# frozen_string_literal: true # Copyright 2024 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # https://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # Auto-generated by gapic-generator-ruby. DO NOT EDIT! module Google module Cloud module SecurityCenterManagement module V1 # An EffectiveSecurityHealthAnalyticsCustomModule is the representation of # a Security Health Analytics custom module at a specified level of the # resource hierarchy: organization, folder, or project. If a custom module is # inherited from a parent organization or folder, the value of the # `enablementState` property in EffectiveSecurityHealthAnalyticsCustomModule is # set to the value that is effective in the parent, instead of `INHERITED`. # For example, if the module is enabled in a parent organization or folder, the # effective enablement_state for the module in all child folders or projects is # also `enabled`. EffectiveSecurityHealthAnalyticsCustomModule is read-only. # @!attribute [rw] name # @return [::String] # Identifier. The resource name of the custom module. # Its format is # "organizations/\\{organization}/locations/\\{location}/effectiveSecurityHealthAnalyticsCustomModules/\\{effective_security_health_analytics_custom_module}", # or # "folders/\\{folder}/locations/\\{location}/effectiveSecurityHealthAnalyticsCustomModules/\\{effective_security_health_analytics_custom_module}", # or # "projects/\\{project}/locations/\\{location}/effectiveSecurityHealthAnalyticsCustomModules/\\{effective_security_health_analytics_custom_module}" # @!attribute [r] custom_config # @return [::Google::Cloud::SecurityCenterManagement::V1::CustomConfig] # Output only. The user-specified configuration for the module. # @!attribute [r] enablement_state # @return [::Google::Cloud::SecurityCenterManagement::V1::EffectiveSecurityHealthAnalyticsCustomModule::EnablementState] # Output only. The effective state of enablement for the module at the given # level of the hierarchy. # @!attribute [r] display_name # @return [::String] # Output only. The display name for the custom module. The name must be # between 1 and 128 characters, start with a lowercase letter, and contain # alphanumeric characters or underscores only. class EffectiveSecurityHealthAnalyticsCustomModule include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods # The enablement state of the module. module EnablementState # Unspecified enablement state. ENABLEMENT_STATE_UNSPECIFIED = 0 # The module is enabled at the given level. ENABLED = 1 # The module is disabled at the given level. DISABLED = 2 end end # Request message for listing effective Security Health Analytics custom # modules. # @!attribute [rw] parent # @return [::String] # Required. Name of parent to list effective custom modules. Its format is # "organizations/\\{organization}/locations/\\{location}", # "folders/\\{folder}/locations/\\{location}", # or # "projects/\\{project}/locations/\\{location}" # @!attribute [rw] page_size # @return [::Integer] # Optional. The maximum number of results to return in a single response. # Default is 10, minimum is 1, maximum is 1000. # @!attribute [rw] page_token # @return [::String] # Optional. The value returned by the last call indicating a continuation. class ListEffectiveSecurityHealthAnalyticsCustomModulesRequest include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # Response message for listing effective Security Health Analytics custom # modules. # @!attribute [rw] effective_security_health_analytics_custom_modules # @return [::Array<::Google::Cloud::SecurityCenterManagement::V1::EffectiveSecurityHealthAnalyticsCustomModule>] # The list of EffectiveSecurityHealthAnalyticsCustomModule # @!attribute [rw] next_page_token # @return [::String] # A token identifying a page of results the server should return. class ListEffectiveSecurityHealthAnalyticsCustomModulesResponse include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # Message for getting a EffectiveSecurityHealthAnalyticsCustomModule # @!attribute [rw] name # @return [::String] # Required. The resource name of the SHA custom module. # # Its format is: # # * "organizations/\\{organization}/locations/\\{location}/effectiveSecurityHealthAnalyticsCustomModules/\\{module_id}". # * "folders/\\{folder}/locations/\\{location}/effectiveSecurityHealthAnalyticsCustomModules/\\{module_id}". # * "projects/\\{project}/locations/\\{location}/effectiveSecurityHealthAnalyticsCustomModules/\\{module_id}". class GetEffectiveSecurityHealthAnalyticsCustomModuleRequest include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # Represents an instance of a Security Health Analytics custom module, # including its full module name, display name, enablement state, and last # updated time. You can create a custom module at the organization, folder, or # project level. Custom modules that you create at the organization or folder # level are inherited by the child folders and projects. # @!attribute [rw] name # @return [::String] # Identifier. The resource name of the custom module. # Its format is # "organizations/\\{organization}/locations/\\{location}/securityHealthAnalyticsCustomModules/\\{security_health_analytics_custom_module}", # or # "folders/\\{folder}/locations/\\{location}/securityHealthAnalyticsCustomModules/\\{security_health_analytics_custom_module}", # or # "projects/\\{project}/locations/\\{location}/securityHealthAnalyticsCustomModules/\\{security_health_analytics_custom_module}" # # The id \\{customModule} is server-generated and is not user settable. # It will be a numeric id containing 1-20 digits. # @!attribute [rw] display_name # @return [::String] # Optional. The display name of the Security Health Analytics custom module. # This display name becomes the finding category for all findings that are # returned by this custom module. The display name must be between 1 and # 128 characters, start with a lowercase letter, and contain alphanumeric # characters or underscores only. # @!attribute [rw] enablement_state # @return [::Google::Cloud::SecurityCenterManagement::V1::SecurityHealthAnalyticsCustomModule::EnablementState] # Optional. The enablement state of the custom module. # @!attribute [r] update_time # @return [::Google::Protobuf::Timestamp] # Output only. The time at which the custom module was last updated. # @!attribute [r] last_editor # @return [::String] # Output only. The editor that last updated the custom module. # @!attribute [r] ancestor_module # @return [::String] # Output only. Specifies the organization or folder from which the custom # module is inherited. If empty, indicates that the custom module was created # in the organization, folder, or project in which you are viewing the custom # module. # @!attribute [rw] custom_config # @return [::Google::Cloud::SecurityCenterManagement::V1::CustomConfig] # Optional. The user specified custom configuration for the module. class SecurityHealthAnalyticsCustomModule include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods # Possible enablement states of a custom module. module EnablementState # Unspecified enablement state. ENABLEMENT_STATE_UNSPECIFIED = 0 # The module is enabled at the given CRM resource. ENABLED = 1 # The module is disabled at the given CRM resource. DISABLED = 2 # State is inherited from an ancestor module. The module will either # be effectively ENABLED or DISABLED based on its closest non-inherited # ancestor module in the CRM hierarchy. Attempting to set a top level # module (module with no parent) to the INHERITED state will result in an # INVALID_ARGUMENT error. INHERITED = 3 end end # Defines the properties in a custom module configuration for Security # Health Analytics. Use the custom module configuration to create custom # detectors that generate custom findings for resources that you specify. # @!attribute [rw] predicate # @return [::Google::Type::Expr] # Optional. The CEL expression to evaluate to produce findings. When the # expression evaluates to true against a resource, a finding is generated. # @!attribute [rw] custom_output # @return [::Google::Cloud::SecurityCenterManagement::V1::CustomConfig::CustomOutputSpec] # Optional. Custom output properties. # @!attribute [rw] resource_selector # @return [::Google::Cloud::SecurityCenterManagement::V1::CustomConfig::ResourceSelector] # Optional. The Cloud Asset Inventory resource types that the custom module # operates on. For information about resource types, see [Supported asset # types](https://cloud.google.com/asset-inventory/docs/supported-asset-types). # Each custom module can specify up to 5 resource types. # @!attribute [rw] severity # @return [::Google::Cloud::SecurityCenterManagement::V1::CustomConfig::Severity] # Optional. The severity to assign to findings generated by the module. # @!attribute [rw] description # @return [::String] # Optional. Text that describes the vulnerability or misconfiguration that # the custom module detects. This explanation is returned with each finding # instance to help investigators understand the detected issue. The text must # be enclosed in quotation marks. # @!attribute [rw] recommendation # @return [::String] # Optional. An explanation of the recommended steps that security teams can # take to resolve the detected issue. This explanation is returned with each # finding generated by this module in the `nextSteps` property of the finding # JSON. class CustomConfig include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods # A set of optional name-value pairs that define custom source properties to # return with each finding that is generated by the custom module. The custom # source properties that are defined here are included in the finding JSON # under `sourceProperties`. # @!attribute [rw] properties # @return [::Array<::Google::Cloud::SecurityCenterManagement::V1::CustomConfig::CustomOutputSpec::Property>] # Optional. A list of custom output properties to add to the finding. class CustomOutputSpec include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods # An individual name-value pair that defines a custom source property. # @!attribute [rw] name # @return [::String] # Optional. Name of the property for the custom output. # @!attribute [rw] value_expression # @return [::Google::Type::Expr] # Optional. The CEL expression for the custom output. A resource property # can be specified to return the value of the property or a text string # enclosed in quotation marks. class Property include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end end # Resource for selecting resource type. # @!attribute [rw] resource_types # @return [::Array<::String>] # Optional. The resource types to run the detector on. class ResourceSelector include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # Defines the valid value options for the severity of a finding. module Severity # Unspecified severity. SEVERITY_UNSPECIFIED = 0 # Critical severity. CRITICAL = 1 # High severity. HIGH = 2 # Medium severity. MEDIUM = 3 # Low severity. LOW = 4 end end # Request message for listing Security Health Analytics custom modules. # @!attribute [rw] parent # @return [::String] # Required. Name of parent to list custom modules. Its format is # "organizations/\\{organization}/locations/\\{location}", # "folders/\\{folder}/locations/\\{location}", # or # "projects/\\{project}/locations/\\{location}" # @!attribute [rw] page_size # @return [::Integer] # Optional. The maximum number of results to return in a single response. # Default is 10, minimum is 1, maximum is 1000. # @!attribute [rw] page_token # @return [::String] # Optional. A token identifying a page of results the server should return. class ListSecurityHealthAnalyticsCustomModulesRequest include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # Response message for listing Security Health Analytics custom modules. # @!attribute [rw] security_health_analytics_custom_modules # @return [::Array<::Google::Cloud::SecurityCenterManagement::V1::SecurityHealthAnalyticsCustomModule>] # The list of SecurityHealthAnalyticsCustomModules # @!attribute [rw] next_page_token # @return [::String] # A token identifying a page of results the server should return. class ListSecurityHealthAnalyticsCustomModulesResponse include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # Request message for listing descendant Security Health Analytics custom # modules. # @!attribute [rw] parent # @return [::String] # Required. Name of parent to list custom modules. Its format is # "organizations/\\{organization}/locations/\\{location}", # "folders/\\{folder}/locations/\\{location}", # or # "projects/\\{project}/locations/\\{location}" # @!attribute [rw] page_size # @return [::Integer] # Optional. The maximum number of results to return in a single response. # Default is 10, minimum is 1, maximum is 1000. # @!attribute [rw] page_token # @return [::String] # Optional. A token identifying a page of results the server should return. class ListDescendantSecurityHealthAnalyticsCustomModulesRequest include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # Response message for listing descendant Security Health Analytics custom # modules. # @!attribute [rw] security_health_analytics_custom_modules # @return [::Array<::Google::Cloud::SecurityCenterManagement::V1::SecurityHealthAnalyticsCustomModule>] # The list of SecurityHealthAnalyticsCustomModules # @!attribute [rw] next_page_token # @return [::String] # A token identifying a page of results the server should return. class ListDescendantSecurityHealthAnalyticsCustomModulesResponse include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # Message for getting a SecurityHealthAnalyticsCustomModule # @!attribute [rw] name # @return [::String] # Required. Name of the resource class GetSecurityHealthAnalyticsCustomModuleRequest include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # Message for creating a SecurityHealthAnalyticsCustomModule # @!attribute [rw] parent # @return [::String] # Required. Name of the parent for the module. Its format is # "organizations/\\{organization}/locations/\\{location}", # "folders/\\{folder}/locations/\\{location}", # or # "projects/\\{project}/locations/\\{location}" # @!attribute [rw] security_health_analytics_custom_module # @return [::Google::Cloud::SecurityCenterManagement::V1::SecurityHealthAnalyticsCustomModule] # Required. The resource being created # @!attribute [rw] validate_only # @return [::Boolean] # Optional. When set to true, only validations (including IAM checks) will # done for the request (no module will be created). An OK response indicates # the request is valid while an error response indicates the request is # invalid. Note that a subsequent request to actually create the module could # still fail because: # 1. the state could have changed (e.g. IAM permission lost) or # 2. A failure occurred during creation of the module. # Defaults to false. class CreateSecurityHealthAnalyticsCustomModuleRequest include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # Message for updating a SecurityHealthAnalyticsCustomModule # @!attribute [rw] update_mask # @return [::Google::Protobuf::FieldMask] # Required. The list of fields to be updated. The only fields that can be # updated are `enablement_state` and `custom_config`. If empty or set to the # wildcard value `*`, both `enablement_state` and `custom_config` are # updated. # @!attribute [rw] security_health_analytics_custom_module # @return [::Google::Cloud::SecurityCenterManagement::V1::SecurityHealthAnalyticsCustomModule] # Required. The resource being updated # @!attribute [rw] validate_only # @return [::Boolean] # Optional. When set to true, only validations (including IAM checks) will # done for the request (module will not be updated). An OK response indicates # the request is valid while an error response indicates the request is # invalid. Note that a subsequent request to actually update the module could # still fail because 1. the state could have changed (e.g. IAM permission # lost) or # 2. A failure occurred while trying to update the module. class UpdateSecurityHealthAnalyticsCustomModuleRequest include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # Message for deleting a SecurityHealthAnalyticsCustomModule # @!attribute [rw] name # @return [::String] # Required. The resource name of the SHA custom module. # # Its format is: # # * "organizations/\\{organization}/locations/\\{location}/securityHealthAnalyticsCustomModules/\\{security_health_analytics_custom_module}". # * "folders/\\{folder}/locations/\\{location}/securityHealthAnalyticsCustomModules/\\{security_health_analytics_custom_module}". # * "projects/\\{project}/locations/\\{location}/securityHealthAnalyticsCustomModules/\\{security_health_analytics_custom_module}". # @!attribute [rw] validate_only # @return [::Boolean] # Optional. When set to true, only validations (including IAM checks) will # done for the request (module will not be deleted). An OK response indicates # the request is valid while an error response indicates the request is # invalid. Note that a subsequent request to actually delete the module could # still fail because 1. the state could have changed (e.g. IAM permission # lost) or # 2. A failure occurred while trying to delete the module. class DeleteSecurityHealthAnalyticsCustomModuleRequest include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # Request message to simulate a CustomConfig against a given test resource. # Maximum size of the request is 4 MB by default. # @!attribute [rw] parent # @return [::String] # Required. The relative resource name of the organization, project, or # folder. For more information about relative resource names, see [Relative # Resource # Name](https://cloud.google.com/apis/design/resource_names#relative_resource_name) # Example: `organizations/{organization_id}`. # @!attribute [rw] custom_config # @return [::Google::Cloud::SecurityCenterManagement::V1::CustomConfig] # Required. The custom configuration that you need to test. # @!attribute [rw] resource # @return [::Google::Cloud::SecurityCenterManagement::V1::SimulateSecurityHealthAnalyticsCustomModuleRequest::SimulatedResource] # Required. Resource data to simulate custom module against. class SimulateSecurityHealthAnalyticsCustomModuleRequest include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods # Manually constructed resource name. If the custom module evaluates against # only the resource data, you can omit the `iam_policy_data` field. If it # evaluates only the `iam_policy_data` field, you can omit the resource data. # @!attribute [rw] resource_type # @return [::String] # Required. The type of the resource, for example, # `compute.googleapis.com/Disk`. # @!attribute [rw] resource_data # @return [::Google::Protobuf::Struct] # Optional. A representation of the Google Cloud resource. Should match the # Google Cloud resource JSON format. # @!attribute [rw] iam_policy_data # @return [::Google::Iam::V1::Policy] # Optional. A representation of the IAM policy. class SimulatedResource include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end end # A subset of the fields of the Security Center Finding proto. The minimum set # of fields needed to represent a simulated finding from a SHA custom module. # @!attribute [rw] name # @return [::String] # Identifier. The [relative resource # name](https://cloud.google.com/apis/design/resource_names#relative_resource_name) # of the finding. Example: # "organizations/\\{organization_id}/sources/\\{source_id}/findings/\\{finding_id}", # "folders/\\{folder_id}/sources/\\{source_id}/findings/\\{finding_id}", # "projects/\\{project_id}/sources/\\{source_id}/findings/\\{finding_id}". # @!attribute [rw] parent # @return [::String] # The relative resource name of the source the finding belongs to. See: # https://cloud.google.com/apis/design/resource_names#relative_resource_name # This field is immutable after creation time. # For example: # "organizations/\\{organization_id}/sources/\\{source_id}" # @!attribute [rw] resource_name # @return [::String] # For findings on Google Cloud resources, the full resource # name of the Google Cloud resource this finding is for. See: # https://cloud.google.com/apis/design/resource_names#full_resource_name # When the finding is for a non-Google Cloud resource, the resourceName can # be a customer or partner defined string. This field is immutable after # creation time. # @!attribute [rw] category # @return [::String] # The additional taxonomy group within findings from a given source. # This field is immutable after creation time. # Example: "XSS_FLASH_INJECTION" # @!attribute [r] state # @return [::Google::Cloud::SecurityCenterManagement::V1::SimulatedFinding::State] # Output only. The state of the finding. # @!attribute [rw] source_properties # @return [::Google::Protobuf::Map{::String => ::Google::Protobuf::Value}] # Source specific properties. These properties are managed by the source # that writes the finding. The key names in the source_properties map must be # between 1 and 255 characters, and must start with a letter and contain # alphanumeric characters or underscores only. # @!attribute [rw] event_time # @return [::Google::Protobuf::Timestamp] # The time the finding was first detected. If an existing finding is updated, # then this is the time the update occurred. # For example, if the finding represents an open firewall, this property # captures the time the detector believes the firewall became open. The # accuracy is determined by the detector. If the finding is later resolved, # then this time reflects when the finding was resolved. This must not # be set to a value greater than the current timestamp. # @!attribute [rw] severity # @return [::Google::Cloud::SecurityCenterManagement::V1::SimulatedFinding::Severity] # The severity of the finding. This field is managed by the source that # writes the finding. # @!attribute [rw] finding_class # @return [::Google::Cloud::SecurityCenterManagement::V1::SimulatedFinding::FindingClass] # The class of the finding. class SimulatedFinding include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods # @!attribute [rw] key # @return [::String] # @!attribute [rw] value # @return [::Google::Protobuf::Value] class SourcePropertiesEntry include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # The state of the finding. module State # Unspecified state. STATE_UNSPECIFIED = 0 # The finding requires attention and has not been addressed yet. ACTIVE = 1 # The finding has been fixed, triaged as a non-issue or otherwise addressed # and is no longer active. INACTIVE = 2 end # The severity of the finding. module Severity # This value is used for findings when a source doesn't write a severity # value. SEVERITY_UNSPECIFIED = 0 # Vulnerability: # A critical vulnerability is easily discoverable by an external actor, # exploitable, and results in the direct ability to execute arbitrary code, # exfiltrate data, and otherwise gain additional access and privileges to # cloud resources and workloads. Examples include publicly accessible # unprotected user data and public SSH access with weak or no # passwords. # # Threat: # Indicates a threat that is able to access, modify, or delete data or # execute unauthorized code within existing resources. CRITICAL = 1 # Vulnerability: # A high risk vulnerability can be easily discovered and exploited in # combination with other vulnerabilities in order to gain direct access and # the ability to execute arbitrary code, exfiltrate data, and otherwise # gain additional access and privileges to cloud resources and workloads. # An example is a database with weak or no passwords that is only # accessible internally. This database could easily be compromised by an # actor that had access to the internal network. # # Threat: # Indicates a threat that is able to create new computational resources in # an environment but not able to access data or execute code in existing # resources. HIGH = 2 # Vulnerability: # A medium risk vulnerability could be used by an actor to gain access to # resources or privileges that enable them to eventually (through multiple # steps or a complex exploit) gain access and the ability to execute # arbitrary code or exfiltrate data. An example is a service account with # access to more projects than it should have. If an actor gains access to # the service account, they could potentially use that access to manipulate # a project the service account was not intended to. # # Threat: # Indicates a threat that is able to cause operational impact but may not # access data or execute unauthorized code. MEDIUM = 3 # Vulnerability: # A low risk vulnerability hampers a security organization's ability to # detect vulnerabilities or active threats in their deployment, or prevents # the root cause investigation of security issues. An example is monitoring # and logs being disabled for resource configurations and access. # # Threat: # Indicates a threat that has obtained minimal access to an environment but # is not able to access data, execute code, or create resources. LOW = 4 end # Represents what kind of Finding it is. module FindingClass # Unspecified finding class. FINDING_CLASS_UNSPECIFIED = 0 # Describes unwanted or malicious activity. THREAT = 1 # Describes a potential weakness in software that increases risk to # Confidentiality & Integrity & Availability. VULNERABILITY = 2 # Describes a potential weakness in cloud resource/asset configuration that # increases risk. MISCONFIGURATION = 3 # Describes a security observation that is for informational purposes. OBSERVATION = 4 # Describes an error that prevents some SCC functionality. SCC_ERROR = 5 # Describes a potential security risk due to a change in the security # posture. POSTURE_VIOLATION = 6 end end # Response message for simulating a `SecurityHealthAnalyticsCustomModule` # against a given resource. # @!attribute [rw] result # @return [::Google::Cloud::SecurityCenterManagement::V1::SimulateSecurityHealthAnalyticsCustomModuleResponse::SimulatedResult] # Result for test case in the corresponding request. class SimulateSecurityHealthAnalyticsCustomModuleResponse include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods # Possible test result. # @!attribute [rw] finding # @return [::Google::Cloud::SecurityCenterManagement::V1::SimulatedFinding] # Finding that would be published for the test case, # if a violation is detected. # @!attribute [rw] no_violation # @return [::Google::Protobuf::Empty] # Indicates that the test case does not trigger any violation. # @!attribute [rw] error # @return [::Google::Rpc::Status] # Error encountered during the test. class SimulatedResult include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end end # An EffectiveEventThreatDetectionCustomModule is the representation of # EventThreatDetectionCustomModule at a given level taking hierarchy into # account and resolving various fields accordingly. e.g. if the module is # enabled at the ancestor level, effective modules at all descendant levels # will have enablement_state set to ENABLED. Similarly, if module.inherited is # set, then effective module's config will contain the ancestor's config # details. EffectiveEventThreatDetectionCustomModule is read-only. # @!attribute [rw] name # @return [::String] # Identifier. The resource name of the ETD custom module. # # Its format is: # # * "organizations/\\{organization}/locations/\\{location}/effectiveEventThreatDetectionCustomModules/\\{effective_event_threat_detection_custom_module}". # * "folders/\\{folder}/locations/\\{location}/effectiveEventThreatDetectionCustomModules/\\{effective_event_threat_detection_custom_module}". # * "projects/\\{project}/locations/\\{location}/effectiveEventThreatDetectionCustomModules/\\{effective_event_threat_detection_custom_module}". # @!attribute [r] config # @return [::Google::Protobuf::Struct] # Output only. Config for the effective module. # @!attribute [r] enablement_state # @return [::Google::Cloud::SecurityCenterManagement::V1::EffectiveEventThreatDetectionCustomModule::EnablementState] # Output only. The effective state of enablement for the module at the given # level of the hierarchy. # @!attribute [r] type # @return [::String] # Output only. Type for the module. e.g. CONFIGURABLE_BAD_IP. # @!attribute [r] display_name # @return [::String] # Output only. The human readable name to be displayed for the module. # @!attribute [r] description # @return [::String] # Output only. The description for the module. class EffectiveEventThreatDetectionCustomModule include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods # The enablement state of the module. module EnablementState # Unspecified enablement state. ENABLEMENT_STATE_UNSPECIFIED = 0 # The module is enabled at the given level. ENABLED = 1 # The module is disabled at the given level. DISABLED = 2 end end # Request message for listing effective Event Threat Detection custom # modules. # @!attribute [rw] parent # @return [::String] # Required. Name of parent to list effective custom modules. Its format is # "organizations/\\{organization}/locations/\\{location}", # "folders/\\{folder}/locations/\\{location}", # or # "projects/\\{project}/locations/\\{location}" # @!attribute [rw] page_size # @return [::Integer] # Optional. The maximum number of results to return in a single response. # Default is 10, minimum is 1, maximum is 1000. # @!attribute [rw] page_token # @return [::String] # Optional. The value returned by the last call indicating a continuation class ListEffectiveEventThreatDetectionCustomModulesRequest include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # Response message for listing effective Event Threat Detection custom # modules. # @!attribute [rw] effective_event_threat_detection_custom_modules # @return [::Array<::Google::Cloud::SecurityCenterManagement::V1::EffectiveEventThreatDetectionCustomModule>] # The list of EffectiveEventThreatDetectionCustomModules # @!attribute [rw] next_page_token # @return [::String] # A token identifying a page of results the server should return. class ListEffectiveEventThreatDetectionCustomModulesResponse include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # Message for getting a EffectiveEventThreatDetectionCustomModule # @!attribute [rw] name # @return [::String] # Required. The resource name of the ETD custom module. # # Its format is: # # * "organizations/\\{organization}/locations/\\{location}/effectiveEventThreatDetectionCustomModules/\\{effective_event_threat_detection_custom_module}". # * "folders/\\{folder}/locations/\\{location}/effectiveEventThreatDetectionCustomModules/\\{effective_event_threat_detection_custom_module}". # * "projects/\\{project}/locations/\\{location}/effectiveEventThreatDetectionCustomModules/\\{effective_event_threat_detection_custom_module}". class GetEffectiveEventThreatDetectionCustomModuleRequest include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # An event threat detection custom module is a Cloud SCC resource that contains # the configuration and enablement state of a custom module, which enables ETD # to write certain findings to Cloud SCC. # @!attribute [rw] name # @return [::String] # Identifier. The resource name of the ETD custom module. # # Its format is: # # * "organizations/\\{organization}/locations/\\{location}/eventThreatDetectionCustomModules/\\{event_threat_detection_custom_module}". # * "folders/\\{folder}/locations/\\{location}/eventThreatDetectionCustomModules/\\{event_threat_detection_custom_module}". # * "projects/\\{project}/locations/\\{location}/eventThreatDetectionCustomModules/\\{event_threat_detection_custom_module}". # @!attribute [rw] config # @return [::Google::Protobuf::Struct] # Optional. Config for the module. For the resident module, its config value # is defined at this level. For the inherited module, its config value is # inherited from the ancestor module. # @!attribute [r] ancestor_module # @return [::String] # Output only. The closest ancestor module that this module inherits the # enablement state from. If empty, indicates that the custom module was # created in the requesting parent organization, folder, or project. The # format is the same as the EventThreatDetectionCustomModule resource name. # @!attribute [rw] enablement_state # @return [::Google::Cloud::SecurityCenterManagement::V1::EventThreatDetectionCustomModule::EnablementState] # Optional. The state of enablement for the module at the given level of the # hierarchy. # @!attribute [rw] type # @return [::String] # Optional. Type for the module. e.g. CONFIGURABLE_BAD_IP. # @!attribute [rw] display_name # @return [::String] # Optional. The human readable name to be displayed for the module. # @!attribute [rw] description # @return [::String] # Optional. The description for the module. # @!attribute [r] update_time # @return [::Google::Protobuf::Timestamp] # Output only. The time the module was last updated. # @!attribute [r] last_editor # @return [::String] # Output only. The editor the module was last updated by. class EventThreatDetectionCustomModule include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods # The enablement state of the module. module EnablementState # Unspecified enablement state. ENABLEMENT_STATE_UNSPECIFIED = 0 # The module is enabled at the given level. ENABLED = 1 # The module is disabled at the given level. DISABLED = 2 # State is inherited from an ancestor module. The module will either # be effectively ENABLED or DISABLED based on its closest non-inherited # ancestor module in the CRM hierarchy. Attempting to set a top level # module (module with no parent) to the INHERITED state will result in an # error. INHERITED = 3 end end # Request message for listing Event Threat Detection custom modules. # @!attribute [rw] parent # @return [::String] # Required. Name of parent to list custom modules. Its format is # "organizations/\\{organization}/locations/\\{location}", # "folders/\\{folder}/locations/\\{location}", # or # "projects/\\{project}/locations/\\{location}" # @!attribute [rw] page_size # @return [::Integer] # Optional. The maximum number of modules to return. The service may return # fewer than this value. If unspecified, at most 10 configs will be returned. # The maximum value is 1000; values above 1000 will be coerced to 1000. # @!attribute [rw] page_token # @return [::String] # Optional. A page token, received from a previous # `ListEventThreatDetectionCustomModules` call. Provide this to retrieve the # subsequent page. # # When paginating, all other parameters provided to # `ListEventThreatDetectionCustomModules` must match the call that provided # the page token. class ListEventThreatDetectionCustomModulesRequest include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # Response message for listing Event Threat Detection custom modules. # @!attribute [rw] event_threat_detection_custom_modules # @return [::Array<::Google::Cloud::SecurityCenterManagement::V1::EventThreatDetectionCustomModule>] # The list of EventThreatDetectionCustomModules # @!attribute [rw] next_page_token # @return [::String] # A token identifying a page of results the server should return. class ListEventThreatDetectionCustomModulesResponse include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # Request message for listing descendant Event Threat Detection custom # modules. # @!attribute [rw] parent # @return [::String] # Required. Name of parent to list custom modules. Its format is # "organizations/\\{organization}/locations/\\{location}", # "folders/\\{folder}/locations/\\{location}", # or # "projects/\\{project}/locations/\\{location}" # @!attribute [rw] page_size # @return [::Integer] # Optional. The maximum number of modules to return. The service may return # fewer than this value. If unspecified, at most 10 configs will be returned. # The maximum value is 1000; values above 1000 will be coerced to 1000. # @!attribute [rw] page_token # @return [::String] # Optional. A token identifying a page of results the server should return. class ListDescendantEventThreatDetectionCustomModulesRequest include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # Response message for listing descendant Event Threat Detection custom # modules. # @!attribute [rw] event_threat_detection_custom_modules # @return [::Array<::Google::Cloud::SecurityCenterManagement::V1::EventThreatDetectionCustomModule>] # The list of EventThreatDetectionCustomModules # @!attribute [rw] next_page_token # @return [::String] # A token identifying a page of results the server should return. class ListDescendantEventThreatDetectionCustomModulesResponse include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # Message for getting a EventThreatDetectionCustomModule # @!attribute [rw] name # @return [::String] # Required. The resource name of the ETD custom module. # # Its format is: # # * "organizations/\\{organization}/locations/\\{location}/eventThreatDetectionCustomModules/\\{event_threat_detection_custom_module}". # * "folders/\\{folder}/locations/\\{location}/eventThreatDetectionCustomModules/\\{event_threat_detection_custom_module}". # * "projects/\\{project}/locations/\\{location}/eventThreatDetectionCustomModules/\\{event_threat_detection_custom_module}". class GetEventThreatDetectionCustomModuleRequest include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # Message for creating a EventThreatDetectionCustomModule # @!attribute [rw] parent # @return [::String] # Required. Name of parent for the module. Its format is # "organizations/\\{organization}/locations/\\{location}", # "folders/\\{folder}/locations/\\{location}", # or # "projects/\\{project}/locations/\\{location}" # @!attribute [rw] event_threat_detection_custom_module # @return [::Google::Cloud::SecurityCenterManagement::V1::EventThreatDetectionCustomModule] # Required. The module to create. The # event_threat_detection_custom_module.name will be ignored and server # generated. # @!attribute [rw] validate_only # @return [::Boolean] # Optional. When set to true, only validations (including IAM checks) will # done for the request (no module will be created). An OK response indicates # the request is valid while an error response indicates the request is # invalid. Note that a subsequent request to actually create the module could # still fail because 1. the state could have changed (e.g. IAM permission # lost) or # 2. A failure occurred during creation of the module. class CreateEventThreatDetectionCustomModuleRequest include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # Message for updating a EventThreatDetectionCustomModule # @!attribute [rw] update_mask # @return [::Google::Protobuf::FieldMask] # Required. Field mask is used to specify the fields to be overwritten in the # EventThreatDetectionCustomModule resource by the update. # The fields specified in the update_mask are relative to the resource, not # the full request. A field will be overwritten if it is in the mask. If the # user does not provide a mask then all fields will be overwritten. # @!attribute [rw] event_threat_detection_custom_module # @return [::Google::Cloud::SecurityCenterManagement::V1::EventThreatDetectionCustomModule] # Required. The module being updated # @!attribute [rw] validate_only # @return [::Boolean] # Optional. When set to true, only validations (including IAM checks) will # done for the request (module will not be updated). An OK response indicates # the request is valid while an error response indicates the request is # invalid. Note that a subsequent request to actually update the module could # still fail because 1. the state could have changed (e.g. IAM permission # lost) or # 2. A failure occurred while trying to update the module. class UpdateEventThreatDetectionCustomModuleRequest include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # Message for deleting a EventThreatDetectionCustomModule # @!attribute [rw] name # @return [::String] # Required. The resource name of the ETD custom module. # # Its format is: # # * "organizations/\\{organization}/locations/\\{location}/eventThreatDetectionCustomModules/\\{event_threat_detection_custom_module}". # * "folders/\\{folder}/locations/\\{location}/eventThreatDetectionCustomModules/\\{event_threat_detection_custom_module}". # * "projects/\\{project}/locations/\\{location}/eventThreatDetectionCustomModules/\\{event_threat_detection_custom_module}". # @!attribute [rw] validate_only # @return [::Boolean] # Optional. When set to true, only validations (including IAM checks) will # done for the request (module will not be deleted). An OK response indicates # the request is valid while an error response indicates the request is # invalid. Note that a subsequent request to actually delete the module could # still fail because 1. the state could have changed (e.g. IAM permission # lost) or # 2. A failure occurred while trying to delete the module. class DeleteEventThreatDetectionCustomModuleRequest include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # Request to validate an Event Threat Detection custom module. # @!attribute [rw] parent # @return [::String] # Required. Resource name of the parent to validate the Custom Module under. # # Its format is: # # * "organizations/\\{organization}/locations/\\{location}". # @!attribute [rw] raw_text # @return [::String] # Required. The raw text of the module's contents. Used to generate error # messages. # @!attribute [rw] type # @return [::String] # Required. The type of the module (e.g. CONFIGURABLE_BAD_IP). class ValidateEventThreatDetectionCustomModuleRequest include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # Response to validating an Event Threat Detection custom module. # @!attribute [rw] errors # @return [::Array<::Google::Cloud::SecurityCenterManagement::V1::ValidateEventThreatDetectionCustomModuleResponse::CustomModuleValidationError>] # A list of errors returned by the validator. If the list is empty, there # were no errors. class ValidateEventThreatDetectionCustomModuleResponse include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods # An error encountered while validating the uploaded configuration of an # Event Threat Detection Custom Module. # @!attribute [rw] description # @return [::String] # A description of the error, suitable for human consumption. Required. # @!attribute [rw] field_path # @return [::String] # The path, in RFC 8901 JSON Pointer format, to the field that failed # validation. This may be left empty if no specific field is affected. # @!attribute [rw] start # @return [::Google::Cloud::SecurityCenterManagement::V1::ValidateEventThreatDetectionCustomModuleResponse::Position] # The initial position of the error in the uploaded text version of the # module. This field may be omitted if no specific position applies, or if # one could not be computed. # @!attribute [rw] end # @return [::Google::Cloud::SecurityCenterManagement::V1::ValidateEventThreatDetectionCustomModuleResponse::Position] # The end position of the error in the uploaded text version of the # module. This field may be omitted if no specific position applies, or if # one could not be computed.. class CustomModuleValidationError include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # A position in the uploaded text version of a module. # @!attribute [rw] line_number # @return [::Integer] # The line position in the text # @!attribute [rw] column_number # @return [::Integer] # The column position in the line class Position include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end end end end end end