google-apis-securitycenter_v1 0.75.0 → 0.76.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +4 -0
  3. data/lib/google/apis/securitycenter_v1/classes.rb +3052 -0
  4. data/lib/google/apis/securitycenter_v1/gem_version.rb +2 -2
  5. data/lib/google/apis/securitycenter_v1/representations.rb +1582 -463
  6. metadata +3 -3
data/lib/google/apis/securitycenter_v1/classes.rb CHANGED
@@ -1026,6 +1026,68 @@ module Google
1026
1026
  end
1027
1027
  end
1028
1028
 
1029
+ # Result containing the properties and count of a ComplianceSnapshot request.
1030
+ class ComplianceSnapshot
1031
+ include Google::Apis::Core::Hashable
1032
+
1033
+ # The category of Findings matching.
1034
+ # Corresponds to the JSON property `category`
1035
+ # @return [String]
1036
+ attr_accessor :category
1037
+
1038
+ # The compliance standard (ie CIS).
1039
+ # Corresponds to the JSON property `complianceStandard`
1040
+ # @return [String]
1041
+ attr_accessor :compliance_standard
1042
+
1043
+ # The compliance version (ie 1.3) in CIS 1.3.
1044
+ # Corresponds to the JSON property `complianceVersion`
1045
+ # @return [String]
1046
+ attr_accessor :compliance_version
1047
+
1048
+ # Total count of findings for the given properties.
1049
+ # Corresponds to the JSON property `count`
1050
+ # @return [Fixnum]
1051
+ attr_accessor :count
1052
+
1053
+ # The leaf container resource name that is closest to the snapshot.
1054
+ # Corresponds to the JSON property `leafContainerResource`
1055
+ # @return [String]
1056
+ attr_accessor :leaf_container_resource
1057
+
1058
+ # The compliance snapshot name. Format: //sources//complianceSnapshots/
1059
+ # Corresponds to the JSON property `name`
1060
+ # @return [String]
1061
+ attr_accessor :name
1062
+
1063
+ # The CRM resource display name that is closest to the snapshot the Findings
1064
+ # belong to.
1065
+ # Corresponds to the JSON property `projectDisplayName`
1066
+ # @return [String]
1067
+ attr_accessor :project_display_name
1068
+
1069
+ # The snapshot time of the snapshot.
1070
+ # Corresponds to the JSON property `snapshotTime`
1071
+ # @return [String]
1072
+ attr_accessor :snapshot_time
1073
+
1074
+ def initialize(**args)
1075
+ update!(**args)
1076
+ end
1077
+
1078
+ # Update properties of this object
1079
+ def update!(**args)
1080
+ @category = args[:category] if args.key?(:category)
1081
+ @compliance_standard = args[:compliance_standard] if args.key?(:compliance_standard)
1082
+ @compliance_version = args[:compliance_version] if args.key?(:compliance_version)
1083
+ @count = args[:count] if args.key?(:count)
1084
+ @leaf_container_resource = args[:leaf_container_resource] if args.key?(:leaf_container_resource)
1085
+ @name = args[:name] if args.key?(:name)
1086
+ @project_display_name = args[:project_display_name] if args.key?(:project_display_name)
1087
+ @snapshot_time = args[:snapshot_time] if args.key?(:snapshot_time)
1088
+ end
1089
+ end
1090
+
1029
1091
  # Contains information about the IP connection associated with the finding.
1030
1092
  class Connection
1031
1093
  include Google::Apis::Core::Hashable
@@ -1249,11 +1311,27 @@ module Google
1249
1311
  # @return [Google::Apis::SecuritycenterV1::Cvssv3]
1250
1312
  attr_accessor :cvssv3
1251
1313
 
1314
+ # The exploitation activity of the vulnerability in the wild.
1315
+ # Corresponds to the JSON property `exploitationActivity`
1316
+ # @return [String]
1317
+ attr_accessor :exploitation_activity
1318
+
1252
1319
  # The unique identifier for the vulnerability. e.g. CVE-2021-34527
1253
1320
  # Corresponds to the JSON property `id`
1254
1321
  # @return [String]
1255
1322
  attr_accessor :id
1256
1323
 
1324
+ # The potential impact of the vulnerability if it was to be exploited.
1325
+ # Corresponds to the JSON property `impact`
1326
+ # @return [String]
1327
+ attr_accessor :impact
1328
+
1329
+ # Whether or not the vulnerability has been observed in the wild.
1330
+ # Corresponds to the JSON property `observedInTheWild`
1331
+ # @return [Boolean]
1332
+ attr_accessor :observed_in_the_wild
1333
+ alias_method :observed_in_the_wild?, :observed_in_the_wild
1334
+
1257
1335
  # Additional information about the CVE. e.g. https://cve.mitre.org/cgi-bin/
1258
1336
  # cvename.cgi?name=CVE-2021-34527
1259
1337
  # Corresponds to the JSON property `references`
@@ -1266,6 +1344,12 @@ module Google
1266
1344
  attr_accessor :upstream_fix_available
1267
1345
  alias_method :upstream_fix_available?, :upstream_fix_available
1268
1346
 
1347
+ # Whether or not the vulnerability was zero day when the finding was published.
1348
+ # Corresponds to the JSON property `zeroDay`
1349
+ # @return [Boolean]
1350
+ attr_accessor :zero_day
1351
+ alias_method :zero_day?, :zero_day
1352
+
1269
1353
  def initialize(**args)
1270
1354
  update!(**args)
1271
1355
  end
@@ -1273,9 +1357,13 @@ module Google
1273
1357
  # Update properties of this object
1274
1358
  def update!(**args)
1275
1359
  @cvssv3 = args[:cvssv3] if args.key?(:cvssv3)
1360
+ @exploitation_activity = args[:exploitation_activity] if args.key?(:exploitation_activity)
1276
1361
  @id = args[:id] if args.key?(:id)
1362
+ @impact = args[:impact] if args.key?(:impact)
1363
+ @observed_in_the_wild = args[:observed_in_the_wild] if args.key?(:observed_in_the_wild)
1277
1364
  @references = args[:references] if args.key?(:references)
1278
1365
  @upstream_fix_available = args[:upstream_fix_available] if args.key?(:upstream_fix_available)
1366
+ @zero_day = args[:zero_day] if args.key?(:zero_day)
1279
1367
  end
1280
1368
  end
1281
1369
 
@@ -3403,6 +3491,2970 @@ module Google
3403
3491
  end
3404
3492
  end
3405
3493
 
3494
+ # Represents an access event.
3495
+ class GoogleCloudSecuritycenterV2Access
3496
+ include Google::Apis::Core::Hashable
3497
+
3498
+ # Caller's IP address, such as "1.1.1.1".
3499
+ # Corresponds to the JSON property `callerIp`
3500
+ # @return [String]
3501
+ attr_accessor :caller_ip
3502
+
3503
+ # Represents a geographical location for a given access.
3504
+ # Corresponds to the JSON property `callerIpGeo`
3505
+ # @return [Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2Geolocation]
3506
+ attr_accessor :caller_ip_geo
3507
+
3508
+ # The method that the service account called, e.g. "SetIamPolicy".
3509
+ # Corresponds to the JSON property `methodName`
3510
+ # @return [String]
3511
+ attr_accessor :method_name
3512
+
3513
+ # Associated email, such as "foo@google.com". The email address of the
3514
+ # authenticated user or a service account acting on behalf of a third party
3515
+ # principal making the request. For third party identity callers, the `
3516
+ # principal_subject` field is populated instead of this field. For privacy
3517
+ # reasons, the principal email address is sometimes redacted. For more
3518
+ # information, see [Caller identities in audit logs](https://cloud.google.com/
3519
+ # logging/docs/audit#user-id).
3520
+ # Corresponds to the JSON property `principalEmail`
3521
+ # @return [String]
3522
+ attr_accessor :principal_email
3523
+
3524
+ # A string that represents the principal_subject that is associated with the
3525
+ # identity. Unlike `principal_email`, `principal_subject` supports principals
3526
+ # that aren't associated with email addresses, such as third party principals.
3527
+ # For most identities, the format is `principal://iam.googleapis.com/`identity
3528
+ # pool name`/subject/`subject``. Some GKE identities, such as GKE_WORKLOAD,
3529
+ # FREEFORM, and GKE_HUB_WORKLOAD, still use the legacy format `serviceAccount:`
3530
+ # identity pool name`[`subject`]`.
3531
+ # Corresponds to the JSON property `principalSubject`
3532
+ # @return [String]
3533
+ attr_accessor :principal_subject
3534
+
3535
+ # The identity delegation history of an authenticated service account that made
3536
+ # the request. The `serviceAccountDelegationInfo[]` object contains information
3537
+ # about the real authorities that try to access Google Cloud resources by
3538
+ # delegating on a service account. When multiple authorities are present, they
3539
+ # are guaranteed to be sorted based on the original ordering of the identity
3540
+ # delegation events.
3541
+ # Corresponds to the JSON property `serviceAccountDelegationInfo`
3542
+ # @return [Array<Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2ServiceAccountDelegationInfo>]
3543
+ attr_accessor :service_account_delegation_info
3544
+
3545
+ # The name of the service account key that was used to create or exchange
3546
+ # credentials when authenticating the service account that made the request.
3547
+ # This is a scheme-less URI full resource name. For example: "//iam.googleapis.
3548
+ # com/projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT`/keys/`key`".
3549
+ # Corresponds to the JSON property `serviceAccountKeyName`
3550
+ # @return [String]
3551
+ attr_accessor :service_account_key_name
3552
+
3553
+ # This is the API service that the service account made a call to, e.g. "iam.
3554
+ # googleapis.com"
3555
+ # Corresponds to the JSON property `serviceName`
3556
+ # @return [String]
3557
+ attr_accessor :service_name
3558
+
3559
+ # The caller's user agent string associated with the finding.
3560
+ # Corresponds to the JSON property `userAgent`
3561
+ # @return [String]
3562
+ attr_accessor :user_agent
3563
+
3564
+ # Type of user agent associated with the finding. For example, an operating
3565
+ # system shell or an embedded or standalone application.
3566
+ # Corresponds to the JSON property `userAgentFamily`
3567
+ # @return [String]
3568
+ attr_accessor :user_agent_family
3569
+
3570
+ # A string that represents a username. The username provided depends on the type
3571
+ # of the finding and is likely not an IAM principal. For example, this can be a
3572
+ # system username if the finding is related to a virtual machine, or it can be
3573
+ # an application login username.
3574
+ # Corresponds to the JSON property `userName`
3575
+ # @return [String]
3576
+ attr_accessor :user_name
3577
+
3578
+ def initialize(**args)
3579
+ update!(**args)
3580
+ end
3581
+
3582
+ # Update properties of this object
3583
+ def update!(**args)
3584
+ @caller_ip = args[:caller_ip] if args.key?(:caller_ip)
3585
+ @caller_ip_geo = args[:caller_ip_geo] if args.key?(:caller_ip_geo)
3586
+ @method_name = args[:method_name] if args.key?(:method_name)
3587
+ @principal_email = args[:principal_email] if args.key?(:principal_email)
3588
+ @principal_subject = args[:principal_subject] if args.key?(:principal_subject)
3589
+ @service_account_delegation_info = args[:service_account_delegation_info] if args.key?(:service_account_delegation_info)
3590
+ @service_account_key_name = args[:service_account_key_name] if args.key?(:service_account_key_name)
3591
+ @service_name = args[:service_name] if args.key?(:service_name)
3592
+ @user_agent = args[:user_agent] if args.key?(:user_agent)
3593
+ @user_agent_family = args[:user_agent_family] if args.key?(:user_agent_family)
3594
+ @user_name = args[:user_name] if args.key?(:user_name)
3595
+ end
3596
+ end
3597
+
3598
+ # Conveys information about a Kubernetes access review (such as one returned by
3599
+ # a [`kubectl auth can-i`](https://kubernetes.io/docs/reference/access-authn-
3600
+ # authz/authorization/#checking-api-access) command) that was involved in a
3601
+ # finding.
3602
+ class GoogleCloudSecuritycenterV2AccessReview
3603
+ include Google::Apis::Core::Hashable
3604
+
3605
+ # The API group of the resource. "*" means all.
3606
+ # Corresponds to the JSON property `group`
3607
+ # @return [String]
3608
+ attr_accessor :group
3609
+
3610
+ # The name of the resource being requested. Empty means all.
3611
+ # Corresponds to the JSON property `name`
3612
+ # @return [String]
3613
+ attr_accessor :name
3614
+
3615
+ # Namespace of the action being requested. Currently, there is no distinction
3616
+ # between no namespace and all namespaces. Both are represented by "" (empty).
3617
+ # Corresponds to the JSON property `ns`
3618
+ # @return [String]
3619
+ attr_accessor :ns
3620
+
3621
+ # The optional resource type requested. "*" means all.
3622
+ # Corresponds to the JSON property `resource`
3623
+ # @return [String]
3624
+ attr_accessor :resource
3625
+
3626
+ # The optional subresource type.
3627
+ # Corresponds to the JSON property `subresource`
3628
+ # @return [String]
3629
+ attr_accessor :subresource
3630
+
3631
+ # A Kubernetes resource API verb, like get, list, watch, create, update, delete,
3632
+ # proxy. "*" means all.
3633
+ # Corresponds to the JSON property `verb`
3634
+ # @return [String]
3635
+ attr_accessor :verb
3636
+
3637
+ # The API version of the resource. "*" means all.
3638
+ # Corresponds to the JSON property `version`
3639
+ # @return [String]
3640
+ attr_accessor :version
3641
+
3642
+ def initialize(**args)
3643
+ update!(**args)
3644
+ end
3645
+
3646
+ # Update properties of this object
3647
+ def update!(**args)
3648
+ @group = args[:group] if args.key?(:group)
3649
+ @name = args[:name] if args.key?(:name)
3650
+ @ns = args[:ns] if args.key?(:ns)
3651
+ @resource = args[:resource] if args.key?(:resource)
3652
+ @subresource = args[:subresource] if args.key?(:subresource)
3653
+ @verb = args[:verb] if args.key?(:verb)
3654
+ @version = args[:version] if args.key?(:version)
3655
+ end
3656
+ end
3657
+
3658
+ # Represents an application associated with a finding.
3659
+ class GoogleCloudSecuritycenterV2Application
3660
+ include Google::Apis::Core::Hashable
3661
+
3662
+ # The base URI that identifies the network location of the application in which
3663
+ # the vulnerability was detected. Examples: http://11.22.33.44, http://foo.com,
3664
+ # http://11.22.33.44:8080
3665
+ # Corresponds to the JSON property `baseUri`
3666
+ # @return [String]
3667
+ attr_accessor :base_uri
3668
+
3669
+ # The full URI with payload that could be used to reproduce the vulnerability.
3670
+ # Example: http://11.22.33.44/reflected/parameter/attribute/singlequoted/js?p=
3671
+ # aMmYgI6H
3672
+ # Corresponds to the JSON property `fullUri`
3673
+ # @return [String]
3674
+ attr_accessor :full_uri
3675
+
3676
+ def initialize(**args)
3677
+ update!(**args)
3678
+ end
3679
+
3680
+ # Update properties of this object
3681
+ def update!(**args)
3682
+ @base_uri = args[:base_uri] if args.key?(:base_uri)
3683
+ @full_uri = args[:full_uri] if args.key?(:full_uri)
3684
+ end
3685
+ end
3686
+
3687
+ # An attack exposure contains the results of an attack path simulation run.
3688
+ class GoogleCloudSecuritycenterV2AttackExposure
3689
+ include Google::Apis::Core::Hashable
3690
+
3691
+ # The resource name of the attack path simulation result that contains the
3692
+ # details regarding this attack exposure score. Example: organizations/123/
3693
+ # simulations/456/attackExposureResults/789
3694
+ # Corresponds to the JSON property `attackExposureResult`
3695
+ # @return [String]
3696
+ attr_accessor :attack_exposure_result
3697
+
3698
+ # The number of high value resources that are exposed as a result of this
3699
+ # finding.
3700
+ # Corresponds to the JSON property `exposedHighValueResourcesCount`
3701
+ # @return [Fixnum]
3702
+ attr_accessor :exposed_high_value_resources_count
3703
+
3704
+ # The number of high value resources that are exposed as a result of this
3705
+ # finding.
3706
+ # Corresponds to the JSON property `exposedLowValueResourcesCount`
3707
+ # @return [Fixnum]
3708
+ attr_accessor :exposed_low_value_resources_count
3709
+
3710
+ # The number of medium value resources that are exposed as a result of this
3711
+ # finding.
3712
+ # Corresponds to the JSON property `exposedMediumValueResourcesCount`
3713
+ # @return [Fixnum]
3714
+ attr_accessor :exposed_medium_value_resources_count
3715
+
3716
+ # The most recent time the attack exposure was updated on this finding.
3717
+ # Corresponds to the JSON property `latestCalculationTime`
3718
+ # @return [String]
3719
+ attr_accessor :latest_calculation_time
3720
+
3721
+ # A number between 0 (inclusive) and infinity that represents how important this
3722
+ # finding is to remediate. The higher the score, the more important it is to
3723
+ # remediate.
3724
+ # Corresponds to the JSON property `score`
3725
+ # @return [Float]
3726
+ attr_accessor :score
3727
+
3728
+ # Output only. What state this AttackExposure is in. This captures whether or
3729
+ # not an attack exposure has been calculated or not.
3730
+ # Corresponds to the JSON property `state`
3731
+ # @return [String]
3732
+ attr_accessor :state
3733
+
3734
+ def initialize(**args)
3735
+ update!(**args)
3736
+ end
3737
+
3738
+ # Update properties of this object
3739
+ def update!(**args)
3740
+ @attack_exposure_result = args[:attack_exposure_result] if args.key?(:attack_exposure_result)
3741
+ @exposed_high_value_resources_count = args[:exposed_high_value_resources_count] if args.key?(:exposed_high_value_resources_count)
3742
+ @exposed_low_value_resources_count = args[:exposed_low_value_resources_count] if args.key?(:exposed_low_value_resources_count)
3743
+ @exposed_medium_value_resources_count = args[:exposed_medium_value_resources_count] if args.key?(:exposed_medium_value_resources_count)
3744
+ @latest_calculation_time = args[:latest_calculation_time] if args.key?(:latest_calculation_time)
3745
+ @score = args[:score] if args.key?(:score)
3746
+ @state = args[:state] if args.key?(:state)
3747
+ end
3748
+ end
3749
+
3750
+ # Information related to Google Cloud Backup and DR Service findings.
3751
+ class GoogleCloudSecuritycenterV2BackupDisasterRecovery
3752
+ include Google::Apis::Core::Hashable
3753
+
3754
+ # The name of the Backup and DR appliance that captures, moves, and manages the
3755
+ # lifecycle of backup data. For example, “backup-server-57137”.
3756
+ # Corresponds to the JSON property `appliance`
3757
+ # @return [String]
3758
+ attr_accessor :appliance
3759
+
3760
+ # The names of Backup and DR applications. An application is a VM, database, or
3761
+ # file system on a managed host monitored by a backup and recovery appliance.
3762
+ # For example, “centos7-01-vol00”, “centos7-01-vol01”, “centos7-01-vol02”.
3763
+ # Corresponds to the JSON property `applications`
3764
+ # @return [Array<String>]
3765
+ attr_accessor :applications
3766
+
3767
+ # The timestamp at which the Backup and DR backup was created.
3768
+ # Corresponds to the JSON property `backupCreateTime`
3769
+ # @return [String]
3770
+ attr_accessor :backup_create_time
3771
+
3772
+ # The name of a Backup and DR template which comprises one or more backup
3773
+ # policies. See the [Backup and DR documentation](https://cloud.google.com/
3774
+ # backup-disaster-recovery/docs/concepts/backup-plan#temp) for more information.
3775
+ # For example, “snap-ov”.
3776
+ # Corresponds to the JSON property `backupTemplate`
3777
+ # @return [String]
3778
+ attr_accessor :backup_template
3779
+
3780
+ # The backup type of the Backup and DR image. For example, “Snapshot”, “Remote
3781
+ # Snapshot”, “OnVault”.
3782
+ # Corresponds to the JSON property `backupType`
3783
+ # @return [String]
3784
+ attr_accessor :backup_type
3785
+
3786
+ # The name of a Backup and DR host, which is managed by the backup and recovery
3787
+ # appliance and known to the management console. The host can be of type Generic
3788
+ # (for example, Compute Engine, SQL Server, Oracle DB, SMB file system, etc.),
3789
+ # vCenter, or an ESX server. See the [Backup and DR documentation on hosts](
3790
+ # https://cloud.google.com/backup-disaster-recovery/docs/configuration/manage-
3791
+ # hosts-and-their-applications) for more information. For example, “centos7-01”.
3792
+ # Corresponds to the JSON property `host`
3793
+ # @return [String]
3794
+ attr_accessor :host
3795
+
3796
+ # The names of Backup and DR policies that are associated with a template and
3797
+ # that define when to run a backup, how frequently to run a backup, and how long
3798
+ # to retain the backup image. For example, “onvaults”.
3799
+ # Corresponds to the JSON property `policies`
3800
+ # @return [Array<String>]
3801
+ attr_accessor :policies
3802
+
3803
+ # The names of Backup and DR advanced policy options of a policy applying to an
3804
+ # application. See the [Backup and DR documentation on policy options](https://
3805
+ # cloud.google.com/backup-disaster-recovery/docs/create-plan/policy-settings).
3806
+ # For example, “skipofflineappsincongrp, nounmap”.
3807
+ # Corresponds to the JSON property `policyOptions`
3808
+ # @return [Array<String>]
3809
+ attr_accessor :policy_options
3810
+
3811
+ # The name of the Backup and DR resource profile that specifies the storage
3812
+ # media for backups of application and VM data. See the [Backup and DR
3813
+ # documentation on profiles](https://cloud.google.com/backup-disaster-recovery/
3814
+ # docs/concepts/backup-plan#profile). For example, “GCP”.
3815
+ # Corresponds to the JSON property `profile`
3816
+ # @return [String]
3817
+ attr_accessor :profile
3818
+
3819
+ # The name of the Backup and DR storage pool that the backup and recovery
3820
+ # appliance is storing data in. The storage pool could be of type Cloud, Primary,
3821
+ # Snapshot, or OnVault. See the [Backup and DR documentation on storage pools](
3822
+ # https://cloud.google.com/backup-disaster-recovery/docs/concepts/storage-pools).
3823
+ # For example, “DiskPoolOne”.
3824
+ # Corresponds to the JSON property `storagePool`
3825
+ # @return [String]
3826
+ attr_accessor :storage_pool
3827
+
3828
+ def initialize(**args)
3829
+ update!(**args)
3830
+ end
3831
+
3832
+ # Update properties of this object
3833
+ def update!(**args)
3834
+ @appliance = args[:appliance] if args.key?(:appliance)
3835
+ @applications = args[:applications] if args.key?(:applications)
3836
+ @backup_create_time = args[:backup_create_time] if args.key?(:backup_create_time)
3837
+ @backup_template = args[:backup_template] if args.key?(:backup_template)
3838
+ @backup_type = args[:backup_type] if args.key?(:backup_type)
3839
+ @host = args[:host] if args.key?(:host)
3840
+ @policies = args[:policies] if args.key?(:policies)
3841
+ @policy_options = args[:policy_options] if args.key?(:policy_options)
3842
+ @profile = args[:profile] if args.key?(:profile)
3843
+ @storage_pool = args[:storage_pool] if args.key?(:storage_pool)
3844
+ end
3845
+ end
3846
+
3847
+ # Configures how to deliver Findings to BigQuery Instance.
3848
+ class GoogleCloudSecuritycenterV2BigQueryExport
3849
+ include Google::Apis::Core::Hashable
3850
+
3851
+ # Output only. The time at which the BigQuery export was created. This field is
3852
+ # set by the server and will be ignored if provided on export on creation.
3853
+ # Corresponds to the JSON property `createTime`
3854
+ # @return [String]
3855
+ attr_accessor :create_time
3856
+
3857
+ # The dataset to write findings' updates to. Its format is "projects/[project_id]
3858
+ # /datasets/[bigquery_dataset_id]". BigQuery Dataset unique ID must contain only
3859
+ # letters (a-z, A-Z), numbers (0-9), or underscores (_).
3860
+ # Corresponds to the JSON property `dataset`
3861
+ # @return [String]
3862
+ attr_accessor :dataset
3863
+
3864
+ # The description of the export (max of 1024 characters).
3865
+ # Corresponds to the JSON property `description`
3866
+ # @return [String]
3867
+ attr_accessor :description
3868
+
3869
+ # Expression that defines the filter to apply across create/update events of
3870
+ # findings. The expression is a list of zero or more restrictions combined via
3871
+ # logical operators `AND` and `OR`. Parentheses are supported, and `OR` has
3872
+ # higher precedence than `AND`. Restrictions have the form ` ` and may have a `-`
3873
+ # character in front of them to indicate negation. The fields map to those
3874
+ # defined in the corresponding resource. The supported operators are: * `=` for
3875
+ # all value types. * `>`, `<`, `>=`, `<=` for integer values. * `:`, meaning
3876
+ # substring matching, for strings. The supported value types are: * string
3877
+ # literals in quotes. * integer literals without quotes. * boolean literals `
3878
+ # true` and `false` without quotes.
3879
+ # Corresponds to the JSON property `filter`
3880
+ # @return [String]
3881
+ attr_accessor :filter
3882
+
3883
+ # Output only. Email address of the user who last edited the BigQuery export.
3884
+ # This field is set by the server and will be ignored if provided on export
3885
+ # creation or update.
3886
+ # Corresponds to the JSON property `mostRecentEditor`
3887
+ # @return [String]
3888
+ attr_accessor :most_recent_editor
3889
+
3890
+ # The relative resource name of this export. See: https://cloud.google.com/apis/
3891
+ # design/resource_names#relative_resource_name. The following list shows some
3892
+ # examples: + `organizations/`organization_id`/locations/`location_id`/
3893
+ # bigQueryExports/`export_id`` + `folders/`folder_id`/locations/`location_id`/
3894
+ # bigQueryExports/`export_id`` + `projects/`project_id`/locations/`location_id`/
3895
+ # bigQueryExports/`export_id`` This field is provided in responses, and is
3896
+ # ignored when provided in create requests.
3897
+ # Corresponds to the JSON property `name`
3898
+ # @return [String]
3899
+ attr_accessor :name
3900
+
3901
+ # Output only. The service account that needs permission to create table and
3902
+ # upload data to the BigQuery dataset.
3903
+ # Corresponds to the JSON property `principal`
3904
+ # @return [String]
3905
+ attr_accessor :principal
3906
+
3907
+ # Output only. The most recent time at which the BigQuery export was updated.
3908
+ # This field is set by the server and will be ignored if provided on export
3909
+ # creation or update.
3910
+ # Corresponds to the JSON property `updateTime`
3911
+ # @return [String]
3912
+ attr_accessor :update_time
3913
+
3914
+ def initialize(**args)
3915
+ update!(**args)
3916
+ end
3917
+
3918
+ # Update properties of this object
3919
+ def update!(**args)
3920
+ @create_time = args[:create_time] if args.key?(:create_time)
3921
+ @dataset = args[:dataset] if args.key?(:dataset)
3922
+ @description = args[:description] if args.key?(:description)
3923
+ @filter = args[:filter] if args.key?(:filter)
3924
+ @most_recent_editor = args[:most_recent_editor] if args.key?(:most_recent_editor)
3925
+ @name = args[:name] if args.key?(:name)
3926
+ @principal = args[:principal] if args.key?(:principal)
3927
+ @update_time = args[:update_time] if args.key?(:update_time)
3928
+ end
3929
+ end
3930
+
3931
+ # Represents a Kubernetes RoleBinding or ClusterRoleBinding.
3932
+ class GoogleCloudSecuritycenterV2Binding
3933
+ include Google::Apis::Core::Hashable
3934
+
3935
+ # Name for the binding.
3936
+ # Corresponds to the JSON property `name`
3937
+ # @return [String]
3938
+ attr_accessor :name
3939
+
3940
+ # Namespace for the binding.
3941
+ # Corresponds to the JSON property `ns`
3942
+ # @return [String]
3943
+ attr_accessor :ns
3944
+
3945
+ # Kubernetes Role or ClusterRole.
3946
+ # Corresponds to the JSON property `role`
3947
+ # @return [Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2Role]
3948
+ attr_accessor :role
3949
+
3950
+ # Represents one or more subjects that are bound to the role. Not always
3951
+ # available for PATCH requests.
3952
+ # Corresponds to the JSON property `subjects`
3953
+ # @return [Array<Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2Subject>]
3954
+ attr_accessor :subjects
3955
+
3956
+ def initialize(**args)
3957
+ update!(**args)
3958
+ end
3959
+
3960
+ # Update properties of this object
3961
+ def update!(**args)
3962
+ @name = args[:name] if args.key?(:name)
3963
+ @ns = args[:ns] if args.key?(:ns)
3964
+ @role = args[:role] if args.key?(:role)
3965
+ @subjects = args[:subjects] if args.key?(:subjects)
3966
+ end
3967
+ end
3968
+
3969
+ # The response to a BulkMute request. Contains the LRO information.
3970
+ class GoogleCloudSecuritycenterV2BulkMuteFindingsResponse
3971
+ include Google::Apis::Core::Hashable
3972
+
3973
+ def initialize(**args)
3974
+ update!(**args)
3975
+ end
3976
+
3977
+ # Update properties of this object
3978
+ def update!(**args)
3979
+ end
3980
+ end
3981
+
3982
+ # The [data profile](https://cloud.google.com/dlp/docs/data-profiles) associated
3983
+ # with the finding.
3984
+ class GoogleCloudSecuritycenterV2CloudDlpDataProfile
3985
+ include Google::Apis::Core::Hashable
3986
+
3987
+ # Name of the data profile, for example, `projects/123/locations/europe/
3988
+ # tableProfiles/8383929`.
3989
+ # Corresponds to the JSON property `dataProfile`
3990
+ # @return [String]
3991
+ attr_accessor :data_profile
3992
+
3993
+ # The resource hierarchy level at which the data profile was generated.
3994
+ # Corresponds to the JSON property `parentType`
3995
+ # @return [String]
3996
+ attr_accessor :parent_type
3997
+
3998
+ def initialize(**args)
3999
+ update!(**args)
4000
+ end
4001
+
4002
+ # Update properties of this object
4003
+ def update!(**args)
4004
+ @data_profile = args[:data_profile] if args.key?(:data_profile)
4005
+ @parent_type = args[:parent_type] if args.key?(:parent_type)
4006
+ end
4007
+ end
4008
+
4009
+ # Details about the Cloud Data Loss Prevention (Cloud DLP) [inspection job](
4010
+ # https://cloud.google.com/dlp/docs/concepts-job-triggers) that produced the
4011
+ # finding.
4012
+ class GoogleCloudSecuritycenterV2CloudDlpInspection
4013
+ include Google::Apis::Core::Hashable
4014
+
4015
+ # Whether Cloud DLP scanned the complete resource or a sampled subset.
4016
+ # Corresponds to the JSON property `fullScan`
4017
+ # @return [Boolean]
4018
+ attr_accessor :full_scan
4019
+ alias_method :full_scan?, :full_scan
4020
+
4021
+ # The type of information (or *[infoType](https://cloud.google.com/dlp/docs/
4022
+ # infotypes-reference)*) found, for example, `EMAIL_ADDRESS` or `STREET_ADDRESS`.
4023
+ # Corresponds to the JSON property `infoType`
4024
+ # @return [String]
4025
+ attr_accessor :info_type
4026
+
4027
+ # The number of times Cloud DLP found this infoType within this job and resource.
4028
+ # Corresponds to the JSON property `infoTypeCount`
4029
+ # @return [Fixnum]
4030
+ attr_accessor :info_type_count
4031
+
4032
+ # Name of the inspection job, for example, `projects/123/locations/europe/
4033
+ # dlpJobs/i-8383929`.
4034
+ # Corresponds to the JSON property `inspectJob`
4035
+ # @return [String]
4036
+ attr_accessor :inspect_job
4037
+
4038
+ def initialize(**args)
4039
+ update!(**args)
4040
+ end
4041
+
4042
+ # Update properties of this object
4043
+ def update!(**args)
4044
+ @full_scan = args[:full_scan] if args.key?(:full_scan)
4045
+ @info_type = args[:info_type] if args.key?(:info_type)
4046
+ @info_type_count = args[:info_type_count] if args.key?(:info_type_count)
4047
+ @inspect_job = args[:inspect_job] if args.key?(:inspect_job)
4048
+ end
4049
+ end
4050
+
4051
+ # Metadata taken from a [Cloud Logging LogEntry](https://cloud.google.com/
4052
+ # logging/docs/reference/v2/rest/v2/LogEntry)
4053
+ class GoogleCloudSecuritycenterV2CloudLoggingEntry
4054
+ include Google::Apis::Core::Hashable
4055
+
4056
+ # A unique identifier for the log entry.
4057
+ # Corresponds to the JSON property `insertId`
4058
+ # @return [String]
4059
+ attr_accessor :insert_id
4060
+
4061
+ # The type of the log (part of `log_name`. `log_name` is the resource name of
4062
+ # the log to which this log entry belongs). For example: `cloudresourcemanager.
4063
+ # googleapis.com/activity` Note that this field is not URL-encoded, unlike in `
4064
+ # LogEntry`.
4065
+ # Corresponds to the JSON property `logId`
4066
+ # @return [String]
4067
+ attr_accessor :log_id
4068
+
4069
+ # The organization, folder, or project of the monitored resource that produced
4070
+ # this log entry.
4071
+ # Corresponds to the JSON property `resourceContainer`
4072
+ # @return [String]
4073
+ attr_accessor :resource_container
4074
+
4075
+ # The time the event described by the log entry occurred.
4076
+ # Corresponds to the JSON property `timestamp`
4077
+ # @return [String]
4078
+ attr_accessor :timestamp
4079
+
4080
+ def initialize(**args)
4081
+ update!(**args)
4082
+ end
4083
+
4084
+ # Update properties of this object
4085
+ def update!(**args)
4086
+ @insert_id = args[:insert_id] if args.key?(:insert_id)
4087
+ @log_id = args[:log_id] if args.key?(:log_id)
4088
+ @resource_container = args[:resource_container] if args.key?(:resource_container)
4089
+ @timestamp = args[:timestamp] if args.key?(:timestamp)
4090
+ end
4091
+ end
4092
+
4093
+ # Contains compliance information about a security standard indicating unmet
4094
+ # recommendations.
4095
+ class GoogleCloudSecuritycenterV2Compliance
4096
+ include Google::Apis::Core::Hashable
4097
+
4098
+ # Policies within the standard or benchmark, for example, A.12.4.1
4099
+ # Corresponds to the JSON property `ids`
4100
+ # @return [Array<String>]
4101
+ attr_accessor :ids
4102
+
4103
+ # Industry-wide compliance standards or benchmarks, such as CIS, PCI, and OWASP.
4104
+ # Corresponds to the JSON property `standard`
4105
+ # @return [String]
4106
+ attr_accessor :standard
4107
+
4108
+ # Version of the standard or benchmark, for example, 1.1
4109
+ # Corresponds to the JSON property `version`
4110
+ # @return [String]
4111
+ attr_accessor :version
4112
+
4113
+ def initialize(**args)
4114
+ update!(**args)
4115
+ end
4116
+
4117
+ # Update properties of this object
4118
+ def update!(**args)
4119
+ @ids = args[:ids] if args.key?(:ids)
4120
+ @standard = args[:standard] if args.key?(:standard)
4121
+ @version = args[:version] if args.key?(:version)
4122
+ end
4123
+ end
4124
+
4125
+ # Contains information about the IP connection associated with the finding.
4126
+ class GoogleCloudSecuritycenterV2Connection
4127
+ include Google::Apis::Core::Hashable
4128
+
4129
+ # Destination IP address. Not present for sockets that are listening and not
4130
+ # connected.
4131
+ # Corresponds to the JSON property `destinationIp`
4132
+ # @return [String]
4133
+ attr_accessor :destination_ip
4134
+
4135
+ # Destination port. Not present for sockets that are listening and not connected.
4136
+ # Corresponds to the JSON property `destinationPort`
4137
+ # @return [Fixnum]
4138
+ attr_accessor :destination_port
4139
+
4140
+ # IANA Internet Protocol Number such as TCP(6) and UDP(17).
4141
+ # Corresponds to the JSON property `protocol`
4142
+ # @return [String]
4143
+ attr_accessor :protocol
4144
+
4145
+ # Source IP address.
4146
+ # Corresponds to the JSON property `sourceIp`
4147
+ # @return [String]
4148
+ attr_accessor :source_ip
4149
+
4150
+ # Source port.
4151
+ # Corresponds to the JSON property `sourcePort`
4152
+ # @return [Fixnum]
4153
+ attr_accessor :source_port
4154
+
4155
+ def initialize(**args)
4156
+ update!(**args)
4157
+ end
4158
+
4159
+ # Update properties of this object
4160
+ def update!(**args)
4161
+ @destination_ip = args[:destination_ip] if args.key?(:destination_ip)
4162
+ @destination_port = args[:destination_port] if args.key?(:destination_port)
4163
+ @protocol = args[:protocol] if args.key?(:protocol)
4164
+ @source_ip = args[:source_ip] if args.key?(:source_ip)
4165
+ @source_port = args[:source_port] if args.key?(:source_port)
4166
+ end
4167
+ end
4168
+
4169
+ # The email address of a contact.
4170
+ class GoogleCloudSecuritycenterV2Contact
4171
+ include Google::Apis::Core::Hashable
4172
+
4173
+ # An email address. For example, "`person123@company.com`".
4174
+ # Corresponds to the JSON property `email`
4175
+ # @return [String]
4176
+ attr_accessor :email
4177
+
4178
+ def initialize(**args)
4179
+ update!(**args)
4180
+ end
4181
+
4182
+ # Update properties of this object
4183
+ def update!(**args)
4184
+ @email = args[:email] if args.key?(:email)
4185
+ end
4186
+ end
4187
+
4188
+ # Details about specific contacts
4189
+ class GoogleCloudSecuritycenterV2ContactDetails
4190
+ include Google::Apis::Core::Hashable
4191
+
4192
+ # A list of contacts
4193
+ # Corresponds to the JSON property `contacts`
4194
+ # @return [Array<Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2Contact>]
4195
+ attr_accessor :contacts
4196
+
4197
+ def initialize(**args)
4198
+ update!(**args)
4199
+ end
4200
+
4201
+ # Update properties of this object
4202
+ def update!(**args)
4203
+ @contacts = args[:contacts] if args.key?(:contacts)
4204
+ end
4205
+ end
4206
+
4207
+ # Container associated with the finding.
4208
+ class GoogleCloudSecuritycenterV2Container
4209
+ include Google::Apis::Core::Hashable
4210
+
4211
+ # The time that the container was created.
4212
+ # Corresponds to the JSON property `createTime`
4213
+ # @return [String]
4214
+ attr_accessor :create_time
4215
+
4216
+ # Optional container image ID, if provided by the container runtime. Uniquely
4217
+ # identifies the container image launched using a container image digest.
4218
+ # Corresponds to the JSON property `imageId`
4219
+ # @return [String]
4220
+ attr_accessor :image_id
4221
+
4222
+ # Container labels, as provided by the container runtime.
4223
+ # Corresponds to the JSON property `labels`
4224
+ # @return [Array<Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2Label>]
4225
+ attr_accessor :labels
4226
+
4227
+ # Name of the container.
4228
+ # Corresponds to the JSON property `name`
4229
+ # @return [String]
4230
+ attr_accessor :name
4231
+
4232
+ # Container image URI provided when configuring a pod or container. This string
4233
+ # can identify a container image version using mutable tags.
4234
+ # Corresponds to the JSON property `uri`
4235
+ # @return [String]
4236
+ attr_accessor :uri
4237
+
4238
+ def initialize(**args)
4239
+ update!(**args)
4240
+ end
4241
+
4242
+ # Update properties of this object
4243
+ def update!(**args)
4244
+ @create_time = args[:create_time] if args.key?(:create_time)
4245
+ @image_id = args[:image_id] if args.key?(:image_id)
4246
+ @labels = args[:labels] if args.key?(:labels)
4247
+ @name = args[:name] if args.key?(:name)
4248
+ @uri = args[:uri] if args.key?(:uri)
4249
+ end
4250
+ end
4251
+
4252
+ # CVE stands for Common Vulnerabilities and Exposures. Information from the [CVE
4253
+ # record](https://www.cve.org/ResourcesSupport/Glossary) that describes this
4254
+ # vulnerability.
4255
+ class GoogleCloudSecuritycenterV2Cve
4256
+ include Google::Apis::Core::Hashable
4257
+
4258
+ # Common Vulnerability Scoring System version 3.
4259
+ # Corresponds to the JSON property `cvssv3`
4260
+ # @return [Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2Cvssv3]
4261
+ attr_accessor :cvssv3
4262
+
4263
+ # The exploitation activity of the vulnerability in the wild.
4264
+ # Corresponds to the JSON property `exploitationActivity`
4265
+ # @return [String]
4266
+ attr_accessor :exploitation_activity
4267
+
4268
+ # The unique identifier for the vulnerability. e.g. CVE-2021-34527
4269
+ # Corresponds to the JSON property `id`
4270
+ # @return [String]
4271
+ attr_accessor :id
4272
+
4273
+ # The potential impact of the vulnerability if it was to be exploited.
4274
+ # Corresponds to the JSON property `impact`
4275
+ # @return [String]
4276
+ attr_accessor :impact
4277
+
4278
+ # Whether or not the vulnerability has been observed in the wild.
4279
+ # Corresponds to the JSON property `observedInTheWild`
4280
+ # @return [Boolean]
4281
+ attr_accessor :observed_in_the_wild
4282
+ alias_method :observed_in_the_wild?, :observed_in_the_wild
4283
+
4284
+ # Additional information about the CVE. e.g. https://cve.mitre.org/cgi-bin/
4285
+ # cvename.cgi?name=CVE-2021-34527
4286
+ # Corresponds to the JSON property `references`
4287
+ # @return [Array<Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2Reference>]
4288
+ attr_accessor :references
4289
+
4290
+ # Whether upstream fix is available for the CVE.
4291
+ # Corresponds to the JSON property `upstreamFixAvailable`
4292
+ # @return [Boolean]
4293
+ attr_accessor :upstream_fix_available
4294
+ alias_method :upstream_fix_available?, :upstream_fix_available
4295
+
4296
+ # Whether or not the vulnerability was zero day when the finding was published.
4297
+ # Corresponds to the JSON property `zeroDay`
4298
+ # @return [Boolean]
4299
+ attr_accessor :zero_day
4300
+ alias_method :zero_day?, :zero_day
4301
+
4302
+ def initialize(**args)
4303
+ update!(**args)
4304
+ end
4305
+
4306
+ # Update properties of this object
4307
+ def update!(**args)
4308
+ @cvssv3 = args[:cvssv3] if args.key?(:cvssv3)
4309
+ @exploitation_activity = args[:exploitation_activity] if args.key?(:exploitation_activity)
4310
+ @id = args[:id] if args.key?(:id)
4311
+ @impact = args[:impact] if args.key?(:impact)
4312
+ @observed_in_the_wild = args[:observed_in_the_wild] if args.key?(:observed_in_the_wild)
4313
+ @references = args[:references] if args.key?(:references)
4314
+ @upstream_fix_available = args[:upstream_fix_available] if args.key?(:upstream_fix_available)
4315
+ @zero_day = args[:zero_day] if args.key?(:zero_day)
4316
+ end
4317
+ end
4318
+
4319
+ # Common Vulnerability Scoring System version 3.
4320
+ class GoogleCloudSecuritycenterV2Cvssv3
4321
+ include Google::Apis::Core::Hashable
4322
+
4323
+ # This metric describes the conditions beyond the attacker's control that must
4324
+ # exist in order to exploit the vulnerability.
4325
+ # Corresponds to the JSON property `attackComplexity`
4326
+ # @return [String]
4327
+ attr_accessor :attack_complexity
4328
+
4329
+ # Base Metrics Represents the intrinsic characteristics of a vulnerability that
4330
+ # are constant over time and across user environments. This metric reflects the
4331
+ # context by which vulnerability exploitation is possible.
4332
+ # Corresponds to the JSON property `attackVector`
4333
+ # @return [String]
4334
+ attr_accessor :attack_vector
4335
+
4336
+ # This metric measures the impact to the availability of the impacted component
4337
+ # resulting from a successfully exploited vulnerability.
4338
+ # Corresponds to the JSON property `availabilityImpact`
4339
+ # @return [String]
4340
+ attr_accessor :availability_impact
4341
+
4342
+ # The base score is a function of the base metric scores.
4343
+ # Corresponds to the JSON property `baseScore`
4344
+ # @return [Float]
4345
+ attr_accessor :base_score
4346
+
4347
+ # This metric measures the impact to the confidentiality of the information
4348
+ # resources managed by a software component due to a successfully exploited
4349
+ # vulnerability.
4350
+ # Corresponds to the JSON property `confidentialityImpact`
4351
+ # @return [String]
4352
+ attr_accessor :confidentiality_impact
4353
+
4354
+ # This metric measures the impact to integrity of a successfully exploited
4355
+ # vulnerability.
4356
+ # Corresponds to the JSON property `integrityImpact`
4357
+ # @return [String]
4358
+ attr_accessor :integrity_impact
4359
+
4360
+ # This metric describes the level of privileges an attacker must possess before
4361
+ # successfully exploiting the vulnerability.
4362
+ # Corresponds to the JSON property `privilegesRequired`
4363
+ # @return [String]
4364
+ attr_accessor :privileges_required
4365
+
4366
+ # The Scope metric captures whether a vulnerability in one vulnerable component
4367
+ # impacts resources in components beyond its security scope.
4368
+ # Corresponds to the JSON property `scope`
4369
+ # @return [String]
4370
+ attr_accessor :scope
4371
+
4372
+ # This metric captures the requirement for a human user, other than the attacker,
4373
+ # to participate in the successful compromise of the vulnerable component.
4374
+ # Corresponds to the JSON property `userInteraction`
4375
+ # @return [String]
4376
+ attr_accessor :user_interaction
4377
+
4378
+ def initialize(**args)
4379
+ update!(**args)
4380
+ end
4381
+
4382
+ # Update properties of this object
4383
+ def update!(**args)
4384
+ @attack_complexity = args[:attack_complexity] if args.key?(:attack_complexity)
4385
+ @attack_vector = args[:attack_vector] if args.key?(:attack_vector)
4386
+ @availability_impact = args[:availability_impact] if args.key?(:availability_impact)
4387
+ @base_score = args[:base_score] if args.key?(:base_score)
4388
+ @confidentiality_impact = args[:confidentiality_impact] if args.key?(:confidentiality_impact)
4389
+ @integrity_impact = args[:integrity_impact] if args.key?(:integrity_impact)
4390
+ @privileges_required = args[:privileges_required] if args.key?(:privileges_required)
4391
+ @scope = args[:scope] if args.key?(:scope)
4392
+ @user_interaction = args[:user_interaction] if args.key?(:user_interaction)
4393
+ end
4394
+ end
4395
+
4396
+ # Represents database access information, such as queries. A database may be a
4397
+ # sub-resource of an instance (as in the case of Cloud SQL instances or Cloud
4398
+ # Spanner instances), or the database instance itself. Some database resources
4399
+ # might not have the [full resource name](https://google.aip.dev/122#full-
4400
+ # resource-names) populated because these resource types, such as Cloud SQL
4401
+ # databases, are not yet supported by Cloud Asset Inventory. In these cases only
4402
+ # the display name is provided.
4403
+ class GoogleCloudSecuritycenterV2Database
4404
+ include Google::Apis::Core::Hashable
4405
+
4406
+ # The human-readable name of the database that the user connected to.
4407
+ # Corresponds to the JSON property `displayName`
4408
+ # @return [String]
4409
+ attr_accessor :display_name
4410
+
4411
+ # The target usernames, roles, or groups of an SQL privilege grant, which is not
4412
+ # an IAM policy change.
4413
+ # Corresponds to the JSON property `grantees`
4414
+ # @return [Array<String>]
4415
+ attr_accessor :grantees
4416
+
4417
+ # Some database resources may not have the [full resource name](https://google.
4418
+ # aip.dev/122#full-resource-names) populated because these resource types are
4419
+ # not yet supported by Cloud Asset Inventory (e.g. Cloud SQL databases). In
4420
+ # these cases only the display name will be provided. The [full resource name](
4421
+ # https://google.aip.dev/122#full-resource-names) of the database that the user
4422
+ # connected to, if it is supported by Cloud Asset Inventory.
4423
+ # Corresponds to the JSON property `name`
4424
+ # @return [String]
4425
+ attr_accessor :name
4426
+
4427
+ # The SQL statement that is associated with the database access.
4428
+ # Corresponds to the JSON property `query`
4429
+ # @return [String]
4430
+ attr_accessor :query
4431
+
4432
+ # The username used to connect to the database. The username might not be an IAM
4433
+ # principal and does not have a set format.
4434
+ # Corresponds to the JSON property `userName`
4435
+ # @return [String]
4436
+ attr_accessor :user_name
4437
+
4438
+ # The version of the database, for example, POSTGRES_14. See [the complete list](
4439
+ # https://cloud.google.com/sql/docs/mysql/admin-api/rest/v1/SqlDatabaseVersion).
4440
+ # Corresponds to the JSON property `version`
4441
+ # @return [String]
4442
+ attr_accessor :version
4443
+
4444
+ def initialize(**args)
4445
+ update!(**args)
4446
+ end
4447
+
4448
+ # Update properties of this object
4449
+ def update!(**args)
4450
+ @display_name = args[:display_name] if args.key?(:display_name)
4451
+ @grantees = args[:grantees] if args.key?(:grantees)
4452
+ @name = args[:name] if args.key?(:name)
4453
+ @query = args[:query] if args.key?(:query)
4454
+ @user_name = args[:user_name] if args.key?(:user_name)
4455
+ @version = args[:version] if args.key?(:version)
4456
+ end
4457
+ end
4458
+
4459
+ # Memory hash detection contributing to the binary family match.
4460
+ class GoogleCloudSecuritycenterV2Detection
4461
+ include Google::Apis::Core::Hashable
4462
+
4463
+ # The name of the binary associated with the memory hash signature detection.
4464
+ # Corresponds to the JSON property `binary`
4465
+ # @return [String]
4466
+ attr_accessor :binary
4467
+
4468
+ # The percentage of memory page hashes in the signature that were matched.
4469
+ # Corresponds to the JSON property `percentPagesMatched`
4470
+ # @return [Float]
4471
+ attr_accessor :percent_pages_matched
4472
+
4473
+ def initialize(**args)
4474
+ update!(**args)
4475
+ end
4476
+
4477
+ # Update properties of this object
4478
+ def update!(**args)
4479
+ @binary = args[:binary] if args.key?(:binary)
4480
+ @percent_pages_matched = args[:percent_pages_matched] if args.key?(:percent_pages_matched)
4481
+ end
4482
+ end
4483
+
4484
+ # Path of the file in terms of underlying disk/partition identifiers.
4485
+ class GoogleCloudSecuritycenterV2DiskPath
4486
+ include Google::Apis::Core::Hashable
4487
+
4488
+ # UUID of the partition (format https://wiki.archlinux.org/title/
4489
+ # persistent_block_device_naming#by-uuid)
4490
+ # Corresponds to the JSON property `partitionUuid`
4491
+ # @return [String]
4492
+ attr_accessor :partition_uuid
4493
+
4494
+ # Relative path of the file in the partition as a JSON encoded string. Example: /
4495
+ # home/user1/executable_file.sh
4496
+ # Corresponds to the JSON property `relativePath`
4497
+ # @return [String]
4498
+ attr_accessor :relative_path
4499
+
4500
+ def initialize(**args)
4501
+ update!(**args)
4502
+ end
4503
+
4504
+ # Update properties of this object
4505
+ def update!(**args)
4506
+ @partition_uuid = args[:partition_uuid] if args.key?(:partition_uuid)
4507
+ @relative_path = args[:relative_path] if args.key?(:relative_path)
4508
+ end
4509
+ end
4510
+
4511
+ # A name-value pair representing an environment variable used in an operating
4512
+ # system process.
4513
+ class GoogleCloudSecuritycenterV2EnvironmentVariable
4514
+ include Google::Apis::Core::Hashable
4515
+
4516
+ # Environment variable name as a JSON encoded string.
4517
+ # Corresponds to the JSON property `name`
4518
+ # @return [String]
4519
+ attr_accessor :name
4520
+
4521
+ # Environment variable value as a JSON encoded string.
4522
+ # Corresponds to the JSON property `val`
4523
+ # @return [String]
4524
+ attr_accessor :val
4525
+
4526
+ def initialize(**args)
4527
+ update!(**args)
4528
+ end
4529
+
4530
+ # Update properties of this object
4531
+ def update!(**args)
4532
+ @name = args[:name] if args.key?(:name)
4533
+ @val = args[:val] if args.key?(:val)
4534
+ end
4535
+ end
4536
+
4537
+ # Resource where data was exfiltrated from or exfiltrated to.
4538
+ class GoogleCloudSecuritycenterV2ExfilResource
4539
+ include Google::Apis::Core::Hashable
4540
+
4541
+ # Subcomponents of the asset that was exfiltrated, like URIs used during
4542
+ # exfiltration, table names, databases, and filenames. For example, multiple
4543
+ # tables might have been exfiltrated from the same Cloud SQL instance, or
4544
+ # multiple files might have been exfiltrated from the same Cloud Storage bucket.
4545
+ # Corresponds to the JSON property `components`
4546
+ # @return [Array<String>]
4547
+ attr_accessor :components
4548
+
4549
+ # The resource's [full resource name](https://cloud.google.com/apis/design/
4550
+ # resource_names#full_resource_name).
4551
+ # Corresponds to the JSON property `name`
4552
+ # @return [String]
4553
+ attr_accessor :name
4554
+
4555
+ def initialize(**args)
4556
+ update!(**args)
4557
+ end
4558
+
4559
+ # Update properties of this object
4560
+ def update!(**args)
4561
+ @components = args[:components] if args.key?(:components)
4562
+ @name = args[:name] if args.key?(:name)
4563
+ end
4564
+ end
4565
+
4566
+ # Exfiltration represents a data exfiltration attempt from one or more sources
4567
+ # to one or more targets. The `sources` attribute lists the sources of the
4568
+ # exfiltrated data. The `targets` attribute lists the destinations the data was
4569
+ # copied to.
4570
+ class GoogleCloudSecuritycenterV2Exfiltration
4571
+ include Google::Apis::Core::Hashable
4572
+
4573
+ # If there are multiple sources, then the data is considered "joined" between
4574
+ # them. For instance, BigQuery can join multiple tables, and each table would be
4575
+ # considered a source.
4576
+ # Corresponds to the JSON property `sources`
4577
+ # @return [Array<Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2ExfilResource>]
4578
+ attr_accessor :sources
4579
+
4580
+ # If there are multiple targets, each target would get a complete copy of the "
4581
+ # joined" source data.
4582
+ # Corresponds to the JSON property `targets`
4583
+ # @return [Array<Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2ExfilResource>]
4584
+ attr_accessor :targets
4585
+
4586
+ # Total exfiltrated bytes processed for the entire job.
4587
+ # Corresponds to the JSON property `totalExfiltratedBytes`
4588
+ # @return [Fixnum]
4589
+ attr_accessor :total_exfiltrated_bytes
4590
+
4591
+ def initialize(**args)
4592
+ update!(**args)
4593
+ end
4594
+
4595
+ # Update properties of this object
4596
+ def update!(**args)
4597
+ @sources = args[:sources] if args.key?(:sources)
4598
+ @targets = args[:targets] if args.key?(:targets)
4599
+ @total_exfiltrated_bytes = args[:total_exfiltrated_bytes] if args.key?(:total_exfiltrated_bytes)
4600
+ end
4601
+ end
4602
+
4603
+ # Representation of third party SIEM/SOAR fields within SCC.
4604
+ class GoogleCloudSecuritycenterV2ExternalSystem
4605
+ include Google::Apis::Core::Hashable
4606
+
4607
+ # References primary/secondary etc assignees in the external system.
4608
+ # Corresponds to the JSON property `assignees`
4609
+ # @return [Array<String>]
4610
+ attr_accessor :assignees
4611
+
4612
+ # The priority of the finding's corresponding case in the external system.
4613
+ # Corresponds to the JSON property `casePriority`
4614
+ # @return [String]
4615
+ attr_accessor :case_priority
4616
+
4617
+ # The SLA of the finding's corresponding case in the external system.
4618
+ # Corresponds to the JSON property `caseSla`
4619
+ # @return [String]
4620
+ attr_accessor :case_sla
4621
+
4622
+ # The link to the finding's corresponding case in the external system.
4623
+ # Corresponds to the JSON property `caseUri`
4624
+ # @return [String]
4625
+ attr_accessor :case_uri
4626
+
4627
+ # The time when the case was last updated, as reported by the external system.
4628
+ # Corresponds to the JSON property `externalSystemUpdateTime`
4629
+ # @return [String]
4630
+ attr_accessor :external_system_update_time
4631
+
4632
+ # The identifier that's used to track the finding's corresponding case in the
4633
+ # external system.
4634
+ # Corresponds to the JSON property `externalUid`
4635
+ # @return [String]
4636
+ attr_accessor :external_uid
4637
+
4638
+ # Full resource name of the external system. The following list shows some
4639
+ # examples: + `organizations/1234/sources/5678/findings/123456/externalSystems/
4640
+ # jira` + `organizations/1234/sources/5678/locations/us/findings/123456/
4641
+ # externalSystems/jira` + `folders/1234/sources/5678/findings/123456/
4642
+ # externalSystems/jira` + `folders/1234/sources/5678/locations/us/findings/
4643
+ # 123456/externalSystems/jira` + `projects/1234/sources/5678/findings/123456/
4644
+ # externalSystems/jira` + `projects/1234/sources/5678/locations/us/findings/
4645
+ # 123456/externalSystems/jira`
4646
+ # Corresponds to the JSON property `name`
4647
+ # @return [String]
4648
+ attr_accessor :name
4649
+
4650
+ # The most recent status of the finding's corresponding case, as reported by the
4651
+ # external system.
4652
+ # Corresponds to the JSON property `status`
4653
+ # @return [String]
4654
+ attr_accessor :status
4655
+
4656
+ # Information about the ticket, if any, that is being used to track the
4657
+ # resolution of the issue that is identified by this finding.
4658
+ # Corresponds to the JSON property `ticketInfo`
4659
+ # @return [Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2TicketInfo]
4660
+ attr_accessor :ticket_info
4661
+
4662
+ def initialize(**args)
4663
+ update!(**args)
4664
+ end
4665
+
4666
+ # Update properties of this object
4667
+ def update!(**args)
4668
+ @assignees = args[:assignees] if args.key?(:assignees)
4669
+ @case_priority = args[:case_priority] if args.key?(:case_priority)
4670
+ @case_sla = args[:case_sla] if args.key?(:case_sla)
4671
+ @case_uri = args[:case_uri] if args.key?(:case_uri)
4672
+ @external_system_update_time = args[:external_system_update_time] if args.key?(:external_system_update_time)
4673
+ @external_uid = args[:external_uid] if args.key?(:external_uid)
4674
+ @name = args[:name] if args.key?(:name)
4675
+ @status = args[:status] if args.key?(:status)
4676
+ @ticket_info = args[:ticket_info] if args.key?(:ticket_info)
4677
+ end
4678
+ end
4679
+
4680
+ # File information about the related binary/library used by an executable, or
4681
+ # the script used by a script interpreter
4682
+ class GoogleCloudSecuritycenterV2File
4683
+ include Google::Apis::Core::Hashable
4684
+
4685
+ # Prefix of the file contents as a JSON-encoded string.
4686
+ # Corresponds to the JSON property `contents`
4687
+ # @return [String]
4688
+ attr_accessor :contents
4689
+
4690
+ # Path of the file in terms of underlying disk/partition identifiers.
4691
+ # Corresponds to the JSON property `diskPath`
4692
+ # @return [Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2DiskPath]
4693
+ attr_accessor :disk_path
4694
+
4695
+ # The length in bytes of the file prefix that was hashed. If hashed_size == size,
4696
+ # any hashes reported represent the entire file.
4697
+ # Corresponds to the JSON property `hashedSize`
4698
+ # @return [Fixnum]
4699
+ attr_accessor :hashed_size
4700
+
4701
+ # True when the hash covers only a prefix of the file.
4702
+ # Corresponds to the JSON property `partiallyHashed`
4703
+ # @return [Boolean]
4704
+ attr_accessor :partially_hashed
4705
+ alias_method :partially_hashed?, :partially_hashed
4706
+
4707
+ # Absolute path of the file as a JSON encoded string.
4708
+ # Corresponds to the JSON property `path`
4709
+ # @return [String]
4710
+ attr_accessor :path
4711
+
4712
+ # SHA256 hash of the first hashed_size bytes of the file encoded as a hex string.
4713
+ # If hashed_size == size, sha256 represents the SHA256 hash of the entire file.
4714
+ # Corresponds to the JSON property `sha256`
4715
+ # @return [String]
4716
+ attr_accessor :sha256
4717
+
4718
+ # Size of the file in bytes.
4719
+ # Corresponds to the JSON property `size`
4720
+ # @return [Fixnum]
4721
+ attr_accessor :size
4722
+
4723
+ def initialize(**args)
4724
+ update!(**args)
4725
+ end
4726
+
4727
+ # Update properties of this object
4728
+ def update!(**args)
4729
+ @contents = args[:contents] if args.key?(:contents)
4730
+ @disk_path = args[:disk_path] if args.key?(:disk_path)
4731
+ @hashed_size = args[:hashed_size] if args.key?(:hashed_size)
4732
+ @partially_hashed = args[:partially_hashed] if args.key?(:partially_hashed)
4733
+ @path = args[:path] if args.key?(:path)
4734
+ @sha256 = args[:sha256] if args.key?(:sha256)
4735
+ @size = args[:size] if args.key?(:size)
4736
+ end
4737
+ end
4738
+
4739
+ # Security Command Center finding. A finding is a record of assessment data like
4740
+ # security, risk, health, or privacy, that is ingested into Security Command
4741
+ # Center for presentation, notification, analysis, policy testing, and
4742
+ # enforcement. For example, a cross-site scripting (XSS) vulnerability in an App
4743
+ # Engine application is a finding.
4744
+ class GoogleCloudSecuritycenterV2Finding
4745
+ include Google::Apis::Core::Hashable
4746
+
4747
+ # Represents an access event.
4748
+ # Corresponds to the JSON property `access`
4749
+ # @return [Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2Access]
4750
+ attr_accessor :access
4751
+
4752
+ # Represents an application associated with a finding.
4753
+ # Corresponds to the JSON property `application`
4754
+ # @return [Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2Application]
4755
+ attr_accessor :application
4756
+
4757
+ # An attack exposure contains the results of an attack path simulation run.
4758
+ # Corresponds to the JSON property `attackExposure`
4759
+ # @return [Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2AttackExposure]
4760
+ attr_accessor :attack_exposure
4761
+
4762
+ # Information related to Google Cloud Backup and DR Service findings.
4763
+ # Corresponds to the JSON property `backupDisasterRecovery`
4764
+ # @return [Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2BackupDisasterRecovery]
4765
+ attr_accessor :backup_disaster_recovery
4766
+
4767
+ # Output only. The canonical name of the finding. The following list shows some
4768
+ # examples: + `organizations/`organization_id`/sources/`source_id`/findings/`
4769
+ # finding_id`` + `organizations/`organization_id`/sources/`source_id`/locations/`
4770
+ # location_id`/findings/`finding_id`` + `folders/`folder_id`/sources/`source_id`/
4771
+ # findings/`finding_id`` + `folders/`folder_id`/sources/`source_id`/locations/`
4772
+ # location_id`/findings/`finding_id`` + `projects/`project_id`/sources/`
4773
+ # source_id`/findings/`finding_id`` + `projects/`project_id`/sources/`source_id`/
4774
+ # locations/`location_id`/findings/`finding_id`` The prefix is the closest CRM
4775
+ # ancestor of the resource associated with the finding.
4776
+ # Corresponds to the JSON property `canonicalName`
4777
+ # @return [String]
4778
+ attr_accessor :canonical_name
4779
+
4780
+ # Immutable. The additional taxonomy group within findings from a given source.
4781
+ # Example: "XSS_FLASH_INJECTION"
4782
+ # Corresponds to the JSON property `category`
4783
+ # @return [String]
4784
+ attr_accessor :category
4785
+
4786
+ # The [data profile](https://cloud.google.com/dlp/docs/data-profiles) associated
4787
+ # with the finding.
4788
+ # Corresponds to the JSON property `cloudDlpDataProfile`
4789
+ # @return [Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2CloudDlpDataProfile]
4790
+ attr_accessor :cloud_dlp_data_profile
4791
+
4792
+ # Details about the Cloud Data Loss Prevention (Cloud DLP) [inspection job](
4793
+ # https://cloud.google.com/dlp/docs/concepts-job-triggers) that produced the
4794
+ # finding.
4795
+ # Corresponds to the JSON property `cloudDlpInspection`
4796
+ # @return [Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2CloudDlpInspection]
4797
+ attr_accessor :cloud_dlp_inspection
4798
+
4799
+ # Contains compliance information for security standards associated to the
4800
+ # finding.
4801
+ # Corresponds to the JSON property `compliances`
4802
+ # @return [Array<Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2Compliance>]
4803
+ attr_accessor :compliances
4804
+
4805
+ # Contains information about the IP connection associated with the finding.
4806
+ # Corresponds to the JSON property `connections`
4807
+ # @return [Array<Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2Connection>]
4808
+ attr_accessor :connections
4809
+
4810
+ # Output only. Map containing the points of contact for the given finding. The
4811
+ # key represents the type of contact, while the value contains a list of all the
4812
+ # contacts that pertain. Please refer to: https://cloud.google.com/resource-
4813
+ # manager/docs/managing-notification-contacts#notification-categories ` "
4814
+ # security": ` "contacts": [ ` "email": "person1@company.com" `, ` "email": "
4815
+ # person2@company.com" ` ] ` `
4816
+ # Corresponds to the JSON property `contacts`
4817
+ # @return [Hash<String,Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2ContactDetails>]
4818
+ attr_accessor :contacts
4819
+
4820
+ # Containers associated with the finding. This field provides information for
4821
+ # both Kubernetes and non-Kubernetes containers.
4822
+ # Corresponds to the JSON property `containers`
4823
+ # @return [Array<Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2Container>]
4824
+ attr_accessor :containers
4825
+
4826
+ # Output only. The time at which the finding was created in Security Command
4827
+ # Center.
4828
+ # Corresponds to the JSON property `createTime`
4829
+ # @return [String]
4830
+ attr_accessor :create_time
4831
+
4832
+ # Represents database access information, such as queries. A database may be a
4833
+ # sub-resource of an instance (as in the case of Cloud SQL instances or Cloud
4834
+ # Spanner instances), or the database instance itself. Some database resources
4835
+ # might not have the [full resource name](https://google.aip.dev/122#full-
4836
+ # resource-names) populated because these resource types, such as Cloud SQL
4837
+ # databases, are not yet supported by Cloud Asset Inventory. In these cases only
4838
+ # the display name is provided.
4839
+ # Corresponds to the JSON property `database`
4840
+ # @return [Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2Database]
4841
+ attr_accessor :database
4842
+
4843
+ # Contains more details about the finding.
4844
+ # Corresponds to the JSON property `description`
4845
+ # @return [String]
4846
+ attr_accessor :description
4847
+
4848
+ # The time the finding was first detected. If an existing finding is updated,
4849
+ # then this is the time the update occurred. For example, if the finding
4850
+ # represents an open firewall, this property captures the time the detector
4851
+ # believes the firewall became open. The accuracy is determined by the detector.
4852
+ # If the finding is later resolved, then this time reflects when the finding was
4853
+ # resolved. This must not be set to a value greater than the current timestamp.
4854
+ # Corresponds to the JSON property `eventTime`
4855
+ # @return [String]
4856
+ attr_accessor :event_time
4857
+
4858
+ # Exfiltration represents a data exfiltration attempt from one or more sources
4859
+ # to one or more targets. The `sources` attribute lists the sources of the
4860
+ # exfiltrated data. The `targets` attribute lists the destinations the data was
4861
+ # copied to.
4862
+ # Corresponds to the JSON property `exfiltration`
4863
+ # @return [Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2Exfiltration]
4864
+ attr_accessor :exfiltration
4865
+
4866
+ # Output only. Third party SIEM/SOAR fields within SCC, contains external system
4867
+ # information and external system finding fields.
4868
+ # Corresponds to the JSON property `externalSystems`
4869
+ # @return [Hash<String,Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2ExternalSystem>]
4870
+ attr_accessor :external_systems
4871
+
4872
+ # The URI that, if available, points to a web page outside of Security Command
4873
+ # Center where additional information about the finding can be found. This field
4874
+ # is guaranteed to be either empty or a well formed URL.
4875
+ # Corresponds to the JSON property `externalUri`
4876
+ # @return [String]
4877
+ attr_accessor :external_uri
4878
+
4879
+ # File associated with the finding.
4880
+ # Corresponds to the JSON property `files`
4881
+ # @return [Array<Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2File>]
4882
+ attr_accessor :files
4883
+
4884
+ # The class of the finding.
4885
+ # Corresponds to the JSON property `findingClass`
4886
+ # @return [String]
4887
+ attr_accessor :finding_class
4888
+
4889
+ # Represents IAM bindings associated with the finding.
4890
+ # Corresponds to the JSON property `iamBindings`
4891
+ # @return [Array<Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2IamBinding>]
4892
+ attr_accessor :iam_bindings
4893
+
4894
+ # Represents what's commonly known as an _indicator of compromise_ (IoC) in
4895
+ # computer forensics. This is an artifact observed on a network or in an
4896
+ # operating system that, with high confidence, indicates a computer intrusion.
4897
+ # For more information, see [Indicator of compromise](https://en.wikipedia.org/
4898
+ # wiki/Indicator_of_compromise).
4899
+ # Corresponds to the JSON property `indicator`
4900
+ # @return [Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2Indicator]
4901
+ attr_accessor :indicator
4902
+
4903
+ # Kernel mode rootkit signatures.
4904
+ # Corresponds to the JSON property `kernelRootkit`
4905
+ # @return [Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2KernelRootkit]
4906
+ attr_accessor :kernel_rootkit
4907
+
4908
+ # Kubernetes-related attributes.
4909
+ # Corresponds to the JSON property `kubernetes`
4910
+ # @return [Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2Kubernetes]
4911
+ attr_accessor :kubernetes
4912
+
4913
+ # The load balancers associated with the finding.
4914
+ # Corresponds to the JSON property `loadBalancers`
4915
+ # @return [Array<Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2LoadBalancer>]
4916
+ attr_accessor :load_balancers
4917
+
4918
+ # Log entries that are relevant to the finding.
4919
+ # Corresponds to the JSON property `logEntries`
4920
+ # @return [Array<Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2LogEntry>]
4921
+ attr_accessor :log_entries
4922
+
4923
+ # MITRE ATT&CK tactics and techniques related to this finding. See: https://
4924
+ # attack.mitre.org
4925
+ # Corresponds to the JSON property `mitreAttack`
4926
+ # @return [Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2MitreAttack]
4927
+ attr_accessor :mitre_attack
4928
+
4929
+ # Unique identifier of the module which generated the finding. Example: folders/
4930
+ # 598186756061/securityHealthAnalyticsSettings/customModules/56799441161885
4931
+ # Corresponds to the JSON property `moduleName`
4932
+ # @return [String]
4933
+ attr_accessor :module_name
4934
+
4935
+ # Indicates the mute state of a finding (either muted, unmuted or undefined).
4936
+ # Unlike other attributes of a finding, a finding provider shouldn't set the
4937
+ # value of mute.
4938
+ # Corresponds to the JSON property `mute`
4939
+ # @return [String]
4940
+ attr_accessor :mute
4941
+
4942
+ # Records additional information about the mute operation, for example, the [
4943
+ # mute configuration](https://cloud.google.com/security-command-center/docs/how-
4944
+ # to-mute-findings) that muted the finding and the user who muted the finding.
4945
+ # Corresponds to the JSON property `muteInitiator`
4946
+ # @return [String]
4947
+ attr_accessor :mute_initiator
4948
+
4949
+ # Output only. The most recent time this finding was muted or unmuted.
4950
+ # Corresponds to the JSON property `muteUpdateTime`
4951
+ # @return [String]
4952
+ attr_accessor :mute_update_time
4953
+
4954
+ # The [relative resource name](https://cloud.google.com/apis/design/
4955
+ # resource_names#relative_resource_name) of the finding. The following list
4956
+ # shows some examples: + `organizations/`organization_id`/sources/`source_id`/
4957
+ # findings/`finding_id`` + `organizations/`organization_id`/sources/`source_id`/
4958
+ # locations/`location_id`/findings/`finding_id`` + `folders/`folder_id`/sources/`
4959
+ # source_id`/findings/`finding_id`` + `folders/`folder_id`/sources/`source_id`/
4960
+ # locations/`location_id`/findings/`finding_id`` + `projects/`project_id`/
4961
+ # sources/`source_id`/findings/`finding_id`` + `projects/`project_id`/sources/`
4962
+ # source_id`/locations/`location_id`/findings/`finding_id``
4963
+ # Corresponds to the JSON property `name`
4964
+ # @return [String]
4965
+ attr_accessor :name
4966
+
4967
+ # Steps to address the finding.
4968
+ # Corresponds to the JSON property `nextSteps`
4969
+ # @return [String]
4970
+ attr_accessor :next_steps
4971
+
4972
+ # Contains information about the org policies associated with the finding.
4973
+ # Corresponds to the JSON property `orgPolicies`
4974
+ # @return [Array<Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2OrgPolicy>]
4975
+ attr_accessor :org_policies
4976
+
4977
+ # The relative resource name of the source and location the finding belongs to.
4978
+ # See: https://cloud.google.com/apis/design/resource_names#
4979
+ # relative_resource_name This field is immutable after creation time. The
4980
+ # following list shows some examples: + `organizations/`organization_id`/sources/
4981
+ # `source_id`` + `folders/`folders_id`/sources/`source_id`` + `projects/`
4982
+ # projects_id`/sources/`source_id`` + `organizations/`organization_id`/sources/`
4983
+ # source_id`/locations/`location_id`` + `folders/`folders_id`/sources/`source_id`
4984
+ # /locations/`location_id`` + `projects/`projects_id`/sources/`source_id`/
4985
+ # locations/`location_id``
4986
+ # Corresponds to the JSON property `parent`
4987
+ # @return [String]
4988
+ attr_accessor :parent
4989
+
4990
+ # Output only. The human readable display name of the finding source such as "
4991
+ # Event Threat Detection" or "Security Health Analytics".
4992
+ # Corresponds to the JSON property `parentDisplayName`
4993
+ # @return [String]
4994
+ attr_accessor :parent_display_name
4995
+
4996
+ # Represents operating system processes associated with the Finding.
4997
+ # Corresponds to the JSON property `processes`
4998
+ # @return [Array<Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2Process>]
4999
+ attr_accessor :processes
5000
+
5001
+ # Immutable. For findings on Google Cloud resources, the full resource name of
5002
+ # the Google Cloud resource this finding is for. See: https://cloud.google.com/
5003
+ # apis/design/resource_names#full_resource_name When the finding is for a non-
5004
+ # Google Cloud resource, the resourceName can be a customer or partner defined
5005
+ # string.
5006
+ # Corresponds to the JSON property `resourceName`
5007
+ # @return [String]
5008
+ attr_accessor :resource_name
5009
+
5010
+ # User specified security marks that are attached to the parent Security Command
5011
+ # Center resource. Security marks are scoped within a Security Command Center
5012
+ # organization -- they can be modified and viewed by all users who have proper
5013
+ # permissions on the organization.
5014
+ # Corresponds to the JSON property `securityMarks`
5015
+ # @return [Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2SecurityMarks]
5016
+ attr_accessor :security_marks
5017
+
5018
+ # Represents a posture that is deployed on Google Cloud by the Security Command
5019
+ # Center Posture Management service. A posture contains one or more policy sets.
5020
+ # A policy set is a group of policies that enforce a set of security rules on
5021
+ # Google Cloud.
5022
+ # Corresponds to the JSON property `securityPosture`
5023
+ # @return [Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2SecurityPosture]
5024
+ attr_accessor :security_posture
5025
+
5026
+ # The severity of the finding. This field is managed by the source that writes
5027
+ # the finding.
5028
+ # Corresponds to the JSON property `severity`
5029
+ # @return [String]
5030
+ attr_accessor :severity
5031
+
5032
+ # Source specific properties. These properties are managed by the source that
5033
+ # writes the finding. The key names in the source_properties map must be between
5034
+ # 1 and 255 characters, and must start with a letter and contain alphanumeric
5035
+ # characters or underscores only.
5036
+ # Corresponds to the JSON property `sourceProperties`
5037
+ # @return [Hash<String,Object>]
5038
+ attr_accessor :source_properties
5039
+
5040
+ # Output only. The state of the finding.
5041
+ # Corresponds to the JSON property `state`
5042
+ # @return [String]
5043
+ attr_accessor :state
5044
+
5045
+ # Refers to common vulnerability fields e.g. cve, cvss, cwe etc.
5046
+ # Corresponds to the JSON property `vulnerability`
5047
+ # @return [Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2Vulnerability]
5048
+ attr_accessor :vulnerability
5049
+
5050
+ def initialize(**args)
5051
+ update!(**args)
5052
+ end
5053
+
5054
+ # Update properties of this object
5055
+ def update!(**args)
5056
+ @access = args[:access] if args.key?(:access)
5057
+ @application = args[:application] if args.key?(:application)
5058
+ @attack_exposure = args[:attack_exposure] if args.key?(:attack_exposure)
5059
+ @backup_disaster_recovery = args[:backup_disaster_recovery] if args.key?(:backup_disaster_recovery)
5060
+ @canonical_name = args[:canonical_name] if args.key?(:canonical_name)
5061
+ @category = args[:category] if args.key?(:category)
5062
+ @cloud_dlp_data_profile = args[:cloud_dlp_data_profile] if args.key?(:cloud_dlp_data_profile)
5063
+ @cloud_dlp_inspection = args[:cloud_dlp_inspection] if args.key?(:cloud_dlp_inspection)
5064
+ @compliances = args[:compliances] if args.key?(:compliances)
5065
+ @connections = args[:connections] if args.key?(:connections)
5066
+ @contacts = args[:contacts] if args.key?(:contacts)
5067
+ @containers = args[:containers] if args.key?(:containers)
5068
+ @create_time = args[:create_time] if args.key?(:create_time)
5069
+ @database = args[:database] if args.key?(:database)
5070
+ @description = args[:description] if args.key?(:description)
5071
+ @event_time = args[:event_time] if args.key?(:event_time)
5072
+ @exfiltration = args[:exfiltration] if args.key?(:exfiltration)
5073
+ @external_systems = args[:external_systems] if args.key?(:external_systems)
5074
+ @external_uri = args[:external_uri] if args.key?(:external_uri)
5075
+ @files = args[:files] if args.key?(:files)
5076
+ @finding_class = args[:finding_class] if args.key?(:finding_class)
5077
+ @iam_bindings = args[:iam_bindings] if args.key?(:iam_bindings)
5078
+ @indicator = args[:indicator] if args.key?(:indicator)
5079
+ @kernel_rootkit = args[:kernel_rootkit] if args.key?(:kernel_rootkit)
5080
+ @kubernetes = args[:kubernetes] if args.key?(:kubernetes)
5081
+ @load_balancers = args[:load_balancers] if args.key?(:load_balancers)
5082
+ @log_entries = args[:log_entries] if args.key?(:log_entries)
5083
+ @mitre_attack = args[:mitre_attack] if args.key?(:mitre_attack)
5084
+ @module_name = args[:module_name] if args.key?(:module_name)
5085
+ @mute = args[:mute] if args.key?(:mute)
5086
+ @mute_initiator = args[:mute_initiator] if args.key?(:mute_initiator)
5087
+ @mute_update_time = args[:mute_update_time] if args.key?(:mute_update_time)
5088
+ @name = args[:name] if args.key?(:name)
5089
+ @next_steps = args[:next_steps] if args.key?(:next_steps)
5090
+ @org_policies = args[:org_policies] if args.key?(:org_policies)
5091
+ @parent = args[:parent] if args.key?(:parent)
5092
+ @parent_display_name = args[:parent_display_name] if args.key?(:parent_display_name)
5093
+ @processes = args[:processes] if args.key?(:processes)
5094
+ @resource_name = args[:resource_name] if args.key?(:resource_name)
5095
+ @security_marks = args[:security_marks] if args.key?(:security_marks)
5096
+ @security_posture = args[:security_posture] if args.key?(:security_posture)
5097
+ @severity = args[:severity] if args.key?(:severity)
5098
+ @source_properties = args[:source_properties] if args.key?(:source_properties)
5099
+ @state = args[:state] if args.key?(:state)
5100
+ @vulnerability = args[:vulnerability] if args.key?(:vulnerability)
5101
+ end
5102
+ end
5103
+
5104
+ # Represents a geographical location for a given access.
5105
+ class GoogleCloudSecuritycenterV2Geolocation
5106
+ include Google::Apis::Core::Hashable
5107
+
5108
+ # A CLDR.
5109
+ # Corresponds to the JSON property `regionCode`
5110
+ # @return [String]
5111
+ attr_accessor :region_code
5112
+
5113
+ def initialize(**args)
5114
+ update!(**args)
5115
+ end
5116
+
5117
+ # Update properties of this object
5118
+ def update!(**args)
5119
+ @region_code = args[:region_code] if args.key?(:region_code)
5120
+ end
5121
+ end
5122
+
5123
+ # Represents a particular IAM binding, which captures a member's role addition,
5124
+ # removal, or state.
5125
+ class GoogleCloudSecuritycenterV2IamBinding
5126
+ include Google::Apis::Core::Hashable
5127
+
5128
+ # The action that was performed on a Binding.
5129
+ # Corresponds to the JSON property `action`
5130
+ # @return [String]
5131
+ attr_accessor :action
5132
+
5133
+ # A single identity requesting access for a Cloud Platform resource, for example,
5134
+ # "foo@google.com".
5135
+ # Corresponds to the JSON property `member`
5136
+ # @return [String]
5137
+ attr_accessor :member
5138
+
5139
+ # Role that is assigned to "members". For example, "roles/viewer", "roles/editor"
5140
+ # , or "roles/owner".
5141
+ # Corresponds to the JSON property `role`
5142
+ # @return [String]
5143
+ attr_accessor :role
5144
+
5145
+ def initialize(**args)
5146
+ update!(**args)
5147
+ end
5148
+
5149
+ # Update properties of this object
5150
+ def update!(**args)
5151
+ @action = args[:action] if args.key?(:action)
5152
+ @member = args[:member] if args.key?(:member)
5153
+ @role = args[:role] if args.key?(:role)
5154
+ end
5155
+ end
5156
+
5157
+ # Represents what's commonly known as an _indicator of compromise_ (IoC) in
5158
+ # computer forensics. This is an artifact observed on a network or in an
5159
+ # operating system that, with high confidence, indicates a computer intrusion.
5160
+ # For more information, see [Indicator of compromise](https://en.wikipedia.org/
5161
+ # wiki/Indicator_of_compromise).
5162
+ class GoogleCloudSecuritycenterV2Indicator
5163
+ include Google::Apis::Core::Hashable
5164
+
5165
+ # List of domains associated to the Finding.
5166
+ # Corresponds to the JSON property `domains`
5167
+ # @return [Array<String>]
5168
+ attr_accessor :domains
5169
+
5170
+ # The list of IP addresses that are associated with the finding.
5171
+ # Corresponds to the JSON property `ipAddresses`
5172
+ # @return [Array<String>]
5173
+ attr_accessor :ip_addresses
5174
+
5175
+ # The list of matched signatures indicating that the given process is present in
5176
+ # the environment.
5177
+ # Corresponds to the JSON property `signatures`
5178
+ # @return [Array<Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2ProcessSignature>]
5179
+ attr_accessor :signatures
5180
+
5181
+ # The list of URIs associated to the Findings.
5182
+ # Corresponds to the JSON property `uris`
5183
+ # @return [Array<String>]
5184
+ attr_accessor :uris
5185
+
5186
+ def initialize(**args)
5187
+ update!(**args)
5188
+ end
5189
+
5190
+ # Update properties of this object
5191
+ def update!(**args)
5192
+ @domains = args[:domains] if args.key?(:domains)
5193
+ @ip_addresses = args[:ip_addresses] if args.key?(:ip_addresses)
5194
+ @signatures = args[:signatures] if args.key?(:signatures)
5195
+ @uris = args[:uris] if args.key?(:uris)
5196
+ end
5197
+ end
5198
+
5199
+ # Kernel mode rootkit signatures.
5200
+ class GoogleCloudSecuritycenterV2KernelRootkit
5201
+ include Google::Apis::Core::Hashable
5202
+
5203
+ # Rootkit name, when available.
5204
+ # Corresponds to the JSON property `name`
5205
+ # @return [String]
5206
+ attr_accessor :name
5207
+
5208
+ # True if unexpected modifications of kernel code memory are present.
5209
+ # Corresponds to the JSON property `unexpectedCodeModification`
5210
+ # @return [Boolean]
5211
+ attr_accessor :unexpected_code_modification
5212
+ alias_method :unexpected_code_modification?, :unexpected_code_modification
5213
+
5214
+ # True if `ftrace` points are present with callbacks pointing to regions that
5215
+ # are not in the expected kernel or module code range.
5216
+ # Corresponds to the JSON property `unexpectedFtraceHandler`
5217
+ # @return [Boolean]
5218
+ attr_accessor :unexpected_ftrace_handler
5219
+ alias_method :unexpected_ftrace_handler?, :unexpected_ftrace_handler
5220
+
5221
+ # True if interrupt handlers that are are not in the expected kernel or module
5222
+ # code regions are present.
5223
+ # Corresponds to the JSON property `unexpectedInterruptHandler`
5224
+ # @return [Boolean]
5225
+ attr_accessor :unexpected_interrupt_handler
5226
+ alias_method :unexpected_interrupt_handler?, :unexpected_interrupt_handler
5227
+
5228
+ # True if kernel code pages that are not in the expected kernel or module code
5229
+ # regions are present.
5230
+ # Corresponds to the JSON property `unexpectedKernelCodePages`
5231
+ # @return [Boolean]
5232
+ attr_accessor :unexpected_kernel_code_pages
5233
+ alias_method :unexpected_kernel_code_pages?, :unexpected_kernel_code_pages
5234
+
5235
+ # True if `kprobe` points are present with callbacks pointing to regions that
5236
+ # are not in the expected kernel or module code range.
5237
+ # Corresponds to the JSON property `unexpectedKprobeHandler`
5238
+ # @return [Boolean]
5239
+ attr_accessor :unexpected_kprobe_handler
5240
+ alias_method :unexpected_kprobe_handler?, :unexpected_kprobe_handler
5241
+
5242
+ # True if unexpected processes in the scheduler run queue are present. Such
5243
+ # processes are in the run queue, but not in the process task list.
5244
+ # Corresponds to the JSON property `unexpectedProcessesInRunqueue`
5245
+ # @return [Boolean]
5246
+ attr_accessor :unexpected_processes_in_runqueue
5247
+ alias_method :unexpected_processes_in_runqueue?, :unexpected_processes_in_runqueue
5248
+
5249
+ # True if unexpected modifications of kernel read-only data memory are present.
5250
+ # Corresponds to the JSON property `unexpectedReadOnlyDataModification`
5251
+ # @return [Boolean]
5252
+ attr_accessor :unexpected_read_only_data_modification
5253
+ alias_method :unexpected_read_only_data_modification?, :unexpected_read_only_data_modification
5254
+
5255
+ # True if system call handlers that are are not in the expected kernel or module
5256
+ # code regions are present.
5257
+ # Corresponds to the JSON property `unexpectedSystemCallHandler`
5258
+ # @return [Boolean]
5259
+ attr_accessor :unexpected_system_call_handler
5260
+ alias_method :unexpected_system_call_handler?, :unexpected_system_call_handler
5261
+
5262
+ def initialize(**args)
5263
+ update!(**args)
5264
+ end
5265
+
5266
+ # Update properties of this object
5267
+ def update!(**args)
5268
+ @name = args[:name] if args.key?(:name)
5269
+ @unexpected_code_modification = args[:unexpected_code_modification] if args.key?(:unexpected_code_modification)
5270
+ @unexpected_ftrace_handler = args[:unexpected_ftrace_handler] if args.key?(:unexpected_ftrace_handler)
5271
+ @unexpected_interrupt_handler = args[:unexpected_interrupt_handler] if args.key?(:unexpected_interrupt_handler)
5272
+ @unexpected_kernel_code_pages = args[:unexpected_kernel_code_pages] if args.key?(:unexpected_kernel_code_pages)
5273
+ @unexpected_kprobe_handler = args[:unexpected_kprobe_handler] if args.key?(:unexpected_kprobe_handler)
5274
+ @unexpected_processes_in_runqueue = args[:unexpected_processes_in_runqueue] if args.key?(:unexpected_processes_in_runqueue)
5275
+ @unexpected_read_only_data_modification = args[:unexpected_read_only_data_modification] if args.key?(:unexpected_read_only_data_modification)
5276
+ @unexpected_system_call_handler = args[:unexpected_system_call_handler] if args.key?(:unexpected_system_call_handler)
5277
+ end
5278
+ end
5279
+
5280
+ # Kubernetes-related attributes.
5281
+ class GoogleCloudSecuritycenterV2Kubernetes
5282
+ include Google::Apis::Core::Hashable
5283
+
5284
+ # Provides information on any Kubernetes access reviews (privilege checks)
5285
+ # relevant to the finding.
5286
+ # Corresponds to the JSON property `accessReviews`
5287
+ # @return [Array<Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2AccessReview>]
5288
+ attr_accessor :access_reviews
5289
+
5290
+ # Provides Kubernetes role binding information for findings that involve [
5291
+ # RoleBindings or ClusterRoleBindings](https://cloud.google.com/kubernetes-
5292
+ # engine/docs/how-to/role-based-access-control).
5293
+ # Corresponds to the JSON property `bindings`
5294
+ # @return [Array<Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2Binding>]
5295
+ attr_accessor :bindings
5296
+
5297
+ # GKE [node pools](https://cloud.google.com/kubernetes-engine/docs/concepts/node-
5298
+ # pools) associated with the finding. This field contains node pool information
5299
+ # for each node, when it is available.
5300
+ # Corresponds to the JSON property `nodePools`
5301
+ # @return [Array<Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2NodePool>]
5302
+ attr_accessor :node_pools
5303
+
5304
+ # Provides Kubernetes [node](https://cloud.google.com/kubernetes-engine/docs/
5305
+ # concepts/cluster-architecture#nodes) information.
5306
+ # Corresponds to the JSON property `nodes`
5307
+ # @return [Array<Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2Node>]
5308
+ attr_accessor :nodes
5309
+
5310
+ # Kubernetes objects related to the finding.
5311
+ # Corresponds to the JSON property `objects`
5312
+ # @return [Array<Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2Object>]
5313
+ attr_accessor :objects
5314
+
5315
+ # Kubernetes [Pods](https://cloud.google.com/kubernetes-engine/docs/concepts/pod)
5316
+ # associated with the finding. This field contains Pod records for each
5317
+ # container that is owned by a Pod.
5318
+ # Corresponds to the JSON property `pods`
5319
+ # @return [Array<Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2Pod>]
5320
+ attr_accessor :pods
5321
+
5322
+ # Provides Kubernetes role information for findings that involve [Roles or
5323
+ # ClusterRoles](https://cloud.google.com/kubernetes-engine/docs/how-to/role-
5324
+ # based-access-control).
5325
+ # Corresponds to the JSON property `roles`
5326
+ # @return [Array<Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2Role>]
5327
+ attr_accessor :roles
5328
+
5329
+ def initialize(**args)
5330
+ update!(**args)
5331
+ end
5332
+
5333
+ # Update properties of this object
5334
+ def update!(**args)
5335
+ @access_reviews = args[:access_reviews] if args.key?(:access_reviews)
5336
+ @bindings = args[:bindings] if args.key?(:bindings)
5337
+ @node_pools = args[:node_pools] if args.key?(:node_pools)
5338
+ @nodes = args[:nodes] if args.key?(:nodes)
5339
+ @objects = args[:objects] if args.key?(:objects)
5340
+ @pods = args[:pods] if args.key?(:pods)
5341
+ @roles = args[:roles] if args.key?(:roles)
5342
+ end
5343
+ end
5344
+
5345
+ # Represents a generic name-value label. A label has separate name and value
5346
+ # fields to support filtering with the `contains()` function. For more
5347
+ # information, see [Filtering on array-type fields](https://cloud.google.com/
5348
+ # security-command-center/docs/how-to-api-list-findings#array-contains-filtering)
5349
+ # .
5350
+ class GoogleCloudSecuritycenterV2Label
5351
+ include Google::Apis::Core::Hashable
5352
+
5353
+ # Name of the label.
5354
+ # Corresponds to the JSON property `name`
5355
+ # @return [String]
5356
+ attr_accessor :name
5357
+
5358
+ # Value that corresponds to the label's name.
5359
+ # Corresponds to the JSON property `value`
5360
+ # @return [String]
5361
+ attr_accessor :value
5362
+
5363
+ def initialize(**args)
5364
+ update!(**args)
5365
+ end
5366
+
5367
+ # Update properties of this object
5368
+ def update!(**args)
5369
+ @name = args[:name] if args.key?(:name)
5370
+ @value = args[:value] if args.key?(:value)
5371
+ end
5372
+ end
5373
+
5374
+ # Contains information related to the load balancer associated with the finding.
5375
+ class GoogleCloudSecuritycenterV2LoadBalancer
5376
+ include Google::Apis::Core::Hashable
5377
+
5378
+ # The name of the load balancer associated with the finding.
5379
+ # Corresponds to the JSON property `name`
5380
+ # @return [String]
5381
+ attr_accessor :name
5382
+
5383
+ def initialize(**args)
5384
+ update!(**args)
5385
+ end
5386
+
5387
+ # Update properties of this object
5388
+ def update!(**args)
5389
+ @name = args[:name] if args.key?(:name)
5390
+ end
5391
+ end
5392
+
5393
+ # An individual entry in a log.
5394
+ class GoogleCloudSecuritycenterV2LogEntry
5395
+ include Google::Apis::Core::Hashable
5396
+
5397
+ # Metadata taken from a [Cloud Logging LogEntry](https://cloud.google.com/
5398
+ # logging/docs/reference/v2/rest/v2/LogEntry)
5399
+ # Corresponds to the JSON property `cloudLoggingEntry`
5400
+ # @return [Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2CloudLoggingEntry]
5401
+ attr_accessor :cloud_logging_entry
5402
+
5403
+ def initialize(**args)
5404
+ update!(**args)
5405
+ end
5406
+
5407
+ # Update properties of this object
5408
+ def update!(**args)
5409
+ @cloud_logging_entry = args[:cloud_logging_entry] if args.key?(:cloud_logging_entry)
5410
+ end
5411
+ end
5412
+
5413
+ # A signature corresponding to memory page hashes.
5414
+ class GoogleCloudSecuritycenterV2MemoryHashSignature
5415
+ include Google::Apis::Core::Hashable
5416
+
5417
+ # The binary family.
5418
+ # Corresponds to the JSON property `binaryFamily`
5419
+ # @return [String]
5420
+ attr_accessor :binary_family
5421
+
5422
+ # The list of memory hash detections contributing to the binary family match.
5423
+ # Corresponds to the JSON property `detections`
5424
+ # @return [Array<Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2Detection>]
5425
+ attr_accessor :detections
5426
+
5427
+ def initialize(**args)
5428
+ update!(**args)
5429
+ end
5430
+
5431
+ # Update properties of this object
5432
+ def update!(**args)
5433
+ @binary_family = args[:binary_family] if args.key?(:binary_family)
5434
+ @detections = args[:detections] if args.key?(:detections)
5435
+ end
5436
+ end
5437
+
5438
+ # MITRE ATT&CK tactics and techniques related to this finding. See: https://
5439
+ # attack.mitre.org
5440
+ class GoogleCloudSecuritycenterV2MitreAttack
5441
+ include Google::Apis::Core::Hashable
5442
+
5443
+ # Additional MITRE ATT&CK tactics related to this finding, if any.
5444
+ # Corresponds to the JSON property `additionalTactics`
5445
+ # @return [Array<String>]
5446
+ attr_accessor :additional_tactics
5447
+
5448
+ # Additional MITRE ATT&CK techniques related to this finding, if any, along with
5449
+ # any of their respective parent techniques.
5450
+ # Corresponds to the JSON property `additionalTechniques`
5451
+ # @return [Array<String>]
5452
+ attr_accessor :additional_techniques
5453
+
5454
+ # The MITRE ATT&CK tactic most closely represented by this finding, if any.
5455
+ # Corresponds to the JSON property `primaryTactic`
5456
+ # @return [String]
5457
+ attr_accessor :primary_tactic
5458
+
5459
+ # The MITRE ATT&CK technique most closely represented by this finding, if any.
5460
+ # primary_techniques is a repeated field because there are multiple levels of
5461
+ # MITRE ATT&CK techniques. If the technique most closely represented by this
5462
+ # finding is a sub-technique (e.g. `SCANNING_IP_BLOCKS`), both the sub-technique
5463
+ # and its parent technique(s) will be listed (e.g. `SCANNING_IP_BLOCKS`, `
5464
+ # ACTIVE_SCANNING`).
5465
+ # Corresponds to the JSON property `primaryTechniques`
5466
+ # @return [Array<String>]
5467
+ attr_accessor :primary_techniques
5468
+
5469
+ # The MITRE ATT&CK version referenced by the above fields. E.g. "8".
5470
+ # Corresponds to the JSON property `version`
5471
+ # @return [String]
5472
+ attr_accessor :version
5473
+
5474
+ def initialize(**args)
5475
+ update!(**args)
5476
+ end
5477
+
5478
+ # Update properties of this object
5479
+ def update!(**args)
5480
+ @additional_tactics = args[:additional_tactics] if args.key?(:additional_tactics)
5481
+ @additional_techniques = args[:additional_techniques] if args.key?(:additional_techniques)
5482
+ @primary_tactic = args[:primary_tactic] if args.key?(:primary_tactic)
5483
+ @primary_techniques = args[:primary_techniques] if args.key?(:primary_techniques)
5484
+ @version = args[:version] if args.key?(:version)
5485
+ end
5486
+ end
5487
+
5488
+ # A mute config is a Cloud SCC resource that contains the configuration to mute
5489
+ # create/update events of findings.
5490
+ class GoogleCloudSecuritycenterV2MuteConfig
5491
+ include Google::Apis::Core::Hashable
5492
+
5493
+ # Output only. The time at which the mute config was created. This field is set
5494
+ # by the server and will be ignored if provided on config creation.
5495
+ # Corresponds to the JSON property `createTime`
5496
+ # @return [String]
5497
+ attr_accessor :create_time
5498
+
5499
+ # A description of the mute config.
5500
+ # Corresponds to the JSON property `description`
5501
+ # @return [String]
5502
+ attr_accessor :description
5503
+
5504
+ # Required. An expression that defines the filter to apply across create/update
5505
+ # events of findings. While creating a filter string, be mindful of the scope in
5506
+ # which the mute configuration is being created. E.g., If a filter contains
5507
+ # project = X but is created under the project = Y scope, it might not match any
5508
+ # findings. The following field and operator combinations are supported: *
5509
+ # severity: `=`, `:` * category: `=`, `:` * resource.name: `=`, `:` * resource.
5510
+ # project_name: `=`, `:` * resource.project_display_name: `=`, `:` * resource.
5511
+ # folders.resource_folder: `=`, `:` * resource.parent_name: `=`, `:` * resource.
5512
+ # parent_display_name: `=`, `:` * resource.type: `=`, `:` * finding_class: `=`, `
5513
+ # :` * indicator.ip_addresses: `=`, `:` * indicator.domains: `=`, `:`
5514
+ # Corresponds to the JSON property `filter`
5515
+ # @return [String]
5516
+ attr_accessor :filter
5517
+
5518
+ # Output only. Email address of the user who last edited the mute config. This
5519
+ # field is set by the server and will be ignored if provided on config creation
5520
+ # or update.
5521
+ # Corresponds to the JSON property `mostRecentEditor`
5522
+ # @return [String]
5523
+ attr_accessor :most_recent_editor
5524
+
5525
+ # This field will be ignored if provided on config creation. The following list
5526
+ # shows some examples of the format: + `organizations/`organization`/muteConfigs/
5527
+ # `mute_config`` + `organizations/`organization`locations/`location`//
5528
+ # muteConfigs/`mute_config`` + `folders/`folder`/muteConfigs/`mute_config`` + `
5529
+ # folders/`folder`/locations/`location`/muteConfigs/`mute_config`` + `projects/`
5530
+ # project`/muteConfigs/`mute_config`` + `projects/`project`/locations/`location`/
5531
+ # muteConfigs/`mute_config``
5532
+ # Corresponds to the JSON property `name`
5533
+ # @return [String]
5534
+ attr_accessor :name
5535
+
5536
+ # Required. The type of the mute config, which determines what type of mute
5537
+ # state the config affects. Immutable after creation.
5538
+ # Corresponds to the JSON property `type`
5539
+ # @return [String]
5540
+ attr_accessor :type
5541
+
5542
+ # Output only. The most recent time at which the mute config was updated. This
5543
+ # field is set by the server and will be ignored if provided on config creation
5544
+ # or update.
5545
+ # Corresponds to the JSON property `updateTime`
5546
+ # @return [String]
5547
+ attr_accessor :update_time
5548
+
5549
+ def initialize(**args)
5550
+ update!(**args)
5551
+ end
5552
+
5553
+ # Update properties of this object
5554
+ def update!(**args)
5555
+ @create_time = args[:create_time] if args.key?(:create_time)
5556
+ @description = args[:description] if args.key?(:description)
5557
+ @filter = args[:filter] if args.key?(:filter)
5558
+ @most_recent_editor = args[:most_recent_editor] if args.key?(:most_recent_editor)
5559
+ @name = args[:name] if args.key?(:name)
5560
+ @type = args[:type] if args.key?(:type)
5561
+ @update_time = args[:update_time] if args.key?(:update_time)
5562
+ end
5563
+ end
5564
+
5565
+ # Kubernetes nodes associated with the finding.
5566
+ class GoogleCloudSecuritycenterV2Node
5567
+ include Google::Apis::Core::Hashable
5568
+
5569
+ # [Full resource name](https://google.aip.dev/122#full-resource-names) of the
5570
+ # Compute Engine VM running the cluster node.
5571
+ # Corresponds to the JSON property `name`
5572
+ # @return [String]
5573
+ attr_accessor :name
5574
+
5575
+ def initialize(**args)
5576
+ update!(**args)
5577
+ end
5578
+
5579
+ # Update properties of this object
5580
+ def update!(**args)
5581
+ @name = args[:name] if args.key?(:name)
5582
+ end
5583
+ end
5584
+
5585
+ # Provides GKE node pool information.
5586
+ class GoogleCloudSecuritycenterV2NodePool
5587
+ include Google::Apis::Core::Hashable
5588
+
5589
+ # Kubernetes node pool name.
5590
+ # Corresponds to the JSON property `name`
5591
+ # @return [String]
5592
+ attr_accessor :name
5593
+
5594
+ # Nodes associated with the finding.
5595
+ # Corresponds to the JSON property `nodes`
5596
+ # @return [Array<Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2Node>]
5597
+ attr_accessor :nodes
5598
+
5599
+ def initialize(**args)
5600
+ update!(**args)
5601
+ end
5602
+
5603
+ # Update properties of this object
5604
+ def update!(**args)
5605
+ @name = args[:name] if args.key?(:name)
5606
+ @nodes = args[:nodes] if args.key?(:nodes)
5607
+ end
5608
+ end
5609
+
5610
+ # Cloud SCC's Notification
5611
+ class GoogleCloudSecuritycenterV2NotificationMessage
5612
+ include Google::Apis::Core::Hashable
5613
+
5614
+ # Security Command Center finding. A finding is a record of assessment data like
5615
+ # security, risk, health, or privacy, that is ingested into Security Command
5616
+ # Center for presentation, notification, analysis, policy testing, and
5617
+ # enforcement. For example, a cross-site scripting (XSS) vulnerability in an App
5618
+ # Engine application is a finding.
5619
+ # Corresponds to the JSON property `finding`
5620
+ # @return [Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2Finding]
5621
+ attr_accessor :finding
5622
+
5623
+ # Name of the notification config that generated current notification.
5624
+ # Corresponds to the JSON property `notificationConfigName`
5625
+ # @return [String]
5626
+ attr_accessor :notification_config_name
5627
+
5628
+ # Information related to the Google Cloud resource.
5629
+ # Corresponds to the JSON property `resource`
5630
+ # @return [Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2Resource]
5631
+ attr_accessor :resource
5632
+
5633
+ def initialize(**args)
5634
+ update!(**args)
5635
+ end
5636
+
5637
+ # Update properties of this object
5638
+ def update!(**args)
5639
+ @finding = args[:finding] if args.key?(:finding)
5640
+ @notification_config_name = args[:notification_config_name] if args.key?(:notification_config_name)
5641
+ @resource = args[:resource] if args.key?(:resource)
5642
+ end
5643
+ end
5644
+
5645
+ # Kubernetes object related to the finding, uniquely identified by GKNN. Used if
5646
+ # the object Kind is not one of Pod, Node, NodePool, Binding, or AccessReview.
5647
+ class GoogleCloudSecuritycenterV2Object
5648
+ include Google::Apis::Core::Hashable
5649
+
5650
+ # Pod containers associated with this finding, if any.
5651
+ # Corresponds to the JSON property `containers`
5652
+ # @return [Array<Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2Container>]
5653
+ attr_accessor :containers
5654
+
5655
+ # Kubernetes object group, such as "policy.k8s.io/v1".
5656
+ # Corresponds to the JSON property `group`
5657
+ # @return [String]
5658
+ attr_accessor :group
5659
+
5660
+ # Kubernetes object kind, such as "Namespace".
5661
+ # Corresponds to the JSON property `kind`
5662
+ # @return [String]
5663
+ attr_accessor :kind
5664
+
5665
+ # Kubernetes object name. For details see https://kubernetes.io/docs/concepts/
5666
+ # overview/working-with-objects/names/.
5667
+ # Corresponds to the JSON property `name`
5668
+ # @return [String]
5669
+ attr_accessor :name
5670
+
5671
+ # Kubernetes object namespace. Must be a valid DNS label. Named "ns" to avoid
5672
+ # collision with C++ namespace keyword. For details see https://kubernetes.io/
5673
+ # docs/tasks/administer-cluster/namespaces/.
5674
+ # Corresponds to the JSON property `ns`
5675
+ # @return [String]
5676
+ attr_accessor :ns
5677
+
5678
+ def initialize(**args)
5679
+ update!(**args)
5680
+ end
5681
+
5682
+ # Update properties of this object
5683
+ def update!(**args)
5684
+ @containers = args[:containers] if args.key?(:containers)
5685
+ @group = args[:group] if args.key?(:group)
5686
+ @kind = args[:kind] if args.key?(:kind)
5687
+ @name = args[:name] if args.key?(:name)
5688
+ @ns = args[:ns] if args.key?(:ns)
5689
+ end
5690
+ end
5691
+
5692
+ # Contains information about the org policies associated with the finding.
5693
+ class GoogleCloudSecuritycenterV2OrgPolicy
5694
+ include Google::Apis::Core::Hashable
5695
+
5696
+ # The resource name of the org policy. Example: "organizations/`organization_id`/
5697
+ # policies/`constraint_name`"
5698
+ # Corresponds to the JSON property `name`
5699
+ # @return [String]
5700
+ attr_accessor :name
5701
+
5702
+ def initialize(**args)
5703
+ update!(**args)
5704
+ end
5705
+
5706
+ # Update properties of this object
5707
+ def update!(**args)
5708
+ @name = args[:name] if args.key?(:name)
5709
+ end
5710
+ end
5711
+
5712
+ # Package is a generic definition of a package.
5713
+ class GoogleCloudSecuritycenterV2Package
5714
+ include Google::Apis::Core::Hashable
5715
+
5716
+ # The CPE URI where the vulnerability was detected.
5717
+ # Corresponds to the JSON property `cpeUri`
5718
+ # @return [String]
5719
+ attr_accessor :cpe_uri
5720
+
5721
+ # The name of the package where the vulnerability was detected.
5722
+ # Corresponds to the JSON property `packageName`
5723
+ # @return [String]
5724
+ attr_accessor :package_name
5725
+
5726
+ # Type of package, for example, os, maven, or go.
5727
+ # Corresponds to the JSON property `packageType`
5728
+ # @return [String]
5729
+ attr_accessor :package_type
5730
+
5731
+ # The version of the package.
5732
+ # Corresponds to the JSON property `packageVersion`
5733
+ # @return [String]
5734
+ attr_accessor :package_version
5735
+
5736
+ def initialize(**args)
5737
+ update!(**args)
5738
+ end
5739
+
5740
+ # Update properties of this object
5741
+ def update!(**args)
5742
+ @cpe_uri = args[:cpe_uri] if args.key?(:cpe_uri)
5743
+ @package_name = args[:package_name] if args.key?(:package_name)
5744
+ @package_type = args[:package_type] if args.key?(:package_type)
5745
+ @package_version = args[:package_version] if args.key?(:package_version)
5746
+ end
5747
+ end
5748
+
5749
+ # A Kubernetes Pod.
5750
+ class GoogleCloudSecuritycenterV2Pod
5751
+ include Google::Apis::Core::Hashable
5752
+
5753
+ # Pod containers associated with this finding, if any.
5754
+ # Corresponds to the JSON property `containers`
5755
+ # @return [Array<Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2Container>]
5756
+ attr_accessor :containers
5757
+
5758
+ # Pod labels. For Kubernetes containers, these are applied to the container.
5759
+ # Corresponds to the JSON property `labels`
5760
+ # @return [Array<Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2Label>]
5761
+ attr_accessor :labels
5762
+
5763
+ # Kubernetes Pod name.
5764
+ # Corresponds to the JSON property `name`
5765
+ # @return [String]
5766
+ attr_accessor :name
5767
+
5768
+ # Kubernetes Pod namespace.
5769
+ # Corresponds to the JSON property `ns`
5770
+ # @return [String]
5771
+ attr_accessor :ns
5772
+
5773
+ def initialize(**args)
5774
+ update!(**args)
5775
+ end
5776
+
5777
+ # Update properties of this object
5778
+ def update!(**args)
5779
+ @containers = args[:containers] if args.key?(:containers)
5780
+ @labels = args[:labels] if args.key?(:labels)
5781
+ @name = args[:name] if args.key?(:name)
5782
+ @ns = args[:ns] if args.key?(:ns)
5783
+ end
5784
+ end
5785
+
5786
+ # The policy field that violates the deployed posture and its expected and
5787
+ # detected values.
5788
+ class GoogleCloudSecuritycenterV2PolicyDriftDetails
5789
+ include Google::Apis::Core::Hashable
5790
+
5791
+ # The detected value that violates the deployed posture, for example, `false` or
5792
+ # `allowed_values=`"projects/22831892”``.
5793
+ # Corresponds to the JSON property `detectedValue`
5794
+ # @return [String]
5795
+ attr_accessor :detected_value
5796
+
5797
+ # The value of this field that was configured in a posture, for example, `true`
5798
+ # or `allowed_values=`"projects/29831892”``.
5799
+ # Corresponds to the JSON property `expectedValue`
5800
+ # @return [String]
5801
+ attr_accessor :expected_value
5802
+
5803
+ # The name of the updated field, for example constraint.implementation.
5804
+ # policy_rules[0].enforce
5805
+ # Corresponds to the JSON property `field`
5806
+ # @return [String]
5807
+ attr_accessor :field
5808
+
5809
+ def initialize(**args)
5810
+ update!(**args)
5811
+ end
5812
+
5813
+ # Update properties of this object
5814
+ def update!(**args)
5815
+ @detected_value = args[:detected_value] if args.key?(:detected_value)
5816
+ @expected_value = args[:expected_value] if args.key?(:expected_value)
5817
+ @field = args[:field] if args.key?(:field)
5818
+ end
5819
+ end
5820
+
5821
+ # Represents an operating system process.
5822
+ class GoogleCloudSecuritycenterV2Process
5823
+ include Google::Apis::Core::Hashable
5824
+
5825
+ # Process arguments as JSON encoded strings.
5826
+ # Corresponds to the JSON property `args`
5827
+ # @return [Array<String>]
5828
+ attr_accessor :args
5829
+
5830
+ # True if `args` is incomplete.
5831
+ # Corresponds to the JSON property `argumentsTruncated`
5832
+ # @return [Boolean]
5833
+ attr_accessor :arguments_truncated
5834
+ alias_method :arguments_truncated?, :arguments_truncated
5835
+
5836
+ # File information about the related binary/library used by an executable, or
5837
+ # the script used by a script interpreter
5838
+ # Corresponds to the JSON property `binary`
5839
+ # @return [Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2File]
5840
+ attr_accessor :binary
5841
+
5842
+ # Process environment variables.
5843
+ # Corresponds to the JSON property `envVariables`
5844
+ # @return [Array<Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2EnvironmentVariable>]
5845
+ attr_accessor :env_variables
5846
+
5847
+ # True if `env_variables` is incomplete.
5848
+ # Corresponds to the JSON property `envVariablesTruncated`
5849
+ # @return [Boolean]
5850
+ attr_accessor :env_variables_truncated
5851
+ alias_method :env_variables_truncated?, :env_variables_truncated
5852
+
5853
+ # File information for libraries loaded by the process.
5854
+ # Corresponds to the JSON property `libraries`
5855
+ # @return [Array<Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2File>]
5856
+ attr_accessor :libraries
5857
+
5858
+ # The process name, as displayed in utilities like `top` and `ps`. This name can
5859
+ # be accessed through `/proc/[pid]/comm` and changed with `prctl(PR_SET_NAME)`.
5860
+ # Corresponds to the JSON property `name`
5861
+ # @return [String]
5862
+ attr_accessor :name
5863
+
5864
+ # The parent process ID.
5865
+ # Corresponds to the JSON property `parentPid`
5866
+ # @return [Fixnum]
5867
+ attr_accessor :parent_pid
5868
+
5869
+ # The process ID.
5870
+ # Corresponds to the JSON property `pid`
5871
+ # @return [Fixnum]
5872
+ attr_accessor :pid
5873
+
5874
+ # File information about the related binary/library used by an executable, or
5875
+ # the script used by a script interpreter
5876
+ # Corresponds to the JSON property `script`
5877
+ # @return [Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2File]
5878
+ attr_accessor :script
5879
+
5880
+ def initialize(**args)
5881
+ update!(**args)
5882
+ end
5883
+
5884
+ # Update properties of this object
5885
+ def update!(**args)
5886
+ @args = args[:args] if args.key?(:args)
5887
+ @arguments_truncated = args[:arguments_truncated] if args.key?(:arguments_truncated)
5888
+ @binary = args[:binary] if args.key?(:binary)
5889
+ @env_variables = args[:env_variables] if args.key?(:env_variables)
5890
+ @env_variables_truncated = args[:env_variables_truncated] if args.key?(:env_variables_truncated)
5891
+ @libraries = args[:libraries] if args.key?(:libraries)
5892
+ @name = args[:name] if args.key?(:name)
5893
+ @parent_pid = args[:parent_pid] if args.key?(:parent_pid)
5894
+ @pid = args[:pid] if args.key?(:pid)
5895
+ @script = args[:script] if args.key?(:script)
5896
+ end
5897
+ end
5898
+
5899
+ # Indicates what signature matched this process.
5900
+ class GoogleCloudSecuritycenterV2ProcessSignature
5901
+ include Google::Apis::Core::Hashable
5902
+
5903
+ # A signature corresponding to memory page hashes.
5904
+ # Corresponds to the JSON property `memoryHashSignature`
5905
+ # @return [Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2MemoryHashSignature]
5906
+ attr_accessor :memory_hash_signature
5907
+
5908
+ # Describes the type of resource associated with the signature.
5909
+ # Corresponds to the JSON property `signatureType`
5910
+ # @return [String]
5911
+ attr_accessor :signature_type
5912
+
5913
+ # A signature corresponding to a YARA rule.
5914
+ # Corresponds to the JSON property `yaraRuleSignature`
5915
+ # @return [Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2YaraRuleSignature]
5916
+ attr_accessor :yara_rule_signature
5917
+
5918
+ def initialize(**args)
5919
+ update!(**args)
5920
+ end
5921
+
5922
+ # Update properties of this object
5923
+ def update!(**args)
5924
+ @memory_hash_signature = args[:memory_hash_signature] if args.key?(:memory_hash_signature)
5925
+ @signature_type = args[:signature_type] if args.key?(:signature_type)
5926
+ @yara_rule_signature = args[:yara_rule_signature] if args.key?(:yara_rule_signature)
5927
+ end
5928
+ end
5929
+
5930
+ # Additional Links
5931
+ class GoogleCloudSecuritycenterV2Reference
5932
+ include Google::Apis::Core::Hashable
5933
+
5934
+ # Source of the reference e.g. NVD
5935
+ # Corresponds to the JSON property `source`
5936
+ # @return [String]
5937
+ attr_accessor :source
5938
+
5939
+ # Uri for the mentioned source e.g. https://cve.mitre.org/cgi-bin/cvename.cgi?
5940
+ # name=CVE-2021-34527.
5941
+ # Corresponds to the JSON property `uri`
5942
+ # @return [String]
5943
+ attr_accessor :uri
5944
+
5945
+ def initialize(**args)
5946
+ update!(**args)
5947
+ end
5948
+
5949
+ # Update properties of this object
5950
+ def update!(**args)
5951
+ @source = args[:source] if args.key?(:source)
5952
+ @uri = args[:uri] if args.key?(:uri)
5953
+ end
5954
+ end
5955
+
5956
+ # Information related to the Google Cloud resource.
5957
+ class GoogleCloudSecuritycenterV2Resource
5958
+ include Google::Apis::Core::Hashable
5959
+
5960
+ # The human readable name of the resource.
5961
+ # Corresponds to the JSON property `displayName`
5962
+ # @return [String]
5963
+ attr_accessor :display_name
5964
+
5965
+ # The full resource name of the resource. See: https://cloud.google.com/apis/
5966
+ # design/resource_names#full_resource_name
5967
+ # Corresponds to the JSON property `name`
5968
+ # @return [String]
5969
+ attr_accessor :name
5970
+
5971
+ # The full resource type of the resource.
5972
+ # Corresponds to the JSON property `type`
5973
+ # @return [String]
5974
+ attr_accessor :type
5975
+
5976
+ def initialize(**args)
5977
+ update!(**args)
5978
+ end
5979
+
5980
+ # Update properties of this object
5981
+ def update!(**args)
5982
+ @display_name = args[:display_name] if args.key?(:display_name)
5983
+ @name = args[:name] if args.key?(:name)
5984
+ @type = args[:type] if args.key?(:type)
5985
+ end
5986
+ end
5987
+
5988
+ # A resource value config (RVC) is a mapping configuration of user's resources
5989
+ # to resource values. Used in Attack path simulations.
5990
+ class GoogleCloudSecuritycenterV2ResourceValueConfig
5991
+ include Google::Apis::Core::Hashable
5992
+
5993
+ # Output only. Timestamp this resource value config was created.
5994
+ # Corresponds to the JSON property `createTime`
5995
+ # @return [String]
5996
+ attr_accessor :create_time
5997
+
5998
+ # Description of the resource value config.
5999
+ # Corresponds to the JSON property `description`
6000
+ # @return [String]
6001
+ attr_accessor :description
6002
+
6003
+ # Name for the resource value config
6004
+ # Corresponds to the JSON property `name`
6005
+ # @return [String]
6006
+ attr_accessor :name
6007
+
6008
+ # List of resource labels to search for, evaluated with AND. E.g. "
6009
+ # resource_labels_selector": `"key": "value", "env": "prod"` will match
6010
+ # resources with labels "key": "value" AND "env": "prod" https://cloud.google.
6011
+ # com/resource-manager/docs/creating-managing-labels
6012
+ # Corresponds to the JSON property `resourceLabelsSelector`
6013
+ # @return [Hash<String,String>]
6014
+ attr_accessor :resource_labels_selector
6015
+
6016
+ # Apply resource_value only to resources that match resource_type. resource_type
6017
+ # will be checked with "AND" of other resources. E.g. "storage.googleapis.com/
6018
+ # Bucket" with resource_value "HIGH" will apply "HIGH" value only to "storage.
6019
+ # googleapis.com/Bucket" resources.
6020
+ # Corresponds to the JSON property `resourceType`
6021
+ # @return [String]
6022
+ attr_accessor :resource_type
6023
+
6024
+ # Resource value level this expression represents Only required when there is no
6025
+ # SDP mapping in the request
6026
+ # Corresponds to the JSON property `resourceValue`
6027
+ # @return [String]
6028
+ attr_accessor :resource_value
6029
+
6030
+ # Project or folder to scope this config to. For example, "project/456" would
6031
+ # apply this config only to resources in "project/456" scope will be checked
6032
+ # with "AND" of other resources.
6033
+ # Corresponds to the JSON property `scope`
6034
+ # @return [String]
6035
+ attr_accessor :scope
6036
+
6037
+ # Resource value mapping for Sensitive Data Protection findings If any of these
6038
+ # mappings have a resource value that is not unspecified, the resource_value
6039
+ # field will be ignored when reading this configuration.
6040
+ # Corresponds to the JSON property `sensitiveDataProtectionMapping`
6041
+ # @return [Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2SensitiveDataProtectionMapping]
6042
+ attr_accessor :sensitive_data_protection_mapping
6043
+
6044
+ # Required. Tag values combined with AND to check against. Values in the form "
6045
+ # tagValues/123" E.g. [ "tagValues/123", "tagValues/456", "tagValues/789" ]
6046
+ # https://cloud.google.com/resource-manager/docs/tags/tags-creating-and-managing
6047
+ # Corresponds to the JSON property `tagValues`
6048
+ # @return [Array<String>]
6049
+ attr_accessor :tag_values
6050
+
6051
+ # Output only. Timestamp this resource value config was last updated.
6052
+ # Corresponds to the JSON property `updateTime`
6053
+ # @return [String]
6054
+ attr_accessor :update_time
6055
+
6056
+ def initialize(**args)
6057
+ update!(**args)
6058
+ end
6059
+
6060
+ # Update properties of this object
6061
+ def update!(**args)
6062
+ @create_time = args[:create_time] if args.key?(:create_time)
6063
+ @description = args[:description] if args.key?(:description)
6064
+ @name = args[:name] if args.key?(:name)
6065
+ @resource_labels_selector = args[:resource_labels_selector] if args.key?(:resource_labels_selector)
6066
+ @resource_type = args[:resource_type] if args.key?(:resource_type)
6067
+ @resource_value = args[:resource_value] if args.key?(:resource_value)
6068
+ @scope = args[:scope] if args.key?(:scope)
6069
+ @sensitive_data_protection_mapping = args[:sensitive_data_protection_mapping] if args.key?(:sensitive_data_protection_mapping)
6070
+ @tag_values = args[:tag_values] if args.key?(:tag_values)
6071
+ @update_time = args[:update_time] if args.key?(:update_time)
6072
+ end
6073
+ end
6074
+
6075
+ # Kubernetes Role or ClusterRole.
6076
+ class GoogleCloudSecuritycenterV2Role
6077
+ include Google::Apis::Core::Hashable
6078
+
6079
+ # Role type.
6080
+ # Corresponds to the JSON property `kind`
6081
+ # @return [String]
6082
+ attr_accessor :kind
6083
+
6084
+ # Role name.
6085
+ # Corresponds to the JSON property `name`
6086
+ # @return [String]
6087
+ attr_accessor :name
6088
+
6089
+ # Role namespace.
6090
+ # Corresponds to the JSON property `ns`
6091
+ # @return [String]
6092
+ attr_accessor :ns
6093
+
6094
+ def initialize(**args)
6095
+ update!(**args)
6096
+ end
6097
+
6098
+ # Update properties of this object
6099
+ def update!(**args)
6100
+ @kind = args[:kind] if args.key?(:kind)
6101
+ @name = args[:name] if args.key?(:name)
6102
+ @ns = args[:ns] if args.key?(:ns)
6103
+ end
6104
+ end
6105
+
6106
+ # SecurityBulletin are notifications of vulnerabilities of Google products.
6107
+ class GoogleCloudSecuritycenterV2SecurityBulletin
6108
+ include Google::Apis::Core::Hashable
6109
+
6110
+ # ID of the bulletin corresponding to the vulnerability.
6111
+ # Corresponds to the JSON property `bulletinId`
6112
+ # @return [String]
6113
+ attr_accessor :bulletin_id
6114
+
6115
+ # Submission time of this Security Bulletin.
6116
+ # Corresponds to the JSON property `submissionTime`
6117
+ # @return [String]
6118
+ attr_accessor :submission_time
6119
+
6120
+ # This represents a version that the cluster receiving this notification should
6121
+ # be upgraded to, based on its current version. For example, 1.15.0
6122
+ # Corresponds to the JSON property `suggestedUpgradeVersion`
6123
+ # @return [String]
6124
+ attr_accessor :suggested_upgrade_version
6125
+
6126
+ def initialize(**args)
6127
+ update!(**args)
6128
+ end
6129
+
6130
+ # Update properties of this object
6131
+ def update!(**args)
6132
+ @bulletin_id = args[:bulletin_id] if args.key?(:bulletin_id)
6133
+ @submission_time = args[:submission_time] if args.key?(:submission_time)
6134
+ @suggested_upgrade_version = args[:suggested_upgrade_version] if args.key?(:suggested_upgrade_version)
6135
+ end
6136
+ end
6137
+
6138
+ # User specified security marks that are attached to the parent Security Command
6139
+ # Center resource. Security marks are scoped within a Security Command Center
6140
+ # organization -- they can be modified and viewed by all users who have proper
6141
+ # permissions on the organization.
6142
+ class GoogleCloudSecuritycenterV2SecurityMarks
6143
+ include Google::Apis::Core::Hashable
6144
+
6145
+ # The canonical name of the marks. The following list shows some examples: + `
6146
+ # organizations/`organization_id`/assets/`asset_id`/securityMarks" + `
6147
+ # organizations/`organization_id`/sources/`source_id`/findings/`finding_id`/
6148
+ # securityMarks" + `organizations/`organization_id`/sources/`source_id`/
6149
+ # locations/`location`/findings/`finding_id`/securityMarks" + `folders/`
6150
+ # folder_id`/assets/`asset_id`/securityMarks" + `folders/`folder_id`/sources/`
6151
+ # source_id`/findings/`finding_id`/securityMarks" + `folders/`folder_id`/sources/
6152
+ # `source_id`/locations/`location`/findings/`finding_id`/securityMarks" + `
6153
+ # projects/`project_number`/assets/`asset_id`/securityMarks" + `projects/`
6154
+ # project_number`/sources/`source_id`/findings/`finding_id`/securityMarks" + `
6155
+ # projects/`project_number`/sources/`source_id`/locations/`location`/findings/`
6156
+ # finding_id`/securityMarks"
6157
+ # Corresponds to the JSON property `canonicalName`
6158
+ # @return [String]
6159
+ attr_accessor :canonical_name
6160
+
6161
+ # Mutable user specified security marks belonging to the parent resource.
6162
+ # Constraints are as follows: * Keys and values are treated as case insensitive *
6163
+ # Keys must be between 1 - 256 characters (inclusive) * Keys must be letters,
6164
+ # numbers, underscores, or dashes * Values have leading and trailing whitespace
6165
+ # trimmed, remaining characters must be between 1 - 4096 characters (inclusive)
6166
+ # Corresponds to the JSON property `marks`
6167
+ # @return [Hash<String,String>]
6168
+ attr_accessor :marks
6169
+
6170
+ # The relative resource name of the SecurityMarks. See: https://cloud.google.com/
6171
+ # apis/design/resource_names#relative_resource_name The following list shows
6172
+ # some examples: + `organizations/`organization_id`/assets/`asset_id`/
6173
+ # securityMarks` + `organizations/`organization_id`/sources/`source_id`/findings/
6174
+ # `finding_id`/securityMarks` + `organizations/`organization_id`/sources/`
6175
+ # source_id`/locations/`location`/findings/`finding_id`/securityMarks`
6176
+ # Corresponds to the JSON property `name`
6177
+ # @return [String]
6178
+ attr_accessor :name
6179
+
6180
+ def initialize(**args)
6181
+ update!(**args)
6182
+ end
6183
+
6184
+ # Update properties of this object
6185
+ def update!(**args)
6186
+ @canonical_name = args[:canonical_name] if args.key?(:canonical_name)
6187
+ @marks = args[:marks] if args.key?(:marks)
6188
+ @name = args[:name] if args.key?(:name)
6189
+ end
6190
+ end
6191
+
6192
+ # Represents a posture that is deployed on Google Cloud by the Security Command
6193
+ # Center Posture Management service. A posture contains one or more policy sets.
6194
+ # A policy set is a group of policies that enforce a set of security rules on
6195
+ # Google Cloud.
6196
+ class GoogleCloudSecuritycenterV2SecurityPosture
6197
+ include Google::Apis::Core::Hashable
6198
+
6199
+ # The name of the updated policy, for example, `projects/`project_id`/policies/`
6200
+ # constraint_name``.
6201
+ # Corresponds to the JSON property `changedPolicy`
6202
+ # @return [String]
6203
+ attr_accessor :changed_policy
6204
+
6205
+ # Name of the posture, for example, `CIS-Posture`.
6206
+ # Corresponds to the JSON property `name`
6207
+ # @return [String]
6208
+ attr_accessor :name
6209
+
6210
+ # The ID of the updated policy, for example, `compute-policy-1`.
6211
+ # Corresponds to the JSON property `policy`
6212
+ # @return [String]
6213
+ attr_accessor :policy
6214
+
6215
+ # The details about a change in an updated policy that violates the deployed
6216
+ # posture.
6217
+ # Corresponds to the JSON property `policyDriftDetails`
6218
+ # @return [Array<Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2PolicyDriftDetails>]
6219
+ attr_accessor :policy_drift_details
6220
+
6221
+ # The name of the updated policy set, for example, `cis-policyset`.
6222
+ # Corresponds to the JSON property `policySet`
6223
+ # @return [String]
6224
+ attr_accessor :policy_set
6225
+
6226
+ # The name of the posture deployment, for example, `organizations/`org_id`/
6227
+ # posturedeployments/`posture_deployment_id``.
6228
+ # Corresponds to the JSON property `postureDeployment`
6229
+ # @return [String]
6230
+ attr_accessor :posture_deployment
6231
+
6232
+ # The project, folder, or organization on which the posture is deployed, for
6233
+ # example, `projects/`project_number``.
6234
+ # Corresponds to the JSON property `postureDeploymentResource`
6235
+ # @return [String]
6236
+ attr_accessor :posture_deployment_resource
6237
+
6238
+ # The version of the posture, for example, `c7cfa2a8`.
6239
+ # Corresponds to the JSON property `revisionId`
6240
+ # @return [String]
6241
+ attr_accessor :revision_id
6242
+
6243
+ def initialize(**args)
6244
+ update!(**args)
6245
+ end
6246
+
6247
+ # Update properties of this object
6248
+ def update!(**args)
6249
+ @changed_policy = args[:changed_policy] if args.key?(:changed_policy)
6250
+ @name = args[:name] if args.key?(:name)
6251
+ @policy = args[:policy] if args.key?(:policy)
6252
+ @policy_drift_details = args[:policy_drift_details] if args.key?(:policy_drift_details)
6253
+ @policy_set = args[:policy_set] if args.key?(:policy_set)
6254
+ @posture_deployment = args[:posture_deployment] if args.key?(:posture_deployment)
6255
+ @posture_deployment_resource = args[:posture_deployment_resource] if args.key?(:posture_deployment_resource)
6256
+ @revision_id = args[:revision_id] if args.key?(:revision_id)
6257
+ end
6258
+ end
6259
+
6260
+ # Resource value mapping for Sensitive Data Protection findings If any of these
6261
+ # mappings have a resource value that is not unspecified, the resource_value
6262
+ # field will be ignored when reading this configuration.
6263
+ class GoogleCloudSecuritycenterV2SensitiveDataProtectionMapping
6264
+ include Google::Apis::Core::Hashable
6265
+
6266
+ # Resource value mapping for high-sensitivity Sensitive Data Protection findings
6267
+ # Corresponds to the JSON property `highSensitivityMapping`
6268
+ # @return [String]
6269
+ attr_accessor :high_sensitivity_mapping
6270
+
6271
+ # Resource value mapping for medium-sensitivity Sensitive Data Protection
6272
+ # findings
6273
+ # Corresponds to the JSON property `mediumSensitivityMapping`
6274
+ # @return [String]
6275
+ attr_accessor :medium_sensitivity_mapping
6276
+
6277
+ def initialize(**args)
6278
+ update!(**args)
6279
+ end
6280
+
6281
+ # Update properties of this object
6282
+ def update!(**args)
6283
+ @high_sensitivity_mapping = args[:high_sensitivity_mapping] if args.key?(:high_sensitivity_mapping)
6284
+ @medium_sensitivity_mapping = args[:medium_sensitivity_mapping] if args.key?(:medium_sensitivity_mapping)
6285
+ end
6286
+ end
6287
+
6288
+ # Identity delegation history of an authenticated service account.
6289
+ class GoogleCloudSecuritycenterV2ServiceAccountDelegationInfo
6290
+ include Google::Apis::Core::Hashable
6291
+
6292
+ # The email address of a Google account.
6293
+ # Corresponds to the JSON property `principalEmail`
6294
+ # @return [String]
6295
+ attr_accessor :principal_email
6296
+
6297
+ # A string representing the principal_subject associated with the identity. As
6298
+ # compared to `principal_email`, supports principals that aren't associated with
6299
+ # email addresses, such as third party principals. For most identities, the
6300
+ # format will be `principal://iam.googleapis.com/`identity pool name`/subjects/`
6301
+ # subject`` except for some GKE identities (GKE_WORKLOAD, FREEFORM,
6302
+ # GKE_HUB_WORKLOAD) that are still in the legacy format `serviceAccount:`
6303
+ # identity pool name`[`subject`]`
6304
+ # Corresponds to the JSON property `principalSubject`
6305
+ # @return [String]
6306
+ attr_accessor :principal_subject
6307
+
6308
+ def initialize(**args)
6309
+ update!(**args)
6310
+ end
6311
+
6312
+ # Update properties of this object
6313
+ def update!(**args)
6314
+ @principal_email = args[:principal_email] if args.key?(:principal_email)
6315
+ @principal_subject = args[:principal_subject] if args.key?(:principal_subject)
6316
+ end
6317
+ end
6318
+
6319
+ # Represents a Kubernetes subject.
6320
+ class GoogleCloudSecuritycenterV2Subject
6321
+ include Google::Apis::Core::Hashable
6322
+
6323
+ # Authentication type for the subject.
6324
+ # Corresponds to the JSON property `kind`
6325
+ # @return [String]
6326
+ attr_accessor :kind
6327
+
6328
+ # Name for the subject.
6329
+ # Corresponds to the JSON property `name`
6330
+ # @return [String]
6331
+ attr_accessor :name
6332
+
6333
+ # Namespace for the subject.
6334
+ # Corresponds to the JSON property `ns`
6335
+ # @return [String]
6336
+ attr_accessor :ns
6337
+
6338
+ def initialize(**args)
6339
+ update!(**args)
6340
+ end
6341
+
6342
+ # Update properties of this object
6343
+ def update!(**args)
6344
+ @kind = args[:kind] if args.key?(:kind)
6345
+ @name = args[:name] if args.key?(:name)
6346
+ @ns = args[:ns] if args.key?(:ns)
6347
+ end
6348
+ end
6349
+
6350
+ # Information about the ticket, if any, that is being used to track the
6351
+ # resolution of the issue that is identified by this finding.
6352
+ class GoogleCloudSecuritycenterV2TicketInfo
6353
+ include Google::Apis::Core::Hashable
6354
+
6355
+ # The assignee of the ticket in the ticket system.
6356
+ # Corresponds to the JSON property `assignee`
6357
+ # @return [String]
6358
+ attr_accessor :assignee
6359
+
6360
+ # The description of the ticket in the ticket system.
6361
+ # Corresponds to the JSON property `description`
6362
+ # @return [String]
6363
+ attr_accessor :description
6364
+
6365
+ # The identifier of the ticket in the ticket system.
6366
+ # Corresponds to the JSON property `id`
6367
+ # @return [String]
6368
+ attr_accessor :id
6369
+
6370
+ # The latest status of the ticket, as reported by the ticket system.
6371
+ # Corresponds to the JSON property `status`
6372
+ # @return [String]
6373
+ attr_accessor :status
6374
+
6375
+ # The time when the ticket was last updated, as reported by the ticket system.
6376
+ # Corresponds to the JSON property `updateTime`
6377
+ # @return [String]
6378
+ attr_accessor :update_time
6379
+
6380
+ # The link to the ticket in the ticket system.
6381
+ # Corresponds to the JSON property `uri`
6382
+ # @return [String]
6383
+ attr_accessor :uri
6384
+
6385
+ def initialize(**args)
6386
+ update!(**args)
6387
+ end
6388
+
6389
+ # Update properties of this object
6390
+ def update!(**args)
6391
+ @assignee = args[:assignee] if args.key?(:assignee)
6392
+ @description = args[:description] if args.key?(:description)
6393
+ @id = args[:id] if args.key?(:id)
6394
+ @status = args[:status] if args.key?(:status)
6395
+ @update_time = args[:update_time] if args.key?(:update_time)
6396
+ @uri = args[:uri] if args.key?(:uri)
6397
+ end
6398
+ end
6399
+
6400
+ # Refers to common vulnerability fields e.g. cve, cvss, cwe etc.
6401
+ class GoogleCloudSecuritycenterV2Vulnerability
6402
+ include Google::Apis::Core::Hashable
6403
+
6404
+ # CVE stands for Common Vulnerabilities and Exposures. Information from the [CVE
6405
+ # record](https://www.cve.org/ResourcesSupport/Glossary) that describes this
6406
+ # vulnerability.
6407
+ # Corresponds to the JSON property `cve`
6408
+ # @return [Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2Cve]
6409
+ attr_accessor :cve
6410
+
6411
+ # Package is a generic definition of a package.
6412
+ # Corresponds to the JSON property `fixedPackage`
6413
+ # @return [Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2Package]
6414
+ attr_accessor :fixed_package
6415
+
6416
+ # Package is a generic definition of a package.
6417
+ # Corresponds to the JSON property `offendingPackage`
6418
+ # @return [Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2Package]
6419
+ attr_accessor :offending_package
6420
+
6421
+ # SecurityBulletin are notifications of vulnerabilities of Google products.
6422
+ # Corresponds to the JSON property `securityBulletin`
6423
+ # @return [Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2SecurityBulletin]
6424
+ attr_accessor :security_bulletin
6425
+
6426
+ def initialize(**args)
6427
+ update!(**args)
6428
+ end
6429
+
6430
+ # Update properties of this object
6431
+ def update!(**args)
6432
+ @cve = args[:cve] if args.key?(:cve)
6433
+ @fixed_package = args[:fixed_package] if args.key?(:fixed_package)
6434
+ @offending_package = args[:offending_package] if args.key?(:offending_package)
6435
+ @security_bulletin = args[:security_bulletin] if args.key?(:security_bulletin)
6436
+ end
6437
+ end
6438
+
6439
+ # A signature corresponding to a YARA rule.
6440
+ class GoogleCloudSecuritycenterV2YaraRuleSignature
6441
+ include Google::Apis::Core::Hashable
6442
+
6443
+ # The name of the YARA rule.
6444
+ # Corresponds to the JSON property `yaraRule`
6445
+ # @return [String]
6446
+ attr_accessor :yara_rule
6447
+
6448
+ def initialize(**args)
6449
+ update!(**args)
6450
+ end
6451
+
6452
+ # Update properties of this object
6453
+ def update!(**args)
6454
+ @yara_rule = args[:yara_rule] if args.key?(:yara_rule)
6455
+ end
6456
+ end
6457
+
3406
6458
  # Request message for grouping by assets.
3407
6459
  class GroupAssetsRequest
3408
6460
  include Google::Apis::Core::Hashable