google-apis-securitycenter_v1beta2 0.59.0 → 0.61.0

Sign up to get free protection for your applications and to get access to all the features.
@@ -518,68 +518,6 @@ module Google
518
518
  end
519
519
  end
520
520
 
521
- # Result containing the properties and count of a ComplianceSnapshot request.
522
- class ComplianceSnapshot
523
- include Google::Apis::Core::Hashable
524
-
525
- # The category of Findings matching.
526
- # Corresponds to the JSON property `category`
527
- # @return [String]
528
- attr_accessor :category
529
-
530
- # The compliance standard (ie CIS).
531
- # Corresponds to the JSON property `complianceStandard`
532
- # @return [String]
533
- attr_accessor :compliance_standard
534
-
535
- # The compliance version (ie 1.3) in CIS 1.3.
536
- # Corresponds to the JSON property `complianceVersion`
537
- # @return [String]
538
- attr_accessor :compliance_version
539
-
540
- # Total count of findings for the given properties.
541
- # Corresponds to the JSON property `count`
542
- # @return [Fixnum]
543
- attr_accessor :count
544
-
545
- # The leaf container resource name that is closest to the snapshot.
546
- # Corresponds to the JSON property `leafContainerResource`
547
- # @return [String]
548
- attr_accessor :leaf_container_resource
549
-
550
- # The compliance snapshot name. Format: //sources//complianceSnapshots/
551
- # Corresponds to the JSON property `name`
552
- # @return [String]
553
- attr_accessor :name
554
-
555
- # The CRM resource display name that is closest to the snapshot the Findings
556
- # belong to.
557
- # Corresponds to the JSON property `projectDisplayName`
558
- # @return [String]
559
- attr_accessor :project_display_name
560
-
561
- # The snapshot time of the snapshot.
562
- # Corresponds to the JSON property `snapshotTime`
563
- # @return [String]
564
- attr_accessor :snapshot_time
565
-
566
- def initialize(**args)
567
- update!(**args)
568
- end
569
-
570
- # Update properties of this object
571
- def update!(**args)
572
- @category = args[:category] if args.key?(:category)
573
- @compliance_standard = args[:compliance_standard] if args.key?(:compliance_standard)
574
- @compliance_version = args[:compliance_version] if args.key?(:compliance_version)
575
- @count = args[:count] if args.key?(:count)
576
- @leaf_container_resource = args[:leaf_container_resource] if args.key?(:leaf_container_resource)
577
- @name = args[:name] if args.key?(:name)
578
- @project_display_name = args[:project_display_name] if args.key?(:project_display_name)
579
- @snapshot_time = args[:snapshot_time] if args.key?(:snapshot_time)
580
- end
581
- end
582
-
583
521
  # Configuration of a module.
584
522
  class Config
585
523
  include Google::Apis::Core::Hashable
@@ -1021,6 +959,33 @@ module Google
1021
959
  end
1022
960
  end
1023
961
 
962
+ # Path of the file in terms of underlying disk/partition identifiers.
963
+ class DiskPath
964
+ include Google::Apis::Core::Hashable
965
+
966
+ # UUID of the partition (format https://wiki.archlinux.org/title/
967
+ # persistent_block_device_naming#by-uuid)
968
+ # Corresponds to the JSON property `partitionUuid`
969
+ # @return [String]
970
+ attr_accessor :partition_uuid
971
+
972
+ # Relative path of the file in the partition as a JSON encoded string. Example: /
973
+ # home/user1/executable_file.sh
974
+ # Corresponds to the JSON property `relativePath`
975
+ # @return [String]
976
+ attr_accessor :relative_path
977
+
978
+ def initialize(**args)
979
+ update!(**args)
980
+ end
981
+
982
+ # Update properties of this object
983
+ def update!(**args)
984
+ @partition_uuid = args[:partition_uuid] if args.key?(:partition_uuid)
985
+ @relative_path = args[:relative_path] if args.key?(:relative_path)
986
+ end
987
+ end
988
+
1024
989
  # A name-value pair representing an environment variable used in an operating
1025
990
  # system process.
1026
991
  class EnvironmentVariable
@@ -1219,6 +1184,11 @@ module Google
1219
1184
  # @return [String]
1220
1185
  attr_accessor :contents
1221
1186
 
1187
+ # Path of the file in terms of underlying disk/partition identifiers.
1188
+ # Corresponds to the JSON property `diskPath`
1189
+ # @return [Google::Apis::SecuritycenterV1beta2::DiskPath]
1190
+ attr_accessor :disk_path
1191
+
1222
1192
  # The length in bytes of the file prefix that was hashed. If hashed_size == size,
1223
1193
  # any hashes reported represent the entire file.
1224
1194
  # Corresponds to the JSON property `hashedSize`
@@ -1254,6 +1224,7 @@ module Google
1254
1224
  # Update properties of this object
1255
1225
  def update!(**args)
1256
1226
  @contents = args[:contents] if args.key?(:contents)
1227
+ @disk_path = args[:disk_path] if args.key?(:disk_path)
1257
1228
  @hashed_size = args[:hashed_size] if args.key?(:hashed_size)
1258
1229
  @partially_hashed = args[:partially_hashed] if args.key?(:partially_hashed)
1259
1230
  @path = args[:path] if args.key?(:path)
@@ -1951,6 +1922,21 @@ module Google
1951
1922
  # @return [Array<String>]
1952
1923
  attr_accessor :assignees
1953
1924
 
1925
+ # The priority of the finding's corresponding case in the external system.
1926
+ # Corresponds to the JSON property `casePriority`
1927
+ # @return [String]
1928
+ attr_accessor :case_priority
1929
+
1930
+ # The SLA of the finding's corresponding case in the external system.
1931
+ # Corresponds to the JSON property `caseSla`
1932
+ # @return [String]
1933
+ attr_accessor :case_sla
1934
+
1935
+ # The link to the finding's corresponding case in the external system.
1936
+ # Corresponds to the JSON property `caseUri`
1937
+ # @return [String]
1938
+ attr_accessor :case_uri
1939
+
1954
1940
  # The time when the case was last updated, as reported by the external system.
1955
1941
  # Corresponds to the JSON property `externalSystemUpdateTime`
1956
1942
  # @return [String]
@@ -1976,6 +1962,12 @@ module Google
1976
1962
  # @return [String]
1977
1963
  attr_accessor :status
1978
1964
 
1965
+ # Information about the ticket, if any, that is being used to track the
1966
+ # resolution of the issue that is identified by this finding.
1967
+ # Corresponds to the JSON property `ticketInfo`
1968
+ # @return [Google::Apis::SecuritycenterV1beta2::TicketInfo]
1969
+ attr_accessor :ticket_info
1970
+
1979
1971
  def initialize(**args)
1980
1972
  update!(**args)
1981
1973
  end
@@ -1983,10 +1975,14 @@ module Google
1983
1975
  # Update properties of this object
1984
1976
  def update!(**args)
1985
1977
  @assignees = args[:assignees] if args.key?(:assignees)
1978
+ @case_priority = args[:case_priority] if args.key?(:case_priority)
1979
+ @case_sla = args[:case_sla] if args.key?(:case_sla)
1980
+ @case_uri = args[:case_uri] if args.key?(:case_uri)
1986
1981
  @external_system_update_time = args[:external_system_update_time] if args.key?(:external_system_update_time)
1987
1982
  @external_uid = args[:external_uid] if args.key?(:external_uid)
1988
1983
  @name = args[:name] if args.key?(:name)
1989
1984
  @status = args[:status] if args.key?(:status)
1985
+ @ticket_info = args[:ticket_info] if args.key?(:ticket_info)
1990
1986
  end
1991
1987
  end
1992
1988
 
@@ -2724,89 +2720,27 @@ module Google
2724
2720
  end
2725
2721
  end
2726
2722
 
2727
- # Represents an access event.
2728
- class GoogleCloudSecuritycenterV2Access
2723
+ # Represents a particular IAM binding, which captures a member's role addition,
2724
+ # removal, or state.
2725
+ class IamBinding
2729
2726
  include Google::Apis::Core::Hashable
2730
2727
 
2731
- # Caller's IP address, such as "1.1.1.1".
2732
- # Corresponds to the JSON property `callerIp`
2733
- # @return [String]
2734
- attr_accessor :caller_ip
2735
-
2736
- # Represents a geographical location for a given access.
2737
- # Corresponds to the JSON property `callerIpGeo`
2738
- # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Geolocation]
2739
- attr_accessor :caller_ip_geo
2740
-
2741
- # The method that the service account called, e.g. "SetIamPolicy".
2742
- # Corresponds to the JSON property `methodName`
2743
- # @return [String]
2744
- attr_accessor :method_name
2745
-
2746
- # Associated email, such as "foo@google.com". The email address of the
2747
- # authenticated user or a service account acting on behalf of a third party
2748
- # principal making the request. For third party identity callers, the `
2749
- # principal_subject` field is populated instead of this field. For privacy
2750
- # reasons, the principal email address is sometimes redacted. For more
2751
- # information, see [Caller identities in audit logs](https://cloud.google.com/
2752
- # logging/docs/audit#user-id).
2753
- # Corresponds to the JSON property `principalEmail`
2754
- # @return [String]
2755
- attr_accessor :principal_email
2756
-
2757
- # A string that represents the principal_subject that is associated with the
2758
- # identity. Unlike `principal_email`, `principal_subject` supports principals
2759
- # that aren't associated with email addresses, such as third party principals.
2760
- # For most identities, the format is `principal://iam.googleapis.com/`identity
2761
- # pool name`/subject/`subject``. Some GKE identities, such as GKE_WORKLOAD,
2762
- # FREEFORM, and GKE_HUB_WORKLOAD, still use the legacy format `serviceAccount:`
2763
- # identity pool name`[`subject`]`.
2764
- # Corresponds to the JSON property `principalSubject`
2765
- # @return [String]
2766
- attr_accessor :principal_subject
2767
-
2768
- # The identity delegation history of an authenticated service account that made
2769
- # the request. The `serviceAccountDelegationInfo[]` object contains information
2770
- # about the real authorities that try to access Google Cloud resources by
2771
- # delegating on a service account. When multiple authorities are present, they
2772
- # are guaranteed to be sorted based on the original ordering of the identity
2773
- # delegation events.
2774
- # Corresponds to the JSON property `serviceAccountDelegationInfo`
2775
- # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2ServiceAccountDelegationInfo>]
2776
- attr_accessor :service_account_delegation_info
2777
-
2778
- # The name of the service account key that was used to create or exchange
2779
- # credentials when authenticating the service account that made the request.
2780
- # This is a scheme-less URI full resource name. For example: "//iam.googleapis.
2781
- # com/projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT`/keys/`key`".
2782
- # Corresponds to the JSON property `serviceAccountKeyName`
2783
- # @return [String]
2784
- attr_accessor :service_account_key_name
2785
-
2786
- # This is the API service that the service account made a call to, e.g. "iam.
2787
- # googleapis.com"
2788
- # Corresponds to the JSON property `serviceName`
2789
- # @return [String]
2790
- attr_accessor :service_name
2791
-
2792
- # The caller's user agent string associated with the finding.
2793
- # Corresponds to the JSON property `userAgent`
2728
+ # The action that was performed on a Binding.
2729
+ # Corresponds to the JSON property `action`
2794
2730
  # @return [String]
2795
- attr_accessor :user_agent
2731
+ attr_accessor :action
2796
2732
 
2797
- # Type of user agent associated with the finding. For example, an operating
2798
- # system shell or an embedded or standalone application.
2799
- # Corresponds to the JSON property `userAgentFamily`
2733
+ # A single identity requesting access for a Cloud Platform resource, for example,
2734
+ # "foo@google.com".
2735
+ # Corresponds to the JSON property `member`
2800
2736
  # @return [String]
2801
- attr_accessor :user_agent_family
2737
+ attr_accessor :member
2802
2738
 
2803
- # A string that represents a username. The username provided depends on the type
2804
- # of the finding and is likely not an IAM principal. For example, this can be a
2805
- # system username if the finding is related to a virtual machine, or it can be
2806
- # an application login username.
2807
- # Corresponds to the JSON property `userName`
2739
+ # Role that is assigned to "members". For example, "roles/viewer", "roles/editor"
2740
+ # , or "roles/owner".
2741
+ # Corresponds to the JSON property `role`
2808
2742
  # @return [String]
2809
- attr_accessor :user_name
2743
+ attr_accessor :role
2810
2744
 
2811
2745
  def initialize(**args)
2812
2746
  update!(**args)
@@ -2814,63 +2748,40 @@ module Google
2814
2748
 
2815
2749
  # Update properties of this object
2816
2750
  def update!(**args)
2817
- @caller_ip = args[:caller_ip] if args.key?(:caller_ip)
2818
- @caller_ip_geo = args[:caller_ip_geo] if args.key?(:caller_ip_geo)
2819
- @method_name = args[:method_name] if args.key?(:method_name)
2820
- @principal_email = args[:principal_email] if args.key?(:principal_email)
2821
- @principal_subject = args[:principal_subject] if args.key?(:principal_subject)
2822
- @service_account_delegation_info = args[:service_account_delegation_info] if args.key?(:service_account_delegation_info)
2823
- @service_account_key_name = args[:service_account_key_name] if args.key?(:service_account_key_name)
2824
- @service_name = args[:service_name] if args.key?(:service_name)
2825
- @user_agent = args[:user_agent] if args.key?(:user_agent)
2826
- @user_agent_family = args[:user_agent_family] if args.key?(:user_agent_family)
2827
- @user_name = args[:user_name] if args.key?(:user_name)
2751
+ @action = args[:action] if args.key?(:action)
2752
+ @member = args[:member] if args.key?(:member)
2753
+ @role = args[:role] if args.key?(:role)
2828
2754
  end
2829
2755
  end
2830
2756
 
2831
- # Conveys information about a Kubernetes access review (such as one returned by
2832
- # a [`kubectl auth can-i`](https://kubernetes.io/docs/reference/access-authn-
2833
- # authz/authorization/#checking-api-access) command) that was involved in a
2834
- # finding.
2835
- class GoogleCloudSecuritycenterV2AccessReview
2757
+ # Represents what's commonly known as an _indicator of compromise_ (IoC) in
2758
+ # computer forensics. This is an artifact observed on a network or in an
2759
+ # operating system that, with high confidence, indicates a computer intrusion.
2760
+ # For more information, see [Indicator of compromise](https://en.wikipedia.org/
2761
+ # wiki/Indicator_of_compromise).
2762
+ class Indicator
2836
2763
  include Google::Apis::Core::Hashable
2837
2764
 
2838
- # The API group of the resource. "*" means all.
2839
- # Corresponds to the JSON property `group`
2840
- # @return [String]
2841
- attr_accessor :group
2842
-
2843
- # The name of the resource being requested. Empty means all.
2844
- # Corresponds to the JSON property `name`
2845
- # @return [String]
2846
- attr_accessor :name
2847
-
2848
- # Namespace of the action being requested. Currently, there is no distinction
2849
- # between no namespace and all namespaces. Both are represented by "" (empty).
2850
- # Corresponds to the JSON property `ns`
2851
- # @return [String]
2852
- attr_accessor :ns
2853
-
2854
- # The optional resource type requested. "*" means all.
2855
- # Corresponds to the JSON property `resource`
2856
- # @return [String]
2857
- attr_accessor :resource
2765
+ # List of domains associated to the Finding.
2766
+ # Corresponds to the JSON property `domains`
2767
+ # @return [Array<String>]
2768
+ attr_accessor :domains
2858
2769
 
2859
- # The optional subresource type.
2860
- # Corresponds to the JSON property `subresource`
2861
- # @return [String]
2862
- attr_accessor :subresource
2770
+ # The list of IP addresses that are associated with the finding.
2771
+ # Corresponds to the JSON property `ipAddresses`
2772
+ # @return [Array<String>]
2773
+ attr_accessor :ip_addresses
2863
2774
 
2864
- # A Kubernetes resource API verb, like get, list, watch, create, update, delete,
2865
- # proxy. "*" means all.
2866
- # Corresponds to the JSON property `verb`
2867
- # @return [String]
2868
- attr_accessor :verb
2775
+ # The list of matched signatures indicating that the given process is present in
2776
+ # the environment.
2777
+ # Corresponds to the JSON property `signatures`
2778
+ # @return [Array<Google::Apis::SecuritycenterV1beta2::ProcessSignature>]
2779
+ attr_accessor :signatures
2869
2780
 
2870
- # The API version of the resource. "*" means all.
2871
- # Corresponds to the JSON property `version`
2872
- # @return [String]
2873
- attr_accessor :version
2781
+ # The list of URIs associated to the Findings.
2782
+ # Corresponds to the JSON property `uris`
2783
+ # @return [Array<String>]
2784
+ attr_accessor :uris
2874
2785
 
2875
2786
  def initialize(**args)
2876
2787
  update!(**args)
@@ -2878,2580 +2789,27 @@ module Google
2878
2789
 
2879
2790
  # Update properties of this object
2880
2791
  def update!(**args)
2881
- @group = args[:group] if args.key?(:group)
2882
- @name = args[:name] if args.key?(:name)
2883
- @ns = args[:ns] if args.key?(:ns)
2884
- @resource = args[:resource] if args.key?(:resource)
2885
- @subresource = args[:subresource] if args.key?(:subresource)
2886
- @verb = args[:verb] if args.key?(:verb)
2887
- @version = args[:version] if args.key?(:version)
2792
+ @domains = args[:domains] if args.key?(:domains)
2793
+ @ip_addresses = args[:ip_addresses] if args.key?(:ip_addresses)
2794
+ @signatures = args[:signatures] if args.key?(:signatures)
2795
+ @uris = args[:uris] if args.key?(:uris)
2888
2796
  end
2889
2797
  end
2890
2798
 
2891
- # Represents an application associated with a finding.
2892
- class GoogleCloudSecuritycenterV2Application
2799
+ # Kernel mode rootkit signatures.
2800
+ class KernelRootkit
2893
2801
  include Google::Apis::Core::Hashable
2894
2802
 
2895
- # The base URI that identifies the network location of the application in which
2896
- # the vulnerability was detected. Examples: http://11.22.33.44, http://foo.com,
2897
- # http://11.22.33.44:8080
2898
- # Corresponds to the JSON property `baseUri`
2899
- # @return [String]
2900
- attr_accessor :base_uri
2901
-
2902
- # The full URI with payload that could be used to reproduce the vulnerability.
2903
- # Example: http://11.22.33.44/reflected/parameter/attribute/singlequoted/js?p=
2904
- # aMmYgI6H
2905
- # Corresponds to the JSON property `fullUri`
2803
+ # Rootkit name, when available.
2804
+ # Corresponds to the JSON property `name`
2906
2805
  # @return [String]
2907
- attr_accessor :full_uri
2806
+ attr_accessor :name
2908
2807
 
2909
- def initialize(**args)
2910
- update!(**args)
2911
- end
2912
-
2913
- # Update properties of this object
2914
- def update!(**args)
2915
- @base_uri = args[:base_uri] if args.key?(:base_uri)
2916
- @full_uri = args[:full_uri] if args.key?(:full_uri)
2917
- end
2918
- end
2919
-
2920
- # An attack exposure contains the results of an attack path simulation run.
2921
- class GoogleCloudSecuritycenterV2AttackExposure
2922
- include Google::Apis::Core::Hashable
2923
-
2924
- # The resource name of the attack path simulation result that contains the
2925
- # details regarding this attack exposure score. Example: organizations/123/
2926
- # attackExposureResults/456
2927
- # Corresponds to the JSON property `attackExposureResult`
2928
- # @return [String]
2929
- attr_accessor :attack_exposure_result
2930
-
2931
- # The number of high value resources that are exposed as a result of this
2932
- # finding.
2933
- # Corresponds to the JSON property `exposedHighValueResourcesCount`
2934
- # @return [Fixnum]
2935
- attr_accessor :exposed_high_value_resources_count
2936
-
2937
- # The number of high value resources that are exposed as a result of this
2938
- # finding.
2939
- # Corresponds to the JSON property `exposedLowValueResourcesCount`
2940
- # @return [Fixnum]
2941
- attr_accessor :exposed_low_value_resources_count
2942
-
2943
- # The number of medium value resources that are exposed as a result of this
2944
- # finding.
2945
- # Corresponds to the JSON property `exposedMediumValueResourcesCount`
2946
- # @return [Fixnum]
2947
- attr_accessor :exposed_medium_value_resources_count
2948
-
2949
- # The most recent time the attack exposure was updated on this finding.
2950
- # Corresponds to the JSON property `latestCalculationTime`
2951
- # @return [String]
2952
- attr_accessor :latest_calculation_time
2953
-
2954
- # A number between 0 (inclusive) and infinity that represents how important this
2955
- # finding is to remediate. The higher the score, the more important it is to
2956
- # remediate.
2957
- # Corresponds to the JSON property `score`
2958
- # @return [Float]
2959
- attr_accessor :score
2960
-
2961
- # Output only. What state this AttackExposure is in. This captures whether or
2962
- # not an attack exposure has been calculated or not.
2963
- # Corresponds to the JSON property `state`
2964
- # @return [String]
2965
- attr_accessor :state
2966
-
2967
- def initialize(**args)
2968
- update!(**args)
2969
- end
2970
-
2971
- # Update properties of this object
2972
- def update!(**args)
2973
- @attack_exposure_result = args[:attack_exposure_result] if args.key?(:attack_exposure_result)
2974
- @exposed_high_value_resources_count = args[:exposed_high_value_resources_count] if args.key?(:exposed_high_value_resources_count)
2975
- @exposed_low_value_resources_count = args[:exposed_low_value_resources_count] if args.key?(:exposed_low_value_resources_count)
2976
- @exposed_medium_value_resources_count = args[:exposed_medium_value_resources_count] if args.key?(:exposed_medium_value_resources_count)
2977
- @latest_calculation_time = args[:latest_calculation_time] if args.key?(:latest_calculation_time)
2978
- @score = args[:score] if args.key?(:score)
2979
- @state = args[:state] if args.key?(:state)
2980
- end
2981
- end
2982
-
2983
- # Information related to Google Cloud Backup and DR Service findings.
2984
- class GoogleCloudSecuritycenterV2BackupDisasterRecovery
2985
- include Google::Apis::Core::Hashable
2986
-
2987
- # The name of the Backup and DR appliance that captures, moves, and manages the
2988
- # lifecycle of backup data. For example, “backup-server-57137”.
2989
- # Corresponds to the JSON property `appliance`
2990
- # @return [String]
2991
- attr_accessor :appliance
2992
-
2993
- # The names of Backup and DR applications. An application is a VM, database, or
2994
- # file system on a managed host monitored by a backup and recovery appliance.
2995
- # For example, “centos7-01-vol00”, “centos7-01-vol01”, “centos7-01-vol02”.
2996
- # Corresponds to the JSON property `applications`
2997
- # @return [Array<String>]
2998
- attr_accessor :applications
2999
-
3000
- # The timestamp at which the Backup and DR backup was created.
3001
- # Corresponds to the JSON property `backupCreateTime`
3002
- # @return [String]
3003
- attr_accessor :backup_create_time
3004
-
3005
- # The name of a Backup and DR template which comprises one or more backup
3006
- # policies. See the [Backup and DR documentation](https://cloud.google.com/
3007
- # backup-disaster-recovery/docs/concepts/backup-plan#temp) for more information.
3008
- # For example, “snap-ov”.
3009
- # Corresponds to the JSON property `backupTemplate`
3010
- # @return [String]
3011
- attr_accessor :backup_template
3012
-
3013
- # The backup type of the Backup and DR image. For example, “Snapshot”, “Remote
3014
- # Snapshot”, “OnVault”.
3015
- # Corresponds to the JSON property `backupType`
3016
- # @return [String]
3017
- attr_accessor :backup_type
3018
-
3019
- # The name of a Backup and DR host, which is managed by the backup and recovery
3020
- # appliance and known to the management console. The host can be of type Generic
3021
- # (for example, Compute Engine, SQL Server, Oracle DB, SMB file system, etc.),
3022
- # vCenter, or an ESX server. See the [Backup and DR documentation on hosts](
3023
- # https://cloud.google.com/backup-disaster-recovery/docs/configuration/manage-
3024
- # hosts-and-their-applications) for more information. For example, “centos7-01”.
3025
- # Corresponds to the JSON property `host`
3026
- # @return [String]
3027
- attr_accessor :host
3028
-
3029
- # The names of Backup and DR policies that are associated with a template and
3030
- # that define when to run a backup, how frequently to run a backup, and how long
3031
- # to retain the backup image. For example, “onvaults”.
3032
- # Corresponds to the JSON property `policies`
3033
- # @return [Array<String>]
3034
- attr_accessor :policies
3035
-
3036
- # The names of Backup and DR advanced policy options of a policy applying to an
3037
- # application. See the [Backup and DR documentation on policy options](https://
3038
- # cloud.google.com/backup-disaster-recovery/docs/create-plan/policy-settings).
3039
- # For example, “skipofflineappsincongrp, nounmap”.
3040
- # Corresponds to the JSON property `policyOptions`
3041
- # @return [Array<String>]
3042
- attr_accessor :policy_options
3043
-
3044
- # The name of the Backup and DR resource profile that specifies the storage
3045
- # media for backups of application and VM data. See the [Backup and DR
3046
- # documentation on profiles](https://cloud.google.com/backup-disaster-recovery/
3047
- # docs/concepts/backup-plan#profile). For example, “GCP”.
3048
- # Corresponds to the JSON property `profile`
3049
- # @return [String]
3050
- attr_accessor :profile
3051
-
3052
- # The name of the Backup and DR storage pool that the backup and recovery
3053
- # appliance is storing data in. The storage pool could be of type Cloud, Primary,
3054
- # Snapshot, or OnVault. See the [Backup and DR documentation on storage pools](
3055
- # https://cloud.google.com/backup-disaster-recovery/docs/concepts/storage-pools).
3056
- # For example, “DiskPoolOne”.
3057
- # Corresponds to the JSON property `storagePool`
3058
- # @return [String]
3059
- attr_accessor :storage_pool
3060
-
3061
- def initialize(**args)
3062
- update!(**args)
3063
- end
3064
-
3065
- # Update properties of this object
3066
- def update!(**args)
3067
- @appliance = args[:appliance] if args.key?(:appliance)
3068
- @applications = args[:applications] if args.key?(:applications)
3069
- @backup_create_time = args[:backup_create_time] if args.key?(:backup_create_time)
3070
- @backup_template = args[:backup_template] if args.key?(:backup_template)
3071
- @backup_type = args[:backup_type] if args.key?(:backup_type)
3072
- @host = args[:host] if args.key?(:host)
3073
- @policies = args[:policies] if args.key?(:policies)
3074
- @policy_options = args[:policy_options] if args.key?(:policy_options)
3075
- @profile = args[:profile] if args.key?(:profile)
3076
- @storage_pool = args[:storage_pool] if args.key?(:storage_pool)
3077
- end
3078
- end
3079
-
3080
- # Configures how to deliver Findings to BigQuery Instance.
3081
- class GoogleCloudSecuritycenterV2BigQueryExport
3082
- include Google::Apis::Core::Hashable
3083
-
3084
- # Output only. The time at which the BigQuery export was created. This field is
3085
- # set by the server and will be ignored if provided on export on creation.
3086
- # Corresponds to the JSON property `createTime`
3087
- # @return [String]
3088
- attr_accessor :create_time
3089
-
3090
- # The dataset to write findings' updates to. Its format is "projects/[project_id]
3091
- # /datasets/[bigquery_dataset_id]". BigQuery Dataset unique ID must contain only
3092
- # letters (a-z, A-Z), numbers (0-9), or underscores (_).
3093
- # Corresponds to the JSON property `dataset`
3094
- # @return [String]
3095
- attr_accessor :dataset
3096
-
3097
- # The description of the export (max of 1024 characters).
3098
- # Corresponds to the JSON property `description`
3099
- # @return [String]
3100
- attr_accessor :description
3101
-
3102
- # Expression that defines the filter to apply across create/update events of
3103
- # findings. The expression is a list of zero or more restrictions combined via
3104
- # logical operators `AND` and `OR`. Parentheses are supported, and `OR` has
3105
- # higher precedence than `AND`. Restrictions have the form ` ` and may have a `-`
3106
- # character in front of them to indicate negation. The fields map to those
3107
- # defined in the corresponding resource. The supported operators are: * `=` for
3108
- # all value types. * `>`, `<`, `>=`, `<=` for integer values. * `:`, meaning
3109
- # substring matching, for strings. The supported value types are: * string
3110
- # literals in quotes. * integer literals without quotes. * boolean literals `
3111
- # true` and `false` without quotes.
3112
- # Corresponds to the JSON property `filter`
3113
- # @return [String]
3114
- attr_accessor :filter
3115
-
3116
- # Output only. Email address of the user who last edited the BigQuery export.
3117
- # This field is set by the server and will be ignored if provided on export
3118
- # creation or update.
3119
- # Corresponds to the JSON property `mostRecentEditor`
3120
- # @return [String]
3121
- attr_accessor :most_recent_editor
3122
-
3123
- # The relative resource name of this export. See: https://cloud.google.com/apis/
3124
- # design/resource_names#relative_resource_name. The following list shows some
3125
- # examples: + `organizations/`organization_id`/locations/`location_id`/
3126
- # bigQueryExports/`export_id`` + `folders/`folder_id`/locations/`location_id`/
3127
- # bigQueryExports/`export_id`` + `projects/`project_id`/locations/`location_id`/
3128
- # bigQueryExports/`export_id`` This field is provided in responses, and is
3129
- # ignored when provided in create requests.
3130
- # Corresponds to the JSON property `name`
3131
- # @return [String]
3132
- attr_accessor :name
3133
-
3134
- # Output only. The service account that needs permission to create table and
3135
- # upload data to the BigQuery dataset.
3136
- # Corresponds to the JSON property `principal`
3137
- # @return [String]
3138
- attr_accessor :principal
3139
-
3140
- # Output only. The most recent time at which the BigQuery export was updated.
3141
- # This field is set by the server and will be ignored if provided on export
3142
- # creation or update.
3143
- # Corresponds to the JSON property `updateTime`
3144
- # @return [String]
3145
- attr_accessor :update_time
3146
-
3147
- def initialize(**args)
3148
- update!(**args)
3149
- end
3150
-
3151
- # Update properties of this object
3152
- def update!(**args)
3153
- @create_time = args[:create_time] if args.key?(:create_time)
3154
- @dataset = args[:dataset] if args.key?(:dataset)
3155
- @description = args[:description] if args.key?(:description)
3156
- @filter = args[:filter] if args.key?(:filter)
3157
- @most_recent_editor = args[:most_recent_editor] if args.key?(:most_recent_editor)
3158
- @name = args[:name] if args.key?(:name)
3159
- @principal = args[:principal] if args.key?(:principal)
3160
- @update_time = args[:update_time] if args.key?(:update_time)
3161
- end
3162
- end
3163
-
3164
- # Represents a Kubernetes RoleBinding or ClusterRoleBinding.
3165
- class GoogleCloudSecuritycenterV2Binding
3166
- include Google::Apis::Core::Hashable
3167
-
3168
- # Name for the binding.
3169
- # Corresponds to the JSON property `name`
3170
- # @return [String]
3171
- attr_accessor :name
3172
-
3173
- # Namespace for the binding.
3174
- # Corresponds to the JSON property `ns`
3175
- # @return [String]
3176
- attr_accessor :ns
3177
-
3178
- # Kubernetes Role or ClusterRole.
3179
- # Corresponds to the JSON property `role`
3180
- # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Role]
3181
- attr_accessor :role
3182
-
3183
- # Represents one or more subjects that are bound to the role. Not always
3184
- # available for PATCH requests.
3185
- # Corresponds to the JSON property `subjects`
3186
- # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Subject>]
3187
- attr_accessor :subjects
3188
-
3189
- def initialize(**args)
3190
- update!(**args)
3191
- end
3192
-
3193
- # Update properties of this object
3194
- def update!(**args)
3195
- @name = args[:name] if args.key?(:name)
3196
- @ns = args[:ns] if args.key?(:ns)
3197
- @role = args[:role] if args.key?(:role)
3198
- @subjects = args[:subjects] if args.key?(:subjects)
3199
- end
3200
- end
3201
-
3202
- # The response to a BulkMute request. Contains the LRO information.
3203
- class GoogleCloudSecuritycenterV2BulkMuteFindingsResponse
3204
- include Google::Apis::Core::Hashable
3205
-
3206
- def initialize(**args)
3207
- update!(**args)
3208
- end
3209
-
3210
- # Update properties of this object
3211
- def update!(**args)
3212
- end
3213
- end
3214
-
3215
- # The [data profile](https://cloud.google.com/dlp/docs/data-profiles) associated
3216
- # with the finding.
3217
- class GoogleCloudSecuritycenterV2CloudDlpDataProfile
3218
- include Google::Apis::Core::Hashable
3219
-
3220
- # Name of the data profile, for example, `projects/123/locations/europe/
3221
- # tableProfiles/8383929`.
3222
- # Corresponds to the JSON property `dataProfile`
3223
- # @return [String]
3224
- attr_accessor :data_profile
3225
-
3226
- # The resource hierarchy level at which the data profile was generated.
3227
- # Corresponds to the JSON property `parentType`
3228
- # @return [String]
3229
- attr_accessor :parent_type
3230
-
3231
- def initialize(**args)
3232
- update!(**args)
3233
- end
3234
-
3235
- # Update properties of this object
3236
- def update!(**args)
3237
- @data_profile = args[:data_profile] if args.key?(:data_profile)
3238
- @parent_type = args[:parent_type] if args.key?(:parent_type)
3239
- end
3240
- end
3241
-
3242
- # Details about the Cloud Data Loss Prevention (Cloud DLP) [inspection job](
3243
- # https://cloud.google.com/dlp/docs/concepts-job-triggers) that produced the
3244
- # finding.
3245
- class GoogleCloudSecuritycenterV2CloudDlpInspection
3246
- include Google::Apis::Core::Hashable
3247
-
3248
- # Whether Cloud DLP scanned the complete resource or a sampled subset.
3249
- # Corresponds to the JSON property `fullScan`
3250
- # @return [Boolean]
3251
- attr_accessor :full_scan
3252
- alias_method :full_scan?, :full_scan
3253
-
3254
- # The type of information (or *[infoType](https://cloud.google.com/dlp/docs/
3255
- # infotypes-reference)*) found, for example, `EMAIL_ADDRESS` or `STREET_ADDRESS`.
3256
- # Corresponds to the JSON property `infoType`
3257
- # @return [String]
3258
- attr_accessor :info_type
3259
-
3260
- # The number of times Cloud DLP found this infoType within this job and resource.
3261
- # Corresponds to the JSON property `infoTypeCount`
3262
- # @return [Fixnum]
3263
- attr_accessor :info_type_count
3264
-
3265
- # Name of the inspection job, for example, `projects/123/locations/europe/
3266
- # dlpJobs/i-8383929`.
3267
- # Corresponds to the JSON property `inspectJob`
3268
- # @return [String]
3269
- attr_accessor :inspect_job
3270
-
3271
- def initialize(**args)
3272
- update!(**args)
3273
- end
3274
-
3275
- # Update properties of this object
3276
- def update!(**args)
3277
- @full_scan = args[:full_scan] if args.key?(:full_scan)
3278
- @info_type = args[:info_type] if args.key?(:info_type)
3279
- @info_type_count = args[:info_type_count] if args.key?(:info_type_count)
3280
- @inspect_job = args[:inspect_job] if args.key?(:inspect_job)
3281
- end
3282
- end
3283
-
3284
- # Metadata taken from a [Cloud Logging LogEntry](https://cloud.google.com/
3285
- # logging/docs/reference/v2/rest/v2/LogEntry)
3286
- class GoogleCloudSecuritycenterV2CloudLoggingEntry
3287
- include Google::Apis::Core::Hashable
3288
-
3289
- # A unique identifier for the log entry.
3290
- # Corresponds to the JSON property `insertId`
3291
- # @return [String]
3292
- attr_accessor :insert_id
3293
-
3294
- # The type of the log (part of `log_name`. `log_name` is the resource name of
3295
- # the log to which this log entry belongs). For example: `cloudresourcemanager.
3296
- # googleapis.com/activity` Note that this field is not URL-encoded, unlike in `
3297
- # LogEntry`.
3298
- # Corresponds to the JSON property `logId`
3299
- # @return [String]
3300
- attr_accessor :log_id
3301
-
3302
- # The organization, folder, or project of the monitored resource that produced
3303
- # this log entry.
3304
- # Corresponds to the JSON property `resourceContainer`
3305
- # @return [String]
3306
- attr_accessor :resource_container
3307
-
3308
- # The time the event described by the log entry occurred.
3309
- # Corresponds to the JSON property `timestamp`
3310
- # @return [String]
3311
- attr_accessor :timestamp
3312
-
3313
- def initialize(**args)
3314
- update!(**args)
3315
- end
3316
-
3317
- # Update properties of this object
3318
- def update!(**args)
3319
- @insert_id = args[:insert_id] if args.key?(:insert_id)
3320
- @log_id = args[:log_id] if args.key?(:log_id)
3321
- @resource_container = args[:resource_container] if args.key?(:resource_container)
3322
- @timestamp = args[:timestamp] if args.key?(:timestamp)
3323
- end
3324
- end
3325
-
3326
- # Contains compliance information about a security standard indicating unmet
3327
- # recommendations.
3328
- class GoogleCloudSecuritycenterV2Compliance
3329
- include Google::Apis::Core::Hashable
3330
-
3331
- # Policies within the standard or benchmark, for example, A.12.4.1
3332
- # Corresponds to the JSON property `ids`
3333
- # @return [Array<String>]
3334
- attr_accessor :ids
3335
-
3336
- # Industry-wide compliance standards or benchmarks, such as CIS, PCI, and OWASP.
3337
- # Corresponds to the JSON property `standard`
3338
- # @return [String]
3339
- attr_accessor :standard
3340
-
3341
- # Version of the standard or benchmark, for example, 1.1
3342
- # Corresponds to the JSON property `version`
3343
- # @return [String]
3344
- attr_accessor :version
3345
-
3346
- def initialize(**args)
3347
- update!(**args)
3348
- end
3349
-
3350
- # Update properties of this object
3351
- def update!(**args)
3352
- @ids = args[:ids] if args.key?(:ids)
3353
- @standard = args[:standard] if args.key?(:standard)
3354
- @version = args[:version] if args.key?(:version)
3355
- end
3356
- end
3357
-
3358
- # Contains information about the IP connection associated with the finding.
3359
- class GoogleCloudSecuritycenterV2Connection
3360
- include Google::Apis::Core::Hashable
3361
-
3362
- # Destination IP address. Not present for sockets that are listening and not
3363
- # connected.
3364
- # Corresponds to the JSON property `destinationIp`
3365
- # @return [String]
3366
- attr_accessor :destination_ip
3367
-
3368
- # Destination port. Not present for sockets that are listening and not connected.
3369
- # Corresponds to the JSON property `destinationPort`
3370
- # @return [Fixnum]
3371
- attr_accessor :destination_port
3372
-
3373
- # IANA Internet Protocol Number such as TCP(6) and UDP(17).
3374
- # Corresponds to the JSON property `protocol`
3375
- # @return [String]
3376
- attr_accessor :protocol
3377
-
3378
- # Source IP address.
3379
- # Corresponds to the JSON property `sourceIp`
3380
- # @return [String]
3381
- attr_accessor :source_ip
3382
-
3383
- # Source port.
3384
- # Corresponds to the JSON property `sourcePort`
3385
- # @return [Fixnum]
3386
- attr_accessor :source_port
3387
-
3388
- def initialize(**args)
3389
- update!(**args)
3390
- end
3391
-
3392
- # Update properties of this object
3393
- def update!(**args)
3394
- @destination_ip = args[:destination_ip] if args.key?(:destination_ip)
3395
- @destination_port = args[:destination_port] if args.key?(:destination_port)
3396
- @protocol = args[:protocol] if args.key?(:protocol)
3397
- @source_ip = args[:source_ip] if args.key?(:source_ip)
3398
- @source_port = args[:source_port] if args.key?(:source_port)
3399
- end
3400
- end
3401
-
3402
- # The email address of a contact.
3403
- class GoogleCloudSecuritycenterV2Contact
3404
- include Google::Apis::Core::Hashable
3405
-
3406
- # An email address. For example, "`person123@company.com`".
3407
- # Corresponds to the JSON property `email`
3408
- # @return [String]
3409
- attr_accessor :email
3410
-
3411
- def initialize(**args)
3412
- update!(**args)
3413
- end
3414
-
3415
- # Update properties of this object
3416
- def update!(**args)
3417
- @email = args[:email] if args.key?(:email)
3418
- end
3419
- end
3420
-
3421
- # Details about specific contacts
3422
- class GoogleCloudSecuritycenterV2ContactDetails
3423
- include Google::Apis::Core::Hashable
3424
-
3425
- # A list of contacts
3426
- # Corresponds to the JSON property `contacts`
3427
- # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Contact>]
3428
- attr_accessor :contacts
3429
-
3430
- def initialize(**args)
3431
- update!(**args)
3432
- end
3433
-
3434
- # Update properties of this object
3435
- def update!(**args)
3436
- @contacts = args[:contacts] if args.key?(:contacts)
3437
- end
3438
- end
3439
-
3440
- # Container associated with the finding.
3441
- class GoogleCloudSecuritycenterV2Container
3442
- include Google::Apis::Core::Hashable
3443
-
3444
- # The time that the container was created.
3445
- # Corresponds to the JSON property `createTime`
3446
- # @return [String]
3447
- attr_accessor :create_time
3448
-
3449
- # Optional container image ID, if provided by the container runtime. Uniquely
3450
- # identifies the container image launched using a container image digest.
3451
- # Corresponds to the JSON property `imageId`
3452
- # @return [String]
3453
- attr_accessor :image_id
3454
-
3455
- # Container labels, as provided by the container runtime.
3456
- # Corresponds to the JSON property `labels`
3457
- # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Label>]
3458
- attr_accessor :labels
3459
-
3460
- # Name of the container.
3461
- # Corresponds to the JSON property `name`
3462
- # @return [String]
3463
- attr_accessor :name
3464
-
3465
- # Container image URI provided when configuring a pod or container. This string
3466
- # can identify a container image version using mutable tags.
3467
- # Corresponds to the JSON property `uri`
3468
- # @return [String]
3469
- attr_accessor :uri
3470
-
3471
- def initialize(**args)
3472
- update!(**args)
3473
- end
3474
-
3475
- # Update properties of this object
3476
- def update!(**args)
3477
- @create_time = args[:create_time] if args.key?(:create_time)
3478
- @image_id = args[:image_id] if args.key?(:image_id)
3479
- @labels = args[:labels] if args.key?(:labels)
3480
- @name = args[:name] if args.key?(:name)
3481
- @uri = args[:uri] if args.key?(:uri)
3482
- end
3483
- end
3484
-
3485
- # CVE stands for Common Vulnerabilities and Exposures. More information: https://
3486
- # cve.mitre.org
3487
- class GoogleCloudSecuritycenterV2Cve
3488
- include Google::Apis::Core::Hashable
3489
-
3490
- # Common Vulnerability Scoring System version 3.
3491
- # Corresponds to the JSON property `cvssv3`
3492
- # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Cvssv3]
3493
- attr_accessor :cvssv3
3494
-
3495
- # The unique identifier for the vulnerability. e.g. CVE-2021-34527
3496
- # Corresponds to the JSON property `id`
3497
- # @return [String]
3498
- attr_accessor :id
3499
-
3500
- # Additional information about the CVE. e.g. https://cve.mitre.org/cgi-bin/
3501
- # cvename.cgi?name=CVE-2021-34527
3502
- # Corresponds to the JSON property `references`
3503
- # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Reference>]
3504
- attr_accessor :references
3505
-
3506
- # Whether upstream fix is available for the CVE.
3507
- # Corresponds to the JSON property `upstreamFixAvailable`
3508
- # @return [Boolean]
3509
- attr_accessor :upstream_fix_available
3510
- alias_method :upstream_fix_available?, :upstream_fix_available
3511
-
3512
- def initialize(**args)
3513
- update!(**args)
3514
- end
3515
-
3516
- # Update properties of this object
3517
- def update!(**args)
3518
- @cvssv3 = args[:cvssv3] if args.key?(:cvssv3)
3519
- @id = args[:id] if args.key?(:id)
3520
- @references = args[:references] if args.key?(:references)
3521
- @upstream_fix_available = args[:upstream_fix_available] if args.key?(:upstream_fix_available)
3522
- end
3523
- end
3524
-
3525
- # Common Vulnerability Scoring System version 3.
3526
- class GoogleCloudSecuritycenterV2Cvssv3
3527
- include Google::Apis::Core::Hashable
3528
-
3529
- # This metric describes the conditions beyond the attacker's control that must
3530
- # exist in order to exploit the vulnerability.
3531
- # Corresponds to the JSON property `attackComplexity`
3532
- # @return [String]
3533
- attr_accessor :attack_complexity
3534
-
3535
- # Base Metrics Represents the intrinsic characteristics of a vulnerability that
3536
- # are constant over time and across user environments. This metric reflects the
3537
- # context by which vulnerability exploitation is possible.
3538
- # Corresponds to the JSON property `attackVector`
3539
- # @return [String]
3540
- attr_accessor :attack_vector
3541
-
3542
- # This metric measures the impact to the availability of the impacted component
3543
- # resulting from a successfully exploited vulnerability.
3544
- # Corresponds to the JSON property `availabilityImpact`
3545
- # @return [String]
3546
- attr_accessor :availability_impact
3547
-
3548
- # The base score is a function of the base metric scores.
3549
- # Corresponds to the JSON property `baseScore`
3550
- # @return [Float]
3551
- attr_accessor :base_score
3552
-
3553
- # This metric measures the impact to the confidentiality of the information
3554
- # resources managed by a software component due to a successfully exploited
3555
- # vulnerability.
3556
- # Corresponds to the JSON property `confidentialityImpact`
3557
- # @return [String]
3558
- attr_accessor :confidentiality_impact
3559
-
3560
- # This metric measures the impact to integrity of a successfully exploited
3561
- # vulnerability.
3562
- # Corresponds to the JSON property `integrityImpact`
3563
- # @return [String]
3564
- attr_accessor :integrity_impact
3565
-
3566
- # This metric describes the level of privileges an attacker must possess before
3567
- # successfully exploiting the vulnerability.
3568
- # Corresponds to the JSON property `privilegesRequired`
3569
- # @return [String]
3570
- attr_accessor :privileges_required
3571
-
3572
- # The Scope metric captures whether a vulnerability in one vulnerable component
3573
- # impacts resources in components beyond its security scope.
3574
- # Corresponds to the JSON property `scope`
3575
- # @return [String]
3576
- attr_accessor :scope
3577
-
3578
- # This metric captures the requirement for a human user, other than the attacker,
3579
- # to participate in the successful compromise of the vulnerable component.
3580
- # Corresponds to the JSON property `userInteraction`
3581
- # @return [String]
3582
- attr_accessor :user_interaction
3583
-
3584
- def initialize(**args)
3585
- update!(**args)
3586
- end
3587
-
3588
- # Update properties of this object
3589
- def update!(**args)
3590
- @attack_complexity = args[:attack_complexity] if args.key?(:attack_complexity)
3591
- @attack_vector = args[:attack_vector] if args.key?(:attack_vector)
3592
- @availability_impact = args[:availability_impact] if args.key?(:availability_impact)
3593
- @base_score = args[:base_score] if args.key?(:base_score)
3594
- @confidentiality_impact = args[:confidentiality_impact] if args.key?(:confidentiality_impact)
3595
- @integrity_impact = args[:integrity_impact] if args.key?(:integrity_impact)
3596
- @privileges_required = args[:privileges_required] if args.key?(:privileges_required)
3597
- @scope = args[:scope] if args.key?(:scope)
3598
- @user_interaction = args[:user_interaction] if args.key?(:user_interaction)
3599
- end
3600
- end
3601
-
3602
- # Represents database access information, such as queries. A database may be a
3603
- # sub-resource of an instance (as in the case of Cloud SQL instances or Cloud
3604
- # Spanner instances), or the database instance itself. Some database resources
3605
- # might not have the [full resource name](https://google.aip.dev/122#full-
3606
- # resource-names) populated because these resource types, such as Cloud SQL
3607
- # databases, are not yet supported by Cloud Asset Inventory. In these cases only
3608
- # the display name is provided.
3609
- class GoogleCloudSecuritycenterV2Database
3610
- include Google::Apis::Core::Hashable
3611
-
3612
- # The human-readable name of the database that the user connected to.
3613
- # Corresponds to the JSON property `displayName`
3614
- # @return [String]
3615
- attr_accessor :display_name
3616
-
3617
- # The target usernames, roles, or groups of an SQL privilege grant, which is not
3618
- # an IAM policy change.
3619
- # Corresponds to the JSON property `grantees`
3620
- # @return [Array<String>]
3621
- attr_accessor :grantees
3622
-
3623
- # Some database resources may not have the [full resource name](https://google.
3624
- # aip.dev/122#full-resource-names) populated because these resource types are
3625
- # not yet supported by Cloud Asset Inventory (e.g. Cloud SQL databases). In
3626
- # these cases only the display name will be provided. The [full resource name](
3627
- # https://google.aip.dev/122#full-resource-names) of the database that the user
3628
- # connected to, if it is supported by Cloud Asset Inventory.
3629
- # Corresponds to the JSON property `name`
3630
- # @return [String]
3631
- attr_accessor :name
3632
-
3633
- # The SQL statement that is associated with the database access.
3634
- # Corresponds to the JSON property `query`
3635
- # @return [String]
3636
- attr_accessor :query
3637
-
3638
- # The username used to connect to the database. The username might not be an IAM
3639
- # principal and does not have a set format.
3640
- # Corresponds to the JSON property `userName`
3641
- # @return [String]
3642
- attr_accessor :user_name
3643
-
3644
- # The version of the database, for example, POSTGRES_14. See [the complete list](
3645
- # https://cloud.google.com/sql/docs/mysql/admin-api/rest/v1/SqlDatabaseVersion).
3646
- # Corresponds to the JSON property `version`
3647
- # @return [String]
3648
- attr_accessor :version
3649
-
3650
- def initialize(**args)
3651
- update!(**args)
3652
- end
3653
-
3654
- # Update properties of this object
3655
- def update!(**args)
3656
- @display_name = args[:display_name] if args.key?(:display_name)
3657
- @grantees = args[:grantees] if args.key?(:grantees)
3658
- @name = args[:name] if args.key?(:name)
3659
- @query = args[:query] if args.key?(:query)
3660
- @user_name = args[:user_name] if args.key?(:user_name)
3661
- @version = args[:version] if args.key?(:version)
3662
- end
3663
- end
3664
-
3665
- # Memory hash detection contributing to the binary family match.
3666
- class GoogleCloudSecuritycenterV2Detection
3667
- include Google::Apis::Core::Hashable
3668
-
3669
- # The name of the binary associated with the memory hash signature detection.
3670
- # Corresponds to the JSON property `binary`
3671
- # @return [String]
3672
- attr_accessor :binary
3673
-
3674
- # The percentage of memory page hashes in the signature that were matched.
3675
- # Corresponds to the JSON property `percentPagesMatched`
3676
- # @return [Float]
3677
- attr_accessor :percent_pages_matched
3678
-
3679
- def initialize(**args)
3680
- update!(**args)
3681
- end
3682
-
3683
- # Update properties of this object
3684
- def update!(**args)
3685
- @binary = args[:binary] if args.key?(:binary)
3686
- @percent_pages_matched = args[:percent_pages_matched] if args.key?(:percent_pages_matched)
3687
- end
3688
- end
3689
-
3690
- # A name-value pair representing an environment variable used in an operating
3691
- # system process.
3692
- class GoogleCloudSecuritycenterV2EnvironmentVariable
3693
- include Google::Apis::Core::Hashable
3694
-
3695
- # Environment variable name as a JSON encoded string.
3696
- # Corresponds to the JSON property `name`
3697
- # @return [String]
3698
- attr_accessor :name
3699
-
3700
- # Environment variable value as a JSON encoded string.
3701
- # Corresponds to the JSON property `val`
3702
- # @return [String]
3703
- attr_accessor :val
3704
-
3705
- def initialize(**args)
3706
- update!(**args)
3707
- end
3708
-
3709
- # Update properties of this object
3710
- def update!(**args)
3711
- @name = args[:name] if args.key?(:name)
3712
- @val = args[:val] if args.key?(:val)
3713
- end
3714
- end
3715
-
3716
- # Resource where data was exfiltrated from or exfiltrated to.
3717
- class GoogleCloudSecuritycenterV2ExfilResource
3718
- include Google::Apis::Core::Hashable
3719
-
3720
- # Subcomponents of the asset that was exfiltrated, like URIs used during
3721
- # exfiltration, table names, databases, and filenames. For example, multiple
3722
- # tables might have been exfiltrated from the same Cloud SQL instance, or
3723
- # multiple files might have been exfiltrated from the same Cloud Storage bucket.
3724
- # Corresponds to the JSON property `components`
3725
- # @return [Array<String>]
3726
- attr_accessor :components
3727
-
3728
- # The resource's [full resource name](https://cloud.google.com/apis/design/
3729
- # resource_names#full_resource_name).
3730
- # Corresponds to the JSON property `name`
3731
- # @return [String]
3732
- attr_accessor :name
3733
-
3734
- def initialize(**args)
3735
- update!(**args)
3736
- end
3737
-
3738
- # Update properties of this object
3739
- def update!(**args)
3740
- @components = args[:components] if args.key?(:components)
3741
- @name = args[:name] if args.key?(:name)
3742
- end
3743
- end
3744
-
3745
- # Exfiltration represents a data exfiltration attempt from one or more sources
3746
- # to one or more targets. The `sources` attribute lists the sources of the
3747
- # exfiltrated data. The `targets` attribute lists the destinations the data was
3748
- # copied to.
3749
- class GoogleCloudSecuritycenterV2Exfiltration
3750
- include Google::Apis::Core::Hashable
3751
-
3752
- # If there are multiple sources, then the data is considered "joined" between
3753
- # them. For instance, BigQuery can join multiple tables, and each table would be
3754
- # considered a source.
3755
- # Corresponds to the JSON property `sources`
3756
- # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2ExfilResource>]
3757
- attr_accessor :sources
3758
-
3759
- # If there are multiple targets, each target would get a complete copy of the "
3760
- # joined" source data.
3761
- # Corresponds to the JSON property `targets`
3762
- # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2ExfilResource>]
3763
- attr_accessor :targets
3764
-
3765
- # Total exfiltrated bytes processed for the entire job.
3766
- # Corresponds to the JSON property `totalExfiltratedBytes`
3767
- # @return [Fixnum]
3768
- attr_accessor :total_exfiltrated_bytes
3769
-
3770
- def initialize(**args)
3771
- update!(**args)
3772
- end
3773
-
3774
- # Update properties of this object
3775
- def update!(**args)
3776
- @sources = args[:sources] if args.key?(:sources)
3777
- @targets = args[:targets] if args.key?(:targets)
3778
- @total_exfiltrated_bytes = args[:total_exfiltrated_bytes] if args.key?(:total_exfiltrated_bytes)
3779
- end
3780
- end
3781
-
3782
- # Representation of third party SIEM/SOAR fields within SCC.
3783
- class GoogleCloudSecuritycenterV2ExternalSystem
3784
- include Google::Apis::Core::Hashable
3785
-
3786
- # References primary/secondary etc assignees in the external system.
3787
- # Corresponds to the JSON property `assignees`
3788
- # @return [Array<String>]
3789
- attr_accessor :assignees
3790
-
3791
- # The time when the case was last updated, as reported by the external system.
3792
- # Corresponds to the JSON property `externalSystemUpdateTime`
3793
- # @return [String]
3794
- attr_accessor :external_system_update_time
3795
-
3796
- # The identifier that's used to track the finding's corresponding case in the
3797
- # external system.
3798
- # Corresponds to the JSON property `externalUid`
3799
- # @return [String]
3800
- attr_accessor :external_uid
3801
-
3802
- # Full resource name of the external system. The following list shows some
3803
- # examples: + `organizations/1234/sources/5678/findings/123456/externalSystems/
3804
- # jira` + `organizations/1234/sources/5678/locations/us/findings/123456/
3805
- # externalSystems/jira` + `folders/1234/sources/5678/findings/123456/
3806
- # externalSystems/jira` + `folders/1234/sources/5678/locations/us/findings/
3807
- # 123456/externalSystems/jira` + `projects/1234/sources/5678/findings/123456/
3808
- # externalSystems/jira` + `projects/1234/sources/5678/locations/us/findings/
3809
- # 123456/externalSystems/jira`
3810
- # Corresponds to the JSON property `name`
3811
- # @return [String]
3812
- attr_accessor :name
3813
-
3814
- # The most recent status of the finding's corresponding case, as reported by the
3815
- # external system.
3816
- # Corresponds to the JSON property `status`
3817
- # @return [String]
3818
- attr_accessor :status
3819
-
3820
- def initialize(**args)
3821
- update!(**args)
3822
- end
3823
-
3824
- # Update properties of this object
3825
- def update!(**args)
3826
- @assignees = args[:assignees] if args.key?(:assignees)
3827
- @external_system_update_time = args[:external_system_update_time] if args.key?(:external_system_update_time)
3828
- @external_uid = args[:external_uid] if args.key?(:external_uid)
3829
- @name = args[:name] if args.key?(:name)
3830
- @status = args[:status] if args.key?(:status)
3831
- end
3832
- end
3833
-
3834
- # File information about the related binary/library used by an executable, or
3835
- # the script used by a script interpreter
3836
- class GoogleCloudSecuritycenterV2File
3837
- include Google::Apis::Core::Hashable
3838
-
3839
- # Prefix of the file contents as a JSON-encoded string.
3840
- # Corresponds to the JSON property `contents`
3841
- # @return [String]
3842
- attr_accessor :contents
3843
-
3844
- # The length in bytes of the file prefix that was hashed. If hashed_size == size,
3845
- # any hashes reported represent the entire file.
3846
- # Corresponds to the JSON property `hashedSize`
3847
- # @return [Fixnum]
3848
- attr_accessor :hashed_size
3849
-
3850
- # True when the hash covers only a prefix of the file.
3851
- # Corresponds to the JSON property `partiallyHashed`
3852
- # @return [Boolean]
3853
- attr_accessor :partially_hashed
3854
- alias_method :partially_hashed?, :partially_hashed
3855
-
3856
- # Absolute path of the file as a JSON encoded string.
3857
- # Corresponds to the JSON property `path`
3858
- # @return [String]
3859
- attr_accessor :path
3860
-
3861
- # SHA256 hash of the first hashed_size bytes of the file encoded as a hex string.
3862
- # If hashed_size == size, sha256 represents the SHA256 hash of the entire file.
3863
- # Corresponds to the JSON property `sha256`
3864
- # @return [String]
3865
- attr_accessor :sha256
3866
-
3867
- # Size of the file in bytes.
3868
- # Corresponds to the JSON property `size`
3869
- # @return [Fixnum]
3870
- attr_accessor :size
3871
-
3872
- def initialize(**args)
3873
- update!(**args)
3874
- end
3875
-
3876
- # Update properties of this object
3877
- def update!(**args)
3878
- @contents = args[:contents] if args.key?(:contents)
3879
- @hashed_size = args[:hashed_size] if args.key?(:hashed_size)
3880
- @partially_hashed = args[:partially_hashed] if args.key?(:partially_hashed)
3881
- @path = args[:path] if args.key?(:path)
3882
- @sha256 = args[:sha256] if args.key?(:sha256)
3883
- @size = args[:size] if args.key?(:size)
3884
- end
3885
- end
3886
-
3887
- # Security Command Center finding. A finding is a record of assessment data like
3888
- # security, risk, health, or privacy, that is ingested into Security Command
3889
- # Center for presentation, notification, analysis, policy testing, and
3890
- # enforcement. For example, a cross-site scripting (XSS) vulnerability in an App
3891
- # Engine application is a finding.
3892
- class GoogleCloudSecuritycenterV2Finding
3893
- include Google::Apis::Core::Hashable
3894
-
3895
- # Represents an access event.
3896
- # Corresponds to the JSON property `access`
3897
- # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Access]
3898
- attr_accessor :access
3899
-
3900
- # Represents an application associated with a finding.
3901
- # Corresponds to the JSON property `application`
3902
- # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Application]
3903
- attr_accessor :application
3904
-
3905
- # An attack exposure contains the results of an attack path simulation run.
3906
- # Corresponds to the JSON property `attackExposure`
3907
- # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2AttackExposure]
3908
- attr_accessor :attack_exposure
3909
-
3910
- # Information related to Google Cloud Backup and DR Service findings.
3911
- # Corresponds to the JSON property `backupDisasterRecovery`
3912
- # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2BackupDisasterRecovery]
3913
- attr_accessor :backup_disaster_recovery
3914
-
3915
- # Output only. The canonical name of the finding. The following list shows some
3916
- # examples: + `organizations/`organization_id`/sources/`source_id`/findings/`
3917
- # finding_id`` + `organizations/`organization_id`/sources/`source_id`/locations/`
3918
- # location_id`/findings/`finding_id`` + `folders/`folder_id`/sources/`source_id`/
3919
- # findings/`finding_id`` + `folders/`folder_id`/sources/`source_id`/locations/`
3920
- # location_id`/findings/`finding_id`` + `projects/`project_id`/sources/`
3921
- # source_id`/findings/`finding_id`` + `projects/`project_id`/sources/`source_id`/
3922
- # locations/`location_id`/findings/`finding_id`` The prefix is the closest CRM
3923
- # ancestor of the resource associated with the finding.
3924
- # Corresponds to the JSON property `canonicalName`
3925
- # @return [String]
3926
- attr_accessor :canonical_name
3927
-
3928
- # Immutable. The additional taxonomy group within findings from a given source.
3929
- # Example: "XSS_FLASH_INJECTION"
3930
- # Corresponds to the JSON property `category`
3931
- # @return [String]
3932
- attr_accessor :category
3933
-
3934
- # The [data profile](https://cloud.google.com/dlp/docs/data-profiles) associated
3935
- # with the finding.
3936
- # Corresponds to the JSON property `cloudDlpDataProfile`
3937
- # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2CloudDlpDataProfile]
3938
- attr_accessor :cloud_dlp_data_profile
3939
-
3940
- # Details about the Cloud Data Loss Prevention (Cloud DLP) [inspection job](
3941
- # https://cloud.google.com/dlp/docs/concepts-job-triggers) that produced the
3942
- # finding.
3943
- # Corresponds to the JSON property `cloudDlpInspection`
3944
- # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2CloudDlpInspection]
3945
- attr_accessor :cloud_dlp_inspection
3946
-
3947
- # Contains compliance information for security standards associated to the
3948
- # finding.
3949
- # Corresponds to the JSON property `compliances`
3950
- # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Compliance>]
3951
- attr_accessor :compliances
3952
-
3953
- # Contains information about the IP connection associated with the finding.
3954
- # Corresponds to the JSON property `connections`
3955
- # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Connection>]
3956
- attr_accessor :connections
3957
-
3958
- # Output only. Map containing the points of contact for the given finding. The
3959
- # key represents the type of contact, while the value contains a list of all the
3960
- # contacts that pertain. Please refer to: https://cloud.google.com/resource-
3961
- # manager/docs/managing-notification-contacts#notification-categories ` "
3962
- # security": ` "contacts": [ ` "email": "person1@company.com" `, ` "email": "
3963
- # person2@company.com" ` ] ` `
3964
- # Corresponds to the JSON property `contacts`
3965
- # @return [Hash<String,Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2ContactDetails>]
3966
- attr_accessor :contacts
3967
-
3968
- # Containers associated with the finding. This field provides information for
3969
- # both Kubernetes and non-Kubernetes containers.
3970
- # Corresponds to the JSON property `containers`
3971
- # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Container>]
3972
- attr_accessor :containers
3973
-
3974
- # Output only. The time at which the finding was created in Security Command
3975
- # Center.
3976
- # Corresponds to the JSON property `createTime`
3977
- # @return [String]
3978
- attr_accessor :create_time
3979
-
3980
- # Represents database access information, such as queries. A database may be a
3981
- # sub-resource of an instance (as in the case of Cloud SQL instances or Cloud
3982
- # Spanner instances), or the database instance itself. Some database resources
3983
- # might not have the [full resource name](https://google.aip.dev/122#full-
3984
- # resource-names) populated because these resource types, such as Cloud SQL
3985
- # databases, are not yet supported by Cloud Asset Inventory. In these cases only
3986
- # the display name is provided.
3987
- # Corresponds to the JSON property `database`
3988
- # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Database]
3989
- attr_accessor :database
3990
-
3991
- # Contains more details about the finding.
3992
- # Corresponds to the JSON property `description`
3993
- # @return [String]
3994
- attr_accessor :description
3995
-
3996
- # The time the finding was first detected. If an existing finding is updated,
3997
- # then this is the time the update occurred. For example, if the finding
3998
- # represents an open firewall, this property captures the time the detector
3999
- # believes the firewall became open. The accuracy is determined by the detector.
4000
- # If the finding is later resolved, then this time reflects when the finding was
4001
- # resolved. This must not be set to a value greater than the current timestamp.
4002
- # Corresponds to the JSON property `eventTime`
4003
- # @return [String]
4004
- attr_accessor :event_time
4005
-
4006
- # Exfiltration represents a data exfiltration attempt from one or more sources
4007
- # to one or more targets. The `sources` attribute lists the sources of the
4008
- # exfiltrated data. The `targets` attribute lists the destinations the data was
4009
- # copied to.
4010
- # Corresponds to the JSON property `exfiltration`
4011
- # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Exfiltration]
4012
- attr_accessor :exfiltration
4013
-
4014
- # Output only. Third party SIEM/SOAR fields within SCC, contains external system
4015
- # information and external system finding fields.
4016
- # Corresponds to the JSON property `externalSystems`
4017
- # @return [Hash<String,Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2ExternalSystem>]
4018
- attr_accessor :external_systems
4019
-
4020
- # The URI that, if available, points to a web page outside of Security Command
4021
- # Center where additional information about the finding can be found. This field
4022
- # is guaranteed to be either empty or a well formed URL.
4023
- # Corresponds to the JSON property `externalUri`
4024
- # @return [String]
4025
- attr_accessor :external_uri
4026
-
4027
- # File associated with the finding.
4028
- # Corresponds to the JSON property `files`
4029
- # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2File>]
4030
- attr_accessor :files
4031
-
4032
- # The class of the finding.
4033
- # Corresponds to the JSON property `findingClass`
4034
- # @return [String]
4035
- attr_accessor :finding_class
4036
-
4037
- # Represents IAM bindings associated with the finding.
4038
- # Corresponds to the JSON property `iamBindings`
4039
- # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2IamBinding>]
4040
- attr_accessor :iam_bindings
4041
-
4042
- # Represents what's commonly known as an _indicator of compromise_ (IoC) in
4043
- # computer forensics. This is an artifact observed on a network or in an
4044
- # operating system that, with high confidence, indicates a computer intrusion.
4045
- # For more information, see [Indicator of compromise](https://en.wikipedia.org/
4046
- # wiki/Indicator_of_compromise).
4047
- # Corresponds to the JSON property `indicator`
4048
- # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Indicator]
4049
- attr_accessor :indicator
4050
-
4051
- # Kernel mode rootkit signatures.
4052
- # Corresponds to the JSON property `kernelRootkit`
4053
- # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2KernelRootkit]
4054
- attr_accessor :kernel_rootkit
4055
-
4056
- # Kubernetes-related attributes.
4057
- # Corresponds to the JSON property `kubernetes`
4058
- # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Kubernetes]
4059
- attr_accessor :kubernetes
4060
-
4061
- # The load balancers associated with the finding.
4062
- # Corresponds to the JSON property `loadBalancers`
4063
- # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2LoadBalancer>]
4064
- attr_accessor :load_balancers
4065
-
4066
- # Log entries that are relevant to the finding.
4067
- # Corresponds to the JSON property `logEntries`
4068
- # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2LogEntry>]
4069
- attr_accessor :log_entries
4070
-
4071
- # MITRE ATT&CK tactics and techniques related to this finding. See: https://
4072
- # attack.mitre.org
4073
- # Corresponds to the JSON property `mitreAttack`
4074
- # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2MitreAttack]
4075
- attr_accessor :mitre_attack
4076
-
4077
- # Unique identifier of the module which generated the finding. Example: folders/
4078
- # 598186756061/securityHealthAnalyticsSettings/customModules/56799441161885
4079
- # Corresponds to the JSON property `moduleName`
4080
- # @return [String]
4081
- attr_accessor :module_name
4082
-
4083
- # Indicates the mute state of a finding (either muted, unmuted or undefined).
4084
- # Unlike other attributes of a finding, a finding provider shouldn't set the
4085
- # value of mute.
4086
- # Corresponds to the JSON property `mute`
4087
- # @return [String]
4088
- attr_accessor :mute
4089
-
4090
- # Records additional information about the mute operation, for example, the [
4091
- # mute configuration](https://cloud.google.com/security-command-center/docs/how-
4092
- # to-mute-findings) that muted the finding and the user who muted the finding.
4093
- # Corresponds to the JSON property `muteInitiator`
4094
- # @return [String]
4095
- attr_accessor :mute_initiator
4096
-
4097
- # Output only. The most recent time this finding was muted or unmuted.
4098
- # Corresponds to the JSON property `muteUpdateTime`
4099
- # @return [String]
4100
- attr_accessor :mute_update_time
4101
-
4102
- # The [relative resource name](https://cloud.google.com/apis/design/
4103
- # resource_names#relative_resource_name) of the finding. The following list
4104
- # shows some examples: + `organizations/`organization_id`/sources/`source_id`/
4105
- # findings/`finding_id`` + `organizations/`organization_id`/sources/`source_id`/
4106
- # locations/`location_id`/findings/`finding_id`` + `folders/`folder_id`/sources/`
4107
- # source_id`/findings/`finding_id`` + `folders/`folder_id`/sources/`source_id`/
4108
- # locations/`location_id`/findings/`finding_id`` + `projects/`project_id`/
4109
- # sources/`source_id`/findings/`finding_id`` + `projects/`project_id`/sources/`
4110
- # source_id`/locations/`location_id`/findings/`finding_id``
4111
- # Corresponds to the JSON property `name`
4112
- # @return [String]
4113
- attr_accessor :name
4114
-
4115
- # Steps to address the finding.
4116
- # Corresponds to the JSON property `nextSteps`
4117
- # @return [String]
4118
- attr_accessor :next_steps
4119
-
4120
- # Contains information about the org policies associated with the finding.
4121
- # Corresponds to the JSON property `orgPolicies`
4122
- # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2OrgPolicy>]
4123
- attr_accessor :org_policies
4124
-
4125
- # The relative resource name of the source and location the finding belongs to.
4126
- # See: https://cloud.google.com/apis/design/resource_names#
4127
- # relative_resource_name This field is immutable after creation time. The
4128
- # following list shows some examples: + `organizations/`organization_id`/sources/
4129
- # `source_id`` + `folders/`folders_id`/sources/`source_id`` + `projects/`
4130
- # projects_id`/sources/`source_id`` + `organizations/`organization_id`/sources/`
4131
- # source_id`/locations/`location_id`` + `folders/`folders_id`/sources/`source_id`
4132
- # /locations/`location_id`` + `projects/`projects_id`/sources/`source_id`/
4133
- # locations/`location_id``
4134
- # Corresponds to the JSON property `parent`
4135
- # @return [String]
4136
- attr_accessor :parent
4137
-
4138
- # Output only. The human readable display name of the finding source such as "
4139
- # Event Threat Detection" or "Security Health Analytics".
4140
- # Corresponds to the JSON property `parentDisplayName`
4141
- # @return [String]
4142
- attr_accessor :parent_display_name
4143
-
4144
- # Represents operating system processes associated with the Finding.
4145
- # Corresponds to the JSON property `processes`
4146
- # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Process>]
4147
- attr_accessor :processes
4148
-
4149
- # Immutable. For findings on Google Cloud resources, the full resource name of
4150
- # the Google Cloud resource this finding is for. See: https://cloud.google.com/
4151
- # apis/design/resource_names#full_resource_name When the finding is for a non-
4152
- # Google Cloud resource, the resourceName can be a customer or partner defined
4153
- # string.
4154
- # Corresponds to the JSON property `resourceName`
4155
- # @return [String]
4156
- attr_accessor :resource_name
4157
-
4158
- # User specified security marks that are attached to the parent Security Command
4159
- # Center resource. Security marks are scoped within a Security Command Center
4160
- # organization -- they can be modified and viewed by all users who have proper
4161
- # permissions on the organization.
4162
- # Corresponds to the JSON property `securityMarks`
4163
- # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2SecurityMarks]
4164
- attr_accessor :security_marks
4165
-
4166
- # Represents a posture that is deployed on Google Cloud by the Security Command
4167
- # Center Posture Management service. A posture contains one or more policy sets.
4168
- # A policy set is a group of policies that enforce a set of security rules on
4169
- # Google Cloud.
4170
- # Corresponds to the JSON property `securityPosture`
4171
- # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2SecurityPosture]
4172
- attr_accessor :security_posture
4173
-
4174
- # The severity of the finding. This field is managed by the source that writes
4175
- # the finding.
4176
- # Corresponds to the JSON property `severity`
4177
- # @return [String]
4178
- attr_accessor :severity
4179
-
4180
- # Source specific properties. These properties are managed by the source that
4181
- # writes the finding. The key names in the source_properties map must be between
4182
- # 1 and 255 characters, and must start with a letter and contain alphanumeric
4183
- # characters or underscores only.
4184
- # Corresponds to the JSON property `sourceProperties`
4185
- # @return [Hash<String,Object>]
4186
- attr_accessor :source_properties
4187
-
4188
- # Output only. The state of the finding.
4189
- # Corresponds to the JSON property `state`
4190
- # @return [String]
4191
- attr_accessor :state
4192
-
4193
- # Refers to common vulnerability fields e.g. cve, cvss, cwe etc.
4194
- # Corresponds to the JSON property `vulnerability`
4195
- # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Vulnerability]
4196
- attr_accessor :vulnerability
4197
-
4198
- def initialize(**args)
4199
- update!(**args)
4200
- end
4201
-
4202
- # Update properties of this object
4203
- def update!(**args)
4204
- @access = args[:access] if args.key?(:access)
4205
- @application = args[:application] if args.key?(:application)
4206
- @attack_exposure = args[:attack_exposure] if args.key?(:attack_exposure)
4207
- @backup_disaster_recovery = args[:backup_disaster_recovery] if args.key?(:backup_disaster_recovery)
4208
- @canonical_name = args[:canonical_name] if args.key?(:canonical_name)
4209
- @category = args[:category] if args.key?(:category)
4210
- @cloud_dlp_data_profile = args[:cloud_dlp_data_profile] if args.key?(:cloud_dlp_data_profile)
4211
- @cloud_dlp_inspection = args[:cloud_dlp_inspection] if args.key?(:cloud_dlp_inspection)
4212
- @compliances = args[:compliances] if args.key?(:compliances)
4213
- @connections = args[:connections] if args.key?(:connections)
4214
- @contacts = args[:contacts] if args.key?(:contacts)
4215
- @containers = args[:containers] if args.key?(:containers)
4216
- @create_time = args[:create_time] if args.key?(:create_time)
4217
- @database = args[:database] if args.key?(:database)
4218
- @description = args[:description] if args.key?(:description)
4219
- @event_time = args[:event_time] if args.key?(:event_time)
4220
- @exfiltration = args[:exfiltration] if args.key?(:exfiltration)
4221
- @external_systems = args[:external_systems] if args.key?(:external_systems)
4222
- @external_uri = args[:external_uri] if args.key?(:external_uri)
4223
- @files = args[:files] if args.key?(:files)
4224
- @finding_class = args[:finding_class] if args.key?(:finding_class)
4225
- @iam_bindings = args[:iam_bindings] if args.key?(:iam_bindings)
4226
- @indicator = args[:indicator] if args.key?(:indicator)
4227
- @kernel_rootkit = args[:kernel_rootkit] if args.key?(:kernel_rootkit)
4228
- @kubernetes = args[:kubernetes] if args.key?(:kubernetes)
4229
- @load_balancers = args[:load_balancers] if args.key?(:load_balancers)
4230
- @log_entries = args[:log_entries] if args.key?(:log_entries)
4231
- @mitre_attack = args[:mitre_attack] if args.key?(:mitre_attack)
4232
- @module_name = args[:module_name] if args.key?(:module_name)
4233
- @mute = args[:mute] if args.key?(:mute)
4234
- @mute_initiator = args[:mute_initiator] if args.key?(:mute_initiator)
4235
- @mute_update_time = args[:mute_update_time] if args.key?(:mute_update_time)
4236
- @name = args[:name] if args.key?(:name)
4237
- @next_steps = args[:next_steps] if args.key?(:next_steps)
4238
- @org_policies = args[:org_policies] if args.key?(:org_policies)
4239
- @parent = args[:parent] if args.key?(:parent)
4240
- @parent_display_name = args[:parent_display_name] if args.key?(:parent_display_name)
4241
- @processes = args[:processes] if args.key?(:processes)
4242
- @resource_name = args[:resource_name] if args.key?(:resource_name)
4243
- @security_marks = args[:security_marks] if args.key?(:security_marks)
4244
- @security_posture = args[:security_posture] if args.key?(:security_posture)
4245
- @severity = args[:severity] if args.key?(:severity)
4246
- @source_properties = args[:source_properties] if args.key?(:source_properties)
4247
- @state = args[:state] if args.key?(:state)
4248
- @vulnerability = args[:vulnerability] if args.key?(:vulnerability)
4249
- end
4250
- end
4251
-
4252
- # Represents a geographical location for a given access.
4253
- class GoogleCloudSecuritycenterV2Geolocation
4254
- include Google::Apis::Core::Hashable
4255
-
4256
- # A CLDR.
4257
- # Corresponds to the JSON property `regionCode`
4258
- # @return [String]
4259
- attr_accessor :region_code
4260
-
4261
- def initialize(**args)
4262
- update!(**args)
4263
- end
4264
-
4265
- # Update properties of this object
4266
- def update!(**args)
4267
- @region_code = args[:region_code] if args.key?(:region_code)
4268
- end
4269
- end
4270
-
4271
- # Represents a particular IAM binding, which captures a member's role addition,
4272
- # removal, or state.
4273
- class GoogleCloudSecuritycenterV2IamBinding
4274
- include Google::Apis::Core::Hashable
4275
-
4276
- # The action that was performed on a Binding.
4277
- # Corresponds to the JSON property `action`
4278
- # @return [String]
4279
- attr_accessor :action
4280
-
4281
- # A single identity requesting access for a Cloud Platform resource, for example,
4282
- # "foo@google.com".
4283
- # Corresponds to the JSON property `member`
4284
- # @return [String]
4285
- attr_accessor :member
4286
-
4287
- # Role that is assigned to "members". For example, "roles/viewer", "roles/editor"
4288
- # , or "roles/owner".
4289
- # Corresponds to the JSON property `role`
4290
- # @return [String]
4291
- attr_accessor :role
4292
-
4293
- def initialize(**args)
4294
- update!(**args)
4295
- end
4296
-
4297
- # Update properties of this object
4298
- def update!(**args)
4299
- @action = args[:action] if args.key?(:action)
4300
- @member = args[:member] if args.key?(:member)
4301
- @role = args[:role] if args.key?(:role)
4302
- end
4303
- end
4304
-
4305
- # Represents what's commonly known as an _indicator of compromise_ (IoC) in
4306
- # computer forensics. This is an artifact observed on a network or in an
4307
- # operating system that, with high confidence, indicates a computer intrusion.
4308
- # For more information, see [Indicator of compromise](https://en.wikipedia.org/
4309
- # wiki/Indicator_of_compromise).
4310
- class GoogleCloudSecuritycenterV2Indicator
4311
- include Google::Apis::Core::Hashable
4312
-
4313
- # List of domains associated to the Finding.
4314
- # Corresponds to the JSON property `domains`
4315
- # @return [Array<String>]
4316
- attr_accessor :domains
4317
-
4318
- # The list of IP addresses that are associated with the finding.
4319
- # Corresponds to the JSON property `ipAddresses`
4320
- # @return [Array<String>]
4321
- attr_accessor :ip_addresses
4322
-
4323
- # The list of matched signatures indicating that the given process is present in
4324
- # the environment.
4325
- # Corresponds to the JSON property `signatures`
4326
- # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2ProcessSignature>]
4327
- attr_accessor :signatures
4328
-
4329
- # The list of URIs associated to the Findings.
4330
- # Corresponds to the JSON property `uris`
4331
- # @return [Array<String>]
4332
- attr_accessor :uris
4333
-
4334
- def initialize(**args)
4335
- update!(**args)
4336
- end
4337
-
4338
- # Update properties of this object
4339
- def update!(**args)
4340
- @domains = args[:domains] if args.key?(:domains)
4341
- @ip_addresses = args[:ip_addresses] if args.key?(:ip_addresses)
4342
- @signatures = args[:signatures] if args.key?(:signatures)
4343
- @uris = args[:uris] if args.key?(:uris)
4344
- end
4345
- end
4346
-
4347
- # Kernel mode rootkit signatures.
4348
- class GoogleCloudSecuritycenterV2KernelRootkit
4349
- include Google::Apis::Core::Hashable
4350
-
4351
- # Rootkit name, when available.
4352
- # Corresponds to the JSON property `name`
4353
- # @return [String]
4354
- attr_accessor :name
4355
-
4356
- # True if unexpected modifications of kernel code memory are present.
4357
- # Corresponds to the JSON property `unexpectedCodeModification`
4358
- # @return [Boolean]
4359
- attr_accessor :unexpected_code_modification
4360
- alias_method :unexpected_code_modification?, :unexpected_code_modification
4361
-
4362
- # True if `ftrace` points are present with callbacks pointing to regions that
4363
- # are not in the expected kernel or module code range.
4364
- # Corresponds to the JSON property `unexpectedFtraceHandler`
4365
- # @return [Boolean]
4366
- attr_accessor :unexpected_ftrace_handler
4367
- alias_method :unexpected_ftrace_handler?, :unexpected_ftrace_handler
4368
-
4369
- # True if interrupt handlers that are are not in the expected kernel or module
4370
- # code regions are present.
4371
- # Corresponds to the JSON property `unexpectedInterruptHandler`
4372
- # @return [Boolean]
4373
- attr_accessor :unexpected_interrupt_handler
4374
- alias_method :unexpected_interrupt_handler?, :unexpected_interrupt_handler
4375
-
4376
- # True if kernel code pages that are not in the expected kernel or module code
4377
- # regions are present.
4378
- # Corresponds to the JSON property `unexpectedKernelCodePages`
4379
- # @return [Boolean]
4380
- attr_accessor :unexpected_kernel_code_pages
4381
- alias_method :unexpected_kernel_code_pages?, :unexpected_kernel_code_pages
4382
-
4383
- # True if `kprobe` points are present with callbacks pointing to regions that
4384
- # are not in the expected kernel or module code range.
4385
- # Corresponds to the JSON property `unexpectedKprobeHandler`
4386
- # @return [Boolean]
4387
- attr_accessor :unexpected_kprobe_handler
4388
- alias_method :unexpected_kprobe_handler?, :unexpected_kprobe_handler
4389
-
4390
- # True if unexpected processes in the scheduler run queue are present. Such
4391
- # processes are in the run queue, but not in the process task list.
4392
- # Corresponds to the JSON property `unexpectedProcessesInRunqueue`
4393
- # @return [Boolean]
4394
- attr_accessor :unexpected_processes_in_runqueue
4395
- alias_method :unexpected_processes_in_runqueue?, :unexpected_processes_in_runqueue
4396
-
4397
- # True if unexpected modifications of kernel read-only data memory are present.
4398
- # Corresponds to the JSON property `unexpectedReadOnlyDataModification`
4399
- # @return [Boolean]
4400
- attr_accessor :unexpected_read_only_data_modification
4401
- alias_method :unexpected_read_only_data_modification?, :unexpected_read_only_data_modification
4402
-
4403
- # True if system call handlers that are are not in the expected kernel or module
4404
- # code regions are present.
4405
- # Corresponds to the JSON property `unexpectedSystemCallHandler`
4406
- # @return [Boolean]
4407
- attr_accessor :unexpected_system_call_handler
4408
- alias_method :unexpected_system_call_handler?, :unexpected_system_call_handler
4409
-
4410
- def initialize(**args)
4411
- update!(**args)
4412
- end
4413
-
4414
- # Update properties of this object
4415
- def update!(**args)
4416
- @name = args[:name] if args.key?(:name)
4417
- @unexpected_code_modification = args[:unexpected_code_modification] if args.key?(:unexpected_code_modification)
4418
- @unexpected_ftrace_handler = args[:unexpected_ftrace_handler] if args.key?(:unexpected_ftrace_handler)
4419
- @unexpected_interrupt_handler = args[:unexpected_interrupt_handler] if args.key?(:unexpected_interrupt_handler)
4420
- @unexpected_kernel_code_pages = args[:unexpected_kernel_code_pages] if args.key?(:unexpected_kernel_code_pages)
4421
- @unexpected_kprobe_handler = args[:unexpected_kprobe_handler] if args.key?(:unexpected_kprobe_handler)
4422
- @unexpected_processes_in_runqueue = args[:unexpected_processes_in_runqueue] if args.key?(:unexpected_processes_in_runqueue)
4423
- @unexpected_read_only_data_modification = args[:unexpected_read_only_data_modification] if args.key?(:unexpected_read_only_data_modification)
4424
- @unexpected_system_call_handler = args[:unexpected_system_call_handler] if args.key?(:unexpected_system_call_handler)
4425
- end
4426
- end
4427
-
4428
- # Kubernetes-related attributes.
4429
- class GoogleCloudSecuritycenterV2Kubernetes
4430
- include Google::Apis::Core::Hashable
4431
-
4432
- # Provides information on any Kubernetes access reviews (privilege checks)
4433
- # relevant to the finding.
4434
- # Corresponds to the JSON property `accessReviews`
4435
- # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2AccessReview>]
4436
- attr_accessor :access_reviews
4437
-
4438
- # Provides Kubernetes role binding information for findings that involve [
4439
- # RoleBindings or ClusterRoleBindings](https://cloud.google.com/kubernetes-
4440
- # engine/docs/how-to/role-based-access-control).
4441
- # Corresponds to the JSON property `bindings`
4442
- # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Binding>]
4443
- attr_accessor :bindings
4444
-
4445
- # GKE [node pools](https://cloud.google.com/kubernetes-engine/docs/concepts/node-
4446
- # pools) associated with the finding. This field contains node pool information
4447
- # for each node, when it is available.
4448
- # Corresponds to the JSON property `nodePools`
4449
- # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2NodePool>]
4450
- attr_accessor :node_pools
4451
-
4452
- # Provides Kubernetes [node](https://cloud.google.com/kubernetes-engine/docs/
4453
- # concepts/cluster-architecture#nodes) information.
4454
- # Corresponds to the JSON property `nodes`
4455
- # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Node>]
4456
- attr_accessor :nodes
4457
-
4458
- # Kubernetes objects related to the finding.
4459
- # Corresponds to the JSON property `objects`
4460
- # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Object>]
4461
- attr_accessor :objects
4462
-
4463
- # Kubernetes [Pods](https://cloud.google.com/kubernetes-engine/docs/concepts/pod)
4464
- # associated with the finding. This field contains Pod records for each
4465
- # container that is owned by a Pod.
4466
- # Corresponds to the JSON property `pods`
4467
- # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Pod>]
4468
- attr_accessor :pods
4469
-
4470
- # Provides Kubernetes role information for findings that involve [Roles or
4471
- # ClusterRoles](https://cloud.google.com/kubernetes-engine/docs/how-to/role-
4472
- # based-access-control).
4473
- # Corresponds to the JSON property `roles`
4474
- # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Role>]
4475
- attr_accessor :roles
4476
-
4477
- def initialize(**args)
4478
- update!(**args)
4479
- end
4480
-
4481
- # Update properties of this object
4482
- def update!(**args)
4483
- @access_reviews = args[:access_reviews] if args.key?(:access_reviews)
4484
- @bindings = args[:bindings] if args.key?(:bindings)
4485
- @node_pools = args[:node_pools] if args.key?(:node_pools)
4486
- @nodes = args[:nodes] if args.key?(:nodes)
4487
- @objects = args[:objects] if args.key?(:objects)
4488
- @pods = args[:pods] if args.key?(:pods)
4489
- @roles = args[:roles] if args.key?(:roles)
4490
- end
4491
- end
4492
-
4493
- # Represents a generic name-value label. A label has separate name and value
4494
- # fields to support filtering with the `contains()` function. For more
4495
- # information, see [Filtering on array-type fields](https://cloud.google.com/
4496
- # security-command-center/docs/how-to-api-list-findings#array-contains-filtering)
4497
- # .
4498
- class GoogleCloudSecuritycenterV2Label
4499
- include Google::Apis::Core::Hashable
4500
-
4501
- # Name of the label.
4502
- # Corresponds to the JSON property `name`
4503
- # @return [String]
4504
- attr_accessor :name
4505
-
4506
- # Value that corresponds to the label's name.
4507
- # Corresponds to the JSON property `value`
4508
- # @return [String]
4509
- attr_accessor :value
4510
-
4511
- def initialize(**args)
4512
- update!(**args)
4513
- end
4514
-
4515
- # Update properties of this object
4516
- def update!(**args)
4517
- @name = args[:name] if args.key?(:name)
4518
- @value = args[:value] if args.key?(:value)
4519
- end
4520
- end
4521
-
4522
- # Contains information related to the load balancer associated with the finding.
4523
- class GoogleCloudSecuritycenterV2LoadBalancer
4524
- include Google::Apis::Core::Hashable
4525
-
4526
- # The name of the load balancer associated with the finding.
4527
- # Corresponds to the JSON property `name`
4528
- # @return [String]
4529
- attr_accessor :name
4530
-
4531
- def initialize(**args)
4532
- update!(**args)
4533
- end
4534
-
4535
- # Update properties of this object
4536
- def update!(**args)
4537
- @name = args[:name] if args.key?(:name)
4538
- end
4539
- end
4540
-
4541
- # An individual entry in a log.
4542
- class GoogleCloudSecuritycenterV2LogEntry
4543
- include Google::Apis::Core::Hashable
4544
-
4545
- # Metadata taken from a [Cloud Logging LogEntry](https://cloud.google.com/
4546
- # logging/docs/reference/v2/rest/v2/LogEntry)
4547
- # Corresponds to the JSON property `cloudLoggingEntry`
4548
- # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2CloudLoggingEntry]
4549
- attr_accessor :cloud_logging_entry
4550
-
4551
- def initialize(**args)
4552
- update!(**args)
4553
- end
4554
-
4555
- # Update properties of this object
4556
- def update!(**args)
4557
- @cloud_logging_entry = args[:cloud_logging_entry] if args.key?(:cloud_logging_entry)
4558
- end
4559
- end
4560
-
4561
- # A signature corresponding to memory page hashes.
4562
- class GoogleCloudSecuritycenterV2MemoryHashSignature
4563
- include Google::Apis::Core::Hashable
4564
-
4565
- # The binary family.
4566
- # Corresponds to the JSON property `binaryFamily`
4567
- # @return [String]
4568
- attr_accessor :binary_family
4569
-
4570
- # The list of memory hash detections contributing to the binary family match.
4571
- # Corresponds to the JSON property `detections`
4572
- # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Detection>]
4573
- attr_accessor :detections
4574
-
4575
- def initialize(**args)
4576
- update!(**args)
4577
- end
4578
-
4579
- # Update properties of this object
4580
- def update!(**args)
4581
- @binary_family = args[:binary_family] if args.key?(:binary_family)
4582
- @detections = args[:detections] if args.key?(:detections)
4583
- end
4584
- end
4585
-
4586
- # MITRE ATT&CK tactics and techniques related to this finding. See: https://
4587
- # attack.mitre.org
4588
- class GoogleCloudSecuritycenterV2MitreAttack
4589
- include Google::Apis::Core::Hashable
4590
-
4591
- # Additional MITRE ATT&CK tactics related to this finding, if any.
4592
- # Corresponds to the JSON property `additionalTactics`
4593
- # @return [Array<String>]
4594
- attr_accessor :additional_tactics
4595
-
4596
- # Additional MITRE ATT&CK techniques related to this finding, if any, along with
4597
- # any of their respective parent techniques.
4598
- # Corresponds to the JSON property `additionalTechniques`
4599
- # @return [Array<String>]
4600
- attr_accessor :additional_techniques
4601
-
4602
- # The MITRE ATT&CK tactic most closely represented by this finding, if any.
4603
- # Corresponds to the JSON property `primaryTactic`
4604
- # @return [String]
4605
- attr_accessor :primary_tactic
4606
-
4607
- # The MITRE ATT&CK technique most closely represented by this finding, if any.
4608
- # primary_techniques is a repeated field because there are multiple levels of
4609
- # MITRE ATT&CK techniques. If the technique most closely represented by this
4610
- # finding is a sub-technique (e.g. `SCANNING_IP_BLOCKS`), both the sub-technique
4611
- # and its parent technique(s) will be listed (e.g. `SCANNING_IP_BLOCKS`, `
4612
- # ACTIVE_SCANNING`).
4613
- # Corresponds to the JSON property `primaryTechniques`
4614
- # @return [Array<String>]
4615
- attr_accessor :primary_techniques
4616
-
4617
- # The MITRE ATT&CK version referenced by the above fields. E.g. "8".
4618
- # Corresponds to the JSON property `version`
4619
- # @return [String]
4620
- attr_accessor :version
4621
-
4622
- def initialize(**args)
4623
- update!(**args)
4624
- end
4625
-
4626
- # Update properties of this object
4627
- def update!(**args)
4628
- @additional_tactics = args[:additional_tactics] if args.key?(:additional_tactics)
4629
- @additional_techniques = args[:additional_techniques] if args.key?(:additional_techniques)
4630
- @primary_tactic = args[:primary_tactic] if args.key?(:primary_tactic)
4631
- @primary_techniques = args[:primary_techniques] if args.key?(:primary_techniques)
4632
- @version = args[:version] if args.key?(:version)
4633
- end
4634
- end
4635
-
4636
- # A mute config is a Cloud SCC resource that contains the configuration to mute
4637
- # create/update events of findings.
4638
- class GoogleCloudSecuritycenterV2MuteConfig
4639
- include Google::Apis::Core::Hashable
4640
-
4641
- # Output only. The time at which the mute config was created. This field is set
4642
- # by the server and will be ignored if provided on config creation.
4643
- # Corresponds to the JSON property `createTime`
4644
- # @return [String]
4645
- attr_accessor :create_time
4646
-
4647
- # A description of the mute config.
4648
- # Corresponds to the JSON property `description`
4649
- # @return [String]
4650
- attr_accessor :description
4651
-
4652
- # Required. An expression that defines the filter to apply across create/update
4653
- # events of findings. While creating a filter string, be mindful of the scope in
4654
- # which the mute configuration is being created. E.g., If a filter contains
4655
- # project = X but is created under the project = Y scope, it might not match any
4656
- # findings. The following field and operator combinations are supported: *
4657
- # severity: `=`, `:` * category: `=`, `:` * resource.name: `=`, `:` * resource.
4658
- # project_name: `=`, `:` * resource.project_display_name: `=`, `:` * resource.
4659
- # folders.resource_folder: `=`, `:` * resource.parent_name: `=`, `:` * resource.
4660
- # parent_display_name: `=`, `:` * resource.type: `=`, `:` * finding_class: `=`, `
4661
- # :` * indicator.ip_addresses: `=`, `:` * indicator.domains: `=`, `:`
4662
- # Corresponds to the JSON property `filter`
4663
- # @return [String]
4664
- attr_accessor :filter
4665
-
4666
- # Output only. Email address of the user who last edited the mute config. This
4667
- # field is set by the server and will be ignored if provided on config creation
4668
- # or update.
4669
- # Corresponds to the JSON property `mostRecentEditor`
4670
- # @return [String]
4671
- attr_accessor :most_recent_editor
4672
-
4673
- # This field will be ignored if provided on config creation. The following list
4674
- # shows some examples of the format: + `organizations/`organization`/muteConfigs/
4675
- # `mute_config`` + `organizations/`organization`locations/`location`//
4676
- # muteConfigs/`mute_config`` + `folders/`folder`/muteConfigs/`mute_config`` + `
4677
- # folders/`folder`/locations/`location`/muteConfigs/`mute_config`` + `projects/`
4678
- # project`/muteConfigs/`mute_config`` + `projects/`project`/locations/`location`/
4679
- # muteConfigs/`mute_config``
4680
- # Corresponds to the JSON property `name`
4681
- # @return [String]
4682
- attr_accessor :name
4683
-
4684
- # Output only. The most recent time at which the mute config was updated. This
4685
- # field is set by the server and will be ignored if provided on config creation
4686
- # or update.
4687
- # Corresponds to the JSON property `updateTime`
4688
- # @return [String]
4689
- attr_accessor :update_time
4690
-
4691
- def initialize(**args)
4692
- update!(**args)
4693
- end
4694
-
4695
- # Update properties of this object
4696
- def update!(**args)
4697
- @create_time = args[:create_time] if args.key?(:create_time)
4698
- @description = args[:description] if args.key?(:description)
4699
- @filter = args[:filter] if args.key?(:filter)
4700
- @most_recent_editor = args[:most_recent_editor] if args.key?(:most_recent_editor)
4701
- @name = args[:name] if args.key?(:name)
4702
- @update_time = args[:update_time] if args.key?(:update_time)
4703
- end
4704
- end
4705
-
4706
- # Kubernetes nodes associated with the finding.
4707
- class GoogleCloudSecuritycenterV2Node
4708
- include Google::Apis::Core::Hashable
4709
-
4710
- # [Full resource name](https://google.aip.dev/122#full-resource-names) of the
4711
- # Compute Engine VM running the cluster node.
4712
- # Corresponds to the JSON property `name`
4713
- # @return [String]
4714
- attr_accessor :name
4715
-
4716
- def initialize(**args)
4717
- update!(**args)
4718
- end
4719
-
4720
- # Update properties of this object
4721
- def update!(**args)
4722
- @name = args[:name] if args.key?(:name)
4723
- end
4724
- end
4725
-
4726
- # Provides GKE node pool information.
4727
- class GoogleCloudSecuritycenterV2NodePool
4728
- include Google::Apis::Core::Hashable
4729
-
4730
- # Kubernetes node pool name.
4731
- # Corresponds to the JSON property `name`
4732
- # @return [String]
4733
- attr_accessor :name
4734
-
4735
- # Nodes associated with the finding.
4736
- # Corresponds to the JSON property `nodes`
4737
- # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Node>]
4738
- attr_accessor :nodes
4739
-
4740
- def initialize(**args)
4741
- update!(**args)
4742
- end
4743
-
4744
- # Update properties of this object
4745
- def update!(**args)
4746
- @name = args[:name] if args.key?(:name)
4747
- @nodes = args[:nodes] if args.key?(:nodes)
4748
- end
4749
- end
4750
-
4751
- # Cloud SCC's Notification
4752
- class GoogleCloudSecuritycenterV2NotificationMessage
4753
- include Google::Apis::Core::Hashable
4754
-
4755
- # Security Command Center finding. A finding is a record of assessment data like
4756
- # security, risk, health, or privacy, that is ingested into Security Command
4757
- # Center for presentation, notification, analysis, policy testing, and
4758
- # enforcement. For example, a cross-site scripting (XSS) vulnerability in an App
4759
- # Engine application is a finding.
4760
- # Corresponds to the JSON property `finding`
4761
- # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Finding]
4762
- attr_accessor :finding
4763
-
4764
- # Name of the notification config that generated current notification.
4765
- # Corresponds to the JSON property `notificationConfigName`
4766
- # @return [String]
4767
- attr_accessor :notification_config_name
4768
-
4769
- # Information related to the Google Cloud resource.
4770
- # Corresponds to the JSON property `resource`
4771
- # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Resource]
4772
- attr_accessor :resource
4773
-
4774
- def initialize(**args)
4775
- update!(**args)
4776
- end
4777
-
4778
- # Update properties of this object
4779
- def update!(**args)
4780
- @finding = args[:finding] if args.key?(:finding)
4781
- @notification_config_name = args[:notification_config_name] if args.key?(:notification_config_name)
4782
- @resource = args[:resource] if args.key?(:resource)
4783
- end
4784
- end
4785
-
4786
- # Kubernetes object related to the finding, uniquely identified by GKNN. Used if
4787
- # the object Kind is not one of Pod, Node, NodePool, Binding, or AccessReview.
4788
- class GoogleCloudSecuritycenterV2Object
4789
- include Google::Apis::Core::Hashable
4790
-
4791
- # Pod containers associated with this finding, if any.
4792
- # Corresponds to the JSON property `containers`
4793
- # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Container>]
4794
- attr_accessor :containers
4795
-
4796
- # Kubernetes object group, such as "policy.k8s.io/v1".
4797
- # Corresponds to the JSON property `group`
4798
- # @return [String]
4799
- attr_accessor :group
4800
-
4801
- # Kubernetes object kind, such as "Namespace".
4802
- # Corresponds to the JSON property `kind`
4803
- # @return [String]
4804
- attr_accessor :kind
4805
-
4806
- # Kubernetes object name. For details see https://kubernetes.io/docs/concepts/
4807
- # overview/working-with-objects/names/.
4808
- # Corresponds to the JSON property `name`
4809
- # @return [String]
4810
- attr_accessor :name
4811
-
4812
- # Kubernetes object namespace. Must be a valid DNS label. Named "ns" to avoid
4813
- # collision with C++ namespace keyword. For details see https://kubernetes.io/
4814
- # docs/tasks/administer-cluster/namespaces/.
4815
- # Corresponds to the JSON property `ns`
4816
- # @return [String]
4817
- attr_accessor :ns
4818
-
4819
- def initialize(**args)
4820
- update!(**args)
4821
- end
4822
-
4823
- # Update properties of this object
4824
- def update!(**args)
4825
- @containers = args[:containers] if args.key?(:containers)
4826
- @group = args[:group] if args.key?(:group)
4827
- @kind = args[:kind] if args.key?(:kind)
4828
- @name = args[:name] if args.key?(:name)
4829
- @ns = args[:ns] if args.key?(:ns)
4830
- end
4831
- end
4832
-
4833
- # Contains information about the org policies associated with the finding.
4834
- class GoogleCloudSecuritycenterV2OrgPolicy
4835
- include Google::Apis::Core::Hashable
4836
-
4837
- # The resource name of the org policy. Example: "organizations/`organization_id`/
4838
- # policies/`constraint_name`"
4839
- # Corresponds to the JSON property `name`
4840
- # @return [String]
4841
- attr_accessor :name
4842
-
4843
- def initialize(**args)
4844
- update!(**args)
4845
- end
4846
-
4847
- # Update properties of this object
4848
- def update!(**args)
4849
- @name = args[:name] if args.key?(:name)
4850
- end
4851
- end
4852
-
4853
- # A Kubernetes Pod.
4854
- class GoogleCloudSecuritycenterV2Pod
4855
- include Google::Apis::Core::Hashable
4856
-
4857
- # Pod containers associated with this finding, if any.
4858
- # Corresponds to the JSON property `containers`
4859
- # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Container>]
4860
- attr_accessor :containers
4861
-
4862
- # Pod labels. For Kubernetes containers, these are applied to the container.
4863
- # Corresponds to the JSON property `labels`
4864
- # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Label>]
4865
- attr_accessor :labels
4866
-
4867
- # Kubernetes Pod name.
4868
- # Corresponds to the JSON property `name`
4869
- # @return [String]
4870
- attr_accessor :name
4871
-
4872
- # Kubernetes Pod namespace.
4873
- # Corresponds to the JSON property `ns`
4874
- # @return [String]
4875
- attr_accessor :ns
4876
-
4877
- def initialize(**args)
4878
- update!(**args)
4879
- end
4880
-
4881
- # Update properties of this object
4882
- def update!(**args)
4883
- @containers = args[:containers] if args.key?(:containers)
4884
- @labels = args[:labels] if args.key?(:labels)
4885
- @name = args[:name] if args.key?(:name)
4886
- @ns = args[:ns] if args.key?(:ns)
4887
- end
4888
- end
4889
-
4890
- # Represents an operating system process.
4891
- class GoogleCloudSecuritycenterV2Process
4892
- include Google::Apis::Core::Hashable
4893
-
4894
- # Process arguments as JSON encoded strings.
4895
- # Corresponds to the JSON property `args`
4896
- # @return [Array<String>]
4897
- attr_accessor :args
4898
-
4899
- # True if `args` is incomplete.
4900
- # Corresponds to the JSON property `argumentsTruncated`
4901
- # @return [Boolean]
4902
- attr_accessor :arguments_truncated
4903
- alias_method :arguments_truncated?, :arguments_truncated
4904
-
4905
- # File information about the related binary/library used by an executable, or
4906
- # the script used by a script interpreter
4907
- # Corresponds to the JSON property `binary`
4908
- # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2File]
4909
- attr_accessor :binary
4910
-
4911
- # Process environment variables.
4912
- # Corresponds to the JSON property `envVariables`
4913
- # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2EnvironmentVariable>]
4914
- attr_accessor :env_variables
4915
-
4916
- # True if `env_variables` is incomplete.
4917
- # Corresponds to the JSON property `envVariablesTruncated`
4918
- # @return [Boolean]
4919
- attr_accessor :env_variables_truncated
4920
- alias_method :env_variables_truncated?, :env_variables_truncated
4921
-
4922
- # File information for libraries loaded by the process.
4923
- # Corresponds to the JSON property `libraries`
4924
- # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2File>]
4925
- attr_accessor :libraries
4926
-
4927
- # The process name, as displayed in utilities like `top` and `ps`. This name can
4928
- # be accessed through `/proc/[pid]/comm` and changed with `prctl(PR_SET_NAME)`.
4929
- # Corresponds to the JSON property `name`
4930
- # @return [String]
4931
- attr_accessor :name
4932
-
4933
- # The parent process ID.
4934
- # Corresponds to the JSON property `parentPid`
4935
- # @return [Fixnum]
4936
- attr_accessor :parent_pid
4937
-
4938
- # The process ID.
4939
- # Corresponds to the JSON property `pid`
4940
- # @return [Fixnum]
4941
- attr_accessor :pid
4942
-
4943
- # File information about the related binary/library used by an executable, or
4944
- # the script used by a script interpreter
4945
- # Corresponds to the JSON property `script`
4946
- # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2File]
4947
- attr_accessor :script
4948
-
4949
- def initialize(**args)
4950
- update!(**args)
4951
- end
4952
-
4953
- # Update properties of this object
4954
- def update!(**args)
4955
- @args = args[:args] if args.key?(:args)
4956
- @arguments_truncated = args[:arguments_truncated] if args.key?(:arguments_truncated)
4957
- @binary = args[:binary] if args.key?(:binary)
4958
- @env_variables = args[:env_variables] if args.key?(:env_variables)
4959
- @env_variables_truncated = args[:env_variables_truncated] if args.key?(:env_variables_truncated)
4960
- @libraries = args[:libraries] if args.key?(:libraries)
4961
- @name = args[:name] if args.key?(:name)
4962
- @parent_pid = args[:parent_pid] if args.key?(:parent_pid)
4963
- @pid = args[:pid] if args.key?(:pid)
4964
- @script = args[:script] if args.key?(:script)
4965
- end
4966
- end
4967
-
4968
- # Indicates what signature matched this process.
4969
- class GoogleCloudSecuritycenterV2ProcessSignature
4970
- include Google::Apis::Core::Hashable
4971
-
4972
- # A signature corresponding to memory page hashes.
4973
- # Corresponds to the JSON property `memoryHashSignature`
4974
- # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2MemoryHashSignature]
4975
- attr_accessor :memory_hash_signature
4976
-
4977
- # A signature corresponding to a YARA rule.
4978
- # Corresponds to the JSON property `yaraRuleSignature`
4979
- # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2YaraRuleSignature]
4980
- attr_accessor :yara_rule_signature
4981
-
4982
- def initialize(**args)
4983
- update!(**args)
4984
- end
4985
-
4986
- # Update properties of this object
4987
- def update!(**args)
4988
- @memory_hash_signature = args[:memory_hash_signature] if args.key?(:memory_hash_signature)
4989
- @yara_rule_signature = args[:yara_rule_signature] if args.key?(:yara_rule_signature)
4990
- end
4991
- end
4992
-
4993
- # Additional Links
4994
- class GoogleCloudSecuritycenterV2Reference
4995
- include Google::Apis::Core::Hashable
4996
-
4997
- # Source of the reference e.g. NVD
4998
- # Corresponds to the JSON property `source`
4999
- # @return [String]
5000
- attr_accessor :source
5001
-
5002
- # Uri for the mentioned source e.g. https://cve.mitre.org/cgi-bin/cvename.cgi?
5003
- # name=CVE-2021-34527.
5004
- # Corresponds to the JSON property `uri`
5005
- # @return [String]
5006
- attr_accessor :uri
5007
-
5008
- def initialize(**args)
5009
- update!(**args)
5010
- end
5011
-
5012
- # Update properties of this object
5013
- def update!(**args)
5014
- @source = args[:source] if args.key?(:source)
5015
- @uri = args[:uri] if args.key?(:uri)
5016
- end
5017
- end
5018
-
5019
- # Information related to the Google Cloud resource.
5020
- class GoogleCloudSecuritycenterV2Resource
5021
- include Google::Apis::Core::Hashable
5022
-
5023
- # The human readable name of the resource.
5024
- # Corresponds to the JSON property `displayName`
5025
- # @return [String]
5026
- attr_accessor :display_name
5027
-
5028
- # The full resource name of the resource. See: https://cloud.google.com/apis/
5029
- # design/resource_names#full_resource_name
5030
- # Corresponds to the JSON property `name`
5031
- # @return [String]
5032
- attr_accessor :name
5033
-
5034
- # The full resource type of the resource.
5035
- # Corresponds to the JSON property `type`
5036
- # @return [String]
5037
- attr_accessor :type
5038
-
5039
- def initialize(**args)
5040
- update!(**args)
5041
- end
5042
-
5043
- # Update properties of this object
5044
- def update!(**args)
5045
- @display_name = args[:display_name] if args.key?(:display_name)
5046
- @name = args[:name] if args.key?(:name)
5047
- @type = args[:type] if args.key?(:type)
5048
- end
5049
- end
5050
-
5051
- # A resource value config (RVC) is a mapping configuration of user's resources
5052
- # to resource values. Used in Attack path simulations.
5053
- class GoogleCloudSecuritycenterV2ResourceValueConfig
5054
- include Google::Apis::Core::Hashable
5055
-
5056
- # Output only. Timestamp this resource value config was created.
5057
- # Corresponds to the JSON property `createTime`
5058
- # @return [String]
5059
- attr_accessor :create_time
5060
-
5061
- # Description of the resource value config.
5062
- # Corresponds to the JSON property `description`
5063
- # @return [String]
5064
- attr_accessor :description
5065
-
5066
- # Name for the resource value config
5067
- # Corresponds to the JSON property `name`
5068
- # @return [String]
5069
- attr_accessor :name
5070
-
5071
- # List of resource labels to search for, evaluated with AND. E.g. "
5072
- # resource_labels_selector": `"key": "value", "env": "prod"` will match
5073
- # resources with labels "key": "value" AND "env": "prod" https://cloud.google.
5074
- # com/resource-manager/docs/creating-managing-labels
5075
- # Corresponds to the JSON property `resourceLabelsSelector`
5076
- # @return [Hash<String,String>]
5077
- attr_accessor :resource_labels_selector
5078
-
5079
- # Apply resource_value only to resources that match resource_type. resource_type
5080
- # will be checked with "AND" of other resources. E.g. "storage.googleapis.com/
5081
- # Bucket" with resource_value "HIGH" will apply "HIGH" value only to "storage.
5082
- # googleapis.com/Bucket" resources.
5083
- # Corresponds to the JSON property `resourceType`
5084
- # @return [String]
5085
- attr_accessor :resource_type
5086
-
5087
- # Required. Resource value level this expression represents
5088
- # Corresponds to the JSON property `resourceValue`
5089
- # @return [String]
5090
- attr_accessor :resource_value
5091
-
5092
- # Project or folder to scope this config to. For example, "project/456" would
5093
- # apply this config only to resources in "project/456" scope will be checked
5094
- # with "AND" of other resources.
5095
- # Corresponds to the JSON property `scope`
5096
- # @return [String]
5097
- attr_accessor :scope
5098
-
5099
- # Required. Tag values combined with AND to check against. Values in the form "
5100
- # tagValues/123" E.g. [ "tagValues/123", "tagValues/456", "tagValues/789" ]
5101
- # https://cloud.google.com/resource-manager/docs/tags/tags-creating-and-managing
5102
- # Corresponds to the JSON property `tagValues`
5103
- # @return [Array<String>]
5104
- attr_accessor :tag_values
5105
-
5106
- # Output only. Timestamp this resource value config was last updated.
5107
- # Corresponds to the JSON property `updateTime`
5108
- # @return [String]
5109
- attr_accessor :update_time
5110
-
5111
- def initialize(**args)
5112
- update!(**args)
5113
- end
5114
-
5115
- # Update properties of this object
5116
- def update!(**args)
5117
- @create_time = args[:create_time] if args.key?(:create_time)
5118
- @description = args[:description] if args.key?(:description)
5119
- @name = args[:name] if args.key?(:name)
5120
- @resource_labels_selector = args[:resource_labels_selector] if args.key?(:resource_labels_selector)
5121
- @resource_type = args[:resource_type] if args.key?(:resource_type)
5122
- @resource_value = args[:resource_value] if args.key?(:resource_value)
5123
- @scope = args[:scope] if args.key?(:scope)
5124
- @tag_values = args[:tag_values] if args.key?(:tag_values)
5125
- @update_time = args[:update_time] if args.key?(:update_time)
5126
- end
5127
- end
5128
-
5129
- # Kubernetes Role or ClusterRole.
5130
- class GoogleCloudSecuritycenterV2Role
5131
- include Google::Apis::Core::Hashable
5132
-
5133
- # Role type.
5134
- # Corresponds to the JSON property `kind`
5135
- # @return [String]
5136
- attr_accessor :kind
5137
-
5138
- # Role name.
5139
- # Corresponds to the JSON property `name`
5140
- # @return [String]
5141
- attr_accessor :name
5142
-
5143
- # Role namespace.
5144
- # Corresponds to the JSON property `ns`
5145
- # @return [String]
5146
- attr_accessor :ns
5147
-
5148
- def initialize(**args)
5149
- update!(**args)
5150
- end
5151
-
5152
- # Update properties of this object
5153
- def update!(**args)
5154
- @kind = args[:kind] if args.key?(:kind)
5155
- @name = args[:name] if args.key?(:name)
5156
- @ns = args[:ns] if args.key?(:ns)
5157
- end
5158
- end
5159
-
5160
- # User specified security marks that are attached to the parent Security Command
5161
- # Center resource. Security marks are scoped within a Security Command Center
5162
- # organization -- they can be modified and viewed by all users who have proper
5163
- # permissions on the organization.
5164
- class GoogleCloudSecuritycenterV2SecurityMarks
5165
- include Google::Apis::Core::Hashable
5166
-
5167
- # The canonical name of the marks. The following list shows some examples: + `
5168
- # organizations/`organization_id`/assets/`asset_id`/securityMarks" + `
5169
- # organizations/`organization_id`/sources/`source_id`/findings/`finding_id`/
5170
- # securityMarks" + `organizations/`organization_id`/sources/`source_id`/
5171
- # locations/`location`/findings/`finding_id`/securityMarks" + `folders/`
5172
- # folder_id`/assets/`asset_id`/securityMarks" + `folders/`folder_id`/sources/`
5173
- # source_id`/findings/`finding_id`/securityMarks" + `folders/`folder_id`/sources/
5174
- # `source_id`/locations/`location`/findings/`finding_id`/securityMarks" + `
5175
- # projects/`project_number`/assets/`asset_id`/securityMarks" + `projects/`
5176
- # project_number`/sources/`source_id`/findings/`finding_id`/securityMarks" + `
5177
- # projects/`project_number`/sources/`source_id`/locations/`location`/findings/`
5178
- # finding_id`/securityMarks"
5179
- # Corresponds to the JSON property `canonicalName`
5180
- # @return [String]
5181
- attr_accessor :canonical_name
5182
-
5183
- # Mutable user specified security marks belonging to the parent resource.
5184
- # Constraints are as follows: * Keys and values are treated as case insensitive *
5185
- # Keys must be between 1 - 256 characters (inclusive) * Keys must be letters,
5186
- # numbers, underscores, or dashes * Values have leading and trailing whitespace
5187
- # trimmed, remaining characters must be between 1 - 4096 characters (inclusive)
5188
- # Corresponds to the JSON property `marks`
5189
- # @return [Hash<String,String>]
5190
- attr_accessor :marks
5191
-
5192
- # The relative resource name of the SecurityMarks. See: https://cloud.google.com/
5193
- # apis/design/resource_names#relative_resource_name The following list shows
5194
- # some examples: + `organizations/`organization_id`/assets/`asset_id`/
5195
- # securityMarks` + `organizations/`organization_id`/sources/`source_id`/findings/
5196
- # `finding_id`/securityMarks` + `organizations/`organization_id`/sources/`
5197
- # source_id`/locations/`location`/findings/`finding_id`/securityMarks`
5198
- # Corresponds to the JSON property `name`
5199
- # @return [String]
5200
- attr_accessor :name
5201
-
5202
- def initialize(**args)
5203
- update!(**args)
5204
- end
5205
-
5206
- # Update properties of this object
5207
- def update!(**args)
5208
- @canonical_name = args[:canonical_name] if args.key?(:canonical_name)
5209
- @marks = args[:marks] if args.key?(:marks)
5210
- @name = args[:name] if args.key?(:name)
5211
- end
5212
- end
5213
-
5214
- # Represents a posture that is deployed on Google Cloud by the Security Command
5215
- # Center Posture Management service. A posture contains one or more policy sets.
5216
- # A policy set is a group of policies that enforce a set of security rules on
5217
- # Google Cloud.
5218
- class GoogleCloudSecuritycenterV2SecurityPosture
5219
- include Google::Apis::Core::Hashable
5220
-
5221
- # The name of the policy that has been updated, for example, `projects/`
5222
- # project_id`/policies/`constraint_name``.
5223
- # Corresponds to the JSON property `changedPolicy`
5224
- # @return [String]
5225
- attr_accessor :changed_policy
5226
-
5227
- # Name of the posture, for example, `organizations/`org_id`/locations/`location`/
5228
- # postures/`posture_name``.
5229
- # Corresponds to the JSON property `name`
5230
- # @return [String]
5231
- attr_accessor :name
5232
-
5233
- # The name of the posture deployment, for example, `projects/`project_id`/
5234
- # posturedeployments/`posture_deployment_id``.
5235
- # Corresponds to the JSON property `postureDeployment`
5236
- # @return [String]
5237
- attr_accessor :posture_deployment
5238
-
5239
- # The project, folder, or organization on which the posture is deployed, for
5240
- # example, `projects/`project_id``.
5241
- # Corresponds to the JSON property `postureDeploymentResource`
5242
- # @return [String]
5243
- attr_accessor :posture_deployment_resource
5244
-
5245
- # The version of the posture, for example, `c7cfa2a8`.
5246
- # Corresponds to the JSON property `revisionId`
5247
- # @return [String]
5248
- attr_accessor :revision_id
5249
-
5250
- def initialize(**args)
5251
- update!(**args)
5252
- end
5253
-
5254
- # Update properties of this object
5255
- def update!(**args)
5256
- @changed_policy = args[:changed_policy] if args.key?(:changed_policy)
5257
- @name = args[:name] if args.key?(:name)
5258
- @posture_deployment = args[:posture_deployment] if args.key?(:posture_deployment)
5259
- @posture_deployment_resource = args[:posture_deployment_resource] if args.key?(:posture_deployment_resource)
5260
- @revision_id = args[:revision_id] if args.key?(:revision_id)
5261
- end
5262
- end
5263
-
5264
- # Identity delegation history of an authenticated service account.
5265
- class GoogleCloudSecuritycenterV2ServiceAccountDelegationInfo
5266
- include Google::Apis::Core::Hashable
5267
-
5268
- # The email address of a Google account.
5269
- # Corresponds to the JSON property `principalEmail`
5270
- # @return [String]
5271
- attr_accessor :principal_email
5272
-
5273
- # A string representing the principal_subject associated with the identity. As
5274
- # compared to `principal_email`, supports principals that aren't associated with
5275
- # email addresses, such as third party principals. For most identities, the
5276
- # format will be `principal://iam.googleapis.com/`identity pool name`/subjects/`
5277
- # subject`` except for some GKE identities (GKE_WORKLOAD, FREEFORM,
5278
- # GKE_HUB_WORKLOAD) that are still in the legacy format `serviceAccount:`
5279
- # identity pool name`[`subject`]`
5280
- # Corresponds to the JSON property `principalSubject`
5281
- # @return [String]
5282
- attr_accessor :principal_subject
5283
-
5284
- def initialize(**args)
5285
- update!(**args)
5286
- end
5287
-
5288
- # Update properties of this object
5289
- def update!(**args)
5290
- @principal_email = args[:principal_email] if args.key?(:principal_email)
5291
- @principal_subject = args[:principal_subject] if args.key?(:principal_subject)
5292
- end
5293
- end
5294
-
5295
- # Represents a Kubernetes subject.
5296
- class GoogleCloudSecuritycenterV2Subject
5297
- include Google::Apis::Core::Hashable
5298
-
5299
- # Authentication type for the subject.
5300
- # Corresponds to the JSON property `kind`
5301
- # @return [String]
5302
- attr_accessor :kind
5303
-
5304
- # Name for the subject.
5305
- # Corresponds to the JSON property `name`
5306
- # @return [String]
5307
- attr_accessor :name
5308
-
5309
- # Namespace for the subject.
5310
- # Corresponds to the JSON property `ns`
5311
- # @return [String]
5312
- attr_accessor :ns
5313
-
5314
- def initialize(**args)
5315
- update!(**args)
5316
- end
5317
-
5318
- # Update properties of this object
5319
- def update!(**args)
5320
- @kind = args[:kind] if args.key?(:kind)
5321
- @name = args[:name] if args.key?(:name)
5322
- @ns = args[:ns] if args.key?(:ns)
5323
- end
5324
- end
5325
-
5326
- # Refers to common vulnerability fields e.g. cve, cvss, cwe etc.
5327
- class GoogleCloudSecuritycenterV2Vulnerability
5328
- include Google::Apis::Core::Hashable
5329
-
5330
- # CVE stands for Common Vulnerabilities and Exposures. More information: https://
5331
- # cve.mitre.org
5332
- # Corresponds to the JSON property `cve`
5333
- # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Cve]
5334
- attr_accessor :cve
5335
-
5336
- def initialize(**args)
5337
- update!(**args)
5338
- end
5339
-
5340
- # Update properties of this object
5341
- def update!(**args)
5342
- @cve = args[:cve] if args.key?(:cve)
5343
- end
5344
- end
5345
-
5346
- # A signature corresponding to a YARA rule.
5347
- class GoogleCloudSecuritycenterV2YaraRuleSignature
5348
- include Google::Apis::Core::Hashable
5349
-
5350
- # The name of the YARA rule.
5351
- # Corresponds to the JSON property `yaraRule`
5352
- # @return [String]
5353
- attr_accessor :yara_rule
5354
-
5355
- def initialize(**args)
5356
- update!(**args)
5357
- end
5358
-
5359
- # Update properties of this object
5360
- def update!(**args)
5361
- @yara_rule = args[:yara_rule] if args.key?(:yara_rule)
5362
- end
5363
- end
5364
-
5365
- # Represents a particular IAM binding, which captures a member's role addition,
5366
- # removal, or state.
5367
- class IamBinding
5368
- include Google::Apis::Core::Hashable
5369
-
5370
- # The action that was performed on a Binding.
5371
- # Corresponds to the JSON property `action`
5372
- # @return [String]
5373
- attr_accessor :action
5374
-
5375
- # A single identity requesting access for a Cloud Platform resource, for example,
5376
- # "foo@google.com".
5377
- # Corresponds to the JSON property `member`
5378
- # @return [String]
5379
- attr_accessor :member
5380
-
5381
- # Role that is assigned to "members". For example, "roles/viewer", "roles/editor"
5382
- # , or "roles/owner".
5383
- # Corresponds to the JSON property `role`
5384
- # @return [String]
5385
- attr_accessor :role
5386
-
5387
- def initialize(**args)
5388
- update!(**args)
5389
- end
5390
-
5391
- # Update properties of this object
5392
- def update!(**args)
5393
- @action = args[:action] if args.key?(:action)
5394
- @member = args[:member] if args.key?(:member)
5395
- @role = args[:role] if args.key?(:role)
5396
- end
5397
- end
5398
-
5399
- # Represents what's commonly known as an _indicator of compromise_ (IoC) in
5400
- # computer forensics. This is an artifact observed on a network or in an
5401
- # operating system that, with high confidence, indicates a computer intrusion.
5402
- # For more information, see [Indicator of compromise](https://en.wikipedia.org/
5403
- # wiki/Indicator_of_compromise).
5404
- class Indicator
5405
- include Google::Apis::Core::Hashable
5406
-
5407
- # List of domains associated to the Finding.
5408
- # Corresponds to the JSON property `domains`
5409
- # @return [Array<String>]
5410
- attr_accessor :domains
5411
-
5412
- # The list of IP addresses that are associated with the finding.
5413
- # Corresponds to the JSON property `ipAddresses`
5414
- # @return [Array<String>]
5415
- attr_accessor :ip_addresses
5416
-
5417
- # The list of matched signatures indicating that the given process is present in
5418
- # the environment.
5419
- # Corresponds to the JSON property `signatures`
5420
- # @return [Array<Google::Apis::SecuritycenterV1beta2::ProcessSignature>]
5421
- attr_accessor :signatures
5422
-
5423
- # The list of URIs associated to the Findings.
5424
- # Corresponds to the JSON property `uris`
5425
- # @return [Array<String>]
5426
- attr_accessor :uris
5427
-
5428
- def initialize(**args)
5429
- update!(**args)
5430
- end
5431
-
5432
- # Update properties of this object
5433
- def update!(**args)
5434
- @domains = args[:domains] if args.key?(:domains)
5435
- @ip_addresses = args[:ip_addresses] if args.key?(:ip_addresses)
5436
- @signatures = args[:signatures] if args.key?(:signatures)
5437
- @uris = args[:uris] if args.key?(:uris)
5438
- end
5439
- end
5440
-
5441
- # Kernel mode rootkit signatures.
5442
- class KernelRootkit
5443
- include Google::Apis::Core::Hashable
5444
-
5445
- # Rootkit name, when available.
5446
- # Corresponds to the JSON property `name`
5447
- # @return [String]
5448
- attr_accessor :name
5449
-
5450
- # True if unexpected modifications of kernel code memory are present.
5451
- # Corresponds to the JSON property `unexpectedCodeModification`
5452
- # @return [Boolean]
5453
- attr_accessor :unexpected_code_modification
5454
- alias_method :unexpected_code_modification?, :unexpected_code_modification
2808
+ # True if unexpected modifications of kernel code memory are present.
2809
+ # Corresponds to the JSON property `unexpectedCodeModification`
2810
+ # @return [Boolean]
2811
+ attr_accessor :unexpected_code_modification
2812
+ alias_method :unexpected_code_modification?, :unexpected_code_modification
5455
2813
 
5456
2814
  # True if `ftrace` points are present with callbacks pointing to regions that
5457
2815
  # are not in the expected kernel or module code range.
@@ -5839,6 +3197,43 @@ module Google
5839
3197
  end
5840
3198
  end
5841
3199
 
3200
+ # Package is a generic definition of a package.
3201
+ class Package
3202
+ include Google::Apis::Core::Hashable
3203
+
3204
+ # The CPE URI where the vulnerability was detected.
3205
+ # Corresponds to the JSON property `cpeUri`
3206
+ # @return [String]
3207
+ attr_accessor :cpe_uri
3208
+
3209
+ # The name of the package where the vulnerability was detected.
3210
+ # Corresponds to the JSON property `packageName`
3211
+ # @return [String]
3212
+ attr_accessor :package_name
3213
+
3214
+ # Type of package, for example, os, maven, or go.
3215
+ # Corresponds to the JSON property `packageType`
3216
+ # @return [String]
3217
+ attr_accessor :package_type
3218
+
3219
+ # The version of the package.
3220
+ # Corresponds to the JSON property `packageVersion`
3221
+ # @return [String]
3222
+ attr_accessor :package_version
3223
+
3224
+ def initialize(**args)
3225
+ update!(**args)
3226
+ end
3227
+
3228
+ # Update properties of this object
3229
+ def update!(**args)
3230
+ @cpe_uri = args[:cpe_uri] if args.key?(:cpe_uri)
3231
+ @package_name = args[:package_name] if args.key?(:package_name)
3232
+ @package_type = args[:package_type] if args.key?(:package_type)
3233
+ @package_version = args[:package_version] if args.key?(:package_version)
3234
+ end
3235
+ end
3236
+
5842
3237
  # A Kubernetes Pod.
5843
3238
  class Pod
5844
3239
  include Google::Apis::Core::Hashable
@@ -5963,6 +3358,11 @@ module Google
5963
3358
  # @return [Google::Apis::SecuritycenterV1beta2::MemoryHashSignature]
5964
3359
  attr_accessor :memory_hash_signature
5965
3360
 
3361
+ # Describes the type of resource associated with the signature.
3362
+ # Corresponds to the JSON property `signatureType`
3363
+ # @return [String]
3364
+ attr_accessor :signature_type
3365
+
5966
3366
  # A signature corresponding to a YARA rule.
5967
3367
  # Corresponds to the JSON property `yaraRuleSignature`
5968
3368
  # @return [Google::Apis::SecuritycenterV1beta2::YaraRuleSignature]
@@ -5975,6 +3375,7 @@ module Google
5975
3375
  # Update properties of this object
5976
3376
  def update!(**args)
5977
3377
  @memory_hash_signature = args[:memory_hash_signature] if args.key?(:memory_hash_signature)
3378
+ @signature_type = args[:signature_type] if args.key?(:signature_type)
5978
3379
  @yara_rule_signature = args[:yara_rule_signature] if args.key?(:yara_rule_signature)
5979
3380
  end
5980
3381
  end
@@ -6079,6 +3480,38 @@ module Google
6079
3480
  end
6080
3481
  end
6081
3482
 
3483
+ # SecurityBulletin are notifications of vulnerabilities of Google products.
3484
+ class SecurityBulletin
3485
+ include Google::Apis::Core::Hashable
3486
+
3487
+ # ID of the bulletin corresponding to the vulnerability.
3488
+ # Corresponds to the JSON property `bulletinId`
3489
+ # @return [String]
3490
+ attr_accessor :bulletin_id
3491
+
3492
+ # Submission time of this Security Bulletin.
3493
+ # Corresponds to the JSON property `submissionTime`
3494
+ # @return [String]
3495
+ attr_accessor :submission_time
3496
+
3497
+ # This represents a version that the cluster receiving this notification should
3498
+ # be upgraded to, based on its current version. For example, 1.15.0
3499
+ # Corresponds to the JSON property `suggestedUpgradeVersion`
3500
+ # @return [String]
3501
+ attr_accessor :suggested_upgrade_version
3502
+
3503
+ def initialize(**args)
3504
+ update!(**args)
3505
+ end
3506
+
3507
+ # Update properties of this object
3508
+ def update!(**args)
3509
+ @bulletin_id = args[:bulletin_id] if args.key?(:bulletin_id)
3510
+ @submission_time = args[:submission_time] if args.key?(:submission_time)
3511
+ @suggested_upgrade_version = args[:suggested_upgrade_version] if args.key?(:suggested_upgrade_version)
3512
+ end
3513
+ end
3514
+
6082
3515
  # Resource capturing the settings for Security Center. Next ID: 12
6083
3516
  class SecurityCenterSettings
6084
3517
  include Google::Apis::Core::Hashable
@@ -6364,6 +3797,56 @@ module Google
6364
3797
  end
6365
3798
  end
6366
3799
 
3800
+ # Information about the ticket, if any, that is being used to track the
3801
+ # resolution of the issue that is identified by this finding.
3802
+ class TicketInfo
3803
+ include Google::Apis::Core::Hashable
3804
+
3805
+ # The assignee of the ticket in the ticket system.
3806
+ # Corresponds to the JSON property `assignee`
3807
+ # @return [String]
3808
+ attr_accessor :assignee
3809
+
3810
+ # The description of the ticket in the ticket system.
3811
+ # Corresponds to the JSON property `description`
3812
+ # @return [String]
3813
+ attr_accessor :description
3814
+
3815
+ # The identifier of the ticket in the ticket system.
3816
+ # Corresponds to the JSON property `id`
3817
+ # @return [String]
3818
+ attr_accessor :id
3819
+
3820
+ # The latest status of the ticket, as reported by the ticket system.
3821
+ # Corresponds to the JSON property `status`
3822
+ # @return [String]
3823
+ attr_accessor :status
3824
+
3825
+ # The time when the ticket was last updated, as reported by the ticket system.
3826
+ # Corresponds to the JSON property `updateTime`
3827
+ # @return [String]
3828
+ attr_accessor :update_time
3829
+
3830
+ # The link to the ticket in the ticket system.
3831
+ # Corresponds to the JSON property `uri`
3832
+ # @return [String]
3833
+ attr_accessor :uri
3834
+
3835
+ def initialize(**args)
3836
+ update!(**args)
3837
+ end
3838
+
3839
+ # Update properties of this object
3840
+ def update!(**args)
3841
+ @assignee = args[:assignee] if args.key?(:assignee)
3842
+ @description = args[:description] if args.key?(:description)
3843
+ @id = args[:id] if args.key?(:id)
3844
+ @status = args[:status] if args.key?(:status)
3845
+ @update_time = args[:update_time] if args.key?(:update_time)
3846
+ @uri = args[:uri] if args.key?(:uri)
3847
+ end
3848
+ end
3849
+
6367
3850
  # Resource capturing the settings for the Virtual Machine Threat Detection
6368
3851
  # service.
6369
3852
  class VirtualMachineThreatDetectionSettings
@@ -6425,6 +3908,21 @@ module Google
6425
3908
  # @return [Google::Apis::SecuritycenterV1beta2::Cve]
6426
3909
  attr_accessor :cve
6427
3910
 
3911
+ # Package is a generic definition of a package.
3912
+ # Corresponds to the JSON property `fixedPackage`
3913
+ # @return [Google::Apis::SecuritycenterV1beta2::Package]
3914
+ attr_accessor :fixed_package
3915
+
3916
+ # Package is a generic definition of a package.
3917
+ # Corresponds to the JSON property `offendingPackage`
3918
+ # @return [Google::Apis::SecuritycenterV1beta2::Package]
3919
+ attr_accessor :offending_package
3920
+
3921
+ # SecurityBulletin are notifications of vulnerabilities of Google products.
3922
+ # Corresponds to the JSON property `securityBulletin`
3923
+ # @return [Google::Apis::SecuritycenterV1beta2::SecurityBulletin]
3924
+ attr_accessor :security_bulletin
3925
+
6428
3926
  def initialize(**args)
6429
3927
  update!(**args)
6430
3928
  end
@@ -6432,6 +3930,9 @@ module Google
6432
3930
  # Update properties of this object
6433
3931
  def update!(**args)
6434
3932
  @cve = args[:cve] if args.key?(:cve)
3933
+ @fixed_package = args[:fixed_package] if args.key?(:fixed_package)
3934
+ @offending_package = args[:offending_package] if args.key?(:offending_package)
3935
+ @security_bulletin = args[:security_bulletin] if args.key?(:security_bulletin)
6435
3936
  end
6436
3937
  end
6437
3938