From 5fc712de44e6e492581735e1c9012cca74b214e3 Mon Sep 17 00:00:00 2001
From: James Le Ha <62304682+James-LeHa@users.noreply.github.com>
Date: Thu, 24 Mar 2022 14:31:33 -0400
Subject: [PATCH] Updated GCP Enable-Disable Checkers ReadMe

Added a section on how to use the script (which is sourced from the corresponding docs: https://docs.lacework.com/gcp-cis-12-benchmark-report#scripted-workaround)
---
 .../gcp/enable_disable_checkers/README.md     | 33 +++++++++++++++++++
 1 file changed, 33 insertions(+)

diff --git a/cfg_analyzers/gcp/enable_disable_checkers/README.md b/cfg_analyzers/gcp/enable_disable_checkers/README.md
index 2760142..ea22fa1 100644
--- a/cfg_analyzers/gcp/enable_disable_checkers/README.md
+++ b/cfg_analyzers/gcp/enable_disable_checkers/README.md
@@ -18,3 +18,36 @@ Where the first argument is the action you wish to perform, and the second argum
 If the Lacework CLI is not configured to the same lacework-tenant provided in the ARGs the command will fail.
 
 This script also generates an updated version of the checker maps based on the recommendations(checkers) deployed to the target environment.
+
+
+
+### Example of end-to-end usage to disable all report checks and enable the new ones
+
+```text
+python3 -V
+#check you are running at least python 3.8
+
+lacework configure show
+#if CLI is not installed, do: 
+#curl https://raw.githubusercontent.com/lacework/go-sdk/main/cli/install.sh | bash
+#lacework configure
+
+wget https://raw.githubusercontent.com/lacework-dev/scripts/main/cfg_analyzers/gcp/enable_disable_checkers/gcp-cis-config.py
+LW_ACCOUNT=yourlaceworkaccountname
+python3 gcp-cis-config.py disable_cis_12 $LW_ACCOUNT
+python3 gcp-cis-config.py enable_cis_12 $LW_ACCOUNT
+```
+
+Replace `yourlaceworkaccountname` with your Lacework subdomain (without the `.lacework.net`).
+
+Once the new rules have been activated, either wait 24h or manually run a new Compliance Report.
+
+```text
+lacework compliance google run-assessment $(lacework compliance google list --json | jq -r ".gcp_projects[0].organization_id")
+```
+
+This script can also be used to disable and enable Lacework custom rules, Kubernetes rules, and all rules.. Run the script with the `-h` flag to see the options available:
+
+```text
+python3 gcp-cis-config.py -h
+```