google-cloud-security_center_management-v1 1.0.1 → 1.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -25,49 +25,47 @@ module Google
25
25
  # settings information such as top-level enablement in addition to individual
26
26
  # module settings. Service settings can be configured at the organization,
27
27
  # folder, or project level. Service settings at the organization or folder
28
- # level are inherited by those in child folders and projects.
28
+ # level are inherited by those in descendant folders and projects.
29
29
  # @!attribute [rw] name
30
30
  # @return [::String]
31
- # Identifier. The name of the service.
31
+ # Identifier. The name of the service, in one of the following formats:
32
32
  #
33
- # Its format is:
33
+ # * `organizations/{organization}/locations/{location}/securityCenterServices/{service}`
34
+ # * `folders/{folder}/locations/{location}/securityCenterServices/{service}`
35
+ # * `projects/{project}/locations/{location}/securityCenterServices/{service}`
34
36
  #
35
- # * organizations/\\{organization}/locations/\\{location}/securityCenterServices/\\{service}
36
- # * folders/\\{folder}/locations/\\{location}/securityCenterServices/\\{service}
37
- # * projects/\\{project}/locations/\\{location}/securityCenterServices/\\{service}
37
+ # The following values are valid for `{service}`:
38
38
  #
39
- # The possible values for id \\{service} are:
40
- #
41
- # * container-threat-detection
42
- # * event-threat-detection
43
- # * security-health-analytics
44
- # * vm-threat-detection
45
- # * web-security-scanner
39
+ # * `container-threat-detection`
40
+ # * `event-threat-detection`
41
+ # * `security-health-analytics`
42
+ # * `vm-threat-detection`
43
+ # * `web-security-scanner`
46
44
  # @!attribute [rw] intended_enablement_state
47
45
  # @return [::Google::Cloud::SecurityCenterManagement::V1::SecurityCenterService::EnablementState]
48
- # Optional. The intended state of enablement for the service at its level of
49
- # the resource hierarchy. A DISABLED state will override all module
50
- # enablement_states to DISABLED.
46
+ # Optional. The intended enablement state for the service at its level of the
47
+ # resource hierarchy. A `DISABLED` state will override all module enablement
48
+ # states to `DISABLED`.
51
49
  # @!attribute [r] effective_enablement_state
52
50
  # @return [::Google::Cloud::SecurityCenterManagement::V1::SecurityCenterService::EnablementState]
53
51
  # Output only. The effective enablement state for the service at its level of
54
- # the resource hierarchy. If the intended state is set to INHERITED, the
52
+ # the resource hierarchy. If the intended state is set to `INHERITED`, the
55
53
  # effective state will be inherited from the enablement state of an ancestor.
56
54
  # This state may differ from the intended enablement state due to billing
57
55
  # eligibility or onboarding status.
58
56
  # @!attribute [rw] modules
59
57
  # @return [::Google::Protobuf::Map{::String => ::Google::Cloud::SecurityCenterManagement::V1::SecurityCenterService::ModuleSettings}]
60
- # Optional. The configurations including the state of enablement for the
61
- # service's different modules. The absence of a module in the map implies its
58
+ # Optional. The module configurations, including the enablement state for the
59
+ # service's modules. The absence of a module in the map implies that its
62
60
  # configuration is inherited from its parents.
63
61
  # @!attribute [r] update_time
64
62
  # @return [::Google::Protobuf::Timestamp]
65
63
  # Output only. The time the service was last updated. This could be due to an
66
- # explicit user update or due to a side effect of another system change such
64
+ # explicit user update or due to a side effect of another system change, such
67
65
  # as billing subscription expiry.
68
66
  # @!attribute [rw] service_config
69
67
  # @return [::Google::Protobuf::Struct]
70
- # Optional. Additional service specific configuration. Not all services will
68
+ # Optional. Additional service-specific configuration. Not all services will
71
69
  # utilize this field.
72
70
  class SecurityCenterService
73
71
  include ::Google::Protobuf::MessageExts
@@ -76,16 +74,15 @@ module Google
76
74
  # The settings for individual modules.
77
75
  # @!attribute [rw] intended_enablement_state
78
76
  # @return [::Google::Cloud::SecurityCenterManagement::V1::SecurityCenterService::EnablementState]
79
- # Optional. The intended state of enablement for the module at its level of
77
+ # Optional. The intended enablement state for the module at its level of
80
78
  # the resource hierarchy.
81
79
  # @!attribute [r] effective_enablement_state
82
80
  # @return [::Google::Cloud::SecurityCenterManagement::V1::SecurityCenterService::EnablementState]
83
81
  # Output only. The effective enablement state for the module at its level
84
- # of the resource hierarchy. If the intended state is set to INHERITED, the
85
- # effective state will be inherited from the enablement state of an
86
- # ancestor. This state may
87
- # differ from the intended enablement state due to billing eligibility or
88
- # onboarding status.
82
+ # of the resource hierarchy. If the intended state is set to `INHERITED`,
83
+ # the effective state will be inherited from the enablement state of an
84
+ # ancestor. This state may differ from the intended enablement state due to
85
+ # billing eligibility or onboarding status.
89
86
  class ModuleSettings
90
87
  include ::Google::Protobuf::MessageExts
91
88
  extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -100,14 +97,13 @@ module Google
100
97
  extend ::Google::Protobuf::MessageExts::ClassMethods
101
98
  end
102
99
 
103
- # Represents the possible intended states of enablement for a service or
104
- # module.
100
+ # Represents the possible enablement states for a service or module.
105
101
  module EnablementState
106
102
  # Default value. This value is unused.
107
103
  ENABLEMENT_STATE_UNSPECIFIED = 0
108
104
 
109
- # State is inherited from the parent resource. Not a valid effective
110
- # enablement state.
105
+ # State is inherited from the parent resource. Valid as an intended
106
+ # enablement state, but not as an effective enablement state.
111
107
  INHERITED = 1
112
108
 
113
109
  # State is enabled.
@@ -116,36 +112,35 @@ module Google
116
112
  # State is disabled.
117
113
  DISABLED = 3
118
114
 
119
- # SCC is configured to ingest findings from this service but not enable
120
- # this service. Not a valid intended_enablement_state (that is, this is a
121
- # readonly state).
115
+ # Security Command Center is configured to ingest findings from this
116
+ # service, but not to enable this service. This state indicates that
117
+ # Security Command Center is misconfigured. You can't set this state
118
+ # yourself.
122
119
  INGEST_ONLY = 4
123
120
  end
124
121
  end
125
122
 
126
- # An EffectiveSecurityHealthAnalyticsCustomModule is the representation of
127
- # a Security Health Analytics custom module at a specified level of the
128
- # resource hierarchy: organization, folder, or project. If a custom module is
129
- # inherited from a parent organization or folder, the value of the
130
- # `enablementState` property in EffectiveSecurityHealthAnalyticsCustomModule is
131
- # set to the value that is effective in the parent, instead of `INHERITED`.
132
- # For example, if the module is enabled in a parent organization or folder, the
133
- # effective enablement_state for the module in all child folders or projects is
134
- # also `enabled`. EffectiveSecurityHealthAnalyticsCustomModule is read-only.
123
+ # The representation of a Security Health Analytics custom module at a
124
+ # specified level of the resource hierarchy: organization, folder, or project.
125
+ # If a custom module is inherited from an ancestor organization or folder, then
126
+ # the enablement state is set to the value that is effective in the parent, not
127
+ # to `INHERITED`. For example, if the module is enabled in an organization or
128
+ # folder, then the effective enablement state for the module is `ENABLED` in
129
+ # all descendant folders or projects.
135
130
  # @!attribute [rw] name
136
131
  # @return [::String]
137
- # Identifier. The full resource name of the custom module, specified in one
138
- # of the following formats:
132
+ # Identifier. The full resource name of the custom module, in one of the
133
+ # following formats:
139
134
  #
140
- # * `organizations/organization/{location}/effectiveSecurityHealthAnalyticsCustomModules/{effective_security_health_analytics_custom_module}`
141
- # * `folders/folder/{location}/effectiveSecurityHealthAnalyticsCustomModules/{effective_security_health_analytics_custom_module}`
142
- # * `projects/project/{location}/effectiveSecurityHealthAnalyticsCustomModules/{effective_security_health_analytics_custom_module}`
135
+ # * `organizations/organization/{location}/effectiveSecurityHealthAnalyticsCustomModules/{custom_module}`
136
+ # * `folders/folder/{location}/effectiveSecurityHealthAnalyticsCustomModules/{custom_module}`
137
+ # * `projects/project/{location}/effectiveSecurityHealthAnalyticsCustomModules/{custom_module}`
143
138
  # @!attribute [r] custom_config
144
139
  # @return [::Google::Cloud::SecurityCenterManagement::V1::CustomConfig]
145
140
  # Output only. The user-specified configuration for the module.
146
141
  # @!attribute [r] enablement_state
147
142
  # @return [::Google::Cloud::SecurityCenterManagement::V1::EffectiveSecurityHealthAnalyticsCustomModule::EnablementState]
148
- # Output only. The effective state of enablement for the module at the given
143
+ # Output only. The effective enablement state for the module at the given
149
144
  # level of the hierarchy.
150
145
  # @!attribute [r] display_name
151
146
  # @return [::String]
@@ -158,7 +153,7 @@ module Google
158
153
 
159
154
  # The enablement state of the module.
160
155
  module EnablementState
161
- # Unspecified enablement state.
156
+ # Default value. This value is unused.
162
157
  ENABLEMENT_STATE_UNSPECIFIED = 0
163
158
 
164
159
  # The module is enabled at the given level.
@@ -169,50 +164,56 @@ module Google
169
164
  end
170
165
  end
171
166
 
172
- # Request message for listing effective Security Health Analytics custom
173
- # modules.
167
+ # Request message for
168
+ # {::Google::Cloud::SecurityCenterManagement::V1::SecurityCenterManagement::Client#list_effective_security_health_analytics_custom_modules SecurityCenterManagement.ListEffectiveSecurityHealthAnalyticsCustomModules}.
174
169
  # @!attribute [rw] parent
175
170
  # @return [::String]
176
- # Required. Name of parent to list effective custom modules. specified in one
177
- # of the following formats:
171
+ # Required. Name of parent to list effective custom modules, in one of the
172
+ # following formats:
173
+ #
178
174
  # * `organizations/{organization}/locations/{location}`
179
175
  # * `folders/{folder}/locations/{location}`
180
- # or
181
- # `projects/{project}/locations/{location}`
176
+ # * `projects/{project}/locations/{location}`
182
177
  # @!attribute [rw] page_size
183
178
  # @return [::Integer]
184
179
  # Optional. The maximum number of results to return in a single response.
185
180
  # Default is 10, minimum is 1, maximum is 1000.
186
181
  # @!attribute [rw] page_token
187
182
  # @return [::String]
188
- # Optional. The value returned by the last call indicating a continuation.
183
+ # Optional. A pagination token returned from a previous request. Provide this
184
+ # token to retrieve the next page of results.
185
+ #
186
+ # When paginating, the rest of the request must match the request that
187
+ # generated the page token.
189
188
  class ListEffectiveSecurityHealthAnalyticsCustomModulesRequest
190
189
  include ::Google::Protobuf::MessageExts
191
190
  extend ::Google::Protobuf::MessageExts::ClassMethods
192
191
  end
193
192
 
194
- # Response message for listing effective Security Health Analytics custom
195
- # modules.
193
+ # Response message for
194
+ # {::Google::Cloud::SecurityCenterManagement::V1::SecurityCenterManagement::Client#list_effective_security_health_analytics_custom_modules SecurityCenterManagement.ListEffectiveSecurityHealthAnalyticsCustomModules}.
196
195
  # @!attribute [rw] effective_security_health_analytics_custom_modules
197
196
  # @return [::Array<::Google::Cloud::SecurityCenterManagement::V1::EffectiveSecurityHealthAnalyticsCustomModule>]
198
- # The list of EffectiveSecurityHealthAnalyticsCustomModule
197
+ # The list of effective Security Health Analytics custom modules.
199
198
  # @!attribute [rw] next_page_token
200
199
  # @return [::String]
201
- # A token identifying a page of results the server should return.
200
+ # A pagination token. To retrieve the next page of results, call the method
201
+ # again with this token.
202
202
  class ListEffectiveSecurityHealthAnalyticsCustomModulesResponse
203
203
  include ::Google::Protobuf::MessageExts
204
204
  extend ::Google::Protobuf::MessageExts::ClassMethods
205
205
  end
206
206
 
207
- # Message for getting a EffectiveSecurityHealthAnalyticsCustomModule
207
+ # Request message for
208
+ # {::Google::Cloud::SecurityCenterManagement::V1::SecurityCenterManagement::Client#get_effective_security_health_analytics_custom_module SecurityCenterManagement.GetEffectiveSecurityHealthAnalyticsCustomModule}.
208
209
  # @!attribute [rw] name
209
210
  # @return [::String]
210
211
  # Required. The full resource name of the custom module, specified in one of
211
212
  # the following formats:
212
213
  #
213
- # * `organizations/organization/{location}/effectiveSecurityHealthAnalyticsCustomModules/{effective_security_health_analytics_custom_module}`
214
- # * `folders/folder/{location}/effectiveSecurityHealthAnalyticsCustomModules/{effective_security_health_analytics_custom_module}`
215
- # * `projects/project/{location}/effectiveSecurityHealthAnalyticsCustomModules/{effective_security_health_analytics_custom_module}`
214
+ # * `organizations/organization/{location}/effectiveSecurityHealthAnalyticsCustomModules/{custom_module}`
215
+ # * `folders/folder/{location}/effectiveSecurityHealthAnalyticsCustomModules/{custom_module}`
216
+ # * `projects/project/{location}/effectiveSecurityHealthAnalyticsCustomModules/{custom_module}`
216
217
  class GetEffectiveSecurityHealthAnalyticsCustomModuleRequest
217
218
  include ::Google::Protobuf::MessageExts
218
219
  extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -222,20 +223,21 @@ module Google
222
223
  # including its full module name, display name, enablement state, and last
223
224
  # updated time. You can create a custom module at the organization, folder, or
224
225
  # project level. Custom modules that you create at the organization or folder
225
- # level are inherited by the child folders and projects.
226
+ # level are inherited by the descendant folders and projects.
226
227
  # @!attribute [rw] name
227
228
  # @return [::String]
228
- # Identifier. The full resource name of the custom module, specified in one
229
- # of the following formats:
230
- # * `organizations/{organization}/locations/{location}/securityHealthAnalyticsCustomModules/{security_health_analytics_custom_module}`
231
- # * `folders/{folder}/locations/{location}/securityHealthAnalyticsCustomModules/{security_health_analytics_custom_module}`
232
- # * `projects/{project}/locations/{location}/securityHealthAnalyticsCustomModules/{security_health_analytics_custom_module}`
229
+ # Identifier. The full resource name of the custom module, in one of the
230
+ # following formats:
231
+ #
232
+ # * `organizations/{organization}/locations/{location}/securityHealthAnalyticsCustomModules/{custom_module}`
233
+ # * `folders/{folder}/locations/{location}/securityHealthAnalyticsCustomModules/{custom_module}`
234
+ # * `projects/{project}/locations/{location}/securityHealthAnalyticsCustomModules/{custom_module}`
233
235
  # @!attribute [rw] display_name
234
236
  # @return [::String]
235
237
  # Optional. The display name of the Security Health Analytics custom module.
236
238
  # This display name becomes the finding category for all findings that are
237
- # returned by this custom module. The display name must be between 1 and
238
- # 128 characters, start with a lowercase letter, and contain alphanumeric
239
+ # returned by this custom module. The display name must be between 1 and 128
240
+ # characters, start with a lowercase letter, and contain alphanumeric
239
241
  # characters or underscores only.
240
242
  # @!attribute [rw] enablement_state
241
243
  # @return [::Google::Cloud::SecurityCenterManagement::V1::SecurityHealthAnalyticsCustomModule::EnablementState]
@@ -254,27 +256,27 @@ module Google
254
256
  # module.
255
257
  # @!attribute [rw] custom_config
256
258
  # @return [::Google::Cloud::SecurityCenterManagement::V1::CustomConfig]
257
- # Optional. The user specified custom configuration for the module.
259
+ # Optional. The user-specified custom configuration for the module.
258
260
  class SecurityHealthAnalyticsCustomModule
259
261
  include ::Google::Protobuf::MessageExts
260
262
  extend ::Google::Protobuf::MessageExts::ClassMethods
261
263
 
262
264
  # Possible enablement states of a custom module.
263
265
  module EnablementState
264
- # Unspecified enablement state.
266
+ # Default value. This value is unused.
265
267
  ENABLEMENT_STATE_UNSPECIFIED = 0
266
268
 
267
- # The module is enabled at the given CRM resource.
269
+ # The module is enabled at the given organization, folder, or project.
268
270
  ENABLED = 1
269
271
 
270
- # The module is disabled at the given CRM resource.
272
+ # The module is disabled at the given organization, folder, or project.
271
273
  DISABLED = 2
272
274
 
273
275
  # State is inherited from an ancestor module. The module will either
274
- # be effectively ENABLED or DISABLED based on its closest non-inherited
275
- # ancestor module in the CRM hierarchy. Attempting to set a top level
276
- # module (module with no parent) to the INHERITED state will result in an
277
- # INVALID_ARGUMENT error.
276
+ # be effectively `ENABLED` or `DISABLED` based on its closest non-inherited
277
+ # ancestor module in the resource hierarchy. If you try to set a top-level
278
+ # module (a module with no parent) to the `INHERITED` state, you receive an
279
+ # `INVALID_ARGUMENT` error.
278
280
  INHERITED = 3
279
281
  end
280
282
  end
@@ -284,8 +286,9 @@ module Google
284
286
  # detectors that generate custom findings for resources that you specify.
285
287
  # @!attribute [rw] predicate
286
288
  # @return [::Google::Type::Expr]
287
- # Optional. The CEL expression to evaluate to produce findings. When the
288
- # expression evaluates to true against a resource, a finding is generated.
289
+ # Optional. The Common Expression Language (CEL) expression to evaluate to
290
+ # produce findings. When the expression evaluates to `true` against a
291
+ # resource, a finding is generated.
289
292
  # @!attribute [rw] custom_output
290
293
  # @return [::Google::Cloud::SecurityCenterManagement::V1::CustomConfig::CustomOutputSpec]
291
294
  # Optional. Custom output properties.
@@ -308,16 +311,14 @@ module Google
308
311
  # @return [::String]
309
312
  # Optional. An explanation of the recommended steps that security teams can
310
313
  # take to resolve the detected issue. This explanation is returned with each
311
- # finding generated by this module in the `nextSteps` property of the finding
312
- # JSON.
314
+ # finding generated by this module.
313
315
  class CustomConfig
314
316
  include ::Google::Protobuf::MessageExts
315
317
  extend ::Google::Protobuf::MessageExts::ClassMethods
316
318
 
317
319
  # A set of optional name-value pairs that define custom source properties to
318
320
  # return with each finding that is generated by the custom module. The custom
319
- # source properties that are defined here are included in the finding JSON
320
- # under `sourceProperties`.
321
+ # source properties that are defined here are included in the finding.
321
322
  # @!attribute [rw] properties
322
323
  # @return [::Array<::Google::Cloud::SecurityCenterManagement::V1::CustomConfig::CustomOutputSpec::Property>]
323
324
  # Optional. A list of custom output properties to add to the finding.
@@ -351,7 +352,7 @@ module Google
351
352
 
352
353
  # Defines the valid value options for the severity of a finding.
353
354
  module Severity
354
- # Unspecified severity.
355
+ # Default value. This value is unused.
355
356
  SEVERITY_UNSPECIFIED = 0
356
357
 
357
358
  # Critical severity.
@@ -368,11 +369,12 @@ module Google
368
369
  end
369
370
  end
370
371
 
371
- # Request message for listing Security Health Analytics custom modules.
372
+ # Request message for
373
+ # {::Google::Cloud::SecurityCenterManagement::V1::SecurityCenterManagement::Client#list_security_health_analytics_custom_modules SecurityCenterManagement.ListSecurityHealthAnalyticsCustomModules}.
372
374
  # @!attribute [rw] parent
373
375
  # @return [::String]
374
- # Required. Name of parent organization, folder, or project in which to list
375
- # custom modules, specified in one of the following formats:
376
+ # Required. Name of the parent organization, folder, or project in which to
377
+ # list custom modules, in one of the following formats:
376
378
  #
377
379
  # * `organizations/{organization}/locations/{location}`
378
380
  # * `folders/{folder}/locations/{location}`
@@ -383,30 +385,36 @@ module Google
383
385
  # Default is 10, minimum is 1, maximum is 1000.
384
386
  # @!attribute [rw] page_token
385
387
  # @return [::String]
386
- # Optional. A token identifying a page of results the server should return.
388
+ # Optional. A pagination token returned from a previous request. Provide this
389
+ # token to retrieve the next page of results.
390
+ #
391
+ # When paginating, the rest of the request must match the request that
392
+ # generated the page token.
387
393
  class ListSecurityHealthAnalyticsCustomModulesRequest
388
394
  include ::Google::Protobuf::MessageExts
389
395
  extend ::Google::Protobuf::MessageExts::ClassMethods
390
396
  end
391
397
 
392
- # Response message for listing Security Health Analytics custom modules.
398
+ # Response message for
399
+ # {::Google::Cloud::SecurityCenterManagement::V1::SecurityCenterManagement::Client#list_security_health_analytics_custom_modules SecurityCenterManagement.ListSecurityHealthAnalyticsCustomModules}.
393
400
  # @!attribute [rw] security_health_analytics_custom_modules
394
401
  # @return [::Array<::Google::Cloud::SecurityCenterManagement::V1::SecurityHealthAnalyticsCustomModule>]
395
- # The list of SecurityHealthAnalyticsCustomModules
402
+ # The list of Security Health Analytics custom modules.
396
403
  # @!attribute [rw] next_page_token
397
404
  # @return [::String]
398
- # A token identifying a page of results the server should return.
405
+ # A pagination token. To retrieve the next page of results, call the method
406
+ # again with this token.
399
407
  class ListSecurityHealthAnalyticsCustomModulesResponse
400
408
  include ::Google::Protobuf::MessageExts
401
409
  extend ::Google::Protobuf::MessageExts::ClassMethods
402
410
  end
403
411
 
404
- # Request message for listing descendant Security Health Analytics custom
405
- # modules.
412
+ # Request message for
413
+ # {::Google::Cloud::SecurityCenterManagement::V1::SecurityCenterManagement::Client#list_descendant_security_health_analytics_custom_modules SecurityCenterManagement.ListDescendantSecurityHealthAnalyticsCustomModules}.
406
414
  # @!attribute [rw] parent
407
415
  # @return [::String]
408
416
  # Required. Name of the parent organization, folder, or project in which to
409
- # list custom modules, specified in one of the following formats:
417
+ # list custom modules, in one of the following formats:
410
418
  #
411
419
  # * `organizations/{organization}/locations/{location}`
412
420
  # * `folders/{folder}/locations/{location}`
@@ -417,118 +425,147 @@ module Google
417
425
  # Default is 10, minimum is 1, maximum is 1000.
418
426
  # @!attribute [rw] page_token
419
427
  # @return [::String]
420
- # Optional. A token identifying a page of results the server should return.
428
+ # Optional. A pagination token returned from a previous request. Provide this
429
+ # token to retrieve the next page of results.
430
+ #
431
+ # When paginating, the rest of the request must match the request that
432
+ # generated the page token.
421
433
  class ListDescendantSecurityHealthAnalyticsCustomModulesRequest
422
434
  include ::Google::Protobuf::MessageExts
423
435
  extend ::Google::Protobuf::MessageExts::ClassMethods
424
436
  end
425
437
 
426
- # Response message for listing descendant Security Health Analytics custom
427
- # modules.
438
+ # Response message for
439
+ # {::Google::Cloud::SecurityCenterManagement::V1::SecurityCenterManagement::Client#list_descendant_security_health_analytics_custom_modules SecurityCenterManagement.ListDescendantSecurityHealthAnalyticsCustomModules}.
428
440
  # @!attribute [rw] security_health_analytics_custom_modules
429
441
  # @return [::Array<::Google::Cloud::SecurityCenterManagement::V1::SecurityHealthAnalyticsCustomModule>]
430
442
  # The list of SecurityHealthAnalyticsCustomModules
431
443
  # @!attribute [rw] next_page_token
432
444
  # @return [::String]
433
- # A token identifying a page of results the server should return.
445
+ # A pagination token. To retrieve the next page of results, call the method
446
+ # again with this token.
434
447
  class ListDescendantSecurityHealthAnalyticsCustomModulesResponse
435
448
  include ::Google::Protobuf::MessageExts
436
449
  extend ::Google::Protobuf::MessageExts::ClassMethods
437
450
  end
438
451
 
439
- # Message for getting a SecurityHealthAnalyticsCustomModule
452
+ # Request message for
453
+ # {::Google::Cloud::SecurityCenterManagement::V1::SecurityCenterManagement::Client#get_security_health_analytics_custom_module SecurityCenterManagement.GetSecurityHealthAnalyticsCustomModule}.
440
454
  # @!attribute [rw] name
441
455
  # @return [::String]
442
- # Required. Name of the resource
456
+ # Required. Name of the resource, in the format
457
+ # `projects/{project}/locations/{location}/securityHealthAnalyticsCustomModules/{custom_module}`.
443
458
  class GetSecurityHealthAnalyticsCustomModuleRequest
444
459
  include ::Google::Protobuf::MessageExts
445
460
  extend ::Google::Protobuf::MessageExts::ClassMethods
446
461
  end
447
462
 
448
- # Message for creating a SecurityHealthAnalyticsCustomModule
463
+ # Request message for
464
+ # {::Google::Cloud::SecurityCenterManagement::V1::SecurityCenterManagement::Client#create_security_health_analytics_custom_module SecurityCenterManagement.CreateSecurityHealthAnalyticsCustomModule}.
449
465
  # @!attribute [rw] parent
450
466
  # @return [::String]
451
467
  # Required. Name of the parent organization, folder, or project of the
452
- # module, specified in one of the following formats:
468
+ # module, in one of the following formats:
453
469
  #
454
470
  # * `organizations/{organization}/locations/{location}`
455
471
  # * `folders/{folder}/locations/{location}`
456
472
  # * `projects/{project}/locations/{location}`
457
473
  # @!attribute [rw] security_health_analytics_custom_module
458
474
  # @return [::Google::Cloud::SecurityCenterManagement::V1::SecurityHealthAnalyticsCustomModule]
459
- # Required. The resource being created
475
+ # Required. The resource being created.
460
476
  # @!attribute [rw] validate_only
461
477
  # @return [::Boolean]
462
- # Optional. When set to true, only validations (including IAM checks) will
463
- # done for the request (no module will be created). An OK response indicates
464
- # the request is valid while an error response indicates the request is
465
- # invalid. Note that a subsequent request to actually create the module could
466
- # still fail because:
467
- # 1. the state could have changed (e.g. IAM permission lost) or
468
- # 2. A failure occurred during creation of the module.
469
- # Defaults to false.
478
+ # Optional. When set to `true`, the request will be validated (including IAM
479
+ # checks), but no module will be created. An `OK` response indicates that the
480
+ # request is valid, while an error response indicates that the request is
481
+ # invalid.
482
+ #
483
+ # If the request is valid, a subsequent request to create the module could
484
+ # still fail for one of the following reasons:
485
+ #
486
+ # * The state of your cloud resources changed; for example, you lost a
487
+ # required IAM permission
488
+ # * An error occurred during creation of the module
489
+ #
490
+ # Defaults to `false`.
470
491
  class CreateSecurityHealthAnalyticsCustomModuleRequest
471
492
  include ::Google::Protobuf::MessageExts
472
493
  extend ::Google::Protobuf::MessageExts::ClassMethods
473
494
  end
474
495
 
475
- # Message for updating a SecurityHealthAnalyticsCustomModule
496
+ # Request message for
497
+ # {::Google::Cloud::SecurityCenterManagement::V1::SecurityCenterManagement::Client#update_security_health_analytics_custom_module SecurityCenterManagement.UpdateSecurityHealthAnalyticsCustomModule}.
476
498
  # @!attribute [rw] update_mask
477
499
  # @return [::Google::Protobuf::FieldMask]
478
- # Required. The list of fields to be updated. The only fields that can be
479
- # updated are `enablement_state` and `custom_config`. If empty or set to the
480
- # wildcard value `*`, both `enablement_state` and `custom_config` are
481
- # updated.
500
+ # Required. The fields to update. The following values are valid:
501
+ #
502
+ # * `custom_config`
503
+ # * `enablement_state`
504
+ #
505
+ # If you omit this field or set it to the wildcard value `*`, then all
506
+ # eligible fields are updated.
482
507
  # @!attribute [rw] security_health_analytics_custom_module
483
508
  # @return [::Google::Cloud::SecurityCenterManagement::V1::SecurityHealthAnalyticsCustomModule]
484
- # Required. The resource being updated
509
+ # Required. The resource being updated.
485
510
  # @!attribute [rw] validate_only
486
511
  # @return [::Boolean]
487
- # Optional. When set to true, only validations (including IAM checks) will
488
- # done for the request (module will not be updated). An OK response indicates
489
- # the request is valid while an error response indicates the request is
490
- # invalid. Note that a subsequent request to actually update the module could
491
- # still fail because 1. the state could have changed (e.g. IAM permission
492
- # lost) or
493
- # 2. A failure occurred while trying to update the module.
512
+ # Optional. When set to `true`, the request will be validated (including IAM
513
+ # checks), but no module will be updated. An `OK` response indicates that the
514
+ # request is valid, while an error response indicates that the request is
515
+ # invalid.
516
+ #
517
+ # If the request is valid, a subsequent request to update the module could
518
+ # still fail for one of the following reasons:
519
+ #
520
+ # * The state of your cloud resources changed; for example, you lost a
521
+ # required IAM permission
522
+ # * An error occurred during creation of the module
523
+ #
524
+ # Defaults to `false`.
494
525
  class UpdateSecurityHealthAnalyticsCustomModuleRequest
495
526
  include ::Google::Protobuf::MessageExts
496
527
  extend ::Google::Protobuf::MessageExts::ClassMethods
497
528
  end
498
529
 
499
- # Message for deleting a SecurityHealthAnalyticsCustomModule
530
+ # Request message for
531
+ # {::Google::Cloud::SecurityCenterManagement::V1::SecurityCenterManagement::Client#delete_security_health_analytics_custom_module SecurityCenterManagement.DeleteSecurityHealthAnalyticsCustomModule}.
500
532
  # @!attribute [rw] name
501
533
  # @return [::String]
502
- # Required. The resource name of the SHA custom module.
503
- #
504
- # Its format is:
534
+ # Required. The resource name of the SHA custom module, in one of the
535
+ # following formats:
505
536
  #
506
- # * `organizations/{organization}/locations/{location}/securityHealthAnalyticsCustomModules/{security_health_analytics_custom_module}`.
507
- # * `folders/{folder}/locations/{location}/securityHealthAnalyticsCustomModules/{security_health_analytics_custom_module}`.
508
- # * `projects/{project}/locations/{location}/securityHealthAnalyticsCustomModules/{security_health_analytics_custom_module}`.
537
+ # * `organizations/{organization}/locations/{location}/securityHealthAnalyticsCustomModules/{custom_module}`
538
+ # * `folders/{folder}/locations/{location}/securityHealthAnalyticsCustomModules/{custom_module}`
539
+ # * `projects/{project}/locations/{location}/securityHealthAnalyticsCustomModules/{custom_module}`
509
540
  # @!attribute [rw] validate_only
510
541
  # @return [::Boolean]
511
- # Optional. When set to true, only validations (including IAM checks) will
512
- # done for the request (module will not be deleted). An OK response indicates
513
- # the request is valid while an error response indicates the request is
514
- # invalid. Note that a subsequent request to actually delete the module could
515
- # still fail because 1. the state could have changed (e.g. IAM permission
516
- # lost) or
517
- # 2. A failure occurred while trying to delete the module.
542
+ # Optional. When set to `true`, the request will be validated (including IAM
543
+ # checks), but no module will be deleted. An `OK` response indicates that the
544
+ # request is valid, while an error response indicates that the request is
545
+ # invalid.
546
+ #
547
+ # If the request is valid, a subsequent request to delete the module could
548
+ # still fail for one of the following reasons:
549
+ #
550
+ # * The state of your cloud resources changed; for example, you lost a
551
+ # required IAM permission
552
+ # * An error occurred during deletion of the module
553
+ #
554
+ # Defaults to `false`.
518
555
  class DeleteSecurityHealthAnalyticsCustomModuleRequest
519
556
  include ::Google::Protobuf::MessageExts
520
557
  extend ::Google::Protobuf::MessageExts::ClassMethods
521
558
  end
522
559
 
523
- # Request message to simulate a CustomConfig against a given test resource.
524
- # Maximum size of the request is 4 MB by default.
560
+ # Request message for
561
+ # {::Google::Cloud::SecurityCenterManagement::V1::SecurityCenterManagement::Client#simulate_security_health_analytics_custom_module SecurityCenterManagement.SimulateSecurityHealthAnalyticsCustomModule}.
562
+ # The maximum size of the request is 4 MiB.
525
563
  # @!attribute [rw] parent
526
564
  # @return [::String]
527
565
  # Required. The relative resource name of the organization, project, or
528
- # folder. For more information about relative resource names, see [Relative
529
- # Resource
530
- # Name](https://cloud.google.com/apis/design/resource_names#relative_resource_name)
531
- # Example: `organizations/{organization_id}`.
566
+ # folder. For more information about relative resource names, see [AIP-122:
567
+ # Resource names](https://google.aip.dev/122). Example:
568
+ # `organizations/{organization_id}`.
532
569
  # @!attribute [rw] custom_config
533
570
  # @return [::Google::Cloud::SecurityCenterManagement::V1::CustomConfig]
534
571
  # Required. The custom configuration that you need to test.
@@ -539,74 +576,79 @@ module Google
539
576
  include ::Google::Protobuf::MessageExts
540
577
  extend ::Google::Protobuf::MessageExts::ClassMethods
541
578
 
542
- # Manually constructed resource name. If the custom module evaluates against
543
- # only the resource data, you can omit the `iam_policy_data` field. If it
544
- # evaluates only the `iam_policy_data` field, you can omit the resource data.
579
+ # Manually constructed information about a resource.
545
580
  # @!attribute [rw] resource_type
546
581
  # @return [::String]
547
- # Required. The type of the resource, for example,
582
+ # Required. The type of the resource. For example,
548
583
  # `compute.googleapis.com/Disk`.
549
584
  # @!attribute [rw] resource_data
550
585
  # @return [::Google::Protobuf::Struct]
551
586
  # Optional. A representation of the Google Cloud resource. Should match the
552
587
  # Google Cloud resource JSON format.
588
+ #
589
+ # If the custom module evaluates only the IAM allow policy, then you can
590
+ # omit this field.
553
591
  # @!attribute [rw] iam_policy_data
554
592
  # @return [::Google::Iam::V1::Policy]
555
- # Optional. A representation of the IAM policy.
593
+ # Optional. A representation of the IAM allow policy.
594
+ #
595
+ # If the custom module evaluates only the resource data, then you can omit
596
+ # this field.
556
597
  class SimulatedResource
557
598
  include ::Google::Protobuf::MessageExts
558
599
  extend ::Google::Protobuf::MessageExts::ClassMethods
559
600
  end
560
601
  end
561
602
 
562
- # A subset of the fields of the Security Center Finding proto. The minimum set
563
- # of fields needed to represent a simulated finding from a SHA custom module.
603
+ # The minimum set of fields needed to represent a simulated finding from a
604
+ # Security Health Analytics custom module.
564
605
  # @!attribute [rw] name
565
606
  # @return [::String]
566
- # Identifier. The [relative resource
567
- # name](https://cloud.google.com/apis/design/resource_names#relative_resource_name)
568
- # of the finding. Example:
569
- # `organizations/{organization_id}/sources/{source_id}/findings/{finding_id}`,
570
- # `folders/{folder_id}/sources/{source_id}/findings/{finding_id}`,
571
- # `projects/{project_id}/sources/{source_id}/findings/{finding_id}`.
607
+ # Identifier. The [relative resource name](https://google.aip.dev/122) of the
608
+ # finding, in one of the following formats:
609
+ #
610
+ # * `organizations/{organization_id}/sources/{source_id}/findings/{finding_id}`
611
+ # * `folders/{folder_id}/sources/{source_id}/findings/{finding_id}`
612
+ # * `projects/{project_id}/sources/{source_id}/findings/{finding_id}`
572
613
  # @!attribute [rw] parent
573
614
  # @return [::String]
574
- # The relative resource name of the source the finding belongs to. See:
575
- # https://cloud.google.com/apis/design/resource_names#relative_resource_name
576
- # This field is immutable after creation time.
577
- # For example:
578
- # `organizations/{organization_id}/sources/{source_id}`
615
+ # The [relative resource name](https://google.aip.dev/122) of the source the
616
+ # finding belongs to. For example,
617
+ # `organizations/{organization_id}/sources/{source_id}`. This field is
618
+ # immutable after creation time.
579
619
  # @!attribute [rw] resource_name
580
620
  # @return [::String]
581
- # For findings on Google Cloud resources, the full resource
582
- # name of the Google Cloud resource this finding is for. See:
583
- # https://cloud.google.com/apis/design/resource_names#full_resource_name
584
- # When the finding is for a non-Google Cloud resource, the resourceName can
585
- # be a customer or partner defined string. This field is immutable after
586
- # creation time.
621
+ # For findings on Google Cloud resources, the
622
+ # [full resource name](https://google.aip.dev/122#full-resource-names) of the
623
+ # Google Cloud resource this finding is for. When the finding is for a
624
+ # non-Google Cloud resource, the value can be a customer or partner defined
625
+ # string. This field is immutable after creation time.
587
626
  # @!attribute [rw] category
588
627
  # @return [::String]
589
- # The additional taxonomy group within findings from a given source.
590
- # This field is immutable after creation time.
591
- # Example: "XSS_FLASH_INJECTION"
628
+ # The additional taxonomy group within findings from a given source. For
629
+ # example, `XSS_FLASH_INJECTION`. This field is immutable after creation
630
+ # time.
592
631
  # @!attribute [r] state
593
632
  # @return [::Google::Cloud::SecurityCenterManagement::V1::SimulatedFinding::State]
594
633
  # Output only. The state of the finding.
595
634
  # @!attribute [rw] source_properties
596
635
  # @return [::Google::Protobuf::Map{::String => ::Google::Protobuf::Value}]
597
- # Source specific properties. These properties are managed by the source
598
- # that writes the finding. The key names in the source_properties map must be
599
- # between 1 and 255 characters, and must start with a letter and contain
600
- # alphanumeric characters or underscores only.
636
+ # Source-specific properties. These properties are managed by the source
637
+ # that writes the finding. The key names must be between 1 and 255
638
+ # characters; they must start with a letter and contain alphanumeric
639
+ # characters or underscores only.
601
640
  # @!attribute [rw] event_time
602
641
  # @return [::Google::Protobuf::Timestamp]
603
642
  # The time the finding was first detected. If an existing finding is updated,
604
- # then this is the time the update occurred.
643
+ # then this is the time the update occurred. If the finding is later
644
+ # resolved, then this time reflects when the finding was resolved.
645
+ #
605
646
  # For example, if the finding represents an open firewall, this property
606
647
  # captures the time the detector believes the firewall became open. The
607
- # accuracy is determined by the detector. If the finding is later resolved,
608
- # then this time reflects when the finding was resolved. This must not
609
- # be set to a value greater than the current timestamp.
648
+ # accuracy is determined by the detector.
649
+ #
650
+ # The event time must not be set to a value greater than the current
651
+ # timestamp.
610
652
  # @!attribute [rw] severity
611
653
  # @return [::Google::Cloud::SecurityCenterManagement::V1::SimulatedFinding::Severity]
612
654
  # The severity of the finding. This field is managed by the source that
@@ -629,97 +671,92 @@ module Google
629
671
 
630
672
  # The state of the finding.
631
673
  module State
632
- # Unspecified state.
674
+ # Default value. This value is unused.
633
675
  STATE_UNSPECIFIED = 0
634
676
 
635
677
  # The finding requires attention and has not been addressed yet.
636
678
  ACTIVE = 1
637
679
 
638
- # The finding has been fixed, triaged as a non-issue or otherwise addressed
639
- # and is no longer active.
680
+ # The finding has been fixed, triaged as a non-issue, or otherwise
681
+ # addressed and is no longer active.
640
682
  INACTIVE = 2
641
683
  end
642
684
 
643
685
  # The severity of the finding.
644
686
  module Severity
645
- # This value is used for findings when a source doesn't write a severity
646
- # value.
687
+ # Default value. This value is unused.
647
688
  SEVERITY_UNSPECIFIED = 0
648
689
 
649
- # Vulnerability:
650
- # A critical vulnerability is easily discoverable by an external actor,
651
- # exploitable, and results in the direct ability to execute arbitrary code,
652
- # exfiltrate data, and otherwise gain additional access and privileges to
653
- # cloud resources and workloads. Examples include publicly accessible
654
- # unprotected user data and public SSH access with weak or no
655
- # passwords.
690
+ # For vulnerabilities: A critical vulnerability is easily discoverable by
691
+ # an external actor, exploitable, and results in the direct ability to
692
+ # execute arbitrary code, exfiltrate data, and otherwise gain additional
693
+ # access and privileges to cloud resources and workloads. Examples include
694
+ # publicly accessible unprotected user data and public SSH access with weak
695
+ # or no passwords.
656
696
  #
657
- # Threat:
658
- # Indicates a threat that is able to access, modify, or delete data or
659
- # execute unauthorized code within existing resources.
697
+ # For threats: Indicates a threat that is able to access, modify, or delete
698
+ # data or execute unauthorized code within existing resources.
660
699
  CRITICAL = 1
661
700
 
662
- # Vulnerability:
663
- # A high risk vulnerability can be easily discovered and exploited in
664
- # combination with other vulnerabilities in order to gain direct access and
665
- # the ability to execute arbitrary code, exfiltrate data, and otherwise
666
- # gain additional access and privileges to cloud resources and workloads.
667
- # An example is a database with weak or no passwords that is only
668
- # accessible internally. This database could easily be compromised by an
669
- # actor that had access to the internal network.
701
+ # For vulnerabilities: A high-risk vulnerability can be easily discovered
702
+ # and exploited in combination with other vulnerabilities in order to gain
703
+ # direct access and the ability to execute arbitrary code, exfiltrate data,
704
+ # and otherwise gain additional access and privileges to cloud resources
705
+ # and workloads. An example is a database with weak or no passwords that is
706
+ # only accessible internally. This database could easily be compromised by
707
+ # an actor that had access to the internal network.
670
708
  #
671
- # Threat:
672
- # Indicates a threat that is able to create new computational resources in
673
- # an environment but not able to access data or execute code in existing
674
- # resources.
709
+ # For threats: Indicates a threat that is able to create new computational
710
+ # resources in an environment but not able to access data or execute code
711
+ # in existing resources.
675
712
  HIGH = 2
676
713
 
677
- # Vulnerability:
678
- # A medium risk vulnerability could be used by an actor to gain access to
679
- # resources or privileges that enable them to eventually (through multiple
680
- # steps or a complex exploit) gain access and the ability to execute
681
- # arbitrary code or exfiltrate data. An example is a service account with
682
- # access to more projects than it should have. If an actor gains access to
683
- # the service account, they could potentially use that access to manipulate
684
- # a project the service account was not intended to.
714
+ # For vulnerabilities: A medium-risk vulnerability could be used by an
715
+ # actor to gain access to resources or privileges that enable them to
716
+ # eventually (through multiple steps or a complex exploit) gain access and
717
+ # the ability to execute arbitrary code or exfiltrate data. An example is a
718
+ # service account with access to more projects than it should have. If an
719
+ # actor gains access to the service account, they could potentially use
720
+ # that access to manipulate a project the service account was not intended
721
+ # to.
685
722
  #
686
- # Threat:
687
- # Indicates a threat that is able to cause operational impact but may not
688
- # access data or execute unauthorized code.
723
+ # For threats: Indicates a threat that is able to cause operational impact
724
+ # but may not access data or execute unauthorized code.
689
725
  MEDIUM = 3
690
726
 
691
- # Vulnerability:
692
- # A low risk vulnerability hampers a security organization's ability to
693
- # detect vulnerabilities or active threats in their deployment, or prevents
694
- # the root cause investigation of security issues. An example is monitoring
695
- # and logs being disabled for resource configurations and access.
727
+ # For vulnerabilities: A low-risk vulnerability hampers a security
728
+ # organization's ability to detect vulnerabilities or active threats in
729
+ # their deployment, or prevents the root cause investigation of security
730
+ # issues. An example is monitoring and logs being disabled for resource
731
+ # configurations and access.
696
732
  #
697
- # Threat:
698
- # Indicates a threat that has obtained minimal access to an environment but
699
- # is not able to access data, execute code, or create resources.
733
+ # For threats: Indicates a threat that has obtained minimal access to an
734
+ # environment but is not able to access data, execute code, or create
735
+ # resources.
700
736
  LOW = 4
701
737
  end
702
738
 
703
- # Represents what kind of Finding it is.
739
+ # Represents what kind of finding it is.
704
740
  module FindingClass
705
- # Unspecified finding class.
741
+ # Default value. This value is unused.
706
742
  FINDING_CLASS_UNSPECIFIED = 0
707
743
 
708
744
  # Describes unwanted or malicious activity.
709
745
  THREAT = 1
710
746
 
711
747
  # Describes a potential weakness in software that increases risk to
712
- # Confidentiality & Integrity & Availability.
748
+ # confidentiality, integrity, and availability.
713
749
  VULNERABILITY = 2
714
750
 
715
- # Describes a potential weakness in cloud resource/asset configuration that
716
- # increases risk.
751
+ # Describes a potential weakness in cloud resource or asset configuration
752
+ # that increases risk.
717
753
  MISCONFIGURATION = 3
718
754
 
719
755
  # Describes a security observation that is for informational purposes.
720
756
  OBSERVATION = 4
721
757
 
722
- # Describes an error that prevents some SCC functionality.
758
+ # Describes an error that prevents Security Command Center from working
759
+ # correctly.
723
760
  SCC_ERROR = 5
724
761
 
725
762
  # Describes a potential security risk due to a change in the security
@@ -732,8 +769,8 @@ module Google
732
769
  end
733
770
  end
734
771
 
735
- # Response message for simulating a `SecurityHealthAnalyticsCustomModule`
736
- # against a given resource.
772
+ # Response message for
773
+ # {::Google::Cloud::SecurityCenterManagement::V1::SecurityCenterManagement::Client#simulate_security_health_analytics_custom_module SecurityCenterManagement.SimulateSecurityHealthAnalyticsCustomModule}.
737
774
  # @!attribute [rw] result
738
775
  # @return [::Google::Cloud::SecurityCenterManagement::V1::SimulateSecurityHealthAnalyticsCustomModuleResponse::SimulatedResult]
739
776
  # Result for test case in the corresponding request.
@@ -744,8 +781,8 @@ module Google
744
781
  # Possible test result.
745
782
  # @!attribute [rw] finding
746
783
  # @return [::Google::Cloud::SecurityCenterManagement::V1::SimulatedFinding]
747
- # Finding that would be published for the test case,
748
- # if a violation is detected.
784
+ # Finding that would be published for the test case if a violation is
785
+ # detected.
749
786
  # @!attribute [rw] no_violation
750
787
  # @return [::Google::Protobuf::Empty]
751
788
  # Indicates that the test case does not trigger any violation.
@@ -758,45 +795,44 @@ module Google
758
795
  end
759
796
  end
760
797
 
761
- # An EffectiveEventThreatDetectionCustomModule is the representation of
762
- # EventThreatDetectionCustomModule at a given level taking hierarchy into
763
- # account and resolving various fields accordingly. e.g. if the module is
764
- # enabled at the ancestor level, effective modules at all descendant levels
765
- # will have enablement_state set to ENABLED. Similarly, if module.inherited is
766
- # set, then effective module's config will contain the ancestor's config
767
- # details. EffectiveEventThreatDetectionCustomModule is read-only.
798
+ # The representation of an
799
+ # {::Google::Cloud::SecurityCenterManagement::V1::EventThreatDetectionCustomModule EventThreatDetectionCustomModule}
800
+ # at a given level, taking hierarchy into account and resolving various fields
801
+ # accordingly. For example, if the module is enabled at the ancestor level,
802
+ # then effective modules at all descendant levels will have their enablement
803
+ # state set to `ENABLED`. Similarly, if `module.inherited` is set, then the
804
+ # effective module's configuration will reflect the ancestor's configuration.
768
805
  # @!attribute [rw] name
769
806
  # @return [::String]
770
- # Identifier. The resource name of the ETD custom module.
771
- #
772
- # Its format is:
807
+ # Identifier. The resource name of the Event Threat Detection custom module,
808
+ # in one of the following formats:
773
809
  #
774
- # * `organizations/{organization}/locations/{location}/effectiveEventThreatDetectionCustomModules/{effective_event_threat_detection_custom_module}`.
775
- # * `folders/{folder}/locations/{location}/effectiveEventThreatDetectionCustomModules/{effective_event_threat_detection_custom_module}`.
776
- # * `projects/{project}/locations/{location}/effectiveEventThreatDetectionCustomModules/{effective_event_threat_detection_custom_module}`.
810
+ # * `organizations/{organization}/locations/{location}/effectiveEventThreatDetectionCustomModules/{custom_module}`
811
+ # * `folders/{folder}/locations/{location}/effectiveEventThreatDetectionCustomModules/{custom_module}`
812
+ # * `projects/{project}/locations/{location}/effectiveEventThreatDetectionCustomModules/{custom_module}`
777
813
  # @!attribute [r] config
778
814
  # @return [::Google::Protobuf::Struct]
779
- # Output only. Config for the effective module.
815
+ # Output only. Configuration for the effective module.
780
816
  # @!attribute [r] enablement_state
781
817
  # @return [::Google::Cloud::SecurityCenterManagement::V1::EffectiveEventThreatDetectionCustomModule::EnablementState]
782
818
  # Output only. The effective state of enablement for the module at the given
783
819
  # level of the hierarchy.
784
820
  # @!attribute [r] type
785
821
  # @return [::String]
786
- # Output only. Type for the module. e.g. CONFIGURABLE_BAD_IP.
822
+ # Output only. Type for the module (for example, `CONFIGURABLE_BAD_IP`).
787
823
  # @!attribute [r] display_name
788
824
  # @return [::String]
789
- # Output only. The human readable name to be displayed for the module.
825
+ # Output only. The human-readable name of the module.
790
826
  # @!attribute [r] description
791
827
  # @return [::String]
792
- # Output only. The description for the module.
828
+ # Output only. A description of the module.
793
829
  class EffectiveEventThreatDetectionCustomModule
794
830
  include ::Google::Protobuf::MessageExts
795
831
  extend ::Google::Protobuf::MessageExts::ClassMethods
796
832
 
797
833
  # The enablement state of the module.
798
834
  module EnablementState
799
- # Unspecified enablement state.
835
+ # Default value. This value is unused.
800
836
  ENABLEMENT_STATE_UNSPECIFIED = 0
801
837
 
802
838
  # The module is enabled at the given level.
@@ -807,91 +843,96 @@ module Google
807
843
  end
808
844
  end
809
845
 
810
- # Request message for listing effective Event Threat Detection custom
811
- # modules.
846
+ # Request message for
847
+ # {::Google::Cloud::SecurityCenterManagement::V1::SecurityCenterManagement::Client#list_effective_event_threat_detection_custom_modules SecurityCenterManagement.ListEffectiveEventThreatDetectionCustomModules}.
812
848
  # @!attribute [rw] parent
813
849
  # @return [::String]
814
- # Required. Name of parent to list effective custom modules. Its format is
815
- # `organizations/{organization}/locations/{location}`,
816
- # `folders/{folder}/locations/{location}`,
817
- # or
818
- # `projects/{project}/locations/{location}`
850
+ # Required. Name of parent to list effective custom modules, in one of the
851
+ # following formats:
852
+ #
853
+ # * `organizations/{organization}/locations/{location}`
854
+ # * `folders/{folder}/locations/{location}`
855
+ # * `projects/{project}/locations/{location}`
819
856
  # @!attribute [rw] page_size
820
857
  # @return [::Integer]
821
858
  # Optional. The maximum number of results to return in a single response.
822
859
  # Default is 10, minimum is 1, maximum is 1000.
823
860
  # @!attribute [rw] page_token
824
861
  # @return [::String]
825
- # Optional. The value returned by the last call indicating a continuation
862
+ # Optional. A pagination token returned from a previous request. Provide this
863
+ # token to retrieve the next page of results.
864
+ #
865
+ # When paginating, the rest of the request must match the request that
866
+ # generated the page token.
826
867
  class ListEffectiveEventThreatDetectionCustomModulesRequest
827
868
  include ::Google::Protobuf::MessageExts
828
869
  extend ::Google::Protobuf::MessageExts::ClassMethods
829
870
  end
830
871
 
831
- # Response message for listing effective Event Threat Detection custom
832
- # modules.
872
+ # Response message for
873
+ # {::Google::Cloud::SecurityCenterManagement::V1::SecurityCenterManagement::Client#list_effective_event_threat_detection_custom_modules SecurityCenterManagement.ListEffectiveEventThreatDetectionCustomModules}.
833
874
  # @!attribute [rw] effective_event_threat_detection_custom_modules
834
875
  # @return [::Array<::Google::Cloud::SecurityCenterManagement::V1::EffectiveEventThreatDetectionCustomModule>]
835
- # The list of EffectiveEventThreatDetectionCustomModules
876
+ # The list of effective Event Threat Detection custom modules.
836
877
  # @!attribute [rw] next_page_token
837
878
  # @return [::String]
838
- # A token identifying a page of results the server should return.
879
+ # A pagination token. To retrieve the next page of results, call the method
880
+ # again with this token.
839
881
  class ListEffectiveEventThreatDetectionCustomModulesResponse
840
882
  include ::Google::Protobuf::MessageExts
841
883
  extend ::Google::Protobuf::MessageExts::ClassMethods
842
884
  end
843
885
 
844
- # Message for getting a EffectiveEventThreatDetectionCustomModule
886
+ # Request message for
887
+ # {::Google::Cloud::SecurityCenterManagement::V1::SecurityCenterManagement::Client#get_effective_event_threat_detection_custom_module SecurityCenterManagement.GetEffectiveEventThreatDetectionCustomModule}.
845
888
  # @!attribute [rw] name
846
889
  # @return [::String]
847
- # Required. The resource name of the ETD custom module.
848
- #
849
- # Its format is:
890
+ # Required. The resource name of the Event Threat Detection custom module, in
891
+ # one of the following formats:
850
892
  #
851
- # * `organizations/{organization}/locations/{location}/effectiveEventThreatDetectionCustomModules/{effective_event_threat_detection_custom_module}`.
852
- # * `folders/{folder}/locations/{location}/effectiveEventThreatDetectionCustomModules/{effective_event_threat_detection_custom_module}`.
853
- # * `projects/{project}/locations/{location}/effectiveEventThreatDetectionCustomModules/{effective_event_threat_detection_custom_module}`.
893
+ # * `organizations/{organization}/locations/{location}/effectiveEventThreatDetectionCustomModules/{custom_module}`
894
+ # * `folders/{folder}/locations/{location}/effectiveEventThreatDetectionCustomModules/{custom_module}`
895
+ # * `projects/{project}/locations/{location}/effectiveEventThreatDetectionCustomModules/{custom_module}`
854
896
  class GetEffectiveEventThreatDetectionCustomModuleRequest
855
897
  include ::Google::Protobuf::MessageExts
856
898
  extend ::Google::Protobuf::MessageExts::ClassMethods
857
899
  end
858
900
 
859
- # An event threat detection custom module is a Cloud SCC resource that contains
860
- # the configuration and enablement state of a custom module, which enables ETD
861
- # to write certain findings to Cloud SCC.
901
+ # A Security Command Center resource that contains the configuration and
902
+ # enablement state of a custom module, which enables Event Threat Detection to
903
+ # write certain findings to Security Command Center.
862
904
  # @!attribute [rw] name
863
905
  # @return [::String]
864
- # Identifier. The resource name of the ETD custom module.
906
+ # Identifier. The resource name of the Event Threat Detection custom module,
907
+ # in one of the following formats:
865
908
  #
866
- # Its format is:
867
- #
868
- # * `organizations/{organization}/locations/{location}/eventThreatDetectionCustomModules/{event_threat_detection_custom_module}`.
869
- # * `folders/{folder}/locations/{location}/eventThreatDetectionCustomModules/{event_threat_detection_custom_module}`.
870
- # * `projects/{project}/locations/{location}/eventThreatDetectionCustomModules/{event_threat_detection_custom_module}`.
909
+ # * `organizations/{organization}/locations/{location}/eventThreatDetectionCustomModules/{custom_module}`
910
+ # * `folders/{folder}/locations/{location}/eventThreatDetectionCustomModules/{custom_module}`
911
+ # * `projects/{project}/locations/{location}/eventThreatDetectionCustomModules/{custom_module}`
871
912
  # @!attribute [rw] config
872
913
  # @return [::Google::Protobuf::Struct]
873
- # Optional. Config for the module. For the resident module, its config value
874
- # is defined at this level. For the inherited module, its config value is
875
- # inherited from the ancestor module.
914
+ # Optional. Configuration for the module. For the resident module, its
915
+ # configuration value is defined at this level. For the inherited module, its
916
+ # configuration value is inherited from the ancestor module.
876
917
  # @!attribute [r] ancestor_module
877
918
  # @return [::String]
878
919
  # Output only. The closest ancestor module that this module inherits the
879
920
  # enablement state from. If empty, indicates that the custom module was
880
921
  # created in the requesting parent organization, folder, or project. The
881
- # format is the same as the EventThreatDetectionCustomModule resource name.
922
+ # format is the same as the custom module's resource name.
882
923
  # @!attribute [rw] enablement_state
883
924
  # @return [::Google::Cloud::SecurityCenterManagement::V1::EventThreatDetectionCustomModule::EnablementState]
884
925
  # Optional. The state of enablement for the module at the given level of the
885
926
  # hierarchy.
886
927
  # @!attribute [rw] type
887
928
  # @return [::String]
888
- # Optional. Type for the module. e.g. CONFIGURABLE_BAD_IP.
929
+ # Optional. Type for the module. For example, `CONFIGURABLE_BAD_IP`.
889
930
  # @!attribute [rw] display_name
890
931
  # @return [::String]
891
- # Optional. The human readable name to be displayed for the module.
932
+ # Optional. The human-readable name of the module.
892
933
  # @!attribute [rw] description
893
934
  # @return [::String]
894
- # Optional. The description for the module.
935
+ # Optional. A description of the module.
895
936
  # @!attribute [r] update_time
896
937
  # @return [::Google::Protobuf::Timestamp]
897
938
  # Output only. The time the module was last updated.
@@ -913,63 +954,66 @@ module Google
913
954
  # The module is disabled at the given level.
914
955
  DISABLED = 2
915
956
 
916
- # State is inherited from an ancestor module. The module will either
917
- # be effectively ENABLED or DISABLED based on its closest non-inherited
918
- # ancestor module in the CRM hierarchy. Attempting to set a top level
919
- # module (module with no parent) to the INHERITED state will result in an
920
- # error.
957
+ # State is inherited from an ancestor module. The module will either be
958
+ # effectively `ENABLED` or `DISABLED` based on its closest non-inherited
959
+ # ancestor module in the CRM hierarchy. If you try to set a top-level
960
+ # module (a module with no parent) to the `INHERITED` state, you receive an
961
+ # `INVALID_ARGUMENT` error.
921
962
  INHERITED = 3
922
963
  end
923
964
  end
924
965
 
925
- # Request message for listing Event Threat Detection custom modules.
966
+ # Request message for
967
+ # {::Google::Cloud::SecurityCenterManagement::V1::SecurityCenterManagement::Client#list_event_threat_detection_custom_modules SecurityCenterManagement.ListEventThreatDetectionCustomModules}.
926
968
  # @!attribute [rw] parent
927
969
  # @return [::String]
928
- # Required. Name of parent to list custom modules. Its format is
929
- # `organizations/{organization}/locations/{location}`,
930
- # `folders/{folder}/locations/{location}`,
931
- # or
932
- # `projects/{project}/locations/{location}`
970
+ # Required. Name of parent to list custom modules, in one of the following
971
+ # formats:
972
+ #
973
+ # * `organizations/{organization}/locations/{location}`
974
+ # * `folders/{folder}/locations/{location}`
975
+ # * `projects/{project}/locations/{location}`
933
976
  # @!attribute [rw] page_size
934
977
  # @return [::Integer]
935
978
  # Optional. The maximum number of modules to return. The service may return
936
- # fewer than this value. If unspecified, at most 10 configs will be returned.
979
+ # fewer than this value. If unspecified, at most 10 modules will be returned.
937
980
  # The maximum value is 1000; values above 1000 will be coerced to 1000.
938
981
  # @!attribute [rw] page_token
939
982
  # @return [::String]
940
- # Optional. A page token, received from a previous
941
- # `ListEventThreatDetectionCustomModules` call. Provide this to retrieve the
942
- # subsequent page.
983
+ # Optional. A pagination token returned from a previous request. Provide this
984
+ # token to retrieve the next page of results.
943
985
  #
944
- # When paginating, all other parameters provided to
945
- # `ListEventThreatDetectionCustomModules` must match the call that provided
946
- # the page token.
986
+ # When paginating, the rest of the request must match the request that
987
+ # generated the page token.
947
988
  class ListEventThreatDetectionCustomModulesRequest
948
989
  include ::Google::Protobuf::MessageExts
949
990
  extend ::Google::Protobuf::MessageExts::ClassMethods
950
991
  end
951
992
 
952
- # Response message for listing Event Threat Detection custom modules.
993
+ # Response message for
994
+ # {::Google::Cloud::SecurityCenterManagement::V1::SecurityCenterManagement::Client#list_event_threat_detection_custom_modules SecurityCenterManagement.ListEventThreatDetectionCustomModules}.
953
995
  # @!attribute [rw] event_threat_detection_custom_modules
954
996
  # @return [::Array<::Google::Cloud::SecurityCenterManagement::V1::EventThreatDetectionCustomModule>]
955
- # The list of EventThreatDetectionCustomModules
997
+ # The list of custom modules.
956
998
  # @!attribute [rw] next_page_token
957
999
  # @return [::String]
958
- # A token identifying a page of results the server should return.
1000
+ # A pagination token. To retrieve the next page of results, call the method
1001
+ # again with this token.
959
1002
  class ListEventThreatDetectionCustomModulesResponse
960
1003
  include ::Google::Protobuf::MessageExts
961
1004
  extend ::Google::Protobuf::MessageExts::ClassMethods
962
1005
  end
963
1006
 
964
- # Request message for listing descendant Event Threat Detection custom
965
- # modules.
1007
+ # Request message for
1008
+ # {::Google::Cloud::SecurityCenterManagement::V1::SecurityCenterManagement::Client#list_descendant_event_threat_detection_custom_modules SecurityCenterManagement.ListDescendantEventThreatDetectionCustomModules}.
966
1009
  # @!attribute [rw] parent
967
1010
  # @return [::String]
968
- # Required. Name of parent to list custom modules. Its format is
969
- # `organizations/{organization}/locations/{location}`,
970
- # `folders/{folder}/locations/{location}`,
971
- # or
972
- # `projects/{project}/locations/{location}`
1011
+ # Required. Name of parent to list custom modules, in one of the following
1012
+ # formats:
1013
+ #
1014
+ # * `organizations/{organization}/locations/{location}`
1015
+ # * `folders/{folder}/locations/{location}`
1016
+ # * `projects/{project}/locations/{location}`
973
1017
  # @!attribute [rw] page_size
974
1018
  # @return [::Integer]
975
1019
  # Optional. The maximum number of modules to return. The service may return
@@ -977,62 +1021,74 @@ module Google
977
1021
  # The maximum value is 1000; values above 1000 will be coerced to 1000.
978
1022
  # @!attribute [rw] page_token
979
1023
  # @return [::String]
980
- # Optional. A token identifying a page of results the server should return.
1024
+ # Optional. A pagination token returned from a previous request. Provide this
1025
+ # token to retrieve the next page of results.
1026
+ #
1027
+ # When paginating, the rest of the request must match the request that
1028
+ # generated the page token.
981
1029
  class ListDescendantEventThreatDetectionCustomModulesRequest
982
1030
  include ::Google::Protobuf::MessageExts
983
1031
  extend ::Google::Protobuf::MessageExts::ClassMethods
984
1032
  end
985
1033
 
986
- # Response message for listing descendant Event Threat Detection custom
987
- # modules.
1034
+ # Response message for
1035
+ # {::Google::Cloud::SecurityCenterManagement::V1::SecurityCenterManagement::Client#list_descendant_event_threat_detection_custom_modules SecurityCenterManagement.ListDescendantEventThreatDetectionCustomModules}.
988
1036
  # @!attribute [rw] event_threat_detection_custom_modules
989
1037
  # @return [::Array<::Google::Cloud::SecurityCenterManagement::V1::EventThreatDetectionCustomModule>]
990
- # The list of EventThreatDetectionCustomModules
1038
+ # The list of custom modules.
991
1039
  # @!attribute [rw] next_page_token
992
1040
  # @return [::String]
993
- # A token identifying a page of results the server should return.
1041
+ # A pagination token. To retrieve the next page of results, call the method
1042
+ # again with this token.
994
1043
  class ListDescendantEventThreatDetectionCustomModulesResponse
995
1044
  include ::Google::Protobuf::MessageExts
996
1045
  extend ::Google::Protobuf::MessageExts::ClassMethods
997
1046
  end
998
1047
 
999
- # Message for getting a EventThreatDetectionCustomModule
1048
+ # Request message for
1049
+ # {::Google::Cloud::SecurityCenterManagement::V1::SecurityCenterManagement::Client#get_event_threat_detection_custom_module SecurityCenterManagement.GetEventThreatDetectionCustomModule}.
1000
1050
  # @!attribute [rw] name
1001
1051
  # @return [::String]
1002
- # Required. The resource name of the ETD custom module.
1003
- #
1004
- # Its format is:
1052
+ # Required. The resource name of the Event Threat Detection custom module, in
1053
+ # one of the following formats:
1005
1054
  #
1006
- # * `organizations/{organization}/locations/{location}/eventThreatDetectionCustomModules/{event_threat_detection_custom_module}`.
1007
- # * `folders/{folder}/locations/{location}/eventThreatDetectionCustomModules/{event_threat_detection_custom_module}`.
1008
- # * `projects/{project}/locations/{location}/eventThreatDetectionCustomModules/{event_threat_detection_custom_module}`.
1055
+ # * `organizations/{organization}/locations/{location}/eventThreatDetectionCustomModules/{custom_module}`
1056
+ # * `folders/{folder}/locations/{location}/eventThreatDetectionCustomModules/{custom_module}`
1057
+ # * `projects/{project}/locations/{location}/eventThreatDetectionCustomModules/{custom_module}`
1009
1058
  class GetEventThreatDetectionCustomModuleRequest
1010
1059
  include ::Google::Protobuf::MessageExts
1011
1060
  extend ::Google::Protobuf::MessageExts::ClassMethods
1012
1061
  end
1013
1062
 
1014
- # Message for creating a EventThreatDetectionCustomModule
1063
+ # Request message for
1064
+ # {::Google::Cloud::SecurityCenterManagement::V1::SecurityCenterManagement::Client#create_event_threat_detection_custom_module SecurityCenterManagement.CreateEventThreatDetectionCustomModule}.
1015
1065
  # @!attribute [rw] parent
1016
1066
  # @return [::String]
1017
- # Required. Name of parent for the module. Its format is
1018
- # `organizations/{organization}/locations/{location}`,
1019
- # `folders/{folder}/locations/{location}`,
1020
- # or
1021
- # `projects/{project}/locations/{location}`
1067
+ # Required. Name of parent for the module, in one of the following formats:
1068
+ #
1069
+ # * `organizations/{organization}/locations/{location}`
1070
+ # * `folders/{folder}/locations/{location}`
1071
+ # * `projects/{project}/locations/{location}`
1022
1072
  # @!attribute [rw] event_threat_detection_custom_module
1023
1073
  # @return [::Google::Cloud::SecurityCenterManagement::V1::EventThreatDetectionCustomModule]
1024
1074
  # Required. The module to create. The
1025
- # event_threat_detection_custom_module.name will be ignored and server
1026
- # generated.
1075
+ # {::Google::Cloud::SecurityCenterManagement::V1::EventThreatDetectionCustomModule#name EventThreatDetectionCustomModule.name}
1076
+ # field is ignored; Security Command Center generates the name.
1027
1077
  # @!attribute [rw] validate_only
1028
1078
  # @return [::Boolean]
1029
- # Optional. When set to true, only validations (including IAM checks) will
1030
- # done for the request (no module will be created). An OK response indicates
1031
- # the request is valid while an error response indicates the request is
1032
- # invalid. Note that a subsequent request to actually create the module could
1033
- # still fail because 1. the state could have changed (e.g. IAM permission
1034
- # lost) or
1035
- # 2. A failure occurred during creation of the module.
1079
+ # Optional. When set to `true`, the request will be validated (including IAM
1080
+ # checks), but no module will be created. An `OK` response indicates that the
1081
+ # request is valid, while an error response indicates that the request is
1082
+ # invalid.
1083
+ #
1084
+ # If the request is valid, a subsequent request to create the module could
1085
+ # still fail for one of the following reasons:
1086
+ #
1087
+ # * The state of your cloud resources changed; for example, you lost a
1088
+ # required IAM permission
1089
+ # * An error occurred during creation of the module
1090
+ #
1091
+ # Defaults to `false`.
1036
1092
  class CreateEventThreatDetectionCustomModuleRequest
1037
1093
  include ::Google::Protobuf::MessageExts
1038
1094
  extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -1041,73 +1097,82 @@ module Google
1041
1097
  # Message for updating a EventThreatDetectionCustomModule
1042
1098
  # @!attribute [rw] update_mask
1043
1099
  # @return [::Google::Protobuf::FieldMask]
1044
- # Required. Field mask is used to specify the fields to be overwritten in the
1045
- # EventThreatDetectionCustomModule resource by the update.
1046
- # The fields specified in the update_mask are relative to the resource, not
1047
- # the full request. A field will be overwritten if it is in the mask. If the
1048
- # user does not provide a mask then all fields will be overwritten.
1100
+ # Required. The fields to update. If omitted, then all fields are updated.
1049
1101
  # @!attribute [rw] event_threat_detection_custom_module
1050
1102
  # @return [::Google::Cloud::SecurityCenterManagement::V1::EventThreatDetectionCustomModule]
1051
- # Required. The module being updated
1103
+ # Required. The module being updated.
1052
1104
  # @!attribute [rw] validate_only
1053
1105
  # @return [::Boolean]
1054
- # Optional. When set to true, only validations (including IAM checks) will
1055
- # done for the request (module will not be updated). An OK response indicates
1056
- # the request is valid while an error response indicates the request is
1057
- # invalid. Note that a subsequent request to actually update the module could
1058
- # still fail because 1. the state could have changed (e.g. IAM permission
1059
- # lost) or
1060
- # 2. A failure occurred while trying to update the module.
1106
+ # Optional. When set to `true`, the request will be validated (including IAM
1107
+ # checks), but no module will be updated. An `OK` response indicates that the
1108
+ # request is valid, while an error response indicates that the request is
1109
+ # invalid.
1110
+ #
1111
+ # If the request is valid, a subsequent request to update the module could
1112
+ # still fail for one of the following reasons:
1113
+ #
1114
+ # * The state of your cloud resources changed; for example, you lost a
1115
+ # required IAM permission
1116
+ # * An error occurred during creation of the module
1117
+ #
1118
+ # Defaults to `false`.
1061
1119
  class UpdateEventThreatDetectionCustomModuleRequest
1062
1120
  include ::Google::Protobuf::MessageExts
1063
1121
  extend ::Google::Protobuf::MessageExts::ClassMethods
1064
1122
  end
1065
1123
 
1066
- # Message for deleting a EventThreatDetectionCustomModule
1124
+ # Request message for
1125
+ # {::Google::Cloud::SecurityCenterManagement::V1::SecurityCenterManagement::Client#delete_event_threat_detection_custom_module SecurityCenterManagement.DeleteEventThreatDetectionCustomModule}.
1067
1126
  # @!attribute [rw] name
1068
1127
  # @return [::String]
1069
- # Required. The resource name of the ETD custom module.
1070
- #
1071
- # Its format is:
1128
+ # Required. The resource name of the Event Threat Detection custom module, in
1129
+ # one of the following formats:
1072
1130
  #
1073
- # * `organizations/{organization}/locations/{location}/eventThreatDetectionCustomModules/{event_threat_detection_custom_module}`.
1074
- # * `folders/{folder}/locations/{location}/eventThreatDetectionCustomModules/{event_threat_detection_custom_module}`.
1075
- # * `projects/{project}/locations/{location}/eventThreatDetectionCustomModules/{event_threat_detection_custom_module}`.
1131
+ # * `organizations/{organization}/locations/{location}/eventThreatDetectionCustomModules/{custom_module}`
1132
+ # * `folders/{folder}/locations/{location}/eventThreatDetectionCustomModules/{custom_module}`
1133
+ # * `projects/{project}/locations/{location}/eventThreatDetectionCustomModules/{custom_module}`
1076
1134
  # @!attribute [rw] validate_only
1077
1135
  # @return [::Boolean]
1078
- # Optional. When set to true, only validations (including IAM checks) will
1079
- # done for the request (module will not be deleted). An OK response indicates
1080
- # the request is valid while an error response indicates the request is
1081
- # invalid. Note that a subsequent request to actually delete the module could
1082
- # still fail because 1. the state could have changed (e.g. IAM permission
1083
- # lost) or
1084
- # 2. A failure occurred while trying to delete the module.
1136
+ # Optional. When set to `true`, the request will be validated (including IAM
1137
+ # checks), but no module will be deleted. An `OK` response indicates that the
1138
+ # request is valid, while an error response indicates that the request is
1139
+ # invalid.
1140
+ #
1141
+ # If the request is valid, a subsequent request to delete the module could
1142
+ # still fail for one of the following reasons:
1143
+ #
1144
+ # * The state of your cloud resources changed; for example, you lost a
1145
+ # required IAM permission
1146
+ # * An error occurred during creation of the module
1147
+ #
1148
+ # Defaults to `false`.
1085
1149
  class DeleteEventThreatDetectionCustomModuleRequest
1086
1150
  include ::Google::Protobuf::MessageExts
1087
1151
  extend ::Google::Protobuf::MessageExts::ClassMethods
1088
1152
  end
1089
1153
 
1090
- # Request to validate an Event Threat Detection custom module.
1154
+ # Request message for
1155
+ # {::Google::Cloud::SecurityCenterManagement::V1::SecurityCenterManagement::Client#validate_event_threat_detection_custom_module SecurityCenterManagement.ValidateEventThreatDetectionCustomModule}.
1091
1156
  # @!attribute [rw] parent
1092
1157
  # @return [::String]
1093
- # Required. Resource name of the parent to validate the Custom Module under.
1158
+ # Required. Resource name of the parent to validate the custom modules under,
1159
+ # in one of the following formats:
1094
1160
  #
1095
- # Its format is:
1096
- #
1097
- # * `organizations/{organization}/locations/{location}`.
1161
+ # * `organizations/{organization}/locations/{location}`
1098
1162
  # @!attribute [rw] raw_text
1099
1163
  # @return [::String]
1100
1164
  # Required. The raw text of the module's contents. Used to generate error
1101
1165
  # messages.
1102
1166
  # @!attribute [rw] type
1103
1167
  # @return [::String]
1104
- # Required. The type of the module (e.g. CONFIGURABLE_BAD_IP).
1168
+ # Required. The type of the module. For example, `CONFIGURABLE_BAD_IP`.
1105
1169
  class ValidateEventThreatDetectionCustomModuleRequest
1106
1170
  include ::Google::Protobuf::MessageExts
1107
1171
  extend ::Google::Protobuf::MessageExts::ClassMethods
1108
1172
  end
1109
1173
 
1110
- # Response to validating an Event Threat Detection custom module.
1174
+ # Response message for
1175
+ # {::Google::Cloud::SecurityCenterManagement::V1::SecurityCenterManagement::Client#validate_event_threat_detection_custom_module SecurityCenterManagement.ValidateEventThreatDetectionCustomModule}.
1111
1176
  # @!attribute [rw] errors
1112
1177
  # @return [::Array<::Google::Cloud::SecurityCenterManagement::V1::ValidateEventThreatDetectionCustomModuleResponse::CustomModuleValidationError>]
1113
1178
  # A list of errors returned by the validator. If the list is empty, there
@@ -1117,24 +1182,25 @@ module Google
1117
1182
  extend ::Google::Protobuf::MessageExts::ClassMethods
1118
1183
 
1119
1184
  # An error encountered while validating the uploaded configuration of an
1120
- # Event Threat Detection Custom Module.
1185
+ # Event Threat Detection custom module.
1121
1186
  # @!attribute [rw] description
1122
1187
  # @return [::String]
1123
- # A description of the error, suitable for human consumption. Required.
1188
+ # A human-readable description of the error.
1124
1189
  # @!attribute [rw] field_path
1125
1190
  # @return [::String]
1126
- # The path, in RFC 8901 JSON Pointer format, to the field that failed
1127
- # validation. This may be left empty if no specific field is affected.
1191
+ # The path, in [RFC 6901: JSON
1192
+ # Pointer](https://datatracker.ietf.org/doc/html/rfc6901) format, to the
1193
+ # field that failed validation. Omitted if no specific field is affected.
1128
1194
  # @!attribute [rw] start
1129
1195
  # @return [::Google::Cloud::SecurityCenterManagement::V1::ValidateEventThreatDetectionCustomModuleResponse::Position]
1130
1196
  # The initial position of the error in the uploaded text version of the
1131
- # module. This field may be omitted if no specific position applies, or if
1132
- # one could not be computed.
1197
+ # module. Omitted if no specific position applies, or if the position could
1198
+ # not be computed.
1133
1199
  # @!attribute [rw] end
1134
1200
  # @return [::Google::Cloud::SecurityCenterManagement::V1::ValidateEventThreatDetectionCustomModuleResponse::Position]
1135
- # The end position of the error in the uploaded text version of the
1136
- # module. This field may be omitted if no specific position applies, or if
1137
- # one could not be computed..
1201
+ # The end position of the error in the uploaded text version of the module.
1202
+ # Omitted if no specific position applies, or if the position could not be
1203
+ # computed.
1138
1204
  class CustomModuleValidationError
1139
1205
  include ::Google::Protobuf::MessageExts
1140
1206
  extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -1143,100 +1209,115 @@ module Google
1143
1209
  # A position in the uploaded text version of a module.
1144
1210
  # @!attribute [rw] line_number
1145
1211
  # @return [::Integer]
1146
- # The line position in the text
1212
+ # The line position in the text.
1147
1213
  # @!attribute [rw] column_number
1148
1214
  # @return [::Integer]
1149
- # The column position in the line
1215
+ # The column position in the line.
1150
1216
  class Position
1151
1217
  include ::Google::Protobuf::MessageExts
1152
1218
  extend ::Google::Protobuf::MessageExts::ClassMethods
1153
1219
  end
1154
1220
  end
1155
1221
 
1156
- # Request message for getting a Security Command Center service.
1222
+ # Request message for
1223
+ # {::Google::Cloud::SecurityCenterManagement::V1::SecurityCenterManagement::Client#get_security_center_service SecurityCenterManagement.GetSecurityCenterService}.
1157
1224
  # @!attribute [rw] name
1158
1225
  # @return [::String]
1159
- # Required. The Security Command Center service to retrieve.
1226
+ # Required. The Security Command Center service to retrieve, in one of the
1227
+ # following formats:
1160
1228
  #
1161
- # Formats:
1229
+ # * organizations/\\{organization}/locations/\\{location}/securityCenterServices/\\{service}
1230
+ # * folders/\\{folder}/locations/\\{location}/securityCenterServices/\\{service}
1231
+ # * projects/\\{project}/locations/\\{location}/securityCenterServices/\\{service}
1162
1232
  #
1163
- # * organizations/\\{organization}/locations/\\{location}/securityCenterServices/\\{service}
1164
- # * folders/\\{folder}/locations/\\{location}/securityCenterServices/\\{service}
1165
- # * projects/\\{project}/locations/\\{location}/securityCenterServices/\\{service}
1233
+ # The following values are valid for `{service}`:
1166
1234
  #
1167
- # The possible values for id \\{service} are:
1168
- #
1169
- # * container-threat-detection
1170
- # * event-threat-detection
1171
- # * security-health-analytics
1172
- # * vm-threat-detection
1173
- # * web-security-scanner
1235
+ # * `container-threat-detection`
1236
+ # * `event-threat-detection`
1237
+ # * `security-health-analytics`
1238
+ # * `vm-threat-detection`
1239
+ # * `web-security-scanner`
1174
1240
  # @!attribute [rw] show_eligible_modules_only
1175
1241
  # @return [::Boolean]
1176
- # Flag that, when set, will be used to filter the ModuleSettings that are
1177
- # in scope. The default setting is that all modules will be shown.
1242
+ # Set to `true` to show only modules that are in scope. By default, all
1243
+ # modules are shown.
1178
1244
  class GetSecurityCenterServiceRequest
1179
1245
  include ::Google::Protobuf::MessageExts
1180
1246
  extend ::Google::Protobuf::MessageExts::ClassMethods
1181
1247
  end
1182
1248
 
1183
- # Request message for listing Security Command Center services.
1249
+ # Request message for
1250
+ # {::Google::Cloud::SecurityCenterManagement::V1::SecurityCenterManagement::Client#list_security_center_services SecurityCenterManagement.ListSecurityCenterServices}.
1184
1251
  # @!attribute [rw] parent
1185
1252
  # @return [::String]
1186
- # Required. The name of the parent to list Security Command Center services.
1187
- #
1188
- # Formats:
1253
+ # Required. The name of the parent to list Security Command Center services,
1254
+ # in one of the following formats:
1189
1255
  #
1190
- # * organizations/\\{organization}/locations/\\{location}
1191
- # * folders/\\{folder}/locations/\\{location}
1192
- # * projects/\\{project}/locations/\\{location}
1256
+ # * `organizations/{organization}/locations/{location}`
1257
+ # * `folders/{folder}/locations/{location}`
1258
+ # * `projects/{project}/locations/{location}`
1193
1259
  # @!attribute [rw] page_size
1194
1260
  # @return [::Integer]
1195
1261
  # Optional. The maximum number of results to return in a single response.
1196
1262
  # Default is 10, minimum is 1, maximum is 1000.
1197
1263
  # @!attribute [rw] page_token
1198
1264
  # @return [::String]
1199
- # Optional. The value returned by the last call indicating a continuation.
1265
+ # Optional. A pagination token returned from a previous request. Provide this
1266
+ # token to retrieve the next page of results.
1267
+ #
1268
+ # When paginating, the rest of the request must match the request that
1269
+ # generated the page token.
1200
1270
  # @!attribute [rw] show_eligible_modules_only
1201
1271
  # @return [::Boolean]
1202
- # Flag that, when set, will be used to filter the ModuleSettings that are
1203
- # in scope. The default setting is that all modules will be shown.
1272
+ # Flag that, when set, is used to filter the module settings that are shown.
1273
+ # The default setting is that all modules are shown.
1204
1274
  class ListSecurityCenterServicesRequest
1205
1275
  include ::Google::Protobuf::MessageExts
1206
1276
  extend ::Google::Protobuf::MessageExts::ClassMethods
1207
1277
  end
1208
1278
 
1209
- # Response message for listing Security Command Center services.
1279
+ # Response message for
1280
+ # {::Google::Cloud::SecurityCenterManagement::V1::SecurityCenterManagement::Client#list_security_center_services SecurityCenterManagement.ListSecurityCenterServices}.
1210
1281
  # @!attribute [rw] security_center_services
1211
1282
  # @return [::Array<::Google::Cloud::SecurityCenterManagement::V1::SecurityCenterService>]
1212
1283
  # The list of services.
1213
1284
  # @!attribute [rw] next_page_token
1214
1285
  # @return [::String]
1215
- # A token identifying a page of results the server should return.
1286
+ # A pagination token. To retrieve the next page of results, call the method
1287
+ # again with this token.
1216
1288
  class ListSecurityCenterServicesResponse
1217
1289
  include ::Google::Protobuf::MessageExts
1218
1290
  extend ::Google::Protobuf::MessageExts::ClassMethods
1219
1291
  end
1220
1292
 
1221
- # Request message for updating a Security Command Center service.
1293
+ # Request message for
1294
+ # {::Google::Cloud::SecurityCenterManagement::V1::SecurityCenterManagement::Client#update_security_center_service SecurityCenterManagement.UpdateSecurityCenterService}.
1222
1295
  # @!attribute [rw] security_center_service
1223
1296
  # @return [::Google::Cloud::SecurityCenterManagement::V1::SecurityCenterService]
1224
1297
  # Required. The updated service.
1225
1298
  # @!attribute [rw] update_mask
1226
1299
  # @return [::Google::Protobuf::FieldMask]
1227
- # Required. The list of fields to be updated. Possible values:
1300
+ # Required. The fields to update. Accepts the following values:
1301
+ #
1302
+ # * `intended_enablement_state`
1303
+ # * `modules`
1228
1304
  #
1229
- # * "intended_enablement_state"
1230
- # * "modules"
1305
+ # If omitted, then all eligible fields are updated.
1231
1306
  # @!attribute [rw] validate_only
1232
1307
  # @return [::Boolean]
1233
- # Optional. When set to true, only validations (including IAM checks) will be
1234
- # done for the request (service will not be updated). An OK response
1235
- # indicates that the request is valid, while an error response indicates that
1236
- # the request is invalid. Note that a subsequent request to actually update
1237
- # the service could still fail for one of the following reasons:
1238
- # - The state could have changed (e.g. IAM permission lost).
1239
- # - A failure occurred while trying to delete the module.
1308
+ # Optional. When set to `true`, the request will be validated (including IAM
1309
+ # checks), but no service will be updated. An `OK` response indicates that
1310
+ # the request is valid, while an error response indicates that the request is
1311
+ # invalid.
1312
+ #
1313
+ # If the request is valid, a subsequent request to update the service could
1314
+ # still fail for one of the following reasons:
1315
+ #
1316
+ # * The state of your cloud resources changed; for example, you lost a
1317
+ # required IAM permission
1318
+ # * An error occurred during update of the service
1319
+ #
1320
+ # Defaults to `false`.
1240
1321
  class UpdateSecurityCenterServiceRequest
1241
1322
  include ::Google::Protobuf::MessageExts
1242
1323
  extend ::Google::Protobuf::MessageExts::ClassMethods