Monday, March 2, 2020

Manage your Security Advisor custom findings from the command line

List Security Advisor notes via CLI
In my recent post, I introduced you to the IBM Cloud Security Advisor and how it can be extended with your own metrics (custom findings). I also pointed to the API and Python and Node.js SDKs that allow to interface with the security advisor. Now, I am going to share details on how you can easily manage your findings objects. For that, I am utilizing the Python SDK. I wrote a small command line tool for the security advisor with the code available on GitHub.

Security Advisor Findings Python SDK

The Python SDK to work with Security Advisor findings provides all the functions of the findings API and integrates them with the common IBM core SDK and IAM authentication. It is possible to search for providers, notes and occurrences and, more importantly, you can create, update or delete notes and occurrence objects.

When I started experimenting with custom findings for the IBM Cloud Security Advisor, I soon needed an easy way for changing and removing test objects. Hence, I coded up a small tool which makes use of most of the SDK functions.

Manage Security Advisor objects from the command line

The tool needs Python 3, the above SDK and support for dot-env. Once installed, create a file ".env" with the following content adapted to your account:


You can create an API key for IBM Cloud with the command "ibmcloud iam api-key-create".

The tool works by typing in the menu options in upper or lower case followed by ENTER. Depending on the command, you are prompted to provide additional details like the provider ID or specific object identifiers. I am using the tool to put card and note definitions in place and to clean up tests. Feel free to open GitHub issues or to create pull requests.

If you have feedback, suggestions, or questions about this post, please reach out to me on Twitter (@data_henrik) or LinkedIn.