google-cloud-security_center-v1 0.6.0 → 0.8.0

data/lib/google/cloud/security_center/v1/version.rb

@@ -21,7 +21,7 @@ module Google
   module Cloud
     module SecurityCenter
       module V1
-        VERSION = "0.6.0"
+        VERSION = "0.8.0"
       end
     end
   end

data/lib/google/cloud/securitycenter/v1/asset_pb.rb

@@ -3,11 +3,12 @@
 
 require 'google/protobuf'
 
-require 'google/api/annotations_pb'
 require 'google/api/resource_pb'
+require 'google/cloud/securitycenter/v1/folder_pb'
 require 'google/cloud/securitycenter/v1/security_marks_pb'
 require 'google/protobuf/struct_pb'
 require 'google/protobuf/timestamp_pb'
+require 'google/api/annotations_pb'
 Google::Protobuf::DescriptorPool.generated_pool.build do
   add_file("google/cloud/securitycenter/v1/asset.proto", :syntax => :proto3) do
     add_message "google.cloud.securitycenter.v1.Asset" do
@@ -18,6 +19,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
       optional :create_time, :message, 9, "google.protobuf.Timestamp"
       optional :update_time, :message, 10, "google.protobuf.Timestamp"
       optional :iam_policy, :message, 11, "google.cloud.securitycenter.v1.Asset.IamPolicy"
+      optional :canonical_name, :string, 13
     end
     add_message "google.cloud.securitycenter.v1.Asset.SecurityCenterProperties" do
       optional :resource_name, :string, 1
@@ -28,6 +30,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
       optional :resource_display_name, :string, 6
       optional :resource_parent_display_name, :string, 7
       optional :resource_project_display_name, :string, 8
+      repeated :folders, :message, 10, "google.cloud.securitycenter.v1.Folder"
     end
     add_message "google.cloud.securitycenter.v1.Asset.IamPolicy" do
       optional :policy_blob, :string, 1

data/lib/google/cloud/securitycenter/v1/finding_pb.rb

@@ -3,12 +3,13 @@
 
 require 'google/protobuf'
 
-require 'google/api/annotations_pb'
 require 'google/api/field_behavior_pb'
 require 'google/api/resource_pb'
+require 'google/cloud/securitycenter/v1/indicator_pb'
 require 'google/cloud/securitycenter/v1/security_marks_pb'
 require 'google/protobuf/struct_pb'
 require 'google/protobuf/timestamp_pb'
+require 'google/api/annotations_pb'
 Google::Protobuf::DescriptorPool.generated_pool.build do
   add_file("google/cloud/securitycenter/v1/finding.proto", :syntax => :proto3) do
     add_message "google.cloud.securitycenter.v1.Finding" do
@@ -23,6 +24,9 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
       optional :event_time, :message, 9, "google.protobuf.Timestamp"
       optional :create_time, :message, 10, "google.protobuf.Timestamp"
       optional :severity, :enum, 12, "google.cloud.securitycenter.v1.Finding.Severity"
+      optional :canonical_name, :string, 14
+      optional :finding_class, :enum, 17, "google.cloud.securitycenter.v1.Finding.FindingClass"
+      optional :indicator, :message, 18, "google.cloud.securitycenter.v1.Indicator"
     end
     add_enum "google.cloud.securitycenter.v1.Finding.State" do
       value :STATE_UNSPECIFIED, 0
@@ -36,6 +40,13 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
       value :MEDIUM, 3
       value :LOW, 4
     end
+    add_enum "google.cloud.securitycenter.v1.Finding.FindingClass" do
+      value :FINDING_CLASS_UNSPECIFIED, 0
+      value :THREAT, 1
+      value :VULNERABILITY, 2
+      value :MISCONFIGURATION, 3
+      value :OBSERVATION, 4
+    end
   end
 end
 
@@ -46,6 +57,7 @@ module Google
         Finding = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.securitycenter.v1.Finding").msgclass
         Finding::State = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.securitycenter.v1.Finding.State").enummodule
         Finding::Severity = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.securitycenter.v1.Finding.Severity").enummodule
+        Finding::FindingClass = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.securitycenter.v1.Finding.FindingClass").enummodule
       end
     end
   end

data/lib/google/cloud/securitycenter/v1/folder_pb.rb

@@ -0,0 +1,24 @@
+# Generated by the protocol buffer compiler.  DO NOT EDIT!
+# source: google/cloud/securitycenter/v1/folder.proto
+
+require 'google/protobuf'
+
+require 'google/api/annotations_pb'
+Google::Protobuf::DescriptorPool.generated_pool.build do
+  add_file("google/cloud/securitycenter/v1/folder.proto", :syntax => :proto3) do
+    add_message "google.cloud.securitycenter.v1.Folder" do
+      optional :resource_folder, :string, 1
+      optional :resource_folder_display_name, :string, 2
+    end
+  end
+end
+
+module Google
+  module Cloud
+    module SecurityCenter
+      module V1
+        Folder = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.securitycenter.v1.Folder").msgclass
+      end
+    end
+  end
+end

data/lib/google/cloud/securitycenter/v1/indicator_pb.rb

@@ -0,0 +1,24 @@
+# Generated by the protocol buffer compiler.  DO NOT EDIT!
+# source: google/cloud/securitycenter/v1/indicator.proto
+
+require 'google/protobuf'
+
+require 'google/api/annotations_pb'
+Google::Protobuf::DescriptorPool.generated_pool.build do
+  add_file("google/cloud/securitycenter/v1/indicator.proto", :syntax => :proto3) do
+    add_message "google.cloud.securitycenter.v1.Indicator" do
+      repeated :ip_addresses, :string, 1
+      repeated :domains, :string, 2
+    end
+  end
+end
+
+module Google
+  module Cloud
+    module SecurityCenter
+      module V1
+        Indicator = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.securitycenter.v1.Indicator").msgclass
+      end
+    end
+  end
+end

data/lib/google/cloud/securitycenter/v1/notification_config_pb.rb

@@ -3,9 +3,9 @@
 
 require 'google/protobuf'
 
-require 'google/api/annotations_pb'
 require 'google/api/field_behavior_pb'
 require 'google/api/resource_pb'
+require 'google/api/annotations_pb'
 Google::Protobuf::DescriptorPool.generated_pool.build do
   add_file("google/cloud/securitycenter/v1/notification_config.proto", :syntax => :proto3) do
     add_message "google.cloud.securitycenter.v1.NotificationConfig" do

data/lib/google/cloud/securitycenter/v1/notification_message_pb.rb

@@ -3,9 +3,9 @@
 
 require 'google/protobuf'
 
-require 'google/api/annotations_pb'
 require 'google/cloud/securitycenter/v1/finding_pb'
 require 'google/cloud/securitycenter/v1/resource_pb'
+require 'google/api/annotations_pb'
 Google::Protobuf::DescriptorPool.generated_pool.build do
   add_file("google/cloud/securitycenter/v1/notification_message.proto", :syntax => :proto3) do
     add_message "google.cloud.securitycenter.v1.NotificationMessage" do

data/lib/google/cloud/securitycenter/v1/organization_settings_pb.rb

@@ -3,8 +3,8 @@
 
 require 'google/protobuf'
 
-require 'google/api/annotations_pb'
 require 'google/api/resource_pb'
+require 'google/api/annotations_pb'
 Google::Protobuf::DescriptorPool.generated_pool.build do
   add_file("google/cloud/securitycenter/v1/organization_settings.proto", :syntax => :proto3) do
     add_message "google.cloud.securitycenter.v1.OrganizationSettings" do
@@ -15,6 +15,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
     add_message "google.cloud.securitycenter.v1.OrganizationSettings.AssetDiscoveryConfig" do
       repeated :project_ids, :string, 1
       optional :inclusion_mode, :enum, 2, "google.cloud.securitycenter.v1.OrganizationSettings.AssetDiscoveryConfig.InclusionMode"
+      repeated :folder_ids, :string, 3
     end
     add_enum "google.cloud.securitycenter.v1.OrganizationSettings.AssetDiscoveryConfig.InclusionMode" do
       value :INCLUSION_MODE_UNSPECIFIED, 0

data/lib/google/cloud/securitycenter/v1/resource_pb.rb

@@ -3,6 +3,8 @@
 
 require 'google/protobuf'
 
+require 'google/api/field_behavior_pb'
+require 'google/cloud/securitycenter/v1/folder_pb'
 require 'google/api/annotations_pb'
 Google::Protobuf::DescriptorPool.generated_pool.build do
   add_file("google/cloud/securitycenter/v1/resource.proto", :syntax => :proto3) do
@@ -12,6 +14,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
       optional :project_display_name, :string, 3
       optional :parent, :string, 4
       optional :parent_display_name, :string, 5
+      repeated :folders, :message, 7, "google.cloud.securitycenter.v1.Folder"
     end
   end
 end

data/lib/google/cloud/securitycenter/v1/run_asset_discovery_response_pb.rb

@@ -3,8 +3,8 @@
 
 require 'google/protobuf'
 
-require 'google/api/annotations_pb'
 require 'google/protobuf/duration_pb'
+require 'google/api/annotations_pb'
 Google::Protobuf::DescriptorPool.generated_pool.build do
   add_file("google/cloud/securitycenter/v1/run_asset_discovery_response.proto", :syntax => :proto3) do
     add_message "google.cloud.securitycenter.v1.RunAssetDiscoveryResponse" do

data/lib/google/cloud/securitycenter/v1/security_marks_pb.rb

@@ -3,13 +3,14 @@
 
 require 'google/protobuf'
 
-require 'google/api/annotations_pb'
 require 'google/api/resource_pb'
+require 'google/api/annotations_pb'
 Google::Protobuf::DescriptorPool.generated_pool.build do
   add_file("google/cloud/securitycenter/v1/security_marks.proto", :syntax => :proto3) do
     add_message "google.cloud.securitycenter.v1.SecurityMarks" do
       optional :name, :string, 1
       map :marks, :string, :string, 2
+      optional :canonical_name, :string, 3
     end
   end
 end

data/lib/google/cloud/securitycenter/v1/securitycenter_service_pb.rb

@@ -10,6 +10,7 @@ require 'google/api/field_behavior_pb'
 require 'google/api/resource_pb'
 require 'google/cloud/securitycenter/v1/asset_pb'
 require 'google/cloud/securitycenter/v1/finding_pb'
+require 'google/cloud/securitycenter/v1/folder_pb'
 require 'google/cloud/securitycenter/v1/notification_config_pb'
 require 'google/cloud/securitycenter/v1/organization_settings_pb'
 require 'google/cloud/securitycenter/v1/security_marks_pb'
@@ -155,6 +156,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
       optional :project_display_name, :string, 3
       optional :parent_name, :string, 4
       optional :parent_display_name, :string, 5
+      repeated :folders, :message, 7, "google.cloud.securitycenter.v1.Folder"
     end
     add_enum "google.cloud.securitycenter.v1.ListFindingsResponse.ListFindingsResult.StateChange" do
       value :UNUSED, 0

data/lib/google/cloud/securitycenter/v1/securitycenter_service_services_pb.rb

@@ -57,7 +57,9 @@ module Google
             # specified properties.
             #
             # To group across all sources provide a `-` as the source id.
-            # Example: /v1/organizations/{organization_id}/sources/-/findings
+            # Example: /v1/organizations/{organization_id}/sources/-/findings,
+            # /v1/folders/{folder_id}/sources/-/findings,
+            # /v1/projects/{project_id}/sources/-/findings
             rpc :GroupFindings, ::Google::Cloud::SecurityCenter::V1::GroupFindingsRequest, ::Google::Cloud::SecurityCenter::V1::GroupFindingsResponse
             # Lists an organization's assets.
             rpc :ListAssets, ::Google::Cloud::SecurityCenter::V1::ListAssetsRequest, ::Google::Cloud::SecurityCenter::V1::ListAssetsResponse
@@ -86,6 +88,7 @@ module Google
             # Creates or updates a finding. The corresponding source must exist for a
             # finding creation to succeed.
             rpc :UpdateFinding, ::Google::Cloud::SecurityCenter::V1::UpdateFindingRequest, ::Google::Cloud::SecurityCenter::V1::Finding
+            #
             # Updates a notification config. The following update
             # fields are allowed: description, pubsub_topic, streaming_config.filter
             rpc :UpdateNotificationConfig, ::Google::Cloud::SecurityCenter::V1::UpdateNotificationConfigRequest, ::Google::Cloud::SecurityCenter::V1::NotificationConfig

data/lib/google/cloud/securitycenter/v1/source_pb.rb

@@ -3,14 +3,15 @@
 
 require 'google/protobuf'
 
-require 'google/api/annotations_pb'
 require 'google/api/resource_pb'
+require 'google/api/annotations_pb'
 Google::Protobuf::DescriptorPool.generated_pool.build do
   add_file("google/cloud/securitycenter/v1/source.proto", :syntax => :proto3) do
     add_message "google.cloud.securitycenter.v1.Source" do
       optional :name, :string, 1
       optional :display_name, :string, 2
       optional :description, :string, 3
+      optional :canonical_name, :string, 14
     end
   end
 end

data/proto_docs/google/api/field_behavior.rb

@@ -57,9 +57,15 @@ module Google
 
       # Denotes that a (repeated) field is an unordered list.
       # This indicates that the service may provide the elements of the list
-      # in any arbitrary order, rather than the order the user originally
+      # in any arbitrary  order, rather than the order the user originally
       # provided. Additionally, the list's order may or may not be stable.
       UNORDERED_LIST = 6
+
+      # Denotes that this field returns a non-empty default value if not set.
+      # This indicates that if the user provides the empty value in a request,
+      # a non-empty value will be returned. The user will not be aware of what
+      # non-empty value to expect.
+      NON_EMPTY_DEFAULT = 7
     end
   end
 end

data/proto_docs/google/cloud/securitycenter/v1/asset.rb

@@ -51,14 +51,20 @@ module Google
         #     The time at which the asset was created in Security Command Center.
         # @!attribute [rw] update_time
         #   @return [::Google::Protobuf::Timestamp]
-        #     The time at which the asset was last updated, added, or deleted in Security
-        #     Command Center.
+        #     The time at which the asset was last updated or added in Cloud SCC.
         # @!attribute [rw] iam_policy
         #   @return [::Google::Cloud::SecurityCenter::V1::Asset::IamPolicy]
         #     Cloud IAM Policy information associated with the Google Cloud resource
         #     described by the Security Command Center asset. This information is managed
         #     and defined by the Google Cloud resource and cannot be modified by the
         #     user.
+        # @!attribute [rw] canonical_name
+        #   @return [::String]
+        #     The canonical name of the resource. It's either
+        #     "organizations/\\{organization_id}/assets/\\{asset_id}",
+        #     "folders/\\{folder_id}/assets/\\{asset_id}" or
+        #     "projects/\\{project_number}/assets/\\{asset_id}", depending on the closest CRM
+        #     ancestor of the resource.
         class Asset
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -96,6 +102,11 @@ module Google
           # @!attribute [rw] resource_project_display_name
           #   @return [::String]
           #     The user defined display name for the project of this resource.
+          # @!attribute [rw] folders
+          #   @return [::Array<::Google::Cloud::SecurityCenter::V1::Folder>]
+          #     Contains a Folder message for each folder in the assets ancestry.
+          #     The first folder is the deepest nested folder, and the last folder is the
+          #     folder directly under the Organization.
           class SecurityCenterProperties
             include ::Google::Protobuf::MessageExts
             extend ::Google::Protobuf::MessageExts::ClassMethods

data/proto_docs/google/cloud/securitycenter/v1/finding.rb

@@ -79,7 +79,8 @@ module Google
         #     occurred. For example, if the finding represents an open firewall it would
         #     capture the time the detector believes the firewall became open. The
         #     accuracy is determined by the detector. If the finding were to be resolved
-        #     afterward, this time would reflect when the finding was resolved.
+        #     afterward, this time would reflect when the finding was resolved. Must not
+        #     be set to a value greater than the current timestamp.
         # @!attribute [rw] create_time
         #   @return [::Google::Protobuf::Timestamp]
         #     The time at which the finding was created in Security Command Center.
@@ -87,6 +88,24 @@ module Google
         #   @return [::Google::Cloud::SecurityCenter::V1::Finding::Severity]
         #     The severity of the finding. This field is managed by the source that
         #     writes the finding.
+        # @!attribute [rw] canonical_name
+        #   @return [::String]
+        #     The canonical name of the finding. It's either
+        #     "organizations/\\{organization_id}/sources/\\{source_id}/findings/\\{finding_id}",
+        #     "folders/\\{folder_id}/sources/\\{source_id}/findings/\\{finding_id}" or
+        #     "projects/\\{project_number}/sources/\\{source_id}/findings/\\{finding_id}",
+        #     depending on the closest CRM ancestor of the resource associated with the
+        #     finding.
+        # @!attribute [rw] finding_class
+        #   @return [::Google::Cloud::SecurityCenter::V1::Finding::FindingClass]
+        #     The class of the finding.
+        # @!attribute [rw] indicator
+        #   @return [::Google::Cloud::SecurityCenter::V1::Indicator]
+        #     Represents what's commonly known as an Indicator of compromise (IoC) in
+        #     computer forensics. This is an artifact observed on a network or in an
+        #     operating system that, with high confidence, indicates a computer
+        #     intrusion.
+        #     Reference: https://en.wikipedia.org/wiki/Indicator_of_compromise
         class Finding
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -171,6 +190,26 @@ module Google
             # is not able to access data, execute code, or create resources.
             LOW = 4
           end
+
+          # Represents what kind of Finding it is.
+          module FindingClass
+            # Unspecified finding class.
+            FINDING_CLASS_UNSPECIFIED = 0
+
+            # Describes unwanted or malicious activity.
+            THREAT = 1
+
+            # Describes a potential weakness in software that increases risk to
+            # Confidentiality & Integrity & Availability.
+            VULNERABILITY = 2
+
+            # Describes a potential weakness in cloud resource/asset configuration that
+            # increases risk.
+            MISCONFIGURATION = 3
+
+            # Describes a security observation that is for informational purposes.
+            OBSERVATION = 4
+          end
         end
       end
     end

data/proto_docs/google/cloud/securitycenter/v1/folder.rb

@@ -0,0 +1,40 @@
+# frozen_string_literal: true
+
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+
+
+module Google
+  module Cloud
+    module SecurityCenter
+      module V1
+        # Message that contains the resource name and display name of a folder
+        # resource.
+        # @!attribute [rw] resource_folder
+        #   @return [::String]
+        #     Full resource name of this folder. See:
+        #     https://cloud.google.com/apis/design/resource_names#full_resource_name
+        # @!attribute [rw] resource_folder_display_name
+        #   @return [::String]
+        #     The user defined display name for this folder.
+        class Folder
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+      end
+    end
+  end
+end

data/proto_docs/google/cloud/securitycenter/v1/indicator.rb

@@ -0,0 +1,41 @@
+# frozen_string_literal: true
+
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+
+
+module Google
+  module Cloud
+    module SecurityCenter
+      module V1
+        # Represents what's commonly known as an Indicator of compromise (IoC) in
+        # computer forensics. This is an artifact observed on a network or in an
+        # operating system that, with high confidence, indicates a computer intrusion.
+        # Reference: https://en.wikipedia.org/wiki/Indicator_of_compromise
+        # @!attribute [rw] ip_addresses
+        #   @return [::Array<::String>]
+        #     List of ip addresses associated to the Finding.
+        # @!attribute [rw] domains
+        #   @return [::Array<::String>]
+        #     List of domains associated to the Finding.
+        class Indicator
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+      end
+    end
+  end
+end