google-cloud-security_center_management-v1 1.0.1 → 1.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.yardopts +1 -1
- data/README.md +2 -2
- data/lib/google/cloud/security_center_management/v1/security_center_management/client.rb +287 -208
- data/lib/google/cloud/security_center_management/v1/security_center_management/rest/client.rb +287 -208
- data/lib/google/cloud/security_center_management/v1/version.rb +1 -1
- data/lib/google/cloud/securitycentermanagement/v1/security_center_management_services_pb.rb +60 -41
- data/proto_docs/README.md +1 -1
- data/proto_docs/google/api/client.rb +14 -0
- data/proto_docs/google/cloud/securitycentermanagement/v1/security_center_management.rb +511 -430
- metadata +3 -3
@@ -25,49 +25,47 @@ module Google
|
|
25
25
|
# settings information such as top-level enablement in addition to individual
|
26
26
|
# module settings. Service settings can be configured at the organization,
|
27
27
|
# folder, or project level. Service settings at the organization or folder
|
28
|
-
# level are inherited by those in
|
28
|
+
# level are inherited by those in descendant folders and projects.
|
29
29
|
# @!attribute [rw] name
|
30
30
|
# @return [::String]
|
31
|
-
# Identifier. The name of the service
|
31
|
+
# Identifier. The name of the service, in one of the following formats:
|
32
32
|
#
|
33
|
-
#
|
33
|
+
# * `organizations/{organization}/locations/{location}/securityCenterServices/{service}`
|
34
|
+
# * `folders/{folder}/locations/{location}/securityCenterServices/{service}`
|
35
|
+
# * `projects/{project}/locations/{location}/securityCenterServices/{service}`
|
34
36
|
#
|
35
|
-
#
|
36
|
-
# * folders/\\{folder}/locations/\\{location}/securityCenterServices/\\{service}
|
37
|
-
# * projects/\\{project}/locations/\\{location}/securityCenterServices/\\{service}
|
37
|
+
# The following values are valid for `{service}`:
|
38
38
|
#
|
39
|
-
#
|
40
|
-
#
|
41
|
-
#
|
42
|
-
#
|
43
|
-
#
|
44
|
-
# * vm-threat-detection
|
45
|
-
# * web-security-scanner
|
39
|
+
# * `container-threat-detection`
|
40
|
+
# * `event-threat-detection`
|
41
|
+
# * `security-health-analytics`
|
42
|
+
# * `vm-threat-detection`
|
43
|
+
# * `web-security-scanner`
|
46
44
|
# @!attribute [rw] intended_enablement_state
|
47
45
|
# @return [::Google::Cloud::SecurityCenterManagement::V1::SecurityCenterService::EnablementState]
|
48
|
-
# Optional. The intended state
|
49
|
-
#
|
50
|
-
#
|
46
|
+
# Optional. The intended enablement state for the service at its level of the
|
47
|
+
# resource hierarchy. A `DISABLED` state will override all module enablement
|
48
|
+
# states to `DISABLED`.
|
51
49
|
# @!attribute [r] effective_enablement_state
|
52
50
|
# @return [::Google::Cloud::SecurityCenterManagement::V1::SecurityCenterService::EnablementState]
|
53
51
|
# Output only. The effective enablement state for the service at its level of
|
54
|
-
# the resource hierarchy. If the intended state is set to INHERITED
|
52
|
+
# the resource hierarchy. If the intended state is set to `INHERITED`, the
|
55
53
|
# effective state will be inherited from the enablement state of an ancestor.
|
56
54
|
# This state may differ from the intended enablement state due to billing
|
57
55
|
# eligibility or onboarding status.
|
58
56
|
# @!attribute [rw] modules
|
59
57
|
# @return [::Google::Protobuf::Map{::String => ::Google::Cloud::SecurityCenterManagement::V1::SecurityCenterService::ModuleSettings}]
|
60
|
-
# Optional. The configurations including the state
|
61
|
-
# service's
|
58
|
+
# Optional. The module configurations, including the enablement state for the
|
59
|
+
# service's modules. The absence of a module in the map implies that its
|
62
60
|
# configuration is inherited from its parents.
|
63
61
|
# @!attribute [r] update_time
|
64
62
|
# @return [::Google::Protobuf::Timestamp]
|
65
63
|
# Output only. The time the service was last updated. This could be due to an
|
66
|
-
# explicit user update or due to a side effect of another system change such
|
64
|
+
# explicit user update or due to a side effect of another system change, such
|
67
65
|
# as billing subscription expiry.
|
68
66
|
# @!attribute [rw] service_config
|
69
67
|
# @return [::Google::Protobuf::Struct]
|
70
|
-
# Optional. Additional service
|
68
|
+
# Optional. Additional service-specific configuration. Not all services will
|
71
69
|
# utilize this field.
|
72
70
|
class SecurityCenterService
|
73
71
|
include ::Google::Protobuf::MessageExts
|
@@ -76,16 +74,15 @@ module Google
|
|
76
74
|
# The settings for individual modules.
|
77
75
|
# @!attribute [rw] intended_enablement_state
|
78
76
|
# @return [::Google::Cloud::SecurityCenterManagement::V1::SecurityCenterService::EnablementState]
|
79
|
-
# Optional. The intended state
|
77
|
+
# Optional. The intended enablement state for the module at its level of
|
80
78
|
# the resource hierarchy.
|
81
79
|
# @!attribute [r] effective_enablement_state
|
82
80
|
# @return [::Google::Cloud::SecurityCenterManagement::V1::SecurityCenterService::EnablementState]
|
83
81
|
# Output only. The effective enablement state for the module at its level
|
84
|
-
# of the resource hierarchy. If the intended state is set to INHERITED
|
85
|
-
# effective state will be inherited from the enablement state of an
|
86
|
-
# ancestor. This state may
|
87
|
-
#
|
88
|
-
# onboarding status.
|
82
|
+
# of the resource hierarchy. If the intended state is set to `INHERITED`,
|
83
|
+
# the effective state will be inherited from the enablement state of an
|
84
|
+
# ancestor. This state may differ from the intended enablement state due to
|
85
|
+
# billing eligibility or onboarding status.
|
89
86
|
class ModuleSettings
|
90
87
|
include ::Google::Protobuf::MessageExts
|
91
88
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
@@ -100,14 +97,13 @@ module Google
|
|
100
97
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
101
98
|
end
|
102
99
|
|
103
|
-
# Represents the possible
|
104
|
-
# module.
|
100
|
+
# Represents the possible enablement states for a service or module.
|
105
101
|
module EnablementState
|
106
102
|
# Default value. This value is unused.
|
107
103
|
ENABLEMENT_STATE_UNSPECIFIED = 0
|
108
104
|
|
109
|
-
# State is inherited from the parent resource.
|
110
|
-
# enablement state.
|
105
|
+
# State is inherited from the parent resource. Valid as an intended
|
106
|
+
# enablement state, but not as an effective enablement state.
|
111
107
|
INHERITED = 1
|
112
108
|
|
113
109
|
# State is enabled.
|
@@ -116,36 +112,35 @@ module Google
|
|
116
112
|
# State is disabled.
|
117
113
|
DISABLED = 3
|
118
114
|
|
119
|
-
#
|
120
|
-
#
|
121
|
-
#
|
115
|
+
# Security Command Center is configured to ingest findings from this
|
116
|
+
# service, but not to enable this service. This state indicates that
|
117
|
+
# Security Command Center is misconfigured. You can't set this state
|
118
|
+
# yourself.
|
122
119
|
INGEST_ONLY = 4
|
123
120
|
end
|
124
121
|
end
|
125
122
|
|
126
|
-
#
|
127
|
-
#
|
128
|
-
#
|
129
|
-
#
|
130
|
-
# `
|
131
|
-
#
|
132
|
-
#
|
133
|
-
# effective enablement_state for the module in all child folders or projects is
|
134
|
-
# also `enabled`. EffectiveSecurityHealthAnalyticsCustomModule is read-only.
|
123
|
+
# The representation of a Security Health Analytics custom module at a
|
124
|
+
# specified level of the resource hierarchy: organization, folder, or project.
|
125
|
+
# If a custom module is inherited from an ancestor organization or folder, then
|
126
|
+
# the enablement state is set to the value that is effective in the parent, not
|
127
|
+
# to `INHERITED`. For example, if the module is enabled in an organization or
|
128
|
+
# folder, then the effective enablement state for the module is `ENABLED` in
|
129
|
+
# all descendant folders or projects.
|
135
130
|
# @!attribute [rw] name
|
136
131
|
# @return [::String]
|
137
|
-
# Identifier. The full resource name of the custom module,
|
138
|
-
#
|
132
|
+
# Identifier. The full resource name of the custom module, in one of the
|
133
|
+
# following formats:
|
139
134
|
#
|
140
|
-
# * `organizations/organization/{location}/effectiveSecurityHealthAnalyticsCustomModules/{
|
141
|
-
# * `folders/folder/{location}/effectiveSecurityHealthAnalyticsCustomModules/{
|
142
|
-
# * `projects/project/{location}/effectiveSecurityHealthAnalyticsCustomModules/{
|
135
|
+
# * `organizations/organization/{location}/effectiveSecurityHealthAnalyticsCustomModules/{custom_module}`
|
136
|
+
# * `folders/folder/{location}/effectiveSecurityHealthAnalyticsCustomModules/{custom_module}`
|
137
|
+
# * `projects/project/{location}/effectiveSecurityHealthAnalyticsCustomModules/{custom_module}`
|
143
138
|
# @!attribute [r] custom_config
|
144
139
|
# @return [::Google::Cloud::SecurityCenterManagement::V1::CustomConfig]
|
145
140
|
# Output only. The user-specified configuration for the module.
|
146
141
|
# @!attribute [r] enablement_state
|
147
142
|
# @return [::Google::Cloud::SecurityCenterManagement::V1::EffectiveSecurityHealthAnalyticsCustomModule::EnablementState]
|
148
|
-
# Output only. The effective state
|
143
|
+
# Output only. The effective enablement state for the module at the given
|
149
144
|
# level of the hierarchy.
|
150
145
|
# @!attribute [r] display_name
|
151
146
|
# @return [::String]
|
@@ -158,7 +153,7 @@ module Google
|
|
158
153
|
|
159
154
|
# The enablement state of the module.
|
160
155
|
module EnablementState
|
161
|
-
#
|
156
|
+
# Default value. This value is unused.
|
162
157
|
ENABLEMENT_STATE_UNSPECIFIED = 0
|
163
158
|
|
164
159
|
# The module is enabled at the given level.
|
@@ -169,50 +164,56 @@ module Google
|
|
169
164
|
end
|
170
165
|
end
|
171
166
|
|
172
|
-
# Request message for
|
173
|
-
#
|
167
|
+
# Request message for
|
168
|
+
# {::Google::Cloud::SecurityCenterManagement::V1::SecurityCenterManagement::Client#list_effective_security_health_analytics_custom_modules SecurityCenterManagement.ListEffectiveSecurityHealthAnalyticsCustomModules}.
|
174
169
|
# @!attribute [rw] parent
|
175
170
|
# @return [::String]
|
176
|
-
# Required. Name of parent to list effective custom modules
|
177
|
-
#
|
171
|
+
# Required. Name of parent to list effective custom modules, in one of the
|
172
|
+
# following formats:
|
173
|
+
#
|
178
174
|
# * `organizations/{organization}/locations/{location}`
|
179
175
|
# * `folders/{folder}/locations/{location}`
|
180
|
-
#
|
181
|
-
# `projects/{project}/locations/{location}`
|
176
|
+
# * `projects/{project}/locations/{location}`
|
182
177
|
# @!attribute [rw] page_size
|
183
178
|
# @return [::Integer]
|
184
179
|
# Optional. The maximum number of results to return in a single response.
|
185
180
|
# Default is 10, minimum is 1, maximum is 1000.
|
186
181
|
# @!attribute [rw] page_token
|
187
182
|
# @return [::String]
|
188
|
-
# Optional.
|
183
|
+
# Optional. A pagination token returned from a previous request. Provide this
|
184
|
+
# token to retrieve the next page of results.
|
185
|
+
#
|
186
|
+
# When paginating, the rest of the request must match the request that
|
187
|
+
# generated the page token.
|
189
188
|
class ListEffectiveSecurityHealthAnalyticsCustomModulesRequest
|
190
189
|
include ::Google::Protobuf::MessageExts
|
191
190
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
192
191
|
end
|
193
192
|
|
194
|
-
# Response message for
|
195
|
-
#
|
193
|
+
# Response message for
|
194
|
+
# {::Google::Cloud::SecurityCenterManagement::V1::SecurityCenterManagement::Client#list_effective_security_health_analytics_custom_modules SecurityCenterManagement.ListEffectiveSecurityHealthAnalyticsCustomModules}.
|
196
195
|
# @!attribute [rw] effective_security_health_analytics_custom_modules
|
197
196
|
# @return [::Array<::Google::Cloud::SecurityCenterManagement::V1::EffectiveSecurityHealthAnalyticsCustomModule>]
|
198
|
-
# The list of
|
197
|
+
# The list of effective Security Health Analytics custom modules.
|
199
198
|
# @!attribute [rw] next_page_token
|
200
199
|
# @return [::String]
|
201
|
-
# A token
|
200
|
+
# A pagination token. To retrieve the next page of results, call the method
|
201
|
+
# again with this token.
|
202
202
|
class ListEffectiveSecurityHealthAnalyticsCustomModulesResponse
|
203
203
|
include ::Google::Protobuf::MessageExts
|
204
204
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
205
205
|
end
|
206
206
|
|
207
|
-
#
|
207
|
+
# Request message for
|
208
|
+
# {::Google::Cloud::SecurityCenterManagement::V1::SecurityCenterManagement::Client#get_effective_security_health_analytics_custom_module SecurityCenterManagement.GetEffectiveSecurityHealthAnalyticsCustomModule}.
|
208
209
|
# @!attribute [rw] name
|
209
210
|
# @return [::String]
|
210
211
|
# Required. The full resource name of the custom module, specified in one of
|
211
212
|
# the following formats:
|
212
213
|
#
|
213
|
-
# * `organizations/organization/{location}/effectiveSecurityHealthAnalyticsCustomModules/{
|
214
|
-
# * `folders/folder/{location}/effectiveSecurityHealthAnalyticsCustomModules/{
|
215
|
-
# * `projects/project/{location}/effectiveSecurityHealthAnalyticsCustomModules/{
|
214
|
+
# * `organizations/organization/{location}/effectiveSecurityHealthAnalyticsCustomModules/{custom_module}`
|
215
|
+
# * `folders/folder/{location}/effectiveSecurityHealthAnalyticsCustomModules/{custom_module}`
|
216
|
+
# * `projects/project/{location}/effectiveSecurityHealthAnalyticsCustomModules/{custom_module}`
|
216
217
|
class GetEffectiveSecurityHealthAnalyticsCustomModuleRequest
|
217
218
|
include ::Google::Protobuf::MessageExts
|
218
219
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
@@ -222,20 +223,21 @@ module Google
|
|
222
223
|
# including its full module name, display name, enablement state, and last
|
223
224
|
# updated time. You can create a custom module at the organization, folder, or
|
224
225
|
# project level. Custom modules that you create at the organization or folder
|
225
|
-
# level are inherited by the
|
226
|
+
# level are inherited by the descendant folders and projects.
|
226
227
|
# @!attribute [rw] name
|
227
228
|
# @return [::String]
|
228
|
-
# Identifier. The full resource name of the custom module,
|
229
|
-
#
|
230
|
-
#
|
231
|
-
# * `
|
232
|
-
# * `
|
229
|
+
# Identifier. The full resource name of the custom module, in one of the
|
230
|
+
# following formats:
|
231
|
+
#
|
232
|
+
# * `organizations/{organization}/locations/{location}/securityHealthAnalyticsCustomModules/{custom_module}`
|
233
|
+
# * `folders/{folder}/locations/{location}/securityHealthAnalyticsCustomModules/{custom_module}`
|
234
|
+
# * `projects/{project}/locations/{location}/securityHealthAnalyticsCustomModules/{custom_module}`
|
233
235
|
# @!attribute [rw] display_name
|
234
236
|
# @return [::String]
|
235
237
|
# Optional. The display name of the Security Health Analytics custom module.
|
236
238
|
# This display name becomes the finding category for all findings that are
|
237
|
-
# returned by this custom module. The display name must be between 1 and
|
238
|
-
#
|
239
|
+
# returned by this custom module. The display name must be between 1 and 128
|
240
|
+
# characters, start with a lowercase letter, and contain alphanumeric
|
239
241
|
# characters or underscores only.
|
240
242
|
# @!attribute [rw] enablement_state
|
241
243
|
# @return [::Google::Cloud::SecurityCenterManagement::V1::SecurityHealthAnalyticsCustomModule::EnablementState]
|
@@ -254,27 +256,27 @@ module Google
|
|
254
256
|
# module.
|
255
257
|
# @!attribute [rw] custom_config
|
256
258
|
# @return [::Google::Cloud::SecurityCenterManagement::V1::CustomConfig]
|
257
|
-
# Optional. The user
|
259
|
+
# Optional. The user-specified custom configuration for the module.
|
258
260
|
class SecurityHealthAnalyticsCustomModule
|
259
261
|
include ::Google::Protobuf::MessageExts
|
260
262
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
261
263
|
|
262
264
|
# Possible enablement states of a custom module.
|
263
265
|
module EnablementState
|
264
|
-
#
|
266
|
+
# Default value. This value is unused.
|
265
267
|
ENABLEMENT_STATE_UNSPECIFIED = 0
|
266
268
|
|
267
|
-
# The module is enabled at the given
|
269
|
+
# The module is enabled at the given organization, folder, or project.
|
268
270
|
ENABLED = 1
|
269
271
|
|
270
|
-
# The module is disabled at the given
|
272
|
+
# The module is disabled at the given organization, folder, or project.
|
271
273
|
DISABLED = 2
|
272
274
|
|
273
275
|
# State is inherited from an ancestor module. The module will either
|
274
|
-
# be effectively ENABLED or DISABLED based on its closest non-inherited
|
275
|
-
# ancestor module in the
|
276
|
-
# module (module with no parent) to the INHERITED state
|
277
|
-
# INVALID_ARGUMENT error.
|
276
|
+
# be effectively `ENABLED` or `DISABLED` based on its closest non-inherited
|
277
|
+
# ancestor module in the resource hierarchy. If you try to set a top-level
|
278
|
+
# module (a module with no parent) to the `INHERITED` state, you receive an
|
279
|
+
# `INVALID_ARGUMENT` error.
|
278
280
|
INHERITED = 3
|
279
281
|
end
|
280
282
|
end
|
@@ -284,8 +286,9 @@ module Google
|
|
284
286
|
# detectors that generate custom findings for resources that you specify.
|
285
287
|
# @!attribute [rw] predicate
|
286
288
|
# @return [::Google::Type::Expr]
|
287
|
-
# Optional. The CEL expression to evaluate to
|
288
|
-
# expression evaluates to true against a
|
289
|
+
# Optional. The Common Expression Language (CEL) expression to evaluate to
|
290
|
+
# produce findings. When the expression evaluates to `true` against a
|
291
|
+
# resource, a finding is generated.
|
289
292
|
# @!attribute [rw] custom_output
|
290
293
|
# @return [::Google::Cloud::SecurityCenterManagement::V1::CustomConfig::CustomOutputSpec]
|
291
294
|
# Optional. Custom output properties.
|
@@ -308,16 +311,14 @@ module Google
|
|
308
311
|
# @return [::String]
|
309
312
|
# Optional. An explanation of the recommended steps that security teams can
|
310
313
|
# take to resolve the detected issue. This explanation is returned with each
|
311
|
-
# finding generated by this module
|
312
|
-
# JSON.
|
314
|
+
# finding generated by this module.
|
313
315
|
class CustomConfig
|
314
316
|
include ::Google::Protobuf::MessageExts
|
315
317
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
316
318
|
|
317
319
|
# A set of optional name-value pairs that define custom source properties to
|
318
320
|
# return with each finding that is generated by the custom module. The custom
|
319
|
-
# source properties that are defined here are included in the finding
|
320
|
-
# under `sourceProperties`.
|
321
|
+
# source properties that are defined here are included in the finding.
|
321
322
|
# @!attribute [rw] properties
|
322
323
|
# @return [::Array<::Google::Cloud::SecurityCenterManagement::V1::CustomConfig::CustomOutputSpec::Property>]
|
323
324
|
# Optional. A list of custom output properties to add to the finding.
|
@@ -351,7 +352,7 @@ module Google
|
|
351
352
|
|
352
353
|
# Defines the valid value options for the severity of a finding.
|
353
354
|
module Severity
|
354
|
-
#
|
355
|
+
# Default value. This value is unused.
|
355
356
|
SEVERITY_UNSPECIFIED = 0
|
356
357
|
|
357
358
|
# Critical severity.
|
@@ -368,11 +369,12 @@ module Google
|
|
368
369
|
end
|
369
370
|
end
|
370
371
|
|
371
|
-
# Request message for
|
372
|
+
# Request message for
|
373
|
+
# {::Google::Cloud::SecurityCenterManagement::V1::SecurityCenterManagement::Client#list_security_health_analytics_custom_modules SecurityCenterManagement.ListSecurityHealthAnalyticsCustomModules}.
|
372
374
|
# @!attribute [rw] parent
|
373
375
|
# @return [::String]
|
374
|
-
# Required. Name of parent organization, folder, or project in which to
|
375
|
-
# custom modules,
|
376
|
+
# Required. Name of the parent organization, folder, or project in which to
|
377
|
+
# list custom modules, in one of the following formats:
|
376
378
|
#
|
377
379
|
# * `organizations/{organization}/locations/{location}`
|
378
380
|
# * `folders/{folder}/locations/{location}`
|
@@ -383,30 +385,36 @@ module Google
|
|
383
385
|
# Default is 10, minimum is 1, maximum is 1000.
|
384
386
|
# @!attribute [rw] page_token
|
385
387
|
# @return [::String]
|
386
|
-
# Optional. A token
|
388
|
+
# Optional. A pagination token returned from a previous request. Provide this
|
389
|
+
# token to retrieve the next page of results.
|
390
|
+
#
|
391
|
+
# When paginating, the rest of the request must match the request that
|
392
|
+
# generated the page token.
|
387
393
|
class ListSecurityHealthAnalyticsCustomModulesRequest
|
388
394
|
include ::Google::Protobuf::MessageExts
|
389
395
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
390
396
|
end
|
391
397
|
|
392
|
-
# Response message for
|
398
|
+
# Response message for
|
399
|
+
# {::Google::Cloud::SecurityCenterManagement::V1::SecurityCenterManagement::Client#list_security_health_analytics_custom_modules SecurityCenterManagement.ListSecurityHealthAnalyticsCustomModules}.
|
393
400
|
# @!attribute [rw] security_health_analytics_custom_modules
|
394
401
|
# @return [::Array<::Google::Cloud::SecurityCenterManagement::V1::SecurityHealthAnalyticsCustomModule>]
|
395
|
-
# The list of
|
402
|
+
# The list of Security Health Analytics custom modules.
|
396
403
|
# @!attribute [rw] next_page_token
|
397
404
|
# @return [::String]
|
398
|
-
# A token
|
405
|
+
# A pagination token. To retrieve the next page of results, call the method
|
406
|
+
# again with this token.
|
399
407
|
class ListSecurityHealthAnalyticsCustomModulesResponse
|
400
408
|
include ::Google::Protobuf::MessageExts
|
401
409
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
402
410
|
end
|
403
411
|
|
404
|
-
# Request message for
|
405
|
-
#
|
412
|
+
# Request message for
|
413
|
+
# {::Google::Cloud::SecurityCenterManagement::V1::SecurityCenterManagement::Client#list_descendant_security_health_analytics_custom_modules SecurityCenterManagement.ListDescendantSecurityHealthAnalyticsCustomModules}.
|
406
414
|
# @!attribute [rw] parent
|
407
415
|
# @return [::String]
|
408
416
|
# Required. Name of the parent organization, folder, or project in which to
|
409
|
-
# list custom modules,
|
417
|
+
# list custom modules, in one of the following formats:
|
410
418
|
#
|
411
419
|
# * `organizations/{organization}/locations/{location}`
|
412
420
|
# * `folders/{folder}/locations/{location}`
|
@@ -417,118 +425,147 @@ module Google
|
|
417
425
|
# Default is 10, minimum is 1, maximum is 1000.
|
418
426
|
# @!attribute [rw] page_token
|
419
427
|
# @return [::String]
|
420
|
-
# Optional. A token
|
428
|
+
# Optional. A pagination token returned from a previous request. Provide this
|
429
|
+
# token to retrieve the next page of results.
|
430
|
+
#
|
431
|
+
# When paginating, the rest of the request must match the request that
|
432
|
+
# generated the page token.
|
421
433
|
class ListDescendantSecurityHealthAnalyticsCustomModulesRequest
|
422
434
|
include ::Google::Protobuf::MessageExts
|
423
435
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
424
436
|
end
|
425
437
|
|
426
|
-
# Response message for
|
427
|
-
#
|
438
|
+
# Response message for
|
439
|
+
# {::Google::Cloud::SecurityCenterManagement::V1::SecurityCenterManagement::Client#list_descendant_security_health_analytics_custom_modules SecurityCenterManagement.ListDescendantSecurityHealthAnalyticsCustomModules}.
|
428
440
|
# @!attribute [rw] security_health_analytics_custom_modules
|
429
441
|
# @return [::Array<::Google::Cloud::SecurityCenterManagement::V1::SecurityHealthAnalyticsCustomModule>]
|
430
442
|
# The list of SecurityHealthAnalyticsCustomModules
|
431
443
|
# @!attribute [rw] next_page_token
|
432
444
|
# @return [::String]
|
433
|
-
# A token
|
445
|
+
# A pagination token. To retrieve the next page of results, call the method
|
446
|
+
# again with this token.
|
434
447
|
class ListDescendantSecurityHealthAnalyticsCustomModulesResponse
|
435
448
|
include ::Google::Protobuf::MessageExts
|
436
449
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
437
450
|
end
|
438
451
|
|
439
|
-
#
|
452
|
+
# Request message for
|
453
|
+
# {::Google::Cloud::SecurityCenterManagement::V1::SecurityCenterManagement::Client#get_security_health_analytics_custom_module SecurityCenterManagement.GetSecurityHealthAnalyticsCustomModule}.
|
440
454
|
# @!attribute [rw] name
|
441
455
|
# @return [::String]
|
442
|
-
# Required. Name of the resource
|
456
|
+
# Required. Name of the resource, in the format
|
457
|
+
# `projects/{project}/locations/{location}/securityHealthAnalyticsCustomModules/{custom_module}`.
|
443
458
|
class GetSecurityHealthAnalyticsCustomModuleRequest
|
444
459
|
include ::Google::Protobuf::MessageExts
|
445
460
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
446
461
|
end
|
447
462
|
|
448
|
-
#
|
463
|
+
# Request message for
|
464
|
+
# {::Google::Cloud::SecurityCenterManagement::V1::SecurityCenterManagement::Client#create_security_health_analytics_custom_module SecurityCenterManagement.CreateSecurityHealthAnalyticsCustomModule}.
|
449
465
|
# @!attribute [rw] parent
|
450
466
|
# @return [::String]
|
451
467
|
# Required. Name of the parent organization, folder, or project of the
|
452
|
-
# module,
|
468
|
+
# module, in one of the following formats:
|
453
469
|
#
|
454
470
|
# * `organizations/{organization}/locations/{location}`
|
455
471
|
# * `folders/{folder}/locations/{location}`
|
456
472
|
# * `projects/{project}/locations/{location}`
|
457
473
|
# @!attribute [rw] security_health_analytics_custom_module
|
458
474
|
# @return [::Google::Cloud::SecurityCenterManagement::V1::SecurityHealthAnalyticsCustomModule]
|
459
|
-
# Required. The resource being created
|
475
|
+
# Required. The resource being created.
|
460
476
|
# @!attribute [rw] validate_only
|
461
477
|
# @return [::Boolean]
|
462
|
-
# Optional. When set to true
|
463
|
-
#
|
464
|
-
#
|
465
|
-
# invalid.
|
466
|
-
#
|
467
|
-
#
|
468
|
-
#
|
469
|
-
#
|
478
|
+
# Optional. When set to `true`, the request will be validated (including IAM
|
479
|
+
# checks), but no module will be created. An `OK` response indicates that the
|
480
|
+
# request is valid, while an error response indicates that the request is
|
481
|
+
# invalid.
|
482
|
+
#
|
483
|
+
# If the request is valid, a subsequent request to create the module could
|
484
|
+
# still fail for one of the following reasons:
|
485
|
+
#
|
486
|
+
# * The state of your cloud resources changed; for example, you lost a
|
487
|
+
# required IAM permission
|
488
|
+
# * An error occurred during creation of the module
|
489
|
+
#
|
490
|
+
# Defaults to `false`.
|
470
491
|
class CreateSecurityHealthAnalyticsCustomModuleRequest
|
471
492
|
include ::Google::Protobuf::MessageExts
|
472
493
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
473
494
|
end
|
474
495
|
|
475
|
-
#
|
496
|
+
# Request message for
|
497
|
+
# {::Google::Cloud::SecurityCenterManagement::V1::SecurityCenterManagement::Client#update_security_health_analytics_custom_module SecurityCenterManagement.UpdateSecurityHealthAnalyticsCustomModule}.
|
476
498
|
# @!attribute [rw] update_mask
|
477
499
|
# @return [::Google::Protobuf::FieldMask]
|
478
|
-
# Required. The
|
479
|
-
#
|
480
|
-
#
|
481
|
-
#
|
500
|
+
# Required. The fields to update. The following values are valid:
|
501
|
+
#
|
502
|
+
# * `custom_config`
|
503
|
+
# * `enablement_state`
|
504
|
+
#
|
505
|
+
# If you omit this field or set it to the wildcard value `*`, then all
|
506
|
+
# eligible fields are updated.
|
482
507
|
# @!attribute [rw] security_health_analytics_custom_module
|
483
508
|
# @return [::Google::Cloud::SecurityCenterManagement::V1::SecurityHealthAnalyticsCustomModule]
|
484
|
-
# Required. The resource being updated
|
509
|
+
# Required. The resource being updated.
|
485
510
|
# @!attribute [rw] validate_only
|
486
511
|
# @return [::Boolean]
|
487
|
-
# Optional. When set to true
|
488
|
-
#
|
489
|
-
#
|
490
|
-
# invalid.
|
491
|
-
#
|
492
|
-
#
|
493
|
-
#
|
512
|
+
# Optional. When set to `true`, the request will be validated (including IAM
|
513
|
+
# checks), but no module will be updated. An `OK` response indicates that the
|
514
|
+
# request is valid, while an error response indicates that the request is
|
515
|
+
# invalid.
|
516
|
+
#
|
517
|
+
# If the request is valid, a subsequent request to update the module could
|
518
|
+
# still fail for one of the following reasons:
|
519
|
+
#
|
520
|
+
# * The state of your cloud resources changed; for example, you lost a
|
521
|
+
# required IAM permission
|
522
|
+
# * An error occurred during creation of the module
|
523
|
+
#
|
524
|
+
# Defaults to `false`.
|
494
525
|
class UpdateSecurityHealthAnalyticsCustomModuleRequest
|
495
526
|
include ::Google::Protobuf::MessageExts
|
496
527
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
497
528
|
end
|
498
529
|
|
499
|
-
#
|
530
|
+
# Request message for
|
531
|
+
# {::Google::Cloud::SecurityCenterManagement::V1::SecurityCenterManagement::Client#delete_security_health_analytics_custom_module SecurityCenterManagement.DeleteSecurityHealthAnalyticsCustomModule}.
|
500
532
|
# @!attribute [rw] name
|
501
533
|
# @return [::String]
|
502
|
-
# Required. The resource name of the SHA custom module
|
503
|
-
#
|
504
|
-
# Its format is:
|
534
|
+
# Required. The resource name of the SHA custom module, in one of the
|
535
|
+
# following formats:
|
505
536
|
#
|
506
|
-
# * `organizations/{organization}/locations/{location}/securityHealthAnalyticsCustomModules/{
|
507
|
-
# * `folders/{folder}/locations/{location}/securityHealthAnalyticsCustomModules/{
|
508
|
-
# * `projects/{project}/locations/{location}/securityHealthAnalyticsCustomModules/{
|
537
|
+
# * `organizations/{organization}/locations/{location}/securityHealthAnalyticsCustomModules/{custom_module}`
|
538
|
+
# * `folders/{folder}/locations/{location}/securityHealthAnalyticsCustomModules/{custom_module}`
|
539
|
+
# * `projects/{project}/locations/{location}/securityHealthAnalyticsCustomModules/{custom_module}`
|
509
540
|
# @!attribute [rw] validate_only
|
510
541
|
# @return [::Boolean]
|
511
|
-
# Optional. When set to true
|
512
|
-
#
|
513
|
-
#
|
514
|
-
# invalid.
|
515
|
-
#
|
516
|
-
#
|
517
|
-
#
|
542
|
+
# Optional. When set to `true`, the request will be validated (including IAM
|
543
|
+
# checks), but no module will be deleted. An `OK` response indicates that the
|
544
|
+
# request is valid, while an error response indicates that the request is
|
545
|
+
# invalid.
|
546
|
+
#
|
547
|
+
# If the request is valid, a subsequent request to delete the module could
|
548
|
+
# still fail for one of the following reasons:
|
549
|
+
#
|
550
|
+
# * The state of your cloud resources changed; for example, you lost a
|
551
|
+
# required IAM permission
|
552
|
+
# * An error occurred during deletion of the module
|
553
|
+
#
|
554
|
+
# Defaults to `false`.
|
518
555
|
class DeleteSecurityHealthAnalyticsCustomModuleRequest
|
519
556
|
include ::Google::Protobuf::MessageExts
|
520
557
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
521
558
|
end
|
522
559
|
|
523
|
-
# Request message
|
524
|
-
#
|
560
|
+
# Request message for
|
561
|
+
# {::Google::Cloud::SecurityCenterManagement::V1::SecurityCenterManagement::Client#simulate_security_health_analytics_custom_module SecurityCenterManagement.SimulateSecurityHealthAnalyticsCustomModule}.
|
562
|
+
# The maximum size of the request is 4 MiB.
|
525
563
|
# @!attribute [rw] parent
|
526
564
|
# @return [::String]
|
527
565
|
# Required. The relative resource name of the organization, project, or
|
528
|
-
# folder. For more information about relative resource names, see [
|
529
|
-
# Resource
|
530
|
-
#
|
531
|
-
# Example: `organizations/{organization_id}`.
|
566
|
+
# folder. For more information about relative resource names, see [AIP-122:
|
567
|
+
# Resource names](https://google.aip.dev/122). Example:
|
568
|
+
# `organizations/{organization_id}`.
|
532
569
|
# @!attribute [rw] custom_config
|
533
570
|
# @return [::Google::Cloud::SecurityCenterManagement::V1::CustomConfig]
|
534
571
|
# Required. The custom configuration that you need to test.
|
@@ -539,74 +576,79 @@ module Google
|
|
539
576
|
include ::Google::Protobuf::MessageExts
|
540
577
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
541
578
|
|
542
|
-
# Manually constructed
|
543
|
-
# only the resource data, you can omit the `iam_policy_data` field. If it
|
544
|
-
# evaluates only the `iam_policy_data` field, you can omit the resource data.
|
579
|
+
# Manually constructed information about a resource.
|
545
580
|
# @!attribute [rw] resource_type
|
546
581
|
# @return [::String]
|
547
|
-
# Required. The type of the resource
|
582
|
+
# Required. The type of the resource. For example,
|
548
583
|
# `compute.googleapis.com/Disk`.
|
549
584
|
# @!attribute [rw] resource_data
|
550
585
|
# @return [::Google::Protobuf::Struct]
|
551
586
|
# Optional. A representation of the Google Cloud resource. Should match the
|
552
587
|
# Google Cloud resource JSON format.
|
588
|
+
#
|
589
|
+
# If the custom module evaluates only the IAM allow policy, then you can
|
590
|
+
# omit this field.
|
553
591
|
# @!attribute [rw] iam_policy_data
|
554
592
|
# @return [::Google::Iam::V1::Policy]
|
555
|
-
# Optional. A representation of the IAM policy.
|
593
|
+
# Optional. A representation of the IAM allow policy.
|
594
|
+
#
|
595
|
+
# If the custom module evaluates only the resource data, then you can omit
|
596
|
+
# this field.
|
556
597
|
class SimulatedResource
|
557
598
|
include ::Google::Protobuf::MessageExts
|
558
599
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
559
600
|
end
|
560
601
|
end
|
561
602
|
|
562
|
-
#
|
563
|
-
#
|
603
|
+
# The minimum set of fields needed to represent a simulated finding from a
|
604
|
+
# Security Health Analytics custom module.
|
564
605
|
# @!attribute [rw] name
|
565
606
|
# @return [::String]
|
566
|
-
# Identifier. The [relative resource
|
567
|
-
#
|
568
|
-
#
|
569
|
-
# `organizations/{organization_id}/sources/{source_id}/findings/{finding_id}
|
570
|
-
# `folders/{folder_id}/sources/{source_id}/findings/{finding_id}
|
571
|
-
# `projects/{project_id}/sources/{source_id}/findings/{finding_id}
|
607
|
+
# Identifier. The [relative resource name](https://google.aip.dev/122) of the
|
608
|
+
# finding, in one of the following formats:
|
609
|
+
#
|
610
|
+
# * `organizations/{organization_id}/sources/{source_id}/findings/{finding_id}`
|
611
|
+
# * `folders/{folder_id}/sources/{source_id}/findings/{finding_id}`
|
612
|
+
# * `projects/{project_id}/sources/{source_id}/findings/{finding_id}`
|
572
613
|
# @!attribute [rw] parent
|
573
614
|
# @return [::String]
|
574
|
-
# The relative resource name of the source the
|
575
|
-
#
|
576
|
-
# This field is
|
577
|
-
#
|
578
|
-
# `organizations/{organization_id}/sources/{source_id}`
|
615
|
+
# The [relative resource name](https://google.aip.dev/122) of the source the
|
616
|
+
# finding belongs to. For example,
|
617
|
+
# `organizations/{organization_id}/sources/{source_id}`. This field is
|
618
|
+
# immutable after creation time.
|
579
619
|
# @!attribute [rw] resource_name
|
580
620
|
# @return [::String]
|
581
|
-
# For findings on Google Cloud resources, the
|
582
|
-
# name of the
|
583
|
-
#
|
584
|
-
#
|
585
|
-
#
|
586
|
-
# creation time.
|
621
|
+
# For findings on Google Cloud resources, the
|
622
|
+
# [full resource name](https://google.aip.dev/122#full-resource-names) of the
|
623
|
+
# Google Cloud resource this finding is for. When the finding is for a
|
624
|
+
# non-Google Cloud resource, the value can be a customer or partner defined
|
625
|
+
# string. This field is immutable after creation time.
|
587
626
|
# @!attribute [rw] category
|
588
627
|
# @return [::String]
|
589
|
-
# The additional taxonomy group within findings from a given source.
|
590
|
-
# This field is immutable after creation
|
591
|
-
#
|
628
|
+
# The additional taxonomy group within findings from a given source. For
|
629
|
+
# example, `XSS_FLASH_INJECTION`. This field is immutable after creation
|
630
|
+
# time.
|
592
631
|
# @!attribute [r] state
|
593
632
|
# @return [::Google::Cloud::SecurityCenterManagement::V1::SimulatedFinding::State]
|
594
633
|
# Output only. The state of the finding.
|
595
634
|
# @!attribute [rw] source_properties
|
596
635
|
# @return [::Google::Protobuf::Map{::String => ::Google::Protobuf::Value}]
|
597
|
-
# Source
|
598
|
-
# that writes the finding. The key names
|
599
|
-
#
|
600
|
-
#
|
636
|
+
# Source-specific properties. These properties are managed by the source
|
637
|
+
# that writes the finding. The key names must be between 1 and 255
|
638
|
+
# characters; they must start with a letter and contain alphanumeric
|
639
|
+
# characters or underscores only.
|
601
640
|
# @!attribute [rw] event_time
|
602
641
|
# @return [::Google::Protobuf::Timestamp]
|
603
642
|
# The time the finding was first detected. If an existing finding is updated,
|
604
|
-
# then this is the time the update occurred.
|
643
|
+
# then this is the time the update occurred. If the finding is later
|
644
|
+
# resolved, then this time reflects when the finding was resolved.
|
645
|
+
#
|
605
646
|
# For example, if the finding represents an open firewall, this property
|
606
647
|
# captures the time the detector believes the firewall became open. The
|
607
|
-
# accuracy is determined by the detector.
|
608
|
-
#
|
609
|
-
# be set to a value greater than the current
|
648
|
+
# accuracy is determined by the detector.
|
649
|
+
#
|
650
|
+
# The event time must not be set to a value greater than the current
|
651
|
+
# timestamp.
|
610
652
|
# @!attribute [rw] severity
|
611
653
|
# @return [::Google::Cloud::SecurityCenterManagement::V1::SimulatedFinding::Severity]
|
612
654
|
# The severity of the finding. This field is managed by the source that
|
@@ -629,97 +671,92 @@ module Google
|
|
629
671
|
|
630
672
|
# The state of the finding.
|
631
673
|
module State
|
632
|
-
#
|
674
|
+
# Default value. This value is unused.
|
633
675
|
STATE_UNSPECIFIED = 0
|
634
676
|
|
635
677
|
# The finding requires attention and has not been addressed yet.
|
636
678
|
ACTIVE = 1
|
637
679
|
|
638
|
-
# The finding has been fixed, triaged as a non-issue or otherwise
|
639
|
-
# and is no longer active.
|
680
|
+
# The finding has been fixed, triaged as a non-issue, or otherwise
|
681
|
+
# addressed and is no longer active.
|
640
682
|
INACTIVE = 2
|
641
683
|
end
|
642
684
|
|
643
685
|
# The severity of the finding.
|
644
686
|
module Severity
|
645
|
-
# This value is
|
646
|
-
# value.
|
687
|
+
# Default value. This value is unused.
|
647
688
|
SEVERITY_UNSPECIFIED = 0
|
648
689
|
|
649
|
-
#
|
650
|
-
#
|
651
|
-
#
|
652
|
-
#
|
653
|
-
#
|
654
|
-
#
|
655
|
-
# passwords.
|
690
|
+
# For vulnerabilities: A critical vulnerability is easily discoverable by
|
691
|
+
# an external actor, exploitable, and results in the direct ability to
|
692
|
+
# execute arbitrary code, exfiltrate data, and otherwise gain additional
|
693
|
+
# access and privileges to cloud resources and workloads. Examples include
|
694
|
+
# publicly accessible unprotected user data and public SSH access with weak
|
695
|
+
# or no passwords.
|
656
696
|
#
|
657
|
-
#
|
658
|
-
#
|
659
|
-
# execute unauthorized code within existing resources.
|
697
|
+
# For threats: Indicates a threat that is able to access, modify, or delete
|
698
|
+
# data or execute unauthorized code within existing resources.
|
660
699
|
CRITICAL = 1
|
661
700
|
|
662
|
-
#
|
663
|
-
#
|
664
|
-
#
|
665
|
-
#
|
666
|
-
#
|
667
|
-
#
|
668
|
-
#
|
669
|
-
# actor that had access to the internal network.
|
701
|
+
# For vulnerabilities: A high-risk vulnerability can be easily discovered
|
702
|
+
# and exploited in combination with other vulnerabilities in order to gain
|
703
|
+
# direct access and the ability to execute arbitrary code, exfiltrate data,
|
704
|
+
# and otherwise gain additional access and privileges to cloud resources
|
705
|
+
# and workloads. An example is a database with weak or no passwords that is
|
706
|
+
# only accessible internally. This database could easily be compromised by
|
707
|
+
# an actor that had access to the internal network.
|
670
708
|
#
|
671
|
-
#
|
672
|
-
#
|
673
|
-
#
|
674
|
-
# resources.
|
709
|
+
# For threats: Indicates a threat that is able to create new computational
|
710
|
+
# resources in an environment but not able to access data or execute code
|
711
|
+
# in existing resources.
|
675
712
|
HIGH = 2
|
676
713
|
|
677
|
-
#
|
678
|
-
#
|
679
|
-
#
|
680
|
-
#
|
681
|
-
#
|
682
|
-
# access to
|
683
|
-
#
|
684
|
-
#
|
714
|
+
# For vulnerabilities: A medium-risk vulnerability could be used by an
|
715
|
+
# actor to gain access to resources or privileges that enable them to
|
716
|
+
# eventually (through multiple steps or a complex exploit) gain access and
|
717
|
+
# the ability to execute arbitrary code or exfiltrate data. An example is a
|
718
|
+
# service account with access to more projects than it should have. If an
|
719
|
+
# actor gains access to the service account, they could potentially use
|
720
|
+
# that access to manipulate a project the service account was not intended
|
721
|
+
# to.
|
685
722
|
#
|
686
|
-
#
|
687
|
-
#
|
688
|
-
# access data or execute unauthorized code.
|
723
|
+
# For threats: Indicates a threat that is able to cause operational impact
|
724
|
+
# but may not access data or execute unauthorized code.
|
689
725
|
MEDIUM = 3
|
690
726
|
|
691
|
-
#
|
692
|
-
#
|
693
|
-
#
|
694
|
-
#
|
695
|
-
#
|
727
|
+
# For vulnerabilities: A low-risk vulnerability hampers a security
|
728
|
+
# organization's ability to detect vulnerabilities or active threats in
|
729
|
+
# their deployment, or prevents the root cause investigation of security
|
730
|
+
# issues. An example is monitoring and logs being disabled for resource
|
731
|
+
# configurations and access.
|
696
732
|
#
|
697
|
-
#
|
698
|
-
#
|
699
|
-
#
|
733
|
+
# For threats: Indicates a threat that has obtained minimal access to an
|
734
|
+
# environment but is not able to access data, execute code, or create
|
735
|
+
# resources.
|
700
736
|
LOW = 4
|
701
737
|
end
|
702
738
|
|
703
|
-
# Represents what kind of
|
739
|
+
# Represents what kind of finding it is.
|
704
740
|
module FindingClass
|
705
|
-
#
|
741
|
+
# Default value. This value is unused.
|
706
742
|
FINDING_CLASS_UNSPECIFIED = 0
|
707
743
|
|
708
744
|
# Describes unwanted or malicious activity.
|
709
745
|
THREAT = 1
|
710
746
|
|
711
747
|
# Describes a potential weakness in software that increases risk to
|
712
|
-
#
|
748
|
+
# confidentiality, integrity, and availability.
|
713
749
|
VULNERABILITY = 2
|
714
750
|
|
715
|
-
# Describes a potential weakness in cloud resource
|
716
|
-
# increases risk.
|
751
|
+
# Describes a potential weakness in cloud resource or asset configuration
|
752
|
+
# that increases risk.
|
717
753
|
MISCONFIGURATION = 3
|
718
754
|
|
719
755
|
# Describes a security observation that is for informational purposes.
|
720
756
|
OBSERVATION = 4
|
721
757
|
|
722
|
-
# Describes an error that prevents
|
758
|
+
# Describes an error that prevents Security Command Center from working
|
759
|
+
# correctly.
|
723
760
|
SCC_ERROR = 5
|
724
761
|
|
725
762
|
# Describes a potential security risk due to a change in the security
|
@@ -732,8 +769,8 @@ module Google
|
|
732
769
|
end
|
733
770
|
end
|
734
771
|
|
735
|
-
# Response message for
|
736
|
-
#
|
772
|
+
# Response message for
|
773
|
+
# {::Google::Cloud::SecurityCenterManagement::V1::SecurityCenterManagement::Client#simulate_security_health_analytics_custom_module SecurityCenterManagement.SimulateSecurityHealthAnalyticsCustomModule}.
|
737
774
|
# @!attribute [rw] result
|
738
775
|
# @return [::Google::Cloud::SecurityCenterManagement::V1::SimulateSecurityHealthAnalyticsCustomModuleResponse::SimulatedResult]
|
739
776
|
# Result for test case in the corresponding request.
|
@@ -744,8 +781,8 @@ module Google
|
|
744
781
|
# Possible test result.
|
745
782
|
# @!attribute [rw] finding
|
746
783
|
# @return [::Google::Cloud::SecurityCenterManagement::V1::SimulatedFinding]
|
747
|
-
# Finding that would be published for the test case
|
748
|
-
#
|
784
|
+
# Finding that would be published for the test case if a violation is
|
785
|
+
# detected.
|
749
786
|
# @!attribute [rw] no_violation
|
750
787
|
# @return [::Google::Protobuf::Empty]
|
751
788
|
# Indicates that the test case does not trigger any violation.
|
@@ -758,45 +795,44 @@ module Google
|
|
758
795
|
end
|
759
796
|
end
|
760
797
|
|
761
|
-
#
|
762
|
-
# EventThreatDetectionCustomModule
|
763
|
-
#
|
764
|
-
#
|
765
|
-
#
|
766
|
-
# set,
|
767
|
-
#
|
798
|
+
# The representation of an
|
799
|
+
# {::Google::Cloud::SecurityCenterManagement::V1::EventThreatDetectionCustomModule EventThreatDetectionCustomModule}
|
800
|
+
# at a given level, taking hierarchy into account and resolving various fields
|
801
|
+
# accordingly. For example, if the module is enabled at the ancestor level,
|
802
|
+
# then effective modules at all descendant levels will have their enablement
|
803
|
+
# state set to `ENABLED`. Similarly, if `module.inherited` is set, then the
|
804
|
+
# effective module's configuration will reflect the ancestor's configuration.
|
768
805
|
# @!attribute [rw] name
|
769
806
|
# @return [::String]
|
770
|
-
# Identifier. The resource name of the
|
771
|
-
#
|
772
|
-
# Its format is:
|
807
|
+
# Identifier. The resource name of the Event Threat Detection custom module,
|
808
|
+
# in one of the following formats:
|
773
809
|
#
|
774
|
-
#
|
775
|
-
#
|
776
|
-
#
|
810
|
+
# * `organizations/{organization}/locations/{location}/effectiveEventThreatDetectionCustomModules/{custom_module}`
|
811
|
+
# * `folders/{folder}/locations/{location}/effectiveEventThreatDetectionCustomModules/{custom_module}`
|
812
|
+
# * `projects/{project}/locations/{location}/effectiveEventThreatDetectionCustomModules/{custom_module}`
|
777
813
|
# @!attribute [r] config
|
778
814
|
# @return [::Google::Protobuf::Struct]
|
779
|
-
# Output only.
|
815
|
+
# Output only. Configuration for the effective module.
|
780
816
|
# @!attribute [r] enablement_state
|
781
817
|
# @return [::Google::Cloud::SecurityCenterManagement::V1::EffectiveEventThreatDetectionCustomModule::EnablementState]
|
782
818
|
# Output only. The effective state of enablement for the module at the given
|
783
819
|
# level of the hierarchy.
|
784
820
|
# @!attribute [r] type
|
785
821
|
# @return [::String]
|
786
|
-
# Output only. Type for the module
|
822
|
+
# Output only. Type for the module (for example, `CONFIGURABLE_BAD_IP`).
|
787
823
|
# @!attribute [r] display_name
|
788
824
|
# @return [::String]
|
789
|
-
# Output only. The human
|
825
|
+
# Output only. The human-readable name of the module.
|
790
826
|
# @!attribute [r] description
|
791
827
|
# @return [::String]
|
792
|
-
# Output only.
|
828
|
+
# Output only. A description of the module.
|
793
829
|
class EffectiveEventThreatDetectionCustomModule
|
794
830
|
include ::Google::Protobuf::MessageExts
|
795
831
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
796
832
|
|
797
833
|
# The enablement state of the module.
|
798
834
|
module EnablementState
|
799
|
-
#
|
835
|
+
# Default value. This value is unused.
|
800
836
|
ENABLEMENT_STATE_UNSPECIFIED = 0
|
801
837
|
|
802
838
|
# The module is enabled at the given level.
|
@@ -807,91 +843,96 @@ module Google
|
|
807
843
|
end
|
808
844
|
end
|
809
845
|
|
810
|
-
# Request message for
|
811
|
-
#
|
846
|
+
# Request message for
|
847
|
+
# {::Google::Cloud::SecurityCenterManagement::V1::SecurityCenterManagement::Client#list_effective_event_threat_detection_custom_modules SecurityCenterManagement.ListEffectiveEventThreatDetectionCustomModules}.
|
812
848
|
# @!attribute [rw] parent
|
813
849
|
# @return [::String]
|
814
|
-
# Required. Name of parent to list effective custom modules
|
815
|
-
#
|
816
|
-
#
|
817
|
-
#
|
818
|
-
# `
|
850
|
+
# Required. Name of parent to list effective custom modules, in one of the
|
851
|
+
# following formats:
|
852
|
+
#
|
853
|
+
# * `organizations/{organization}/locations/{location}`
|
854
|
+
# * `folders/{folder}/locations/{location}`
|
855
|
+
# * `projects/{project}/locations/{location}`
|
819
856
|
# @!attribute [rw] page_size
|
820
857
|
# @return [::Integer]
|
821
858
|
# Optional. The maximum number of results to return in a single response.
|
822
859
|
# Default is 10, minimum is 1, maximum is 1000.
|
823
860
|
# @!attribute [rw] page_token
|
824
861
|
# @return [::String]
|
825
|
-
# Optional.
|
862
|
+
# Optional. A pagination token returned from a previous request. Provide this
|
863
|
+
# token to retrieve the next page of results.
|
864
|
+
#
|
865
|
+
# When paginating, the rest of the request must match the request that
|
866
|
+
# generated the page token.
|
826
867
|
class ListEffectiveEventThreatDetectionCustomModulesRequest
|
827
868
|
include ::Google::Protobuf::MessageExts
|
828
869
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
829
870
|
end
|
830
871
|
|
831
|
-
# Response message for
|
832
|
-
#
|
872
|
+
# Response message for
|
873
|
+
# {::Google::Cloud::SecurityCenterManagement::V1::SecurityCenterManagement::Client#list_effective_event_threat_detection_custom_modules SecurityCenterManagement.ListEffectiveEventThreatDetectionCustomModules}.
|
833
874
|
# @!attribute [rw] effective_event_threat_detection_custom_modules
|
834
875
|
# @return [::Array<::Google::Cloud::SecurityCenterManagement::V1::EffectiveEventThreatDetectionCustomModule>]
|
835
|
-
# The list of
|
876
|
+
# The list of effective Event Threat Detection custom modules.
|
836
877
|
# @!attribute [rw] next_page_token
|
837
878
|
# @return [::String]
|
838
|
-
# A token
|
879
|
+
# A pagination token. To retrieve the next page of results, call the method
|
880
|
+
# again with this token.
|
839
881
|
class ListEffectiveEventThreatDetectionCustomModulesResponse
|
840
882
|
include ::Google::Protobuf::MessageExts
|
841
883
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
842
884
|
end
|
843
885
|
|
844
|
-
#
|
886
|
+
# Request message for
|
887
|
+
# {::Google::Cloud::SecurityCenterManagement::V1::SecurityCenterManagement::Client#get_effective_event_threat_detection_custom_module SecurityCenterManagement.GetEffectiveEventThreatDetectionCustomModule}.
|
845
888
|
# @!attribute [rw] name
|
846
889
|
# @return [::String]
|
847
|
-
# Required. The resource name of the
|
848
|
-
#
|
849
|
-
# Its format is:
|
890
|
+
# Required. The resource name of the Event Threat Detection custom module, in
|
891
|
+
# one of the following formats:
|
850
892
|
#
|
851
|
-
#
|
852
|
-
#
|
853
|
-
#
|
893
|
+
# * `organizations/{organization}/locations/{location}/effectiveEventThreatDetectionCustomModules/{custom_module}`
|
894
|
+
# * `folders/{folder}/locations/{location}/effectiveEventThreatDetectionCustomModules/{custom_module}`
|
895
|
+
# * `projects/{project}/locations/{location}/effectiveEventThreatDetectionCustomModules/{custom_module}`
|
854
896
|
class GetEffectiveEventThreatDetectionCustomModuleRequest
|
855
897
|
include ::Google::Protobuf::MessageExts
|
856
898
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
857
899
|
end
|
858
900
|
|
859
|
-
#
|
860
|
-
#
|
861
|
-
#
|
901
|
+
# A Security Command Center resource that contains the configuration and
|
902
|
+
# enablement state of a custom module, which enables Event Threat Detection to
|
903
|
+
# write certain findings to Security Command Center.
|
862
904
|
# @!attribute [rw] name
|
863
905
|
# @return [::String]
|
864
|
-
# Identifier. The resource name of the
|
906
|
+
# Identifier. The resource name of the Event Threat Detection custom module,
|
907
|
+
# in one of the following formats:
|
865
908
|
#
|
866
|
-
#
|
867
|
-
#
|
868
|
-
#
|
869
|
-
# * `folders/{folder}/locations/{location}/eventThreatDetectionCustomModules/{event_threat_detection_custom_module}`.
|
870
|
-
# * `projects/{project}/locations/{location}/eventThreatDetectionCustomModules/{event_threat_detection_custom_module}`.
|
909
|
+
# * `organizations/{organization}/locations/{location}/eventThreatDetectionCustomModules/{custom_module}`
|
910
|
+
# * `folders/{folder}/locations/{location}/eventThreatDetectionCustomModules/{custom_module}`
|
911
|
+
# * `projects/{project}/locations/{location}/eventThreatDetectionCustomModules/{custom_module}`
|
871
912
|
# @!attribute [rw] config
|
872
913
|
# @return [::Google::Protobuf::Struct]
|
873
|
-
# Optional.
|
874
|
-
# is defined at this level. For the inherited module, its
|
875
|
-
# inherited from the ancestor module.
|
914
|
+
# Optional. Configuration for the module. For the resident module, its
|
915
|
+
# configuration value is defined at this level. For the inherited module, its
|
916
|
+
# configuration value is inherited from the ancestor module.
|
876
917
|
# @!attribute [r] ancestor_module
|
877
918
|
# @return [::String]
|
878
919
|
# Output only. The closest ancestor module that this module inherits the
|
879
920
|
# enablement state from. If empty, indicates that the custom module was
|
880
921
|
# created in the requesting parent organization, folder, or project. The
|
881
|
-
# format is the same as the
|
922
|
+
# format is the same as the custom module's resource name.
|
882
923
|
# @!attribute [rw] enablement_state
|
883
924
|
# @return [::Google::Cloud::SecurityCenterManagement::V1::EventThreatDetectionCustomModule::EnablementState]
|
884
925
|
# Optional. The state of enablement for the module at the given level of the
|
885
926
|
# hierarchy.
|
886
927
|
# @!attribute [rw] type
|
887
928
|
# @return [::String]
|
888
|
-
# Optional. Type for the module.
|
929
|
+
# Optional. Type for the module. For example, `CONFIGURABLE_BAD_IP`.
|
889
930
|
# @!attribute [rw] display_name
|
890
931
|
# @return [::String]
|
891
|
-
# Optional. The human
|
932
|
+
# Optional. The human-readable name of the module.
|
892
933
|
# @!attribute [rw] description
|
893
934
|
# @return [::String]
|
894
|
-
# Optional.
|
935
|
+
# Optional. A description of the module.
|
895
936
|
# @!attribute [r] update_time
|
896
937
|
# @return [::Google::Protobuf::Timestamp]
|
897
938
|
# Output only. The time the module was last updated.
|
@@ -913,63 +954,66 @@ module Google
|
|
913
954
|
# The module is disabled at the given level.
|
914
955
|
DISABLED = 2
|
915
956
|
|
916
|
-
# State is inherited from an ancestor module. The module will either
|
917
|
-
#
|
918
|
-
# ancestor module in the CRM hierarchy.
|
919
|
-
# module (module with no parent) to the INHERITED state
|
920
|
-
# error.
|
957
|
+
# State is inherited from an ancestor module. The module will either be
|
958
|
+
# effectively `ENABLED` or `DISABLED` based on its closest non-inherited
|
959
|
+
# ancestor module in the CRM hierarchy. If you try to set a top-level
|
960
|
+
# module (a module with no parent) to the `INHERITED` state, you receive an
|
961
|
+
# `INVALID_ARGUMENT` error.
|
921
962
|
INHERITED = 3
|
922
963
|
end
|
923
964
|
end
|
924
965
|
|
925
|
-
# Request message for
|
966
|
+
# Request message for
|
967
|
+
# {::Google::Cloud::SecurityCenterManagement::V1::SecurityCenterManagement::Client#list_event_threat_detection_custom_modules SecurityCenterManagement.ListEventThreatDetectionCustomModules}.
|
926
968
|
# @!attribute [rw] parent
|
927
969
|
# @return [::String]
|
928
|
-
# Required. Name of parent to list custom modules
|
929
|
-
#
|
930
|
-
#
|
931
|
-
#
|
932
|
-
# `
|
970
|
+
# Required. Name of parent to list custom modules, in one of the following
|
971
|
+
# formats:
|
972
|
+
#
|
973
|
+
# * `organizations/{organization}/locations/{location}`
|
974
|
+
# * `folders/{folder}/locations/{location}`
|
975
|
+
# * `projects/{project}/locations/{location}`
|
933
976
|
# @!attribute [rw] page_size
|
934
977
|
# @return [::Integer]
|
935
978
|
# Optional. The maximum number of modules to return. The service may return
|
936
|
-
# fewer than this value. If unspecified, at most 10
|
979
|
+
# fewer than this value. If unspecified, at most 10 modules will be returned.
|
937
980
|
# The maximum value is 1000; values above 1000 will be coerced to 1000.
|
938
981
|
# @!attribute [rw] page_token
|
939
982
|
# @return [::String]
|
940
|
-
# Optional. A
|
941
|
-
#
|
942
|
-
# subsequent page.
|
983
|
+
# Optional. A pagination token returned from a previous request. Provide this
|
984
|
+
# token to retrieve the next page of results.
|
943
985
|
#
|
944
|
-
# When paginating,
|
945
|
-
#
|
946
|
-
# the page token.
|
986
|
+
# When paginating, the rest of the request must match the request that
|
987
|
+
# generated the page token.
|
947
988
|
class ListEventThreatDetectionCustomModulesRequest
|
948
989
|
include ::Google::Protobuf::MessageExts
|
949
990
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
950
991
|
end
|
951
992
|
|
952
|
-
# Response message for
|
993
|
+
# Response message for
|
994
|
+
# {::Google::Cloud::SecurityCenterManagement::V1::SecurityCenterManagement::Client#list_event_threat_detection_custom_modules SecurityCenterManagement.ListEventThreatDetectionCustomModules}.
|
953
995
|
# @!attribute [rw] event_threat_detection_custom_modules
|
954
996
|
# @return [::Array<::Google::Cloud::SecurityCenterManagement::V1::EventThreatDetectionCustomModule>]
|
955
|
-
# The list of
|
997
|
+
# The list of custom modules.
|
956
998
|
# @!attribute [rw] next_page_token
|
957
999
|
# @return [::String]
|
958
|
-
# A token
|
1000
|
+
# A pagination token. To retrieve the next page of results, call the method
|
1001
|
+
# again with this token.
|
959
1002
|
class ListEventThreatDetectionCustomModulesResponse
|
960
1003
|
include ::Google::Protobuf::MessageExts
|
961
1004
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
962
1005
|
end
|
963
1006
|
|
964
|
-
# Request message for
|
965
|
-
#
|
1007
|
+
# Request message for
|
1008
|
+
# {::Google::Cloud::SecurityCenterManagement::V1::SecurityCenterManagement::Client#list_descendant_event_threat_detection_custom_modules SecurityCenterManagement.ListDescendantEventThreatDetectionCustomModules}.
|
966
1009
|
# @!attribute [rw] parent
|
967
1010
|
# @return [::String]
|
968
|
-
# Required. Name of parent to list custom modules
|
969
|
-
#
|
970
|
-
#
|
971
|
-
#
|
972
|
-
# `
|
1011
|
+
# Required. Name of parent to list custom modules, in one of the following
|
1012
|
+
# formats:
|
1013
|
+
#
|
1014
|
+
# * `organizations/{organization}/locations/{location}`
|
1015
|
+
# * `folders/{folder}/locations/{location}`
|
1016
|
+
# * `projects/{project}/locations/{location}`
|
973
1017
|
# @!attribute [rw] page_size
|
974
1018
|
# @return [::Integer]
|
975
1019
|
# Optional. The maximum number of modules to return. The service may return
|
@@ -977,62 +1021,74 @@ module Google
|
|
977
1021
|
# The maximum value is 1000; values above 1000 will be coerced to 1000.
|
978
1022
|
# @!attribute [rw] page_token
|
979
1023
|
# @return [::String]
|
980
|
-
# Optional. A token
|
1024
|
+
# Optional. A pagination token returned from a previous request. Provide this
|
1025
|
+
# token to retrieve the next page of results.
|
1026
|
+
#
|
1027
|
+
# When paginating, the rest of the request must match the request that
|
1028
|
+
# generated the page token.
|
981
1029
|
class ListDescendantEventThreatDetectionCustomModulesRequest
|
982
1030
|
include ::Google::Protobuf::MessageExts
|
983
1031
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
984
1032
|
end
|
985
1033
|
|
986
|
-
# Response message for
|
987
|
-
#
|
1034
|
+
# Response message for
|
1035
|
+
# {::Google::Cloud::SecurityCenterManagement::V1::SecurityCenterManagement::Client#list_descendant_event_threat_detection_custom_modules SecurityCenterManagement.ListDescendantEventThreatDetectionCustomModules}.
|
988
1036
|
# @!attribute [rw] event_threat_detection_custom_modules
|
989
1037
|
# @return [::Array<::Google::Cloud::SecurityCenterManagement::V1::EventThreatDetectionCustomModule>]
|
990
|
-
# The list of
|
1038
|
+
# The list of custom modules.
|
991
1039
|
# @!attribute [rw] next_page_token
|
992
1040
|
# @return [::String]
|
993
|
-
# A token
|
1041
|
+
# A pagination token. To retrieve the next page of results, call the method
|
1042
|
+
# again with this token.
|
994
1043
|
class ListDescendantEventThreatDetectionCustomModulesResponse
|
995
1044
|
include ::Google::Protobuf::MessageExts
|
996
1045
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
997
1046
|
end
|
998
1047
|
|
999
|
-
#
|
1048
|
+
# Request message for
|
1049
|
+
# {::Google::Cloud::SecurityCenterManagement::V1::SecurityCenterManagement::Client#get_event_threat_detection_custom_module SecurityCenterManagement.GetEventThreatDetectionCustomModule}.
|
1000
1050
|
# @!attribute [rw] name
|
1001
1051
|
# @return [::String]
|
1002
|
-
# Required. The resource name of the
|
1003
|
-
#
|
1004
|
-
# Its format is:
|
1052
|
+
# Required. The resource name of the Event Threat Detection custom module, in
|
1053
|
+
# one of the following formats:
|
1005
1054
|
#
|
1006
|
-
#
|
1007
|
-
#
|
1008
|
-
#
|
1055
|
+
# * `organizations/{organization}/locations/{location}/eventThreatDetectionCustomModules/{custom_module}`
|
1056
|
+
# * `folders/{folder}/locations/{location}/eventThreatDetectionCustomModules/{custom_module}`
|
1057
|
+
# * `projects/{project}/locations/{location}/eventThreatDetectionCustomModules/{custom_module}`
|
1009
1058
|
class GetEventThreatDetectionCustomModuleRequest
|
1010
1059
|
include ::Google::Protobuf::MessageExts
|
1011
1060
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
1012
1061
|
end
|
1013
1062
|
|
1014
|
-
#
|
1063
|
+
# Request message for
|
1064
|
+
# {::Google::Cloud::SecurityCenterManagement::V1::SecurityCenterManagement::Client#create_event_threat_detection_custom_module SecurityCenterManagement.CreateEventThreatDetectionCustomModule}.
|
1015
1065
|
# @!attribute [rw] parent
|
1016
1066
|
# @return [::String]
|
1017
|
-
# Required. Name of parent for the module
|
1018
|
-
#
|
1019
|
-
# `
|
1020
|
-
#
|
1021
|
-
# `projects/{project}/locations/{location}`
|
1067
|
+
# Required. Name of parent for the module, in one of the following formats:
|
1068
|
+
#
|
1069
|
+
# * `organizations/{organization}/locations/{location}`
|
1070
|
+
# * `folders/{folder}/locations/{location}`
|
1071
|
+
# * `projects/{project}/locations/{location}`
|
1022
1072
|
# @!attribute [rw] event_threat_detection_custom_module
|
1023
1073
|
# @return [::Google::Cloud::SecurityCenterManagement::V1::EventThreatDetectionCustomModule]
|
1024
1074
|
# Required. The module to create. The
|
1025
|
-
#
|
1026
|
-
#
|
1075
|
+
# {::Google::Cloud::SecurityCenterManagement::V1::EventThreatDetectionCustomModule#name EventThreatDetectionCustomModule.name}
|
1076
|
+
# field is ignored; Security Command Center generates the name.
|
1027
1077
|
# @!attribute [rw] validate_only
|
1028
1078
|
# @return [::Boolean]
|
1029
|
-
# Optional. When set to true
|
1030
|
-
#
|
1031
|
-
#
|
1032
|
-
# invalid.
|
1033
|
-
#
|
1034
|
-
#
|
1035
|
-
#
|
1079
|
+
# Optional. When set to `true`, the request will be validated (including IAM
|
1080
|
+
# checks), but no module will be created. An `OK` response indicates that the
|
1081
|
+
# request is valid, while an error response indicates that the request is
|
1082
|
+
# invalid.
|
1083
|
+
#
|
1084
|
+
# If the request is valid, a subsequent request to create the module could
|
1085
|
+
# still fail for one of the following reasons:
|
1086
|
+
#
|
1087
|
+
# * The state of your cloud resources changed; for example, you lost a
|
1088
|
+
# required IAM permission
|
1089
|
+
# * An error occurred during creation of the module
|
1090
|
+
#
|
1091
|
+
# Defaults to `false`.
|
1036
1092
|
class CreateEventThreatDetectionCustomModuleRequest
|
1037
1093
|
include ::Google::Protobuf::MessageExts
|
1038
1094
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
@@ -1041,73 +1097,82 @@ module Google
|
|
1041
1097
|
# Message for updating a EventThreatDetectionCustomModule
|
1042
1098
|
# @!attribute [rw] update_mask
|
1043
1099
|
# @return [::Google::Protobuf::FieldMask]
|
1044
|
-
# Required.
|
1045
|
-
# EventThreatDetectionCustomModule resource by the update.
|
1046
|
-
# The fields specified in the update_mask are relative to the resource, not
|
1047
|
-
# the full request. A field will be overwritten if it is in the mask. If the
|
1048
|
-
# user does not provide a mask then all fields will be overwritten.
|
1100
|
+
# Required. The fields to update. If omitted, then all fields are updated.
|
1049
1101
|
# @!attribute [rw] event_threat_detection_custom_module
|
1050
1102
|
# @return [::Google::Cloud::SecurityCenterManagement::V1::EventThreatDetectionCustomModule]
|
1051
|
-
# Required. The module being updated
|
1103
|
+
# Required. The module being updated.
|
1052
1104
|
# @!attribute [rw] validate_only
|
1053
1105
|
# @return [::Boolean]
|
1054
|
-
# Optional. When set to true
|
1055
|
-
#
|
1056
|
-
#
|
1057
|
-
# invalid.
|
1058
|
-
#
|
1059
|
-
#
|
1060
|
-
#
|
1106
|
+
# Optional. When set to `true`, the request will be validated (including IAM
|
1107
|
+
# checks), but no module will be updated. An `OK` response indicates that the
|
1108
|
+
# request is valid, while an error response indicates that the request is
|
1109
|
+
# invalid.
|
1110
|
+
#
|
1111
|
+
# If the request is valid, a subsequent request to update the module could
|
1112
|
+
# still fail for one of the following reasons:
|
1113
|
+
#
|
1114
|
+
# * The state of your cloud resources changed; for example, you lost a
|
1115
|
+
# required IAM permission
|
1116
|
+
# * An error occurred during creation of the module
|
1117
|
+
#
|
1118
|
+
# Defaults to `false`.
|
1061
1119
|
class UpdateEventThreatDetectionCustomModuleRequest
|
1062
1120
|
include ::Google::Protobuf::MessageExts
|
1063
1121
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
1064
1122
|
end
|
1065
1123
|
|
1066
|
-
#
|
1124
|
+
# Request message for
|
1125
|
+
# {::Google::Cloud::SecurityCenterManagement::V1::SecurityCenterManagement::Client#delete_event_threat_detection_custom_module SecurityCenterManagement.DeleteEventThreatDetectionCustomModule}.
|
1067
1126
|
# @!attribute [rw] name
|
1068
1127
|
# @return [::String]
|
1069
|
-
# Required. The resource name of the
|
1070
|
-
#
|
1071
|
-
# Its format is:
|
1128
|
+
# Required. The resource name of the Event Threat Detection custom module, in
|
1129
|
+
# one of the following formats:
|
1072
1130
|
#
|
1073
|
-
#
|
1074
|
-
#
|
1075
|
-
#
|
1131
|
+
# * `organizations/{organization}/locations/{location}/eventThreatDetectionCustomModules/{custom_module}`
|
1132
|
+
# * `folders/{folder}/locations/{location}/eventThreatDetectionCustomModules/{custom_module}`
|
1133
|
+
# * `projects/{project}/locations/{location}/eventThreatDetectionCustomModules/{custom_module}`
|
1076
1134
|
# @!attribute [rw] validate_only
|
1077
1135
|
# @return [::Boolean]
|
1078
|
-
# Optional. When set to true
|
1079
|
-
#
|
1080
|
-
#
|
1081
|
-
# invalid.
|
1082
|
-
#
|
1083
|
-
#
|
1084
|
-
#
|
1136
|
+
# Optional. When set to `true`, the request will be validated (including IAM
|
1137
|
+
# checks), but no module will be deleted. An `OK` response indicates that the
|
1138
|
+
# request is valid, while an error response indicates that the request is
|
1139
|
+
# invalid.
|
1140
|
+
#
|
1141
|
+
# If the request is valid, a subsequent request to delete the module could
|
1142
|
+
# still fail for one of the following reasons:
|
1143
|
+
#
|
1144
|
+
# * The state of your cloud resources changed; for example, you lost a
|
1145
|
+
# required IAM permission
|
1146
|
+
# * An error occurred during creation of the module
|
1147
|
+
#
|
1148
|
+
# Defaults to `false`.
|
1085
1149
|
class DeleteEventThreatDetectionCustomModuleRequest
|
1086
1150
|
include ::Google::Protobuf::MessageExts
|
1087
1151
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
1088
1152
|
end
|
1089
1153
|
|
1090
|
-
# Request
|
1154
|
+
# Request message for
|
1155
|
+
# {::Google::Cloud::SecurityCenterManagement::V1::SecurityCenterManagement::Client#validate_event_threat_detection_custom_module SecurityCenterManagement.ValidateEventThreatDetectionCustomModule}.
|
1091
1156
|
# @!attribute [rw] parent
|
1092
1157
|
# @return [::String]
|
1093
|
-
# Required. Resource name of the parent to validate the
|
1158
|
+
# Required. Resource name of the parent to validate the custom modules under,
|
1159
|
+
# in one of the following formats:
|
1094
1160
|
#
|
1095
|
-
#
|
1096
|
-
#
|
1097
|
-
# * `organizations/{organization}/locations/{location}`.
|
1161
|
+
# * `organizations/{organization}/locations/{location}`
|
1098
1162
|
# @!attribute [rw] raw_text
|
1099
1163
|
# @return [::String]
|
1100
1164
|
# Required. The raw text of the module's contents. Used to generate error
|
1101
1165
|
# messages.
|
1102
1166
|
# @!attribute [rw] type
|
1103
1167
|
# @return [::String]
|
1104
|
-
# Required. The type of the module
|
1168
|
+
# Required. The type of the module. For example, `CONFIGURABLE_BAD_IP`.
|
1105
1169
|
class ValidateEventThreatDetectionCustomModuleRequest
|
1106
1170
|
include ::Google::Protobuf::MessageExts
|
1107
1171
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
1108
1172
|
end
|
1109
1173
|
|
1110
|
-
# Response
|
1174
|
+
# Response message for
|
1175
|
+
# {::Google::Cloud::SecurityCenterManagement::V1::SecurityCenterManagement::Client#validate_event_threat_detection_custom_module SecurityCenterManagement.ValidateEventThreatDetectionCustomModule}.
|
1111
1176
|
# @!attribute [rw] errors
|
1112
1177
|
# @return [::Array<::Google::Cloud::SecurityCenterManagement::V1::ValidateEventThreatDetectionCustomModuleResponse::CustomModuleValidationError>]
|
1113
1178
|
# A list of errors returned by the validator. If the list is empty, there
|
@@ -1117,24 +1182,25 @@ module Google
|
|
1117
1182
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
1118
1183
|
|
1119
1184
|
# An error encountered while validating the uploaded configuration of an
|
1120
|
-
# Event Threat Detection
|
1185
|
+
# Event Threat Detection custom module.
|
1121
1186
|
# @!attribute [rw] description
|
1122
1187
|
# @return [::String]
|
1123
|
-
# A description of the error
|
1188
|
+
# A human-readable description of the error.
|
1124
1189
|
# @!attribute [rw] field_path
|
1125
1190
|
# @return [::String]
|
1126
|
-
# The path, in RFC
|
1127
|
-
#
|
1191
|
+
# The path, in [RFC 6901: JSON
|
1192
|
+
# Pointer](https://datatracker.ietf.org/doc/html/rfc6901) format, to the
|
1193
|
+
# field that failed validation. Omitted if no specific field is affected.
|
1128
1194
|
# @!attribute [rw] start
|
1129
1195
|
# @return [::Google::Cloud::SecurityCenterManagement::V1::ValidateEventThreatDetectionCustomModuleResponse::Position]
|
1130
1196
|
# The initial position of the error in the uploaded text version of the
|
1131
|
-
# module.
|
1132
|
-
#
|
1197
|
+
# module. Omitted if no specific position applies, or if the position could
|
1198
|
+
# not be computed.
|
1133
1199
|
# @!attribute [rw] end
|
1134
1200
|
# @return [::Google::Cloud::SecurityCenterManagement::V1::ValidateEventThreatDetectionCustomModuleResponse::Position]
|
1135
|
-
# The end position of the error in the uploaded text version of the
|
1136
|
-
#
|
1137
|
-
#
|
1201
|
+
# The end position of the error in the uploaded text version of the module.
|
1202
|
+
# Omitted if no specific position applies, or if the position could not be
|
1203
|
+
# computed.
|
1138
1204
|
class CustomModuleValidationError
|
1139
1205
|
include ::Google::Protobuf::MessageExts
|
1140
1206
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
@@ -1143,100 +1209,115 @@ module Google
|
|
1143
1209
|
# A position in the uploaded text version of a module.
|
1144
1210
|
# @!attribute [rw] line_number
|
1145
1211
|
# @return [::Integer]
|
1146
|
-
# The line position in the text
|
1212
|
+
# The line position in the text.
|
1147
1213
|
# @!attribute [rw] column_number
|
1148
1214
|
# @return [::Integer]
|
1149
|
-
# The column position in the line
|
1215
|
+
# The column position in the line.
|
1150
1216
|
class Position
|
1151
1217
|
include ::Google::Protobuf::MessageExts
|
1152
1218
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
1153
1219
|
end
|
1154
1220
|
end
|
1155
1221
|
|
1156
|
-
# Request message for
|
1222
|
+
# Request message for
|
1223
|
+
# {::Google::Cloud::SecurityCenterManagement::V1::SecurityCenterManagement::Client#get_security_center_service SecurityCenterManagement.GetSecurityCenterService}.
|
1157
1224
|
# @!attribute [rw] name
|
1158
1225
|
# @return [::String]
|
1159
|
-
# Required. The Security Command Center service to retrieve
|
1226
|
+
# Required. The Security Command Center service to retrieve, in one of the
|
1227
|
+
# following formats:
|
1160
1228
|
#
|
1161
|
-
#
|
1229
|
+
# * organizations/\\{organization}/locations/\\{location}/securityCenterServices/\\{service}
|
1230
|
+
# * folders/\\{folder}/locations/\\{location}/securityCenterServices/\\{service}
|
1231
|
+
# * projects/\\{project}/locations/\\{location}/securityCenterServices/\\{service}
|
1162
1232
|
#
|
1163
|
-
#
|
1164
|
-
# * folders/\\{folder}/locations/\\{location}/securityCenterServices/\\{service}
|
1165
|
-
# * projects/\\{project}/locations/\\{location}/securityCenterServices/\\{service}
|
1233
|
+
# The following values are valid for `{service}`:
|
1166
1234
|
#
|
1167
|
-
#
|
1168
|
-
#
|
1169
|
-
#
|
1170
|
-
#
|
1171
|
-
#
|
1172
|
-
# * vm-threat-detection
|
1173
|
-
# * web-security-scanner
|
1235
|
+
# * `container-threat-detection`
|
1236
|
+
# * `event-threat-detection`
|
1237
|
+
# * `security-health-analytics`
|
1238
|
+
# * `vm-threat-detection`
|
1239
|
+
# * `web-security-scanner`
|
1174
1240
|
# @!attribute [rw] show_eligible_modules_only
|
1175
1241
|
# @return [::Boolean]
|
1176
|
-
#
|
1177
|
-
#
|
1242
|
+
# Set to `true` to show only modules that are in scope. By default, all
|
1243
|
+
# modules are shown.
|
1178
1244
|
class GetSecurityCenterServiceRequest
|
1179
1245
|
include ::Google::Protobuf::MessageExts
|
1180
1246
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
1181
1247
|
end
|
1182
1248
|
|
1183
|
-
# Request message for
|
1249
|
+
# Request message for
|
1250
|
+
# {::Google::Cloud::SecurityCenterManagement::V1::SecurityCenterManagement::Client#list_security_center_services SecurityCenterManagement.ListSecurityCenterServices}.
|
1184
1251
|
# @!attribute [rw] parent
|
1185
1252
|
# @return [::String]
|
1186
|
-
# Required. The name of the parent to list Security Command Center services
|
1187
|
-
#
|
1188
|
-
# Formats:
|
1253
|
+
# Required. The name of the parent to list Security Command Center services,
|
1254
|
+
# in one of the following formats:
|
1189
1255
|
#
|
1190
|
-
#
|
1191
|
-
#
|
1192
|
-
#
|
1256
|
+
# * `organizations/{organization}/locations/{location}`
|
1257
|
+
# * `folders/{folder}/locations/{location}`
|
1258
|
+
# * `projects/{project}/locations/{location}`
|
1193
1259
|
# @!attribute [rw] page_size
|
1194
1260
|
# @return [::Integer]
|
1195
1261
|
# Optional. The maximum number of results to return in a single response.
|
1196
1262
|
# Default is 10, minimum is 1, maximum is 1000.
|
1197
1263
|
# @!attribute [rw] page_token
|
1198
1264
|
# @return [::String]
|
1199
|
-
# Optional.
|
1265
|
+
# Optional. A pagination token returned from a previous request. Provide this
|
1266
|
+
# token to retrieve the next page of results.
|
1267
|
+
#
|
1268
|
+
# When paginating, the rest of the request must match the request that
|
1269
|
+
# generated the page token.
|
1200
1270
|
# @!attribute [rw] show_eligible_modules_only
|
1201
1271
|
# @return [::Boolean]
|
1202
|
-
# Flag that, when set,
|
1203
|
-
#
|
1272
|
+
# Flag that, when set, is used to filter the module settings that are shown.
|
1273
|
+
# The default setting is that all modules are shown.
|
1204
1274
|
class ListSecurityCenterServicesRequest
|
1205
1275
|
include ::Google::Protobuf::MessageExts
|
1206
1276
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
1207
1277
|
end
|
1208
1278
|
|
1209
|
-
# Response message for
|
1279
|
+
# Response message for
|
1280
|
+
# {::Google::Cloud::SecurityCenterManagement::V1::SecurityCenterManagement::Client#list_security_center_services SecurityCenterManagement.ListSecurityCenterServices}.
|
1210
1281
|
# @!attribute [rw] security_center_services
|
1211
1282
|
# @return [::Array<::Google::Cloud::SecurityCenterManagement::V1::SecurityCenterService>]
|
1212
1283
|
# The list of services.
|
1213
1284
|
# @!attribute [rw] next_page_token
|
1214
1285
|
# @return [::String]
|
1215
|
-
# A token
|
1286
|
+
# A pagination token. To retrieve the next page of results, call the method
|
1287
|
+
# again with this token.
|
1216
1288
|
class ListSecurityCenterServicesResponse
|
1217
1289
|
include ::Google::Protobuf::MessageExts
|
1218
1290
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
1219
1291
|
end
|
1220
1292
|
|
1221
|
-
# Request message for
|
1293
|
+
# Request message for
|
1294
|
+
# {::Google::Cloud::SecurityCenterManagement::V1::SecurityCenterManagement::Client#update_security_center_service SecurityCenterManagement.UpdateSecurityCenterService}.
|
1222
1295
|
# @!attribute [rw] security_center_service
|
1223
1296
|
# @return [::Google::Cloud::SecurityCenterManagement::V1::SecurityCenterService]
|
1224
1297
|
# Required. The updated service.
|
1225
1298
|
# @!attribute [rw] update_mask
|
1226
1299
|
# @return [::Google::Protobuf::FieldMask]
|
1227
|
-
# Required. The
|
1300
|
+
# Required. The fields to update. Accepts the following values:
|
1301
|
+
#
|
1302
|
+
# * `intended_enablement_state`
|
1303
|
+
# * `modules`
|
1228
1304
|
#
|
1229
|
-
#
|
1230
|
-
# * "modules"
|
1305
|
+
# If omitted, then all eligible fields are updated.
|
1231
1306
|
# @!attribute [rw] validate_only
|
1232
1307
|
# @return [::Boolean]
|
1233
|
-
# Optional. When set to true
|
1234
|
-
#
|
1235
|
-
#
|
1236
|
-
#
|
1237
|
-
#
|
1238
|
-
#
|
1239
|
-
#
|
1308
|
+
# Optional. When set to `true`, the request will be validated (including IAM
|
1309
|
+
# checks), but no service will be updated. An `OK` response indicates that
|
1310
|
+
# the request is valid, while an error response indicates that the request is
|
1311
|
+
# invalid.
|
1312
|
+
#
|
1313
|
+
# If the request is valid, a subsequent request to update the service could
|
1314
|
+
# still fail for one of the following reasons:
|
1315
|
+
#
|
1316
|
+
# * The state of your cloud resources changed; for example, you lost a
|
1317
|
+
# required IAM permission
|
1318
|
+
# * An error occurred during update of the service
|
1319
|
+
#
|
1320
|
+
# Defaults to `false`.
|
1240
1321
|
class UpdateSecurityCenterServiceRequest
|
1241
1322
|
include ::Google::Protobuf::MessageExts
|
1242
1323
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|