File: //snap/google-cloud-cli/current/lib/surface/scc/assets/group.yaml
- release_tracks: [ALPHA, BETA, GA]
deprecate:
is_removed: false
warning: |
Security Command Center Asset APIs are deprecated and will be removed on or after
June 26, 2024. Use Cloud Asset Inventory instead [(gcloud asset)](https://cloud.google.com/sdk/gcloud/reference/asset).
For more information, [see the deprecation notice at Assets Page](https://cloud.google.com/security-command-center/docs/how-to-use-security-command-center#assets_page).
help_text:
brief: Filter an organization's assets and groups them by their specified properties.
description: Filter an organization's assets and groups them by their specified properties.
examples: |
Group assets under organization 123456 by their type (e.g. project, disk, compute instance, service etc):
$ {command} 123456 --group-by="security_center_properties.resource_type"
Group assets under project example-project by their type (e.g. project, disk, compute instance, service etc):
$ {command} projects/example-project --group-by="security_center_properties.resource_type"
Group assets under folder 456 by their type (e.g. project, disk, compute instance, service etc):
$ {command} folders/456 --group-by="security_center_properties.resource_type"
Group compute instances (assets) under organization 123456 by their respective projects:
$ {command} 123456 --filter="security_center_properties.resource_type=\"google.compute.Instance\"" --group-by="security_center_properties.resource_project"
Group assets that were updated on or after 2019-01-01T01:00:00 GMT by their types.
$ {command} 123456 --filter="update_time >= 1546304400000" --group-by="security_center_properties.resource_type"
Group assets into following 3 state_changes (ADDED/DELETED/ACTIVE) based on the activity during past 24 hours:
$ {command} 123456 --compare-duration=86400s --group-by="state_change"
request:
collection: securitycenter.organizations.assets
api_version: v1
method: group
modify_request_hooks:
- googlecloudsdk.command_lib.scc.assets.request_hooks:GroupAssetsReqHook
arguments:
additional_arguments_hook: googlecloudsdk.command_lib.scc.hooks:AppendParentArg
params:
- _REF_: googlecloudsdk.command_lib.scc.flags:read_time
api_field: groupAssetsRequest.readTime
- _REF_: googlecloudsdk.command_lib.scc.assets.flags:compare_duration
api_field: groupAssetsRequest.compareDuration
- arg_name: group-by
api_field: groupAssetsRequest.groupBy
help_text: |
Expression that defines what asset fields to use for grouping (including 'state').
String value should follow SQL syntax: comma separated list of fields.
For example: "parent,resource_name". The following fields are supported:
* security_center_properties.resource_project
* security_center_properties.resource_type
* security_center_properties.resource_parent
* state_change
- arg_name: filter
api_field: groupAssetsRequest.filter
help_text: |
Expression is a list of one or more restrictions combined via logical operators
'AND' and 'OR'. Parentheses are not supported, and 'OR' has higher precedence than
'AND'. For example, 'update_time > 100 AND
security_center_properties.resource_type=\"google.cloud.resourcemanager.Organization\"'
is a valid filter string.
- arg_name: page-size
api_field: groupAssetsRequest.pageSize
help_text: |
The maximum number of results to return in a single response. Default is
10, minimum is 1, maximum is 1000.
- arg_name: page-token
api_field: groupAssetsRequest.pageToken
help_text: |
Value returned by the last 'GroupAssetsResponse'; indicates
that this is a continuation of a prior 'GroupAssets' call, and that the
system should return the next page of data.