google-cloud-security_center-v1 0.4.0 → 0.7.1

data/lib/google/cloud/securitycenter/v1/folder_pb.rb

@@ -0,0 +1,24 @@
+# Generated by the protocol buffer compiler.  DO NOT EDIT!
+# source: google/cloud/securitycenter/v1/folder.proto
+
+require 'google/protobuf'
+
+require 'google/api/annotations_pb'
+Google::Protobuf::DescriptorPool.generated_pool.build do
+  add_file("google/cloud/securitycenter/v1/folder.proto", :syntax => :proto3) do
+    add_message "google.cloud.securitycenter.v1.Folder" do
+      optional :resource_folder, :string, 1
+      optional :resource_folder_display_name, :string, 2
+    end
+  end
+end
+
+module Google
+  module Cloud
+    module SecurityCenter
+      module V1
+        Folder = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.securitycenter.v1.Folder").msgclass
+      end
+    end
+  end
+end

data/lib/google/cloud/securitycenter/v1/notification_config_pb.rb

@@ -3,9 +3,9 @@
 
 require 'google/protobuf'
 
-require 'google/api/annotations_pb'
 require 'google/api/field_behavior_pb'
 require 'google/api/resource_pb'
+require 'google/api/annotations_pb'
 Google::Protobuf::DescriptorPool.generated_pool.build do
   add_file("google/cloud/securitycenter/v1/notification_config.proto", :syntax => :proto3) do
     add_message "google.cloud.securitycenter.v1.NotificationConfig" do

data/lib/google/cloud/securitycenter/v1/notification_message_pb.rb

@@ -3,9 +3,9 @@
 
 require 'google/protobuf'
 
-require 'google/api/annotations_pb'
 require 'google/cloud/securitycenter/v1/finding_pb'
 require 'google/cloud/securitycenter/v1/resource_pb'
+require 'google/api/annotations_pb'
 Google::Protobuf::DescriptorPool.generated_pool.build do
   add_file("google/cloud/securitycenter/v1/notification_message.proto", :syntax => :proto3) do
     add_message "google.cloud.securitycenter.v1.NotificationMessage" do

data/lib/google/cloud/securitycenter/v1/organization_settings_pb.rb

@@ -3,8 +3,8 @@
 
 require 'google/protobuf'
 
-require 'google/api/annotations_pb'
 require 'google/api/resource_pb'
+require 'google/api/annotations_pb'
 Google::Protobuf::DescriptorPool.generated_pool.build do
   add_file("google/cloud/securitycenter/v1/organization_settings.proto", :syntax => :proto3) do
     add_message "google.cloud.securitycenter.v1.OrganizationSettings" do
@@ -15,6 +15,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
     add_message "google.cloud.securitycenter.v1.OrganizationSettings.AssetDiscoveryConfig" do
       repeated :project_ids, :string, 1
       optional :inclusion_mode, :enum, 2, "google.cloud.securitycenter.v1.OrganizationSettings.AssetDiscoveryConfig.InclusionMode"
+      repeated :folder_ids, :string, 3
     end
     add_enum "google.cloud.securitycenter.v1.OrganizationSettings.AssetDiscoveryConfig.InclusionMode" do
       value :INCLUSION_MODE_UNSPECIFIED, 0

data/lib/google/cloud/securitycenter/v1/resource_pb.rb

@@ -3,6 +3,8 @@
 
 require 'google/protobuf'
 
+require 'google/api/field_behavior_pb'
+require 'google/cloud/securitycenter/v1/folder_pb'
 require 'google/api/annotations_pb'
 Google::Protobuf::DescriptorPool.generated_pool.build do
   add_file("google/cloud/securitycenter/v1/resource.proto", :syntax => :proto3) do
@@ -12,6 +14,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
       optional :project_display_name, :string, 3
       optional :parent, :string, 4
       optional :parent_display_name, :string, 5
+      repeated :folders, :message, 7, "google.cloud.securitycenter.v1.Folder"
     end
   end
 end

data/lib/google/cloud/securitycenter/v1/run_asset_discovery_response_pb.rb

@@ -3,8 +3,8 @@
 
 require 'google/protobuf'
 
-require 'google/api/annotations_pb'
 require 'google/protobuf/duration_pb'
+require 'google/api/annotations_pb'
 Google::Protobuf::DescriptorPool.generated_pool.build do
   add_file("google/cloud/securitycenter/v1/run_asset_discovery_response.proto", :syntax => :proto3) do
     add_message "google.cloud.securitycenter.v1.RunAssetDiscoveryResponse" do

data/lib/google/cloud/securitycenter/v1/security_marks_pb.rb

@@ -3,13 +3,14 @@
 
 require 'google/protobuf'
 
-require 'google/api/annotations_pb'
 require 'google/api/resource_pb'
+require 'google/api/annotations_pb'
 Google::Protobuf::DescriptorPool.generated_pool.build do
   add_file("google/cloud/securitycenter/v1/security_marks.proto", :syntax => :proto3) do
     add_message "google.cloud.securitycenter.v1.SecurityMarks" do
       optional :name, :string, 1
       map :marks, :string, :string, 2
+      optional :canonical_name, :string, 3
     end
   end
 end

data/lib/google/cloud/securitycenter/v1/securitycenter_service_pb.rb

@@ -10,6 +10,7 @@ require 'google/api/field_behavior_pb'
 require 'google/api/resource_pb'
 require 'google/cloud/securitycenter/v1/asset_pb'
 require 'google/cloud/securitycenter/v1/finding_pb'
+require 'google/cloud/securitycenter/v1/folder_pb'
 require 'google/cloud/securitycenter/v1/notification_config_pb'
 require 'google/cloud/securitycenter/v1/organization_settings_pb'
 require 'google/cloud/securitycenter/v1/security_marks_pb'
@@ -155,6 +156,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
       optional :project_display_name, :string, 3
       optional :parent_name, :string, 4
       optional :parent_display_name, :string, 5
+      repeated :folders, :message, 7, "google.cloud.securitycenter.v1.Folder"
     end
     add_enum "google.cloud.securitycenter.v1.ListFindingsResponse.ListFindingsResult.StateChange" do
       value :UNUSED, 0

data/lib/google/cloud/securitycenter/v1/securitycenter_service_services_pb.rb

@@ -27,7 +27,7 @@ module Google
           # V1 APIs for Security Center service.
           class Service
 
-            include GRPC::GenericService
+            include ::GRPC::GenericService
 
             self.marshal_class_method = :encode
             self.unmarshal_class_method = :decode
@@ -57,7 +57,9 @@ module Google
             # specified properties.
             #
             # To group across all sources provide a `-` as the source id.
-            # Example: /v1/organizations/{organization_id}/sources/-/findings
+            # Example: /v1/organizations/{organization_id}/sources/-/findings,
+            # /v1/folders/{folder_id}/sources/-/findings,
+            # /v1/projects/{project_id}/sources/-/findings
             rpc :GroupFindings, ::Google::Cloud::SecurityCenter::V1::GroupFindingsRequest, ::Google::Cloud::SecurityCenter::V1::GroupFindingsResponse
             # Lists an organization's assets.
             rpc :ListAssets, ::Google::Cloud::SecurityCenter::V1::ListAssetsRequest, ::Google::Cloud::SecurityCenter::V1::ListAssetsResponse
@@ -86,6 +88,7 @@ module Google
             # Creates or updates a finding. The corresponding source must exist for a
             # finding creation to succeed.
             rpc :UpdateFinding, ::Google::Cloud::SecurityCenter::V1::UpdateFindingRequest, ::Google::Cloud::SecurityCenter::V1::Finding
+            #
             # Updates a notification config. The following update
             # fields are allowed: description, pubsub_topic, streaming_config.filter
             rpc :UpdateNotificationConfig, ::Google::Cloud::SecurityCenter::V1::UpdateNotificationConfigRequest, ::Google::Cloud::SecurityCenter::V1::NotificationConfig

data/lib/google/cloud/securitycenter/v1/source_pb.rb

@@ -3,14 +3,15 @@
 
 require 'google/protobuf'
 
-require 'google/api/annotations_pb'
 require 'google/api/resource_pb'
+require 'google/api/annotations_pb'
 Google::Protobuf::DescriptorPool.generated_pool.build do
   add_file("google/cloud/securitycenter/v1/source.proto", :syntax => :proto3) do
     add_message "google.cloud.securitycenter.v1.Source" do
       optional :name, :string, 1
       optional :display_name, :string, 2
       optional :description, :string, 3
+      optional :canonical_name, :string, 14
     end
   end
 end

data/proto_docs/google/api/field_behavior.rb

@@ -54,6 +54,12 @@ module Google
       # This indicates that the field may be set once in a request to create a
       # resource, but may not be changed thereafter.
       IMMUTABLE = 5
+
+      # Denotes that a (repeated) field is an unordered list.
+      # This indicates that the service may provide the elements of the list
+      # in any arbitrary order, rather than the order the user originally
+      # provided. Additionally, the list's order may or may not be stable.
+      UNORDERED_LIST = 6
     end
   end
 end

data/proto_docs/google/cloud/securitycenter/v1/asset.rb

@@ -51,14 +51,20 @@ module Google
         #     The time at which the asset was created in Security Command Center.
         # @!attribute [rw] update_time
         #   @return [::Google::Protobuf::Timestamp]
-        #     The time at which the asset was last updated, added, or deleted in Security
-        #     Command Center.
+        #     The time at which the asset was last updated or added in Cloud SCC.
         # @!attribute [rw] iam_policy
         #   @return [::Google::Cloud::SecurityCenter::V1::Asset::IamPolicy]
         #     Cloud IAM Policy information associated with the Google Cloud resource
         #     described by the Security Command Center asset. This information is managed
         #     and defined by the Google Cloud resource and cannot be modified by the
         #     user.
+        # @!attribute [rw] canonical_name
+        #   @return [::String]
+        #     The canonical name of the resource. It's either
+        #     "organizations/\\{organization_id}/assets/\\{asset_id}",
+        #     "folders/\\{folder_id}/assets/\\{asset_id}" or
+        #     "projects/\\{project_number}/assets/\\{asset_id}", depending on the closest CRM
+        #     ancestor of the resource.
         class Asset
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -96,6 +102,11 @@ module Google
           # @!attribute [rw] resource_project_display_name
           #   @return [::String]
           #     The user defined display name for the project of this resource.
+          # @!attribute [rw] folders
+          #   @return [::Array<::Google::Cloud::SecurityCenter::V1::Folder>]
+          #     Contains a Folder message for each folder in the assets ancestry.
+          #     The first folder is the deepest nested folder, and the last folder is the
+          #     folder directly under the Organization.
           class SecurityCenterProperties
             include ::Google::Protobuf::MessageExts
             extend ::Google::Protobuf::MessageExts::ClassMethods

data/proto_docs/google/cloud/securitycenter/v1/finding.rb

@@ -79,7 +79,8 @@ module Google
         #     occurred. For example, if the finding represents an open firewall it would
         #     capture the time the detector believes the firewall became open. The
         #     accuracy is determined by the detector. If the finding were to be resolved
-        #     afterward, this time would reflect when the finding was resolved.
+        #     afterward, this time would reflect when the finding was resolved. Must not
+        #     be set to a value greater than the current timestamp.
         # @!attribute [rw] create_time
         #   @return [::Google::Protobuf::Timestamp]
         #     The time at which the finding was created in Security Command Center.
@@ -87,6 +88,14 @@ module Google
         #   @return [::Google::Cloud::SecurityCenter::V1::Finding::Severity]
         #     The severity of the finding. This field is managed by the source that
         #     writes the finding.
+        # @!attribute [rw] canonical_name
+        #   @return [::String]
+        #     The canonical name of the finding. It's either
+        #     "organizations/\\{organization_id}/sources/\\{source_id}/findings/\\{finding_id}",
+        #     "folders/\\{folder_id}/sources/\\{source_id}/findings/\\{finding_id}" or
+        #     "projects/\\{project_number}/sources/\\{source_id}/findings/\\{finding_id}",
+        #     depending on the closest CRM ancestor of the resource associated with the
+        #     finding.
         class Finding
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods

data/proto_docs/google/cloud/securitycenter/v1/folder.rb

@@ -0,0 +1,40 @@
+# frozen_string_literal: true
+
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+
+
+module Google
+  module Cloud
+    module SecurityCenter
+      module V1
+        # Message that contains the resource name and display name of a folder
+        # resource.
+        # @!attribute [rw] resource_folder
+        #   @return [::String]
+        #     Full resource name of this folder. See:
+        #     https://cloud.google.com/apis/design/resource_names#full_resource_name
+        # @!attribute [rw] resource_folder_display_name
+        #   @return [::String]
+        #     The user defined display name for this folder.
+        class Folder
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+      end
+    end
+  end
+end

data/proto_docs/google/cloud/securitycenter/v1/organization_settings.rb

@@ -49,6 +49,10 @@ module Google
           # @!attribute [rw] inclusion_mode
           #   @return [::Google::Cloud::SecurityCenter::V1::OrganizationSettings::AssetDiscoveryConfig::InclusionMode]
           #     The mode to use for filtering asset discovery.
+          # @!attribute [rw] folder_ids
+          #   @return [::Array<::String>]
+          #     The folder ids to use for filtering asset discovery.
+          #     It consists of only digits, e.g., 756619654966.
           class AssetDiscoveryConfig
             include ::Google::Protobuf::MessageExts
             extend ::Google::Protobuf::MessageExts::ClassMethods

data/proto_docs/google/cloud/securitycenter/v1/resource.rb

@@ -38,6 +38,11 @@ module Google
         # @!attribute [rw] parent_display_name
         #   @return [::String]
         #     The human readable name of resource's parent.
+        # @!attribute [r] folders
+        #   @return [::Array<::Google::Cloud::SecurityCenter::V1::Folder>]
+        #     Output only. Contains a Folder message for each folder in the assets ancestry.
+        #     The first folder is the deepest nested folder, and the last folder is the
+        #     folder directly under the Organization.
         class Resource
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods

data/proto_docs/google/cloud/securitycenter/v1/security_marks.rb

@@ -42,6 +42,16 @@ module Google
         #       * Keys must be letters, numbers, underscores, or dashes
         #       * Values have leading and trailing whitespace trimmed, remaining
         #         characters must be between 1 - 4096 characters (inclusive)
+        # @!attribute [rw] canonical_name
+        #   @return [::String]
+        #     The canonical name of the marks.
+        #     Examples:
+        #     "organizations/\\{organization_id}/assets/\\{asset_id}/securityMarks"
+        #     "folders/\\{folder_id}/assets/\\{asset_id}/securityMarks"
+        #     "projects/\\{project_number}/assets/\\{asset_id}/securityMarks"
+        #     "organizations/\\{organization_id}/sources/\\{source_id}/findings/\\{finding_id}/securityMarks"
+        #     "folders/\\{folder_id}/sources/\\{source_id}/findings/\\{finding_id}/securityMarks"
+        #     "projects/\\{project_number}/sources/\\{source_id}/findings/\\{finding_id}/securityMarks"
         class SecurityMarks
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods

data/proto_docs/google/cloud/securitycenter/v1/securitycenter_service.rb

@@ -33,8 +33,8 @@ module Google
         #     greater than 0 characters in length.
         # @!attribute [rw] finding
         #   @return [::Google::Cloud::SecurityCenter::V1::Finding]
-        #     Required. The Finding being created. The name and security_marks will be ignored as
-        #     they are both output only fields on this resource.
+        #     Required. The Finding being created. The name and security_marks will be
+        #     ignored as they are both output only fields on this resource.
         class CreateFindingRequest
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -43,8 +43,8 @@ module Google
         # Request message for creating a notification config.
         # @!attribute [rw] parent
         #   @return [::String]
-        #     Required. Resource name of the new notification config's parent. Its format is
-        #     "organizations/[organization_id]".
+        #     Required. Resource name of the new notification config's parent. Its format
+        #     is "organizations/[organization_id]".
         # @!attribute [rw] config_id
         #   @return [::String]
         #     Required.
@@ -53,8 +53,9 @@ module Google
         #     characters, underscores or hyphens only.
         # @!attribute [rw] notification_config
         #   @return [::Google::Cloud::SecurityCenter::V1::NotificationConfig]
-        #     Required. The notification config being created. The name and the service account
-        #     will be ignored as they are both output only fields on this resource.
+        #     Required. The notification config being created. The name and the service
+        #     account will be ignored as they are both output only fields on this
+        #     resource.
         class CreateNotificationConfigRequest
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -67,8 +68,8 @@ module Google
         #     "organizations/[organization_id]".
         # @!attribute [rw] source
         #   @return [::Google::Cloud::SecurityCenter::V1::Source]
-        #     Required. The Source being created, only the display_name and description will be
-        #     used. All other fields will be ignored.
+        #     Required. The Source being created, only the display_name and description
+        #     will be used. All other fields will be ignored.
         class CreateSourceRequest
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -97,8 +98,8 @@ module Google
         # Request message for getting organization settings.
         # @!attribute [rw] name
         #   @return [::String]
-        #     Required. Name of the organization to get organization settings for. Its format is
-        #     "organizations/[organization_id]/organizationSettings".
+        #     Required. Name of the organization to get organization settings for. Its
+        #     format is "organizations/[organization_id]/organizationSettings".
         class GetOrganizationSettingsRequest
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -118,7 +119,8 @@ module Google
         # @!attribute [rw] parent
         #   @return [::String]
         #     Required. Name of the organization to groupBy. Its format is
-        #     "organizations/[organization_id]".
+        #     "organizations/[organization_id], folders/[folder_id], or
+        #     projects/[project_id]".
         # @!attribute [rw] filter
         #   @return [::String]
         #     Expression that defines the filter to apply across assets.
@@ -185,9 +187,9 @@ module Google
         #     property not existing: `-resource_properties.my_property : ""`
         # @!attribute [rw] group_by
         #   @return [::String]
-        #     Required. Expression that defines what assets fields to use for grouping. The string
-        #     value should follow SQL syntax: comma separated list of fields. For
-        #     example:
+        #     Required. Expression that defines what assets fields to use for grouping.
+        #     The string value should follow SQL syntax: comma separated list of fields.
+        #     For example:
         #     "security_center_properties.resource_project,security_center_properties.project".
         #
         #     The following fields are supported when compare_duration is not set:
@@ -277,9 +279,12 @@ module Google
         # @!attribute [rw] parent
         #   @return [::String]
         #     Required. Name of the source to groupBy. Its format is
-        #     "organizations/[organization_id]/sources/[source_id]". To groupBy across
-        #     all sources provide a source_id of `-`. For example:
-        #     organizations/\\{organization_id}/sources/-
+        #     "organizations/[organization_id]/sources/[source_id]",
+        #     folders/[folder_id]/sources/[source_id], or
+        #     projects/[project_id]/sources/[source_id]. To groupBy across all sources
+        #     provide a source_id of `-`. For example:
+        #     organizations/\\{organization_id}/sources/-, folders/\\{folder_id}/sources/-,
+        #     or projects/\\{project_id}/sources/-
         # @!attribute [rw] filter
         #   @return [::String]
         #     Expression that defines the filter to apply across findings.
@@ -315,28 +320,37 @@ module Google
         #     * category: `=`, `:`
         #     * external_uri: `=`, `:`
         #     * event_time: `=`, `>`, `<`, `>=`, `<=`
-        #     * severity: `=`, `:`
         #
         #       Usage: This should be milliseconds since epoch or an RFC3339 string.
         #       Examples:
         #         `event_time = "2019-06-10T16:07:18-07:00"`
         #         `event_time = 1560208038000`
         #
+        #     * severity: `=`, `:`
+        #     * workflow_state: `=`, `:`
         #     * security_marks.marks: `=`, `:`
         #     * source_properties: `=`, `:`, `>`, `<`, `>=`, `<=`
         #
-        #     For example, `source_properties.size = 100` is a valid filter string.
+        #       For example, `source_properties.size = 100` is a valid filter string.
         #
-        #     Use a partial match on the empty string to filter based on a property
-        #     existing: `source_properties.my_property : ""`
+        #       Use a partial match on the empty string to filter based on a property
+        #       existing: `source_properties.my_property : ""`
         #
-        #     Use a negated partial match on the empty string to filter based on a
-        #     property not existing: `-source_properties.my_property : ""`
+        #       Use a negated partial match on the empty string to filter based on a
+        #       property not existing: `-source_properties.my_property : ""`
+        #
+        #     * resource:
+        #       * resource.name: `=`, `:`
+        #       * resource.parent_name: `=`, `:`
+        #       * resource.parent_display_name: `=`, `:`
+        #       * resource.project_name: `=`, `:`
+        #       * resource.project_display_name: `=`, `:`
+        #       * resource.type: `=`, `:`
         # @!attribute [rw] group_by
         #   @return [::String]
-        #     Required. Expression that defines what assets fields to use for grouping (including
-        #     `state_change`). The string value should follow SQL syntax: comma separated
-        #     list of fields. For example: "parent,resource_name".
+        #     Required. Expression that defines what assets fields to use for grouping
+        #     (including `state_change`). The string value should follow SQL syntax:
+        #     comma separated list of fields. For example: "parent,resource_name".
         #
         #     The following fields are supported:
         #
@@ -481,7 +495,8 @@ module Google
         # @!attribute [rw] parent
         #   @return [::String]
         #     Required. Resource name of the parent of sources to list. Its format should
-        #     be "organizations/[organization_id]".
+        #     be "organizations/[organization_id], folders/[folder_id], or
+        #     projects/[project_id]".
         # @!attribute [rw] page_token
         #   @return [::String]
         #     The value returned by the last `ListSourcesResponse`; indicates
@@ -513,7 +528,8 @@ module Google
         # @!attribute [rw] parent
         #   @return [::String]
         #     Required. Name of the organization assets should belong to. Its format is
-        #     "organizations/[organization_id]".
+        #     "organizations/[organization_id], folders/[folder_id], or
+        #     projects/[project_id]".
         # @!attribute [rw] filter
         #   @return [::String]
         #     Expression that defines the filter to apply across assets.
@@ -707,9 +723,12 @@ module Google
         # @!attribute [rw] parent
         #   @return [::String]
         #     Required. Name of the source the findings belong to. Its format is
-        #     "organizations/[organization_id]/sources/[source_id]". To list across all
-        #     sources provide a source_id of `-`. For example:
-        #     organizations/\\{organization_id}/sources/-
+        #     "organizations/[organization_id]/sources/[source_id],
+        #     folders/[folder_id]/sources/[source_id], or
+        #     projects/[project_id]/sources/[source_id]". To list across all sources
+        #     provide a source_id of `-`. For example:
+        #     organizations/\\{organization_id}/sources/-, folders/\\{folder_id}/sources/- or
+        #     projects/\\{projects_id}/sources/-
         # @!attribute [rw] filter
         #   @return [::String]
         #     Expression that defines the filter to apply across findings.
@@ -745,23 +764,33 @@ module Google
         #     * category: `=`, `:`
         #     * external_uri: `=`, `:`
         #     * event_time: `=`, `>`, `<`, `>=`, `<=`
-        #     * severity: `=`, `:`
         #
         #       Usage: This should be milliseconds since epoch or an RFC3339 string.
         #       Examples:
         #         `event_time = "2019-06-10T16:07:18-07:00"`
         #         `event_time = 1560208038000`
         #
-        #     security_marks.marks: `=`, `:`
-        #     source_properties: `=`, `:`, `>`, `<`, `>=`, `<=`
+        #     * severity: `=`, `:`
+        #     * workflow_state: `=`, `:`
+        #     * security_marks.marks: `=`, `:`
+        #     * source_properties: `=`, `:`, `>`, `<`, `>=`, `<=`
+        #
+        #       For example, `source_properties.size = 100` is a valid filter string.
         #
-        #     For example, `source_properties.size = 100` is a valid filter string.
+        #       Use a partial match on the empty string to filter based on a property
+        #       existing: `source_properties.my_property : ""`
         #
-        #     Use a partial match on the empty string to filter based on a property
-        #     existing: `source_properties.my_property : ""`
+        #       Use a negated partial match on the empty string to filter based on a
+        #       property not existing: `-source_properties.my_property : ""`
         #
-        #     Use a negated partial match on the empty string to filter based on a
-        #     property not existing: `-source_properties.my_property : ""`
+        #     * resource:
+        #       * resource.name: `=`, `:`
+        #       * resource.parent_name: `=`, `:`
+        #       * resource.parent_display_name: `=`, `:`
+        #       * resource.project_name: `=`, `:`
+        #       * resource.project_display_name: `=`, `:`
+        #       * resource.type: `=`, `:`
+        #       * resource.folders.resource_folder: `=`, `:`
         # @!attribute [rw] order_by
         #   @return [::String]
         #     Expression that defines what fields and order to use for sorting. The
@@ -888,6 +917,11 @@ module Google
             # @!attribute [rw] parent_display_name
             #   @return [::String]
             #     The human readable name of resource's parent.
+            # @!attribute [rw] folders
+            #   @return [::Array<::Google::Cloud::SecurityCenter::V1::Folder>]
+            #     Contains a Folder message for each folder in the assets ancestry.
+            #     The first folder is the deepest nested folder, and the last folder is
+            #     the folder directly under the Organization.
             class Resource
               include ::Google::Protobuf::MessageExts
               extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -944,8 +978,8 @@ module Google
         # Request message for running asset discovery for an organization.
         # @!attribute [rw] parent
         #   @return [::String]
-        #     Required. Name of the organization to run asset discovery for. Its format is
-        #     "organizations/[organization_id]".
+        #     Required. Name of the organization to run asset discovery for. Its format
+        #     is "organizations/[organization_id]".
         class RunAssetDiscoveryRequest
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -954,8 +988,8 @@ module Google
         # Request message for updating or creating a finding.
         # @!attribute [rw] finding
         #   @return [::Google::Cloud::SecurityCenter::V1::Finding]
-        #     Required. The finding resource to update or create if it does not already exist.
-        #     parent, security_marks, and update_time will be ignored.
+        #     Required. The finding resource to update or create if it does not already
+        #     exist. parent, security_marks, and update_time will be ignored.
         #
         #     In the case of creation, the finding id portion of the name must be
         #     alphanumeric and less than or equal to 32 characters and greater than 0