google-cloud-security_center-v2 0.a → 0.2.0

data/proto_docs/google/cloud/securitycenter/v2/mitre_attack.rb

@@ -0,0 +1,285 @@
+# frozen_string_literal: true
+
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+
+
+module Google
+  module Cloud
+    module SecurityCenter
+      module V2
+        # MITRE ATT&CK tactics and techniques related to this finding.
+        # See: https://attack.mitre.org
+        # @!attribute [rw] primary_tactic
+        #   @return [::Google::Cloud::SecurityCenter::V2::MitreAttack::Tactic]
+        #     The MITRE ATT&CK tactic most closely represented by this finding, if any.
+        # @!attribute [rw] primary_techniques
+        #   @return [::Array<::Google::Cloud::SecurityCenter::V2::MitreAttack::Technique>]
+        #     The MITRE ATT&CK technique most closely represented by this finding, if
+        #     any. primary_techniques is a repeated field because there are multiple
+        #     levels of MITRE ATT&CK techniques.  If the technique most closely
+        #     represented by this finding is a sub-technique (e.g. `SCANNING_IP_BLOCKS`),
+        #     both the sub-technique and its parent technique(s) will be listed (e.g.
+        #     `SCANNING_IP_BLOCKS`, `ACTIVE_SCANNING`).
+        # @!attribute [rw] additional_tactics
+        #   @return [::Array<::Google::Cloud::SecurityCenter::V2::MitreAttack::Tactic>]
+        #     Additional MITRE ATT&CK tactics related to this finding, if any.
+        # @!attribute [rw] additional_techniques
+        #   @return [::Array<::Google::Cloud::SecurityCenter::V2::MitreAttack::Technique>]
+        #     Additional MITRE ATT&CK techniques related to this finding, if any, along
+        #     with any of their respective parent techniques.
+        # @!attribute [rw] version
+        #   @return [::String]
+        #     The MITRE ATT&CK version referenced by the above fields. E.g. "8".
+        class MitreAttack
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+
+          # MITRE ATT&CK tactics that can be referenced by SCC findings.
+          # See: https://attack.mitre.org/tactics/enterprise/
+          module Tactic
+            # Unspecified value.
+            TACTIC_UNSPECIFIED = 0
+
+            # TA0043
+            RECONNAISSANCE = 1
+
+            # TA0042
+            RESOURCE_DEVELOPMENT = 2
+
+            # TA0001
+            INITIAL_ACCESS = 5
+
+            # TA0002
+            EXECUTION = 3
+
+            # TA0003
+            PERSISTENCE = 6
+
+            # TA0004
+            PRIVILEGE_ESCALATION = 8
+
+            # TA0005
+            DEFENSE_EVASION = 7
+
+            # TA0006
+            CREDENTIAL_ACCESS = 9
+
+            # TA0007
+            DISCOVERY = 10
+
+            # TA0008
+            LATERAL_MOVEMENT = 11
+
+            # TA0009
+            COLLECTION = 12
+
+            # TA0011
+            COMMAND_AND_CONTROL = 4
+
+            # TA0010
+            EXFILTRATION = 13
+
+            # TA0040
+            IMPACT = 14
+          end
+
+          # MITRE ATT&CK techniques that can be referenced by SCC findings.
+          # See: https://attack.mitre.org/techniques/enterprise/
+          # Next ID: 59
+          module Technique
+            # Unspecified value.
+            TECHNIQUE_UNSPECIFIED = 0
+
+            # T1036
+            MASQUERADING = 49
+
+            # T1036.005
+            MATCH_LEGITIMATE_NAME_OR_LOCATION = 50
+
+            # T1037
+            BOOT_OR_LOGON_INITIALIZATION_SCRIPTS = 37
+
+            # T1037.005
+            STARTUP_ITEMS = 38
+
+            # T1046
+            NETWORK_SERVICE_DISCOVERY = 32
+
+            # T1057
+            PROCESS_DISCOVERY = 56
+
+            # T1059
+            COMMAND_AND_SCRIPTING_INTERPRETER = 6
+
+            # T1059.004
+            UNIX_SHELL = 7
+
+            # T1069
+            PERMISSION_GROUPS_DISCOVERY = 18
+
+            # T1069.003
+            CLOUD_GROUPS = 19
+
+            # T1071
+            APPLICATION_LAYER_PROTOCOL = 45
+
+            # T1071.004
+            DNS = 46
+
+            # T1072
+            SOFTWARE_DEPLOYMENT_TOOLS = 47
+
+            # T1078
+            VALID_ACCOUNTS = 14
+
+            # T1078.001
+            DEFAULT_ACCOUNTS = 35
+
+            # T1078.003
+            LOCAL_ACCOUNTS = 15
+
+            # T1078.004
+            CLOUD_ACCOUNTS = 16
+
+            # T1090
+            PROXY = 9
+
+            # T1090.002
+            EXTERNAL_PROXY = 10
+
+            # T1090.003
+            MULTI_HOP_PROXY = 11
+
+            # T1098
+            ACCOUNT_MANIPULATION = 22
+
+            # T1098.001
+            ADDITIONAL_CLOUD_CREDENTIALS = 40
+
+            # T1098.004
+            SSH_AUTHORIZED_KEYS = 23
+
+            # T1098.006
+            ADDITIONAL_CONTAINER_CLUSTER_ROLES = 58
+
+            # T1105
+            INGRESS_TOOL_TRANSFER = 3
+
+            # T1106
+            NATIVE_API = 4
+
+            # T1110
+            BRUTE_FORCE = 44
+
+            # T1129
+            SHARED_MODULES = 5
+
+            # T1134
+            ACCESS_TOKEN_MANIPULATION = 33
+
+            # T1134.001
+            TOKEN_IMPERSONATION_OR_THEFT = 39
+
+            # T1190
+            EXPLOIT_PUBLIC_FACING_APPLICATION = 27
+
+            # T1484
+            DOMAIN_POLICY_MODIFICATION = 30
+
+            # T1485
+            DATA_DESTRUCTION = 29
+
+            # T1489
+            SERVICE_STOP = 52
+
+            # T1490
+            INHIBIT_SYSTEM_RECOVERY = 36
+
+            # T1496
+            RESOURCE_HIJACKING = 8
+
+            # T1498
+            NETWORK_DENIAL_OF_SERVICE = 17
+
+            # T1526
+            CLOUD_SERVICE_DISCOVERY = 48
+
+            # T1528
+            STEAL_APPLICATION_ACCESS_TOKEN = 42
+
+            # T1531
+            ACCOUNT_ACCESS_REMOVAL = 51
+
+            # T1539
+            STEAL_WEB_SESSION_COOKIE = 25
+
+            # T1543
+            CREATE_OR_MODIFY_SYSTEM_PROCESS = 24
+
+            # T1548
+            ABUSE_ELEVATION_CONTROL_MECHANISM = 34
+
+            # T1552
+            UNSECURED_CREDENTIALS = 13
+
+            # T1556
+            MODIFY_AUTHENTICATION_PROCESS = 28
+
+            # T1562
+            IMPAIR_DEFENSES = 31
+
+            # T1562.001
+            DISABLE_OR_MODIFY_TOOLS = 55
+
+            # T1567
+            EXFILTRATION_OVER_WEB_SERVICE = 20
+
+            # T1567.002
+            EXFILTRATION_TO_CLOUD_STORAGE = 21
+
+            # T1568
+            DYNAMIC_RESOLUTION = 12
+
+            # T1570
+            LATERAL_TOOL_TRANSFER = 41
+
+            # T1578
+            MODIFY_CLOUD_COMPUTE_INFRASTRUCTURE = 26
+
+            # T1578.001
+            CREATE_SNAPSHOT = 54
+
+            # T1580
+            CLOUD_INFRASTRUCTURE_DISCOVERY = 53
+
+            # T1588
+            OBTAIN_CAPABILITIES = 43
+
+            # T1595
+            ACTIVE_SCANNING = 1
+
+            # T1595.001
+            SCANNING_IP_BLOCKS = 2
+
+            # T1613
+            CONTAINER_AND_RESOURCE_DISCOVERY = 57
+          end
+        end
+      end
+    end
+  end
+end

data/proto_docs/google/cloud/securitycenter/v2/mute_config.rb

@@ -0,0 +1,100 @@
+# frozen_string_literal: true
+
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+
+
+module Google
+  module Cloud
+    module SecurityCenter
+      module V2
+        # A mute config is a Cloud SCC resource that contains the configuration
+        # to mute create/update events of findings.
+        # @!attribute [rw] name
+        #   @return [::String]
+        #     This field will be ignored if provided on config creation. The following
+        #     list shows some examples of the format:
+        #
+        #     + `organizations/{organization}/muteConfigs/{mute_config}`
+        #     +
+        #     `organizations/{organization}locations/{location}//muteConfigs/{mute_config}`
+        #     + `folders/{folder}/muteConfigs/{mute_config}`
+        #     + `folders/{folder}/locations/{location}/muteConfigs/{mute_config}`
+        #     + `projects/{project}/muteConfigs/{mute_config}`
+        #     + `projects/{project}/locations/{location}/muteConfigs/{mute_config}`
+        # @!attribute [rw] description
+        #   @return [::String]
+        #     A description of the mute config.
+        # @!attribute [rw] filter
+        #   @return [::String]
+        #     Required. An expression that defines the filter to apply across
+        #     create/update events of findings. While creating a filter string, be
+        #     mindful of the scope in which the mute configuration is being created.
+        #     E.g., If a filter contains project = X but is created under the project = Y
+        #     scope, it might not match any findings.
+        #
+        #     The following field and operator combinations are supported:
+        #
+        #     * severity: `=`, `:`
+        #     * category: `=`, `:`
+        #     * resource.name: `=`, `:`
+        #     * resource.project_name: `=`, `:`
+        #     * resource.project_display_name: `=`, `:`
+        #     * resource.folders.resource_folder: `=`, `:`
+        #     * resource.parent_name: `=`, `:`
+        #     * resource.parent_display_name: `=`, `:`
+        #     * resource.type: `=`, `:`
+        #     * finding_class: `=`, `:`
+        #     * indicator.ip_addresses: `=`, `:`
+        #     * indicator.domains: `=`, `:`
+        # @!attribute [r] create_time
+        #   @return [::Google::Protobuf::Timestamp]
+        #     Output only. The time at which the mute config was created.
+        #     This field is set by the server and will be ignored if provided on config
+        #     creation.
+        # @!attribute [r] update_time
+        #   @return [::Google::Protobuf::Timestamp]
+        #     Output only. The most recent time at which the mute config was updated.
+        #     This field is set by the server and will be ignored if provided on config
+        #     creation or update.
+        # @!attribute [r] most_recent_editor
+        #   @return [::String]
+        #     Output only. Email address of the user who last edited the mute config.
+        #     This field is set by the server and will be ignored if provided on config
+        #     creation or update.
+        # @!attribute [rw] type
+        #   @return [::Google::Cloud::SecurityCenter::V2::MuteConfig::MuteConfigType]
+        #     Required. The type of the mute config, which determines what type of mute
+        #     state the config affects. Immutable after creation.
+        class MuteConfig
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+
+          # The type of MuteConfig.
+          module MuteConfigType
+            # Unused.
+            MUTE_CONFIG_TYPE_UNSPECIFIED = 0
+
+            # A static mute config, which sets the static mute state of future matching
+            # findings to muted. Once the static mute state has been set, finding or
+            # config modifications will not affect the state.
+            STATIC = 1
+          end
+        end
+      end
+    end
+  end
+end

data/proto_docs/google/cloud/securitycenter/v2/notification_config.rb

@@ -0,0 +1,90 @@
+# frozen_string_literal: true
+
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+
+
+module Google
+  module Cloud
+    module SecurityCenter
+      module V2
+        # Cloud Security Command Center (Cloud SCC) notification configs.
+        #
+        # A notification config is a Cloud SCC resource that contains the configuration
+        # to send notifications for create/update events of findings, assets and etc.
+        # @!attribute [rw] name
+        #   @return [::String]
+        #     The relative resource name of this notification config. See:
+        #     https://cloud.google.com/apis/design/resource_names#relative_resource_name
+        #     The following list shows some examples:
+        #     +
+        #     `organizations/{organization_id}/locations/{location_id}/notificationConfigs/notify_public_bucket`
+        #     +
+        #     `folders/{folder_id}/locations/{location_id}/notificationConfigs/notify_public_bucket`
+        #     +
+        #     `projects/{project_id}/locations/{location_id}/notificationConfigs/notify_public_bucket`
+        # @!attribute [rw] description
+        #   @return [::String]
+        #     The description of the notification config (max of 1024 characters).
+        # @!attribute [rw] pubsub_topic
+        #   @return [::String]
+        #     The Pub/Sub topic to send notifications to. Its format is
+        #     "projects/[project_id]/topics/[topic]".
+        # @!attribute [r] service_account
+        #   @return [::String]
+        #     Output only. The service account that needs "pubsub.topics.publish"
+        #     permission to publish to the Pub/Sub topic.
+        # @!attribute [rw] streaming_config
+        #   @return [::Google::Cloud::SecurityCenter::V2::NotificationConfig::StreamingConfig]
+        #     The config for triggering streaming-based notifications.
+        class NotificationConfig
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+
+          # The config for streaming-based notifications, which send each event as soon
+          # as it is detected.
+          # @!attribute [rw] filter
+          #   @return [::String]
+          #     Expression that defines the filter to apply across create/update events
+          #     of assets or findings as specified by the event type. The expression is a
+          #     list of zero or more restrictions combined via logical operators `AND`
+          #     and `OR`. Parentheses are supported, and `OR` has higher precedence than
+          #     `AND`.
+          #
+          #     Restrictions have the form `<field> <operator> <value>` and may have a
+          #     `-` character in front of them to indicate negation. The fields map to
+          #     those defined in the corresponding resource.
+          #
+          #     The supported operators are:
+          #
+          #     * `=` for all value types.
+          #     * `>`, `<`, `>=`, `<=` for integer values.
+          #     * `:`, meaning substring matching, for strings.
+          #
+          #     The supported value types are:
+          #
+          #     * string literals in quotes.
+          #     * integer literals without quotes.
+          #     * boolean literals `true` and `false` without quotes.
+          class StreamingConfig
+            include ::Google::Protobuf::MessageExts
+            extend ::Google::Protobuf::MessageExts::ClassMethods
+          end
+        end
+      end
+    end
+  end
+end

data/proto_docs/google/cloud/securitycenter/v2/notification_message.rb

@@ -0,0 +1,42 @@
+# frozen_string_literal: true
+
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+
+
+module Google
+  module Cloud
+    module SecurityCenter
+      module V2
+        # Cloud SCC's Notification
+        # @!attribute [rw] notification_config_name
+        #   @return [::String]
+        #     Name of the notification config that generated current notification.
+        # @!attribute [rw] finding
+        #   @return [::Google::Cloud::SecurityCenter::V2::Finding]
+        #     If it's a Finding based notification config, this field will be
+        #     populated.
+        # @!attribute [rw] resource
+        #   @return [::Google::Cloud::SecurityCenter::V2::Resource]
+        #     The Cloud resource tied to this notification's Finding.
+        class NotificationMessage
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+      end
+    end
+  end
+end

data/proto_docs/google/cloud/securitycenter/v2/org_policy.rb

@@ -0,0 +1,37 @@
+# frozen_string_literal: true
+
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+
+
+module Google
+  module Cloud
+    module SecurityCenter
+      module V2
+        # Contains information about the org policies associated with the finding.
+        # @!attribute [rw] name
+        #   @return [::String]
+        #     The resource name of the org policy.
+        #     Example:
+        #     "organizations/\\{organization_id}/policies/\\{constraint_name}"
+        class OrgPolicy
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+      end
+    end
+  end
+end

data/proto_docs/google/cloud/securitycenter/v2/process.rb

@@ -0,0 +1,79 @@
+# frozen_string_literal: true
+
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+
+
+module Google
+  module Cloud
+    module SecurityCenter
+      module V2
+        # Represents an operating system process.
+        # @!attribute [rw] name
+        #   @return [::String]
+        #     The process name, as displayed in utilities like `top` and `ps`. This name
+        #     can be accessed through `/proc/[pid]/comm` and changed with
+        #     `prctl(PR_SET_NAME)`.
+        # @!attribute [rw] binary
+        #   @return [::Google::Cloud::SecurityCenter::V2::File]
+        #     File information for the process executable.
+        # @!attribute [rw] libraries
+        #   @return [::Array<::Google::Cloud::SecurityCenter::V2::File>]
+        #     File information for libraries loaded by the process.
+        # @!attribute [rw] script
+        #   @return [::Google::Cloud::SecurityCenter::V2::File]
+        #     When the process represents the invocation of a script, `binary` provides
+        #     information about the interpreter, while `script` provides information
+        #     about the script file provided to the interpreter.
+        # @!attribute [rw] args
+        #   @return [::Array<::String>]
+        #     Process arguments as JSON encoded strings.
+        # @!attribute [rw] arguments_truncated
+        #   @return [::Boolean]
+        #     True if `args` is incomplete.
+        # @!attribute [rw] env_variables
+        #   @return [::Array<::Google::Cloud::SecurityCenter::V2::EnvironmentVariable>]
+        #     Process environment variables.
+        # @!attribute [rw] env_variables_truncated
+        #   @return [::Boolean]
+        #     True if `env_variables` is incomplete.
+        # @!attribute [rw] pid
+        #   @return [::Integer]
+        #     The process ID.
+        # @!attribute [rw] parent_pid
+        #   @return [::Integer]
+        #     The parent process ID.
+        class Process
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # A name-value pair representing an environment variable used in an operating
+        # system process.
+        # @!attribute [rw] name
+        #   @return [::String]
+        #     Environment variable name as a JSON encoded string.
+        # @!attribute [rw] val
+        #   @return [::String]
+        #     Environment variable value as a JSON encoded string.
+        class EnvironmentVariable
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+      end
+    end
+  end
+end

data/proto_docs/google/cloud/securitycenter/v2/resource.rb

@@ -0,0 +1,42 @@
+# frozen_string_literal: true
+
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+
+
+module Google
+  module Cloud
+    module SecurityCenter
+      module V2
+        # Information related to the Google Cloud resource.
+        # @!attribute [rw] name
+        #   @return [::String]
+        #     The full resource name of the resource. See:
+        #     https://cloud.google.com/apis/design/resource_names#full_resource_name
+        # @!attribute [rw] display_name
+        #   @return [::String]
+        #     The human readable name of the resource.
+        # @!attribute [rw] type
+        #   @return [::String]
+        #     The full resource type of the resource.
+        class Resource
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+      end
+    end
+  end
+end