google-apis-securitycenter_v1beta2 0.71.0 → 0.73.0

data/lib/google/apis/securitycenter_v1beta2/classes.rb

@@ -493,6 +493,11 @@ module Google
         # @return [Google::Apis::SecuritycenterV1beta2::AzureSubscription]
         attr_accessor :subscription
       
+        # Represents a Microsoft Entra tenant.
+        # Corresponds to the JSON property `tenant`
+        # @return [Google::Apis::SecuritycenterV1beta2::AzureTenant]
+        attr_accessor :tenant
+      
         def initialize(**args)
            update!(**args)
         end
@@ -502,6 +507,7 @@ module Google
           @management_groups = args[:management_groups] if args.key?(:management_groups)
           @resource_group = args[:resource_group] if args.key?(:resource_group)
           @subscription = args[:subscription] if args.key?(:subscription)
+          @tenant = args[:tenant] if args.key?(:tenant)
         end
       end
       
@@ -509,6 +515,11 @@ module Google
       class AzureResourceGroup
         include Google::Apis::Core::Hashable
       
+        # The ID of the Azure resource group.
+        # Corresponds to the JSON property `id`
+        # @return [String]
+        attr_accessor :id
+      
         # The name of the Azure resource group. This is not a UUID.
         # Corresponds to the JSON property `name`
         # @return [String]
@@ -520,6 +531,7 @@ module Google
       
         # Update properties of this object
         def update!(**args)
+          @id = args[:id] if args.key?(:id)
           @name = args[:name] if args.key?(:name)
         end
       end
@@ -550,6 +562,32 @@ module Google
         end
       end
       
+      # Represents a Microsoft Entra tenant.
+      class AzureTenant
+        include Google::Apis::Core::Hashable
+      
+        # The display name of the Azure tenant.
+        # Corresponds to the JSON property `displayName`
+        # @return [String]
+        attr_accessor :display_name
+      
+        # The ID of the Microsoft Entra tenant, for example, "a11aaa11-aa11-1aa1-11aa-
+        # 1aaa11a".
+        # Corresponds to the JSON property `id`
+        # @return [String]
+        attr_accessor :id
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @display_name = args[:display_name] if args.key?(:display_name)
+          @id = args[:id] if args.key?(:id)
+        end
+      end
+      
       # Information related to Google Cloud Backup and DR Service findings.
       class BackupDisasterRecovery
         include Google::Apis::Core::Hashable
@@ -1122,11 +1160,21 @@ module Google
         # @return [Google::Apis::SecuritycenterV1beta2::Cvssv3]
         attr_accessor :cvssv3
       
+        # Date the first publicly available exploit or PoC was released.
+        # Corresponds to the JSON property `exploitReleaseDate`
+        # @return [String]
+        attr_accessor :exploit_release_date
+      
         # The exploitation activity of the vulnerability in the wild.
         # Corresponds to the JSON property `exploitationActivity`
         # @return [String]
         attr_accessor :exploitation_activity
       
+        # Date of the earliest known exploitation.
+        # Corresponds to the JSON property `firstExploitationDate`
+        # @return [String]
+        attr_accessor :first_exploitation_date
+      
         # The unique identifier for the vulnerability. e.g. CVE-2021-34527
         # Corresponds to the JSON property `id`
         # @return [String]
@@ -1168,7 +1216,9 @@ module Google
         # Update properties of this object
         def update!(**args)
           @cvssv3 = args[:cvssv3] if args.key?(:cvssv3)
+          @exploit_release_date = args[:exploit_release_date] if args.key?(:exploit_release_date)
           @exploitation_activity = args[:exploitation_activity] if args.key?(:exploitation_activity)
+          @first_exploitation_date = args[:first_exploitation_date] if args.key?(:first_exploitation_date)
           @id = args[:id] if args.key?(:id)
           @impact = args[:impact] if args.key?(:impact)
           @observed_in_the_wild = args[:observed_in_the_wild] if args.key?(:observed_in_the_wild)
@@ -1255,6 +1305,144 @@ module Google
         end
       end
       
+      # Details about a data access attempt made by a principal not authorized under
+      # applicable data security policy.
+      class DataAccessEvent
+        include Google::Apis::Core::Hashable
+      
+        # Unique identifier for data access event.
+        # Corresponds to the JSON property `eventId`
+        # @return [String]
+        attr_accessor :event_id
+      
+        # Timestamp of data access event.
+        # Corresponds to the JSON property `eventTime`
+        # @return [String]
+        attr_accessor :event_time
+      
+        # The operation performed by the principal to access the data.
+        # Corresponds to the JSON property `operation`
+        # @return [String]
+        attr_accessor :operation
+      
+        # The email address of the principal that accessed the data. The principal could
+        # be a user account, service account, Google group, or other.
+        # Corresponds to the JSON property `principalEmail`
+        # @return [String]
+        attr_accessor :principal_email
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @event_id = args[:event_id] if args.key?(:event_id)
+          @event_time = args[:event_time] if args.key?(:event_time)
+          @operation = args[:operation] if args.key?(:operation)
+          @principal_email = args[:principal_email] if args.key?(:principal_email)
+        end
+      end
+      
+      # Details about a data flow event, in which either the data is moved to or is
+      # accessed from a non-compliant geo-location, as defined in the applicable data
+      # security policy.
+      class DataFlowEvent
+        include Google::Apis::Core::Hashable
+      
+        # Unique identifier for data flow event.
+        # Corresponds to the JSON property `eventId`
+        # @return [String]
+        attr_accessor :event_id
+      
+        # Timestamp of data flow event.
+        # Corresponds to the JSON property `eventTime`
+        # @return [String]
+        attr_accessor :event_time
+      
+        # The operation performed by the principal for the data flow event.
+        # Corresponds to the JSON property `operation`
+        # @return [String]
+        attr_accessor :operation
+      
+        # The email address of the principal that initiated the data flow event. The
+        # principal could be a user account, service account, Google group, or other.
+        # Corresponds to the JSON property `principalEmail`
+        # @return [String]
+        attr_accessor :principal_email
+      
+        # Non-compliant location of the principal or the data destination.
+        # Corresponds to the JSON property `violatedLocation`
+        # @return [String]
+        attr_accessor :violated_location
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @event_id = args[:event_id] if args.key?(:event_id)
+          @event_time = args[:event_time] if args.key?(:event_time)
+          @operation = args[:operation] if args.key?(:operation)
+          @principal_email = args[:principal_email] if args.key?(:principal_email)
+          @violated_location = args[:violated_location] if args.key?(:violated_location)
+        end
+      end
+      
+      # Details about data retention deletion violations, in which the data is non-
+      # compliant based on their retention or deletion time, as defined in the
+      # applicable data security policy. The Data Retention Deletion (DRD) control is
+      # a control of the DSPM (Data Security Posture Management) suite that enables
+      # organizations to manage data retention and deletion policies in compliance
+      # with regulations, such as GDPR and CRPA. DRD supports two primary policy types:
+      # maximum storage length (max TTL) and minimum storage length (min TTL). Both
+      # are aimed at helping organizations meet regulatory and data management
+      # commitments.
+      class DataRetentionDeletionEvent
+        include Google::Apis::Core::Hashable
+      
+        # Number of objects that violated the policy for this resource. If the number is
+        # less than 1,000, then the value of this field is the exact number. If the
+        # number of objects that violated the policy is greater than or equal to 1,000,
+        # then the value of this field is 1000.
+        # Corresponds to the JSON property `dataObjectCount`
+        # @return [Fixnum]
+        attr_accessor :data_object_count
+      
+        # Timestamp indicating when the event was detected.
+        # Corresponds to the JSON property `eventDetectionTime`
+        # @return [String]
+        attr_accessor :event_detection_time
+      
+        # Type of the DRD event.
+        # Corresponds to the JSON property `eventType`
+        # @return [String]
+        attr_accessor :event_type
+      
+        # Maximum duration of retention allowed from the DRD control. This comes from
+        # the DRD control where users set a max TTL for their data. For example, suppose
+        # that a user set the max TTL for a Cloud Storage bucket to 90 days. However, an
+        # object in that bucket is 100 days old. In this case, a
+        # DataRetentionDeletionEvent will be generated for that Cloud Storage bucket,
+        # and the max_retention_allowed is 90 days.
+        # Corresponds to the JSON property `maxRetentionAllowed`
+        # @return [String]
+        attr_accessor :max_retention_allowed
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @data_object_count = args[:data_object_count] if args.key?(:data_object_count)
+          @event_detection_time = args[:event_detection_time] if args.key?(:event_detection_time)
+          @event_type = args[:event_type] if args.key?(:event_type)
+          @max_retention_allowed = args[:max_retention_allowed] if args.key?(:max_retention_allowed)
+        end
+      end
+      
       # Represents database access information, such as queries. A database may be a
       # sub-resource of an instance (as in the case of Cloud SQL instances or Cloud
       # Spanner instances), or the database instance itself. Some database resources
@@ -1374,6 +1562,26 @@ module Google
         end
       end
       
+      # Contains information about the disk associated with the finding.
+      class Disk
+        include Google::Apis::Core::Hashable
+      
+        # The name of the disk, for example, "https://www.googleapis.com/compute/v1/
+        # projects/project-id/zones/zone-id/disks/disk-id".
+        # Corresponds to the JSON property `name`
+        # @return [String]
+        attr_accessor :name
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @name = args[:name] if args.key?(:name)
+        end
+      end
+      
       # Path of the file in terms of underlying disk/partition identifiers.
       class DiskPath
         include Google::Apis::Core::Hashable
@@ -1401,6 +1609,33 @@ module Google
         end
       end
       
+      # The record of a dynamic mute rule that matches the finding.
+      class DynamicMuteRecord
+        include Google::Apis::Core::Hashable
+      
+        # When the dynamic mute rule first matched the finding.
+        # Corresponds to the JSON property `matchTime`
+        # @return [String]
+        attr_accessor :match_time
+      
+        # The relative resource name of the mute rule, represented by a mute config,
+        # that created this record, for example `organizations/123/muteConfigs/
+        # mymuteconfig` or `organizations/123/locations/global/muteConfigs/mymuteconfig`.
+        # Corresponds to the JSON property `muteConfig`
+        # @return [String]
+        attr_accessor :mute_config
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @match_time = args[:match_time] if args.key?(:match_time)
+          @mute_config = args[:mute_config] if args.key?(:mute_config)
+        end
+      end
+      
       # A name-value pair representing an environment variable used in an operating
       # system process.
       class EnvironmentVariable
@@ -1741,6 +1976,21 @@ module Google
         # @return [String]
         attr_accessor :create_time
       
+        # Data access events associated with the finding.
+        # Corresponds to the JSON property `dataAccessEvents`
+        # @return [Array<Google::Apis::SecuritycenterV1beta2::DataAccessEvent>]
+        attr_accessor :data_access_events
+      
+        # Data flow events associated with the finding.
+        # Corresponds to the JSON property `dataFlowEvents`
+        # @return [Array<Google::Apis::SecuritycenterV1beta2::DataFlowEvent>]
+        attr_accessor :data_flow_events
+      
+        # Data retention deletion events associated with the finding.
+        # Corresponds to the JSON property `dataRetentionDeletionEvents`
+        # @return [Array<Google::Apis::SecuritycenterV1beta2::DataRetentionDeletionEvent>]
+        attr_accessor :data_retention_deletion_events
+      
         # Represents database access information, such as queries. A database may be a
         # sub-resource of an instance (as in the case of Cloud SQL instances or Cloud
         # Spanner instances), or the database instance itself. Some database resources
@@ -1757,6 +2007,11 @@ module Google
         # @return [String]
         attr_accessor :description
       
+        # Contains information about the disk associated with the finding.
+        # Corresponds to the JSON property `disk`
+        # @return [Google::Apis::SecuritycenterV1beta2::Disk]
+        attr_accessor :disk
+      
         # The time the finding was first detected. If an existing finding is updated,
         # then this is the time the update occurred. For example, if the finding
         # represents an open firewall, this property captures the time the detector
@@ -1858,6 +2113,12 @@ module Google
         # @return [String]
         attr_accessor :mute
       
+        # Mute information about the finding, including whether the finding has a static
+        # mute or any matching dynamic mute rules.
+        # Corresponds to the JSON property `muteInfo`
+        # @return [Google::Apis::SecuritycenterV1beta2::MuteInfo]
+        attr_accessor :mute_info
+      
         # Records additional information about the mute operation, for example, the [
         # mute configuration](/security-command-center/docs/how-to-mute-findings) that
         # muted the finding and the user who muted the finding.
@@ -1991,8 +2252,12 @@ module Google
           @contacts = args[:contacts] if args.key?(:contacts)
           @containers = args[:containers] if args.key?(:containers)
           @create_time = args[:create_time] if args.key?(:create_time)
+          @data_access_events = args[:data_access_events] if args.key?(:data_access_events)
+          @data_flow_events = args[:data_flow_events] if args.key?(:data_flow_events)
+          @data_retention_deletion_events = args[:data_retention_deletion_events] if args.key?(:data_retention_deletion_events)
           @database = args[:database] if args.key?(:database)
           @description = args[:description] if args.key?(:description)
+          @disk = args[:disk] if args.key?(:disk)
           @event_time = args[:event_time] if args.key?(:event_time)
           @exfiltration = args[:exfiltration] if args.key?(:exfiltration)
           @external_systems = args[:external_systems] if args.key?(:external_systems)
@@ -2009,6 +2274,7 @@ module Google
           @mitre_attack = args[:mitre_attack] if args.key?(:mitre_attack)
           @module_name = args[:module_name] if args.key?(:module_name)
           @mute = args[:mute] if args.key?(:mute)
+          @mute_info = args[:mute_info] if args.key?(:mute_info)
           @mute_initiator = args[:mute_initiator] if args.key?(:mute_initiator)
           @mute_update_time = args[:mute_update_time] if args.key?(:mute_update_time)
           @name = args[:name] if args.key?(:name)
@@ -2367,6 +2633,11 @@ module Google
       class GoogleCloudSecuritycenterV1EffectiveSecurityHealthAnalyticsCustomModule
         include Google::Apis::Core::Hashable
       
+        # The cloud provider of the custom module.
+        # Corresponds to the JSON property `cloudProvider`
+        # @return [String]
+        attr_accessor :cloud_provider
+      
         # Defines the properties in a custom module configuration for Security Health
         # Analytics. Use the custom module configuration to create custom detectors that
         # generate custom findings for resources that you specify.
@@ -2403,6 +2674,7 @@ module Google
       
         # Update properties of this object
         def update!(**args)
+          @cloud_provider = args[:cloud_provider] if args.key?(:cloud_provider)
           @custom_config = args[:custom_config] if args.key?(:custom_config)
           @display_name = args[:display_name] if args.key?(:display_name)
           @enablement_state = args[:enablement_state] if args.key?(:enablement_state)
@@ -2516,6 +2788,12 @@ module Google
         # @return [String]
         attr_accessor :display_name
       
+        # Optional. The expiry of the mute config. Only applicable for dynamic configs.
+        # If the expiry is set, when the config expires, it is removed from all findings.
+        # Corresponds to the JSON property `expiryTime`
+        # @return [String]
+        attr_accessor :expiry_time
+      
         # Required. An expression that defines the filter to apply across create/update
         # events of findings. While creating a filter string, be mindful of the scope in
         # which the mute configuration is being created. E.g., If a filter contains
@@ -2547,6 +2825,14 @@ module Google
         # @return [String]
         attr_accessor :name
       
+        # Optional. The type of the mute config, which determines what type of mute
+        # state the config affects. The static mute state takes precedence over the
+        # dynamic mute state. Immutable after creation. STATIC by default if not set
+        # during creation.
+        # Corresponds to the JSON property `type`
+        # @return [String]
+        attr_accessor :type
+      
         # Output only. The most recent time at which the mute config was updated. This
         # field is set by the server and will be ignored if provided on config creation
         # or update.
@@ -2563,9 +2849,11 @@ module Google
           @create_time = args[:create_time] if args.key?(:create_time)
           @description = args[:description] if args.key?(:description)
           @display_name = args[:display_name] if args.key?(:display_name)
+          @expiry_time = args[:expiry_time] if args.key?(:expiry_time)
           @filter = args[:filter] if args.key?(:filter)
           @most_recent_editor = args[:most_recent_editor] if args.key?(:most_recent_editor)
           @name = args[:name] if args.key?(:name)
+          @type = args[:type] if args.key?(:type)
           @update_time = args[:update_time] if args.key?(:update_time)
         end
       end
@@ -2848,10 +3136,10 @@ module Google
         # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV1SensitiveDataProtectionMapping]
         attr_accessor :sensitive_data_protection_mapping
       
-        # Required. Tag values combined with `AND` to check against. Values in the form "
-        # tagValues/123" Example: `[ "tagValues/123", "tagValues/456", "tagValues/789" ]`
-        # https://cloud.google.com/resource-manager/docs/tags/tags-creating-and-
-        # managing
+        # Required. Tag values combined with `AND` to check against. For Google Cloud
+        # resources, they are tag value IDs in the form of "tagValues/123". Example: `[ "
+        # tagValues/123", "tagValues/456", "tagValues/789" ]` https://cloud.google.com/
+        # resource-manager/docs/tags/tags-creating-and-managing
         # Corresponds to the JSON property `tagValues`
         # @return [Array<String>]
         attr_accessor :tag_values
@@ -2922,6 +3210,11 @@ module Google
         # @return [String]
         attr_accessor :ancestor_module
       
+        # The cloud provider of the custom module.
+        # Corresponds to the JSON property `cloudProvider`
+        # @return [String]
+        attr_accessor :cloud_provider
+      
         # Defines the properties in a custom module configuration for Security Health
         # Analytics. Use the custom module configuration to create custom detectors that
         # generate custom findings for resources that you specify.
@@ -2971,6 +3264,7 @@ module Google
         # Update properties of this object
         def update!(**args)
           @ancestor_module = args[:ancestor_module] if args.key?(:ancestor_module)
+          @cloud_provider = args[:cloud_provider] if args.key?(:cloud_provider)
           @custom_config = args[:custom_config] if args.key?(:custom_config)
           @display_name = args[:display_name] if args.key?(:display_name)
           @enablement_state = args[:enablement_state] if args.key?(:enablement_state)
@@ -3804,6 +4098,11 @@ module Google
         # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2AzureSubscription]
         attr_accessor :subscription
       
+        # Represents a Microsoft Entra tenant.
+        # Corresponds to the JSON property `tenant`
+        # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2AzureTenant]
+        attr_accessor :tenant
+      
         def initialize(**args)
            update!(**args)
         end
@@ -3813,6 +4112,7 @@ module Google
           @management_groups = args[:management_groups] if args.key?(:management_groups)
           @resource_group = args[:resource_group] if args.key?(:resource_group)
           @subscription = args[:subscription] if args.key?(:subscription)
+          @tenant = args[:tenant] if args.key?(:tenant)
         end
       end
       
@@ -3820,6 +4120,11 @@ module Google
       class GoogleCloudSecuritycenterV2AzureResourceGroup
         include Google::Apis::Core::Hashable
       
+        # The ID of the Azure resource group.
+        # Corresponds to the JSON property `id`
+        # @return [String]
+        attr_accessor :id
+      
         # The name of the Azure resource group. This is not a UUID.
         # Corresponds to the JSON property `name`
         # @return [String]
@@ -3831,6 +4136,7 @@ module Google
       
         # Update properties of this object
         def update!(**args)
+          @id = args[:id] if args.key?(:id)
           @name = args[:name] if args.key?(:name)
         end
       end
@@ -3861,6 +4167,32 @@ module Google
         end
       end
       
+      # Represents a Microsoft Entra tenant.
+      class GoogleCloudSecuritycenterV2AzureTenant
+        include Google::Apis::Core::Hashable
+      
+        # The display name of the Azure tenant.
+        # Corresponds to the JSON property `displayName`
+        # @return [String]
+        attr_accessor :display_name
+      
+        # The ID of the Microsoft Entra tenant, for example, "a11aaa11-aa11-1aa1-11aa-
+        # 1aaa11a".
+        # Corresponds to the JSON property `id`
+        # @return [String]
+        attr_accessor :id
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @display_name = args[:display_name] if args.key?(:display_name)
+          @id = args[:id] if args.key?(:id)
+        end
+      end
+      
       # Information related to Google Cloud Backup and DR Service findings.
       class GoogleCloudSecuritycenterV2BackupDisasterRecovery
         include Google::Apis::Core::Hashable
@@ -4429,11 +4761,21 @@ module Google
         # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Cvssv3]
         attr_accessor :cvssv3
       
+        # Date the first publicly available exploit or PoC was released.
+        # Corresponds to the JSON property `exploitReleaseDate`
+        # @return [String]
+        attr_accessor :exploit_release_date
+      
         # The exploitation activity of the vulnerability in the wild.
         # Corresponds to the JSON property `exploitationActivity`
         # @return [String]
         attr_accessor :exploitation_activity
       
+        # Date of the earliest known exploitation.
+        # Corresponds to the JSON property `firstExploitationDate`
+        # @return [String]
+        attr_accessor :first_exploitation_date
+      
         # The unique identifier for the vulnerability. e.g. CVE-2021-34527
         # Corresponds to the JSON property `id`
         # @return [String]
@@ -4475,7 +4817,9 @@ module Google
         # Update properties of this object
         def update!(**args)
           @cvssv3 = args[:cvssv3] if args.key?(:cvssv3)
+          @exploit_release_date = args[:exploit_release_date] if args.key?(:exploit_release_date)
           @exploitation_activity = args[:exploitation_activity] if args.key?(:exploitation_activity)
+          @first_exploitation_date = args[:first_exploitation_date] if args.key?(:first_exploitation_date)
           @id = args[:id] if args.key?(:id)
           @impact = args[:impact] if args.key?(:impact)
           @observed_in_the_wild = args[:observed_in_the_wild] if args.key?(:observed_in_the_wild)
@@ -4562,53 +4906,31 @@ module Google
         end
       end
       
-      # Represents database access information, such as queries. A database may be a
-      # sub-resource of an instance (as in the case of Cloud SQL instances or Cloud
-      # Spanner instances), or the database instance itself. Some database resources
-      # might not have the [full resource name](https://google.aip.dev/122#full-
-      # resource-names) populated because these resource types, such as Cloud SQL
-      # databases, are not yet supported by Cloud Asset Inventory. In these cases only
-      # the display name is provided.
-      class GoogleCloudSecuritycenterV2Database
+      # Details about a data access attempt made by a principal not authorized under
+      # applicable data security policy.
+      class GoogleCloudSecuritycenterV2DataAccessEvent
         include Google::Apis::Core::Hashable
       
-        # The human-readable name of the database that the user connected to.
-        # Corresponds to the JSON property `displayName`
-        # @return [String]
-        attr_accessor :display_name
-      
-        # The target usernames, roles, or groups of an SQL privilege grant, which is not
-        # an IAM policy change.
-        # Corresponds to the JSON property `grantees`
-        # @return [Array<String>]
-        attr_accessor :grantees
-      
-        # Some database resources may not have the [full resource name](https://google.
-        # aip.dev/122#full-resource-names) populated because these resource types are
-        # not yet supported by Cloud Asset Inventory (e.g. Cloud SQL databases). In
-        # these cases only the display name will be provided. The [full resource name](
-        # https://google.aip.dev/122#full-resource-names) of the database that the user
-        # connected to, if it is supported by Cloud Asset Inventory.
-        # Corresponds to the JSON property `name`
+        # Unique identifier for data access event.
+        # Corresponds to the JSON property `eventId`
         # @return [String]
-        attr_accessor :name
+        attr_accessor :event_id
       
-        # The SQL statement that is associated with the database access.
-        # Corresponds to the JSON property `query`
+        # Timestamp of data access event.
+        # Corresponds to the JSON property `eventTime`
         # @return [String]
-        attr_accessor :query
+        attr_accessor :event_time
       
-        # The username used to connect to the database. The username might not be an IAM
-        # principal and does not have a set format.
-        # Corresponds to the JSON property `userName`
+        # The operation performed by the principal to access the data.
+        # Corresponds to the JSON property `operation`
         # @return [String]
-        attr_accessor :user_name
+        attr_accessor :operation
       
-        # The version of the database, for example, POSTGRES_14. See [the complete list](
-        # https://cloud.google.com/sql/docs/mysql/admin-api/rest/v1/SqlDatabaseVersion).
-        # Corresponds to the JSON property `version`
+        # The email address of the principal that accessed the data. The principal could
+        # be a user account, service account, Google group, or other.
+        # Corresponds to the JSON property `principalEmail`
         # @return [String]
-        attr_accessor :version
+        attr_accessor :principal_email
       
         def initialize(**args)
            update!(**args)
@@ -4616,28 +4938,188 @@ module Google
       
         # Update properties of this object
         def update!(**args)
-          @display_name = args[:display_name] if args.key?(:display_name)
-          @grantees = args[:grantees] if args.key?(:grantees)
-          @name = args[:name] if args.key?(:name)
-          @query = args[:query] if args.key?(:query)
-          @user_name = args[:user_name] if args.key?(:user_name)
-          @version = args[:version] if args.key?(:version)
+          @event_id = args[:event_id] if args.key?(:event_id)
+          @event_time = args[:event_time] if args.key?(:event_time)
+          @operation = args[:operation] if args.key?(:operation)
+          @principal_email = args[:principal_email] if args.key?(:principal_email)
         end
       end
       
-      # Memory hash detection contributing to the binary family match.
-      class GoogleCloudSecuritycenterV2Detection
+      # Details about a data flow event, in which either the data is moved to or is
+      # accessed from a non-compliant geo-location, as defined in the applicable data
+      # security policy.
+      class GoogleCloudSecuritycenterV2DataFlowEvent
         include Google::Apis::Core::Hashable
       
-        # The name of the binary associated with the memory hash signature detection.
-        # Corresponds to the JSON property `binary`
+        # Unique identifier for data flow event.
+        # Corresponds to the JSON property `eventId`
         # @return [String]
-        attr_accessor :binary
+        attr_accessor :event_id
       
-        # The percentage of memory page hashes in the signature that were matched.
-        # Corresponds to the JSON property `percentPagesMatched`
-        # @return [Float]
-        attr_accessor :percent_pages_matched
+        # Timestamp of data flow event.
+        # Corresponds to the JSON property `eventTime`
+        # @return [String]
+        attr_accessor :event_time
+      
+        # The operation performed by the principal for the data flow event.
+        # Corresponds to the JSON property `operation`
+        # @return [String]
+        attr_accessor :operation
+      
+        # The email address of the principal that initiated the data flow event. The
+        # principal could be a user account, service account, Google group, or other.
+        # Corresponds to the JSON property `principalEmail`
+        # @return [String]
+        attr_accessor :principal_email
+      
+        # Non-compliant location of the principal or the data destination.
+        # Corresponds to the JSON property `violatedLocation`
+        # @return [String]
+        attr_accessor :violated_location
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @event_id = args[:event_id] if args.key?(:event_id)
+          @event_time = args[:event_time] if args.key?(:event_time)
+          @operation = args[:operation] if args.key?(:operation)
+          @principal_email = args[:principal_email] if args.key?(:principal_email)
+          @violated_location = args[:violated_location] if args.key?(:violated_location)
+        end
+      end
+      
+      # Details about data retention deletion violations, in which the data is non-
+      # compliant based on their retention or deletion time, as defined in the
+      # applicable data security policy. The Data Retention Deletion (DRD) control is
+      # a control of the DSPM (Data Security Posture Management) suite that enables
+      # organizations to manage data retention and deletion policies in compliance
+      # with regulations, such as GDPR and CRPA. DRD supports two primary policy types:
+      # maximum storage length (max TTL) and minimum storage length (min TTL). Both
+      # are aimed at helping organizations meet regulatory and data management
+      # commitments.
+      class GoogleCloudSecuritycenterV2DataRetentionDeletionEvent
+        include Google::Apis::Core::Hashable
+      
+        # Number of objects that violated the policy for this resource. If the number is
+        # less than 1,000, then the value of this field is the exact number. If the
+        # number of objects that violated the policy is greater than or equal to 1,000,
+        # then the value of this field is 1000.
+        # Corresponds to the JSON property `dataObjectCount`
+        # @return [Fixnum]
+        attr_accessor :data_object_count
+      
+        # Timestamp indicating when the event was detected.
+        # Corresponds to the JSON property `eventDetectionTime`
+        # @return [String]
+        attr_accessor :event_detection_time
+      
+        # Type of the DRD event.
+        # Corresponds to the JSON property `eventType`
+        # @return [String]
+        attr_accessor :event_type
+      
+        # Maximum duration of retention allowed from the DRD control. This comes from
+        # the DRD control where users set a max TTL for their data. For example, suppose
+        # that a user set the max TTL for a Cloud Storage bucket to 90 days. However, an
+        # object in that bucket is 100 days old. In this case, a
+        # DataRetentionDeletionEvent will be generated for that Cloud Storage bucket,
+        # and the max_retention_allowed is 90 days.
+        # Corresponds to the JSON property `maxRetentionAllowed`
+        # @return [String]
+        attr_accessor :max_retention_allowed
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @data_object_count = args[:data_object_count] if args.key?(:data_object_count)
+          @event_detection_time = args[:event_detection_time] if args.key?(:event_detection_time)
+          @event_type = args[:event_type] if args.key?(:event_type)
+          @max_retention_allowed = args[:max_retention_allowed] if args.key?(:max_retention_allowed)
+        end
+      end
+      
+      # Represents database access information, such as queries. A database may be a
+      # sub-resource of an instance (as in the case of Cloud SQL instances or Cloud
+      # Spanner instances), or the database instance itself. Some database resources
+      # might not have the [full resource name](https://google.aip.dev/122#full-
+      # resource-names) populated because these resource types, such as Cloud SQL
+      # databases, are not yet supported by Cloud Asset Inventory. In these cases only
+      # the display name is provided.
+      class GoogleCloudSecuritycenterV2Database
+        include Google::Apis::Core::Hashable
+      
+        # The human-readable name of the database that the user connected to.
+        # Corresponds to the JSON property `displayName`
+        # @return [String]
+        attr_accessor :display_name
+      
+        # The target usernames, roles, or groups of an SQL privilege grant, which is not
+        # an IAM policy change.
+        # Corresponds to the JSON property `grantees`
+        # @return [Array<String>]
+        attr_accessor :grantees
+      
+        # Some database resources may not have the [full resource name](https://google.
+        # aip.dev/122#full-resource-names) populated because these resource types are
+        # not yet supported by Cloud Asset Inventory (e.g. Cloud SQL databases). In
+        # these cases only the display name will be provided. The [full resource name](
+        # https://google.aip.dev/122#full-resource-names) of the database that the user
+        # connected to, if it is supported by Cloud Asset Inventory.
+        # Corresponds to the JSON property `name`
+        # @return [String]
+        attr_accessor :name
+      
+        # The SQL statement that is associated with the database access.
+        # Corresponds to the JSON property `query`
+        # @return [String]
+        attr_accessor :query
+      
+        # The username used to connect to the database. The username might not be an IAM
+        # principal and does not have a set format.
+        # Corresponds to the JSON property `userName`
+        # @return [String]
+        attr_accessor :user_name
+      
+        # The version of the database, for example, POSTGRES_14. See [the complete list](
+        # https://cloud.google.com/sql/docs/mysql/admin-api/rest/v1/SqlDatabaseVersion).
+        # Corresponds to the JSON property `version`
+        # @return [String]
+        attr_accessor :version
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @display_name = args[:display_name] if args.key?(:display_name)
+          @grantees = args[:grantees] if args.key?(:grantees)
+          @name = args[:name] if args.key?(:name)
+          @query = args[:query] if args.key?(:query)
+          @user_name = args[:user_name] if args.key?(:user_name)
+          @version = args[:version] if args.key?(:version)
+        end
+      end
+      
+      # Memory hash detection contributing to the binary family match.
+      class GoogleCloudSecuritycenterV2Detection
+        include Google::Apis::Core::Hashable
+      
+        # The name of the binary associated with the memory hash signature detection.
+        # Corresponds to the JSON property `binary`
+        # @return [String]
+        attr_accessor :binary
+      
+        # The percentage of memory page hashes in the signature that were matched.
+        # Corresponds to the JSON property `percentPagesMatched`
+        # @return [Float]
+        attr_accessor :percent_pages_matched
       
         def initialize(**args)
            update!(**args)
@@ -4650,6 +5132,26 @@ module Google
         end
       end
       
+      # Contains information about the disk associated with the finding.
+      class GoogleCloudSecuritycenterV2Disk
+        include Google::Apis::Core::Hashable
+      
+        # The name of the disk, for example, "https://www.googleapis.com/compute/v1/
+        # projects/project-id/zones/zone-id/disks/disk-id".
+        # Corresponds to the JSON property `name`
+        # @return [String]
+        attr_accessor :name
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @name = args[:name] if args.key?(:name)
+        end
+      end
+      
       # Path of the file in terms of underlying disk/partition identifiers.
       class GoogleCloudSecuritycenterV2DiskPath
         include Google::Apis::Core::Hashable
@@ -4677,6 +5179,33 @@ module Google
         end
       end
       
+      # The record of a dynamic mute rule that matches the finding.
+      class GoogleCloudSecuritycenterV2DynamicMuteRecord
+        include Google::Apis::Core::Hashable
+      
+        # When the dynamic mute rule first matched the finding.
+        # Corresponds to the JSON property `matchTime`
+        # @return [String]
+        attr_accessor :match_time
+      
+        # The relative resource name of the mute rule, represented by a mute config,
+        # that created this record, for example `organizations/123/muteConfigs/
+        # mymuteconfig` or `organizations/123/locations/global/muteConfigs/mymuteconfig`.
+        # Corresponds to the JSON property `muteConfig`
+        # @return [String]
+        attr_accessor :mute_config
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @match_time = args[:match_time] if args.key?(:match_time)
+          @mute_config = args[:mute_config] if args.key?(:mute_config)
+        end
+      end
+      
       # A name-value pair representing an environment variable used in an operating
       # system process.
       class GoogleCloudSecuritycenterV2EnvironmentVariable
@@ -5015,6 +5544,21 @@ module Google
         # @return [String]
         attr_accessor :create_time
       
+        # Data access events associated with the finding.
+        # Corresponds to the JSON property `dataAccessEvents`
+        # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2DataAccessEvent>]
+        attr_accessor :data_access_events
+      
+        # Data flow events associated with the finding.
+        # Corresponds to the JSON property `dataFlowEvents`
+        # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2DataFlowEvent>]
+        attr_accessor :data_flow_events
+      
+        # Data retention deletion events associated with the finding.
+        # Corresponds to the JSON property `dataRetentionDeletionEvents`
+        # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2DataRetentionDeletionEvent>]
+        attr_accessor :data_retention_deletion_events
+      
         # Represents database access information, such as queries. A database may be a
         # sub-resource of an instance (as in the case of Cloud SQL instances or Cloud
         # Spanner instances), or the database instance itself. Some database resources
@@ -5031,6 +5575,11 @@ module Google
         # @return [String]
         attr_accessor :description
       
+        # Contains information about the disk associated with the finding.
+        # Corresponds to the JSON property `disk`
+        # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Disk]
+        attr_accessor :disk
+      
         # The time the finding was first detected. If an existing finding is updated,
         # then this is the time the update occurred. For example, if the finding
         # represents an open firewall, this property captures the time the detector
@@ -5132,6 +5681,12 @@ module Google
         # @return [String]
         attr_accessor :mute
       
+        # Mute information about the finding, including whether the finding has a static
+        # mute or any matching dynamic mute rules.
+        # Corresponds to the JSON property `muteInfo`
+        # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2MuteInfo]
+        attr_accessor :mute_info
+      
         # Records additional information about the mute operation, for example, the [
         # mute configuration](https://cloud.google.com/security-command-center/docs/how-
         # to-mute-findings) that muted the finding and the user who muted the finding.
@@ -5215,44 +5770,604 @@ module Google
         # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2SecurityMarks]
         attr_accessor :security_marks
       
-        # Represents a posture that is deployed on Google Cloud by the Security Command
-        # Center Posture Management service. A posture contains one or more policy sets.
-        # A policy set is a group of policies that enforce a set of security rules on
-        # Google Cloud.
-        # Corresponds to the JSON property `securityPosture`
-        # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2SecurityPosture]
-        attr_accessor :security_posture
+        # Represents a posture that is deployed on Google Cloud by the Security Command
+        # Center Posture Management service. A posture contains one or more policy sets.
+        # A policy set is a group of policies that enforce a set of security rules on
+        # Google Cloud.
+        # Corresponds to the JSON property `securityPosture`
+        # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2SecurityPosture]
+        attr_accessor :security_posture
+      
+        # The severity of the finding. This field is managed by the source that writes
+        # the finding.
+        # Corresponds to the JSON property `severity`
+        # @return [String]
+        attr_accessor :severity
+      
+        # Source specific properties. These properties are managed by the source that
+        # writes the finding. The key names in the source_properties map must be between
+        # 1 and 255 characters, and must start with a letter and contain alphanumeric
+        # characters or underscores only.
+        # Corresponds to the JSON property `sourceProperties`
+        # @return [Hash<String,Object>]
+        attr_accessor :source_properties
+      
+        # Output only. The state of the finding.
+        # Corresponds to the JSON property `state`
+        # @return [String]
+        attr_accessor :state
+      
+        # Contains details about a group of security issues that, when the issues occur
+        # together, represent a greater risk than when the issues occur independently. A
+        # group of such issues is referred to as a toxic combination.
+        # Corresponds to the JSON property `toxicCombination`
+        # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2ToxicCombination]
+        attr_accessor :toxic_combination
+      
+        # Refers to common vulnerability fields e.g. cve, cvss, cwe etc.
+        # Corresponds to the JSON property `vulnerability`
+        # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Vulnerability]
+        attr_accessor :vulnerability
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @access = args[:access] if args.key?(:access)
+          @application = args[:application] if args.key?(:application)
+          @attack_exposure = args[:attack_exposure] if args.key?(:attack_exposure)
+          @backup_disaster_recovery = args[:backup_disaster_recovery] if args.key?(:backup_disaster_recovery)
+          @canonical_name = args[:canonical_name] if args.key?(:canonical_name)
+          @category = args[:category] if args.key?(:category)
+          @cloud_armor = args[:cloud_armor] if args.key?(:cloud_armor)
+          @cloud_dlp_data_profile = args[:cloud_dlp_data_profile] if args.key?(:cloud_dlp_data_profile)
+          @cloud_dlp_inspection = args[:cloud_dlp_inspection] if args.key?(:cloud_dlp_inspection)
+          @compliances = args[:compliances] if args.key?(:compliances)
+          @connections = args[:connections] if args.key?(:connections)
+          @contacts = args[:contacts] if args.key?(:contacts)
+          @containers = args[:containers] if args.key?(:containers)
+          @create_time = args[:create_time] if args.key?(:create_time)
+          @data_access_events = args[:data_access_events] if args.key?(:data_access_events)
+          @data_flow_events = args[:data_flow_events] if args.key?(:data_flow_events)
+          @data_retention_deletion_events = args[:data_retention_deletion_events] if args.key?(:data_retention_deletion_events)
+          @database = args[:database] if args.key?(:database)
+          @description = args[:description] if args.key?(:description)
+          @disk = args[:disk] if args.key?(:disk)
+          @event_time = args[:event_time] if args.key?(:event_time)
+          @exfiltration = args[:exfiltration] if args.key?(:exfiltration)
+          @external_systems = args[:external_systems] if args.key?(:external_systems)
+          @external_uri = args[:external_uri] if args.key?(:external_uri)
+          @files = args[:files] if args.key?(:files)
+          @finding_class = args[:finding_class] if args.key?(:finding_class)
+          @group_memberships = args[:group_memberships] if args.key?(:group_memberships)
+          @iam_bindings = args[:iam_bindings] if args.key?(:iam_bindings)
+          @indicator = args[:indicator] if args.key?(:indicator)
+          @kernel_rootkit = args[:kernel_rootkit] if args.key?(:kernel_rootkit)
+          @kubernetes = args[:kubernetes] if args.key?(:kubernetes)
+          @load_balancers = args[:load_balancers] if args.key?(:load_balancers)
+          @log_entries = args[:log_entries] if args.key?(:log_entries)
+          @mitre_attack = args[:mitre_attack] if args.key?(:mitre_attack)
+          @module_name = args[:module_name] if args.key?(:module_name)
+          @mute = args[:mute] if args.key?(:mute)
+          @mute_info = args[:mute_info] if args.key?(:mute_info)
+          @mute_initiator = args[:mute_initiator] if args.key?(:mute_initiator)
+          @mute_update_time = args[:mute_update_time] if args.key?(:mute_update_time)
+          @name = args[:name] if args.key?(:name)
+          @next_steps = args[:next_steps] if args.key?(:next_steps)
+          @notebook = args[:notebook] if args.key?(:notebook)
+          @org_policies = args[:org_policies] if args.key?(:org_policies)
+          @parent = args[:parent] if args.key?(:parent)
+          @parent_display_name = args[:parent_display_name] if args.key?(:parent_display_name)
+          @processes = args[:processes] if args.key?(:processes)
+          @resource_name = args[:resource_name] if args.key?(:resource_name)
+          @security_marks = args[:security_marks] if args.key?(:security_marks)
+          @security_posture = args[:security_posture] if args.key?(:security_posture)
+          @severity = args[:severity] if args.key?(:severity)
+          @source_properties = args[:source_properties] if args.key?(:source_properties)
+          @state = args[:state] if args.key?(:state)
+          @toxic_combination = args[:toxic_combination] if args.key?(:toxic_combination)
+          @vulnerability = args[:vulnerability] if args.key?(:vulnerability)
+        end
+      end
+      
+      # Message that contains the resource name and display name of a folder resource.
+      class GoogleCloudSecuritycenterV2Folder
+        include Google::Apis::Core::Hashable
+      
+        # Full resource name of this folder. See: https://cloud.google.com/apis/design/
+        # resource_names#full_resource_name
+        # Corresponds to the JSON property `resourceFolder`
+        # @return [String]
+        attr_accessor :resource_folder
+      
+        # The user defined display name for this folder.
+        # Corresponds to the JSON property `resourceFolderDisplayName`
+        # @return [String]
+        attr_accessor :resource_folder_display_name
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @resource_folder = args[:resource_folder] if args.key?(:resource_folder)
+          @resource_folder_display_name = args[:resource_folder_display_name] if args.key?(:resource_folder_display_name)
+        end
+      end
+      
+      # Represents a geographical location for a given access.
+      class GoogleCloudSecuritycenterV2Geolocation
+        include Google::Apis::Core::Hashable
+      
+        # A CLDR.
+        # Corresponds to the JSON property `regionCode`
+        # @return [String]
+        attr_accessor :region_code
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @region_code = args[:region_code] if args.key?(:region_code)
+        end
+      end
+      
+      # Contains details about groups of which this finding is a member. A group is a
+      # collection of findings that are related in some way.
+      class GoogleCloudSecuritycenterV2GroupMembership
+        include Google::Apis::Core::Hashable
+      
+        # ID of the group.
+        # Corresponds to the JSON property `groupId`
+        # @return [String]
+        attr_accessor :group_id
+      
+        # Type of group.
+        # Corresponds to the JSON property `groupType`
+        # @return [String]
+        attr_accessor :group_type
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @group_id = args[:group_id] if args.key?(:group_id)
+          @group_type = args[:group_type] if args.key?(:group_type)
+        end
+      end
+      
+      # Represents a particular IAM binding, which captures a member's role addition,
+      # removal, or state.
+      class GoogleCloudSecuritycenterV2IamBinding
+        include Google::Apis::Core::Hashable
+      
+        # The action that was performed on a Binding.
+        # Corresponds to the JSON property `action`
+        # @return [String]
+        attr_accessor :action
+      
+        # A single identity requesting access for a Cloud Platform resource, for example,
+        # "foo@google.com".
+        # Corresponds to the JSON property `member`
+        # @return [String]
+        attr_accessor :member
+      
+        # Role that is assigned to "members". For example, "roles/viewer", "roles/editor"
+        # , or "roles/owner".
+        # Corresponds to the JSON property `role`
+        # @return [String]
+        attr_accessor :role
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @action = args[:action] if args.key?(:action)
+          @member = args[:member] if args.key?(:member)
+          @role = args[:role] if args.key?(:role)
+        end
+      end
+      
+      # Represents what's commonly known as an _indicator of compromise_ (IoC) in
+      # computer forensics. This is an artifact observed on a network or in an
+      # operating system that, with high confidence, indicates a computer intrusion.
+      # For more information, see [Indicator of compromise](https://en.wikipedia.org/
+      # wiki/Indicator_of_compromise).
+      class GoogleCloudSecuritycenterV2Indicator
+        include Google::Apis::Core::Hashable
+      
+        # List of domains associated to the Finding.
+        # Corresponds to the JSON property `domains`
+        # @return [Array<String>]
+        attr_accessor :domains
+      
+        # The list of IP addresses that are associated with the finding.
+        # Corresponds to the JSON property `ipAddresses`
+        # @return [Array<String>]
+        attr_accessor :ip_addresses
+      
+        # The list of matched signatures indicating that the given process is present in
+        # the environment.
+        # Corresponds to the JSON property `signatures`
+        # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2ProcessSignature>]
+        attr_accessor :signatures
+      
+        # The list of URIs associated to the Findings.
+        # Corresponds to the JSON property `uris`
+        # @return [Array<String>]
+        attr_accessor :uris
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @domains = args[:domains] if args.key?(:domains)
+          @ip_addresses = args[:ip_addresses] if args.key?(:ip_addresses)
+          @signatures = args[:signatures] if args.key?(:signatures)
+          @uris = args[:uris] if args.key?(:uris)
+        end
+      end
+      
+      # Security Command Center Issue.
+      class GoogleCloudSecuritycenterV2Issue
+        include Google::Apis::Core::Hashable
+      
+        # Output only. The time the issue was created.
+        # Corresponds to the JSON property `createTime`
+        # @return [String]
+        attr_accessor :create_time
+      
+        # The description of the issue in Markdown format.
+        # Corresponds to the JSON property `description`
+        # @return [String]
+        attr_accessor :description
+      
+        # The finding category or rule name that generated the issue.
+        # Corresponds to the JSON property `detection`
+        # @return [String]
+        attr_accessor :detection
+      
+        # The domains of the issue.
+        # Corresponds to the JSON property `domains`
+        # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2IssueDomain>]
+        attr_accessor :domains
+      
+        # The exposure score of the issue.
+        # Corresponds to the JSON property `exposureScore`
+        # @return [Float]
+        attr_accessor :exposure_score
+      
+        # The type of the issue.
+        # Corresponds to the JSON property `issueType`
+        # @return [String]
+        attr_accessor :issue_type
+      
+        # The time the issue was last observed.
+        # Corresponds to the JSON property `lastObservationTime`
+        # @return [String]
+        attr_accessor :last_observation_time
+      
+        # The mute information of the issue.
+        # Corresponds to the JSON property `mute`
+        # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2IssueMute]
+        attr_accessor :mute
+      
+        # Identifier. The name of the issue. Format: organizations/`organization`/
+        # locations/`location`/issues/`issue`
+        # Corresponds to the JSON property `name`
+        # @return [String]
+        attr_accessor :name
+      
+        # A resource associated with the an issue.
+        # Corresponds to the JSON property `primaryResource`
+        # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2IssueResource]
+        attr_accessor :primary_resource
+      
+        # The findings related to the issue.
+        # Corresponds to the JSON property `relatedFindings`
+        # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2IssueFinding>]
+        attr_accessor :related_findings
+      
+        # Approaches to remediate the issue in Markdown format.
+        # Corresponds to the JSON property `remediations`
+        # @return [Array<String>]
+        attr_accessor :remediations
+      
+        # Additional resources associated with the issue.
+        # Corresponds to the JSON property `secondaryResources`
+        # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2IssueResource>]
+        attr_accessor :secondary_resources
+      
+        # The security context of the issue.
+        # Corresponds to the JSON property `securityContexts`
+        # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2IssueSecurityContext>]
+        attr_accessor :security_contexts
+      
+        # The severity of the issue.
+        # Corresponds to the JSON property `severity`
+        # @return [String]
+        attr_accessor :severity
+      
+        # Output only. The state of the issue.
+        # Corresponds to the JSON property `state`
+        # @return [String]
+        attr_accessor :state
+      
+        # Output only. The time the issue was last updated.
+        # Corresponds to the JSON property `updateTime`
+        # @return [String]
+        attr_accessor :update_time
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @create_time = args[:create_time] if args.key?(:create_time)
+          @description = args[:description] if args.key?(:description)
+          @detection = args[:detection] if args.key?(:detection)
+          @domains = args[:domains] if args.key?(:domains)
+          @exposure_score = args[:exposure_score] if args.key?(:exposure_score)
+          @issue_type = args[:issue_type] if args.key?(:issue_type)
+          @last_observation_time = args[:last_observation_time] if args.key?(:last_observation_time)
+          @mute = args[:mute] if args.key?(:mute)
+          @name = args[:name] if args.key?(:name)
+          @primary_resource = args[:primary_resource] if args.key?(:primary_resource)
+          @related_findings = args[:related_findings] if args.key?(:related_findings)
+          @remediations = args[:remediations] if args.key?(:remediations)
+          @secondary_resources = args[:secondary_resources] if args.key?(:secondary_resources)
+          @security_contexts = args[:security_contexts] if args.key?(:security_contexts)
+          @severity = args[:severity] if args.key?(:severity)
+          @state = args[:state] if args.key?(:state)
+          @update_time = args[:update_time] if args.key?(:update_time)
+        end
+      end
+      
+      # The domains of an issue.
+      class GoogleCloudSecuritycenterV2IssueDomain
+        include Google::Apis::Core::Hashable
+      
+        # The domain category of the issue.
+        # Corresponds to the JSON property `domainCategory`
+        # @return [String]
+        attr_accessor :domain_category
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @domain_category = args[:domain_category] if args.key?(:domain_category)
+        end
+      end
+      
+      # Finding related to an issue.
+      class GoogleCloudSecuritycenterV2IssueFinding
+        include Google::Apis::Core::Hashable
+      
+        # The CVE of the finding.
+        # Corresponds to the JSON property `cve`
+        # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2IssueFindingCve]
+        attr_accessor :cve
+      
+        # The name of the finding.
+        # Corresponds to the JSON property `name`
+        # @return [String]
+        attr_accessor :name
+      
+        # The security bulletin of the finding.
+        # Corresponds to the JSON property `securityBulletin`
+        # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2IssueFindingSecurityBulletin]
+        attr_accessor :security_bulletin
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @cve = args[:cve] if args.key?(:cve)
+          @name = args[:name] if args.key?(:name)
+          @security_bulletin = args[:security_bulletin] if args.key?(:security_bulletin)
+        end
+      end
+      
+      # The CVE of the finding.
+      class GoogleCloudSecuritycenterV2IssueFindingCve
+        include Google::Apis::Core::Hashable
+      
+        # The CVE name.
+        # Corresponds to the JSON property `name`
+        # @return [String]
+        attr_accessor :name
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @name = args[:name] if args.key?(:name)
+        end
+      end
+      
+      # The security bulletin of the finding.
+      class GoogleCloudSecuritycenterV2IssueFindingSecurityBulletin
+        include Google::Apis::Core::Hashable
+      
+        # The security bulletin name.
+        # Corresponds to the JSON property `name`
+        # @return [String]
+        attr_accessor :name
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @name = args[:name] if args.key?(:name)
+        end
+      end
+      
+      # The mute information of the issue.
+      class GoogleCloudSecuritycenterV2IssueMute
+        include Google::Apis::Core::Hashable
+      
+        # The email address of the user who last changed the mute state of the issue.
+        # Corresponds to the JSON property `muteInitiator`
+        # @return [String]
+        attr_accessor :mute_initiator
+      
+        # The user-provided reason for muting the issue.
+        # Corresponds to the JSON property `muteReason`
+        # @return [String]
+        attr_accessor :mute_reason
+      
+        # Output only. The mute state of the issue.
+        # Corresponds to the JSON property `muteState`
+        # @return [String]
+        attr_accessor :mute_state
+      
+        # The time the issue was muted.
+        # Corresponds to the JSON property `muteUpdateTime`
+        # @return [String]
+        attr_accessor :mute_update_time
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @mute_initiator = args[:mute_initiator] if args.key?(:mute_initiator)
+          @mute_reason = args[:mute_reason] if args.key?(:mute_reason)
+          @mute_state = args[:mute_state] if args.key?(:mute_state)
+          @mute_update_time = args[:mute_update_time] if args.key?(:mute_update_time)
+        end
+      end
+      
+      # A resource associated with the an issue.
+      class GoogleCloudSecuritycenterV2IssueResource
+        include Google::Apis::Core::Hashable
+      
+        # The AWS metadata of a resource associated with an issue.
+        # Corresponds to the JSON property `awsMetadata`
+        # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2IssueResourceAwsMetadata]
+        attr_accessor :aws_metadata
+      
+        # The Azure metadata of a resource associated with an issue.
+        # Corresponds to the JSON property `azureMetadata`
+        # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2IssueResourceAzureMetadata]
+        attr_accessor :azure_metadata
+      
+        # The cloud provider of the resource associated with the issue.
+        # Corresponds to the JSON property `cloudProvider`
+        # @return [String]
+        attr_accessor :cloud_provider
+      
+        # The resource-type specific display name of the resource associated with the
+        # issue.
+        # Corresponds to the JSON property `displayName`
+        # @return [String]
+        attr_accessor :display_name
+      
+        # Google Cloud metadata of a resource associated with an issue.
+        # Corresponds to the JSON property `googleCloudMetadata`
+        # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2IssueResourceGoogleCloudMetadata]
+        attr_accessor :google_cloud_metadata
+      
+        # The full resource name of the resource associated with the issue.
+        # Corresponds to the JSON property `name`
+        # @return [String]
+        attr_accessor :name
+      
+        # The type of the resource associated with the issue.
+        # Corresponds to the JSON property `type`
+        # @return [String]
+        attr_accessor :type
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @aws_metadata = args[:aws_metadata] if args.key?(:aws_metadata)
+          @azure_metadata = args[:azure_metadata] if args.key?(:azure_metadata)
+          @cloud_provider = args[:cloud_provider] if args.key?(:cloud_provider)
+          @display_name = args[:display_name] if args.key?(:display_name)
+          @google_cloud_metadata = args[:google_cloud_metadata] if args.key?(:google_cloud_metadata)
+          @name = args[:name] if args.key?(:name)
+          @type = args[:type] if args.key?(:type)
+        end
+      end
+      
+      # The AWS metadata of a resource associated with an issue.
+      class GoogleCloudSecuritycenterV2IssueResourceAwsMetadata
+        include Google::Apis::Core::Hashable
+      
+        # The AWS account of the resource associated with the issue.
+        # Corresponds to the JSON property `account`
+        # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2IssueResourceAwsMetadataAwsAccount]
+        attr_accessor :account
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @account = args[:account] if args.key?(:account)
+        end
+      end
+      
+      # The AWS account of the resource associated with the issue.
+      class GoogleCloudSecuritycenterV2IssueResourceAwsMetadataAwsAccount
+        include Google::Apis::Core::Hashable
+      
+        # The AWS account ID of the resource associated with the issue.
+        # Corresponds to the JSON property `id`
+        # @return [String]
+        attr_accessor :id
       
-        # The severity of the finding. This field is managed by the source that writes
-        # the finding.
-        # Corresponds to the JSON property `severity`
+        # The AWS account name of the resource associated with the issue.
+        # Corresponds to the JSON property `name`
         # @return [String]
-        attr_accessor :severity
+        attr_accessor :name
       
-        # Source specific properties. These properties are managed by the source that
-        # writes the finding. The key names in the source_properties map must be between
-        # 1 and 255 characters, and must start with a letter and contain alphanumeric
-        # characters or underscores only.
-        # Corresponds to the JSON property `sourceProperties`
-        # @return [Hash<String,Object>]
-        attr_accessor :source_properties
+        def initialize(**args)
+           update!(**args)
+        end
       
-        # Output only. The state of the finding.
-        # Corresponds to the JSON property `state`
-        # @return [String]
-        attr_accessor :state
+        # Update properties of this object
+        def update!(**args)
+          @id = args[:id] if args.key?(:id)
+          @name = args[:name] if args.key?(:name)
+        end
+      end
       
-        # Contains details about a group of security issues that, when the issues occur
-        # together, represent a greater risk than when the issues occur independently. A
-        # group of such issues is referred to as a toxic combination.
-        # Corresponds to the JSON property `toxicCombination`
-        # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2ToxicCombination]
-        attr_accessor :toxic_combination
+      # The Azure metadata of a resource associated with an issue.
+      class GoogleCloudSecuritycenterV2IssueResourceAzureMetadata
+        include Google::Apis::Core::Hashable
       
-        # Refers to common vulnerability fields e.g. cve, cvss, cwe etc.
-        # Corresponds to the JSON property `vulnerability`
-        # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Vulnerability]
-        attr_accessor :vulnerability
+        # The Azure subscription of the resource associated with the issue.
+        # Corresponds to the JSON property `subscription`
+        # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2IssueResourceAzureMetadataAzureSubscription]
+        attr_accessor :subscription
       
         def initialize(**args)
            update!(**args)
@@ -5260,72 +6375,23 @@ module Google
       
         # Update properties of this object
         def update!(**args)
-          @access = args[:access] if args.key?(:access)
-          @application = args[:application] if args.key?(:application)
-          @attack_exposure = args[:attack_exposure] if args.key?(:attack_exposure)
-          @backup_disaster_recovery = args[:backup_disaster_recovery] if args.key?(:backup_disaster_recovery)
-          @canonical_name = args[:canonical_name] if args.key?(:canonical_name)
-          @category = args[:category] if args.key?(:category)
-          @cloud_armor = args[:cloud_armor] if args.key?(:cloud_armor)
-          @cloud_dlp_data_profile = args[:cloud_dlp_data_profile] if args.key?(:cloud_dlp_data_profile)
-          @cloud_dlp_inspection = args[:cloud_dlp_inspection] if args.key?(:cloud_dlp_inspection)
-          @compliances = args[:compliances] if args.key?(:compliances)
-          @connections = args[:connections] if args.key?(:connections)
-          @contacts = args[:contacts] if args.key?(:contacts)
-          @containers = args[:containers] if args.key?(:containers)
-          @create_time = args[:create_time] if args.key?(:create_time)
-          @database = args[:database] if args.key?(:database)
-          @description = args[:description] if args.key?(:description)
-          @event_time = args[:event_time] if args.key?(:event_time)
-          @exfiltration = args[:exfiltration] if args.key?(:exfiltration)
-          @external_systems = args[:external_systems] if args.key?(:external_systems)
-          @external_uri = args[:external_uri] if args.key?(:external_uri)
-          @files = args[:files] if args.key?(:files)
-          @finding_class = args[:finding_class] if args.key?(:finding_class)
-          @group_memberships = args[:group_memberships] if args.key?(:group_memberships)
-          @iam_bindings = args[:iam_bindings] if args.key?(:iam_bindings)
-          @indicator = args[:indicator] if args.key?(:indicator)
-          @kernel_rootkit = args[:kernel_rootkit] if args.key?(:kernel_rootkit)
-          @kubernetes = args[:kubernetes] if args.key?(:kubernetes)
-          @load_balancers = args[:load_balancers] if args.key?(:load_balancers)
-          @log_entries = args[:log_entries] if args.key?(:log_entries)
-          @mitre_attack = args[:mitre_attack] if args.key?(:mitre_attack)
-          @module_name = args[:module_name] if args.key?(:module_name)
-          @mute = args[:mute] if args.key?(:mute)
-          @mute_initiator = args[:mute_initiator] if args.key?(:mute_initiator)
-          @mute_update_time = args[:mute_update_time] if args.key?(:mute_update_time)
-          @name = args[:name] if args.key?(:name)
-          @next_steps = args[:next_steps] if args.key?(:next_steps)
-          @notebook = args[:notebook] if args.key?(:notebook)
-          @org_policies = args[:org_policies] if args.key?(:org_policies)
-          @parent = args[:parent] if args.key?(:parent)
-          @parent_display_name = args[:parent_display_name] if args.key?(:parent_display_name)
-          @processes = args[:processes] if args.key?(:processes)
-          @resource_name = args[:resource_name] if args.key?(:resource_name)
-          @security_marks = args[:security_marks] if args.key?(:security_marks)
-          @security_posture = args[:security_posture] if args.key?(:security_posture)
-          @severity = args[:severity] if args.key?(:severity)
-          @source_properties = args[:source_properties] if args.key?(:source_properties)
-          @state = args[:state] if args.key?(:state)
-          @toxic_combination = args[:toxic_combination] if args.key?(:toxic_combination)
-          @vulnerability = args[:vulnerability] if args.key?(:vulnerability)
+          @subscription = args[:subscription] if args.key?(:subscription)
         end
       end
       
-      # Message that contains the resource name and display name of a folder resource.
-      class GoogleCloudSecuritycenterV2Folder
+      # The Azure subscription of the resource associated with the issue.
+      class GoogleCloudSecuritycenterV2IssueResourceAzureMetadataAzureSubscription
         include Google::Apis::Core::Hashable
       
-        # Full resource name of this folder. See: https://cloud.google.com/apis/design/
-        # resource_names#full_resource_name
-        # Corresponds to the JSON property `resourceFolder`
+        # The Azure subscription display name of the resource associated with the issue.
+        # Corresponds to the JSON property `displayName`
         # @return [String]
-        attr_accessor :resource_folder
+        attr_accessor :display_name
       
-        # The user defined display name for this folder.
-        # Corresponds to the JSON property `resourceFolderDisplayName`
+        # The Azure subscription ID of the resource associated with the issue.
+        # Corresponds to the JSON property `id`
         # @return [String]
-        attr_accessor :resource_folder_display_name
+        attr_accessor :id
       
         def initialize(**args)
            update!(**args)
@@ -5333,19 +6399,19 @@ module Google
       
         # Update properties of this object
         def update!(**args)
-          @resource_folder = args[:resource_folder] if args.key?(:resource_folder)
-          @resource_folder_display_name = args[:resource_folder_display_name] if args.key?(:resource_folder_display_name)
+          @display_name = args[:display_name] if args.key?(:display_name)
+          @id = args[:id] if args.key?(:id)
         end
       end
       
-      # Represents a geographical location for a given access.
-      class GoogleCloudSecuritycenterV2Geolocation
+      # Google Cloud metadata of a resource associated with an issue.
+      class GoogleCloudSecuritycenterV2IssueResourceGoogleCloudMetadata
         include Google::Apis::Core::Hashable
       
-        # A CLDR.
-        # Corresponds to the JSON property `regionCode`
+        # The project ID that the resource associated with the issue belongs to.
+        # Corresponds to the JSON property `projectId`
         # @return [String]
-        attr_accessor :region_code
+        attr_accessor :project_id
       
         def initialize(**args)
            update!(**args)
@@ -5353,24 +6419,23 @@ module Google
       
         # Update properties of this object
         def update!(**args)
-          @region_code = args[:region_code] if args.key?(:region_code)
+          @project_id = args[:project_id] if args.key?(:project_id)
         end
       end
       
-      # Contains details about groups of which this finding is a member. A group is a
-      # collection of findings that are related in some way.
-      class GoogleCloudSecuritycenterV2GroupMembership
+      # Security context associated with an issue.
+      class GoogleCloudSecuritycenterV2IssueSecurityContext
         include Google::Apis::Core::Hashable
       
-        # ID of the group.
-        # Corresponds to the JSON property `groupId`
-        # @return [String]
-        attr_accessor :group_id
+        # Aggregated count of a security context.
+        # Corresponds to the JSON property `aggregatedCount`
+        # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2IssueSecurityContextAggregatedCount]
+        attr_accessor :aggregated_count
       
-        # Type of group.
-        # Corresponds to the JSON property `groupType`
-        # @return [String]
-        attr_accessor :group_type
+        # Context of a security context.
+        # Corresponds to the JSON property `context`
+        # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2IssueSecurityContextContext]
+        attr_accessor :context
       
         def initialize(**args)
            update!(**args)
@@ -5378,32 +6443,24 @@ module Google
       
         # Update properties of this object
         def update!(**args)
-          @group_id = args[:group_id] if args.key?(:group_id)
-          @group_type = args[:group_type] if args.key?(:group_type)
+          @aggregated_count = args[:aggregated_count] if args.key?(:aggregated_count)
+          @context = args[:context] if args.key?(:context)
         end
       end
       
-      # Represents a particular IAM binding, which captures a member's role addition,
-      # removal, or state.
-      class GoogleCloudSecuritycenterV2IamBinding
+      # Aggregated count of a security context.
+      class GoogleCloudSecuritycenterV2IssueSecurityContextAggregatedCount
         include Google::Apis::Core::Hashable
       
-        # The action that was performed on a Binding.
-        # Corresponds to the JSON property `action`
-        # @return [String]
-        attr_accessor :action
-      
-        # A single identity requesting access for a Cloud Platform resource, for example,
-        # "foo@google.com".
-        # Corresponds to the JSON property `member`
+        # Aggregation key.
+        # Corresponds to the JSON property `key`
         # @return [String]
-        attr_accessor :member
+        attr_accessor :key
       
-        # Role that is assigned to "members". For example, "roles/viewer", "roles/editor"
-        # , or "roles/owner".
-        # Corresponds to the JSON property `role`
-        # @return [String]
-        attr_accessor :role
+        # Aggregation value.
+        # Corresponds to the JSON property `value`
+        # @return [Fixnum]
+        attr_accessor :value
       
         def initialize(**args)
            update!(**args)
@@ -5411,40 +6468,24 @@ module Google
       
         # Update properties of this object
         def update!(**args)
-          @action = args[:action] if args.key?(:action)
-          @member = args[:member] if args.key?(:member)
-          @role = args[:role] if args.key?(:role)
+          @key = args[:key] if args.key?(:key)
+          @value = args[:value] if args.key?(:value)
         end
       end
       
-      # Represents what's commonly known as an _indicator of compromise_ (IoC) in
-      # computer forensics. This is an artifact observed on a network or in an
-      # operating system that, with high confidence, indicates a computer intrusion.
-      # For more information, see [Indicator of compromise](https://en.wikipedia.org/
-      # wiki/Indicator_of_compromise).
-      class GoogleCloudSecuritycenterV2Indicator
+      # Context of a security context.
+      class GoogleCloudSecuritycenterV2IssueSecurityContextContext
         include Google::Apis::Core::Hashable
       
-        # List of domains associated to the Finding.
-        # Corresponds to the JSON property `domains`
-        # @return [Array<String>]
-        attr_accessor :domains
-      
-        # The list of IP addresses that are associated with the finding.
-        # Corresponds to the JSON property `ipAddresses`
-        # @return [Array<String>]
-        attr_accessor :ip_addresses
-      
-        # The list of matched signatures indicating that the given process is present in
-        # the environment.
-        # Corresponds to the JSON property `signatures`
-        # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2ProcessSignature>]
-        attr_accessor :signatures
+        # Context type.
+        # Corresponds to the JSON property `type`
+        # @return [String]
+        attr_accessor :type
       
-        # The list of URIs associated to the Findings.
-        # Corresponds to the JSON property `uris`
+        # Context values.
+        # Corresponds to the JSON property `values`
         # @return [Array<String>]
-        attr_accessor :uris
+        attr_accessor :values
       
         def initialize(**args)
            update!(**args)
@@ -5452,10 +6493,8 @@ module Google
       
         # Update properties of this object
         def update!(**args)
-          @domains = args[:domains] if args.key?(:domains)
-          @ip_addresses = args[:ip_addresses] if args.key?(:ip_addresses)
-          @signatures = args[:signatures] if args.key?(:signatures)
-          @uris = args[:uris] if args.key?(:uris)
+          @type = args[:type] if args.key?(:type)
+          @values = args[:values] if args.key?(:values)
         end
       end
       
@@ -5764,6 +6803,12 @@ module Google
         # @return [String]
         attr_accessor :description
       
+        # Optional. The expiry of the mute config. Only applicable for dynamic configs.
+        # If the expiry is set, when the config expires, it is removed from all findings.
+        # Corresponds to the JSON property `expiryTime`
+        # @return [String]
+        attr_accessor :expiry_time
+      
         # Required. An expression that defines the filter to apply across create/update
         # events of findings. While creating a filter string, be mindful of the scope in
         # which the mute configuration is being created. E.g., If a filter contains
@@ -5817,6 +6862,7 @@ module Google
         def update!(**args)
           @create_time = args[:create_time] if args.key?(:create_time)
           @description = args[:description] if args.key?(:description)
+          @expiry_time = args[:expiry_time] if args.key?(:expiry_time)
           @filter = args[:filter] if args.key?(:filter)
           @most_recent_editor = args[:most_recent_editor] if args.key?(:most_recent_editor)
           @name = args[:name] if args.key?(:name)
@@ -5825,6 +6871,34 @@ module Google
         end
       end
       
+      # Mute information about the finding, including whether the finding has a static
+      # mute or any matching dynamic mute rules.
+      class GoogleCloudSecuritycenterV2MuteInfo
+        include Google::Apis::Core::Hashable
+      
+        # The list of dynamic mute rules that currently match the finding.
+        # Corresponds to the JSON property `dynamicMuteRecords`
+        # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2DynamicMuteRecord>]
+        attr_accessor :dynamic_mute_records
+      
+        # Information about the static mute state. A static mute state overrides any
+        # dynamic mute rules that apply to this finding. The static mute state can be
+        # set by a static mute rule or by muting the finding directly.
+        # Corresponds to the JSON property `staticMute`
+        # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2StaticMute]
+        attr_accessor :static_mute
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @dynamic_mute_records = args[:dynamic_mute_records] if args.key?(:dynamic_mute_records)
+          @static_mute = args[:static_mute] if args.key?(:static_mute)
+        end
+      end
+      
       # Kubernetes nodes associated with the finding.
       class GoogleCloudSecuritycenterV2Node
         include Google::Apis::Core::Hashable
@@ -6500,9 +7574,10 @@ module Google
         # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2SensitiveDataProtectionMapping]
         attr_accessor :sensitive_data_protection_mapping
       
-        # Tag values combined with `AND` to check against. Values in the form "tagValues/
-        # 123" Example: `[ "tagValues/123", "tagValues/456", "tagValues/789" ]` https://
-        # cloud.google.com/resource-manager/docs/tags/tags-creating-and-managing
+        # Tag values combined with `AND` to check against. For Google Cloud resources,
+        # they are tag value IDs in the form of "tagValues/123". Example: `[ "tagValues/
+        # 123", "tagValues/456", "tagValues/789" ]` https://cloud.google.com/resource-
+        # manager/docs/tags/tags-creating-and-managing
         # Corresponds to the JSON property `tagValues`
         # @return [Array<String>]
         attr_accessor :tag_values
@@ -6812,6 +7887,34 @@ module Google
         end
       end
       
+      # Information about the static mute state. A static mute state overrides any
+      # dynamic mute rules that apply to this finding. The static mute state can be
+      # set by a static mute rule or by muting the finding directly.
+      class GoogleCloudSecuritycenterV2StaticMute
+        include Google::Apis::Core::Hashable
+      
+        # When the static mute was applied.
+        # Corresponds to the JSON property `applyTime`
+        # @return [String]
+        attr_accessor :apply_time
+      
+        # The static mute state. If the value is `MUTED` or `UNMUTED`, then the finding'
+        # s overall mute state will have the same value.
+        # Corresponds to the JSON property `state`
+        # @return [String]
+        attr_accessor :state
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @apply_time = args[:apply_time] if args.key?(:apply_time)
+          @state = args[:state] if args.key?(:state)
+        end
+      end
+      
       # Represents a Kubernetes subject.
       class GoogleCloudSecuritycenterV2Subject
         include Google::Apis::Core::Hashable
@@ -7373,6 +8476,34 @@ module Google
         end
       end
       
+      # Mute information about the finding, including whether the finding has a static
+      # mute or any matching dynamic mute rules.
+      class MuteInfo
+        include Google::Apis::Core::Hashable
+      
+        # The list of dynamic mute rules that currently match the finding.
+        # Corresponds to the JSON property `dynamicMuteRecords`
+        # @return [Array<Google::Apis::SecuritycenterV1beta2::DynamicMuteRecord>]
+        attr_accessor :dynamic_mute_records
+      
+        # Information about the static mute state. A static mute state overrides any
+        # dynamic mute rules that apply to this finding. The static mute state can be
+        # set by a static mute rule or by muting the finding directly.
+        # Corresponds to the JSON property `staticMute`
+        # @return [Google::Apis::SecuritycenterV1beta2::StaticMute]
+        attr_accessor :static_mute
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @dynamic_mute_records = args[:dynamic_mute_records] if args.key?(:dynamic_mute_records)
+          @static_mute = args[:static_mute] if args.key?(:static_mute)
+        end
+      end
+      
       # Kubernetes nodes associated with the finding.
       class Node
         include Google::Apis::Core::Hashable
@@ -8242,6 +9373,34 @@ module Google
         end
       end
       
+      # Information about the static mute state. A static mute state overrides any
+      # dynamic mute rules that apply to this finding. The static mute state can be
+      # set by a static mute rule or by muting the finding directly.
+      class StaticMute
+        include Google::Apis::Core::Hashable
+      
+        # When the static mute was applied.
+        # Corresponds to the JSON property `applyTime`
+        # @return [String]
+        attr_accessor :apply_time
+      
+        # The static mute state. If the value is `MUTED` or `UNMUTED`, then the finding'
+        # s overall mute state will have the same value.
+        # Corresponds to the JSON property `state`
+        # @return [String]
+        attr_accessor :state
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @apply_time = args[:apply_time] if args.key?(:apply_time)
+          @state = args[:state] if args.key?(:state)
+        end
+      end
+      
       # Represents a Kubernetes subject.
       class Subject
         include Google::Apis::Core::Hashable