google-cloud-security_center-v2 1.2.0 → 1.3.0

data/proto_docs/google/cloud/securitycenter/v2/ip_rules.rb

@@ -0,0 +1,122 @@
+# frozen_string_literal: true
+
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+
+
+module Google
+  module Cloud
+    module SecurityCenter
+      module V2
+        # IP rules associated with the finding.
+        # @!attribute [rw] direction
+        #   @return [::Google::Cloud::SecurityCenter::V2::IpRules::Direction]
+        #     The direction that the rule is applicable to, one of ingress or egress.
+        # @!attribute [rw] allowed
+        #   @return [::Google::Cloud::SecurityCenter::V2::Allowed]
+        #     Tuple with allowed rules.
+        #
+        #     Note: The following fields are mutually exclusive: `allowed`, `denied`. If a field in that set is populated, all other fields in the set will automatically be cleared.
+        # @!attribute [rw] denied
+        #   @return [::Google::Cloud::SecurityCenter::V2::Denied]
+        #     Tuple with denied rules.
+        #
+        #     Note: The following fields are mutually exclusive: `denied`, `allowed`. If a field in that set is populated, all other fields in the set will automatically be cleared.
+        # @!attribute [rw] source_ip_ranges
+        #   @return [::Array<::String>]
+        #     If source IP ranges are specified, the firewall rule applies only to
+        #     traffic that has a source IP address in these ranges. These ranges must be
+        #     expressed in CIDR format. Only supports IPv4.
+        # @!attribute [rw] destination_ip_ranges
+        #   @return [::Array<::String>]
+        #     If destination IP ranges are specified, the firewall rule applies only to
+        #     traffic that has a destination IP address in these ranges. These ranges
+        #     must be expressed in CIDR format. Only supports IPv4.
+        # @!attribute [rw] exposed_services
+        #   @return [::Array<::String>]
+        #     Name of the network protocol service, such as FTP, that is exposed by the
+        #     open port. Follows the naming convention available at:
+        #     https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml.
+        class IpRules
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+
+          # The type of direction that the rule is applicable to, one of ingress or
+          # egress. Not applicable to OPEN_X_PORT findings.
+          module Direction
+            # Unspecified direction value.
+            DIRECTION_UNSPECIFIED = 0
+
+            # Ingress direction value.
+            INGRESS = 1
+
+            # Egress direction value.
+            EGRESS = 2
+          end
+        end
+
+        # IP rule information.
+        # @!attribute [rw] protocol
+        #   @return [::String]
+        #     The IP protocol this rule applies to. This value can either be one of the
+        #     following well known protocol strings (TCP, UDP, ICMP, ESP, AH, IPIP,
+        #     SCTP) or a string representation of the integer value.
+        # @!attribute [rw] port_ranges
+        #   @return [::Array<::Google::Cloud::SecurityCenter::V2::IpRule::PortRange>]
+        #     Optional. An optional list of ports to which this rule applies. This field
+        #     is only applicable for the UDP or (S)TCP protocols. Each entry must be
+        #     either an integer or a range including a min and max port number.
+        class IpRule
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+
+          # A port range which is inclusive of the min and max values.
+          # Values are between 0 and 2^16-1. The max can be equal / must be not smaller
+          # than the min value. If min and max are equal this indicates that it is a
+          # single port.
+          # @!attribute [rw] min
+          #   @return [::Integer]
+          #     Minimum port value.
+          # @!attribute [rw] max
+          #   @return [::Integer]
+          #     Maximum port value.
+          class PortRange
+            include ::Google::Protobuf::MessageExts
+            extend ::Google::Protobuf::MessageExts::ClassMethods
+          end
+        end
+
+        # Allowed IP rule.
+        # @!attribute [rw] ip_rules
+        #   @return [::Array<::Google::Cloud::SecurityCenter::V2::IpRule>]
+        #     Optional. Optional list of allowed IP rules.
+        class Allowed
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # Denied IP rule.
+        # @!attribute [rw] ip_rules
+        #   @return [::Array<::Google::Cloud::SecurityCenter::V2::IpRule>]
+        #     Optional. Optional list of denied IP rules.
+        class Denied
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+      end
+    end
+  end
+end

data/proto_docs/google/cloud/securitycenter/v2/job.rb

@@ -0,0 +1,65 @@
+# frozen_string_literal: true
+
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+
+
+module Google
+  module Cloud
+    module SecurityCenter
+      module V2
+        # Describes a job
+        # @!attribute [rw] name
+        #   @return [::String]
+        #     The fully-qualified name for a job.
+        #     e.g. `projects/<project_id>/jobs/<job_id>`
+        # @!attribute [r] state
+        #   @return [::Google::Cloud::SecurityCenter::V2::JobState]
+        #     Output only. State of the job, such as `RUNNING` or `PENDING`.
+        # @!attribute [rw] error_code
+        #   @return [::Integer]
+        #     Optional. If the job did not complete successfully, this field describes
+        #     why.
+        # @!attribute [rw] location
+        #   @return [::String]
+        #     Optional. Gives the location where the job ran, such as `US` or
+        #     `europe-west1`
+        class Job
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # JobState represents the state of the job.
+        module JobState
+          # Unspecified represents an unknown state and should not be used.
+          JOB_STATE_UNSPECIFIED = 0
+
+          # Job is scheduled and pending for run
+          PENDING = 1
+
+          # Job in progress
+          RUNNING = 2
+
+          # Job has completed with success
+          SUCCEEDED = 3
+
+          # Job has completed but with failure
+          FAILED = 4
+        end
+      end
+    end
+  end
+end

data/proto_docs/google/cloud/securitycenter/v2/mitre_attack.rb

@@ -97,12 +97,51 @@ module Google
             IMPACT = 14
           end
 
-          # MITRE ATT&CK techniques that can be referenced by SCC findings.
-          # See: https://attack.mitre.org/techniques/enterprise/
+          # MITRE ATT&CK techniques that can be referenced by Security Command Center
+          # findings. See: https://attack.mitre.org/techniques/enterprise/
           module Technique
             # Unspecified value.
             TECHNIQUE_UNSPECIFIED = 0
 
+            # T1001
+            DATA_OBFUSCATION = 70
+
+            # T1001.002
+            DATA_OBFUSCATION_STEGANOGRAPHY = 71
+
+            # T1003
+            OS_CREDENTIAL_DUMPING = 114
+
+            # T1003.007
+            OS_CREDENTIAL_DUMPING_PROC_FILESYSTEM = 115
+
+            # T1003.008
+            OS_CREDENTIAL_DUMPING_ETC_PASSWORD_AND_ETC_SHADOW = 122
+
+            # T1005
+            DATA_FROM_LOCAL_SYSTEM = 117
+
+            # T1020
+            AUTOMATED_EXFILTRATION = 68
+
+            # T1027
+            OBFUSCATED_FILES_OR_INFO = 72
+
+            # T1027.003
+            STEGANOGRAPHY = 73
+
+            # T1027.004
+            COMPILE_AFTER_DELIVERY = 74
+
+            # T1027.010
+            COMMAND_OBFUSCATION = 75
+
+            # T1029
+            SCHEDULED_TRANSFER = 120
+
+            # T1033
+            SYSTEM_OWNER_USER_DISCOVERY = 118
+
             # T1036
             MASQUERADING = 49
 
@@ -118,6 +157,24 @@ module Google
             # T1046
             NETWORK_SERVICE_DISCOVERY = 32
 
+            # T1053
+            SCHEDULED_TASK_JOB = 89
+
+            # T1053.003
+            SCHEDULED_TASK_JOB_CRON = 119
+
+            # T1053.007
+            CONTAINER_ORCHESTRATION_JOB = 90
+
+            # T1055
+            PROCESS_INJECTION = 93
+
+            # T1056
+            INPUT_CAPTURE = 103
+
+            # T1056.001
+            INPUT_CAPTURE_KEYLOGGING = 104
+
             # T1057
             PROCESS_DISCOVERY = 56
 
@@ -139,9 +196,24 @@ module Google
             # T1069.003
             CLOUD_GROUPS = 19
 
+            # T1070
+            INDICATOR_REMOVAL = 123
+
+            # T1070.002
+            INDICATOR_REMOVAL_CLEAR_LINUX_OR_MAC_SYSTEM_LOGS = 124
+
+            # T1070.003
+            INDICATOR_REMOVAL_CLEAR_COMMAND_HISTORY = 125
+
             # T1070.004
             INDICATOR_REMOVAL_FILE_DELETION = 64
 
+            # T1070.006
+            INDICATOR_REMOVAL_TIMESTOMP = 128
+
+            # T1070.008
+            INDICATOR_REMOVAL_CLEAR_MAILBOX_DATA = 126
+
             # T1071
             APPLICATION_LAYER_PROTOCOL = 45
 
@@ -163,6 +235,12 @@ module Google
             # T1078.004
             CLOUD_ACCOUNTS = 16
 
+            # T1083
+            FILE_AND_DIRECTORY_DISCOVERY = 121
+
+            # T1087.001
+            ACCOUNT_DISCOVERY_LOCAL_ACCOUNT = 116
+
             # T1090
             PROXY = 9
 
@@ -178,12 +256,18 @@ module Google
             # T1098.001
             ADDITIONAL_CLOUD_CREDENTIALS = 40
 
+            # T1098.003
+            ADDITIONAL_CLOUD_ROLES = 67
+
             # T1098.004
             SSH_AUTHORIZED_KEYS = 23
 
             # T1098.006
             ADDITIONAL_CONTAINER_CLUSTER_ROLES = 58
 
+            # T1104
+            MULTI_STAGE_CHANNELS = 76
+
             # T1105
             INGRESS_TOOL_TRANSFER = 3
 
@@ -193,30 +277,69 @@ module Google
             # T1110
             BRUTE_FORCE = 44
 
+            # T1119
+            AUTOMATED_COLLECTION = 94
+
             # T1129
             SHARED_MODULES = 5
 
+            # T1132
+            DATA_ENCODING = 77
+
+            # T1132.001
+            STANDARD_ENCODING = 78
+
             # T1134
             ACCESS_TOKEN_MANIPULATION = 33
 
             # T1134.001
             TOKEN_IMPERSONATION_OR_THEFT = 39
 
+            # T1136
+            CREATE_ACCOUNT = 79
+
+            # T1136.001
+            LOCAL_ACCOUNT = 80
+
+            # T1140
+            DEOBFUSCATE_DECODE_FILES_OR_INFO = 95
+
             # T1190
             EXPLOIT_PUBLIC_FACING_APPLICATION = 27
 
+            # T1195
+            SUPPLY_CHAIN_COMPROMISE = 129
+
+            # T1195.001
+            COMPROMISE_SOFTWARE_DEPENDENCIES_AND_DEVELOPMENT_TOOLS = 130
+
+            # T1203
+            EXPLOITATION_FOR_CLIENT_EXECUTION = 134
+
+            # T1204
+            USER_EXECUTION = 69
+
+            # T1222.002
+            LINUX_AND_MAC_FILE_AND_DIRECTORY_PERMISSIONS_MODIFICATION = 135
+
             # T1484
             DOMAIN_POLICY_MODIFICATION = 30
 
             # T1485
             DATA_DESTRUCTION = 29
 
+            # T1486
+            DATA_ENCRYPTED_FOR_IMPACT = 132
+
             # T1489
             SERVICE_STOP = 52
 
             # T1490
             INHIBIT_SYSTEM_RECOVERY = 36
 
+            # T1495
+            FIRMWARE_CORRUPTION = 81
+
             # T1496
             RESOURCE_HIJACKING = 8
 
@@ -232,6 +355,9 @@ module Google
             # T1531
             ACCOUNT_ACCESS_REMOVAL = 51
 
+            # T1537
+            TRANSFER_DATA_TO_CLOUD_ACCOUNT = 91
+
             # T1539
             STEAL_WEB_SESSION_COOKIE = 25
 
@@ -241,21 +367,78 @@ module Google
             # T1546
             EVENT_TRIGGERED_EXECUTION = 65
 
+            # T1547
+            BOOT_OR_LOGON_AUTOSTART_EXECUTION = 82
+
+            # T1547.006
+            KERNEL_MODULES_AND_EXTENSIONS = 83
+
+            # T1547.009
+            SHORTCUT_MODIFICATION = 127
+
             # T1548
             ABUSE_ELEVATION_CONTROL_MECHANISM = 34
 
+            # T1548.001
+            ABUSE_ELEVATION_CONTROL_MECHANISM_SETUID_AND_SETGID = 136
+
+            # T1548.003
+            ABUSE_ELEVATION_CONTROL_MECHANISM_SUDO_AND_SUDO_CACHING = 109
+
             # T1552
             UNSECURED_CREDENTIALS = 13
 
+            # T1552.001
+            CREDENTIALS_IN_FILES = 105
+
+            # T1552.003
+            BASH_HISTORY = 96
+
+            # T1552.004
+            PRIVATE_KEYS = 97
+
+            # T1553
+            SUBVERT_TRUST_CONTROL = 106
+
+            # T1553.004
+            INSTALL_ROOT_CERTIFICATE = 107
+
+            # T1554
+            COMPROMISE_HOST_SOFTWARE_BINARY = 84
+
+            # T1555
+            CREDENTIALS_FROM_PASSWORD_STORES = 98
+
             # T1556
             MODIFY_AUTHENTICATION_PROCESS = 28
 
+            # T1556.003
+            PLUGGABLE_AUTHENTICATION_MODULES = 108
+
+            # T1556.006
+            MULTI_FACTOR_AUTHENTICATION = 137
+
             # T1562
             IMPAIR_DEFENSES = 31
 
             # T1562.001
             DISABLE_OR_MODIFY_TOOLS = 55
 
+            # T1562.006
+            INDICATOR_BLOCKING = 110
+
+            # T1562.012
+            DISABLE_OR_MODIFY_LINUX_AUDIT_SYSTEM = 111
+
+            # T1564
+            HIDE_ARTIFACTS = 85
+
+            # T1564.001
+            HIDDEN_FILES_AND_DIRECTORIES = 86
+
+            # T1564.002
+            HIDDEN_USERS = 87
+
             # T1567
             EXFILTRATION_OVER_WEB_SERVICE = 20
 
@@ -268,6 +451,12 @@ module Google
             # T1570
             LATERAL_TOOL_TRANSFER = 41
 
+            # T1574
+            HIJACK_EXECUTION_FLOW = 112
+
+            # T1574.006
+            HIJACK_EXECUTION_FLOW_DYNAMIC_LINKER_HIJACKING = 113
+
             # T1578
             MODIFY_CLOUD_COMPUTE_INFRASTRUCTURE = 26
 
@@ -277,15 +466,33 @@ module Google
             # T1580
             CLOUD_INFRASTRUCTURE_DISCOVERY = 53
 
+            # T1587
+            DEVELOP_CAPABILITIES = 99
+
+            # T1587.001
+            DEVELOP_CAPABILITIES_MALWARE = 100
+
             # T1588
             OBTAIN_CAPABILITIES = 43
 
+            # T1588.001
+            OBTAIN_CAPABILITIES_MALWARE = 101
+
+            # T1588.006
+            OBTAIN_CAPABILITIES_VULNERABILITIES = 133
+
             # T1595
             ACTIVE_SCANNING = 1
 
             # T1595.001
             SCANNING_IP_BLOCKS = 2
 
+            # T1608
+            STAGE_CAPABILITIES = 88
+
+            # T1608.001
+            UPLOAD_MALWARE = 102
+
             # T1609
             CONTAINER_ADMINISTRATION_COMMAND = 60
 
@@ -298,8 +505,14 @@ module Google
             # T1613
             CONTAINER_AND_RESOURCE_DISCOVERY = 57
 
+            # T1620
+            REFLECTIVE_CODE_LOADING = 92
+
             # T1649
             STEAL_OR_FORGE_AUTHENTICATION_CERTIFICATES = 62
+
+            # T1657
+            FINANCIAL_THEFT = 131
           end
         end
       end

data/proto_docs/google/cloud/securitycenter/v2/network.rb

@@ -0,0 +1,36 @@
+# frozen_string_literal: true
+
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+
+
+module Google
+  module Cloud
+    module SecurityCenter
+      module V2
+        # Contains information about a VPC network associated with the finding.
+        # @!attribute [rw] name
+        #   @return [::String]
+        #     The name of the VPC network resource, for example,
+        #     `//compute.googleapis.com/projects/my-project/global/networks/my-network`.
+        class Network
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+      end
+    end
+  end
+end

data/proto_docs/google/cloud/securitycenter/v2/notification_config.rb

@@ -50,6 +50,10 @@ module Google
         # @!attribute [rw] streaming_config
         #   @return [::Google::Cloud::SecurityCenter::V2::NotificationConfig::StreamingConfig]
         #     The config for triggering streaming-based notifications.
+        # @!attribute [r] update_time
+        #   @return [::Google::Protobuf::Timestamp]
+        #     Output only. The timestamp of when the notification config was last
+        #     updated.
         class NotificationConfig
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods

data/proto_docs/google/cloud/securitycenter/v2/process.rb

@@ -56,6 +56,10 @@ module Google
         # @!attribute [rw] parent_pid
         #   @return [::Integer]
         #     The parent process ID.
+        # @!attribute [rw] user_id
+        #   @return [::Integer]
+        #     The ID of the user that executed the process. E.g. If this is the root user
+        #     this will always be 0.
         class Process
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods

data/proto_docs/google/cloud/securitycenter/v2/resource.rb

@@ -76,8 +76,8 @@ module Google
           extend ::Google::Protobuf::MessageExts::ClassMethods
         end
 
-        # GCP metadata associated with the resource, only applicable if the finding's
-        # cloud provider is Google Cloud Platform.
+        # Google Cloud metadata associated with the resource. Only applicable if the
+        # finding's cloud provider is Google Cloud.
         # @!attribute [rw] project
         #   @return [::String]
         #     The full resource name of project that the resource belongs to.
@@ -299,7 +299,7 @@ module Google
           # The cloud provider is unspecified.
           CLOUD_PROVIDER_UNSPECIFIED = 0
 
-          # The cloud provider is Google Cloud Platform.
+          # The cloud provider is Google Cloud.
           GOOGLE_CLOUD_PLATFORM = 1
 
           # The cloud provider is Amazon Web Services.

data/proto_docs/google/cloud/securitycenter/v2/securitycenter_service.rb

@@ -286,6 +286,34 @@ module Google
           extend ::Google::Protobuf::MessageExts::ClassMethods
         end
 
+        # The destination big query dataset to export findings to.
+        # @!attribute [rw] dataset
+        #   @return [::String]
+        #     Required. The relative resource name of the destination dataset, in the
+        #     form projects/\\{projectId}/datasets/\\{datasetId}.
+        class BigQueryDestination
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # The LRO metadata for a ExportFindings request.
+        # @!attribute [rw] export_start_time
+        #   @return [::Google::Protobuf::Timestamp]
+        #     Optional. Timestamp at which export was started
+        # @!attribute [rw] big_query_destination
+        #   @return [::Google::Cloud::SecurityCenter::V2::BigQueryDestination]
+        #     Required. The destination big query dataset to export findings to.
+        class ExportFindingsMetadata
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # The response to a ExportFindings request. Contains the LRO information.
+        class ExportFindingsResponse
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
         # Request message for retrieving a BigQuery export.
         # @!attribute [rw] name
         #   @return [::String]