google-apis-securitycenter_v1 0.15.0 → 0.19.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c1628e48e4704916ae60a85c0f263b41226b0f07f57eea8c5a214ea5d9dfb39f
-  data.tar.gz: 062df5d8bca6bda49ef0d775305dd8c05032ea5e9dee52b5635348ea53e031f7
+  metadata.gz: 80485508ce897b7291af8f3ffee3eeae8e0394d1a951e314e924a48d2bac9bc2
+  data.tar.gz: 51b1a908cee074d1bdfea96c89ddff626fe2b40fe59b8e2c52769346067f7707
 SHA512:
-  metadata.gz: 309bdfd2c23bfc11f8d1986af4ec3a0cd25436c555b56882cde2cda53b32743d4f002516e92ef81f81b6d797384c4e826dacf0745293ef62de2a3fc88533fd30
-  data.tar.gz: 43b077e78747b63654e6c8b04f4e70f23934e53c325def7c7f88c4665aa0e7f43747d765c716ea1ed4657184e4a40beee2206d3a0f04f4ed281482e68b13256e
+  metadata.gz: 9b7c0ed1fd0475e63fd013891a368a239eab66012bd454fb2445963608c7f489c97abb035966983e8cd07d91de8209c0adf8909c860276363e6d855bb9fc8da2
+  data.tar.gz: a110f567c62b39769a6378b594f9e6dd71a1512067cf9e0fecbca70ca986f6607417c16de7eb28bb23151e9f4182b2e88ce83a824d5d314763d6d82227cacac4

data/CHANGELOG.md

@@ -1,5 +1,22 @@
 # Release history for google-apis-securitycenter_v1
 
+### v0.19.0 (2022-01-19)
+
+* Regenerated from discovery document revision 20220113
+* Regenerated using generator version 0.4.1
+
+### v0.18.0 (2021-12-16)
+
+* Unspecified changes
+
+### v0.17.0 (2021-12-09)
+
+* Regenerated from discovery document revision 20211207
+
+### v0.16.0 (2021-11-16)
+
+* Regenerated from discovery document revision 20211112
+
 ### v0.15.0 (2021-11-09)
 
 * Regenerated from discovery document revision 20211103

data/OVERVIEW.md

@@ -51,7 +51,7 @@ require "google/apis/securitycenter_v1"
 client = Google::Apis::SecuritycenterV1::SecurityCommandCenterService.new
 
 # Authenticate calls
-client.authentication = # ... use the googleauth gem to create credentials
+client.authorization = # ... use the googleauth gem to create credentials
 ```
 
 See the class reference docs for information on the methods you can call from a client.

data/lib/google/apis/securitycenter_v1/classes.rb

@@ -22,6 +22,57 @@ module Google
   module Apis
     module SecuritycenterV1
       
+      # Represents an access event.
+      class Access
+        include Google::Apis::Core::Hashable
+      
+        # Caller's IP address, such as "1.1.1.1".
+        # Corresponds to the JSON property `callerIp`
+        # @return [String]
+        attr_accessor :caller_ip
+      
+        # Represents a geographical location for a given access.
+        # Corresponds to the JSON property `callerIpGeo`
+        # @return [Google::Apis::SecuritycenterV1::Geolocation]
+        attr_accessor :caller_ip_geo
+      
+        # The method that the service account called, e.g. "SetIamPolicy".
+        # Corresponds to the JSON property `methodName`
+        # @return [String]
+        attr_accessor :method_name
+      
+        # Associated email, such as "foo@google.com".
+        # Corresponds to the JSON property `principalEmail`
+        # @return [String]
+        attr_accessor :principal_email
+      
+        # This is the API service that the service account made a call to, e.g. "iam.
+        # googleapis.com"
+        # Corresponds to the JSON property `serviceName`
+        # @return [String]
+        attr_accessor :service_name
+      
+        # What kind of user agent is associated, e.g. operating system shells, embedded
+        # or stand-alone applications, etc.
+        # Corresponds to the JSON property `userAgentFamily`
+        # @return [String]
+        attr_accessor :user_agent_family
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @caller_ip = args[:caller_ip] if args.key?(:caller_ip)
+          @caller_ip_geo = args[:caller_ip_geo] if args.key?(:caller_ip_geo)
+          @method_name = args[:method_name] if args.key?(:method_name)
+          @principal_email = args[:principal_email] if args.key?(:principal_email)
+          @service_name = args[:service_name] if args.key?(:service_name)
+          @user_agent_family = args[:user_agent_family] if args.key?(:user_agent_family)
+        end
+      end
+      
       # Security Command Center representation of a Google Cloud resource. The Asset
       # is a Security Command Center resource that captures information about a single
       # Google Cloud resource. All modifications to an Asset are only within the
@@ -273,6 +324,42 @@ module Google
         end
       end
       
+      # Request message for bulk findings update. Note: 1. If multiple bulk update
+      # requests match the same resource, the order in which they get executed is not
+      # defined. 2. Once a bulk operation is started, there is no way to stop it.
+      class BulkMuteFindingsRequest
+        include Google::Apis::Core::Hashable
+      
+        # Expression that identifies findings that should be updated. The expression is
+        # a list of zero or more restrictions combined via logical operators `AND` and `
+        # OR`. Parentheses are supported, and `OR` has higher precedence than `AND`.
+        # Restrictions have the form ` ` and may have a `-` character in front of them
+        # to indicate negation. The fields map to those defined in the corresponding
+        # resource. The supported operators are: * `=` for all value types. * `>`, `<`, `
+        # >=`, `<=` for integer values. * `:`, meaning substring matching, for strings.
+        # The supported value types are: * string literals in quotes. * integer literals
+        # without quotes. * boolean literals `true` and `false` without quotes.
+        # Corresponds to the JSON property `filter`
+        # @return [String]
+        attr_accessor :filter
+      
+        # This can be a mute configuration name or any identifier for mute/unmute of
+        # findings based on the filter.
+        # Corresponds to the JSON property `muteAnnotation`
+        # @return [String]
+        attr_accessor :mute_annotation
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @filter = args[:filter] if args.key?(:filter)
+          @mute_annotation = args[:mute_annotation] if args.key?(:mute_annotation)
+        end
+      end
+      
       # CVE stands for Common Vulnerabilities and Exposures. More information: https://
       # cve.mitre.org
       class Cve
@@ -462,6 +549,11 @@ module Google
       class Finding
         include Google::Apis::Core::Hashable
       
+        # Represents an access event.
+        # Corresponds to the JSON property `access`
+        # @return [Google::Apis::SecuritycenterV1::Access]
+        attr_accessor :access
+      
         # The canonical name of the finding. It's either "organizations/`organization_id`
         # /sources/`source_id`/findings/`finding_id`", "folders/`folder_id`/sources/`
         # source_id`/findings/`finding_id`" or "projects/`project_number`/sources/`
@@ -482,16 +574,22 @@ module Google
         # @return [String]
         attr_accessor :create_time
       
-        # The time at which the event took place, or when an update to the finding
-        # occurred. For example, if the finding represents an open firewall it would
-        # capture the time the detector believes the firewall became open. The accuracy
-        # is determined by the detector. If the finding were to be resolved afterward,
-        # this time would reflect when the finding was resolved. Must not be set to a
-        # value greater than the current timestamp.
+        # The time the finding was first detected. If an existing finding is updated,
+        # then this is the time the update occurred. For example, if the finding
+        # represents an open firewall, this property captures the time the detector
+        # believes the firewall became open. The accuracy is determined by the detector.
+        # If the finding is later resolved, then this time reflects when the finding was
+        # resolved. This must not be set to a value greater than the current timestamp.
         # Corresponds to the JSON property `eventTime`
         # @return [String]
         attr_accessor :event_time
       
+        # Output only. Third party SIEM/SOAR fields within SCC, contains external system
+        # information and external system finding fields.
+        # Corresponds to the JSON property `externalSystems`
+        # @return [Hash<String,Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV1ExternalSystem>]
+        attr_accessor :external_systems
+      
         # The URI that, if available, points to a web page outside of Security Command
         # Center where additional information about the finding can be found. This field
         # is guaranteed to be either empty or a well formed URL.
@@ -512,6 +610,30 @@ module Google
         # @return [Google::Apis::SecuritycenterV1::Indicator]
         attr_accessor :indicator
       
+        # MITRE ATT&CK tactics and techniques related to this finding. See: https://
+        # attack.mitre.org
+        # Corresponds to the JSON property `mitreAttack`
+        # @return [Google::Apis::SecuritycenterV1::MitreAttack]
+        attr_accessor :mitre_attack
+      
+        # Indicates the mute state of a finding (either unspecified, muted, unmuted or
+        # undefined).
+        # Corresponds to the JSON property `mute`
+        # @return [String]
+        attr_accessor :mute
+      
+        # First known as mute_annotation. Records additional information about the mute
+        # operation e.g. mute config that muted the finding, user who muted the finding,
+        # etc.
+        # Corresponds to the JSON property `muteInitiator`
+        # @return [String]
+        attr_accessor :mute_initiator
+      
+        # Output only. The most recent time this finding was muted or unmuted.
+        # Corresponds to the JSON property `muteUpdateTime`
+        # @return [String]
+        attr_accessor :mute_update_time
+      
         # The relative resource name of this finding. See: https://cloud.google.com/apis/
         # design/resource_names#relative_resource_name Example: "organizations/`
         # organization_id`/sources/`source_id`/findings/`finding_id`"
@@ -574,13 +696,19 @@ module Google
       
         # Update properties of this object
         def update!(**args)
+          @access = args[:access] if args.key?(:access)
           @canonical_name = args[:canonical_name] if args.key?(:canonical_name)
           @category = args[:category] if args.key?(:category)
           @create_time = args[:create_time] if args.key?(:create_time)
           @event_time = args[:event_time] if args.key?(:event_time)
+          @external_systems = args[:external_systems] if args.key?(:external_systems)
           @external_uri = args[:external_uri] if args.key?(:external_uri)
           @finding_class = args[:finding_class] if args.key?(:finding_class)
           @indicator = args[:indicator] if args.key?(:indicator)
+          @mitre_attack = args[:mitre_attack] if args.key?(:mitre_attack)
+          @mute = args[:mute] if args.key?(:mute)
+          @mute_initiator = args[:mute_initiator] if args.key?(:mute_initiator)
+          @mute_update_time = args[:mute_update_time] if args.key?(:mute_update_time)
           @name = args[:name] if args.key?(:name)
           @parent = args[:parent] if args.key?(:parent)
           @resource_name = args[:resource_name] if args.key?(:resource_name)
@@ -618,6 +746,25 @@ module Google
         end
       end
       
+      # Represents a geographical location for a given access.
+      class Geolocation
+        include Google::Apis::Core::Hashable
+      
+        # A CLDR.
+        # Corresponds to the JSON property `regionCode`
+        # @return [String]
+        attr_accessor :region_code
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @region_code = args[:region_code] if args.key?(:region_code)
+        end
+      end
+      
       # Request message for `GetIamPolicy` method.
       class GetIamPolicyRequest
         include Google::Apis::Core::Hashable
@@ -665,6 +812,139 @@ module Google
         end
       end
       
+      # The response to a BulkMute request. Contains the LRO information.
+      class GoogleCloudSecuritycenterV1BulkMuteFindingsResponse
+        include Google::Apis::Core::Hashable
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+        end
+      end
+      
+      # Representation of third party SIEM/SOAR fields within SCC.
+      class GoogleCloudSecuritycenterV1ExternalSystem
+        include Google::Apis::Core::Hashable
+      
+        # References primary/secondary etc assignees in the external system.
+        # Corresponds to the JSON property `assignees`
+        # @return [Array<String>]
+        attr_accessor :assignees
+      
+        # The most recent time when the corresponding finding's ticket/tracker was
+        # updated in the external system.
+        # Corresponds to the JSON property `externalSystemUpdateTime`
+        # @return [String]
+        attr_accessor :external_system_update_time
+      
+        # Identifier that's used to track the given finding in the external system.
+        # Corresponds to the JSON property `externalUid`
+        # @return [String]
+        attr_accessor :external_uid
+      
+        # External System Name e.g. jira, demisto, etc. e.g.: organizations/1234/sources/
+        # 5678/findings/123456/externalSystems/jira folders/1234/sources/5678/findings/
+        # 123456/externalSystems/jira projects/1234/sources/5678/findings/123456/
+        # externalSystems/jira
+        # Corresponds to the JSON property `name`
+        # @return [String]
+        attr_accessor :name
+      
+        # Most recent status of the corresponding finding's ticket/tracker in the
+        # external system.
+        # Corresponds to the JSON property `status`
+        # @return [String]
+        attr_accessor :status
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @assignees = args[:assignees] if args.key?(:assignees)
+          @external_system_update_time = args[:external_system_update_time] if args.key?(:external_system_update_time)
+          @external_uid = args[:external_uid] if args.key?(:external_uid)
+          @name = args[:name] if args.key?(:name)
+          @status = args[:status] if args.key?(:status)
+        end
+      end
+      
+      # A mute config is a Cloud SCC resource that contains the configuration to mute
+      # create/update events of findings.
+      class GoogleCloudSecuritycenterV1MuteConfig
+        include Google::Apis::Core::Hashable
+      
+        # Output only. The time at which the mute config was created. This field is set
+        # by the server and will be ignored if provided on config creation.
+        # Corresponds to the JSON property `createTime`
+        # @return [String]
+        attr_accessor :create_time
+      
+        # A description of the mute config.
+        # Corresponds to the JSON property `description`
+        # @return [String]
+        attr_accessor :description
+      
+        # The human readable name to be displayed for the mute config.
+        # Corresponds to the JSON property `displayName`
+        # @return [String]
+        attr_accessor :display_name
+      
+        # Required. An expression that defines the filter to apply across create/update
+        # events of findings. While creating a filter string, be mindful of the scope in
+        # which the mute configuration is being created. E.g., If a filter contains
+        # project = X but is created under the project = Y scope, it might not match any
+        # findings. The following field and operator combinations are supported: *
+        # severity: `=`, `:` * category: `=`, `:` * resource.name: `=`, `:` * resource.
+        # project_name: `=`, `:` * resource.project_display_name: `=`, `:` * resource.
+        # folders.resource_folder: `=`, `:` * resource.parent_name: `=`, `:` * resource.
+        # parent_display_name: `=`, `:` * resource.type: `=`, `:` * finding_class: `=`, `
+        # :` * indicator.ip_addresses: `=`, `:` * indicator.domains: `=`, `:`
+        # Corresponds to the JSON property `filter`
+        # @return [String]
+        attr_accessor :filter
+      
+        # Output only. Email address of the user who last edited the mute config. This
+        # field is set by the server and will be ignored if provided on config creation
+        # or update.
+        # Corresponds to the JSON property `mostRecentEditor`
+        # @return [String]
+        attr_accessor :most_recent_editor
+      
+        # This field will be ignored if provided on config creation. Format "
+        # organizations/`organization`/muteConfigs/`mute_config`" "folders/`folder`/
+        # muteConfigs/`mute_config`" "projects/`project`/muteConfigs/`mute_config`"
+        # Corresponds to the JSON property `name`
+        # @return [String]
+        attr_accessor :name
+      
+        # Output only. The most recent time at which the mute config was updated. This
+        # field is set by the server and will be ignored if provided on config creation
+        # or update.
+        # Corresponds to the JSON property `updateTime`
+        # @return [String]
+        attr_accessor :update_time
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @create_time = args[:create_time] if args.key?(:create_time)
+          @description = args[:description] if args.key?(:description)
+          @display_name = args[:display_name] if args.key?(:display_name)
+          @filter = args[:filter] if args.key?(:filter)
+          @most_recent_editor = args[:most_recent_editor] if args.key?(:most_recent_editor)
+          @name = args[:name] if args.key?(:name)
+          @update_time = args[:update_time] if args.key?(:update_time)
+        end
+      end
+      
       # Cloud SCC's Notification
       class GoogleCloudSecuritycenterV1NotificationMessage
         include Google::Apis::Core::Hashable
@@ -1622,6 +1902,32 @@ module Google
         end
       end
       
+      # Response message for listing mute configs.
+      class ListMuteConfigsResponse
+        include Google::Apis::Core::Hashable
+      
+        # The mute configs from the specified parent.
+        # Corresponds to the JSON property `muteConfigs`
+        # @return [Array<Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV1MuteConfig>]
+        attr_accessor :mute_configs
+      
+        # A token, which can be sent as `page_token` to retrieve the next page. If this
+        # field is omitted, there are no subsequent pages.
+        # Corresponds to the JSON property `nextPageToken`
+        # @return [String]
+        attr_accessor :next_page_token
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @mute_configs = args[:mute_configs] if args.key?(:mute_configs)
+          @next_page_token = args[:next_page_token] if args.key?(:next_page_token)
+        end
+      end
+      
       # Response message for listing notification configs.
       class ListNotificationConfigsResponse
         include Google::Apis::Core::Hashable
@@ -1699,6 +2005,56 @@ module Google
         end
       end
       
+      # MITRE ATT&CK tactics and techniques related to this finding. See: https://
+      # attack.mitre.org
+      class MitreAttack
+        include Google::Apis::Core::Hashable
+      
+        # Additional MITRE ATT&CK tactics related to this finding, if any.
+        # Corresponds to the JSON property `additionalTactics`
+        # @return [Array<String>]
+        attr_accessor :additional_tactics
+      
+        # Additional MITRE ATT&CK techniques related to this finding, if any, along with
+        # any of their respective parent techniques.
+        # Corresponds to the JSON property `additionalTechniques`
+        # @return [Array<String>]
+        attr_accessor :additional_techniques
+      
+        # The MITRE ATT&CK tactic most closely represented by this finding, if any.
+        # Corresponds to the JSON property `primaryTactic`
+        # @return [String]
+        attr_accessor :primary_tactic
+      
+        # The MITRE ATT&CK technique most closely represented by this finding, if any.
+        # primary_techniques is a repeated field because there are multiple levels of
+        # MITRE ATT&CK techniques. If the technique most closely represented by this
+        # finding is a sub-technique (e.g. SCANNING_IP_BLOCKS), both the sub-technique
+        # and its parent technique(s) will be listed (e.g. SCANNING_IP_BLOCKS,
+        # ACTIVE_SCANNING).
+        # Corresponds to the JSON property `primaryTechniques`
+        # @return [Array<String>]
+        attr_accessor :primary_techniques
+      
+        # The MITRE ATT&CK version referenced by the above fields. E.g. "8".
+        # Corresponds to the JSON property `version`
+        # @return [String]
+        attr_accessor :version
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @additional_tactics = args[:additional_tactics] if args.key?(:additional_tactics)
+          @additional_techniques = args[:additional_techniques] if args.key?(:additional_techniques)
+          @primary_tactic = args[:primary_tactic] if args.key?(:primary_tactic)
+          @primary_techniques = args[:primary_techniques] if args.key?(:primary_techniques)
+          @version = args[:version] if args.key?(:version)
+        end
+      end
+      
       # Cloud Security Command Center (Cloud SCC) notification configs. A notification
       # config is a Cloud SCC resource that contains the configuration to send
       # notifications for create/update events of findings, assets and etc.
@@ -2248,6 +2604,25 @@ module Google
         end
       end
       
+      # Request message for updating a finding's mute status.
+      class SetMuteRequest
+        include Google::Apis::Core::Hashable
+      
+        # Required. The desired state of the Mute.
+        # Corresponds to the JSON property `mute`
+        # @return [String]
+        attr_accessor :mute
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @mute = args[:mute] if args.key?(:mute)
+        end
+      end
+      
       # Security Command Center finding source. A finding source is an entity or a
       # mechanism that can produce a finding. A source is like a container of findings
       # that come from the same scanner, logger, monitor, and other tools.

data/lib/google/apis/securitycenter_v1/gem_version.rb

@@ -16,13 +16,13 @@ module Google
   module Apis
     module SecuritycenterV1
       # Version of the google-apis-securitycenter_v1 gem
-      GEM_VERSION = "0.15.0"
+      GEM_VERSION = "0.19.0"
 
       # Version of the code generator used to generate this client
-      GENERATOR_VERSION = "0.4.0"
+      GENERATOR_VERSION = "0.4.1"
 
       # Revision of the discovery document this client was generated from
-      REVISION = "20211103"
+      REVISION = "20220113"
     end
   end
 end