google-apis-securitycenter_v1 0.14.0 → 0.18.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e694558741d7f731680f19da31a5f74b9c6126ab467efe667bd225c323fe7c78
-  data.tar.gz: 4adb28be17c516abb30906d50f355587d2aadd08fb30dff5af42d24636f62016
+  metadata.gz: fe8dac80cb5455a702369994bf17677696ea38f1eeeb674db9074ac8a36433f3
+  data.tar.gz: 80e5fc3f160606d5ed266964c1a45d5185c3e4dddab421ffc304780fbb7b77f2
 SHA512:
-  metadata.gz: 470732a79bebc01ad457e01cf88d28783cee8d289e98dbfeb5c54ba1be046f4a85b746433dcfea6268641717cdb962fbffb03c5e2c0c8733d9ef29fe2a5db287
-  data.tar.gz: 8818da1c131f7714d4101cddf170d8920dc8f95f7e1367efccf6abee149c5111d0912b7cbd69bc09165793895ae76782841846ff56b5d8e77cc8e7f2d2e2f1bc
+  metadata.gz: af35b2550aef914d83b0008efafb7c5133a7ab5ee777d2ec4c082f9b50b0e2d96a4f8a34d52ad3d4dcabe046d597b265221f4528b1e84ac3f3e0ce4c7bdfdb88
+  data.tar.gz: 8d62fd43eeec4755f87fd1a80e244856d6a3adcedcf51dae4c624b8e7b564e3de39dd12e1ea6f2f5f1be77a61152992a8de17c5d00434876708b8be96f3f0a6a

data/CHANGELOG.md

@@ -1,5 +1,21 @@
 # Release history for google-apis-securitycenter_v1
 
+### v0.18.0 (2021-12-16)
+
+* Unspecified changes
+
+### v0.17.0 (2021-12-09)
+
+* Regenerated from discovery document revision 20211207
+
+### v0.16.0 (2021-11-16)
+
+* Regenerated from discovery document revision 20211112
+
+### v0.15.0 (2021-11-09)
+
+* Regenerated from discovery document revision 20211103
+
 ### v0.14.0 (2021-10-20)
 
 * Regenerated from discovery document revision 20211015

data/OVERVIEW.md

@@ -51,7 +51,7 @@ require "google/apis/securitycenter_v1"
 client = Google::Apis::SecuritycenterV1::SecurityCommandCenterService.new
 
 # Authenticate calls
-client.authentication = # ... use the googleauth gem to create credentials
+client.authorization = # ... use the googleauth gem to create credentials
 ```
 
 See the class reference docs for information on the methods you can call from a client.

data/lib/google/apis/securitycenter_v1/classes.rb

@@ -22,6 +22,57 @@ module Google
   module Apis
     module SecuritycenterV1
       
+      # Represents an access event.
+      class Access
+        include Google::Apis::Core::Hashable
+      
+        # Caller's IP address, such as "1.1.1.1".
+        # Corresponds to the JSON property `callerIp`
+        # @return [String]
+        attr_accessor :caller_ip
+      
+        # Represents a geographical location for a given access.
+        # Corresponds to the JSON property `callerIpGeo`
+        # @return [Google::Apis::SecuritycenterV1::Geolocation]
+        attr_accessor :caller_ip_geo
+      
+        # The method that the service account called, e.g. "SetIamPolicy".
+        # Corresponds to the JSON property `methodName`
+        # @return [String]
+        attr_accessor :method_name
+      
+        # Associated email, such as "foo@google.com".
+        # Corresponds to the JSON property `principalEmail`
+        # @return [String]
+        attr_accessor :principal_email
+      
+        # This is the API service that the service account made a call to, e.g. "iam.
+        # googleapis.com"
+        # Corresponds to the JSON property `serviceName`
+        # @return [String]
+        attr_accessor :service_name
+      
+        # What kind of user agent is associated, e.g. operating system shells, embedded
+        # or stand-alone applications, etc.
+        # Corresponds to the JSON property `userAgentFamily`
+        # @return [String]
+        attr_accessor :user_agent_family
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @caller_ip = args[:caller_ip] if args.key?(:caller_ip)
+          @caller_ip_geo = args[:caller_ip_geo] if args.key?(:caller_ip_geo)
+          @method_name = args[:method_name] if args.key?(:method_name)
+          @principal_email = args[:principal_email] if args.key?(:principal_email)
+          @service_name = args[:service_name] if args.key?(:service_name)
+          @user_agent_family = args[:user_agent_family] if args.key?(:user_agent_family)
+        end
+      end
+      
       # Security Command Center representation of a Google Cloud resource. The Asset
       # is a Security Command Center resource that captures information about a single
       # Google Cloud resource. All modifications to an Asset are only within the
@@ -273,6 +324,42 @@ module Google
         end
       end
       
+      # Request message for bulk findings update. Note: 1. If multiple bulk update
+      # requests match the same resource, the order in which they get executed is not
+      # defined. 2. Once a bulk operation is started, there is no way to stop it.
+      class BulkMuteFindingsRequest
+        include Google::Apis::Core::Hashable
+      
+        # Expression that identifies findings that should be updated. The expression is
+        # a list of zero or more restrictions combined via logical operators `AND` and `
+        # OR`. Parentheses are supported, and `OR` has higher precedence than `AND`.
+        # Restrictions have the form ` ` and may have a `-` character in front of them
+        # to indicate negation. The fields map to those defined in the corresponding
+        # resource. The supported operators are: * `=` for all value types. * `>`, `<`, `
+        # >=`, `<=` for integer values. * `:`, meaning substring matching, for strings.
+        # The supported value types are: * string literals in quotes. * integer literals
+        # without quotes. * boolean literals `true` and `false` without quotes.
+        # Corresponds to the JSON property `filter`
+        # @return [String]
+        attr_accessor :filter
+      
+        # This can be a mute configuration name or any identifier for mute/unmute of
+        # findings based on the filter.
+        # Corresponds to the JSON property `muteAnnotation`
+        # @return [String]
+        attr_accessor :mute_annotation
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @filter = args[:filter] if args.key?(:filter)
+          @mute_annotation = args[:mute_annotation] if args.key?(:mute_annotation)
+        end
+      end
+      
       # CVE stands for Common Vulnerabilities and Exposures. More information: https://
       # cve.mitre.org
       class Cve
@@ -462,6 +549,11 @@ module Google
       class Finding
         include Google::Apis::Core::Hashable
       
+        # Represents an access event.
+        # Corresponds to the JSON property `access`
+        # @return [Google::Apis::SecuritycenterV1::Access]
+        attr_accessor :access
+      
         # The canonical name of the finding. It's either "organizations/`organization_id`
         # /sources/`source_id`/findings/`finding_id`", "folders/`folder_id`/sources/`
         # source_id`/findings/`finding_id`" or "projects/`project_number`/sources/`
@@ -492,6 +584,12 @@ module Google
         # @return [String]
         attr_accessor :event_time
       
+        # Output only. Third party SIEM/SOAR fields within SCC, contains external system
+        # information and external system finding fields.
+        # Corresponds to the JSON property `externalSystems`
+        # @return [Hash<String,Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV1ExternalSystem>]
+        attr_accessor :external_systems
+      
         # The URI that, if available, points to a web page outside of Security Command
         # Center where additional information about the finding can be found. This field
         # is guaranteed to be either empty or a well formed URL.
@@ -512,6 +610,30 @@ module Google
         # @return [Google::Apis::SecuritycenterV1::Indicator]
         attr_accessor :indicator
       
+        # MITRE ATT&CK tactics and techniques related to this finding. See: https://
+        # attack.mitre.org
+        # Corresponds to the JSON property `mitreAttack`
+        # @return [Google::Apis::SecuritycenterV1::MitreAttack]
+        attr_accessor :mitre_attack
+      
+        # Indicates the mute state of a finding (either unspecified, muted, unmuted or
+        # undefined).
+        # Corresponds to the JSON property `mute`
+        # @return [String]
+        attr_accessor :mute
+      
+        # First known as mute_annotation. Records additional information about the mute
+        # operation e.g. mute config that muted the finding, user who muted the finding,
+        # etc.
+        # Corresponds to the JSON property `muteInitiator`
+        # @return [String]
+        attr_accessor :mute_initiator
+      
+        # Output only. The most recent time this finding was muted or unmuted.
+        # Corresponds to the JSON property `muteUpdateTime`
+        # @return [String]
+        attr_accessor :mute_update_time
+      
         # The relative resource name of this finding. See: https://cloud.google.com/apis/
         # design/resource_names#relative_resource_name Example: "organizations/`
         # organization_id`/sources/`source_id`/findings/`finding_id`"
@@ -574,13 +696,19 @@ module Google
       
         # Update properties of this object
         def update!(**args)
+          @access = args[:access] if args.key?(:access)
           @canonical_name = args[:canonical_name] if args.key?(:canonical_name)
           @category = args[:category] if args.key?(:category)
           @create_time = args[:create_time] if args.key?(:create_time)
           @event_time = args[:event_time] if args.key?(:event_time)
+          @external_systems = args[:external_systems] if args.key?(:external_systems)
           @external_uri = args[:external_uri] if args.key?(:external_uri)
           @finding_class = args[:finding_class] if args.key?(:finding_class)
           @indicator = args[:indicator] if args.key?(:indicator)
+          @mitre_attack = args[:mitre_attack] if args.key?(:mitre_attack)
+          @mute = args[:mute] if args.key?(:mute)
+          @mute_initiator = args[:mute_initiator] if args.key?(:mute_initiator)
+          @mute_update_time = args[:mute_update_time] if args.key?(:mute_update_time)
           @name = args[:name] if args.key?(:name)
           @parent = args[:parent] if args.key?(:parent)
           @resource_name = args[:resource_name] if args.key?(:resource_name)
@@ -618,6 +746,25 @@ module Google
         end
       end
       
+      # Represents a geographical location for a given access.
+      class Geolocation
+        include Google::Apis::Core::Hashable
+      
+        # A CLDR.
+        # Corresponds to the JSON property `regionCode`
+        # @return [String]
+        attr_accessor :region_code
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @region_code = args[:region_code] if args.key?(:region_code)
+        end
+      end
+      
       # Request message for `GetIamPolicy` method.
       class GetIamPolicyRequest
         include Google::Apis::Core::Hashable
@@ -641,13 +788,16 @@ module Google
       class GetPolicyOptions
         include Google::Apis::Core::Hashable
       
-        # Optional. The policy format version to be returned. Valid values are 0, 1, and
-        # 3. Requests specifying an invalid value will be rejected. Requests for
-        # policies with any conditional bindings must specify version 3. Policies
-        # without any conditional bindings may specify any valid value or leave the
-        # field unset. To learn which resources support conditions in their IAM policies,
-        # see the [IAM documentation](https://cloud.google.com/iam/help/conditions/
-        # resource-policies).
+        # Optional. The maximum policy version that will be used to format the policy.
+        # Valid values are 0, 1, and 3. Requests specifying an invalid value will be
+        # rejected. Requests for policies with any conditional role bindings must
+        # specify version 3. Policies with no conditional role bindings may specify any
+        # valid value or leave the field unset. The policy in the response might use the
+        # policy version that you specified, or it might use a lower policy version. For
+        # example, if you specify version 3, but the policy has no conditional role
+        # bindings, the response uses version 1. To learn which resources support
+        # conditions in their IAM policies, see the [IAM documentation](https://cloud.
+        # google.com/iam/help/conditions/resource-policies).
         # Corresponds to the JSON property `requestedPolicyVersion`
         # @return [Fixnum]
         attr_accessor :requested_policy_version
@@ -662,6 +812,139 @@ module Google
         end
       end
       
+      # The response to a BulkMute request. Contains the LRO information.
+      class GoogleCloudSecuritycenterV1BulkMuteFindingsResponse
+        include Google::Apis::Core::Hashable
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+        end
+      end
+      
+      # Representation of third party SIEM/SOAR fields within SCC.
+      class GoogleCloudSecuritycenterV1ExternalSystem
+        include Google::Apis::Core::Hashable
+      
+        # References primary/secondary etc assignees in the external system.
+        # Corresponds to the JSON property `assignees`
+        # @return [Array<String>]
+        attr_accessor :assignees
+      
+        # The most recent time when the corresponding finding's ticket/tracker was
+        # updated in the external system.
+        # Corresponds to the JSON property `externalSystemUpdateTime`
+        # @return [String]
+        attr_accessor :external_system_update_time
+      
+        # Identifier that's used to track the given finding in the external system.
+        # Corresponds to the JSON property `externalUid`
+        # @return [String]
+        attr_accessor :external_uid
+      
+        # External System Name e.g. jira, demisto, etc. e.g.: organizations/1234/sources/
+        # 5678/findings/123456/externalSystems/jira folders/1234/sources/5678/findings/
+        # 123456/externalSystems/jira projects/1234/sources/5678/findings/123456/
+        # externalSystems/jira
+        # Corresponds to the JSON property `name`
+        # @return [String]
+        attr_accessor :name
+      
+        # Most recent status of the corresponding finding's ticket/tracker in the
+        # external system.
+        # Corresponds to the JSON property `status`
+        # @return [String]
+        attr_accessor :status
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @assignees = args[:assignees] if args.key?(:assignees)
+          @external_system_update_time = args[:external_system_update_time] if args.key?(:external_system_update_time)
+          @external_uid = args[:external_uid] if args.key?(:external_uid)
+          @name = args[:name] if args.key?(:name)
+          @status = args[:status] if args.key?(:status)
+        end
+      end
+      
+      # A mute config is a Cloud SCC resource that contains the configuration to mute
+      # create/update events of findings.
+      class GoogleCloudSecuritycenterV1MuteConfig
+        include Google::Apis::Core::Hashable
+      
+        # Output only. The time at which the mute config was created. This field is set
+        # by the server and will be ignored if provided on config creation.
+        # Corresponds to the JSON property `createTime`
+        # @return [String]
+        attr_accessor :create_time
+      
+        # A description of the mute config.
+        # Corresponds to the JSON property `description`
+        # @return [String]
+        attr_accessor :description
+      
+        # The human readable name to be displayed for the mute config.
+        # Corresponds to the JSON property `displayName`
+        # @return [String]
+        attr_accessor :display_name
+      
+        # Required. An expression that defines the filter to apply across create/update
+        # events of findings. While creating a filter string, be mindful of the scope in
+        # which the mute configuration is being created. E.g., If a filter contains
+        # project = X but is created under the project = Y scope, it might not match any
+        # findings. The following field and operator combinations are supported: *
+        # severity: `=`, `:` * category: `=`, `:` * resource.name: `=`, `:` * resource.
+        # project_name: `=`, `:` * resource.project_display_name: `=`, `:` * resource.
+        # folders.resource_folder: `=`, `:` * resource.parent_name: `=`, `:` * resource.
+        # parent_display_name: `=`, `:` * resource.type: `=`, `:` * finding_class: `=`, `
+        # :` * indicator.ip_addresses: `=`, `:` * indicator.domains: `=`, `:`
+        # Corresponds to the JSON property `filter`
+        # @return [String]
+        attr_accessor :filter
+      
+        # Output only. Email address of the user who last edited the mute config. This
+        # field is set by the server and will be ignored if provided on config creation
+        # or update.
+        # Corresponds to the JSON property `mostRecentEditor`
+        # @return [String]
+        attr_accessor :most_recent_editor
+      
+        # This field will be ignored if provided on config creation. Format "
+        # organizations/`organization`/muteConfigs/`mute_config`" "folders/`folder`/
+        # muteConfigs/`mute_config`" "projects/`project`/muteConfigs/`mute_config`"
+        # Corresponds to the JSON property `name`
+        # @return [String]
+        attr_accessor :name
+      
+        # Output only. The most recent time at which the mute config was updated. This
+        # field is set by the server and will be ignored if provided on config creation
+        # or update.
+        # Corresponds to the JSON property `updateTime`
+        # @return [String]
+        attr_accessor :update_time
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @create_time = args[:create_time] if args.key?(:create_time)
+          @description = args[:description] if args.key?(:description)
+          @display_name = args[:display_name] if args.key?(:display_name)
+          @filter = args[:filter] if args.key?(:filter)
+          @most_recent_editor = args[:most_recent_editor] if args.key?(:most_recent_editor)
+          @name = args[:name] if args.key?(:name)
+          @update_time = args[:update_time] if args.key?(:update_time)
+        end
+      end
+      
       # Cloud SCC's Notification
       class GoogleCloudSecuritycenterV1NotificationMessage
         include Google::Apis::Core::Hashable
@@ -1619,6 +1902,32 @@ module Google
         end
       end
       
+      # Response message for listing mute configs.
+      class ListMuteConfigsResponse
+        include Google::Apis::Core::Hashable
+      
+        # The mute configs from the specified parent.
+        # Corresponds to the JSON property `muteConfigs`
+        # @return [Array<Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV1MuteConfig>]
+        attr_accessor :mute_configs
+      
+        # A token, which can be sent as `page_token` to retrieve the next page. If this
+        # field is omitted, there are no subsequent pages.
+        # Corresponds to the JSON property `nextPageToken`
+        # @return [String]
+        attr_accessor :next_page_token
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @mute_configs = args[:mute_configs] if args.key?(:mute_configs)
+          @next_page_token = args[:next_page_token] if args.key?(:next_page_token)
+        end
+      end
+      
       # Response message for listing notification configs.
       class ListNotificationConfigsResponse
         include Google::Apis::Core::Hashable
@@ -1696,6 +2005,56 @@ module Google
         end
       end
       
+      # MITRE ATT&CK tactics and techniques related to this finding. See: https://
+      # attack.mitre.org
+      class MitreAttack
+        include Google::Apis::Core::Hashable
+      
+        # Additional MITRE ATT&CK tactics related to this finding, if any.
+        # Corresponds to the JSON property `additionalTactics`
+        # @return [Array<String>]
+        attr_accessor :additional_tactics
+      
+        # Additional MITRE ATT&CK techniques related to this finding, if any, along with
+        # any of their respective parent techniques.
+        # Corresponds to the JSON property `additionalTechniques`
+        # @return [Array<String>]
+        attr_accessor :additional_techniques
+      
+        # The MITRE ATT&CK tactic most closely represented by this finding, if any.
+        # Corresponds to the JSON property `primaryTactic`
+        # @return [String]
+        attr_accessor :primary_tactic
+      
+        # The MITRE ATT&CK technique most closely represented by this finding, if any.
+        # primary_techniques is a repeated field because there are multiple levels of
+        # MITRE ATT&CK techniques. If the technique most closely represented by this
+        # finding is a sub-technique (e.g. SCANNING_IP_BLOCKS), both the sub-technique
+        # and its parent technique(s) will be listed (e.g. SCANNING_IP_BLOCKS,
+        # ACTIVE_SCANNING).
+        # Corresponds to the JSON property `primaryTechniques`
+        # @return [Array<String>]
+        attr_accessor :primary_techniques
+      
+        # The MITRE ATT&CK version referenced by the above fields. E.g. "8".
+        # Corresponds to the JSON property `version`
+        # @return [String]
+        attr_accessor :version
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @additional_tactics = args[:additional_tactics] if args.key?(:additional_tactics)
+          @additional_techniques = args[:additional_techniques] if args.key?(:additional_techniques)
+          @primary_tactic = args[:primary_tactic] if args.key?(:primary_tactic)
+          @primary_techniques = args[:primary_techniques] if args.key?(:primary_techniques)
+          @version = args[:version] if args.key?(:version)
+        end
+      end
+      
       # Cloud Security Command Center (Cloud SCC) notification configs. A notification
       # config is a Cloud SCC resource that contains the configuration to send
       # notifications for create/update events of findings, assets and etc.
@@ -2245,6 +2604,25 @@ module Google
         end
       end
       
+      # Request message for updating a finding's mute status.
+      class SetMuteRequest
+        include Google::Apis::Core::Hashable
+      
+        # Required. The desired state of the Mute.
+        # Corresponds to the JSON property `mute`
+        # @return [String]
+        attr_accessor :mute
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @mute = args[:mute] if args.key?(:mute)
+        end
+      end
+      
       # Security Command Center finding source. A finding source is an entity or a
       # mechanism that can produce a finding. A source is like a container of findings
       # that come from the same scanner, logger, monitor, and other tools.

data/lib/google/apis/securitycenter_v1/gem_version.rb

@@ -16,13 +16,13 @@ module Google
   module Apis
     module SecuritycenterV1
       # Version of the google-apis-securitycenter_v1 gem
-      GEM_VERSION = "0.14.0"
+      GEM_VERSION = "0.18.0"
 
       # Version of the code generator used to generate this client
       GENERATOR_VERSION = "0.4.0"
 
       # Revision of the discovery document this client was generated from
-      REVISION = "20211015"
+      REVISION = "20211207"
     end
   end
 end