throws IOException { @Test public void testGetEventThreatDetectionCustomModule() throws IOException { EventThreatDetectionCustomModule response = - createCustomModule(PROJECT_ID, CUSTOM_MODULE_DISPLAY_NAME); + CreateEventThreatDetectionCustomModule.createEventThreatDetectionCustomModule( + PROJECT_ID, CUSTOM_MODULE_DISPLAY_NAME); String customModuleId = extractCustomModuleId(response.getName()); EventThreatDetectionCustomModule getCustomModuleResponse = GetEventThreatDetectionCustomModule.getEventThreatDetectionCustomModule( From bb6cb80b9b6559604cc8ee5d00a4ca82be3df774 Mon Sep 17 00:00:00 2001 From: lovenishs04 Date: Mon, 23 Dec 2024 05:57:07 +0000 Subject: [PATCH 5/5] addressed comments --- .../api/EventThreatDetectionCustomModuleTest.java | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/security-command-center/snippets/src/test/java/management/api/EventThreatDetectionCustomModuleTest.java b/security-command-center/snippets/src/test/java/management/api/EventThreatDetectionCustomModuleTest.java index 2e981ee7e8c..4f6330a572f 100644 --- a/security-command-center/snippets/src/test/java/management/api/EventThreatDetectionCustomModuleTest.java +++ b/security-command-center/snippets/src/test/java/management/api/EventThreatDetectionCustomModuleTest.java @@ -28,6 +28,7 @@ import com.google.cloud.testing.junit4.MultipleAttemptsRule; import com.google.common.base.Strings; import java.io.IOException; +import java.util.UUID; import java.util.regex.Matcher; import java.util.regex.Pattern; import java.util.stream.StreamSupport; @@ -42,7 +43,8 @@ public class EventThreatDetectionCustomModuleTest { // TODO(Developer): Replace the below variable private static final String PROJECT_ID = System.getenv("SCC_PROJECT_ID"); - private static final String CUSTOM_MODULE_DISPLAY_NAME = "etd_java_sample_custom_module_test"; + private static final String CUSTOM_MODULE_DISPLAY_NAME = + "java_sample_etd_custom_module_test_" + UUID.randomUUID(); private static final int MAX_ATTEMPT_COUNT = 3; private static final int INITIAL_BACKOFF_MILLIS = 120000; // 2 minutes @@ -82,7 +84,7 @@ private static void cleanupExistingCustomModules() throws IOException { // java_sample_custom_module for (EventThreatDetectionCustomModule module : response.iterateAll()) { try { - if (module.getDisplayName().startsWith("etd_java_sample_custom_module")) { + if (module.getDisplayName().startsWith("java_sample_etd_custom_module")) { String customModuleId = extractCustomModuleId(module.getName()); deleteCustomModule(PROJECT_ID, customModuleId); }