google-apis-securitycenter_v1beta1 0.71.0 → 0.72.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +4 -0
  3. data/lib/google/apis/securitycenter_v1beta1/classes.rb +3052 -0
  4. data/lib/google/apis/securitycenter_v1beta1/gem_version.rb +2 -2
  5. data/lib/google/apis/securitycenter_v1beta1/representations.rb +1546 -427
  6. metadata +3 -3
data/lib/google/apis/securitycenter_v1beta1/classes.rb CHANGED
@@ -789,6 +789,68 @@ module Google
789
789
  end
790
790
  end
791
791
 
792
+ # Result containing the properties and count of a ComplianceSnapshot request.
793
+ class ComplianceSnapshot
794
+ include Google::Apis::Core::Hashable
795
+
796
+ # The category of Findings matching.
797
+ # Corresponds to the JSON property `category`
798
+ # @return [String]
799
+ attr_accessor :category
800
+
801
+ # The compliance standard (ie CIS).
802
+ # Corresponds to the JSON property `complianceStandard`
803
+ # @return [String]
804
+ attr_accessor :compliance_standard
805
+
806
+ # The compliance version (ie 1.3) in CIS 1.3.
807
+ # Corresponds to the JSON property `complianceVersion`
808
+ # @return [String]
809
+ attr_accessor :compliance_version
810
+
811
+ # Total count of findings for the given properties.
812
+ # Corresponds to the JSON property `count`
813
+ # @return [Fixnum]
814
+ attr_accessor :count
815
+
816
+ # The leaf container resource name that is closest to the snapshot.
817
+ # Corresponds to the JSON property `leafContainerResource`
818
+ # @return [String]
819
+ attr_accessor :leaf_container_resource
820
+
821
+ # The compliance snapshot name. Format: //sources//complianceSnapshots/
822
+ # Corresponds to the JSON property `name`
823
+ # @return [String]
824
+ attr_accessor :name
825
+
826
+ # The CRM resource display name that is closest to the snapshot the Findings
827
+ # belong to.
828
+ # Corresponds to the JSON property `projectDisplayName`
829
+ # @return [String]
830
+ attr_accessor :project_display_name
831
+
832
+ # The snapshot time of the snapshot.
833
+ # Corresponds to the JSON property `snapshotTime`
834
+ # @return [String]
835
+ attr_accessor :snapshot_time
836
+
837
+ def initialize(**args)
838
+ update!(**args)
839
+ end
840
+
841
+ # Update properties of this object
842
+ def update!(**args)
843
+ @category = args[:category] if args.key?(:category)
844
+ @compliance_standard = args[:compliance_standard] if args.key?(:compliance_standard)
845
+ @compliance_version = args[:compliance_version] if args.key?(:compliance_version)
846
+ @count = args[:count] if args.key?(:count)
847
+ @leaf_container_resource = args[:leaf_container_resource] if args.key?(:leaf_container_resource)
848
+ @name = args[:name] if args.key?(:name)
849
+ @project_display_name = args[:project_display_name] if args.key?(:project_display_name)
850
+ @snapshot_time = args[:snapshot_time] if args.key?(:snapshot_time)
851
+ end
852
+ end
853
+
792
854
  # Contains information about the IP connection associated with the finding.
793
855
  class Connection
794
856
  include Google::Apis::Core::Hashable
@@ -927,11 +989,27 @@ module Google
927
989
  # @return [Google::Apis::SecuritycenterV1beta1::Cvssv3]
928
990
  attr_accessor :cvssv3
929
991
 
992
+ # The exploitation activity of the vulnerability in the wild.
993
+ # Corresponds to the JSON property `exploitationActivity`
994
+ # @return [String]
995
+ attr_accessor :exploitation_activity
996
+
930
997
  # The unique identifier for the vulnerability. e.g. CVE-2021-34527
931
998
  # Corresponds to the JSON property `id`
932
999
  # @return [String]
933
1000
  attr_accessor :id
934
1001
 
1002
+ # The potential impact of the vulnerability if it was to be exploited.
1003
+ # Corresponds to the JSON property `impact`
1004
+ # @return [String]
1005
+ attr_accessor :impact
1006
+
1007
+ # Whether or not the vulnerability has been observed in the wild.
1008
+ # Corresponds to the JSON property `observedInTheWild`
1009
+ # @return [Boolean]
1010
+ attr_accessor :observed_in_the_wild
1011
+ alias_method :observed_in_the_wild?, :observed_in_the_wild
1012
+
935
1013
  # Additional information about the CVE. e.g. https://cve.mitre.org/cgi-bin/
936
1014
  # cvename.cgi?name=CVE-2021-34527
937
1015
  # Corresponds to the JSON property `references`
@@ -944,6 +1022,12 @@ module Google
944
1022
  attr_accessor :upstream_fix_available
945
1023
  alias_method :upstream_fix_available?, :upstream_fix_available
946
1024
 
1025
+ # Whether or not the vulnerability was zero day when the finding was published.
1026
+ # Corresponds to the JSON property `zeroDay`
1027
+ # @return [Boolean]
1028
+ attr_accessor :zero_day
1029
+ alias_method :zero_day?, :zero_day
1030
+
947
1031
  def initialize(**args)
948
1032
  update!(**args)
949
1033
  end
@@ -951,9 +1035,13 @@ module Google
951
1035
  # Update properties of this object
952
1036
  def update!(**args)
953
1037
  @cvssv3 = args[:cvssv3] if args.key?(:cvssv3)
1038
+ @exploitation_activity = args[:exploitation_activity] if args.key?(:exploitation_activity)
954
1039
  @id = args[:id] if args.key?(:id)
1040
+ @impact = args[:impact] if args.key?(:impact)
1041
+ @observed_in_the_wild = args[:observed_in_the_wild] if args.key?(:observed_in_the_wild)
955
1042
  @references = args[:references] if args.key?(:references)
956
1043
  @upstream_fix_available = args[:upstream_fix_available] if args.key?(:upstream_fix_available)
1044
+ @zero_day = args[:zero_day] if args.key?(:zero_day)
957
1045
  end
958
1046
  end
959
1047
 
@@ -3073,6 +3161,2970 @@ module Google
3073
3161
  end
3074
3162
  end
3075
3163
 
3164
+ # Represents an access event.
3165
+ class GoogleCloudSecuritycenterV2Access
3166
+ include Google::Apis::Core::Hashable
3167
+
3168
+ # Caller's IP address, such as "1.1.1.1".
3169
+ # Corresponds to the JSON property `callerIp`
3170
+ # @return [String]
3171
+ attr_accessor :caller_ip
3172
+
3173
+ # Represents a geographical location for a given access.
3174
+ # Corresponds to the JSON property `callerIpGeo`
3175
+ # @return [Google::Apis::SecuritycenterV1beta1::GoogleCloudSecuritycenterV2Geolocation]
3176
+ attr_accessor :caller_ip_geo
3177
+
3178
+ # The method that the service account called, e.g. "SetIamPolicy".
3179
+ # Corresponds to the JSON property `methodName`
3180
+ # @return [String]
3181
+ attr_accessor :method_name
3182
+
3183
+ # Associated email, such as "foo@google.com". The email address of the
3184
+ # authenticated user or a service account acting on behalf of a third party
3185
+ # principal making the request. For third party identity callers, the `
3186
+ # principal_subject` field is populated instead of this field. For privacy
3187
+ # reasons, the principal email address is sometimes redacted. For more
3188
+ # information, see [Caller identities in audit logs](https://cloud.google.com/
3189
+ # logging/docs/audit#user-id).
3190
+ # Corresponds to the JSON property `principalEmail`
3191
+ # @return [String]
3192
+ attr_accessor :principal_email
3193
+
3194
+ # A string that represents the principal_subject that is associated with the
3195
+ # identity. Unlike `principal_email`, `principal_subject` supports principals
3196
+ # that aren't associated with email addresses, such as third party principals.
3197
+ # For most identities, the format is `principal://iam.googleapis.com/`identity
3198
+ # pool name`/subject/`subject``. Some GKE identities, such as GKE_WORKLOAD,
3199
+ # FREEFORM, and GKE_HUB_WORKLOAD, still use the legacy format `serviceAccount:`
3200
+ # identity pool name`[`subject`]`.
3201
+ # Corresponds to the JSON property `principalSubject`
3202
+ # @return [String]
3203
+ attr_accessor :principal_subject
3204
+
3205
+ # The identity delegation history of an authenticated service account that made
3206
+ # the request. The `serviceAccountDelegationInfo[]` object contains information
3207
+ # about the real authorities that try to access Google Cloud resources by
3208
+ # delegating on a service account. When multiple authorities are present, they
3209
+ # are guaranteed to be sorted based on the original ordering of the identity
3210
+ # delegation events.
3211
+ # Corresponds to the JSON property `serviceAccountDelegationInfo`
3212
+ # @return [Array<Google::Apis::SecuritycenterV1beta1::GoogleCloudSecuritycenterV2ServiceAccountDelegationInfo>]
3213
+ attr_accessor :service_account_delegation_info
3214
+
3215
+ # The name of the service account key that was used to create or exchange
3216
+ # credentials when authenticating the service account that made the request.
3217
+ # This is a scheme-less URI full resource name. For example: "//iam.googleapis.
3218
+ # com/projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT`/keys/`key`".
3219
+ # Corresponds to the JSON property `serviceAccountKeyName`
3220
+ # @return [String]
3221
+ attr_accessor :service_account_key_name
3222
+
3223
+ # This is the API service that the service account made a call to, e.g. "iam.
3224
+ # googleapis.com"
3225
+ # Corresponds to the JSON property `serviceName`
3226
+ # @return [String]
3227
+ attr_accessor :service_name
3228
+
3229
+ # The caller's user agent string associated with the finding.
3230
+ # Corresponds to the JSON property `userAgent`
3231
+ # @return [String]
3232
+ attr_accessor :user_agent
3233
+
3234
+ # Type of user agent associated with the finding. For example, an operating
3235
+ # system shell or an embedded or standalone application.
3236
+ # Corresponds to the JSON property `userAgentFamily`
3237
+ # @return [String]
3238
+ attr_accessor :user_agent_family
3239
+
3240
+ # A string that represents a username. The username provided depends on the type
3241
+ # of the finding and is likely not an IAM principal. For example, this can be a
3242
+ # system username if the finding is related to a virtual machine, or it can be
3243
+ # an application login username.
3244
+ # Corresponds to the JSON property `userName`
3245
+ # @return [String]
3246
+ attr_accessor :user_name
3247
+
3248
+ def initialize(**args)
3249
+ update!(**args)
3250
+ end
3251
+
3252
+ # Update properties of this object
3253
+ def update!(**args)
3254
+ @caller_ip = args[:caller_ip] if args.key?(:caller_ip)
3255
+ @caller_ip_geo = args[:caller_ip_geo] if args.key?(:caller_ip_geo)
3256
+ @method_name = args[:method_name] if args.key?(:method_name)
3257
+ @principal_email = args[:principal_email] if args.key?(:principal_email)
3258
+ @principal_subject = args[:principal_subject] if args.key?(:principal_subject)
3259
+ @service_account_delegation_info = args[:service_account_delegation_info] if args.key?(:service_account_delegation_info)
3260
+ @service_account_key_name = args[:service_account_key_name] if args.key?(:service_account_key_name)
3261
+ @service_name = args[:service_name] if args.key?(:service_name)
3262
+ @user_agent = args[:user_agent] if args.key?(:user_agent)
3263
+ @user_agent_family = args[:user_agent_family] if args.key?(:user_agent_family)
3264
+ @user_name = args[:user_name] if args.key?(:user_name)
3265
+ end
3266
+ end
3267
+
3268
+ # Conveys information about a Kubernetes access review (such as one returned by
3269
+ # a [`kubectl auth can-i`](https://kubernetes.io/docs/reference/access-authn-
3270
+ # authz/authorization/#checking-api-access) command) that was involved in a
3271
+ # finding.
3272
+ class GoogleCloudSecuritycenterV2AccessReview
3273
+ include Google::Apis::Core::Hashable
3274
+
3275
+ # The API group of the resource. "*" means all.
3276
+ # Corresponds to the JSON property `group`
3277
+ # @return [String]
3278
+ attr_accessor :group
3279
+
3280
+ # The name of the resource being requested. Empty means all.
3281
+ # Corresponds to the JSON property `name`
3282
+ # @return [String]
3283
+ attr_accessor :name
3284
+
3285
+ # Namespace of the action being requested. Currently, there is no distinction
3286
+ # between no namespace and all namespaces. Both are represented by "" (empty).
3287
+ # Corresponds to the JSON property `ns`
3288
+ # @return [String]
3289
+ attr_accessor :ns
3290
+
3291
+ # The optional resource type requested. "*" means all.
3292
+ # Corresponds to the JSON property `resource`
3293
+ # @return [String]
3294
+ attr_accessor :resource
3295
+
3296
+ # The optional subresource type.
3297
+ # Corresponds to the JSON property `subresource`
3298
+ # @return [String]
3299
+ attr_accessor :subresource
3300
+
3301
+ # A Kubernetes resource API verb, like get, list, watch, create, update, delete,
3302
+ # proxy. "*" means all.
3303
+ # Corresponds to the JSON property `verb`
3304
+ # @return [String]
3305
+ attr_accessor :verb
3306
+
3307
+ # The API version of the resource. "*" means all.
3308
+ # Corresponds to the JSON property `version`
3309
+ # @return [String]
3310
+ attr_accessor :version
3311
+
3312
+ def initialize(**args)
3313
+ update!(**args)
3314
+ end
3315
+
3316
+ # Update properties of this object
3317
+ def update!(**args)
3318
+ @group = args[:group] if args.key?(:group)
3319
+ @name = args[:name] if args.key?(:name)
3320
+ @ns = args[:ns] if args.key?(:ns)
3321
+ @resource = args[:resource] if args.key?(:resource)
3322
+ @subresource = args[:subresource] if args.key?(:subresource)
3323
+ @verb = args[:verb] if args.key?(:verb)
3324
+ @version = args[:version] if args.key?(:version)
3325
+ end
3326
+ end
3327
+
3328
+ # Represents an application associated with a finding.
3329
+ class GoogleCloudSecuritycenterV2Application
3330
+ include Google::Apis::Core::Hashable
3331
+
3332
+ # The base URI that identifies the network location of the application in which
3333
+ # the vulnerability was detected. Examples: http://11.22.33.44, http://foo.com,
3334
+ # http://11.22.33.44:8080
3335
+ # Corresponds to the JSON property `baseUri`
3336
+ # @return [String]
3337
+ attr_accessor :base_uri
3338
+
3339
+ # The full URI with payload that could be used to reproduce the vulnerability.
3340
+ # Example: http://11.22.33.44/reflected/parameter/attribute/singlequoted/js?p=
3341
+ # aMmYgI6H
3342
+ # Corresponds to the JSON property `fullUri`
3343
+ # @return [String]
3344
+ attr_accessor :full_uri
3345
+
3346
+ def initialize(**args)
3347
+ update!(**args)
3348
+ end
3349
+
3350
+ # Update properties of this object
3351
+ def update!(**args)
3352
+ @base_uri = args[:base_uri] if args.key?(:base_uri)
3353
+ @full_uri = args[:full_uri] if args.key?(:full_uri)
3354
+ end
3355
+ end
3356
+
3357
+ # An attack exposure contains the results of an attack path simulation run.
3358
+ class GoogleCloudSecuritycenterV2AttackExposure
3359
+ include Google::Apis::Core::Hashable
3360
+
3361
+ # The resource name of the attack path simulation result that contains the
3362
+ # details regarding this attack exposure score. Example: organizations/123/
3363
+ # simulations/456/attackExposureResults/789
3364
+ # Corresponds to the JSON property `attackExposureResult`
3365
+ # @return [String]
3366
+ attr_accessor :attack_exposure_result
3367
+
3368
+ # The number of high value resources that are exposed as a result of this
3369
+ # finding.
3370
+ # Corresponds to the JSON property `exposedHighValueResourcesCount`
3371
+ # @return [Fixnum]
3372
+ attr_accessor :exposed_high_value_resources_count
3373
+
3374
+ # The number of high value resources that are exposed as a result of this
3375
+ # finding.
3376
+ # Corresponds to the JSON property `exposedLowValueResourcesCount`
3377
+ # @return [Fixnum]
3378
+ attr_accessor :exposed_low_value_resources_count
3379
+
3380
+ # The number of medium value resources that are exposed as a result of this
3381
+ # finding.
3382
+ # Corresponds to the JSON property `exposedMediumValueResourcesCount`
3383
+ # @return [Fixnum]
3384
+ attr_accessor :exposed_medium_value_resources_count
3385
+
3386
+ # The most recent time the attack exposure was updated on this finding.
3387
+ # Corresponds to the JSON property `latestCalculationTime`
3388
+ # @return [String]
3389
+ attr_accessor :latest_calculation_time
3390
+
3391
+ # A number between 0 (inclusive) and infinity that represents how important this
3392
+ # finding is to remediate. The higher the score, the more important it is to
3393
+ # remediate.
3394
+ # Corresponds to the JSON property `score`
3395
+ # @return [Float]
3396
+ attr_accessor :score
3397
+
3398
+ # Output only. What state this AttackExposure is in. This captures whether or
3399
+ # not an attack exposure has been calculated or not.
3400
+ # Corresponds to the JSON property `state`
3401
+ # @return [String]
3402
+ attr_accessor :state
3403
+
3404
+ def initialize(**args)
3405
+ update!(**args)
3406
+ end
3407
+
3408
+ # Update properties of this object
3409
+ def update!(**args)
3410
+ @attack_exposure_result = args[:attack_exposure_result] if args.key?(:attack_exposure_result)
3411
+ @exposed_high_value_resources_count = args[:exposed_high_value_resources_count] if args.key?(:exposed_high_value_resources_count)
3412
+ @exposed_low_value_resources_count = args[:exposed_low_value_resources_count] if args.key?(:exposed_low_value_resources_count)
3413
+ @exposed_medium_value_resources_count = args[:exposed_medium_value_resources_count] if args.key?(:exposed_medium_value_resources_count)
3414
+ @latest_calculation_time = args[:latest_calculation_time] if args.key?(:latest_calculation_time)
3415
+ @score = args[:score] if args.key?(:score)
3416
+ @state = args[:state] if args.key?(:state)
3417
+ end
3418
+ end
3419
+
3420
+ # Information related to Google Cloud Backup and DR Service findings.
3421
+ class GoogleCloudSecuritycenterV2BackupDisasterRecovery
3422
+ include Google::Apis::Core::Hashable
3423
+
3424
+ # The name of the Backup and DR appliance that captures, moves, and manages the
3425
+ # lifecycle of backup data. For example, “backup-server-57137”.
3426
+ # Corresponds to the JSON property `appliance`
3427
+ # @return [String]
3428
+ attr_accessor :appliance
3429
+
3430
+ # The names of Backup and DR applications. An application is a VM, database, or
3431
+ # file system on a managed host monitored by a backup and recovery appliance.
3432
+ # For example, “centos7-01-vol00”, “centos7-01-vol01”, “centos7-01-vol02”.
3433
+ # Corresponds to the JSON property `applications`
3434
+ # @return [Array<String>]
3435
+ attr_accessor :applications
3436
+
3437
+ # The timestamp at which the Backup and DR backup was created.
3438
+ # Corresponds to the JSON property `backupCreateTime`
3439
+ # @return [String]
3440
+ attr_accessor :backup_create_time
3441
+
3442
+ # The name of a Backup and DR template which comprises one or more backup
3443
+ # policies. See the [Backup and DR documentation](https://cloud.google.com/
3444
+ # backup-disaster-recovery/docs/concepts/backup-plan#temp) for more information.
3445
+ # For example, “snap-ov”.
3446
+ # Corresponds to the JSON property `backupTemplate`
3447
+ # @return [String]
3448
+ attr_accessor :backup_template
3449
+
3450
+ # The backup type of the Backup and DR image. For example, “Snapshot”, “Remote
3451
+ # Snapshot”, “OnVault”.
3452
+ # Corresponds to the JSON property `backupType`
3453
+ # @return [String]
3454
+ attr_accessor :backup_type
3455
+
3456
+ # The name of a Backup and DR host, which is managed by the backup and recovery
3457
+ # appliance and known to the management console. The host can be of type Generic
3458
+ # (for example, Compute Engine, SQL Server, Oracle DB, SMB file system, etc.),
3459
+ # vCenter, or an ESX server. See the [Backup and DR documentation on hosts](
3460
+ # https://cloud.google.com/backup-disaster-recovery/docs/configuration/manage-
3461
+ # hosts-and-their-applications) for more information. For example, “centos7-01”.
3462
+ # Corresponds to the JSON property `host`
3463
+ # @return [String]
3464
+ attr_accessor :host
3465
+
3466
+ # The names of Backup and DR policies that are associated with a template and
3467
+ # that define when to run a backup, how frequently to run a backup, and how long
3468
+ # to retain the backup image. For example, “onvaults”.
3469
+ # Corresponds to the JSON property `policies`
3470
+ # @return [Array<String>]
3471
+ attr_accessor :policies
3472
+
3473
+ # The names of Backup and DR advanced policy options of a policy applying to an
3474
+ # application. See the [Backup and DR documentation on policy options](https://
3475
+ # cloud.google.com/backup-disaster-recovery/docs/create-plan/policy-settings).
3476
+ # For example, “skipofflineappsincongrp, nounmap”.
3477
+ # Corresponds to the JSON property `policyOptions`
3478
+ # @return [Array<String>]
3479
+ attr_accessor :policy_options
3480
+
3481
+ # The name of the Backup and DR resource profile that specifies the storage
3482
+ # media for backups of application and VM data. See the [Backup and DR
3483
+ # documentation on profiles](https://cloud.google.com/backup-disaster-recovery/
3484
+ # docs/concepts/backup-plan#profile). For example, “GCP”.
3485
+ # Corresponds to the JSON property `profile`
3486
+ # @return [String]
3487
+ attr_accessor :profile
3488
+
3489
+ # The name of the Backup and DR storage pool that the backup and recovery
3490
+ # appliance is storing data in. The storage pool could be of type Cloud, Primary,
3491
+ # Snapshot, or OnVault. See the [Backup and DR documentation on storage pools](
3492
+ # https://cloud.google.com/backup-disaster-recovery/docs/concepts/storage-pools).
3493
+ # For example, “DiskPoolOne”.
3494
+ # Corresponds to the JSON property `storagePool`
3495
+ # @return [String]
3496
+ attr_accessor :storage_pool
3497
+
3498
+ def initialize(**args)
3499
+ update!(**args)
3500
+ end
3501
+
3502
+ # Update properties of this object
3503
+ def update!(**args)
3504
+ @appliance = args[:appliance] if args.key?(:appliance)
3505
+ @applications = args[:applications] if args.key?(:applications)
3506
+ @backup_create_time = args[:backup_create_time] if args.key?(:backup_create_time)
3507
+ @backup_template = args[:backup_template] if args.key?(:backup_template)
3508
+ @backup_type = args[:backup_type] if args.key?(:backup_type)
3509
+ @host = args[:host] if args.key?(:host)
3510
+ @policies = args[:policies] if args.key?(:policies)
3511
+ @policy_options = args[:policy_options] if args.key?(:policy_options)
3512
+ @profile = args[:profile] if args.key?(:profile)
3513
+ @storage_pool = args[:storage_pool] if args.key?(:storage_pool)
3514
+ end
3515
+ end
3516
+
3517
+ # Configures how to deliver Findings to BigQuery Instance.
3518
+ class GoogleCloudSecuritycenterV2BigQueryExport
3519
+ include Google::Apis::Core::Hashable
3520
+
3521
+ # Output only. The time at which the BigQuery export was created. This field is
3522
+ # set by the server and will be ignored if provided on export on creation.
3523
+ # Corresponds to the JSON property `createTime`
3524
+ # @return [String]
3525
+ attr_accessor :create_time
3526
+
3527
+ # The dataset to write findings' updates to. Its format is "projects/[project_id]
3528
+ # /datasets/[bigquery_dataset_id]". BigQuery Dataset unique ID must contain only
3529
+ # letters (a-z, A-Z), numbers (0-9), or underscores (_).
3530
+ # Corresponds to the JSON property `dataset`
3531
+ # @return [String]
3532
+ attr_accessor :dataset
3533
+
3534
+ # The description of the export (max of 1024 characters).
3535
+ # Corresponds to the JSON property `description`
3536
+ # @return [String]
3537
+ attr_accessor :description
3538
+
3539
+ # Expression that defines the filter to apply across create/update events of
3540
+ # findings. The expression is a list of zero or more restrictions combined via
3541
+ # logical operators `AND` and `OR`. Parentheses are supported, and `OR` has
3542
+ # higher precedence than `AND`. Restrictions have the form ` ` and may have a `-`
3543
+ # character in front of them to indicate negation. The fields map to those
3544
+ # defined in the corresponding resource. The supported operators are: * `=` for
3545
+ # all value types. * `>`, `<`, `>=`, `<=` for integer values. * `:`, meaning
3546
+ # substring matching, for strings. The supported value types are: * string
3547
+ # literals in quotes. * integer literals without quotes. * boolean literals `
3548
+ # true` and `false` without quotes.
3549
+ # Corresponds to the JSON property `filter`
3550
+ # @return [String]
3551
+ attr_accessor :filter
3552
+
3553
+ # Output only. Email address of the user who last edited the BigQuery export.
3554
+ # This field is set by the server and will be ignored if provided on export
3555
+ # creation or update.
3556
+ # Corresponds to the JSON property `mostRecentEditor`
3557
+ # @return [String]
3558
+ attr_accessor :most_recent_editor
3559
+
3560
+ # The relative resource name of this export. See: https://cloud.google.com/apis/
3561
+ # design/resource_names#relative_resource_name. The following list shows some
3562
+ # examples: + `organizations/`organization_id`/locations/`location_id`/
3563
+ # bigQueryExports/`export_id`` + `folders/`folder_id`/locations/`location_id`/
3564
+ # bigQueryExports/`export_id`` + `projects/`project_id`/locations/`location_id`/
3565
+ # bigQueryExports/`export_id`` This field is provided in responses, and is
3566
+ # ignored when provided in create requests.
3567
+ # Corresponds to the JSON property `name`
3568
+ # @return [String]
3569
+ attr_accessor :name
3570
+
3571
+ # Output only. The service account that needs permission to create table and
3572
+ # upload data to the BigQuery dataset.
3573
+ # Corresponds to the JSON property `principal`
3574
+ # @return [String]
3575
+ attr_accessor :principal
3576
+
3577
+ # Output only. The most recent time at which the BigQuery export was updated.
3578
+ # This field is set by the server and will be ignored if provided on export
3579
+ # creation or update.
3580
+ # Corresponds to the JSON property `updateTime`
3581
+ # @return [String]
3582
+ attr_accessor :update_time
3583
+
3584
+ def initialize(**args)
3585
+ update!(**args)
3586
+ end
3587
+
3588
+ # Update properties of this object
3589
+ def update!(**args)
3590
+ @create_time = args[:create_time] if args.key?(:create_time)
3591
+ @dataset = args[:dataset] if args.key?(:dataset)
3592
+ @description = args[:description] if args.key?(:description)
3593
+ @filter = args[:filter] if args.key?(:filter)
3594
+ @most_recent_editor = args[:most_recent_editor] if args.key?(:most_recent_editor)
3595
+ @name = args[:name] if args.key?(:name)
3596
+ @principal = args[:principal] if args.key?(:principal)
3597
+ @update_time = args[:update_time] if args.key?(:update_time)
3598
+ end
3599
+ end
3600
+
3601
+ # Represents a Kubernetes RoleBinding or ClusterRoleBinding.
3602
+ class GoogleCloudSecuritycenterV2Binding
3603
+ include Google::Apis::Core::Hashable
3604
+
3605
+ # Name for the binding.
3606
+ # Corresponds to the JSON property `name`
3607
+ # @return [String]
3608
+ attr_accessor :name
3609
+
3610
+ # Namespace for the binding.
3611
+ # Corresponds to the JSON property `ns`
3612
+ # @return [String]
3613
+ attr_accessor :ns
3614
+
3615
+ # Kubernetes Role or ClusterRole.
3616
+ # Corresponds to the JSON property `role`
3617
+ # @return [Google::Apis::SecuritycenterV1beta1::GoogleCloudSecuritycenterV2Role]
3618
+ attr_accessor :role
3619
+
3620
+ # Represents one or more subjects that are bound to the role. Not always
3621
+ # available for PATCH requests.
3622
+ # Corresponds to the JSON property `subjects`
3623
+ # @return [Array<Google::Apis::SecuritycenterV1beta1::GoogleCloudSecuritycenterV2Subject>]
3624
+ attr_accessor :subjects
3625
+
3626
+ def initialize(**args)
3627
+ update!(**args)
3628
+ end
3629
+
3630
+ # Update properties of this object
3631
+ def update!(**args)
3632
+ @name = args[:name] if args.key?(:name)
3633
+ @ns = args[:ns] if args.key?(:ns)
3634
+ @role = args[:role] if args.key?(:role)
3635
+ @subjects = args[:subjects] if args.key?(:subjects)
3636
+ end
3637
+ end
3638
+
3639
+ # The response to a BulkMute request. Contains the LRO information.
3640
+ class GoogleCloudSecuritycenterV2BulkMuteFindingsResponse
3641
+ include Google::Apis::Core::Hashable
3642
+
3643
+ def initialize(**args)
3644
+ update!(**args)
3645
+ end
3646
+
3647
+ # Update properties of this object
3648
+ def update!(**args)
3649
+ end
3650
+ end
3651
+
3652
+ # The [data profile](https://cloud.google.com/dlp/docs/data-profiles) associated
3653
+ # with the finding.
3654
+ class GoogleCloudSecuritycenterV2CloudDlpDataProfile
3655
+ include Google::Apis::Core::Hashable
3656
+
3657
+ # Name of the data profile, for example, `projects/123/locations/europe/
3658
+ # tableProfiles/8383929`.
3659
+ # Corresponds to the JSON property `dataProfile`
3660
+ # @return [String]
3661
+ attr_accessor :data_profile
3662
+
3663
+ # The resource hierarchy level at which the data profile was generated.
3664
+ # Corresponds to the JSON property `parentType`
3665
+ # @return [String]
3666
+ attr_accessor :parent_type
3667
+
3668
+ def initialize(**args)
3669
+ update!(**args)
3670
+ end
3671
+
3672
+ # Update properties of this object
3673
+ def update!(**args)
3674
+ @data_profile = args[:data_profile] if args.key?(:data_profile)
3675
+ @parent_type = args[:parent_type] if args.key?(:parent_type)
3676
+ end
3677
+ end
3678
+
3679
+ # Details about the Cloud Data Loss Prevention (Cloud DLP) [inspection job](
3680
+ # https://cloud.google.com/dlp/docs/concepts-job-triggers) that produced the
3681
+ # finding.
3682
+ class GoogleCloudSecuritycenterV2CloudDlpInspection
3683
+ include Google::Apis::Core::Hashable
3684
+
3685
+ # Whether Cloud DLP scanned the complete resource or a sampled subset.
3686
+ # Corresponds to the JSON property `fullScan`
3687
+ # @return [Boolean]
3688
+ attr_accessor :full_scan
3689
+ alias_method :full_scan?, :full_scan
3690
+
3691
+ # The type of information (or *[infoType](https://cloud.google.com/dlp/docs/
3692
+ # infotypes-reference)*) found, for example, `EMAIL_ADDRESS` or `STREET_ADDRESS`.
3693
+ # Corresponds to the JSON property `infoType`
3694
+ # @return [String]
3695
+ attr_accessor :info_type
3696
+
3697
+ # The number of times Cloud DLP found this infoType within this job and resource.
3698
+ # Corresponds to the JSON property `infoTypeCount`
3699
+ # @return [Fixnum]
3700
+ attr_accessor :info_type_count
3701
+
3702
+ # Name of the inspection job, for example, `projects/123/locations/europe/
3703
+ # dlpJobs/i-8383929`.
3704
+ # Corresponds to the JSON property `inspectJob`
3705
+ # @return [String]
3706
+ attr_accessor :inspect_job
3707
+
3708
+ def initialize(**args)
3709
+ update!(**args)
3710
+ end
3711
+
3712
+ # Update properties of this object
3713
+ def update!(**args)
3714
+ @full_scan = args[:full_scan] if args.key?(:full_scan)
3715
+ @info_type = args[:info_type] if args.key?(:info_type)
3716
+ @info_type_count = args[:info_type_count] if args.key?(:info_type_count)
3717
+ @inspect_job = args[:inspect_job] if args.key?(:inspect_job)
3718
+ end
3719
+ end
3720
+
3721
+ # Metadata taken from a [Cloud Logging LogEntry](https://cloud.google.com/
3722
+ # logging/docs/reference/v2/rest/v2/LogEntry)
3723
+ class GoogleCloudSecuritycenterV2CloudLoggingEntry
3724
+ include Google::Apis::Core::Hashable
3725
+
3726
+ # A unique identifier for the log entry.
3727
+ # Corresponds to the JSON property `insertId`
3728
+ # @return [String]
3729
+ attr_accessor :insert_id
3730
+
3731
+ # The type of the log (part of `log_name`. `log_name` is the resource name of
3732
+ # the log to which this log entry belongs). For example: `cloudresourcemanager.
3733
+ # googleapis.com/activity` Note that this field is not URL-encoded, unlike in `
3734
+ # LogEntry`.
3735
+ # Corresponds to the JSON property `logId`
3736
+ # @return [String]
3737
+ attr_accessor :log_id
3738
+
3739
+ # The organization, folder, or project of the monitored resource that produced
3740
+ # this log entry.
3741
+ # Corresponds to the JSON property `resourceContainer`
3742
+ # @return [String]
3743
+ attr_accessor :resource_container
3744
+
3745
+ # The time the event described by the log entry occurred.
3746
+ # Corresponds to the JSON property `timestamp`
3747
+ # @return [String]
3748
+ attr_accessor :timestamp
3749
+
3750
+ def initialize(**args)
3751
+ update!(**args)
3752
+ end
3753
+
3754
+ # Update properties of this object
3755
+ def update!(**args)
3756
+ @insert_id = args[:insert_id] if args.key?(:insert_id)
3757
+ @log_id = args[:log_id] if args.key?(:log_id)
3758
+ @resource_container = args[:resource_container] if args.key?(:resource_container)
3759
+ @timestamp = args[:timestamp] if args.key?(:timestamp)
3760
+ end
3761
+ end
3762
+
3763
+ # Contains compliance information about a security standard indicating unmet
3764
+ # recommendations.
3765
+ class GoogleCloudSecuritycenterV2Compliance
3766
+ include Google::Apis::Core::Hashable
3767
+
3768
+ # Policies within the standard or benchmark, for example, A.12.4.1
3769
+ # Corresponds to the JSON property `ids`
3770
+ # @return [Array<String>]
3771
+ attr_accessor :ids
3772
+
3773
+ # Industry-wide compliance standards or benchmarks, such as CIS, PCI, and OWASP.
3774
+ # Corresponds to the JSON property `standard`
3775
+ # @return [String]
3776
+ attr_accessor :standard
3777
+
3778
+ # Version of the standard or benchmark, for example, 1.1
3779
+ # Corresponds to the JSON property `version`
3780
+ # @return [String]
3781
+ attr_accessor :version
3782
+
3783
+ def initialize(**args)
3784
+ update!(**args)
3785
+ end
3786
+
3787
+ # Update properties of this object
3788
+ def update!(**args)
3789
+ @ids = args[:ids] if args.key?(:ids)
3790
+ @standard = args[:standard] if args.key?(:standard)
3791
+ @version = args[:version] if args.key?(:version)
3792
+ end
3793
+ end
3794
+
3795
+ # Contains information about the IP connection associated with the finding.
3796
+ class GoogleCloudSecuritycenterV2Connection
3797
+ include Google::Apis::Core::Hashable
3798
+
3799
+ # Destination IP address. Not present for sockets that are listening and not
3800
+ # connected.
3801
+ # Corresponds to the JSON property `destinationIp`
3802
+ # @return [String]
3803
+ attr_accessor :destination_ip
3804
+
3805
+ # Destination port. Not present for sockets that are listening and not connected.
3806
+ # Corresponds to the JSON property `destinationPort`
3807
+ # @return [Fixnum]
3808
+ attr_accessor :destination_port
3809
+
3810
+ # IANA Internet Protocol Number such as TCP(6) and UDP(17).
3811
+ # Corresponds to the JSON property `protocol`
3812
+ # @return [String]
3813
+ attr_accessor :protocol
3814
+
3815
+ # Source IP address.
3816
+ # Corresponds to the JSON property `sourceIp`
3817
+ # @return [String]
3818
+ attr_accessor :source_ip
3819
+
3820
+ # Source port.
3821
+ # Corresponds to the JSON property `sourcePort`
3822
+ # @return [Fixnum]
3823
+ attr_accessor :source_port
3824
+
3825
+ def initialize(**args)
3826
+ update!(**args)
3827
+ end
3828
+
3829
+ # Update properties of this object
3830
+ def update!(**args)
3831
+ @destination_ip = args[:destination_ip] if args.key?(:destination_ip)
3832
+ @destination_port = args[:destination_port] if args.key?(:destination_port)
3833
+ @protocol = args[:protocol] if args.key?(:protocol)
3834
+ @source_ip = args[:source_ip] if args.key?(:source_ip)
3835
+ @source_port = args[:source_port] if args.key?(:source_port)
3836
+ end
3837
+ end
3838
+
3839
+ # The email address of a contact.
3840
+ class GoogleCloudSecuritycenterV2Contact
3841
+ include Google::Apis::Core::Hashable
3842
+
3843
+ # An email address. For example, "`person123@company.com`".
3844
+ # Corresponds to the JSON property `email`
3845
+ # @return [String]
3846
+ attr_accessor :email
3847
+
3848
+ def initialize(**args)
3849
+ update!(**args)
3850
+ end
3851
+
3852
+ # Update properties of this object
3853
+ def update!(**args)
3854
+ @email = args[:email] if args.key?(:email)
3855
+ end
3856
+ end
3857
+
3858
+ # Details about specific contacts
3859
+ class GoogleCloudSecuritycenterV2ContactDetails
3860
+ include Google::Apis::Core::Hashable
3861
+
3862
+ # A list of contacts
3863
+ # Corresponds to the JSON property `contacts`
3864
+ # @return [Array<Google::Apis::SecuritycenterV1beta1::GoogleCloudSecuritycenterV2Contact>]
3865
+ attr_accessor :contacts
3866
+
3867
+ def initialize(**args)
3868
+ update!(**args)
3869
+ end
3870
+
3871
+ # Update properties of this object
3872
+ def update!(**args)
3873
+ @contacts = args[:contacts] if args.key?(:contacts)
3874
+ end
3875
+ end
3876
+
3877
+ # Container associated with the finding.
3878
+ class GoogleCloudSecuritycenterV2Container
3879
+ include Google::Apis::Core::Hashable
3880
+
3881
+ # The time that the container was created.
3882
+ # Corresponds to the JSON property `createTime`
3883
+ # @return [String]
3884
+ attr_accessor :create_time
3885
+
3886
+ # Optional container image ID, if provided by the container runtime. Uniquely
3887
+ # identifies the container image launched using a container image digest.
3888
+ # Corresponds to the JSON property `imageId`
3889
+ # @return [String]
3890
+ attr_accessor :image_id
3891
+
3892
+ # Container labels, as provided by the container runtime.
3893
+ # Corresponds to the JSON property `labels`
3894
+ # @return [Array<Google::Apis::SecuritycenterV1beta1::GoogleCloudSecuritycenterV2Label>]
3895
+ attr_accessor :labels
3896
+
3897
+ # Name of the container.
3898
+ # Corresponds to the JSON property `name`
3899
+ # @return [String]
3900
+ attr_accessor :name
3901
+
3902
+ # Container image URI provided when configuring a pod or container. This string
3903
+ # can identify a container image version using mutable tags.
3904
+ # Corresponds to the JSON property `uri`
3905
+ # @return [String]
3906
+ attr_accessor :uri
3907
+
3908
+ def initialize(**args)
3909
+ update!(**args)
3910
+ end
3911
+
3912
+ # Update properties of this object
3913
+ def update!(**args)
3914
+ @create_time = args[:create_time] if args.key?(:create_time)
3915
+ @image_id = args[:image_id] if args.key?(:image_id)
3916
+ @labels = args[:labels] if args.key?(:labels)
3917
+ @name = args[:name] if args.key?(:name)
3918
+ @uri = args[:uri] if args.key?(:uri)
3919
+ end
3920
+ end
3921
+
3922
+ # CVE stands for Common Vulnerabilities and Exposures. Information from the [CVE
3923
+ # record](https://www.cve.org/ResourcesSupport/Glossary) that describes this
3924
+ # vulnerability.
3925
+ class GoogleCloudSecuritycenterV2Cve
3926
+ include Google::Apis::Core::Hashable
3927
+
3928
+ # Common Vulnerability Scoring System version 3.
3929
+ # Corresponds to the JSON property `cvssv3`
3930
+ # @return [Google::Apis::SecuritycenterV1beta1::GoogleCloudSecuritycenterV2Cvssv3]
3931
+ attr_accessor :cvssv3
3932
+
3933
+ # The exploitation activity of the vulnerability in the wild.
3934
+ # Corresponds to the JSON property `exploitationActivity`
3935
+ # @return [String]
3936
+ attr_accessor :exploitation_activity
3937
+
3938
+ # The unique identifier for the vulnerability. e.g. CVE-2021-34527
3939
+ # Corresponds to the JSON property `id`
3940
+ # @return [String]
3941
+ attr_accessor :id
3942
+
3943
+ # The potential impact of the vulnerability if it was to be exploited.
3944
+ # Corresponds to the JSON property `impact`
3945
+ # @return [String]
3946
+ attr_accessor :impact
3947
+
3948
+ # Whether or not the vulnerability has been observed in the wild.
3949
+ # Corresponds to the JSON property `observedInTheWild`
3950
+ # @return [Boolean]
3951
+ attr_accessor :observed_in_the_wild
3952
+ alias_method :observed_in_the_wild?, :observed_in_the_wild
3953
+
3954
+ # Additional information about the CVE. e.g. https://cve.mitre.org/cgi-bin/
3955
+ # cvename.cgi?name=CVE-2021-34527
3956
+ # Corresponds to the JSON property `references`
3957
+ # @return [Array<Google::Apis::SecuritycenterV1beta1::GoogleCloudSecuritycenterV2Reference>]
3958
+ attr_accessor :references
3959
+
3960
+ # Whether upstream fix is available for the CVE.
3961
+ # Corresponds to the JSON property `upstreamFixAvailable`
3962
+ # @return [Boolean]
3963
+ attr_accessor :upstream_fix_available
3964
+ alias_method :upstream_fix_available?, :upstream_fix_available
3965
+
3966
+ # Whether or not the vulnerability was zero day when the finding was published.
3967
+ # Corresponds to the JSON property `zeroDay`
3968
+ # @return [Boolean]
3969
+ attr_accessor :zero_day
3970
+ alias_method :zero_day?, :zero_day
3971
+
3972
+ def initialize(**args)
3973
+ update!(**args)
3974
+ end
3975
+
3976
+ # Update properties of this object
3977
+ def update!(**args)
3978
+ @cvssv3 = args[:cvssv3] if args.key?(:cvssv3)
3979
+ @exploitation_activity = args[:exploitation_activity] if args.key?(:exploitation_activity)
3980
+ @id = args[:id] if args.key?(:id)
3981
+ @impact = args[:impact] if args.key?(:impact)
3982
+ @observed_in_the_wild = args[:observed_in_the_wild] if args.key?(:observed_in_the_wild)
3983
+ @references = args[:references] if args.key?(:references)
3984
+ @upstream_fix_available = args[:upstream_fix_available] if args.key?(:upstream_fix_available)
3985
+ @zero_day = args[:zero_day] if args.key?(:zero_day)
3986
+ end
3987
+ end
3988
+
3989
+ # Common Vulnerability Scoring System version 3.
3990
+ class GoogleCloudSecuritycenterV2Cvssv3
3991
+ include Google::Apis::Core::Hashable
3992
+
3993
+ # This metric describes the conditions beyond the attacker's control that must
3994
+ # exist in order to exploit the vulnerability.
3995
+ # Corresponds to the JSON property `attackComplexity`
3996
+ # @return [String]
3997
+ attr_accessor :attack_complexity
3998
+
3999
+ # Base Metrics Represents the intrinsic characteristics of a vulnerability that
4000
+ # are constant over time and across user environments. This metric reflects the
4001
+ # context by which vulnerability exploitation is possible.
4002
+ # Corresponds to the JSON property `attackVector`
4003
+ # @return [String]
4004
+ attr_accessor :attack_vector
4005
+
4006
+ # This metric measures the impact to the availability of the impacted component
4007
+ # resulting from a successfully exploited vulnerability.
4008
+ # Corresponds to the JSON property `availabilityImpact`
4009
+ # @return [String]
4010
+ attr_accessor :availability_impact
4011
+
4012
+ # The base score is a function of the base metric scores.
4013
+ # Corresponds to the JSON property `baseScore`
4014
+ # @return [Float]
4015
+ attr_accessor :base_score
4016
+
4017
+ # This metric measures the impact to the confidentiality of the information
4018
+ # resources managed by a software component due to a successfully exploited
4019
+ # vulnerability.
4020
+ # Corresponds to the JSON property `confidentialityImpact`
4021
+ # @return [String]
4022
+ attr_accessor :confidentiality_impact
4023
+
4024
+ # This metric measures the impact to integrity of a successfully exploited
4025
+ # vulnerability.
4026
+ # Corresponds to the JSON property `integrityImpact`
4027
+ # @return [String]
4028
+ attr_accessor :integrity_impact
4029
+
4030
+ # This metric describes the level of privileges an attacker must possess before
4031
+ # successfully exploiting the vulnerability.
4032
+ # Corresponds to the JSON property `privilegesRequired`
4033
+ # @return [String]
4034
+ attr_accessor :privileges_required
4035
+
4036
+ # The Scope metric captures whether a vulnerability in one vulnerable component
4037
+ # impacts resources in components beyond its security scope.
4038
+ # Corresponds to the JSON property `scope`
4039
+ # @return [String]
4040
+ attr_accessor :scope
4041
+
4042
+ # This metric captures the requirement for a human user, other than the attacker,
4043
+ # to participate in the successful compromise of the vulnerable component.
4044
+ # Corresponds to the JSON property `userInteraction`
4045
+ # @return [String]
4046
+ attr_accessor :user_interaction
4047
+
4048
+ def initialize(**args)
4049
+ update!(**args)
4050
+ end
4051
+
4052
+ # Update properties of this object
4053
+ def update!(**args)
4054
+ @attack_complexity = args[:attack_complexity] if args.key?(:attack_complexity)
4055
+ @attack_vector = args[:attack_vector] if args.key?(:attack_vector)
4056
+ @availability_impact = args[:availability_impact] if args.key?(:availability_impact)
4057
+ @base_score = args[:base_score] if args.key?(:base_score)
4058
+ @confidentiality_impact = args[:confidentiality_impact] if args.key?(:confidentiality_impact)
4059
+ @integrity_impact = args[:integrity_impact] if args.key?(:integrity_impact)
4060
+ @privileges_required = args[:privileges_required] if args.key?(:privileges_required)
4061
+ @scope = args[:scope] if args.key?(:scope)
4062
+ @user_interaction = args[:user_interaction] if args.key?(:user_interaction)
4063
+ end
4064
+ end
4065
+
4066
+ # Represents database access information, such as queries. A database may be a
4067
+ # sub-resource of an instance (as in the case of Cloud SQL instances or Cloud
4068
+ # Spanner instances), or the database instance itself. Some database resources
4069
+ # might not have the [full resource name](https://google.aip.dev/122#full-
4070
+ # resource-names) populated because these resource types, such as Cloud SQL
4071
+ # databases, are not yet supported by Cloud Asset Inventory. In these cases only
4072
+ # the display name is provided.
4073
+ class GoogleCloudSecuritycenterV2Database
4074
+ include Google::Apis::Core::Hashable
4075
+
4076
+ # The human-readable name of the database that the user connected to.
4077
+ # Corresponds to the JSON property `displayName`
4078
+ # @return [String]
4079
+ attr_accessor :display_name
4080
+
4081
+ # The target usernames, roles, or groups of an SQL privilege grant, which is not
4082
+ # an IAM policy change.
4083
+ # Corresponds to the JSON property `grantees`
4084
+ # @return [Array<String>]
4085
+ attr_accessor :grantees
4086
+
4087
+ # Some database resources may not have the [full resource name](https://google.
4088
+ # aip.dev/122#full-resource-names) populated because these resource types are
4089
+ # not yet supported by Cloud Asset Inventory (e.g. Cloud SQL databases). In
4090
+ # these cases only the display name will be provided. The [full resource name](
4091
+ # https://google.aip.dev/122#full-resource-names) of the database that the user
4092
+ # connected to, if it is supported by Cloud Asset Inventory.
4093
+ # Corresponds to the JSON property `name`
4094
+ # @return [String]
4095
+ attr_accessor :name
4096
+
4097
+ # The SQL statement that is associated with the database access.
4098
+ # Corresponds to the JSON property `query`
4099
+ # @return [String]
4100
+ attr_accessor :query
4101
+
4102
+ # The username used to connect to the database. The username might not be an IAM
4103
+ # principal and does not have a set format.
4104
+ # Corresponds to the JSON property `userName`
4105
+ # @return [String]
4106
+ attr_accessor :user_name
4107
+
4108
+ # The version of the database, for example, POSTGRES_14. See [the complete list](
4109
+ # https://cloud.google.com/sql/docs/mysql/admin-api/rest/v1/SqlDatabaseVersion).
4110
+ # Corresponds to the JSON property `version`
4111
+ # @return [String]
4112
+ attr_accessor :version
4113
+
4114
+ def initialize(**args)
4115
+ update!(**args)
4116
+ end
4117
+
4118
+ # Update properties of this object
4119
+ def update!(**args)
4120
+ @display_name = args[:display_name] if args.key?(:display_name)
4121
+ @grantees = args[:grantees] if args.key?(:grantees)
4122
+ @name = args[:name] if args.key?(:name)
4123
+ @query = args[:query] if args.key?(:query)
4124
+ @user_name = args[:user_name] if args.key?(:user_name)
4125
+ @version = args[:version] if args.key?(:version)
4126
+ end
4127
+ end
4128
+
4129
+ # Memory hash detection contributing to the binary family match.
4130
+ class GoogleCloudSecuritycenterV2Detection
4131
+ include Google::Apis::Core::Hashable
4132
+
4133
+ # The name of the binary associated with the memory hash signature detection.
4134
+ # Corresponds to the JSON property `binary`
4135
+ # @return [String]
4136
+ attr_accessor :binary
4137
+
4138
+ # The percentage of memory page hashes in the signature that were matched.
4139
+ # Corresponds to the JSON property `percentPagesMatched`
4140
+ # @return [Float]
4141
+ attr_accessor :percent_pages_matched
4142
+
4143
+ def initialize(**args)
4144
+ update!(**args)
4145
+ end
4146
+
4147
+ # Update properties of this object
4148
+ def update!(**args)
4149
+ @binary = args[:binary] if args.key?(:binary)
4150
+ @percent_pages_matched = args[:percent_pages_matched] if args.key?(:percent_pages_matched)
4151
+ end
4152
+ end
4153
+
4154
+ # Path of the file in terms of underlying disk/partition identifiers.
4155
+ class GoogleCloudSecuritycenterV2DiskPath
4156
+ include Google::Apis::Core::Hashable
4157
+
4158
+ # UUID of the partition (format https://wiki.archlinux.org/title/
4159
+ # persistent_block_device_naming#by-uuid)
4160
+ # Corresponds to the JSON property `partitionUuid`
4161
+ # @return [String]
4162
+ attr_accessor :partition_uuid
4163
+
4164
+ # Relative path of the file in the partition as a JSON encoded string. Example: /
4165
+ # home/user1/executable_file.sh
4166
+ # Corresponds to the JSON property `relativePath`
4167
+ # @return [String]
4168
+ attr_accessor :relative_path
4169
+
4170
+ def initialize(**args)
4171
+ update!(**args)
4172
+ end
4173
+
4174
+ # Update properties of this object
4175
+ def update!(**args)
4176
+ @partition_uuid = args[:partition_uuid] if args.key?(:partition_uuid)
4177
+ @relative_path = args[:relative_path] if args.key?(:relative_path)
4178
+ end
4179
+ end
4180
+
4181
+ # A name-value pair representing an environment variable used in an operating
4182
+ # system process.
4183
+ class GoogleCloudSecuritycenterV2EnvironmentVariable
4184
+ include Google::Apis::Core::Hashable
4185
+
4186
+ # Environment variable name as a JSON encoded string.
4187
+ # Corresponds to the JSON property `name`
4188
+ # @return [String]
4189
+ attr_accessor :name
4190
+
4191
+ # Environment variable value as a JSON encoded string.
4192
+ # Corresponds to the JSON property `val`
4193
+ # @return [String]
4194
+ attr_accessor :val
4195
+
4196
+ def initialize(**args)
4197
+ update!(**args)
4198
+ end
4199
+
4200
+ # Update properties of this object
4201
+ def update!(**args)
4202
+ @name = args[:name] if args.key?(:name)
4203
+ @val = args[:val] if args.key?(:val)
4204
+ end
4205
+ end
4206
+
4207
+ # Resource where data was exfiltrated from or exfiltrated to.
4208
+ class GoogleCloudSecuritycenterV2ExfilResource
4209
+ include Google::Apis::Core::Hashable
4210
+
4211
+ # Subcomponents of the asset that was exfiltrated, like URIs used during
4212
+ # exfiltration, table names, databases, and filenames. For example, multiple
4213
+ # tables might have been exfiltrated from the same Cloud SQL instance, or
4214
+ # multiple files might have been exfiltrated from the same Cloud Storage bucket.
4215
+ # Corresponds to the JSON property `components`
4216
+ # @return [Array<String>]
4217
+ attr_accessor :components
4218
+
4219
+ # The resource's [full resource name](https://cloud.google.com/apis/design/
4220
+ # resource_names#full_resource_name).
4221
+ # Corresponds to the JSON property `name`
4222
+ # @return [String]
4223
+ attr_accessor :name
4224
+
4225
+ def initialize(**args)
4226
+ update!(**args)
4227
+ end
4228
+
4229
+ # Update properties of this object
4230
+ def update!(**args)
4231
+ @components = args[:components] if args.key?(:components)
4232
+ @name = args[:name] if args.key?(:name)
4233
+ end
4234
+ end
4235
+
4236
+ # Exfiltration represents a data exfiltration attempt from one or more sources
4237
+ # to one or more targets. The `sources` attribute lists the sources of the
4238
+ # exfiltrated data. The `targets` attribute lists the destinations the data was
4239
+ # copied to.
4240
+ class GoogleCloudSecuritycenterV2Exfiltration
4241
+ include Google::Apis::Core::Hashable
4242
+
4243
+ # If there are multiple sources, then the data is considered "joined" between
4244
+ # them. For instance, BigQuery can join multiple tables, and each table would be
4245
+ # considered a source.
4246
+ # Corresponds to the JSON property `sources`
4247
+ # @return [Array<Google::Apis::SecuritycenterV1beta1::GoogleCloudSecuritycenterV2ExfilResource>]
4248
+ attr_accessor :sources
4249
+
4250
+ # If there are multiple targets, each target would get a complete copy of the "
4251
+ # joined" source data.
4252
+ # Corresponds to the JSON property `targets`
4253
+ # @return [Array<Google::Apis::SecuritycenterV1beta1::GoogleCloudSecuritycenterV2ExfilResource>]
4254
+ attr_accessor :targets
4255
+
4256
+ # Total exfiltrated bytes processed for the entire job.
4257
+ # Corresponds to the JSON property `totalExfiltratedBytes`
4258
+ # @return [Fixnum]
4259
+ attr_accessor :total_exfiltrated_bytes
4260
+
4261
+ def initialize(**args)
4262
+ update!(**args)
4263
+ end
4264
+
4265
+ # Update properties of this object
4266
+ def update!(**args)
4267
+ @sources = args[:sources] if args.key?(:sources)
4268
+ @targets = args[:targets] if args.key?(:targets)
4269
+ @total_exfiltrated_bytes = args[:total_exfiltrated_bytes] if args.key?(:total_exfiltrated_bytes)
4270
+ end
4271
+ end
4272
+
4273
+ # Representation of third party SIEM/SOAR fields within SCC.
4274
+ class GoogleCloudSecuritycenterV2ExternalSystem
4275
+ include Google::Apis::Core::Hashable
4276
+
4277
+ # References primary/secondary etc assignees in the external system.
4278
+ # Corresponds to the JSON property `assignees`
4279
+ # @return [Array<String>]
4280
+ attr_accessor :assignees
4281
+
4282
+ # The priority of the finding's corresponding case in the external system.
4283
+ # Corresponds to the JSON property `casePriority`
4284
+ # @return [String]
4285
+ attr_accessor :case_priority
4286
+
4287
+ # The SLA of the finding's corresponding case in the external system.
4288
+ # Corresponds to the JSON property `caseSla`
4289
+ # @return [String]
4290
+ attr_accessor :case_sla
4291
+
4292
+ # The link to the finding's corresponding case in the external system.
4293
+ # Corresponds to the JSON property `caseUri`
4294
+ # @return [String]
4295
+ attr_accessor :case_uri
4296
+
4297
+ # The time when the case was last updated, as reported by the external system.
4298
+ # Corresponds to the JSON property `externalSystemUpdateTime`
4299
+ # @return [String]
4300
+ attr_accessor :external_system_update_time
4301
+
4302
+ # The identifier that's used to track the finding's corresponding case in the
4303
+ # external system.
4304
+ # Corresponds to the JSON property `externalUid`
4305
+ # @return [String]
4306
+ attr_accessor :external_uid
4307
+
4308
+ # Full resource name of the external system. The following list shows some
4309
+ # examples: + `organizations/1234/sources/5678/findings/123456/externalSystems/
4310
+ # jira` + `organizations/1234/sources/5678/locations/us/findings/123456/
4311
+ # externalSystems/jira` + `folders/1234/sources/5678/findings/123456/
4312
+ # externalSystems/jira` + `folders/1234/sources/5678/locations/us/findings/
4313
+ # 123456/externalSystems/jira` + `projects/1234/sources/5678/findings/123456/
4314
+ # externalSystems/jira` + `projects/1234/sources/5678/locations/us/findings/
4315
+ # 123456/externalSystems/jira`
4316
+ # Corresponds to the JSON property `name`
4317
+ # @return [String]
4318
+ attr_accessor :name
4319
+
4320
+ # The most recent status of the finding's corresponding case, as reported by the
4321
+ # external system.
4322
+ # Corresponds to the JSON property `status`
4323
+ # @return [String]
4324
+ attr_accessor :status
4325
+
4326
+ # Information about the ticket, if any, that is being used to track the
4327
+ # resolution of the issue that is identified by this finding.
4328
+ # Corresponds to the JSON property `ticketInfo`
4329
+ # @return [Google::Apis::SecuritycenterV1beta1::GoogleCloudSecuritycenterV2TicketInfo]
4330
+ attr_accessor :ticket_info
4331
+
4332
+ def initialize(**args)
4333
+ update!(**args)
4334
+ end
4335
+
4336
+ # Update properties of this object
4337
+ def update!(**args)
4338
+ @assignees = args[:assignees] if args.key?(:assignees)
4339
+ @case_priority = args[:case_priority] if args.key?(:case_priority)
4340
+ @case_sla = args[:case_sla] if args.key?(:case_sla)
4341
+ @case_uri = args[:case_uri] if args.key?(:case_uri)
4342
+ @external_system_update_time = args[:external_system_update_time] if args.key?(:external_system_update_time)
4343
+ @external_uid = args[:external_uid] if args.key?(:external_uid)
4344
+ @name = args[:name] if args.key?(:name)
4345
+ @status = args[:status] if args.key?(:status)
4346
+ @ticket_info = args[:ticket_info] if args.key?(:ticket_info)
4347
+ end
4348
+ end
4349
+
4350
+ # File information about the related binary/library used by an executable, or
4351
+ # the script used by a script interpreter
4352
+ class GoogleCloudSecuritycenterV2File
4353
+ include Google::Apis::Core::Hashable
4354
+
4355
+ # Prefix of the file contents as a JSON-encoded string.
4356
+ # Corresponds to the JSON property `contents`
4357
+ # @return [String]
4358
+ attr_accessor :contents
4359
+
4360
+ # Path of the file in terms of underlying disk/partition identifiers.
4361
+ # Corresponds to the JSON property `diskPath`
4362
+ # @return [Google::Apis::SecuritycenterV1beta1::GoogleCloudSecuritycenterV2DiskPath]
4363
+ attr_accessor :disk_path
4364
+
4365
+ # The length in bytes of the file prefix that was hashed. If hashed_size == size,
4366
+ # any hashes reported represent the entire file.
4367
+ # Corresponds to the JSON property `hashedSize`
4368
+ # @return [Fixnum]
4369
+ attr_accessor :hashed_size
4370
+
4371
+ # True when the hash covers only a prefix of the file.
4372
+ # Corresponds to the JSON property `partiallyHashed`
4373
+ # @return [Boolean]
4374
+ attr_accessor :partially_hashed
4375
+ alias_method :partially_hashed?, :partially_hashed
4376
+
4377
+ # Absolute path of the file as a JSON encoded string.
4378
+ # Corresponds to the JSON property `path`
4379
+ # @return [String]
4380
+ attr_accessor :path
4381
+
4382
+ # SHA256 hash of the first hashed_size bytes of the file encoded as a hex string.
4383
+ # If hashed_size == size, sha256 represents the SHA256 hash of the entire file.
4384
+ # Corresponds to the JSON property `sha256`
4385
+ # @return [String]
4386
+ attr_accessor :sha256
4387
+
4388
+ # Size of the file in bytes.
4389
+ # Corresponds to the JSON property `size`
4390
+ # @return [Fixnum]
4391
+ attr_accessor :size
4392
+
4393
+ def initialize(**args)
4394
+ update!(**args)
4395
+ end
4396
+
4397
+ # Update properties of this object
4398
+ def update!(**args)
4399
+ @contents = args[:contents] if args.key?(:contents)
4400
+ @disk_path = args[:disk_path] if args.key?(:disk_path)
4401
+ @hashed_size = args[:hashed_size] if args.key?(:hashed_size)
4402
+ @partially_hashed = args[:partially_hashed] if args.key?(:partially_hashed)
4403
+ @path = args[:path] if args.key?(:path)
4404
+ @sha256 = args[:sha256] if args.key?(:sha256)
4405
+ @size = args[:size] if args.key?(:size)
4406
+ end
4407
+ end
4408
+
4409
+ # Security Command Center finding. A finding is a record of assessment data like
4410
+ # security, risk, health, or privacy, that is ingested into Security Command
4411
+ # Center for presentation, notification, analysis, policy testing, and
4412
+ # enforcement. For example, a cross-site scripting (XSS) vulnerability in an App
4413
+ # Engine application is a finding.
4414
+ class GoogleCloudSecuritycenterV2Finding
4415
+ include Google::Apis::Core::Hashable
4416
+
4417
+ # Represents an access event.
4418
+ # Corresponds to the JSON property `access`
4419
+ # @return [Google::Apis::SecuritycenterV1beta1::GoogleCloudSecuritycenterV2Access]
4420
+ attr_accessor :access
4421
+
4422
+ # Represents an application associated with a finding.
4423
+ # Corresponds to the JSON property `application`
4424
+ # @return [Google::Apis::SecuritycenterV1beta1::GoogleCloudSecuritycenterV2Application]
4425
+ attr_accessor :application
4426
+
4427
+ # An attack exposure contains the results of an attack path simulation run.
4428
+ # Corresponds to the JSON property `attackExposure`
4429
+ # @return [Google::Apis::SecuritycenterV1beta1::GoogleCloudSecuritycenterV2AttackExposure]
4430
+ attr_accessor :attack_exposure
4431
+
4432
+ # Information related to Google Cloud Backup and DR Service findings.
4433
+ # Corresponds to the JSON property `backupDisasterRecovery`
4434
+ # @return [Google::Apis::SecuritycenterV1beta1::GoogleCloudSecuritycenterV2BackupDisasterRecovery]
4435
+ attr_accessor :backup_disaster_recovery
4436
+
4437
+ # Output only. The canonical name of the finding. The following list shows some
4438
+ # examples: + `organizations/`organization_id`/sources/`source_id`/findings/`
4439
+ # finding_id`` + `organizations/`organization_id`/sources/`source_id`/locations/`
4440
+ # location_id`/findings/`finding_id`` + `folders/`folder_id`/sources/`source_id`/
4441
+ # findings/`finding_id`` + `folders/`folder_id`/sources/`source_id`/locations/`
4442
+ # location_id`/findings/`finding_id`` + `projects/`project_id`/sources/`
4443
+ # source_id`/findings/`finding_id`` + `projects/`project_id`/sources/`source_id`/
4444
+ # locations/`location_id`/findings/`finding_id`` The prefix is the closest CRM
4445
+ # ancestor of the resource associated with the finding.
4446
+ # Corresponds to the JSON property `canonicalName`
4447
+ # @return [String]
4448
+ attr_accessor :canonical_name
4449
+
4450
+ # Immutable. The additional taxonomy group within findings from a given source.
4451
+ # Example: "XSS_FLASH_INJECTION"
4452
+ # Corresponds to the JSON property `category`
4453
+ # @return [String]
4454
+ attr_accessor :category
4455
+
4456
+ # The [data profile](https://cloud.google.com/dlp/docs/data-profiles) associated
4457
+ # with the finding.
4458
+ # Corresponds to the JSON property `cloudDlpDataProfile`
4459
+ # @return [Google::Apis::SecuritycenterV1beta1::GoogleCloudSecuritycenterV2CloudDlpDataProfile]
4460
+ attr_accessor :cloud_dlp_data_profile
4461
+
4462
+ # Details about the Cloud Data Loss Prevention (Cloud DLP) [inspection job](
4463
+ # https://cloud.google.com/dlp/docs/concepts-job-triggers) that produced the
4464
+ # finding.
4465
+ # Corresponds to the JSON property `cloudDlpInspection`
4466
+ # @return [Google::Apis::SecuritycenterV1beta1::GoogleCloudSecuritycenterV2CloudDlpInspection]
4467
+ attr_accessor :cloud_dlp_inspection
4468
+
4469
+ # Contains compliance information for security standards associated to the
4470
+ # finding.
4471
+ # Corresponds to the JSON property `compliances`
4472
+ # @return [Array<Google::Apis::SecuritycenterV1beta1::GoogleCloudSecuritycenterV2Compliance>]
4473
+ attr_accessor :compliances
4474
+
4475
+ # Contains information about the IP connection associated with the finding.
4476
+ # Corresponds to the JSON property `connections`
4477
+ # @return [Array<Google::Apis::SecuritycenterV1beta1::GoogleCloudSecuritycenterV2Connection>]
4478
+ attr_accessor :connections
4479
+
4480
+ # Output only. Map containing the points of contact for the given finding. The
4481
+ # key represents the type of contact, while the value contains a list of all the
4482
+ # contacts that pertain. Please refer to: https://cloud.google.com/resource-
4483
+ # manager/docs/managing-notification-contacts#notification-categories ` "
4484
+ # security": ` "contacts": [ ` "email": "person1@company.com" `, ` "email": "
4485
+ # person2@company.com" ` ] ` `
4486
+ # Corresponds to the JSON property `contacts`
4487
+ # @return [Hash<String,Google::Apis::SecuritycenterV1beta1::GoogleCloudSecuritycenterV2ContactDetails>]
4488
+ attr_accessor :contacts
4489
+
4490
+ # Containers associated with the finding. This field provides information for
4491
+ # both Kubernetes and non-Kubernetes containers.
4492
+ # Corresponds to the JSON property `containers`
4493
+ # @return [Array<Google::Apis::SecuritycenterV1beta1::GoogleCloudSecuritycenterV2Container>]
4494
+ attr_accessor :containers
4495
+
4496
+ # Output only. The time at which the finding was created in Security Command
4497
+ # Center.
4498
+ # Corresponds to the JSON property `createTime`
4499
+ # @return [String]
4500
+ attr_accessor :create_time
4501
+
4502
+ # Represents database access information, such as queries. A database may be a
4503
+ # sub-resource of an instance (as in the case of Cloud SQL instances or Cloud
4504
+ # Spanner instances), or the database instance itself. Some database resources
4505
+ # might not have the [full resource name](https://google.aip.dev/122#full-
4506
+ # resource-names) populated because these resource types, such as Cloud SQL
4507
+ # databases, are not yet supported by Cloud Asset Inventory. In these cases only
4508
+ # the display name is provided.
4509
+ # Corresponds to the JSON property `database`
4510
+ # @return [Google::Apis::SecuritycenterV1beta1::GoogleCloudSecuritycenterV2Database]
4511
+ attr_accessor :database
4512
+
4513
+ # Contains more details about the finding.
4514
+ # Corresponds to the JSON property `description`
4515
+ # @return [String]
4516
+ attr_accessor :description
4517
+
4518
+ # The time the finding was first detected. If an existing finding is updated,
4519
+ # then this is the time the update occurred. For example, if the finding
4520
+ # represents an open firewall, this property captures the time the detector
4521
+ # believes the firewall became open. The accuracy is determined by the detector.
4522
+ # If the finding is later resolved, then this time reflects when the finding was
4523
+ # resolved. This must not be set to a value greater than the current timestamp.
4524
+ # Corresponds to the JSON property `eventTime`
4525
+ # @return [String]
4526
+ attr_accessor :event_time
4527
+
4528
+ # Exfiltration represents a data exfiltration attempt from one or more sources
4529
+ # to one or more targets. The `sources` attribute lists the sources of the
4530
+ # exfiltrated data. The `targets` attribute lists the destinations the data was
4531
+ # copied to.
4532
+ # Corresponds to the JSON property `exfiltration`
4533
+ # @return [Google::Apis::SecuritycenterV1beta1::GoogleCloudSecuritycenterV2Exfiltration]
4534
+ attr_accessor :exfiltration
4535
+
4536
+ # Output only. Third party SIEM/SOAR fields within SCC, contains external system
4537
+ # information and external system finding fields.
4538
+ # Corresponds to the JSON property `externalSystems`
4539
+ # @return [Hash<String,Google::Apis::SecuritycenterV1beta1::GoogleCloudSecuritycenterV2ExternalSystem>]
4540
+ attr_accessor :external_systems
4541
+
4542
+ # The URI that, if available, points to a web page outside of Security Command
4543
+ # Center where additional information about the finding can be found. This field
4544
+ # is guaranteed to be either empty or a well formed URL.
4545
+ # Corresponds to the JSON property `externalUri`
4546
+ # @return [String]
4547
+ attr_accessor :external_uri
4548
+
4549
+ # File associated with the finding.
4550
+ # Corresponds to the JSON property `files`
4551
+ # @return [Array<Google::Apis::SecuritycenterV1beta1::GoogleCloudSecuritycenterV2File>]
4552
+ attr_accessor :files
4553
+
4554
+ # The class of the finding.
4555
+ # Corresponds to the JSON property `findingClass`
4556
+ # @return [String]
4557
+ attr_accessor :finding_class
4558
+
4559
+ # Represents IAM bindings associated with the finding.
4560
+ # Corresponds to the JSON property `iamBindings`
4561
+ # @return [Array<Google::Apis::SecuritycenterV1beta1::GoogleCloudSecuritycenterV2IamBinding>]
4562
+ attr_accessor :iam_bindings
4563
+
4564
+ # Represents what's commonly known as an _indicator of compromise_ (IoC) in
4565
+ # computer forensics. This is an artifact observed on a network or in an
4566
+ # operating system that, with high confidence, indicates a computer intrusion.
4567
+ # For more information, see [Indicator of compromise](https://en.wikipedia.org/
4568
+ # wiki/Indicator_of_compromise).
4569
+ # Corresponds to the JSON property `indicator`
4570
+ # @return [Google::Apis::SecuritycenterV1beta1::GoogleCloudSecuritycenterV2Indicator]
4571
+ attr_accessor :indicator
4572
+
4573
+ # Kernel mode rootkit signatures.
4574
+ # Corresponds to the JSON property `kernelRootkit`
4575
+ # @return [Google::Apis::SecuritycenterV1beta1::GoogleCloudSecuritycenterV2KernelRootkit]
4576
+ attr_accessor :kernel_rootkit
4577
+
4578
+ # Kubernetes-related attributes.
4579
+ # Corresponds to the JSON property `kubernetes`
4580
+ # @return [Google::Apis::SecuritycenterV1beta1::GoogleCloudSecuritycenterV2Kubernetes]
4581
+ attr_accessor :kubernetes
4582
+
4583
+ # The load balancers associated with the finding.
4584
+ # Corresponds to the JSON property `loadBalancers`
4585
+ # @return [Array<Google::Apis::SecuritycenterV1beta1::GoogleCloudSecuritycenterV2LoadBalancer>]
4586
+ attr_accessor :load_balancers
4587
+
4588
+ # Log entries that are relevant to the finding.
4589
+ # Corresponds to the JSON property `logEntries`
4590
+ # @return [Array<Google::Apis::SecuritycenterV1beta1::GoogleCloudSecuritycenterV2LogEntry>]
4591
+ attr_accessor :log_entries
4592
+
4593
+ # MITRE ATT&CK tactics and techniques related to this finding. See: https://
4594
+ # attack.mitre.org
4595
+ # Corresponds to the JSON property `mitreAttack`
4596
+ # @return [Google::Apis::SecuritycenterV1beta1::GoogleCloudSecuritycenterV2MitreAttack]
4597
+ attr_accessor :mitre_attack
4598
+
4599
+ # Unique identifier of the module which generated the finding. Example: folders/
4600
+ # 598186756061/securityHealthAnalyticsSettings/customModules/56799441161885
4601
+ # Corresponds to the JSON property `moduleName`
4602
+ # @return [String]
4603
+ attr_accessor :module_name
4604
+
4605
+ # Indicates the mute state of a finding (either muted, unmuted or undefined).
4606
+ # Unlike other attributes of a finding, a finding provider shouldn't set the
4607
+ # value of mute.
4608
+ # Corresponds to the JSON property `mute`
4609
+ # @return [String]
4610
+ attr_accessor :mute
4611
+
4612
+ # Records additional information about the mute operation, for example, the [
4613
+ # mute configuration](https://cloud.google.com/security-command-center/docs/how-
4614
+ # to-mute-findings) that muted the finding and the user who muted the finding.
4615
+ # Corresponds to the JSON property `muteInitiator`
4616
+ # @return [String]
4617
+ attr_accessor :mute_initiator
4618
+
4619
+ # Output only. The most recent time this finding was muted or unmuted.
4620
+ # Corresponds to the JSON property `muteUpdateTime`
4621
+ # @return [String]
4622
+ attr_accessor :mute_update_time
4623
+
4624
+ # The [relative resource name](https://cloud.google.com/apis/design/
4625
+ # resource_names#relative_resource_name) of the finding. The following list
4626
+ # shows some examples: + `organizations/`organization_id`/sources/`source_id`/
4627
+ # findings/`finding_id`` + `organizations/`organization_id`/sources/`source_id`/
4628
+ # locations/`location_id`/findings/`finding_id`` + `folders/`folder_id`/sources/`
4629
+ # source_id`/findings/`finding_id`` + `folders/`folder_id`/sources/`source_id`/
4630
+ # locations/`location_id`/findings/`finding_id`` + `projects/`project_id`/
4631
+ # sources/`source_id`/findings/`finding_id`` + `projects/`project_id`/sources/`
4632
+ # source_id`/locations/`location_id`/findings/`finding_id``
4633
+ # Corresponds to the JSON property `name`
4634
+ # @return [String]
4635
+ attr_accessor :name
4636
+
4637
+ # Steps to address the finding.
4638
+ # Corresponds to the JSON property `nextSteps`
4639
+ # @return [String]
4640
+ attr_accessor :next_steps
4641
+
4642
+ # Contains information about the org policies associated with the finding.
4643
+ # Corresponds to the JSON property `orgPolicies`
4644
+ # @return [Array<Google::Apis::SecuritycenterV1beta1::GoogleCloudSecuritycenterV2OrgPolicy>]
4645
+ attr_accessor :org_policies
4646
+
4647
+ # The relative resource name of the source and location the finding belongs to.
4648
+ # See: https://cloud.google.com/apis/design/resource_names#
4649
+ # relative_resource_name This field is immutable after creation time. The
4650
+ # following list shows some examples: + `organizations/`organization_id`/sources/
4651
+ # `source_id`` + `folders/`folders_id`/sources/`source_id`` + `projects/`
4652
+ # projects_id`/sources/`source_id`` + `organizations/`organization_id`/sources/`
4653
+ # source_id`/locations/`location_id`` + `folders/`folders_id`/sources/`source_id`
4654
+ # /locations/`location_id`` + `projects/`projects_id`/sources/`source_id`/
4655
+ # locations/`location_id``
4656
+ # Corresponds to the JSON property `parent`
4657
+ # @return [String]
4658
+ attr_accessor :parent
4659
+
4660
+ # Output only. The human readable display name of the finding source such as "
4661
+ # Event Threat Detection" or "Security Health Analytics".
4662
+ # Corresponds to the JSON property `parentDisplayName`
4663
+ # @return [String]
4664
+ attr_accessor :parent_display_name
4665
+
4666
+ # Represents operating system processes associated with the Finding.
4667
+ # Corresponds to the JSON property `processes`
4668
+ # @return [Array<Google::Apis::SecuritycenterV1beta1::GoogleCloudSecuritycenterV2Process>]
4669
+ attr_accessor :processes
4670
+
4671
+ # Immutable. For findings on Google Cloud resources, the full resource name of
4672
+ # the Google Cloud resource this finding is for. See: https://cloud.google.com/
4673
+ # apis/design/resource_names#full_resource_name When the finding is for a non-
4674
+ # Google Cloud resource, the resourceName can be a customer or partner defined
4675
+ # string.
4676
+ # Corresponds to the JSON property `resourceName`
4677
+ # @return [String]
4678
+ attr_accessor :resource_name
4679
+
4680
+ # User specified security marks that are attached to the parent Security Command
4681
+ # Center resource. Security marks are scoped within a Security Command Center
4682
+ # organization -- they can be modified and viewed by all users who have proper
4683
+ # permissions on the organization.
4684
+ # Corresponds to the JSON property `securityMarks`
4685
+ # @return [Google::Apis::SecuritycenterV1beta1::GoogleCloudSecuritycenterV2SecurityMarks]
4686
+ attr_accessor :security_marks
4687
+
4688
+ # Represents a posture that is deployed on Google Cloud by the Security Command
4689
+ # Center Posture Management service. A posture contains one or more policy sets.
4690
+ # A policy set is a group of policies that enforce a set of security rules on
4691
+ # Google Cloud.
4692
+ # Corresponds to the JSON property `securityPosture`
4693
+ # @return [Google::Apis::SecuritycenterV1beta1::GoogleCloudSecuritycenterV2SecurityPosture]
4694
+ attr_accessor :security_posture
4695
+
4696
+ # The severity of the finding. This field is managed by the source that writes
4697
+ # the finding.
4698
+ # Corresponds to the JSON property `severity`
4699
+ # @return [String]
4700
+ attr_accessor :severity
4701
+
4702
+ # Source specific properties. These properties are managed by the source that
4703
+ # writes the finding. The key names in the source_properties map must be between
4704
+ # 1 and 255 characters, and must start with a letter and contain alphanumeric
4705
+ # characters or underscores only.
4706
+ # Corresponds to the JSON property `sourceProperties`
4707
+ # @return [Hash<String,Object>]
4708
+ attr_accessor :source_properties
4709
+
4710
+ # Output only. The state of the finding.
4711
+ # Corresponds to the JSON property `state`
4712
+ # @return [String]
4713
+ attr_accessor :state
4714
+
4715
+ # Refers to common vulnerability fields e.g. cve, cvss, cwe etc.
4716
+ # Corresponds to the JSON property `vulnerability`
4717
+ # @return [Google::Apis::SecuritycenterV1beta1::GoogleCloudSecuritycenterV2Vulnerability]
4718
+ attr_accessor :vulnerability
4719
+
4720
+ def initialize(**args)
4721
+ update!(**args)
4722
+ end
4723
+
4724
+ # Update properties of this object
4725
+ def update!(**args)
4726
+ @access = args[:access] if args.key?(:access)
4727
+ @application = args[:application] if args.key?(:application)
4728
+ @attack_exposure = args[:attack_exposure] if args.key?(:attack_exposure)
4729
+ @backup_disaster_recovery = args[:backup_disaster_recovery] if args.key?(:backup_disaster_recovery)
4730
+ @canonical_name = args[:canonical_name] if args.key?(:canonical_name)
4731
+ @category = args[:category] if args.key?(:category)
4732
+ @cloud_dlp_data_profile = args[:cloud_dlp_data_profile] if args.key?(:cloud_dlp_data_profile)
4733
+ @cloud_dlp_inspection = args[:cloud_dlp_inspection] if args.key?(:cloud_dlp_inspection)
4734
+ @compliances = args[:compliances] if args.key?(:compliances)
4735
+ @connections = args[:connections] if args.key?(:connections)
4736
+ @contacts = args[:contacts] if args.key?(:contacts)
4737
+ @containers = args[:containers] if args.key?(:containers)
4738
+ @create_time = args[:create_time] if args.key?(:create_time)
4739
+ @database = args[:database] if args.key?(:database)
4740
+ @description = args[:description] if args.key?(:description)
4741
+ @event_time = args[:event_time] if args.key?(:event_time)
4742
+ @exfiltration = args[:exfiltration] if args.key?(:exfiltration)
4743
+ @external_systems = args[:external_systems] if args.key?(:external_systems)
4744
+ @external_uri = args[:external_uri] if args.key?(:external_uri)
4745
+ @files = args[:files] if args.key?(:files)
4746
+ @finding_class = args[:finding_class] if args.key?(:finding_class)
4747
+ @iam_bindings = args[:iam_bindings] if args.key?(:iam_bindings)
4748
+ @indicator = args[:indicator] if args.key?(:indicator)
4749
+ @kernel_rootkit = args[:kernel_rootkit] if args.key?(:kernel_rootkit)
4750
+ @kubernetes = args[:kubernetes] if args.key?(:kubernetes)
4751
+ @load_balancers = args[:load_balancers] if args.key?(:load_balancers)
4752
+ @log_entries = args[:log_entries] if args.key?(:log_entries)
4753
+ @mitre_attack = args[:mitre_attack] if args.key?(:mitre_attack)
4754
+ @module_name = args[:module_name] if args.key?(:module_name)
4755
+ @mute = args[:mute] if args.key?(:mute)
4756
+ @mute_initiator = args[:mute_initiator] if args.key?(:mute_initiator)
4757
+ @mute_update_time = args[:mute_update_time] if args.key?(:mute_update_time)
4758
+ @name = args[:name] if args.key?(:name)
4759
+ @next_steps = args[:next_steps] if args.key?(:next_steps)
4760
+ @org_policies = args[:org_policies] if args.key?(:org_policies)
4761
+ @parent = args[:parent] if args.key?(:parent)
4762
+ @parent_display_name = args[:parent_display_name] if args.key?(:parent_display_name)
4763
+ @processes = args[:processes] if args.key?(:processes)
4764
+ @resource_name = args[:resource_name] if args.key?(:resource_name)
4765
+ @security_marks = args[:security_marks] if args.key?(:security_marks)
4766
+ @security_posture = args[:security_posture] if args.key?(:security_posture)
4767
+ @severity = args[:severity] if args.key?(:severity)
4768
+ @source_properties = args[:source_properties] if args.key?(:source_properties)
4769
+ @state = args[:state] if args.key?(:state)
4770
+ @vulnerability = args[:vulnerability] if args.key?(:vulnerability)
4771
+ end
4772
+ end
4773
+
4774
+ # Represents a geographical location for a given access.
4775
+ class GoogleCloudSecuritycenterV2Geolocation
4776
+ include Google::Apis::Core::Hashable
4777
+
4778
+ # A CLDR.
4779
+ # Corresponds to the JSON property `regionCode`
4780
+ # @return [String]
4781
+ attr_accessor :region_code
4782
+
4783
+ def initialize(**args)
4784
+ update!(**args)
4785
+ end
4786
+
4787
+ # Update properties of this object
4788
+ def update!(**args)
4789
+ @region_code = args[:region_code] if args.key?(:region_code)
4790
+ end
4791
+ end
4792
+
4793
+ # Represents a particular IAM binding, which captures a member's role addition,
4794
+ # removal, or state.
4795
+ class GoogleCloudSecuritycenterV2IamBinding
4796
+ include Google::Apis::Core::Hashable
4797
+
4798
+ # The action that was performed on a Binding.
4799
+ # Corresponds to the JSON property `action`
4800
+ # @return [String]
4801
+ attr_accessor :action
4802
+
4803
+ # A single identity requesting access for a Cloud Platform resource, for example,
4804
+ # "foo@google.com".
4805
+ # Corresponds to the JSON property `member`
4806
+ # @return [String]
4807
+ attr_accessor :member
4808
+
4809
+ # Role that is assigned to "members". For example, "roles/viewer", "roles/editor"
4810
+ # , or "roles/owner".
4811
+ # Corresponds to the JSON property `role`
4812
+ # @return [String]
4813
+ attr_accessor :role
4814
+
4815
+ def initialize(**args)
4816
+ update!(**args)
4817
+ end
4818
+
4819
+ # Update properties of this object
4820
+ def update!(**args)
4821
+ @action = args[:action] if args.key?(:action)
4822
+ @member = args[:member] if args.key?(:member)
4823
+ @role = args[:role] if args.key?(:role)
4824
+ end
4825
+ end
4826
+
4827
+ # Represents what's commonly known as an _indicator of compromise_ (IoC) in
4828
+ # computer forensics. This is an artifact observed on a network or in an
4829
+ # operating system that, with high confidence, indicates a computer intrusion.
4830
+ # For more information, see [Indicator of compromise](https://en.wikipedia.org/
4831
+ # wiki/Indicator_of_compromise).
4832
+ class GoogleCloudSecuritycenterV2Indicator
4833
+ include Google::Apis::Core::Hashable
4834
+
4835
+ # List of domains associated to the Finding.
4836
+ # Corresponds to the JSON property `domains`
4837
+ # @return [Array<String>]
4838
+ attr_accessor :domains
4839
+
4840
+ # The list of IP addresses that are associated with the finding.
4841
+ # Corresponds to the JSON property `ipAddresses`
4842
+ # @return [Array<String>]
4843
+ attr_accessor :ip_addresses
4844
+
4845
+ # The list of matched signatures indicating that the given process is present in
4846
+ # the environment.
4847
+ # Corresponds to the JSON property `signatures`
4848
+ # @return [Array<Google::Apis::SecuritycenterV1beta1::GoogleCloudSecuritycenterV2ProcessSignature>]
4849
+ attr_accessor :signatures
4850
+
4851
+ # The list of URIs associated to the Findings.
4852
+ # Corresponds to the JSON property `uris`
4853
+ # @return [Array<String>]
4854
+ attr_accessor :uris
4855
+
4856
+ def initialize(**args)
4857
+ update!(**args)
4858
+ end
4859
+
4860
+ # Update properties of this object
4861
+ def update!(**args)
4862
+ @domains = args[:domains] if args.key?(:domains)
4863
+ @ip_addresses = args[:ip_addresses] if args.key?(:ip_addresses)
4864
+ @signatures = args[:signatures] if args.key?(:signatures)
4865
+ @uris = args[:uris] if args.key?(:uris)
4866
+ end
4867
+ end
4868
+
4869
+ # Kernel mode rootkit signatures.
4870
+ class GoogleCloudSecuritycenterV2KernelRootkit
4871
+ include Google::Apis::Core::Hashable
4872
+
4873
+ # Rootkit name, when available.
4874
+ # Corresponds to the JSON property `name`
4875
+ # @return [String]
4876
+ attr_accessor :name
4877
+
4878
+ # True if unexpected modifications of kernel code memory are present.
4879
+ # Corresponds to the JSON property `unexpectedCodeModification`
4880
+ # @return [Boolean]
4881
+ attr_accessor :unexpected_code_modification
4882
+ alias_method :unexpected_code_modification?, :unexpected_code_modification
4883
+
4884
+ # True if `ftrace` points are present with callbacks pointing to regions that
4885
+ # are not in the expected kernel or module code range.
4886
+ # Corresponds to the JSON property `unexpectedFtraceHandler`
4887
+ # @return [Boolean]
4888
+ attr_accessor :unexpected_ftrace_handler
4889
+ alias_method :unexpected_ftrace_handler?, :unexpected_ftrace_handler
4890
+
4891
+ # True if interrupt handlers that are are not in the expected kernel or module
4892
+ # code regions are present.
4893
+ # Corresponds to the JSON property `unexpectedInterruptHandler`
4894
+ # @return [Boolean]
4895
+ attr_accessor :unexpected_interrupt_handler
4896
+ alias_method :unexpected_interrupt_handler?, :unexpected_interrupt_handler
4897
+
4898
+ # True if kernel code pages that are not in the expected kernel or module code
4899
+ # regions are present.
4900
+ # Corresponds to the JSON property `unexpectedKernelCodePages`
4901
+ # @return [Boolean]
4902
+ attr_accessor :unexpected_kernel_code_pages
4903
+ alias_method :unexpected_kernel_code_pages?, :unexpected_kernel_code_pages
4904
+
4905
+ # True if `kprobe` points are present with callbacks pointing to regions that
4906
+ # are not in the expected kernel or module code range.
4907
+ # Corresponds to the JSON property `unexpectedKprobeHandler`
4908
+ # @return [Boolean]
4909
+ attr_accessor :unexpected_kprobe_handler
4910
+ alias_method :unexpected_kprobe_handler?, :unexpected_kprobe_handler
4911
+
4912
+ # True if unexpected processes in the scheduler run queue are present. Such
4913
+ # processes are in the run queue, but not in the process task list.
4914
+ # Corresponds to the JSON property `unexpectedProcessesInRunqueue`
4915
+ # @return [Boolean]
4916
+ attr_accessor :unexpected_processes_in_runqueue
4917
+ alias_method :unexpected_processes_in_runqueue?, :unexpected_processes_in_runqueue
4918
+
4919
+ # True if unexpected modifications of kernel read-only data memory are present.
4920
+ # Corresponds to the JSON property `unexpectedReadOnlyDataModification`
4921
+ # @return [Boolean]
4922
+ attr_accessor :unexpected_read_only_data_modification
4923
+ alias_method :unexpected_read_only_data_modification?, :unexpected_read_only_data_modification
4924
+
4925
+ # True if system call handlers that are are not in the expected kernel or module
4926
+ # code regions are present.
4927
+ # Corresponds to the JSON property `unexpectedSystemCallHandler`
4928
+ # @return [Boolean]
4929
+ attr_accessor :unexpected_system_call_handler
4930
+ alias_method :unexpected_system_call_handler?, :unexpected_system_call_handler
4931
+
4932
+ def initialize(**args)
4933
+ update!(**args)
4934
+ end
4935
+
4936
+ # Update properties of this object
4937
+ def update!(**args)
4938
+ @name = args[:name] if args.key?(:name)
4939
+ @unexpected_code_modification = args[:unexpected_code_modification] if args.key?(:unexpected_code_modification)
4940
+ @unexpected_ftrace_handler = args[:unexpected_ftrace_handler] if args.key?(:unexpected_ftrace_handler)
4941
+ @unexpected_interrupt_handler = args[:unexpected_interrupt_handler] if args.key?(:unexpected_interrupt_handler)
4942
+ @unexpected_kernel_code_pages = args[:unexpected_kernel_code_pages] if args.key?(:unexpected_kernel_code_pages)
4943
+ @unexpected_kprobe_handler = args[:unexpected_kprobe_handler] if args.key?(:unexpected_kprobe_handler)
4944
+ @unexpected_processes_in_runqueue = args[:unexpected_processes_in_runqueue] if args.key?(:unexpected_processes_in_runqueue)
4945
+ @unexpected_read_only_data_modification = args[:unexpected_read_only_data_modification] if args.key?(:unexpected_read_only_data_modification)
4946
+ @unexpected_system_call_handler = args[:unexpected_system_call_handler] if args.key?(:unexpected_system_call_handler)
4947
+ end
4948
+ end
4949
+
4950
+ # Kubernetes-related attributes.
4951
+ class GoogleCloudSecuritycenterV2Kubernetes
4952
+ include Google::Apis::Core::Hashable
4953
+
4954
+ # Provides information on any Kubernetes access reviews (privilege checks)
4955
+ # relevant to the finding.
4956
+ # Corresponds to the JSON property `accessReviews`
4957
+ # @return [Array<Google::Apis::SecuritycenterV1beta1::GoogleCloudSecuritycenterV2AccessReview>]
4958
+ attr_accessor :access_reviews
4959
+
4960
+ # Provides Kubernetes role binding information for findings that involve [
4961
+ # RoleBindings or ClusterRoleBindings](https://cloud.google.com/kubernetes-
4962
+ # engine/docs/how-to/role-based-access-control).
4963
+ # Corresponds to the JSON property `bindings`
4964
+ # @return [Array<Google::Apis::SecuritycenterV1beta1::GoogleCloudSecuritycenterV2Binding>]
4965
+ attr_accessor :bindings
4966
+
4967
+ # GKE [node pools](https://cloud.google.com/kubernetes-engine/docs/concepts/node-
4968
+ # pools) associated with the finding. This field contains node pool information
4969
+ # for each node, when it is available.
4970
+ # Corresponds to the JSON property `nodePools`
4971
+ # @return [Array<Google::Apis::SecuritycenterV1beta1::GoogleCloudSecuritycenterV2NodePool>]
4972
+ attr_accessor :node_pools
4973
+
4974
+ # Provides Kubernetes [node](https://cloud.google.com/kubernetes-engine/docs/
4975
+ # concepts/cluster-architecture#nodes) information.
4976
+ # Corresponds to the JSON property `nodes`
4977
+ # @return [Array<Google::Apis::SecuritycenterV1beta1::GoogleCloudSecuritycenterV2Node>]
4978
+ attr_accessor :nodes
4979
+
4980
+ # Kubernetes objects related to the finding.
4981
+ # Corresponds to the JSON property `objects`
4982
+ # @return [Array<Google::Apis::SecuritycenterV1beta1::GoogleCloudSecuritycenterV2Object>]
4983
+ attr_accessor :objects
4984
+
4985
+ # Kubernetes [Pods](https://cloud.google.com/kubernetes-engine/docs/concepts/pod)
4986
+ # associated with the finding. This field contains Pod records for each
4987
+ # container that is owned by a Pod.
4988
+ # Corresponds to the JSON property `pods`
4989
+ # @return [Array<Google::Apis::SecuritycenterV1beta1::GoogleCloudSecuritycenterV2Pod>]
4990
+ attr_accessor :pods
4991
+
4992
+ # Provides Kubernetes role information for findings that involve [Roles or
4993
+ # ClusterRoles](https://cloud.google.com/kubernetes-engine/docs/how-to/role-
4994
+ # based-access-control).
4995
+ # Corresponds to the JSON property `roles`
4996
+ # @return [Array<Google::Apis::SecuritycenterV1beta1::GoogleCloudSecuritycenterV2Role>]
4997
+ attr_accessor :roles
4998
+
4999
+ def initialize(**args)
5000
+ update!(**args)
5001
+ end
5002
+
5003
+ # Update properties of this object
5004
+ def update!(**args)
5005
+ @access_reviews = args[:access_reviews] if args.key?(:access_reviews)
5006
+ @bindings = args[:bindings] if args.key?(:bindings)
5007
+ @node_pools = args[:node_pools] if args.key?(:node_pools)
5008
+ @nodes = args[:nodes] if args.key?(:nodes)
5009
+ @objects = args[:objects] if args.key?(:objects)
5010
+ @pods = args[:pods] if args.key?(:pods)
5011
+ @roles = args[:roles] if args.key?(:roles)
5012
+ end
5013
+ end
5014
+
5015
+ # Represents a generic name-value label. A label has separate name and value
5016
+ # fields to support filtering with the `contains()` function. For more
5017
+ # information, see [Filtering on array-type fields](https://cloud.google.com/
5018
+ # security-command-center/docs/how-to-api-list-findings#array-contains-filtering)
5019
+ # .
5020
+ class GoogleCloudSecuritycenterV2Label
5021
+ include Google::Apis::Core::Hashable
5022
+
5023
+ # Name of the label.
5024
+ # Corresponds to the JSON property `name`
5025
+ # @return [String]
5026
+ attr_accessor :name
5027
+
5028
+ # Value that corresponds to the label's name.
5029
+ # Corresponds to the JSON property `value`
5030
+ # @return [String]
5031
+ attr_accessor :value
5032
+
5033
+ def initialize(**args)
5034
+ update!(**args)
5035
+ end
5036
+
5037
+ # Update properties of this object
5038
+ def update!(**args)
5039
+ @name = args[:name] if args.key?(:name)
5040
+ @value = args[:value] if args.key?(:value)
5041
+ end
5042
+ end
5043
+
5044
+ # Contains information related to the load balancer associated with the finding.
5045
+ class GoogleCloudSecuritycenterV2LoadBalancer
5046
+ include Google::Apis::Core::Hashable
5047
+
5048
+ # The name of the load balancer associated with the finding.
5049
+ # Corresponds to the JSON property `name`
5050
+ # @return [String]
5051
+ attr_accessor :name
5052
+
5053
+ def initialize(**args)
5054
+ update!(**args)
5055
+ end
5056
+
5057
+ # Update properties of this object
5058
+ def update!(**args)
5059
+ @name = args[:name] if args.key?(:name)
5060
+ end
5061
+ end
5062
+
5063
+ # An individual entry in a log.
5064
+ class GoogleCloudSecuritycenterV2LogEntry
5065
+ include Google::Apis::Core::Hashable
5066
+
5067
+ # Metadata taken from a [Cloud Logging LogEntry](https://cloud.google.com/
5068
+ # logging/docs/reference/v2/rest/v2/LogEntry)
5069
+ # Corresponds to the JSON property `cloudLoggingEntry`
5070
+ # @return [Google::Apis::SecuritycenterV1beta1::GoogleCloudSecuritycenterV2CloudLoggingEntry]
5071
+ attr_accessor :cloud_logging_entry
5072
+
5073
+ def initialize(**args)
5074
+ update!(**args)
5075
+ end
5076
+
5077
+ # Update properties of this object
5078
+ def update!(**args)
5079
+ @cloud_logging_entry = args[:cloud_logging_entry] if args.key?(:cloud_logging_entry)
5080
+ end
5081
+ end
5082
+
5083
+ # A signature corresponding to memory page hashes.
5084
+ class GoogleCloudSecuritycenterV2MemoryHashSignature
5085
+ include Google::Apis::Core::Hashable
5086
+
5087
+ # The binary family.
5088
+ # Corresponds to the JSON property `binaryFamily`
5089
+ # @return [String]
5090
+ attr_accessor :binary_family
5091
+
5092
+ # The list of memory hash detections contributing to the binary family match.
5093
+ # Corresponds to the JSON property `detections`
5094
+ # @return [Array<Google::Apis::SecuritycenterV1beta1::GoogleCloudSecuritycenterV2Detection>]
5095
+ attr_accessor :detections
5096
+
5097
+ def initialize(**args)
5098
+ update!(**args)
5099
+ end
5100
+
5101
+ # Update properties of this object
5102
+ def update!(**args)
5103
+ @binary_family = args[:binary_family] if args.key?(:binary_family)
5104
+ @detections = args[:detections] if args.key?(:detections)
5105
+ end
5106
+ end
5107
+
5108
+ # MITRE ATT&CK tactics and techniques related to this finding. See: https://
5109
+ # attack.mitre.org
5110
+ class GoogleCloudSecuritycenterV2MitreAttack
5111
+ include Google::Apis::Core::Hashable
5112
+
5113
+ # Additional MITRE ATT&CK tactics related to this finding, if any.
5114
+ # Corresponds to the JSON property `additionalTactics`
5115
+ # @return [Array<String>]
5116
+ attr_accessor :additional_tactics
5117
+
5118
+ # Additional MITRE ATT&CK techniques related to this finding, if any, along with
5119
+ # any of their respective parent techniques.
5120
+ # Corresponds to the JSON property `additionalTechniques`
5121
+ # @return [Array<String>]
5122
+ attr_accessor :additional_techniques
5123
+
5124
+ # The MITRE ATT&CK tactic most closely represented by this finding, if any.
5125
+ # Corresponds to the JSON property `primaryTactic`
5126
+ # @return [String]
5127
+ attr_accessor :primary_tactic
5128
+
5129
+ # The MITRE ATT&CK technique most closely represented by this finding, if any.
5130
+ # primary_techniques is a repeated field because there are multiple levels of
5131
+ # MITRE ATT&CK techniques. If the technique most closely represented by this
5132
+ # finding is a sub-technique (e.g. `SCANNING_IP_BLOCKS`), both the sub-technique
5133
+ # and its parent technique(s) will be listed (e.g. `SCANNING_IP_BLOCKS`, `
5134
+ # ACTIVE_SCANNING`).
5135
+ # Corresponds to the JSON property `primaryTechniques`
5136
+ # @return [Array<String>]
5137
+ attr_accessor :primary_techniques
5138
+
5139
+ # The MITRE ATT&CK version referenced by the above fields. E.g. "8".
5140
+ # Corresponds to the JSON property `version`
5141
+ # @return [String]
5142
+ attr_accessor :version
5143
+
5144
+ def initialize(**args)
5145
+ update!(**args)
5146
+ end
5147
+
5148
+ # Update properties of this object
5149
+ def update!(**args)
5150
+ @additional_tactics = args[:additional_tactics] if args.key?(:additional_tactics)
5151
+ @additional_techniques = args[:additional_techniques] if args.key?(:additional_techniques)
5152
+ @primary_tactic = args[:primary_tactic] if args.key?(:primary_tactic)
5153
+ @primary_techniques = args[:primary_techniques] if args.key?(:primary_techniques)
5154
+ @version = args[:version] if args.key?(:version)
5155
+ end
5156
+ end
5157
+
5158
+ # A mute config is a Cloud SCC resource that contains the configuration to mute
5159
+ # create/update events of findings.
5160
+ class GoogleCloudSecuritycenterV2MuteConfig
5161
+ include Google::Apis::Core::Hashable
5162
+
5163
+ # Output only. The time at which the mute config was created. This field is set
5164
+ # by the server and will be ignored if provided on config creation.
5165
+ # Corresponds to the JSON property `createTime`
5166
+ # @return [String]
5167
+ attr_accessor :create_time
5168
+
5169
+ # A description of the mute config.
5170
+ # Corresponds to the JSON property `description`
5171
+ # @return [String]
5172
+ attr_accessor :description
5173
+
5174
+ # Required. An expression that defines the filter to apply across create/update
5175
+ # events of findings. While creating a filter string, be mindful of the scope in
5176
+ # which the mute configuration is being created. E.g., If a filter contains
5177
+ # project = X but is created under the project = Y scope, it might not match any
5178
+ # findings. The following field and operator combinations are supported: *
5179
+ # severity: `=`, `:` * category: `=`, `:` * resource.name: `=`, `:` * resource.
5180
+ # project_name: `=`, `:` * resource.project_display_name: `=`, `:` * resource.
5181
+ # folders.resource_folder: `=`, `:` * resource.parent_name: `=`, `:` * resource.
5182
+ # parent_display_name: `=`, `:` * resource.type: `=`, `:` * finding_class: `=`, `
5183
+ # :` * indicator.ip_addresses: `=`, `:` * indicator.domains: `=`, `:`
5184
+ # Corresponds to the JSON property `filter`
5185
+ # @return [String]
5186
+ attr_accessor :filter
5187
+
5188
+ # Output only. Email address of the user who last edited the mute config. This
5189
+ # field is set by the server and will be ignored if provided on config creation
5190
+ # or update.
5191
+ # Corresponds to the JSON property `mostRecentEditor`
5192
+ # @return [String]
5193
+ attr_accessor :most_recent_editor
5194
+
5195
+ # This field will be ignored if provided on config creation. The following list
5196
+ # shows some examples of the format: + `organizations/`organization`/muteConfigs/
5197
+ # `mute_config`` + `organizations/`organization`locations/`location`//
5198
+ # muteConfigs/`mute_config`` + `folders/`folder`/muteConfigs/`mute_config`` + `
5199
+ # folders/`folder`/locations/`location`/muteConfigs/`mute_config`` + `projects/`
5200
+ # project`/muteConfigs/`mute_config`` + `projects/`project`/locations/`location`/
5201
+ # muteConfigs/`mute_config``
5202
+ # Corresponds to the JSON property `name`
5203
+ # @return [String]
5204
+ attr_accessor :name
5205
+
5206
+ # Required. The type of the mute config, which determines what type of mute
5207
+ # state the config affects. Immutable after creation.
5208
+ # Corresponds to the JSON property `type`
5209
+ # @return [String]
5210
+ attr_accessor :type
5211
+
5212
+ # Output only. The most recent time at which the mute config was updated. This
5213
+ # field is set by the server and will be ignored if provided on config creation
5214
+ # or update.
5215
+ # Corresponds to the JSON property `updateTime`
5216
+ # @return [String]
5217
+ attr_accessor :update_time
5218
+
5219
+ def initialize(**args)
5220
+ update!(**args)
5221
+ end
5222
+
5223
+ # Update properties of this object
5224
+ def update!(**args)
5225
+ @create_time = args[:create_time] if args.key?(:create_time)
5226
+ @description = args[:description] if args.key?(:description)
5227
+ @filter = args[:filter] if args.key?(:filter)
5228
+ @most_recent_editor = args[:most_recent_editor] if args.key?(:most_recent_editor)
5229
+ @name = args[:name] if args.key?(:name)
5230
+ @type = args[:type] if args.key?(:type)
5231
+ @update_time = args[:update_time] if args.key?(:update_time)
5232
+ end
5233
+ end
5234
+
5235
+ # Kubernetes nodes associated with the finding.
5236
+ class GoogleCloudSecuritycenterV2Node
5237
+ include Google::Apis::Core::Hashable
5238
+
5239
+ # [Full resource name](https://google.aip.dev/122#full-resource-names) of the
5240
+ # Compute Engine VM running the cluster node.
5241
+ # Corresponds to the JSON property `name`
5242
+ # @return [String]
5243
+ attr_accessor :name
5244
+
5245
+ def initialize(**args)
5246
+ update!(**args)
5247
+ end
5248
+
5249
+ # Update properties of this object
5250
+ def update!(**args)
5251
+ @name = args[:name] if args.key?(:name)
5252
+ end
5253
+ end
5254
+
5255
+ # Provides GKE node pool information.
5256
+ class GoogleCloudSecuritycenterV2NodePool
5257
+ include Google::Apis::Core::Hashable
5258
+
5259
+ # Kubernetes node pool name.
5260
+ # Corresponds to the JSON property `name`
5261
+ # @return [String]
5262
+ attr_accessor :name
5263
+
5264
+ # Nodes associated with the finding.
5265
+ # Corresponds to the JSON property `nodes`
5266
+ # @return [Array<Google::Apis::SecuritycenterV1beta1::GoogleCloudSecuritycenterV2Node>]
5267
+ attr_accessor :nodes
5268
+
5269
+ def initialize(**args)
5270
+ update!(**args)
5271
+ end
5272
+
5273
+ # Update properties of this object
5274
+ def update!(**args)
5275
+ @name = args[:name] if args.key?(:name)
5276
+ @nodes = args[:nodes] if args.key?(:nodes)
5277
+ end
5278
+ end
5279
+
5280
+ # Cloud SCC's Notification
5281
+ class GoogleCloudSecuritycenterV2NotificationMessage
5282
+ include Google::Apis::Core::Hashable
5283
+
5284
+ # Security Command Center finding. A finding is a record of assessment data like
5285
+ # security, risk, health, or privacy, that is ingested into Security Command
5286
+ # Center for presentation, notification, analysis, policy testing, and
5287
+ # enforcement. For example, a cross-site scripting (XSS) vulnerability in an App
5288
+ # Engine application is a finding.
5289
+ # Corresponds to the JSON property `finding`
5290
+ # @return [Google::Apis::SecuritycenterV1beta1::GoogleCloudSecuritycenterV2Finding]
5291
+ attr_accessor :finding
5292
+
5293
+ # Name of the notification config that generated current notification.
5294
+ # Corresponds to the JSON property `notificationConfigName`
5295
+ # @return [String]
5296
+ attr_accessor :notification_config_name
5297
+
5298
+ # Information related to the Google Cloud resource.
5299
+ # Corresponds to the JSON property `resource`
5300
+ # @return [Google::Apis::SecuritycenterV1beta1::GoogleCloudSecuritycenterV2Resource]
5301
+ attr_accessor :resource
5302
+
5303
+ def initialize(**args)
5304
+ update!(**args)
5305
+ end
5306
+
5307
+ # Update properties of this object
5308
+ def update!(**args)
5309
+ @finding = args[:finding] if args.key?(:finding)
5310
+ @notification_config_name = args[:notification_config_name] if args.key?(:notification_config_name)
5311
+ @resource = args[:resource] if args.key?(:resource)
5312
+ end
5313
+ end
5314
+
5315
+ # Kubernetes object related to the finding, uniquely identified by GKNN. Used if
5316
+ # the object Kind is not one of Pod, Node, NodePool, Binding, or AccessReview.
5317
+ class GoogleCloudSecuritycenterV2Object
5318
+ include Google::Apis::Core::Hashable
5319
+
5320
+ # Pod containers associated with this finding, if any.
5321
+ # Corresponds to the JSON property `containers`
5322
+ # @return [Array<Google::Apis::SecuritycenterV1beta1::GoogleCloudSecuritycenterV2Container>]
5323
+ attr_accessor :containers
5324
+
5325
+ # Kubernetes object group, such as "policy.k8s.io/v1".
5326
+ # Corresponds to the JSON property `group`
5327
+ # @return [String]
5328
+ attr_accessor :group
5329
+
5330
+ # Kubernetes object kind, such as "Namespace".
5331
+ # Corresponds to the JSON property `kind`
5332
+ # @return [String]
5333
+ attr_accessor :kind
5334
+
5335
+ # Kubernetes object name. For details see https://kubernetes.io/docs/concepts/
5336
+ # overview/working-with-objects/names/.
5337
+ # Corresponds to the JSON property `name`
5338
+ # @return [String]
5339
+ attr_accessor :name
5340
+
5341
+ # Kubernetes object namespace. Must be a valid DNS label. Named "ns" to avoid
5342
+ # collision with C++ namespace keyword. For details see https://kubernetes.io/
5343
+ # docs/tasks/administer-cluster/namespaces/.
5344
+ # Corresponds to the JSON property `ns`
5345
+ # @return [String]
5346
+ attr_accessor :ns
5347
+
5348
+ def initialize(**args)
5349
+ update!(**args)
5350
+ end
5351
+
5352
+ # Update properties of this object
5353
+ def update!(**args)
5354
+ @containers = args[:containers] if args.key?(:containers)
5355
+ @group = args[:group] if args.key?(:group)
5356
+ @kind = args[:kind] if args.key?(:kind)
5357
+ @name = args[:name] if args.key?(:name)
5358
+ @ns = args[:ns] if args.key?(:ns)
5359
+ end
5360
+ end
5361
+
5362
+ # Contains information about the org policies associated with the finding.
5363
+ class GoogleCloudSecuritycenterV2OrgPolicy
5364
+ include Google::Apis::Core::Hashable
5365
+
5366
+ # The resource name of the org policy. Example: "organizations/`organization_id`/
5367
+ # policies/`constraint_name`"
5368
+ # Corresponds to the JSON property `name`
5369
+ # @return [String]
5370
+ attr_accessor :name
5371
+
5372
+ def initialize(**args)
5373
+ update!(**args)
5374
+ end
5375
+
5376
+ # Update properties of this object
5377
+ def update!(**args)
5378
+ @name = args[:name] if args.key?(:name)
5379
+ end
5380
+ end
5381
+
5382
+ # Package is a generic definition of a package.
5383
+ class GoogleCloudSecuritycenterV2Package
5384
+ include Google::Apis::Core::Hashable
5385
+
5386
+ # The CPE URI where the vulnerability was detected.
5387
+ # Corresponds to the JSON property `cpeUri`
5388
+ # @return [String]
5389
+ attr_accessor :cpe_uri
5390
+
5391
+ # The name of the package where the vulnerability was detected.
5392
+ # Corresponds to the JSON property `packageName`
5393
+ # @return [String]
5394
+ attr_accessor :package_name
5395
+
5396
+ # Type of package, for example, os, maven, or go.
5397
+ # Corresponds to the JSON property `packageType`
5398
+ # @return [String]
5399
+ attr_accessor :package_type
5400
+
5401
+ # The version of the package.
5402
+ # Corresponds to the JSON property `packageVersion`
5403
+ # @return [String]
5404
+ attr_accessor :package_version
5405
+
5406
+ def initialize(**args)
5407
+ update!(**args)
5408
+ end
5409
+
5410
+ # Update properties of this object
5411
+ def update!(**args)
5412
+ @cpe_uri = args[:cpe_uri] if args.key?(:cpe_uri)
5413
+ @package_name = args[:package_name] if args.key?(:package_name)
5414
+ @package_type = args[:package_type] if args.key?(:package_type)
5415
+ @package_version = args[:package_version] if args.key?(:package_version)
5416
+ end
5417
+ end
5418
+
5419
+ # A Kubernetes Pod.
5420
+ class GoogleCloudSecuritycenterV2Pod
5421
+ include Google::Apis::Core::Hashable
5422
+
5423
+ # Pod containers associated with this finding, if any.
5424
+ # Corresponds to the JSON property `containers`
5425
+ # @return [Array<Google::Apis::SecuritycenterV1beta1::GoogleCloudSecuritycenterV2Container>]
5426
+ attr_accessor :containers
5427
+
5428
+ # Pod labels. For Kubernetes containers, these are applied to the container.
5429
+ # Corresponds to the JSON property `labels`
5430
+ # @return [Array<Google::Apis::SecuritycenterV1beta1::GoogleCloudSecuritycenterV2Label>]
5431
+ attr_accessor :labels
5432
+
5433
+ # Kubernetes Pod name.
5434
+ # Corresponds to the JSON property `name`
5435
+ # @return [String]
5436
+ attr_accessor :name
5437
+
5438
+ # Kubernetes Pod namespace.
5439
+ # Corresponds to the JSON property `ns`
5440
+ # @return [String]
5441
+ attr_accessor :ns
5442
+
5443
+ def initialize(**args)
5444
+ update!(**args)
5445
+ end
5446
+
5447
+ # Update properties of this object
5448
+ def update!(**args)
5449
+ @containers = args[:containers] if args.key?(:containers)
5450
+ @labels = args[:labels] if args.key?(:labels)
5451
+ @name = args[:name] if args.key?(:name)
5452
+ @ns = args[:ns] if args.key?(:ns)
5453
+ end
5454
+ end
5455
+
5456
+ # The policy field that violates the deployed posture and its expected and
5457
+ # detected values.
5458
+ class GoogleCloudSecuritycenterV2PolicyDriftDetails
5459
+ include Google::Apis::Core::Hashable
5460
+
5461
+ # The detected value that violates the deployed posture, for example, `false` or
5462
+ # `allowed_values=`"projects/22831892”``.
5463
+ # Corresponds to the JSON property `detectedValue`
5464
+ # @return [String]
5465
+ attr_accessor :detected_value
5466
+
5467
+ # The value of this field that was configured in a posture, for example, `true`
5468
+ # or `allowed_values=`"projects/29831892”``.
5469
+ # Corresponds to the JSON property `expectedValue`
5470
+ # @return [String]
5471
+ attr_accessor :expected_value
5472
+
5473
+ # The name of the updated field, for example constraint.implementation.
5474
+ # policy_rules[0].enforce
5475
+ # Corresponds to the JSON property `field`
5476
+ # @return [String]
5477
+ attr_accessor :field
5478
+
5479
+ def initialize(**args)
5480
+ update!(**args)
5481
+ end
5482
+
5483
+ # Update properties of this object
5484
+ def update!(**args)
5485
+ @detected_value = args[:detected_value] if args.key?(:detected_value)
5486
+ @expected_value = args[:expected_value] if args.key?(:expected_value)
5487
+ @field = args[:field] if args.key?(:field)
5488
+ end
5489
+ end
5490
+
5491
+ # Represents an operating system process.
5492
+ class GoogleCloudSecuritycenterV2Process
5493
+ include Google::Apis::Core::Hashable
5494
+
5495
+ # Process arguments as JSON encoded strings.
5496
+ # Corresponds to the JSON property `args`
5497
+ # @return [Array<String>]
5498
+ attr_accessor :args
5499
+
5500
+ # True if `args` is incomplete.
5501
+ # Corresponds to the JSON property `argumentsTruncated`
5502
+ # @return [Boolean]
5503
+ attr_accessor :arguments_truncated
5504
+ alias_method :arguments_truncated?, :arguments_truncated
5505
+
5506
+ # File information about the related binary/library used by an executable, or
5507
+ # the script used by a script interpreter
5508
+ # Corresponds to the JSON property `binary`
5509
+ # @return [Google::Apis::SecuritycenterV1beta1::GoogleCloudSecuritycenterV2File]
5510
+ attr_accessor :binary
5511
+
5512
+ # Process environment variables.
5513
+ # Corresponds to the JSON property `envVariables`
5514
+ # @return [Array<Google::Apis::SecuritycenterV1beta1::GoogleCloudSecuritycenterV2EnvironmentVariable>]
5515
+ attr_accessor :env_variables
5516
+
5517
+ # True if `env_variables` is incomplete.
5518
+ # Corresponds to the JSON property `envVariablesTruncated`
5519
+ # @return [Boolean]
5520
+ attr_accessor :env_variables_truncated
5521
+ alias_method :env_variables_truncated?, :env_variables_truncated
5522
+
5523
+ # File information for libraries loaded by the process.
5524
+ # Corresponds to the JSON property `libraries`
5525
+ # @return [Array<Google::Apis::SecuritycenterV1beta1::GoogleCloudSecuritycenterV2File>]
5526
+ attr_accessor :libraries
5527
+
5528
+ # The process name, as displayed in utilities like `top` and `ps`. This name can
5529
+ # be accessed through `/proc/[pid]/comm` and changed with `prctl(PR_SET_NAME)`.
5530
+ # Corresponds to the JSON property `name`
5531
+ # @return [String]
5532
+ attr_accessor :name
5533
+
5534
+ # The parent process ID.
5535
+ # Corresponds to the JSON property `parentPid`
5536
+ # @return [Fixnum]
5537
+ attr_accessor :parent_pid
5538
+
5539
+ # The process ID.
5540
+ # Corresponds to the JSON property `pid`
5541
+ # @return [Fixnum]
5542
+ attr_accessor :pid
5543
+
5544
+ # File information about the related binary/library used by an executable, or
5545
+ # the script used by a script interpreter
5546
+ # Corresponds to the JSON property `script`
5547
+ # @return [Google::Apis::SecuritycenterV1beta1::GoogleCloudSecuritycenterV2File]
5548
+ attr_accessor :script
5549
+
5550
+ def initialize(**args)
5551
+ update!(**args)
5552
+ end
5553
+
5554
+ # Update properties of this object
5555
+ def update!(**args)
5556
+ @args = args[:args] if args.key?(:args)
5557
+ @arguments_truncated = args[:arguments_truncated] if args.key?(:arguments_truncated)
5558
+ @binary = args[:binary] if args.key?(:binary)
5559
+ @env_variables = args[:env_variables] if args.key?(:env_variables)
5560
+ @env_variables_truncated = args[:env_variables_truncated] if args.key?(:env_variables_truncated)
5561
+ @libraries = args[:libraries] if args.key?(:libraries)
5562
+ @name = args[:name] if args.key?(:name)
5563
+ @parent_pid = args[:parent_pid] if args.key?(:parent_pid)
5564
+ @pid = args[:pid] if args.key?(:pid)
5565
+ @script = args[:script] if args.key?(:script)
5566
+ end
5567
+ end
5568
+
5569
+ # Indicates what signature matched this process.
5570
+ class GoogleCloudSecuritycenterV2ProcessSignature
5571
+ include Google::Apis::Core::Hashable
5572
+
5573
+ # A signature corresponding to memory page hashes.
5574
+ # Corresponds to the JSON property `memoryHashSignature`
5575
+ # @return [Google::Apis::SecuritycenterV1beta1::GoogleCloudSecuritycenterV2MemoryHashSignature]
5576
+ attr_accessor :memory_hash_signature
5577
+
5578
+ # Describes the type of resource associated with the signature.
5579
+ # Corresponds to the JSON property `signatureType`
5580
+ # @return [String]
5581
+ attr_accessor :signature_type
5582
+
5583
+ # A signature corresponding to a YARA rule.
5584
+ # Corresponds to the JSON property `yaraRuleSignature`
5585
+ # @return [Google::Apis::SecuritycenterV1beta1::GoogleCloudSecuritycenterV2YaraRuleSignature]
5586
+ attr_accessor :yara_rule_signature
5587
+
5588
+ def initialize(**args)
5589
+ update!(**args)
5590
+ end
5591
+
5592
+ # Update properties of this object
5593
+ def update!(**args)
5594
+ @memory_hash_signature = args[:memory_hash_signature] if args.key?(:memory_hash_signature)
5595
+ @signature_type = args[:signature_type] if args.key?(:signature_type)
5596
+ @yara_rule_signature = args[:yara_rule_signature] if args.key?(:yara_rule_signature)
5597
+ end
5598
+ end
5599
+
5600
+ # Additional Links
5601
+ class GoogleCloudSecuritycenterV2Reference
5602
+ include Google::Apis::Core::Hashable
5603
+
5604
+ # Source of the reference e.g. NVD
5605
+ # Corresponds to the JSON property `source`
5606
+ # @return [String]
5607
+ attr_accessor :source
5608
+
5609
+ # Uri for the mentioned source e.g. https://cve.mitre.org/cgi-bin/cvename.cgi?
5610
+ # name=CVE-2021-34527.
5611
+ # Corresponds to the JSON property `uri`
5612
+ # @return [String]
5613
+ attr_accessor :uri
5614
+
5615
+ def initialize(**args)
5616
+ update!(**args)
5617
+ end
5618
+
5619
+ # Update properties of this object
5620
+ def update!(**args)
5621
+ @source = args[:source] if args.key?(:source)
5622
+ @uri = args[:uri] if args.key?(:uri)
5623
+ end
5624
+ end
5625
+
5626
+ # Information related to the Google Cloud resource.
5627
+ class GoogleCloudSecuritycenterV2Resource
5628
+ include Google::Apis::Core::Hashable
5629
+
5630
+ # The human readable name of the resource.
5631
+ # Corresponds to the JSON property `displayName`
5632
+ # @return [String]
5633
+ attr_accessor :display_name
5634
+
5635
+ # The full resource name of the resource. See: https://cloud.google.com/apis/
5636
+ # design/resource_names#full_resource_name
5637
+ # Corresponds to the JSON property `name`
5638
+ # @return [String]
5639
+ attr_accessor :name
5640
+
5641
+ # The full resource type of the resource.
5642
+ # Corresponds to the JSON property `type`
5643
+ # @return [String]
5644
+ attr_accessor :type
5645
+
5646
+ def initialize(**args)
5647
+ update!(**args)
5648
+ end
5649
+
5650
+ # Update properties of this object
5651
+ def update!(**args)
5652
+ @display_name = args[:display_name] if args.key?(:display_name)
5653
+ @name = args[:name] if args.key?(:name)
5654
+ @type = args[:type] if args.key?(:type)
5655
+ end
5656
+ end
5657
+
5658
+ # A resource value config (RVC) is a mapping configuration of user's resources
5659
+ # to resource values. Used in Attack path simulations.
5660
+ class GoogleCloudSecuritycenterV2ResourceValueConfig
5661
+ include Google::Apis::Core::Hashable
5662
+
5663
+ # Output only. Timestamp this resource value config was created.
5664
+ # Corresponds to the JSON property `createTime`
5665
+ # @return [String]
5666
+ attr_accessor :create_time
5667
+
5668
+ # Description of the resource value config.
5669
+ # Corresponds to the JSON property `description`
5670
+ # @return [String]
5671
+ attr_accessor :description
5672
+
5673
+ # Name for the resource value config
5674
+ # Corresponds to the JSON property `name`
5675
+ # @return [String]
5676
+ attr_accessor :name
5677
+
5678
+ # List of resource labels to search for, evaluated with AND. E.g. "
5679
+ # resource_labels_selector": `"key": "value", "env": "prod"` will match
5680
+ # resources with labels "key": "value" AND "env": "prod" https://cloud.google.
5681
+ # com/resource-manager/docs/creating-managing-labels
5682
+ # Corresponds to the JSON property `resourceLabelsSelector`
5683
+ # @return [Hash<String,String>]
5684
+ attr_accessor :resource_labels_selector
5685
+
5686
+ # Apply resource_value only to resources that match resource_type. resource_type
5687
+ # will be checked with "AND" of other resources. E.g. "storage.googleapis.com/
5688
+ # Bucket" with resource_value "HIGH" will apply "HIGH" value only to "storage.
5689
+ # googleapis.com/Bucket" resources.
5690
+ # Corresponds to the JSON property `resourceType`
5691
+ # @return [String]
5692
+ attr_accessor :resource_type
5693
+
5694
+ # Resource value level this expression represents Only required when there is no
5695
+ # SDP mapping in the request
5696
+ # Corresponds to the JSON property `resourceValue`
5697
+ # @return [String]
5698
+ attr_accessor :resource_value
5699
+
5700
+ # Project or folder to scope this config to. For example, "project/456" would
5701
+ # apply this config only to resources in "project/456" scope will be checked
5702
+ # with "AND" of other resources.
5703
+ # Corresponds to the JSON property `scope`
5704
+ # @return [String]
5705
+ attr_accessor :scope
5706
+
5707
+ # Resource value mapping for Sensitive Data Protection findings If any of these
5708
+ # mappings have a resource value that is not unspecified, the resource_value
5709
+ # field will be ignored when reading this configuration.
5710
+ # Corresponds to the JSON property `sensitiveDataProtectionMapping`
5711
+ # @return [Google::Apis::SecuritycenterV1beta1::GoogleCloudSecuritycenterV2SensitiveDataProtectionMapping]
5712
+ attr_accessor :sensitive_data_protection_mapping
5713
+
5714
+ # Required. Tag values combined with AND to check against. Values in the form "
5715
+ # tagValues/123" E.g. [ "tagValues/123", "tagValues/456", "tagValues/789" ]
5716
+ # https://cloud.google.com/resource-manager/docs/tags/tags-creating-and-managing
5717
+ # Corresponds to the JSON property `tagValues`
5718
+ # @return [Array<String>]
5719
+ attr_accessor :tag_values
5720
+
5721
+ # Output only. Timestamp this resource value config was last updated.
5722
+ # Corresponds to the JSON property `updateTime`
5723
+ # @return [String]
5724
+ attr_accessor :update_time
5725
+
5726
+ def initialize(**args)
5727
+ update!(**args)
5728
+ end
5729
+
5730
+ # Update properties of this object
5731
+ def update!(**args)
5732
+ @create_time = args[:create_time] if args.key?(:create_time)
5733
+ @description = args[:description] if args.key?(:description)
5734
+ @name = args[:name] if args.key?(:name)
5735
+ @resource_labels_selector = args[:resource_labels_selector] if args.key?(:resource_labels_selector)
5736
+ @resource_type = args[:resource_type] if args.key?(:resource_type)
5737
+ @resource_value = args[:resource_value] if args.key?(:resource_value)
5738
+ @scope = args[:scope] if args.key?(:scope)
5739
+ @sensitive_data_protection_mapping = args[:sensitive_data_protection_mapping] if args.key?(:sensitive_data_protection_mapping)
5740
+ @tag_values = args[:tag_values] if args.key?(:tag_values)
5741
+ @update_time = args[:update_time] if args.key?(:update_time)
5742
+ end
5743
+ end
5744
+
5745
+ # Kubernetes Role or ClusterRole.
5746
+ class GoogleCloudSecuritycenterV2Role
5747
+ include Google::Apis::Core::Hashable
5748
+
5749
+ # Role type.
5750
+ # Corresponds to the JSON property `kind`
5751
+ # @return [String]
5752
+ attr_accessor :kind
5753
+
5754
+ # Role name.
5755
+ # Corresponds to the JSON property `name`
5756
+ # @return [String]
5757
+ attr_accessor :name
5758
+
5759
+ # Role namespace.
5760
+ # Corresponds to the JSON property `ns`
5761
+ # @return [String]
5762
+ attr_accessor :ns
5763
+
5764
+ def initialize(**args)
5765
+ update!(**args)
5766
+ end
5767
+
5768
+ # Update properties of this object
5769
+ def update!(**args)
5770
+ @kind = args[:kind] if args.key?(:kind)
5771
+ @name = args[:name] if args.key?(:name)
5772
+ @ns = args[:ns] if args.key?(:ns)
5773
+ end
5774
+ end
5775
+
5776
+ # SecurityBulletin are notifications of vulnerabilities of Google products.
5777
+ class GoogleCloudSecuritycenterV2SecurityBulletin
5778
+ include Google::Apis::Core::Hashable
5779
+
5780
+ # ID of the bulletin corresponding to the vulnerability.
5781
+ # Corresponds to the JSON property `bulletinId`
5782
+ # @return [String]
5783
+ attr_accessor :bulletin_id
5784
+
5785
+ # Submission time of this Security Bulletin.
5786
+ # Corresponds to the JSON property `submissionTime`
5787
+ # @return [String]
5788
+ attr_accessor :submission_time
5789
+
5790
+ # This represents a version that the cluster receiving this notification should
5791
+ # be upgraded to, based on its current version. For example, 1.15.0
5792
+ # Corresponds to the JSON property `suggestedUpgradeVersion`
5793
+ # @return [String]
5794
+ attr_accessor :suggested_upgrade_version
5795
+
5796
+ def initialize(**args)
5797
+ update!(**args)
5798
+ end
5799
+
5800
+ # Update properties of this object
5801
+ def update!(**args)
5802
+ @bulletin_id = args[:bulletin_id] if args.key?(:bulletin_id)
5803
+ @submission_time = args[:submission_time] if args.key?(:submission_time)
5804
+ @suggested_upgrade_version = args[:suggested_upgrade_version] if args.key?(:suggested_upgrade_version)
5805
+ end
5806
+ end
5807
+
5808
+ # User specified security marks that are attached to the parent Security Command
5809
+ # Center resource. Security marks are scoped within a Security Command Center
5810
+ # organization -- they can be modified and viewed by all users who have proper
5811
+ # permissions on the organization.
5812
+ class GoogleCloudSecuritycenterV2SecurityMarks
5813
+ include Google::Apis::Core::Hashable
5814
+
5815
+ # The canonical name of the marks. The following list shows some examples: + `
5816
+ # organizations/`organization_id`/assets/`asset_id`/securityMarks" + `
5817
+ # organizations/`organization_id`/sources/`source_id`/findings/`finding_id`/
5818
+ # securityMarks" + `organizations/`organization_id`/sources/`source_id`/
5819
+ # locations/`location`/findings/`finding_id`/securityMarks" + `folders/`
5820
+ # folder_id`/assets/`asset_id`/securityMarks" + `folders/`folder_id`/sources/`
5821
+ # source_id`/findings/`finding_id`/securityMarks" + `folders/`folder_id`/sources/
5822
+ # `source_id`/locations/`location`/findings/`finding_id`/securityMarks" + `
5823
+ # projects/`project_number`/assets/`asset_id`/securityMarks" + `projects/`
5824
+ # project_number`/sources/`source_id`/findings/`finding_id`/securityMarks" + `
5825
+ # projects/`project_number`/sources/`source_id`/locations/`location`/findings/`
5826
+ # finding_id`/securityMarks"
5827
+ # Corresponds to the JSON property `canonicalName`
5828
+ # @return [String]
5829
+ attr_accessor :canonical_name
5830
+
5831
+ # Mutable user specified security marks belonging to the parent resource.
5832
+ # Constraints are as follows: * Keys and values are treated as case insensitive *
5833
+ # Keys must be between 1 - 256 characters (inclusive) * Keys must be letters,
5834
+ # numbers, underscores, or dashes * Values have leading and trailing whitespace
5835
+ # trimmed, remaining characters must be between 1 - 4096 characters (inclusive)
5836
+ # Corresponds to the JSON property `marks`
5837
+ # @return [Hash<String,String>]
5838
+ attr_accessor :marks
5839
+
5840
+ # The relative resource name of the SecurityMarks. See: https://cloud.google.com/
5841
+ # apis/design/resource_names#relative_resource_name The following list shows
5842
+ # some examples: + `organizations/`organization_id`/assets/`asset_id`/
5843
+ # securityMarks` + `organizations/`organization_id`/sources/`source_id`/findings/
5844
+ # `finding_id`/securityMarks` + `organizations/`organization_id`/sources/`
5845
+ # source_id`/locations/`location`/findings/`finding_id`/securityMarks`
5846
+ # Corresponds to the JSON property `name`
5847
+ # @return [String]
5848
+ attr_accessor :name
5849
+
5850
+ def initialize(**args)
5851
+ update!(**args)
5852
+ end
5853
+
5854
+ # Update properties of this object
5855
+ def update!(**args)
5856
+ @canonical_name = args[:canonical_name] if args.key?(:canonical_name)
5857
+ @marks = args[:marks] if args.key?(:marks)
5858
+ @name = args[:name] if args.key?(:name)
5859
+ end
5860
+ end
5861
+
5862
+ # Represents a posture that is deployed on Google Cloud by the Security Command
5863
+ # Center Posture Management service. A posture contains one or more policy sets.
5864
+ # A policy set is a group of policies that enforce a set of security rules on
5865
+ # Google Cloud.
5866
+ class GoogleCloudSecuritycenterV2SecurityPosture
5867
+ include Google::Apis::Core::Hashable
5868
+
5869
+ # The name of the updated policy, for example, `projects/`project_id`/policies/`
5870
+ # constraint_name``.
5871
+ # Corresponds to the JSON property `changedPolicy`
5872
+ # @return [String]
5873
+ attr_accessor :changed_policy
5874
+
5875
+ # Name of the posture, for example, `CIS-Posture`.
5876
+ # Corresponds to the JSON property `name`
5877
+ # @return [String]
5878
+ attr_accessor :name
5879
+
5880
+ # The ID of the updated policy, for example, `compute-policy-1`.
5881
+ # Corresponds to the JSON property `policy`
5882
+ # @return [String]
5883
+ attr_accessor :policy
5884
+
5885
+ # The details about a change in an updated policy that violates the deployed
5886
+ # posture.
5887
+ # Corresponds to the JSON property `policyDriftDetails`
5888
+ # @return [Array<Google::Apis::SecuritycenterV1beta1::GoogleCloudSecuritycenterV2PolicyDriftDetails>]
5889
+ attr_accessor :policy_drift_details
5890
+
5891
+ # The name of the updated policy set, for example, `cis-policyset`.
5892
+ # Corresponds to the JSON property `policySet`
5893
+ # @return [String]
5894
+ attr_accessor :policy_set
5895
+
5896
+ # The name of the posture deployment, for example, `organizations/`org_id`/
5897
+ # posturedeployments/`posture_deployment_id``.
5898
+ # Corresponds to the JSON property `postureDeployment`
5899
+ # @return [String]
5900
+ attr_accessor :posture_deployment
5901
+
5902
+ # The project, folder, or organization on which the posture is deployed, for
5903
+ # example, `projects/`project_number``.
5904
+ # Corresponds to the JSON property `postureDeploymentResource`
5905
+ # @return [String]
5906
+ attr_accessor :posture_deployment_resource
5907
+
5908
+ # The version of the posture, for example, `c7cfa2a8`.
5909
+ # Corresponds to the JSON property `revisionId`
5910
+ # @return [String]
5911
+ attr_accessor :revision_id
5912
+
5913
+ def initialize(**args)
5914
+ update!(**args)
5915
+ end
5916
+
5917
+ # Update properties of this object
5918
+ def update!(**args)
5919
+ @changed_policy = args[:changed_policy] if args.key?(:changed_policy)
5920
+ @name = args[:name] if args.key?(:name)
5921
+ @policy = args[:policy] if args.key?(:policy)
5922
+ @policy_drift_details = args[:policy_drift_details] if args.key?(:policy_drift_details)
5923
+ @policy_set = args[:policy_set] if args.key?(:policy_set)
5924
+ @posture_deployment = args[:posture_deployment] if args.key?(:posture_deployment)
5925
+ @posture_deployment_resource = args[:posture_deployment_resource] if args.key?(:posture_deployment_resource)
5926
+ @revision_id = args[:revision_id] if args.key?(:revision_id)
5927
+ end
5928
+ end
5929
+
5930
+ # Resource value mapping for Sensitive Data Protection findings If any of these
5931
+ # mappings have a resource value that is not unspecified, the resource_value
5932
+ # field will be ignored when reading this configuration.
5933
+ class GoogleCloudSecuritycenterV2SensitiveDataProtectionMapping
5934
+ include Google::Apis::Core::Hashable
5935
+
5936
+ # Resource value mapping for high-sensitivity Sensitive Data Protection findings
5937
+ # Corresponds to the JSON property `highSensitivityMapping`
5938
+ # @return [String]
5939
+ attr_accessor :high_sensitivity_mapping
5940
+
5941
+ # Resource value mapping for medium-sensitivity Sensitive Data Protection
5942
+ # findings
5943
+ # Corresponds to the JSON property `mediumSensitivityMapping`
5944
+ # @return [String]
5945
+ attr_accessor :medium_sensitivity_mapping
5946
+
5947
+ def initialize(**args)
5948
+ update!(**args)
5949
+ end
5950
+
5951
+ # Update properties of this object
5952
+ def update!(**args)
5953
+ @high_sensitivity_mapping = args[:high_sensitivity_mapping] if args.key?(:high_sensitivity_mapping)
5954
+ @medium_sensitivity_mapping = args[:medium_sensitivity_mapping] if args.key?(:medium_sensitivity_mapping)
5955
+ end
5956
+ end
5957
+
5958
+ # Identity delegation history of an authenticated service account.
5959
+ class GoogleCloudSecuritycenterV2ServiceAccountDelegationInfo
5960
+ include Google::Apis::Core::Hashable
5961
+
5962
+ # The email address of a Google account.
5963
+ # Corresponds to the JSON property `principalEmail`
5964
+ # @return [String]
5965
+ attr_accessor :principal_email
5966
+
5967
+ # A string representing the principal_subject associated with the identity. As
5968
+ # compared to `principal_email`, supports principals that aren't associated with
5969
+ # email addresses, such as third party principals. For most identities, the
5970
+ # format will be `principal://iam.googleapis.com/`identity pool name`/subjects/`
5971
+ # subject`` except for some GKE identities (GKE_WORKLOAD, FREEFORM,
5972
+ # GKE_HUB_WORKLOAD) that are still in the legacy format `serviceAccount:`
5973
+ # identity pool name`[`subject`]`
5974
+ # Corresponds to the JSON property `principalSubject`
5975
+ # @return [String]
5976
+ attr_accessor :principal_subject
5977
+
5978
+ def initialize(**args)
5979
+ update!(**args)
5980
+ end
5981
+
5982
+ # Update properties of this object
5983
+ def update!(**args)
5984
+ @principal_email = args[:principal_email] if args.key?(:principal_email)
5985
+ @principal_subject = args[:principal_subject] if args.key?(:principal_subject)
5986
+ end
5987
+ end
5988
+
5989
+ # Represents a Kubernetes subject.
5990
+ class GoogleCloudSecuritycenterV2Subject
5991
+ include Google::Apis::Core::Hashable
5992
+
5993
+ # Authentication type for the subject.
5994
+ # Corresponds to the JSON property `kind`
5995
+ # @return [String]
5996
+ attr_accessor :kind
5997
+
5998
+ # Name for the subject.
5999
+ # Corresponds to the JSON property `name`
6000
+ # @return [String]
6001
+ attr_accessor :name
6002
+
6003
+ # Namespace for the subject.
6004
+ # Corresponds to the JSON property `ns`
6005
+ # @return [String]
6006
+ attr_accessor :ns
6007
+
6008
+ def initialize(**args)
6009
+ update!(**args)
6010
+ end
6011
+
6012
+ # Update properties of this object
6013
+ def update!(**args)
6014
+ @kind = args[:kind] if args.key?(:kind)
6015
+ @name = args[:name] if args.key?(:name)
6016
+ @ns = args[:ns] if args.key?(:ns)
6017
+ end
6018
+ end
6019
+
6020
+ # Information about the ticket, if any, that is being used to track the
6021
+ # resolution of the issue that is identified by this finding.
6022
+ class GoogleCloudSecuritycenterV2TicketInfo
6023
+ include Google::Apis::Core::Hashable
6024
+
6025
+ # The assignee of the ticket in the ticket system.
6026
+ # Corresponds to the JSON property `assignee`
6027
+ # @return [String]
6028
+ attr_accessor :assignee
6029
+
6030
+ # The description of the ticket in the ticket system.
6031
+ # Corresponds to the JSON property `description`
6032
+ # @return [String]
6033
+ attr_accessor :description
6034
+
6035
+ # The identifier of the ticket in the ticket system.
6036
+ # Corresponds to the JSON property `id`
6037
+ # @return [String]
6038
+ attr_accessor :id
6039
+
6040
+ # The latest status of the ticket, as reported by the ticket system.
6041
+ # Corresponds to the JSON property `status`
6042
+ # @return [String]
6043
+ attr_accessor :status
6044
+
6045
+ # The time when the ticket was last updated, as reported by the ticket system.
6046
+ # Corresponds to the JSON property `updateTime`
6047
+ # @return [String]
6048
+ attr_accessor :update_time
6049
+
6050
+ # The link to the ticket in the ticket system.
6051
+ # Corresponds to the JSON property `uri`
6052
+ # @return [String]
6053
+ attr_accessor :uri
6054
+
6055
+ def initialize(**args)
6056
+ update!(**args)
6057
+ end
6058
+
6059
+ # Update properties of this object
6060
+ def update!(**args)
6061
+ @assignee = args[:assignee] if args.key?(:assignee)
6062
+ @description = args[:description] if args.key?(:description)
6063
+ @id = args[:id] if args.key?(:id)
6064
+ @status = args[:status] if args.key?(:status)
6065
+ @update_time = args[:update_time] if args.key?(:update_time)
6066
+ @uri = args[:uri] if args.key?(:uri)
6067
+ end
6068
+ end
6069
+
6070
+ # Refers to common vulnerability fields e.g. cve, cvss, cwe etc.
6071
+ class GoogleCloudSecuritycenterV2Vulnerability
6072
+ include Google::Apis::Core::Hashable
6073
+
6074
+ # CVE stands for Common Vulnerabilities and Exposures. Information from the [CVE
6075
+ # record](https://www.cve.org/ResourcesSupport/Glossary) that describes this
6076
+ # vulnerability.
6077
+ # Corresponds to the JSON property `cve`
6078
+ # @return [Google::Apis::SecuritycenterV1beta1::GoogleCloudSecuritycenterV2Cve]
6079
+ attr_accessor :cve
6080
+
6081
+ # Package is a generic definition of a package.
6082
+ # Corresponds to the JSON property `fixedPackage`
6083
+ # @return [Google::Apis::SecuritycenterV1beta1::GoogleCloudSecuritycenterV2Package]
6084
+ attr_accessor :fixed_package
6085
+
6086
+ # Package is a generic definition of a package.
6087
+ # Corresponds to the JSON property `offendingPackage`
6088
+ # @return [Google::Apis::SecuritycenterV1beta1::GoogleCloudSecuritycenterV2Package]
6089
+ attr_accessor :offending_package
6090
+
6091
+ # SecurityBulletin are notifications of vulnerabilities of Google products.
6092
+ # Corresponds to the JSON property `securityBulletin`
6093
+ # @return [Google::Apis::SecuritycenterV1beta1::GoogleCloudSecuritycenterV2SecurityBulletin]
6094
+ attr_accessor :security_bulletin
6095
+
6096
+ def initialize(**args)
6097
+ update!(**args)
6098
+ end
6099
+
6100
+ # Update properties of this object
6101
+ def update!(**args)
6102
+ @cve = args[:cve] if args.key?(:cve)
6103
+ @fixed_package = args[:fixed_package] if args.key?(:fixed_package)
6104
+ @offending_package = args[:offending_package] if args.key?(:offending_package)
6105
+ @security_bulletin = args[:security_bulletin] if args.key?(:security_bulletin)
6106
+ end
6107
+ end
6108
+
6109
+ # A signature corresponding to a YARA rule.
6110
+ class GoogleCloudSecuritycenterV2YaraRuleSignature
6111
+ include Google::Apis::Core::Hashable
6112
+
6113
+ # The name of the YARA rule.
6114
+ # Corresponds to the JSON property `yaraRule`
6115
+ # @return [String]
6116
+ attr_accessor :yara_rule
6117
+
6118
+ def initialize(**args)
6119
+ update!(**args)
6120
+ end
6121
+
6122
+ # Update properties of this object
6123
+ def update!(**args)
6124
+ @yara_rule = args[:yara_rule] if args.key?(:yara_rule)
6125
+ end
6126
+ end
6127
+
3076
6128
  # Request message for grouping by assets.
3077
6129
  class GroupAssetsRequest
3078
6130
  include Google::Apis::Core::Hashable