GCP Security Command Center API - how to get source_properties

Question

When you're on the Google Console, Security Command Center, Findings, you can click on an item to view the details. There is a section that lists "Attributes" and "Source Properties". I would like to get some of these values. The code below is taken from this page (https://cloud.google.com/security-command-center/docs/how-to-api-list-findings) and modified to get what I need:

from google.cloud import securitycenter

client = securitycenter.SecurityCenterClient()
organization_id = "<my organization id>"
org_name = "organizations/{org_id}".format(org_id=organization_id)
finding_result_iterator = client.list_findings(request={"parent": all_sources, "filter": 'severity="HIGH"'})
for i, finding_result in enumerate(finding_result_iterator):
    sourceId = finding_result.finding.resource_name
    title = finding_result.finding.category
    alertTime = finding_result.finding.event_time
    serviceName = finding_result.resource.type_
    description = ""
    additionalInfo = ""

I would like to get the "explanation" and "recommendation" values from Source Properties, but I don't know where to get them. The reference page shows the output for each finding_result in the loop. The Console displays these properties, but I don't know how to get them and I've been searching on the interwebs for a answer. I'm hoping someone here has the answer.

Answer 1

So, I was being a bit impatient with my question, both here and with Google Support. When I tightened up the filters for my call, I found records that do indeed have the two values I was looking for. For those who are interested, I've included some junky test code below.

from google.cloud import securitycenter

client = securitycenter.SecurityCenterClient()

organization_id = "<my org id>"
org_name = "organizations/{org_id}".format(org_id=organization_id)
all_sources = "{org_name}/sources/-".format(org_name=org_name)
finding_result_iterator = client.list_findings(request={"parent": all_sources, "filter": 'severity="HIGH" AND state="ACTIVE" AND category!="Persistence: IAM Anomalous Grant" AND category!="MFA_NOT_ENFORCED"'})
for i, finding_result in enumerate(finding_result_iterator):
    sourceId = finding_result.finding.resource_name
    projectId = finding_result.resource.project_display_name
    title = finding_result.finding.category
    alertTime = finding_result.finding.event_time
    serviceName = finding_result.resource.type_
    description = ""
    additionalInfo = ""
    externalUri = ""
    if hasattr(finding_result.finding,"external_uri"):
        externalUri = finding_result.finding.external_uri
    sourceProps = finding_result.finding.source_properties
 
    for item in sourceProps:
        if (item == "Explanation"):
            description = str(sourceProps[item])
        if (item == "Recommendation"):
            additionalInfo = str(sourceProps[item])

    print("TITLE: " + title)
    print("   PROJECT ID: " + projectId)
    print("   DESCRIPTION: " + description)
    print("   SOURCE ID: " + sourceId)
    print("   ALERT TIME: {}".format(alertTime))
    print("   SERVICE NAME: " + serviceName)
    print("   ADDITIONAL INFO: Recommendation: " + additionalInfo)
    if len(externalUri) > 0:
        print(", External URI: " + externalUri)

    if i < 1:
        break

So while the question was a bit of a waste, the code might help someone else trying to work with the Security Command Center API.