google-apis-securitycenter_v1beta2 0.63.0 → 0.65.0

Sign up to get free protection for your applications and to get access to all the features.
@@ -518,6 +518,68 @@ module Google
518
518
  end
519
519
  end
520
520
 
521
+ # Result containing the properties and count of a ComplianceSnapshot request.
522
+ class ComplianceSnapshot
523
+ include Google::Apis::Core::Hashable
524
+
525
+ # The category of Findings matching.
526
+ # Corresponds to the JSON property `category`
527
+ # @return [String]
528
+ attr_accessor :category
529
+
530
+ # The compliance standard (ie CIS).
531
+ # Corresponds to the JSON property `complianceStandard`
532
+ # @return [String]
533
+ attr_accessor :compliance_standard
534
+
535
+ # The compliance version (ie 1.3) in CIS 1.3.
536
+ # Corresponds to the JSON property `complianceVersion`
537
+ # @return [String]
538
+ attr_accessor :compliance_version
539
+
540
+ # Total count of findings for the given properties.
541
+ # Corresponds to the JSON property `count`
542
+ # @return [Fixnum]
543
+ attr_accessor :count
544
+
545
+ # The leaf container resource name that is closest to the snapshot.
546
+ # Corresponds to the JSON property `leafContainerResource`
547
+ # @return [String]
548
+ attr_accessor :leaf_container_resource
549
+
550
+ # The compliance snapshot name. Format: //sources//complianceSnapshots/
551
+ # Corresponds to the JSON property `name`
552
+ # @return [String]
553
+ attr_accessor :name
554
+
555
+ # The CRM resource display name that is closest to the snapshot the Findings
556
+ # belong to.
557
+ # Corresponds to the JSON property `projectDisplayName`
558
+ # @return [String]
559
+ attr_accessor :project_display_name
560
+
561
+ # The snapshot time of the snapshot.
562
+ # Corresponds to the JSON property `snapshotTime`
563
+ # @return [String]
564
+ attr_accessor :snapshot_time
565
+
566
+ def initialize(**args)
567
+ update!(**args)
568
+ end
569
+
570
+ # Update properties of this object
571
+ def update!(**args)
572
+ @category = args[:category] if args.key?(:category)
573
+ @compliance_standard = args[:compliance_standard] if args.key?(:compliance_standard)
574
+ @compliance_version = args[:compliance_version] if args.key?(:compliance_version)
575
+ @count = args[:count] if args.key?(:count)
576
+ @leaf_container_resource = args[:leaf_container_resource] if args.key?(:leaf_container_resource)
577
+ @name = args[:name] if args.key?(:name)
578
+ @project_display_name = args[:project_display_name] if args.key?(:project_display_name)
579
+ @snapshot_time = args[:snapshot_time] if args.key?(:snapshot_time)
580
+ end
581
+ end
582
+
521
583
  # Configuration of a module.
522
584
  class Config
523
585
  include Google::Apis::Core::Hashable
@@ -734,11 +796,27 @@ module Google
734
796
  # @return [Google::Apis::SecuritycenterV1beta2::Cvssv3]
735
797
  attr_accessor :cvssv3
736
798
 
799
+ # The exploitation activity of the vulnerability in the wild.
800
+ # Corresponds to the JSON property `exploitationActivity`
801
+ # @return [String]
802
+ attr_accessor :exploitation_activity
803
+
737
804
  # The unique identifier for the vulnerability. e.g. CVE-2021-34527
738
805
  # Corresponds to the JSON property `id`
739
806
  # @return [String]
740
807
  attr_accessor :id
741
808
 
809
+ # The potential impact of the vulnerability if it was to be exploited.
810
+ # Corresponds to the JSON property `impact`
811
+ # @return [String]
812
+ attr_accessor :impact
813
+
814
+ # Whether or not the vulnerability has been observed in the wild.
815
+ # Corresponds to the JSON property `observedInTheWild`
816
+ # @return [Boolean]
817
+ attr_accessor :observed_in_the_wild
818
+ alias_method :observed_in_the_wild?, :observed_in_the_wild
819
+
742
820
  # Additional information about the CVE. e.g. https://cve.mitre.org/cgi-bin/
743
821
  # cvename.cgi?name=CVE-2021-34527
744
822
  # Corresponds to the JSON property `references`
@@ -751,6 +829,12 @@ module Google
751
829
  attr_accessor :upstream_fix_available
752
830
  alias_method :upstream_fix_available?, :upstream_fix_available
753
831
 
832
+ # Whether or not the vulnerability was zero day when the finding was published.
833
+ # Corresponds to the JSON property `zeroDay`
834
+ # @return [Boolean]
835
+ attr_accessor :zero_day
836
+ alias_method :zero_day?, :zero_day
837
+
754
838
  def initialize(**args)
755
839
  update!(**args)
756
840
  end
@@ -758,9 +842,13 @@ module Google
758
842
  # Update properties of this object
759
843
  def update!(**args)
760
844
  @cvssv3 = args[:cvssv3] if args.key?(:cvssv3)
845
+ @exploitation_activity = args[:exploitation_activity] if args.key?(:exploitation_activity)
761
846
  @id = args[:id] if args.key?(:id)
847
+ @impact = args[:impact] if args.key?(:impact)
848
+ @observed_in_the_wild = args[:observed_in_the_wild] if args.key?(:observed_in_the_wild)
762
849
  @references = args[:references] if args.key?(:references)
763
850
  @upstream_fix_available = args[:upstream_fix_available] if args.key?(:upstream_fix_available)
851
+ @zero_day = args[:zero_day] if args.key?(:zero_day)
764
852
  end
765
853
  end
766
854
 
@@ -2757,6 +2845,2970 @@ module Google
2757
2845
  end
2758
2846
  end
2759
2847
 
2848
+ # Represents an access event.
2849
+ class GoogleCloudSecuritycenterV2Access
2850
+ include Google::Apis::Core::Hashable
2851
+
2852
+ # Caller's IP address, such as "1.1.1.1".
2853
+ # Corresponds to the JSON property `callerIp`
2854
+ # @return [String]
2855
+ attr_accessor :caller_ip
2856
+
2857
+ # Represents a geographical location for a given access.
2858
+ # Corresponds to the JSON property `callerIpGeo`
2859
+ # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Geolocation]
2860
+ attr_accessor :caller_ip_geo
2861
+
2862
+ # The method that the service account called, e.g. "SetIamPolicy".
2863
+ # Corresponds to the JSON property `methodName`
2864
+ # @return [String]
2865
+ attr_accessor :method_name
2866
+
2867
+ # Associated email, such as "foo@google.com". The email address of the
2868
+ # authenticated user or a service account acting on behalf of a third party
2869
+ # principal making the request. For third party identity callers, the `
2870
+ # principal_subject` field is populated instead of this field. For privacy
2871
+ # reasons, the principal email address is sometimes redacted. For more
2872
+ # information, see [Caller identities in audit logs](https://cloud.google.com/
2873
+ # logging/docs/audit#user-id).
2874
+ # Corresponds to the JSON property `principalEmail`
2875
+ # @return [String]
2876
+ attr_accessor :principal_email
2877
+
2878
+ # A string that represents the principal_subject that is associated with the
2879
+ # identity. Unlike `principal_email`, `principal_subject` supports principals
2880
+ # that aren't associated with email addresses, such as third party principals.
2881
+ # For most identities, the format is `principal://iam.googleapis.com/`identity
2882
+ # pool name`/subject/`subject``. Some GKE identities, such as GKE_WORKLOAD,
2883
+ # FREEFORM, and GKE_HUB_WORKLOAD, still use the legacy format `serviceAccount:`
2884
+ # identity pool name`[`subject`]`.
2885
+ # Corresponds to the JSON property `principalSubject`
2886
+ # @return [String]
2887
+ attr_accessor :principal_subject
2888
+
2889
+ # The identity delegation history of an authenticated service account that made
2890
+ # the request. The `serviceAccountDelegationInfo[]` object contains information
2891
+ # about the real authorities that try to access Google Cloud resources by
2892
+ # delegating on a service account. When multiple authorities are present, they
2893
+ # are guaranteed to be sorted based on the original ordering of the identity
2894
+ # delegation events.
2895
+ # Corresponds to the JSON property `serviceAccountDelegationInfo`
2896
+ # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2ServiceAccountDelegationInfo>]
2897
+ attr_accessor :service_account_delegation_info
2898
+
2899
+ # The name of the service account key that was used to create or exchange
2900
+ # credentials when authenticating the service account that made the request.
2901
+ # This is a scheme-less URI full resource name. For example: "//iam.googleapis.
2902
+ # com/projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT`/keys/`key`".
2903
+ # Corresponds to the JSON property `serviceAccountKeyName`
2904
+ # @return [String]
2905
+ attr_accessor :service_account_key_name
2906
+
2907
+ # This is the API service that the service account made a call to, e.g. "iam.
2908
+ # googleapis.com"
2909
+ # Corresponds to the JSON property `serviceName`
2910
+ # @return [String]
2911
+ attr_accessor :service_name
2912
+
2913
+ # The caller's user agent string associated with the finding.
2914
+ # Corresponds to the JSON property `userAgent`
2915
+ # @return [String]
2916
+ attr_accessor :user_agent
2917
+
2918
+ # Type of user agent associated with the finding. For example, an operating
2919
+ # system shell or an embedded or standalone application.
2920
+ # Corresponds to the JSON property `userAgentFamily`
2921
+ # @return [String]
2922
+ attr_accessor :user_agent_family
2923
+
2924
+ # A string that represents a username. The username provided depends on the type
2925
+ # of the finding and is likely not an IAM principal. For example, this can be a
2926
+ # system username if the finding is related to a virtual machine, or it can be
2927
+ # an application login username.
2928
+ # Corresponds to the JSON property `userName`
2929
+ # @return [String]
2930
+ attr_accessor :user_name
2931
+
2932
+ def initialize(**args)
2933
+ update!(**args)
2934
+ end
2935
+
2936
+ # Update properties of this object
2937
+ def update!(**args)
2938
+ @caller_ip = args[:caller_ip] if args.key?(:caller_ip)
2939
+ @caller_ip_geo = args[:caller_ip_geo] if args.key?(:caller_ip_geo)
2940
+ @method_name = args[:method_name] if args.key?(:method_name)
2941
+ @principal_email = args[:principal_email] if args.key?(:principal_email)
2942
+ @principal_subject = args[:principal_subject] if args.key?(:principal_subject)
2943
+ @service_account_delegation_info = args[:service_account_delegation_info] if args.key?(:service_account_delegation_info)
2944
+ @service_account_key_name = args[:service_account_key_name] if args.key?(:service_account_key_name)
2945
+ @service_name = args[:service_name] if args.key?(:service_name)
2946
+ @user_agent = args[:user_agent] if args.key?(:user_agent)
2947
+ @user_agent_family = args[:user_agent_family] if args.key?(:user_agent_family)
2948
+ @user_name = args[:user_name] if args.key?(:user_name)
2949
+ end
2950
+ end
2951
+
2952
+ # Conveys information about a Kubernetes access review (such as one returned by
2953
+ # a [`kubectl auth can-i`](https://kubernetes.io/docs/reference/access-authn-
2954
+ # authz/authorization/#checking-api-access) command) that was involved in a
2955
+ # finding.
2956
+ class GoogleCloudSecuritycenterV2AccessReview
2957
+ include Google::Apis::Core::Hashable
2958
+
2959
+ # The API group of the resource. "*" means all.
2960
+ # Corresponds to the JSON property `group`
2961
+ # @return [String]
2962
+ attr_accessor :group
2963
+
2964
+ # The name of the resource being requested. Empty means all.
2965
+ # Corresponds to the JSON property `name`
2966
+ # @return [String]
2967
+ attr_accessor :name
2968
+
2969
+ # Namespace of the action being requested. Currently, there is no distinction
2970
+ # between no namespace and all namespaces. Both are represented by "" (empty).
2971
+ # Corresponds to the JSON property `ns`
2972
+ # @return [String]
2973
+ attr_accessor :ns
2974
+
2975
+ # The optional resource type requested. "*" means all.
2976
+ # Corresponds to the JSON property `resource`
2977
+ # @return [String]
2978
+ attr_accessor :resource
2979
+
2980
+ # The optional subresource type.
2981
+ # Corresponds to the JSON property `subresource`
2982
+ # @return [String]
2983
+ attr_accessor :subresource
2984
+
2985
+ # A Kubernetes resource API verb, like get, list, watch, create, update, delete,
2986
+ # proxy. "*" means all.
2987
+ # Corresponds to the JSON property `verb`
2988
+ # @return [String]
2989
+ attr_accessor :verb
2990
+
2991
+ # The API version of the resource. "*" means all.
2992
+ # Corresponds to the JSON property `version`
2993
+ # @return [String]
2994
+ attr_accessor :version
2995
+
2996
+ def initialize(**args)
2997
+ update!(**args)
2998
+ end
2999
+
3000
+ # Update properties of this object
3001
+ def update!(**args)
3002
+ @group = args[:group] if args.key?(:group)
3003
+ @name = args[:name] if args.key?(:name)
3004
+ @ns = args[:ns] if args.key?(:ns)
3005
+ @resource = args[:resource] if args.key?(:resource)
3006
+ @subresource = args[:subresource] if args.key?(:subresource)
3007
+ @verb = args[:verb] if args.key?(:verb)
3008
+ @version = args[:version] if args.key?(:version)
3009
+ end
3010
+ end
3011
+
3012
+ # Represents an application associated with a finding.
3013
+ class GoogleCloudSecuritycenterV2Application
3014
+ include Google::Apis::Core::Hashable
3015
+
3016
+ # The base URI that identifies the network location of the application in which
3017
+ # the vulnerability was detected. Examples: http://11.22.33.44, http://foo.com,
3018
+ # http://11.22.33.44:8080
3019
+ # Corresponds to the JSON property `baseUri`
3020
+ # @return [String]
3021
+ attr_accessor :base_uri
3022
+
3023
+ # The full URI with payload that could be used to reproduce the vulnerability.
3024
+ # Example: http://11.22.33.44/reflected/parameter/attribute/singlequoted/js?p=
3025
+ # aMmYgI6H
3026
+ # Corresponds to the JSON property `fullUri`
3027
+ # @return [String]
3028
+ attr_accessor :full_uri
3029
+
3030
+ def initialize(**args)
3031
+ update!(**args)
3032
+ end
3033
+
3034
+ # Update properties of this object
3035
+ def update!(**args)
3036
+ @base_uri = args[:base_uri] if args.key?(:base_uri)
3037
+ @full_uri = args[:full_uri] if args.key?(:full_uri)
3038
+ end
3039
+ end
3040
+
3041
+ # An attack exposure contains the results of an attack path simulation run.
3042
+ class GoogleCloudSecuritycenterV2AttackExposure
3043
+ include Google::Apis::Core::Hashable
3044
+
3045
+ # The resource name of the attack path simulation result that contains the
3046
+ # details regarding this attack exposure score. Example: organizations/123/
3047
+ # simulations/456/attackExposureResults/789
3048
+ # Corresponds to the JSON property `attackExposureResult`
3049
+ # @return [String]
3050
+ attr_accessor :attack_exposure_result
3051
+
3052
+ # The number of high value resources that are exposed as a result of this
3053
+ # finding.
3054
+ # Corresponds to the JSON property `exposedHighValueResourcesCount`
3055
+ # @return [Fixnum]
3056
+ attr_accessor :exposed_high_value_resources_count
3057
+
3058
+ # The number of high value resources that are exposed as a result of this
3059
+ # finding.
3060
+ # Corresponds to the JSON property `exposedLowValueResourcesCount`
3061
+ # @return [Fixnum]
3062
+ attr_accessor :exposed_low_value_resources_count
3063
+
3064
+ # The number of medium value resources that are exposed as a result of this
3065
+ # finding.
3066
+ # Corresponds to the JSON property `exposedMediumValueResourcesCount`
3067
+ # @return [Fixnum]
3068
+ attr_accessor :exposed_medium_value_resources_count
3069
+
3070
+ # The most recent time the attack exposure was updated on this finding.
3071
+ # Corresponds to the JSON property `latestCalculationTime`
3072
+ # @return [String]
3073
+ attr_accessor :latest_calculation_time
3074
+
3075
+ # A number between 0 (inclusive) and infinity that represents how important this
3076
+ # finding is to remediate. The higher the score, the more important it is to
3077
+ # remediate.
3078
+ # Corresponds to the JSON property `score`
3079
+ # @return [Float]
3080
+ attr_accessor :score
3081
+
3082
+ # Output only. What state this AttackExposure is in. This captures whether or
3083
+ # not an attack exposure has been calculated or not.
3084
+ # Corresponds to the JSON property `state`
3085
+ # @return [String]
3086
+ attr_accessor :state
3087
+
3088
+ def initialize(**args)
3089
+ update!(**args)
3090
+ end
3091
+
3092
+ # Update properties of this object
3093
+ def update!(**args)
3094
+ @attack_exposure_result = args[:attack_exposure_result] if args.key?(:attack_exposure_result)
3095
+ @exposed_high_value_resources_count = args[:exposed_high_value_resources_count] if args.key?(:exposed_high_value_resources_count)
3096
+ @exposed_low_value_resources_count = args[:exposed_low_value_resources_count] if args.key?(:exposed_low_value_resources_count)
3097
+ @exposed_medium_value_resources_count = args[:exposed_medium_value_resources_count] if args.key?(:exposed_medium_value_resources_count)
3098
+ @latest_calculation_time = args[:latest_calculation_time] if args.key?(:latest_calculation_time)
3099
+ @score = args[:score] if args.key?(:score)
3100
+ @state = args[:state] if args.key?(:state)
3101
+ end
3102
+ end
3103
+
3104
+ # Information related to Google Cloud Backup and DR Service findings.
3105
+ class GoogleCloudSecuritycenterV2BackupDisasterRecovery
3106
+ include Google::Apis::Core::Hashable
3107
+
3108
+ # The name of the Backup and DR appliance that captures, moves, and manages the
3109
+ # lifecycle of backup data. For example, “backup-server-57137”.
3110
+ # Corresponds to the JSON property `appliance`
3111
+ # @return [String]
3112
+ attr_accessor :appliance
3113
+
3114
+ # The names of Backup and DR applications. An application is a VM, database, or
3115
+ # file system on a managed host monitored by a backup and recovery appliance.
3116
+ # For example, “centos7-01-vol00”, “centos7-01-vol01”, “centos7-01-vol02”.
3117
+ # Corresponds to the JSON property `applications`
3118
+ # @return [Array<String>]
3119
+ attr_accessor :applications
3120
+
3121
+ # The timestamp at which the Backup and DR backup was created.
3122
+ # Corresponds to the JSON property `backupCreateTime`
3123
+ # @return [String]
3124
+ attr_accessor :backup_create_time
3125
+
3126
+ # The name of a Backup and DR template which comprises one or more backup
3127
+ # policies. See the [Backup and DR documentation](https://cloud.google.com/
3128
+ # backup-disaster-recovery/docs/concepts/backup-plan#temp) for more information.
3129
+ # For example, “snap-ov”.
3130
+ # Corresponds to the JSON property `backupTemplate`
3131
+ # @return [String]
3132
+ attr_accessor :backup_template
3133
+
3134
+ # The backup type of the Backup and DR image. For example, “Snapshot”, “Remote
3135
+ # Snapshot”, “OnVault”.
3136
+ # Corresponds to the JSON property `backupType`
3137
+ # @return [String]
3138
+ attr_accessor :backup_type
3139
+
3140
+ # The name of a Backup and DR host, which is managed by the backup and recovery
3141
+ # appliance and known to the management console. The host can be of type Generic
3142
+ # (for example, Compute Engine, SQL Server, Oracle DB, SMB file system, etc.),
3143
+ # vCenter, or an ESX server. See the [Backup and DR documentation on hosts](
3144
+ # https://cloud.google.com/backup-disaster-recovery/docs/configuration/manage-
3145
+ # hosts-and-their-applications) for more information. For example, “centos7-01”.
3146
+ # Corresponds to the JSON property `host`
3147
+ # @return [String]
3148
+ attr_accessor :host
3149
+
3150
+ # The names of Backup and DR policies that are associated with a template and
3151
+ # that define when to run a backup, how frequently to run a backup, and how long
3152
+ # to retain the backup image. For example, “onvaults”.
3153
+ # Corresponds to the JSON property `policies`
3154
+ # @return [Array<String>]
3155
+ attr_accessor :policies
3156
+
3157
+ # The names of Backup and DR advanced policy options of a policy applying to an
3158
+ # application. See the [Backup and DR documentation on policy options](https://
3159
+ # cloud.google.com/backup-disaster-recovery/docs/create-plan/policy-settings).
3160
+ # For example, “skipofflineappsincongrp, nounmap”.
3161
+ # Corresponds to the JSON property `policyOptions`
3162
+ # @return [Array<String>]
3163
+ attr_accessor :policy_options
3164
+
3165
+ # The name of the Backup and DR resource profile that specifies the storage
3166
+ # media for backups of application and VM data. See the [Backup and DR
3167
+ # documentation on profiles](https://cloud.google.com/backup-disaster-recovery/
3168
+ # docs/concepts/backup-plan#profile). For example, “GCP”.
3169
+ # Corresponds to the JSON property `profile`
3170
+ # @return [String]
3171
+ attr_accessor :profile
3172
+
3173
+ # The name of the Backup and DR storage pool that the backup and recovery
3174
+ # appliance is storing data in. The storage pool could be of type Cloud, Primary,
3175
+ # Snapshot, or OnVault. See the [Backup and DR documentation on storage pools](
3176
+ # https://cloud.google.com/backup-disaster-recovery/docs/concepts/storage-pools).
3177
+ # For example, “DiskPoolOne”.
3178
+ # Corresponds to the JSON property `storagePool`
3179
+ # @return [String]
3180
+ attr_accessor :storage_pool
3181
+
3182
+ def initialize(**args)
3183
+ update!(**args)
3184
+ end
3185
+
3186
+ # Update properties of this object
3187
+ def update!(**args)
3188
+ @appliance = args[:appliance] if args.key?(:appliance)
3189
+ @applications = args[:applications] if args.key?(:applications)
3190
+ @backup_create_time = args[:backup_create_time] if args.key?(:backup_create_time)
3191
+ @backup_template = args[:backup_template] if args.key?(:backup_template)
3192
+ @backup_type = args[:backup_type] if args.key?(:backup_type)
3193
+ @host = args[:host] if args.key?(:host)
3194
+ @policies = args[:policies] if args.key?(:policies)
3195
+ @policy_options = args[:policy_options] if args.key?(:policy_options)
3196
+ @profile = args[:profile] if args.key?(:profile)
3197
+ @storage_pool = args[:storage_pool] if args.key?(:storage_pool)
3198
+ end
3199
+ end
3200
+
3201
+ # Configures how to deliver Findings to BigQuery Instance.
3202
+ class GoogleCloudSecuritycenterV2BigQueryExport
3203
+ include Google::Apis::Core::Hashable
3204
+
3205
+ # Output only. The time at which the BigQuery export was created. This field is
3206
+ # set by the server and will be ignored if provided on export on creation.
3207
+ # Corresponds to the JSON property `createTime`
3208
+ # @return [String]
3209
+ attr_accessor :create_time
3210
+
3211
+ # The dataset to write findings' updates to. Its format is "projects/[project_id]
3212
+ # /datasets/[bigquery_dataset_id]". BigQuery Dataset unique ID must contain only
3213
+ # letters (a-z, A-Z), numbers (0-9), or underscores (_).
3214
+ # Corresponds to the JSON property `dataset`
3215
+ # @return [String]
3216
+ attr_accessor :dataset
3217
+
3218
+ # The description of the export (max of 1024 characters).
3219
+ # Corresponds to the JSON property `description`
3220
+ # @return [String]
3221
+ attr_accessor :description
3222
+
3223
+ # Expression that defines the filter to apply across create/update events of
3224
+ # findings. The expression is a list of zero or more restrictions combined via
3225
+ # logical operators `AND` and `OR`. Parentheses are supported, and `OR` has
3226
+ # higher precedence than `AND`. Restrictions have the form ` ` and may have a `-`
3227
+ # character in front of them to indicate negation. The fields map to those
3228
+ # defined in the corresponding resource. The supported operators are: * `=` for
3229
+ # all value types. * `>`, `<`, `>=`, `<=` for integer values. * `:`, meaning
3230
+ # substring matching, for strings. The supported value types are: * string
3231
+ # literals in quotes. * integer literals without quotes. * boolean literals `
3232
+ # true` and `false` without quotes.
3233
+ # Corresponds to the JSON property `filter`
3234
+ # @return [String]
3235
+ attr_accessor :filter
3236
+
3237
+ # Output only. Email address of the user who last edited the BigQuery export.
3238
+ # This field is set by the server and will be ignored if provided on export
3239
+ # creation or update.
3240
+ # Corresponds to the JSON property `mostRecentEditor`
3241
+ # @return [String]
3242
+ attr_accessor :most_recent_editor
3243
+
3244
+ # The relative resource name of this export. See: https://cloud.google.com/apis/
3245
+ # design/resource_names#relative_resource_name. The following list shows some
3246
+ # examples: + `organizations/`organization_id`/locations/`location_id`/
3247
+ # bigQueryExports/`export_id`` + `folders/`folder_id`/locations/`location_id`/
3248
+ # bigQueryExports/`export_id`` + `projects/`project_id`/locations/`location_id`/
3249
+ # bigQueryExports/`export_id`` This field is provided in responses, and is
3250
+ # ignored when provided in create requests.
3251
+ # Corresponds to the JSON property `name`
3252
+ # @return [String]
3253
+ attr_accessor :name
3254
+
3255
+ # Output only. The service account that needs permission to create table and
3256
+ # upload data to the BigQuery dataset.
3257
+ # Corresponds to the JSON property `principal`
3258
+ # @return [String]
3259
+ attr_accessor :principal
3260
+
3261
+ # Output only. The most recent time at which the BigQuery export was updated.
3262
+ # This field is set by the server and will be ignored if provided on export
3263
+ # creation or update.
3264
+ # Corresponds to the JSON property `updateTime`
3265
+ # @return [String]
3266
+ attr_accessor :update_time
3267
+
3268
+ def initialize(**args)
3269
+ update!(**args)
3270
+ end
3271
+
3272
+ # Update properties of this object
3273
+ def update!(**args)
3274
+ @create_time = args[:create_time] if args.key?(:create_time)
3275
+ @dataset = args[:dataset] if args.key?(:dataset)
3276
+ @description = args[:description] if args.key?(:description)
3277
+ @filter = args[:filter] if args.key?(:filter)
3278
+ @most_recent_editor = args[:most_recent_editor] if args.key?(:most_recent_editor)
3279
+ @name = args[:name] if args.key?(:name)
3280
+ @principal = args[:principal] if args.key?(:principal)
3281
+ @update_time = args[:update_time] if args.key?(:update_time)
3282
+ end
3283
+ end
3284
+
3285
+ # Represents a Kubernetes RoleBinding or ClusterRoleBinding.
3286
+ class GoogleCloudSecuritycenterV2Binding
3287
+ include Google::Apis::Core::Hashable
3288
+
3289
+ # Name for the binding.
3290
+ # Corresponds to the JSON property `name`
3291
+ # @return [String]
3292
+ attr_accessor :name
3293
+
3294
+ # Namespace for the binding.
3295
+ # Corresponds to the JSON property `ns`
3296
+ # @return [String]
3297
+ attr_accessor :ns
3298
+
3299
+ # Kubernetes Role or ClusterRole.
3300
+ # Corresponds to the JSON property `role`
3301
+ # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Role]
3302
+ attr_accessor :role
3303
+
3304
+ # Represents one or more subjects that are bound to the role. Not always
3305
+ # available for PATCH requests.
3306
+ # Corresponds to the JSON property `subjects`
3307
+ # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Subject>]
3308
+ attr_accessor :subjects
3309
+
3310
+ def initialize(**args)
3311
+ update!(**args)
3312
+ end
3313
+
3314
+ # Update properties of this object
3315
+ def update!(**args)
3316
+ @name = args[:name] if args.key?(:name)
3317
+ @ns = args[:ns] if args.key?(:ns)
3318
+ @role = args[:role] if args.key?(:role)
3319
+ @subjects = args[:subjects] if args.key?(:subjects)
3320
+ end
3321
+ end
3322
+
3323
+ # The response to a BulkMute request. Contains the LRO information.
3324
+ class GoogleCloudSecuritycenterV2BulkMuteFindingsResponse
3325
+ include Google::Apis::Core::Hashable
3326
+
3327
+ def initialize(**args)
3328
+ update!(**args)
3329
+ end
3330
+
3331
+ # Update properties of this object
3332
+ def update!(**args)
3333
+ end
3334
+ end
3335
+
3336
+ # The [data profile](https://cloud.google.com/dlp/docs/data-profiles) associated
3337
+ # with the finding.
3338
+ class GoogleCloudSecuritycenterV2CloudDlpDataProfile
3339
+ include Google::Apis::Core::Hashable
3340
+
3341
+ # Name of the data profile, for example, `projects/123/locations/europe/
3342
+ # tableProfiles/8383929`.
3343
+ # Corresponds to the JSON property `dataProfile`
3344
+ # @return [String]
3345
+ attr_accessor :data_profile
3346
+
3347
+ # The resource hierarchy level at which the data profile was generated.
3348
+ # Corresponds to the JSON property `parentType`
3349
+ # @return [String]
3350
+ attr_accessor :parent_type
3351
+
3352
+ def initialize(**args)
3353
+ update!(**args)
3354
+ end
3355
+
3356
+ # Update properties of this object
3357
+ def update!(**args)
3358
+ @data_profile = args[:data_profile] if args.key?(:data_profile)
3359
+ @parent_type = args[:parent_type] if args.key?(:parent_type)
3360
+ end
3361
+ end
3362
+
3363
+ # Details about the Cloud Data Loss Prevention (Cloud DLP) [inspection job](
3364
+ # https://cloud.google.com/dlp/docs/concepts-job-triggers) that produced the
3365
+ # finding.
3366
+ class GoogleCloudSecuritycenterV2CloudDlpInspection
3367
+ include Google::Apis::Core::Hashable
3368
+
3369
+ # Whether Cloud DLP scanned the complete resource or a sampled subset.
3370
+ # Corresponds to the JSON property `fullScan`
3371
+ # @return [Boolean]
3372
+ attr_accessor :full_scan
3373
+ alias_method :full_scan?, :full_scan
3374
+
3375
+ # The type of information (or *[infoType](https://cloud.google.com/dlp/docs/
3376
+ # infotypes-reference)*) found, for example, `EMAIL_ADDRESS` or `STREET_ADDRESS`.
3377
+ # Corresponds to the JSON property `infoType`
3378
+ # @return [String]
3379
+ attr_accessor :info_type
3380
+
3381
+ # The number of times Cloud DLP found this infoType within this job and resource.
3382
+ # Corresponds to the JSON property `infoTypeCount`
3383
+ # @return [Fixnum]
3384
+ attr_accessor :info_type_count
3385
+
3386
+ # Name of the inspection job, for example, `projects/123/locations/europe/
3387
+ # dlpJobs/i-8383929`.
3388
+ # Corresponds to the JSON property `inspectJob`
3389
+ # @return [String]
3390
+ attr_accessor :inspect_job
3391
+
3392
+ def initialize(**args)
3393
+ update!(**args)
3394
+ end
3395
+
3396
+ # Update properties of this object
3397
+ def update!(**args)
3398
+ @full_scan = args[:full_scan] if args.key?(:full_scan)
3399
+ @info_type = args[:info_type] if args.key?(:info_type)
3400
+ @info_type_count = args[:info_type_count] if args.key?(:info_type_count)
3401
+ @inspect_job = args[:inspect_job] if args.key?(:inspect_job)
3402
+ end
3403
+ end
3404
+
3405
+ # Metadata taken from a [Cloud Logging LogEntry](https://cloud.google.com/
3406
+ # logging/docs/reference/v2/rest/v2/LogEntry)
3407
+ class GoogleCloudSecuritycenterV2CloudLoggingEntry
3408
+ include Google::Apis::Core::Hashable
3409
+
3410
+ # A unique identifier for the log entry.
3411
+ # Corresponds to the JSON property `insertId`
3412
+ # @return [String]
3413
+ attr_accessor :insert_id
3414
+
3415
+ # The type of the log (part of `log_name`. `log_name` is the resource name of
3416
+ # the log to which this log entry belongs). For example: `cloudresourcemanager.
3417
+ # googleapis.com/activity` Note that this field is not URL-encoded, unlike in `
3418
+ # LogEntry`.
3419
+ # Corresponds to the JSON property `logId`
3420
+ # @return [String]
3421
+ attr_accessor :log_id
3422
+
3423
+ # The organization, folder, or project of the monitored resource that produced
3424
+ # this log entry.
3425
+ # Corresponds to the JSON property `resourceContainer`
3426
+ # @return [String]
3427
+ attr_accessor :resource_container
3428
+
3429
+ # The time the event described by the log entry occurred.
3430
+ # Corresponds to the JSON property `timestamp`
3431
+ # @return [String]
3432
+ attr_accessor :timestamp
3433
+
3434
+ def initialize(**args)
3435
+ update!(**args)
3436
+ end
3437
+
3438
+ # Update properties of this object
3439
+ def update!(**args)
3440
+ @insert_id = args[:insert_id] if args.key?(:insert_id)
3441
+ @log_id = args[:log_id] if args.key?(:log_id)
3442
+ @resource_container = args[:resource_container] if args.key?(:resource_container)
3443
+ @timestamp = args[:timestamp] if args.key?(:timestamp)
3444
+ end
3445
+ end
3446
+
3447
+ # Contains compliance information about a security standard indicating unmet
3448
+ # recommendations.
3449
+ class GoogleCloudSecuritycenterV2Compliance
3450
+ include Google::Apis::Core::Hashable
3451
+
3452
+ # Policies within the standard or benchmark, for example, A.12.4.1
3453
+ # Corresponds to the JSON property `ids`
3454
+ # @return [Array<String>]
3455
+ attr_accessor :ids
3456
+
3457
+ # Industry-wide compliance standards or benchmarks, such as CIS, PCI, and OWASP.
3458
+ # Corresponds to the JSON property `standard`
3459
+ # @return [String]
3460
+ attr_accessor :standard
3461
+
3462
+ # Version of the standard or benchmark, for example, 1.1
3463
+ # Corresponds to the JSON property `version`
3464
+ # @return [String]
3465
+ attr_accessor :version
3466
+
3467
+ def initialize(**args)
3468
+ update!(**args)
3469
+ end
3470
+
3471
+ # Update properties of this object
3472
+ def update!(**args)
3473
+ @ids = args[:ids] if args.key?(:ids)
3474
+ @standard = args[:standard] if args.key?(:standard)
3475
+ @version = args[:version] if args.key?(:version)
3476
+ end
3477
+ end
3478
+
3479
+ # Contains information about the IP connection associated with the finding.
3480
+ class GoogleCloudSecuritycenterV2Connection
3481
+ include Google::Apis::Core::Hashable
3482
+
3483
+ # Destination IP address. Not present for sockets that are listening and not
3484
+ # connected.
3485
+ # Corresponds to the JSON property `destinationIp`
3486
+ # @return [String]
3487
+ attr_accessor :destination_ip
3488
+
3489
+ # Destination port. Not present for sockets that are listening and not connected.
3490
+ # Corresponds to the JSON property `destinationPort`
3491
+ # @return [Fixnum]
3492
+ attr_accessor :destination_port
3493
+
3494
+ # IANA Internet Protocol Number such as TCP(6) and UDP(17).
3495
+ # Corresponds to the JSON property `protocol`
3496
+ # @return [String]
3497
+ attr_accessor :protocol
3498
+
3499
+ # Source IP address.
3500
+ # Corresponds to the JSON property `sourceIp`
3501
+ # @return [String]
3502
+ attr_accessor :source_ip
3503
+
3504
+ # Source port.
3505
+ # Corresponds to the JSON property `sourcePort`
3506
+ # @return [Fixnum]
3507
+ attr_accessor :source_port
3508
+
3509
+ def initialize(**args)
3510
+ update!(**args)
3511
+ end
3512
+
3513
+ # Update properties of this object
3514
+ def update!(**args)
3515
+ @destination_ip = args[:destination_ip] if args.key?(:destination_ip)
3516
+ @destination_port = args[:destination_port] if args.key?(:destination_port)
3517
+ @protocol = args[:protocol] if args.key?(:protocol)
3518
+ @source_ip = args[:source_ip] if args.key?(:source_ip)
3519
+ @source_port = args[:source_port] if args.key?(:source_port)
3520
+ end
3521
+ end
3522
+
3523
+ # The email address of a contact.
3524
+ class GoogleCloudSecuritycenterV2Contact
3525
+ include Google::Apis::Core::Hashable
3526
+
3527
+ # An email address. For example, "`person123@company.com`".
3528
+ # Corresponds to the JSON property `email`
3529
+ # @return [String]
3530
+ attr_accessor :email
3531
+
3532
+ def initialize(**args)
3533
+ update!(**args)
3534
+ end
3535
+
3536
+ # Update properties of this object
3537
+ def update!(**args)
3538
+ @email = args[:email] if args.key?(:email)
3539
+ end
3540
+ end
3541
+
3542
+ # Details about specific contacts
3543
+ class GoogleCloudSecuritycenterV2ContactDetails
3544
+ include Google::Apis::Core::Hashable
3545
+
3546
+ # A list of contacts
3547
+ # Corresponds to the JSON property `contacts`
3548
+ # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Contact>]
3549
+ attr_accessor :contacts
3550
+
3551
+ def initialize(**args)
3552
+ update!(**args)
3553
+ end
3554
+
3555
+ # Update properties of this object
3556
+ def update!(**args)
3557
+ @contacts = args[:contacts] if args.key?(:contacts)
3558
+ end
3559
+ end
3560
+
3561
+ # Container associated with the finding.
3562
+ class GoogleCloudSecuritycenterV2Container
3563
+ include Google::Apis::Core::Hashable
3564
+
3565
+ # The time that the container was created.
3566
+ # Corresponds to the JSON property `createTime`
3567
+ # @return [String]
3568
+ attr_accessor :create_time
3569
+
3570
+ # Optional container image ID, if provided by the container runtime. Uniquely
3571
+ # identifies the container image launched using a container image digest.
3572
+ # Corresponds to the JSON property `imageId`
3573
+ # @return [String]
3574
+ attr_accessor :image_id
3575
+
3576
+ # Container labels, as provided by the container runtime.
3577
+ # Corresponds to the JSON property `labels`
3578
+ # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Label>]
3579
+ attr_accessor :labels
3580
+
3581
+ # Name of the container.
3582
+ # Corresponds to the JSON property `name`
3583
+ # @return [String]
3584
+ attr_accessor :name
3585
+
3586
+ # Container image URI provided when configuring a pod or container. This string
3587
+ # can identify a container image version using mutable tags.
3588
+ # Corresponds to the JSON property `uri`
3589
+ # @return [String]
3590
+ attr_accessor :uri
3591
+
3592
+ def initialize(**args)
3593
+ update!(**args)
3594
+ end
3595
+
3596
+ # Update properties of this object
3597
+ def update!(**args)
3598
+ @create_time = args[:create_time] if args.key?(:create_time)
3599
+ @image_id = args[:image_id] if args.key?(:image_id)
3600
+ @labels = args[:labels] if args.key?(:labels)
3601
+ @name = args[:name] if args.key?(:name)
3602
+ @uri = args[:uri] if args.key?(:uri)
3603
+ end
3604
+ end
3605
+
3606
+ # CVE stands for Common Vulnerabilities and Exposures. Information from the [CVE
3607
+ # record](https://www.cve.org/ResourcesSupport/Glossary) that describes this
3608
+ # vulnerability.
3609
+ class GoogleCloudSecuritycenterV2Cve
3610
+ include Google::Apis::Core::Hashable
3611
+
3612
+ # Common Vulnerability Scoring System version 3.
3613
+ # Corresponds to the JSON property `cvssv3`
3614
+ # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Cvssv3]
3615
+ attr_accessor :cvssv3
3616
+
3617
+ # The exploitation activity of the vulnerability in the wild.
3618
+ # Corresponds to the JSON property `exploitationActivity`
3619
+ # @return [String]
3620
+ attr_accessor :exploitation_activity
3621
+
3622
+ # The unique identifier for the vulnerability. e.g. CVE-2021-34527
3623
+ # Corresponds to the JSON property `id`
3624
+ # @return [String]
3625
+ attr_accessor :id
3626
+
3627
+ # The potential impact of the vulnerability if it was to be exploited.
3628
+ # Corresponds to the JSON property `impact`
3629
+ # @return [String]
3630
+ attr_accessor :impact
3631
+
3632
+ # Whether or not the vulnerability has been observed in the wild.
3633
+ # Corresponds to the JSON property `observedInTheWild`
3634
+ # @return [Boolean]
3635
+ attr_accessor :observed_in_the_wild
3636
+ alias_method :observed_in_the_wild?, :observed_in_the_wild
3637
+
3638
+ # Additional information about the CVE. e.g. https://cve.mitre.org/cgi-bin/
3639
+ # cvename.cgi?name=CVE-2021-34527
3640
+ # Corresponds to the JSON property `references`
3641
+ # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Reference>]
3642
+ attr_accessor :references
3643
+
3644
+ # Whether upstream fix is available for the CVE.
3645
+ # Corresponds to the JSON property `upstreamFixAvailable`
3646
+ # @return [Boolean]
3647
+ attr_accessor :upstream_fix_available
3648
+ alias_method :upstream_fix_available?, :upstream_fix_available
3649
+
3650
+ # Whether or not the vulnerability was zero day when the finding was published.
3651
+ # Corresponds to the JSON property `zeroDay`
3652
+ # @return [Boolean]
3653
+ attr_accessor :zero_day
3654
+ alias_method :zero_day?, :zero_day
3655
+
3656
+ def initialize(**args)
3657
+ update!(**args)
3658
+ end
3659
+
3660
+ # Update properties of this object
3661
+ def update!(**args)
3662
+ @cvssv3 = args[:cvssv3] if args.key?(:cvssv3)
3663
+ @exploitation_activity = args[:exploitation_activity] if args.key?(:exploitation_activity)
3664
+ @id = args[:id] if args.key?(:id)
3665
+ @impact = args[:impact] if args.key?(:impact)
3666
+ @observed_in_the_wild = args[:observed_in_the_wild] if args.key?(:observed_in_the_wild)
3667
+ @references = args[:references] if args.key?(:references)
3668
+ @upstream_fix_available = args[:upstream_fix_available] if args.key?(:upstream_fix_available)
3669
+ @zero_day = args[:zero_day] if args.key?(:zero_day)
3670
+ end
3671
+ end
3672
+
3673
+ # Common Vulnerability Scoring System version 3.
3674
+ class GoogleCloudSecuritycenterV2Cvssv3
3675
+ include Google::Apis::Core::Hashable
3676
+
3677
+ # This metric describes the conditions beyond the attacker's control that must
3678
+ # exist in order to exploit the vulnerability.
3679
+ # Corresponds to the JSON property `attackComplexity`
3680
+ # @return [String]
3681
+ attr_accessor :attack_complexity
3682
+
3683
+ # Base Metrics Represents the intrinsic characteristics of a vulnerability that
3684
+ # are constant over time and across user environments. This metric reflects the
3685
+ # context by which vulnerability exploitation is possible.
3686
+ # Corresponds to the JSON property `attackVector`
3687
+ # @return [String]
3688
+ attr_accessor :attack_vector
3689
+
3690
+ # This metric measures the impact to the availability of the impacted component
3691
+ # resulting from a successfully exploited vulnerability.
3692
+ # Corresponds to the JSON property `availabilityImpact`
3693
+ # @return [String]
3694
+ attr_accessor :availability_impact
3695
+
3696
+ # The base score is a function of the base metric scores.
3697
+ # Corresponds to the JSON property `baseScore`
3698
+ # @return [Float]
3699
+ attr_accessor :base_score
3700
+
3701
+ # This metric measures the impact to the confidentiality of the information
3702
+ # resources managed by a software component due to a successfully exploited
3703
+ # vulnerability.
3704
+ # Corresponds to the JSON property `confidentialityImpact`
3705
+ # @return [String]
3706
+ attr_accessor :confidentiality_impact
3707
+
3708
+ # This metric measures the impact to integrity of a successfully exploited
3709
+ # vulnerability.
3710
+ # Corresponds to the JSON property `integrityImpact`
3711
+ # @return [String]
3712
+ attr_accessor :integrity_impact
3713
+
3714
+ # This metric describes the level of privileges an attacker must possess before
3715
+ # successfully exploiting the vulnerability.
3716
+ # Corresponds to the JSON property `privilegesRequired`
3717
+ # @return [String]
3718
+ attr_accessor :privileges_required
3719
+
3720
+ # The Scope metric captures whether a vulnerability in one vulnerable component
3721
+ # impacts resources in components beyond its security scope.
3722
+ # Corresponds to the JSON property `scope`
3723
+ # @return [String]
3724
+ attr_accessor :scope
3725
+
3726
+ # This metric captures the requirement for a human user, other than the attacker,
3727
+ # to participate in the successful compromise of the vulnerable component.
3728
+ # Corresponds to the JSON property `userInteraction`
3729
+ # @return [String]
3730
+ attr_accessor :user_interaction
3731
+
3732
+ def initialize(**args)
3733
+ update!(**args)
3734
+ end
3735
+
3736
+ # Update properties of this object
3737
+ def update!(**args)
3738
+ @attack_complexity = args[:attack_complexity] if args.key?(:attack_complexity)
3739
+ @attack_vector = args[:attack_vector] if args.key?(:attack_vector)
3740
+ @availability_impact = args[:availability_impact] if args.key?(:availability_impact)
3741
+ @base_score = args[:base_score] if args.key?(:base_score)
3742
+ @confidentiality_impact = args[:confidentiality_impact] if args.key?(:confidentiality_impact)
3743
+ @integrity_impact = args[:integrity_impact] if args.key?(:integrity_impact)
3744
+ @privileges_required = args[:privileges_required] if args.key?(:privileges_required)
3745
+ @scope = args[:scope] if args.key?(:scope)
3746
+ @user_interaction = args[:user_interaction] if args.key?(:user_interaction)
3747
+ end
3748
+ end
3749
+
3750
+ # Represents database access information, such as queries. A database may be a
3751
+ # sub-resource of an instance (as in the case of Cloud SQL instances or Cloud
3752
+ # Spanner instances), or the database instance itself. Some database resources
3753
+ # might not have the [full resource name](https://google.aip.dev/122#full-
3754
+ # resource-names) populated because these resource types, such as Cloud SQL
3755
+ # databases, are not yet supported by Cloud Asset Inventory. In these cases only
3756
+ # the display name is provided.
3757
+ class GoogleCloudSecuritycenterV2Database
3758
+ include Google::Apis::Core::Hashable
3759
+
3760
+ # The human-readable name of the database that the user connected to.
3761
+ # Corresponds to the JSON property `displayName`
3762
+ # @return [String]
3763
+ attr_accessor :display_name
3764
+
3765
+ # The target usernames, roles, or groups of an SQL privilege grant, which is not
3766
+ # an IAM policy change.
3767
+ # Corresponds to the JSON property `grantees`
3768
+ # @return [Array<String>]
3769
+ attr_accessor :grantees
3770
+
3771
+ # Some database resources may not have the [full resource name](https://google.
3772
+ # aip.dev/122#full-resource-names) populated because these resource types are
3773
+ # not yet supported by Cloud Asset Inventory (e.g. Cloud SQL databases). In
3774
+ # these cases only the display name will be provided. The [full resource name](
3775
+ # https://google.aip.dev/122#full-resource-names) of the database that the user
3776
+ # connected to, if it is supported by Cloud Asset Inventory.
3777
+ # Corresponds to the JSON property `name`
3778
+ # @return [String]
3779
+ attr_accessor :name
3780
+
3781
+ # The SQL statement that is associated with the database access.
3782
+ # Corresponds to the JSON property `query`
3783
+ # @return [String]
3784
+ attr_accessor :query
3785
+
3786
+ # The username used to connect to the database. The username might not be an IAM
3787
+ # principal and does not have a set format.
3788
+ # Corresponds to the JSON property `userName`
3789
+ # @return [String]
3790
+ attr_accessor :user_name
3791
+
3792
+ # The version of the database, for example, POSTGRES_14. See [the complete list](
3793
+ # https://cloud.google.com/sql/docs/mysql/admin-api/rest/v1/SqlDatabaseVersion).
3794
+ # Corresponds to the JSON property `version`
3795
+ # @return [String]
3796
+ attr_accessor :version
3797
+
3798
+ def initialize(**args)
3799
+ update!(**args)
3800
+ end
3801
+
3802
+ # Update properties of this object
3803
+ def update!(**args)
3804
+ @display_name = args[:display_name] if args.key?(:display_name)
3805
+ @grantees = args[:grantees] if args.key?(:grantees)
3806
+ @name = args[:name] if args.key?(:name)
3807
+ @query = args[:query] if args.key?(:query)
3808
+ @user_name = args[:user_name] if args.key?(:user_name)
3809
+ @version = args[:version] if args.key?(:version)
3810
+ end
3811
+ end
3812
+
3813
+ # Memory hash detection contributing to the binary family match.
3814
+ class GoogleCloudSecuritycenterV2Detection
3815
+ include Google::Apis::Core::Hashable
3816
+
3817
+ # The name of the binary associated with the memory hash signature detection.
3818
+ # Corresponds to the JSON property `binary`
3819
+ # @return [String]
3820
+ attr_accessor :binary
3821
+
3822
+ # The percentage of memory page hashes in the signature that were matched.
3823
+ # Corresponds to the JSON property `percentPagesMatched`
3824
+ # @return [Float]
3825
+ attr_accessor :percent_pages_matched
3826
+
3827
+ def initialize(**args)
3828
+ update!(**args)
3829
+ end
3830
+
3831
+ # Update properties of this object
3832
+ def update!(**args)
3833
+ @binary = args[:binary] if args.key?(:binary)
3834
+ @percent_pages_matched = args[:percent_pages_matched] if args.key?(:percent_pages_matched)
3835
+ end
3836
+ end
3837
+
3838
+ # Path of the file in terms of underlying disk/partition identifiers.
3839
+ class GoogleCloudSecuritycenterV2DiskPath
3840
+ include Google::Apis::Core::Hashable
3841
+
3842
+ # UUID of the partition (format https://wiki.archlinux.org/title/
3843
+ # persistent_block_device_naming#by-uuid)
3844
+ # Corresponds to the JSON property `partitionUuid`
3845
+ # @return [String]
3846
+ attr_accessor :partition_uuid
3847
+
3848
+ # Relative path of the file in the partition as a JSON encoded string. Example: /
3849
+ # home/user1/executable_file.sh
3850
+ # Corresponds to the JSON property `relativePath`
3851
+ # @return [String]
3852
+ attr_accessor :relative_path
3853
+
3854
+ def initialize(**args)
3855
+ update!(**args)
3856
+ end
3857
+
3858
+ # Update properties of this object
3859
+ def update!(**args)
3860
+ @partition_uuid = args[:partition_uuid] if args.key?(:partition_uuid)
3861
+ @relative_path = args[:relative_path] if args.key?(:relative_path)
3862
+ end
3863
+ end
3864
+
3865
+ # A name-value pair representing an environment variable used in an operating
3866
+ # system process.
3867
+ class GoogleCloudSecuritycenterV2EnvironmentVariable
3868
+ include Google::Apis::Core::Hashable
3869
+
3870
+ # Environment variable name as a JSON encoded string.
3871
+ # Corresponds to the JSON property `name`
3872
+ # @return [String]
3873
+ attr_accessor :name
3874
+
3875
+ # Environment variable value as a JSON encoded string.
3876
+ # Corresponds to the JSON property `val`
3877
+ # @return [String]
3878
+ attr_accessor :val
3879
+
3880
+ def initialize(**args)
3881
+ update!(**args)
3882
+ end
3883
+
3884
+ # Update properties of this object
3885
+ def update!(**args)
3886
+ @name = args[:name] if args.key?(:name)
3887
+ @val = args[:val] if args.key?(:val)
3888
+ end
3889
+ end
3890
+
3891
+ # Resource where data was exfiltrated from or exfiltrated to.
3892
+ class GoogleCloudSecuritycenterV2ExfilResource
3893
+ include Google::Apis::Core::Hashable
3894
+
3895
+ # Subcomponents of the asset that was exfiltrated, like URIs used during
3896
+ # exfiltration, table names, databases, and filenames. For example, multiple
3897
+ # tables might have been exfiltrated from the same Cloud SQL instance, or
3898
+ # multiple files might have been exfiltrated from the same Cloud Storage bucket.
3899
+ # Corresponds to the JSON property `components`
3900
+ # @return [Array<String>]
3901
+ attr_accessor :components
3902
+
3903
+ # The resource's [full resource name](https://cloud.google.com/apis/design/
3904
+ # resource_names#full_resource_name).
3905
+ # Corresponds to the JSON property `name`
3906
+ # @return [String]
3907
+ attr_accessor :name
3908
+
3909
+ def initialize(**args)
3910
+ update!(**args)
3911
+ end
3912
+
3913
+ # Update properties of this object
3914
+ def update!(**args)
3915
+ @components = args[:components] if args.key?(:components)
3916
+ @name = args[:name] if args.key?(:name)
3917
+ end
3918
+ end
3919
+
3920
+ # Exfiltration represents a data exfiltration attempt from one or more sources
3921
+ # to one or more targets. The `sources` attribute lists the sources of the
3922
+ # exfiltrated data. The `targets` attribute lists the destinations the data was
3923
+ # copied to.
3924
+ class GoogleCloudSecuritycenterV2Exfiltration
3925
+ include Google::Apis::Core::Hashable
3926
+
3927
+ # If there are multiple sources, then the data is considered "joined" between
3928
+ # them. For instance, BigQuery can join multiple tables, and each table would be
3929
+ # considered a source.
3930
+ # Corresponds to the JSON property `sources`
3931
+ # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2ExfilResource>]
3932
+ attr_accessor :sources
3933
+
3934
+ # If there are multiple targets, each target would get a complete copy of the "
3935
+ # joined" source data.
3936
+ # Corresponds to the JSON property `targets`
3937
+ # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2ExfilResource>]
3938
+ attr_accessor :targets
3939
+
3940
+ # Total exfiltrated bytes processed for the entire job.
3941
+ # Corresponds to the JSON property `totalExfiltratedBytes`
3942
+ # @return [Fixnum]
3943
+ attr_accessor :total_exfiltrated_bytes
3944
+
3945
+ def initialize(**args)
3946
+ update!(**args)
3947
+ end
3948
+
3949
+ # Update properties of this object
3950
+ def update!(**args)
3951
+ @sources = args[:sources] if args.key?(:sources)
3952
+ @targets = args[:targets] if args.key?(:targets)
3953
+ @total_exfiltrated_bytes = args[:total_exfiltrated_bytes] if args.key?(:total_exfiltrated_bytes)
3954
+ end
3955
+ end
3956
+
3957
+ # Representation of third party SIEM/SOAR fields within SCC.
3958
+ class GoogleCloudSecuritycenterV2ExternalSystem
3959
+ include Google::Apis::Core::Hashable
3960
+
3961
+ # References primary/secondary etc assignees in the external system.
3962
+ # Corresponds to the JSON property `assignees`
3963
+ # @return [Array<String>]
3964
+ attr_accessor :assignees
3965
+
3966
+ # The priority of the finding's corresponding case in the external system.
3967
+ # Corresponds to the JSON property `casePriority`
3968
+ # @return [String]
3969
+ attr_accessor :case_priority
3970
+
3971
+ # The SLA of the finding's corresponding case in the external system.
3972
+ # Corresponds to the JSON property `caseSla`
3973
+ # @return [String]
3974
+ attr_accessor :case_sla
3975
+
3976
+ # The link to the finding's corresponding case in the external system.
3977
+ # Corresponds to the JSON property `caseUri`
3978
+ # @return [String]
3979
+ attr_accessor :case_uri
3980
+
3981
+ # The time when the case was last updated, as reported by the external system.
3982
+ # Corresponds to the JSON property `externalSystemUpdateTime`
3983
+ # @return [String]
3984
+ attr_accessor :external_system_update_time
3985
+
3986
+ # The identifier that's used to track the finding's corresponding case in the
3987
+ # external system.
3988
+ # Corresponds to the JSON property `externalUid`
3989
+ # @return [String]
3990
+ attr_accessor :external_uid
3991
+
3992
+ # Full resource name of the external system. The following list shows some
3993
+ # examples: + `organizations/1234/sources/5678/findings/123456/externalSystems/
3994
+ # jira` + `organizations/1234/sources/5678/locations/us/findings/123456/
3995
+ # externalSystems/jira` + `folders/1234/sources/5678/findings/123456/
3996
+ # externalSystems/jira` + `folders/1234/sources/5678/locations/us/findings/
3997
+ # 123456/externalSystems/jira` + `projects/1234/sources/5678/findings/123456/
3998
+ # externalSystems/jira` + `projects/1234/sources/5678/locations/us/findings/
3999
+ # 123456/externalSystems/jira`
4000
+ # Corresponds to the JSON property `name`
4001
+ # @return [String]
4002
+ attr_accessor :name
4003
+
4004
+ # The most recent status of the finding's corresponding case, as reported by the
4005
+ # external system.
4006
+ # Corresponds to the JSON property `status`
4007
+ # @return [String]
4008
+ attr_accessor :status
4009
+
4010
+ # Information about the ticket, if any, that is being used to track the
4011
+ # resolution of the issue that is identified by this finding.
4012
+ # Corresponds to the JSON property `ticketInfo`
4013
+ # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2TicketInfo]
4014
+ attr_accessor :ticket_info
4015
+
4016
+ def initialize(**args)
4017
+ update!(**args)
4018
+ end
4019
+
4020
+ # Update properties of this object
4021
+ def update!(**args)
4022
+ @assignees = args[:assignees] if args.key?(:assignees)
4023
+ @case_priority = args[:case_priority] if args.key?(:case_priority)
4024
+ @case_sla = args[:case_sla] if args.key?(:case_sla)
4025
+ @case_uri = args[:case_uri] if args.key?(:case_uri)
4026
+ @external_system_update_time = args[:external_system_update_time] if args.key?(:external_system_update_time)
4027
+ @external_uid = args[:external_uid] if args.key?(:external_uid)
4028
+ @name = args[:name] if args.key?(:name)
4029
+ @status = args[:status] if args.key?(:status)
4030
+ @ticket_info = args[:ticket_info] if args.key?(:ticket_info)
4031
+ end
4032
+ end
4033
+
4034
+ # File information about the related binary/library used by an executable, or
4035
+ # the script used by a script interpreter
4036
+ class GoogleCloudSecuritycenterV2File
4037
+ include Google::Apis::Core::Hashable
4038
+
4039
+ # Prefix of the file contents as a JSON-encoded string.
4040
+ # Corresponds to the JSON property `contents`
4041
+ # @return [String]
4042
+ attr_accessor :contents
4043
+
4044
+ # Path of the file in terms of underlying disk/partition identifiers.
4045
+ # Corresponds to the JSON property `diskPath`
4046
+ # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2DiskPath]
4047
+ attr_accessor :disk_path
4048
+
4049
+ # The length in bytes of the file prefix that was hashed. If hashed_size == size,
4050
+ # any hashes reported represent the entire file.
4051
+ # Corresponds to the JSON property `hashedSize`
4052
+ # @return [Fixnum]
4053
+ attr_accessor :hashed_size
4054
+
4055
+ # True when the hash covers only a prefix of the file.
4056
+ # Corresponds to the JSON property `partiallyHashed`
4057
+ # @return [Boolean]
4058
+ attr_accessor :partially_hashed
4059
+ alias_method :partially_hashed?, :partially_hashed
4060
+
4061
+ # Absolute path of the file as a JSON encoded string.
4062
+ # Corresponds to the JSON property `path`
4063
+ # @return [String]
4064
+ attr_accessor :path
4065
+
4066
+ # SHA256 hash of the first hashed_size bytes of the file encoded as a hex string.
4067
+ # If hashed_size == size, sha256 represents the SHA256 hash of the entire file.
4068
+ # Corresponds to the JSON property `sha256`
4069
+ # @return [String]
4070
+ attr_accessor :sha256
4071
+
4072
+ # Size of the file in bytes.
4073
+ # Corresponds to the JSON property `size`
4074
+ # @return [Fixnum]
4075
+ attr_accessor :size
4076
+
4077
+ def initialize(**args)
4078
+ update!(**args)
4079
+ end
4080
+
4081
+ # Update properties of this object
4082
+ def update!(**args)
4083
+ @contents = args[:contents] if args.key?(:contents)
4084
+ @disk_path = args[:disk_path] if args.key?(:disk_path)
4085
+ @hashed_size = args[:hashed_size] if args.key?(:hashed_size)
4086
+ @partially_hashed = args[:partially_hashed] if args.key?(:partially_hashed)
4087
+ @path = args[:path] if args.key?(:path)
4088
+ @sha256 = args[:sha256] if args.key?(:sha256)
4089
+ @size = args[:size] if args.key?(:size)
4090
+ end
4091
+ end
4092
+
4093
+ # Security Command Center finding. A finding is a record of assessment data like
4094
+ # security, risk, health, or privacy, that is ingested into Security Command
4095
+ # Center for presentation, notification, analysis, policy testing, and
4096
+ # enforcement. For example, a cross-site scripting (XSS) vulnerability in an App
4097
+ # Engine application is a finding.
4098
+ class GoogleCloudSecuritycenterV2Finding
4099
+ include Google::Apis::Core::Hashable
4100
+
4101
+ # Represents an access event.
4102
+ # Corresponds to the JSON property `access`
4103
+ # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Access]
4104
+ attr_accessor :access
4105
+
4106
+ # Represents an application associated with a finding.
4107
+ # Corresponds to the JSON property `application`
4108
+ # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Application]
4109
+ attr_accessor :application
4110
+
4111
+ # An attack exposure contains the results of an attack path simulation run.
4112
+ # Corresponds to the JSON property `attackExposure`
4113
+ # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2AttackExposure]
4114
+ attr_accessor :attack_exposure
4115
+
4116
+ # Information related to Google Cloud Backup and DR Service findings.
4117
+ # Corresponds to the JSON property `backupDisasterRecovery`
4118
+ # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2BackupDisasterRecovery]
4119
+ attr_accessor :backup_disaster_recovery
4120
+
4121
+ # Output only. The canonical name of the finding. The following list shows some
4122
+ # examples: + `organizations/`organization_id`/sources/`source_id`/findings/`
4123
+ # finding_id`` + `organizations/`organization_id`/sources/`source_id`/locations/`
4124
+ # location_id`/findings/`finding_id`` + `folders/`folder_id`/sources/`source_id`/
4125
+ # findings/`finding_id`` + `folders/`folder_id`/sources/`source_id`/locations/`
4126
+ # location_id`/findings/`finding_id`` + `projects/`project_id`/sources/`
4127
+ # source_id`/findings/`finding_id`` + `projects/`project_id`/sources/`source_id`/
4128
+ # locations/`location_id`/findings/`finding_id`` The prefix is the closest CRM
4129
+ # ancestor of the resource associated with the finding.
4130
+ # Corresponds to the JSON property `canonicalName`
4131
+ # @return [String]
4132
+ attr_accessor :canonical_name
4133
+
4134
+ # Immutable. The additional taxonomy group within findings from a given source.
4135
+ # Example: "XSS_FLASH_INJECTION"
4136
+ # Corresponds to the JSON property `category`
4137
+ # @return [String]
4138
+ attr_accessor :category
4139
+
4140
+ # The [data profile](https://cloud.google.com/dlp/docs/data-profiles) associated
4141
+ # with the finding.
4142
+ # Corresponds to the JSON property `cloudDlpDataProfile`
4143
+ # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2CloudDlpDataProfile]
4144
+ attr_accessor :cloud_dlp_data_profile
4145
+
4146
+ # Details about the Cloud Data Loss Prevention (Cloud DLP) [inspection job](
4147
+ # https://cloud.google.com/dlp/docs/concepts-job-triggers) that produced the
4148
+ # finding.
4149
+ # Corresponds to the JSON property `cloudDlpInspection`
4150
+ # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2CloudDlpInspection]
4151
+ attr_accessor :cloud_dlp_inspection
4152
+
4153
+ # Contains compliance information for security standards associated to the
4154
+ # finding.
4155
+ # Corresponds to the JSON property `compliances`
4156
+ # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Compliance>]
4157
+ attr_accessor :compliances
4158
+
4159
+ # Contains information about the IP connection associated with the finding.
4160
+ # Corresponds to the JSON property `connections`
4161
+ # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Connection>]
4162
+ attr_accessor :connections
4163
+
4164
+ # Output only. Map containing the points of contact for the given finding. The
4165
+ # key represents the type of contact, while the value contains a list of all the
4166
+ # contacts that pertain. Please refer to: https://cloud.google.com/resource-
4167
+ # manager/docs/managing-notification-contacts#notification-categories ` "
4168
+ # security": ` "contacts": [ ` "email": "person1@company.com" `, ` "email": "
4169
+ # person2@company.com" ` ] ` `
4170
+ # Corresponds to the JSON property `contacts`
4171
+ # @return [Hash<String,Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2ContactDetails>]
4172
+ attr_accessor :contacts
4173
+
4174
+ # Containers associated with the finding. This field provides information for
4175
+ # both Kubernetes and non-Kubernetes containers.
4176
+ # Corresponds to the JSON property `containers`
4177
+ # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Container>]
4178
+ attr_accessor :containers
4179
+
4180
+ # Output only. The time at which the finding was created in Security Command
4181
+ # Center.
4182
+ # Corresponds to the JSON property `createTime`
4183
+ # @return [String]
4184
+ attr_accessor :create_time
4185
+
4186
+ # Represents database access information, such as queries. A database may be a
4187
+ # sub-resource of an instance (as in the case of Cloud SQL instances or Cloud
4188
+ # Spanner instances), or the database instance itself. Some database resources
4189
+ # might not have the [full resource name](https://google.aip.dev/122#full-
4190
+ # resource-names) populated because these resource types, such as Cloud SQL
4191
+ # databases, are not yet supported by Cloud Asset Inventory. In these cases only
4192
+ # the display name is provided.
4193
+ # Corresponds to the JSON property `database`
4194
+ # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Database]
4195
+ attr_accessor :database
4196
+
4197
+ # Contains more details about the finding.
4198
+ # Corresponds to the JSON property `description`
4199
+ # @return [String]
4200
+ attr_accessor :description
4201
+
4202
+ # The time the finding was first detected. If an existing finding is updated,
4203
+ # then this is the time the update occurred. For example, if the finding
4204
+ # represents an open firewall, this property captures the time the detector
4205
+ # believes the firewall became open. The accuracy is determined by the detector.
4206
+ # If the finding is later resolved, then this time reflects when the finding was
4207
+ # resolved. This must not be set to a value greater than the current timestamp.
4208
+ # Corresponds to the JSON property `eventTime`
4209
+ # @return [String]
4210
+ attr_accessor :event_time
4211
+
4212
+ # Exfiltration represents a data exfiltration attempt from one or more sources
4213
+ # to one or more targets. The `sources` attribute lists the sources of the
4214
+ # exfiltrated data. The `targets` attribute lists the destinations the data was
4215
+ # copied to.
4216
+ # Corresponds to the JSON property `exfiltration`
4217
+ # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Exfiltration]
4218
+ attr_accessor :exfiltration
4219
+
4220
+ # Output only. Third party SIEM/SOAR fields within SCC, contains external system
4221
+ # information and external system finding fields.
4222
+ # Corresponds to the JSON property `externalSystems`
4223
+ # @return [Hash<String,Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2ExternalSystem>]
4224
+ attr_accessor :external_systems
4225
+
4226
+ # The URI that, if available, points to a web page outside of Security Command
4227
+ # Center where additional information about the finding can be found. This field
4228
+ # is guaranteed to be either empty or a well formed URL.
4229
+ # Corresponds to the JSON property `externalUri`
4230
+ # @return [String]
4231
+ attr_accessor :external_uri
4232
+
4233
+ # File associated with the finding.
4234
+ # Corresponds to the JSON property `files`
4235
+ # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2File>]
4236
+ attr_accessor :files
4237
+
4238
+ # The class of the finding.
4239
+ # Corresponds to the JSON property `findingClass`
4240
+ # @return [String]
4241
+ attr_accessor :finding_class
4242
+
4243
+ # Represents IAM bindings associated with the finding.
4244
+ # Corresponds to the JSON property `iamBindings`
4245
+ # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2IamBinding>]
4246
+ attr_accessor :iam_bindings
4247
+
4248
+ # Represents what's commonly known as an _indicator of compromise_ (IoC) in
4249
+ # computer forensics. This is an artifact observed on a network or in an
4250
+ # operating system that, with high confidence, indicates a computer intrusion.
4251
+ # For more information, see [Indicator of compromise](https://en.wikipedia.org/
4252
+ # wiki/Indicator_of_compromise).
4253
+ # Corresponds to the JSON property `indicator`
4254
+ # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Indicator]
4255
+ attr_accessor :indicator
4256
+
4257
+ # Kernel mode rootkit signatures.
4258
+ # Corresponds to the JSON property `kernelRootkit`
4259
+ # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2KernelRootkit]
4260
+ attr_accessor :kernel_rootkit
4261
+
4262
+ # Kubernetes-related attributes.
4263
+ # Corresponds to the JSON property `kubernetes`
4264
+ # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Kubernetes]
4265
+ attr_accessor :kubernetes
4266
+
4267
+ # The load balancers associated with the finding.
4268
+ # Corresponds to the JSON property `loadBalancers`
4269
+ # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2LoadBalancer>]
4270
+ attr_accessor :load_balancers
4271
+
4272
+ # Log entries that are relevant to the finding.
4273
+ # Corresponds to the JSON property `logEntries`
4274
+ # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2LogEntry>]
4275
+ attr_accessor :log_entries
4276
+
4277
+ # MITRE ATT&CK tactics and techniques related to this finding. See: https://
4278
+ # attack.mitre.org
4279
+ # Corresponds to the JSON property `mitreAttack`
4280
+ # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2MitreAttack]
4281
+ attr_accessor :mitre_attack
4282
+
4283
+ # Unique identifier of the module which generated the finding. Example: folders/
4284
+ # 598186756061/securityHealthAnalyticsSettings/customModules/56799441161885
4285
+ # Corresponds to the JSON property `moduleName`
4286
+ # @return [String]
4287
+ attr_accessor :module_name
4288
+
4289
+ # Indicates the mute state of a finding (either muted, unmuted or undefined).
4290
+ # Unlike other attributes of a finding, a finding provider shouldn't set the
4291
+ # value of mute.
4292
+ # Corresponds to the JSON property `mute`
4293
+ # @return [String]
4294
+ attr_accessor :mute
4295
+
4296
+ # Records additional information about the mute operation, for example, the [
4297
+ # mute configuration](https://cloud.google.com/security-command-center/docs/how-
4298
+ # to-mute-findings) that muted the finding and the user who muted the finding.
4299
+ # Corresponds to the JSON property `muteInitiator`
4300
+ # @return [String]
4301
+ attr_accessor :mute_initiator
4302
+
4303
+ # Output only. The most recent time this finding was muted or unmuted.
4304
+ # Corresponds to the JSON property `muteUpdateTime`
4305
+ # @return [String]
4306
+ attr_accessor :mute_update_time
4307
+
4308
+ # The [relative resource name](https://cloud.google.com/apis/design/
4309
+ # resource_names#relative_resource_name) of the finding. The following list
4310
+ # shows some examples: + `organizations/`organization_id`/sources/`source_id`/
4311
+ # findings/`finding_id`` + `organizations/`organization_id`/sources/`source_id`/
4312
+ # locations/`location_id`/findings/`finding_id`` + `folders/`folder_id`/sources/`
4313
+ # source_id`/findings/`finding_id`` + `folders/`folder_id`/sources/`source_id`/
4314
+ # locations/`location_id`/findings/`finding_id`` + `projects/`project_id`/
4315
+ # sources/`source_id`/findings/`finding_id`` + `projects/`project_id`/sources/`
4316
+ # source_id`/locations/`location_id`/findings/`finding_id``
4317
+ # Corresponds to the JSON property `name`
4318
+ # @return [String]
4319
+ attr_accessor :name
4320
+
4321
+ # Steps to address the finding.
4322
+ # Corresponds to the JSON property `nextSteps`
4323
+ # @return [String]
4324
+ attr_accessor :next_steps
4325
+
4326
+ # Contains information about the org policies associated with the finding.
4327
+ # Corresponds to the JSON property `orgPolicies`
4328
+ # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2OrgPolicy>]
4329
+ attr_accessor :org_policies
4330
+
4331
+ # The relative resource name of the source and location the finding belongs to.
4332
+ # See: https://cloud.google.com/apis/design/resource_names#
4333
+ # relative_resource_name This field is immutable after creation time. The
4334
+ # following list shows some examples: + `organizations/`organization_id`/sources/
4335
+ # `source_id`` + `folders/`folders_id`/sources/`source_id`` + `projects/`
4336
+ # projects_id`/sources/`source_id`` + `organizations/`organization_id`/sources/`
4337
+ # source_id`/locations/`location_id`` + `folders/`folders_id`/sources/`source_id`
4338
+ # /locations/`location_id`` + `projects/`projects_id`/sources/`source_id`/
4339
+ # locations/`location_id``
4340
+ # Corresponds to the JSON property `parent`
4341
+ # @return [String]
4342
+ attr_accessor :parent
4343
+
4344
+ # Output only. The human readable display name of the finding source such as "
4345
+ # Event Threat Detection" or "Security Health Analytics".
4346
+ # Corresponds to the JSON property `parentDisplayName`
4347
+ # @return [String]
4348
+ attr_accessor :parent_display_name
4349
+
4350
+ # Represents operating system processes associated with the Finding.
4351
+ # Corresponds to the JSON property `processes`
4352
+ # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Process>]
4353
+ attr_accessor :processes
4354
+
4355
+ # Immutable. For findings on Google Cloud resources, the full resource name of
4356
+ # the Google Cloud resource this finding is for. See: https://cloud.google.com/
4357
+ # apis/design/resource_names#full_resource_name When the finding is for a non-
4358
+ # Google Cloud resource, the resourceName can be a customer or partner defined
4359
+ # string.
4360
+ # Corresponds to the JSON property `resourceName`
4361
+ # @return [String]
4362
+ attr_accessor :resource_name
4363
+
4364
+ # User specified security marks that are attached to the parent Security Command
4365
+ # Center resource. Security marks are scoped within a Security Command Center
4366
+ # organization -- they can be modified and viewed by all users who have proper
4367
+ # permissions on the organization.
4368
+ # Corresponds to the JSON property `securityMarks`
4369
+ # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2SecurityMarks]
4370
+ attr_accessor :security_marks
4371
+
4372
+ # Represents a posture that is deployed on Google Cloud by the Security Command
4373
+ # Center Posture Management service. A posture contains one or more policy sets.
4374
+ # A policy set is a group of policies that enforce a set of security rules on
4375
+ # Google Cloud.
4376
+ # Corresponds to the JSON property `securityPosture`
4377
+ # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2SecurityPosture]
4378
+ attr_accessor :security_posture
4379
+
4380
+ # The severity of the finding. This field is managed by the source that writes
4381
+ # the finding.
4382
+ # Corresponds to the JSON property `severity`
4383
+ # @return [String]
4384
+ attr_accessor :severity
4385
+
4386
+ # Source specific properties. These properties are managed by the source that
4387
+ # writes the finding. The key names in the source_properties map must be between
4388
+ # 1 and 255 characters, and must start with a letter and contain alphanumeric
4389
+ # characters or underscores only.
4390
+ # Corresponds to the JSON property `sourceProperties`
4391
+ # @return [Hash<String,Object>]
4392
+ attr_accessor :source_properties
4393
+
4394
+ # Output only. The state of the finding.
4395
+ # Corresponds to the JSON property `state`
4396
+ # @return [String]
4397
+ attr_accessor :state
4398
+
4399
+ # Refers to common vulnerability fields e.g. cve, cvss, cwe etc.
4400
+ # Corresponds to the JSON property `vulnerability`
4401
+ # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Vulnerability]
4402
+ attr_accessor :vulnerability
4403
+
4404
+ def initialize(**args)
4405
+ update!(**args)
4406
+ end
4407
+
4408
+ # Update properties of this object
4409
+ def update!(**args)
4410
+ @access = args[:access] if args.key?(:access)
4411
+ @application = args[:application] if args.key?(:application)
4412
+ @attack_exposure = args[:attack_exposure] if args.key?(:attack_exposure)
4413
+ @backup_disaster_recovery = args[:backup_disaster_recovery] if args.key?(:backup_disaster_recovery)
4414
+ @canonical_name = args[:canonical_name] if args.key?(:canonical_name)
4415
+ @category = args[:category] if args.key?(:category)
4416
+ @cloud_dlp_data_profile = args[:cloud_dlp_data_profile] if args.key?(:cloud_dlp_data_profile)
4417
+ @cloud_dlp_inspection = args[:cloud_dlp_inspection] if args.key?(:cloud_dlp_inspection)
4418
+ @compliances = args[:compliances] if args.key?(:compliances)
4419
+ @connections = args[:connections] if args.key?(:connections)
4420
+ @contacts = args[:contacts] if args.key?(:contacts)
4421
+ @containers = args[:containers] if args.key?(:containers)
4422
+ @create_time = args[:create_time] if args.key?(:create_time)
4423
+ @database = args[:database] if args.key?(:database)
4424
+ @description = args[:description] if args.key?(:description)
4425
+ @event_time = args[:event_time] if args.key?(:event_time)
4426
+ @exfiltration = args[:exfiltration] if args.key?(:exfiltration)
4427
+ @external_systems = args[:external_systems] if args.key?(:external_systems)
4428
+ @external_uri = args[:external_uri] if args.key?(:external_uri)
4429
+ @files = args[:files] if args.key?(:files)
4430
+ @finding_class = args[:finding_class] if args.key?(:finding_class)
4431
+ @iam_bindings = args[:iam_bindings] if args.key?(:iam_bindings)
4432
+ @indicator = args[:indicator] if args.key?(:indicator)
4433
+ @kernel_rootkit = args[:kernel_rootkit] if args.key?(:kernel_rootkit)
4434
+ @kubernetes = args[:kubernetes] if args.key?(:kubernetes)
4435
+ @load_balancers = args[:load_balancers] if args.key?(:load_balancers)
4436
+ @log_entries = args[:log_entries] if args.key?(:log_entries)
4437
+ @mitre_attack = args[:mitre_attack] if args.key?(:mitre_attack)
4438
+ @module_name = args[:module_name] if args.key?(:module_name)
4439
+ @mute = args[:mute] if args.key?(:mute)
4440
+ @mute_initiator = args[:mute_initiator] if args.key?(:mute_initiator)
4441
+ @mute_update_time = args[:mute_update_time] if args.key?(:mute_update_time)
4442
+ @name = args[:name] if args.key?(:name)
4443
+ @next_steps = args[:next_steps] if args.key?(:next_steps)
4444
+ @org_policies = args[:org_policies] if args.key?(:org_policies)
4445
+ @parent = args[:parent] if args.key?(:parent)
4446
+ @parent_display_name = args[:parent_display_name] if args.key?(:parent_display_name)
4447
+ @processes = args[:processes] if args.key?(:processes)
4448
+ @resource_name = args[:resource_name] if args.key?(:resource_name)
4449
+ @security_marks = args[:security_marks] if args.key?(:security_marks)
4450
+ @security_posture = args[:security_posture] if args.key?(:security_posture)
4451
+ @severity = args[:severity] if args.key?(:severity)
4452
+ @source_properties = args[:source_properties] if args.key?(:source_properties)
4453
+ @state = args[:state] if args.key?(:state)
4454
+ @vulnerability = args[:vulnerability] if args.key?(:vulnerability)
4455
+ end
4456
+ end
4457
+
4458
+ # Represents a geographical location for a given access.
4459
+ class GoogleCloudSecuritycenterV2Geolocation
4460
+ include Google::Apis::Core::Hashable
4461
+
4462
+ # A CLDR.
4463
+ # Corresponds to the JSON property `regionCode`
4464
+ # @return [String]
4465
+ attr_accessor :region_code
4466
+
4467
+ def initialize(**args)
4468
+ update!(**args)
4469
+ end
4470
+
4471
+ # Update properties of this object
4472
+ def update!(**args)
4473
+ @region_code = args[:region_code] if args.key?(:region_code)
4474
+ end
4475
+ end
4476
+
4477
+ # Represents a particular IAM binding, which captures a member's role addition,
4478
+ # removal, or state.
4479
+ class GoogleCloudSecuritycenterV2IamBinding
4480
+ include Google::Apis::Core::Hashable
4481
+
4482
+ # The action that was performed on a Binding.
4483
+ # Corresponds to the JSON property `action`
4484
+ # @return [String]
4485
+ attr_accessor :action
4486
+
4487
+ # A single identity requesting access for a Cloud Platform resource, for example,
4488
+ # "foo@google.com".
4489
+ # Corresponds to the JSON property `member`
4490
+ # @return [String]
4491
+ attr_accessor :member
4492
+
4493
+ # Role that is assigned to "members". For example, "roles/viewer", "roles/editor"
4494
+ # , or "roles/owner".
4495
+ # Corresponds to the JSON property `role`
4496
+ # @return [String]
4497
+ attr_accessor :role
4498
+
4499
+ def initialize(**args)
4500
+ update!(**args)
4501
+ end
4502
+
4503
+ # Update properties of this object
4504
+ def update!(**args)
4505
+ @action = args[:action] if args.key?(:action)
4506
+ @member = args[:member] if args.key?(:member)
4507
+ @role = args[:role] if args.key?(:role)
4508
+ end
4509
+ end
4510
+
4511
+ # Represents what's commonly known as an _indicator of compromise_ (IoC) in
4512
+ # computer forensics. This is an artifact observed on a network or in an
4513
+ # operating system that, with high confidence, indicates a computer intrusion.
4514
+ # For more information, see [Indicator of compromise](https://en.wikipedia.org/
4515
+ # wiki/Indicator_of_compromise).
4516
+ class GoogleCloudSecuritycenterV2Indicator
4517
+ include Google::Apis::Core::Hashable
4518
+
4519
+ # List of domains associated to the Finding.
4520
+ # Corresponds to the JSON property `domains`
4521
+ # @return [Array<String>]
4522
+ attr_accessor :domains
4523
+
4524
+ # The list of IP addresses that are associated with the finding.
4525
+ # Corresponds to the JSON property `ipAddresses`
4526
+ # @return [Array<String>]
4527
+ attr_accessor :ip_addresses
4528
+
4529
+ # The list of matched signatures indicating that the given process is present in
4530
+ # the environment.
4531
+ # Corresponds to the JSON property `signatures`
4532
+ # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2ProcessSignature>]
4533
+ attr_accessor :signatures
4534
+
4535
+ # The list of URIs associated to the Findings.
4536
+ # Corresponds to the JSON property `uris`
4537
+ # @return [Array<String>]
4538
+ attr_accessor :uris
4539
+
4540
+ def initialize(**args)
4541
+ update!(**args)
4542
+ end
4543
+
4544
+ # Update properties of this object
4545
+ def update!(**args)
4546
+ @domains = args[:domains] if args.key?(:domains)
4547
+ @ip_addresses = args[:ip_addresses] if args.key?(:ip_addresses)
4548
+ @signatures = args[:signatures] if args.key?(:signatures)
4549
+ @uris = args[:uris] if args.key?(:uris)
4550
+ end
4551
+ end
4552
+
4553
+ # Kernel mode rootkit signatures.
4554
+ class GoogleCloudSecuritycenterV2KernelRootkit
4555
+ include Google::Apis::Core::Hashable
4556
+
4557
+ # Rootkit name, when available.
4558
+ # Corresponds to the JSON property `name`
4559
+ # @return [String]
4560
+ attr_accessor :name
4561
+
4562
+ # True if unexpected modifications of kernel code memory are present.
4563
+ # Corresponds to the JSON property `unexpectedCodeModification`
4564
+ # @return [Boolean]
4565
+ attr_accessor :unexpected_code_modification
4566
+ alias_method :unexpected_code_modification?, :unexpected_code_modification
4567
+
4568
+ # True if `ftrace` points are present with callbacks pointing to regions that
4569
+ # are not in the expected kernel or module code range.
4570
+ # Corresponds to the JSON property `unexpectedFtraceHandler`
4571
+ # @return [Boolean]
4572
+ attr_accessor :unexpected_ftrace_handler
4573
+ alias_method :unexpected_ftrace_handler?, :unexpected_ftrace_handler
4574
+
4575
+ # True if interrupt handlers that are are not in the expected kernel or module
4576
+ # code regions are present.
4577
+ # Corresponds to the JSON property `unexpectedInterruptHandler`
4578
+ # @return [Boolean]
4579
+ attr_accessor :unexpected_interrupt_handler
4580
+ alias_method :unexpected_interrupt_handler?, :unexpected_interrupt_handler
4581
+
4582
+ # True if kernel code pages that are not in the expected kernel or module code
4583
+ # regions are present.
4584
+ # Corresponds to the JSON property `unexpectedKernelCodePages`
4585
+ # @return [Boolean]
4586
+ attr_accessor :unexpected_kernel_code_pages
4587
+ alias_method :unexpected_kernel_code_pages?, :unexpected_kernel_code_pages
4588
+
4589
+ # True if `kprobe` points are present with callbacks pointing to regions that
4590
+ # are not in the expected kernel or module code range.
4591
+ # Corresponds to the JSON property `unexpectedKprobeHandler`
4592
+ # @return [Boolean]
4593
+ attr_accessor :unexpected_kprobe_handler
4594
+ alias_method :unexpected_kprobe_handler?, :unexpected_kprobe_handler
4595
+
4596
+ # True if unexpected processes in the scheduler run queue are present. Such
4597
+ # processes are in the run queue, but not in the process task list.
4598
+ # Corresponds to the JSON property `unexpectedProcessesInRunqueue`
4599
+ # @return [Boolean]
4600
+ attr_accessor :unexpected_processes_in_runqueue
4601
+ alias_method :unexpected_processes_in_runqueue?, :unexpected_processes_in_runqueue
4602
+
4603
+ # True if unexpected modifications of kernel read-only data memory are present.
4604
+ # Corresponds to the JSON property `unexpectedReadOnlyDataModification`
4605
+ # @return [Boolean]
4606
+ attr_accessor :unexpected_read_only_data_modification
4607
+ alias_method :unexpected_read_only_data_modification?, :unexpected_read_only_data_modification
4608
+
4609
+ # True if system call handlers that are are not in the expected kernel or module
4610
+ # code regions are present.
4611
+ # Corresponds to the JSON property `unexpectedSystemCallHandler`
4612
+ # @return [Boolean]
4613
+ attr_accessor :unexpected_system_call_handler
4614
+ alias_method :unexpected_system_call_handler?, :unexpected_system_call_handler
4615
+
4616
+ def initialize(**args)
4617
+ update!(**args)
4618
+ end
4619
+
4620
+ # Update properties of this object
4621
+ def update!(**args)
4622
+ @name = args[:name] if args.key?(:name)
4623
+ @unexpected_code_modification = args[:unexpected_code_modification] if args.key?(:unexpected_code_modification)
4624
+ @unexpected_ftrace_handler = args[:unexpected_ftrace_handler] if args.key?(:unexpected_ftrace_handler)
4625
+ @unexpected_interrupt_handler = args[:unexpected_interrupt_handler] if args.key?(:unexpected_interrupt_handler)
4626
+ @unexpected_kernel_code_pages = args[:unexpected_kernel_code_pages] if args.key?(:unexpected_kernel_code_pages)
4627
+ @unexpected_kprobe_handler = args[:unexpected_kprobe_handler] if args.key?(:unexpected_kprobe_handler)
4628
+ @unexpected_processes_in_runqueue = args[:unexpected_processes_in_runqueue] if args.key?(:unexpected_processes_in_runqueue)
4629
+ @unexpected_read_only_data_modification = args[:unexpected_read_only_data_modification] if args.key?(:unexpected_read_only_data_modification)
4630
+ @unexpected_system_call_handler = args[:unexpected_system_call_handler] if args.key?(:unexpected_system_call_handler)
4631
+ end
4632
+ end
4633
+
4634
+ # Kubernetes-related attributes.
4635
+ class GoogleCloudSecuritycenterV2Kubernetes
4636
+ include Google::Apis::Core::Hashable
4637
+
4638
+ # Provides information on any Kubernetes access reviews (privilege checks)
4639
+ # relevant to the finding.
4640
+ # Corresponds to the JSON property `accessReviews`
4641
+ # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2AccessReview>]
4642
+ attr_accessor :access_reviews
4643
+
4644
+ # Provides Kubernetes role binding information for findings that involve [
4645
+ # RoleBindings or ClusterRoleBindings](https://cloud.google.com/kubernetes-
4646
+ # engine/docs/how-to/role-based-access-control).
4647
+ # Corresponds to the JSON property `bindings`
4648
+ # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Binding>]
4649
+ attr_accessor :bindings
4650
+
4651
+ # GKE [node pools](https://cloud.google.com/kubernetes-engine/docs/concepts/node-
4652
+ # pools) associated with the finding. This field contains node pool information
4653
+ # for each node, when it is available.
4654
+ # Corresponds to the JSON property `nodePools`
4655
+ # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2NodePool>]
4656
+ attr_accessor :node_pools
4657
+
4658
+ # Provides Kubernetes [node](https://cloud.google.com/kubernetes-engine/docs/
4659
+ # concepts/cluster-architecture#nodes) information.
4660
+ # Corresponds to the JSON property `nodes`
4661
+ # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Node>]
4662
+ attr_accessor :nodes
4663
+
4664
+ # Kubernetes objects related to the finding.
4665
+ # Corresponds to the JSON property `objects`
4666
+ # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Object>]
4667
+ attr_accessor :objects
4668
+
4669
+ # Kubernetes [Pods](https://cloud.google.com/kubernetes-engine/docs/concepts/pod)
4670
+ # associated with the finding. This field contains Pod records for each
4671
+ # container that is owned by a Pod.
4672
+ # Corresponds to the JSON property `pods`
4673
+ # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Pod>]
4674
+ attr_accessor :pods
4675
+
4676
+ # Provides Kubernetes role information for findings that involve [Roles or
4677
+ # ClusterRoles](https://cloud.google.com/kubernetes-engine/docs/how-to/role-
4678
+ # based-access-control).
4679
+ # Corresponds to the JSON property `roles`
4680
+ # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Role>]
4681
+ attr_accessor :roles
4682
+
4683
+ def initialize(**args)
4684
+ update!(**args)
4685
+ end
4686
+
4687
+ # Update properties of this object
4688
+ def update!(**args)
4689
+ @access_reviews = args[:access_reviews] if args.key?(:access_reviews)
4690
+ @bindings = args[:bindings] if args.key?(:bindings)
4691
+ @node_pools = args[:node_pools] if args.key?(:node_pools)
4692
+ @nodes = args[:nodes] if args.key?(:nodes)
4693
+ @objects = args[:objects] if args.key?(:objects)
4694
+ @pods = args[:pods] if args.key?(:pods)
4695
+ @roles = args[:roles] if args.key?(:roles)
4696
+ end
4697
+ end
4698
+
4699
+ # Represents a generic name-value label. A label has separate name and value
4700
+ # fields to support filtering with the `contains()` function. For more
4701
+ # information, see [Filtering on array-type fields](https://cloud.google.com/
4702
+ # security-command-center/docs/how-to-api-list-findings#array-contains-filtering)
4703
+ # .
4704
+ class GoogleCloudSecuritycenterV2Label
4705
+ include Google::Apis::Core::Hashable
4706
+
4707
+ # Name of the label.
4708
+ # Corresponds to the JSON property `name`
4709
+ # @return [String]
4710
+ attr_accessor :name
4711
+
4712
+ # Value that corresponds to the label's name.
4713
+ # Corresponds to the JSON property `value`
4714
+ # @return [String]
4715
+ attr_accessor :value
4716
+
4717
+ def initialize(**args)
4718
+ update!(**args)
4719
+ end
4720
+
4721
+ # Update properties of this object
4722
+ def update!(**args)
4723
+ @name = args[:name] if args.key?(:name)
4724
+ @value = args[:value] if args.key?(:value)
4725
+ end
4726
+ end
4727
+
4728
+ # Contains information related to the load balancer associated with the finding.
4729
+ class GoogleCloudSecuritycenterV2LoadBalancer
4730
+ include Google::Apis::Core::Hashable
4731
+
4732
+ # The name of the load balancer associated with the finding.
4733
+ # Corresponds to the JSON property `name`
4734
+ # @return [String]
4735
+ attr_accessor :name
4736
+
4737
+ def initialize(**args)
4738
+ update!(**args)
4739
+ end
4740
+
4741
+ # Update properties of this object
4742
+ def update!(**args)
4743
+ @name = args[:name] if args.key?(:name)
4744
+ end
4745
+ end
4746
+
4747
+ # An individual entry in a log.
4748
+ class GoogleCloudSecuritycenterV2LogEntry
4749
+ include Google::Apis::Core::Hashable
4750
+
4751
+ # Metadata taken from a [Cloud Logging LogEntry](https://cloud.google.com/
4752
+ # logging/docs/reference/v2/rest/v2/LogEntry)
4753
+ # Corresponds to the JSON property `cloudLoggingEntry`
4754
+ # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2CloudLoggingEntry]
4755
+ attr_accessor :cloud_logging_entry
4756
+
4757
+ def initialize(**args)
4758
+ update!(**args)
4759
+ end
4760
+
4761
+ # Update properties of this object
4762
+ def update!(**args)
4763
+ @cloud_logging_entry = args[:cloud_logging_entry] if args.key?(:cloud_logging_entry)
4764
+ end
4765
+ end
4766
+
4767
+ # A signature corresponding to memory page hashes.
4768
+ class GoogleCloudSecuritycenterV2MemoryHashSignature
4769
+ include Google::Apis::Core::Hashable
4770
+
4771
+ # The binary family.
4772
+ # Corresponds to the JSON property `binaryFamily`
4773
+ # @return [String]
4774
+ attr_accessor :binary_family
4775
+
4776
+ # The list of memory hash detections contributing to the binary family match.
4777
+ # Corresponds to the JSON property `detections`
4778
+ # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Detection>]
4779
+ attr_accessor :detections
4780
+
4781
+ def initialize(**args)
4782
+ update!(**args)
4783
+ end
4784
+
4785
+ # Update properties of this object
4786
+ def update!(**args)
4787
+ @binary_family = args[:binary_family] if args.key?(:binary_family)
4788
+ @detections = args[:detections] if args.key?(:detections)
4789
+ end
4790
+ end
4791
+
4792
+ # MITRE ATT&CK tactics and techniques related to this finding. See: https://
4793
+ # attack.mitre.org
4794
+ class GoogleCloudSecuritycenterV2MitreAttack
4795
+ include Google::Apis::Core::Hashable
4796
+
4797
+ # Additional MITRE ATT&CK tactics related to this finding, if any.
4798
+ # Corresponds to the JSON property `additionalTactics`
4799
+ # @return [Array<String>]
4800
+ attr_accessor :additional_tactics
4801
+
4802
+ # Additional MITRE ATT&CK techniques related to this finding, if any, along with
4803
+ # any of their respective parent techniques.
4804
+ # Corresponds to the JSON property `additionalTechniques`
4805
+ # @return [Array<String>]
4806
+ attr_accessor :additional_techniques
4807
+
4808
+ # The MITRE ATT&CK tactic most closely represented by this finding, if any.
4809
+ # Corresponds to the JSON property `primaryTactic`
4810
+ # @return [String]
4811
+ attr_accessor :primary_tactic
4812
+
4813
+ # The MITRE ATT&CK technique most closely represented by this finding, if any.
4814
+ # primary_techniques is a repeated field because there are multiple levels of
4815
+ # MITRE ATT&CK techniques. If the technique most closely represented by this
4816
+ # finding is a sub-technique (e.g. `SCANNING_IP_BLOCKS`), both the sub-technique
4817
+ # and its parent technique(s) will be listed (e.g. `SCANNING_IP_BLOCKS`, `
4818
+ # ACTIVE_SCANNING`).
4819
+ # Corresponds to the JSON property `primaryTechniques`
4820
+ # @return [Array<String>]
4821
+ attr_accessor :primary_techniques
4822
+
4823
+ # The MITRE ATT&CK version referenced by the above fields. E.g. "8".
4824
+ # Corresponds to the JSON property `version`
4825
+ # @return [String]
4826
+ attr_accessor :version
4827
+
4828
+ def initialize(**args)
4829
+ update!(**args)
4830
+ end
4831
+
4832
+ # Update properties of this object
4833
+ def update!(**args)
4834
+ @additional_tactics = args[:additional_tactics] if args.key?(:additional_tactics)
4835
+ @additional_techniques = args[:additional_techniques] if args.key?(:additional_techniques)
4836
+ @primary_tactic = args[:primary_tactic] if args.key?(:primary_tactic)
4837
+ @primary_techniques = args[:primary_techniques] if args.key?(:primary_techniques)
4838
+ @version = args[:version] if args.key?(:version)
4839
+ end
4840
+ end
4841
+
4842
+ # A mute config is a Cloud SCC resource that contains the configuration to mute
4843
+ # create/update events of findings.
4844
+ class GoogleCloudSecuritycenterV2MuteConfig
4845
+ include Google::Apis::Core::Hashable
4846
+
4847
+ # Output only. The time at which the mute config was created. This field is set
4848
+ # by the server and will be ignored if provided on config creation.
4849
+ # Corresponds to the JSON property `createTime`
4850
+ # @return [String]
4851
+ attr_accessor :create_time
4852
+
4853
+ # A description of the mute config.
4854
+ # Corresponds to the JSON property `description`
4855
+ # @return [String]
4856
+ attr_accessor :description
4857
+
4858
+ # Required. An expression that defines the filter to apply across create/update
4859
+ # events of findings. While creating a filter string, be mindful of the scope in
4860
+ # which the mute configuration is being created. E.g., If a filter contains
4861
+ # project = X but is created under the project = Y scope, it might not match any
4862
+ # findings. The following field and operator combinations are supported: *
4863
+ # severity: `=`, `:` * category: `=`, `:` * resource.name: `=`, `:` * resource.
4864
+ # project_name: `=`, `:` * resource.project_display_name: `=`, `:` * resource.
4865
+ # folders.resource_folder: `=`, `:` * resource.parent_name: `=`, `:` * resource.
4866
+ # parent_display_name: `=`, `:` * resource.type: `=`, `:` * finding_class: `=`, `
4867
+ # :` * indicator.ip_addresses: `=`, `:` * indicator.domains: `=`, `:`
4868
+ # Corresponds to the JSON property `filter`
4869
+ # @return [String]
4870
+ attr_accessor :filter
4871
+
4872
+ # Output only. Email address of the user who last edited the mute config. This
4873
+ # field is set by the server and will be ignored if provided on config creation
4874
+ # or update.
4875
+ # Corresponds to the JSON property `mostRecentEditor`
4876
+ # @return [String]
4877
+ attr_accessor :most_recent_editor
4878
+
4879
+ # This field will be ignored if provided on config creation. The following list
4880
+ # shows some examples of the format: + `organizations/`organization`/muteConfigs/
4881
+ # `mute_config`` + `organizations/`organization`locations/`location`//
4882
+ # muteConfigs/`mute_config`` + `folders/`folder`/muteConfigs/`mute_config`` + `
4883
+ # folders/`folder`/locations/`location`/muteConfigs/`mute_config`` + `projects/`
4884
+ # project`/muteConfigs/`mute_config`` + `projects/`project`/locations/`location`/
4885
+ # muteConfigs/`mute_config``
4886
+ # Corresponds to the JSON property `name`
4887
+ # @return [String]
4888
+ attr_accessor :name
4889
+
4890
+ # Required. The type of the mute config, which determines what type of mute
4891
+ # state the config affects. Immutable after creation.
4892
+ # Corresponds to the JSON property `type`
4893
+ # @return [String]
4894
+ attr_accessor :type
4895
+
4896
+ # Output only. The most recent time at which the mute config was updated. This
4897
+ # field is set by the server and will be ignored if provided on config creation
4898
+ # or update.
4899
+ # Corresponds to the JSON property `updateTime`
4900
+ # @return [String]
4901
+ attr_accessor :update_time
4902
+
4903
+ def initialize(**args)
4904
+ update!(**args)
4905
+ end
4906
+
4907
+ # Update properties of this object
4908
+ def update!(**args)
4909
+ @create_time = args[:create_time] if args.key?(:create_time)
4910
+ @description = args[:description] if args.key?(:description)
4911
+ @filter = args[:filter] if args.key?(:filter)
4912
+ @most_recent_editor = args[:most_recent_editor] if args.key?(:most_recent_editor)
4913
+ @name = args[:name] if args.key?(:name)
4914
+ @type = args[:type] if args.key?(:type)
4915
+ @update_time = args[:update_time] if args.key?(:update_time)
4916
+ end
4917
+ end
4918
+
4919
+ # Kubernetes nodes associated with the finding.
4920
+ class GoogleCloudSecuritycenterV2Node
4921
+ include Google::Apis::Core::Hashable
4922
+
4923
+ # [Full resource name](https://google.aip.dev/122#full-resource-names) of the
4924
+ # Compute Engine VM running the cluster node.
4925
+ # Corresponds to the JSON property `name`
4926
+ # @return [String]
4927
+ attr_accessor :name
4928
+
4929
+ def initialize(**args)
4930
+ update!(**args)
4931
+ end
4932
+
4933
+ # Update properties of this object
4934
+ def update!(**args)
4935
+ @name = args[:name] if args.key?(:name)
4936
+ end
4937
+ end
4938
+
4939
+ # Provides GKE node pool information.
4940
+ class GoogleCloudSecuritycenterV2NodePool
4941
+ include Google::Apis::Core::Hashable
4942
+
4943
+ # Kubernetes node pool name.
4944
+ # Corresponds to the JSON property `name`
4945
+ # @return [String]
4946
+ attr_accessor :name
4947
+
4948
+ # Nodes associated with the finding.
4949
+ # Corresponds to the JSON property `nodes`
4950
+ # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Node>]
4951
+ attr_accessor :nodes
4952
+
4953
+ def initialize(**args)
4954
+ update!(**args)
4955
+ end
4956
+
4957
+ # Update properties of this object
4958
+ def update!(**args)
4959
+ @name = args[:name] if args.key?(:name)
4960
+ @nodes = args[:nodes] if args.key?(:nodes)
4961
+ end
4962
+ end
4963
+
4964
+ # Cloud SCC's Notification
4965
+ class GoogleCloudSecuritycenterV2NotificationMessage
4966
+ include Google::Apis::Core::Hashable
4967
+
4968
+ # Security Command Center finding. A finding is a record of assessment data like
4969
+ # security, risk, health, or privacy, that is ingested into Security Command
4970
+ # Center for presentation, notification, analysis, policy testing, and
4971
+ # enforcement. For example, a cross-site scripting (XSS) vulnerability in an App
4972
+ # Engine application is a finding.
4973
+ # Corresponds to the JSON property `finding`
4974
+ # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Finding]
4975
+ attr_accessor :finding
4976
+
4977
+ # Name of the notification config that generated current notification.
4978
+ # Corresponds to the JSON property `notificationConfigName`
4979
+ # @return [String]
4980
+ attr_accessor :notification_config_name
4981
+
4982
+ # Information related to the Google Cloud resource.
4983
+ # Corresponds to the JSON property `resource`
4984
+ # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Resource]
4985
+ attr_accessor :resource
4986
+
4987
+ def initialize(**args)
4988
+ update!(**args)
4989
+ end
4990
+
4991
+ # Update properties of this object
4992
+ def update!(**args)
4993
+ @finding = args[:finding] if args.key?(:finding)
4994
+ @notification_config_name = args[:notification_config_name] if args.key?(:notification_config_name)
4995
+ @resource = args[:resource] if args.key?(:resource)
4996
+ end
4997
+ end
4998
+
4999
+ # Kubernetes object related to the finding, uniquely identified by GKNN. Used if
5000
+ # the object Kind is not one of Pod, Node, NodePool, Binding, or AccessReview.
5001
+ class GoogleCloudSecuritycenterV2Object
5002
+ include Google::Apis::Core::Hashable
5003
+
5004
+ # Pod containers associated with this finding, if any.
5005
+ # Corresponds to the JSON property `containers`
5006
+ # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Container>]
5007
+ attr_accessor :containers
5008
+
5009
+ # Kubernetes object group, such as "policy.k8s.io/v1".
5010
+ # Corresponds to the JSON property `group`
5011
+ # @return [String]
5012
+ attr_accessor :group
5013
+
5014
+ # Kubernetes object kind, such as "Namespace".
5015
+ # Corresponds to the JSON property `kind`
5016
+ # @return [String]
5017
+ attr_accessor :kind
5018
+
5019
+ # Kubernetes object name. For details see https://kubernetes.io/docs/concepts/
5020
+ # overview/working-with-objects/names/.
5021
+ # Corresponds to the JSON property `name`
5022
+ # @return [String]
5023
+ attr_accessor :name
5024
+
5025
+ # Kubernetes object namespace. Must be a valid DNS label. Named "ns" to avoid
5026
+ # collision with C++ namespace keyword. For details see https://kubernetes.io/
5027
+ # docs/tasks/administer-cluster/namespaces/.
5028
+ # Corresponds to the JSON property `ns`
5029
+ # @return [String]
5030
+ attr_accessor :ns
5031
+
5032
+ def initialize(**args)
5033
+ update!(**args)
5034
+ end
5035
+
5036
+ # Update properties of this object
5037
+ def update!(**args)
5038
+ @containers = args[:containers] if args.key?(:containers)
5039
+ @group = args[:group] if args.key?(:group)
5040
+ @kind = args[:kind] if args.key?(:kind)
5041
+ @name = args[:name] if args.key?(:name)
5042
+ @ns = args[:ns] if args.key?(:ns)
5043
+ end
5044
+ end
5045
+
5046
+ # Contains information about the org policies associated with the finding.
5047
+ class GoogleCloudSecuritycenterV2OrgPolicy
5048
+ include Google::Apis::Core::Hashable
5049
+
5050
+ # The resource name of the org policy. Example: "organizations/`organization_id`/
5051
+ # policies/`constraint_name`"
5052
+ # Corresponds to the JSON property `name`
5053
+ # @return [String]
5054
+ attr_accessor :name
5055
+
5056
+ def initialize(**args)
5057
+ update!(**args)
5058
+ end
5059
+
5060
+ # Update properties of this object
5061
+ def update!(**args)
5062
+ @name = args[:name] if args.key?(:name)
5063
+ end
5064
+ end
5065
+
5066
+ # Package is a generic definition of a package.
5067
+ class GoogleCloudSecuritycenterV2Package
5068
+ include Google::Apis::Core::Hashable
5069
+
5070
+ # The CPE URI where the vulnerability was detected.
5071
+ # Corresponds to the JSON property `cpeUri`
5072
+ # @return [String]
5073
+ attr_accessor :cpe_uri
5074
+
5075
+ # The name of the package where the vulnerability was detected.
5076
+ # Corresponds to the JSON property `packageName`
5077
+ # @return [String]
5078
+ attr_accessor :package_name
5079
+
5080
+ # Type of package, for example, os, maven, or go.
5081
+ # Corresponds to the JSON property `packageType`
5082
+ # @return [String]
5083
+ attr_accessor :package_type
5084
+
5085
+ # The version of the package.
5086
+ # Corresponds to the JSON property `packageVersion`
5087
+ # @return [String]
5088
+ attr_accessor :package_version
5089
+
5090
+ def initialize(**args)
5091
+ update!(**args)
5092
+ end
5093
+
5094
+ # Update properties of this object
5095
+ def update!(**args)
5096
+ @cpe_uri = args[:cpe_uri] if args.key?(:cpe_uri)
5097
+ @package_name = args[:package_name] if args.key?(:package_name)
5098
+ @package_type = args[:package_type] if args.key?(:package_type)
5099
+ @package_version = args[:package_version] if args.key?(:package_version)
5100
+ end
5101
+ end
5102
+
5103
+ # A Kubernetes Pod.
5104
+ class GoogleCloudSecuritycenterV2Pod
5105
+ include Google::Apis::Core::Hashable
5106
+
5107
+ # Pod containers associated with this finding, if any.
5108
+ # Corresponds to the JSON property `containers`
5109
+ # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Container>]
5110
+ attr_accessor :containers
5111
+
5112
+ # Pod labels. For Kubernetes containers, these are applied to the container.
5113
+ # Corresponds to the JSON property `labels`
5114
+ # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Label>]
5115
+ attr_accessor :labels
5116
+
5117
+ # Kubernetes Pod name.
5118
+ # Corresponds to the JSON property `name`
5119
+ # @return [String]
5120
+ attr_accessor :name
5121
+
5122
+ # Kubernetes Pod namespace.
5123
+ # Corresponds to the JSON property `ns`
5124
+ # @return [String]
5125
+ attr_accessor :ns
5126
+
5127
+ def initialize(**args)
5128
+ update!(**args)
5129
+ end
5130
+
5131
+ # Update properties of this object
5132
+ def update!(**args)
5133
+ @containers = args[:containers] if args.key?(:containers)
5134
+ @labels = args[:labels] if args.key?(:labels)
5135
+ @name = args[:name] if args.key?(:name)
5136
+ @ns = args[:ns] if args.key?(:ns)
5137
+ end
5138
+ end
5139
+
5140
+ # The policy field that violates the deployed posture and its expected and
5141
+ # detected values.
5142
+ class GoogleCloudSecuritycenterV2PolicyDriftDetails
5143
+ include Google::Apis::Core::Hashable
5144
+
5145
+ # The detected value that violates the deployed posture, for example, `false` or
5146
+ # `allowed_values=`"projects/22831892”``.
5147
+ # Corresponds to the JSON property `detectedValue`
5148
+ # @return [String]
5149
+ attr_accessor :detected_value
5150
+
5151
+ # The value of this field that was configured in a posture, for example, `true`
5152
+ # or `allowed_values=`"projects/29831892”``.
5153
+ # Corresponds to the JSON property `expectedValue`
5154
+ # @return [String]
5155
+ attr_accessor :expected_value
5156
+
5157
+ # The name of the updated field, for example constraint.implementation.
5158
+ # policy_rules[0].enforce
5159
+ # Corresponds to the JSON property `field`
5160
+ # @return [String]
5161
+ attr_accessor :field
5162
+
5163
+ def initialize(**args)
5164
+ update!(**args)
5165
+ end
5166
+
5167
+ # Update properties of this object
5168
+ def update!(**args)
5169
+ @detected_value = args[:detected_value] if args.key?(:detected_value)
5170
+ @expected_value = args[:expected_value] if args.key?(:expected_value)
5171
+ @field = args[:field] if args.key?(:field)
5172
+ end
5173
+ end
5174
+
5175
+ # Represents an operating system process.
5176
+ class GoogleCloudSecuritycenterV2Process
5177
+ include Google::Apis::Core::Hashable
5178
+
5179
+ # Process arguments as JSON encoded strings.
5180
+ # Corresponds to the JSON property `args`
5181
+ # @return [Array<String>]
5182
+ attr_accessor :args
5183
+
5184
+ # True if `args` is incomplete.
5185
+ # Corresponds to the JSON property `argumentsTruncated`
5186
+ # @return [Boolean]
5187
+ attr_accessor :arguments_truncated
5188
+ alias_method :arguments_truncated?, :arguments_truncated
5189
+
5190
+ # File information about the related binary/library used by an executable, or
5191
+ # the script used by a script interpreter
5192
+ # Corresponds to the JSON property `binary`
5193
+ # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2File]
5194
+ attr_accessor :binary
5195
+
5196
+ # Process environment variables.
5197
+ # Corresponds to the JSON property `envVariables`
5198
+ # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2EnvironmentVariable>]
5199
+ attr_accessor :env_variables
5200
+
5201
+ # True if `env_variables` is incomplete.
5202
+ # Corresponds to the JSON property `envVariablesTruncated`
5203
+ # @return [Boolean]
5204
+ attr_accessor :env_variables_truncated
5205
+ alias_method :env_variables_truncated?, :env_variables_truncated
5206
+
5207
+ # File information for libraries loaded by the process.
5208
+ # Corresponds to the JSON property `libraries`
5209
+ # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2File>]
5210
+ attr_accessor :libraries
5211
+
5212
+ # The process name, as displayed in utilities like `top` and `ps`. This name can
5213
+ # be accessed through `/proc/[pid]/comm` and changed with `prctl(PR_SET_NAME)`.
5214
+ # Corresponds to the JSON property `name`
5215
+ # @return [String]
5216
+ attr_accessor :name
5217
+
5218
+ # The parent process ID.
5219
+ # Corresponds to the JSON property `parentPid`
5220
+ # @return [Fixnum]
5221
+ attr_accessor :parent_pid
5222
+
5223
+ # The process ID.
5224
+ # Corresponds to the JSON property `pid`
5225
+ # @return [Fixnum]
5226
+ attr_accessor :pid
5227
+
5228
+ # File information about the related binary/library used by an executable, or
5229
+ # the script used by a script interpreter
5230
+ # Corresponds to the JSON property `script`
5231
+ # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2File]
5232
+ attr_accessor :script
5233
+
5234
+ def initialize(**args)
5235
+ update!(**args)
5236
+ end
5237
+
5238
+ # Update properties of this object
5239
+ def update!(**args)
5240
+ @args = args[:args] if args.key?(:args)
5241
+ @arguments_truncated = args[:arguments_truncated] if args.key?(:arguments_truncated)
5242
+ @binary = args[:binary] if args.key?(:binary)
5243
+ @env_variables = args[:env_variables] if args.key?(:env_variables)
5244
+ @env_variables_truncated = args[:env_variables_truncated] if args.key?(:env_variables_truncated)
5245
+ @libraries = args[:libraries] if args.key?(:libraries)
5246
+ @name = args[:name] if args.key?(:name)
5247
+ @parent_pid = args[:parent_pid] if args.key?(:parent_pid)
5248
+ @pid = args[:pid] if args.key?(:pid)
5249
+ @script = args[:script] if args.key?(:script)
5250
+ end
5251
+ end
5252
+
5253
+ # Indicates what signature matched this process.
5254
+ class GoogleCloudSecuritycenterV2ProcessSignature
5255
+ include Google::Apis::Core::Hashable
5256
+
5257
+ # A signature corresponding to memory page hashes.
5258
+ # Corresponds to the JSON property `memoryHashSignature`
5259
+ # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2MemoryHashSignature]
5260
+ attr_accessor :memory_hash_signature
5261
+
5262
+ # Describes the type of resource associated with the signature.
5263
+ # Corresponds to the JSON property `signatureType`
5264
+ # @return [String]
5265
+ attr_accessor :signature_type
5266
+
5267
+ # A signature corresponding to a YARA rule.
5268
+ # Corresponds to the JSON property `yaraRuleSignature`
5269
+ # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2YaraRuleSignature]
5270
+ attr_accessor :yara_rule_signature
5271
+
5272
+ def initialize(**args)
5273
+ update!(**args)
5274
+ end
5275
+
5276
+ # Update properties of this object
5277
+ def update!(**args)
5278
+ @memory_hash_signature = args[:memory_hash_signature] if args.key?(:memory_hash_signature)
5279
+ @signature_type = args[:signature_type] if args.key?(:signature_type)
5280
+ @yara_rule_signature = args[:yara_rule_signature] if args.key?(:yara_rule_signature)
5281
+ end
5282
+ end
5283
+
5284
+ # Additional Links
5285
+ class GoogleCloudSecuritycenterV2Reference
5286
+ include Google::Apis::Core::Hashable
5287
+
5288
+ # Source of the reference e.g. NVD
5289
+ # Corresponds to the JSON property `source`
5290
+ # @return [String]
5291
+ attr_accessor :source
5292
+
5293
+ # Uri for the mentioned source e.g. https://cve.mitre.org/cgi-bin/cvename.cgi?
5294
+ # name=CVE-2021-34527.
5295
+ # Corresponds to the JSON property `uri`
5296
+ # @return [String]
5297
+ attr_accessor :uri
5298
+
5299
+ def initialize(**args)
5300
+ update!(**args)
5301
+ end
5302
+
5303
+ # Update properties of this object
5304
+ def update!(**args)
5305
+ @source = args[:source] if args.key?(:source)
5306
+ @uri = args[:uri] if args.key?(:uri)
5307
+ end
5308
+ end
5309
+
5310
+ # Information related to the Google Cloud resource.
5311
+ class GoogleCloudSecuritycenterV2Resource
5312
+ include Google::Apis::Core::Hashable
5313
+
5314
+ # The human readable name of the resource.
5315
+ # Corresponds to the JSON property `displayName`
5316
+ # @return [String]
5317
+ attr_accessor :display_name
5318
+
5319
+ # The full resource name of the resource. See: https://cloud.google.com/apis/
5320
+ # design/resource_names#full_resource_name
5321
+ # Corresponds to the JSON property `name`
5322
+ # @return [String]
5323
+ attr_accessor :name
5324
+
5325
+ # The full resource type of the resource.
5326
+ # Corresponds to the JSON property `type`
5327
+ # @return [String]
5328
+ attr_accessor :type
5329
+
5330
+ def initialize(**args)
5331
+ update!(**args)
5332
+ end
5333
+
5334
+ # Update properties of this object
5335
+ def update!(**args)
5336
+ @display_name = args[:display_name] if args.key?(:display_name)
5337
+ @name = args[:name] if args.key?(:name)
5338
+ @type = args[:type] if args.key?(:type)
5339
+ end
5340
+ end
5341
+
5342
+ # A resource value config (RVC) is a mapping configuration of user's resources
5343
+ # to resource values. Used in Attack path simulations.
5344
+ class GoogleCloudSecuritycenterV2ResourceValueConfig
5345
+ include Google::Apis::Core::Hashable
5346
+
5347
+ # Output only. Timestamp this resource value config was created.
5348
+ # Corresponds to the JSON property `createTime`
5349
+ # @return [String]
5350
+ attr_accessor :create_time
5351
+
5352
+ # Description of the resource value config.
5353
+ # Corresponds to the JSON property `description`
5354
+ # @return [String]
5355
+ attr_accessor :description
5356
+
5357
+ # Name for the resource value config
5358
+ # Corresponds to the JSON property `name`
5359
+ # @return [String]
5360
+ attr_accessor :name
5361
+
5362
+ # List of resource labels to search for, evaluated with AND. E.g. "
5363
+ # resource_labels_selector": `"key": "value", "env": "prod"` will match
5364
+ # resources with labels "key": "value" AND "env": "prod" https://cloud.google.
5365
+ # com/resource-manager/docs/creating-managing-labels
5366
+ # Corresponds to the JSON property `resourceLabelsSelector`
5367
+ # @return [Hash<String,String>]
5368
+ attr_accessor :resource_labels_selector
5369
+
5370
+ # Apply resource_value only to resources that match resource_type. resource_type
5371
+ # will be checked with "AND" of other resources. E.g. "storage.googleapis.com/
5372
+ # Bucket" with resource_value "HIGH" will apply "HIGH" value only to "storage.
5373
+ # googleapis.com/Bucket" resources.
5374
+ # Corresponds to the JSON property `resourceType`
5375
+ # @return [String]
5376
+ attr_accessor :resource_type
5377
+
5378
+ # Resource value level this expression represents Only required when there is no
5379
+ # SDP mapping in the request
5380
+ # Corresponds to the JSON property `resourceValue`
5381
+ # @return [String]
5382
+ attr_accessor :resource_value
5383
+
5384
+ # Project or folder to scope this config to. For example, "project/456" would
5385
+ # apply this config only to resources in "project/456" scope will be checked
5386
+ # with "AND" of other resources.
5387
+ # Corresponds to the JSON property `scope`
5388
+ # @return [String]
5389
+ attr_accessor :scope
5390
+
5391
+ # Resource value mapping for Sensitive Data Protection findings If any of these
5392
+ # mappings have a resource value that is not unspecified, the resource_value
5393
+ # field will be ignored when reading this configuration.
5394
+ # Corresponds to the JSON property `sensitiveDataProtectionMapping`
5395
+ # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2SensitiveDataProtectionMapping]
5396
+ attr_accessor :sensitive_data_protection_mapping
5397
+
5398
+ # Required. Tag values combined with AND to check against. Values in the form "
5399
+ # tagValues/123" E.g. [ "tagValues/123", "tagValues/456", "tagValues/789" ]
5400
+ # https://cloud.google.com/resource-manager/docs/tags/tags-creating-and-managing
5401
+ # Corresponds to the JSON property `tagValues`
5402
+ # @return [Array<String>]
5403
+ attr_accessor :tag_values
5404
+
5405
+ # Output only. Timestamp this resource value config was last updated.
5406
+ # Corresponds to the JSON property `updateTime`
5407
+ # @return [String]
5408
+ attr_accessor :update_time
5409
+
5410
+ def initialize(**args)
5411
+ update!(**args)
5412
+ end
5413
+
5414
+ # Update properties of this object
5415
+ def update!(**args)
5416
+ @create_time = args[:create_time] if args.key?(:create_time)
5417
+ @description = args[:description] if args.key?(:description)
5418
+ @name = args[:name] if args.key?(:name)
5419
+ @resource_labels_selector = args[:resource_labels_selector] if args.key?(:resource_labels_selector)
5420
+ @resource_type = args[:resource_type] if args.key?(:resource_type)
5421
+ @resource_value = args[:resource_value] if args.key?(:resource_value)
5422
+ @scope = args[:scope] if args.key?(:scope)
5423
+ @sensitive_data_protection_mapping = args[:sensitive_data_protection_mapping] if args.key?(:sensitive_data_protection_mapping)
5424
+ @tag_values = args[:tag_values] if args.key?(:tag_values)
5425
+ @update_time = args[:update_time] if args.key?(:update_time)
5426
+ end
5427
+ end
5428
+
5429
+ # Kubernetes Role or ClusterRole.
5430
+ class GoogleCloudSecuritycenterV2Role
5431
+ include Google::Apis::Core::Hashable
5432
+
5433
+ # Role type.
5434
+ # Corresponds to the JSON property `kind`
5435
+ # @return [String]
5436
+ attr_accessor :kind
5437
+
5438
+ # Role name.
5439
+ # Corresponds to the JSON property `name`
5440
+ # @return [String]
5441
+ attr_accessor :name
5442
+
5443
+ # Role namespace.
5444
+ # Corresponds to the JSON property `ns`
5445
+ # @return [String]
5446
+ attr_accessor :ns
5447
+
5448
+ def initialize(**args)
5449
+ update!(**args)
5450
+ end
5451
+
5452
+ # Update properties of this object
5453
+ def update!(**args)
5454
+ @kind = args[:kind] if args.key?(:kind)
5455
+ @name = args[:name] if args.key?(:name)
5456
+ @ns = args[:ns] if args.key?(:ns)
5457
+ end
5458
+ end
5459
+
5460
+ # SecurityBulletin are notifications of vulnerabilities of Google products.
5461
+ class GoogleCloudSecuritycenterV2SecurityBulletin
5462
+ include Google::Apis::Core::Hashable
5463
+
5464
+ # ID of the bulletin corresponding to the vulnerability.
5465
+ # Corresponds to the JSON property `bulletinId`
5466
+ # @return [String]
5467
+ attr_accessor :bulletin_id
5468
+
5469
+ # Submission time of this Security Bulletin.
5470
+ # Corresponds to the JSON property `submissionTime`
5471
+ # @return [String]
5472
+ attr_accessor :submission_time
5473
+
5474
+ # This represents a version that the cluster receiving this notification should
5475
+ # be upgraded to, based on its current version. For example, 1.15.0
5476
+ # Corresponds to the JSON property `suggestedUpgradeVersion`
5477
+ # @return [String]
5478
+ attr_accessor :suggested_upgrade_version
5479
+
5480
+ def initialize(**args)
5481
+ update!(**args)
5482
+ end
5483
+
5484
+ # Update properties of this object
5485
+ def update!(**args)
5486
+ @bulletin_id = args[:bulletin_id] if args.key?(:bulletin_id)
5487
+ @submission_time = args[:submission_time] if args.key?(:submission_time)
5488
+ @suggested_upgrade_version = args[:suggested_upgrade_version] if args.key?(:suggested_upgrade_version)
5489
+ end
5490
+ end
5491
+
5492
+ # User specified security marks that are attached to the parent Security Command
5493
+ # Center resource. Security marks are scoped within a Security Command Center
5494
+ # organization -- they can be modified and viewed by all users who have proper
5495
+ # permissions on the organization.
5496
+ class GoogleCloudSecuritycenterV2SecurityMarks
5497
+ include Google::Apis::Core::Hashable
5498
+
5499
+ # The canonical name of the marks. The following list shows some examples: + `
5500
+ # organizations/`organization_id`/assets/`asset_id`/securityMarks" + `
5501
+ # organizations/`organization_id`/sources/`source_id`/findings/`finding_id`/
5502
+ # securityMarks" + `organizations/`organization_id`/sources/`source_id`/
5503
+ # locations/`location`/findings/`finding_id`/securityMarks" + `folders/`
5504
+ # folder_id`/assets/`asset_id`/securityMarks" + `folders/`folder_id`/sources/`
5505
+ # source_id`/findings/`finding_id`/securityMarks" + `folders/`folder_id`/sources/
5506
+ # `source_id`/locations/`location`/findings/`finding_id`/securityMarks" + `
5507
+ # projects/`project_number`/assets/`asset_id`/securityMarks" + `projects/`
5508
+ # project_number`/sources/`source_id`/findings/`finding_id`/securityMarks" + `
5509
+ # projects/`project_number`/sources/`source_id`/locations/`location`/findings/`
5510
+ # finding_id`/securityMarks"
5511
+ # Corresponds to the JSON property `canonicalName`
5512
+ # @return [String]
5513
+ attr_accessor :canonical_name
5514
+
5515
+ # Mutable user specified security marks belonging to the parent resource.
5516
+ # Constraints are as follows: * Keys and values are treated as case insensitive *
5517
+ # Keys must be between 1 - 256 characters (inclusive) * Keys must be letters,
5518
+ # numbers, underscores, or dashes * Values have leading and trailing whitespace
5519
+ # trimmed, remaining characters must be between 1 - 4096 characters (inclusive)
5520
+ # Corresponds to the JSON property `marks`
5521
+ # @return [Hash<String,String>]
5522
+ attr_accessor :marks
5523
+
5524
+ # The relative resource name of the SecurityMarks. See: https://cloud.google.com/
5525
+ # apis/design/resource_names#relative_resource_name The following list shows
5526
+ # some examples: + `organizations/`organization_id`/assets/`asset_id`/
5527
+ # securityMarks` + `organizations/`organization_id`/sources/`source_id`/findings/
5528
+ # `finding_id`/securityMarks` + `organizations/`organization_id`/sources/`
5529
+ # source_id`/locations/`location`/findings/`finding_id`/securityMarks`
5530
+ # Corresponds to the JSON property `name`
5531
+ # @return [String]
5532
+ attr_accessor :name
5533
+
5534
+ def initialize(**args)
5535
+ update!(**args)
5536
+ end
5537
+
5538
+ # Update properties of this object
5539
+ def update!(**args)
5540
+ @canonical_name = args[:canonical_name] if args.key?(:canonical_name)
5541
+ @marks = args[:marks] if args.key?(:marks)
5542
+ @name = args[:name] if args.key?(:name)
5543
+ end
5544
+ end
5545
+
5546
+ # Represents a posture that is deployed on Google Cloud by the Security Command
5547
+ # Center Posture Management service. A posture contains one or more policy sets.
5548
+ # A policy set is a group of policies that enforce a set of security rules on
5549
+ # Google Cloud.
5550
+ class GoogleCloudSecuritycenterV2SecurityPosture
5551
+ include Google::Apis::Core::Hashable
5552
+
5553
+ # The name of the updated policy, for example, `projects/`project_id`/policies/`
5554
+ # constraint_name``.
5555
+ # Corresponds to the JSON property `changedPolicy`
5556
+ # @return [String]
5557
+ attr_accessor :changed_policy
5558
+
5559
+ # Name of the posture, for example, `CIS-Posture`.
5560
+ # Corresponds to the JSON property `name`
5561
+ # @return [String]
5562
+ attr_accessor :name
5563
+
5564
+ # The ID of the updated policy, for example, `compute-policy-1`.
5565
+ # Corresponds to the JSON property `policy`
5566
+ # @return [String]
5567
+ attr_accessor :policy
5568
+
5569
+ # The details about a change in an updated policy that violates the deployed
5570
+ # posture.
5571
+ # Corresponds to the JSON property `policyDriftDetails`
5572
+ # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2PolicyDriftDetails>]
5573
+ attr_accessor :policy_drift_details
5574
+
5575
+ # The name of the updated policy set, for example, `cis-policyset`.
5576
+ # Corresponds to the JSON property `policySet`
5577
+ # @return [String]
5578
+ attr_accessor :policy_set
5579
+
5580
+ # The name of the posture deployment, for example, `organizations/`org_id`/
5581
+ # posturedeployments/`posture_deployment_id``.
5582
+ # Corresponds to the JSON property `postureDeployment`
5583
+ # @return [String]
5584
+ attr_accessor :posture_deployment
5585
+
5586
+ # The project, folder, or organization on which the posture is deployed, for
5587
+ # example, `projects/`project_number``.
5588
+ # Corresponds to the JSON property `postureDeploymentResource`
5589
+ # @return [String]
5590
+ attr_accessor :posture_deployment_resource
5591
+
5592
+ # The version of the posture, for example, `c7cfa2a8`.
5593
+ # Corresponds to the JSON property `revisionId`
5594
+ # @return [String]
5595
+ attr_accessor :revision_id
5596
+
5597
+ def initialize(**args)
5598
+ update!(**args)
5599
+ end
5600
+
5601
+ # Update properties of this object
5602
+ def update!(**args)
5603
+ @changed_policy = args[:changed_policy] if args.key?(:changed_policy)
5604
+ @name = args[:name] if args.key?(:name)
5605
+ @policy = args[:policy] if args.key?(:policy)
5606
+ @policy_drift_details = args[:policy_drift_details] if args.key?(:policy_drift_details)
5607
+ @policy_set = args[:policy_set] if args.key?(:policy_set)
5608
+ @posture_deployment = args[:posture_deployment] if args.key?(:posture_deployment)
5609
+ @posture_deployment_resource = args[:posture_deployment_resource] if args.key?(:posture_deployment_resource)
5610
+ @revision_id = args[:revision_id] if args.key?(:revision_id)
5611
+ end
5612
+ end
5613
+
5614
+ # Resource value mapping for Sensitive Data Protection findings If any of these
5615
+ # mappings have a resource value that is not unspecified, the resource_value
5616
+ # field will be ignored when reading this configuration.
5617
+ class GoogleCloudSecuritycenterV2SensitiveDataProtectionMapping
5618
+ include Google::Apis::Core::Hashable
5619
+
5620
+ # Resource value mapping for high-sensitivity Sensitive Data Protection findings
5621
+ # Corresponds to the JSON property `highSensitivityMapping`
5622
+ # @return [String]
5623
+ attr_accessor :high_sensitivity_mapping
5624
+
5625
+ # Resource value mapping for medium-sensitivity Sensitive Data Protection
5626
+ # findings
5627
+ # Corresponds to the JSON property `mediumSensitivityMapping`
5628
+ # @return [String]
5629
+ attr_accessor :medium_sensitivity_mapping
5630
+
5631
+ def initialize(**args)
5632
+ update!(**args)
5633
+ end
5634
+
5635
+ # Update properties of this object
5636
+ def update!(**args)
5637
+ @high_sensitivity_mapping = args[:high_sensitivity_mapping] if args.key?(:high_sensitivity_mapping)
5638
+ @medium_sensitivity_mapping = args[:medium_sensitivity_mapping] if args.key?(:medium_sensitivity_mapping)
5639
+ end
5640
+ end
5641
+
5642
+ # Identity delegation history of an authenticated service account.
5643
+ class GoogleCloudSecuritycenterV2ServiceAccountDelegationInfo
5644
+ include Google::Apis::Core::Hashable
5645
+
5646
+ # The email address of a Google account.
5647
+ # Corresponds to the JSON property `principalEmail`
5648
+ # @return [String]
5649
+ attr_accessor :principal_email
5650
+
5651
+ # A string representing the principal_subject associated with the identity. As
5652
+ # compared to `principal_email`, supports principals that aren't associated with
5653
+ # email addresses, such as third party principals. For most identities, the
5654
+ # format will be `principal://iam.googleapis.com/`identity pool name`/subjects/`
5655
+ # subject`` except for some GKE identities (GKE_WORKLOAD, FREEFORM,
5656
+ # GKE_HUB_WORKLOAD) that are still in the legacy format `serviceAccount:`
5657
+ # identity pool name`[`subject`]`
5658
+ # Corresponds to the JSON property `principalSubject`
5659
+ # @return [String]
5660
+ attr_accessor :principal_subject
5661
+
5662
+ def initialize(**args)
5663
+ update!(**args)
5664
+ end
5665
+
5666
+ # Update properties of this object
5667
+ def update!(**args)
5668
+ @principal_email = args[:principal_email] if args.key?(:principal_email)
5669
+ @principal_subject = args[:principal_subject] if args.key?(:principal_subject)
5670
+ end
5671
+ end
5672
+
5673
+ # Represents a Kubernetes subject.
5674
+ class GoogleCloudSecuritycenterV2Subject
5675
+ include Google::Apis::Core::Hashable
5676
+
5677
+ # Authentication type for the subject.
5678
+ # Corresponds to the JSON property `kind`
5679
+ # @return [String]
5680
+ attr_accessor :kind
5681
+
5682
+ # Name for the subject.
5683
+ # Corresponds to the JSON property `name`
5684
+ # @return [String]
5685
+ attr_accessor :name
5686
+
5687
+ # Namespace for the subject.
5688
+ # Corresponds to the JSON property `ns`
5689
+ # @return [String]
5690
+ attr_accessor :ns
5691
+
5692
+ def initialize(**args)
5693
+ update!(**args)
5694
+ end
5695
+
5696
+ # Update properties of this object
5697
+ def update!(**args)
5698
+ @kind = args[:kind] if args.key?(:kind)
5699
+ @name = args[:name] if args.key?(:name)
5700
+ @ns = args[:ns] if args.key?(:ns)
5701
+ end
5702
+ end
5703
+
5704
+ # Information about the ticket, if any, that is being used to track the
5705
+ # resolution of the issue that is identified by this finding.
5706
+ class GoogleCloudSecuritycenterV2TicketInfo
5707
+ include Google::Apis::Core::Hashable
5708
+
5709
+ # The assignee of the ticket in the ticket system.
5710
+ # Corresponds to the JSON property `assignee`
5711
+ # @return [String]
5712
+ attr_accessor :assignee
5713
+
5714
+ # The description of the ticket in the ticket system.
5715
+ # Corresponds to the JSON property `description`
5716
+ # @return [String]
5717
+ attr_accessor :description
5718
+
5719
+ # The identifier of the ticket in the ticket system.
5720
+ # Corresponds to the JSON property `id`
5721
+ # @return [String]
5722
+ attr_accessor :id
5723
+
5724
+ # The latest status of the ticket, as reported by the ticket system.
5725
+ # Corresponds to the JSON property `status`
5726
+ # @return [String]
5727
+ attr_accessor :status
5728
+
5729
+ # The time when the ticket was last updated, as reported by the ticket system.
5730
+ # Corresponds to the JSON property `updateTime`
5731
+ # @return [String]
5732
+ attr_accessor :update_time
5733
+
5734
+ # The link to the ticket in the ticket system.
5735
+ # Corresponds to the JSON property `uri`
5736
+ # @return [String]
5737
+ attr_accessor :uri
5738
+
5739
+ def initialize(**args)
5740
+ update!(**args)
5741
+ end
5742
+
5743
+ # Update properties of this object
5744
+ def update!(**args)
5745
+ @assignee = args[:assignee] if args.key?(:assignee)
5746
+ @description = args[:description] if args.key?(:description)
5747
+ @id = args[:id] if args.key?(:id)
5748
+ @status = args[:status] if args.key?(:status)
5749
+ @update_time = args[:update_time] if args.key?(:update_time)
5750
+ @uri = args[:uri] if args.key?(:uri)
5751
+ end
5752
+ end
5753
+
5754
+ # Refers to common vulnerability fields e.g. cve, cvss, cwe etc.
5755
+ class GoogleCloudSecuritycenterV2Vulnerability
5756
+ include Google::Apis::Core::Hashable
5757
+
5758
+ # CVE stands for Common Vulnerabilities and Exposures. Information from the [CVE
5759
+ # record](https://www.cve.org/ResourcesSupport/Glossary) that describes this
5760
+ # vulnerability.
5761
+ # Corresponds to the JSON property `cve`
5762
+ # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Cve]
5763
+ attr_accessor :cve
5764
+
5765
+ # Package is a generic definition of a package.
5766
+ # Corresponds to the JSON property `fixedPackage`
5767
+ # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Package]
5768
+ attr_accessor :fixed_package
5769
+
5770
+ # Package is a generic definition of a package.
5771
+ # Corresponds to the JSON property `offendingPackage`
5772
+ # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Package]
5773
+ attr_accessor :offending_package
5774
+
5775
+ # SecurityBulletin are notifications of vulnerabilities of Google products.
5776
+ # Corresponds to the JSON property `securityBulletin`
5777
+ # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2SecurityBulletin]
5778
+ attr_accessor :security_bulletin
5779
+
5780
+ def initialize(**args)
5781
+ update!(**args)
5782
+ end
5783
+
5784
+ # Update properties of this object
5785
+ def update!(**args)
5786
+ @cve = args[:cve] if args.key?(:cve)
5787
+ @fixed_package = args[:fixed_package] if args.key?(:fixed_package)
5788
+ @offending_package = args[:offending_package] if args.key?(:offending_package)
5789
+ @security_bulletin = args[:security_bulletin] if args.key?(:security_bulletin)
5790
+ end
5791
+ end
5792
+
5793
+ # A signature corresponding to a YARA rule.
5794
+ class GoogleCloudSecuritycenterV2YaraRuleSignature
5795
+ include Google::Apis::Core::Hashable
5796
+
5797
+ # The name of the YARA rule.
5798
+ # Corresponds to the JSON property `yaraRule`
5799
+ # @return [String]
5800
+ attr_accessor :yara_rule
5801
+
5802
+ def initialize(**args)
5803
+ update!(**args)
5804
+ end
5805
+
5806
+ # Update properties of this object
5807
+ def update!(**args)
5808
+ @yara_rule = args[:yara_rule] if args.key?(:yara_rule)
5809
+ end
5810
+ end
5811
+
2760
5812
  # Represents a particular IAM binding, which captures a member's role addition,
2761
5813
  # removal, or state.
2762
5814
  class IamBinding