lib/google/apis/securitycenter_v1beta2/classes.rb in google-apis-securitycenter_v1beta2-0.57.0 vs lib/google/apis/securitycenter_v1beta2/classes.rb in google-apis-securitycenter_v1beta2-0.58.0

- old
+ new

@@ -390,10 +390,72 @@ @standard = args[:standard] if args.key?(:standard) @version = args[:version] if args.key?(:version) end end + # Result containing the properties and count of a ComplianceSnapshot request. + class ComplianceSnapshot + include Google::Apis::Core::Hashable + + # The category of Findings matching. + # Corresponds to the JSON property `category` + # @return [String] + attr_accessor :category + + # The compliance standard (ie CIS). + # Corresponds to the JSON property `complianceStandard` + # @return [String] + attr_accessor :compliance_standard + + # The compliance version (ie 1.3) in CIS 1.3. + # Corresponds to the JSON property `complianceVersion` + # @return [String] + attr_accessor :compliance_version + + # Total count of findings for the given properties. + # Corresponds to the JSON property `count` + # @return [Fixnum] + attr_accessor :count + + # The leaf container resource name that is closest to the snapshot. + # Corresponds to the JSON property `leafContainerResource` + # @return [String] + attr_accessor :leaf_container_resource + + # The compliance snapshot name. Format: //sources//complianceSnapshots/ + # Corresponds to the JSON property `name` + # @return [String] + attr_accessor :name + + # The CRM resource display name that is closest to the snapshot the Findings + # belong to. + # Corresponds to the JSON property `projectDisplayName` + # @return [String] + attr_accessor :project_display_name + + # The snapshot time of the snapshot. + # Corresponds to the JSON property `snapshotTime` + # @return [String] + attr_accessor :snapshot_time + + def initialize(**args) + update!(**args) + end + + # Update properties of this object + def update!(**args) + @category = args[:category] if args.key?(:category) + @compliance_standard = args[:compliance_standard] if args.key?(:compliance_standard) + @compliance_version = args[:compliance_version] if args.key?(:compliance_version) + @count = args[:count] if args.key?(:count) + @leaf_container_resource = args[:leaf_container_resource] if args.key?(:leaf_container_resource) + @name = args[:name] if args.key?(:name) + @project_display_name = args[:project_display_name] if args.key?(:project_display_name) + @snapshot_time = args[:snapshot_time] if args.key?(:snapshot_time) + end + end + # Configuration of a module. class Config include Google::Apis::Core::Hashable # The state of enablement for the module at its level of the resource hierarchy. @@ -2522,12 +2584,2512 @@ @marks = args[:marks] if args.key?(:marks) @name = args[:name] if args.key?(:name) end end + # Represents an access event. + class GoogleCloudSecuritycenterV2Access + include Google::Apis::Core::Hashable + + # Caller's IP address, such as "1.1.1.1". + # Corresponds to the JSON property `callerIp` + # @return [String] + attr_accessor :caller_ip + + # Represents a geographical location for a given access. + # Corresponds to the JSON property `callerIpGeo` + # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Geolocation] + attr_accessor :caller_ip_geo + + # The method that the service account called, e.g. "SetIamPolicy". + # Corresponds to the JSON property `methodName` + # @return [String] + attr_accessor :method_name + + # Associated email, such as "foo@google.com". The email address of the + # authenticated user or a service account acting on behalf of a third party + # principal making the request. For third party identity callers, the ` + # principal_subject` field is populated instead of this field. For privacy + # reasons, the principal email address is sometimes redacted. For more + # information, see [Caller identities in audit logs](https://cloud.google.com/ + # logging/docs/audit#user-id). + # Corresponds to the JSON property `principalEmail` + # @return [String] + attr_accessor :principal_email + + # A string that represents the principal_subject that is associated with the + # identity. Unlike `principal_email`, `principal_subject` supports principals + # that aren't associated with email addresses, such as third party principals. + # For most identities, the format is `principal://iam.googleapis.com/`identity + # pool name`/subject/`subject``. Some GKE identities, such as GKE_WORKLOAD, + # FREEFORM, and GKE_HUB_WORKLOAD, still use the legacy format `serviceAccount:` + # identity pool name`[`subject`]`. + # Corresponds to the JSON property `principalSubject` + # @return [String] + attr_accessor :principal_subject + + # The identity delegation history of an authenticated service account that made + # the request. The `serviceAccountDelegationInfo[]` object contains information + # about the real authorities that try to access Google Cloud resources by + # delegating on a service account. When multiple authorities are present, they + # are guaranteed to be sorted based on the original ordering of the identity + # delegation events. + # Corresponds to the JSON property `serviceAccountDelegationInfo` + # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2ServiceAccountDelegationInfo>] + attr_accessor :service_account_delegation_info + + # The name of the service account key that was used to create or exchange + # credentials when authenticating the service account that made the request. + # This is a scheme-less URI full resource name. For example: "//iam.googleapis. + # com/projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT`/keys/`key`". + # Corresponds to the JSON property `serviceAccountKeyName` + # @return [String] + attr_accessor :service_account_key_name + + # This is the API service that the service account made a call to, e.g. "iam. + # googleapis.com" + # Corresponds to the JSON property `serviceName` + # @return [String] + attr_accessor :service_name + + # The caller's user agent string associated with the finding. + # Corresponds to the JSON property `userAgent` + # @return [String] + attr_accessor :user_agent + + # Type of user agent associated with the finding. For example, an operating + # system shell or an embedded or standalone application. + # Corresponds to the JSON property `userAgentFamily` + # @return [String] + attr_accessor :user_agent_family + + # A string that represents a username. The username provided depends on the type + # of the finding and is likely not an IAM principal. For example, this can be a + # system username if the finding is related to a virtual machine, or it can be + # an application login username. + # Corresponds to the JSON property `userName` + # @return [String] + attr_accessor :user_name + + def initialize(**args) + update!(**args) + end + + # Update properties of this object + def update!(**args) + @caller_ip = args[:caller_ip] if args.key?(:caller_ip) + @caller_ip_geo = args[:caller_ip_geo] if args.key?(:caller_ip_geo) + @method_name = args[:method_name] if args.key?(:method_name) + @principal_email = args[:principal_email] if args.key?(:principal_email) + @principal_subject = args[:principal_subject] if args.key?(:principal_subject) + @service_account_delegation_info = args[:service_account_delegation_info] if args.key?(:service_account_delegation_info) + @service_account_key_name = args[:service_account_key_name] if args.key?(:service_account_key_name) + @service_name = args[:service_name] if args.key?(:service_name) + @user_agent = args[:user_agent] if args.key?(:user_agent) + @user_agent_family = args[:user_agent_family] if args.key?(:user_agent_family) + @user_name = args[:user_name] if args.key?(:user_name) + end + end + + # Conveys information about a Kubernetes access review (such as one returned by + # a [`kubectl auth can-i`](https://kubernetes.io/docs/reference/access-authn- + # authz/authorization/#checking-api-access) command) that was involved in a + # finding. + class GoogleCloudSecuritycenterV2AccessReview + include Google::Apis::Core::Hashable + + # The API group of the resource. "*" means all. + # Corresponds to the JSON property `group` + # @return [String] + attr_accessor :group + + # The name of the resource being requested. Empty means all. + # Corresponds to the JSON property `name` + # @return [String] + attr_accessor :name + + # Namespace of the action being requested. Currently, there is no distinction + # between no namespace and all namespaces. Both are represented by "" (empty). + # Corresponds to the JSON property `ns` + # @return [String] + attr_accessor :ns + + # The optional resource type requested. "*" means all. + # Corresponds to the JSON property `resource` + # @return [String] + attr_accessor :resource + + # The optional subresource type. + # Corresponds to the JSON property `subresource` + # @return [String] + attr_accessor :subresource + + # A Kubernetes resource API verb, like get, list, watch, create, update, delete, + # proxy. "*" means all. + # Corresponds to the JSON property `verb` + # @return [String] + attr_accessor :verb + + # The API version of the resource. "*" means all. + # Corresponds to the JSON property `version` + # @return [String] + attr_accessor :version + + def initialize(**args) + update!(**args) + end + + # Update properties of this object + def update!(**args) + @group = args[:group] if args.key?(:group) + @name = args[:name] if args.key?(:name) + @ns = args[:ns] if args.key?(:ns) + @resource = args[:resource] if args.key?(:resource) + @subresource = args[:subresource] if args.key?(:subresource) + @verb = args[:verb] if args.key?(:verb) + @version = args[:version] if args.key?(:version) + end + end + + # An attack exposure contains the results of an attack path simulation run. + class GoogleCloudSecuritycenterV2AttackExposure + include Google::Apis::Core::Hashable + + # The resource name of the attack path simulation result that contains the + # details regarding this attack exposure score. Example: organizations/123/ + # attackExposureResults/456 + # Corresponds to the JSON property `attackExposureResult` + # @return [String] + attr_accessor :attack_exposure_result + + # The number of high value resources that are exposed as a result of this + # finding. + # Corresponds to the JSON property `exposedHighValueResourcesCount` + # @return [Fixnum] + attr_accessor :exposed_high_value_resources_count + + # The number of high value resources that are exposed as a result of this + # finding. + # Corresponds to the JSON property `exposedLowValueResourcesCount` + # @return [Fixnum] + attr_accessor :exposed_low_value_resources_count + + # The number of medium value resources that are exposed as a result of this + # finding. + # Corresponds to the JSON property `exposedMediumValueResourcesCount` + # @return [Fixnum] + attr_accessor :exposed_medium_value_resources_count + + # The most recent time the attack exposure was updated on this finding. + # Corresponds to the JSON property `latestCalculationTime` + # @return [String] + attr_accessor :latest_calculation_time + + # A number between 0 (inclusive) and infinity that represents how important this + # finding is to remediate. The higher the score, the more important it is to + # remediate. + # Corresponds to the JSON property `score` + # @return [Float] + attr_accessor :score + + # Output only. What state this AttackExposure is in. This captures whether or + # not an attack exposure has been calculated or not. + # Corresponds to the JSON property `state` + # @return [String] + attr_accessor :state + + def initialize(**args) + update!(**args) + end + + # Update properties of this object + def update!(**args) + @attack_exposure_result = args[:attack_exposure_result] if args.key?(:attack_exposure_result) + @exposed_high_value_resources_count = args[:exposed_high_value_resources_count] if args.key?(:exposed_high_value_resources_count) + @exposed_low_value_resources_count = args[:exposed_low_value_resources_count] if args.key?(:exposed_low_value_resources_count) + @exposed_medium_value_resources_count = args[:exposed_medium_value_resources_count] if args.key?(:exposed_medium_value_resources_count) + @latest_calculation_time = args[:latest_calculation_time] if args.key?(:latest_calculation_time) + @score = args[:score] if args.key?(:score) + @state = args[:state] if args.key?(:state) + end + end + + # Configures how to deliver Findings to BigQuery Instance. + class GoogleCloudSecuritycenterV2BigQueryExport + include Google::Apis::Core::Hashable + + # Output only. The time at which the BigQuery export was created. This field is + # set by the server and will be ignored if provided on export on creation. + # Corresponds to the JSON property `createTime` + # @return [String] + attr_accessor :create_time + + # The dataset to write findings' updates to. Its format is "projects/[project_id] + # /datasets/[bigquery_dataset_id]". BigQuery Dataset unique ID must contain only + # letters (a-z, A-Z), numbers (0-9), or underscores (_). + # Corresponds to the JSON property `dataset` + # @return [String] + attr_accessor :dataset + + # The description of the export (max of 1024 characters). + # Corresponds to the JSON property `description` + # @return [String] + attr_accessor :description + + # Expression that defines the filter to apply across create/update events of + # findings. The expression is a list of zero or more restrictions combined via + # logical operators `AND` and `OR`. Parentheses are supported, and `OR` has + # higher precedence than `AND`. Restrictions have the form ` ` and may have a `-` + # character in front of them to indicate negation. The fields map to those + # defined in the corresponding resource. The supported operators are: * `=` for + # all value types. * `>`, `<`, `>=`, `<=` for integer values. * `:`, meaning + # substring matching, for strings. The supported value types are: * string + # literals in quotes. * integer literals without quotes. * boolean literals ` + # true` and `false` without quotes. + # Corresponds to the JSON property `filter` + # @return [String] + attr_accessor :filter + + # Output only. Email address of the user who last edited the BigQuery export. + # This field is set by the server and will be ignored if provided on export + # creation or update. + # Corresponds to the JSON property `mostRecentEditor` + # @return [String] + attr_accessor :most_recent_editor + + # The relative resource name of this export. See: https://cloud.google.com/apis/ + # design/resource_names#relative_resource_name. The following list shows some + # examples: + `organizations/`organization_id`/locations/`location_id`/ + # bigQueryExports/`export_id`` + `folders/`folder_id`/locations/`location_id`/ + # bigQueryExports/`export_id`` + `projects/`project_id`/locations/`location_id`/ + # bigQueryExports/`export_id`` This field is provided in responses, and is + # ignored when provided in create requests. + # Corresponds to the JSON property `name` + # @return [String] + attr_accessor :name + + # Output only. The service account that needs permission to create table and + # upload data to the BigQuery dataset. + # Corresponds to the JSON property `principal` + # @return [String] + attr_accessor :principal + + # Output only. The most recent time at which the BigQuery export was updated. + # This field is set by the server and will be ignored if provided on export + # creation or update. + # Corresponds to the JSON property `updateTime` + # @return [String] + attr_accessor :update_time + + def initialize(**args) + update!(**args) + end + + # Update properties of this object + def update!(**args) + @create_time = args[:create_time] if args.key?(:create_time) + @dataset = args[:dataset] if args.key?(:dataset) + @description = args[:description] if args.key?(:description) + @filter = args[:filter] if args.key?(:filter) + @most_recent_editor = args[:most_recent_editor] if args.key?(:most_recent_editor) + @name = args[:name] if args.key?(:name) + @principal = args[:principal] if args.key?(:principal) + @update_time = args[:update_time] if args.key?(:update_time) + end + end + + # Represents a Kubernetes RoleBinding or ClusterRoleBinding. + class GoogleCloudSecuritycenterV2Binding + include Google::Apis::Core::Hashable + + # Name for the binding. + # Corresponds to the JSON property `name` + # @return [String] + attr_accessor :name + + # Namespace for the binding. + # Corresponds to the JSON property `ns` + # @return [String] + attr_accessor :ns + + # Kubernetes Role or ClusterRole. + # Corresponds to the JSON property `role` + # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Role] + attr_accessor :role + + # Represents one or more subjects that are bound to the role. Not always + # available for PATCH requests. + # Corresponds to the JSON property `subjects` + # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Subject>] + attr_accessor :subjects + + def initialize(**args) + update!(**args) + end + + # Update properties of this object + def update!(**args) + @name = args[:name] if args.key?(:name) + @ns = args[:ns] if args.key?(:ns) + @role = args[:role] if args.key?(:role) + @subjects = args[:subjects] if args.key?(:subjects) + end + end + + # The response to a BulkMute request. Contains the LRO information. + class GoogleCloudSecuritycenterV2BulkMuteFindingsResponse + include Google::Apis::Core::Hashable + + def initialize(**args) + update!(**args) + end + + # Update properties of this object + def update!(**args) + end + end + + # The [data profile](https://cloud.google.com/dlp/docs/data-profiles) associated + # with the finding. + class GoogleCloudSecuritycenterV2CloudDlpDataProfile + include Google::Apis::Core::Hashable + + # Name of the data profile, for example, `projects/123/locations/europe/ + # tableProfiles/8383929`. + # Corresponds to the JSON property `dataProfile` + # @return [String] + attr_accessor :data_profile + + # The resource hierarchy level at which the data profile was generated. + # Corresponds to the JSON property `parentType` + # @return [String] + attr_accessor :parent_type + + def initialize(**args) + update!(**args) + end + + # Update properties of this object + def update!(**args) + @data_profile = args[:data_profile] if args.key?(:data_profile) + @parent_type = args[:parent_type] if args.key?(:parent_type) + end + end + + # Details about the Cloud Data Loss Prevention (Cloud DLP) [inspection job]( + # https://cloud.google.com/dlp/docs/concepts-job-triggers) that produced the + # finding. + class GoogleCloudSecuritycenterV2CloudDlpInspection + include Google::Apis::Core::Hashable + + # Whether Cloud DLP scanned the complete resource or a sampled subset. + # Corresponds to the JSON property `fullScan` + # @return [Boolean] + attr_accessor :full_scan + alias_method :full_scan?, :full_scan + + # The type of information (or *[infoType](https://cloud.google.com/dlp/docs/ + # infotypes-reference)*) found, for example, `EMAIL_ADDRESS` or `STREET_ADDRESS`. + # Corresponds to the JSON property `infoType` + # @return [String] + attr_accessor :info_type + + # The number of times Cloud DLP found this infoType within this job and resource. + # Corresponds to the JSON property `infoTypeCount` + # @return [Fixnum] + attr_accessor :info_type_count + + # Name of the inspection job, for example, `projects/123/locations/europe/ + # dlpJobs/i-8383929`. + # Corresponds to the JSON property `inspectJob` + # @return [String] + attr_accessor :inspect_job + + def initialize(**args) + update!(**args) + end + + # Update properties of this object + def update!(**args) + @full_scan = args[:full_scan] if args.key?(:full_scan) + @info_type = args[:info_type] if args.key?(:info_type) + @info_type_count = args[:info_type_count] if args.key?(:info_type_count) + @inspect_job = args[:inspect_job] if args.key?(:inspect_job) + end + end + + # Metadata taken from a [Cloud Logging LogEntry](https://cloud.google.com/ + # logging/docs/reference/v2/rest/v2/LogEntry) + class GoogleCloudSecuritycenterV2CloudLoggingEntry + include Google::Apis::Core::Hashable + + # A unique identifier for the log entry. + # Corresponds to the JSON property `insertId` + # @return [String] + attr_accessor :insert_id + + # The type of the log (part of `log_name`. `log_name` is the resource name of + # the log to which this log entry belongs). For example: `cloudresourcemanager. + # googleapis.com/activity` Note that this field is not URL-encoded, unlike in ` + # LogEntry`. + # Corresponds to the JSON property `logId` + # @return [String] + attr_accessor :log_id + + # The organization, folder, or project of the monitored resource that produced + # this log entry. + # Corresponds to the JSON property `resourceContainer` + # @return [String] + attr_accessor :resource_container + + # The time the event described by the log entry occurred. + # Corresponds to the JSON property `timestamp` + # @return [String] + attr_accessor :timestamp + + def initialize(**args) + update!(**args) + end + + # Update properties of this object + def update!(**args) + @insert_id = args[:insert_id] if args.key?(:insert_id) + @log_id = args[:log_id] if args.key?(:log_id) + @resource_container = args[:resource_container] if args.key?(:resource_container) + @timestamp = args[:timestamp] if args.key?(:timestamp) + end + end + + # Contains compliance information about a security standard indicating unmet + # recommendations. + class GoogleCloudSecuritycenterV2Compliance + include Google::Apis::Core::Hashable + + # Policies within the standard or benchmark, for example, A.12.4.1 + # Corresponds to the JSON property `ids` + # @return [Array<String>] + attr_accessor :ids + + # Industry-wide compliance standards or benchmarks, such as CIS, PCI, and OWASP. + # Corresponds to the JSON property `standard` + # @return [String] + attr_accessor :standard + + # Version of the standard or benchmark, for example, 1.1 + # Corresponds to the JSON property `version` + # @return [String] + attr_accessor :version + + def initialize(**args) + update!(**args) + end + + # Update properties of this object + def update!(**args) + @ids = args[:ids] if args.key?(:ids) + @standard = args[:standard] if args.key?(:standard) + @version = args[:version] if args.key?(:version) + end + end + + # Contains information about the IP connection associated with the finding. + class GoogleCloudSecuritycenterV2Connection + include Google::Apis::Core::Hashable + + # Destination IP address. Not present for sockets that are listening and not + # connected. + # Corresponds to the JSON property `destinationIp` + # @return [String] + attr_accessor :destination_ip + + # Destination port. Not present for sockets that are listening and not connected. + # Corresponds to the JSON property `destinationPort` + # @return [Fixnum] + attr_accessor :destination_port + + # IANA Internet Protocol Number such as TCP(6) and UDP(17). + # Corresponds to the JSON property `protocol` + # @return [String] + attr_accessor :protocol + + # Source IP address. + # Corresponds to the JSON property `sourceIp` + # @return [String] + attr_accessor :source_ip + + # Source port. + # Corresponds to the JSON property `sourcePort` + # @return [Fixnum] + attr_accessor :source_port + + def initialize(**args) + update!(**args) + end + + # Update properties of this object + def update!(**args) + @destination_ip = args[:destination_ip] if args.key?(:destination_ip) + @destination_port = args[:destination_port] if args.key?(:destination_port) + @protocol = args[:protocol] if args.key?(:protocol) + @source_ip = args[:source_ip] if args.key?(:source_ip) + @source_port = args[:source_port] if args.key?(:source_port) + end + end + + # The email address of a contact. + class GoogleCloudSecuritycenterV2Contact + include Google::Apis::Core::Hashable + + # An email address. For example, "`person123@company.com`". + # Corresponds to the JSON property `email` + # @return [String] + attr_accessor :email + + def initialize(**args) + update!(**args) + end + + # Update properties of this object + def update!(**args) + @email = args[:email] if args.key?(:email) + end + end + + # Details about specific contacts + class GoogleCloudSecuritycenterV2ContactDetails + include Google::Apis::Core::Hashable + + # A list of contacts + # Corresponds to the JSON property `contacts` + # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Contact>] + attr_accessor :contacts + + def initialize(**args) + update!(**args) + end + + # Update properties of this object + def update!(**args) + @contacts = args[:contacts] if args.key?(:contacts) + end + end + + # Container associated with the finding. + class GoogleCloudSecuritycenterV2Container + include Google::Apis::Core::Hashable + + # The time that the container was created. + # Corresponds to the JSON property `createTime` + # @return [String] + attr_accessor :create_time + + # Optional container image ID, if provided by the container runtime. Uniquely + # identifies the container image launched using a container image digest. + # Corresponds to the JSON property `imageId` + # @return [String] + attr_accessor :image_id + + # Container labels, as provided by the container runtime. + # Corresponds to the JSON property `labels` + # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Label>] + attr_accessor :labels + + # Name of the container. + # Corresponds to the JSON property `name` + # @return [String] + attr_accessor :name + + # Container image URI provided when configuring a pod or container. This string + # can identify a container image version using mutable tags. + # Corresponds to the JSON property `uri` + # @return [String] + attr_accessor :uri + + def initialize(**args) + update!(**args) + end + + # Update properties of this object + def update!(**args) + @create_time = args[:create_time] if args.key?(:create_time) + @image_id = args[:image_id] if args.key?(:image_id) + @labels = args[:labels] if args.key?(:labels) + @name = args[:name] if args.key?(:name) + @uri = args[:uri] if args.key?(:uri) + end + end + + # CVE stands for Common Vulnerabilities and Exposures. More information: https:// + # cve.mitre.org + class GoogleCloudSecuritycenterV2Cve + include Google::Apis::Core::Hashable + + # Common Vulnerability Scoring System version 3. + # Corresponds to the JSON property `cvssv3` + # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Cvssv3] + attr_accessor :cvssv3 + + # The unique identifier for the vulnerability. e.g. CVE-2021-34527 + # Corresponds to the JSON property `id` + # @return [String] + attr_accessor :id + + # Additional information about the CVE. e.g. https://cve.mitre.org/cgi-bin/ + # cvename.cgi?name=CVE-2021-34527 + # Corresponds to the JSON property `references` + # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Reference>] + attr_accessor :references + + # Whether upstream fix is available for the CVE. + # Corresponds to the JSON property `upstreamFixAvailable` + # @return [Boolean] + attr_accessor :upstream_fix_available + alias_method :upstream_fix_available?, :upstream_fix_available + + def initialize(**args) + update!(**args) + end + + # Update properties of this object + def update!(**args) + @cvssv3 = args[:cvssv3] if args.key?(:cvssv3) + @id = args[:id] if args.key?(:id) + @references = args[:references] if args.key?(:references) + @upstream_fix_available = args[:upstream_fix_available] if args.key?(:upstream_fix_available) + end + end + + # Common Vulnerability Scoring System version 3. + class GoogleCloudSecuritycenterV2Cvssv3 + include Google::Apis::Core::Hashable + + # This metric describes the conditions beyond the attacker's control that must + # exist in order to exploit the vulnerability. + # Corresponds to the JSON property `attackComplexity` + # @return [String] + attr_accessor :attack_complexity + + # Base Metrics Represents the intrinsic characteristics of a vulnerability that + # are constant over time and across user environments. This metric reflects the + # context by which vulnerability exploitation is possible. + # Corresponds to the JSON property `attackVector` + # @return [String] + attr_accessor :attack_vector + + # This metric measures the impact to the availability of the impacted component + # resulting from a successfully exploited vulnerability. + # Corresponds to the JSON property `availabilityImpact` + # @return [String] + attr_accessor :availability_impact + + # The base score is a function of the base metric scores. + # Corresponds to the JSON property `baseScore` + # @return [Float] + attr_accessor :base_score + + # This metric measures the impact to the confidentiality of the information + # resources managed by a software component due to a successfully exploited + # vulnerability. + # Corresponds to the JSON property `confidentialityImpact` + # @return [String] + attr_accessor :confidentiality_impact + + # This metric measures the impact to integrity of a successfully exploited + # vulnerability. + # Corresponds to the JSON property `integrityImpact` + # @return [String] + attr_accessor :integrity_impact + + # This metric describes the level of privileges an attacker must possess before + # successfully exploiting the vulnerability. + # Corresponds to the JSON property `privilegesRequired` + # @return [String] + attr_accessor :privileges_required + + # The Scope metric captures whether a vulnerability in one vulnerable component + # impacts resources in components beyond its security scope. + # Corresponds to the JSON property `scope` + # @return [String] + attr_accessor :scope + + # This metric captures the requirement for a human user, other than the attacker, + # to participate in the successful compromise of the vulnerable component. + # Corresponds to the JSON property `userInteraction` + # @return [String] + attr_accessor :user_interaction + + def initialize(**args) + update!(**args) + end + + # Update properties of this object + def update!(**args) + @attack_complexity = args[:attack_complexity] if args.key?(:attack_complexity) + @attack_vector = args[:attack_vector] if args.key?(:attack_vector) + @availability_impact = args[:availability_impact] if args.key?(:availability_impact) + @base_score = args[:base_score] if args.key?(:base_score) + @confidentiality_impact = args[:confidentiality_impact] if args.key?(:confidentiality_impact) + @integrity_impact = args[:integrity_impact] if args.key?(:integrity_impact) + @privileges_required = args[:privileges_required] if args.key?(:privileges_required) + @scope = args[:scope] if args.key?(:scope) + @user_interaction = args[:user_interaction] if args.key?(:user_interaction) + end + end + + # Represents database access information, such as queries. A database may be a + # sub-resource of an instance (as in the case of Cloud SQL instances or Cloud + # Spanner instances), or the database instance itself. Some database resources + # might not have the [full resource name](https://google.aip.dev/122#full- + # resource-names) populated because these resource types, such as Cloud SQL + # databases, are not yet supported by Cloud Asset Inventory. In these cases only + # the display name is provided. + class GoogleCloudSecuritycenterV2Database + include Google::Apis::Core::Hashable + + # The human-readable name of the database that the user connected to. + # Corresponds to the JSON property `displayName` + # @return [String] + attr_accessor :display_name + + # The target usernames, roles, or groups of an SQL privilege grant, which is not + # an IAM policy change. + # Corresponds to the JSON property `grantees` + # @return [Array<String>] + attr_accessor :grantees + + # Some database resources may not have the [full resource name](https://google. + # aip.dev/122#full-resource-names) populated because these resource types are + # not yet supported by Cloud Asset Inventory (e.g. Cloud SQL databases). In + # these cases only the display name will be provided. The [full resource name]( + # https://google.aip.dev/122#full-resource-names) of the database that the user + # connected to, if it is supported by Cloud Asset Inventory. + # Corresponds to the JSON property `name` + # @return [String] + attr_accessor :name + + # The SQL statement that is associated with the database access. + # Corresponds to the JSON property `query` + # @return [String] + attr_accessor :query + + # The username used to connect to the database. The username might not be an IAM + # principal and does not have a set format. + # Corresponds to the JSON property `userName` + # @return [String] + attr_accessor :user_name + + # The version of the database, for example, POSTGRES_14. See [the complete list]( + # https://cloud.google.com/sql/docs/mysql/admin-api/rest/v1/SqlDatabaseVersion). + # Corresponds to the JSON property `version` + # @return [String] + attr_accessor :version + + def initialize(**args) + update!(**args) + end + + # Update properties of this object + def update!(**args) + @display_name = args[:display_name] if args.key?(:display_name) + @grantees = args[:grantees] if args.key?(:grantees) + @name = args[:name] if args.key?(:name) + @query = args[:query] if args.key?(:query) + @user_name = args[:user_name] if args.key?(:user_name) + @version = args[:version] if args.key?(:version) + end + end + + # Memory hash detection contributing to the binary family match. + class GoogleCloudSecuritycenterV2Detection + include Google::Apis::Core::Hashable + + # The name of the binary associated with the memory hash signature detection. + # Corresponds to the JSON property `binary` + # @return [String] + attr_accessor :binary + + # The percentage of memory page hashes in the signature that were matched. + # Corresponds to the JSON property `percentPagesMatched` + # @return [Float] + attr_accessor :percent_pages_matched + + def initialize(**args) + update!(**args) + end + + # Update properties of this object + def update!(**args) + @binary = args[:binary] if args.key?(:binary) + @percent_pages_matched = args[:percent_pages_matched] if args.key?(:percent_pages_matched) + end + end + + # A name-value pair representing an environment variable used in an operating + # system process. + class GoogleCloudSecuritycenterV2EnvironmentVariable + include Google::Apis::Core::Hashable + + # Environment variable name as a JSON encoded string. + # Corresponds to the JSON property `name` + # @return [String] + attr_accessor :name + + # Environment variable value as a JSON encoded string. + # Corresponds to the JSON property `val` + # @return [String] + attr_accessor :val + + def initialize(**args) + update!(**args) + end + + # Update properties of this object + def update!(**args) + @name = args[:name] if args.key?(:name) + @val = args[:val] if args.key?(:val) + end + end + + # Resource where data was exfiltrated from or exfiltrated to. + class GoogleCloudSecuritycenterV2ExfilResource + include Google::Apis::Core::Hashable + + # Subcomponents of the asset that was exfiltrated, like URIs used during + # exfiltration, table names, databases, and filenames. For example, multiple + # tables might have been exfiltrated from the same Cloud SQL instance, or + # multiple files might have been exfiltrated from the same Cloud Storage bucket. + # Corresponds to the JSON property `components` + # @return [Array<String>] + attr_accessor :components + + # The resource's [full resource name](https://cloud.google.com/apis/design/ + # resource_names#full_resource_name). + # Corresponds to the JSON property `name` + # @return [String] + attr_accessor :name + + def initialize(**args) + update!(**args) + end + + # Update properties of this object + def update!(**args) + @components = args[:components] if args.key?(:components) + @name = args[:name] if args.key?(:name) + end + end + + # Exfiltration represents a data exfiltration attempt from one or more sources + # to one or more targets. The `sources` attribute lists the sources of the + # exfiltrated data. The `targets` attribute lists the destinations the data was + # copied to. + class GoogleCloudSecuritycenterV2Exfiltration + include Google::Apis::Core::Hashable + + # If there are multiple sources, then the data is considered "joined" between + # them. For instance, BigQuery can join multiple tables, and each table would be + # considered a source. + # Corresponds to the JSON property `sources` + # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2ExfilResource>] + attr_accessor :sources + + # If there are multiple targets, each target would get a complete copy of the " + # joined" source data. + # Corresponds to the JSON property `targets` + # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2ExfilResource>] + attr_accessor :targets + + # Total exfiltrated bytes processed for the entire job. + # Corresponds to the JSON property `totalExfiltratedBytes` + # @return [Fixnum] + attr_accessor :total_exfiltrated_bytes + + def initialize(**args) + update!(**args) + end + + # Update properties of this object + def update!(**args) + @sources = args[:sources] if args.key?(:sources) + @targets = args[:targets] if args.key?(:targets) + @total_exfiltrated_bytes = args[:total_exfiltrated_bytes] if args.key?(:total_exfiltrated_bytes) + end + end + + # Representation of third party SIEM/SOAR fields within SCC. + class GoogleCloudSecuritycenterV2ExternalSystem + include Google::Apis::Core::Hashable + + # References primary/secondary etc assignees in the external system. + # Corresponds to the JSON property `assignees` + # @return [Array<String>] + attr_accessor :assignees + + # The time when the case was last updated, as reported by the external system. + # Corresponds to the JSON property `externalSystemUpdateTime` + # @return [String] + attr_accessor :external_system_update_time + + # The identifier that's used to track the finding's corresponding case in the + # external system. + # Corresponds to the JSON property `externalUid` + # @return [String] + attr_accessor :external_uid + + # Full resource name of the external system. The following list shows some + # examples: + `organizations/1234/sources/5678/findings/123456/externalSystems/ + # jira` + `organizations/1234/sources/5678/locations/us/findings/123456/ + # externalSystems/jira` + `folders/1234/sources/5678/findings/123456/ + # externalSystems/jira` + `folders/1234/sources/5678/locations/us/findings/ + # 123456/externalSystems/jira` + `projects/1234/sources/5678/findings/123456/ + # externalSystems/jira` + `projects/1234/sources/5678/locations/us/findings/ + # 123456/externalSystems/jira` + # Corresponds to the JSON property `name` + # @return [String] + attr_accessor :name + + # The most recent status of the finding's corresponding case, as reported by the + # external system. + # Corresponds to the JSON property `status` + # @return [String] + attr_accessor :status + + def initialize(**args) + update!(**args) + end + + # Update properties of this object + def update!(**args) + @assignees = args[:assignees] if args.key?(:assignees) + @external_system_update_time = args[:external_system_update_time] if args.key?(:external_system_update_time) + @external_uid = args[:external_uid] if args.key?(:external_uid) + @name = args[:name] if args.key?(:name) + @status = args[:status] if args.key?(:status) + end + end + + # File information about the related binary/library used by an executable, or + # the script used by a script interpreter + class GoogleCloudSecuritycenterV2File + include Google::Apis::Core::Hashable + + # Prefix of the file contents as a JSON-encoded string. + # Corresponds to the JSON property `contents` + # @return [String] + attr_accessor :contents + + # The length in bytes of the file prefix that was hashed. If hashed_size == size, + # any hashes reported represent the entire file. + # Corresponds to the JSON property `hashedSize` + # @return [Fixnum] + attr_accessor :hashed_size + + # True when the hash covers only a prefix of the file. + # Corresponds to the JSON property `partiallyHashed` + # @return [Boolean] + attr_accessor :partially_hashed + alias_method :partially_hashed?, :partially_hashed + + # Absolute path of the file as a JSON encoded string. + # Corresponds to the JSON property `path` + # @return [String] + attr_accessor :path + + # SHA256 hash of the first hashed_size bytes of the file encoded as a hex string. + # If hashed_size == size, sha256 represents the SHA256 hash of the entire file. + # Corresponds to the JSON property `sha256` + # @return [String] + attr_accessor :sha256 + + # Size of the file in bytes. + # Corresponds to the JSON property `size` + # @return [Fixnum] + attr_accessor :size + + def initialize(**args) + update!(**args) + end + + # Update properties of this object + def update!(**args) + @contents = args[:contents] if args.key?(:contents) + @hashed_size = args[:hashed_size] if args.key?(:hashed_size) + @partially_hashed = args[:partially_hashed] if args.key?(:partially_hashed) + @path = args[:path] if args.key?(:path) + @sha256 = args[:sha256] if args.key?(:sha256) + @size = args[:size] if args.key?(:size) + end + end + + # Security Command Center finding. A finding is a record of assessment data like + # security, risk, health, or privacy, that is ingested into Security Command + # Center for presentation, notification, analysis, policy testing, and + # enforcement. For example, a cross-site scripting (XSS) vulnerability in an App + # Engine application is a finding. + class GoogleCloudSecuritycenterV2Finding + include Google::Apis::Core::Hashable + + # Represents an access event. + # Corresponds to the JSON property `access` + # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Access] + attr_accessor :access + + # An attack exposure contains the results of an attack path simulation run. + # Corresponds to the JSON property `attackExposure` + # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2AttackExposure] + attr_accessor :attack_exposure + + # Output only. The canonical name of the finding. The following list shows some + # examples: + `organizations/`organization_id`/sources/`source_id`/findings/` + # finding_id`` + `organizations/`organization_id`/sources/`source_id`/locations/` + # location_id`/findings/`finding_id`` + `folders/`folder_id`/sources/`source_id`/ + # findings/`finding_id`` + `folders/`folder_id`/sources/`source_id`/locations/` + # location_id`/findings/`finding_id`` + `projects/`project_id`/sources/` + # source_id`/findings/`finding_id`` + `projects/`project_id`/sources/`source_id`/ + # locations/`location_id`/findings/`finding_id`` The prefix is the closest CRM + # ancestor of the resource associated with the finding. + # Corresponds to the JSON property `canonicalName` + # @return [String] + attr_accessor :canonical_name + + # Immutable. The additional taxonomy group within findings from a given source. + # Example: "XSS_FLASH_INJECTION" + # Corresponds to the JSON property `category` + # @return [String] + attr_accessor :category + + # The [data profile](https://cloud.google.com/dlp/docs/data-profiles) associated + # with the finding. + # Corresponds to the JSON property `cloudDlpDataProfile` + # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2CloudDlpDataProfile] + attr_accessor :cloud_dlp_data_profile + + # Details about the Cloud Data Loss Prevention (Cloud DLP) [inspection job]( + # https://cloud.google.com/dlp/docs/concepts-job-triggers) that produced the + # finding. + # Corresponds to the JSON property `cloudDlpInspection` + # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2CloudDlpInspection] + attr_accessor :cloud_dlp_inspection + + # Contains compliance information for security standards associated to the + # finding. + # Corresponds to the JSON property `compliances` + # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Compliance>] + attr_accessor :compliances + + # Contains information about the IP connection associated with the finding. + # Corresponds to the JSON property `connections` + # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Connection>] + attr_accessor :connections + + # Output only. Map containing the points of contact for the given finding. The + # key represents the type of contact, while the value contains a list of all the + # contacts that pertain. Please refer to: https://cloud.google.com/resource- + # manager/docs/managing-notification-contacts#notification-categories ` " + # security": ` "contacts": [ ` "email": "person1@company.com" `, ` "email": " + # person2@company.com" ` ] ` ` + # Corresponds to the JSON property `contacts` + # @return [Hash<String,Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2ContactDetails>] + attr_accessor :contacts + + # Containers associated with the finding. This field provides information for + # both Kubernetes and non-Kubernetes containers. + # Corresponds to the JSON property `containers` + # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Container>] + attr_accessor :containers + + # Output only. The time at which the finding was created in Security Command + # Center. + # Corresponds to the JSON property `createTime` + # @return [String] + attr_accessor :create_time + + # Represents database access information, such as queries. A database may be a + # sub-resource of an instance (as in the case of Cloud SQL instances or Cloud + # Spanner instances), or the database instance itself. Some database resources + # might not have the [full resource name](https://google.aip.dev/122#full- + # resource-names) populated because these resource types, such as Cloud SQL + # databases, are not yet supported by Cloud Asset Inventory. In these cases only + # the display name is provided. + # Corresponds to the JSON property `database` + # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Database] + attr_accessor :database + + # Contains more details about the finding. + # Corresponds to the JSON property `description` + # @return [String] + attr_accessor :description + + # The time the finding was first detected. If an existing finding is updated, + # then this is the time the update occurred. For example, if the finding + # represents an open firewall, this property captures the time the detector + # believes the firewall became open. The accuracy is determined by the detector. + # If the finding is later resolved, then this time reflects when the finding was + # resolved. This must not be set to a value greater than the current timestamp. + # Corresponds to the JSON property `eventTime` + # @return [String] + attr_accessor :event_time + + # Exfiltration represents a data exfiltration attempt from one or more sources + # to one or more targets. The `sources` attribute lists the sources of the + # exfiltrated data. The `targets` attribute lists the destinations the data was + # copied to. + # Corresponds to the JSON property `exfiltration` + # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Exfiltration] + attr_accessor :exfiltration + + # Output only. Third party SIEM/SOAR fields within SCC, contains external system + # information and external system finding fields. + # Corresponds to the JSON property `externalSystems` + # @return [Hash<String,Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2ExternalSystem>] + attr_accessor :external_systems + + # The URI that, if available, points to a web page outside of Security Command + # Center where additional information about the finding can be found. This field + # is guaranteed to be either empty or a well formed URL. + # Corresponds to the JSON property `externalUri` + # @return [String] + attr_accessor :external_uri + + # File associated with the finding. + # Corresponds to the JSON property `files` + # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2File>] + attr_accessor :files + + # The class of the finding. + # Corresponds to the JSON property `findingClass` + # @return [String] + attr_accessor :finding_class + + # Represents IAM bindings associated with the finding. + # Corresponds to the JSON property `iamBindings` + # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2IamBinding>] + attr_accessor :iam_bindings + + # Represents what's commonly known as an _indicator of compromise_ (IoC) in + # computer forensics. This is an artifact observed on a network or in an + # operating system that, with high confidence, indicates a computer intrusion. + # For more information, see [Indicator of compromise](https://en.wikipedia.org/ + # wiki/Indicator_of_compromise). + # Corresponds to the JSON property `indicator` + # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Indicator] + attr_accessor :indicator + + # Kernel mode rootkit signatures. + # Corresponds to the JSON property `kernelRootkit` + # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2KernelRootkit] + attr_accessor :kernel_rootkit + + # Kubernetes-related attributes. + # Corresponds to the JSON property `kubernetes` + # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Kubernetes] + attr_accessor :kubernetes + + # The load balancers associated with the finding. + # Corresponds to the JSON property `loadBalancers` + # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2LoadBalancer>] + attr_accessor :load_balancers + + # Log entries that are relevant to the finding. + # Corresponds to the JSON property `logEntries` + # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2LogEntry>] + attr_accessor :log_entries + + # MITRE ATT&CK tactics and techniques related to this finding. See: https:// + # attack.mitre.org + # Corresponds to the JSON property `mitreAttack` + # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2MitreAttack] + attr_accessor :mitre_attack + + # Unique identifier of the module which generated the finding. Example: folders/ + # 598186756061/securityHealthAnalyticsSettings/customModules/56799441161885 + # Corresponds to the JSON property `moduleName` + # @return [String] + attr_accessor :module_name + + # Indicates the mute state of a finding (either muted, unmuted or undefined). + # Unlike other attributes of a finding, a finding provider shouldn't set the + # value of mute. + # Corresponds to the JSON property `mute` + # @return [String] + attr_accessor :mute + + # Records additional information about the mute operation, for example, the [ + # mute configuration](https://cloud.google.com/security-command-center/docs/how- + # to-mute-findings) that muted the finding and the user who muted the finding. + # Corresponds to the JSON property `muteInitiator` + # @return [String] + attr_accessor :mute_initiator + + # Output only. The most recent time this finding was muted or unmuted. + # Corresponds to the JSON property `muteUpdateTime` + # @return [String] + attr_accessor :mute_update_time + + # The [relative resource name](https://cloud.google.com/apis/design/ + # resource_names#relative_resource_name) of the finding. The following list + # shows some examples: + `organizations/`organization_id`/sources/`source_id`/ + # findings/`finding_id`` + `organizations/`organization_id`/sources/`source_id`/ + # locations/`location_id`/findings/`finding_id`` + `folders/`folder_id`/sources/` + # source_id`/findings/`finding_id`` + `folders/`folder_id`/sources/`source_id`/ + # locations/`location_id`/findings/`finding_id`` + `projects/`project_id`/ + # sources/`source_id`/findings/`finding_id`` + `projects/`project_id`/sources/` + # source_id`/locations/`location_id`/findings/`finding_id`` + # Corresponds to the JSON property `name` + # @return [String] + attr_accessor :name + + # Steps to address the finding. + # Corresponds to the JSON property `nextSteps` + # @return [String] + attr_accessor :next_steps + + # Contains information about the org policies associated with the finding. + # Corresponds to the JSON property `orgPolicies` + # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2OrgPolicy>] + attr_accessor :org_policies + + # The relative resource name of the source and location the finding belongs to. + # See: https://cloud.google.com/apis/design/resource_names# + # relative_resource_name This field is immutable after creation time. The + # following list shows some examples: + `organizations/`organization_id`/sources/ + # `source_id`` + `folders/`folders_id`/sources/`source_id`` + `projects/` + # projects_id`/sources/`source_id`` + `organizations/`organization_id`/sources/` + # source_id`/locations/`location_id`` + `folders/`folders_id`/sources/`source_id` + # /locations/`location_id`` + `projects/`projects_id`/sources/`source_id`/ + # locations/`location_id`` + # Corresponds to the JSON property `parent` + # @return [String] + attr_accessor :parent + + # Output only. The human readable display name of the finding source such as " + # Event Threat Detection" or "Security Health Analytics". + # Corresponds to the JSON property `parentDisplayName` + # @return [String] + attr_accessor :parent_display_name + + # Represents operating system processes associated with the Finding. + # Corresponds to the JSON property `processes` + # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Process>] + attr_accessor :processes + + # Immutable. For findings on Google Cloud resources, the full resource name of + # the Google Cloud resource this finding is for. See: https://cloud.google.com/ + # apis/design/resource_names#full_resource_name When the finding is for a non- + # Google Cloud resource, the resourceName can be a customer or partner defined + # string. + # Corresponds to the JSON property `resourceName` + # @return [String] + attr_accessor :resource_name + + # User specified security marks that are attached to the parent Security Command + # Center resource. Security marks are scoped within a Security Command Center + # organization -- they can be modified and viewed by all users who have proper + # permissions on the organization. + # Corresponds to the JSON property `securityMarks` + # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2SecurityMarks] + attr_accessor :security_marks + + # Represents a posture that is deployed on Google Cloud by the Security Command + # Center Posture Management service. A posture contains one or more policy sets. + # A policy set is a group of policies that enforce a set of security rules on + # Google Cloud. + # Corresponds to the JSON property `securityPosture` + # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2SecurityPosture] + attr_accessor :security_posture + + # The severity of the finding. This field is managed by the source that writes + # the finding. + # Corresponds to the JSON property `severity` + # @return [String] + attr_accessor :severity + + # Source specific properties. These properties are managed by the source that + # writes the finding. The key names in the source_properties map must be between + # 1 and 255 characters, and must start with a letter and contain alphanumeric + # characters or underscores only. + # Corresponds to the JSON property `sourceProperties` + # @return [Hash<String,Object>] + attr_accessor :source_properties + + # Output only. The state of the finding. + # Corresponds to the JSON property `state` + # @return [String] + attr_accessor :state + + # Refers to common vulnerability fields e.g. cve, cvss, cwe etc. + # Corresponds to the JSON property `vulnerability` + # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Vulnerability] + attr_accessor :vulnerability + + def initialize(**args) + update!(**args) + end + + # Update properties of this object + def update!(**args) + @access = args[:access] if args.key?(:access) + @attack_exposure = args[:attack_exposure] if args.key?(:attack_exposure) + @canonical_name = args[:canonical_name] if args.key?(:canonical_name) + @category = args[:category] if args.key?(:category) + @cloud_dlp_data_profile = args[:cloud_dlp_data_profile] if args.key?(:cloud_dlp_data_profile) + @cloud_dlp_inspection = args[:cloud_dlp_inspection] if args.key?(:cloud_dlp_inspection) + @compliances = args[:compliances] if args.key?(:compliances) + @connections = args[:connections] if args.key?(:connections) + @contacts = args[:contacts] if args.key?(:contacts) + @containers = args[:containers] if args.key?(:containers) + @create_time = args[:create_time] if args.key?(:create_time) + @database = args[:database] if args.key?(:database) + @description = args[:description] if args.key?(:description) + @event_time = args[:event_time] if args.key?(:event_time) + @exfiltration = args[:exfiltration] if args.key?(:exfiltration) + @external_systems = args[:external_systems] if args.key?(:external_systems) + @external_uri = args[:external_uri] if args.key?(:external_uri) + @files = args[:files] if args.key?(:files) + @finding_class = args[:finding_class] if args.key?(:finding_class) + @iam_bindings = args[:iam_bindings] if args.key?(:iam_bindings) + @indicator = args[:indicator] if args.key?(:indicator) + @kernel_rootkit = args[:kernel_rootkit] if args.key?(:kernel_rootkit) + @kubernetes = args[:kubernetes] if args.key?(:kubernetes) + @load_balancers = args[:load_balancers] if args.key?(:load_balancers) + @log_entries = args[:log_entries] if args.key?(:log_entries) + @mitre_attack = args[:mitre_attack] if args.key?(:mitre_attack) + @module_name = args[:module_name] if args.key?(:module_name) + @mute = args[:mute] if args.key?(:mute) + @mute_initiator = args[:mute_initiator] if args.key?(:mute_initiator) + @mute_update_time = args[:mute_update_time] if args.key?(:mute_update_time) + @name = args[:name] if args.key?(:name) + @next_steps = args[:next_steps] if args.key?(:next_steps) + @org_policies = args[:org_policies] if args.key?(:org_policies) + @parent = args[:parent] if args.key?(:parent) + @parent_display_name = args[:parent_display_name] if args.key?(:parent_display_name) + @processes = args[:processes] if args.key?(:processes) + @resource_name = args[:resource_name] if args.key?(:resource_name) + @security_marks = args[:security_marks] if args.key?(:security_marks) + @security_posture = args[:security_posture] if args.key?(:security_posture) + @severity = args[:severity] if args.key?(:severity) + @source_properties = args[:source_properties] if args.key?(:source_properties) + @state = args[:state] if args.key?(:state) + @vulnerability = args[:vulnerability] if args.key?(:vulnerability) + end + end + + # Represents a geographical location for a given access. + class GoogleCloudSecuritycenterV2Geolocation + include Google::Apis::Core::Hashable + + # A CLDR. + # Corresponds to the JSON property `regionCode` + # @return [String] + attr_accessor :region_code + + def initialize(**args) + update!(**args) + end + + # Update properties of this object + def update!(**args) + @region_code = args[:region_code] if args.key?(:region_code) + end + end + # Represents a particular IAM binding, which captures a member's role addition, # removal, or state. + class GoogleCloudSecuritycenterV2IamBinding + include Google::Apis::Core::Hashable + + # The action that was performed on a Binding. + # Corresponds to the JSON property `action` + # @return [String] + attr_accessor :action + + # A single identity requesting access for a Cloud Platform resource, for example, + # "foo@google.com". + # Corresponds to the JSON property `member` + # @return [String] + attr_accessor :member + + # Role that is assigned to "members". For example, "roles/viewer", "roles/editor" + # , or "roles/owner". + # Corresponds to the JSON property `role` + # @return [String] + attr_accessor :role + + def initialize(**args) + update!(**args) + end + + # Update properties of this object + def update!(**args) + @action = args[:action] if args.key?(:action) + @member = args[:member] if args.key?(:member) + @role = args[:role] if args.key?(:role) + end + end + + # Represents what's commonly known as an _indicator of compromise_ (IoC) in + # computer forensics. This is an artifact observed on a network or in an + # operating system that, with high confidence, indicates a computer intrusion. + # For more information, see [Indicator of compromise](https://en.wikipedia.org/ + # wiki/Indicator_of_compromise). + class GoogleCloudSecuritycenterV2Indicator + include Google::Apis::Core::Hashable + + # List of domains associated to the Finding. + # Corresponds to the JSON property `domains` + # @return [Array<String>] + attr_accessor :domains + + # The list of IP addresses that are associated with the finding. + # Corresponds to the JSON property `ipAddresses` + # @return [Array<String>] + attr_accessor :ip_addresses + + # The list of matched signatures indicating that the given process is present in + # the environment. + # Corresponds to the JSON property `signatures` + # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2ProcessSignature>] + attr_accessor :signatures + + # The list of URIs associated to the Findings. + # Corresponds to the JSON property `uris` + # @return [Array<String>] + attr_accessor :uris + + def initialize(**args) + update!(**args) + end + + # Update properties of this object + def update!(**args) + @domains = args[:domains] if args.key?(:domains) + @ip_addresses = args[:ip_addresses] if args.key?(:ip_addresses) + @signatures = args[:signatures] if args.key?(:signatures) + @uris = args[:uris] if args.key?(:uris) + end + end + + # Kernel mode rootkit signatures. + class GoogleCloudSecuritycenterV2KernelRootkit + include Google::Apis::Core::Hashable + + # Rootkit name, when available. + # Corresponds to the JSON property `name` + # @return [String] + attr_accessor :name + + # True if unexpected modifications of kernel code memory are present. + # Corresponds to the JSON property `unexpectedCodeModification` + # @return [Boolean] + attr_accessor :unexpected_code_modification + alias_method :unexpected_code_modification?, :unexpected_code_modification + + # True if `ftrace` points are present with callbacks pointing to regions that + # are not in the expected kernel or module code range. + # Corresponds to the JSON property `unexpectedFtraceHandler` + # @return [Boolean] + attr_accessor :unexpected_ftrace_handler + alias_method :unexpected_ftrace_handler?, :unexpected_ftrace_handler + + # True if interrupt handlers that are are not in the expected kernel or module + # code regions are present. + # Corresponds to the JSON property `unexpectedInterruptHandler` + # @return [Boolean] + attr_accessor :unexpected_interrupt_handler + alias_method :unexpected_interrupt_handler?, :unexpected_interrupt_handler + + # True if kernel code pages that are not in the expected kernel or module code + # regions are present. + # Corresponds to the JSON property `unexpectedKernelCodePages` + # @return [Boolean] + attr_accessor :unexpected_kernel_code_pages + alias_method :unexpected_kernel_code_pages?, :unexpected_kernel_code_pages + + # True if `kprobe` points are present with callbacks pointing to regions that + # are not in the expected kernel or module code range. + # Corresponds to the JSON property `unexpectedKprobeHandler` + # @return [Boolean] + attr_accessor :unexpected_kprobe_handler + alias_method :unexpected_kprobe_handler?, :unexpected_kprobe_handler + + # True if unexpected processes in the scheduler run queue are present. Such + # processes are in the run queue, but not in the process task list. + # Corresponds to the JSON property `unexpectedProcessesInRunqueue` + # @return [Boolean] + attr_accessor :unexpected_processes_in_runqueue + alias_method :unexpected_processes_in_runqueue?, :unexpected_processes_in_runqueue + + # True if unexpected modifications of kernel read-only data memory are present. + # Corresponds to the JSON property `unexpectedReadOnlyDataModification` + # @return [Boolean] + attr_accessor :unexpected_read_only_data_modification + alias_method :unexpected_read_only_data_modification?, :unexpected_read_only_data_modification + + # True if system call handlers that are are not in the expected kernel or module + # code regions are present. + # Corresponds to the JSON property `unexpectedSystemCallHandler` + # @return [Boolean] + attr_accessor :unexpected_system_call_handler + alias_method :unexpected_system_call_handler?, :unexpected_system_call_handler + + def initialize(**args) + update!(**args) + end + + # Update properties of this object + def update!(**args) + @name = args[:name] if args.key?(:name) + @unexpected_code_modification = args[:unexpected_code_modification] if args.key?(:unexpected_code_modification) + @unexpected_ftrace_handler = args[:unexpected_ftrace_handler] if args.key?(:unexpected_ftrace_handler) + @unexpected_interrupt_handler = args[:unexpected_interrupt_handler] if args.key?(:unexpected_interrupt_handler) + @unexpected_kernel_code_pages = args[:unexpected_kernel_code_pages] if args.key?(:unexpected_kernel_code_pages) + @unexpected_kprobe_handler = args[:unexpected_kprobe_handler] if args.key?(:unexpected_kprobe_handler) + @unexpected_processes_in_runqueue = args[:unexpected_processes_in_runqueue] if args.key?(:unexpected_processes_in_runqueue) + @unexpected_read_only_data_modification = args[:unexpected_read_only_data_modification] if args.key?(:unexpected_read_only_data_modification) + @unexpected_system_call_handler = args[:unexpected_system_call_handler] if args.key?(:unexpected_system_call_handler) + end + end + + # Kubernetes-related attributes. + class GoogleCloudSecuritycenterV2Kubernetes + include Google::Apis::Core::Hashable + + # Provides information on any Kubernetes access reviews (privilege checks) + # relevant to the finding. + # Corresponds to the JSON property `accessReviews` + # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2AccessReview>] + attr_accessor :access_reviews + + # Provides Kubernetes role binding information for findings that involve [ + # RoleBindings or ClusterRoleBindings](https://cloud.google.com/kubernetes- + # engine/docs/how-to/role-based-access-control). + # Corresponds to the JSON property `bindings` + # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Binding>] + attr_accessor :bindings + + # GKE [node pools](https://cloud.google.com/kubernetes-engine/docs/concepts/node- + # pools) associated with the finding. This field contains node pool information + # for each node, when it is available. + # Corresponds to the JSON property `nodePools` + # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2NodePool>] + attr_accessor :node_pools + + # Provides Kubernetes [node](https://cloud.google.com/kubernetes-engine/docs/ + # concepts/cluster-architecture#nodes) information. + # Corresponds to the JSON property `nodes` + # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Node>] + attr_accessor :nodes + + # Kubernetes objects related to the finding. + # Corresponds to the JSON property `objects` + # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Object>] + attr_accessor :objects + + # Kubernetes [Pods](https://cloud.google.com/kubernetes-engine/docs/concepts/pod) + # associated with the finding. This field contains Pod records for each + # container that is owned by a Pod. + # Corresponds to the JSON property `pods` + # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Pod>] + attr_accessor :pods + + # Provides Kubernetes role information for findings that involve [Roles or + # ClusterRoles](https://cloud.google.com/kubernetes-engine/docs/how-to/role- + # based-access-control). + # Corresponds to the JSON property `roles` + # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Role>] + attr_accessor :roles + + def initialize(**args) + update!(**args) + end + + # Update properties of this object + def update!(**args) + @access_reviews = args[:access_reviews] if args.key?(:access_reviews) + @bindings = args[:bindings] if args.key?(:bindings) + @node_pools = args[:node_pools] if args.key?(:node_pools) + @nodes = args[:nodes] if args.key?(:nodes) + @objects = args[:objects] if args.key?(:objects) + @pods = args[:pods] if args.key?(:pods) + @roles = args[:roles] if args.key?(:roles) + end + end + + # Represents a generic name-value label. A label has separate name and value + # fields to support filtering with the `contains()` function. For more + # information, see [Filtering on array-type fields](https://cloud.google.com/ + # security-command-center/docs/how-to-api-list-findings#array-contains-filtering) + # . + class GoogleCloudSecuritycenterV2Label + include Google::Apis::Core::Hashable + + # Name of the label. + # Corresponds to the JSON property `name` + # @return [String] + attr_accessor :name + + # Value that corresponds to the label's name. + # Corresponds to the JSON property `value` + # @return [String] + attr_accessor :value + + def initialize(**args) + update!(**args) + end + + # Update properties of this object + def update!(**args) + @name = args[:name] if args.key?(:name) + @value = args[:value] if args.key?(:value) + end + end + + # Contains information related to the load balancer associated with the finding. + class GoogleCloudSecuritycenterV2LoadBalancer + include Google::Apis::Core::Hashable + + # The name of the load balancer associated with the finding. + # Corresponds to the JSON property `name` + # @return [String] + attr_accessor :name + + def initialize(**args) + update!(**args) + end + + # Update properties of this object + def update!(**args) + @name = args[:name] if args.key?(:name) + end + end + + # An individual entry in a log. + class GoogleCloudSecuritycenterV2LogEntry + include Google::Apis::Core::Hashable + + # Metadata taken from a [Cloud Logging LogEntry](https://cloud.google.com/ + # logging/docs/reference/v2/rest/v2/LogEntry) + # Corresponds to the JSON property `cloudLoggingEntry` + # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2CloudLoggingEntry] + attr_accessor :cloud_logging_entry + + def initialize(**args) + update!(**args) + end + + # Update properties of this object + def update!(**args) + @cloud_logging_entry = args[:cloud_logging_entry] if args.key?(:cloud_logging_entry) + end + end + + # A signature corresponding to memory page hashes. + class GoogleCloudSecuritycenterV2MemoryHashSignature + include Google::Apis::Core::Hashable + + # The binary family. + # Corresponds to the JSON property `binaryFamily` + # @return [String] + attr_accessor :binary_family + + # The list of memory hash detections contributing to the binary family match. + # Corresponds to the JSON property `detections` + # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Detection>] + attr_accessor :detections + + def initialize(**args) + update!(**args) + end + + # Update properties of this object + def update!(**args) + @binary_family = args[:binary_family] if args.key?(:binary_family) + @detections = args[:detections] if args.key?(:detections) + end + end + + # MITRE ATT&CK tactics and techniques related to this finding. See: https:// + # attack.mitre.org + class GoogleCloudSecuritycenterV2MitreAttack + include Google::Apis::Core::Hashable + + # Additional MITRE ATT&CK tactics related to this finding, if any. + # Corresponds to the JSON property `additionalTactics` + # @return [Array<String>] + attr_accessor :additional_tactics + + # Additional MITRE ATT&CK techniques related to this finding, if any, along with + # any of their respective parent techniques. + # Corresponds to the JSON property `additionalTechniques` + # @return [Array<String>] + attr_accessor :additional_techniques + + # The MITRE ATT&CK tactic most closely represented by this finding, if any. + # Corresponds to the JSON property `primaryTactic` + # @return [String] + attr_accessor :primary_tactic + + # The MITRE ATT&CK technique most closely represented by this finding, if any. + # primary_techniques is a repeated field because there are multiple levels of + # MITRE ATT&CK techniques. If the technique most closely represented by this + # finding is a sub-technique (e.g. `SCANNING_IP_BLOCKS`), both the sub-technique + # and its parent technique(s) will be listed (e.g. `SCANNING_IP_BLOCKS`, ` + # ACTIVE_SCANNING`). + # Corresponds to the JSON property `primaryTechniques` + # @return [Array<String>] + attr_accessor :primary_techniques + + # The MITRE ATT&CK version referenced by the above fields. E.g. "8". + # Corresponds to the JSON property `version` + # @return [String] + attr_accessor :version + + def initialize(**args) + update!(**args) + end + + # Update properties of this object + def update!(**args) + @additional_tactics = args[:additional_tactics] if args.key?(:additional_tactics) + @additional_techniques = args[:additional_techniques] if args.key?(:additional_techniques) + @primary_tactic = args[:primary_tactic] if args.key?(:primary_tactic) + @primary_techniques = args[:primary_techniques] if args.key?(:primary_techniques) + @version = args[:version] if args.key?(:version) + end + end + + # A mute config is a Cloud SCC resource that contains the configuration to mute + # create/update events of findings. + class GoogleCloudSecuritycenterV2MuteConfig + include Google::Apis::Core::Hashable + + # Output only. The time at which the mute config was created. This field is set + # by the server and will be ignored if provided on config creation. + # Corresponds to the JSON property `createTime` + # @return [String] + attr_accessor :create_time + + # A description of the mute config. + # Corresponds to the JSON property `description` + # @return [String] + attr_accessor :description + + # Required. An expression that defines the filter to apply across create/update + # events of findings. While creating a filter string, be mindful of the scope in + # which the mute configuration is being created. E.g., If a filter contains + # project = X but is created under the project = Y scope, it might not match any + # findings. The following field and operator combinations are supported: * + # severity: `=`, `:` * category: `=`, `:` * resource.name: `=`, `:` * resource. + # project_name: `=`, `:` * resource.project_display_name: `=`, `:` * resource. + # folders.resource_folder: `=`, `:` * resource.parent_name: `=`, `:` * resource. + # parent_display_name: `=`, `:` * resource.type: `=`, `:` * finding_class: `=`, ` + # :` * indicator.ip_addresses: `=`, `:` * indicator.domains: `=`, `:` + # Corresponds to the JSON property `filter` + # @return [String] + attr_accessor :filter + + # Output only. Email address of the user who last edited the mute config. This + # field is set by the server and will be ignored if provided on config creation + # or update. + # Corresponds to the JSON property `mostRecentEditor` + # @return [String] + attr_accessor :most_recent_editor + + # This field will be ignored if provided on config creation. The following list + # shows some examples of the format: + `organizations/`organization`/muteConfigs/ + # `mute_config`` + `organizations/`organization`locations/`location`// + # muteConfigs/`mute_config`` + `folders/`folder`/muteConfigs/`mute_config`` + ` + # folders/`folder`/locations/`location`/muteConfigs/`mute_config`` + `projects/` + # project`/muteConfigs/`mute_config`` + `projects/`project`/locations/`location`/ + # muteConfigs/`mute_config`` + # Corresponds to the JSON property `name` + # @return [String] + attr_accessor :name + + # Output only. The most recent time at which the mute config was updated. This + # field is set by the server and will be ignored if provided on config creation + # or update. + # Corresponds to the JSON property `updateTime` + # @return [String] + attr_accessor :update_time + + def initialize(**args) + update!(**args) + end + + # Update properties of this object + def update!(**args) + @create_time = args[:create_time] if args.key?(:create_time) + @description = args[:description] if args.key?(:description) + @filter = args[:filter] if args.key?(:filter) + @most_recent_editor = args[:most_recent_editor] if args.key?(:most_recent_editor) + @name = args[:name] if args.key?(:name) + @update_time = args[:update_time] if args.key?(:update_time) + end + end + + # Kubernetes nodes associated with the finding. + class GoogleCloudSecuritycenterV2Node + include Google::Apis::Core::Hashable + + # [Full resource name](https://google.aip.dev/122#full-resource-names) of the + # Compute Engine VM running the cluster node. + # Corresponds to the JSON property `name` + # @return [String] + attr_accessor :name + + def initialize(**args) + update!(**args) + end + + # Update properties of this object + def update!(**args) + @name = args[:name] if args.key?(:name) + end + end + + # Provides GKE node pool information. + class GoogleCloudSecuritycenterV2NodePool + include Google::Apis::Core::Hashable + + # Kubernetes node pool name. + # Corresponds to the JSON property `name` + # @return [String] + attr_accessor :name + + # Nodes associated with the finding. + # Corresponds to the JSON property `nodes` + # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Node>] + attr_accessor :nodes + + def initialize(**args) + update!(**args) + end + + # Update properties of this object + def update!(**args) + @name = args[:name] if args.key?(:name) + @nodes = args[:nodes] if args.key?(:nodes) + end + end + + # Cloud SCC's Notification + class GoogleCloudSecuritycenterV2NotificationMessage + include Google::Apis::Core::Hashable + + # Security Command Center finding. A finding is a record of assessment data like + # security, risk, health, or privacy, that is ingested into Security Command + # Center for presentation, notification, analysis, policy testing, and + # enforcement. For example, a cross-site scripting (XSS) vulnerability in an App + # Engine application is a finding. + # Corresponds to the JSON property `finding` + # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Finding] + attr_accessor :finding + + # Name of the notification config that generated current notification. + # Corresponds to the JSON property `notificationConfigName` + # @return [String] + attr_accessor :notification_config_name + + # Information related to the Google Cloud resource. + # Corresponds to the JSON property `resource` + # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Resource] + attr_accessor :resource + + def initialize(**args) + update!(**args) + end + + # Update properties of this object + def update!(**args) + @finding = args[:finding] if args.key?(:finding) + @notification_config_name = args[:notification_config_name] if args.key?(:notification_config_name) + @resource = args[:resource] if args.key?(:resource) + end + end + + # Kubernetes object related to the finding, uniquely identified by GKNN. Used if + # the object Kind is not one of Pod, Node, NodePool, Binding, or AccessReview. + class GoogleCloudSecuritycenterV2Object + include Google::Apis::Core::Hashable + + # Pod containers associated with this finding, if any. + # Corresponds to the JSON property `containers` + # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Container>] + attr_accessor :containers + + # Kubernetes object group, such as "policy.k8s.io/v1". + # Corresponds to the JSON property `group` + # @return [String] + attr_accessor :group + + # Kubernetes object kind, such as "Namespace". + # Corresponds to the JSON property `kind` + # @return [String] + attr_accessor :kind + + # Kubernetes object name. For details see https://kubernetes.io/docs/concepts/ + # overview/working-with-objects/names/. + # Corresponds to the JSON property `name` + # @return [String] + attr_accessor :name + + # Kubernetes object namespace. Must be a valid DNS label. Named "ns" to avoid + # collision with C++ namespace keyword. For details see https://kubernetes.io/ + # docs/tasks/administer-cluster/namespaces/. + # Corresponds to the JSON property `ns` + # @return [String] + attr_accessor :ns + + def initialize(**args) + update!(**args) + end + + # Update properties of this object + def update!(**args) + @containers = args[:containers] if args.key?(:containers) + @group = args[:group] if args.key?(:group) + @kind = args[:kind] if args.key?(:kind) + @name = args[:name] if args.key?(:name) + @ns = args[:ns] if args.key?(:ns) + end + end + + # Contains information about the org policies associated with the finding. + class GoogleCloudSecuritycenterV2OrgPolicy + include Google::Apis::Core::Hashable + + # The resource name of the org policy. Example: "organizations/`organization_id`/ + # policies/`constraint_name`" + # Corresponds to the JSON property `name` + # @return [String] + attr_accessor :name + + def initialize(**args) + update!(**args) + end + + # Update properties of this object + def update!(**args) + @name = args[:name] if args.key?(:name) + end + end + + # A Kubernetes Pod. + class GoogleCloudSecuritycenterV2Pod + include Google::Apis::Core::Hashable + + # Pod containers associated with this finding, if any. + # Corresponds to the JSON property `containers` + # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Container>] + attr_accessor :containers + + # Pod labels. For Kubernetes containers, these are applied to the container. + # Corresponds to the JSON property `labels` + # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Label>] + attr_accessor :labels + + # Kubernetes Pod name. + # Corresponds to the JSON property `name` + # @return [String] + attr_accessor :name + + # Kubernetes Pod namespace. + # Corresponds to the JSON property `ns` + # @return [String] + attr_accessor :ns + + def initialize(**args) + update!(**args) + end + + # Update properties of this object + def update!(**args) + @containers = args[:containers] if args.key?(:containers) + @labels = args[:labels] if args.key?(:labels) + @name = args[:name] if args.key?(:name) + @ns = args[:ns] if args.key?(:ns) + end + end + + # Represents an operating system process. + class GoogleCloudSecuritycenterV2Process + include Google::Apis::Core::Hashable + + # Process arguments as JSON encoded strings. + # Corresponds to the JSON property `args` + # @return [Array<String>] + attr_accessor :args + + # True if `args` is incomplete. + # Corresponds to the JSON property `argumentsTruncated` + # @return [Boolean] + attr_accessor :arguments_truncated + alias_method :arguments_truncated?, :arguments_truncated + + # File information about the related binary/library used by an executable, or + # the script used by a script interpreter + # Corresponds to the JSON property `binary` + # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2File] + attr_accessor :binary + + # Process environment variables. + # Corresponds to the JSON property `envVariables` + # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2EnvironmentVariable>] + attr_accessor :env_variables + + # True if `env_variables` is incomplete. + # Corresponds to the JSON property `envVariablesTruncated` + # @return [Boolean] + attr_accessor :env_variables_truncated + alias_method :env_variables_truncated?, :env_variables_truncated + + # File information for libraries loaded by the process. + # Corresponds to the JSON property `libraries` + # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2File>] + attr_accessor :libraries + + # The process name, as displayed in utilities like `top` and `ps`. This name can + # be accessed through `/proc/[pid]/comm` and changed with `prctl(PR_SET_NAME)`. + # Corresponds to the JSON property `name` + # @return [String] + attr_accessor :name + + # The parent process ID. + # Corresponds to the JSON property `parentPid` + # @return [Fixnum] + attr_accessor :parent_pid + + # The process ID. + # Corresponds to the JSON property `pid` + # @return [Fixnum] + attr_accessor :pid + + # File information about the related binary/library used by an executable, or + # the script used by a script interpreter + # Corresponds to the JSON property `script` + # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2File] + attr_accessor :script + + def initialize(**args) + update!(**args) + end + + # Update properties of this object + def update!(**args) + @args = args[:args] if args.key?(:args) + @arguments_truncated = args[:arguments_truncated] if args.key?(:arguments_truncated) + @binary = args[:binary] if args.key?(:binary) + @env_variables = args[:env_variables] if args.key?(:env_variables) + @env_variables_truncated = args[:env_variables_truncated] if args.key?(:env_variables_truncated) + @libraries = args[:libraries] if args.key?(:libraries) + @name = args[:name] if args.key?(:name) + @parent_pid = args[:parent_pid] if args.key?(:parent_pid) + @pid = args[:pid] if args.key?(:pid) + @script = args[:script] if args.key?(:script) + end + end + + # Indicates what signature matched this process. + class GoogleCloudSecuritycenterV2ProcessSignature + include Google::Apis::Core::Hashable + + # A signature corresponding to memory page hashes. + # Corresponds to the JSON property `memoryHashSignature` + # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2MemoryHashSignature] + attr_accessor :memory_hash_signature + + # A signature corresponding to a YARA rule. + # Corresponds to the JSON property `yaraRuleSignature` + # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2YaraRuleSignature] + attr_accessor :yara_rule_signature + + def initialize(**args) + update!(**args) + end + + # Update properties of this object + def update!(**args) + @memory_hash_signature = args[:memory_hash_signature] if args.key?(:memory_hash_signature) + @yara_rule_signature = args[:yara_rule_signature] if args.key?(:yara_rule_signature) + end + end + + # Additional Links + class GoogleCloudSecuritycenterV2Reference + include Google::Apis::Core::Hashable + + # Source of the reference e.g. NVD + # Corresponds to the JSON property `source` + # @return [String] + attr_accessor :source + + # Uri for the mentioned source e.g. https://cve.mitre.org/cgi-bin/cvename.cgi? + # name=CVE-2021-34527. + # Corresponds to the JSON property `uri` + # @return [String] + attr_accessor :uri + + def initialize(**args) + update!(**args) + end + + # Update properties of this object + def update!(**args) + @source = args[:source] if args.key?(:source) + @uri = args[:uri] if args.key?(:uri) + end + end + + # Information related to the Google Cloud resource. + class GoogleCloudSecuritycenterV2Resource + include Google::Apis::Core::Hashable + + # The human readable name of the resource. + # Corresponds to the JSON property `displayName` + # @return [String] + attr_accessor :display_name + + # The full resource name of the resource. See: https://cloud.google.com/apis/ + # design/resource_names#full_resource_name + # Corresponds to the JSON property `name` + # @return [String] + attr_accessor :name + + # The full resource type of the resource. + # Corresponds to the JSON property `type` + # @return [String] + attr_accessor :type + + def initialize(**args) + update!(**args) + end + + # Update properties of this object + def update!(**args) + @display_name = args[:display_name] if args.key?(:display_name) + @name = args[:name] if args.key?(:name) + @type = args[:type] if args.key?(:type) + end + end + + # A resource value config (RVC) is a mapping configuration of user's resources + # to resource values. Used in Attack path simulations. + class GoogleCloudSecuritycenterV2ResourceValueConfig + include Google::Apis::Core::Hashable + + # Output only. Timestamp this resource value config was created. + # Corresponds to the JSON property `createTime` + # @return [String] + attr_accessor :create_time + + # Description of the resource value config. + # Corresponds to the JSON property `description` + # @return [String] + attr_accessor :description + + # Name for the resource value config + # Corresponds to the JSON property `name` + # @return [String] + attr_accessor :name + + # List of resource labels to search for, evaluated with AND. E.g. " + # resource_labels_selector": `"key": "value", "env": "prod"` will match + # resources with labels "key": "value" AND "env": "prod" https://cloud.google. + # com/resource-manager/docs/creating-managing-labels + # Corresponds to the JSON property `resourceLabelsSelector` + # @return [Hash<String,String>] + attr_accessor :resource_labels_selector + + # Apply resource_value only to resources that match resource_type. resource_type + # will be checked with "AND" of other resources. E.g. "storage.googleapis.com/ + # Bucket" with resource_value "HIGH" will apply "HIGH" value only to "storage. + # googleapis.com/Bucket" resources. + # Corresponds to the JSON property `resourceType` + # @return [String] + attr_accessor :resource_type + + # Required. Resource value level this expression represents + # Corresponds to the JSON property `resourceValue` + # @return [String] + attr_accessor :resource_value + + # Project or folder to scope this config to. For example, "project/456" would + # apply this config only to resources in "project/456" scope will be checked + # with "AND" of other resources. + # Corresponds to the JSON property `scope` + # @return [String] + attr_accessor :scope + + # Required. Tag values combined with AND to check against. Values in the form " + # tagValues/123" E.g. [ "tagValues/123", "tagValues/456", "tagValues/789" ] + # https://cloud.google.com/resource-manager/docs/tags/tags-creating-and-managing + # Corresponds to the JSON property `tagValues` + # @return [Array<String>] + attr_accessor :tag_values + + # Output only. Timestamp this resource value config was last updated. + # Corresponds to the JSON property `updateTime` + # @return [String] + attr_accessor :update_time + + def initialize(**args) + update!(**args) + end + + # Update properties of this object + def update!(**args) + @create_time = args[:create_time] if args.key?(:create_time) + @description = args[:description] if args.key?(:description) + @name = args[:name] if args.key?(:name) + @resource_labels_selector = args[:resource_labels_selector] if args.key?(:resource_labels_selector) + @resource_type = args[:resource_type] if args.key?(:resource_type) + @resource_value = args[:resource_value] if args.key?(:resource_value) + @scope = args[:scope] if args.key?(:scope) + @tag_values = args[:tag_values] if args.key?(:tag_values) + @update_time = args[:update_time] if args.key?(:update_time) + end + end + + # Kubernetes Role or ClusterRole. + class GoogleCloudSecuritycenterV2Role + include Google::Apis::Core::Hashable + + # Role type. + # Corresponds to the JSON property `kind` + # @return [String] + attr_accessor :kind + + # Role name. + # Corresponds to the JSON property `name` + # @return [String] + attr_accessor :name + + # Role namespace. + # Corresponds to the JSON property `ns` + # @return [String] + attr_accessor :ns + + def initialize(**args) + update!(**args) + end + + # Update properties of this object + def update!(**args) + @kind = args[:kind] if args.key?(:kind) + @name = args[:name] if args.key?(:name) + @ns = args[:ns] if args.key?(:ns) + end + end + + # User specified security marks that are attached to the parent Security Command + # Center resource. Security marks are scoped within a Security Command Center + # organization -- they can be modified and viewed by all users who have proper + # permissions on the organization. + class GoogleCloudSecuritycenterV2SecurityMarks + include Google::Apis::Core::Hashable + + # The canonical name of the marks. The following list shows some examples: + ` + # organizations/`organization_id`/assets/`asset_id`/securityMarks" + ` + # organizations/`organization_id`/sources/`source_id`/findings/`finding_id`/ + # securityMarks" + `organizations/`organization_id`/sources/`source_id`/ + # locations/`location`/findings/`finding_id`/securityMarks" + `folders/` + # folder_id`/assets/`asset_id`/securityMarks" + `folders/`folder_id`/sources/` + # source_id`/findings/`finding_id`/securityMarks" + `folders/`folder_id`/sources/ + # `source_id`/locations/`location`/findings/`finding_id`/securityMarks" + ` + # projects/`project_number`/assets/`asset_id`/securityMarks" + `projects/` + # project_number`/sources/`source_id`/findings/`finding_id`/securityMarks" + ` + # projects/`project_number`/sources/`source_id`/locations/`location`/findings/` + # finding_id`/securityMarks" + # Corresponds to the JSON property `canonicalName` + # @return [String] + attr_accessor :canonical_name + + # Mutable user specified security marks belonging to the parent resource. + # Constraints are as follows: * Keys and values are treated as case insensitive * + # Keys must be between 1 - 256 characters (inclusive) * Keys must be letters, + # numbers, underscores, or dashes * Values have leading and trailing whitespace + # trimmed, remaining characters must be between 1 - 4096 characters (inclusive) + # Corresponds to the JSON property `marks` + # @return [Hash<String,String>] + attr_accessor :marks + + # The relative resource name of the SecurityMarks. See: https://cloud.google.com/ + # apis/design/resource_names#relative_resource_name The following list shows + # some examples: + `organizations/`organization_id`/assets/`asset_id`/ + # securityMarks` + `organizations/`organization_id`/sources/`source_id`/findings/ + # `finding_id`/securityMarks` + `organizations/`organization_id`/sources/` + # source_id`/locations/`location`/findings/`finding_id`/securityMarks` + # Corresponds to the JSON property `name` + # @return [String] + attr_accessor :name + + def initialize(**args) + update!(**args) + end + + # Update properties of this object + def update!(**args) + @canonical_name = args[:canonical_name] if args.key?(:canonical_name) + @marks = args[:marks] if args.key?(:marks) + @name = args[:name] if args.key?(:name) + end + end + + # Represents a posture that is deployed on Google Cloud by the Security Command + # Center Posture Management service. A posture contains one or more policy sets. + # A policy set is a group of policies that enforce a set of security rules on + # Google Cloud. + class GoogleCloudSecuritycenterV2SecurityPosture + include Google::Apis::Core::Hashable + + # The name of the policy that has been updated, for example, `projects/` + # project_id`/policies/`constraint_name``. + # Corresponds to the JSON property `changedPolicy` + # @return [String] + attr_accessor :changed_policy + + # Name of the posture, for example, `organizations/`org_id`/locations/`location`/ + # postures/`posture_name``. + # Corresponds to the JSON property `name` + # @return [String] + attr_accessor :name + + # The name of the posture deployment, for example, `projects/`project_id`/ + # posturedeployments/`posture_deployment_id``. + # Corresponds to the JSON property `postureDeployment` + # @return [String] + attr_accessor :posture_deployment + + # The project, folder, or organization on which the posture is deployed, for + # example, `projects/`project_id``. + # Corresponds to the JSON property `postureDeploymentResource` + # @return [String] + attr_accessor :posture_deployment_resource + + # The version of the posture, for example, `c7cfa2a8`. + # Corresponds to the JSON property `revisionId` + # @return [String] + attr_accessor :revision_id + + def initialize(**args) + update!(**args) + end + + # Update properties of this object + def update!(**args) + @changed_policy = args[:changed_policy] if args.key?(:changed_policy) + @name = args[:name] if args.key?(:name) + @posture_deployment = args[:posture_deployment] if args.key?(:posture_deployment) + @posture_deployment_resource = args[:posture_deployment_resource] if args.key?(:posture_deployment_resource) + @revision_id = args[:revision_id] if args.key?(:revision_id) + end + end + + # Identity delegation history of an authenticated service account. + class GoogleCloudSecuritycenterV2ServiceAccountDelegationInfo + include Google::Apis::Core::Hashable + + # The email address of a Google account. + # Corresponds to the JSON property `principalEmail` + # @return [String] + attr_accessor :principal_email + + # A string representing the principal_subject associated with the identity. As + # compared to `principal_email`, supports principals that aren't associated with + # email addresses, such as third party principals. For most identities, the + # format will be `principal://iam.googleapis.com/`identity pool name`/subjects/` + # subject`` except for some GKE identities (GKE_WORKLOAD, FREEFORM, + # GKE_HUB_WORKLOAD) that are still in the legacy format `serviceAccount:` + # identity pool name`[`subject`]` + # Corresponds to the JSON property `principalSubject` + # @return [String] + attr_accessor :principal_subject + + def initialize(**args) + update!(**args) + end + + # Update properties of this object + def update!(**args) + @principal_email = args[:principal_email] if args.key?(:principal_email) + @principal_subject = args[:principal_subject] if args.key?(:principal_subject) + end + end + + # Represents a Kubernetes subject. + class GoogleCloudSecuritycenterV2Subject + include Google::Apis::Core::Hashable + + # Authentication type for the subject. + # Corresponds to the JSON property `kind` + # @return [String] + attr_accessor :kind + + # Name for the subject. + # Corresponds to the JSON property `name` + # @return [String] + attr_accessor :name + + # Namespace for the subject. + # Corresponds to the JSON property `ns` + # @return [String] + attr_accessor :ns + + def initialize(**args) + update!(**args) + end + + # Update properties of this object + def update!(**args) + @kind = args[:kind] if args.key?(:kind) + @name = args[:name] if args.key?(:name) + @ns = args[:ns] if args.key?(:ns) + end + end + + # Refers to common vulnerability fields e.g. cve, cvss, cwe etc. + class GoogleCloudSecuritycenterV2Vulnerability + include Google::Apis::Core::Hashable + + # CVE stands for Common Vulnerabilities and Exposures. More information: https:// + # cve.mitre.org + # Corresponds to the JSON property `cve` + # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Cve] + attr_accessor :cve + + def initialize(**args) + update!(**args) + end + + # Update properties of this object + def update!(**args) + @cve = args[:cve] if args.key?(:cve) + end + end + + # A signature corresponding to a YARA rule. + class GoogleCloudSecuritycenterV2YaraRuleSignature + include Google::Apis::Core::Hashable + + # The name of the YARA rule. + # Corresponds to the JSON property `yaraRule` + # @return [String] + attr_accessor :yara_rule + + def initialize(**args) + update!(**args) + end + + # Update properties of this object + def update!(**args) + @yara_rule = args[:yara_rule] if args.key?(:yara_rule) + end + end + + # Represents a particular IAM binding, which captures a member's role addition, + # removal, or state. class IamBinding include Google::Apis::Core::Hashable # The action that was performed on a Binding. # Corresponds to the JSON property `action` @@ -2947,10 +5509,10 @@ # Kubernetes object group, such as "policy.k8s.io/v1". # Corresponds to the JSON property `group` # @return [String] attr_accessor :group - # Kubernetes object kind, such as “Namespace”. + # Kubernetes object kind, such as "Namespace". # Corresponds to the JSON property `kind` # @return [String] attr_accessor :kind # Kubernetes object name. For details see https://kubernetes.io/docs/concepts/