google-cloud-security_center-v2 0.a → 0.1.0

data/proto_docs/google/cloud/securitycenter/v2/finding.rb

@@ -0,0 +1,411 @@
+# frozen_string_literal: true
+
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+
+
+module Google
+  module Cloud
+    module SecurityCenter
+      module V2
+        # Security Command Center finding.
+        #
+        # A finding is a record of assessment data like security, risk, health, or
+        # privacy, that is ingested into Security Command Center for presentation,
+        # notification, analysis, policy testing, and enforcement. For example, a
+        # cross-site scripting (XSS) vulnerability in an App Engine application is a
+        # finding.
+        # @!attribute [rw] name
+        #   @return [::String]
+        #     The [relative resource
+        #     name](https://cloud.google.com/apis/design/resource_names#relative_resource_name)
+        #     of the finding. The following list shows some examples:
+        #
+        #     +
+        #     `organizations/{organization_id}/sources/{source_id}/findings/{finding_id}`
+        #     +
+        #     `organizations/{organization_id}/sources/{source_id}/locations/{location_id}/findings/{finding_id}`
+        #     + `folders/{folder_id}/sources/{source_id}/findings/{finding_id}`
+        #     +
+        #     `folders/{folder_id}/sources/{source_id}/locations/{location_id}/findings/{finding_id}`
+        #     + `projects/{project_id}/sources/{source_id}/findings/{finding_id}`
+        #     +
+        #     `projects/{project_id}/sources/{source_id}/locations/{location_id}/findings/{finding_id}`
+        # @!attribute [r] canonical_name
+        #   @return [::String]
+        #     Output only. The canonical name of the finding. The following list shows
+        #     some examples:
+        #
+        #     +
+        #     `organizations/{organization_id}/sources/{source_id}/findings/{finding_id}`
+        #     +
+        #     `organizations/{organization_id}/sources/{source_id}/locations/{location_id}/findings/{finding_id}`
+        #     + `folders/{folder_id}/sources/{source_id}/findings/{finding_id}`
+        #     +
+        #     `folders/{folder_id}/sources/{source_id}/locations/{location_id}/findings/{finding_id}`
+        #     + `projects/{project_id}/sources/{source_id}/findings/{finding_id}`
+        #     +
+        #     `projects/{project_id}/sources/{source_id}/locations/{location_id}/findings/{finding_id}`
+        #
+        #     The prefix is the closest CRM ancestor of the resource associated with the
+        #     finding.
+        # @!attribute [rw] parent
+        #   @return [::String]
+        #     The relative resource name of the source and location the finding belongs
+        #     to. See:
+        #     https://cloud.google.com/apis/design/resource_names#relative_resource_name
+        #     This field is immutable after creation time. The following list shows some
+        #     examples:
+        #
+        #     + `organizations/{organization_id}/sources/{source_id}`
+        #     + `folders/{folders_id}/sources/{source_id}`
+        #     + `projects/{projects_id}/sources/{source_id}`
+        #     +
+        #     `organizations/{organization_id}/sources/{source_id}/locations/{location_id}`
+        #     + `folders/{folders_id}/sources/{source_id}/locations/{location_id}`
+        #     + `projects/{projects_id}/sources/{source_id}/locations/{location_id}`
+        # @!attribute [rw] resource_name
+        #   @return [::String]
+        #     Immutable. For findings on Google Cloud resources, the full resource
+        #     name of the Google Cloud resource this finding is for. See:
+        #     https://cloud.google.com/apis/design/resource_names#full_resource_name
+        #     When the finding is for a non-Google Cloud resource, the resourceName can
+        #     be a customer or partner defined string.
+        # @!attribute [r] state
+        #   @return [::Google::Cloud::SecurityCenter::V2::Finding::State]
+        #     Output only. The state of the finding.
+        # @!attribute [rw] category
+        #   @return [::String]
+        #     Immutable. The additional taxonomy group within findings from a given
+        #     source. Example: "XSS_FLASH_INJECTION"
+        # @!attribute [rw] external_uri
+        #   @return [::String]
+        #     The URI that, if available, points to a web page outside of Security
+        #     Command Center where additional information about the finding can be found.
+        #     This field is guaranteed to be either empty or a well formed URL.
+        # @!attribute [rw] source_properties
+        #   @return [::Google::Protobuf::Map{::String => ::Google::Protobuf::Value}]
+        #     Source specific properties. These properties are managed by the source
+        #     that writes the finding. The key names in the source_properties map must be
+        #     between 1 and 255 characters, and must start with a letter and contain
+        #     alphanumeric characters or underscores only.
+        # @!attribute [r] security_marks
+        #   @return [::Google::Cloud::SecurityCenter::V2::SecurityMarks]
+        #     Output only. User specified security marks. These marks are entirely
+        #     managed by the user and come from the SecurityMarks resource that belongs
+        #     to the finding.
+        # @!attribute [rw] event_time
+        #   @return [::Google::Protobuf::Timestamp]
+        #     The time the finding was first detected. If an existing finding is updated,
+        #     then this is the time the update occurred.
+        #     For example, if the finding represents an open firewall, this property
+        #     captures the time the detector believes the firewall became open. The
+        #     accuracy is determined by the detector. If the finding is later resolved,
+        #     then this time reflects when the finding was resolved. This must not
+        #     be set to a value greater than the current timestamp.
+        # @!attribute [r] create_time
+        #   @return [::Google::Protobuf::Timestamp]
+        #     Output only. The time at which the finding was created in Security Command
+        #     Center.
+        # @!attribute [rw] severity
+        #   @return [::Google::Cloud::SecurityCenter::V2::Finding::Severity]
+        #     The severity of the finding. This field is managed by the source that
+        #     writes the finding.
+        # @!attribute [rw] mute
+        #   @return [::Google::Cloud::SecurityCenter::V2::Finding::Mute]
+        #     Indicates the mute state of a finding (either muted, unmuted
+        #     or undefined). Unlike other attributes of a finding, a finding provider
+        #     shouldn't set the value of mute.
+        # @!attribute [rw] finding_class
+        #   @return [::Google::Cloud::SecurityCenter::V2::Finding::FindingClass]
+        #     The class of the finding.
+        # @!attribute [rw] indicator
+        #   @return [::Google::Cloud::SecurityCenter::V2::Indicator]
+        #     Represents what's commonly known as an *indicator of compromise* (IoC) in
+        #     computer forensics. This is an artifact observed on a network or in an
+        #     operating system that, with high confidence, indicates a computer
+        #     intrusion. For more information, see [Indicator of
+        #     compromise](https://en.wikipedia.org/wiki/Indicator_of_compromise).
+        # @!attribute [rw] vulnerability
+        #   @return [::Google::Cloud::SecurityCenter::V2::Vulnerability]
+        #     Represents vulnerability-specific fields like CVE and CVSS scores.
+        #     CVE stands for Common Vulnerabilities and Exposures
+        #     (https://cve.mitre.org/about/)
+        # @!attribute [r] mute_update_time
+        #   @return [::Google::Protobuf::Timestamp]
+        #     Output only. The most recent time this finding was muted or unmuted.
+        # @!attribute [r] external_systems
+        #   @return [::Google::Protobuf::Map{::String => ::Google::Cloud::SecurityCenter::V2::ExternalSystem}]
+        #     Output only. Third party SIEM/SOAR fields within SCC, contains external
+        #     system information and external system finding fields.
+        # @!attribute [rw] mitre_attack
+        #   @return [::Google::Cloud::SecurityCenter::V2::MitreAttack]
+        #     MITRE ATT&CK tactics and techniques related to this finding.
+        #     See: https://attack.mitre.org
+        # @!attribute [rw] access
+        #   @return [::Google::Cloud::SecurityCenter::V2::Access]
+        #     Access details associated with the finding, such as more information on the
+        #     caller, which method was accessed, and from where.
+        # @!attribute [rw] connections
+        #   @return [::Array<::Google::Cloud::SecurityCenter::V2::Connection>]
+        #     Contains information about the IP connection associated with the finding.
+        # @!attribute [rw] mute_initiator
+        #   @return [::String]
+        #     Records additional information about the mute operation, for example, the
+        #     [mute
+        #     configuration](https://cloud.google.com/security-command-center/docs/how-to-mute-findings)
+        #     that muted the finding and the user who muted the finding.
+        # @!attribute [rw] processes
+        #   @return [::Array<::Google::Cloud::SecurityCenter::V2::Process>]
+        #     Represents operating system processes associated with the Finding.
+        # @!attribute [r] contacts
+        #   @return [::Google::Protobuf::Map{::String => ::Google::Cloud::SecurityCenter::V2::ContactDetails}]
+        #     Output only. Map containing the points of contact for the given finding.
+        #     The key represents the type of contact, while the value contains a list of
+        #     all the contacts that pertain. Please refer to:
+        #     https://cloud.google.com/resource-manager/docs/managing-notification-contacts#notification-categories
+        #
+        #         {
+        #           "security": {
+        #             "contacts": [
+        #               {
+        #                 "email": "person1@company.com"
+        #               },
+        #               {
+        #                 "email": "person2@company.com"
+        #               }
+        #             ]
+        #           }
+        #         }
+        # @!attribute [rw] compliances
+        #   @return [::Array<::Google::Cloud::SecurityCenter::V2::Compliance>]
+        #     Contains compliance information for security standards associated to the
+        #     finding.
+        # @!attribute [r] parent_display_name
+        #   @return [::String]
+        #     Output only. The human readable display name of the finding source such as
+        #     "Event Threat Detection" or "Security Health Analytics".
+        # @!attribute [rw] description
+        #   @return [::String]
+        #     Contains more details about the finding.
+        # @!attribute [rw] exfiltration
+        #   @return [::Google::Cloud::SecurityCenter::V2::Exfiltration]
+        #     Represents exfiltrations associated with the finding.
+        # @!attribute [rw] iam_bindings
+        #   @return [::Array<::Google::Cloud::SecurityCenter::V2::IamBinding>]
+        #     Represents IAM bindings associated with the finding.
+        # @!attribute [rw] next_steps
+        #   @return [::String]
+        #     Steps to address the finding.
+        # @!attribute [rw] module_name
+        #   @return [::String]
+        #     Unique identifier of the module which generated the finding.
+        #     Example:
+        #     folders/598186756061/securityHealthAnalyticsSettings/customModules/56799441161885
+        # @!attribute [rw] containers
+        #   @return [::Array<::Google::Cloud::SecurityCenter::V2::Container>]
+        #     Containers associated with the finding. This field provides information for
+        #     both Kubernetes and non-Kubernetes containers.
+        # @!attribute [rw] kubernetes
+        #   @return [::Google::Cloud::SecurityCenter::V2::Kubernetes]
+        #     Kubernetes resources associated with the finding.
+        # @!attribute [rw] database
+        #   @return [::Google::Cloud::SecurityCenter::V2::Database]
+        #     Database associated with the finding.
+        # @!attribute [rw] attack_exposure
+        #   @return [::Google::Cloud::SecurityCenter::V2::AttackExposure]
+        #     The results of an attack path simulation relevant to this finding.
+        # @!attribute [rw] files
+        #   @return [::Array<::Google::Cloud::SecurityCenter::V2::File>]
+        #     File associated with the finding.
+        # @!attribute [rw] cloud_dlp_inspection
+        #   @return [::Google::Cloud::SecurityCenter::V2::CloudDlpInspection]
+        #     Cloud Data Loss Prevention (Cloud DLP) inspection results that are
+        #     associated with the finding.
+        # @!attribute [rw] cloud_dlp_data_profile
+        #   @return [::Google::Cloud::SecurityCenter::V2::CloudDlpDataProfile]
+        #     Cloud DLP data profile that is associated with the finding.
+        # @!attribute [rw] kernel_rootkit
+        #   @return [::Google::Cloud::SecurityCenter::V2::KernelRootkit]
+        #     Signature of the kernel rootkit.
+        # @!attribute [rw] org_policies
+        #   @return [::Array<::Google::Cloud::SecurityCenter::V2::OrgPolicy>]
+        #     Contains information about the org policies associated with the finding.
+        # @!attribute [rw] application
+        #   @return [::Google::Cloud::SecurityCenter::V2::Application]
+        #     Represents an application associated with the finding.
+        # @!attribute [rw] backup_disaster_recovery
+        #   @return [::Google::Cloud::SecurityCenter::V2::BackupDisasterRecovery]
+        #     Fields related to Backup and DR findings.
+        # @!attribute [rw] security_posture
+        #   @return [::Google::Cloud::SecurityCenter::V2::SecurityPosture]
+        #     The security posture associated with the finding.
+        # @!attribute [rw] log_entries
+        #   @return [::Array<::Google::Cloud::SecurityCenter::V2::LogEntry>]
+        #     Log entries that are relevant to the finding.
+        # @!attribute [rw] load_balancers
+        #   @return [::Array<::Google::Cloud::SecurityCenter::V2::LoadBalancer>]
+        #     The load balancers associated with the finding.
+        class Finding
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+
+          # @!attribute [rw] key
+          #   @return [::String]
+          # @!attribute [rw] value
+          #   @return [::Google::Protobuf::Value]
+          class SourcePropertiesEntry
+            include ::Google::Protobuf::MessageExts
+            extend ::Google::Protobuf::MessageExts::ClassMethods
+          end
+
+          # @!attribute [rw] key
+          #   @return [::String]
+          # @!attribute [rw] value
+          #   @return [::Google::Cloud::SecurityCenter::V2::ExternalSystem]
+          class ExternalSystemsEntry
+            include ::Google::Protobuf::MessageExts
+            extend ::Google::Protobuf::MessageExts::ClassMethods
+          end
+
+          # @!attribute [rw] key
+          #   @return [::String]
+          # @!attribute [rw] value
+          #   @return [::Google::Cloud::SecurityCenter::V2::ContactDetails]
+          class ContactsEntry
+            include ::Google::Protobuf::MessageExts
+            extend ::Google::Protobuf::MessageExts::ClassMethods
+          end
+
+          # The state of the finding.
+          module State
+            # Unspecified state.
+            STATE_UNSPECIFIED = 0
+
+            # The finding requires attention and has not been addressed yet.
+            ACTIVE = 1
+
+            # The finding has been fixed, triaged as a non-issue or otherwise addressed
+            # and is no longer active.
+            INACTIVE = 2
+          end
+
+          # The severity of the finding.
+          module Severity
+            # This value is used for findings when a source doesn't write a severity
+            # value.
+            SEVERITY_UNSPECIFIED = 0
+
+            # Vulnerability:
+            # A critical vulnerability is easily discoverable by an external actor,
+            # exploitable, and results in the direct ability to execute arbitrary code,
+            # exfiltrate data, and otherwise gain additional access and privileges to
+            # cloud resources and workloads. Examples include publicly accessible
+            # unprotected user data and public SSH access with weak or no
+            # passwords.
+            #
+            # Threat:
+            # Indicates a threat that is able to access, modify, or delete data or
+            # execute unauthorized code within existing resources.
+            CRITICAL = 1
+
+            # Vulnerability:
+            # A high risk vulnerability can be easily discovered and exploited in
+            # combination with other vulnerabilities in order to gain direct access and
+            # the ability to execute arbitrary code, exfiltrate data, and otherwise
+            # gain additional access and privileges to cloud resources and workloads.
+            # An example is a database with weak or no passwords that is only
+            # accessible internally. This database could easily be compromised by an
+            # actor that had access to the internal network.
+            #
+            # Threat:
+            # Indicates a threat that is able to create new computational resources in
+            # an environment but not able to access data or execute code in existing
+            # resources.
+            HIGH = 2
+
+            # Vulnerability:
+            # A medium risk vulnerability could be used by an actor to gain access to
+            # resources or privileges that enable them to eventually (through multiple
+            # steps or a complex exploit) gain access and the ability to execute
+            # arbitrary code or exfiltrate data. An example is a service account with
+            # access to more projects than it should have. If an actor gains access to
+            # the service account, they could potentially use that access to manipulate
+            # a project the service account was not intended to.
+            #
+            # Threat:
+            # Indicates a threat that is able to cause operational impact but may not
+            # access data or execute unauthorized code.
+            MEDIUM = 3
+
+            # Vulnerability:
+            # A low risk vulnerability hampers a security organization's ability to
+            # detect vulnerabilities or active threats in their deployment, or prevents
+            # the root cause investigation of security issues. An example is monitoring
+            # and logs being disabled for resource configurations and access.
+            #
+            # Threat:
+            # Indicates a threat that has obtained minimal access to an environment but
+            # is not able to access data, execute code, or create resources.
+            LOW = 4
+          end
+
+          # Mute state a finding can be in.
+          module Mute
+            # Unspecified.
+            MUTE_UNSPECIFIED = 0
+
+            # Finding has been muted.
+            MUTED = 1
+
+            # Finding has been unmuted.
+            UNMUTED = 2
+
+            # Finding has never been muted/unmuted.
+            UNDEFINED = 3
+          end
+
+          # Represents what kind of Finding it is.
+          module FindingClass
+            # Unspecified finding class.
+            FINDING_CLASS_UNSPECIFIED = 0
+
+            # Describes unwanted or malicious activity.
+            THREAT = 1
+
+            # Describes a potential weakness in software that increases risk to
+            # Confidentiality & Integrity & Availability.
+            VULNERABILITY = 2
+
+            # Describes a potential weakness in cloud resource/asset configuration that
+            # increases risk.
+            MISCONFIGURATION = 3
+
+            # Describes a security observation that is for informational purposes.
+            OBSERVATION = 4
+
+            # Describes an error that prevents some SCC functionality.
+            SCC_ERROR = 5
+
+            # Describes a potential security risk due to a change in the security
+            # posture.
+            POSTURE_VIOLATION = 6
+          end
+        end
+      end
+    end
+  end
+end

data/proto_docs/google/cloud/securitycenter/v2/iam_binding.rb

@@ -0,0 +1,56 @@
+# frozen_string_literal: true
+
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+
+
+module Google
+  module Cloud
+    module SecurityCenter
+      module V2
+        # Represents a particular IAM binding, which captures a member's role addition,
+        # removal, or state.
+        # @!attribute [rw] action
+        #   @return [::Google::Cloud::SecurityCenter::V2::IamBinding::Action]
+        #     The action that was performed on a Binding.
+        # @!attribute [rw] role
+        #   @return [::String]
+        #     Role that is assigned to "members".
+        #     For example, "roles/viewer", "roles/editor", or "roles/owner".
+        # @!attribute [rw] member
+        #   @return [::String]
+        #     A single identity requesting access for a Cloud Platform resource, for
+        #     example, "foo@google.com".
+        class IamBinding
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+
+          # The type of action performed on a Binding in a policy.
+          module Action
+            # Unspecified.
+            ACTION_UNSPECIFIED = 0
+
+            # Addition of a Binding.
+            ADD = 1
+
+            # Removal of a Binding.
+            REMOVE = 2
+          end
+        end
+      end
+    end
+  end
+end

data/proto_docs/google/cloud/securitycenter/v2/indicator.rb

@@ -0,0 +1,112 @@
+# frozen_string_literal: true
+
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+
+
+module Google
+  module Cloud
+    module SecurityCenter
+      module V2
+        # Represents what's commonly known as an _indicator of compromise_ (IoC) in
+        # computer forensics. This is an artifact observed on a network or in an
+        # operating system that, with high confidence, indicates a computer intrusion.
+        # For more information, see [Indicator of
+        # compromise](https://en.wikipedia.org/wiki/Indicator_of_compromise).
+        # @!attribute [rw] ip_addresses
+        #   @return [::Array<::String>]
+        #     The list of IP addresses that are associated with the finding.
+        # @!attribute [rw] domains
+        #   @return [::Array<::String>]
+        #     List of domains associated to the Finding.
+        # @!attribute [rw] signatures
+        #   @return [::Array<::Google::Cloud::SecurityCenter::V2::Indicator::ProcessSignature>]
+        #     The list of matched signatures indicating that the given
+        #     process is present in the environment.
+        # @!attribute [rw] uris
+        #   @return [::Array<::String>]
+        #     The list of URIs associated to the Findings.
+        class Indicator
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+
+          # Indicates what signature matched this process.
+          # @!attribute [rw] memory_hash_signature
+          #   @return [::Google::Cloud::SecurityCenter::V2::Indicator::ProcessSignature::MemoryHashSignature]
+          #     Signature indicating that a binary family was matched.
+          # @!attribute [rw] yara_rule_signature
+          #   @return [::Google::Cloud::SecurityCenter::V2::Indicator::ProcessSignature::YaraRuleSignature]
+          #     Signature indicating that a YARA rule was matched.
+          # @!attribute [rw] signature_type
+          #   @return [::Google::Cloud::SecurityCenter::V2::Indicator::ProcessSignature::SignatureType]
+          #     Describes the type of resource associated with the signature.
+          class ProcessSignature
+            include ::Google::Protobuf::MessageExts
+            extend ::Google::Protobuf::MessageExts::ClassMethods
+
+            # A signature corresponding to memory page hashes.
+            # @!attribute [rw] binary_family
+            #   @return [::String]
+            #     The binary family.
+            # @!attribute [rw] detections
+            #   @return [::Array<::Google::Cloud::SecurityCenter::V2::Indicator::ProcessSignature::MemoryHashSignature::Detection>]
+            #     The list of memory hash detections contributing to the binary family
+            #     match.
+            class MemoryHashSignature
+              include ::Google::Protobuf::MessageExts
+              extend ::Google::Protobuf::MessageExts::ClassMethods
+
+              # Memory hash detection contributing to the binary family match.
+              # @!attribute [rw] binary
+              #   @return [::String]
+              #     The name of the binary associated with the memory hash
+              #     signature detection.
+              # @!attribute [rw] percent_pages_matched
+              #   @return [::Float]
+              #     The percentage of memory page hashes in the signature
+              #     that were matched.
+              class Detection
+                include ::Google::Protobuf::MessageExts
+                extend ::Google::Protobuf::MessageExts::ClassMethods
+              end
+            end
+
+            # A signature corresponding to a YARA rule.
+            # @!attribute [rw] yara_rule
+            #   @return [::String]
+            #     The name of the YARA rule.
+            class YaraRuleSignature
+              include ::Google::Protobuf::MessageExts
+              extend ::Google::Protobuf::MessageExts::ClassMethods
+            end
+
+            # Possible resource types to be associated with a signature.
+            module SignatureType
+              # The default signature type.
+              SIGNATURE_TYPE_UNSPECIFIED = 0
+
+              # Used for signatures concerning processes.
+              SIGNATURE_TYPE_PROCESS = 1
+
+              # Used for signatures concerning disks.
+              SIGNATURE_TYPE_FILE = 2
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/proto_docs/google/cloud/securitycenter/v2/kernel_rootkit.rb

@@ -0,0 +1,66 @@
+# frozen_string_literal: true
+
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+
+
+module Google
+  module Cloud
+    module SecurityCenter
+      module V2
+        # Kernel mode rootkit signatures.
+        # @!attribute [rw] name
+        #   @return [::String]
+        #     Rootkit name, when available.
+        # @!attribute [rw] unexpected_code_modification
+        #   @return [::Boolean]
+        #     True if unexpected modifications of kernel code memory are present.
+        # @!attribute [rw] unexpected_read_only_data_modification
+        #   @return [::Boolean]
+        #     True if unexpected modifications of kernel read-only data memory are
+        #     present.
+        # @!attribute [rw] unexpected_ftrace_handler
+        #   @return [::Boolean]
+        #     True if `ftrace` points are present with callbacks pointing to regions
+        #     that are not in the expected kernel or module code range.
+        # @!attribute [rw] unexpected_kprobe_handler
+        #   @return [::Boolean]
+        #     True if `kprobe` points are present with callbacks pointing to regions
+        #     that are not in the expected kernel or module code range.
+        # @!attribute [rw] unexpected_kernel_code_pages
+        #   @return [::Boolean]
+        #     True if kernel code pages that are not in the expected kernel or module
+        #     code regions are present.
+        # @!attribute [rw] unexpected_system_call_handler
+        #   @return [::Boolean]
+        #     True if system call handlers that are are not in the expected kernel or
+        #     module code regions are present.
+        # @!attribute [rw] unexpected_interrupt_handler
+        #   @return [::Boolean]
+        #     True if interrupt handlers that are are not in the expected kernel or
+        #     module code regions are present.
+        # @!attribute [rw] unexpected_processes_in_runqueue
+        #   @return [::Boolean]
+        #     True if unexpected processes in the scheduler run queue are present. Such
+        #     processes are in the run queue, but not in the process task list.
+        class KernelRootkit
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+      end
+    end
+  end
+end