Here is an example of how you can export findings from Security Command Center (SCC) in Google Cloud Platform (GCP) to a Cloud Pub/Sub topic:
from google.cloud import pubsub_v1
def export_scc_findings_to_pubsub(project_id, topic_id, filter_expression):
"""
Exports SCC findings to a Cloud Pub/Sub topic.
project_id: str - The ID of the GCP project where the SCC findings and Pub/Sub topic are located
topic_id: str - The ID of the Cloud Pub/Sub topic to which the findings will be exported
filter_expression: str - A filter expression to specify which findings to export
"""
# Create a PublisherClient instance
publisher = pubsub_v1.PublisherClient()
# Create the fully-qualified topic name
topic_name = f"projects/{project_id}/topics/{topic_id}"
# Call the SCC findings.list method to retrieve the matching findings
scc_service = build('securitycenter', 'v1', credentials=creds)
response = scc_service.findings().list(
parent='organizations/{org_id}'.format(org_id=org_id),
filter=filter_expression
).execute()
# Publish the findings to the Pub/Sub topic
for finding in response.get('findings', []):
data = json.dumps(finding).encode('utf-8')
future = publisher.publish(topic_name, data=data)
print(f"Published finding: {finding['name']}")
print("Findings exported to Pub/Sub.")
In this example, the export_scc_findings_to_pubsub function accepts the project ID, topic ID, and filter expression as arguments, and retrieves the matching SCC findings using the scc_service.findings().list() method. The findings are then published to the specified Pub/Sub topic using the publisher.publish() method. The function outputs a message indicating that the findings were successfully exported to Pub/Sub