lib/google/apis/securitycenter_v1beta2/classes.rb in google-apis-securitycenter_v1beta2-0.46.0 vs lib/google/apis/securitycenter_v1beta2/classes.rb in google-apis-securitycenter_v1beta2-0.47.0

- old
+ new

@@ -40,65 +40,65 @@ # Corresponds to the JSON property `methodName` # @return [String] attr_accessor :method_name # Associated email, such as "foo@google.com". The email address of the - # authenticated user (or service account on behalf of third party principal) - # making the request. For third party identity callers, the `principal_subject` - # field is populated instead of this field. For privacy reasons, the principal - # email address is sometimes redacted. For more information, see [Caller - # identities in audit logs](https://cloud.google.com/logging/docs/audit#user-id). + # authenticated user or a service account acting on behalf of a third party + # principal making the request. For third party identity callers, the ` + # principal_subject` field is populated instead of this field. For privacy + # reasons, the principal email address is sometimes redacted. For more + # information, see [Caller identities in audit logs](https://cloud.google.com/ + # logging/docs/audit#user-id). # Corresponds to the JSON property `principalEmail` # @return [String] attr_accessor :principal_email - # A string representing the principal_subject associated with the identity. As - # compared to `principal_email`, supports principals that aren't associated with - # email addresses, such as third party principals. For most identities, the - # format will be `principal://iam.googleapis.com/`identity pool name`/subjects/` - # subject`` except for some GKE identities (GKE_WORKLOAD, FREEFORM, - # GKE_HUB_WORKLOAD) that are still in the legacy format `serviceAccount:` - # identity pool name`[`subject`]` + # A string that represents the principal_subject that is associated with the + # identity. Unlike `principal_email`, `principal_subject` supports principals + # that aren't associated with email addresses, such as third party principals. + # For most identities, the format is `principal://iam.googleapis.com/`identity + # pool name`/subject/`subject``. Some GKE identities, such as GKE_WORKLOAD, + # FREEFORM, and GKE_HUB_WORKLOAD, still use the legacy format `serviceAccount:` + # identity pool name`[`subject`]`. # Corresponds to the JSON property `principalSubject` # @return [String] attr_accessor :principal_subject - # Identity delegation history of an authenticated service account that makes the - # request. It contains information on the real authorities that try to access - # GCP resources by delegating on a service account. When multiple authorities - # are present, they are guaranteed to be sorted based on the original ordering - # of the identity delegation events. + # The identity delegation history of an authenticated service account that made + # the request. The `serviceAccountDelegationInfo[]` object contains information + # about the real authorities that try to access Google Cloud resources by + # delegating on a service account. When multiple authorities are present, they + # are guaranteed to be sorted based on the original ordering of the identity + # delegation events. # Corresponds to the JSON property `serviceAccountDelegationInfo` # @return [Array<Google::Apis::SecuritycenterV1beta2::ServiceAccountDelegationInfo>] attr_accessor :service_account_delegation_info - # The name of the service account key used to create or exchange credentials for - # authenticating the service account making the request. This is a scheme-less - # URI full resource name. For example: "//iam.googleapis.com/projects/` - # PROJECT_ID`/serviceAccounts/`ACCOUNT`/keys/`key`" + # The name of the service account key that was used to create or exchange + # credentials when authenticating the service account that made the request. + # This is a scheme-less URI full resource name. For example: "//iam.googleapis. + # com/projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT`/keys/`key`". # Corresponds to the JSON property `serviceAccountKeyName` # @return [String] attr_accessor :service_account_key_name # This is the API service that the service account made a call to, e.g. "iam. # googleapis.com" # Corresponds to the JSON property `serviceName` # @return [String] attr_accessor :service_name - # What kind of user agent is associated, for example operating system shells, - # embedded or stand-alone applications, etc. + # Type of user agent associated with the finding. For example, an operating + # system shell or an embedded or standalone application. # Corresponds to the JSON property `userAgentFamily` # @return [String] attr_accessor :user_agent_family - # A string that represents the username of a user, user account, or other entity - # involved in the access event. What the entity is and what its role in the - # access event is depends on the finding that this field appears in. The entity - # is likely not an IAM principal, but could be a user that is logged into an - # operating system, if the finding is VM-related, or a user that is logged into - # some type of application that is involved in the access event. + # A string that represents a username. The username provided depends on the type + # of the finding and is likely not an IAM principal. For example, this can be a + # system username if the finding is related to a virtual machine, or it can be + # an application login username. # Corresponds to the JSON property `userName` # @return [String] attr_accessor :user_name def initialize(**args) @@ -821,10 +821,64 @@ @sources = args[:sources] if args.key?(:sources) @targets = args[:targets] if args.key?(:targets) end end + # Represents a textual expression in the Common Expression Language (CEL) syntax. + # CEL is a C-like expression language. The syntax and semantics of CEL are + # documented at https://github.com/google/cel-spec. Example (Comparison): title: + # "Summary size limit" description: "Determines if a summary is less than 100 + # chars" expression: "document.summary.size() < 100" Example (Equality): title: " + # Requestor is owner" description: "Determines if requestor is the document + # owner" expression: "document.owner == request.auth.claims.email" Example ( + # Logic): title: "Public documents" description: "Determine whether the document + # should be publicly visible" expression: "document.type != 'private' && + # document.type != 'internal'" Example (Data Manipulation): title: "Notification + # string" description: "Create a notification string with a timestamp." + # expression: "'New message received at ' + string(document.create_time)" The + # exact variables and functions that may be referenced within an expression are + # determined by the service that evaluates it. See the service documentation for + # additional information. + class Expr + include Google::Apis::Core::Hashable + + # Optional. Description of the expression. This is a longer text which describes + # the expression, e.g. when hovered over it in a UI. + # Corresponds to the JSON property `description` + # @return [String] + attr_accessor :description + + # Textual representation of an expression in Common Expression Language syntax. + # Corresponds to the JSON property `expression` + # @return [String] + attr_accessor :expression + + # Optional. String indicating the location of the expression for error reporting, + # e.g. a file name and a position in the file. + # Corresponds to the JSON property `location` + # @return [String] + attr_accessor :location + + # Optional. Title for the expression, i.e. a short string describing its purpose. + # This can be used e.g. in UIs which allow to enter the expression. + # Corresponds to the JSON property `title` + # @return [String] + attr_accessor :title + + def initialize(**args) + update!(**args) + end + + # Update properties of this object + def update!(**args) + @description = args[:description] if args.key?(:description) + @expression = args[:expression] if args.key?(:expression) + @location = args[:location] if args.key?(:location) + @title = args[:title] if args.key?(:title) + end + end + # File information about the related binary/library used by an executable, or # the script used by a script interpreter class File include Google::Apis::Core::Hashable @@ -937,11 +991,11 @@ # person2@company.com" ` ] ` ` # Corresponds to the JSON property `contacts` # @return [Hash<String,Google::Apis::SecuritycenterV1beta2::ContactDetails>] attr_accessor :contacts - # Containers associated with the finding. containers provides information for + # Containers associated with the finding. This field provides information for # both Kubernetes and non-Kubernetes containers. # Corresponds to the JSON property `containers` # @return [Array<Google::Apis::SecuritycenterV1beta2::Container>] attr_accessor :containers @@ -958,11 +1012,11 @@ # cases only the display name will be provided. # Corresponds to the JSON property `database` # @return [Google::Apis::SecuritycenterV1beta2::Database] attr_accessor :database - # Contains more detail about the finding. + # Contains more details about the finding. # Corresponds to the JSON property `description` # @return [String] attr_accessor :description # The time the finding was first detected. If an existing finding is updated, @@ -1003,11 +1057,11 @@ # The class of the finding. # Corresponds to the JSON property `findingClass` # @return [String] attr_accessor :finding_class - # Represents IAM bindings associated with the Finding. + # Represents IAM bindings associated with the finding. # Corresponds to the JSON property `iamBindings` # @return [Array<Google::Apis::SecuritycenterV1beta2::IamBinding>] attr_accessor :iam_bindings # Represents what's commonly known as an _indicator of compromise_ (IoC) in @@ -1046,31 +1100,32 @@ # value of mute. # Corresponds to the JSON property `mute` # @return [String] attr_accessor :mute - # First known as mute_annotation. Records additional information about the mute - # operation e.g. mute config that muted the finding, user who muted the finding, - # etc. Unlike other attributes of a finding, a finding provider shouldn't set - # the value of mute. + # Records additional information about the mute operation, for example, the [ + # mute configuration](/security-command-center/docs/how-to-mute-findings) that + # muted the finding and the user who muted the finding. # Corresponds to the JSON property `muteInitiator` # @return [String] attr_accessor :mute_initiator # Output only. The most recent time this finding was muted or unmuted. # Corresponds to the JSON property `muteUpdateTime` # @return [String] attr_accessor :mute_update_time - # The relative resource name of this finding. See: https://cloud.google.com/apis/ - # design/resource_names#relative_resource_name Example: "organizations/` - # organization_id`/sources/`source_id`/findings/`finding_id`" + # The [relative resource name](https://cloud.google.com/apis/design/ + # resource_names#relative_resource_name) of the finding. Example: "organizations/ + # `organization_id`/sources/`source_id`/findings/`finding_id`", "folders/` + # folder_id`/sources/`source_id`/findings/`finding_id`", "projects/`project_id`/ + # sources/`source_id`/findings/`finding_id`". # Corresponds to the JSON property `name` # @return [String] attr_accessor :name - # Next steps associate to the finding. + # Steps to address the finding. # Corresponds to the JSON property `nextSteps` # @return [String] attr_accessor :next_steps # The relative resource name of the source the finding belongs to. See: https:// @@ -1357,10 +1412,160 @@ # Update properties of this object def update!(**args) end end + # Defines the properties in a custom module configuration for Security Health + # Analytics. Use the custom module configuration to create custom detectors that + # generate custom findings for resources that you specify. + class GoogleCloudSecuritycenterV1CustomConfig + include Google::Apis::Core::Hashable + + # A set of optional name-value pairs that define custom source properties to + # return with each finding that is generated by the custom module. The custom + # source properties that are defined here are included in the finding JSON under + # `sourceProperties`. + # Corresponds to the JSON property `customOutput` + # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV1CustomOutputSpec] + attr_accessor :custom_output + + # Text that describes the vulnerability or misconfiguration that the custom + # module detects. This explanation is returned with each finding instance to + # help investigators understand the detected issue. The text must be enclosed in + # quotation marks. + # Corresponds to the JSON property `description` + # @return [String] + attr_accessor :description + + # Represents a textual expression in the Common Expression Language (CEL) syntax. + # CEL is a C-like expression language. The syntax and semantics of CEL are + # documented at https://github.com/google/cel-spec. Example (Comparison): title: + # "Summary size limit" description: "Determines if a summary is less than 100 + # chars" expression: "document.summary.size() < 100" Example (Equality): title: " + # Requestor is owner" description: "Determines if requestor is the document + # owner" expression: "document.owner == request.auth.claims.email" Example ( + # Logic): title: "Public documents" description: "Determine whether the document + # should be publicly visible" expression: "document.type != 'private' && + # document.type != 'internal'" Example (Data Manipulation): title: "Notification + # string" description: "Create a notification string with a timestamp." + # expression: "'New message received at ' + string(document.create_time)" The + # exact variables and functions that may be referenced within an expression are + # determined by the service that evaluates it. See the service documentation for + # additional information. + # Corresponds to the JSON property `predicate` + # @return [Google::Apis::SecuritycenterV1beta2::Expr] + attr_accessor :predicate + + # An explanation of the recommended steps that security teams can take to + # resolve the detected issue. This explanation is returned with each finding + # generated by this module in the `nextSteps` property of the finding JSON. + # Corresponds to the JSON property `recommendation` + # @return [String] + attr_accessor :recommendation + + # Resource for selecting resource type. + # Corresponds to the JSON property `resourceSelector` + # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV1ResourceSelector] + attr_accessor :resource_selector + + # The severity to assign to findings generated by the module. + # Corresponds to the JSON property `severity` + # @return [String] + attr_accessor :severity + + def initialize(**args) + update!(**args) + end + + # Update properties of this object + def update!(**args) + @custom_output = args[:custom_output] if args.key?(:custom_output) + @description = args[:description] if args.key?(:description) + @predicate = args[:predicate] if args.key?(:predicate) + @recommendation = args[:recommendation] if args.key?(:recommendation) + @resource_selector = args[:resource_selector] if args.key?(:resource_selector) + @severity = args[:severity] if args.key?(:severity) + end + end + + # A set of optional name-value pairs that define custom source properties to + # return with each finding that is generated by the custom module. The custom + # source properties that are defined here are included in the finding JSON under + # `sourceProperties`. + class GoogleCloudSecuritycenterV1CustomOutputSpec + include Google::Apis::Core::Hashable + + # A list of custom output properties to add to the finding. + # Corresponds to the JSON property `properties` + # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV1Property>] + attr_accessor :properties + + def initialize(**args) + update!(**args) + end + + # Update properties of this object + def update!(**args) + @properties = args[:properties] if args.key?(:properties) + end + end + + # An EffectiveSecurityHealthAnalyticsCustomModule is the representation of a + # Security Health Analytics custom module at a specified level of the resource + # hierarchy: organization, folder, or project. If a custom module is inherited + # from a parent organization or folder, the value of the `enablementState` + # property in EffectiveSecurityHealthAnalyticsCustomModule is set to the value + # that is effective in the parent, instead of `INHERITED`. For example, if the + # module is enabled in a parent organization or folder, the effective + # enablement_state for the module in all child folders or projects is also ` + # enabled`. EffectiveSecurityHealthAnalyticsCustomModule is read-only. + class GoogleCloudSecuritycenterV1EffectiveSecurityHealthAnalyticsCustomModule + include Google::Apis::Core::Hashable + + # Defines the properties in a custom module configuration for Security Health + # Analytics. Use the custom module configuration to create custom detectors that + # generate custom findings for resources that you specify. + # Corresponds to the JSON property `customConfig` + # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV1CustomConfig] + attr_accessor :custom_config + + # Output only. The display name for the custom module. The name must be between + # 1 and 128 characters, start with a lowercase letter, and contain alphanumeric + # characters or underscores only. + # Corresponds to the JSON property `displayName` + # @return [String] + attr_accessor :display_name + + # Output only. The effective state of enablement for the module at the given + # level of the hierarchy. + # Corresponds to the JSON property `enablementState` + # @return [String] + attr_accessor :enablement_state + + # Output only. The resource name of the custom module. Its format is " + # organizations/`organization`/securityHealthAnalyticsSettings/ + # effectiveCustomModules/`customModule`", or "folders/`folder`/ + # securityHealthAnalyticsSettings/effectiveCustomModules/`customModule`", or " + # projects/`project`/securityHealthAnalyticsSettings/effectiveCustomModules/` + # customModule`" + # Corresponds to the JSON property `name` + # @return [String] + attr_accessor :name + + def initialize(**args) + update!(**args) + end + + # Update properties of this object + def update!(**args) + @custom_config = args[:custom_config] if args.key?(:custom_config) + @display_name = args[:display_name] if args.key?(:display_name) + @enablement_state = args[:enablement_state] if args.key?(:enablement_state) + @name = args[:name] if args.key?(:name) + end + end + # Representation of third party SIEM/SOAR fields within SCC. class GoogleCloudSecuritycenterV1ExternalSystem include Google::Apis::Core::Hashable # References primary/secondary etc assignees in the external system. @@ -1512,10 +1717,49 @@ @notification_config_name = args[:notification_config_name] if args.key?(:notification_config_name) @resource = args[:resource] if args.key?(:resource) end end + # An individual name-value pair that defines a custom source property. + class GoogleCloudSecuritycenterV1Property + include Google::Apis::Core::Hashable + + # Name of the property for the custom output. + # Corresponds to the JSON property `name` + # @return [String] + attr_accessor :name + + # Represents a textual expression in the Common Expression Language (CEL) syntax. + # CEL is a C-like expression language. The syntax and semantics of CEL are + # documented at https://github.com/google/cel-spec. Example (Comparison): title: + # "Summary size limit" description: "Determines if a summary is less than 100 + # chars" expression: "document.summary.size() < 100" Example (Equality): title: " + # Requestor is owner" description: "Determines if requestor is the document + # owner" expression: "document.owner == request.auth.claims.email" Example ( + # Logic): title: "Public documents" description: "Determine whether the document + # should be publicly visible" expression: "document.type != 'private' && + # document.type != 'internal'" Example (Data Manipulation): title: "Notification + # string" description: "Create a notification string with a timestamp." + # expression: "'New message received at ' + string(document.create_time)" The + # exact variables and functions that may be referenced within an expression are + # determined by the service that evaluates it. See the service documentation for + # additional information. + # Corresponds to the JSON property `valueExpression` + # @return [Google::Apis::SecuritycenterV1beta2::Expr] + attr_accessor :value_expression + + def initialize(**args) + update!(**args) + end + + # Update properties of this object + def update!(**args) + @name = args[:name] if args.key?(:name) + @value_expression = args[:value_expression] if args.key?(:value_expression) + end + end + # Information related to the Google Cloud resource. class GoogleCloudSecuritycenterV1Resource include Google::Apis::Core::Hashable # The human readable name of the resource. @@ -1576,10 +1820,29 @@ @project_display_name = args[:project_display_name] if args.key?(:project_display_name) @type = args[:type] if args.key?(:type) end end + # Resource for selecting resource type. + class GoogleCloudSecuritycenterV1ResourceSelector + include Google::Apis::Core::Hashable + + # The resource types to run the detector on. + # Corresponds to the JSON property `resourceTypes` + # @return [Array<String>] + attr_accessor :resource_types + + def initialize(**args) + update!(**args) + end + + # Update properties of this object + def update!(**args) + @resource_types = args[:resource_types] if args.key?(:resource_types) + end + end + # Response of asset discovery run class GoogleCloudSecuritycenterV1RunAssetDiscoveryResponse include Google::Apis::Core::Hashable # The duration between asset discovery run start and end @@ -1598,9 +1861,83 @@ # Update properties of this object def update!(**args) @duration = args[:duration] if args.key?(:duration) @state = args[:state] if args.key?(:state) + end + end + + # Represents an instance of a Security Health Analytics custom module, including + # its full module name, display name, enablement state, and last updated time. + # You can create a custom module at the organization, folder, or project level. + # Custom modules that you create at the organization or folder level are + # inherited by the child folders and projects. + class GoogleCloudSecuritycenterV1SecurityHealthAnalyticsCustomModule + include Google::Apis::Core::Hashable + + # Output only. If empty, indicates that the custom module was created in the + # organization, folder, or project in which you are viewing the custom module. + # Otherwise, `ancestor_module` specifies the organization or folder from which + # the custom module is inherited. + # Corresponds to the JSON property `ancestorModule` + # @return [String] + attr_accessor :ancestor_module + + # Defines the properties in a custom module configuration for Security Health + # Analytics. Use the custom module configuration to create custom detectors that + # generate custom findings for resources that you specify. + # Corresponds to the JSON property `customConfig` + # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV1CustomConfig] + attr_accessor :custom_config + + # The display name of the Security Health Analytics custom module. This display + # name becomes the finding category for all findings that are returned by this + # custom module. The display name must be between 1 and 128 characters, start + # with a lowercase letter, and contain alphanumeric characters or underscores + # only. + # Corresponds to the JSON property `displayName` + # @return [String] + attr_accessor :display_name + + # The enablement state of the custom module. + # Corresponds to the JSON property `enablementState` + # @return [String] + attr_accessor :enablement_state + + # Output only. The editor that last updated the custom module. + # Corresponds to the JSON property `lastEditor` + # @return [String] + attr_accessor :last_editor + + # Immutable. The resource name of the custom module. Its format is " + # organizations/`organization`/securityHealthAnalyticsSettings/customModules/` + # customModule`", or "folders/`folder`/securityHealthAnalyticsSettings/ + # customModules/`customModule`", or "projects/`project`/ + # securityHealthAnalyticsSettings/customModules/`customModule`" The id ` + # customModule` is server-generated and is not user settable. It will be a + # numeric id containing 1-20 digits. + # Corresponds to the JSON property `name` + # @return [String] + attr_accessor :name + + # Output only. The time at which the custom module was last updated. + # Corresponds to the JSON property `updateTime` + # @return [String] + attr_accessor :update_time + + def initialize(**args) + update!(**args) + end + + # Update properties of this object + def update!(**args) + @ancestor_module = args[:ancestor_module] if args.key?(:ancestor_module) + @custom_config = args[:custom_config] if args.key?(:custom_config) + @display_name = args[:display_name] if args.key?(:display_name) + @enablement_state = args[:enablement_state] if args.key?(:enablement_state) + @last_editor = args[:last_editor] if args.key?(:last_editor) + @name = args[:name] if args.key?(:name) + @update_time = args[:update_time] if args.key?(:update_time) end end # Response of asset discovery run class GoogleCloudSecuritycenterV1beta1RunAssetDiscoveryResponse