lib/google/apis/securitycenter_v1beta2/classes.rb in google-apis-securitycenter_v1beta2-0.10.0 vs lib/google/apis/securitycenter_v1beta2/classes.rb in google-apis-securitycenter_v1beta2-0.11.0
- old
+ new
@@ -20,10 +20,61 @@
module Google
module Apis
module SecuritycenterV1beta2
+ # Represents an access event.
+ class Access
+ include Google::Apis::Core::Hashable
+
+ # Caller's IP address, such as "1.1.1.1".
+ # Corresponds to the JSON property `callerIp`
+ # @return [String]
+ attr_accessor :caller_ip
+
+ # Represents a geographical location for a given access.
+ # Corresponds to the JSON property `callerIpGeo`
+ # @return [Google::Apis::SecuritycenterV1beta2::Geolocation]
+ attr_accessor :caller_ip_geo
+
+ # The method that the service account called, e.g. "SetIamPolicy".
+ # Corresponds to the JSON property `methodName`
+ # @return [String]
+ attr_accessor :method_name
+
+ # Associated email, such as "foo@google.com".
+ # Corresponds to the JSON property `principalEmail`
+ # @return [String]
+ attr_accessor :principal_email
+
+ # This is the API service that the service account made a call to, e.g. "iam.
+ # googleapis.com"
+ # Corresponds to the JSON property `serviceName`
+ # @return [String]
+ attr_accessor :service_name
+
+ # What kind of user agent is associated, e.g. operating system shells, embedded
+ # or stand-alone applications, etc.
+ # Corresponds to the JSON property `userAgentFamily`
+ # @return [String]
+ attr_accessor :user_agent_family
+
+ def initialize(**args)
+ update!(**args)
+ end
+
+ # Update properties of this object
+ def update!(**args)
+ @caller_ip = args[:caller_ip] if args.key?(:caller_ip)
+ @caller_ip_geo = args[:caller_ip_geo] if args.key?(:caller_ip_geo)
+ @method_name = args[:method_name] if args.key?(:method_name)
+ @principal_email = args[:principal_email] if args.key?(:principal_email)
+ @service_name = args[:service_name] if args.key?(:service_name)
+ @user_agent_family = args[:user_agent_family] if args.key?(:user_agent_family)
+ end
+ end
+
# Configuration of a module.
class Config
include Google::Apis::Core::Hashable
# The state of enablement for the module at its level of the resource hierarchy.
@@ -289,10 +340,15 @@
# enforcement. For example, a cross-site scripting (XSS) vulnerability in an App
# Engine application is a finding.
class Finding
include Google::Apis::Core::Hashable
+ # Represents an access event.
+ # Corresponds to the JSON property `access`
+ # @return [Google::Apis::SecuritycenterV1beta2::Access]
+ attr_accessor :access
+
# The canonical name of the finding. It's either "organizations/`organization_id`
# /sources/`source_id`/findings/`finding_id`", "folders/`folder_id`/sources/`
# source_id`/findings/`finding_id`" or "projects/`project_number`/sources/`
# source_id`/findings/`finding_id`", depending on the closest CRM ancestor of
# the resource associated with the finding.
@@ -345,10 +401,16 @@
# Reference: https://en.wikipedia.org/wiki/Indicator_of_compromise
# Corresponds to the JSON property `indicator`
# @return [Google::Apis::SecuritycenterV1beta2::Indicator]
attr_accessor :indicator
+ # MITRE ATT&CK tactics and techniques related to this finding. See: https://
+ # attack.mitre.org
+ # Corresponds to the JSON property `mitreAttack`
+ # @return [Google::Apis::SecuritycenterV1beta2::MitreAttack]
+ attr_accessor :mitre_attack
+
# Indicates the mute state of a finding (either unspecified, muted, unmuted or
# undefined).
# Corresponds to the JSON property `mute`
# @return [String]
attr_accessor :mute
@@ -425,18 +487,20 @@
update!(**args)
end
# Update properties of this object
def update!(**args)
+ @access = args[:access] if args.key?(:access)
@canonical_name = args[:canonical_name] if args.key?(:canonical_name)
@category = args[:category] if args.key?(:category)
@create_time = args[:create_time] if args.key?(:create_time)
@event_time = args[:event_time] if args.key?(:event_time)
@external_systems = args[:external_systems] if args.key?(:external_systems)
@external_uri = args[:external_uri] if args.key?(:external_uri)
@finding_class = args[:finding_class] if args.key?(:finding_class)
@indicator = args[:indicator] if args.key?(:indicator)
+ @mitre_attack = args[:mitre_attack] if args.key?(:mitre_attack)
@mute = args[:mute] if args.key?(:mute)
@mute_initiator = args[:mute_initiator] if args.key?(:mute_initiator)
@mute_update_time = args[:mute_update_time] if args.key?(:mute_update_time)
@name = args[:name] if args.key?(:name)
@parent = args[:parent] if args.key?(:parent)
@@ -473,10 +537,42 @@
@resource_folder = args[:resource_folder] if args.key?(:resource_folder)
@resource_folder_display_name = args[:resource_folder_display_name] if args.key?(:resource_folder_display_name)
end
end
+ # Represents a geographical location for a given access.
+ class Geolocation
+ include Google::Apis::Core::Hashable
+
+ # A CLDR.
+ # Corresponds to the JSON property `regionCode`
+ # @return [String]
+ attr_accessor :region_code
+
+ def initialize(**args)
+ update!(**args)
+ end
+
+ # Update properties of this object
+ def update!(**args)
+ @region_code = args[:region_code] if args.key?(:region_code)
+ end
+ end
+
+ # The response to a BulkMute request. Contains the LRO information.
+ class GoogleCloudSecuritycenterV1BulkMuteFindingsResponse
+ include Google::Apis::Core::Hashable
+
+ def initialize(**args)
+ update!(**args)
+ end
+
+ # Update properties of this object
+ def update!(**args)
+ end
+ end
+
# Representation of third party SIEM/SOAR fields within SCC.
class GoogleCloudSecuritycenterV1ExternalSystem
include Google::Apis::Core::Hashable
# References primary/secondary etc assignees in the external system.
@@ -1067,9 +1163,59 @@
# Update properties of this object
def update!(**args)
@domains = args[:domains] if args.key?(:domains)
@ip_addresses = args[:ip_addresses] if args.key?(:ip_addresses)
+ end
+ end
+
+ # MITRE ATT&CK tactics and techniques related to this finding. See: https://
+ # attack.mitre.org
+ class MitreAttack
+ include Google::Apis::Core::Hashable
+
+ # Additional MITRE ATT&CK tactics related to this finding, if any.
+ # Corresponds to the JSON property `additionalTactics`
+ # @return [Array<String>]
+ attr_accessor :additional_tactics
+
+ # Additional MITRE ATT&CK techniques related to this finding, if any, along with
+ # any of their respective parent techniques.
+ # Corresponds to the JSON property `additionalTechniques`
+ # @return [Array<String>]
+ attr_accessor :additional_techniques
+
+ # The MITRE ATT&CK tactic most closely represented by this finding, if any.
+ # Corresponds to the JSON property `primaryTactic`
+ # @return [String]
+ attr_accessor :primary_tactic
+
+ # The MITRE ATT&CK technique most closely represented by this finding, if any.
+ # primary_techniques is a repeated field because there are multiple levels of
+ # MITRE ATT&CK techniques. If the technique most closely represented by this
+ # finding is a sub-technique (e.g. SCANNING_IP_BLOCKS), both the sub-technique
+ # and its parent technique(s) will be listed (e.g. SCANNING_IP_BLOCKS,
+ # ACTIVE_SCANNING).
+ # Corresponds to the JSON property `primaryTechniques`
+ # @return [Array<String>]
+ attr_accessor :primary_techniques
+
+ # The MITRE ATT&CK version referenced by the above fields. E.g. "8".
+ # Corresponds to the JSON property `version`
+ # @return [String]
+ attr_accessor :version
+
+ def initialize(**args)
+ update!(**args)
+ end
+
+ # Update properties of this object
+ def update!(**args)
+ @additional_tactics = args[:additional_tactics] if args.key?(:additional_tactics)
+ @additional_techniques = args[:additional_techniques] if args.key?(:additional_techniques)
+ @primary_tactic = args[:primary_tactic] if args.key?(:primary_tactic)
+ @primary_techniques = args[:primary_techniques] if args.key?(:primary_techniques)
+ @version = args[:version] if args.key?(:version)
end
end
# Additional Links
class Reference