google-cloud-securitycenter 1.39.0

Google Cloud Securitycenter API client library

Google Cloud Security Command Center: makes it easier for you to prevent, detect, and respond to threats. Identify security misconfigurations in virtual machines, networks, applications, and storage buckets from a centralized dashboard. Take action on them before they can potentially result in business damage or loss. Built-in capabilities can quickly surface suspicious activity in your Stackdriver security logs or indicate compromised virtual machines. Respond to threats by following actionable recommendations or exporting logs to your SIEM for further investigation.

• Client Library Documentation

• Product Documentation

Quick Start

In order to use this library, you first need to go through the following steps:

1. Select or create a Cloud Platform project.

2. Enable billing for your project.

3. Enable the Google Cloud Security Command Center.

4. Set up Authentication.

Installation

Install this library in a virtual environment using venv. venv is a tool that creates isolated Python environments. These isolated environments can have separate versions of Python packages, which allows you to isolate one project’s dependencies from the dependencies of other projects.

With venv, it’s possible to install this library without needing system install permissions, and without clashing with the installed system dependencies.

Code samples and snippets

Code samples and snippets live in the samples/ folder.

Supported Python Versions

Our client libraries are compatible with all current active and maintenance versions of Python.

Python >= 3.7

Unsupported Python Versions

Python <= 3.6

If you are using an end-of-life version of Python, we recommend that you update as soon as possible to an actively supported version.

Mac/Linux

python3 -m venv <your-env>
source <your-env>/bin/activate
pip install google-cloud-securitycenter

Windows

py -m venv <your-env>
.\<your-env>\Scripts\activate
pip install google-cloud-securitycenter

Next Steps

• Read the Client Library Documentation for Google Cloud Security Command Center to see other available methods on the client.

• Read the Google Cloud Security Command Center Product documentation to learn more about the product and see How-to Guides.

• View this README to see the full list of Cloud APIs that we cover.

Logging

This library uses the standard Python logging functionality to log some RPC events that could be of interest for debugging and monitoring purposes. Note the following:

1. Logs may contain sensitive information. Take care to restrict access to the logs if they are saved, whether it be on local storage or on Google Cloud Logging.

2. Google may refine the occurrence, level, and content of various log messages in this library without flagging such changes as breaking. Do not depend on immutability of the logging events.

3. By default, the logging events from this library are not handled. You must explicitly configure log handling using one of the mechanisms below.

Simple, environment-based configuration

To enable logging for this library without any changes in your code, set the GOOGLE_SDK_PYTHON_LOGGING_SCOPE environment variable to a valid Google logging scope. This configures handling of logging events (at level logging.DEBUG or higher) from this library in a default manner, emitting the logged messages in a structured format. It does not currently allow customizing the logging levels captured nor the handlers, formatters, etc. used for any logging event.

A logging scope is a period-separated namespace that begins with google, identifying the Python module or package to log.

• Valid logging scopes: google, google.cloud.asset.v1, google.api, google.auth, etc.

• Invalid logging scopes: foo, 123, etc.

NOTE: If the logging scope is invalid, the library does not set up any logging handlers.

Environment-Based Examples

• Enabling the default handler for all Google-based loggers

export GOOGLE_SDK_PYTHON_LOGGING_SCOPE=google

• Enabling the default handler for a specific Google module (for a client library called library_v1):

export GOOGLE_SDK_PYTHON_LOGGING_SCOPE=google.cloud.library_v1

Advanced, code-based configuration

You can also configure a valid logging scope using Python’s standard logging mechanism.

Code-Based Examples

• Configuring a handler for all Google-based loggers

import logging

from google.cloud import library_v1

base_logger = logging.getLogger("google")
base_logger.addHandler(logging.StreamHandler())
base_logger.setLevel(logging.DEBUG)

• Configuring a handler for a specific Google module (for a client library called library_v1):

import logging

from google.cloud import library_v1

base_logger = logging.getLogger("google.cloud.library_v1")
base_logger.addHandler(logging.StreamHandler())
base_logger.setLevel(logging.DEBUG)

Logging details

1. Regardless of which of the mechanisms above you use to configure logging for this library, by default logging events are not propagated up to the root logger from the google-level logger. If you need the events to be propagated to the root logger, you must explicitly set logging.getLogger("google").propagate = True in your code.

2. You can mix the different logging configurations above for different Google modules. For example, you may want use a code-based logging configuration for one library, but decide you need to also set up environment-based logging configuration for another library.

   1. If you attempt to use both code-based and environment-based configuration for the same module, the environment-based configuration will be ineffectual if the code -based configuration gets applied first.

3. The Google-specific logging configurations (default handlers for environment-based configuration; not propagating logging events to the root logger) get executed the first time any client library is instantiated in your application, and only if the affected loggers have not been previously configured. (This is the reason for 2.i. above.)