Manage Your Security Advisor Custom Findings from the Command Line

1 min read

How to turn Python SDK functions into a CLI tool.

In my last blog post, I introduced you to the IBM Cloud Security Advisor and how it can be extended with your own metrics (custom findings). I also pointed to the API and Python and Node.js SDKs that allow you to interface with the Security Advisor. 

In this post, I am going to share details on how you can easily manage your findings objects. For that, I am utilizing the Python SDK. I wrote a small command line tool for the Security Advisor with the code available on GitHub.

Sample search results using the CLI tool.

Sample search results using the CLI tool.

Security Advisor findings Python SDK

The Python SDK to work with Security Advisor findings provides all the functions of the findings API and integrates them with the common IBM core SDK and IAM authentication. It is possible to search for providers, notes, and occurrences; and, more importantly, you can create, update, or delete notes and occurrence objects.

When I started experimenting with custom findings for the IBM Cloud Security Advisor, I soon needed an easy way for changing and removing test objects. Hence, I coded up a small tool which makes use of most of the SDK functions.

Manage Security Advisor objects from the command line

The tool needs Python 3, the above SDK, and support for dot-env. Once installed, create a file ".env" with the following content adapted to your account:

SAT_APIKEY="Your-IBM-Cloud-APIKEY"
SAT_ACCOUNT_ID="Your-IBM-Cloud-accountID"
SAT_ENDPOINT="https://us-south.secadvisor.cloud.ibm.com/findings"

You can create an API key for IBM Cloud with the command ibmcloud iam api-key-create.

The tool works by typing in the menu options in upper or lower case followed by ENTER. Depending on the command, you are prompted to provide additional details like the provider ID or specific object identifiers. I am using the tool to put card and note definitions in place and to clean up tests. Feel free to open GitHub issues or to create pull requests.

In this series, you can also learn how to use Cloud Functions to perform security scans in Security Advisor and how to get alerts via Slack or email.

If you have feedback, suggestions, or questions about this post, please reach out to me on Twitter (@data_henrik) or LinkedIn

Be the first to hear about news, product updates, and innovation from IBM Cloud