Publishing data in Async mode using the SDK

This use case shows you how use the BMC Helix Cloud Security (Cloud Security) SDK in Async mode to perform a compliance scan for S3 Buckets against a created policy. This mode enables you to push feed .jsons to the cloud, which will eventually be evaluated against pre-configured policies (based on connector policy mappings). The result of the evaluation is not returned immediately, but instead it is stored as evaluation results, which can later be fetched using search APIs.

You implement this use case by completing the following steps:

Before you get started, ensure that you have completed the prerequisites for using the Policy SDK.

To log on to Cloud Security

Log on to Cloud Security with the User class:

User user = new User();
String sessionToken = user.login("john_smith@companyabc.com", "P@ssw0rd");

For more information, see User

To create a policy

Create a policy with the Policy class:


public  static Policy createPolicy(String policyName,
String policyFileName,String sessionToken) throws
{

Policy policy = new Policy();
policy.setToken(sessionToken);
policy.setName(policyName);
InputStream is = new FileInputStream(policyFileName);
return policy.createOrUpdate(is);
} 

For more information, see Policy.

To publish data using a ResourceFeed

Publish data to Cloud Security with the ResourceFeed class:

InputStream policyInputStream = new
FileInputStream("<Local_Directory_Path>\\S3_BUCKETS.json");

ResourceFeed feed = new ResourceFeed();

        feed.setDocument(new String(inputStreamToString(policyInputStream)));

        feed.setSelectionHint("S3_BUCKETS");

        feed.setToken(sessionToken);

String resourceFeedResponse = feed.publish();

System.out.println("ResourceFeed Response: " + resourceFeedResponse);

InputStreamToString implementation:

public static byte[] inputStreamToString(InputStream stream) throws IOException {

                   ByteArrayOutputStream buffer = new ByteArrayOutputStream();
                  int nRead;
                  byte[] data = new byte[16384];

                  while ((nRead = stream.read(data, 0, data.length)) != -1) {
                             buffer.write(data, 0, nRead);
                  }
                   buffer.flush();
                  return buffer.toByteArray();
         }


Sample of S3 Bucket Data:

image2017-5-5 13:45:34.png

Example:

[  

  {  

     "Name":"tom-bucket",

     "owner":"John",

     "creationDate":"2016 - 04 - 19 T05: 55: 13.0002 ",

     "Policies":[  

     ],

     "Grants":[  

        {  

           "Grantee":{  

             "DisplayName":"John",

             "ID":"9eedf2cd5e15b3d5edc0bde8810950b27faabbdee8ad6187d359d4a0d8a24648",

             "Type":"CanonicaLUser"

           },

           "Permission":"READ"

        },

        {  

           "Grantee":{  

             "DisplayName":"John",

             "ID":"9eedf2cd5e15b3d5edc0bde8810950b27faabbdee8ad6187d359d4a0d8a24648",

             "Type":"CanonicaLUser"

           },

           "Permission":"WRITE"

        }

     ]

  }

]

Response:

ResourceFeed Response: Successfully processed and streamed resource feed
to caas-config-stream in Kinesis.

The data being pushed to the cloud will eventually be evaluated against pre-configured policies (based on connector policy mappings; however, you can also use this configuration with tags).

To log on to Cloud Security to view the result

image2018-7-20_17-29-7.png


image2018-7-20_17-35-5.png

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*