lib/google/apis/securitycenter_v1beta2/classes.rb in google-apis-securitycenter_v1beta2-0.71.0 vs lib/google/apis/securitycenter_v1beta2/classes.rb in google-apis-securitycenter_v1beta2-0.72.0
- old
+ new
@@ -491,26 +491,37 @@
# Represents an Azure subscription.
# Corresponds to the JSON property `subscription`
# @return [Google::Apis::SecuritycenterV1beta2::AzureSubscription]
attr_accessor :subscription
+ # Represents a Microsoft Entra tenant.
+ # Corresponds to the JSON property `tenant`
+ # @return [Google::Apis::SecuritycenterV1beta2::AzureTenant]
+ attr_accessor :tenant
+
def initialize(**args)
update!(**args)
end
# Update properties of this object
def update!(**args)
@management_groups = args[:management_groups] if args.key?(:management_groups)
@resource_group = args[:resource_group] if args.key?(:resource_group)
@subscription = args[:subscription] if args.key?(:subscription)
+ @tenant = args[:tenant] if args.key?(:tenant)
end
end
# Represents an Azure resource group.
class AzureResourceGroup
include Google::Apis::Core::Hashable
+ # The ID of the Azure resource group.
+ # Corresponds to the JSON property `id`
+ # @return [String]
+ attr_accessor :id
+
# The name of the Azure resource group. This is not a UUID.
# Corresponds to the JSON property `name`
# @return [String]
attr_accessor :name
@@ -518,10 +529,11 @@
update!(**args)
end
# Update properties of this object
def update!(**args)
+ @id = args[:id] if args.key?(:id)
@name = args[:name] if args.key?(:name)
end
end
# Represents an Azure subscription.
@@ -548,10 +560,36 @@
@display_name = args[:display_name] if args.key?(:display_name)
@id = args[:id] if args.key?(:id)
end
end
+ # Represents a Microsoft Entra tenant.
+ class AzureTenant
+ include Google::Apis::Core::Hashable
+
+ # The display name of the Azure tenant.
+ # Corresponds to the JSON property `displayName`
+ # @return [String]
+ attr_accessor :display_name
+
+ # The ID of the Microsoft Entra tenant, for example, "a11aaa11-aa11-1aa1-11aa-
+ # 1aaa11a".
+ # Corresponds to the JSON property `id`
+ # @return [String]
+ attr_accessor :id
+
+ def initialize(**args)
+ update!(**args)
+ end
+
+ # Update properties of this object
+ def update!(**args)
+ @display_name = args[:display_name] if args.key?(:display_name)
+ @id = args[:id] if args.key?(:id)
+ end
+ end
+
# Information related to Google Cloud Backup and DR Service findings.
class BackupDisasterRecovery
include Google::Apis::Core::Hashable
# The name of the Backup and DR appliance that captures, moves, and manages the
@@ -1120,15 +1158,25 @@
# Common Vulnerability Scoring System version 3.
# Corresponds to the JSON property `cvssv3`
# @return [Google::Apis::SecuritycenterV1beta2::Cvssv3]
attr_accessor :cvssv3
+ # Date the first publicly available exploit or PoC was released.
+ # Corresponds to the JSON property `exploitReleaseDate`
+ # @return [String]
+ attr_accessor :exploit_release_date
+
# The exploitation activity of the vulnerability in the wild.
# Corresponds to the JSON property `exploitationActivity`
# @return [String]
attr_accessor :exploitation_activity
+ # Date of the earliest known exploitation.
+ # Corresponds to the JSON property `firstExploitationDate`
+ # @return [String]
+ attr_accessor :first_exploitation_date
+
# The unique identifier for the vulnerability. e.g. CVE-2021-34527
# Corresponds to the JSON property `id`
# @return [String]
attr_accessor :id
@@ -1166,11 +1214,13 @@
end
# Update properties of this object
def update!(**args)
@cvssv3 = args[:cvssv3] if args.key?(:cvssv3)
+ @exploit_release_date = args[:exploit_release_date] if args.key?(:exploit_release_date)
@exploitation_activity = args[:exploitation_activity] if args.key?(:exploitation_activity)
+ @first_exploitation_date = args[:first_exploitation_date] if args.key?(:first_exploitation_date)
@id = args[:id] if args.key?(:id)
@impact = args[:impact] if args.key?(:impact)
@observed_in_the_wild = args[:observed_in_the_wild] if args.key?(:observed_in_the_wild)
@references = args[:references] if args.key?(:references)
@upstream_fix_available = args[:upstream_fix_available] if args.key?(:upstream_fix_available)
@@ -1253,10 +1303,95 @@
@scope = args[:scope] if args.key?(:scope)
@user_interaction = args[:user_interaction] if args.key?(:user_interaction)
end
end
+ # Details about a data access attempt made by a principal not authorized under
+ # applicable data security policy.
+ class DataAccessEvent
+ include Google::Apis::Core::Hashable
+
+ # Unique identifier for data access event.
+ # Corresponds to the JSON property `eventId`
+ # @return [String]
+ attr_accessor :event_id
+
+ # Timestamp of data access event.
+ # Corresponds to the JSON property `eventTime`
+ # @return [String]
+ attr_accessor :event_time
+
+ # The operation performed by the principal to access the data.
+ # Corresponds to the JSON property `operation`
+ # @return [String]
+ attr_accessor :operation
+
+ # The email address of the principal that accessed the data. The principal could
+ # be a user account, service account, Google group, or other.
+ # Corresponds to the JSON property `principalEmail`
+ # @return [String]
+ attr_accessor :principal_email
+
+ def initialize(**args)
+ update!(**args)
+ end
+
+ # Update properties of this object
+ def update!(**args)
+ @event_id = args[:event_id] if args.key?(:event_id)
+ @event_time = args[:event_time] if args.key?(:event_time)
+ @operation = args[:operation] if args.key?(:operation)
+ @principal_email = args[:principal_email] if args.key?(:principal_email)
+ end
+ end
+
+ # Details about a data flow event, in which either the data is moved to or is
+ # accessed from a non-compliant geo-location, as defined in the applicable data
+ # security policy.
+ class DataFlowEvent
+ include Google::Apis::Core::Hashable
+
+ # Unique identifier for data flow event.
+ # Corresponds to the JSON property `eventId`
+ # @return [String]
+ attr_accessor :event_id
+
+ # Timestamp of data flow event.
+ # Corresponds to the JSON property `eventTime`
+ # @return [String]
+ attr_accessor :event_time
+
+ # The operation performed by the principal for the data flow event.
+ # Corresponds to the JSON property `operation`
+ # @return [String]
+ attr_accessor :operation
+
+ # The email address of the principal that initiated the data flow event. The
+ # principal could be a user account, service account, Google group, or other.
+ # Corresponds to the JSON property `principalEmail`
+ # @return [String]
+ attr_accessor :principal_email
+
+ # Non-compliant location of the principal or the data destination.
+ # Corresponds to the JSON property `violatedLocation`
+ # @return [String]
+ attr_accessor :violated_location
+
+ def initialize(**args)
+ update!(**args)
+ end
+
+ # Update properties of this object
+ def update!(**args)
+ @event_id = args[:event_id] if args.key?(:event_id)
+ @event_time = args[:event_time] if args.key?(:event_time)
+ @operation = args[:operation] if args.key?(:operation)
+ @principal_email = args[:principal_email] if args.key?(:principal_email)
+ @violated_location = args[:violated_location] if args.key?(:violated_location)
+ end
+ end
+
# Represents database access information, such as queries. A database may be a
# sub-resource of an instance (as in the case of Cloud SQL instances or Cloud
# Spanner instances), or the database instance itself. Some database resources
# might not have the [full resource name](https://google.aip.dev/122#full-
# resource-names) populated because these resource types, such as Cloud SQL
@@ -1372,10 +1507,30 @@
@binary = args[:binary] if args.key?(:binary)
@percent_pages_matched = args[:percent_pages_matched] if args.key?(:percent_pages_matched)
end
end
+ # Contains information about the disk associated with the finding.
+ class Disk
+ include Google::Apis::Core::Hashable
+
+ # The name of the disk, for example, "https://www.googleapis.com/compute/v1/
+ # projects/project-id/zones/zone-id/disks/disk-id".
+ # Corresponds to the JSON property `name`
+ # @return [String]
+ attr_accessor :name
+
+ def initialize(**args)
+ update!(**args)
+ end
+
+ # Update properties of this object
+ def update!(**args)
+ @name = args[:name] if args.key?(:name)
+ end
+ end
+
# Path of the file in terms of underlying disk/partition identifiers.
class DiskPath
include Google::Apis::Core::Hashable
# UUID of the partition (format https://wiki.archlinux.org/title/
@@ -1399,10 +1554,37 @@
@partition_uuid = args[:partition_uuid] if args.key?(:partition_uuid)
@relative_path = args[:relative_path] if args.key?(:relative_path)
end
end
+ # The record of a dynamic mute rule that matches the finding.
+ class DynamicMuteRecord
+ include Google::Apis::Core::Hashable
+
+ # When the dynamic mute rule first matched the finding.
+ # Corresponds to the JSON property `matchTime`
+ # @return [String]
+ attr_accessor :match_time
+
+ # The relative resource name of the mute rule, represented by a mute config,
+ # that created this record, for example `organizations/123/muteConfigs/
+ # mymuteconfig` or `organizations/123/locations/global/muteConfigs/mymuteconfig`.
+ # Corresponds to the JSON property `muteConfig`
+ # @return [String]
+ attr_accessor :mute_config
+
+ def initialize(**args)
+ update!(**args)
+ end
+
+ # Update properties of this object
+ def update!(**args)
+ @match_time = args[:match_time] if args.key?(:match_time)
+ @mute_config = args[:mute_config] if args.key?(:mute_config)
+ end
+ end
+
# A name-value pair representing an environment variable used in an operating
# system process.
class EnvironmentVariable
include Google::Apis::Core::Hashable
@@ -1739,10 +1921,20 @@
# The time at which the finding was created in Security Command Center.
# Corresponds to the JSON property `createTime`
# @return [String]
attr_accessor :create_time
+ # Data access events associated with the finding.
+ # Corresponds to the JSON property `dataAccessEvents`
+ # @return [Array<Google::Apis::SecuritycenterV1beta2::DataAccessEvent>]
+ attr_accessor :data_access_events
+
+ # Data flow events associated with the finding.
+ # Corresponds to the JSON property `dataFlowEvents`
+ # @return [Array<Google::Apis::SecuritycenterV1beta2::DataFlowEvent>]
+ attr_accessor :data_flow_events
+
# Represents database access information, such as queries. A database may be a
# sub-resource of an instance (as in the case of Cloud SQL instances or Cloud
# Spanner instances), or the database instance itself. Some database resources
# might not have the [full resource name](https://google.aip.dev/122#full-
# resource-names) populated because these resource types, such as Cloud SQL
@@ -1755,10 +1947,15 @@
# Contains more details about the finding.
# Corresponds to the JSON property `description`
# @return [String]
attr_accessor :description
+ # Contains information about the disk associated with the finding.
+ # Corresponds to the JSON property `disk`
+ # @return [Google::Apis::SecuritycenterV1beta2::Disk]
+ attr_accessor :disk
+
# The time the finding was first detected. If an existing finding is updated,
# then this is the time the update occurred. For example, if the finding
# represents an open firewall, this property captures the time the detector
# believes the firewall became open. The accuracy is determined by the detector.
# If the finding is later resolved, then this time reflects when the finding was
@@ -1856,10 +2053,16 @@
# value of mute.
# Corresponds to the JSON property `mute`
# @return [String]
attr_accessor :mute
+ # Mute information about the finding, including whether the finding has a static
+ # mute or any matching dynamic mute rules.
+ # Corresponds to the JSON property `muteInfo`
+ # @return [Google::Apis::SecuritycenterV1beta2::MuteInfo]
+ attr_accessor :mute_info
+
# Records additional information about the mute operation, for example, the [
# mute configuration](/security-command-center/docs/how-to-mute-findings) that
# muted the finding and the user who muted the finding.
# Corresponds to the JSON property `muteInitiator`
# @return [String]
@@ -1989,12 +2192,15 @@
@compliances = args[:compliances] if args.key?(:compliances)
@connections = args[:connections] if args.key?(:connections)
@contacts = args[:contacts] if args.key?(:contacts)
@containers = args[:containers] if args.key?(:containers)
@create_time = args[:create_time] if args.key?(:create_time)
+ @data_access_events = args[:data_access_events] if args.key?(:data_access_events)
+ @data_flow_events = args[:data_flow_events] if args.key?(:data_flow_events)
@database = args[:database] if args.key?(:database)
@description = args[:description] if args.key?(:description)
+ @disk = args[:disk] if args.key?(:disk)
@event_time = args[:event_time] if args.key?(:event_time)
@exfiltration = args[:exfiltration] if args.key?(:exfiltration)
@external_systems = args[:external_systems] if args.key?(:external_systems)
@external_uri = args[:external_uri] if args.key?(:external_uri)
@files = args[:files] if args.key?(:files)
@@ -2007,10 +2213,11 @@
@load_balancers = args[:load_balancers] if args.key?(:load_balancers)
@log_entries = args[:log_entries] if args.key?(:log_entries)
@mitre_attack = args[:mitre_attack] if args.key?(:mitre_attack)
@module_name = args[:module_name] if args.key?(:module_name)
@mute = args[:mute] if args.key?(:mute)
+ @mute_info = args[:mute_info] if args.key?(:mute_info)
@mute_initiator = args[:mute_initiator] if args.key?(:mute_initiator)
@mute_update_time = args[:mute_update_time] if args.key?(:mute_update_time)
@name = args[:name] if args.key?(:name)
@next_steps = args[:next_steps] if args.key?(:next_steps)
@notebook = args[:notebook] if args.key?(:notebook)
@@ -2365,10 +2572,15 @@
# enablement_state for the module in all child folders or projects is also `
# enabled`. EffectiveSecurityHealthAnalyticsCustomModule is read-only.
class GoogleCloudSecuritycenterV1EffectiveSecurityHealthAnalyticsCustomModule
include Google::Apis::Core::Hashable
+ # The cloud provider of the custom module.
+ # Corresponds to the JSON property `cloudProvider`
+ # @return [String]
+ attr_accessor :cloud_provider
+
# Defines the properties in a custom module configuration for Security Health
# Analytics. Use the custom module configuration to create custom detectors that
# generate custom findings for resources that you specify.
# Corresponds to the JSON property `customConfig`
# @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV1CustomConfig]
@@ -2401,10 +2613,11 @@
update!(**args)
end
# Update properties of this object
def update!(**args)
+ @cloud_provider = args[:cloud_provider] if args.key?(:cloud_provider)
@custom_config = args[:custom_config] if args.key?(:custom_config)
@display_name = args[:display_name] if args.key?(:display_name)
@enablement_state = args[:enablement_state] if args.key?(:enablement_state)
@name = args[:name] if args.key?(:name)
end
@@ -2514,10 +2727,16 @@
# The human readable name to be displayed for the mute config.
# Corresponds to the JSON property `displayName`
# @return [String]
attr_accessor :display_name
+ # Optional. The expiry of the mute config. Only applicable for dynamic configs.
+ # If the expiry is set, when the config expires, it is removed from all findings.
+ # Corresponds to the JSON property `expiryTime`
+ # @return [String]
+ attr_accessor :expiry_time
+
# Required. An expression that defines the filter to apply across create/update
# events of findings. While creating a filter string, be mindful of the scope in
# which the mute configuration is being created. E.g., If a filter contains
# project = X but is created under the project = Y scope, it might not match any
# findings. The following field and operator combinations are supported: *
@@ -2545,10 +2764,18 @@
# project`/locations/global/muteConfigs/`mute_config``
# Corresponds to the JSON property `name`
# @return [String]
attr_accessor :name
+ # Optional. The type of the mute config, which determines what type of mute
+ # state the config affects. The static mute state takes precedence over the
+ # dynamic mute state. Immutable after creation. STATIC by default if not set
+ # during creation.
+ # Corresponds to the JSON property `type`
+ # @return [String]
+ attr_accessor :type
+
# Output only. The most recent time at which the mute config was updated. This
# field is set by the server and will be ignored if provided on config creation
# or update.
# Corresponds to the JSON property `updateTime`
# @return [String]
@@ -2561,13 +2788,15 @@
# Update properties of this object
def update!(**args)
@create_time = args[:create_time] if args.key?(:create_time)
@description = args[:description] if args.key?(:description)
@display_name = args[:display_name] if args.key?(:display_name)
+ @expiry_time = args[:expiry_time] if args.key?(:expiry_time)
@filter = args[:filter] if args.key?(:filter)
@most_recent_editor = args[:most_recent_editor] if args.key?(:most_recent_editor)
@name = args[:name] if args.key?(:name)
+ @type = args[:type] if args.key?(:type)
@update_time = args[:update_time] if args.key?(:update_time)
end
end
# Cloud SCC's Notification
@@ -2846,14 +3075,14 @@
# field will be ignored when reading this configuration.
# Corresponds to the JSON property `sensitiveDataProtectionMapping`
# @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV1SensitiveDataProtectionMapping]
attr_accessor :sensitive_data_protection_mapping
- # Required. Tag values combined with `AND` to check against. Values in the form "
- # tagValues/123" Example: `[ "tagValues/123", "tagValues/456", "tagValues/789" ]`
- # https://cloud.google.com/resource-manager/docs/tags/tags-creating-and-
- # managing
+ # Required. Tag values combined with `AND` to check against. For Google Cloud
+ # resources, they are tag value IDs in the form of "tagValues/123". Example: `[ "
+ # tagValues/123", "tagValues/456", "tagValues/789" ]` https://cloud.google.com/
+ # resource-manager/docs/tags/tags-creating-and-managing
# Corresponds to the JSON property `tagValues`
# @return [Array<String>]
attr_accessor :tag_values
# Output only. Timestamp this resource value configuration was last updated.
@@ -2920,10 +3149,15 @@
# the custom module is inherited.
# Corresponds to the JSON property `ancestorModule`
# @return [String]
attr_accessor :ancestor_module
+ # The cloud provider of the custom module.
+ # Corresponds to the JSON property `cloudProvider`
+ # @return [String]
+ attr_accessor :cloud_provider
+
# Defines the properties in a custom module configuration for Security Health
# Analytics. Use the custom module configuration to create custom detectors that
# generate custom findings for resources that you specify.
# Corresponds to the JSON property `customConfig`
# @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV1CustomConfig]
@@ -2969,10 +3203,11 @@
end
# Update properties of this object
def update!(**args)
@ancestor_module = args[:ancestor_module] if args.key?(:ancestor_module)
+ @cloud_provider = args[:cloud_provider] if args.key?(:cloud_provider)
@custom_config = args[:custom_config] if args.key?(:custom_config)
@display_name = args[:display_name] if args.key?(:display_name)
@enablement_state = args[:enablement_state] if args.key?(:enablement_state)
@last_editor = args[:last_editor] if args.key?(:last_editor)
@name = args[:name] if args.key?(:name)
@@ -3802,26 +4037,37 @@
# Represents an Azure subscription.
# Corresponds to the JSON property `subscription`
# @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2AzureSubscription]
attr_accessor :subscription
+ # Represents a Microsoft Entra tenant.
+ # Corresponds to the JSON property `tenant`
+ # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2AzureTenant]
+ attr_accessor :tenant
+
def initialize(**args)
update!(**args)
end
# Update properties of this object
def update!(**args)
@management_groups = args[:management_groups] if args.key?(:management_groups)
@resource_group = args[:resource_group] if args.key?(:resource_group)
@subscription = args[:subscription] if args.key?(:subscription)
+ @tenant = args[:tenant] if args.key?(:tenant)
end
end
# Represents an Azure resource group.
class GoogleCloudSecuritycenterV2AzureResourceGroup
include Google::Apis::Core::Hashable
+ # The ID of the Azure resource group.
+ # Corresponds to the JSON property `id`
+ # @return [String]
+ attr_accessor :id
+
# The name of the Azure resource group. This is not a UUID.
# Corresponds to the JSON property `name`
# @return [String]
attr_accessor :name
@@ -3829,10 +4075,11 @@
update!(**args)
end
# Update properties of this object
def update!(**args)
+ @id = args[:id] if args.key?(:id)
@name = args[:name] if args.key?(:name)
end
end
# Represents an Azure subscription.
@@ -3859,10 +4106,36 @@
@display_name = args[:display_name] if args.key?(:display_name)
@id = args[:id] if args.key?(:id)
end
end
+ # Represents a Microsoft Entra tenant.
+ class GoogleCloudSecuritycenterV2AzureTenant
+ include Google::Apis::Core::Hashable
+
+ # The display name of the Azure tenant.
+ # Corresponds to the JSON property `displayName`
+ # @return [String]
+ attr_accessor :display_name
+
+ # The ID of the Microsoft Entra tenant, for example, "a11aaa11-aa11-1aa1-11aa-
+ # 1aaa11a".
+ # Corresponds to the JSON property `id`
+ # @return [String]
+ attr_accessor :id
+
+ def initialize(**args)
+ update!(**args)
+ end
+
+ # Update properties of this object
+ def update!(**args)
+ @display_name = args[:display_name] if args.key?(:display_name)
+ @id = args[:id] if args.key?(:id)
+ end
+ end
+
# Information related to Google Cloud Backup and DR Service findings.
class GoogleCloudSecuritycenterV2BackupDisasterRecovery
include Google::Apis::Core::Hashable
# The name of the Backup and DR appliance that captures, moves, and manages the
@@ -4427,15 +4700,25 @@
# Common Vulnerability Scoring System version 3.
# Corresponds to the JSON property `cvssv3`
# @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Cvssv3]
attr_accessor :cvssv3
+ # Date the first publicly available exploit or PoC was released.
+ # Corresponds to the JSON property `exploitReleaseDate`
+ # @return [String]
+ attr_accessor :exploit_release_date
+
# The exploitation activity of the vulnerability in the wild.
# Corresponds to the JSON property `exploitationActivity`
# @return [String]
attr_accessor :exploitation_activity
+ # Date of the earliest known exploitation.
+ # Corresponds to the JSON property `firstExploitationDate`
+ # @return [String]
+ attr_accessor :first_exploitation_date
+
# The unique identifier for the vulnerability. e.g. CVE-2021-34527
# Corresponds to the JSON property `id`
# @return [String]
attr_accessor :id
@@ -4473,11 +4756,13 @@
end
# Update properties of this object
def update!(**args)
@cvssv3 = args[:cvssv3] if args.key?(:cvssv3)
+ @exploit_release_date = args[:exploit_release_date] if args.key?(:exploit_release_date)
@exploitation_activity = args[:exploitation_activity] if args.key?(:exploitation_activity)
+ @first_exploitation_date = args[:first_exploitation_date] if args.key?(:first_exploitation_date)
@id = args[:id] if args.key?(:id)
@impact = args[:impact] if args.key?(:impact)
@observed_in_the_wild = args[:observed_in_the_wild] if args.key?(:observed_in_the_wild)
@references = args[:references] if args.key?(:references)
@upstream_fix_available = args[:upstream_fix_available] if args.key?(:upstream_fix_available)
@@ -4560,10 +4845,95 @@
@scope = args[:scope] if args.key?(:scope)
@user_interaction = args[:user_interaction] if args.key?(:user_interaction)
end
end
+ # Details about a data access attempt made by a principal not authorized under
+ # applicable data security policy.
+ class GoogleCloudSecuritycenterV2DataAccessEvent
+ include Google::Apis::Core::Hashable
+
+ # Unique identifier for data access event.
+ # Corresponds to the JSON property `eventId`
+ # @return [String]
+ attr_accessor :event_id
+
+ # Timestamp of data access event.
+ # Corresponds to the JSON property `eventTime`
+ # @return [String]
+ attr_accessor :event_time
+
+ # The operation performed by the principal to access the data.
+ # Corresponds to the JSON property `operation`
+ # @return [String]
+ attr_accessor :operation
+
+ # The email address of the principal that accessed the data. The principal could
+ # be a user account, service account, Google group, or other.
+ # Corresponds to the JSON property `principalEmail`
+ # @return [String]
+ attr_accessor :principal_email
+
+ def initialize(**args)
+ update!(**args)
+ end
+
+ # Update properties of this object
+ def update!(**args)
+ @event_id = args[:event_id] if args.key?(:event_id)
+ @event_time = args[:event_time] if args.key?(:event_time)
+ @operation = args[:operation] if args.key?(:operation)
+ @principal_email = args[:principal_email] if args.key?(:principal_email)
+ end
+ end
+
+ # Details about a data flow event, in which either the data is moved to or is
+ # accessed from a non-compliant geo-location, as defined in the applicable data
+ # security policy.
+ class GoogleCloudSecuritycenterV2DataFlowEvent
+ include Google::Apis::Core::Hashable
+
+ # Unique identifier for data flow event.
+ # Corresponds to the JSON property `eventId`
+ # @return [String]
+ attr_accessor :event_id
+
+ # Timestamp of data flow event.
+ # Corresponds to the JSON property `eventTime`
+ # @return [String]
+ attr_accessor :event_time
+
+ # The operation performed by the principal for the data flow event.
+ # Corresponds to the JSON property `operation`
+ # @return [String]
+ attr_accessor :operation
+
+ # The email address of the principal that initiated the data flow event. The
+ # principal could be a user account, service account, Google group, or other.
+ # Corresponds to the JSON property `principalEmail`
+ # @return [String]
+ attr_accessor :principal_email
+
+ # Non-compliant location of the principal or the data destination.
+ # Corresponds to the JSON property `violatedLocation`
+ # @return [String]
+ attr_accessor :violated_location
+
+ def initialize(**args)
+ update!(**args)
+ end
+
+ # Update properties of this object
+ def update!(**args)
+ @event_id = args[:event_id] if args.key?(:event_id)
+ @event_time = args[:event_time] if args.key?(:event_time)
+ @operation = args[:operation] if args.key?(:operation)
+ @principal_email = args[:principal_email] if args.key?(:principal_email)
+ @violated_location = args[:violated_location] if args.key?(:violated_location)
+ end
+ end
+
# Represents database access information, such as queries. A database may be a
# sub-resource of an instance (as in the case of Cloud SQL instances or Cloud
# Spanner instances), or the database instance itself. Some database resources
# might not have the [full resource name](https://google.aip.dev/122#full-
# resource-names) populated because these resource types, such as Cloud SQL
@@ -4648,10 +5018,30 @@
@binary = args[:binary] if args.key?(:binary)
@percent_pages_matched = args[:percent_pages_matched] if args.key?(:percent_pages_matched)
end
end
+ # Contains information about the disk associated with the finding.
+ class GoogleCloudSecuritycenterV2Disk
+ include Google::Apis::Core::Hashable
+
+ # The name of the disk, for example, "https://www.googleapis.com/compute/v1/
+ # projects/project-id/zones/zone-id/disks/disk-id".
+ # Corresponds to the JSON property `name`
+ # @return [String]
+ attr_accessor :name
+
+ def initialize(**args)
+ update!(**args)
+ end
+
+ # Update properties of this object
+ def update!(**args)
+ @name = args[:name] if args.key?(:name)
+ end
+ end
+
# Path of the file in terms of underlying disk/partition identifiers.
class GoogleCloudSecuritycenterV2DiskPath
include Google::Apis::Core::Hashable
# UUID of the partition (format https://wiki.archlinux.org/title/
@@ -4675,10 +5065,37 @@
@partition_uuid = args[:partition_uuid] if args.key?(:partition_uuid)
@relative_path = args[:relative_path] if args.key?(:relative_path)
end
end
+ # The record of a dynamic mute rule that matches the finding.
+ class GoogleCloudSecuritycenterV2DynamicMuteRecord
+ include Google::Apis::Core::Hashable
+
+ # When the dynamic mute rule first matched the finding.
+ # Corresponds to the JSON property `matchTime`
+ # @return [String]
+ attr_accessor :match_time
+
+ # The relative resource name of the mute rule, represented by a mute config,
+ # that created this record, for example `organizations/123/muteConfigs/
+ # mymuteconfig` or `organizations/123/locations/global/muteConfigs/mymuteconfig`.
+ # Corresponds to the JSON property `muteConfig`
+ # @return [String]
+ attr_accessor :mute_config
+
+ def initialize(**args)
+ update!(**args)
+ end
+
+ # Update properties of this object
+ def update!(**args)
+ @match_time = args[:match_time] if args.key?(:match_time)
+ @mute_config = args[:mute_config] if args.key?(:mute_config)
+ end
+ end
+
# A name-value pair representing an environment variable used in an operating
# system process.
class GoogleCloudSecuritycenterV2EnvironmentVariable
include Google::Apis::Core::Hashable
@@ -5013,10 +5430,20 @@
# Center.
# Corresponds to the JSON property `createTime`
# @return [String]
attr_accessor :create_time
+ # Data access events associated with the finding.
+ # Corresponds to the JSON property `dataAccessEvents`
+ # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2DataAccessEvent>]
+ attr_accessor :data_access_events
+
+ # Data flow events associated with the finding.
+ # Corresponds to the JSON property `dataFlowEvents`
+ # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2DataFlowEvent>]
+ attr_accessor :data_flow_events
+
# Represents database access information, such as queries. A database may be a
# sub-resource of an instance (as in the case of Cloud SQL instances or Cloud
# Spanner instances), or the database instance itself. Some database resources
# might not have the [full resource name](https://google.aip.dev/122#full-
# resource-names) populated because these resource types, such as Cloud SQL
@@ -5029,10 +5456,15 @@
# Contains more details about the finding.
# Corresponds to the JSON property `description`
# @return [String]
attr_accessor :description
+ # Contains information about the disk associated with the finding.
+ # Corresponds to the JSON property `disk`
+ # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2Disk]
+ attr_accessor :disk
+
# The time the finding was first detected. If an existing finding is updated,
# then this is the time the update occurred. For example, if the finding
# represents an open firewall, this property captures the time the detector
# believes the firewall became open. The accuracy is determined by the detector.
# If the finding is later resolved, then this time reflects when the finding was
@@ -5130,10 +5562,16 @@
# value of mute.
# Corresponds to the JSON property `mute`
# @return [String]
attr_accessor :mute
+ # Mute information about the finding, including whether the finding has a static
+ # mute or any matching dynamic mute rules.
+ # Corresponds to the JSON property `muteInfo`
+ # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2MuteInfo]
+ attr_accessor :mute_info
+
# Records additional information about the mute operation, for example, the [
# mute configuration](https://cloud.google.com/security-command-center/docs/how-
# to-mute-findings) that muted the finding and the user who muted the finding.
# Corresponds to the JSON property `muteInitiator`
# @return [String]
@@ -5272,12 +5710,15 @@
@compliances = args[:compliances] if args.key?(:compliances)
@connections = args[:connections] if args.key?(:connections)
@contacts = args[:contacts] if args.key?(:contacts)
@containers = args[:containers] if args.key?(:containers)
@create_time = args[:create_time] if args.key?(:create_time)
+ @data_access_events = args[:data_access_events] if args.key?(:data_access_events)
+ @data_flow_events = args[:data_flow_events] if args.key?(:data_flow_events)
@database = args[:database] if args.key?(:database)
@description = args[:description] if args.key?(:description)
+ @disk = args[:disk] if args.key?(:disk)
@event_time = args[:event_time] if args.key?(:event_time)
@exfiltration = args[:exfiltration] if args.key?(:exfiltration)
@external_systems = args[:external_systems] if args.key?(:external_systems)
@external_uri = args[:external_uri] if args.key?(:external_uri)
@files = args[:files] if args.key?(:files)
@@ -5290,10 +5731,11 @@
@load_balancers = args[:load_balancers] if args.key?(:load_balancers)
@log_entries = args[:log_entries] if args.key?(:log_entries)
@mitre_attack = args[:mitre_attack] if args.key?(:mitre_attack)
@module_name = args[:module_name] if args.key?(:module_name)
@mute = args[:mute] if args.key?(:mute)
+ @mute_info = args[:mute_info] if args.key?(:mute_info)
@mute_initiator = args[:mute_initiator] if args.key?(:mute_initiator)
@mute_update_time = args[:mute_update_time] if args.key?(:mute_update_time)
@name = args[:name] if args.key?(:name)
@next_steps = args[:next_steps] if args.key?(:next_steps)
@notebook = args[:notebook] if args.key?(:notebook)
@@ -5762,10 +6204,16 @@
# A description of the mute config.
# Corresponds to the JSON property `description`
# @return [String]
attr_accessor :description
+ # Optional. The expiry of the mute config. Only applicable for dynamic configs.
+ # If the expiry is set, when the config expires, it is removed from all findings.
+ # Corresponds to the JSON property `expiryTime`
+ # @return [String]
+ attr_accessor :expiry_time
+
# Required. An expression that defines the filter to apply across create/update
# events of findings. While creating a filter string, be mindful of the scope in
# which the mute configuration is being created. E.g., If a filter contains
# project = X but is created under the project = Y scope, it might not match any
# findings. The following field and operator combinations are supported: *
@@ -5815,18 +6263,47 @@
# Update properties of this object
def update!(**args)
@create_time = args[:create_time] if args.key?(:create_time)
@description = args[:description] if args.key?(:description)
+ @expiry_time = args[:expiry_time] if args.key?(:expiry_time)
@filter = args[:filter] if args.key?(:filter)
@most_recent_editor = args[:most_recent_editor] if args.key?(:most_recent_editor)
@name = args[:name] if args.key?(:name)
@type = args[:type] if args.key?(:type)
@update_time = args[:update_time] if args.key?(:update_time)
end
end
+ # Mute information about the finding, including whether the finding has a static
+ # mute or any matching dynamic mute rules.
+ class GoogleCloudSecuritycenterV2MuteInfo
+ include Google::Apis::Core::Hashable
+
+ # The list of dynamic mute rules that currently match the finding.
+ # Corresponds to the JSON property `dynamicMuteRecords`
+ # @return [Array<Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2DynamicMuteRecord>]
+ attr_accessor :dynamic_mute_records
+
+ # Information about the static mute state. A static mute state overrides any
+ # dynamic mute rules that apply to this finding. The static mute state can be
+ # set by a static mute rule or by muting the finding directly.
+ # Corresponds to the JSON property `staticMute`
+ # @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2StaticMute]
+ attr_accessor :static_mute
+
+ def initialize(**args)
+ update!(**args)
+ end
+
+ # Update properties of this object
+ def update!(**args)
+ @dynamic_mute_records = args[:dynamic_mute_records] if args.key?(:dynamic_mute_records)
+ @static_mute = args[:static_mute] if args.key?(:static_mute)
+ end
+ end
+
# Kubernetes nodes associated with the finding.
class GoogleCloudSecuritycenterV2Node
include Google::Apis::Core::Hashable
# [Full resource name](https://google.aip.dev/122#full-resource-names) of the
@@ -6498,13 +6975,14 @@
# field will be ignored when reading this configuration.
# Corresponds to the JSON property `sensitiveDataProtectionMapping`
# @return [Google::Apis::SecuritycenterV1beta2::GoogleCloudSecuritycenterV2SensitiveDataProtectionMapping]
attr_accessor :sensitive_data_protection_mapping
- # Tag values combined with `AND` to check against. Values in the form "tagValues/
- # 123" Example: `[ "tagValues/123", "tagValues/456", "tagValues/789" ]` https://
- # cloud.google.com/resource-manager/docs/tags/tags-creating-and-managing
+ # Tag values combined with `AND` to check against. For Google Cloud resources,
+ # they are tag value IDs in the form of "tagValues/123". Example: `[ "tagValues/
+ # 123", "tagValues/456", "tagValues/789" ]` https://cloud.google.com/resource-
+ # manager/docs/tags/tags-creating-and-managing
# Corresponds to the JSON property `tagValues`
# @return [Array<String>]
attr_accessor :tag_values
# Output only. Timestamp this resource value configuration was last updated.
@@ -6810,10 +7288,38 @@
@principal_email = args[:principal_email] if args.key?(:principal_email)
@principal_subject = args[:principal_subject] if args.key?(:principal_subject)
end
end
+ # Information about the static mute state. A static mute state overrides any
+ # dynamic mute rules that apply to this finding. The static mute state can be
+ # set by a static mute rule or by muting the finding directly.
+ class GoogleCloudSecuritycenterV2StaticMute
+ include Google::Apis::Core::Hashable
+
+ # When the static mute was applied.
+ # Corresponds to the JSON property `applyTime`
+ # @return [String]
+ attr_accessor :apply_time
+
+ # The static mute state. If the value is `MUTED` or `UNMUTED`, then the finding'
+ # s overall mute state will have the same value.
+ # Corresponds to the JSON property `state`
+ # @return [String]
+ attr_accessor :state
+
+ def initialize(**args)
+ update!(**args)
+ end
+
+ # Update properties of this object
+ def update!(**args)
+ @apply_time = args[:apply_time] if args.key?(:apply_time)
+ @state = args[:state] if args.key?(:state)
+ end
+ end
+
# Represents a Kubernetes subject.
class GoogleCloudSecuritycenterV2Subject
include Google::Apis::Core::Hashable
# Authentication type for the subject.
@@ -7371,10 +7877,38 @@
@primary_techniques = args[:primary_techniques] if args.key?(:primary_techniques)
@version = args[:version] if args.key?(:version)
end
end
+ # Mute information about the finding, including whether the finding has a static
+ # mute or any matching dynamic mute rules.
+ class MuteInfo
+ include Google::Apis::Core::Hashable
+
+ # The list of dynamic mute rules that currently match the finding.
+ # Corresponds to the JSON property `dynamicMuteRecords`
+ # @return [Array<Google::Apis::SecuritycenterV1beta2::DynamicMuteRecord>]
+ attr_accessor :dynamic_mute_records
+
+ # Information about the static mute state. A static mute state overrides any
+ # dynamic mute rules that apply to this finding. The static mute state can be
+ # set by a static mute rule or by muting the finding directly.
+ # Corresponds to the JSON property `staticMute`
+ # @return [Google::Apis::SecuritycenterV1beta2::StaticMute]
+ attr_accessor :static_mute
+
+ def initialize(**args)
+ update!(**args)
+ end
+
+ # Update properties of this object
+ def update!(**args)
+ @dynamic_mute_records = args[:dynamic_mute_records] if args.key?(:dynamic_mute_records)
+ @static_mute = args[:static_mute] if args.key?(:static_mute)
+ end
+ end
+
# Kubernetes nodes associated with the finding.
class Node
include Google::Apis::Core::Hashable
# [Full resource name](https://google.aip.dev/122#full-resource-names) of the
@@ -8237,9 +8771,37 @@
# Update properties of this object
def update!(**args)
@principal_email = args[:principal_email] if args.key?(:principal_email)
@principal_subject = args[:principal_subject] if args.key?(:principal_subject)
+ end
+ end
+
+ # Information about the static mute state. A static mute state overrides any
+ # dynamic mute rules that apply to this finding. The static mute state can be
+ # set by a static mute rule or by muting the finding directly.
+ class StaticMute
+ include Google::Apis::Core::Hashable
+
+ # When the static mute was applied.
+ # Corresponds to the JSON property `applyTime`
+ # @return [String]
+ attr_accessor :apply_time
+
+ # The static mute state. If the value is `MUTED` or `UNMUTED`, then the finding'
+ # s overall mute state will have the same value.
+ # Corresponds to the JSON property `state`
+ # @return [String]
+ attr_accessor :state
+
+ def initialize(**args)
+ update!(**args)
+ end
+
+ # Update properties of this object
+ def update!(**args)
+ @apply_time = args[:apply_time] if args.key?(:apply_time)
+ @state = args[:state] if args.key?(:state)
end
end
# Represents a Kubernetes subject.
class Subject