This repo will have scripts to get entities using the SCC APIs that can be found in https://cloud.ibm.com/apidocs/security-compliance.
Steps to use this script are listed below
- Clone the repo
- Run
npm install
- Set the following environment variables
IAM_API_KEY
IAM API key that has access to make SCC API callsSCC_REGION
Region of the SCC instance to get the rules from. Default is set tous-south
SCC_INSTANCE_ID
SCC instance ID to get the rules from.
- To get list of all rules in the instance run
npm run get:rules
. The output is stored in theoutput/rules
folder under this nameget-all-rules.json
- To get list of all predefined rules in the instance run
npm run get:rules --rule_type=predefined
. The output is stored in theoutput/rules
folder under this nameget-predefined-rules.json
- To get list of all custom rules in the instance run
npm run get:rules --rule_type=custom
. The output is stored in theoutput/rules
folder under this nameget-custom-rules.json
- To get list of all profiles in the instance run
npm run get:profiles
. The output is stored in theoutput/profiles
folder under this nameget-all-profiles.json
- To get list of all predefined profiles in the instance run
npm run get:profiles --profile_type=predefined
. The output is stored in theoutput/profiles
folder under this nameget-predefined-profiles.json
- To get list of all custom profiles in the instance run
npm run get:profiles --profile_type=custom
. The output is stored in theoutput/profiles
folder under this nameget-custom-profiles.json
- To get list of profiles in the instance grouped by environment then run
npm run get:profiles --profile_type=predefined --group_by_env=true
. The output is stored in theoutput/profiles/environments/<environment-name>
folder under this nameget-<profile-name>-<version>-details.json
- To get the latest profiles only add
--latest=true
value.
- To get a profile details in the instance run
npm run get:profileDetails --profile_id=<PROFILE_ID>
. Replace<PROFILE_ID>
with the profile you need details for that can be found innpm run get:profiles
. - The JSON output is stored in the
output/profiles
folder under the name of the profile and version. For example if the Profile is IBM Cloud Framework for Financial Services version v1.5.0 the output will be in./output/profiles/get-ibm-cloud-framework-for-financial-services-1.5.0-details.json
. - This output has the following details
- Full profile details under
profile_data
- Unique assessments under
unique_assessments
- Default parameters under
assessments_default_parameters
- Full profile details under
- There are 3 CSV outputs generated
- CSV that has Actual API response under
get-${fileName}-details-as-is.csv
- CSV that has Unique Assessments details under
get-${fileName}-assessments-details.csv
--> Most useful csv - CSV that has only parameter details under
get-${fileName}-parameters-details.csv
- CSV that has Actual API response under
- To get a billing details for a scan in the instance run
npm run get:BillingDetails --profile_id=<PROFILE_ID> --total_resources=<TOTAL_RESOURCES_COUNT> --scans_per_month=<SCANS_PER_MONTH>
.- Replace
<PROFILE_ID>
with the profile you need details for that can be found innpm run get:profiles
. - Replace
<TOTAL_RESOURCES_COUNT>
with the number of resources you want to scan with SCC - Replace
<SCANS_PER_MONTH>
with the number of scans you will have per month
- Replace
- This script will calculate the cost per scan based on the current cost per evaluation at $0.013(https://cloud.ibm.com/catalog/services/security-and-compliance-center) and based on the input provided.
- The JSON output is stored in the
output
folder under the name of the profile and version. For example if the Profile is IBM Cloud Framework for Financial Services version v1.5.0 the output will be in./output/get-ibm-cloud-framework-for-financial-services-1.5.0-billing-details.json
.- This output has the following details
- Full profile details under
profile_data
- Unique assessments under
unique_assessments
- Full profile details under
- This output has the following details
- The cost is printed as well as stored in
./output/get-ibm-cloud-framework-for-financial-services-1.5.0-billing-details.txt
Sample output: when we run npm run get:BillingDetails --profile_id=01326738-c8ca-456f-8315-e4573f534869 --total_resources=100 --scans_per_month=2
===============================
.... Billing Cost Calculation Assumptions ...
.... Assumption 1: total_resources are all the resources that are scanned by this profile ....
.... Assumption 2: all evaluations have compliant or not compliant only and no unable to perform ....
.... Assumption 3: individual resources cost is not included in this calculation ....
.................................................
....Cost per scan based on the formula: 0.013 * unique_assessments_count * total_resources ...
===============================
Profile name: IBM Cloud Framework for Financial Services
Profile version: 1.5.0
Unique assessments count: 237
Total resources: 100
Total cost per Scan: $308.1
Scans per month: 2
Total cost per month: $616.2