lib/google/apis/securitycenter_v1beta2/classes.rb in google-apis-securitycenter_v1beta2-0.25.0 vs lib/google/apis/securitycenter_v1beta2/classes.rb in google-apis-securitycenter_v1beta2-0.26.0
- old
+ new
@@ -412,10 +412,35 @@
@start_time = args[:start_time] if args.key?(:start_time)
@type = args[:type] if args.key?(:type)
end
end
+ # Memory hash detection contributing to the binary family match.
+ class Detection
+ include Google::Apis::Core::Hashable
+
+ # The name of the binary associated with the memory hash signature detection.
+ # Corresponds to the JSON property `binary`
+ # @return [String]
+ attr_accessor :binary
+
+ # The percentage of memory page hashes in the signature that were matched.
+ # Corresponds to the JSON property `percentPagesMatched`
+ # @return [Float]
+ attr_accessor :percent_pages_matched
+
+ def initialize(**args)
+ update!(**args)
+ end
+
+ # Update properties of this object
+ def update!(**args)
+ @binary = args[:binary] if args.key?(:binary)
+ @percent_pages_matched = args[:percent_pages_matched] if args.key?(:percent_pages_matched)
+ end
+ end
+
# EnvironmentVariable is a name-value pair to store environment variables for
# Process.
class EnvironmentVariable
include Google::Apis::Core::Hashable
@@ -1590,21 +1615,53 @@
# List of ip addresses associated to the Finding.
# Corresponds to the JSON property `ipAddresses`
# @return [Array<String>]
attr_accessor :ip_addresses
+ # The list of matched signatures indicating that the given process is present in
+ # the environment.
+ # Corresponds to the JSON property `signatures`
+ # @return [Array<Google::Apis::SecuritycenterV1beta2::ProcessSignature>]
+ attr_accessor :signatures
+
def initialize(**args)
update!(**args)
end
# Update properties of this object
def update!(**args)
@domains = args[:domains] if args.key?(:domains)
@ip_addresses = args[:ip_addresses] if args.key?(:ip_addresses)
+ @signatures = args[:signatures] if args.key?(:signatures)
end
end
+ # A signature corresponding to memory page hashes.
+ class MemoryHashSignature
+ include Google::Apis::Core::Hashable
+
+ # The binary family.
+ # Corresponds to the JSON property `binaryFamily`
+ # @return [String]
+ attr_accessor :binary_family
+
+ # The list of memory hash detections contributing to the binary family match.
+ # Corresponds to the JSON property `detections`
+ # @return [Array<Google::Apis::SecuritycenterV1beta2::Detection>]
+ attr_accessor :detections
+
+ def initialize(**args)
+ update!(**args)
+ end
+
+ # Update properties of this object
+ def update!(**args)
+ @binary_family = args[:binary_family] if args.key?(:binary_family)
+ @detections = args[:detections] if args.key?(:detections)
+ end
+ end
+
# MITRE ATT&CK tactics and techniques related to this finding. See: https://
# attack.mitre.org
class MitreAttack
include Google::Apis::Core::Hashable
@@ -1716,10 +1773,16 @@
# File information for libraries loaded by the process.
# Corresponds to the JSON property `libraries`
# @return [Array<Google::Apis::SecuritycenterV1beta2::File>]
attr_accessor :libraries
+ # The process name visible in utilities like top and ps; it can be accessed via /
+ # proc/[pid]/comm and changed with prctl(PR_SET_NAME).
+ # Corresponds to the JSON property `name`
+ # @return [String]
+ attr_accessor :name
+
# The parent process id.
# Corresponds to the JSON property `parentPid`
# @return [Fixnum]
attr_accessor :parent_pid
@@ -1744,16 +1807,42 @@
@arguments_truncated = args[:arguments_truncated] if args.key?(:arguments_truncated)
@binary = args[:binary] if args.key?(:binary)
@env_variables = args[:env_variables] if args.key?(:env_variables)
@env_variables_truncated = args[:env_variables_truncated] if args.key?(:env_variables_truncated)
@libraries = args[:libraries] if args.key?(:libraries)
+ @name = args[:name] if args.key?(:name)
@parent_pid = args[:parent_pid] if args.key?(:parent_pid)
@pid = args[:pid] if args.key?(:pid)
@script = args[:script] if args.key?(:script)
end
end
+ # Indicates what signature matched this process.
+ class ProcessSignature
+ include Google::Apis::Core::Hashable
+
+ # A signature corresponding to memory page hashes.
+ # Corresponds to the JSON property `memoryHashSignature`
+ # @return [Google::Apis::SecuritycenterV1beta2::MemoryHashSignature]
+ attr_accessor :memory_hash_signature
+
+ # A signature corresponding to a YARA rule.
+ # Corresponds to the JSON property `yaraRuleSignature`
+ # @return [Google::Apis::SecuritycenterV1beta2::YaraRuleSignature]
+ attr_accessor :yara_rule_signature
+
+ def initialize(**args)
+ update!(**args)
+ end
+
+ # Update properties of this object
+ def update!(**args)
+ @memory_hash_signature = args[:memory_hash_signature] if args.key?(:memory_hash_signature)
+ @yara_rule_signature = args[:yara_rule_signature] if args.key?(:yara_rule_signature)
+ end
+ end
+
# Additional Links
class Reference
include Google::Apis::Core::Hashable
# Source of the reference e.g. NVD
@@ -2058,9 +2147,28 @@
def update!(**args)
@modules = args[:modules] if args.key?(:modules)
@name = args[:name] if args.key?(:name)
@service_enablement_state = args[:service_enablement_state] if args.key?(:service_enablement_state)
@update_time = args[:update_time] if args.key?(:update_time)
+ end
+ end
+
+ # A signature corresponding to a YARA rule.
+ class YaraRuleSignature
+ include Google::Apis::Core::Hashable
+
+ # The name of the YARA rule.
+ # Corresponds to the JSON property `yaraRule`
+ # @return [String]
+ attr_accessor :yara_rule
+
+ def initialize(**args)
+ update!(**args)
+ end
+
+ # Update properties of this object
+ def update!(**args)
+ @yara_rule = args[:yara_rule] if args.key?(:yara_rule)
end
end
end
end
end