Skip to content

[google_scc] Add support for Security Command Center API v2 #14629

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
wants to merge 3 commits into
base: main
Choose a base branch
from

Conversation

brijesh-elastic
Copy link
Collaborator

@brijesh-elastic brijesh-elastic commented Jul 22, 2025

Proposed commit message

google_scc: Add support for Security Command Center API v2

Some fields inside "google_scc.finding.resource" are moved into "google_scc.finding.resource.gcp_metadata" as per v2 API schema.
This change allows to choose between v1 and v2 (recommended) APIs to fetch findings.
Location-based findings can be fetched to support Security Command Center data residency feature.
Field "google_scc.finding.vulnerability.cve.cvssv3.base_score" data type is updated to "double" to better suit data.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.
  • I have verified that any added dashboard complies with Kibana's Dashboard good practices

How to test this PR locally

  • Clone integrations repo.
  • Install elastic package locally.
  • Start elastic stack using elastic-package.
  • Move to integrations/packages/google_scc directory.
  • Run the following command to run tests.

elastic-package test

@brijesh-elastic brijesh-elastic self-assigned this Jul 22, 2025
@brijesh-elastic brijesh-elastic requested a review from a team as a code owner July 22, 2025 06:39
@brijesh-elastic brijesh-elastic added documentation Improvements or additions to documentation. Applied to PRs that modify *.md files. breaking change Integration:google_scc Google Security Command Center Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations] Team:Sit-Crest Crest developers on the Security Integrations team [elastic/sit-crest-contractors] labels Jul 22, 2025
@elasticmachine
Copy link

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

@brijesh-elastic brijesh-elastic marked this pull request as draft July 22, 2025 06:41
@brijesh-elastic brijesh-elastic changed the title [google_scc] Add support for Findings v2 API [google_scc] Add support for Security Command Center API v2 Jul 22, 2025
@elastic-vault-github-plugin-prod

🚀 Benchmarks report

To see the full report comment with /test benchmark fullreport

@elasticmachine
Copy link

💚 Build Succeeded

cc @brijesh-elastic

Copy link

Quality Gate failed Quality Gate failed

Failed conditions
62.7% Coverage on New Code (required ≥ 80%)

See analysis details on SonarQube

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
breaking change documentation Improvements or additions to documentation. Applied to PRs that modify *.md files. Integration:google_scc Google Security Command Center Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations] Team:Sit-Crest Crest developers on the Security Integrations team [elastic/sit-crest-contractors]
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants