google-cloud-security_center-v1 1.0.0 → 1.1.0

data/proto_docs/google/api/resource.rb

@@ -124,8 +124,13 @@ module Google
     #   @return [::String]
     #     The plural name used in the resource name and permission names, such as
     #     'projects' for the resource name of 'projects/\\{project}' and the permission
-    #     name of 'cloudresourcemanager.googleapis.com/projects.get'. It is the same
-    #     concept of the `plural` field in k8s CRD spec
+    #     name of 'cloudresourcemanager.googleapis.com/projects.get'. One exception
+    #     to this is for Nested Collections that have stuttering names, as defined
+    #     in [AIP-122](https://google.aip.dev/122#nested-collections), where the
+    #     collection ID in the resource name pattern does not necessarily directly
+    #     match the `plural` value.
+    #
+    #     It is the same concept of the `plural` field in k8s CRD spec
     #     https://kubernetes.io/docs/tasks/access-kubernetes-api/custom-resources/custom-resource-definitions/
     #
     #     Note: The plural form is required even for singleton resources. See

data/proto_docs/google/cloud/securitycenter/v1/attack_exposure.rb

@@ -0,0 +1,73 @@
+# frozen_string_literal: true
+
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+
+
+module Google
+  module Cloud
+    module SecurityCenter
+      module V1
+        # An attack exposure contains the results of an attack path simulation run.
+        # @!attribute [rw] score
+        #   @return [::Float]
+        #     A number between 0 (inclusive) and infinity that represents how important
+        #     this finding is to remediate. The higher the score, the more important it
+        #     is to remediate.
+        # @!attribute [rw] latest_calculation_time
+        #   @return [::Google::Protobuf::Timestamp]
+        #     The most recent time the attack exposure was updated on this finding.
+        # @!attribute [rw] attack_exposure_result
+        #   @return [::String]
+        #     The resource name of the attack path simulation result that contains the
+        #     details regarding this attack exposure score.
+        #     Example: `organizations/123/simulations/456/attackExposureResults/789`
+        # @!attribute [rw] state
+        #   @return [::Google::Cloud::SecurityCenter::V1::AttackExposure::State]
+        #     What state this AttackExposure is in. This captures whether or not an
+        #     attack exposure has been calculated or not.
+        # @!attribute [rw] exposed_high_value_resources_count
+        #   @return [::Integer]
+        #     The number of high value resources that are exposed as a result of this
+        #     finding.
+        # @!attribute [rw] exposed_medium_value_resources_count
+        #   @return [::Integer]
+        #     The number of medium value resources that are exposed as a result of this
+        #     finding.
+        # @!attribute [rw] exposed_low_value_resources_count
+        #   @return [::Integer]
+        #     The number of high value resources that are exposed as a result of this
+        #     finding.
+        class AttackExposure
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+
+          # This enum defines the various states an AttackExposure can be in.
+          module State
+            # The state is not specified.
+            STATE_UNSPECIFIED = 0
+
+            # The attack exposure has been calculated.
+            CALCULATED = 1
+
+            # The attack exposure has not been calculated.
+            NOT_CALCULATED = 2
+          end
+        end
+      end
+    end
+  end
+end

data/proto_docs/google/cloud/securitycenter/v1/attack_path.rb

@@ -0,0 +1,147 @@
+# frozen_string_literal: true
+
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+
+
+module Google
+  module Cloud
+    module SecurityCenter
+      module V1
+        # A path that an attacker could take to reach an exposed resource.
+        # @!attribute [rw] name
+        #   @return [::String]
+        #     The attack path name, for example,
+        #      `organizations/12/simulation/34/valuedResources/56/attackPaths/78`
+        # @!attribute [rw] path_nodes
+        #   @return [::Array<::Google::Cloud::SecurityCenter::V1::AttackPath::AttackPathNode>]
+        #     A list of nodes that exist in this attack path.
+        # @!attribute [rw] edges
+        #   @return [::Array<::Google::Cloud::SecurityCenter::V1::AttackPath::AttackPathEdge>]
+        #     A list of the edges between nodes in this attack path.
+        class AttackPath
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+
+          # Represents one point that an attacker passes through in this attack path.
+          # @!attribute [rw] resource
+          #   @return [::String]
+          #     The name of the resource at this point in the attack path.
+          #     The format of the name follows the Cloud Asset Inventory [resource
+          #     name
+          #     format](https://cloud.google.com/asset-inventory/docs/resource-name-format)
+          # @!attribute [rw] resource_type
+          #   @return [::String]
+          #     The [supported resource
+          #     type](https://cloud.google.com/asset-inventory/docs/supported-asset-types)
+          # @!attribute [rw] display_name
+          #   @return [::String]
+          #     Human-readable name of this resource.
+          # @!attribute [rw] associated_findings
+          #   @return [::Array<::Google::Cloud::SecurityCenter::V1::AttackPath::AttackPathNode::PathNodeAssociatedFinding>]
+          #     The findings associated with this node in the attack path.
+          # @!attribute [rw] uuid
+          #   @return [::String]
+          #     Unique id of the attack path node.
+          # @!attribute [rw] attack_steps
+          #   @return [::Array<::Google::Cloud::SecurityCenter::V1::AttackPath::AttackPathNode::AttackStepNode>]
+          #     A list of attack step nodes that exist in this attack path node.
+          class AttackPathNode
+            include ::Google::Protobuf::MessageExts
+            extend ::Google::Protobuf::MessageExts::ClassMethods
+
+            # A finding that is associated with this node in the attack path.
+            # @!attribute [rw] canonical_finding
+            #   @return [::String]
+            #     Canonical name of the associated findings. Example:
+            #     `organizations/123/sources/456/findings/789`
+            # @!attribute [rw] finding_category
+            #   @return [::String]
+            #     The additional taxonomy group within findings from a given source.
+            # @!attribute [rw] name
+            #   @return [::String]
+            #     Full resource name of the finding.
+            class PathNodeAssociatedFinding
+              include ::Google::Protobuf::MessageExts
+              extend ::Google::Protobuf::MessageExts::ClassMethods
+            end
+
+            # Detailed steps the attack can take between path nodes.
+            # @!attribute [rw] uuid
+            #   @return [::String]
+            #     Unique ID for one Node
+            # @!attribute [rw] type
+            #   @return [::Google::Cloud::SecurityCenter::V1::AttackPath::AttackPathNode::NodeType]
+            #     Attack step type. Can be either AND, OR or DEFENSE
+            # @!attribute [rw] display_name
+            #   @return [::String]
+            #     User friendly name of the attack step
+            # @!attribute [rw] labels
+            #   @return [::Google::Protobuf::Map{::String => ::String}]
+            #     Attack step labels for metadata
+            # @!attribute [rw] description
+            #   @return [::String]
+            #     Attack step description
+            class AttackStepNode
+              include ::Google::Protobuf::MessageExts
+              extend ::Google::Protobuf::MessageExts::ClassMethods
+
+              # @!attribute [rw] key
+              #   @return [::String]
+              # @!attribute [rw] value
+              #   @return [::String]
+              class LabelsEntry
+                include ::Google::Protobuf::MessageExts
+                extend ::Google::Protobuf::MessageExts::ClassMethods
+              end
+            end
+
+            # The type of the incoming attack step node.
+            module NodeType
+              # Type not specified
+              NODE_TYPE_UNSPECIFIED = 0
+
+              # Incoming edge joined with AND
+              NODE_TYPE_AND = 1
+
+              # Incoming edge joined with OR
+              NODE_TYPE_OR = 2
+
+              # Incoming edge is defense
+              NODE_TYPE_DEFENSE = 3
+
+              # Incoming edge is attacker
+              NODE_TYPE_ATTACKER = 4
+            end
+          end
+
+          # Represents a connection between a source node and a destination node in
+          # this attack path.
+          # @!attribute [rw] source
+          #   @return [::String]
+          #     The attack node uuid of the source node.
+          # @!attribute [rw] destination
+          #   @return [::String]
+          #     The attack node uuid of the destination node.
+          class AttackPathEdge
+            include ::Google::Protobuf::MessageExts
+            extend ::Google::Protobuf::MessageExts::ClassMethods
+          end
+        end
+      end
+    end
+  end
+end

data/proto_docs/google/cloud/securitycenter/v1/cloud_armor.rb

@@ -43,8 +43,8 @@ module Google
         # @!attribute [rw] threat_vector
         #   @return [::String]
         #     Distinguish between volumetric & protocol DDoS attack and
-        #     application layer attacks. For example, “L3_4” for Layer 3 and Layer 4 DDoS
-        #     attacks, or “L_7” for Layer 7 DDoS attacks.
+        #     application layer attacks. For example, "L3_4" for Layer 3 and Layer 4 DDoS
+        #     attacks, or "L_7" for Layer 7 DDoS attacks.
         # @!attribute [rw] duration
         #   @return [::Google::Protobuf::Duration]
         #     Duration of attack from the start until the current moment (updated every 5
@@ -63,9 +63,9 @@ module Google
         #     "my-security-policy".
         # @!attribute [rw] type
         #   @return [::String]
-        #     The type of Google Cloud Armor security policy for example, ‘backend
-        #     security policy’, ‘edge security policy’, ‘network edge security policy’,
-        #     or ‘always-on DDoS protection’.
+        #     The type of Google Cloud Armor security policy for example, 'backend
+        #     security policy', 'edge security policy', 'network edge security policy',
+        #     or 'always-on DDoS protection'.
         # @!attribute [rw] preview
         #   @return [::Boolean]
         #     Whether or not the associated rule or policy is in preview mode.
@@ -117,7 +117,7 @@ module Google
         #     Total BPS (bytes per second) volume of attack.
         # @!attribute [rw] classification
         #   @return [::String]
-        #     Type of attack, for example, ‘SYN-flood’, ‘NTP-udp’, or ‘CHARGEN-udp’.
+        #     Type of attack, for example, 'SYN-flood', 'NTP-udp', or 'CHARGEN-udp'.
         class Attack
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods

data/proto_docs/google/cloud/securitycenter/v1/effective_event_threat_detection_custom_module.rb

@@ -0,0 +1,77 @@
+# frozen_string_literal: true
+
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+
+
+module Google
+  module Cloud
+    module SecurityCenter
+      module V1
+        # An EffectiveEventThreatDetectionCustomModule is the representation of
+        # an Event Threat Detection custom module at a specified level of the
+        # resource hierarchy: organization, folder, or project. If a custom module is
+        # inherited from a parent organization or folder, the value of the
+        # `enablement_state` property in EffectiveEventThreatDetectionCustomModule is
+        # set to the value that is effective in the parent, instead of `INHERITED`.
+        # For example, if the module is enabled in a parent organization or folder, the
+        # effective `enablement_state` for the module in all child folders or projects
+        # is also `enabled`. EffectiveEventThreatDetectionCustomModule is read-only.
+        # @!attribute [r] name
+        #   @return [::String]
+        #     Output only. The resource name of the effective ETD custom module.
+        #
+        #     Its format is:
+        #
+        #       * `organizations/{organization}/eventThreatDetectionSettings/effectiveCustomModules/{module}`.
+        #       * `folders/{folder}/eventThreatDetectionSettings/effectiveCustomModules/{module}`.
+        #       * `projects/{project}/eventThreatDetectionSettings/effectiveCustomModules/{module}`.
+        # @!attribute [r] config
+        #   @return [::Google::Protobuf::Struct]
+        #     Output only. Config for the effective module.
+        # @!attribute [r] enablement_state
+        #   @return [::Google::Cloud::SecurityCenter::V1::EffectiveEventThreatDetectionCustomModule::EnablementState]
+        #     Output only. The effective state of enablement for the module at the given
+        #     level of the hierarchy.
+        # @!attribute [r] type
+        #   @return [::String]
+        #     Output only. Type for the module. e.g. CONFIGURABLE_BAD_IP.
+        # @!attribute [r] display_name
+        #   @return [::String]
+        #     Output only. The human readable name to be displayed for the module.
+        # @!attribute [r] description
+        #   @return [::String]
+        #     Output only. The description for the module.
+        class EffectiveEventThreatDetectionCustomModule
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+
+          # The enablement state of the module.
+          module EnablementState
+            # Unspecified enablement state.
+            ENABLEMENT_STATE_UNSPECIFIED = 0
+
+            # The module is enabled at the given level.
+            ENABLED = 1
+
+            # The module is disabled at the given level.
+            DISABLED = 2
+          end
+        end
+      end
+    end
+  end
+end

data/proto_docs/google/cloud/securitycenter/v1/event_threat_detection_custom_module.rb

@@ -0,0 +1,88 @@
+# frozen_string_literal: true
+
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+
+
+module Google
+  module Cloud
+    module SecurityCenter
+      module V1
+        # Represents an instance of an Event Threat Detection custom module,
+        # including its full module name, display name, enablement state, and last
+        # updated time. You can create a custom module at the organization, folder, or
+        # project level. Custom modules that you create at the organization or folder
+        # level are inherited by child folders and projects.
+        # @!attribute [rw] name
+        #   @return [::String]
+        #     Immutable. The resource name of the Event Threat Detection custom module.
+        #
+        #     Its format is:
+        #
+        #       * `organizations/{organization}/eventThreatDetectionSettings/customModules/{module}`.
+        #       * `folders/{folder}/eventThreatDetectionSettings/customModules/{module}`.
+        #       * `projects/{project}/eventThreatDetectionSettings/customModules/{module}`.
+        # @!attribute [rw] config
+        #   @return [::Google::Protobuf::Struct]
+        #     Config for the module. For the resident module, its config value is defined
+        #     at this level. For the inherited module, its config value is inherited from
+        #     the ancestor module.
+        # @!attribute [r] ancestor_module
+        #   @return [::String]
+        #     Output only. The closest ancestor module that this module inherits the
+        #     enablement state from. The format is the same as the
+        #     EventThreatDetectionCustomModule resource name.
+        # @!attribute [rw] enablement_state
+        #   @return [::Google::Cloud::SecurityCenter::V1::EventThreatDetectionCustomModule::EnablementState]
+        #     The state of enablement for the module at the given level of the hierarchy.
+        # @!attribute [rw] type
+        #   @return [::String]
+        #     Type for the module. e.g. CONFIGURABLE_BAD_IP.
+        # @!attribute [rw] display_name
+        #   @return [::String]
+        #     The human readable name to be displayed for the module.
+        # @!attribute [rw] description
+        #   @return [::String]
+        #     The description for the module.
+        # @!attribute [r] update_time
+        #   @return [::Google::Protobuf::Timestamp]
+        #     Output only. The time the module was last updated.
+        # @!attribute [r] last_editor
+        #   @return [::String]
+        #     Output only. The editor the module was last updated by.
+        class EventThreatDetectionCustomModule
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+
+          # The enablement state of the module.
+          module EnablementState
+            # Unspecified enablement state.
+            ENABLEMENT_STATE_UNSPECIFIED = 0
+
+            # The module is enabled at the given level.
+            ENABLED = 1
+
+            # The module is disabled at the given level.
+            DISABLED = 2
+
+            # When the enablement state is inherited.
+            INHERITED = 3
+          end
+        end
+      end
+    end
+  end
+end

data/proto_docs/google/cloud/securitycenter/v1/event_threat_detection_custom_module_validation_errors.rb

@@ -0,0 +1,69 @@
+# frozen_string_literal: true
+
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+
+
+module Google
+  module Cloud
+    module SecurityCenter
+      module V1
+        # A list of zero or more errors encountered while validating the uploaded
+        # configuration of an Event Threat Detection Custom Module.
+        # @!attribute [rw] errors
+        #   @return [::Array<::Google::Cloud::SecurityCenter::V1::CustomModuleValidationError>]
+        class CustomModuleValidationErrors
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # An error encountered while validating the uploaded configuration of an
+        # Event Threat Detection Custom Module.
+        # @!attribute [rw] description
+        #   @return [::String]
+        #     A description of the error, suitable for human consumption. Required.
+        # @!attribute [rw] field_path
+        #   @return [::String]
+        #     The path, in RFC 8901 JSON Pointer format, to the field that failed
+        #     validation. This may be left empty if no specific field is affected.
+        # @!attribute [rw] start
+        #   @return [::Google::Cloud::SecurityCenter::V1::Position]
+        #     The initial position of the error in the uploaded text version of the
+        #     module. This field may be omitted if no specific position applies, or if
+        #     one could not be computed.
+        # @!attribute [rw] end
+        #   @return [::Google::Cloud::SecurityCenter::V1::Position]
+        #     The end position of the error in the uploaded text version of the
+        #     module. This field may be omitted if no specific position applies, or if
+        #     one could not be computed..
+        class CustomModuleValidationError
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # A position in the uploaded text version of a module.
+        # @!attribute [rw] line_number
+        #   @return [::Integer]
+        # @!attribute [rw] column_number
+        #   @return [::Integer]
+        class Position
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+      end
+    end
+  end
+end

data/proto_docs/google/cloud/securitycenter/v1/finding.rb

@@ -142,6 +142,9 @@ module Google
         #     Records additional information about the mute operation, for example, the
         #     [mute configuration](/security-command-center/docs/how-to-mute-findings)
         #     that muted the finding and the user who muted the finding.
+        # @!attribute [r] mute_info
+        #   @return [::Google::Cloud::SecurityCenter::V1::Finding::MuteInfo]
+        #     Output only. The mute information regarding this finding.
         # @!attribute [rw] processes
         #   @return [::Array<::Google::Cloud::SecurityCenter::V1::Process>]
         #     Represents operating system processes associated with the Finding.
@@ -199,6 +202,9 @@ module Google
         # @!attribute [rw] database
         #   @return [::Google::Cloud::SecurityCenter::V1::Database]
         #     Database associated with the finding.
+        # @!attribute [rw] attack_exposure
+        #   @return [::Google::Cloud::SecurityCenter::V1::AttackExposure]
+        #     The results of an attack path simulation relevant to this finding.
         # @!attribute [rw] files
         #   @return [::Array<::Google::Cloud::SecurityCenter::V1::File>]
         #     File associated with the finding.
@@ -252,6 +258,50 @@ module Google
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
 
+          # Mute information about the finding, including whether the finding has a
+          # static mute or any matching dynamic mute rules.
+          # @!attribute [rw] static_mute
+          #   @return [::Google::Cloud::SecurityCenter::V1::Finding::MuteInfo::StaticMute]
+          #     If set, the static mute applied to this finding. Static mutes override
+          #     dynamic mutes. If unset, there is no static mute.
+          # @!attribute [rw] dynamic_mute_records
+          #   @return [::Array<::Google::Cloud::SecurityCenter::V1::Finding::MuteInfo::DynamicMuteRecord>]
+          #     The list of dynamic mute rules that currently match the finding.
+          class MuteInfo
+            include ::Google::Protobuf::MessageExts
+            extend ::Google::Protobuf::MessageExts::ClassMethods
+
+            # Information about the static mute state. A static mute state overrides
+            # any dynamic mute rules that apply to this finding. The static mute state
+            # can be set by a static mute rule or by muting the finding directly.
+            # @!attribute [rw] state
+            #   @return [::Google::Cloud::SecurityCenter::V1::Finding::Mute]
+            #     The static mute state. If the value is `MUTED` or `UNMUTED`, then the
+            #     finding's overall mute state will have the same value.
+            # @!attribute [rw] apply_time
+            #   @return [::Google::Protobuf::Timestamp]
+            #     When the static mute was applied.
+            class StaticMute
+              include ::Google::Protobuf::MessageExts
+              extend ::Google::Protobuf::MessageExts::ClassMethods
+            end
+
+            # The record of a dynamic mute rule that matches the finding.
+            # @!attribute [rw] mute_config
+            #   @return [::String]
+            #     The relative resource name of the mute rule, represented by a mute
+            #     config, that created this record, for example
+            #     `organizations/123/muteConfigs/mymuteconfig` or
+            #     `organizations/123/locations/global/muteConfigs/mymuteconfig`.
+            # @!attribute [rw] match_time
+            #   @return [::Google::Protobuf::Timestamp]
+            #     When the dynamic mute rule first matched the finding.
+            class DynamicMuteRecord
+              include ::Google::Protobuf::MessageExts
+              extend ::Google::Protobuf::MessageExts::ClassMethods
+            end
+          end
+
           # @!attribute [rw] key
           #   @return [::String]
           # @!attribute [rw] value

data/proto_docs/google/cloud/securitycenter/v1/mitre_attack.rb

@@ -99,7 +99,7 @@ module Google
 
           # MITRE ATT&CK techniques that can be referenced by SCC findings.
           # See: https://attack.mitre.org/techniques/enterprise/
-          # Next ID: 59
+          # Next ID: 65
           module Technique
             # Unspecified value.
             TECHNIQUE_UNSPECIFIED = 0
@@ -128,12 +128,21 @@ module Google
             # T1059.004
             UNIX_SHELL = 7
 
+            # T1059.006
+            PYTHON = 59
+
+            # T1068
+            EXPLOITATION_FOR_PRIVILEGE_ESCALATION = 63
+
             # T1069
             PERMISSION_GROUPS_DISCOVERY = 18
 
             # T1069.003
             CLOUD_GROUPS = 19
 
+            # T1070.004
+            INDICATOR_REMOVAL_FILE_DELETION = 64
+
             # T1071
             APPLICATION_LAYER_PROTOCOL = 45
 
@@ -275,8 +284,17 @@ module Google
             # T1595.001
             SCANNING_IP_BLOCKS = 2
 
+            # T1609
+            CONTAINER_ADMINISTRATION_COMMAND = 60
+
+            # T1611
+            ESCAPE_TO_HOST = 61
+
             # T1613
             CONTAINER_AND_RESOURCE_DISCOVERY = 57
+
+            # T1649
+            STEAL_OR_FORGE_AUTHENTICATION_CERTIFICATES = 62
           end
         end
       end