google-cloud-security_center-v1 0.36.0 → 0.38.0

data/proto_docs/google/cloud/securitycenter/v1/indicator.rb

@@ -50,6 +50,9 @@ module Google
           # @!attribute [rw] yara_rule_signature
           #   @return [::Google::Cloud::SecurityCenter::V1::Indicator::ProcessSignature::YaraRuleSignature]
           #     Signature indicating that a YARA rule was matched.
+          # @!attribute [rw] signature_type
+          #   @return [::Google::Cloud::SecurityCenter::V1::Indicator::ProcessSignature::SignatureType]
+          #     Describes the type of resource associated with the signature.
           class ProcessSignature
             include ::Google::Protobuf::MessageExts
             extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -89,6 +92,18 @@ module Google
               include ::Google::Protobuf::MessageExts
               extend ::Google::Protobuf::MessageExts::ClassMethods
             end
+
+            # Possible resource types to be associated with a signature.
+            module SignatureType
+              # The default signature type.
+              SIGNATURE_TYPE_UNSPECIFIED = 0
+
+              # Used for signatures concerning processes.
+              SIGNATURE_TYPE_PROCESS = 1
+
+              # Used for signatures concerning disks.
+              SIGNATURE_TYPE_FILE = 2
+            end
           end
         end
       end

data/proto_docs/google/cloud/securitycenter/v1/kubernetes.rb

@@ -52,6 +52,9 @@ module Google
         #   @return [::Array<::Google::Cloud::SecurityCenter::V1::Kubernetes::AccessReview>]
         #     Provides information on any Kubernetes access reviews (privilege checks)
         #     relevant to the finding.
+        # @!attribute [rw] objects
+        #   @return [::Array<::Google::Cloud::SecurityCenter::V1::Kubernetes::Object>]
+        #     Kubernetes objects related to the finding.
         class Kubernetes
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -205,6 +208,32 @@ module Google
             include ::Google::Protobuf::MessageExts
             extend ::Google::Protobuf::MessageExts::ClassMethods
           end
+
+          # Kubernetes object related to the finding, uniquely identified by GKNN.
+          # Used if the object Kind is not one of Pod, Node, NodePool, Binding, or
+          # AccessReview.
+          # @!attribute [rw] group
+          #   @return [::String]
+          #     Kubernetes object group, such as "policy.k8s.io/v1".
+          # @!attribute [rw] kind
+          #   @return [::String]
+          #     Kubernetes object kind, such as "Namespace".
+          # @!attribute [rw] ns
+          #   @return [::String]
+          #     Kubernetes object namespace. Must be a valid DNS label. Named
+          #     "ns" to avoid collision with C++ namespace keyword. For details see
+          #     https://kubernetes.io/docs/tasks/administer-cluster/namespaces/.
+          # @!attribute [rw] name
+          #   @return [::String]
+          #     Kubernetes object name. For details see
+          #     https://kubernetes.io/docs/concepts/overview/working-with-objects/names/.
+          # @!attribute [rw] containers
+          #   @return [::Array<::Google::Cloud::SecurityCenter::V1::Container>]
+          #     Pod containers associated with this finding, if any.
+          class Object
+            include ::Google::Protobuf::MessageExts
+            extend ::Google::Protobuf::MessageExts::ClassMethods
+          end
         end
       end
     end

data/proto_docs/google/cloud/securitycenter/v1/load_balancer.rb

@@ -0,0 +1,36 @@
+# frozen_string_literal: true
+
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+
+
+module Google
+  module Cloud
+    module SecurityCenter
+      module V1
+        # Contains information related to the load balancer associated with the
+        # finding.
+        # @!attribute [rw] name
+        #   @return [::String]
+        #     The name of the load balancer associated with the finding.
+        class LoadBalancer
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+      end
+    end
+  end
+end

data/proto_docs/google/cloud/securitycenter/v1/log_entry.rb

@@ -0,0 +1,58 @@
+# frozen_string_literal: true
+
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+
+
+module Google
+  module Cloud
+    module SecurityCenter
+      module V1
+        # An individual entry in a log.
+        # @!attribute [rw] cloud_logging_entry
+        #   @return [::Google::Cloud::SecurityCenter::V1::CloudLoggingEntry]
+        #     An individual entry in a log stored in Cloud Logging.
+        class LogEntry
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # Metadata taken from a [Cloud Logging
+        # LogEntry](https://cloud.google.com/logging/docs/reference/v2/rest/v2/LogEntry)
+        # @!attribute [rw] insert_id
+        #   @return [::String]
+        #     A unique identifier for the log entry.
+        # @!attribute [rw] log_id
+        #   @return [::String]
+        #     The type of the log (part of `log_name`. `log_name` is the resource name of
+        #     the log to which this log entry belongs). For example:
+        #     `cloudresourcemanager.googleapis.com/activity`. Note that this field is not
+        #     URL-encoded, unlike the `LOG_ID` field in `LogEntry`.
+        # @!attribute [rw] resource_container
+        #   @return [::String]
+        #     The organization, folder, or project of the monitored resource that
+        #     produced this log entry.
+        # @!attribute [rw] timestamp
+        #   @return [::Google::Protobuf::Timestamp]
+        #     The time the event described by the log entry occurred.
+        class CloudLoggingEntry
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+      end
+    end
+  end
+end

data/proto_docs/google/cloud/securitycenter/v1/mitre_attack.rb

@@ -99,24 +99,28 @@ module Google
 
           # MITRE ATT&CK techniques that can be referenced by SCC findings.
           # See: https://attack.mitre.org/techniques/enterprise/
+          # Next ID: 59
           module Technique
             # Unspecified value.
             TECHNIQUE_UNSPECIFIED = 0
 
-            # T1595
-            ACTIVE_SCANNING = 1
+            # T1036
+            MASQUERADING = 49
 
-            # T1595.001
-            SCANNING_IP_BLOCKS = 2
+            # T1036.005
+            MATCH_LEGITIMATE_NAME_OR_LOCATION = 50
 
-            # T1105
-            INGRESS_TOOL_TRANSFER = 3
+            # T1037
+            BOOT_OR_LOGON_INITIALIZATION_SCRIPTS = 37
 
-            # T1106
-            NATIVE_API = 4
+            # T1037.005
+            STARTUP_ITEMS = 38
 
-            # T1129
-            SHARED_MODULES = 5
+            # T1046
+            NETWORK_SERVICE_DISCOVERY = 32
+
+            # T1057
+            PROCESS_DISCOVERY = 56
 
             # T1059
             COMMAND_AND_SCRIPTING_INTERPRETER = 6
@@ -124,89 +128,155 @@ module Google
             # T1059.004
             UNIX_SHELL = 7
 
-            # T1496
-            RESOURCE_HIJACKING = 8
-
-            # T1090
-            PROXY = 9
+            # T1069
+            PERMISSION_GROUPS_DISCOVERY = 18
 
-            # T1090.002
-            EXTERNAL_PROXY = 10
+            # T1069.003
+            CLOUD_GROUPS = 19
 
-            # T1090.003
-            MULTI_HOP_PROXY = 11
+            # T1071
+            APPLICATION_LAYER_PROTOCOL = 45
 
-            # T1568
-            DYNAMIC_RESOLUTION = 12
+            # T1071.004
+            DNS = 46
 
-            # T1552
-            UNSECURED_CREDENTIALS = 13
+            # T1072
+            SOFTWARE_DEPLOYMENT_TOOLS = 47
 
             # T1078
             VALID_ACCOUNTS = 14
 
+            # T1078.001
+            DEFAULT_ACCOUNTS = 35
+
             # T1078.003
             LOCAL_ACCOUNTS = 15
 
             # T1078.004
             CLOUD_ACCOUNTS = 16
 
-            # T1498
-            NETWORK_DENIAL_OF_SERVICE = 17
-
-            # T1069
-            PERMISSION_GROUPS_DISCOVERY = 18
-
-            # T1069.003
-            CLOUD_GROUPS = 19
+            # T1090
+            PROXY = 9
 
-            # T1567
-            EXFILTRATION_OVER_WEB_SERVICE = 20
+            # T1090.002
+            EXTERNAL_PROXY = 10
 
-            # T1567.002
-            EXFILTRATION_TO_CLOUD_STORAGE = 21
+            # T1090.003
+            MULTI_HOP_PROXY = 11
 
             # T1098
             ACCOUNT_MANIPULATION = 22
 
+            # T1098.001
+            ADDITIONAL_CLOUD_CREDENTIALS = 40
+
             # T1098.004
             SSH_AUTHORIZED_KEYS = 23
 
-            # T1543
-            CREATE_OR_MODIFY_SYSTEM_PROCESS = 24
+            # T1098.006
+            ADDITIONAL_CONTAINER_CLUSTER_ROLES = 58
 
-            # T1539
-            STEAL_WEB_SESSION_COOKIE = 25
+            # T1105
+            INGRESS_TOOL_TRANSFER = 3
 
-            # T1578
-            MODIFY_CLOUD_COMPUTE_INFRASTRUCTURE = 26
+            # T1106
+            NATIVE_API = 4
+
+            # T1110
+            BRUTE_FORCE = 44
+
+            # T1129
+            SHARED_MODULES = 5
+
+            # T1134
+            ACCESS_TOKEN_MANIPULATION = 33
+
+            # T1134.001
+            TOKEN_IMPERSONATION_OR_THEFT = 39
 
             # T1190
             EXPLOIT_PUBLIC_FACING_APPLICATION = 27
 
-            # T1556
-            MODIFY_AUTHENTICATION_PROCESS = 28
+            # T1484
+            DOMAIN_POLICY_MODIFICATION = 30
 
             # T1485
             DATA_DESTRUCTION = 29
 
-            # T1484
-            DOMAIN_POLICY_MODIFICATION = 30
+            # T1489
+            SERVICE_STOP = 52
 
-            # T1562
-            IMPAIR_DEFENSES = 31
+            # T1490
+            INHIBIT_SYSTEM_RECOVERY = 36
 
-            # T1046
-            NETWORK_SERVICE_DISCOVERY = 32
+            # T1496
+            RESOURCE_HIJACKING = 8
 
-            # T1134
-            ACCESS_TOKEN_MANIPULATION = 33
+            # T1498
+            NETWORK_DENIAL_OF_SERVICE = 17
+
+            # T1526
+            CLOUD_SERVICE_DISCOVERY = 48
+
+            # T1528
+            STEAL_APPLICATION_ACCESS_TOKEN = 42
+
+            # T1531
+            ACCOUNT_ACCESS_REMOVAL = 51
+
+            # T1539
+            STEAL_WEB_SESSION_COOKIE = 25
+
+            # T1543
+            CREATE_OR_MODIFY_SYSTEM_PROCESS = 24
 
             # T1548
             ABUSE_ELEVATION_CONTROL_MECHANISM = 34
 
-            # T1078.001
-            DEFAULT_ACCOUNTS = 35
+            # T1552
+            UNSECURED_CREDENTIALS = 13
+
+            # T1556
+            MODIFY_AUTHENTICATION_PROCESS = 28
+
+            # T1562
+            IMPAIR_DEFENSES = 31
+
+            # T1562.001
+            DISABLE_OR_MODIFY_TOOLS = 55
+
+            # T1567
+            EXFILTRATION_OVER_WEB_SERVICE = 20
+
+            # T1567.002
+            EXFILTRATION_TO_CLOUD_STORAGE = 21
+
+            # T1568
+            DYNAMIC_RESOLUTION = 12
+
+            # T1570
+            LATERAL_TOOL_TRANSFER = 41
+
+            # T1578
+            MODIFY_CLOUD_COMPUTE_INFRASTRUCTURE = 26
+
+            # T1578.001
+            CREATE_SNAPSHOT = 54
+
+            # T1580
+            CLOUD_INFRASTRUCTURE_DISCOVERY = 53
+
+            # T1588
+            OBTAIN_CAPABILITIES = 43
+
+            # T1595
+            ACTIVE_SCANNING = 1
+
+            # T1595.001
+            SCANNING_IP_BLOCKS = 2
+
+            # T1613
+            CONTAINER_AND_RESOURCE_DISCOVERY = 57
           end
         end
       end

data/proto_docs/google/cloud/securitycenter/v1/org_policy.rb

@@ -0,0 +1,37 @@
+# frozen_string_literal: true
+
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+
+
+module Google
+  module Cloud
+    module SecurityCenter
+      module V1
+        # Contains information about the org policies associated with the finding.
+        # @!attribute [rw] name
+        #   @return [::String]
+        #     The resource name of the org policy.
+        #     Example:
+        #     "organizations/\\{organization_id}/policies/\\{constraint_name}"
+        class OrgPolicy
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+      end
+    end
+  end
+end

data/proto_docs/google/cloud/securitycenter/v1/source.rb

@@ -49,9 +49,9 @@ module Google
         #     outdated or insecure libraries."
         # @!attribute [rw] canonical_name
         #   @return [::String]
-        #     The canonical name of the finding. It's either
+        #     The canonical name of the finding source. It's either
         #     "organizations/\\{organization_id}/sources/\\{source_id}",
-        #     "folders/\\{folder_id}/sources/\\{source_id}" or
+        #     "folders/\\{folder_id}/sources/\\{source_id}", or
         #     "projects/\\{project_number}/sources/\\{source_id}",
         #     depending on the closest CRM ancestor of the resource associated with the
         #     finding.

data/proto_docs/google/cloud/securitycenter/v1/vulnerability.rb

@@ -26,13 +26,24 @@ module Google
         #   @return [::Google::Cloud::SecurityCenter::V1::Cve]
         #     CVE stands for Common Vulnerabilities and Exposures
         #     (https://cve.mitre.org/about/)
+        # @!attribute [rw] offending_package
+        #   @return [::Google::Cloud::SecurityCenter::V1::Package]
+        #     The offending package is relevant to the finding.
+        # @!attribute [rw] fixed_package
+        #   @return [::Google::Cloud::SecurityCenter::V1::Package]
+        #     The fixed package is relevant to the finding.
+        # @!attribute [rw] security_bulletin
+        #   @return [::Google::Cloud::SecurityCenter::V1::SecurityBulletin]
+        #     The security bulletin is relevant to this finding.
         class Vulnerability
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
         end
 
         # CVE stands for Common Vulnerabilities and Exposures.
-        # More information: https://cve.mitre.org
+        # Information from the [CVE
+        # record](https://www.cve.org/ResourcesSupport/Glossary) that describes this
+        # vulnerability.
         # @!attribute [rw] id
         #   @return [::String]
         #     The unique identifier for the vulnerability. e.g. CVE-2021-34527
@@ -47,9 +58,68 @@ module Google
         # @!attribute [rw] upstream_fix_available
         #   @return [::Boolean]
         #     Whether upstream fix is available for the CVE.
+        # @!attribute [rw] impact
+        #   @return [::Google::Cloud::SecurityCenter::V1::Cve::RiskRating]
+        #     The potential impact of the vulnerability if it was to be exploited.
+        # @!attribute [rw] exploitation_activity
+        #   @return [::Google::Cloud::SecurityCenter::V1::Cve::ExploitationActivity]
+        #     The exploitation activity of the vulnerability in the wild.
+        # @!attribute [rw] observed_in_the_wild
+        #   @return [::Boolean]
+        #     Whether or not the vulnerability has been observed in the wild.
+        # @!attribute [rw] zero_day
+        #   @return [::Boolean]
+        #     Whether or not the vulnerability was zero day when the finding was
+        #     published.
         class Cve
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
+
+          # The possible values of impact of the vulnerability if it was to be
+          # exploited.
+          module RiskRating
+            # Invalid or empty value.
+            RISK_RATING_UNSPECIFIED = 0
+
+            # Exploitation would have little to no security impact.
+            LOW = 1
+
+            # Exploitation would enable attackers to perform activities, or could allow
+            # attackers to have a direct impact, but would require additional steps.
+            MEDIUM = 2
+
+            # Exploitation would enable attackers to have a notable direct impact
+            # without needing to overcome any major mitigating factors.
+            HIGH = 3
+
+            # Exploitation would fundamentally undermine the security of affected
+            # systems, enable actors to perform significant attacks with minimal
+            # effort, with little to no mitigating factors to overcome.
+            CRITICAL = 4
+          end
+
+          # The possible values of exploitation activity of the vulnerability in the
+          # wild.
+          module ExploitationActivity
+            # Invalid or empty value.
+            EXPLOITATION_ACTIVITY_UNSPECIFIED = 0
+
+            # Exploitation has been reported or confirmed to widely occur.
+            WIDE = 1
+
+            # Limited reported or confirmed exploitation activities.
+            CONFIRMED = 2
+
+            # Exploit is publicly available.
+            AVAILABLE = 3
+
+            # No known exploitation activity, but has a high potential for
+            # exploitation.
+            ANTICIPATED = 4
+
+            # No known exploitation activity.
+            NO_KNOWN = 5
+          end
         end
 
         # Additional Links
@@ -223,6 +293,40 @@ module Google
             IMPACT_NONE = 3
           end
         end
+
+        # Package is a generic definition of a package.
+        # @!attribute [rw] package_name
+        #   @return [::String]
+        #     The name of the package where the vulnerability was detected.
+        # @!attribute [rw] cpe_uri
+        #   @return [::String]
+        #     The CPE URI where the vulnerability was detected.
+        # @!attribute [rw] package_type
+        #   @return [::String]
+        #     Type of package, for example, os, maven, or go.
+        # @!attribute [rw] package_version
+        #   @return [::String]
+        #     The version of the package.
+        class Package
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # SecurityBulletin are notifications of vulnerabilities of Google products.
+        # @!attribute [rw] bulletin_id
+        #   @return [::String]
+        #     ID of the bulletin corresponding to the vulnerability.
+        # @!attribute [rw] submission_time
+        #   @return [::Google::Protobuf::Timestamp]
+        #     Submission time of this Security Bulletin.
+        # @!attribute [rw] suggested_upgrade_version
+        #   @return [::String]
+        #     This represents a version that the cluster receiving this notification
+        #     should be upgraded to, based on its current version. For example, 1.15.0
+        class SecurityBulletin
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
       end
     end
   end