google-cloud-security_center-v1 0.16.0 → 0.19.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 137349fd5941ad792aa7a6e88ac8d8f4743b103c854f57fabc07801dd17c8db6
-  data.tar.gz: 816b02ef077b8c64ecaf0aea7f08d4360010b8593d4d66427a73670ac4420699
+  metadata.gz: b57284f2932157e2212960b955b61df6c6e0b4d0f4307fea8c0a08cd111e8b58
+  data.tar.gz: 2f0ea3acaa4e3995ce721c51a679b4cf6103c51b658fcd9bc5941531c8ad25fd
 SHA512:
-  metadata.gz: 2dc560bed92702466e2c3441ba9571435f7db903d3338195bd5e0bbb03315a94110cddea277c57624725b7f898a7d5dafccb564a4a839ed5565d78c152fede12
-  data.tar.gz: 142d65f1b2a722530aae4a34495cc8689ed1790e6ddd64a90010eaba6ccb9faea3d6df20b798cf09bf6c7f0d240936da22909580ac612b5c035c0800430c9bdb
+  metadata.gz: 5374096b8fde6fea9c9b70a5064fa2d8b77eb606b8809793627a24631e342be74f455ca6b455fff732ab65ce1befbbb09ec85f78c809ce96e022b92db728979f
+  data.tar.gz: 80e0126fee6525b015d2a13460ace133ae325b87d74848c1209fbc9d38d712d4ca478b9b1a2f3ba199b33a22d8bd2b8417fc5f85bcf539c32815ecfc01ad99a0

data/README.md

@@ -76,14 +76,14 @@ To browse ready to use code samples check [Google Cloud Samples](https://cloud.g
 
 ## Supported Ruby Versions
 
-This library is supported on Ruby 2.5+.
+This library is supported on Ruby 2.6+.
 
 Google provides official support for Ruby versions that are actively supported
 by Ruby Core—that is, Ruby versions that are either in normal maintenance or
-in security maintenance, and not end of life. Currently, this means Ruby 2.5
-and later. Older versions of Ruby _may_ still work, but are unsupported and not
-recommended. See https://www.ruby-lang.org/en/downloads/branches/ for details
-about the Ruby support schedule.
+in security maintenance, and not end of life. Older versions of Ruby _may_
+still work, but are unsupported and not recommended. See
+https://www.ruby-lang.org/en/downloads/branches/ for details about the Ruby
+support schedule.
 
 ## Which client should I use?
 

data/lib/google/cloud/security_center/v1/security_center/operations.rb

@@ -95,6 +95,9 @@ module Google
                 channel_args: @config.channel_args,
                 interceptors: @config.interceptors
               )
+
+              # Used by an LRO wrapper for some methods of this service
+              @operations_client = self
             end
 
             # Service calls

data/lib/google/cloud/security_center/v1/version.rb

@@ -21,7 +21,7 @@ module Google
   module Cloud
     module SecurityCenter
       module V1
-        VERSION = "0.16.0"
+        VERSION = "0.19.0"
       end
     end
   end

data/lib/google/cloud/securitycenter/v1/contact_details_pb.rb

@@ -0,0 +1,26 @@
+# Generated by the protocol buffer compiler.  DO NOT EDIT!
+# source: google/cloud/securitycenter/v1/contact_details.proto
+
+require 'google/protobuf'
+
+Google::Protobuf::DescriptorPool.generated_pool.build do
+  add_file("google/cloud/securitycenter/v1/contact_details.proto", :syntax => :proto3) do
+    add_message "google.cloud.securitycenter.v1.ContactDetails" do
+      repeated :contacts, :message, 1, "google.cloud.securitycenter.v1.Contact"
+    end
+    add_message "google.cloud.securitycenter.v1.Contact" do
+      optional :email, :string, 1
+    end
+  end
+end
+
+module Google
+  module Cloud
+    module SecurityCenter
+      module V1
+        ContactDetails = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.securitycenter.v1.ContactDetails").msgclass
+        Contact = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.securitycenter.v1.Contact").msgclass
+      end
+    end
+  end
+end

data/lib/google/cloud/securitycenter/v1/container_pb.rb

@@ -0,0 +1,27 @@
+# Generated by the protocol buffer compiler.  DO NOT EDIT!
+# source: google/cloud/securitycenter/v1/container.proto
+
+require 'google/protobuf'
+
+require 'google/cloud/securitycenter/v1/label_pb'
+
+Google::Protobuf::DescriptorPool.generated_pool.build do
+  add_file("google/cloud/securitycenter/v1/container.proto", :syntax => :proto3) do
+    add_message "google.cloud.securitycenter.v1.Container" do
+      optional :name, :string, 1
+      optional :uri, :string, 2
+      optional :image_id, :string, 3
+      repeated :labels, :message, 4, "google.cloud.securitycenter.v1.Label"
+    end
+  end
+end
+
+module Google
+  module Cloud
+    module SecurityCenter
+      module V1
+        Container = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.securitycenter.v1.Container").msgclass
+      end
+    end
+  end
+end

data/lib/google/cloud/securitycenter/v1/database_pb.rb

@@ -0,0 +1,26 @@
+# Generated by the protocol buffer compiler.  DO NOT EDIT!
+# source: google/cloud/securitycenter/v1/database.proto
+
+require 'google/protobuf'
+
+Google::Protobuf::DescriptorPool.generated_pool.build do
+  add_file("google/cloud/securitycenter/v1/database.proto", :syntax => :proto3) do
+    add_message "google.cloud.securitycenter.v1.Database" do
+      optional :name, :string, 1
+      optional :display_name, :string, 2
+      optional :user_name, :string, 3
+      optional :query, :string, 4
+      repeated :grantees, :string, 5
+    end
+  end
+end
+
+module Google
+  module Cloud
+    module SecurityCenter
+      module V1
+        Database = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.securitycenter.v1.Database").msgclass
+      end
+    end
+  end
+end

data/lib/google/cloud/securitycenter/v1/finding_pb.rb

@@ -8,10 +8,14 @@ require 'google/api/resource_pb'
 require 'google/cloud/securitycenter/v1/access_pb'
 require 'google/cloud/securitycenter/v1/compliance_pb'
 require 'google/cloud/securitycenter/v1/connection_pb'
+require 'google/cloud/securitycenter/v1/contact_details_pb'
+require 'google/cloud/securitycenter/v1/container_pb'
+require 'google/cloud/securitycenter/v1/database_pb'
 require 'google/cloud/securitycenter/v1/exfiltration_pb'
 require 'google/cloud/securitycenter/v1/external_system_pb'
 require 'google/cloud/securitycenter/v1/iam_binding_pb'
 require 'google/cloud/securitycenter/v1/indicator_pb'
+require 'google/cloud/securitycenter/v1/kubernetes_pb'
 require 'google/cloud/securitycenter/v1/mitre_attack_pb'
 require 'google/cloud/securitycenter/v1/process_pb'
 require 'google/cloud/securitycenter/v1/security_marks_pb'
@@ -45,11 +49,15 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
       repeated :connections, :message, 31, "google.cloud.securitycenter.v1.Connection"
       optional :mute_initiator, :string, 28
       repeated :processes, :message, 30, "google.cloud.securitycenter.v1.Process"
+      map :contacts, :string, :message, 33, "google.cloud.securitycenter.v1.ContactDetails"
       repeated :compliances, :message, 34, "google.cloud.securitycenter.v1.Compliance"
       optional :description, :string, 37
       optional :exfiltration, :message, 38, "google.cloud.securitycenter.v1.Exfiltration"
       repeated :iam_bindings, :message, 39, "google.cloud.securitycenter.v1.IamBinding"
       optional :next_steps, :string, 40
+      repeated :containers, :message, 42, "google.cloud.securitycenter.v1.Container"
+      optional :kubernetes, :message, 43, "google.cloud.securitycenter.v1.Kubernetes"
+      optional :database, :message, 44, "google.cloud.securitycenter.v1.Database"
     end
     add_enum "google.cloud.securitycenter.v1.Finding.State" do
       value :STATE_UNSPECIFIED, 0

data/lib/google/cloud/securitycenter/v1/indicator_pb.rb

@@ -8,6 +8,25 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
     add_message "google.cloud.securitycenter.v1.Indicator" do
       repeated :ip_addresses, :string, 1
       repeated :domains, :string, 2
+      repeated :signatures, :message, 3, "google.cloud.securitycenter.v1.Indicator.ProcessSignature"
+      repeated :uris, :string, 4
+    end
+    add_message "google.cloud.securitycenter.v1.Indicator.ProcessSignature" do
+      oneof :signature do
+        optional :memory_hash_signature, :message, 6, "google.cloud.securitycenter.v1.Indicator.ProcessSignature.MemoryHashSignature"
+        optional :yara_rule_signature, :message, 7, "google.cloud.securitycenter.v1.Indicator.ProcessSignature.YaraRuleSignature"
+      end
+    end
+    add_message "google.cloud.securitycenter.v1.Indicator.ProcessSignature.MemoryHashSignature" do
+      optional :binary_family, :string, 1
+      repeated :detections, :message, 4, "google.cloud.securitycenter.v1.Indicator.ProcessSignature.MemoryHashSignature.Detection"
+    end
+    add_message "google.cloud.securitycenter.v1.Indicator.ProcessSignature.MemoryHashSignature.Detection" do
+      optional :binary, :string, 2
+      optional :percent_pages_matched, :double, 3
+    end
+    add_message "google.cloud.securitycenter.v1.Indicator.ProcessSignature.YaraRuleSignature" do
+      optional :yara_rule, :string, 5
     end
   end
 end
@@ -17,6 +36,10 @@ module Google
     module SecurityCenter
       module V1
         Indicator = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.securitycenter.v1.Indicator").msgclass
+        Indicator::ProcessSignature = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.securitycenter.v1.Indicator.ProcessSignature").msgclass
+        Indicator::ProcessSignature::MemoryHashSignature = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.securitycenter.v1.Indicator.ProcessSignature.MemoryHashSignature").msgclass
+        Indicator::ProcessSignature::MemoryHashSignature::Detection = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.securitycenter.v1.Indicator.ProcessSignature.MemoryHashSignature.Detection").msgclass
+        Indicator::ProcessSignature::YaraRuleSignature = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.securitycenter.v1.Indicator.ProcessSignature.YaraRuleSignature").msgclass
       end
     end
   end

data/lib/google/cloud/securitycenter/v1/kubernetes_pb.rb

@@ -0,0 +1,88 @@
+# Generated by the protocol buffer compiler.  DO NOT EDIT!
+# source: google/cloud/securitycenter/v1/kubernetes.proto
+
+require 'google/protobuf'
+
+require 'google/cloud/securitycenter/v1/container_pb'
+require 'google/cloud/securitycenter/v1/label_pb'
+
+Google::Protobuf::DescriptorPool.generated_pool.build do
+  add_file("google/cloud/securitycenter/v1/kubernetes.proto", :syntax => :proto3) do
+    add_message "google.cloud.securitycenter.v1.Kubernetes" do
+      repeated :pods, :message, 1, "google.cloud.securitycenter.v1.Kubernetes.Pod"
+      repeated :nodes, :message, 2, "google.cloud.securitycenter.v1.Kubernetes.Node"
+      repeated :node_pools, :message, 3, "google.cloud.securitycenter.v1.Kubernetes.NodePool"
+      repeated :roles, :message, 4, "google.cloud.securitycenter.v1.Kubernetes.Role"
+      repeated :bindings, :message, 5, "google.cloud.securitycenter.v1.Kubernetes.Binding"
+      repeated :access_reviews, :message, 6, "google.cloud.securitycenter.v1.Kubernetes.AccessReview"
+    end
+    add_message "google.cloud.securitycenter.v1.Kubernetes.Pod" do
+      optional :ns, :string, 1
+      optional :name, :string, 2
+      repeated :labels, :message, 3, "google.cloud.securitycenter.v1.Label"
+      repeated :containers, :message, 4, "google.cloud.securitycenter.v1.Container"
+    end
+    add_message "google.cloud.securitycenter.v1.Kubernetes.Node" do
+      optional :name, :string, 1
+    end
+    add_message "google.cloud.securitycenter.v1.Kubernetes.NodePool" do
+      optional :name, :string, 1
+      repeated :nodes, :message, 2, "google.cloud.securitycenter.v1.Kubernetes.Node"
+    end
+    add_message "google.cloud.securitycenter.v1.Kubernetes.Role" do
+      optional :kind, :enum, 1, "google.cloud.securitycenter.v1.Kubernetes.Role.Kind"
+      optional :ns, :string, 2
+      optional :name, :string, 3
+    end
+    add_enum "google.cloud.securitycenter.v1.Kubernetes.Role.Kind" do
+      value :KIND_UNSPECIFIED, 0
+      value :ROLE, 1
+      value :CLUSTER_ROLE, 2
+    end
+    add_message "google.cloud.securitycenter.v1.Kubernetes.Binding" do
+      optional :ns, :string, 1
+      optional :name, :string, 2
+      optional :role, :message, 3, "google.cloud.securitycenter.v1.Kubernetes.Role"
+      repeated :subjects, :message, 4, "google.cloud.securitycenter.v1.Kubernetes.Subject"
+    end
+    add_message "google.cloud.securitycenter.v1.Kubernetes.Subject" do
+      optional :kind, :enum, 1, "google.cloud.securitycenter.v1.Kubernetes.Subject.AuthType"
+      optional :ns, :string, 2
+      optional :name, :string, 3
+    end
+    add_enum "google.cloud.securitycenter.v1.Kubernetes.Subject.AuthType" do
+      value :AUTH_TYPE_UNSPECIFIED, 0
+      value :USER, 1
+      value :SERVICEACCOUNT, 2
+      value :GROUP, 3
+    end
+    add_message "google.cloud.securitycenter.v1.Kubernetes.AccessReview" do
+      optional :group, :string, 1
+      optional :ns, :string, 2
+      optional :name, :string, 3
+      optional :resource, :string, 4
+      optional :subresource, :string, 5
+      optional :verb, :string, 6
+      optional :version, :string, 7
+    end
+  end
+end
+
+module Google
+  module Cloud
+    module SecurityCenter
+      module V1
+        Kubernetes = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.securitycenter.v1.Kubernetes").msgclass
+        Kubernetes::Pod = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.securitycenter.v1.Kubernetes.Pod").msgclass
+        Kubernetes::Node = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.securitycenter.v1.Kubernetes.Node").msgclass
+        Kubernetes::NodePool = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.securitycenter.v1.Kubernetes.NodePool").msgclass
+        Kubernetes::Role = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.securitycenter.v1.Kubernetes.Role").msgclass
+        Kubernetes::Role::Kind = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.securitycenter.v1.Kubernetes.Role.Kind").enummodule
+        Kubernetes::Binding = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.securitycenter.v1.Kubernetes.Binding").msgclass
+        Kubernetes::Subject = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.securitycenter.v1.Kubernetes.Subject").msgclass
+        Kubernetes::Subject::AuthType = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.securitycenter.v1.Kubernetes.Subject.AuthType").enummodule
+        Kubernetes::AccessReview = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.securitycenter.v1.Kubernetes.AccessReview").msgclass
+      end
+    end
+  end
+end

data/lib/google/cloud/securitycenter/v1/label_pb.rb

@@ -0,0 +1,23 @@
+# Generated by the protocol buffer compiler.  DO NOT EDIT!
+# source: google/cloud/securitycenter/v1/label.proto
+
+require 'google/protobuf'
+
+Google::Protobuf::DescriptorPool.generated_pool.build do
+  add_file("google/cloud/securitycenter/v1/label.proto", :syntax => :proto3) do
+    add_message "google.cloud.securitycenter.v1.Label" do
+      optional :name, :string, 1
+      optional :value, :string, 2
+    end
+  end
+end
+
+module Google
+  module Cloud
+    module SecurityCenter
+      module V1
+        Label = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.securitycenter.v1.Label").msgclass
+      end
+    end
+  end
+end

data/lib/google/cloud/securitycenter/v1/mitre_attack_pb.rb

@@ -62,6 +62,9 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
       value :DATA_DESTRUCTION, 29
       value :DOMAIN_POLICY_MODIFICATION, 30
       value :IMPAIR_DEFENSES, 31
+      value :NETWORK_SERVICE_DISCOVERY, 32
+      value :ACCESS_TOKEN_MANIPULATION, 33
+      value :ABUSE_ELEVATION_CONTROL_MECHANISM, 34
     end
   end
 end

data/lib/google/cloud/securitycenter/v1/process_pb.rb

@@ -8,6 +8,7 @@ require 'google/cloud/securitycenter/v1/file_pb'
 Google::Protobuf::DescriptorPool.generated_pool.build do
   add_file("google/cloud/securitycenter/v1/process.proto", :syntax => :proto3) do
     add_message "google.cloud.securitycenter.v1.Process" do
+      optional :name, :string, 12
       optional :binary, :message, 3, "google.cloud.securitycenter.v1.File"
       repeated :libraries, :message, 4, "google.cloud.securitycenter.v1.File"
       optional :script, :message, 5, "google.cloud.securitycenter.v1.File"

data/proto_docs/google/cloud/securitycenter/v1/contact_details.rb

@@ -0,0 +1,44 @@
+# frozen_string_literal: true
+
+# Copyright 2022 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+
+
+module Google
+  module Cloud
+    module SecurityCenter
+      module V1
+        # The details pertaining to specific contacts
+        # @!attribute [rw] contacts
+        #   @return [::Array<::Google::Cloud::SecurityCenter::V1::Contact>]
+        #     A list of contacts
+        class ContactDetails
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # Representa a single contact's email address
+        # @!attribute [rw] email
+        #   @return [::String]
+        #     An email address e.g. "person123@company.com"
+        class Contact
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+      end
+    end
+  end
+end

data/proto_docs/google/cloud/securitycenter/v1/container.rb

@@ -0,0 +1,47 @@
+# frozen_string_literal: true
+
+# Copyright 2022 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+
+
+module Google
+  module Cloud
+    module SecurityCenter
+      module V1
+        # Container associated with the finding.
+        # @!attribute [rw] name
+        #   @return [::String]
+        #     Container name.
+        # @!attribute [rw] uri
+        #   @return [::String]
+        #     Container image URI provided when configuring a pod/container.
+        #     May identify a container image version using mutable tags.
+        # @!attribute [rw] image_id
+        #   @return [::String]
+        #     Optional container image id, when provided by the container runtime.
+        #     Uniquely identifies the container image launched using a container image
+        #     digest.
+        # @!attribute [rw] labels
+        #   @return [::Array<::Google::Cloud::SecurityCenter::V1::Label>]
+        #     Container labels, as provided by the container runtime.
+        class Container
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+      end
+    end
+  end
+end

data/proto_docs/google/cloud/securitycenter/v1/database.rb

@@ -0,0 +1,56 @@
+# frozen_string_literal: true
+
+# Copyright 2022 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+
+
+module Google
+  module Cloud
+    module SecurityCenter
+      module V1
+        # Represents database access information, such as queries.
+        # A database may be a sub-resource of an instance (as in the case of CloudSQL
+        # instances or Cloud Spanner instances), or the database instance itself.
+        # Some database resources may not have the full resource name populated
+        # because these resource types are not yet supported by Cloud Asset Inventory
+        # (e.g. CloudSQL databases).  In these cases only the display name will be
+        # provided.
+        # @!attribute [rw] name
+        #   @return [::String]
+        #     The full resource name of the database the user connected to, if it is
+        #     supported by CAI. (https://google.aip.dev/122#full-resource-names)
+        # @!attribute [rw] display_name
+        #   @return [::String]
+        #     The human readable name of the database the user connected to.
+        # @!attribute [rw] user_name
+        #   @return [::String]
+        #     The username used to connect to the DB. This may not necessarily be an IAM
+        #     principal, and has no required format.
+        # @!attribute [rw] query
+        #   @return [::String]
+        #     The SQL statement associated with the relevant access.
+        # @!attribute [rw] grantees
+        #   @return [::Array<::String>]
+        #     The target usernames/roles/groups of a SQL privilege grant (not an IAM
+        #     policy change).
+        class Database
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+      end
+    end
+  end
+end

data/proto_docs/google/cloud/securitycenter/v1/file.rb

@@ -32,7 +32,7 @@ module Google
         # @!attribute [rw] sha256
         #   @return [::String]
         #     SHA256 hash of the first hashed_size bytes of the file encoded as a
-        #     hex string.  If hashed_size == size, hash_sha256 represents the SHA256 hash
+        #     hex string.  If hashed_size == size, sha256 represents the SHA256 hash
         #     of the entire file.
         # @!attribute [rw] hashed_size
         #   @return [::Integer]

data/proto_docs/google/cloud/securitycenter/v1/finding.rb

@@ -144,6 +144,25 @@ module Google
         # @!attribute [rw] processes
         #   @return [::Array<::Google::Cloud::SecurityCenter::V1::Process>]
         #     Represents operating system processes associated with the Finding.
+        # @!attribute [r] contacts
+        #   @return [::Google::Protobuf::Map{::String => ::Google::Cloud::SecurityCenter::V1::ContactDetails}]
+        #     Output only. Map containing the point of contacts for the given finding.
+        #     The key represents the type of contact, while the value contains a list of
+        #     all the contacts that pertain. Please refer to:
+        #     https://cloud.google.com/resource-manager/docs/managing-notification-contacts#notification-categories
+        #
+        #         {
+        #           "security": {
+        #             "contacts": [
+        #               {
+        #                 "email": "person1@company.com"
+        #               },
+        #               {
+        #                 "email": "person2@company.com"
+        #               }
+        #             ]
+        #           }
+        #         }
         # @!attribute [rw] compliances
         #   @return [::Array<::Google::Cloud::SecurityCenter::V1::Compliance>]
         #     Contains compliance information for security standards associated to the
@@ -160,6 +179,16 @@ module Google
         # @!attribute [rw] next_steps
         #   @return [::String]
         #     Next steps associate to the finding.
+        # @!attribute [rw] containers
+        #   @return [::Array<::Google::Cloud::SecurityCenter::V1::Container>]
+        #     Containers associated with the finding. containers provides information
+        #     for both Kubernetes and non-Kubernetes containers.
+        # @!attribute [rw] kubernetes
+        #   @return [::Google::Cloud::SecurityCenter::V1::Kubernetes]
+        #     Kubernetes resources associated with the finding.
+        # @!attribute [rw] database
+        #   @return [::Google::Cloud::SecurityCenter::V1::Database]
+        #     Database associated with the finding.
         class Finding
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -182,6 +211,15 @@ module Google
             extend ::Google::Protobuf::MessageExts::ClassMethods
           end
 
+          # @!attribute [rw] key
+          #   @return [::String]
+          # @!attribute [rw] value
+          #   @return [::Google::Cloud::SecurityCenter::V1::ContactDetails]
+          class ContactsEntry
+            include ::Google::Protobuf::MessageExts
+            extend ::Google::Protobuf::MessageExts::ClassMethods
+          end
+
           # The state of the finding.
           module State
             # Unspecified state.

data/proto_docs/google/cloud/securitycenter/v1/indicator.rb

@@ -31,9 +31,64 @@ module Google
         # @!attribute [rw] domains
         #   @return [::Array<::String>]
         #     List of domains associated to the Finding.
+        # @!attribute [rw] signatures
+        #   @return [::Array<::Google::Cloud::SecurityCenter::V1::Indicator::ProcessSignature>]
+        #     The list of matched signatures indicating that the given
+        #     process is present in the environment.
+        # @!attribute [rw] uris
+        #   @return [::Array<::String>]
+        #     The list of URIs associated to the Findings.
         class Indicator
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
+
+          # Indicates what signature matched this process.
+          # @!attribute [rw] memory_hash_signature
+          #   @return [::Google::Cloud::SecurityCenter::V1::Indicator::ProcessSignature::MemoryHashSignature]
+          #     Signature indicating that a binary family was matched.
+          # @!attribute [rw] yara_rule_signature
+          #   @return [::Google::Cloud::SecurityCenter::V1::Indicator::ProcessSignature::YaraRuleSignature]
+          #     Signature indicating that a YARA rule was matched.
+          class ProcessSignature
+            include ::Google::Protobuf::MessageExts
+            extend ::Google::Protobuf::MessageExts::ClassMethods
+
+            # A signature corresponding to memory page hashes.
+            # @!attribute [rw] binary_family
+            #   @return [::String]
+            #     The binary family.
+            # @!attribute [rw] detections
+            #   @return [::Array<::Google::Cloud::SecurityCenter::V1::Indicator::ProcessSignature::MemoryHashSignature::Detection>]
+            #     The list of memory hash detections contributing to the binary family
+            #     match.
+            class MemoryHashSignature
+              include ::Google::Protobuf::MessageExts
+              extend ::Google::Protobuf::MessageExts::ClassMethods
+
+              # Memory hash detection contributing to the binary family match.
+              # @!attribute [rw] binary
+              #   @return [::String]
+              #     The name of the binary associated with the memory hash
+              #     signature detection.
+              # @!attribute [rw] percent_pages_matched
+              #   @return [::Float]
+              #     The percentage of memory page hashes in the signature
+              #     that were matched.
+              class Detection
+                include ::Google::Protobuf::MessageExts
+                extend ::Google::Protobuf::MessageExts::ClassMethods
+              end
+            end
+
+            # A signature corresponding to a YARA rule.
+            # @!attribute [rw] yara_rule
+            #   @return [::String]
+            #     The name of the YARA rule.
+            class YaraRuleSignature
+              include ::Google::Protobuf::MessageExts
+              extend ::Google::Protobuf::MessageExts::ClassMethods
+            end
+          end
         end
       end
     end

data/proto_docs/google/cloud/securitycenter/v1/kubernetes.rb

@@ -0,0 +1,203 @@
+# frozen_string_literal: true
+
+# Copyright 2022 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+
+
+module Google
+  module Cloud
+    module SecurityCenter
+      module V1
+        # Kubernetes related attributes.
+        # @!attribute [rw] pods
+        #   @return [::Array<::Google::Cloud::SecurityCenter::V1::Kubernetes::Pod>]
+        #     Kubernetes Pods associated with the finding. This field will contain Pod
+        #     records for each container that is owned by a Pod.
+        # @!attribute [rw] nodes
+        #   @return [::Array<::Google::Cloud::SecurityCenter::V1::Kubernetes::Node>]
+        #     Provides Kubernetes Node information.
+        # @!attribute [rw] node_pools
+        #   @return [::Array<::Google::Cloud::SecurityCenter::V1::Kubernetes::NodePool>]
+        #     GKE Node Pools associated with the finding. This field will
+        #     contain NodePool information for each Node, when it is available.
+        # @!attribute [rw] roles
+        #   @return [::Array<::Google::Cloud::SecurityCenter::V1::Kubernetes::Role>]
+        #     Provides Kubernetes role information for findings that involve
+        #     Roles or ClusterRoles.
+        # @!attribute [rw] bindings
+        #   @return [::Array<::Google::Cloud::SecurityCenter::V1::Kubernetes::Binding>]
+        #     Provides Kubernetes role binding information for findings that involve
+        #     RoleBindings or ClusterRoleBindings.
+        # @!attribute [rw] access_reviews
+        #   @return [::Array<::Google::Cloud::SecurityCenter::V1::Kubernetes::AccessReview>]
+        #     Provides information on any Kubernetes access reviews (i.e. privilege
+        #     checks) relevant to the finding.
+        class Kubernetes
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+
+          # Kubernetes Pod.
+          # @!attribute [rw] ns
+          #   @return [::String]
+          #     Kubernetes Pod namespace.
+          # @!attribute [rw] name
+          #   @return [::String]
+          #     Kubernetes Pod name.
+          # @!attribute [rw] labels
+          #   @return [::Array<::Google::Cloud::SecurityCenter::V1::Label>]
+          #     Pod labels.  For Kubernetes containers, these are applied to the
+          #     container.
+          # @!attribute [rw] containers
+          #   @return [::Array<::Google::Cloud::SecurityCenter::V1::Container>]
+          #     Pod containers associated with this finding, if any.
+          class Pod
+            include ::Google::Protobuf::MessageExts
+            extend ::Google::Protobuf::MessageExts::ClassMethods
+          end
+
+          # Kubernetes Nodes associated with the finding.
+          # @!attribute [rw] name
+          #   @return [::String]
+          #     Full Resource name of the Compute Engine VM running the
+          #     cluster node.
+          class Node
+            include ::Google::Protobuf::MessageExts
+            extend ::Google::Protobuf::MessageExts::ClassMethods
+          end
+
+          # Provides GKE Node Pool information.
+          # @!attribute [rw] name
+          #   @return [::String]
+          #     Kubernetes Node pool name.
+          # @!attribute [rw] nodes
+          #   @return [::Array<::Google::Cloud::SecurityCenter::V1::Kubernetes::Node>]
+          #     Nodes associated with the finding.
+          class NodePool
+            include ::Google::Protobuf::MessageExts
+            extend ::Google::Protobuf::MessageExts::ClassMethods
+          end
+
+          # Kubernetes Role or ClusterRole.
+          # @!attribute [rw] kind
+          #   @return [::Google::Cloud::SecurityCenter::V1::Kubernetes::Role::Kind]
+          #     Role type.
+          # @!attribute [rw] ns
+          #   @return [::String]
+          #     Role namespace.
+          # @!attribute [rw] name
+          #   @return [::String]
+          #     Role name.
+          class Role
+            include ::Google::Protobuf::MessageExts
+            extend ::Google::Protobuf::MessageExts::ClassMethods
+
+            # Types of Kubernetes roles.
+            module Kind
+              # Role type is not specified.
+              KIND_UNSPECIFIED = 0
+
+              # Kubernetes Role.
+              ROLE = 1
+
+              # Kubernetes ClusterRole.
+              CLUSTER_ROLE = 2
+            end
+          end
+
+          # Represents a Kubernetes RoleBinding or ClusterRoleBinding.
+          # @!attribute [rw] ns
+          #   @return [::String]
+          #     Namespace for binding.
+          # @!attribute [rw] name
+          #   @return [::String]
+          #     Name for binding.
+          # @!attribute [rw] role
+          #   @return [::Google::Cloud::SecurityCenter::V1::Kubernetes::Role]
+          #     The Role or ClusterRole referenced by the binding.
+          # @!attribute [rw] subjects
+          #   @return [::Array<::Google::Cloud::SecurityCenter::V1::Kubernetes::Subject>]
+          #     Represents the subjects(s) bound to the role. Not always available
+          #     for PATCH requests.
+          class Binding
+            include ::Google::Protobuf::MessageExts
+            extend ::Google::Protobuf::MessageExts::ClassMethods
+          end
+
+          # Represents a Kubernetes Subject.
+          # @!attribute [rw] kind
+          #   @return [::Google::Cloud::SecurityCenter::V1::Kubernetes::Subject::AuthType]
+          #     Authentication type for subject.
+          # @!attribute [rw] ns
+          #   @return [::String]
+          #     Namespace for subject.
+          # @!attribute [rw] name
+          #   @return [::String]
+          #     Name for subject.
+          class Subject
+            include ::Google::Protobuf::MessageExts
+            extend ::Google::Protobuf::MessageExts::ClassMethods
+
+            # Auth types that can be used for Subject's kind field.
+            module AuthType
+              # Authentication is not specified.
+              AUTH_TYPE_UNSPECIFIED = 0
+
+              # User with valid certificate.
+              USER = 1
+
+              # Users managed by Kubernetes API with credentials stored as Secrets.
+              SERVICEACCOUNT = 2
+
+              # Collection of users.
+              GROUP = 3
+            end
+          end
+
+          # Conveys information about a Kubernetes access review (e.g. kubectl auth
+          # can-i ...) that was involved in a finding.
+          # @!attribute [rw] group
+          #   @return [::String]
+          #     Group is the API Group of the Resource. "*" means all.
+          # @!attribute [rw] ns
+          #   @return [::String]
+          #     Namespace of the action being requested. Currently, there is no
+          #     distinction between no namespace and all namespaces.  Both
+          #     are represented by "" (empty).
+          # @!attribute [rw] name
+          #   @return [::String]
+          #     Name is the name of the resource being requested. Empty means all.
+          # @!attribute [rw] resource
+          #   @return [::String]
+          #     Resource is the optional resource type requested. "*" means all.
+          # @!attribute [rw] subresource
+          #   @return [::String]
+          #     Subresource is the optional subresource type.
+          # @!attribute [rw] verb
+          #   @return [::String]
+          #     Verb is a Kubernetes resource API verb, like: get, list, watch, create,
+          #     update, delete, proxy. "*" means all.
+          # @!attribute [rw] version
+          #   @return [::String]
+          #     Version is the API Version of the Resource. "*" means all.
+          class AccessReview
+            include ::Google::Protobuf::MessageExts
+            extend ::Google::Protobuf::MessageExts::ClassMethods
+          end
+        end
+      end
+    end
+  end
+end

data/proto_docs/google/cloud/securitycenter/v1/label.rb

@@ -0,0 +1,39 @@
+# frozen_string_literal: true
+
+# Copyright 2022 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+
+
+module Google
+  module Cloud
+    module SecurityCenter
+      module V1
+        # Label represents a generic name=value label. Label has separate name and
+        # value fields to support filtering with contains().
+        # @!attribute [rw] name
+        #   @return [::String]
+        #     Label name.
+        # @!attribute [rw] value
+        #   @return [::String]
+        #     Label value.
+        class Label
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+      end
+    end
+  end
+end

data/proto_docs/google/cloud/securitycenter/v1/mitre_attack.rb

@@ -195,6 +195,15 @@ module Google
 
             # T1562
             IMPAIR_DEFENSES = 31
+
+            # T1046
+            NETWORK_SERVICE_DISCOVERY = 32
+
+            # T1134
+            ACCESS_TOKEN_MANIPULATION = 33
+
+            # T1548
+            ABUSE_ELEVATION_CONTROL_MECHANISM = 34
           end
         end
       end

data/proto_docs/google/cloud/securitycenter/v1/process.rb

@@ -22,6 +22,10 @@ module Google
     module SecurityCenter
       module V1
         # Represents an operating system process.
+        # @!attribute [rw] name
+        #   @return [::String]
+        #     The process name visible in utilities like `top` and `ps`; it can
+        #     be accessed via `/proc/[pid]/comm` and changed with `prctl(PR_SET_NAME)`.
         # @!attribute [rw] binary
         #   @return [::Google::Cloud::SecurityCenter::V1::File]
         #     File information for the process executable.

data/proto_docs/google/protobuf/empty.rb

@@ -26,8 +26,6 @@ module Google
     #     service Foo {
     #       rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty);
     #     }
-    #
-    # The JSON representation for `Empty` is empty JSON object `{}`.
     class Empty
       include ::Google::Protobuf::MessageExts
       extend ::Google::Protobuf::MessageExts::ClassMethods

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: google-cloud-security_center-v1
 version: !ruby/object:Gem::Version
-  version: 0.16.0
+  version: 0.19.0
 platform: ruby
 authors:
 - Google LLC
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2022-06-09 00:00:00.000000000 Z
+date: 2022-08-24 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: gapic-common
@@ -16,7 +16,7 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0.7'
+        version: '0.10'
     - - "<"
       - !ruby/object:Gem::Version
         version: 2.a
@@ -26,7 +26,7 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0.7'
+        version: '0.10'
     - - "<"
       - !ruby/object:Gem::Version
         version: 2.a
@@ -64,28 +64,28 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.25.1
+        version: 1.26.1
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.25.1
+        version: 1.26.1
 - !ruby/object:Gem::Dependency
   name: minitest
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '5.14'
+        version: '5.16'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '5.14'
+        version: '5.16'
 - !ruby/object:Gem::Dependency
   name: minitest-focus
   requirement: !ruby/object:Gem::Requirement
@@ -120,14 +120,14 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '12.0'
+        version: '13.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '12.0'
+        version: '13.0'
 - !ruby/object:Gem::Dependency
   name: redcarpet
   requirement: !ruby/object:Gem::Requirement
@@ -196,6 +196,9 @@ files:
 - lib/google/cloud/securitycenter/v1/bigquery_export_pb.rb
 - lib/google/cloud/securitycenter/v1/compliance_pb.rb
 - lib/google/cloud/securitycenter/v1/connection_pb.rb
+- lib/google/cloud/securitycenter/v1/contact_details_pb.rb
+- lib/google/cloud/securitycenter/v1/container_pb.rb
+- lib/google/cloud/securitycenter/v1/database_pb.rb
 - lib/google/cloud/securitycenter/v1/exfiltration_pb.rb
 - lib/google/cloud/securitycenter/v1/external_system_pb.rb
 - lib/google/cloud/securitycenter/v1/file_pb.rb
@@ -203,6 +206,8 @@ files:
 - lib/google/cloud/securitycenter/v1/folder_pb.rb
 - lib/google/cloud/securitycenter/v1/iam_binding_pb.rb
 - lib/google/cloud/securitycenter/v1/indicator_pb.rb
+- lib/google/cloud/securitycenter/v1/kubernetes_pb.rb
+- lib/google/cloud/securitycenter/v1/label_pb.rb
 - lib/google/cloud/securitycenter/v1/mitre_attack_pb.rb
 - lib/google/cloud/securitycenter/v1/mute_config_pb.rb
 - lib/google/cloud/securitycenter/v1/notification_config_pb.rb
@@ -224,6 +229,9 @@ files:
 - proto_docs/google/cloud/securitycenter/v1/bigquery_export.rb
 - proto_docs/google/cloud/securitycenter/v1/compliance.rb
 - proto_docs/google/cloud/securitycenter/v1/connection.rb
+- proto_docs/google/cloud/securitycenter/v1/contact_details.rb
+- proto_docs/google/cloud/securitycenter/v1/container.rb
+- proto_docs/google/cloud/securitycenter/v1/database.rb
 - proto_docs/google/cloud/securitycenter/v1/exfiltration.rb
 - proto_docs/google/cloud/securitycenter/v1/external_system.rb
 - proto_docs/google/cloud/securitycenter/v1/file.rb
@@ -231,6 +239,8 @@ files:
 - proto_docs/google/cloud/securitycenter/v1/folder.rb
 - proto_docs/google/cloud/securitycenter/v1/iam_binding.rb
 - proto_docs/google/cloud/securitycenter/v1/indicator.rb
+- proto_docs/google/cloud/securitycenter/v1/kubernetes.rb
+- proto_docs/google/cloud/securitycenter/v1/label.rb
 - proto_docs/google/cloud/securitycenter/v1/mitre_attack.rb
 - proto_docs/google/cloud/securitycenter/v1/mute_config.rb
 - proto_docs/google/cloud/securitycenter/v1/notification_config.rb
@@ -267,7 +277,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '2.5'
+      version: '2.6'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="