google-cloud-security_center_management-v1 1.0.1 → 1.2.0

Sign up to get free protection for your applications and to get access to all the features.
@@ -25,49 +25,47 @@ module Google
25
25
  # settings information such as top-level enablement in addition to individual
26
26
  # module settings. Service settings can be configured at the organization,
27
27
  # folder, or project level. Service settings at the organization or folder
28
- # level are inherited by those in child folders and projects.
28
+ # level are inherited by those in descendant folders and projects.
29
29
  # @!attribute [rw] name
30
30
  # @return [::String]
31
- # Identifier. The name of the service.
31
+ # Identifier. The name of the service, in one of the following formats:
32
32
  #
33
- # Its format is:
33
+ # * `organizations/{organization}/locations/{location}/securityCenterServices/{service}`
34
+ # * `folders/{folder}/locations/{location}/securityCenterServices/{service}`
35
+ # * `projects/{project}/locations/{location}/securityCenterServices/{service}`
34
36
  #
35
- # * organizations/\\{organization}/locations/\\{location}/securityCenterServices/\\{service}
36
- # * folders/\\{folder}/locations/\\{location}/securityCenterServices/\\{service}
37
- # * projects/\\{project}/locations/\\{location}/securityCenterServices/\\{service}
37
+ # The following values are valid for `{service}`:
38
38
  #
39
- # The possible values for id \\{service} are:
40
- #
41
- # * container-threat-detection
42
- # * event-threat-detection
43
- # * security-health-analytics
44
- # * vm-threat-detection
45
- # * web-security-scanner
39
+ # * `container-threat-detection`
40
+ # * `event-threat-detection`
41
+ # * `security-health-analytics`
42
+ # * `vm-threat-detection`
43
+ # * `web-security-scanner`
46
44
  # @!attribute [rw] intended_enablement_state
47
45
  # @return [::Google::Cloud::SecurityCenterManagement::V1::SecurityCenterService::EnablementState]
48
- # Optional. The intended state of enablement for the service at its level of
49
- # the resource hierarchy. A DISABLED state will override all module
50
- # enablement_states to DISABLED.
46
+ # Optional. The intended enablement state for the service at its level of the
47
+ # resource hierarchy. A `DISABLED` state will override all module enablement
48
+ # states to `DISABLED`.
51
49
  # @!attribute [r] effective_enablement_state
52
50
  # @return [::Google::Cloud::SecurityCenterManagement::V1::SecurityCenterService::EnablementState]
53
51
  # Output only. The effective enablement state for the service at its level of
54
- # the resource hierarchy. If the intended state is set to INHERITED, the
52
+ # the resource hierarchy. If the intended state is set to `INHERITED`, the
55
53
  # effective state will be inherited from the enablement state of an ancestor.
56
54
  # This state may differ from the intended enablement state due to billing
57
55
  # eligibility or onboarding status.
58
56
  # @!attribute [rw] modules
59
57
  # @return [::Google::Protobuf::Map{::String => ::Google::Cloud::SecurityCenterManagement::V1::SecurityCenterService::ModuleSettings}]
60
- # Optional. The configurations including the state of enablement for the
61
- # service's different modules. The absence of a module in the map implies its
58
+ # Optional. The module configurations, including the enablement state for the
59
+ # service's modules. The absence of a module in the map implies that its
62
60
  # configuration is inherited from its parents.
63
61
  # @!attribute [r] update_time
64
62
  # @return [::Google::Protobuf::Timestamp]
65
63
  # Output only. The time the service was last updated. This could be due to an
66
- # explicit user update or due to a side effect of another system change such
64
+ # explicit user update or due to a side effect of another system change, such
67
65
  # as billing subscription expiry.
68
66
  # @!attribute [rw] service_config
69
67
  # @return [::Google::Protobuf::Struct]
70
- # Optional. Additional service specific configuration. Not all services will
68
+ # Optional. Additional service-specific configuration. Not all services will
71
69
  # utilize this field.
72
70
  class SecurityCenterService
73
71
  include ::Google::Protobuf::MessageExts
@@ -76,16 +74,15 @@ module Google
76
74
  # The settings for individual modules.
77
75
  # @!attribute [rw] intended_enablement_state
78
76
  # @return [::Google::Cloud::SecurityCenterManagement::V1::SecurityCenterService::EnablementState]
79
- # Optional. The intended state of enablement for the module at its level of
77
+ # Optional. The intended enablement state for the module at its level of
80
78
  # the resource hierarchy.
81
79
  # @!attribute [r] effective_enablement_state
82
80
  # @return [::Google::Cloud::SecurityCenterManagement::V1::SecurityCenterService::EnablementState]
83
81
  # Output only. The effective enablement state for the module at its level
84
- # of the resource hierarchy. If the intended state is set to INHERITED, the
85
- # effective state will be inherited from the enablement state of an
86
- # ancestor. This state may
87
- # differ from the intended enablement state due to billing eligibility or
88
- # onboarding status.
82
+ # of the resource hierarchy. If the intended state is set to `INHERITED`,
83
+ # the effective state will be inherited from the enablement state of an
84
+ # ancestor. This state may differ from the intended enablement state due to
85
+ # billing eligibility or onboarding status.
89
86
  class ModuleSettings
90
87
  include ::Google::Protobuf::MessageExts
91
88
  extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -100,14 +97,13 @@ module Google
100
97
  extend ::Google::Protobuf::MessageExts::ClassMethods
101
98
  end
102
99
 
103
- # Represents the possible intended states of enablement for a service or
104
- # module.
100
+ # Represents the possible enablement states for a service or module.
105
101
  module EnablementState
106
102
  # Default value. This value is unused.
107
103
  ENABLEMENT_STATE_UNSPECIFIED = 0
108
104
 
109
- # State is inherited from the parent resource. Not a valid effective
110
- # enablement state.
105
+ # State is inherited from the parent resource. Valid as an intended
106
+ # enablement state, but not as an effective enablement state.
111
107
  INHERITED = 1
112
108
 
113
109
  # State is enabled.
@@ -116,36 +112,35 @@ module Google
116
112
  # State is disabled.
117
113
  DISABLED = 3
118
114
 
119
- # SCC is configured to ingest findings from this service but not enable
120
- # this service. Not a valid intended_enablement_state (that is, this is a
121
- # readonly state).
115
+ # Security Command Center is configured to ingest findings from this
116
+ # service, but not to enable this service. This state indicates that
117
+ # Security Command Center is misconfigured. You can't set this state
118
+ # yourself.
122
119
  INGEST_ONLY = 4
123
120
  end
124
121
  end
125
122
 
126
- # An EffectiveSecurityHealthAnalyticsCustomModule is the representation of
127
- # a Security Health Analytics custom module at a specified level of the
128
- # resource hierarchy: organization, folder, or project. If a custom module is
129
- # inherited from a parent organization or folder, the value of the
130
- # `enablementState` property in EffectiveSecurityHealthAnalyticsCustomModule is
131
- # set to the value that is effective in the parent, instead of `INHERITED`.
132
- # For example, if the module is enabled in a parent organization or folder, the
133
- # effective enablement_state for the module in all child folders or projects is
134
- # also `enabled`. EffectiveSecurityHealthAnalyticsCustomModule is read-only.
123
+ # The representation of a Security Health Analytics custom module at a
124
+ # specified level of the resource hierarchy: organization, folder, or project.
125
+ # If a custom module is inherited from an ancestor organization or folder, then
126
+ # the enablement state is set to the value that is effective in the parent, not
127
+ # to `INHERITED`. For example, if the module is enabled in an organization or
128
+ # folder, then the effective enablement state for the module is `ENABLED` in
129
+ # all descendant folders or projects.
135
130
  # @!attribute [rw] name
136
131
  # @return [::String]
137
- # Identifier. The full resource name of the custom module, specified in one
138
- # of the following formats:
132
+ # Identifier. The full resource name of the custom module, in one of the
133
+ # following formats:
139
134
  #
140
- # * `organizations/organization/{location}/effectiveSecurityHealthAnalyticsCustomModules/{effective_security_health_analytics_custom_module}`
141
- # * `folders/folder/{location}/effectiveSecurityHealthAnalyticsCustomModules/{effective_security_health_analytics_custom_module}`
142
- # * `projects/project/{location}/effectiveSecurityHealthAnalyticsCustomModules/{effective_security_health_analytics_custom_module}`
135
+ # * `organizations/organization/{location}/effectiveSecurityHealthAnalyticsCustomModules/{custom_module}`
136
+ # * `folders/folder/{location}/effectiveSecurityHealthAnalyticsCustomModules/{custom_module}`
137
+ # * `projects/project/{location}/effectiveSecurityHealthAnalyticsCustomModules/{custom_module}`
143
138
  # @!attribute [r] custom_config
144
139
  # @return [::Google::Cloud::SecurityCenterManagement::V1::CustomConfig]
145
140
  # Output only. The user-specified configuration for the module.
146
141
  # @!attribute [r] enablement_state
147
142
  # @return [::Google::Cloud::SecurityCenterManagement::V1::EffectiveSecurityHealthAnalyticsCustomModule::EnablementState]
148
- # Output only. The effective state of enablement for the module at the given
143
+ # Output only. The effective enablement state for the module at the given
149
144
  # level of the hierarchy.
150
145
  # @!attribute [r] display_name
151
146
  # @return [::String]
@@ -158,7 +153,7 @@ module Google
158
153
 
159
154
  # The enablement state of the module.
160
155
  module EnablementState
161
- # Unspecified enablement state.
156
+ # Default value. This value is unused.
162
157
  ENABLEMENT_STATE_UNSPECIFIED = 0
163
158
 
164
159
  # The module is enabled at the given level.
@@ -169,50 +164,56 @@ module Google
169
164
  end
170
165
  end
171
166
 
172
- # Request message for listing effective Security Health Analytics custom
173
- # modules.
167
+ # Request message for
168
+ # {::Google::Cloud::SecurityCenterManagement::V1::SecurityCenterManagement::Client#list_effective_security_health_analytics_custom_modules SecurityCenterManagement.ListEffectiveSecurityHealthAnalyticsCustomModules}.
174
169
  # @!attribute [rw] parent
175
170
  # @return [::String]
176
- # Required. Name of parent to list effective custom modules. specified in one
177
- # of the following formats:
171
+ # Required. Name of parent to list effective custom modules, in one of the
172
+ # following formats:
173
+ #
178
174
  # * `organizations/{organization}/locations/{location}`
179
175
  # * `folders/{folder}/locations/{location}`
180
- # or
181
- # `projects/{project}/locations/{location}`
176
+ # * `projects/{project}/locations/{location}`
182
177
  # @!attribute [rw] page_size
183
178
  # @return [::Integer]
184
179
  # Optional. The maximum number of results to return in a single response.
185
180
  # Default is 10, minimum is 1, maximum is 1000.
186
181
  # @!attribute [rw] page_token
187
182
  # @return [::String]
188
- # Optional. The value returned by the last call indicating a continuation.
183
+ # Optional. A pagination token returned from a previous request. Provide this
184
+ # token to retrieve the next page of results.
185
+ #
186
+ # When paginating, the rest of the request must match the request that
187
+ # generated the page token.
189
188
  class ListEffectiveSecurityHealthAnalyticsCustomModulesRequest
190
189
  include ::Google::Protobuf::MessageExts
191
190
  extend ::Google::Protobuf::MessageExts::ClassMethods
192
191
  end
193
192
 
194
- # Response message for listing effective Security Health Analytics custom
195
- # modules.
193
+ # Response message for
194
+ # {::Google::Cloud::SecurityCenterManagement::V1::SecurityCenterManagement::Client#list_effective_security_health_analytics_custom_modules SecurityCenterManagement.ListEffectiveSecurityHealthAnalyticsCustomModules}.
196
195
  # @!attribute [rw] effective_security_health_analytics_custom_modules
197
196
  # @return [::Array<::Google::Cloud::SecurityCenterManagement::V1::EffectiveSecurityHealthAnalyticsCustomModule>]
198
- # The list of EffectiveSecurityHealthAnalyticsCustomModule
197
+ # The list of effective Security Health Analytics custom modules.
199
198
  # @!attribute [rw] next_page_token
200
199
  # @return [::String]
201
- # A token identifying a page of results the server should return.
200
+ # A pagination token. To retrieve the next page of results, call the method
201
+ # again with this token.
202
202
  class ListEffectiveSecurityHealthAnalyticsCustomModulesResponse
203
203
  include ::Google::Protobuf::MessageExts
204
204
  extend ::Google::Protobuf::MessageExts::ClassMethods
205
205
  end
206
206
 
207
- # Message for getting a EffectiveSecurityHealthAnalyticsCustomModule
207
+ # Request message for
208
+ # {::Google::Cloud::SecurityCenterManagement::V1::SecurityCenterManagement::Client#get_effective_security_health_analytics_custom_module SecurityCenterManagement.GetEffectiveSecurityHealthAnalyticsCustomModule}.
208
209
  # @!attribute [rw] name
209
210
  # @return [::String]
210
211
  # Required. The full resource name of the custom module, specified in one of
211
212
  # the following formats:
212
213
  #
213
- # * `organizations/organization/{location}/effectiveSecurityHealthAnalyticsCustomModules/{effective_security_health_analytics_custom_module}`
214
- # * `folders/folder/{location}/effectiveSecurityHealthAnalyticsCustomModules/{effective_security_health_analytics_custom_module}`
215
- # * `projects/project/{location}/effectiveSecurityHealthAnalyticsCustomModules/{effective_security_health_analytics_custom_module}`
214
+ # * `organizations/organization/{location}/effectiveSecurityHealthAnalyticsCustomModules/{custom_module}`
215
+ # * `folders/folder/{location}/effectiveSecurityHealthAnalyticsCustomModules/{custom_module}`
216
+ # * `projects/project/{location}/effectiveSecurityHealthAnalyticsCustomModules/{custom_module}`
216
217
  class GetEffectiveSecurityHealthAnalyticsCustomModuleRequest
217
218
  include ::Google::Protobuf::MessageExts
218
219
  extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -222,20 +223,21 @@ module Google
222
223
  # including its full module name, display name, enablement state, and last
223
224
  # updated time. You can create a custom module at the organization, folder, or
224
225
  # project level. Custom modules that you create at the organization or folder
225
- # level are inherited by the child folders and projects.
226
+ # level are inherited by the descendant folders and projects.
226
227
  # @!attribute [rw] name
227
228
  # @return [::String]
228
- # Identifier. The full resource name of the custom module, specified in one
229
- # of the following formats:
230
- # * `organizations/{organization}/locations/{location}/securityHealthAnalyticsCustomModules/{security_health_analytics_custom_module}`
231
- # * `folders/{folder}/locations/{location}/securityHealthAnalyticsCustomModules/{security_health_analytics_custom_module}`
232
- # * `projects/{project}/locations/{location}/securityHealthAnalyticsCustomModules/{security_health_analytics_custom_module}`
229
+ # Identifier. The full resource name of the custom module, in one of the
230
+ # following formats:
231
+ #
232
+ # * `organizations/{organization}/locations/{location}/securityHealthAnalyticsCustomModules/{custom_module}`
233
+ # * `folders/{folder}/locations/{location}/securityHealthAnalyticsCustomModules/{custom_module}`
234
+ # * `projects/{project}/locations/{location}/securityHealthAnalyticsCustomModules/{custom_module}`
233
235
  # @!attribute [rw] display_name
234
236
  # @return [::String]
235
237
  # Optional. The display name of the Security Health Analytics custom module.
236
238
  # This display name becomes the finding category for all findings that are
237
- # returned by this custom module. The display name must be between 1 and
238
- # 128 characters, start with a lowercase letter, and contain alphanumeric
239
+ # returned by this custom module. The display name must be between 1 and 128
240
+ # characters, start with a lowercase letter, and contain alphanumeric
239
241
  # characters or underscores only.
240
242
  # @!attribute [rw] enablement_state
241
243
  # @return [::Google::Cloud::SecurityCenterManagement::V1::SecurityHealthAnalyticsCustomModule::EnablementState]
@@ -254,27 +256,27 @@ module Google
254
256
  # module.
255
257
  # @!attribute [rw] custom_config
256
258
  # @return [::Google::Cloud::SecurityCenterManagement::V1::CustomConfig]
257
- # Optional. The user specified custom configuration for the module.
259
+ # Optional. The user-specified custom configuration for the module.
258
260
  class SecurityHealthAnalyticsCustomModule
259
261
  include ::Google::Protobuf::MessageExts
260
262
  extend ::Google::Protobuf::MessageExts::ClassMethods
261
263
 
262
264
  # Possible enablement states of a custom module.
263
265
  module EnablementState
264
- # Unspecified enablement state.
266
+ # Default value. This value is unused.
265
267
  ENABLEMENT_STATE_UNSPECIFIED = 0
266
268
 
267
- # The module is enabled at the given CRM resource.
269
+ # The module is enabled at the given organization, folder, or project.
268
270
  ENABLED = 1
269
271
 
270
- # The module is disabled at the given CRM resource.
272
+ # The module is disabled at the given organization, folder, or project.
271
273
  DISABLED = 2
272
274
 
273
275
  # State is inherited from an ancestor module. The module will either
274
- # be effectively ENABLED or DISABLED based on its closest non-inherited
275
- # ancestor module in the CRM hierarchy. Attempting to set a top level
276
- # module (module with no parent) to the INHERITED state will result in an
277
- # INVALID_ARGUMENT error.
276
+ # be effectively `ENABLED` or `DISABLED` based on its closest non-inherited
277
+ # ancestor module in the resource hierarchy. If you try to set a top-level
278
+ # module (a module with no parent) to the `INHERITED` state, you receive an
279
+ # `INVALID_ARGUMENT` error.
278
280
  INHERITED = 3
279
281
  end
280
282
  end
@@ -284,8 +286,9 @@ module Google
284
286
  # detectors that generate custom findings for resources that you specify.
285
287
  # @!attribute [rw] predicate
286
288
  # @return [::Google::Type::Expr]
287
- # Optional. The CEL expression to evaluate to produce findings. When the
288
- # expression evaluates to true against a resource, a finding is generated.
289
+ # Optional. The Common Expression Language (CEL) expression to evaluate to
290
+ # produce findings. When the expression evaluates to `true` against a
291
+ # resource, a finding is generated.
289
292
  # @!attribute [rw] custom_output
290
293
  # @return [::Google::Cloud::SecurityCenterManagement::V1::CustomConfig::CustomOutputSpec]
291
294
  # Optional. Custom output properties.
@@ -308,16 +311,14 @@ module Google
308
311
  # @return [::String]
309
312
  # Optional. An explanation of the recommended steps that security teams can
310
313
  # take to resolve the detected issue. This explanation is returned with each
311
- # finding generated by this module in the `nextSteps` property of the finding
312
- # JSON.
314
+ # finding generated by this module.
313
315
  class CustomConfig
314
316
  include ::Google::Protobuf::MessageExts
315
317
  extend ::Google::Protobuf::MessageExts::ClassMethods
316
318
 
317
319
  # A set of optional name-value pairs that define custom source properties to
318
320
  # return with each finding that is generated by the custom module. The custom
319
- # source properties that are defined here are included in the finding JSON
320
- # under `sourceProperties`.
321
+ # source properties that are defined here are included in the finding.
321
322
  # @!attribute [rw] properties
322
323
  # @return [::Array<::Google::Cloud::SecurityCenterManagement::V1::CustomConfig::CustomOutputSpec::Property>]
323
324
  # Optional. A list of custom output properties to add to the finding.
@@ -351,7 +352,7 @@ module Google
351
352
 
352
353
  # Defines the valid value options for the severity of a finding.
353
354
  module Severity
354
- # Unspecified severity.
355
+ # Default value. This value is unused.
355
356
  SEVERITY_UNSPECIFIED = 0
356
357
 
357
358
  # Critical severity.
@@ -368,11 +369,12 @@ module Google
368
369
  end
369
370
  end
370
371
 
371
- # Request message for listing Security Health Analytics custom modules.
372
+ # Request message for
373
+ # {::Google::Cloud::SecurityCenterManagement::V1::SecurityCenterManagement::Client#list_security_health_analytics_custom_modules SecurityCenterManagement.ListSecurityHealthAnalyticsCustomModules}.
372
374
  # @!attribute [rw] parent
373
375
  # @return [::String]
374
- # Required. Name of parent organization, folder, or project in which to list
375
- # custom modules, specified in one of the following formats:
376
+ # Required. Name of the parent organization, folder, or project in which to
377
+ # list custom modules, in one of the following formats:
376
378
  #
377
379
  # * `organizations/{organization}/locations/{location}`
378
380
  # * `folders/{folder}/locations/{location}`
@@ -383,30 +385,36 @@ module Google
383
385
  # Default is 10, minimum is 1, maximum is 1000.
384
386
  # @!attribute [rw] page_token
385
387
  # @return [::String]
386
- # Optional. A token identifying a page of results the server should return.
388
+ # Optional. A pagination token returned from a previous request. Provide this
389
+ # token to retrieve the next page of results.
390
+ #
391
+ # When paginating, the rest of the request must match the request that
392
+ # generated the page token.
387
393
  class ListSecurityHealthAnalyticsCustomModulesRequest
388
394
  include ::Google::Protobuf::MessageExts
389
395
  extend ::Google::Protobuf::MessageExts::ClassMethods
390
396
  end
391
397
 
392
- # Response message for listing Security Health Analytics custom modules.
398
+ # Response message for
399
+ # {::Google::Cloud::SecurityCenterManagement::V1::SecurityCenterManagement::Client#list_security_health_analytics_custom_modules SecurityCenterManagement.ListSecurityHealthAnalyticsCustomModules}.
393
400
  # @!attribute [rw] security_health_analytics_custom_modules
394
401
  # @return [::Array<::Google::Cloud::SecurityCenterManagement::V1::SecurityHealthAnalyticsCustomModule>]
395
- # The list of SecurityHealthAnalyticsCustomModules
402
+ # The list of Security Health Analytics custom modules.
396
403
  # @!attribute [rw] next_page_token
397
404
  # @return [::String]
398
- # A token identifying a page of results the server should return.
405
+ # A pagination token. To retrieve the next page of results, call the method
406
+ # again with this token.
399
407
  class ListSecurityHealthAnalyticsCustomModulesResponse
400
408
  include ::Google::Protobuf::MessageExts
401
409
  extend ::Google::Protobuf::MessageExts::ClassMethods
402
410
  end
403
411
 
404
- # Request message for listing descendant Security Health Analytics custom
405
- # modules.
412
+ # Request message for
413
+ # {::Google::Cloud::SecurityCenterManagement::V1::SecurityCenterManagement::Client#list_descendant_security_health_analytics_custom_modules SecurityCenterManagement.ListDescendantSecurityHealthAnalyticsCustomModules}.
406
414
  # @!attribute [rw] parent
407
415
  # @return [::String]
408
416
  # Required. Name of the parent organization, folder, or project in which to
409
- # list custom modules, specified in one of the following formats:
417
+ # list custom modules, in one of the following formats:
410
418
  #
411
419
  # * `organizations/{organization}/locations/{location}`
412
420
  # * `folders/{folder}/locations/{location}`
@@ -417,118 +425,147 @@ module Google
417
425
  # Default is 10, minimum is 1, maximum is 1000.
418
426
  # @!attribute [rw] page_token
419
427
  # @return [::String]
420
- # Optional. A token identifying a page of results the server should return.
428
+ # Optional. A pagination token returned from a previous request. Provide this
429
+ # token to retrieve the next page of results.
430
+ #
431
+ # When paginating, the rest of the request must match the request that
432
+ # generated the page token.
421
433
  class ListDescendantSecurityHealthAnalyticsCustomModulesRequest
422
434
  include ::Google::Protobuf::MessageExts
423
435
  extend ::Google::Protobuf::MessageExts::ClassMethods
424
436
  end
425
437
 
426
- # Response message for listing descendant Security Health Analytics custom
427
- # modules.
438
+ # Response message for
439
+ # {::Google::Cloud::SecurityCenterManagement::V1::SecurityCenterManagement::Client#list_descendant_security_health_analytics_custom_modules SecurityCenterManagement.ListDescendantSecurityHealthAnalyticsCustomModules}.
428
440
  # @!attribute [rw] security_health_analytics_custom_modules
429
441
  # @return [::Array<::Google::Cloud::SecurityCenterManagement::V1::SecurityHealthAnalyticsCustomModule>]
430
442
  # The list of SecurityHealthAnalyticsCustomModules
431
443
  # @!attribute [rw] next_page_token
432
444
  # @return [::String]
433
- # A token identifying a page of results the server should return.
445
+ # A pagination token. To retrieve the next page of results, call the method
446
+ # again with this token.
434
447
  class ListDescendantSecurityHealthAnalyticsCustomModulesResponse
435
448
  include ::Google::Protobuf::MessageExts
436
449
  extend ::Google::Protobuf::MessageExts::ClassMethods
437
450
  end
438
451
 
439
- # Message for getting a SecurityHealthAnalyticsCustomModule
452
+ # Request message for
453
+ # {::Google::Cloud::SecurityCenterManagement::V1::SecurityCenterManagement::Client#get_security_health_analytics_custom_module SecurityCenterManagement.GetSecurityHealthAnalyticsCustomModule}.
440
454
  # @!attribute [rw] name
441
455
  # @return [::String]
442
- # Required. Name of the resource
456
+ # Required. Name of the resource, in the format
457
+ # `projects/{project}/locations/{location}/securityHealthAnalyticsCustomModules/{custom_module}`.
443
458
  class GetSecurityHealthAnalyticsCustomModuleRequest
444
459
  include ::Google::Protobuf::MessageExts
445
460
  extend ::Google::Protobuf::MessageExts::ClassMethods
446
461
  end
447
462
 
448
- # Message for creating a SecurityHealthAnalyticsCustomModule
463
+ # Request message for
464
+ # {::Google::Cloud::SecurityCenterManagement::V1::SecurityCenterManagement::Client#create_security_health_analytics_custom_module SecurityCenterManagement.CreateSecurityHealthAnalyticsCustomModule}.
449
465
  # @!attribute [rw] parent
450
466
  # @return [::String]
451
467
  # Required. Name of the parent organization, folder, or project of the
452
- # module, specified in one of the following formats:
468
+ # module, in one of the following formats:
453
469
  #
454
470
  # * `organizations/{organization}/locations/{location}`
455
471
  # * `folders/{folder}/locations/{location}`
456
472
  # * `projects/{project}/locations/{location}`
457
473
  # @!attribute [rw] security_health_analytics_custom_module
458
474
  # @return [::Google::Cloud::SecurityCenterManagement::V1::SecurityHealthAnalyticsCustomModule]
459
- # Required. The resource being created
475
+ # Required. The resource being created.
460
476
  # @!attribute [rw] validate_only
461
477
  # @return [::Boolean]
462
- # Optional. When set to true, only validations (including IAM checks) will
463
- # done for the request (no module will be created). An OK response indicates
464
- # the request is valid while an error response indicates the request is
465
- # invalid. Note that a subsequent request to actually create the module could
466
- # still fail because:
467
- # 1. the state could have changed (e.g. IAM permission lost) or
468
- # 2. A failure occurred during creation of the module.
469
- # Defaults to false.
478
+ # Optional. When set to `true`, the request will be validated (including IAM
479
+ # checks), but no module will be created. An `OK` response indicates that the
480
+ # request is valid, while an error response indicates that the request is
481
+ # invalid.
482
+ #
483
+ # If the request is valid, a subsequent request to create the module could
484
+ # still fail for one of the following reasons:
485
+ #
486
+ # * The state of your cloud resources changed; for example, you lost a
487
+ # required IAM permission
488
+ # * An error occurred during creation of the module
489
+ #
490
+ # Defaults to `false`.
470
491
  class CreateSecurityHealthAnalyticsCustomModuleRequest
471
492
  include ::Google::Protobuf::MessageExts
472
493
  extend ::Google::Protobuf::MessageExts::ClassMethods
473
494
  end
474
495
 
475
- # Message for updating a SecurityHealthAnalyticsCustomModule
496
+ # Request message for
497
+ # {::Google::Cloud::SecurityCenterManagement::V1::SecurityCenterManagement::Client#update_security_health_analytics_custom_module SecurityCenterManagement.UpdateSecurityHealthAnalyticsCustomModule}.
476
498
  # @!attribute [rw] update_mask
477
499
  # @return [::Google::Protobuf::FieldMask]
478
- # Required. The list of fields to be updated. The only fields that can be
479
- # updated are `enablement_state` and `custom_config`. If empty or set to the
480
- # wildcard value `*`, both `enablement_state` and `custom_config` are
481
- # updated.
500
+ # Required. The fields to update. The following values are valid:
501
+ #
502
+ # * `custom_config`
503
+ # * `enablement_state`
504
+ #
505
+ # If you omit this field or set it to the wildcard value `*`, then all
506
+ # eligible fields are updated.
482
507
  # @!attribute [rw] security_health_analytics_custom_module
483
508
  # @return [::Google::Cloud::SecurityCenterManagement::V1::SecurityHealthAnalyticsCustomModule]
484
- # Required. The resource being updated
509
+ # Required. The resource being updated.
485
510
  # @!attribute [rw] validate_only
486
511
  # @return [::Boolean]
487
- # Optional. When set to true, only validations (including IAM checks) will
488
- # done for the request (module will not be updated). An OK response indicates
489
- # the request is valid while an error response indicates the request is
490
- # invalid. Note that a subsequent request to actually update the module could
491
- # still fail because 1. the state could have changed (e.g. IAM permission
492
- # lost) or
493
- # 2. A failure occurred while trying to update the module.
512
+ # Optional. When set to `true`, the request will be validated (including IAM
513
+ # checks), but no module will be updated. An `OK` response indicates that the
514
+ # request is valid, while an error response indicates that the request is
515
+ # invalid.
516
+ #
517
+ # If the request is valid, a subsequent request to update the module could
518
+ # still fail for one of the following reasons:
519
+ #
520
+ # * The state of your cloud resources changed; for example, you lost a
521
+ # required IAM permission
522
+ # * An error occurred during creation of the module
523
+ #
524
+ # Defaults to `false`.
494
525
  class UpdateSecurityHealthAnalyticsCustomModuleRequest
495
526
  include ::Google::Protobuf::MessageExts
496
527
  extend ::Google::Protobuf::MessageExts::ClassMethods
497
528
  end
498
529
 
499
- # Message for deleting a SecurityHealthAnalyticsCustomModule
530
+ # Request message for
531
+ # {::Google::Cloud::SecurityCenterManagement::V1::SecurityCenterManagement::Client#delete_security_health_analytics_custom_module SecurityCenterManagement.DeleteSecurityHealthAnalyticsCustomModule}.
500
532
  # @!attribute [rw] name
501
533
  # @return [::String]
502
- # Required. The resource name of the SHA custom module.
503
- #
504
- # Its format is:
534
+ # Required. The resource name of the SHA custom module, in one of the
535
+ # following formats:
505
536
  #
506
- # * `organizations/{organization}/locations/{location}/securityHealthAnalyticsCustomModules/{security_health_analytics_custom_module}`.
507
- # * `folders/{folder}/locations/{location}/securityHealthAnalyticsCustomModules/{security_health_analytics_custom_module}`.
508
- # * `projects/{project}/locations/{location}/securityHealthAnalyticsCustomModules/{security_health_analytics_custom_module}`.
537
+ # * `organizations/{organization}/locations/{location}/securityHealthAnalyticsCustomModules/{custom_module}`
538
+ # * `folders/{folder}/locations/{location}/securityHealthAnalyticsCustomModules/{custom_module}`
539
+ # * `projects/{project}/locations/{location}/securityHealthAnalyticsCustomModules/{custom_module}`
509
540
  # @!attribute [rw] validate_only
510
541
  # @return [::Boolean]
511
- # Optional. When set to true, only validations (including IAM checks) will
512
- # done for the request (module will not be deleted). An OK response indicates
513
- # the request is valid while an error response indicates the request is
514
- # invalid. Note that a subsequent request to actually delete the module could
515
- # still fail because 1. the state could have changed (e.g. IAM permission
516
- # lost) or
517
- # 2. A failure occurred while trying to delete the module.
542
+ # Optional. When set to `true`, the request will be validated (including IAM
543
+ # checks), but no module will be deleted. An `OK` response indicates that the
544
+ # request is valid, while an error response indicates that the request is
545
+ # invalid.
546
+ #
547
+ # If the request is valid, a subsequent request to delete the module could
548
+ # still fail for one of the following reasons:
549
+ #
550
+ # * The state of your cloud resources changed; for example, you lost a
551
+ # required IAM permission
552
+ # * An error occurred during deletion of the module
553
+ #
554
+ # Defaults to `false`.
518
555
  class DeleteSecurityHealthAnalyticsCustomModuleRequest
519
556
  include ::Google::Protobuf::MessageExts
520
557
  extend ::Google::Protobuf::MessageExts::ClassMethods
521
558
  end
522
559
 
523
- # Request message to simulate a CustomConfig against a given test resource.
524
- # Maximum size of the request is 4 MB by default.
560
+ # Request message for
561
+ # {::Google::Cloud::SecurityCenterManagement::V1::SecurityCenterManagement::Client#simulate_security_health_analytics_custom_module SecurityCenterManagement.SimulateSecurityHealthAnalyticsCustomModule}.
562
+ # The maximum size of the request is 4 MiB.
525
563
  # @!attribute [rw] parent
526
564
  # @return [::String]
527
565
  # Required. The relative resource name of the organization, project, or
528
- # folder. For more information about relative resource names, see [Relative
529
- # Resource
530
- # Name](https://cloud.google.com/apis/design/resource_names#relative_resource_name)
531
- # Example: `organizations/{organization_id}`.
566
+ # folder. For more information about relative resource names, see [AIP-122:
567
+ # Resource names](https://google.aip.dev/122). Example:
568
+ # `organizations/{organization_id}`.
532
569
  # @!attribute [rw] custom_config
533
570
  # @return [::Google::Cloud::SecurityCenterManagement::V1::CustomConfig]
534
571
  # Required. The custom configuration that you need to test.
@@ -539,74 +576,79 @@ module Google
539
576
  include ::Google::Protobuf::MessageExts
540
577
  extend ::Google::Protobuf::MessageExts::ClassMethods
541
578
 
542
- # Manually constructed resource name. If the custom module evaluates against
543
- # only the resource data, you can omit the `iam_policy_data` field. If it
544
- # evaluates only the `iam_policy_data` field, you can omit the resource data.
579
+ # Manually constructed information about a resource.
545
580
  # @!attribute [rw] resource_type
546
581
  # @return [::String]
547
- # Required. The type of the resource, for example,
582
+ # Required. The type of the resource. For example,
548
583
  # `compute.googleapis.com/Disk`.
549
584
  # @!attribute [rw] resource_data
550
585
  # @return [::Google::Protobuf::Struct]
551
586
  # Optional. A representation of the Google Cloud resource. Should match the
552
587
  # Google Cloud resource JSON format.
588
+ #
589
+ # If the custom module evaluates only the IAM allow policy, then you can
590
+ # omit this field.
553
591
  # @!attribute [rw] iam_policy_data
554
592
  # @return [::Google::Iam::V1::Policy]
555
- # Optional. A representation of the IAM policy.
593
+ # Optional. A representation of the IAM allow policy.
594
+ #
595
+ # If the custom module evaluates only the resource data, then you can omit
596
+ # this field.
556
597
  class SimulatedResource
557
598
  include ::Google::Protobuf::MessageExts
558
599
  extend ::Google::Protobuf::MessageExts::ClassMethods
559
600
  end
560
601
  end
561
602
 
562
- # A subset of the fields of the Security Center Finding proto. The minimum set
563
- # of fields needed to represent a simulated finding from a SHA custom module.
603
+ # The minimum set of fields needed to represent a simulated finding from a
604
+ # Security Health Analytics custom module.
564
605
  # @!attribute [rw] name
565
606
  # @return [::String]
566
- # Identifier. The [relative resource
567
- # name](https://cloud.google.com/apis/design/resource_names#relative_resource_name)
568
- # of the finding. Example:
569
- # `organizations/{organization_id}/sources/{source_id}/findings/{finding_id}`,
570
- # `folders/{folder_id}/sources/{source_id}/findings/{finding_id}`,
571
- # `projects/{project_id}/sources/{source_id}/findings/{finding_id}`.
607
+ # Identifier. The [relative resource name](https://google.aip.dev/122) of the
608
+ # finding, in one of the following formats:
609
+ #
610
+ # * `organizations/{organization_id}/sources/{source_id}/findings/{finding_id}`
611
+ # * `folders/{folder_id}/sources/{source_id}/findings/{finding_id}`
612
+ # * `projects/{project_id}/sources/{source_id}/findings/{finding_id}`
572
613
  # @!attribute [rw] parent
573
614
  # @return [::String]
574
- # The relative resource name of the source the finding belongs to. See:
575
- # https://cloud.google.com/apis/design/resource_names#relative_resource_name
576
- # This field is immutable after creation time.
577
- # For example:
578
- # `organizations/{organization_id}/sources/{source_id}`
615
+ # The [relative resource name](https://google.aip.dev/122) of the source the
616
+ # finding belongs to. For example,
617
+ # `organizations/{organization_id}/sources/{source_id}`. This field is
618
+ # immutable after creation time.
579
619
  # @!attribute [rw] resource_name
580
620
  # @return [::String]
581
- # For findings on Google Cloud resources, the full resource
582
- # name of the Google Cloud resource this finding is for. See:
583
- # https://cloud.google.com/apis/design/resource_names#full_resource_name
584
- # When the finding is for a non-Google Cloud resource, the resourceName can
585
- # be a customer or partner defined string. This field is immutable after
586
- # creation time.
621
+ # For findings on Google Cloud resources, the
622
+ # [full resource name](https://google.aip.dev/122#full-resource-names) of the
623
+ # Google Cloud resource this finding is for. When the finding is for a
624
+ # non-Google Cloud resource, the value can be a customer or partner defined
625
+ # string. This field is immutable after creation time.
587
626
  # @!attribute [rw] category
588
627
  # @return [::String]
589
- # The additional taxonomy group within findings from a given source.
590
- # This field is immutable after creation time.
591
- # Example: "XSS_FLASH_INJECTION"
628
+ # The additional taxonomy group within findings from a given source. For
629
+ # example, `XSS_FLASH_INJECTION`. This field is immutable after creation
630
+ # time.
592
631
  # @!attribute [r] state
593
632
  # @return [::Google::Cloud::SecurityCenterManagement::V1::SimulatedFinding::State]
594
633
  # Output only. The state of the finding.
595
634
  # @!attribute [rw] source_properties
596
635
  # @return [::Google::Protobuf::Map{::String => ::Google::Protobuf::Value}]
597
- # Source specific properties. These properties are managed by the source
598
- # that writes the finding. The key names in the source_properties map must be
599
- # between 1 and 255 characters, and must start with a letter and contain
600
- # alphanumeric characters or underscores only.
636
+ # Source-specific properties. These properties are managed by the source
637
+ # that writes the finding. The key names must be between 1 and 255
638
+ # characters; they must start with a letter and contain alphanumeric
639
+ # characters or underscores only.
601
640
  # @!attribute [rw] event_time
602
641
  # @return [::Google::Protobuf::Timestamp]
603
642
  # The time the finding was first detected. If an existing finding is updated,
604
- # then this is the time the update occurred.
643
+ # then this is the time the update occurred. If the finding is later
644
+ # resolved, then this time reflects when the finding was resolved.
645
+ #
605
646
  # For example, if the finding represents an open firewall, this property
606
647
  # captures the time the detector believes the firewall became open. The
607
- # accuracy is determined by the detector. If the finding is later resolved,
608
- # then this time reflects when the finding was resolved. This must not
609
- # be set to a value greater than the current timestamp.
648
+ # accuracy is determined by the detector.
649
+ #
650
+ # The event time must not be set to a value greater than the current
651
+ # timestamp.
610
652
  # @!attribute [rw] severity
611
653
  # @return [::Google::Cloud::SecurityCenterManagement::V1::SimulatedFinding::Severity]
612
654
  # The severity of the finding. This field is managed by the source that
@@ -629,97 +671,92 @@ module Google
629
671
 
630
672
  # The state of the finding.
631
673
  module State
632
- # Unspecified state.
674
+ # Default value. This value is unused.
633
675
  STATE_UNSPECIFIED = 0
634
676
 
635
677
  # The finding requires attention and has not been addressed yet.
636
678
  ACTIVE = 1
637
679
 
638
- # The finding has been fixed, triaged as a non-issue or otherwise addressed
639
- # and is no longer active.
680
+ # The finding has been fixed, triaged as a non-issue, or otherwise
681
+ # addressed and is no longer active.
640
682
  INACTIVE = 2
641
683
  end
642
684
 
643
685
  # The severity of the finding.
644
686
  module Severity
645
- # This value is used for findings when a source doesn't write a severity
646
- # value.
687
+ # Default value. This value is unused.
647
688
  SEVERITY_UNSPECIFIED = 0
648
689
 
649
- # Vulnerability:
650
- # A critical vulnerability is easily discoverable by an external actor,
651
- # exploitable, and results in the direct ability to execute arbitrary code,
652
- # exfiltrate data, and otherwise gain additional access and privileges to
653
- # cloud resources and workloads. Examples include publicly accessible
654
- # unprotected user data and public SSH access with weak or no
655
- # passwords.
690
+ # For vulnerabilities: A critical vulnerability is easily discoverable by
691
+ # an external actor, exploitable, and results in the direct ability to
692
+ # execute arbitrary code, exfiltrate data, and otherwise gain additional
693
+ # access and privileges to cloud resources and workloads. Examples include
694
+ # publicly accessible unprotected user data and public SSH access with weak
695
+ # or no passwords.
656
696
  #
657
- # Threat:
658
- # Indicates a threat that is able to access, modify, or delete data or
659
- # execute unauthorized code within existing resources.
697
+ # For threats: Indicates a threat that is able to access, modify, or delete
698
+ # data or execute unauthorized code within existing resources.
660
699
  CRITICAL = 1
661
700
 
662
- # Vulnerability:
663
- # A high risk vulnerability can be easily discovered and exploited in
664
- # combination with other vulnerabilities in order to gain direct access and
665
- # the ability to execute arbitrary code, exfiltrate data, and otherwise
666
- # gain additional access and privileges to cloud resources and workloads.
667
- # An example is a database with weak or no passwords that is only
668
- # accessible internally. This database could easily be compromised by an
669
- # actor that had access to the internal network.
701
+ # For vulnerabilities: A high-risk vulnerability can be easily discovered
702
+ # and exploited in combination with other vulnerabilities in order to gain
703
+ # direct access and the ability to execute arbitrary code, exfiltrate data,
704
+ # and otherwise gain additional access and privileges to cloud resources
705
+ # and workloads. An example is a database with weak or no passwords that is
706
+ # only accessible internally. This database could easily be compromised by
707
+ # an actor that had access to the internal network.
670
708
  #
671
- # Threat:
672
- # Indicates a threat that is able to create new computational resources in
673
- # an environment but not able to access data or execute code in existing
674
- # resources.
709
+ # For threats: Indicates a threat that is able to create new computational
710
+ # resources in an environment but not able to access data or execute code
711
+ # in existing resources.
675
712
  HIGH = 2
676
713
 
677
- # Vulnerability:
678
- # A medium risk vulnerability could be used by an actor to gain access to
679
- # resources or privileges that enable them to eventually (through multiple
680
- # steps or a complex exploit) gain access and the ability to execute
681
- # arbitrary code or exfiltrate data. An example is a service account with
682
- # access to more projects than it should have. If an actor gains access to
683
- # the service account, they could potentially use that access to manipulate
684
- # a project the service account was not intended to.
714
+ # For vulnerabilities: A medium-risk vulnerability could be used by an
715
+ # actor to gain access to resources or privileges that enable them to
716
+ # eventually (through multiple steps or a complex exploit) gain access and
717
+ # the ability to execute arbitrary code or exfiltrate data. An example is a
718
+ # service account with access to more projects than it should have. If an
719
+ # actor gains access to the service account, they could potentially use
720
+ # that access to manipulate a project the service account was not intended
721
+ # to.
685
722
  #
686
- # Threat:
687
- # Indicates a threat that is able to cause operational impact but may not
688
- # access data or execute unauthorized code.
723
+ # For threats: Indicates a threat that is able to cause operational impact
724
+ # but may not access data or execute unauthorized code.
689
725
  MEDIUM = 3
690
726
 
691
- # Vulnerability:
692
- # A low risk vulnerability hampers a security organization's ability to
693
- # detect vulnerabilities or active threats in their deployment, or prevents
694
- # the root cause investigation of security issues. An example is monitoring
695
- # and logs being disabled for resource configurations and access.
727
+ # For vulnerabilities: A low-risk vulnerability hampers a security
728
+ # organization's ability to detect vulnerabilities or active threats in
729
+ # their deployment, or prevents the root cause investigation of security
730
+ # issues. An example is monitoring and logs being disabled for resource
731
+ # configurations and access.
696
732
  #
697
- # Threat:
698
- # Indicates a threat that has obtained minimal access to an environment but
699
- # is not able to access data, execute code, or create resources.
733
+ # For threats: Indicates a threat that has obtained minimal access to an
734
+ # environment but is not able to access data, execute code, or create
735
+ # resources.
700
736
  LOW = 4
701
737
  end
702
738
 
703
- # Represents what kind of Finding it is.
739
+ # Represents what kind of finding it is.
704
740
  module FindingClass
705
- # Unspecified finding class.
741
+ # Default value. This value is unused.
706
742
  FINDING_CLASS_UNSPECIFIED = 0
707
743
 
708
744
  # Describes unwanted or malicious activity.
709
745
  THREAT = 1
710
746
 
711
747
  # Describes a potential weakness in software that increases risk to
712
- # Confidentiality & Integrity & Availability.
748
+ # confidentiality, integrity, and availability.
713
749
  VULNERABILITY = 2
714
750
 
715
- # Describes a potential weakness in cloud resource/asset configuration that
716
- # increases risk.
751
+ # Describes a potential weakness in cloud resource or asset configuration
752
+ # that increases risk.
717
753
  MISCONFIGURATION = 3
718
754
 
719
755
  # Describes a security observation that is for informational purposes.
720
756
  OBSERVATION = 4
721
757
 
722
- # Describes an error that prevents some SCC functionality.
758
+ # Describes an error that prevents Security Command Center from working
759
+ # correctly.
723
760
  SCC_ERROR = 5
724
761
 
725
762
  # Describes a potential security risk due to a change in the security
@@ -732,8 +769,8 @@ module Google
732
769
  end
733
770
  end
734
771
 
735
- # Response message for simulating a `SecurityHealthAnalyticsCustomModule`
736
- # against a given resource.
772
+ # Response message for
773
+ # {::Google::Cloud::SecurityCenterManagement::V1::SecurityCenterManagement::Client#simulate_security_health_analytics_custom_module SecurityCenterManagement.SimulateSecurityHealthAnalyticsCustomModule}.
737
774
  # @!attribute [rw] result
738
775
  # @return [::Google::Cloud::SecurityCenterManagement::V1::SimulateSecurityHealthAnalyticsCustomModuleResponse::SimulatedResult]
739
776
  # Result for test case in the corresponding request.
@@ -744,8 +781,8 @@ module Google
744
781
  # Possible test result.
745
782
  # @!attribute [rw] finding
746
783
  # @return [::Google::Cloud::SecurityCenterManagement::V1::SimulatedFinding]
747
- # Finding that would be published for the test case,
748
- # if a violation is detected.
784
+ # Finding that would be published for the test case if a violation is
785
+ # detected.
749
786
  # @!attribute [rw] no_violation
750
787
  # @return [::Google::Protobuf::Empty]
751
788
  # Indicates that the test case does not trigger any violation.
@@ -758,45 +795,44 @@ module Google
758
795
  end
759
796
  end
760
797
 
761
- # An EffectiveEventThreatDetectionCustomModule is the representation of
762
- # EventThreatDetectionCustomModule at a given level taking hierarchy into
763
- # account and resolving various fields accordingly. e.g. if the module is
764
- # enabled at the ancestor level, effective modules at all descendant levels
765
- # will have enablement_state set to ENABLED. Similarly, if module.inherited is
766
- # set, then effective module's config will contain the ancestor's config
767
- # details. EffectiveEventThreatDetectionCustomModule is read-only.
798
+ # The representation of an
799
+ # {::Google::Cloud::SecurityCenterManagement::V1::EventThreatDetectionCustomModule EventThreatDetectionCustomModule}
800
+ # at a given level, taking hierarchy into account and resolving various fields
801
+ # accordingly. For example, if the module is enabled at the ancestor level,
802
+ # then effective modules at all descendant levels will have their enablement
803
+ # state set to `ENABLED`. Similarly, if `module.inherited` is set, then the
804
+ # effective module's configuration will reflect the ancestor's configuration.
768
805
  # @!attribute [rw] name
769
806
  # @return [::String]
770
- # Identifier. The resource name of the ETD custom module.
771
- #
772
- # Its format is:
807
+ # Identifier. The resource name of the Event Threat Detection custom module,
808
+ # in one of the following formats:
773
809
  #
774
- # * `organizations/{organization}/locations/{location}/effectiveEventThreatDetectionCustomModules/{effective_event_threat_detection_custom_module}`.
775
- # * `folders/{folder}/locations/{location}/effectiveEventThreatDetectionCustomModules/{effective_event_threat_detection_custom_module}`.
776
- # * `projects/{project}/locations/{location}/effectiveEventThreatDetectionCustomModules/{effective_event_threat_detection_custom_module}`.
810
+ # * `organizations/{organization}/locations/{location}/effectiveEventThreatDetectionCustomModules/{custom_module}`
811
+ # * `folders/{folder}/locations/{location}/effectiveEventThreatDetectionCustomModules/{custom_module}`
812
+ # * `projects/{project}/locations/{location}/effectiveEventThreatDetectionCustomModules/{custom_module}`
777
813
  # @!attribute [r] config
778
814
  # @return [::Google::Protobuf::Struct]
779
- # Output only. Config for the effective module.
815
+ # Output only. Configuration for the effective module.
780
816
  # @!attribute [r] enablement_state
781
817
  # @return [::Google::Cloud::SecurityCenterManagement::V1::EffectiveEventThreatDetectionCustomModule::EnablementState]
782
818
  # Output only. The effective state of enablement for the module at the given
783
819
  # level of the hierarchy.
784
820
  # @!attribute [r] type
785
821
  # @return [::String]
786
- # Output only. Type for the module. e.g. CONFIGURABLE_BAD_IP.
822
+ # Output only. Type for the module (for example, `CONFIGURABLE_BAD_IP`).
787
823
  # @!attribute [r] display_name
788
824
  # @return [::String]
789
- # Output only. The human readable name to be displayed for the module.
825
+ # Output only. The human-readable name of the module.
790
826
  # @!attribute [r] description
791
827
  # @return [::String]
792
- # Output only. The description for the module.
828
+ # Output only. A description of the module.
793
829
  class EffectiveEventThreatDetectionCustomModule
794
830
  include ::Google::Protobuf::MessageExts
795
831
  extend ::Google::Protobuf::MessageExts::ClassMethods
796
832
 
797
833
  # The enablement state of the module.
798
834
  module EnablementState
799
- # Unspecified enablement state.
835
+ # Default value. This value is unused.
800
836
  ENABLEMENT_STATE_UNSPECIFIED = 0
801
837
 
802
838
  # The module is enabled at the given level.
@@ -807,91 +843,96 @@ module Google
807
843
  end
808
844
  end
809
845
 
810
- # Request message for listing effective Event Threat Detection custom
811
- # modules.
846
+ # Request message for
847
+ # {::Google::Cloud::SecurityCenterManagement::V1::SecurityCenterManagement::Client#list_effective_event_threat_detection_custom_modules SecurityCenterManagement.ListEffectiveEventThreatDetectionCustomModules}.
812
848
  # @!attribute [rw] parent
813
849
  # @return [::String]
814
- # Required. Name of parent to list effective custom modules. Its format is
815
- # `organizations/{organization}/locations/{location}`,
816
- # `folders/{folder}/locations/{location}`,
817
- # or
818
- # `projects/{project}/locations/{location}`
850
+ # Required. Name of parent to list effective custom modules, in one of the
851
+ # following formats:
852
+ #
853
+ # * `organizations/{organization}/locations/{location}`
854
+ # * `folders/{folder}/locations/{location}`
855
+ # * `projects/{project}/locations/{location}`
819
856
  # @!attribute [rw] page_size
820
857
  # @return [::Integer]
821
858
  # Optional. The maximum number of results to return in a single response.
822
859
  # Default is 10, minimum is 1, maximum is 1000.
823
860
  # @!attribute [rw] page_token
824
861
  # @return [::String]
825
- # Optional. The value returned by the last call indicating a continuation
862
+ # Optional. A pagination token returned from a previous request. Provide this
863
+ # token to retrieve the next page of results.
864
+ #
865
+ # When paginating, the rest of the request must match the request that
866
+ # generated the page token.
826
867
  class ListEffectiveEventThreatDetectionCustomModulesRequest
827
868
  include ::Google::Protobuf::MessageExts
828
869
  extend ::Google::Protobuf::MessageExts::ClassMethods
829
870
  end
830
871
 
831
- # Response message for listing effective Event Threat Detection custom
832
- # modules.
872
+ # Response message for
873
+ # {::Google::Cloud::SecurityCenterManagement::V1::SecurityCenterManagement::Client#list_effective_event_threat_detection_custom_modules SecurityCenterManagement.ListEffectiveEventThreatDetectionCustomModules}.
833
874
  # @!attribute [rw] effective_event_threat_detection_custom_modules
834
875
  # @return [::Array<::Google::Cloud::SecurityCenterManagement::V1::EffectiveEventThreatDetectionCustomModule>]
835
- # The list of EffectiveEventThreatDetectionCustomModules
876
+ # The list of effective Event Threat Detection custom modules.
836
877
  # @!attribute [rw] next_page_token
837
878
  # @return [::String]
838
- # A token identifying a page of results the server should return.
879
+ # A pagination token. To retrieve the next page of results, call the method
880
+ # again with this token.
839
881
  class ListEffectiveEventThreatDetectionCustomModulesResponse
840
882
  include ::Google::Protobuf::MessageExts
841
883
  extend ::Google::Protobuf::MessageExts::ClassMethods
842
884
  end
843
885
 
844
- # Message for getting a EffectiveEventThreatDetectionCustomModule
886
+ # Request message for
887
+ # {::Google::Cloud::SecurityCenterManagement::V1::SecurityCenterManagement::Client#get_effective_event_threat_detection_custom_module SecurityCenterManagement.GetEffectiveEventThreatDetectionCustomModule}.
845
888
  # @!attribute [rw] name
846
889
  # @return [::String]
847
- # Required. The resource name of the ETD custom module.
848
- #
849
- # Its format is:
890
+ # Required. The resource name of the Event Threat Detection custom module, in
891
+ # one of the following formats:
850
892
  #
851
- # * `organizations/{organization}/locations/{location}/effectiveEventThreatDetectionCustomModules/{effective_event_threat_detection_custom_module}`.
852
- # * `folders/{folder}/locations/{location}/effectiveEventThreatDetectionCustomModules/{effective_event_threat_detection_custom_module}`.
853
- # * `projects/{project}/locations/{location}/effectiveEventThreatDetectionCustomModules/{effective_event_threat_detection_custom_module}`.
893
+ # * `organizations/{organization}/locations/{location}/effectiveEventThreatDetectionCustomModules/{custom_module}`
894
+ # * `folders/{folder}/locations/{location}/effectiveEventThreatDetectionCustomModules/{custom_module}`
895
+ # * `projects/{project}/locations/{location}/effectiveEventThreatDetectionCustomModules/{custom_module}`
854
896
  class GetEffectiveEventThreatDetectionCustomModuleRequest
855
897
  include ::Google::Protobuf::MessageExts
856
898
  extend ::Google::Protobuf::MessageExts::ClassMethods
857
899
  end
858
900
 
859
- # An event threat detection custom module is a Cloud SCC resource that contains
860
- # the configuration and enablement state of a custom module, which enables ETD
861
- # to write certain findings to Cloud SCC.
901
+ # A Security Command Center resource that contains the configuration and
902
+ # enablement state of a custom module, which enables Event Threat Detection to
903
+ # write certain findings to Security Command Center.
862
904
  # @!attribute [rw] name
863
905
  # @return [::String]
864
- # Identifier. The resource name of the ETD custom module.
906
+ # Identifier. The resource name of the Event Threat Detection custom module,
907
+ # in one of the following formats:
865
908
  #
866
- # Its format is:
867
- #
868
- # * `organizations/{organization}/locations/{location}/eventThreatDetectionCustomModules/{event_threat_detection_custom_module}`.
869
- # * `folders/{folder}/locations/{location}/eventThreatDetectionCustomModules/{event_threat_detection_custom_module}`.
870
- # * `projects/{project}/locations/{location}/eventThreatDetectionCustomModules/{event_threat_detection_custom_module}`.
909
+ # * `organizations/{organization}/locations/{location}/eventThreatDetectionCustomModules/{custom_module}`
910
+ # * `folders/{folder}/locations/{location}/eventThreatDetectionCustomModules/{custom_module}`
911
+ # * `projects/{project}/locations/{location}/eventThreatDetectionCustomModules/{custom_module}`
871
912
  # @!attribute [rw] config
872
913
  # @return [::Google::Protobuf::Struct]
873
- # Optional. Config for the module. For the resident module, its config value
874
- # is defined at this level. For the inherited module, its config value is
875
- # inherited from the ancestor module.
914
+ # Optional. Configuration for the module. For the resident module, its
915
+ # configuration value is defined at this level. For the inherited module, its
916
+ # configuration value is inherited from the ancestor module.
876
917
  # @!attribute [r] ancestor_module
877
918
  # @return [::String]
878
919
  # Output only. The closest ancestor module that this module inherits the
879
920
  # enablement state from. If empty, indicates that the custom module was
880
921
  # created in the requesting parent organization, folder, or project. The
881
- # format is the same as the EventThreatDetectionCustomModule resource name.
922
+ # format is the same as the custom module's resource name.
882
923
  # @!attribute [rw] enablement_state
883
924
  # @return [::Google::Cloud::SecurityCenterManagement::V1::EventThreatDetectionCustomModule::EnablementState]
884
925
  # Optional. The state of enablement for the module at the given level of the
885
926
  # hierarchy.
886
927
  # @!attribute [rw] type
887
928
  # @return [::String]
888
- # Optional. Type for the module. e.g. CONFIGURABLE_BAD_IP.
929
+ # Optional. Type for the module. For example, `CONFIGURABLE_BAD_IP`.
889
930
  # @!attribute [rw] display_name
890
931
  # @return [::String]
891
- # Optional. The human readable name to be displayed for the module.
932
+ # Optional. The human-readable name of the module.
892
933
  # @!attribute [rw] description
893
934
  # @return [::String]
894
- # Optional. The description for the module.
935
+ # Optional. A description of the module.
895
936
  # @!attribute [r] update_time
896
937
  # @return [::Google::Protobuf::Timestamp]
897
938
  # Output only. The time the module was last updated.
@@ -913,63 +954,66 @@ module Google
913
954
  # The module is disabled at the given level.
914
955
  DISABLED = 2
915
956
 
916
- # State is inherited from an ancestor module. The module will either
917
- # be effectively ENABLED or DISABLED based on its closest non-inherited
918
- # ancestor module in the CRM hierarchy. Attempting to set a top level
919
- # module (module with no parent) to the INHERITED state will result in an
920
- # error.
957
+ # State is inherited from an ancestor module. The module will either be
958
+ # effectively `ENABLED` or `DISABLED` based on its closest non-inherited
959
+ # ancestor module in the CRM hierarchy. If you try to set a top-level
960
+ # module (a module with no parent) to the `INHERITED` state, you receive an
961
+ # `INVALID_ARGUMENT` error.
921
962
  INHERITED = 3
922
963
  end
923
964
  end
924
965
 
925
- # Request message for listing Event Threat Detection custom modules.
966
+ # Request message for
967
+ # {::Google::Cloud::SecurityCenterManagement::V1::SecurityCenterManagement::Client#list_event_threat_detection_custom_modules SecurityCenterManagement.ListEventThreatDetectionCustomModules}.
926
968
  # @!attribute [rw] parent
927
969
  # @return [::String]
928
- # Required. Name of parent to list custom modules. Its format is
929
- # `organizations/{organization}/locations/{location}`,
930
- # `folders/{folder}/locations/{location}`,
931
- # or
932
- # `projects/{project}/locations/{location}`
970
+ # Required. Name of parent to list custom modules, in one of the following
971
+ # formats:
972
+ #
973
+ # * `organizations/{organization}/locations/{location}`
974
+ # * `folders/{folder}/locations/{location}`
975
+ # * `projects/{project}/locations/{location}`
933
976
  # @!attribute [rw] page_size
934
977
  # @return [::Integer]
935
978
  # Optional. The maximum number of modules to return. The service may return
936
- # fewer than this value. If unspecified, at most 10 configs will be returned.
979
+ # fewer than this value. If unspecified, at most 10 modules will be returned.
937
980
  # The maximum value is 1000; values above 1000 will be coerced to 1000.
938
981
  # @!attribute [rw] page_token
939
982
  # @return [::String]
940
- # Optional. A page token, received from a previous
941
- # `ListEventThreatDetectionCustomModules` call. Provide this to retrieve the
942
- # subsequent page.
983
+ # Optional. A pagination token returned from a previous request. Provide this
984
+ # token to retrieve the next page of results.
943
985
  #
944
- # When paginating, all other parameters provided to
945
- # `ListEventThreatDetectionCustomModules` must match the call that provided
946
- # the page token.
986
+ # When paginating, the rest of the request must match the request that
987
+ # generated the page token.
947
988
  class ListEventThreatDetectionCustomModulesRequest
948
989
  include ::Google::Protobuf::MessageExts
949
990
  extend ::Google::Protobuf::MessageExts::ClassMethods
950
991
  end
951
992
 
952
- # Response message for listing Event Threat Detection custom modules.
993
+ # Response message for
994
+ # {::Google::Cloud::SecurityCenterManagement::V1::SecurityCenterManagement::Client#list_event_threat_detection_custom_modules SecurityCenterManagement.ListEventThreatDetectionCustomModules}.
953
995
  # @!attribute [rw] event_threat_detection_custom_modules
954
996
  # @return [::Array<::Google::Cloud::SecurityCenterManagement::V1::EventThreatDetectionCustomModule>]
955
- # The list of EventThreatDetectionCustomModules
997
+ # The list of custom modules.
956
998
  # @!attribute [rw] next_page_token
957
999
  # @return [::String]
958
- # A token identifying a page of results the server should return.
1000
+ # A pagination token. To retrieve the next page of results, call the method
1001
+ # again with this token.
959
1002
  class ListEventThreatDetectionCustomModulesResponse
960
1003
  include ::Google::Protobuf::MessageExts
961
1004
  extend ::Google::Protobuf::MessageExts::ClassMethods
962
1005
  end
963
1006
 
964
- # Request message for listing descendant Event Threat Detection custom
965
- # modules.
1007
+ # Request message for
1008
+ # {::Google::Cloud::SecurityCenterManagement::V1::SecurityCenterManagement::Client#list_descendant_event_threat_detection_custom_modules SecurityCenterManagement.ListDescendantEventThreatDetectionCustomModules}.
966
1009
  # @!attribute [rw] parent
967
1010
  # @return [::String]
968
- # Required. Name of parent to list custom modules. Its format is
969
- # `organizations/{organization}/locations/{location}`,
970
- # `folders/{folder}/locations/{location}`,
971
- # or
972
- # `projects/{project}/locations/{location}`
1011
+ # Required. Name of parent to list custom modules, in one of the following
1012
+ # formats:
1013
+ #
1014
+ # * `organizations/{organization}/locations/{location}`
1015
+ # * `folders/{folder}/locations/{location}`
1016
+ # * `projects/{project}/locations/{location}`
973
1017
  # @!attribute [rw] page_size
974
1018
  # @return [::Integer]
975
1019
  # Optional. The maximum number of modules to return. The service may return
@@ -977,62 +1021,74 @@ module Google
977
1021
  # The maximum value is 1000; values above 1000 will be coerced to 1000.
978
1022
  # @!attribute [rw] page_token
979
1023
  # @return [::String]
980
- # Optional. A token identifying a page of results the server should return.
1024
+ # Optional. A pagination token returned from a previous request. Provide this
1025
+ # token to retrieve the next page of results.
1026
+ #
1027
+ # When paginating, the rest of the request must match the request that
1028
+ # generated the page token.
981
1029
  class ListDescendantEventThreatDetectionCustomModulesRequest
982
1030
  include ::Google::Protobuf::MessageExts
983
1031
  extend ::Google::Protobuf::MessageExts::ClassMethods
984
1032
  end
985
1033
 
986
- # Response message for listing descendant Event Threat Detection custom
987
- # modules.
1034
+ # Response message for
1035
+ # {::Google::Cloud::SecurityCenterManagement::V1::SecurityCenterManagement::Client#list_descendant_event_threat_detection_custom_modules SecurityCenterManagement.ListDescendantEventThreatDetectionCustomModules}.
988
1036
  # @!attribute [rw] event_threat_detection_custom_modules
989
1037
  # @return [::Array<::Google::Cloud::SecurityCenterManagement::V1::EventThreatDetectionCustomModule>]
990
- # The list of EventThreatDetectionCustomModules
1038
+ # The list of custom modules.
991
1039
  # @!attribute [rw] next_page_token
992
1040
  # @return [::String]
993
- # A token identifying a page of results the server should return.
1041
+ # A pagination token. To retrieve the next page of results, call the method
1042
+ # again with this token.
994
1043
  class ListDescendantEventThreatDetectionCustomModulesResponse
995
1044
  include ::Google::Protobuf::MessageExts
996
1045
  extend ::Google::Protobuf::MessageExts::ClassMethods
997
1046
  end
998
1047
 
999
- # Message for getting a EventThreatDetectionCustomModule
1048
+ # Request message for
1049
+ # {::Google::Cloud::SecurityCenterManagement::V1::SecurityCenterManagement::Client#get_event_threat_detection_custom_module SecurityCenterManagement.GetEventThreatDetectionCustomModule}.
1000
1050
  # @!attribute [rw] name
1001
1051
  # @return [::String]
1002
- # Required. The resource name of the ETD custom module.
1003
- #
1004
- # Its format is:
1052
+ # Required. The resource name of the Event Threat Detection custom module, in
1053
+ # one of the following formats:
1005
1054
  #
1006
- # * `organizations/{organization}/locations/{location}/eventThreatDetectionCustomModules/{event_threat_detection_custom_module}`.
1007
- # * `folders/{folder}/locations/{location}/eventThreatDetectionCustomModules/{event_threat_detection_custom_module}`.
1008
- # * `projects/{project}/locations/{location}/eventThreatDetectionCustomModules/{event_threat_detection_custom_module}`.
1055
+ # * `organizations/{organization}/locations/{location}/eventThreatDetectionCustomModules/{custom_module}`
1056
+ # * `folders/{folder}/locations/{location}/eventThreatDetectionCustomModules/{custom_module}`
1057
+ # * `projects/{project}/locations/{location}/eventThreatDetectionCustomModules/{custom_module}`
1009
1058
  class GetEventThreatDetectionCustomModuleRequest
1010
1059
  include ::Google::Protobuf::MessageExts
1011
1060
  extend ::Google::Protobuf::MessageExts::ClassMethods
1012
1061
  end
1013
1062
 
1014
- # Message for creating a EventThreatDetectionCustomModule
1063
+ # Request message for
1064
+ # {::Google::Cloud::SecurityCenterManagement::V1::SecurityCenterManagement::Client#create_event_threat_detection_custom_module SecurityCenterManagement.CreateEventThreatDetectionCustomModule}.
1015
1065
  # @!attribute [rw] parent
1016
1066
  # @return [::String]
1017
- # Required. Name of parent for the module. Its format is
1018
- # `organizations/{organization}/locations/{location}`,
1019
- # `folders/{folder}/locations/{location}`,
1020
- # or
1021
- # `projects/{project}/locations/{location}`
1067
+ # Required. Name of parent for the module, in one of the following formats:
1068
+ #
1069
+ # * `organizations/{organization}/locations/{location}`
1070
+ # * `folders/{folder}/locations/{location}`
1071
+ # * `projects/{project}/locations/{location}`
1022
1072
  # @!attribute [rw] event_threat_detection_custom_module
1023
1073
  # @return [::Google::Cloud::SecurityCenterManagement::V1::EventThreatDetectionCustomModule]
1024
1074
  # Required. The module to create. The
1025
- # event_threat_detection_custom_module.name will be ignored and server
1026
- # generated.
1075
+ # {::Google::Cloud::SecurityCenterManagement::V1::EventThreatDetectionCustomModule#name EventThreatDetectionCustomModule.name}
1076
+ # field is ignored; Security Command Center generates the name.
1027
1077
  # @!attribute [rw] validate_only
1028
1078
  # @return [::Boolean]
1029
- # Optional. When set to true, only validations (including IAM checks) will
1030
- # done for the request (no module will be created). An OK response indicates
1031
- # the request is valid while an error response indicates the request is
1032
- # invalid. Note that a subsequent request to actually create the module could
1033
- # still fail because 1. the state could have changed (e.g. IAM permission
1034
- # lost) or
1035
- # 2. A failure occurred during creation of the module.
1079
+ # Optional. When set to `true`, the request will be validated (including IAM
1080
+ # checks), but no module will be created. An `OK` response indicates that the
1081
+ # request is valid, while an error response indicates that the request is
1082
+ # invalid.
1083
+ #
1084
+ # If the request is valid, a subsequent request to create the module could
1085
+ # still fail for one of the following reasons:
1086
+ #
1087
+ # * The state of your cloud resources changed; for example, you lost a
1088
+ # required IAM permission
1089
+ # * An error occurred during creation of the module
1090
+ #
1091
+ # Defaults to `false`.
1036
1092
  class CreateEventThreatDetectionCustomModuleRequest
1037
1093
  include ::Google::Protobuf::MessageExts
1038
1094
  extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -1041,73 +1097,82 @@ module Google
1041
1097
  # Message for updating a EventThreatDetectionCustomModule
1042
1098
  # @!attribute [rw] update_mask
1043
1099
  # @return [::Google::Protobuf::FieldMask]
1044
- # Required. Field mask is used to specify the fields to be overwritten in the
1045
- # EventThreatDetectionCustomModule resource by the update.
1046
- # The fields specified in the update_mask are relative to the resource, not
1047
- # the full request. A field will be overwritten if it is in the mask. If the
1048
- # user does not provide a mask then all fields will be overwritten.
1100
+ # Required. The fields to update. If omitted, then all fields are updated.
1049
1101
  # @!attribute [rw] event_threat_detection_custom_module
1050
1102
  # @return [::Google::Cloud::SecurityCenterManagement::V1::EventThreatDetectionCustomModule]
1051
- # Required. The module being updated
1103
+ # Required. The module being updated.
1052
1104
  # @!attribute [rw] validate_only
1053
1105
  # @return [::Boolean]
1054
- # Optional. When set to true, only validations (including IAM checks) will
1055
- # done for the request (module will not be updated). An OK response indicates
1056
- # the request is valid while an error response indicates the request is
1057
- # invalid. Note that a subsequent request to actually update the module could
1058
- # still fail because 1. the state could have changed (e.g. IAM permission
1059
- # lost) or
1060
- # 2. A failure occurred while trying to update the module.
1106
+ # Optional. When set to `true`, the request will be validated (including IAM
1107
+ # checks), but no module will be updated. An `OK` response indicates that the
1108
+ # request is valid, while an error response indicates that the request is
1109
+ # invalid.
1110
+ #
1111
+ # If the request is valid, a subsequent request to update the module could
1112
+ # still fail for one of the following reasons:
1113
+ #
1114
+ # * The state of your cloud resources changed; for example, you lost a
1115
+ # required IAM permission
1116
+ # * An error occurred during creation of the module
1117
+ #
1118
+ # Defaults to `false`.
1061
1119
  class UpdateEventThreatDetectionCustomModuleRequest
1062
1120
  include ::Google::Protobuf::MessageExts
1063
1121
  extend ::Google::Protobuf::MessageExts::ClassMethods
1064
1122
  end
1065
1123
 
1066
- # Message for deleting a EventThreatDetectionCustomModule
1124
+ # Request message for
1125
+ # {::Google::Cloud::SecurityCenterManagement::V1::SecurityCenterManagement::Client#delete_event_threat_detection_custom_module SecurityCenterManagement.DeleteEventThreatDetectionCustomModule}.
1067
1126
  # @!attribute [rw] name
1068
1127
  # @return [::String]
1069
- # Required. The resource name of the ETD custom module.
1070
- #
1071
- # Its format is:
1128
+ # Required. The resource name of the Event Threat Detection custom module, in
1129
+ # one of the following formats:
1072
1130
  #
1073
- # * `organizations/{organization}/locations/{location}/eventThreatDetectionCustomModules/{event_threat_detection_custom_module}`.
1074
- # * `folders/{folder}/locations/{location}/eventThreatDetectionCustomModules/{event_threat_detection_custom_module}`.
1075
- # * `projects/{project}/locations/{location}/eventThreatDetectionCustomModules/{event_threat_detection_custom_module}`.
1131
+ # * `organizations/{organization}/locations/{location}/eventThreatDetectionCustomModules/{custom_module}`
1132
+ # * `folders/{folder}/locations/{location}/eventThreatDetectionCustomModules/{custom_module}`
1133
+ # * `projects/{project}/locations/{location}/eventThreatDetectionCustomModules/{custom_module}`
1076
1134
  # @!attribute [rw] validate_only
1077
1135
  # @return [::Boolean]
1078
- # Optional. When set to true, only validations (including IAM checks) will
1079
- # done for the request (module will not be deleted). An OK response indicates
1080
- # the request is valid while an error response indicates the request is
1081
- # invalid. Note that a subsequent request to actually delete the module could
1082
- # still fail because 1. the state could have changed (e.g. IAM permission
1083
- # lost) or
1084
- # 2. A failure occurred while trying to delete the module.
1136
+ # Optional. When set to `true`, the request will be validated (including IAM
1137
+ # checks), but no module will be deleted. An `OK` response indicates that the
1138
+ # request is valid, while an error response indicates that the request is
1139
+ # invalid.
1140
+ #
1141
+ # If the request is valid, a subsequent request to delete the module could
1142
+ # still fail for one of the following reasons:
1143
+ #
1144
+ # * The state of your cloud resources changed; for example, you lost a
1145
+ # required IAM permission
1146
+ # * An error occurred during creation of the module
1147
+ #
1148
+ # Defaults to `false`.
1085
1149
  class DeleteEventThreatDetectionCustomModuleRequest
1086
1150
  include ::Google::Protobuf::MessageExts
1087
1151
  extend ::Google::Protobuf::MessageExts::ClassMethods
1088
1152
  end
1089
1153
 
1090
- # Request to validate an Event Threat Detection custom module.
1154
+ # Request message for
1155
+ # {::Google::Cloud::SecurityCenterManagement::V1::SecurityCenterManagement::Client#validate_event_threat_detection_custom_module SecurityCenterManagement.ValidateEventThreatDetectionCustomModule}.
1091
1156
  # @!attribute [rw] parent
1092
1157
  # @return [::String]
1093
- # Required. Resource name of the parent to validate the Custom Module under.
1158
+ # Required. Resource name of the parent to validate the custom modules under,
1159
+ # in one of the following formats:
1094
1160
  #
1095
- # Its format is:
1096
- #
1097
- # * `organizations/{organization}/locations/{location}`.
1161
+ # * `organizations/{organization}/locations/{location}`
1098
1162
  # @!attribute [rw] raw_text
1099
1163
  # @return [::String]
1100
1164
  # Required. The raw text of the module's contents. Used to generate error
1101
1165
  # messages.
1102
1166
  # @!attribute [rw] type
1103
1167
  # @return [::String]
1104
- # Required. The type of the module (e.g. CONFIGURABLE_BAD_IP).
1168
+ # Required. The type of the module. For example, `CONFIGURABLE_BAD_IP`.
1105
1169
  class ValidateEventThreatDetectionCustomModuleRequest
1106
1170
  include ::Google::Protobuf::MessageExts
1107
1171
  extend ::Google::Protobuf::MessageExts::ClassMethods
1108
1172
  end
1109
1173
 
1110
- # Response to validating an Event Threat Detection custom module.
1174
+ # Response message for
1175
+ # {::Google::Cloud::SecurityCenterManagement::V1::SecurityCenterManagement::Client#validate_event_threat_detection_custom_module SecurityCenterManagement.ValidateEventThreatDetectionCustomModule}.
1111
1176
  # @!attribute [rw] errors
1112
1177
  # @return [::Array<::Google::Cloud::SecurityCenterManagement::V1::ValidateEventThreatDetectionCustomModuleResponse::CustomModuleValidationError>]
1113
1178
  # A list of errors returned by the validator. If the list is empty, there
@@ -1117,24 +1182,25 @@ module Google
1117
1182
  extend ::Google::Protobuf::MessageExts::ClassMethods
1118
1183
 
1119
1184
  # An error encountered while validating the uploaded configuration of an
1120
- # Event Threat Detection Custom Module.
1185
+ # Event Threat Detection custom module.
1121
1186
  # @!attribute [rw] description
1122
1187
  # @return [::String]
1123
- # A description of the error, suitable for human consumption. Required.
1188
+ # A human-readable description of the error.
1124
1189
  # @!attribute [rw] field_path
1125
1190
  # @return [::String]
1126
- # The path, in RFC 8901 JSON Pointer format, to the field that failed
1127
- # validation. This may be left empty if no specific field is affected.
1191
+ # The path, in [RFC 6901: JSON
1192
+ # Pointer](https://datatracker.ietf.org/doc/html/rfc6901) format, to the
1193
+ # field that failed validation. Omitted if no specific field is affected.
1128
1194
  # @!attribute [rw] start
1129
1195
  # @return [::Google::Cloud::SecurityCenterManagement::V1::ValidateEventThreatDetectionCustomModuleResponse::Position]
1130
1196
  # The initial position of the error in the uploaded text version of the
1131
- # module. This field may be omitted if no specific position applies, or if
1132
- # one could not be computed.
1197
+ # module. Omitted if no specific position applies, or if the position could
1198
+ # not be computed.
1133
1199
  # @!attribute [rw] end
1134
1200
  # @return [::Google::Cloud::SecurityCenterManagement::V1::ValidateEventThreatDetectionCustomModuleResponse::Position]
1135
- # The end position of the error in the uploaded text version of the
1136
- # module. This field may be omitted if no specific position applies, or if
1137
- # one could not be computed..
1201
+ # The end position of the error in the uploaded text version of the module.
1202
+ # Omitted if no specific position applies, or if the position could not be
1203
+ # computed.
1138
1204
  class CustomModuleValidationError
1139
1205
  include ::Google::Protobuf::MessageExts
1140
1206
  extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -1143,100 +1209,115 @@ module Google
1143
1209
  # A position in the uploaded text version of a module.
1144
1210
  # @!attribute [rw] line_number
1145
1211
  # @return [::Integer]
1146
- # The line position in the text
1212
+ # The line position in the text.
1147
1213
  # @!attribute [rw] column_number
1148
1214
  # @return [::Integer]
1149
- # The column position in the line
1215
+ # The column position in the line.
1150
1216
  class Position
1151
1217
  include ::Google::Protobuf::MessageExts
1152
1218
  extend ::Google::Protobuf::MessageExts::ClassMethods
1153
1219
  end
1154
1220
  end
1155
1221
 
1156
- # Request message for getting a Security Command Center service.
1222
+ # Request message for
1223
+ # {::Google::Cloud::SecurityCenterManagement::V1::SecurityCenterManagement::Client#get_security_center_service SecurityCenterManagement.GetSecurityCenterService}.
1157
1224
  # @!attribute [rw] name
1158
1225
  # @return [::String]
1159
- # Required. The Security Command Center service to retrieve.
1226
+ # Required. The Security Command Center service to retrieve, in one of the
1227
+ # following formats:
1160
1228
  #
1161
- # Formats:
1229
+ # * organizations/\\{organization}/locations/\\{location}/securityCenterServices/\\{service}
1230
+ # * folders/\\{folder}/locations/\\{location}/securityCenterServices/\\{service}
1231
+ # * projects/\\{project}/locations/\\{location}/securityCenterServices/\\{service}
1162
1232
  #
1163
- # * organizations/\\{organization}/locations/\\{location}/securityCenterServices/\\{service}
1164
- # * folders/\\{folder}/locations/\\{location}/securityCenterServices/\\{service}
1165
- # * projects/\\{project}/locations/\\{location}/securityCenterServices/\\{service}
1233
+ # The following values are valid for `{service}`:
1166
1234
  #
1167
- # The possible values for id \\{service} are:
1168
- #
1169
- # * container-threat-detection
1170
- # * event-threat-detection
1171
- # * security-health-analytics
1172
- # * vm-threat-detection
1173
- # * web-security-scanner
1235
+ # * `container-threat-detection`
1236
+ # * `event-threat-detection`
1237
+ # * `security-health-analytics`
1238
+ # * `vm-threat-detection`
1239
+ # * `web-security-scanner`
1174
1240
  # @!attribute [rw] show_eligible_modules_only
1175
1241
  # @return [::Boolean]
1176
- # Flag that, when set, will be used to filter the ModuleSettings that are
1177
- # in scope. The default setting is that all modules will be shown.
1242
+ # Set to `true` to show only modules that are in scope. By default, all
1243
+ # modules are shown.
1178
1244
  class GetSecurityCenterServiceRequest
1179
1245
  include ::Google::Protobuf::MessageExts
1180
1246
  extend ::Google::Protobuf::MessageExts::ClassMethods
1181
1247
  end
1182
1248
 
1183
- # Request message for listing Security Command Center services.
1249
+ # Request message for
1250
+ # {::Google::Cloud::SecurityCenterManagement::V1::SecurityCenterManagement::Client#list_security_center_services SecurityCenterManagement.ListSecurityCenterServices}.
1184
1251
  # @!attribute [rw] parent
1185
1252
  # @return [::String]
1186
- # Required. The name of the parent to list Security Command Center services.
1187
- #
1188
- # Formats:
1253
+ # Required. The name of the parent to list Security Command Center services,
1254
+ # in one of the following formats:
1189
1255
  #
1190
- # * organizations/\\{organization}/locations/\\{location}
1191
- # * folders/\\{folder}/locations/\\{location}
1192
- # * projects/\\{project}/locations/\\{location}
1256
+ # * `organizations/{organization}/locations/{location}`
1257
+ # * `folders/{folder}/locations/{location}`
1258
+ # * `projects/{project}/locations/{location}`
1193
1259
  # @!attribute [rw] page_size
1194
1260
  # @return [::Integer]
1195
1261
  # Optional. The maximum number of results to return in a single response.
1196
1262
  # Default is 10, minimum is 1, maximum is 1000.
1197
1263
  # @!attribute [rw] page_token
1198
1264
  # @return [::String]
1199
- # Optional. The value returned by the last call indicating a continuation.
1265
+ # Optional. A pagination token returned from a previous request. Provide this
1266
+ # token to retrieve the next page of results.
1267
+ #
1268
+ # When paginating, the rest of the request must match the request that
1269
+ # generated the page token.
1200
1270
  # @!attribute [rw] show_eligible_modules_only
1201
1271
  # @return [::Boolean]
1202
- # Flag that, when set, will be used to filter the ModuleSettings that are
1203
- # in scope. The default setting is that all modules will be shown.
1272
+ # Flag that, when set, is used to filter the module settings that are shown.
1273
+ # The default setting is that all modules are shown.
1204
1274
  class ListSecurityCenterServicesRequest
1205
1275
  include ::Google::Protobuf::MessageExts
1206
1276
  extend ::Google::Protobuf::MessageExts::ClassMethods
1207
1277
  end
1208
1278
 
1209
- # Response message for listing Security Command Center services.
1279
+ # Response message for
1280
+ # {::Google::Cloud::SecurityCenterManagement::V1::SecurityCenterManagement::Client#list_security_center_services SecurityCenterManagement.ListSecurityCenterServices}.
1210
1281
  # @!attribute [rw] security_center_services
1211
1282
  # @return [::Array<::Google::Cloud::SecurityCenterManagement::V1::SecurityCenterService>]
1212
1283
  # The list of services.
1213
1284
  # @!attribute [rw] next_page_token
1214
1285
  # @return [::String]
1215
- # A token identifying a page of results the server should return.
1286
+ # A pagination token. To retrieve the next page of results, call the method
1287
+ # again with this token.
1216
1288
  class ListSecurityCenterServicesResponse
1217
1289
  include ::Google::Protobuf::MessageExts
1218
1290
  extend ::Google::Protobuf::MessageExts::ClassMethods
1219
1291
  end
1220
1292
 
1221
- # Request message for updating a Security Command Center service.
1293
+ # Request message for
1294
+ # {::Google::Cloud::SecurityCenterManagement::V1::SecurityCenterManagement::Client#update_security_center_service SecurityCenterManagement.UpdateSecurityCenterService}.
1222
1295
  # @!attribute [rw] security_center_service
1223
1296
  # @return [::Google::Cloud::SecurityCenterManagement::V1::SecurityCenterService]
1224
1297
  # Required. The updated service.
1225
1298
  # @!attribute [rw] update_mask
1226
1299
  # @return [::Google::Protobuf::FieldMask]
1227
- # Required. The list of fields to be updated. Possible values:
1300
+ # Required. The fields to update. Accepts the following values:
1301
+ #
1302
+ # * `intended_enablement_state`
1303
+ # * `modules`
1228
1304
  #
1229
- # * "intended_enablement_state"
1230
- # * "modules"
1305
+ # If omitted, then all eligible fields are updated.
1231
1306
  # @!attribute [rw] validate_only
1232
1307
  # @return [::Boolean]
1233
- # Optional. When set to true, only validations (including IAM checks) will be
1234
- # done for the request (service will not be updated). An OK response
1235
- # indicates that the request is valid, while an error response indicates that
1236
- # the request is invalid. Note that a subsequent request to actually update
1237
- # the service could still fail for one of the following reasons:
1238
- # - The state could have changed (e.g. IAM permission lost).
1239
- # - A failure occurred while trying to delete the module.
1308
+ # Optional. When set to `true`, the request will be validated (including IAM
1309
+ # checks), but no service will be updated. An `OK` response indicates that
1310
+ # the request is valid, while an error response indicates that the request is
1311
+ # invalid.
1312
+ #
1313
+ # If the request is valid, a subsequent request to update the service could
1314
+ # still fail for one of the following reasons:
1315
+ #
1316
+ # * The state of your cloud resources changed; for example, you lost a
1317
+ # required IAM permission
1318
+ # * An error occurred during update of the service
1319
+ #
1320
+ # Defaults to `false`.
1240
1321
  class UpdateSecurityCenterServiceRequest
1241
1322
  include ::Google::Protobuf::MessageExts
1242
1323
  extend ::Google::Protobuf::MessageExts::ClassMethods