lib/google/apis/securitycenter_v1beta2/classes.rb in google-apis-securitycenter_v1beta2-0.57.0 vs lib/google/apis/securitycenter_v1beta2/classes.rb in google-apis-securitycenter_v1beta2-0.58.0
- old
+ new
@@ -390,10 +390,72 @@
@standard = args[:standard] if args.key?(:standard)
@version = args[:version] if args.key?(:version)
end
end
+ # Result containing the properties and count of a ComplianceSnapshot request.
+ class ComplianceSnapshot
+ include Google::Apis::Core::Hashable
+
+ # The category of Findings matching.
+ # Corresponds to the JSON property `category`
+ # @return [String]
+ attr_accessor :category
+
+ # The compliance standard (ie CIS).
+ # Corresponds to the JSON property `complianceStandard`
+ # @return [String]
+ attr_accessor :compliance_standard
+
+ # The compliance version (ie 1.3) in CIS 1.3.
+ # Corresponds to the JSON property `complianceVersion`
+ # @return [String]
+ attr_accessor :compliance_version
+
+ # Total count of findings for the given properties.
+ # Corresponds to the JSON property `count`
+ # @return [Fixnum]
+ attr_accessor :count
+
+ # The leaf container resource name that is closest to the snapshot.
+ # Corresponds to the JSON property `leafContainerResource`
+ # @return [String]
+ attr_accessor :leaf_container_resource
+
+ # The compliance snapshot name. Format: //sources//complianceSnapshots/
+ # Corresponds to the JSON property `name`
+ # @return [String]
+ attr_accessor :name
+
+ # The CRM resource display name that is closest to the snapshot the Findings
+ # belong to.
+ # Corresponds to the JSON property `projectDisplayName`
+ # @return [String]
+ attr_accessor :project_display_name
+
+ # The snapshot time of the snapshot.
+ # Corresponds to the JSON property `snapshotTime`
+ # @return [String]
+ attr_accessor :snapshot_time
+
+ def initialize(**args)
+ update!(**args)
+ end
+
+ # Update properties of this object
+ def update!(**args)
+ @category = args[:category] if args.key?(:category)
+ @compliance_standard = args[:compliance_standard] if args.key?(:compliance_standard)
+ @compliance_version = args[:compliance_version] if args.key?(:compliance_version)
+ @count = args[:count] if args.key?(:count)
+ @leaf_container_resource = args[:leaf_container_resource] if args.key?(:leaf_container_resource)
+ @name = args[:name] if args.key?(:name)
+ @project_display_name = args[:project_display_name] if args.key?(:project_display_name)
+ @snapshot_time = args[:snapshot_time] if args.key?(:snapshot_time)
+ end
+ end
+
# Configuration of a module.
class Config
include Google::Apis::Core::Hashable
# The state of enablement for the module at its level of the resource hierarchy.
@@ -2522,12 +2584,2512 @@
@marks = args[:marks] if args.key?(:marks)
@name = args[:name] if args.key?(:name)
end
end
+ # Represents an access event.
+ class GoogleCloudSecuritycenterV2Access
+ include Google::Apis::Core::Hashable
+
+ # Caller's IP address, such as "1.1.1.1".
+ # Corresponds to the JSON property `callerIp`
+ # @return [String]
+ attr_accessor :caller_ip
+
+ # Represents a geographical location for a given access.
+ # Corresponds to the JSON property `callerIpGeo`
+ # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Geolocation]
+ attr_accessor :caller_ip_geo
+
+ # The method that the service account called, e.g. "SetIamPolicy".
+ # Corresponds to the JSON property `methodName`
+ # @return [String]
+ attr_accessor :method_name
+
+ # Associated email, such as "foo@google.com". The email address of the
+ # authenticated user or a service account acting on behalf of a third party
+ # principal making the request. For third party identity callers, the `
+ # principal_subject` field is populated instead of this field. For privacy
+ # reasons, the principal email address is sometimes redacted. For more
+ # information, see [Caller identities in audit logs](https://cloud.google.com/
+ # logging/docs/audit#user-id).
+ # Corresponds to the JSON property `principalEmail`
+ # @return [String]
+ attr_accessor :principal_email
+
+ # A string that represents the principal_subject that is associated with the
+ # identity. Unlike `principal_email`, `principal_subject` supports principals
+ # that aren't associated with email addresses, such as third party principals.
+ # For most identities, the format is `principal://iam.googleapis.com/`identity
+ # pool name`/subject/`subject``. Some GKE identities, such as GKE_WORKLOAD,
+ # FREEFORM, and GKE_HUB_WORKLOAD, still use the legacy format `serviceAccount:`
+ # identity pool name`[`subject`]`.
+ # Corresponds to the JSON property `principalSubject`
+ # @return [String]
+ attr_accessor :principal_subject
+
+ # The identity delegation history of an authenticated service account that made
+ # the request. The `serviceAccountDelegationInfo[]` object contains information
+ # about the real authorities that try to access Google Cloud resources by
+ # delegating on a service account. When multiple authorities are present, they
+ # are guaranteed to be sorted based on the original ordering of the identity
+ # delegation events.
+ # Corresponds to the JSON property `serviceAccountDelegationInfo`
+ # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2ServiceAccountDelegationInfo>]
+ attr_accessor :service_account_delegation_info
+
+ # The name of the service account key that was used to create or exchange
+ # credentials when authenticating the service account that made the request.
+ # This is a scheme-less URI full resource name. For example: "//iam.googleapis.
+ # com/projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT`/keys/`key`".
+ # Corresponds to the JSON property `serviceAccountKeyName`
+ # @return [String]
+ attr_accessor :service_account_key_name
+
+ # This is the API service that the service account made a call to, e.g. "iam.
+ # googleapis.com"
+ # Corresponds to the JSON property `serviceName`
+ # @return [String]
+ attr_accessor :service_name
+
+ # The caller's user agent string associated with the finding.
+ # Corresponds to the JSON property `userAgent`
+ # @return [String]
+ attr_accessor :user_agent
+
+ # Type of user agent associated with the finding. For example, an operating
+ # system shell or an embedded or standalone application.
+ # Corresponds to the JSON property `userAgentFamily`
+ # @return [String]
+ attr_accessor :user_agent_family
+
+ # A string that represents a username. The username provided depends on the type
+ # of the finding and is likely not an IAM principal. For example, this can be a
+ # system username if the finding is related to a virtual machine, or it can be
+ # an application login username.
+ # Corresponds to the JSON property `userName`
+ # @return [String]
+ attr_accessor :user_name
+
+ def initialize(**args)
+ update!(**args)
+ end
+
+ # Update properties of this object
+ def update!(**args)
+ @caller_ip = args[:caller_ip] if args.key?(:caller_ip)
+ @caller_ip_geo = args[:caller_ip_geo] if args.key?(:caller_ip_geo)
+ @method_name = args[:method_name] if args.key?(:method_name)
+ @principal_email = args[:principal_email] if args.key?(:principal_email)
+ @principal_subject = args[:principal_subject] if args.key?(:principal_subject)
+ @service_account_delegation_info = args[:service_account_delegation_info] if args.key?(:service_account_delegation_info)
+ @service_account_key_name = args[:service_account_key_name] if args.key?(:service_account_key_name)
+ @service_name = args[:service_name] if args.key?(:service_name)
+ @user_agent = args[:user_agent] if args.key?(:user_agent)
+ @user_agent_family = args[:user_agent_family] if args.key?(:user_agent_family)
+ @user_name = args[:user_name] if args.key?(:user_name)
+ end
+ end
+
+ # Conveys information about a Kubernetes access review (such as one returned by
+ # a [`kubectl auth can-i`](https://kubernetes.io/docs/reference/access-authn-
+ # authz/authorization/#checking-api-access) command) that was involved in a
+ # finding.
+ class GoogleCloudSecuritycenterV2AccessReview
+ include Google::Apis::Core::Hashable
+
+ # The API group of the resource. "*" means all.
+ # Corresponds to the JSON property `group`
+ # @return [String]
+ attr_accessor :group
+
+ # The name of the resource being requested. Empty means all.
+ # Corresponds to the JSON property `name`
+ # @return [String]
+ attr_accessor :name
+
+ # Namespace of the action being requested. Currently, there is no distinction
+ # between no namespace and all namespaces. Both are represented by "" (empty).
+ # Corresponds to the JSON property `ns`
+ # @return [String]
+ attr_accessor :ns
+
+ # The optional resource type requested. "*" means all.
+ # Corresponds to the JSON property `resource`
+ # @return [String]
+ attr_accessor :resource
+
+ # The optional subresource type.
+ # Corresponds to the JSON property `subresource`
+ # @return [String]
+ attr_accessor :subresource
+
+ # A Kubernetes resource API verb, like get, list, watch, create, update, delete,
+ # proxy. "*" means all.
+ # Corresponds to the JSON property `verb`
+ # @return [String]
+ attr_accessor :verb
+
+ # The API version of the resource. "*" means all.
+ # Corresponds to the JSON property `version`
+ # @return [String]
+ attr_accessor :version
+
+ def initialize(**args)
+ update!(**args)
+ end
+
+ # Update properties of this object
+ def update!(**args)
+ @group = args[:group] if args.key?(:group)
+ @name = args[:name] if args.key?(:name)
+ @ns = args[:ns] if args.key?(:ns)
+ @resource = args[:resource] if args.key?(:resource)
+ @subresource = args[:subresource] if args.key?(:subresource)
+ @verb = args[:verb] if args.key?(:verb)
+ @version = args[:version] if args.key?(:version)
+ end
+ end
+
+ # An attack exposure contains the results of an attack path simulation run.
+ class GoogleCloudSecuritycenterV2AttackExposure
+ include Google::Apis::Core::Hashable
+
+ # The resource name of the attack path simulation result that contains the
+ # details regarding this attack exposure score. Example: organizations/123/
+ # attackExposureResults/456
+ # Corresponds to the JSON property `attackExposureResult`
+ # @return [String]
+ attr_accessor :attack_exposure_result
+
+ # The number of high value resources that are exposed as a result of this
+ # finding.
+ # Corresponds to the JSON property `exposedHighValueResourcesCount`
+ # @return [Fixnum]
+ attr_accessor :exposed_high_value_resources_count
+
+ # The number of high value resources that are exposed as a result of this
+ # finding.
+ # Corresponds to the JSON property `exposedLowValueResourcesCount`
+ # @return [Fixnum]
+ attr_accessor :exposed_low_value_resources_count
+
+ # The number of medium value resources that are exposed as a result of this
+ # finding.
+ # Corresponds to the JSON property `exposedMediumValueResourcesCount`
+ # @return [Fixnum]
+ attr_accessor :exposed_medium_value_resources_count
+
+ # The most recent time the attack exposure was updated on this finding.
+ # Corresponds to the JSON property `latestCalculationTime`
+ # @return [String]
+ attr_accessor :latest_calculation_time
+
+ # A number between 0 (inclusive) and infinity that represents how important this
+ # finding is to remediate. The higher the score, the more important it is to
+ # remediate.
+ # Corresponds to the JSON property `score`
+ # @return [Float]
+ attr_accessor :score
+
+ # Output only. What state this AttackExposure is in. This captures whether or
+ # not an attack exposure has been calculated or not.
+ # Corresponds to the JSON property `state`
+ # @return [String]
+ attr_accessor :state
+
+ def initialize(**args)
+ update!(**args)
+ end
+
+ # Update properties of this object
+ def update!(**args)
+ @attack_exposure_result = args[:attack_exposure_result] if args.key?(:attack_exposure_result)
+ @exposed_high_value_resources_count = args[:exposed_high_value_resources_count] if args.key?(:exposed_high_value_resources_count)
+ @exposed_low_value_resources_count = args[:exposed_low_value_resources_count] if args.key?(:exposed_low_value_resources_count)
+ @exposed_medium_value_resources_count = args[:exposed_medium_value_resources_count] if args.key?(:exposed_medium_value_resources_count)
+ @latest_calculation_time = args[:latest_calculation_time] if args.key?(:latest_calculation_time)
+ @score = args[:score] if args.key?(:score)
+ @state = args[:state] if args.key?(:state)
+ end
+ end
+
+ # Configures how to deliver Findings to BigQuery Instance.
+ class GoogleCloudSecuritycenterV2BigQueryExport
+ include Google::Apis::Core::Hashable
+
+ # Output only. The time at which the BigQuery export was created. This field is
+ # set by the server and will be ignored if provided on export on creation.
+ # Corresponds to the JSON property `createTime`
+ # @return [String]
+ attr_accessor :create_time
+
+ # The dataset to write findings' updates to. Its format is "projects/[project_id]
+ # /datasets/[bigquery_dataset_id]". BigQuery Dataset unique ID must contain only
+ # letters (a-z, A-Z), numbers (0-9), or underscores (_).
+ # Corresponds to the JSON property `dataset`
+ # @return [String]
+ attr_accessor :dataset
+
+ # The description of the export (max of 1024 characters).
+ # Corresponds to the JSON property `description`
+ # @return [String]
+ attr_accessor :description
+
+ # Expression that defines the filter to apply across create/update events of
+ # findings. The expression is a list of zero or more restrictions combined via
+ # logical operators `AND` and `OR`. Parentheses are supported, and `OR` has
+ # higher precedence than `AND`. Restrictions have the form ` ` and may have a `-`
+ # character in front of them to indicate negation. The fields map to those
+ # defined in the corresponding resource. The supported operators are: * `=` for
+ # all value types. * `>`, `<`, `>=`, `<=` for integer values. * `:`, meaning
+ # substring matching, for strings. The supported value types are: * string
+ # literals in quotes. * integer literals without quotes. * boolean literals `
+ # true` and `false` without quotes.
+ # Corresponds to the JSON property `filter`
+ # @return [String]
+ attr_accessor :filter
+
+ # Output only. Email address of the user who last edited the BigQuery export.
+ # This field is set by the server and will be ignored if provided on export
+ # creation or update.
+ # Corresponds to the JSON property `mostRecentEditor`
+ # @return [String]
+ attr_accessor :most_recent_editor
+
+ # The relative resource name of this export. See: https://cloud.google.com/apis/
+ # design/resource_names#relative_resource_name. The following list shows some
+ # examples: + `organizations/`organization_id`/locations/`location_id`/
+ # bigQueryExports/`export_id`` + `folders/`folder_id`/locations/`location_id`/
+ # bigQueryExports/`export_id`` + `projects/`project_id`/locations/`location_id`/
+ # bigQueryExports/`export_id`` This field is provided in responses, and is
+ # ignored when provided in create requests.
+ # Corresponds to the JSON property `name`
+ # @return [String]
+ attr_accessor :name
+
+ # Output only. The service account that needs permission to create table and
+ # upload data to the BigQuery dataset.
+ # Corresponds to the JSON property `principal`
+ # @return [String]
+ attr_accessor :principal
+
+ # Output only. The most recent time at which the BigQuery export was updated.
+ # This field is set by the server and will be ignored if provided on export
+ # creation or update.
+ # Corresponds to the JSON property `updateTime`
+ # @return [String]
+ attr_accessor :update_time
+
+ def initialize(**args)
+ update!(**args)
+ end
+
+ # Update properties of this object
+ def update!(**args)
+ @create_time = args[:create_time] if args.key?(:create_time)
+ @dataset = args[:dataset] if args.key?(:dataset)
+ @description = args[:description] if args.key?(:description)
+ @filter = args[:filter] if args.key?(:filter)
+ @most_recent_editor = args[:most_recent_editor] if args.key?(:most_recent_editor)
+ @name = args[:name] if args.key?(:name)
+ @principal = args[:principal] if args.key?(:principal)
+ @update_time = args[:update_time] if args.key?(:update_time)
+ end
+ end
+
+ # Represents a Kubernetes RoleBinding or ClusterRoleBinding.
+ class GoogleCloudSecuritycenterV2Binding
+ include Google::Apis::Core::Hashable
+
+ # Name for the binding.
+ # Corresponds to the JSON property `name`
+ # @return [String]
+ attr_accessor :name
+
+ # Namespace for the binding.
+ # Corresponds to the JSON property `ns`
+ # @return [String]
+ attr_accessor :ns
+
+ # Kubernetes Role or ClusterRole.
+ # Corresponds to the JSON property `role`
+ # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Role]
+ attr_accessor :role
+
+ # Represents one or more subjects that are bound to the role. Not always
+ # available for PATCH requests.
+ # Corresponds to the JSON property `subjects`
+ # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Subject>]
+ attr_accessor :subjects
+
+ def initialize(**args)
+ update!(**args)
+ end
+
+ # Update properties of this object
+ def update!(**args)
+ @name = args[:name] if args.key?(:name)
+ @ns = args[:ns] if args.key?(:ns)
+ @role = args[:role] if args.key?(:role)
+ @subjects = args[:subjects] if args.key?(:subjects)
+ end
+ end
+
+ # The response to a BulkMute request. Contains the LRO information.
+ class GoogleCloudSecuritycenterV2BulkMuteFindingsResponse
+ include Google::Apis::Core::Hashable
+
+ def initialize(**args)
+ update!(**args)
+ end
+
+ # Update properties of this object
+ def update!(**args)
+ end
+ end
+
+ # The [data profile](https://cloud.google.com/dlp/docs/data-profiles) associated
+ # with the finding.
+ class GoogleCloudSecuritycenterV2CloudDlpDataProfile
+ include Google::Apis::Core::Hashable
+
+ # Name of the data profile, for example, `projects/123/locations/europe/
+ # tableProfiles/8383929`.
+ # Corresponds to the JSON property `dataProfile`
+ # @return [String]
+ attr_accessor :data_profile
+
+ # The resource hierarchy level at which the data profile was generated.
+ # Corresponds to the JSON property `parentType`
+ # @return [String]
+ attr_accessor :parent_type
+
+ def initialize(**args)
+ update!(**args)
+ end
+
+ # Update properties of this object
+ def update!(**args)
+ @data_profile = args[:data_profile] if args.key?(:data_profile)
+ @parent_type = args[:parent_type] if args.key?(:parent_type)
+ end
+ end
+
+ # Details about the Cloud Data Loss Prevention (Cloud DLP) [inspection job](
+ # https://cloud.google.com/dlp/docs/concepts-job-triggers) that produced the
+ # finding.
+ class GoogleCloudSecuritycenterV2CloudDlpInspection
+ include Google::Apis::Core::Hashable
+
+ # Whether Cloud DLP scanned the complete resource or a sampled subset.
+ # Corresponds to the JSON property `fullScan`
+ # @return [Boolean]
+ attr_accessor :full_scan
+ alias_method :full_scan?, :full_scan
+
+ # The type of information (or *[infoType](https://cloud.google.com/dlp/docs/
+ # infotypes-reference)*) found, for example, `EMAIL_ADDRESS` or `STREET_ADDRESS`.
+ # Corresponds to the JSON property `infoType`
+ # @return [String]
+ attr_accessor :info_type
+
+ # The number of times Cloud DLP found this infoType within this job and resource.
+ # Corresponds to the JSON property `infoTypeCount`
+ # @return [Fixnum]
+ attr_accessor :info_type_count
+
+ # Name of the inspection job, for example, `projects/123/locations/europe/
+ # dlpJobs/i-8383929`.
+ # Corresponds to the JSON property `inspectJob`
+ # @return [String]
+ attr_accessor :inspect_job
+
+ def initialize(**args)
+ update!(**args)
+ end
+
+ # Update properties of this object
+ def update!(**args)
+ @full_scan = args[:full_scan] if args.key?(:full_scan)
+ @info_type = args[:info_type] if args.key?(:info_type)
+ @info_type_count = args[:info_type_count] if args.key?(:info_type_count)
+ @inspect_job = args[:inspect_job] if args.key?(:inspect_job)
+ end
+ end
+
+ # Metadata taken from a [Cloud Logging LogEntry](https://cloud.google.com/
+ # logging/docs/reference/v2/rest/v2/LogEntry)
+ class GoogleCloudSecuritycenterV2CloudLoggingEntry
+ include Google::Apis::Core::Hashable
+
+ # A unique identifier for the log entry.
+ # Corresponds to the JSON property `insertId`
+ # @return [String]
+ attr_accessor :insert_id
+
+ # The type of the log (part of `log_name`. `log_name` is the resource name of
+ # the log to which this log entry belongs). For example: `cloudresourcemanager.
+ # googleapis.com/activity` Note that this field is not URL-encoded, unlike in `
+ # LogEntry`.
+ # Corresponds to the JSON property `logId`
+ # @return [String]
+ attr_accessor :log_id
+
+ # The organization, folder, or project of the monitored resource that produced
+ # this log entry.
+ # Corresponds to the JSON property `resourceContainer`
+ # @return [String]
+ attr_accessor :resource_container
+
+ # The time the event described by the log entry occurred.
+ # Corresponds to the JSON property `timestamp`
+ # @return [String]
+ attr_accessor :timestamp
+
+ def initialize(**args)
+ update!(**args)
+ end
+
+ # Update properties of this object
+ def update!(**args)
+ @insert_id = args[:insert_id] if args.key?(:insert_id)
+ @log_id = args[:log_id] if args.key?(:log_id)
+ @resource_container = args[:resource_container] if args.key?(:resource_container)
+ @timestamp = args[:timestamp] if args.key?(:timestamp)
+ end
+ end
+
+ # Contains compliance information about a security standard indicating unmet
+ # recommendations.
+ class GoogleCloudSecuritycenterV2Compliance
+ include Google::Apis::Core::Hashable
+
+ # Policies within the standard or benchmark, for example, A.12.4.1
+ # Corresponds to the JSON property `ids`
+ # @return [Array<String>]
+ attr_accessor :ids
+
+ # Industry-wide compliance standards or benchmarks, such as CIS, PCI, and OWASP.
+ # Corresponds to the JSON property `standard`
+ # @return [String]
+ attr_accessor :standard
+
+ # Version of the standard or benchmark, for example, 1.1
+ # Corresponds to the JSON property `version`
+ # @return [String]
+ attr_accessor :version
+
+ def initialize(**args)
+ update!(**args)
+ end
+
+ # Update properties of this object
+ def update!(**args)
+ @ids = args[:ids] if args.key?(:ids)
+ @standard = args[:standard] if args.key?(:standard)
+ @version = args[:version] if args.key?(:version)
+ end
+ end
+
+ # Contains information about the IP connection associated with the finding.
+ class GoogleCloudSecuritycenterV2Connection
+ include Google::Apis::Core::Hashable
+
+ # Destination IP address. Not present for sockets that are listening and not
+ # connected.
+ # Corresponds to the JSON property `destinationIp`
+ # @return [String]
+ attr_accessor :destination_ip
+
+ # Destination port. Not present for sockets that are listening and not connected.
+ # Corresponds to the JSON property `destinationPort`
+ # @return [Fixnum]
+ attr_accessor :destination_port
+
+ # IANA Internet Protocol Number such as TCP(6) and UDP(17).
+ # Corresponds to the JSON property `protocol`
+ # @return [String]
+ attr_accessor :protocol
+
+ # Source IP address.
+ # Corresponds to the JSON property `sourceIp`
+ # @return [String]
+ attr_accessor :source_ip
+
+ # Source port.
+ # Corresponds to the JSON property `sourcePort`
+ # @return [Fixnum]
+ attr_accessor :source_port
+
+ def initialize(**args)
+ update!(**args)
+ end
+
+ # Update properties of this object
+ def update!(**args)
+ @destination_ip = args[:destination_ip] if args.key?(:destination_ip)
+ @destination_port = args[:destination_port] if args.key?(:destination_port)
+ @protocol = args[:protocol] if args.key?(:protocol)
+ @source_ip = args[:source_ip] if args.key?(:source_ip)
+ @source_port = args[:source_port] if args.key?(:source_port)
+ end
+ end
+
+ # The email address of a contact.
+ class GoogleCloudSecuritycenterV2Contact
+ include Google::Apis::Core::Hashable
+
+ # An email address. For example, "`person123@company.com`".
+ # Corresponds to the JSON property `email`
+ # @return [String]
+ attr_accessor :email
+
+ def initialize(**args)
+ update!(**args)
+ end
+
+ # Update properties of this object
+ def update!(**args)
+ @email = args[:email] if args.key?(:email)
+ end
+ end
+
+ # Details about specific contacts
+ class GoogleCloudSecuritycenterV2ContactDetails
+ include Google::Apis::Core::Hashable
+
+ # A list of contacts
+ # Corresponds to the JSON property `contacts`
+ # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Contact>]
+ attr_accessor :contacts
+
+ def initialize(**args)
+ update!(**args)
+ end
+
+ # Update properties of this object
+ def update!(**args)
+ @contacts = args[:contacts] if args.key?(:contacts)
+ end
+ end
+
+ # Container associated with the finding.
+ class GoogleCloudSecuritycenterV2Container
+ include Google::Apis::Core::Hashable
+
+ # The time that the container was created.
+ # Corresponds to the JSON property `createTime`
+ # @return [String]
+ attr_accessor :create_time
+
+ # Optional container image ID, if provided by the container runtime. Uniquely
+ # identifies the container image launched using a container image digest.
+ # Corresponds to the JSON property `imageId`
+ # @return [String]
+ attr_accessor :image_id
+
+ # Container labels, as provided by the container runtime.
+ # Corresponds to the JSON property `labels`
+ # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Label>]
+ attr_accessor :labels
+
+ # Name of the container.
+ # Corresponds to the JSON property `name`
+ # @return [String]
+ attr_accessor :name
+
+ # Container image URI provided when configuring a pod or container. This string
+ # can identify a container image version using mutable tags.
+ # Corresponds to the JSON property `uri`
+ # @return [String]
+ attr_accessor :uri
+
+ def initialize(**args)
+ update!(**args)
+ end
+
+ # Update properties of this object
+ def update!(**args)
+ @create_time = args[:create_time] if args.key?(:create_time)
+ @image_id = args[:image_id] if args.key?(:image_id)
+ @labels = args[:labels] if args.key?(:labels)
+ @name = args[:name] if args.key?(:name)
+ @uri = args[:uri] if args.key?(:uri)
+ end
+ end
+
+ # CVE stands for Common Vulnerabilities and Exposures. More information: https://
+ # cve.mitre.org
+ class GoogleCloudSecuritycenterV2Cve
+ include Google::Apis::Core::Hashable
+
+ # Common Vulnerability Scoring System version 3.
+ # Corresponds to the JSON property `cvssv3`
+ # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Cvssv3]
+ attr_accessor :cvssv3
+
+ # The unique identifier for the vulnerability. e.g. CVE-2021-34527
+ # Corresponds to the JSON property `id`
+ # @return [String]
+ attr_accessor :id
+
+ # Additional information about the CVE. e.g. https://cve.mitre.org/cgi-bin/
+ # cvename.cgi?name=CVE-2021-34527
+ # Corresponds to the JSON property `references`
+ # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Reference>]
+ attr_accessor :references
+
+ # Whether upstream fix is available for the CVE.
+ # Corresponds to the JSON property `upstreamFixAvailable`
+ # @return [Boolean]
+ attr_accessor :upstream_fix_available
+ alias_method :upstream_fix_available?, :upstream_fix_available
+
+ def initialize(**args)
+ update!(**args)
+ end
+
+ # Update properties of this object
+ def update!(**args)
+ @cvssv3 = args[:cvssv3] if args.key?(:cvssv3)
+ @id = args[:id] if args.key?(:id)
+ @references = args[:references] if args.key?(:references)
+ @upstream_fix_available = args[:upstream_fix_available] if args.key?(:upstream_fix_available)
+ end
+ end
+
+ # Common Vulnerability Scoring System version 3.
+ class GoogleCloudSecuritycenterV2Cvssv3
+ include Google::Apis::Core::Hashable
+
+ # This metric describes the conditions beyond the attacker's control that must
+ # exist in order to exploit the vulnerability.
+ # Corresponds to the JSON property `attackComplexity`
+ # @return [String]
+ attr_accessor :attack_complexity
+
+ # Base Metrics Represents the intrinsic characteristics of a vulnerability that
+ # are constant over time and across user environments. This metric reflects the
+ # context by which vulnerability exploitation is possible.
+ # Corresponds to the JSON property `attackVector`
+ # @return [String]
+ attr_accessor :attack_vector
+
+ # This metric measures the impact to the availability of the impacted component
+ # resulting from a successfully exploited vulnerability.
+ # Corresponds to the JSON property `availabilityImpact`
+ # @return [String]
+ attr_accessor :availability_impact
+
+ # The base score is a function of the base metric scores.
+ # Corresponds to the JSON property `baseScore`
+ # @return [Float]
+ attr_accessor :base_score
+
+ # This metric measures the impact to the confidentiality of the information
+ # resources managed by a software component due to a successfully exploited
+ # vulnerability.
+ # Corresponds to the JSON property `confidentialityImpact`
+ # @return [String]
+ attr_accessor :confidentiality_impact
+
+ # This metric measures the impact to integrity of a successfully exploited
+ # vulnerability.
+ # Corresponds to the JSON property `integrityImpact`
+ # @return [String]
+ attr_accessor :integrity_impact
+
+ # This metric describes the level of privileges an attacker must possess before
+ # successfully exploiting the vulnerability.
+ # Corresponds to the JSON property `privilegesRequired`
+ # @return [String]
+ attr_accessor :privileges_required
+
+ # The Scope metric captures whether a vulnerability in one vulnerable component
+ # impacts resources in components beyond its security scope.
+ # Corresponds to the JSON property `scope`
+ # @return [String]
+ attr_accessor :scope
+
+ # This metric captures the requirement for a human user, other than the attacker,
+ # to participate in the successful compromise of the vulnerable component.
+ # Corresponds to the JSON property `userInteraction`
+ # @return [String]
+ attr_accessor :user_interaction
+
+ def initialize(**args)
+ update!(**args)
+ end
+
+ # Update properties of this object
+ def update!(**args)
+ @attack_complexity = args[:attack_complexity] if args.key?(:attack_complexity)
+ @attack_vector = args[:attack_vector] if args.key?(:attack_vector)
+ @availability_impact = args[:availability_impact] if args.key?(:availability_impact)
+ @base_score = args[:base_score] if args.key?(:base_score)
+ @confidentiality_impact = args[:confidentiality_impact] if args.key?(:confidentiality_impact)
+ @integrity_impact = args[:integrity_impact] if args.key?(:integrity_impact)
+ @privileges_required = args[:privileges_required] if args.key?(:privileges_required)
+ @scope = args[:scope] if args.key?(:scope)
+ @user_interaction = args[:user_interaction] if args.key?(:user_interaction)
+ end
+ end
+
+ # Represents database access information, such as queries. A database may be a
+ # sub-resource of an instance (as in the case of Cloud SQL instances or Cloud
+ # Spanner instances), or the database instance itself. Some database resources
+ # might not have the [full resource name](https://google.aip.dev/122#full-
+ # resource-names) populated because these resource types, such as Cloud SQL
+ # databases, are not yet supported by Cloud Asset Inventory. In these cases only
+ # the display name is provided.
+ class GoogleCloudSecuritycenterV2Database
+ include Google::Apis::Core::Hashable
+
+ # The human-readable name of the database that the user connected to.
+ # Corresponds to the JSON property `displayName`
+ # @return [String]
+ attr_accessor :display_name
+
+ # The target usernames, roles, or groups of an SQL privilege grant, which is not
+ # an IAM policy change.
+ # Corresponds to the JSON property `grantees`
+ # @return [Array<String>]
+ attr_accessor :grantees
+
+ # Some database resources may not have the [full resource name](https://google.
+ # aip.dev/122#full-resource-names) populated because these resource types are
+ # not yet supported by Cloud Asset Inventory (e.g. Cloud SQL databases). In
+ # these cases only the display name will be provided. The [full resource name](
+ # https://google.aip.dev/122#full-resource-names) of the database that the user
+ # connected to, if it is supported by Cloud Asset Inventory.
+ # Corresponds to the JSON property `name`
+ # @return [String]
+ attr_accessor :name
+
+ # The SQL statement that is associated with the database access.
+ # Corresponds to the JSON property `query`
+ # @return [String]
+ attr_accessor :query
+
+ # The username used to connect to the database. The username might not be an IAM
+ # principal and does not have a set format.
+ # Corresponds to the JSON property `userName`
+ # @return [String]
+ attr_accessor :user_name
+
+ # The version of the database, for example, POSTGRES_14. See [the complete list](
+ # https://cloud.google.com/sql/docs/mysql/admin-api/rest/v1/SqlDatabaseVersion).
+ # Corresponds to the JSON property `version`
+ # @return [String]
+ attr_accessor :version
+
+ def initialize(**args)
+ update!(**args)
+ end
+
+ # Update properties of this object
+ def update!(**args)
+ @display_name = args[:display_name] if args.key?(:display_name)
+ @grantees = args[:grantees] if args.key?(:grantees)
+ @name = args[:name] if args.key?(:name)
+ @query = args[:query] if args.key?(:query)
+ @user_name = args[:user_name] if args.key?(:user_name)
+ @version = args[:version] if args.key?(:version)
+ end
+ end
+
+ # Memory hash detection contributing to the binary family match.
+ class GoogleCloudSecuritycenterV2Detection
+ include Google::Apis::Core::Hashable
+
+ # The name of the binary associated with the memory hash signature detection.
+ # Corresponds to the JSON property `binary`
+ # @return [String]
+ attr_accessor :binary
+
+ # The percentage of memory page hashes in the signature that were matched.
+ # Corresponds to the JSON property `percentPagesMatched`
+ # @return [Float]
+ attr_accessor :percent_pages_matched
+
+ def initialize(**args)
+ update!(**args)
+ end
+
+ # Update properties of this object
+ def update!(**args)
+ @binary = args[:binary] if args.key?(:binary)
+ @percent_pages_matched = args[:percent_pages_matched] if args.key?(:percent_pages_matched)
+ end
+ end
+
+ # A name-value pair representing an environment variable used in an operating
+ # system process.
+ class GoogleCloudSecuritycenterV2EnvironmentVariable
+ include Google::Apis::Core::Hashable
+
+ # Environment variable name as a JSON encoded string.
+ # Corresponds to the JSON property `name`
+ # @return [String]
+ attr_accessor :name
+
+ # Environment variable value as a JSON encoded string.
+ # Corresponds to the JSON property `val`
+ # @return [String]
+ attr_accessor :val
+
+ def initialize(**args)
+ update!(**args)
+ end
+
+ # Update properties of this object
+ def update!(**args)
+ @name = args[:name] if args.key?(:name)
+ @val = args[:val] if args.key?(:val)
+ end
+ end
+
+ # Resource where data was exfiltrated from or exfiltrated to.
+ class GoogleCloudSecuritycenterV2ExfilResource
+ include Google::Apis::Core::Hashable
+
+ # Subcomponents of the asset that was exfiltrated, like URIs used during
+ # exfiltration, table names, databases, and filenames. For example, multiple
+ # tables might have been exfiltrated from the same Cloud SQL instance, or
+ # multiple files might have been exfiltrated from the same Cloud Storage bucket.
+ # Corresponds to the JSON property `components`
+ # @return [Array<String>]
+ attr_accessor :components
+
+ # The resource's [full resource name](https://cloud.google.com/apis/design/
+ # resource_names#full_resource_name).
+ # Corresponds to the JSON property `name`
+ # @return [String]
+ attr_accessor :name
+
+ def initialize(**args)
+ update!(**args)
+ end
+
+ # Update properties of this object
+ def update!(**args)
+ @components = args[:components] if args.key?(:components)
+ @name = args[:name] if args.key?(:name)
+ end
+ end
+
+ # Exfiltration represents a data exfiltration attempt from one or more sources
+ # to one or more targets. The `sources` attribute lists the sources of the
+ # exfiltrated data. The `targets` attribute lists the destinations the data was
+ # copied to.
+ class GoogleCloudSecuritycenterV2Exfiltration
+ include Google::Apis::Core::Hashable
+
+ # If there are multiple sources, then the data is considered "joined" between
+ # them. For instance, BigQuery can join multiple tables, and each table would be
+ # considered a source.
+ # Corresponds to the JSON property `sources`
+ # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2ExfilResource>]
+ attr_accessor :sources
+
+ # If there are multiple targets, each target would get a complete copy of the "
+ # joined" source data.
+ # Corresponds to the JSON property `targets`
+ # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2ExfilResource>]
+ attr_accessor :targets
+
+ # Total exfiltrated bytes processed for the entire job.
+ # Corresponds to the JSON property `totalExfiltratedBytes`
+ # @return [Fixnum]
+ attr_accessor :total_exfiltrated_bytes
+
+ def initialize(**args)
+ update!(**args)
+ end
+
+ # Update properties of this object
+ def update!(**args)
+ @sources = args[:sources] if args.key?(:sources)
+ @targets = args[:targets] if args.key?(:targets)
+ @total_exfiltrated_bytes = args[:total_exfiltrated_bytes] if args.key?(:total_exfiltrated_bytes)
+ end
+ end
+
+ # Representation of third party SIEM/SOAR fields within SCC.
+ class GoogleCloudSecuritycenterV2ExternalSystem
+ include Google::Apis::Core::Hashable
+
+ # References primary/secondary etc assignees in the external system.
+ # Corresponds to the JSON property `assignees`
+ # @return [Array<String>]
+ attr_accessor :assignees
+
+ # The time when the case was last updated, as reported by the external system.
+ # Corresponds to the JSON property `externalSystemUpdateTime`
+ # @return [String]
+ attr_accessor :external_system_update_time
+
+ # The identifier that's used to track the finding's corresponding case in the
+ # external system.
+ # Corresponds to the JSON property `externalUid`
+ # @return [String]
+ attr_accessor :external_uid
+
+ # Full resource name of the external system. The following list shows some
+ # examples: + `organizations/1234/sources/5678/findings/123456/externalSystems/
+ # jira` + `organizations/1234/sources/5678/locations/us/findings/123456/
+ # externalSystems/jira` + `folders/1234/sources/5678/findings/123456/
+ # externalSystems/jira` + `folders/1234/sources/5678/locations/us/findings/
+ # 123456/externalSystems/jira` + `projects/1234/sources/5678/findings/123456/
+ # externalSystems/jira` + `projects/1234/sources/5678/locations/us/findings/
+ # 123456/externalSystems/jira`
+ # Corresponds to the JSON property `name`
+ # @return [String]
+ attr_accessor :name
+
+ # The most recent status of the finding's corresponding case, as reported by the
+ # external system.
+ # Corresponds to the JSON property `status`
+ # @return [String]
+ attr_accessor :status
+
+ def initialize(**args)
+ update!(**args)
+ end
+
+ # Update properties of this object
+ def update!(**args)
+ @assignees = args[:assignees] if args.key?(:assignees)
+ @external_system_update_time = args[:external_system_update_time] if args.key?(:external_system_update_time)
+ @external_uid = args[:external_uid] if args.key?(:external_uid)
+ @name = args[:name] if args.key?(:name)
+ @status = args[:status] if args.key?(:status)
+ end
+ end
+
+ # File information about the related binary/library used by an executable, or
+ # the script used by a script interpreter
+ class GoogleCloudSecuritycenterV2File
+ include Google::Apis::Core::Hashable
+
+ # Prefix of the file contents as a JSON-encoded string.
+ # Corresponds to the JSON property `contents`
+ # @return [String]
+ attr_accessor :contents
+
+ # The length in bytes of the file prefix that was hashed. If hashed_size == size,
+ # any hashes reported represent the entire file.
+ # Corresponds to the JSON property `hashedSize`
+ # @return [Fixnum]
+ attr_accessor :hashed_size
+
+ # True when the hash covers only a prefix of the file.
+ # Corresponds to the JSON property `partiallyHashed`
+ # @return [Boolean]
+ attr_accessor :partially_hashed
+ alias_method :partially_hashed?, :partially_hashed
+
+ # Absolute path of the file as a JSON encoded string.
+ # Corresponds to the JSON property `path`
+ # @return [String]
+ attr_accessor :path
+
+ # SHA256 hash of the first hashed_size bytes of the file encoded as a hex string.
+ # If hashed_size == size, sha256 represents the SHA256 hash of the entire file.
+ # Corresponds to the JSON property `sha256`
+ # @return [String]
+ attr_accessor :sha256
+
+ # Size of the file in bytes.
+ # Corresponds to the JSON property `size`
+ # @return [Fixnum]
+ attr_accessor :size
+
+ def initialize(**args)
+ update!(**args)
+ end
+
+ # Update properties of this object
+ def update!(**args)
+ @contents = args[:contents] if args.key?(:contents)
+ @hashed_size = args[:hashed_size] if args.key?(:hashed_size)
+ @partially_hashed = args[:partially_hashed] if args.key?(:partially_hashed)
+ @path = args[:path] if args.key?(:path)
+ @sha256 = args[:sha256] if args.key?(:sha256)
+ @size = args[:size] if args.key?(:size)
+ end
+ end
+
+ # Security Command Center finding. A finding is a record of assessment data like
+ # security, risk, health, or privacy, that is ingested into Security Command
+ # Center for presentation, notification, analysis, policy testing, and
+ # enforcement. For example, a cross-site scripting (XSS) vulnerability in an App
+ # Engine application is a finding.
+ class GoogleCloudSecuritycenterV2Finding
+ include Google::Apis::Core::Hashable
+
+ # Represents an access event.
+ # Corresponds to the JSON property `access`
+ # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Access]
+ attr_accessor :access
+
+ # An attack exposure contains the results of an attack path simulation run.
+ # Corresponds to the JSON property `attackExposure`
+ # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2AttackExposure]
+ attr_accessor :attack_exposure
+
+ # Output only. The canonical name of the finding. The following list shows some
+ # examples: + `organizations/`organization_id`/sources/`source_id`/findings/`
+ # finding_id`` + `organizations/`organization_id`/sources/`source_id`/locations/`
+ # location_id`/findings/`finding_id`` + `folders/`folder_id`/sources/`source_id`/
+ # findings/`finding_id`` + `folders/`folder_id`/sources/`source_id`/locations/`
+ # location_id`/findings/`finding_id`` + `projects/`project_id`/sources/`
+ # source_id`/findings/`finding_id`` + `projects/`project_id`/sources/`source_id`/
+ # locations/`location_id`/findings/`finding_id`` The prefix is the closest CRM
+ # ancestor of the resource associated with the finding.
+ # Corresponds to the JSON property `canonicalName`
+ # @return [String]
+ attr_accessor :canonical_name
+
+ # Immutable. The additional taxonomy group within findings from a given source.
+ # Example: "XSS_FLASH_INJECTION"
+ # Corresponds to the JSON property `category`
+ # @return [String]
+ attr_accessor :category
+
+ # The [data profile](https://cloud.google.com/dlp/docs/data-profiles) associated
+ # with the finding.
+ # Corresponds to the JSON property `cloudDlpDataProfile`
+ # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2CloudDlpDataProfile]
+ attr_accessor :cloud_dlp_data_profile
+
+ # Details about the Cloud Data Loss Prevention (Cloud DLP) [inspection job](
+ # https://cloud.google.com/dlp/docs/concepts-job-triggers) that produced the
+ # finding.
+ # Corresponds to the JSON property `cloudDlpInspection`
+ # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2CloudDlpInspection]
+ attr_accessor :cloud_dlp_inspection
+
+ # Contains compliance information for security standards associated to the
+ # finding.
+ # Corresponds to the JSON property `compliances`
+ # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Compliance>]
+ attr_accessor :compliances
+
+ # Contains information about the IP connection associated with the finding.
+ # Corresponds to the JSON property `connections`
+ # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Connection>]
+ attr_accessor :connections
+
+ # Output only. Map containing the points of contact for the given finding. The
+ # key represents the type of contact, while the value contains a list of all the
+ # contacts that pertain. Please refer to: https://cloud.google.com/resource-
+ # manager/docs/managing-notification-contacts#notification-categories ` "
+ # security": ` "contacts": [ ` "email": "person1@company.com" `, ` "email": "
+ # person2@company.com" ` ] ` `
+ # Corresponds to the JSON property `contacts`
+ # @return [Hash<String,Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2ContactDetails>]
+ attr_accessor :contacts
+
+ # Containers associated with the finding. This field provides information for
+ # both Kubernetes and non-Kubernetes containers.
+ # Corresponds to the JSON property `containers`
+ # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Container>]
+ attr_accessor :containers
+
+ # Output only. The time at which the finding was created in Security Command
+ # Center.
+ # Corresponds to the JSON property `createTime`
+ # @return [String]
+ attr_accessor :create_time
+
+ # Represents database access information, such as queries. A database may be a
+ # sub-resource of an instance (as in the case of Cloud SQL instances or Cloud
+ # Spanner instances), or the database instance itself. Some database resources
+ # might not have the [full resource name](https://google.aip.dev/122#full-
+ # resource-names) populated because these resource types, such as Cloud SQL
+ # databases, are not yet supported by Cloud Asset Inventory. In these cases only
+ # the display name is provided.
+ # Corresponds to the JSON property `database`
+ # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Database]
+ attr_accessor :database
+
+ # Contains more details about the finding.
+ # Corresponds to the JSON property `description`
+ # @return [String]
+ attr_accessor :description
+
+ # The time the finding was first detected. If an existing finding is updated,
+ # then this is the time the update occurred. For example, if the finding
+ # represents an open firewall, this property captures the time the detector
+ # believes the firewall became open. The accuracy is determined by the detector.
+ # If the finding is later resolved, then this time reflects when the finding was
+ # resolved. This must not be set to a value greater than the current timestamp.
+ # Corresponds to the JSON property `eventTime`
+ # @return [String]
+ attr_accessor :event_time
+
+ # Exfiltration represents a data exfiltration attempt from one or more sources
+ # to one or more targets. The `sources` attribute lists the sources of the
+ # exfiltrated data. The `targets` attribute lists the destinations the data was
+ # copied to.
+ # Corresponds to the JSON property `exfiltration`
+ # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Exfiltration]
+ attr_accessor :exfiltration
+
+ # Output only. Third party SIEM/SOAR fields within SCC, contains external system
+ # information and external system finding fields.
+ # Corresponds to the JSON property `externalSystems`
+ # @return [Hash<String,Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2ExternalSystem>]
+ attr_accessor :external_systems
+
+ # The URI that, if available, points to a web page outside of Security Command
+ # Center where additional information about the finding can be found. This field
+ # is guaranteed to be either empty or a well formed URL.
+ # Corresponds to the JSON property `externalUri`
+ # @return [String]
+ attr_accessor :external_uri
+
+ # File associated with the finding.
+ # Corresponds to the JSON property `files`
+ # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2File>]
+ attr_accessor :files
+
+ # The class of the finding.
+ # Corresponds to the JSON property `findingClass`
+ # @return [String]
+ attr_accessor :finding_class
+
+ # Represents IAM bindings associated with the finding.
+ # Corresponds to the JSON property `iamBindings`
+ # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2IamBinding>]
+ attr_accessor :iam_bindings
+
+ # Represents what's commonly known as an _indicator of compromise_ (IoC) in
+ # computer forensics. This is an artifact observed on a network or in an
+ # operating system that, with high confidence, indicates a computer intrusion.
+ # For more information, see [Indicator of compromise](https://en.wikipedia.org/
+ # wiki/Indicator_of_compromise).
+ # Corresponds to the JSON property `indicator`
+ # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Indicator]
+ attr_accessor :indicator
+
+ # Kernel mode rootkit signatures.
+ # Corresponds to the JSON property `kernelRootkit`
+ # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2KernelRootkit]
+ attr_accessor :kernel_rootkit
+
+ # Kubernetes-related attributes.
+ # Corresponds to the JSON property `kubernetes`
+ # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Kubernetes]
+ attr_accessor :kubernetes
+
+ # The load balancers associated with the finding.
+ # Corresponds to the JSON property `loadBalancers`
+ # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2LoadBalancer>]
+ attr_accessor :load_balancers
+
+ # Log entries that are relevant to the finding.
+ # Corresponds to the JSON property `logEntries`
+ # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2LogEntry>]
+ attr_accessor :log_entries
+
+ # MITRE ATT&CK tactics and techniques related to this finding. See: https://
+ # attack.mitre.org
+ # Corresponds to the JSON property `mitreAttack`
+ # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2MitreAttack]
+ attr_accessor :mitre_attack
+
+ # Unique identifier of the module which generated the finding. Example: folders/
+ # 598186756061/securityHealthAnalyticsSettings/customModules/56799441161885
+ # Corresponds to the JSON property `moduleName`
+ # @return [String]
+ attr_accessor :module_name
+
+ # Indicates the mute state of a finding (either muted, unmuted or undefined).
+ # Unlike other attributes of a finding, a finding provider shouldn't set the
+ # value of mute.
+ # Corresponds to the JSON property `mute`
+ # @return [String]
+ attr_accessor :mute
+
+ # Records additional information about the mute operation, for example, the [
+ # mute configuration](https://cloud.google.com/security-command-center/docs/how-
+ # to-mute-findings) that muted the finding and the user who muted the finding.
+ # Corresponds to the JSON property `muteInitiator`
+ # @return [String]
+ attr_accessor :mute_initiator
+
+ # Output only. The most recent time this finding was muted or unmuted.
+ # Corresponds to the JSON property `muteUpdateTime`
+ # @return [String]
+ attr_accessor :mute_update_time
+
+ # The [relative resource name](https://cloud.google.com/apis/design/
+ # resource_names#relative_resource_name) of the finding. The following list
+ # shows some examples: + `organizations/`organization_id`/sources/`source_id`/
+ # findings/`finding_id`` + `organizations/`organization_id`/sources/`source_id`/
+ # locations/`location_id`/findings/`finding_id`` + `folders/`folder_id`/sources/`
+ # source_id`/findings/`finding_id`` + `folders/`folder_id`/sources/`source_id`/
+ # locations/`location_id`/findings/`finding_id`` + `projects/`project_id`/
+ # sources/`source_id`/findings/`finding_id`` + `projects/`project_id`/sources/`
+ # source_id`/locations/`location_id`/findings/`finding_id``
+ # Corresponds to the JSON property `name`
+ # @return [String]
+ attr_accessor :name
+
+ # Steps to address the finding.
+ # Corresponds to the JSON property `nextSteps`
+ # @return [String]
+ attr_accessor :next_steps
+
+ # Contains information about the org policies associated with the finding.
+ # Corresponds to the JSON property `orgPolicies`
+ # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2OrgPolicy>]
+ attr_accessor :org_policies
+
+ # The relative resource name of the source and location the finding belongs to.
+ # See: https://cloud.google.com/apis/design/resource_names#
+ # relative_resource_name This field is immutable after creation time. The
+ # following list shows some examples: + `organizations/`organization_id`/sources/
+ # `source_id`` + `folders/`folders_id`/sources/`source_id`` + `projects/`
+ # projects_id`/sources/`source_id`` + `organizations/`organization_id`/sources/`
+ # source_id`/locations/`location_id`` + `folders/`folders_id`/sources/`source_id`
+ # /locations/`location_id`` + `projects/`projects_id`/sources/`source_id`/
+ # locations/`location_id``
+ # Corresponds to the JSON property `parent`
+ # @return [String]
+ attr_accessor :parent
+
+ # Output only. The human readable display name of the finding source such as "
+ # Event Threat Detection" or "Security Health Analytics".
+ # Corresponds to the JSON property `parentDisplayName`
+ # @return [String]
+ attr_accessor :parent_display_name
+
+ # Represents operating system processes associated with the Finding.
+ # Corresponds to the JSON property `processes`
+ # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Process>]
+ attr_accessor :processes
+
+ # Immutable. For findings on Google Cloud resources, the full resource name of
+ # the Google Cloud resource this finding is for. See: https://cloud.google.com/
+ # apis/design/resource_names#full_resource_name When the finding is for a non-
+ # Google Cloud resource, the resourceName can be a customer or partner defined
+ # string.
+ # Corresponds to the JSON property `resourceName`
+ # @return [String]
+ attr_accessor :resource_name
+
+ # User specified security marks that are attached to the parent Security Command
+ # Center resource. Security marks are scoped within a Security Command Center
+ # organization -- they can be modified and viewed by all users who have proper
+ # permissions on the organization.
+ # Corresponds to the JSON property `securityMarks`
+ # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2SecurityMarks]
+ attr_accessor :security_marks
+
+ # Represents a posture that is deployed on Google Cloud by the Security Command
+ # Center Posture Management service. A posture contains one or more policy sets.
+ # A policy set is a group of policies that enforce a set of security rules on
+ # Google Cloud.
+ # Corresponds to the JSON property `securityPosture`
+ # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2SecurityPosture]
+ attr_accessor :security_posture
+
+ # The severity of the finding. This field is managed by the source that writes
+ # the finding.
+ # Corresponds to the JSON property `severity`
+ # @return [String]
+ attr_accessor :severity
+
+ # Source specific properties. These properties are managed by the source that
+ # writes the finding. The key names in the source_properties map must be between
+ # 1 and 255 characters, and must start with a letter and contain alphanumeric
+ # characters or underscores only.
+ # Corresponds to the JSON property `sourceProperties`
+ # @return [Hash<String,Object>]
+ attr_accessor :source_properties
+
+ # Output only. The state of the finding.
+ # Corresponds to the JSON property `state`
+ # @return [String]
+ attr_accessor :state
+
+ # Refers to common vulnerability fields e.g. cve, cvss, cwe etc.
+ # Corresponds to the JSON property `vulnerability`
+ # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Vulnerability]
+ attr_accessor :vulnerability
+
+ def initialize(**args)
+ update!(**args)
+ end
+
+ # Update properties of this object
+ def update!(**args)
+ @access = args[:access] if args.key?(:access)
+ @attack_exposure = args[:attack_exposure] if args.key?(:attack_exposure)
+ @canonical_name = args[:canonical_name] if args.key?(:canonical_name)
+ @category = args[:category] if args.key?(:category)
+ @cloud_dlp_data_profile = args[:cloud_dlp_data_profile] if args.key?(:cloud_dlp_data_profile)
+ @cloud_dlp_inspection = args[:cloud_dlp_inspection] if args.key?(:cloud_dlp_inspection)
+ @compliances = args[:compliances] if args.key?(:compliances)
+ @connections = args[:connections] if args.key?(:connections)
+ @contacts = args[:contacts] if args.key?(:contacts)
+ @containers = args[:containers] if args.key?(:containers)
+ @create_time = args[:create_time] if args.key?(:create_time)
+ @database = args[:database] if args.key?(:database)
+ @description = args[:description] if args.key?(:description)
+ @event_time = args[:event_time] if args.key?(:event_time)
+ @exfiltration = args[:exfiltration] if args.key?(:exfiltration)
+ @external_systems = args[:external_systems] if args.key?(:external_systems)
+ @external_uri = args[:external_uri] if args.key?(:external_uri)
+ @files = args[:files] if args.key?(:files)
+ @finding_class = args[:finding_class] if args.key?(:finding_class)
+ @iam_bindings = args[:iam_bindings] if args.key?(:iam_bindings)
+ @indicator = args[:indicator] if args.key?(:indicator)
+ @kernel_rootkit = args[:kernel_rootkit] if args.key?(:kernel_rootkit)
+ @kubernetes = args[:kubernetes] if args.key?(:kubernetes)
+ @load_balancers = args[:load_balancers] if args.key?(:load_balancers)
+ @log_entries = args[:log_entries] if args.key?(:log_entries)
+ @mitre_attack = args[:mitre_attack] if args.key?(:mitre_attack)
+ @module_name = args[:module_name] if args.key?(:module_name)
+ @mute = args[:mute] if args.key?(:mute)
+ @mute_initiator = args[:mute_initiator] if args.key?(:mute_initiator)
+ @mute_update_time = args[:mute_update_time] if args.key?(:mute_update_time)
+ @name = args[:name] if args.key?(:name)
+ @next_steps = args[:next_steps] if args.key?(:next_steps)
+ @org_policies = args[:org_policies] if args.key?(:org_policies)
+ @parent = args[:parent] if args.key?(:parent)
+ @parent_display_name = args[:parent_display_name] if args.key?(:parent_display_name)
+ @processes = args[:processes] if args.key?(:processes)
+ @resource_name = args[:resource_name] if args.key?(:resource_name)
+ @security_marks = args[:security_marks] if args.key?(:security_marks)
+ @security_posture = args[:security_posture] if args.key?(:security_posture)
+ @severity = args[:severity] if args.key?(:severity)
+ @source_properties = args[:source_properties] if args.key?(:source_properties)
+ @state = args[:state] if args.key?(:state)
+ @vulnerability = args[:vulnerability] if args.key?(:vulnerability)
+ end
+ end
+
+ # Represents a geographical location for a given access.
+ class GoogleCloudSecuritycenterV2Geolocation
+ include Google::Apis::Core::Hashable
+
+ # A CLDR.
+ # Corresponds to the JSON property `regionCode`
+ # @return [String]
+ attr_accessor :region_code
+
+ def initialize(**args)
+ update!(**args)
+ end
+
+ # Update properties of this object
+ def update!(**args)
+ @region_code = args[:region_code] if args.key?(:region_code)
+ end
+ end
+
# Represents a particular IAM binding, which captures a member's role addition,
# removal, or state.
+ class GoogleCloudSecuritycenterV2IamBinding
+ include Google::Apis::Core::Hashable
+
+ # The action that was performed on a Binding.
+ # Corresponds to the JSON property `action`
+ # @return [String]
+ attr_accessor :action
+
+ # A single identity requesting access for a Cloud Platform resource, for example,
+ # "foo@google.com".
+ # Corresponds to the JSON property `member`
+ # @return [String]
+ attr_accessor :member
+
+ # Role that is assigned to "members". For example, "roles/viewer", "roles/editor"
+ # , or "roles/owner".
+ # Corresponds to the JSON property `role`
+ # @return [String]
+ attr_accessor :role
+
+ def initialize(**args)
+ update!(**args)
+ end
+
+ # Update properties of this object
+ def update!(**args)
+ @action = args[:action] if args.key?(:action)
+ @member = args[:member] if args.key?(:member)
+ @role = args[:role] if args.key?(:role)
+ end
+ end
+
+ # Represents what's commonly known as an _indicator of compromise_ (IoC) in
+ # computer forensics. This is an artifact observed on a network or in an
+ # operating system that, with high confidence, indicates a computer intrusion.
+ # For more information, see [Indicator of compromise](https://en.wikipedia.org/
+ # wiki/Indicator_of_compromise).
+ class GoogleCloudSecuritycenterV2Indicator
+ include Google::Apis::Core::Hashable
+
+ # List of domains associated to the Finding.
+ # Corresponds to the JSON property `domains`
+ # @return [Array<String>]
+ attr_accessor :domains
+
+ # The list of IP addresses that are associated with the finding.
+ # Corresponds to the JSON property `ipAddresses`
+ # @return [Array<String>]
+ attr_accessor :ip_addresses
+
+ # The list of matched signatures indicating that the given process is present in
+ # the environment.
+ # Corresponds to the JSON property `signatures`
+ # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2ProcessSignature>]
+ attr_accessor :signatures
+
+ # The list of URIs associated to the Findings.
+ # Corresponds to the JSON property `uris`
+ # @return [Array<String>]
+ attr_accessor :uris
+
+ def initialize(**args)
+ update!(**args)
+ end
+
+ # Update properties of this object
+ def update!(**args)
+ @domains = args[:domains] if args.key?(:domains)
+ @ip_addresses = args[:ip_addresses] if args.key?(:ip_addresses)
+ @signatures = args[:signatures] if args.key?(:signatures)
+ @uris = args[:uris] if args.key?(:uris)
+ end
+ end
+
+ # Kernel mode rootkit signatures.
+ class GoogleCloudSecuritycenterV2KernelRootkit
+ include Google::Apis::Core::Hashable
+
+ # Rootkit name, when available.
+ # Corresponds to the JSON property `name`
+ # @return [String]
+ attr_accessor :name
+
+ # True if unexpected modifications of kernel code memory are present.
+ # Corresponds to the JSON property `unexpectedCodeModification`
+ # @return [Boolean]
+ attr_accessor :unexpected_code_modification
+ alias_method :unexpected_code_modification?, :unexpected_code_modification
+
+ # True if `ftrace` points are present with callbacks pointing to regions that
+ # are not in the expected kernel or module code range.
+ # Corresponds to the JSON property `unexpectedFtraceHandler`
+ # @return [Boolean]
+ attr_accessor :unexpected_ftrace_handler
+ alias_method :unexpected_ftrace_handler?, :unexpected_ftrace_handler
+
+ # True if interrupt handlers that are are not in the expected kernel or module
+ # code regions are present.
+ # Corresponds to the JSON property `unexpectedInterruptHandler`
+ # @return [Boolean]
+ attr_accessor :unexpected_interrupt_handler
+ alias_method :unexpected_interrupt_handler?, :unexpected_interrupt_handler
+
+ # True if kernel code pages that are not in the expected kernel or module code
+ # regions are present.
+ # Corresponds to the JSON property `unexpectedKernelCodePages`
+ # @return [Boolean]
+ attr_accessor :unexpected_kernel_code_pages
+ alias_method :unexpected_kernel_code_pages?, :unexpected_kernel_code_pages
+
+ # True if `kprobe` points are present with callbacks pointing to regions that
+ # are not in the expected kernel or module code range.
+ # Corresponds to the JSON property `unexpectedKprobeHandler`
+ # @return [Boolean]
+ attr_accessor :unexpected_kprobe_handler
+ alias_method :unexpected_kprobe_handler?, :unexpected_kprobe_handler
+
+ # True if unexpected processes in the scheduler run queue are present. Such
+ # processes are in the run queue, but not in the process task list.
+ # Corresponds to the JSON property `unexpectedProcessesInRunqueue`
+ # @return [Boolean]
+ attr_accessor :unexpected_processes_in_runqueue
+ alias_method :unexpected_processes_in_runqueue?, :unexpected_processes_in_runqueue
+
+ # True if unexpected modifications of kernel read-only data memory are present.
+ # Corresponds to the JSON property `unexpectedReadOnlyDataModification`
+ # @return [Boolean]
+ attr_accessor :unexpected_read_only_data_modification
+ alias_method :unexpected_read_only_data_modification?, :unexpected_read_only_data_modification
+
+ # True if system call handlers that are are not in the expected kernel or module
+ # code regions are present.
+ # Corresponds to the JSON property `unexpectedSystemCallHandler`
+ # @return [Boolean]
+ attr_accessor :unexpected_system_call_handler
+ alias_method :unexpected_system_call_handler?, :unexpected_system_call_handler
+
+ def initialize(**args)
+ update!(**args)
+ end
+
+ # Update properties of this object
+ def update!(**args)
+ @name = args[:name] if args.key?(:name)
+ @unexpected_code_modification = args[:unexpected_code_modification] if args.key?(:unexpected_code_modification)
+ @unexpected_ftrace_handler = args[:unexpected_ftrace_handler] if args.key?(:unexpected_ftrace_handler)
+ @unexpected_interrupt_handler = args[:unexpected_interrupt_handler] if args.key?(:unexpected_interrupt_handler)
+ @unexpected_kernel_code_pages = args[:unexpected_kernel_code_pages] if args.key?(:unexpected_kernel_code_pages)
+ @unexpected_kprobe_handler = args[:unexpected_kprobe_handler] if args.key?(:unexpected_kprobe_handler)
+ @unexpected_processes_in_runqueue = args[:unexpected_processes_in_runqueue] if args.key?(:unexpected_processes_in_runqueue)
+ @unexpected_read_only_data_modification = args[:unexpected_read_only_data_modification] if args.key?(:unexpected_read_only_data_modification)
+ @unexpected_system_call_handler = args[:unexpected_system_call_handler] if args.key?(:unexpected_system_call_handler)
+ end
+ end
+
+ # Kubernetes-related attributes.
+ class GoogleCloudSecuritycenterV2Kubernetes
+ include Google::Apis::Core::Hashable
+
+ # Provides information on any Kubernetes access reviews (privilege checks)
+ # relevant to the finding.
+ # Corresponds to the JSON property `accessReviews`
+ # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2AccessReview>]
+ attr_accessor :access_reviews
+
+ # Provides Kubernetes role binding information for findings that involve [
+ # RoleBindings or ClusterRoleBindings](https://cloud.google.com/kubernetes-
+ # engine/docs/how-to/role-based-access-control).
+ # Corresponds to the JSON property `bindings`
+ # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Binding>]
+ attr_accessor :bindings
+
+ # GKE [node pools](https://cloud.google.com/kubernetes-engine/docs/concepts/node-
+ # pools) associated with the finding. This field contains node pool information
+ # for each node, when it is available.
+ # Corresponds to the JSON property `nodePools`
+ # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2NodePool>]
+ attr_accessor :node_pools
+
+ # Provides Kubernetes [node](https://cloud.google.com/kubernetes-engine/docs/
+ # concepts/cluster-architecture#nodes) information.
+ # Corresponds to the JSON property `nodes`
+ # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Node>]
+ attr_accessor :nodes
+
+ # Kubernetes objects related to the finding.
+ # Corresponds to the JSON property `objects`
+ # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Object>]
+ attr_accessor :objects
+
+ # Kubernetes [Pods](https://cloud.google.com/kubernetes-engine/docs/concepts/pod)
+ # associated with the finding. This field contains Pod records for each
+ # container that is owned by a Pod.
+ # Corresponds to the JSON property `pods`
+ # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Pod>]
+ attr_accessor :pods
+
+ # Provides Kubernetes role information for findings that involve [Roles or
+ # ClusterRoles](https://cloud.google.com/kubernetes-engine/docs/how-to/role-
+ # based-access-control).
+ # Corresponds to the JSON property `roles`
+ # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Role>]
+ attr_accessor :roles
+
+ def initialize(**args)
+ update!(**args)
+ end
+
+ # Update properties of this object
+ def update!(**args)
+ @access_reviews = args[:access_reviews] if args.key?(:access_reviews)
+ @bindings = args[:bindings] if args.key?(:bindings)
+ @node_pools = args[:node_pools] if args.key?(:node_pools)
+ @nodes = args[:nodes] if args.key?(:nodes)
+ @objects = args[:objects] if args.key?(:objects)
+ @pods = args[:pods] if args.key?(:pods)
+ @roles = args[:roles] if args.key?(:roles)
+ end
+ end
+
+ # Represents a generic name-value label. A label has separate name and value
+ # fields to support filtering with the `contains()` function. For more
+ # information, see [Filtering on array-type fields](https://cloud.google.com/
+ # security-command-center/docs/how-to-api-list-findings#array-contains-filtering)
+ # .
+ class GoogleCloudSecuritycenterV2Label
+ include Google::Apis::Core::Hashable
+
+ # Name of the label.
+ # Corresponds to the JSON property `name`
+ # @return [String]
+ attr_accessor :name
+
+ # Value that corresponds to the label's name.
+ # Corresponds to the JSON property `value`
+ # @return [String]
+ attr_accessor :value
+
+ def initialize(**args)
+ update!(**args)
+ end
+
+ # Update properties of this object
+ def update!(**args)
+ @name = args[:name] if args.key?(:name)
+ @value = args[:value] if args.key?(:value)
+ end
+ end
+
+ # Contains information related to the load balancer associated with the finding.
+ class GoogleCloudSecuritycenterV2LoadBalancer
+ include Google::Apis::Core::Hashable
+
+ # The name of the load balancer associated with the finding.
+ # Corresponds to the JSON property `name`
+ # @return [String]
+ attr_accessor :name
+
+ def initialize(**args)
+ update!(**args)
+ end
+
+ # Update properties of this object
+ def update!(**args)
+ @name = args[:name] if args.key?(:name)
+ end
+ end
+
+ # An individual entry in a log.
+ class GoogleCloudSecuritycenterV2LogEntry
+ include Google::Apis::Core::Hashable
+
+ # Metadata taken from a [Cloud Logging LogEntry](https://cloud.google.com/
+ # logging/docs/reference/v2/rest/v2/LogEntry)
+ # Corresponds to the JSON property `cloudLoggingEntry`
+ # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2CloudLoggingEntry]
+ attr_accessor :cloud_logging_entry
+
+ def initialize(**args)
+ update!(**args)
+ end
+
+ # Update properties of this object
+ def update!(**args)
+ @cloud_logging_entry = args[:cloud_logging_entry] if args.key?(:cloud_logging_entry)
+ end
+ end
+
+ # A signature corresponding to memory page hashes.
+ class GoogleCloudSecuritycenterV2MemoryHashSignature
+ include Google::Apis::Core::Hashable
+
+ # The binary family.
+ # Corresponds to the JSON property `binaryFamily`
+ # @return [String]
+ attr_accessor :binary_family
+
+ # The list of memory hash detections contributing to the binary family match.
+ # Corresponds to the JSON property `detections`
+ # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Detection>]
+ attr_accessor :detections
+
+ def initialize(**args)
+ update!(**args)
+ end
+
+ # Update properties of this object
+ def update!(**args)
+ @binary_family = args[:binary_family] if args.key?(:binary_family)
+ @detections = args[:detections] if args.key?(:detections)
+ end
+ end
+
+ # MITRE ATT&CK tactics and techniques related to this finding. See: https://
+ # attack.mitre.org
+ class GoogleCloudSecuritycenterV2MitreAttack
+ include Google::Apis::Core::Hashable
+
+ # Additional MITRE ATT&CK tactics related to this finding, if any.
+ # Corresponds to the JSON property `additionalTactics`
+ # @return [Array<String>]
+ attr_accessor :additional_tactics
+
+ # Additional MITRE ATT&CK techniques related to this finding, if any, along with
+ # any of their respective parent techniques.
+ # Corresponds to the JSON property `additionalTechniques`
+ # @return [Array<String>]
+ attr_accessor :additional_techniques
+
+ # The MITRE ATT&CK tactic most closely represented by this finding, if any.
+ # Corresponds to the JSON property `primaryTactic`
+ # @return [String]
+ attr_accessor :primary_tactic
+
+ # The MITRE ATT&CK technique most closely represented by this finding, if any.
+ # primary_techniques is a repeated field because there are multiple levels of
+ # MITRE ATT&CK techniques. If the technique most closely represented by this
+ # finding is a sub-technique (e.g. `SCANNING_IP_BLOCKS`), both the sub-technique
+ # and its parent technique(s) will be listed (e.g. `SCANNING_IP_BLOCKS`, `
+ # ACTIVE_SCANNING`).
+ # Corresponds to the JSON property `primaryTechniques`
+ # @return [Array<String>]
+ attr_accessor :primary_techniques
+
+ # The MITRE ATT&CK version referenced by the above fields. E.g. "8".
+ # Corresponds to the JSON property `version`
+ # @return [String]
+ attr_accessor :version
+
+ def initialize(**args)
+ update!(**args)
+ end
+
+ # Update properties of this object
+ def update!(**args)
+ @additional_tactics = args[:additional_tactics] if args.key?(:additional_tactics)
+ @additional_techniques = args[:additional_techniques] if args.key?(:additional_techniques)
+ @primary_tactic = args[:primary_tactic] if args.key?(:primary_tactic)
+ @primary_techniques = args[:primary_techniques] if args.key?(:primary_techniques)
+ @version = args[:version] if args.key?(:version)
+ end
+ end
+
+ # A mute config is a Cloud SCC resource that contains the configuration to mute
+ # create/update events of findings.
+ class GoogleCloudSecuritycenterV2MuteConfig
+ include Google::Apis::Core::Hashable
+
+ # Output only. The time at which the mute config was created. This field is set
+ # by the server and will be ignored if provided on config creation.
+ # Corresponds to the JSON property `createTime`
+ # @return [String]
+ attr_accessor :create_time
+
+ # A description of the mute config.
+ # Corresponds to the JSON property `description`
+ # @return [String]
+ attr_accessor :description
+
+ # Required. An expression that defines the filter to apply across create/update
+ # events of findings. While creating a filter string, be mindful of the scope in
+ # which the mute configuration is being created. E.g., If a filter contains
+ # project = X but is created under the project = Y scope, it might not match any
+ # findings. The following field and operator combinations are supported: *
+ # severity: `=`, `:` * category: `=`, `:` * resource.name: `=`, `:` * resource.
+ # project_name: `=`, `:` * resource.project_display_name: `=`, `:` * resource.
+ # folders.resource_folder: `=`, `:` * resource.parent_name: `=`, `:` * resource.
+ # parent_display_name: `=`, `:` * resource.type: `=`, `:` * finding_class: `=`, `
+ # :` * indicator.ip_addresses: `=`, `:` * indicator.domains: `=`, `:`
+ # Corresponds to the JSON property `filter`
+ # @return [String]
+ attr_accessor :filter
+
+ # Output only. Email address of the user who last edited the mute config. This
+ # field is set by the server and will be ignored if provided on config creation
+ # or update.
+ # Corresponds to the JSON property `mostRecentEditor`
+ # @return [String]
+ attr_accessor :most_recent_editor
+
+ # This field will be ignored if provided on config creation. The following list
+ # shows some examples of the format: + `organizations/`organization`/muteConfigs/
+ # `mute_config`` + `organizations/`organization`locations/`location`//
+ # muteConfigs/`mute_config`` + `folders/`folder`/muteConfigs/`mute_config`` + `
+ # folders/`folder`/locations/`location`/muteConfigs/`mute_config`` + `projects/`
+ # project`/muteConfigs/`mute_config`` + `projects/`project`/locations/`location`/
+ # muteConfigs/`mute_config``
+ # Corresponds to the JSON property `name`
+ # @return [String]
+ attr_accessor :name
+
+ # Output only. The most recent time at which the mute config was updated. This
+ # field is set by the server and will be ignored if provided on config creation
+ # or update.
+ # Corresponds to the JSON property `updateTime`
+ # @return [String]
+ attr_accessor :update_time
+
+ def initialize(**args)
+ update!(**args)
+ end
+
+ # Update properties of this object
+ def update!(**args)
+ @create_time = args[:create_time] if args.key?(:create_time)
+ @description = args[:description] if args.key?(:description)
+ @filter = args[:filter] if args.key?(:filter)
+ @most_recent_editor = args[:most_recent_editor] if args.key?(:most_recent_editor)
+ @name = args[:name] if args.key?(:name)
+ @update_time = args[:update_time] if args.key?(:update_time)
+ end
+ end
+
+ # Kubernetes nodes associated with the finding.
+ class GoogleCloudSecuritycenterV2Node
+ include Google::Apis::Core::Hashable
+
+ # [Full resource name](https://google.aip.dev/122#full-resource-names) of the
+ # Compute Engine VM running the cluster node.
+ # Corresponds to the JSON property `name`
+ # @return [String]
+ attr_accessor :name
+
+ def initialize(**args)
+ update!(**args)
+ end
+
+ # Update properties of this object
+ def update!(**args)
+ @name = args[:name] if args.key?(:name)
+ end
+ end
+
+ # Provides GKE node pool information.
+ class GoogleCloudSecuritycenterV2NodePool
+ include Google::Apis::Core::Hashable
+
+ # Kubernetes node pool name.
+ # Corresponds to the JSON property `name`
+ # @return [String]
+ attr_accessor :name
+
+ # Nodes associated with the finding.
+ # Corresponds to the JSON property `nodes`
+ # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Node>]
+ attr_accessor :nodes
+
+ def initialize(**args)
+ update!(**args)
+ end
+
+ # Update properties of this object
+ def update!(**args)
+ @name = args[:name] if args.key?(:name)
+ @nodes = args[:nodes] if args.key?(:nodes)
+ end
+ end
+
+ # Cloud SCC's Notification
+ class GoogleCloudSecuritycenterV2NotificationMessage
+ include Google::Apis::Core::Hashable
+
+ # Security Command Center finding. A finding is a record of assessment data like
+ # security, risk, health, or privacy, that is ingested into Security Command
+ # Center for presentation, notification, analysis, policy testing, and
+ # enforcement. For example, a cross-site scripting (XSS) vulnerability in an App
+ # Engine application is a finding.
+ # Corresponds to the JSON property `finding`
+ # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Finding]
+ attr_accessor :finding
+
+ # Name of the notification config that generated current notification.
+ # Corresponds to the JSON property `notificationConfigName`
+ # @return [String]
+ attr_accessor :notification_config_name
+
+ # Information related to the Google Cloud resource.
+ # Corresponds to the JSON property `resource`
+ # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Resource]
+ attr_accessor :resource
+
+ def initialize(**args)
+ update!(**args)
+ end
+
+ # Update properties of this object
+ def update!(**args)
+ @finding = args[:finding] if args.key?(:finding)
+ @notification_config_name = args[:notification_config_name] if args.key?(:notification_config_name)
+ @resource = args[:resource] if args.key?(:resource)
+ end
+ end
+
+ # Kubernetes object related to the finding, uniquely identified by GKNN. Used if
+ # the object Kind is not one of Pod, Node, NodePool, Binding, or AccessReview.
+ class GoogleCloudSecuritycenterV2Object
+ include Google::Apis::Core::Hashable
+
+ # Pod containers associated with this finding, if any.
+ # Corresponds to the JSON property `containers`
+ # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Container>]
+ attr_accessor :containers
+
+ # Kubernetes object group, such as "policy.k8s.io/v1".
+ # Corresponds to the JSON property `group`
+ # @return [String]
+ attr_accessor :group
+
+ # Kubernetes object kind, such as "Namespace".
+ # Corresponds to the JSON property `kind`
+ # @return [String]
+ attr_accessor :kind
+
+ # Kubernetes object name. For details see https://kubernetes.io/docs/concepts/
+ # overview/working-with-objects/names/.
+ # Corresponds to the JSON property `name`
+ # @return [String]
+ attr_accessor :name
+
+ # Kubernetes object namespace. Must be a valid DNS label. Named "ns" to avoid
+ # collision with C++ namespace keyword. For details see https://kubernetes.io/
+ # docs/tasks/administer-cluster/namespaces/.
+ # Corresponds to the JSON property `ns`
+ # @return [String]
+ attr_accessor :ns
+
+ def initialize(**args)
+ update!(**args)
+ end
+
+ # Update properties of this object
+ def update!(**args)
+ @containers = args[:containers] if args.key?(:containers)
+ @group = args[:group] if args.key?(:group)
+ @kind = args[:kind] if args.key?(:kind)
+ @name = args[:name] if args.key?(:name)
+ @ns = args[:ns] if args.key?(:ns)
+ end
+ end
+
+ # Contains information about the org policies associated with the finding.
+ class GoogleCloudSecuritycenterV2OrgPolicy
+ include Google::Apis::Core::Hashable
+
+ # The resource name of the org policy. Example: "organizations/`organization_id`/
+ # policies/`constraint_name`"
+ # Corresponds to the JSON property `name`
+ # @return [String]
+ attr_accessor :name
+
+ def initialize(**args)
+ update!(**args)
+ end
+
+ # Update properties of this object
+ def update!(**args)
+ @name = args[:name] if args.key?(:name)
+ end
+ end
+
+ # A Kubernetes Pod.
+ class GoogleCloudSecuritycenterV2Pod
+ include Google::Apis::Core::Hashable
+
+ # Pod containers associated with this finding, if any.
+ # Corresponds to the JSON property `containers`
+ # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Container>]
+ attr_accessor :containers
+
+ # Pod labels. For Kubernetes containers, these are applied to the container.
+ # Corresponds to the JSON property `labels`
+ # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Label>]
+ attr_accessor :labels
+
+ # Kubernetes Pod name.
+ # Corresponds to the JSON property `name`
+ # @return [String]
+ attr_accessor :name
+
+ # Kubernetes Pod namespace.
+ # Corresponds to the JSON property `ns`
+ # @return [String]
+ attr_accessor :ns
+
+ def initialize(**args)
+ update!(**args)
+ end
+
+ # Update properties of this object
+ def update!(**args)
+ @containers = args[:containers] if args.key?(:containers)
+ @labels = args[:labels] if args.key?(:labels)
+ @name = args[:name] if args.key?(:name)
+ @ns = args[:ns] if args.key?(:ns)
+ end
+ end
+
+ # Represents an operating system process.
+ class GoogleCloudSecuritycenterV2Process
+ include Google::Apis::Core::Hashable
+
+ # Process arguments as JSON encoded strings.
+ # Corresponds to the JSON property `args`
+ # @return [Array<String>]
+ attr_accessor :args
+
+ # True if `args` is incomplete.
+ # Corresponds to the JSON property `argumentsTruncated`
+ # @return [Boolean]
+ attr_accessor :arguments_truncated
+ alias_method :arguments_truncated?, :arguments_truncated
+
+ # File information about the related binary/library used by an executable, or
+ # the script used by a script interpreter
+ # Corresponds to the JSON property `binary`
+ # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2File]
+ attr_accessor :binary
+
+ # Process environment variables.
+ # Corresponds to the JSON property `envVariables`
+ # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2EnvironmentVariable>]
+ attr_accessor :env_variables
+
+ # True if `env_variables` is incomplete.
+ # Corresponds to the JSON property `envVariablesTruncated`
+ # @return [Boolean]
+ attr_accessor :env_variables_truncated
+ alias_method :env_variables_truncated?, :env_variables_truncated
+
+ # File information for libraries loaded by the process.
+ # Corresponds to the JSON property `libraries`
+ # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2File>]
+ attr_accessor :libraries
+
+ # The process name, as displayed in utilities like `top` and `ps`. This name can
+ # be accessed through `/proc/[pid]/comm` and changed with `prctl(PR_SET_NAME)`.
+ # Corresponds to the JSON property `name`
+ # @return [String]
+ attr_accessor :name
+
+ # The parent process ID.
+ # Corresponds to the JSON property `parentPid`
+ # @return [Fixnum]
+ attr_accessor :parent_pid
+
+ # The process ID.
+ # Corresponds to the JSON property `pid`
+ # @return [Fixnum]
+ attr_accessor :pid
+
+ # File information about the related binary/library used by an executable, or
+ # the script used by a script interpreter
+ # Corresponds to the JSON property `script`
+ # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2File]
+ attr_accessor :script
+
+ def initialize(**args)
+ update!(**args)
+ end
+
+ # Update properties of this object
+ def update!(**args)
+ @args = args[:args] if args.key?(:args)
+ @arguments_truncated = args[:arguments_truncated] if args.key?(:arguments_truncated)
+ @binary = args[:binary] if args.key?(:binary)
+ @env_variables = args[:env_variables] if args.key?(:env_variables)
+ @env_variables_truncated = args[:env_variables_truncated] if args.key?(:env_variables_truncated)
+ @libraries = args[:libraries] if args.key?(:libraries)
+ @name = args[:name] if args.key?(:name)
+ @parent_pid = args[:parent_pid] if args.key?(:parent_pid)
+ @pid = args[:pid] if args.key?(:pid)
+ @script = args[:script] if args.key?(:script)
+ end
+ end
+
+ # Indicates what signature matched this process.
+ class GoogleCloudSecuritycenterV2ProcessSignature
+ include Google::Apis::Core::Hashable
+
+ # A signature corresponding to memory page hashes.
+ # Corresponds to the JSON property `memoryHashSignature`
+ # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2MemoryHashSignature]
+ attr_accessor :memory_hash_signature
+
+ # A signature corresponding to a YARA rule.
+ # Corresponds to the JSON property `yaraRuleSignature`
+ # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2YaraRuleSignature]
+ attr_accessor :yara_rule_signature
+
+ def initialize(**args)
+ update!(**args)
+ end
+
+ # Update properties of this object
+ def update!(**args)
+ @memory_hash_signature = args[:memory_hash_signature] if args.key?(:memory_hash_signature)
+ @yara_rule_signature = args[:yara_rule_signature] if args.key?(:yara_rule_signature)
+ end
+ end
+
+ # Additional Links
+ class GoogleCloudSecuritycenterV2Reference
+ include Google::Apis::Core::Hashable
+
+ # Source of the reference e.g. NVD
+ # Corresponds to the JSON property `source`
+ # @return [String]
+ attr_accessor :source
+
+ # Uri for the mentioned source e.g. https://cve.mitre.org/cgi-bin/cvename.cgi?
+ # name=CVE-2021-34527.
+ # Corresponds to the JSON property `uri`
+ # @return [String]
+ attr_accessor :uri
+
+ def initialize(**args)
+ update!(**args)
+ end
+
+ # Update properties of this object
+ def update!(**args)
+ @source = args[:source] if args.key?(:source)
+ @uri = args[:uri] if args.key?(:uri)
+ end
+ end
+
+ # Information related to the Google Cloud resource.
+ class GoogleCloudSecuritycenterV2Resource
+ include Google::Apis::Core::Hashable
+
+ # The human readable name of the resource.
+ # Corresponds to the JSON property `displayName`
+ # @return [String]
+ attr_accessor :display_name
+
+ # The full resource name of the resource. See: https://cloud.google.com/apis/
+ # design/resource_names#full_resource_name
+ # Corresponds to the JSON property `name`
+ # @return [String]
+ attr_accessor :name
+
+ # The full resource type of the resource.
+ # Corresponds to the JSON property `type`
+ # @return [String]
+ attr_accessor :type
+
+ def initialize(**args)
+ update!(**args)
+ end
+
+ # Update properties of this object
+ def update!(**args)
+ @display_name = args[:display_name] if args.key?(:display_name)
+ @name = args[:name] if args.key?(:name)
+ @type = args[:type] if args.key?(:type)
+ end
+ end
+
+ # A resource value config (RVC) is a mapping configuration of user's resources
+ # to resource values. Used in Attack path simulations.
+ class GoogleCloudSecuritycenterV2ResourceValueConfig
+ include Google::Apis::Core::Hashable
+
+ # Output only. Timestamp this resource value config was created.
+ # Corresponds to the JSON property `createTime`
+ # @return [String]
+ attr_accessor :create_time
+
+ # Description of the resource value config.
+ # Corresponds to the JSON property `description`
+ # @return [String]
+ attr_accessor :description
+
+ # Name for the resource value config
+ # Corresponds to the JSON property `name`
+ # @return [String]
+ attr_accessor :name
+
+ # List of resource labels to search for, evaluated with AND. E.g. "
+ # resource_labels_selector": `"key": "value", "env": "prod"` will match
+ # resources with labels "key": "value" AND "env": "prod" https://cloud.google.
+ # com/resource-manager/docs/creating-managing-labels
+ # Corresponds to the JSON property `resourceLabelsSelector`
+ # @return [Hash<String,String>]
+ attr_accessor :resource_labels_selector
+
+ # Apply resource_value only to resources that match resource_type. resource_type
+ # will be checked with "AND" of other resources. E.g. "storage.googleapis.com/
+ # Bucket" with resource_value "HIGH" will apply "HIGH" value only to "storage.
+ # googleapis.com/Bucket" resources.
+ # Corresponds to the JSON property `resourceType`
+ # @return [String]
+ attr_accessor :resource_type
+
+ # Required. Resource value level this expression represents
+ # Corresponds to the JSON property `resourceValue`
+ # @return [String]
+ attr_accessor :resource_value
+
+ # Project or folder to scope this config to. For example, "project/456" would
+ # apply this config only to resources in "project/456" scope will be checked
+ # with "AND" of other resources.
+ # Corresponds to the JSON property `scope`
+ # @return [String]
+ attr_accessor :scope
+
+ # Required. Tag values combined with AND to check against. Values in the form "
+ # tagValues/123" E.g. [ "tagValues/123", "tagValues/456", "tagValues/789" ]
+ # https://cloud.google.com/resource-manager/docs/tags/tags-creating-and-managing
+ # Corresponds to the JSON property `tagValues`
+ # @return [Array<String>]
+ attr_accessor :tag_values
+
+ # Output only. Timestamp this resource value config was last updated.
+ # Corresponds to the JSON property `updateTime`
+ # @return [String]
+ attr_accessor :update_time
+
+ def initialize(**args)
+ update!(**args)
+ end
+
+ # Update properties of this object
+ def update!(**args)
+ @create_time = args[:create_time] if args.key?(:create_time)
+ @description = args[:description] if args.key?(:description)
+ @name = args[:name] if args.key?(:name)
+ @resource_labels_selector = args[:resource_labels_selector] if args.key?(:resource_labels_selector)
+ @resource_type = args[:resource_type] if args.key?(:resource_type)
+ @resource_value = args[:resource_value] if args.key?(:resource_value)
+ @scope = args[:scope] if args.key?(:scope)
+ @tag_values = args[:tag_values] if args.key?(:tag_values)
+ @update_time = args[:update_time] if args.key?(:update_time)
+ end
+ end
+
+ # Kubernetes Role or ClusterRole.
+ class GoogleCloudSecuritycenterV2Role
+ include Google::Apis::Core::Hashable
+
+ # Role type.
+ # Corresponds to the JSON property `kind`
+ # @return [String]
+ attr_accessor :kind
+
+ # Role name.
+ # Corresponds to the JSON property `name`
+ # @return [String]
+ attr_accessor :name
+
+ # Role namespace.
+ # Corresponds to the JSON property `ns`
+ # @return [String]
+ attr_accessor :ns
+
+ def initialize(**args)
+ update!(**args)
+ end
+
+ # Update properties of this object
+ def update!(**args)
+ @kind = args[:kind] if args.key?(:kind)
+ @name = args[:name] if args.key?(:name)
+ @ns = args[:ns] if args.key?(:ns)
+ end
+ end
+
+ # User specified security marks that are attached to the parent Security Command
+ # Center resource. Security marks are scoped within a Security Command Center
+ # organization -- they can be modified and viewed by all users who have proper
+ # permissions on the organization.
+ class GoogleCloudSecuritycenterV2SecurityMarks
+ include Google::Apis::Core::Hashable
+
+ # The canonical name of the marks. The following list shows some examples: + `
+ # organizations/`organization_id`/assets/`asset_id`/securityMarks" + `
+ # organizations/`organization_id`/sources/`source_id`/findings/`finding_id`/
+ # securityMarks" + `organizations/`organization_id`/sources/`source_id`/
+ # locations/`location`/findings/`finding_id`/securityMarks" + `folders/`
+ # folder_id`/assets/`asset_id`/securityMarks" + `folders/`folder_id`/sources/`
+ # source_id`/findings/`finding_id`/securityMarks" + `folders/`folder_id`/sources/
+ # `source_id`/locations/`location`/findings/`finding_id`/securityMarks" + `
+ # projects/`project_number`/assets/`asset_id`/securityMarks" + `projects/`
+ # project_number`/sources/`source_id`/findings/`finding_id`/securityMarks" + `
+ # projects/`project_number`/sources/`source_id`/locations/`location`/findings/`
+ # finding_id`/securityMarks"
+ # Corresponds to the JSON property `canonicalName`
+ # @return [String]
+ attr_accessor :canonical_name
+
+ # Mutable user specified security marks belonging to the parent resource.
+ # Constraints are as follows: * Keys and values are treated as case insensitive *
+ # Keys must be between 1 - 256 characters (inclusive) * Keys must be letters,
+ # numbers, underscores, or dashes * Values have leading and trailing whitespace
+ # trimmed, remaining characters must be between 1 - 4096 characters (inclusive)
+ # Corresponds to the JSON property `marks`
+ # @return [Hash<String,String>]
+ attr_accessor :marks
+
+ # The relative resource name of the SecurityMarks. See: https://cloud.google.com/
+ # apis/design/resource_names#relative_resource_name The following list shows
+ # some examples: + `organizations/`organization_id`/assets/`asset_id`/
+ # securityMarks` + `organizations/`organization_id`/sources/`source_id`/findings/
+ # `finding_id`/securityMarks` + `organizations/`organization_id`/sources/`
+ # source_id`/locations/`location`/findings/`finding_id`/securityMarks`
+ # Corresponds to the JSON property `name`
+ # @return [String]
+ attr_accessor :name
+
+ def initialize(**args)
+ update!(**args)
+ end
+
+ # Update properties of this object
+ def update!(**args)
+ @canonical_name = args[:canonical_name] if args.key?(:canonical_name)
+ @marks = args[:marks] if args.key?(:marks)
+ @name = args[:name] if args.key?(:name)
+ end
+ end
+
+ # Represents a posture that is deployed on Google Cloud by the Security Command
+ # Center Posture Management service. A posture contains one or more policy sets.
+ # A policy set is a group of policies that enforce a set of security rules on
+ # Google Cloud.
+ class GoogleCloudSecuritycenterV2SecurityPosture
+ include Google::Apis::Core::Hashable
+
+ # The name of the policy that has been updated, for example, `projects/`
+ # project_id`/policies/`constraint_name``.
+ # Corresponds to the JSON property `changedPolicy`
+ # @return [String]
+ attr_accessor :changed_policy
+
+ # Name of the posture, for example, `organizations/`org_id`/locations/`location`/
+ # postures/`posture_name``.
+ # Corresponds to the JSON property `name`
+ # @return [String]
+ attr_accessor :name
+
+ # The name of the posture deployment, for example, `projects/`project_id`/
+ # posturedeployments/`posture_deployment_id``.
+ # Corresponds to the JSON property `postureDeployment`
+ # @return [String]
+ attr_accessor :posture_deployment
+
+ # The project, folder, or organization on which the posture is deployed, for
+ # example, `projects/`project_id``.
+ # Corresponds to the JSON property `postureDeploymentResource`
+ # @return [String]
+ attr_accessor :posture_deployment_resource
+
+ # The version of the posture, for example, `c7cfa2a8`.
+ # Corresponds to the JSON property `revisionId`
+ # @return [String]
+ attr_accessor :revision_id
+
+ def initialize(**args)
+ update!(**args)
+ end
+
+ # Update properties of this object
+ def update!(**args)
+ @changed_policy = args[:changed_policy] if args.key?(:changed_policy)
+ @name = args[:name] if args.key?(:name)
+ @posture_deployment = args[:posture_deployment] if args.key?(:posture_deployment)
+ @posture_deployment_resource = args[:posture_deployment_resource] if args.key?(:posture_deployment_resource)
+ @revision_id = args[:revision_id] if args.key?(:revision_id)
+ end
+ end
+
+ # Identity delegation history of an authenticated service account.
+ class GoogleCloudSecuritycenterV2ServiceAccountDelegationInfo
+ include Google::Apis::Core::Hashable
+
+ # The email address of a Google account.
+ # Corresponds to the JSON property `principalEmail`
+ # @return [String]
+ attr_accessor :principal_email
+
+ # A string representing the principal_subject associated with the identity. As
+ # compared to `principal_email`, supports principals that aren't associated with
+ # email addresses, such as third party principals. For most identities, the
+ # format will be `principal://iam.googleapis.com/`identity pool name`/subjects/`
+ # subject`` except for some GKE identities (GKE_WORKLOAD, FREEFORM,
+ # GKE_HUB_WORKLOAD) that are still in the legacy format `serviceAccount:`
+ # identity pool name`[`subject`]`
+ # Corresponds to the JSON property `principalSubject`
+ # @return [String]
+ attr_accessor :principal_subject
+
+ def initialize(**args)
+ update!(**args)
+ end
+
+ # Update properties of this object
+ def update!(**args)
+ @principal_email = args[:principal_email] if args.key?(:principal_email)
+ @principal_subject = args[:principal_subject] if args.key?(:principal_subject)
+ end
+ end
+
+ # Represents a Kubernetes subject.
+ class GoogleCloudSecuritycenterV2Subject
+ include Google::Apis::Core::Hashable
+
+ # Authentication type for the subject.
+ # Corresponds to the JSON property `kind`
+ # @return [String]
+ attr_accessor :kind
+
+ # Name for the subject.
+ # Corresponds to the JSON property `name`
+ # @return [String]
+ attr_accessor :name
+
+ # Namespace for the subject.
+ # Corresponds to the JSON property `ns`
+ # @return [String]
+ attr_accessor :ns
+
+ def initialize(**args)
+ update!(**args)
+ end
+
+ # Update properties of this object
+ def update!(**args)
+ @kind = args[:kind] if args.key?(:kind)
+ @name = args[:name] if args.key?(:name)
+ @ns = args[:ns] if args.key?(:ns)
+ end
+ end
+
+ # Refers to common vulnerability fields e.g. cve, cvss, cwe etc.
+ class GoogleCloudSecuritycenterV2Vulnerability
+ include Google::Apis::Core::Hashable
+
+ # CVE stands for Common Vulnerabilities and Exposures. More information: https://
+ # cve.mitre.org
+ # Corresponds to the JSON property `cve`
+ # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Cve]
+ attr_accessor :cve
+
+ def initialize(**args)
+ update!(**args)
+ end
+
+ # Update properties of this object
+ def update!(**args)
+ @cve = args[:cve] if args.key?(:cve)
+ end
+ end
+
+ # A signature corresponding to a YARA rule.
+ class GoogleCloudSecuritycenterV2YaraRuleSignature
+ include Google::Apis::Core::Hashable
+
+ # The name of the YARA rule.
+ # Corresponds to the JSON property `yaraRule`
+ # @return [String]
+ attr_accessor :yara_rule
+
+ def initialize(**args)
+ update!(**args)
+ end
+
+ # Update properties of this object
+ def update!(**args)
+ @yara_rule = args[:yara_rule] if args.key?(:yara_rule)
+ end
+ end
+
+ # Represents a particular IAM binding, which captures a member's role addition,
+ # removal, or state.
class IamBinding
include Google::Apis::Core::Hashable
# The action that was performed on a Binding.
# Corresponds to the JSON property `action`
@@ -2947,10 +5509,10 @@
# Kubernetes object group, such as "policy.k8s.io/v1".
# Corresponds to the JSON property `group`
# @return [String]
attr_accessor :group
- # Kubernetes object kind, such as “Namespace”.
+ # Kubernetes object kind, such as "Namespace".
# Corresponds to the JSON property `kind`
# @return [String]
attr_accessor :kind
# Kubernetes object name. For details see https://kubernetes.io/docs/concepts/