Represents an access event.
Conveys information about a Kubernetes access review (such as one returned by a
kubectl auth can-i
command) that was involved in a finding.
Represents an application associated with a finding.
Security Command Center representation of a Google Cloud resource. The Asset is a Security Command Center resource that captures information about a single Google Cloud resource. All modifications to an Asset are only within the context of Security Command Center and don’t affect the referenced Google Cloud resource.
The configuration used for Asset Discovery runs.
An attack exposure contains the results of an attack path simulation run.
A path that an attacker could take to reach an exposed resource.
Represents a connection between a source node and a destination node in this attack path.
Represents one point that an attacker passes through in this attack path.
Detailed steps the attack can take between path nodes.
Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both allServices
and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { “audit_configs”: [ { “service”: “allServices”, “audit_log_configs”: [ { “log_type”: “DATA_READ”, “exempted_members”: [ “user:jose@example.com” ] }, { “log_type”: “DATA_WRITE” }, { “log_type”: “ADMIN_READ” } ] }, { “service”: “sampleservice.googleapis.com”, “audit_log_configs”: [ { “log_type”: “DATA_READ” }, { “log_type”: “DATA_WRITE”, “exempted_members”: [ “user:aliya@example.com” ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts jose@example.com
from DATA_READ logging, and aliya@example.com
from DATA_WRITE logging.
Provides the configuration for logging a type of permissions. Example: { “audit_log_configs”: [ { “log_type”: “DATA_READ”, “exempted_members”: [ “user:jose@example.com” ] }, { “log_type”: “DATA_WRITE” } ] } This enables ‘DATA_READ’ and ‘DATA_WRITE’ logging, while exempting jose@example.com from DATA_READ logging.
Information related to Google Cloud Backup and DR Service findings.
Request message to create multiple resource value configs
Response message for BatchCreateResourceValueConfigs
Associates members
, or principals, with a role
.
Request message for bulk findings update. Note: 1. If multiple bulk update requests match the same resource, the order in which they get executed is not defined. 2. Once a bulk operation is started, there is no way to stop it.
Details about the Cloud Data Loss Prevention (Cloud DLP)
inspection job that produced the finding.
Contains compliance information about a security standard indicating unmet recommendations.
Contains information about the IP connection associated with the finding.
The email address of a contact.
Details about specific contacts
Container associated with the finding.
Request message to create single resource value config
An error encountered while validating the uploaded configuration of an Event Threat Detection Custom Module.
A list of zero or more errors encountered while validating the uploaded configuration of an Event Threat Detection Custom Module.
CVE stands for Common Vulnerabilities and Exposures. Information from the
CVE record that describes this vulnerability.
Common Vulnerability Scoring System version 3.
Represents database access information, such as queries. A database may be a sub-resource of an instance (as in the case of Cloud SQL instances or Cloud Spanner instances), or the database instance itself. Some database resources might not have the
full resource name populated because these resource types, such as Cloud SQL databases, are not yet supported by Cloud Asset Inventory. In these cases only the display name is provided.
Memory hash detection contributing to the binary family match.
Path of the file in terms of underlying disk/partition identifiers.
An EffectiveEventThreatDetectionCustomModule is the representation of an Event Threat Detection custom module at a specified level of the resource hierarchy: organization, folder, or project. If a custom module is inherited from a parent organization or folder, the value of the enablement_state
property in EffectiveEventThreatDetectionCustomModule is set to the value that is effective in the parent, instead of INHERITED
. For example, if the module is enabled in a parent organization or folder, the effective enablement_state
for the module in all child folders or projects is also enabled
. EffectiveEventThreatDetectionCustomModule is read-only.
A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs. A typical example is to use it as the request or the response type of an API method. For instance: service Foo { rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); }
A name-value pair representing an environment variable used in an operating system process.
Represents an instance of an Event Threat Detection custom module, including its full module name, display name, enablement state, and last updated time. You can create a custom module at the organization, folder, or project level. Custom modules that you create at the organization or folder level are inherited by child folders and projects.
Resource where data was exfiltrated from or exfiltrated to.
Exfiltration represents a data exfiltration attempt from one or more sources to one or more targets. The sources
attribute lists the sources of the exfiltrated data. The targets
attribute lists the destinations the data was copied to.
Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: “Summary size limit” description: “Determines if a summary is less than 100 chars” expression: “document.summary.size() < 100” Example (Equality): title: “Requestor is owner” description: “Determines if requestor is the document owner” expression: “document.owner == request.auth.claims.email” Example (Logic): title: “Public documents” description: “Determine whether the document should be publicly visible” expression: “document.type != ‘private’ && document.type != ‘internal’” Example (Data Manipulation): title: “Notification string” description: “Create a notification string with a timestamp.” expression: “’New message received at ’ + string(document.create_time)” The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information.
File information about the related binary/library used by an executable, or the script used by a script interpreter
Security Command Center finding. A finding is a record of assessment data like security, risk, health, or privacy, that is ingested into Security Command Center for presentation, notification, analysis, policy testing, and enforcement. For example, a cross-site scripting (XSS) vulnerability in an App Engine application is a finding.
Message that contains the resource name and display name of a folder resource.
Filters an organization’s assets and groups them by their specified properties.
Lists an organization’s assets.
Updates security marks.
Creates a BigQuery export.
Deletes an existing BigQuery export.
Gets a BigQuery export.
Lists BigQuery exports. Note that when requesting BigQuery exports at a given level all exports under that level are also returned e.g. if requesting BigQuery exports under a folder, then all BigQuery exports immediately under the folder plus the ones created under the projects within the folder are returned.
Updates a BigQuery export.
Creates a resident Event Threat Detection custom module at the scope of the given Resource Manager parent, and also creates inherited custom modules for all descendants of the given parent. These modules are enabled by default.
Deletes the specified Event Threat Detection custom module and all of its descendants in the Resource Manager hierarchy. This method is only supported for resident custom modules.
Gets an Event Threat Detection custom module.
Lists all Event Threat Detection custom modules for the given Resource Manager parent. This includes resident modules defined at the scope of the parent along with modules inherited from ancestors.
Lists all resident Event Threat Detection custom modules under the given Resource Manager parent and its descendants.
Updates the Event Threat Detection custom module with the given name based on the given update mask. Updating the enablement state is supported for both resident and inherited modules (though resident modules cannot have an enablement state of “inherited”). Updating the display name or configuration of a module is supported for resident modules only. The type of a module cannot be changed.
Gets an effective Event Threat Detection custom module at the given level.
Lists all effective Event Threat Detection custom modules for the given parent. This includes resident modules defined at the scope of the parent along with modules inherited from its ancestors.
Validates the given Event Threat Detection custom module.
Kicks off an LRO to bulk mute findings for a parent based on a filter. The parent can be either an organization, folder or project. The findings matched by the filter will be muted after the LRO is done.
Deletes an existing mute config.
Gets a mute config.
Updates a mute config.
A builder providing access to all methods supported on
folder resources.
It is not used directly, but through the
SecurityCommandCenter
hub.
Creates a mute config.
Deletes an existing mute config.
Gets a mute config.
Lists mute configs.
Updates a mute config.
Creates a notification config.
Deletes a notification config.
Gets a notification config.
Lists notification configs.
Updates a notification config. The following update fields are allowed: description, pubsub_topic, streaming_config.filter
Creates a resident SecurityHealthAnalyticsCustomModule at the scope of the given CRM parent, and also creates inherited SecurityHealthAnalyticsCustomModules for all CRM descendants of the given parent. These modules are enabled by default.
Deletes the specified SecurityHealthAnalyticsCustomModule and all of its descendants in the CRM hierarchy. This method is only supported for resident custom modules.
Retrieves a SecurityHealthAnalyticsCustomModule.
Returns a list of all SecurityHealthAnalyticsCustomModules for the given parent. This includes resident modules defined at the scope of the parent, and inherited modules, inherited from CRM ancestors.
Returns a list of all resident SecurityHealthAnalyticsCustomModules under the given CRM parent and all of the parent’s CRM descendants.
Updates the SecurityHealthAnalyticsCustomModule under the given name based on the given update mask. Updating the enablement state is supported on both resident and inherited modules (though resident modules cannot have an enablement state of “inherited”). Updating the display name and custom config of a module is supported on resident modules only.
Simulates a given SecurityHealthAnalyticsCustomModule and Resource.
Retrieves an EffectiveSecurityHealthAnalyticsCustomModule.
Returns a list of all EffectiveSecurityHealthAnalyticsCustomModules for the given parent. This includes resident modules defined at the scope of the parent, and inherited modules, inherited from CRM ancestors.
Updates external system. This is for a given finding.
Filters an organization or source’s findings and groups them by their specified properties. To group across all sources provide a -
as the source id. Example: /v1/organizations/{organization_id}/sources/-/findings, /v1/folders/{folder_id}/sources/-/findings, /v1/projects/{project_id}/sources/-/findings
Lists an organization or source’s findings. To list across all sources provide a -
as the source id. Example: /v1/organizations/{organization_id}/sources/-/findings
Creates or updates a finding. The corresponding source must exist for a finding creation to succeed.
Updates the mute state of a finding.
Updates the state of a finding.
Updates security marks.
Lists all sources belonging to an organization.
Represents a geographical location for a given access.
Request message for GetIamPolicy
method.
Encapsulates settings provided to GetIamPolicy.
Configures how to deliver Findings to BigQuery Instance.
Represents a Kubernetes RoleBinding or ClusterRoleBinding.
Defines the properties in a custom module configuration for Security Health Analytics. Use the custom module configuration to create custom detectors that generate custom findings for resources that you specify.
A set of optional name-value pairs that define custom source properties to return with each finding that is generated by the custom module. The custom source properties that are defined here are included in the finding JSON under sourceProperties
.
An EffectiveSecurityHealthAnalyticsCustomModule is the representation of a Security Health Analytics custom module at a specified level of the resource hierarchy: organization, folder, or project. If a custom module is inherited from a parent organization or folder, the value of the enablementState
property in EffectiveSecurityHealthAnalyticsCustomModule is set to the value that is effective in the parent, instead of INHERITED
. For example, if the module is enabled in a parent organization or folder, the effective enablement_state for the module in all child folders or projects is also enabled
. EffectiveSecurityHealthAnalyticsCustomModule is read-only.
Representation of third party SIEM/SOAR fields within SCC.
A mute config is a Cloud SCC resource that contains the configuration to mute create/update events of findings.
An individual name-value pair that defines a custom source property.
Resource for selecting resource type.
A resource value config (RVC) is a mapping configuration of user’s resources to resource values. Used in Attack path simulations.
Represents an instance of a Security Health Analytics custom module, including its full module name, display name, enablement state, and last updated time. You can create a custom module at the organization, folder, or project level. Custom modules that you create at the organization or folder level are inherited by the child folders and projects.
Resource value mapping for Sensitive Data Protection findings. If any of these mappings have a resource value that is not unspecified, the resource_value field will be ignored when reading this configuration.
Request message for grouping by assets.
Response message for grouping by assets.
Request message for grouping by findings.
Response message for group by findings.
Result containing the properties and count of a groupBy request.
Represents a particular IAM binding, which captures a member’s role addition, removal, or state.
Cloud IAM Policy information associated with the Google Cloud resource described by the Security Command Center asset. This information is managed and defined by the Google Cloud resource and cannot be modified by the user.
Represents what’s commonly known as an
indicator of compromise (IoC) in computer forensics. This is an artifact observed on a network or in an operating system that, with high confidence, indicates a computer intrusion. For more information, see
Indicator of compromise.
Kernel mode rootkit signatures.
Kubernetes-related attributes.
Represents a generic name-value label. A label has separate name and value fields to support filtering with the
contains()
function. For more information, see
Filtering on array-type fields.
Response message for listing assets.
Result containing the Asset and its State.
Response message for listing the attack paths for a given simulation or valued resource.
Response message for listing BigQuery exports.
Response for listing current and descendant resident Event Threat Detection custom modules.
Response message for listing descendant Security Health Analytics custom modules.
Response for listing EffectiveEventThreatDetectionCustomModules.
Response message for listing effective Security Health Analytics custom modules.
Response for listing Event Threat Detection custom modules.
Response message for listing findings.
Result containing the Finding and its StateChange.
Response message for listing mute configs.
Response message for listing notification configs.
The response message for Operations.ListOperations.
Response message to list resource value configs
Response message for listing Security Health Analytics custom modules.
Response message for listing sources.
Response message for listing the valued resources for a given simulation.
Contains information related to the load balancer associated with the finding.
An individual entry in a log.
A signature corresponding to memory page hashes.
MITRE ATT&CK tactics and techniques related to this finding. See: https://attack.mitre.org
Kubernetes nodes associated with the finding.
Provides GKE node pool information.
Cloud Security Command Center (Cloud SCC) notification configs. A notification config is a Cloud SCC resource that contains the configuration to send notifications for create/update events of findings, assets and etc.
Kubernetes object related to the finding, uniquely identified by GKNN. Used if the object Kind is not one of Pod, Node, NodePool, Binding, or AccessReview.
This resource represents a long-running operation that is the result of a network API call.
Contains information about the org policies associated with the finding.
Filters an organization’s assets and groups them by their specified properties.
Lists an organization’s assets.
Runs asset discovery. The discovery is tracked with a long-running operation. This API can only be called with limited frequency for an organization. If it is called too frequently the caller will receive a TOO_MANY_REQUESTS error.
Updates security marks.
Creates a BigQuery export.
Deletes an existing BigQuery export.
Gets a BigQuery export.
Lists BigQuery exports. Note that when requesting BigQuery exports at a given level all exports under that level are also returned e.g. if requesting BigQuery exports under a folder, then all BigQuery exports immediately under the folder plus the ones created under the projects within the folder are returned.
Updates a BigQuery export.
Creates a resident Event Threat Detection custom module at the scope of the given Resource Manager parent, and also creates inherited custom modules for all descendants of the given parent. These modules are enabled by default.
Deletes the specified Event Threat Detection custom module and all of its descendants in the Resource Manager hierarchy. This method is only supported for resident custom modules.
Gets an Event Threat Detection custom module.
Lists all Event Threat Detection custom modules for the given Resource Manager parent. This includes resident modules defined at the scope of the parent along with modules inherited from ancestors.
Lists all resident Event Threat Detection custom modules under the given Resource Manager parent and its descendants.
Updates the Event Threat Detection custom module with the given name based on the given update mask. Updating the enablement state is supported for both resident and inherited modules (though resident modules cannot have an enablement state of “inherited”). Updating the display name or configuration of a module is supported for resident modules only. The type of a module cannot be changed.
Gets an effective Event Threat Detection custom module at the given level.
Lists all effective Event Threat Detection custom modules for the given parent. This includes resident modules defined at the scope of the parent along with modules inherited from its ancestors.
Validates the given Event Threat Detection custom module.
Kicks off an LRO to bulk mute findings for a parent based on a filter. The parent can be either an organization, folder or project. The findings matched by the filter will be muted after the LRO is done.
Gets the settings for an organization.
Deletes an existing mute config.
Gets a mute config.
Updates a mute config.
A builder providing access to all methods supported on
organization resources.
It is not used directly, but through the
SecurityCommandCenter
hub.
Creates a mute config.
Deletes an existing mute config.
Gets a mute config.
Lists mute configs.
Updates a mute config.
Creates a notification config.
Deletes a notification config.
Gets a notification config.
Lists notification configs.
Updates a notification config. The following update fields are allowed: description, pubsub_topic, streaming_config.filter
Starts asynchronous cancellation on a long-running operation. The server makes a best effort to cancel the operation, but success is not guaranteed. If the server doesn’t support this method, it returns google.rpc.Code.UNIMPLEMENTED
. Clients can use Operations.GetOperation or other methods to check whether the cancellation succeeded or whether the operation completed despite cancellation. On successful cancellation, the operation is not deleted; instead, it becomes an operation with an Operation.error value with a google.rpc.Status.code of 1, corresponding to Code.CANCELLED
.
Deletes a long-running operation. This method indicates that the client is no longer interested in the operation result. It does not cancel the operation. If the server doesn’t support this method, it returns google.rpc.Code.UNIMPLEMENTED
.
Gets the latest state of a long-running operation. Clients can use this method to poll the operation result at intervals as recommended by the API service.
Lists operations that match the specified filter in the request. If the server doesn’t support this method, it returns UNIMPLEMENTED
.
Creates a ResourceValueConfig for an organization. Maps user’s tags to difference resource values for use by the attack path simulation.
Deletes a ResourceValueConfig.
Gets a ResourceValueConfig.
Lists all ResourceValueConfigs.
Updates an existing ResourceValueConfigs with new rules.
Creates a resident SecurityHealthAnalyticsCustomModule at the scope of the given CRM parent, and also creates inherited SecurityHealthAnalyticsCustomModules for all CRM descendants of the given parent. These modules are enabled by default.
Deletes the specified SecurityHealthAnalyticsCustomModule and all of its descendants in the CRM hierarchy. This method is only supported for resident custom modules.
Retrieves a SecurityHealthAnalyticsCustomModule.
Returns a list of all SecurityHealthAnalyticsCustomModules for the given parent. This includes resident modules defined at the scope of the parent, and inherited modules, inherited from CRM ancestors.
Returns a list of all resident SecurityHealthAnalyticsCustomModules under the given CRM parent and all of the parent’s CRM descendants.
Updates the SecurityHealthAnalyticsCustomModule under the given name based on the given update mask. Updating the enablement state is supported on both resident and inherited modules (though resident modules cannot have an enablement state of “inherited”). Updating the display name and custom config of a module is supported on resident modules only.
Simulates a given SecurityHealthAnalyticsCustomModule and Resource.
Retrieves an EffectiveSecurityHealthAnalyticsCustomModule.
Returns a list of all EffectiveSecurityHealthAnalyticsCustomModules for the given parent. This includes resident modules defined at the scope of the parent, and inherited modules, inherited from CRM ancestors.
User specified settings that are attached to the Security Command Center organization.
Lists the attack paths for a set of simulation results or valued resources and filter.
Lists the valued resources for a set of simulation results and filter.
Lists the attack paths for a set of simulation results or valued resources and filter.
Get the simulation by name or the latest simulation for the given organization.
Lists the attack paths for a set of simulation results or valued resources and filter.
Get the valued resource by name
Lists the valued resources for a set of simulation results and filter.
Creates a source.
Creates a finding. The corresponding source must exist for finding creation to succeed.
Updates external system. This is for a given finding.
Filters an organization or source’s findings and groups them by their specified properties. To group across all sources provide a -
as the source id. Example: /v1/organizations/{organization_id}/sources/-/findings, /v1/folders/{folder_id}/sources/-/findings, /v1/projects/{project_id}/sources/-/findings
Lists an organization or source’s findings. To list across all sources provide a -
as the source id. Example: /v1/organizations/{organization_id}/sources/-/findings
Creates or updates a finding. The corresponding source must exist for a finding creation to succeed.
Updates the mute state of a finding.
Updates the state of a finding.
Updates security marks.
Gets a source.
Gets the access control policy on the specified Source.
Lists all sources belonging to an organization.
Updates a source.
Sets the access control policy on the specified Source.
Returns the permissions that a caller has on the specified source.
Updates an organization’s settings.
Package is a generic definition of a package.
A finding that is associated with this node in the attack path.
A Kubernetes Pod.
An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A
Policy
is a collection of
bindings
. A
binding
binds one or more
members
, or principals, to a single
role
. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A
role
is a named list of permissions; each
role
can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a
binding
can also specify a
condition
, which is a logical expression that allows access to a resource only if the expression evaluates to
true
. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the
IAM documentation.
JSON example: { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 }
YAML example: bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3
For a description of IAM and its features, see the
IAM documentation.
The policy field that violates the deployed posture and its expected and detected values.
A position in the uploaded text version of a module.
Represents an operating system process.
Indicates what signature matched this process.
Filters an organization’s assets and groups them by their specified properties.
Lists an organization’s assets.
Updates security marks.
Creates a BigQuery export.
Deletes an existing BigQuery export.
Gets a BigQuery export.
Lists BigQuery exports. Note that when requesting BigQuery exports at a given level all exports under that level are also returned e.g. if requesting BigQuery exports under a folder, then all BigQuery exports immediately under the folder plus the ones created under the projects within the folder are returned.
Updates a BigQuery export.
Creates a resident Event Threat Detection custom module at the scope of the given Resource Manager parent, and also creates inherited custom modules for all descendants of the given parent. These modules are enabled by default.
Deletes the specified Event Threat Detection custom module and all of its descendants in the Resource Manager hierarchy. This method is only supported for resident custom modules.
Gets an Event Threat Detection custom module.
Lists all Event Threat Detection custom modules for the given Resource Manager parent. This includes resident modules defined at the scope of the parent along with modules inherited from ancestors.
Lists all resident Event Threat Detection custom modules under the given Resource Manager parent and its descendants.
Updates the Event Threat Detection custom module with the given name based on the given update mask. Updating the enablement state is supported for both resident and inherited modules (though resident modules cannot have an enablement state of “inherited”). Updating the display name or configuration of a module is supported for resident modules only. The type of a module cannot be changed.
Gets an effective Event Threat Detection custom module at the given level.
Lists all effective Event Threat Detection custom modules for the given parent. This includes resident modules defined at the scope of the parent along with modules inherited from its ancestors.
Validates the given Event Threat Detection custom module.
Kicks off an LRO to bulk mute findings for a parent based on a filter. The parent can be either an organization, folder or project. The findings matched by the filter will be muted after the LRO is done.
Deletes an existing mute config.
Gets a mute config.
Updates a mute config.
A builder providing access to all methods supported on
project resources.
It is not used directly, but through the
SecurityCommandCenter
hub.
Creates a mute config.
Deletes an existing mute config.
Gets a mute config.
Lists mute configs.
Updates a mute config.
Creates a notification config.
Deletes a notification config.
Gets a notification config.
Lists notification configs.
Updates a notification config. The following update fields are allowed: description, pubsub_topic, streaming_config.filter
Creates a resident SecurityHealthAnalyticsCustomModule at the scope of the given CRM parent, and also creates inherited SecurityHealthAnalyticsCustomModules for all CRM descendants of the given parent. These modules are enabled by default.
Deletes the specified SecurityHealthAnalyticsCustomModule and all of its descendants in the CRM hierarchy. This method is only supported for resident custom modules.
Retrieves a SecurityHealthAnalyticsCustomModule.
Returns a list of all SecurityHealthAnalyticsCustomModules for the given parent. This includes resident modules defined at the scope of the parent, and inherited modules, inherited from CRM ancestors.
Returns a list of all resident SecurityHealthAnalyticsCustomModules under the given CRM parent and all of the parent’s CRM descendants.
Updates the SecurityHealthAnalyticsCustomModule under the given name based on the given update mask. Updating the enablement state is supported on both resident and inherited modules (though resident modules cannot have an enablement state of “inherited”). Updating the display name and custom config of a module is supported on resident modules only.
Simulates a given SecurityHealthAnalyticsCustomModule and Resource.
Retrieves an EffectiveSecurityHealthAnalyticsCustomModule.
Returns a list of all EffectiveSecurityHealthAnalyticsCustomModules for the given parent. This includes resident modules defined at the scope of the parent, and inherited modules, inherited from CRM ancestors.
Updates external system. This is for a given finding.
Filters an organization or source’s findings and groups them by their specified properties. To group across all sources provide a -
as the source id. Example: /v1/organizations/{organization_id}/sources/-/findings, /v1/folders/{folder_id}/sources/-/findings, /v1/projects/{project_id}/sources/-/findings
Lists an organization or source’s findings. To list across all sources provide a -
as the source id. Example: /v1/organizations/{organization_id}/sources/-/findings
Creates or updates a finding. The corresponding source must exist for a finding creation to succeed.
Updates the mute state of a finding.
Updates the state of a finding.
Updates security marks.
Lists all sources belonging to an organization.
Additional Links
Information related to the Google Cloud resource that is associated with this finding.
Metadata about a ResourceValueConfig. For example, id and name.
Kubernetes Role or ClusterRole.
Request message for running asset discovery for an organization.
SecurityBulletin are notifications of vulnerabilities of Google products.
Security Command Center managed properties. These properties are managed by Security Command Center and cannot be modified by the user.
Central instance to access all SecurityCommandCenter related resource activities
User specified security marks that are attached to the parent Security Command Center resource. Security marks are scoped within a Security Command Center organization – they can be modified and viewed by all users who have proper permissions on the organization.
Represents a posture that is deployed on Google Cloud by the Security Command Center Posture Management service. A posture contains one or more policy sets. A policy set is a group of policies that enforce a set of security rules on Google Cloud.
Identity delegation history of an authenticated service account.
Request message for updating a finding’s state.
Request message for SetIamPolicy
method.
Request message for updating a finding’s mute status.
Request message to simulate a CustomConfig against a given test resource. Maximum size of the request is 4 MB by default.
Response message for simulating a SecurityHealthAnalyticsCustomModule
against a given resource.
Manually constructed resource name. If the custom module evaluates against only the resource data, you can omit the iam_policy_data
field. If it evaluates only the iam_policy_data
field, you can omit the resource data.
Possible test result.
Attack path simulation
Security Command Center finding source. A finding source is an entity or a mechanism that can produce a finding. A source is like a container of findings that come from the same scanner, logger, monitor, and other tools.
The
Status
type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by
gRPC. Each
Status
message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the
API Design Guide.
The config for streaming-based notifications, which send each event as soon as it is detected.
Represents a Kubernetes subject.
Request message for TestIamPermissions
method.
Response message for TestIamPermissions
method.
Information about the ticket, if any, that is being used to track the resolution of the issue that is identified by this finding.
Request to validate an Event Threat Detection custom module.
Response to validating an Event Threat Detection custom module.
A resource that is determined to have value to a user’s system
Refers to common vulnerability fields e.g. cve, cvss, cwe etc.
A signature corresponding to a YARA rule.