RubyGems - google-apis-securitycenter_v1 - Versions diffs - 0.67.0 → 0.69.0 - Mend

google-apis-securitycenter_v1 0.67.0 → 0.69.0

Files changed (7) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +8 -0
data/lib/google/apis/securitycenter_v1/classes.rb +2761 -125
data/lib/google/apis/securitycenter_v1/gem_version.rb +2 -2
data/lib/google/apis/securitycenter_v1/representations.rb +1404 -412
data/lib/google/apis/securitycenter_v1/service.rb +31 -0
metadata +3 -3

data/lib/google/apis/securitycenter_v1/classes.rb CHANGED Viewed

@@ -801,6 +801,48 @@ module Google
         end
       end
+      # Metadata taken from a [Cloud Logging LogEntry](https://cloud.google.com/
+      # logging/docs/reference/v2/rest/v2/LogEntry)
+      class CloudLoggingEntry
+        include Google::Apis::Core::Hashable
+        # A unique identifier for the log entry.
+        # Corresponds to the JSON property `insertId`
+        # @return [String]
+        attr_accessor :insert_id
+        # The type of the log (part of `log_name`. `log_name` is the resource name of
+        # the log to which this log entry belongs). For example: `cloudresourcemanager.
+        # googleapis.com/activity`. Note that this field is not URL-encoded, unlike the `
+        # LOG_ID` field in `LogEntry`.
+        # Corresponds to the JSON property `logId`
+        # @return [String]
+        attr_accessor :log_id
+        # The organization, folder, or project of the monitored resource that produced
+        # this log entry.
+        # Corresponds to the JSON property `resourceContainer`
+        # @return [String]
+        attr_accessor :resource_container
+        # The time the event described by the log entry occurred.
+        # Corresponds to the JSON property `timestamp`
+        # @return [String]
+        attr_accessor :timestamp
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @insert_id = args[:insert_id] if args.key?(:insert_id)
+          @log_id = args[:log_id] if args.key?(:log_id)
+          @resource_container = args[:resource_container] if args.key?(:resource_container)
+          @timestamp = args[:timestamp] if args.key?(:timestamp)
+        end
+      end
       # Contains compliance information about a security standard indicating unmet
       # recommendations.
       class Compliance
@@ -833,6 +875,68 @@ module Google
         end
       end
+      # Result containing the properties and count of a ComplianceSnapshot request.
+      class ComplianceSnapshot
+        include Google::Apis::Core::Hashable
+        # The category of Findings matching.
+        # Corresponds to the JSON property `category`
+        # @return [String]
+        attr_accessor :category
+        # The compliance standard (ie CIS).
+        # Corresponds to the JSON property `complianceStandard`
+        # @return [String]
+        attr_accessor :compliance_standard
+        # The compliance version (ie 1.3) in CIS 1.3.
+        # Corresponds to the JSON property `complianceVersion`
+        # @return [String]
+        attr_accessor :compliance_version
+        # Total count of findings for the given properties.
+        # Corresponds to the JSON property `count`
+        # @return [Fixnum]
+        attr_accessor :count
+        # The leaf container resource name that is closest to the snapshot.
+        # Corresponds to the JSON property `leafContainerResource`
+        # @return [String]
+        attr_accessor :leaf_container_resource
+        # The compliance snapshot name. Format: //sources//complianceSnapshots/
+        # Corresponds to the JSON property `name`
+        # @return [String]
+        attr_accessor :name
+        # The CRM resource display name that is closest to the snapshot the Findings
+        # belong to.
+        # Corresponds to the JSON property `projectDisplayName`
+        # @return [String]
+        attr_accessor :project_display_name
+        # The snapshot time of the snapshot.
+        # Corresponds to the JSON property `snapshotTime`
+        # @return [String]
+        attr_accessor :snapshot_time
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @category = args[:category] if args.key?(:category)
+          @compliance_standard = args[:compliance_standard] if args.key?(:compliance_standard)
+          @compliance_version = args[:compliance_version] if args.key?(:compliance_version)
+          @count = args[:count] if args.key?(:count)
+          @leaf_container_resource = args[:leaf_container_resource] if args.key?(:leaf_container_resource)
+          @name = args[:name] if args.key?(:name)
+          @project_display_name = args[:project_display_name] if args.key?(:project_display_name)
+          @snapshot_time = args[:snapshot_time] if args.key?(:snapshot_time)
+        end
+      end
       # Contains information about the IP connection associated with the finding.
       class Connection
         include Google::Apis::Core::Hashable
@@ -1698,6 +1802,11 @@ module Google
         # @return [Array<Google::Apis::SecuritycenterV1::LoadBalancer>]
         attr_accessor :load_balancers
+        # Log entries that are relevant to the finding.
+        # Corresponds to the JSON property `logEntries`
+        # @return [Array<Google::Apis::SecuritycenterV1::LogEntry>]
+        attr_accessor :log_entries
         # MITRE ATT&CK tactics and techniques related to this finding. See: https://
         # attack.mitre.org
         # Corresponds to the JSON property `mitreAttack`
@@ -1846,6 +1955,7 @@ module Google
           @kernel_rootkit = args[:kernel_rootkit] if args.key?(:kernel_rootkit)
           @kubernetes = args[:kubernetes] if args.key?(:kubernetes)
           @load_balancers = args[:load_balancers] if args.key?(:load_balancers)
+          @log_entries = args[:log_entries] if args.key?(:log_entries)
           @mitre_attack = args[:mitre_attack] if args.key?(:mitre_attack)
           @module_name = args[:module_name] if args.key?(:module_name)
           @mute = args[:mute] if args.key?(:mute)
@@ -3025,143 +3135,89 @@ module Google
         end
       end
-      # Request message for grouping by assets.
-      class GroupAssetsRequest
+      # Represents an access event.
+      class GoogleCloudSecuritycenterV2Access
         include Google::Apis::Core::Hashable
-        # When compare_duration is set, the GroupResult's "state_change" property is
-        # updated to indicate whether the asset was added, removed, or remained present
-        # during the compare_duration period of time that precedes the read_time. This
-        # is the time between (read_time - compare_duration) and read_time. The state
-        # change value is derived based on the presence of the asset at the two points
-        # in time. Intermediate state changes between the two times don't affect the
-        # result. For example, the results aren't affected if the asset is removed and
-        # re-created again. Possible "state_change" values when compare_duration is
-        # specified: * "ADDED": indicates that the asset was not present at the start of
-        # compare_duration, but present at reference_time. * "REMOVED": indicates that
-        # the asset was present at the start of compare_duration, but not present at
-        # reference_time. * "ACTIVE": indicates that the asset was present at both the
-        # start and the end of the time period defined by compare_duration and
-        # reference_time. If compare_duration is not specified, then the only possible
-        # state_change is "UNUSED", which will be the state_change set for all assets
-        # present at read_time. If this field is set then `state_change` must be a
-        # specified field in `group_by`.
-        # Corresponds to the JSON property `compareDuration`
+        # Caller's IP address, such as "1.1.1.1".
+        # Corresponds to the JSON property `callerIp`
         # @return [String]
-        attr_accessor :compare_duration
+        attr_accessor :caller_ip
-        # Expression that defines the filter to apply across assets. The expression is a
-        # list of zero or more restrictions combined via logical operators `AND` and `OR`
-        # . Parentheses are supported, and `OR` has higher precedence than `AND`.
-        # Restrictions have the form ` ` and may have a `-` character in front of them
-        # to indicate negation. The fields map to those defined in the Asset resource.
-        # Examples include: * name * security_center_properties.resource_name *
-        # resource_properties.a_property * security_marks.marks.marka The supported
-        # operators are: * `=` for all value types. * `>`, `<`, `>=`, `<=` for integer
-        # values. * `:`, meaning substring matching, for strings. The supported value
-        # types are: * string literals in quotes. * integer literals without quotes. *
-        # boolean literals `true` and `false` without quotes. The following field and
-        # operator combinations are supported: * name: `=` * update_time: `=`, `>`, `<`,
-        # `>=`, `<=` Usage: This should be milliseconds since epoch or an RFC3339 string.
-        # Examples: `update_time = "2019-06-10T16:07:18-07:00"` `update_time =
-        # 1560208038000` * create_time: `=`, `>`, `<`, `>=`, `<=` Usage: This should be
-        # milliseconds since epoch or an RFC3339 string. Examples: `create_time = "2019-
-        # 06-10T16:07:18-07:00"` `create_time = 1560208038000` * iam_policy.policy_blob:
-        # `=`, `:` * resource_properties: `=`, `:`, `>`, `<`, `>=`, `<=` *
-        # security_marks.marks: `=`, `:` * security_center_properties.resource_name: `=`,
-        # `:` * security_center_properties.resource_display_name: `=`, `:` *
-        # security_center_properties.resource_type: `=`, `:` *
-        # security_center_properties.resource_parent: `=`, `:` *
-        # security_center_properties.resource_parent_display_name: `=`, `:` *
-        # security_center_properties.resource_project: `=`, `:` *
-        # security_center_properties.resource_project_display_name: `=`, `:` *
-        # security_center_properties.resource_owners: `=`, `:` For example, `
-        # resource_properties.size = 100` is a valid filter string. Use a partial match
-        # on the empty string to filter based on a property existing: `
-        # resource_properties.my_property : ""` Use a negated partial match on the empty
-        # string to filter based on a property not existing: `-resource_properties.
-        # my_property : ""`
-        # Corresponds to the JSON property `filter`
-        # @return [String]
-        attr_accessor :filter
+        # Represents a geographical location for a given access.
+        # Corresponds to the JSON property `callerIpGeo`
+        # @return [Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2Geolocation]
+        attr_accessor :caller_ip_geo
-        # Required. Expression that defines what assets fields to use for grouping. The
-        # string value should follow SQL syntax: comma separated list of fields. For
-        # example: "security_center_properties.resource_project,
-        # security_center_properties.project". The following fields are supported when
-        # compare_duration is not set: * security_center_properties.resource_project *
-        # security_center_properties.resource_project_display_name *
-        # security_center_properties.resource_type * security_center_properties.
-        # resource_parent * security_center_properties.resource_parent_display_name The
-        # following fields are supported when compare_duration is set: *
-        # security_center_properties.resource_type * security_center_properties.
-        # resource_project_display_name * security_center_properties.
-        # resource_parent_display_name
-        # Corresponds to the JSON property `groupBy`
+        # The method that the service account called, e.g. "SetIamPolicy".
+        # Corresponds to the JSON property `methodName`
         # @return [String]
-        attr_accessor :group_by
-        # The maximum number of results to return in a single response. Default is 10,
-        # minimum is 1, maximum is 1000.
-        # Corresponds to the JSON property `pageSize`
-        # @return [Fixnum]
-        attr_accessor :page_size
+        attr_accessor :method_name
-        # The value returned by the last `GroupAssetsResponse`; indicates that this is a
-        # continuation of a prior `GroupAssets` call, and that the system should return
-        # the next page of data.
-        # Corresponds to the JSON property `pageToken`
+        # Associated email, such as "foo@google.com". The email address of the
+        # authenticated user or a service account acting on behalf of a third party
+        # principal making the request. For third party identity callers, the `
+        # principal_subject` field is populated instead of this field. For privacy
+        # reasons, the principal email address is sometimes redacted. For more
+        # information, see [Caller identities in audit logs](https://cloud.google.com/
+        # logging/docs/audit#user-id).
+        # Corresponds to the JSON property `principalEmail`
         # @return [String]
-        attr_accessor :page_token
+        attr_accessor :principal_email
-        # Time used as a reference point when filtering assets. The filter is limited to
-        # assets existing at the supplied time and their values are those at that
-        # specific time. Absence of this field will default to the API's version of NOW.
-        # Corresponds to the JSON property `readTime`
+        # A string that represents the principal_subject that is associated with the
+        # identity. Unlike `principal_email`, `principal_subject` supports principals
+        # that aren't associated with email addresses, such as third party principals.
+        # For most identities, the format is `principal://iam.googleapis.com/`identity
+        # pool name`/subject/`subject``. Some GKE identities, such as GKE_WORKLOAD,
+        # FREEFORM, and GKE_HUB_WORKLOAD, still use the legacy format `serviceAccount:`
+        # identity pool name`[`subject`]`.
+        # Corresponds to the JSON property `principalSubject`
         # @return [String]
-        attr_accessor :read_time
-        def initialize(**args)
-           update!(**args)
-        end
+        attr_accessor :principal_subject
-        # Update properties of this object
-        def update!(**args)
-          @compare_duration = args[:compare_duration] if args.key?(:compare_duration)
-          @filter = args[:filter] if args.key?(:filter)
-          @group_by = args[:group_by] if args.key?(:group_by)
-          @page_size = args[:page_size] if args.key?(:page_size)
-          @page_token = args[:page_token] if args.key?(:page_token)
-          @read_time = args[:read_time] if args.key?(:read_time)
-        end
-      end
+        # The identity delegation history of an authenticated service account that made
+        # the request. The `serviceAccountDelegationInfo[]` object contains information
+        # about the real authorities that try to access Google Cloud resources by
+        # delegating on a service account. When multiple authorities are present, they
+        # are guaranteed to be sorted based on the original ordering of the identity
+        # delegation events.
+        # Corresponds to the JSON property `serviceAccountDelegationInfo`
+        # @return [Array<Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2ServiceAccountDelegationInfo>]
+        attr_accessor :service_account_delegation_info
-      # Response message for grouping by assets.
-      class GroupAssetsResponse
-        include Google::Apis::Core::Hashable
+        # The name of the service account key that was used to create or exchange
+        # credentials when authenticating the service account that made the request.
+        # This is a scheme-less URI full resource name. For example: "//iam.googleapis.
+        # com/projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT`/keys/`key`".
+        # Corresponds to the JSON property `serviceAccountKeyName`
+        # @return [String]
+        attr_accessor :service_account_key_name
-        # Group results. There exists an element for each existing unique combination of
-        # property/values. The element contains a count for the number of times those
-        # specific property/values appear.
-        # Corresponds to the JSON property `groupByResults`
-        # @return [Array<Google::Apis::SecuritycenterV1::GroupResult>]
-        attr_accessor :group_by_results
+        # This is the API service that the service account made a call to, e.g. "iam.
+        # googleapis.com"
+        # Corresponds to the JSON property `serviceName`
+        # @return [String]
+        attr_accessor :service_name
-        # Token to retrieve the next page of results, or empty if there are no more
-        # results.
-        # Corresponds to the JSON property `nextPageToken`
+        # The caller's user agent string associated with the finding.
+        # Corresponds to the JSON property `userAgent`
         # @return [String]
-        attr_accessor :next_page_token
+        attr_accessor :user_agent
-        # Time used for executing the groupBy request.
-        # Corresponds to the JSON property `readTime`
+        # Type of user agent associated with the finding. For example, an operating
+        # system shell or an embedded or standalone application.
+        # Corresponds to the JSON property `userAgentFamily`
         # @return [String]
-        attr_accessor :read_time
+        attr_accessor :user_agent_family
-        # The total number of results matching the query.
-        # Corresponds to the JSON property `totalSize`
-        # @return [Fixnum]
-        attr_accessor :total_size
+        # A string that represents a username. The username provided depends on the type
+        # of the finding and is likely not an IAM principal. For example, this can be a
+        # system username if the finding is related to a virtual machine, or it can be
+        # an application login username.
+        # Corresponds to the JSON property `userName`
+        # @return [String]
+        attr_accessor :user_name
         def initialize(**args)
            update!(**args)
@@ -3169,14 +3225,2568 @@ module Google
         # Update properties of this object
         def update!(**args)
-          @group_by_results = args[:group_by_results] if args.key?(:group_by_results)
-          @next_page_token = args[:next_page_token] if args.key?(:next_page_token)
-          @read_time = args[:read_time] if args.key?(:read_time)
-          @total_size = args[:total_size] if args.key?(:total_size)
+          @caller_ip = args[:caller_ip] if args.key?(:caller_ip)
+          @caller_ip_geo = args[:caller_ip_geo] if args.key?(:caller_ip_geo)
+          @method_name = args[:method_name] if args.key?(:method_name)
+          @principal_email = args[:principal_email] if args.key?(:principal_email)
+          @principal_subject = args[:principal_subject] if args.key?(:principal_subject)
+          @service_account_delegation_info = args[:service_account_delegation_info] if args.key?(:service_account_delegation_info)
+          @service_account_key_name = args[:service_account_key_name] if args.key?(:service_account_key_name)
+          @service_name = args[:service_name] if args.key?(:service_name)
+          @user_agent = args[:user_agent] if args.key?(:user_agent)
+          @user_agent_family = args[:user_agent_family] if args.key?(:user_agent_family)
+          @user_name = args[:user_name] if args.key?(:user_name)
         end
       end
-      # Request message for grouping by findings.
+      # Conveys information about a Kubernetes access review (such as one returned by
+      # a [`kubectl auth can-i`](https://kubernetes.io/docs/reference/access-authn-
+      # authz/authorization/#checking-api-access) command) that was involved in a
+      # finding.
+      class GoogleCloudSecuritycenterV2AccessReview
+        include Google::Apis::Core::Hashable
+        # The API group of the resource. "*" means all.
+        # Corresponds to the JSON property `group`
+        # @return [String]
+        attr_accessor :group
+        # The name of the resource being requested. Empty means all.
+        # Corresponds to the JSON property `name`
+        # @return [String]
+        attr_accessor :name
+        # Namespace of the action being requested. Currently, there is no distinction
+        # between no namespace and all namespaces. Both are represented by "" (empty).
+        # Corresponds to the JSON property `ns`
+        # @return [String]
+        attr_accessor :ns
+        # The optional resource type requested. "*" means all.
+        # Corresponds to the JSON property `resource`
+        # @return [String]
+        attr_accessor :resource
+        # The optional subresource type.
+        # Corresponds to the JSON property `subresource`
+        # @return [String]
+        attr_accessor :subresource
+        # A Kubernetes resource API verb, like get, list, watch, create, update, delete,
+        # proxy. "*" means all.
+        # Corresponds to the JSON property `verb`
+        # @return [String]
+        attr_accessor :verb
+        # The API version of the resource. "*" means all.
+        # Corresponds to the JSON property `version`
+        # @return [String]
+        attr_accessor :version
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @group = args[:group] if args.key?(:group)
+          @name = args[:name] if args.key?(:name)
+          @ns = args[:ns] if args.key?(:ns)
+          @resource = args[:resource] if args.key?(:resource)
+          @subresource = args[:subresource] if args.key?(:subresource)
+          @verb = args[:verb] if args.key?(:verb)
+          @version = args[:version] if args.key?(:version)
+        end
+      end
+      # An attack exposure contains the results of an attack path simulation run.
+      class GoogleCloudSecuritycenterV2AttackExposure
+        include Google::Apis::Core::Hashable
+        # The resource name of the attack path simulation result that contains the
+        # details regarding this attack exposure score. Example: organizations/123/
+        # attackExposureResults/456
+        # Corresponds to the JSON property `attackExposureResult`
+        # @return [String]
+        attr_accessor :attack_exposure_result
+        # The number of high value resources that are exposed as a result of this
+        # finding.
+        # Corresponds to the JSON property `exposedHighValueResourcesCount`
+        # @return [Fixnum]
+        attr_accessor :exposed_high_value_resources_count
+        # The number of high value resources that are exposed as a result of this
+        # finding.
+        # Corresponds to the JSON property `exposedLowValueResourcesCount`
+        # @return [Fixnum]
+        attr_accessor :exposed_low_value_resources_count
+        # The number of medium value resources that are exposed as a result of this
+        # finding.
+        # Corresponds to the JSON property `exposedMediumValueResourcesCount`
+        # @return [Fixnum]
+        attr_accessor :exposed_medium_value_resources_count
+        # The most recent time the attack exposure was updated on this finding.
+        # Corresponds to the JSON property `latestCalculationTime`
+        # @return [String]
+        attr_accessor :latest_calculation_time
+        # A number between 0 (inclusive) and infinity that represents how important this
+        # finding is to remediate. The higher the score, the more important it is to
+        # remediate.
+        # Corresponds to the JSON property `score`
+        # @return [Float]
+        attr_accessor :score
+        # Output only. What state this AttackExposure is in. This captures whether or
+        # not an attack exposure has been calculated or not.
+        # Corresponds to the JSON property `state`
+        # @return [String]
+        attr_accessor :state
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @attack_exposure_result = args[:attack_exposure_result] if args.key?(:attack_exposure_result)
+          @exposed_high_value_resources_count = args[:exposed_high_value_resources_count] if args.key?(:exposed_high_value_resources_count)
+          @exposed_low_value_resources_count = args[:exposed_low_value_resources_count] if args.key?(:exposed_low_value_resources_count)
+          @exposed_medium_value_resources_count = args[:exposed_medium_value_resources_count] if args.key?(:exposed_medium_value_resources_count)
+          @latest_calculation_time = args[:latest_calculation_time] if args.key?(:latest_calculation_time)
+          @score = args[:score] if args.key?(:score)
+          @state = args[:state] if args.key?(:state)
+        end
+      end
+      # Configures how to deliver Findings to BigQuery Instance.
+      class GoogleCloudSecuritycenterV2BigQueryExport
+        include Google::Apis::Core::Hashable
+        # Output only. The time at which the BigQuery export was created. This field is
+        # set by the server and will be ignored if provided on export on creation.
+        # Corresponds to the JSON property `createTime`
+        # @return [String]
+        attr_accessor :create_time
+        # The dataset to write findings' updates to. Its format is "projects/[project_id]
+        # /datasets/[bigquery_dataset_id]". BigQuery Dataset unique ID must contain only
+        # letters (a-z, A-Z), numbers (0-9), or underscores (_).
+        # Corresponds to the JSON property `dataset`
+        # @return [String]
+        attr_accessor :dataset
+        # The description of the export (max of 1024 characters).
+        # Corresponds to the JSON property `description`
+        # @return [String]
+        attr_accessor :description
+        # Expression that defines the filter to apply across create/update events of
+        # findings. The expression is a list of zero or more restrictions combined via
+        # logical operators `AND` and `OR`. Parentheses are supported, and `OR` has
+        # higher precedence than `AND`. Restrictions have the form ` ` and may have a `-`
+        # character in front of them to indicate negation. The fields map to those
+        # defined in the corresponding resource. The supported operators are: * `=` for
+        # all value types. * `>`, `<`, `>=`, `<=` for integer values. * `:`, meaning
+        # substring matching, for strings. The supported value types are: * string
+        # literals in quotes. * integer literals without quotes. * boolean literals `
+        # true` and `false` without quotes.
+        # Corresponds to the JSON property `filter`
+        # @return [String]
+        attr_accessor :filter
+        # Output only. Email address of the user who last edited the BigQuery export.
+        # This field is set by the server and will be ignored if provided on export
+        # creation or update.
+        # Corresponds to the JSON property `mostRecentEditor`
+        # @return [String]
+        attr_accessor :most_recent_editor
+        # The relative resource name of this export. See: https://cloud.google.com/apis/
+        # design/resource_names#relative_resource_name. The following list shows some
+        # examples: + `organizations/`organization_id`/locations/`location_id`/
+        # bigQueryExports/`export_id`` + `folders/`folder_id`/locations/`location_id`/
+        # bigQueryExports/`export_id`` + `projects/`project_id`/locations/`location_id`/
+        # bigQueryExports/`export_id`` This field is provided in responses, and is
+        # ignored when provided in create requests.
+        # Corresponds to the JSON property `name`
+        # @return [String]
+        attr_accessor :name
+        # Output only. The service account that needs permission to create table and
+        # upload data to the BigQuery dataset.
+        # Corresponds to the JSON property `principal`
+        # @return [String]
+        attr_accessor :principal
+        # Output only. The most recent time at which the BigQuery export was updated.
+        # This field is set by the server and will be ignored if provided on export
+        # creation or update.
+        # Corresponds to the JSON property `updateTime`
+        # @return [String]
+        attr_accessor :update_time
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @create_time = args[:create_time] if args.key?(:create_time)
+          @dataset = args[:dataset] if args.key?(:dataset)
+          @description = args[:description] if args.key?(:description)
+          @filter = args[:filter] if args.key?(:filter)
+          @most_recent_editor = args[:most_recent_editor] if args.key?(:most_recent_editor)
+          @name = args[:name] if args.key?(:name)
+          @principal = args[:principal] if args.key?(:principal)
+          @update_time = args[:update_time] if args.key?(:update_time)
+        end
+      end
+      # Represents a Kubernetes RoleBinding or ClusterRoleBinding.
+      class GoogleCloudSecuritycenterV2Binding
+        include Google::Apis::Core::Hashable
+        # Name for the binding.
+        # Corresponds to the JSON property `name`
+        # @return [String]
+        attr_accessor :name
+        # Namespace for the binding.
+        # Corresponds to the JSON property `ns`
+        # @return [String]
+        attr_accessor :ns
+        # Kubernetes Role or ClusterRole.
+        # Corresponds to the JSON property `role`
+        # @return [Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2Role]
+        attr_accessor :role
+        # Represents one or more subjects that are bound to the role. Not always
+        # available for PATCH requests.
+        # Corresponds to the JSON property `subjects`
+        # @return [Array<Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2Subject>]
+        attr_accessor :subjects
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @name = args[:name] if args.key?(:name)
+          @ns = args[:ns] if args.key?(:ns)
+          @role = args[:role] if args.key?(:role)
+          @subjects = args[:subjects] if args.key?(:subjects)
+        end
+      end
+      # The response to a BulkMute request. Contains the LRO information.
+      class GoogleCloudSecuritycenterV2BulkMuteFindingsResponse
+        include Google::Apis::Core::Hashable
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+        end
+      end
+      # The [data profile](https://cloud.google.com/dlp/docs/data-profiles) associated
+      # with the finding.
+      class GoogleCloudSecuritycenterV2CloudDlpDataProfile
+        include Google::Apis::Core::Hashable
+        # Name of the data profile, for example, `projects/123/locations/europe/
+        # tableProfiles/8383929`.
+        # Corresponds to the JSON property `dataProfile`
+        # @return [String]
+        attr_accessor :data_profile
+        # The resource hierarchy level at which the data profile was generated.
+        # Corresponds to the JSON property `parentType`
+        # @return [String]
+        attr_accessor :parent_type
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @data_profile = args[:data_profile] if args.key?(:data_profile)
+          @parent_type = args[:parent_type] if args.key?(:parent_type)
+        end
+      end
+      # Details about the Cloud Data Loss Prevention (Cloud DLP) [inspection job](
+      # https://cloud.google.com/dlp/docs/concepts-job-triggers) that produced the
+      # finding.
+      class GoogleCloudSecuritycenterV2CloudDlpInspection
+        include Google::Apis::Core::Hashable
+        # Whether Cloud DLP scanned the complete resource or a sampled subset.
+        # Corresponds to the JSON property `fullScan`
+        # @return [Boolean]
+        attr_accessor :full_scan
+        alias_method :full_scan?, :full_scan
+        # The type of information (or *[infoType](https://cloud.google.com/dlp/docs/
+        # infotypes-reference)*) found, for example, `EMAIL_ADDRESS` or `STREET_ADDRESS`.
+        # Corresponds to the JSON property `infoType`
+        # @return [String]
+        attr_accessor :info_type
+        # The number of times Cloud DLP found this infoType within this job and resource.
+        # Corresponds to the JSON property `infoTypeCount`
+        # @return [Fixnum]
+        attr_accessor :info_type_count
+        # Name of the inspection job, for example, `projects/123/locations/europe/
+        # dlpJobs/i-8383929`.
+        # Corresponds to the JSON property `inspectJob`
+        # @return [String]
+        attr_accessor :inspect_job
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @full_scan = args[:full_scan] if args.key?(:full_scan)
+          @info_type = args[:info_type] if args.key?(:info_type)
+          @info_type_count = args[:info_type_count] if args.key?(:info_type_count)
+          @inspect_job = args[:inspect_job] if args.key?(:inspect_job)
+        end
+      end
+      # Metadata taken from a [Cloud Logging LogEntry](https://cloud.google.com/
+      # logging/docs/reference/v2/rest/v2/LogEntry)
+      class GoogleCloudSecuritycenterV2CloudLoggingEntry
+        include Google::Apis::Core::Hashable
+        # A unique identifier for the log entry.
+        # Corresponds to the JSON property `insertId`
+        # @return [String]
+        attr_accessor :insert_id
+        # The type of the log (part of `log_name`. `log_name` is the resource name of
+        # the log to which this log entry belongs). For example: `cloudresourcemanager.
+        # googleapis.com/activity` Note that this field is not URL-encoded, unlike in `
+        # LogEntry`.
+        # Corresponds to the JSON property `logId`
+        # @return [String]
+        attr_accessor :log_id
+        # The organization, folder, or project of the monitored resource that produced
+        # this log entry.
+        # Corresponds to the JSON property `resourceContainer`
+        # @return [String]
+        attr_accessor :resource_container
+        # The time the event described by the log entry occurred.
+        # Corresponds to the JSON property `timestamp`
+        # @return [String]
+        attr_accessor :timestamp
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @insert_id = args[:insert_id] if args.key?(:insert_id)
+          @log_id = args[:log_id] if args.key?(:log_id)
+          @resource_container = args[:resource_container] if args.key?(:resource_container)
+          @timestamp = args[:timestamp] if args.key?(:timestamp)
+        end
+      end
+      # Contains compliance information about a security standard indicating unmet
+      # recommendations.
+      class GoogleCloudSecuritycenterV2Compliance
+        include Google::Apis::Core::Hashable
+        # Policies within the standard or benchmark, for example, A.12.4.1
+        # Corresponds to the JSON property `ids`
+        # @return [Array<String>]
+        attr_accessor :ids
+        # Industry-wide compliance standards or benchmarks, such as CIS, PCI, and OWASP.
+        # Corresponds to the JSON property `standard`
+        # @return [String]
+        attr_accessor :standard
+        # Version of the standard or benchmark, for example, 1.1
+        # Corresponds to the JSON property `version`
+        # @return [String]
+        attr_accessor :version
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @ids = args[:ids] if args.key?(:ids)
+          @standard = args[:standard] if args.key?(:standard)
+          @version = args[:version] if args.key?(:version)
+        end
+      end
+      # Contains information about the IP connection associated with the finding.
+      class GoogleCloudSecuritycenterV2Connection
+        include Google::Apis::Core::Hashable
+        # Destination IP address. Not present for sockets that are listening and not
+        # connected.
+        # Corresponds to the JSON property `destinationIp`
+        # @return [String]
+        attr_accessor :destination_ip
+        # Destination port. Not present for sockets that are listening and not connected.
+        # Corresponds to the JSON property `destinationPort`
+        # @return [Fixnum]
+        attr_accessor :destination_port
+        # IANA Internet Protocol Number such as TCP(6) and UDP(17).
+        # Corresponds to the JSON property `protocol`
+        # @return [String]
+        attr_accessor :protocol
+        # Source IP address.
+        # Corresponds to the JSON property `sourceIp`
+        # @return [String]
+        attr_accessor :source_ip
+        # Source port.
+        # Corresponds to the JSON property `sourcePort`
+        # @return [Fixnum]
+        attr_accessor :source_port
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @destination_ip = args[:destination_ip] if args.key?(:destination_ip)
+          @destination_port = args[:destination_port] if args.key?(:destination_port)
+          @protocol = args[:protocol] if args.key?(:protocol)
+          @source_ip = args[:source_ip] if args.key?(:source_ip)
+          @source_port = args[:source_port] if args.key?(:source_port)
+        end
+      end
+      # The email address of a contact.
+      class GoogleCloudSecuritycenterV2Contact
+        include Google::Apis::Core::Hashable
+        # An email address. For example, "`person123@company.com`".
+        # Corresponds to the JSON property `email`
+        # @return [String]
+        attr_accessor :email
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @email = args[:email] if args.key?(:email)
+        end
+      end
+      # Details about specific contacts
+      class GoogleCloudSecuritycenterV2ContactDetails
+        include Google::Apis::Core::Hashable
+        # A list of contacts
+        # Corresponds to the JSON property `contacts`
+        # @return [Array<Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2Contact>]
+        attr_accessor :contacts
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @contacts = args[:contacts] if args.key?(:contacts)
+        end
+      end
+      # Container associated with the finding.
+      class GoogleCloudSecuritycenterV2Container
+        include Google::Apis::Core::Hashable
+        # The time that the container was created.
+        # Corresponds to the JSON property `createTime`
+        # @return [String]
+        attr_accessor :create_time
+        # Optional container image ID, if provided by the container runtime. Uniquely
+        # identifies the container image launched using a container image digest.
+        # Corresponds to the JSON property `imageId`
+        # @return [String]
+        attr_accessor :image_id
+        # Container labels, as provided by the container runtime.
+        # Corresponds to the JSON property `labels`
+        # @return [Array<Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2Label>]
+        attr_accessor :labels
+        # Name of the container.
+        # Corresponds to the JSON property `name`
+        # @return [String]
+        attr_accessor :name
+        # Container image URI provided when configuring a pod or container. This string
+        # can identify a container image version using mutable tags.
+        # Corresponds to the JSON property `uri`
+        # @return [String]
+        attr_accessor :uri
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @create_time = args[:create_time] if args.key?(:create_time)
+          @image_id = args[:image_id] if args.key?(:image_id)
+          @labels = args[:labels] if args.key?(:labels)
+          @name = args[:name] if args.key?(:name)
+          @uri = args[:uri] if args.key?(:uri)
+        end
+      end
+      # CVE stands for Common Vulnerabilities and Exposures. More information: https://
+      # cve.mitre.org
+      class GoogleCloudSecuritycenterV2Cve
+        include Google::Apis::Core::Hashable
+        # Common Vulnerability Scoring System version 3.
+        # Corresponds to the JSON property `cvssv3`
+        # @return [Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2Cvssv3]
+        attr_accessor :cvssv3
+        # The unique identifier for the vulnerability. e.g. CVE-2021-34527
+        # Corresponds to the JSON property `id`
+        # @return [String]
+        attr_accessor :id
+        # Additional information about the CVE. e.g. https://cve.mitre.org/cgi-bin/
+        # cvename.cgi?name=CVE-2021-34527
+        # Corresponds to the JSON property `references`
+        # @return [Array<Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2Reference>]
+        attr_accessor :references
+        # Whether upstream fix is available for the CVE.
+        # Corresponds to the JSON property `upstreamFixAvailable`
+        # @return [Boolean]
+        attr_accessor :upstream_fix_available
+        alias_method :upstream_fix_available?, :upstream_fix_available
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @cvssv3 = args[:cvssv3] if args.key?(:cvssv3)
+          @id = args[:id] if args.key?(:id)
+          @references = args[:references] if args.key?(:references)
+          @upstream_fix_available = args[:upstream_fix_available] if args.key?(:upstream_fix_available)
+        end
+      end
+      # Common Vulnerability Scoring System version 3.
+      class GoogleCloudSecuritycenterV2Cvssv3
+        include Google::Apis::Core::Hashable
+        # This metric describes the conditions beyond the attacker's control that must
+        # exist in order to exploit the vulnerability.
+        # Corresponds to the JSON property `attackComplexity`
+        # @return [String]
+        attr_accessor :attack_complexity
+        # Base Metrics Represents the intrinsic characteristics of a vulnerability that
+        # are constant over time and across user environments. This metric reflects the
+        # context by which vulnerability exploitation is possible.
+        # Corresponds to the JSON property `attackVector`
+        # @return [String]
+        attr_accessor :attack_vector
+        # This metric measures the impact to the availability of the impacted component
+        # resulting from a successfully exploited vulnerability.
+        # Corresponds to the JSON property `availabilityImpact`
+        # @return [String]
+        attr_accessor :availability_impact
+        # The base score is a function of the base metric scores.
+        # Corresponds to the JSON property `baseScore`
+        # @return [Float]
+        attr_accessor :base_score
+        # This metric measures the impact to the confidentiality of the information
+        # resources managed by a software component due to a successfully exploited
+        # vulnerability.
+        # Corresponds to the JSON property `confidentialityImpact`
+        # @return [String]
+        attr_accessor :confidentiality_impact
+        # This metric measures the impact to integrity of a successfully exploited
+        # vulnerability.
+        # Corresponds to the JSON property `integrityImpact`
+        # @return [String]
+        attr_accessor :integrity_impact
+        # This metric describes the level of privileges an attacker must possess before
+        # successfully exploiting the vulnerability.
+        # Corresponds to the JSON property `privilegesRequired`
+        # @return [String]
+        attr_accessor :privileges_required
+        # The Scope metric captures whether a vulnerability in one vulnerable component
+        # impacts resources in components beyond its security scope.
+        # Corresponds to the JSON property `scope`
+        # @return [String]
+        attr_accessor :scope
+        # This metric captures the requirement for a human user, other than the attacker,
+        # to participate in the successful compromise of the vulnerable component.
+        # Corresponds to the JSON property `userInteraction`
+        # @return [String]
+        attr_accessor :user_interaction
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @attack_complexity = args[:attack_complexity] if args.key?(:attack_complexity)
+          @attack_vector = args[:attack_vector] if args.key?(:attack_vector)
+          @availability_impact = args[:availability_impact] if args.key?(:availability_impact)
+          @base_score = args[:base_score] if args.key?(:base_score)
+          @confidentiality_impact = args[:confidentiality_impact] if args.key?(:confidentiality_impact)
+          @integrity_impact = args[:integrity_impact] if args.key?(:integrity_impact)
+          @privileges_required = args[:privileges_required] if args.key?(:privileges_required)
+          @scope = args[:scope] if args.key?(:scope)
+          @user_interaction = args[:user_interaction] if args.key?(:user_interaction)
+        end
+      end
+      # Represents database access information, such as queries. A database may be a
+      # sub-resource of an instance (as in the case of Cloud SQL instances or Cloud
+      # Spanner instances), or the database instance itself. Some database resources
+      # might not have the [full resource name](https://google.aip.dev/122#full-
+      # resource-names) populated because these resource types, such as Cloud SQL
+      # databases, are not yet supported by Cloud Asset Inventory. In these cases only
+      # the display name is provided.
+      class GoogleCloudSecuritycenterV2Database
+        include Google::Apis::Core::Hashable
+        # The human-readable name of the database that the user connected to.
+        # Corresponds to the JSON property `displayName`
+        # @return [String]
+        attr_accessor :display_name
+        # The target usernames, roles, or groups of an SQL privilege grant, which is not
+        # an IAM policy change.
+        # Corresponds to the JSON property `grantees`
+        # @return [Array<String>]
+        attr_accessor :grantees
+        # Some database resources may not have the [full resource name](https://google.
+        # aip.dev/122#full-resource-names) populated because these resource types are
+        # not yet supported by Cloud Asset Inventory (e.g. Cloud SQL databases). In
+        # these cases only the display name will be provided. The [full resource name](
+        # https://google.aip.dev/122#full-resource-names) of the database that the user
+        # connected to, if it is supported by Cloud Asset Inventory.
+        # Corresponds to the JSON property `name`
+        # @return [String]
+        attr_accessor :name
+        # The SQL statement that is associated with the database access.
+        # Corresponds to the JSON property `query`
+        # @return [String]
+        attr_accessor :query
+        # The username used to connect to the database. The username might not be an IAM
+        # principal and does not have a set format.
+        # Corresponds to the JSON property `userName`
+        # @return [String]
+        attr_accessor :user_name
+        # The version of the database, for example, POSTGRES_14. See [the complete list](
+        # https://cloud.google.com/sql/docs/mysql/admin-api/rest/v1/SqlDatabaseVersion).
+        # Corresponds to the JSON property `version`
+        # @return [String]
+        attr_accessor :version
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @display_name = args[:display_name] if args.key?(:display_name)
+          @grantees = args[:grantees] if args.key?(:grantees)
+          @name = args[:name] if args.key?(:name)
+          @query = args[:query] if args.key?(:query)
+          @user_name = args[:user_name] if args.key?(:user_name)
+          @version = args[:version] if args.key?(:version)
+        end
+      end
+      # Memory hash detection contributing to the binary family match.
+      class GoogleCloudSecuritycenterV2Detection
+        include Google::Apis::Core::Hashable
+        # The name of the binary associated with the memory hash signature detection.
+        # Corresponds to the JSON property `binary`
+        # @return [String]
+        attr_accessor :binary
+        # The percentage of memory page hashes in the signature that were matched.
+        # Corresponds to the JSON property `percentPagesMatched`
+        # @return [Float]
+        attr_accessor :percent_pages_matched
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @binary = args[:binary] if args.key?(:binary)
+          @percent_pages_matched = args[:percent_pages_matched] if args.key?(:percent_pages_matched)
+        end
+      end
+      # A name-value pair representing an environment variable used in an operating
+      # system process.
+      class GoogleCloudSecuritycenterV2EnvironmentVariable
+        include Google::Apis::Core::Hashable
+        # Environment variable name as a JSON encoded string.
+        # Corresponds to the JSON property `name`
+        # @return [String]
+        attr_accessor :name
+        # Environment variable value as a JSON encoded string.
+        # Corresponds to the JSON property `val`
+        # @return [String]
+        attr_accessor :val
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @name = args[:name] if args.key?(:name)
+          @val = args[:val] if args.key?(:val)
+        end
+      end
+      # Resource where data was exfiltrated from or exfiltrated to.
+      class GoogleCloudSecuritycenterV2ExfilResource
+        include Google::Apis::Core::Hashable
+        # Subcomponents of the asset that was exfiltrated, like URIs used during
+        # exfiltration, table names, databases, and filenames. For example, multiple
+        # tables might have been exfiltrated from the same Cloud SQL instance, or
+        # multiple files might have been exfiltrated from the same Cloud Storage bucket.
+        # Corresponds to the JSON property `components`
+        # @return [Array<String>]
+        attr_accessor :components
+        # The resource's [full resource name](https://cloud.google.com/apis/design/
+        # resource_names#full_resource_name).
+        # Corresponds to the JSON property `name`
+        # @return [String]
+        attr_accessor :name
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @components = args[:components] if args.key?(:components)
+          @name = args[:name] if args.key?(:name)
+        end
+      end
+      # Exfiltration represents a data exfiltration attempt from one or more sources
+      # to one or more targets. The `sources` attribute lists the sources of the
+      # exfiltrated data. The `targets` attribute lists the destinations the data was
+      # copied to.
+      class GoogleCloudSecuritycenterV2Exfiltration
+        include Google::Apis::Core::Hashable
+        # If there are multiple sources, then the data is considered "joined" between
+        # them. For instance, BigQuery can join multiple tables, and each table would be
+        # considered a source.
+        # Corresponds to the JSON property `sources`
+        # @return [Array<Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2ExfilResource>]
+        attr_accessor :sources
+        # If there are multiple targets, each target would get a complete copy of the "
+        # joined" source data.
+        # Corresponds to the JSON property `targets`
+        # @return [Array<Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2ExfilResource>]
+        attr_accessor :targets
+        # Total exfiltrated bytes processed for the entire job.
+        # Corresponds to the JSON property `totalExfiltratedBytes`
+        # @return [Fixnum]
+        attr_accessor :total_exfiltrated_bytes
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @sources = args[:sources] if args.key?(:sources)
+          @targets = args[:targets] if args.key?(:targets)
+          @total_exfiltrated_bytes = args[:total_exfiltrated_bytes] if args.key?(:total_exfiltrated_bytes)
+        end
+      end
+      # Representation of third party SIEM/SOAR fields within SCC.
+      class GoogleCloudSecuritycenterV2ExternalSystem
+        include Google::Apis::Core::Hashable
+        # References primary/secondary etc assignees in the external system.
+        # Corresponds to the JSON property `assignees`
+        # @return [Array<String>]
+        attr_accessor :assignees
+        # The time when the case was last updated, as reported by the external system.
+        # Corresponds to the JSON property `externalSystemUpdateTime`
+        # @return [String]
+        attr_accessor :external_system_update_time
+        # The identifier that's used to track the finding's corresponding case in the
+        # external system.
+        # Corresponds to the JSON property `externalUid`
+        # @return [String]
+        attr_accessor :external_uid
+        # Full resource name of the external system. The following list shows some
+        # examples: + `organizations/1234/sources/5678/findings/123456/externalSystems/
+        # jira` + `organizations/1234/sources/5678/locations/us/findings/123456/
+        # externalSystems/jira` + `folders/1234/sources/5678/findings/123456/
+        # externalSystems/jira` + `folders/1234/sources/5678/locations/us/findings/
+        # 123456/externalSystems/jira` + `projects/1234/sources/5678/findings/123456/
+        # externalSystems/jira` + `projects/1234/sources/5678/locations/us/findings/
+        # 123456/externalSystems/jira`
+        # Corresponds to the JSON property `name`
+        # @return [String]
+        attr_accessor :name
+        # The most recent status of the finding's corresponding case, as reported by the
+        # external system.
+        # Corresponds to the JSON property `status`
+        # @return [String]
+        attr_accessor :status
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @assignees = args[:assignees] if args.key?(:assignees)
+          @external_system_update_time = args[:external_system_update_time] if args.key?(:external_system_update_time)
+          @external_uid = args[:external_uid] if args.key?(:external_uid)
+          @name = args[:name] if args.key?(:name)
+          @status = args[:status] if args.key?(:status)
+        end
+      end
+      # File information about the related binary/library used by an executable, or
+      # the script used by a script interpreter
+      class GoogleCloudSecuritycenterV2File
+        include Google::Apis::Core::Hashable
+        # Prefix of the file contents as a JSON-encoded string.
+        # Corresponds to the JSON property `contents`
+        # @return [String]
+        attr_accessor :contents
+        # The length in bytes of the file prefix that was hashed. If hashed_size == size,
+        # any hashes reported represent the entire file.
+        # Corresponds to the JSON property `hashedSize`
+        # @return [Fixnum]
+        attr_accessor :hashed_size
+        # True when the hash covers only a prefix of the file.
+        # Corresponds to the JSON property `partiallyHashed`
+        # @return [Boolean]
+        attr_accessor :partially_hashed
+        alias_method :partially_hashed?, :partially_hashed
+        # Absolute path of the file as a JSON encoded string.
+        # Corresponds to the JSON property `path`
+        # @return [String]
+        attr_accessor :path
+        # SHA256 hash of the first hashed_size bytes of the file encoded as a hex string.
+        # If hashed_size == size, sha256 represents the SHA256 hash of the entire file.
+        # Corresponds to the JSON property `sha256`
+        # @return [String]
+        attr_accessor :sha256
+        # Size of the file in bytes.
+        # Corresponds to the JSON property `size`
+        # @return [Fixnum]
+        attr_accessor :size
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @contents = args[:contents] if args.key?(:contents)
+          @hashed_size = args[:hashed_size] if args.key?(:hashed_size)
+          @partially_hashed = args[:partially_hashed] if args.key?(:partially_hashed)
+          @path = args[:path] if args.key?(:path)
+          @sha256 = args[:sha256] if args.key?(:sha256)
+          @size = args[:size] if args.key?(:size)
+        end
+      end
+      # Security Command Center finding. A finding is a record of assessment data like
+      # security, risk, health, or privacy, that is ingested into Security Command
+      # Center for presentation, notification, analysis, policy testing, and
+      # enforcement. For example, a cross-site scripting (XSS) vulnerability in an App
+      # Engine application is a finding.
+      class GoogleCloudSecuritycenterV2Finding
+        include Google::Apis::Core::Hashable
+        # Represents an access event.
+        # Corresponds to the JSON property `access`
+        # @return [Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2Access]
+        attr_accessor :access
+        # An attack exposure contains the results of an attack path simulation run.
+        # Corresponds to the JSON property `attackExposure`
+        # @return [Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2AttackExposure]
+        attr_accessor :attack_exposure
+        # Output only. The canonical name of the finding. The following list shows some
+        # examples: + `organizations/`organization_id`/sources/`source_id`/findings/`
+        # finding_id`` + `organizations/`organization_id`/sources/`source_id`/locations/`
+        # location_id`/findings/`finding_id`` + `folders/`folder_id`/sources/`source_id`/
+        # findings/`finding_id`` + `folders/`folder_id`/sources/`source_id`/locations/`
+        # location_id`/findings/`finding_id`` + `projects/`project_id`/sources/`
+        # source_id`/findings/`finding_id`` + `projects/`project_id`/sources/`source_id`/
+        # locations/`location_id`/findings/`finding_id`` The prefix is the closest CRM
+        # ancestor of the resource associated with the finding.
+        # Corresponds to the JSON property `canonicalName`
+        # @return [String]
+        attr_accessor :canonical_name
+        # Immutable. The additional taxonomy group within findings from a given source.
+        # Example: "XSS_FLASH_INJECTION"
+        # Corresponds to the JSON property `category`
+        # @return [String]
+        attr_accessor :category
+        # The [data profile](https://cloud.google.com/dlp/docs/data-profiles) associated
+        # with the finding.
+        # Corresponds to the JSON property `cloudDlpDataProfile`
+        # @return [Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2CloudDlpDataProfile]
+        attr_accessor :cloud_dlp_data_profile
+        # Details about the Cloud Data Loss Prevention (Cloud DLP) [inspection job](
+        # https://cloud.google.com/dlp/docs/concepts-job-triggers) that produced the
+        # finding.
+        # Corresponds to the JSON property `cloudDlpInspection`
+        # @return [Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2CloudDlpInspection]
+        attr_accessor :cloud_dlp_inspection
+        # Contains compliance information for security standards associated to the
+        # finding.
+        # Corresponds to the JSON property `compliances`
+        # @return [Array<Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2Compliance>]
+        attr_accessor :compliances
+        # Contains information about the IP connection associated with the finding.
+        # Corresponds to the JSON property `connections`
+        # @return [Array<Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2Connection>]
+        attr_accessor :connections
+        # Output only. Map containing the points of contact for the given finding. The
+        # key represents the type of contact, while the value contains a list of all the
+        # contacts that pertain. Please refer to: https://cloud.google.com/resource-
+        # manager/docs/managing-notification-contacts#notification-categories ` "
+        # security": ` "contacts": [ ` "email": "person1@company.com" `, ` "email": "
+        # person2@company.com" ` ] ` `
+        # Corresponds to the JSON property `contacts`
+        # @return [Hash<String,Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2ContactDetails>]
+        attr_accessor :contacts
+        # Containers associated with the finding. This field provides information for
+        # both Kubernetes and non-Kubernetes containers.
+        # Corresponds to the JSON property `containers`
+        # @return [Array<Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2Container>]
+        attr_accessor :containers
+        # Output only. The time at which the finding was created in Security Command
+        # Center.
+        # Corresponds to the JSON property `createTime`
+        # @return [String]
+        attr_accessor :create_time
+        # Represents database access information, such as queries. A database may be a
+        # sub-resource of an instance (as in the case of Cloud SQL instances or Cloud
+        # Spanner instances), or the database instance itself. Some database resources
+        # might not have the [full resource name](https://google.aip.dev/122#full-
+        # resource-names) populated because these resource types, such as Cloud SQL
+        # databases, are not yet supported by Cloud Asset Inventory. In these cases only
+        # the display name is provided.
+        # Corresponds to the JSON property `database`
+        # @return [Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2Database]
+        attr_accessor :database
+        # Contains more details about the finding.
+        # Corresponds to the JSON property `description`
+        # @return [String]
+        attr_accessor :description
+        # The time the finding was first detected. If an existing finding is updated,
+        # then this is the time the update occurred. For example, if the finding
+        # represents an open firewall, this property captures the time the detector
+        # believes the firewall became open. The accuracy is determined by the detector.
+        # If the finding is later resolved, then this time reflects when the finding was
+        # resolved. This must not be set to a value greater than the current timestamp.
+        # Corresponds to the JSON property `eventTime`
+        # @return [String]
+        attr_accessor :event_time
+        # Exfiltration represents a data exfiltration attempt from one or more sources
+        # to one or more targets. The `sources` attribute lists the sources of the
+        # exfiltrated data. The `targets` attribute lists the destinations the data was
+        # copied to.
+        # Corresponds to the JSON property `exfiltration`
+        # @return [Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2Exfiltration]
+        attr_accessor :exfiltration
+        # Output only. Third party SIEM/SOAR fields within SCC, contains external system
+        # information and external system finding fields.
+        # Corresponds to the JSON property `externalSystems`
+        # @return [Hash<String,Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2ExternalSystem>]
+        attr_accessor :external_systems
+        # The URI that, if available, points to a web page outside of Security Command
+        # Center where additional information about the finding can be found. This field
+        # is guaranteed to be either empty or a well formed URL.
+        # Corresponds to the JSON property `externalUri`
+        # @return [String]
+        attr_accessor :external_uri
+        # File associated with the finding.
+        # Corresponds to the JSON property `files`
+        # @return [Array<Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2File>]
+        attr_accessor :files
+        # The class of the finding.
+        # Corresponds to the JSON property `findingClass`
+        # @return [String]
+        attr_accessor :finding_class
+        # Represents IAM bindings associated with the finding.
+        # Corresponds to the JSON property `iamBindings`
+        # @return [Array<Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2IamBinding>]
+        attr_accessor :iam_bindings
+        # Represents what's commonly known as an _indicator of compromise_ (IoC) in
+        # computer forensics. This is an artifact observed on a network or in an
+        # operating system that, with high confidence, indicates a computer intrusion.
+        # For more information, see [Indicator of compromise](https://en.wikipedia.org/
+        # wiki/Indicator_of_compromise).
+        # Corresponds to the JSON property `indicator`
+        # @return [Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2Indicator]
+        attr_accessor :indicator
+        # Kernel mode rootkit signatures.
+        # Corresponds to the JSON property `kernelRootkit`
+        # @return [Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2KernelRootkit]
+        attr_accessor :kernel_rootkit
+        # Kubernetes-related attributes.
+        # Corresponds to the JSON property `kubernetes`
+        # @return [Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2Kubernetes]
+        attr_accessor :kubernetes
+        # The load balancers associated with the finding.
+        # Corresponds to the JSON property `loadBalancers`
+        # @return [Array<Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2LoadBalancer>]
+        attr_accessor :load_balancers
+        # Log entries that are relevant to the finding.
+        # Corresponds to the JSON property `logEntries`
+        # @return [Array<Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2LogEntry>]
+        attr_accessor :log_entries
+        # MITRE ATT&CK tactics and techniques related to this finding. See: https://
+        # attack.mitre.org
+        # Corresponds to the JSON property `mitreAttack`
+        # @return [Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2MitreAttack]
+        attr_accessor :mitre_attack
+        # Unique identifier of the module which generated the finding. Example: folders/
+        # 598186756061/securityHealthAnalyticsSettings/customModules/56799441161885
+        # Corresponds to the JSON property `moduleName`
+        # @return [String]
+        attr_accessor :module_name
+        # Indicates the mute state of a finding (either muted, unmuted or undefined).
+        # Unlike other attributes of a finding, a finding provider shouldn't set the
+        # value of mute.
+        # Corresponds to the JSON property `mute`
+        # @return [String]
+        attr_accessor :mute
+        # Records additional information about the mute operation, for example, the [
+        # mute configuration](https://cloud.google.com/security-command-center/docs/how-
+        # to-mute-findings) that muted the finding and the user who muted the finding.
+        # Corresponds to the JSON property `muteInitiator`
+        # @return [String]
+        attr_accessor :mute_initiator
+        # Output only. The most recent time this finding was muted or unmuted.
+        # Corresponds to the JSON property `muteUpdateTime`
+        # @return [String]
+        attr_accessor :mute_update_time
+        # The [relative resource name](https://cloud.google.com/apis/design/
+        # resource_names#relative_resource_name) of the finding. The following list
+        # shows some examples: + `organizations/`organization_id`/sources/`source_id`/
+        # findings/`finding_id`` + `organizations/`organization_id`/sources/`source_id`/
+        # locations/`location_id`/findings/`finding_id`` + `folders/`folder_id`/sources/`
+        # source_id`/findings/`finding_id`` + `folders/`folder_id`/sources/`source_id`/
+        # locations/`location_id`/findings/`finding_id`` + `projects/`project_id`/
+        # sources/`source_id`/findings/`finding_id`` + `projects/`project_id`/sources/`
+        # source_id`/locations/`location_id`/findings/`finding_id``
+        # Corresponds to the JSON property `name`
+        # @return [String]
+        attr_accessor :name
+        # Steps to address the finding.
+        # Corresponds to the JSON property `nextSteps`
+        # @return [String]
+        attr_accessor :next_steps
+        # Contains information about the org policies associated with the finding.
+        # Corresponds to the JSON property `orgPolicies`
+        # @return [Array<Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2OrgPolicy>]
+        attr_accessor :org_policies
+        # The relative resource name of the source and location the finding belongs to.
+        # See: https://cloud.google.com/apis/design/resource_names#
+        # relative_resource_name This field is immutable after creation time. The
+        # following list shows some examples: + `organizations/`organization_id`/sources/
+        # `source_id`` + `folders/`folders_id`/sources/`source_id`` + `projects/`
+        # projects_id`/sources/`source_id`` + `organizations/`organization_id`/sources/`
+        # source_id`/locations/`location_id`` + `folders/`folders_id`/sources/`source_id`
+        # /locations/`location_id`` + `projects/`projects_id`/sources/`source_id`/
+        # locations/`location_id``
+        # Corresponds to the JSON property `parent`
+        # @return [String]
+        attr_accessor :parent
+        # Output only. The human readable display name of the finding source such as "
+        # Event Threat Detection" or "Security Health Analytics".
+        # Corresponds to the JSON property `parentDisplayName`
+        # @return [String]
+        attr_accessor :parent_display_name
+        # Represents operating system processes associated with the Finding.
+        # Corresponds to the JSON property `processes`
+        # @return [Array<Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2Process>]
+        attr_accessor :processes
+        # Immutable. For findings on Google Cloud resources, the full resource name of
+        # the Google Cloud resource this finding is for. See: https://cloud.google.com/
+        # apis/design/resource_names#full_resource_name When the finding is for a non-
+        # Google Cloud resource, the resourceName can be a customer or partner defined
+        # string.
+        # Corresponds to the JSON property `resourceName`
+        # @return [String]
+        attr_accessor :resource_name
+        # User specified security marks that are attached to the parent Security Command
+        # Center resource. Security marks are scoped within a Security Command Center
+        # organization -- they can be modified and viewed by all users who have proper
+        # permissions on the organization.
+        # Corresponds to the JSON property `securityMarks`
+        # @return [Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2SecurityMarks]
+        attr_accessor :security_marks
+        # Represents a posture that is deployed on Google Cloud by the Security Command
+        # Center Posture Management service. A posture contains one or more policy sets.
+        # A policy set is a group of policies that enforce a set of security rules on
+        # Google Cloud.
+        # Corresponds to the JSON property `securityPosture`
+        # @return [Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2SecurityPosture]
+        attr_accessor :security_posture
+        # The severity of the finding. This field is managed by the source that writes
+        # the finding.
+        # Corresponds to the JSON property `severity`
+        # @return [String]
+        attr_accessor :severity
+        # Source specific properties. These properties are managed by the source that
+        # writes the finding. The key names in the source_properties map must be between
+        # 1 and 255 characters, and must start with a letter and contain alphanumeric
+        # characters or underscores only.
+        # Corresponds to the JSON property `sourceProperties`
+        # @return [Hash<String,Object>]
+        attr_accessor :source_properties
+        # Output only. The state of the finding.
+        # Corresponds to the JSON property `state`
+        # @return [String]
+        attr_accessor :state
+        # Refers to common vulnerability fields e.g. cve, cvss, cwe etc.
+        # Corresponds to the JSON property `vulnerability`
+        # @return [Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2Vulnerability]
+        attr_accessor :vulnerability
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @access = args[:access] if args.key?(:access)
+          @attack_exposure = args[:attack_exposure] if args.key?(:attack_exposure)
+          @canonical_name = args[:canonical_name] if args.key?(:canonical_name)
+          @category = args[:category] if args.key?(:category)
+          @cloud_dlp_data_profile = args[:cloud_dlp_data_profile] if args.key?(:cloud_dlp_data_profile)
+          @cloud_dlp_inspection = args[:cloud_dlp_inspection] if args.key?(:cloud_dlp_inspection)
+          @compliances = args[:compliances] if args.key?(:compliances)
+          @connections = args[:connections] if args.key?(:connections)
+          @contacts = args[:contacts] if args.key?(:contacts)
+          @containers = args[:containers] if args.key?(:containers)
+          @create_time = args[:create_time] if args.key?(:create_time)
+          @database = args[:database] if args.key?(:database)
+          @description = args[:description] if args.key?(:description)
+          @event_time = args[:event_time] if args.key?(:event_time)
+          @exfiltration = args[:exfiltration] if args.key?(:exfiltration)
+          @external_systems = args[:external_systems] if args.key?(:external_systems)
+          @external_uri = args[:external_uri] if args.key?(:external_uri)
+          @files = args[:files] if args.key?(:files)
+          @finding_class = args[:finding_class] if args.key?(:finding_class)
+          @iam_bindings = args[:iam_bindings] if args.key?(:iam_bindings)
+          @indicator = args[:indicator] if args.key?(:indicator)
+          @kernel_rootkit = args[:kernel_rootkit] if args.key?(:kernel_rootkit)
+          @kubernetes = args[:kubernetes] if args.key?(:kubernetes)
+          @load_balancers = args[:load_balancers] if args.key?(:load_balancers)
+          @log_entries = args[:log_entries] if args.key?(:log_entries)
+          @mitre_attack = args[:mitre_attack] if args.key?(:mitre_attack)
+          @module_name = args[:module_name] if args.key?(:module_name)
+          @mute = args[:mute] if args.key?(:mute)
+          @mute_initiator = args[:mute_initiator] if args.key?(:mute_initiator)
+          @mute_update_time = args[:mute_update_time] if args.key?(:mute_update_time)
+          @name = args[:name] if args.key?(:name)
+          @next_steps = args[:next_steps] if args.key?(:next_steps)
+          @org_policies = args[:org_policies] if args.key?(:org_policies)
+          @parent = args[:parent] if args.key?(:parent)
+          @parent_display_name = args[:parent_display_name] if args.key?(:parent_display_name)
+          @processes = args[:processes] if args.key?(:processes)
+          @resource_name = args[:resource_name] if args.key?(:resource_name)
+          @security_marks = args[:security_marks] if args.key?(:security_marks)
+          @security_posture = args[:security_posture] if args.key?(:security_posture)
+          @severity = args[:severity] if args.key?(:severity)
+          @source_properties = args[:source_properties] if args.key?(:source_properties)
+          @state = args[:state] if args.key?(:state)
+          @vulnerability = args[:vulnerability] if args.key?(:vulnerability)
+        end
+      end
+      # Represents a geographical location for a given access.
+      class GoogleCloudSecuritycenterV2Geolocation
+        include Google::Apis::Core::Hashable
+        # A CLDR.
+        # Corresponds to the JSON property `regionCode`
+        # @return [String]
+        attr_accessor :region_code
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @region_code = args[:region_code] if args.key?(:region_code)
+        end
+      end
+      # Represents a particular IAM binding, which captures a member's role addition,
+      # removal, or state.
+      class GoogleCloudSecuritycenterV2IamBinding
+        include Google::Apis::Core::Hashable
+        # The action that was performed on a Binding.
+        # Corresponds to the JSON property `action`
+        # @return [String]
+        attr_accessor :action
+        # A single identity requesting access for a Cloud Platform resource, for example,
+        # "foo@google.com".
+        # Corresponds to the JSON property `member`
+        # @return [String]
+        attr_accessor :member
+        # Role that is assigned to "members". For example, "roles/viewer", "roles/editor"
+        # , or "roles/owner".
+        # Corresponds to the JSON property `role`
+        # @return [String]
+        attr_accessor :role
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @action = args[:action] if args.key?(:action)
+          @member = args[:member] if args.key?(:member)
+          @role = args[:role] if args.key?(:role)
+        end
+      end
+      # Represents what's commonly known as an _indicator of compromise_ (IoC) in
+      # computer forensics. This is an artifact observed on a network or in an
+      # operating system that, with high confidence, indicates a computer intrusion.
+      # For more information, see [Indicator of compromise](https://en.wikipedia.org/
+      # wiki/Indicator_of_compromise).
+      class GoogleCloudSecuritycenterV2Indicator
+        include Google::Apis::Core::Hashable
+        # List of domains associated to the Finding.
+        # Corresponds to the JSON property `domains`
+        # @return [Array<String>]
+        attr_accessor :domains
+        # The list of IP addresses that are associated with the finding.
+        # Corresponds to the JSON property `ipAddresses`
+        # @return [Array<String>]
+        attr_accessor :ip_addresses
+        # The list of matched signatures indicating that the given process is present in
+        # the environment.
+        # Corresponds to the JSON property `signatures`
+        # @return [Array<Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2ProcessSignature>]
+        attr_accessor :signatures
+        # The list of URIs associated to the Findings.
+        # Corresponds to the JSON property `uris`
+        # @return [Array<String>]
+        attr_accessor :uris
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @domains = args[:domains] if args.key?(:domains)
+          @ip_addresses = args[:ip_addresses] if args.key?(:ip_addresses)
+          @signatures = args[:signatures] if args.key?(:signatures)
+          @uris = args[:uris] if args.key?(:uris)
+        end
+      end
+      # Kernel mode rootkit signatures.
+      class GoogleCloudSecuritycenterV2KernelRootkit
+        include Google::Apis::Core::Hashable
+        # Rootkit name, when available.
+        # Corresponds to the JSON property `name`
+        # @return [String]
+        attr_accessor :name
+        # True if unexpected modifications of kernel code memory are present.
+        # Corresponds to the JSON property `unexpectedCodeModification`
+        # @return [Boolean]
+        attr_accessor :unexpected_code_modification
+        alias_method :unexpected_code_modification?, :unexpected_code_modification
+        # True if `ftrace` points are present with callbacks pointing to regions that
+        # are not in the expected kernel or module code range.
+        # Corresponds to the JSON property `unexpectedFtraceHandler`
+        # @return [Boolean]
+        attr_accessor :unexpected_ftrace_handler
+        alias_method :unexpected_ftrace_handler?, :unexpected_ftrace_handler
+        # True if interrupt handlers that are are not in the expected kernel or module
+        # code regions are present.
+        # Corresponds to the JSON property `unexpectedInterruptHandler`
+        # @return [Boolean]
+        attr_accessor :unexpected_interrupt_handler
+        alias_method :unexpected_interrupt_handler?, :unexpected_interrupt_handler
+        # True if kernel code pages that are not in the expected kernel or module code
+        # regions are present.
+        # Corresponds to the JSON property `unexpectedKernelCodePages`
+        # @return [Boolean]
+        attr_accessor :unexpected_kernel_code_pages
+        alias_method :unexpected_kernel_code_pages?, :unexpected_kernel_code_pages
+        # True if `kprobe` points are present with callbacks pointing to regions that
+        # are not in the expected kernel or module code range.
+        # Corresponds to the JSON property `unexpectedKprobeHandler`
+        # @return [Boolean]
+        attr_accessor :unexpected_kprobe_handler
+        alias_method :unexpected_kprobe_handler?, :unexpected_kprobe_handler
+        # True if unexpected processes in the scheduler run queue are present. Such
+        # processes are in the run queue, but not in the process task list.
+        # Corresponds to the JSON property `unexpectedProcessesInRunqueue`
+        # @return [Boolean]
+        attr_accessor :unexpected_processes_in_runqueue
+        alias_method :unexpected_processes_in_runqueue?, :unexpected_processes_in_runqueue
+        # True if unexpected modifications of kernel read-only data memory are present.
+        # Corresponds to the JSON property `unexpectedReadOnlyDataModification`
+        # @return [Boolean]
+        attr_accessor :unexpected_read_only_data_modification
+        alias_method :unexpected_read_only_data_modification?, :unexpected_read_only_data_modification
+        # True if system call handlers that are are not in the expected kernel or module
+        # code regions are present.
+        # Corresponds to the JSON property `unexpectedSystemCallHandler`
+        # @return [Boolean]
+        attr_accessor :unexpected_system_call_handler
+        alias_method :unexpected_system_call_handler?, :unexpected_system_call_handler
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @name = args[:name] if args.key?(:name)
+          @unexpected_code_modification = args[:unexpected_code_modification] if args.key?(:unexpected_code_modification)
+          @unexpected_ftrace_handler = args[:unexpected_ftrace_handler] if args.key?(:unexpected_ftrace_handler)
+          @unexpected_interrupt_handler = args[:unexpected_interrupt_handler] if args.key?(:unexpected_interrupt_handler)
+          @unexpected_kernel_code_pages = args[:unexpected_kernel_code_pages] if args.key?(:unexpected_kernel_code_pages)
+          @unexpected_kprobe_handler = args[:unexpected_kprobe_handler] if args.key?(:unexpected_kprobe_handler)
+          @unexpected_processes_in_runqueue = args[:unexpected_processes_in_runqueue] if args.key?(:unexpected_processes_in_runqueue)
+          @unexpected_read_only_data_modification = args[:unexpected_read_only_data_modification] if args.key?(:unexpected_read_only_data_modification)
+          @unexpected_system_call_handler = args[:unexpected_system_call_handler] if args.key?(:unexpected_system_call_handler)
+        end
+      end
+      # Kubernetes-related attributes.
+      class GoogleCloudSecuritycenterV2Kubernetes
+        include Google::Apis::Core::Hashable
+        # Provides information on any Kubernetes access reviews (privilege checks)
+        # relevant to the finding.
+        # Corresponds to the JSON property `accessReviews`
+        # @return [Array<Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2AccessReview>]
+        attr_accessor :access_reviews
+        # Provides Kubernetes role binding information for findings that involve [
+        # RoleBindings or ClusterRoleBindings](https://cloud.google.com/kubernetes-
+        # engine/docs/how-to/role-based-access-control).
+        # Corresponds to the JSON property `bindings`
+        # @return [Array<Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2Binding>]
+        attr_accessor :bindings
+        # GKE [node pools](https://cloud.google.com/kubernetes-engine/docs/concepts/node-
+        # pools) associated with the finding. This field contains node pool information
+        # for each node, when it is available.
+        # Corresponds to the JSON property `nodePools`
+        # @return [Array<Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2NodePool>]
+        attr_accessor :node_pools
+        # Provides Kubernetes [node](https://cloud.google.com/kubernetes-engine/docs/
+        # concepts/cluster-architecture#nodes) information.
+        # Corresponds to the JSON property `nodes`
+        # @return [Array<Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2Node>]
+        attr_accessor :nodes
+        # Kubernetes objects related to the finding.
+        # Corresponds to the JSON property `objects`
+        # @return [Array<Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2Object>]
+        attr_accessor :objects
+        # Kubernetes [Pods](https://cloud.google.com/kubernetes-engine/docs/concepts/pod)
+        # associated with the finding. This field contains Pod records for each
+        # container that is owned by a Pod.
+        # Corresponds to the JSON property `pods`
+        # @return [Array<Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2Pod>]
+        attr_accessor :pods
+        # Provides Kubernetes role information for findings that involve [Roles or
+        # ClusterRoles](https://cloud.google.com/kubernetes-engine/docs/how-to/role-
+        # based-access-control).
+        # Corresponds to the JSON property `roles`
+        # @return [Array<Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2Role>]
+        attr_accessor :roles
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @access_reviews = args[:access_reviews] if args.key?(:access_reviews)
+          @bindings = args[:bindings] if args.key?(:bindings)
+          @node_pools = args[:node_pools] if args.key?(:node_pools)
+          @nodes = args[:nodes] if args.key?(:nodes)
+          @objects = args[:objects] if args.key?(:objects)
+          @pods = args[:pods] if args.key?(:pods)
+          @roles = args[:roles] if args.key?(:roles)
+        end
+      end
+      # Represents a generic name-value label. A label has separate name and value
+      # fields to support filtering with the `contains()` function. For more
+      # information, see [Filtering on array-type fields](https://cloud.google.com/
+      # security-command-center/docs/how-to-api-list-findings#array-contains-filtering)
+      # .
+      class GoogleCloudSecuritycenterV2Label
+        include Google::Apis::Core::Hashable
+        # Name of the label.
+        # Corresponds to the JSON property `name`
+        # @return [String]
+        attr_accessor :name
+        # Value that corresponds to the label's name.
+        # Corresponds to the JSON property `value`
+        # @return [String]
+        attr_accessor :value
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @name = args[:name] if args.key?(:name)
+          @value = args[:value] if args.key?(:value)
+        end
+      end
+      # Contains information related to the load balancer associated with the finding.
+      class GoogleCloudSecuritycenterV2LoadBalancer
+        include Google::Apis::Core::Hashable
+        # The name of the load balancer associated with the finding.
+        # Corresponds to the JSON property `name`
+        # @return [String]
+        attr_accessor :name
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @name = args[:name] if args.key?(:name)
+        end
+      end
+      # An individual entry in a log.
+      class GoogleCloudSecuritycenterV2LogEntry
+        include Google::Apis::Core::Hashable
+        # Metadata taken from a [Cloud Logging LogEntry](https://cloud.google.com/
+        # logging/docs/reference/v2/rest/v2/LogEntry)
+        # Corresponds to the JSON property `cloudLoggingEntry`
+        # @return [Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2CloudLoggingEntry]
+        attr_accessor :cloud_logging_entry
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @cloud_logging_entry = args[:cloud_logging_entry] if args.key?(:cloud_logging_entry)
+        end
+      end
+      # A signature corresponding to memory page hashes.
+      class GoogleCloudSecuritycenterV2MemoryHashSignature
+        include Google::Apis::Core::Hashable
+        # The binary family.
+        # Corresponds to the JSON property `binaryFamily`
+        # @return [String]
+        attr_accessor :binary_family
+        # The list of memory hash detections contributing to the binary family match.
+        # Corresponds to the JSON property `detections`
+        # @return [Array<Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2Detection>]
+        attr_accessor :detections
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @binary_family = args[:binary_family] if args.key?(:binary_family)
+          @detections = args[:detections] if args.key?(:detections)
+        end
+      end
+      # MITRE ATT&CK tactics and techniques related to this finding. See: https://
+      # attack.mitre.org
+      class GoogleCloudSecuritycenterV2MitreAttack
+        include Google::Apis::Core::Hashable
+        # Additional MITRE ATT&CK tactics related to this finding, if any.
+        # Corresponds to the JSON property `additionalTactics`
+        # @return [Array<String>]
+        attr_accessor :additional_tactics
+        # Additional MITRE ATT&CK techniques related to this finding, if any, along with
+        # any of their respective parent techniques.
+        # Corresponds to the JSON property `additionalTechniques`
+        # @return [Array<String>]
+        attr_accessor :additional_techniques
+        # The MITRE ATT&CK tactic most closely represented by this finding, if any.
+        # Corresponds to the JSON property `primaryTactic`
+        # @return [String]
+        attr_accessor :primary_tactic
+        # The MITRE ATT&CK technique most closely represented by this finding, if any.
+        # primary_techniques is a repeated field because there are multiple levels of
+        # MITRE ATT&CK techniques. If the technique most closely represented by this
+        # finding is a sub-technique (e.g. `SCANNING_IP_BLOCKS`), both the sub-technique
+        # and its parent technique(s) will be listed (e.g. `SCANNING_IP_BLOCKS`, `
+        # ACTIVE_SCANNING`).
+        # Corresponds to the JSON property `primaryTechniques`
+        # @return [Array<String>]
+        attr_accessor :primary_techniques
+        # The MITRE ATT&CK version referenced by the above fields. E.g. "8".
+        # Corresponds to the JSON property `version`
+        # @return [String]
+        attr_accessor :version
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @additional_tactics = args[:additional_tactics] if args.key?(:additional_tactics)
+          @additional_techniques = args[:additional_techniques] if args.key?(:additional_techniques)
+          @primary_tactic = args[:primary_tactic] if args.key?(:primary_tactic)
+          @primary_techniques = args[:primary_techniques] if args.key?(:primary_techniques)
+          @version = args[:version] if args.key?(:version)
+        end
+      end
+      # A mute config is a Cloud SCC resource that contains the configuration to mute
+      # create/update events of findings.
+      class GoogleCloudSecuritycenterV2MuteConfig
+        include Google::Apis::Core::Hashable
+        # Output only. The time at which the mute config was created. This field is set
+        # by the server and will be ignored if provided on config creation.
+        # Corresponds to the JSON property `createTime`
+        # @return [String]
+        attr_accessor :create_time
+        # A description of the mute config.
+        # Corresponds to the JSON property `description`
+        # @return [String]
+        attr_accessor :description
+        # Required. An expression that defines the filter to apply across create/update
+        # events of findings. While creating a filter string, be mindful of the scope in
+        # which the mute configuration is being created. E.g., If a filter contains
+        # project = X but is created under the project = Y scope, it might not match any
+        # findings. The following field and operator combinations are supported: *
+        # severity: `=`, `:` * category: `=`, `:` * resource.name: `=`, `:` * resource.
+        # project_name: `=`, `:` * resource.project_display_name: `=`, `:` * resource.
+        # folders.resource_folder: `=`, `:` * resource.parent_name: `=`, `:` * resource.
+        # parent_display_name: `=`, `:` * resource.type: `=`, `:` * finding_class: `=`, `
+        # :` * indicator.ip_addresses: `=`, `:` * indicator.domains: `=`, `:`
+        # Corresponds to the JSON property `filter`
+        # @return [String]
+        attr_accessor :filter
+        # Output only. Email address of the user who last edited the mute config. This
+        # field is set by the server and will be ignored if provided on config creation
+        # or update.
+        # Corresponds to the JSON property `mostRecentEditor`
+        # @return [String]
+        attr_accessor :most_recent_editor
+        # This field will be ignored if provided on config creation. The following list
+        # shows some examples of the format: + `organizations/`organization`/muteConfigs/
+        # `mute_config`` + `organizations/`organization`locations/`location`//
+        # muteConfigs/`mute_config`` + `folders/`folder`/muteConfigs/`mute_config`` + `
+        # folders/`folder`/locations/`location`/muteConfigs/`mute_config`` + `projects/`
+        # project`/muteConfigs/`mute_config`` + `projects/`project`/locations/`location`/
+        # muteConfigs/`mute_config``
+        # Corresponds to the JSON property `name`
+        # @return [String]
+        attr_accessor :name
+        # Output only. The most recent time at which the mute config was updated. This
+        # field is set by the server and will be ignored if provided on config creation
+        # or update.
+        # Corresponds to the JSON property `updateTime`
+        # @return [String]
+        attr_accessor :update_time
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @create_time = args[:create_time] if args.key?(:create_time)
+          @description = args[:description] if args.key?(:description)
+          @filter = args[:filter] if args.key?(:filter)
+          @most_recent_editor = args[:most_recent_editor] if args.key?(:most_recent_editor)
+          @name = args[:name] if args.key?(:name)
+          @update_time = args[:update_time] if args.key?(:update_time)
+        end
+      end
+      # Kubernetes nodes associated with the finding.
+      class GoogleCloudSecuritycenterV2Node
+        include Google::Apis::Core::Hashable
+        # [Full resource name](https://google.aip.dev/122#full-resource-names) of the
+        # Compute Engine VM running the cluster node.
+        # Corresponds to the JSON property `name`
+        # @return [String]
+        attr_accessor :name
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @name = args[:name] if args.key?(:name)
+        end
+      end
+      # Provides GKE node pool information.
+      class GoogleCloudSecuritycenterV2NodePool
+        include Google::Apis::Core::Hashable
+        # Kubernetes node pool name.
+        # Corresponds to the JSON property `name`
+        # @return [String]
+        attr_accessor :name
+        # Nodes associated with the finding.
+        # Corresponds to the JSON property `nodes`
+        # @return [Array<Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2Node>]
+        attr_accessor :nodes
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @name = args[:name] if args.key?(:name)
+          @nodes = args[:nodes] if args.key?(:nodes)
+        end
+      end
+      # Cloud SCC's Notification
+      class GoogleCloudSecuritycenterV2NotificationMessage
+        include Google::Apis::Core::Hashable
+        # Security Command Center finding. A finding is a record of assessment data like
+        # security, risk, health, or privacy, that is ingested into Security Command
+        # Center for presentation, notification, analysis, policy testing, and
+        # enforcement. For example, a cross-site scripting (XSS) vulnerability in an App
+        # Engine application is a finding.
+        # Corresponds to the JSON property `finding`
+        # @return [Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2Finding]
+        attr_accessor :finding
+        # Name of the notification config that generated current notification.
+        # Corresponds to the JSON property `notificationConfigName`
+        # @return [String]
+        attr_accessor :notification_config_name
+        # Information related to the Google Cloud resource.
+        # Corresponds to the JSON property `resource`
+        # @return [Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2Resource]
+        attr_accessor :resource
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @finding = args[:finding] if args.key?(:finding)
+          @notification_config_name = args[:notification_config_name] if args.key?(:notification_config_name)
+          @resource = args[:resource] if args.key?(:resource)
+        end
+      end
+      # Kubernetes object related to the finding, uniquely identified by GKNN. Used if
+      # the object Kind is not one of Pod, Node, NodePool, Binding, or AccessReview.
+      class GoogleCloudSecuritycenterV2Object
+        include Google::Apis::Core::Hashable
+        # Pod containers associated with this finding, if any.
+        # Corresponds to the JSON property `containers`
+        # @return [Array<Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2Container>]
+        attr_accessor :containers
+        # Kubernetes object group, such as "policy.k8s.io/v1".
+        # Corresponds to the JSON property `group`
+        # @return [String]
+        attr_accessor :group
+        # Kubernetes object kind, such as "Namespace".
+        # Corresponds to the JSON property `kind`
+        # @return [String]
+        attr_accessor :kind
+        # Kubernetes object name. For details see https://kubernetes.io/docs/concepts/
+        # overview/working-with-objects/names/.
+        # Corresponds to the JSON property `name`
+        # @return [String]
+        attr_accessor :name
+        # Kubernetes object namespace. Must be a valid DNS label. Named "ns" to avoid
+        # collision with C++ namespace keyword. For details see https://kubernetes.io/
+        # docs/tasks/administer-cluster/namespaces/.
+        # Corresponds to the JSON property `ns`
+        # @return [String]
+        attr_accessor :ns
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @containers = args[:containers] if args.key?(:containers)
+          @group = args[:group] if args.key?(:group)
+          @kind = args[:kind] if args.key?(:kind)
+          @name = args[:name] if args.key?(:name)
+          @ns = args[:ns] if args.key?(:ns)
+        end
+      end
+      # Contains information about the org policies associated with the finding.
+      class GoogleCloudSecuritycenterV2OrgPolicy
+        include Google::Apis::Core::Hashable
+        # The resource name of the org policy. Example: "organizations/`organization_id`/
+        # policies/`constraint_name`"
+        # Corresponds to the JSON property `name`
+        # @return [String]
+        attr_accessor :name
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @name = args[:name] if args.key?(:name)
+        end
+      end
+      # A Kubernetes Pod.
+      class GoogleCloudSecuritycenterV2Pod
+        include Google::Apis::Core::Hashable
+        # Pod containers associated with this finding, if any.
+        # Corresponds to the JSON property `containers`
+        # @return [Array<Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2Container>]
+        attr_accessor :containers
+        # Pod labels. For Kubernetes containers, these are applied to the container.
+        # Corresponds to the JSON property `labels`
+        # @return [Array<Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2Label>]
+        attr_accessor :labels
+        # Kubernetes Pod name.
+        # Corresponds to the JSON property `name`
+        # @return [String]
+        attr_accessor :name
+        # Kubernetes Pod namespace.
+        # Corresponds to the JSON property `ns`
+        # @return [String]
+        attr_accessor :ns
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @containers = args[:containers] if args.key?(:containers)
+          @labels = args[:labels] if args.key?(:labels)
+          @name = args[:name] if args.key?(:name)
+          @ns = args[:ns] if args.key?(:ns)
+        end
+      end
+      # Represents an operating system process.
+      class GoogleCloudSecuritycenterV2Process
+        include Google::Apis::Core::Hashable
+        # Process arguments as JSON encoded strings.
+        # Corresponds to the JSON property `args`
+        # @return [Array<String>]
+        attr_accessor :args
+        # True if `args` is incomplete.
+        # Corresponds to the JSON property `argumentsTruncated`
+        # @return [Boolean]
+        attr_accessor :arguments_truncated
+        alias_method :arguments_truncated?, :arguments_truncated
+        # File information about the related binary/library used by an executable, or
+        # the script used by a script interpreter
+        # Corresponds to the JSON property `binary`
+        # @return [Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2File]
+        attr_accessor :binary
+        # Process environment variables.
+        # Corresponds to the JSON property `envVariables`
+        # @return [Array<Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2EnvironmentVariable>]
+        attr_accessor :env_variables
+        # True if `env_variables` is incomplete.
+        # Corresponds to the JSON property `envVariablesTruncated`
+        # @return [Boolean]
+        attr_accessor :env_variables_truncated
+        alias_method :env_variables_truncated?, :env_variables_truncated
+        # File information for libraries loaded by the process.
+        # Corresponds to the JSON property `libraries`
+        # @return [Array<Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2File>]
+        attr_accessor :libraries
+        # The process name, as displayed in utilities like `top` and `ps`. This name can
+        # be accessed through `/proc/[pid]/comm` and changed with `prctl(PR_SET_NAME)`.
+        # Corresponds to the JSON property `name`
+        # @return [String]
+        attr_accessor :name
+        # The parent process ID.
+        # Corresponds to the JSON property `parentPid`
+        # @return [Fixnum]
+        attr_accessor :parent_pid
+        # The process ID.
+        # Corresponds to the JSON property `pid`
+        # @return [Fixnum]
+        attr_accessor :pid
+        # File information about the related binary/library used by an executable, or
+        # the script used by a script interpreter
+        # Corresponds to the JSON property `script`
+        # @return [Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2File]
+        attr_accessor :script
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @args = args[:args] if args.key?(:args)
+          @arguments_truncated = args[:arguments_truncated] if args.key?(:arguments_truncated)
+          @binary = args[:binary] if args.key?(:binary)
+          @env_variables = args[:env_variables] if args.key?(:env_variables)
+          @env_variables_truncated = args[:env_variables_truncated] if args.key?(:env_variables_truncated)
+          @libraries = args[:libraries] if args.key?(:libraries)
+          @name = args[:name] if args.key?(:name)
+          @parent_pid = args[:parent_pid] if args.key?(:parent_pid)
+          @pid = args[:pid] if args.key?(:pid)
+          @script = args[:script] if args.key?(:script)
+        end
+      end
+      # Indicates what signature matched this process.
+      class GoogleCloudSecuritycenterV2ProcessSignature
+        include Google::Apis::Core::Hashable
+        # A signature corresponding to memory page hashes.
+        # Corresponds to the JSON property `memoryHashSignature`
+        # @return [Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2MemoryHashSignature]
+        attr_accessor :memory_hash_signature
+        # A signature corresponding to a YARA rule.
+        # Corresponds to the JSON property `yaraRuleSignature`
+        # @return [Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2YaraRuleSignature]
+        attr_accessor :yara_rule_signature
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @memory_hash_signature = args[:memory_hash_signature] if args.key?(:memory_hash_signature)
+          @yara_rule_signature = args[:yara_rule_signature] if args.key?(:yara_rule_signature)
+        end
+      end
+      # Additional Links
+      class GoogleCloudSecuritycenterV2Reference
+        include Google::Apis::Core::Hashable
+        # Source of the reference e.g. NVD
+        # Corresponds to the JSON property `source`
+        # @return [String]
+        attr_accessor :source
+        # Uri for the mentioned source e.g. https://cve.mitre.org/cgi-bin/cvename.cgi?
+        # name=CVE-2021-34527.
+        # Corresponds to the JSON property `uri`
+        # @return [String]
+        attr_accessor :uri
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @source = args[:source] if args.key?(:source)
+          @uri = args[:uri] if args.key?(:uri)
+        end
+      end
+      # Information related to the Google Cloud resource.
+      class GoogleCloudSecuritycenterV2Resource
+        include Google::Apis::Core::Hashable
+        # The human readable name of the resource.
+        # Corresponds to the JSON property `displayName`
+        # @return [String]
+        attr_accessor :display_name
+        # The full resource name of the resource. See: https://cloud.google.com/apis/
+        # design/resource_names#full_resource_name
+        # Corresponds to the JSON property `name`
+        # @return [String]
+        attr_accessor :name
+        # The full resource type of the resource.
+        # Corresponds to the JSON property `type`
+        # @return [String]
+        attr_accessor :type
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @display_name = args[:display_name] if args.key?(:display_name)
+          @name = args[:name] if args.key?(:name)
+          @type = args[:type] if args.key?(:type)
+        end
+      end
+      # A resource value config (RVC) is a mapping configuration of user's resources
+      # to resource values. Used in Attack path simulations.
+      class GoogleCloudSecuritycenterV2ResourceValueConfig
+        include Google::Apis::Core::Hashable
+        # Output only. Timestamp this resource value config was created.
+        # Corresponds to the JSON property `createTime`
+        # @return [String]
+        attr_accessor :create_time
+        # Description of the resource value config.
+        # Corresponds to the JSON property `description`
+        # @return [String]
+        attr_accessor :description
+        # Name for the resource value config
+        # Corresponds to the JSON property `name`
+        # @return [String]
+        attr_accessor :name
+        # List of resource labels to search for, evaluated with AND. E.g. "
+        # resource_labels_selector": `"key": "value", "env": "prod"` will match
+        # resources with labels "key": "value" AND "env": "prod" https://cloud.google.
+        # com/resource-manager/docs/creating-managing-labels
+        # Corresponds to the JSON property `resourceLabelsSelector`
+        # @return [Hash<String,String>]
+        attr_accessor :resource_labels_selector
+        # Apply resource_value only to resources that match resource_type. resource_type
+        # will be checked with "AND" of other resources. E.g. "storage.googleapis.com/
+        # Bucket" with resource_value "HIGH" will apply "HIGH" value only to "storage.
+        # googleapis.com/Bucket" resources.
+        # Corresponds to the JSON property `resourceType`
+        # @return [String]
+        attr_accessor :resource_type
+        # Required. Resource value level this expression represents
+        # Corresponds to the JSON property `resourceValue`
+        # @return [String]
+        attr_accessor :resource_value
+        # Project or folder to scope this config to. For example, "project/456" would
+        # apply this config only to resources in "project/456" scope will be checked
+        # with "AND" of other resources.
+        # Corresponds to the JSON property `scope`
+        # @return [String]
+        attr_accessor :scope
+        # Required. Tag values combined with AND to check against. Values in the form "
+        # tagValues/123" E.g. [ "tagValues/123", "tagValues/456", "tagValues/789" ]
+        # https://cloud.google.com/resource-manager/docs/tags/tags-creating-and-managing
+        # Corresponds to the JSON property `tagValues`
+        # @return [Array<String>]
+        attr_accessor :tag_values
+        # Output only. Timestamp this resource value config was last updated.
+        # Corresponds to the JSON property `updateTime`
+        # @return [String]
+        attr_accessor :update_time
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @create_time = args[:create_time] if args.key?(:create_time)
+          @description = args[:description] if args.key?(:description)
+          @name = args[:name] if args.key?(:name)
+          @resource_labels_selector = args[:resource_labels_selector] if args.key?(:resource_labels_selector)
+          @resource_type = args[:resource_type] if args.key?(:resource_type)
+          @resource_value = args[:resource_value] if args.key?(:resource_value)
+          @scope = args[:scope] if args.key?(:scope)
+          @tag_values = args[:tag_values] if args.key?(:tag_values)
+          @update_time = args[:update_time] if args.key?(:update_time)
+        end
+      end
+      # Kubernetes Role or ClusterRole.
+      class GoogleCloudSecuritycenterV2Role
+        include Google::Apis::Core::Hashable
+        # Role type.
+        # Corresponds to the JSON property `kind`
+        # @return [String]
+        attr_accessor :kind
+        # Role name.
+        # Corresponds to the JSON property `name`
+        # @return [String]
+        attr_accessor :name
+        # Role namespace.
+        # Corresponds to the JSON property `ns`
+        # @return [String]
+        attr_accessor :ns
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @kind = args[:kind] if args.key?(:kind)
+          @name = args[:name] if args.key?(:name)
+          @ns = args[:ns] if args.key?(:ns)
+        end
+      end
+      # User specified security marks that are attached to the parent Security Command
+      # Center resource. Security marks are scoped within a Security Command Center
+      # organization -- they can be modified and viewed by all users who have proper
+      # permissions on the organization.
+      class GoogleCloudSecuritycenterV2SecurityMarks
+        include Google::Apis::Core::Hashable
+        # The canonical name of the marks. The following list shows some examples: + `
+        # organizations/`organization_id`/assets/`asset_id`/securityMarks" + `
+        # organizations/`organization_id`/sources/`source_id`/findings/`finding_id`/
+        # securityMarks" + `organizations/`organization_id`/sources/`source_id`/
+        # locations/`location`/findings/`finding_id`/securityMarks" + `folders/`
+        # folder_id`/assets/`asset_id`/securityMarks" + `folders/`folder_id`/sources/`
+        # source_id`/findings/`finding_id`/securityMarks" + `folders/`folder_id`/sources/
+        # `source_id`/locations/`location`/findings/`finding_id`/securityMarks" + `
+        # projects/`project_number`/assets/`asset_id`/securityMarks" + `projects/`
+        # project_number`/sources/`source_id`/findings/`finding_id`/securityMarks" + `
+        # projects/`project_number`/sources/`source_id`/locations/`location`/findings/`
+        # finding_id`/securityMarks"
+        # Corresponds to the JSON property `canonicalName`
+        # @return [String]
+        attr_accessor :canonical_name
+        # Mutable user specified security marks belonging to the parent resource.
+        # Constraints are as follows: * Keys and values are treated as case insensitive *
+        # Keys must be between 1 - 256 characters (inclusive) * Keys must be letters,
+        # numbers, underscores, or dashes * Values have leading and trailing whitespace
+        # trimmed, remaining characters must be between 1 - 4096 characters (inclusive)
+        # Corresponds to the JSON property `marks`
+        # @return [Hash<String,String>]
+        attr_accessor :marks
+        # The relative resource name of the SecurityMarks. See: https://cloud.google.com/
+        # apis/design/resource_names#relative_resource_name The following list shows
+        # some examples: + `organizations/`organization_id`/assets/`asset_id`/
+        # securityMarks` + `organizations/`organization_id`/sources/`source_id`/findings/
+        # `finding_id`/securityMarks` + `organizations/`organization_id`/sources/`
+        # source_id`/locations/`location`/findings/`finding_id`/securityMarks`
+        # Corresponds to the JSON property `name`
+        # @return [String]
+        attr_accessor :name
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @canonical_name = args[:canonical_name] if args.key?(:canonical_name)
+          @marks = args[:marks] if args.key?(:marks)
+          @name = args[:name] if args.key?(:name)
+        end
+      end
+      # Represents a posture that is deployed on Google Cloud by the Security Command
+      # Center Posture Management service. A posture contains one or more policy sets.
+      # A policy set is a group of policies that enforce a set of security rules on
+      # Google Cloud.
+      class GoogleCloudSecuritycenterV2SecurityPosture
+        include Google::Apis::Core::Hashable
+        # The name of the policy that has been updated, for example, `projects/`
+        # project_id`/policies/`constraint_name``.
+        # Corresponds to the JSON property `changedPolicy`
+        # @return [String]
+        attr_accessor :changed_policy
+        # Name of the posture, for example, `organizations/`org_id`/locations/`location`/
+        # postures/`posture_name``.
+        # Corresponds to the JSON property `name`
+        # @return [String]
+        attr_accessor :name
+        # The name of the posture deployment, for example, `projects/`project_id`/
+        # posturedeployments/`posture_deployment_id``.
+        # Corresponds to the JSON property `postureDeployment`
+        # @return [String]
+        attr_accessor :posture_deployment
+        # The project, folder, or organization on which the posture is deployed, for
+        # example, `projects/`project_id``.
+        # Corresponds to the JSON property `postureDeploymentResource`
+        # @return [String]
+        attr_accessor :posture_deployment_resource
+        # The version of the posture, for example, `c7cfa2a8`.
+        # Corresponds to the JSON property `revisionId`
+        # @return [String]
+        attr_accessor :revision_id
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @changed_policy = args[:changed_policy] if args.key?(:changed_policy)
+          @name = args[:name] if args.key?(:name)
+          @posture_deployment = args[:posture_deployment] if args.key?(:posture_deployment)
+          @posture_deployment_resource = args[:posture_deployment_resource] if args.key?(:posture_deployment_resource)
+          @revision_id = args[:revision_id] if args.key?(:revision_id)
+        end
+      end
+      # Identity delegation history of an authenticated service account.
+      class GoogleCloudSecuritycenterV2ServiceAccountDelegationInfo
+        include Google::Apis::Core::Hashable
+        # The email address of a Google account.
+        # Corresponds to the JSON property `principalEmail`
+        # @return [String]
+        attr_accessor :principal_email
+        # A string representing the principal_subject associated with the identity. As
+        # compared to `principal_email`, supports principals that aren't associated with
+        # email addresses, such as third party principals. For most identities, the
+        # format will be `principal://iam.googleapis.com/`identity pool name`/subjects/`
+        # subject`` except for some GKE identities (GKE_WORKLOAD, FREEFORM,
+        # GKE_HUB_WORKLOAD) that are still in the legacy format `serviceAccount:`
+        # identity pool name`[`subject`]`
+        # Corresponds to the JSON property `principalSubject`
+        # @return [String]
+        attr_accessor :principal_subject
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @principal_email = args[:principal_email] if args.key?(:principal_email)
+          @principal_subject = args[:principal_subject] if args.key?(:principal_subject)
+        end
+      end
+      # Represents a Kubernetes subject.
+      class GoogleCloudSecuritycenterV2Subject
+        include Google::Apis::Core::Hashable
+        # Authentication type for the subject.
+        # Corresponds to the JSON property `kind`
+        # @return [String]
+        attr_accessor :kind
+        # Name for the subject.
+        # Corresponds to the JSON property `name`
+        # @return [String]
+        attr_accessor :name
+        # Namespace for the subject.
+        # Corresponds to the JSON property `ns`
+        # @return [String]
+        attr_accessor :ns
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @kind = args[:kind] if args.key?(:kind)
+          @name = args[:name] if args.key?(:name)
+          @ns = args[:ns] if args.key?(:ns)
+        end
+      end
+      # Refers to common vulnerability fields e.g. cve, cvss, cwe etc.
+      class GoogleCloudSecuritycenterV2Vulnerability
+        include Google::Apis::Core::Hashable
+        # CVE stands for Common Vulnerabilities and Exposures. More information: https://
+        # cve.mitre.org
+        # Corresponds to the JSON property `cve`
+        # @return [Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2Cve]
+        attr_accessor :cve
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @cve = args[:cve] if args.key?(:cve)
+        end
+      end
+      # A signature corresponding to a YARA rule.
+      class GoogleCloudSecuritycenterV2YaraRuleSignature
+        include Google::Apis::Core::Hashable
+        # The name of the YARA rule.
+        # Corresponds to the JSON property `yaraRule`
+        # @return [String]
+        attr_accessor :yara_rule
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @yara_rule = args[:yara_rule] if args.key?(:yara_rule)
+        end
+      end
+      # Request message for grouping by assets.
+      class GroupAssetsRequest
+        include Google::Apis::Core::Hashable
+        # When compare_duration is set, the GroupResult's "state_change" property is
+        # updated to indicate whether the asset was added, removed, or remained present
+        # during the compare_duration period of time that precedes the read_time. This
+        # is the time between (read_time - compare_duration) and read_time. The state
+        # change value is derived based on the presence of the asset at the two points
+        # in time. Intermediate state changes between the two times don't affect the
+        # result. For example, the results aren't affected if the asset is removed and
+        # re-created again. Possible "state_change" values when compare_duration is
+        # specified: * "ADDED": indicates that the asset was not present at the start of
+        # compare_duration, but present at reference_time. * "REMOVED": indicates that
+        # the asset was present at the start of compare_duration, but not present at
+        # reference_time. * "ACTIVE": indicates that the asset was present at both the
+        # start and the end of the time period defined by compare_duration and
+        # reference_time. If compare_duration is not specified, then the only possible
+        # state_change is "UNUSED", which will be the state_change set for all assets
+        # present at read_time. If this field is set then `state_change` must be a
+        # specified field in `group_by`.
+        # Corresponds to the JSON property `compareDuration`
+        # @return [String]
+        attr_accessor :compare_duration
+        # Expression that defines the filter to apply across assets. The expression is a
+        # list of zero or more restrictions combined via logical operators `AND` and `OR`
+        # . Parentheses are supported, and `OR` has higher precedence than `AND`.
+        # Restrictions have the form ` ` and may have a `-` character in front of them
+        # to indicate negation. The fields map to those defined in the Asset resource.
+        # Examples include: * name * security_center_properties.resource_name *
+        # resource_properties.a_property * security_marks.marks.marka The supported
+        # operators are: * `=` for all value types. * `>`, `<`, `>=`, `<=` for integer
+        # values. * `:`, meaning substring matching, for strings. The supported value
+        # types are: * string literals in quotes. * integer literals without quotes. *
+        # boolean literals `true` and `false` without quotes. The following field and
+        # operator combinations are supported: * name: `=` * update_time: `=`, `>`, `<`,
+        # `>=`, `<=` Usage: This should be milliseconds since epoch or an RFC3339 string.
+        # Examples: `update_time = "2019-06-10T16:07:18-07:00"` `update_time =
+        # 1560208038000` * create_time: `=`, `>`, `<`, `>=`, `<=` Usage: This should be
+        # milliseconds since epoch or an RFC3339 string. Examples: `create_time = "2019-
+        # 06-10T16:07:18-07:00"` `create_time = 1560208038000` * iam_policy.policy_blob:
+        # `=`, `:` * resource_properties: `=`, `:`, `>`, `<`, `>=`, `<=` *
+        # security_marks.marks: `=`, `:` * security_center_properties.resource_name: `=`,
+        # `:` * security_center_properties.resource_display_name: `=`, `:` *
+        # security_center_properties.resource_type: `=`, `:` *
+        # security_center_properties.resource_parent: `=`, `:` *
+        # security_center_properties.resource_parent_display_name: `=`, `:` *
+        # security_center_properties.resource_project: `=`, `:` *
+        # security_center_properties.resource_project_display_name: `=`, `:` *
+        # security_center_properties.resource_owners: `=`, `:` For example, `
+        # resource_properties.size = 100` is a valid filter string. Use a partial match
+        # on the empty string to filter based on a property existing: `
+        # resource_properties.my_property : ""` Use a negated partial match on the empty
+        # string to filter based on a property not existing: `-resource_properties.
+        # my_property : ""`
+        # Corresponds to the JSON property `filter`
+        # @return [String]
+        attr_accessor :filter
+        # Required. Expression that defines what assets fields to use for grouping. The
+        # string value should follow SQL syntax: comma separated list of fields. For
+        # example: "security_center_properties.resource_project,
+        # security_center_properties.project". The following fields are supported when
+        # compare_duration is not set: * security_center_properties.resource_project *
+        # security_center_properties.resource_project_display_name *
+        # security_center_properties.resource_type * security_center_properties.
+        # resource_parent * security_center_properties.resource_parent_display_name The
+        # following fields are supported when compare_duration is set: *
+        # security_center_properties.resource_type * security_center_properties.
+        # resource_project_display_name * security_center_properties.
+        # resource_parent_display_name
+        # Corresponds to the JSON property `groupBy`
+        # @return [String]
+        attr_accessor :group_by
+        # The maximum number of results to return in a single response. Default is 10,
+        # minimum is 1, maximum is 1000.
+        # Corresponds to the JSON property `pageSize`
+        # @return [Fixnum]
+        attr_accessor :page_size
+        # The value returned by the last `GroupAssetsResponse`; indicates that this is a
+        # continuation of a prior `GroupAssets` call, and that the system should return
+        # the next page of data.
+        # Corresponds to the JSON property `pageToken`
+        # @return [String]
+        attr_accessor :page_token
+        # Time used as a reference point when filtering assets. The filter is limited to
+        # assets existing at the supplied time and their values are those at that
+        # specific time. Absence of this field will default to the API's version of NOW.
+        # Corresponds to the JSON property `readTime`
+        # @return [String]
+        attr_accessor :read_time
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @compare_duration = args[:compare_duration] if args.key?(:compare_duration)
+          @filter = args[:filter] if args.key?(:filter)
+          @group_by = args[:group_by] if args.key?(:group_by)
+          @page_size = args[:page_size] if args.key?(:page_size)
+          @page_token = args[:page_token] if args.key?(:page_token)
+          @read_time = args[:read_time] if args.key?(:read_time)
+        end
+      end
+      # Response message for grouping by assets.
+      class GroupAssetsResponse
+        include Google::Apis::Core::Hashable
+        # Group results. There exists an element for each existing unique combination of
+        # property/values. The element contains a count for the number of times those
+        # specific property/values appear.
+        # Corresponds to the JSON property `groupByResults`
+        # @return [Array<Google::Apis::SecuritycenterV1::GroupResult>]
+        attr_accessor :group_by_results
+        # Token to retrieve the next page of results, or empty if there are no more
+        # results.
+        # Corresponds to the JSON property `nextPageToken`
+        # @return [String]
+        attr_accessor :next_page_token
+        # Time used for executing the groupBy request.
+        # Corresponds to the JSON property `readTime`
+        # @return [String]
+        attr_accessor :read_time
+        # The total number of results matching the query.
+        # Corresponds to the JSON property `totalSize`
+        # @return [Fixnum]
+        attr_accessor :total_size
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @group_by_results = args[:group_by_results] if args.key?(:group_by_results)
+          @next_page_token = args[:next_page_token] if args.key?(:next_page_token)
+          @read_time = args[:read_time] if args.key?(:read_time)
+          @total_size = args[:total_size] if args.key?(:total_size)
+        end
+      end
+      # Request message for grouping by findings.
       class GroupFindingsRequest
         include Google::Apis::Core::Hashable
@@ -4093,6 +6703,26 @@ module Google
         end
       end
+      # An individual entry in a log.
+      class LogEntry
+        include Google::Apis::Core::Hashable
+        # Metadata taken from a [Cloud Logging LogEntry](https://cloud.google.com/
+        # logging/docs/reference/v2/rest/v2/LogEntry)
+        # Corresponds to the JSON property `cloudLoggingEntry`
+        # @return [Google::Apis::SecuritycenterV1::CloudLoggingEntry]
+        attr_accessor :cloud_logging_entry
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @cloud_logging_entry = args[:cloud_logging_entry] if args.key?(:cloud_logging_entry)
+        end
+      end
       # A signature corresponding to memory page hashes.
       class MemoryHashSignature
         include Google::Apis::Core::Hashable
@@ -4270,12 +6900,17 @@ module Google
       class Object
         include Google::Apis::Core::Hashable
+        # Pod containers associated with this finding, if any.
+        # Corresponds to the JSON property `containers`
+        # @return [Array<Google::Apis::SecuritycenterV1::Container>]
+        attr_accessor :containers
         # Kubernetes object group, such as "policy.k8s.io/v1".
         # Corresponds to the JSON property `group`
         # @return [String]
         attr_accessor :group
-        # Kubernetes object kind, such as “Namespace”.
+        # Kubernetes object kind, such as "Namespace".
         # Corresponds to the JSON property `kind`
         # @return [String]
         attr_accessor :kind
@@ -4299,6 +6934,7 @@ module Google
         # Update properties of this object
         def update!(**args)
+          @containers = args[:containers] if args.key?(:containers)
           @group = args[:group] if args.key?(:group)
           @kind = args[:kind] if args.key?(:kind)
           @name = args[:name] if args.key?(:name)