package google.cloud.securitycenter.v1
Get desktop application:
View/edit binary Protocol Buffers messages
V1 APIs for Security Center service.
Creates a source.
message
securitycenter_service.proto:227Request message for creating a source.
string parent = 1
Resource name of the new source's parent. Its format should be "organizations/[organization_id]".
optional source = 2
The Source being created, only the display_name and description will be used. All other fields will be ignored.
Creates a finding. The corresponding source must exist for finding creation to succeed.
message
securitycenter_service.proto:211Request message for creating a finding.
string parent = 1
Resource name of the new finding's parent. Its format should be "organizations/[organization_id]/sources/[source_id]".
string finding_id = 2
Unique identifier provided by the client within the parent scope. It must be alphanumeric and less than or equal to 32 characters and greater than 0 characters in length.
optional finding = 3
The Finding being created. The name and security_marks will be ignored as they are both output only fields on this resource.
Gets the access control policy on the specified Source.
Gets the settings for an organization.
message
securitycenter_service.proto:238Request message for getting organization settings.
string name = 1
Name of the organization to get organization settings for. Its format is "organizations/[organization_id]/organizationSettings".
Gets a source.
message
securitycenter_service.proto:245Request message for getting a source.
string name = 1
Relative resource name of the source. Its format is "organizations/[organization_id]/source/[source_id]".
Filters an organization's assets and groups them by their specified properties.
message
securitycenter_service.proto:252Request message for grouping by assets.
string parent = 1
Name of the organization to groupBy. Its format is "organizations/[organization_id]".
string filter = 2
Expression that defines the filter to apply across assets. The expression is a list of zero or more restrictions combined via logical operators `AND` and `OR`. Parentheses are supported, and `OR` has higher precedence than `AND`. Restrictions have the form `<field> <operator> <value>` and may have a `-` character in front of them to indicate negation. The fields map to those defined in the Asset resource. Examples include: * name * security_center_properties.resource_name * resource_properties.a_property * security_marks.marks.marka The supported operators are: * `=` for all value types. * `>`, `<`, `>=`, `<=` for integer values. * `:`, meaning substring matching, for strings. The supported value types are: * string literals in quotes. * integer literals without quotes. * boolean literals `true` and `false` without quotes. The following field and operator combinations are supported: name | '=' update_time | '=', '>', '<', '>=', '<=' Usage: This should be milliseconds since epoch or an RFC3339 string. Examples: "update_time = \"2019-06-10T16:07:18-07:00\"" "update_time = 1560208038000" create_time | '=', '>', '<', '>=', '<=' Usage: This should be milliseconds since epoch or an RFC3339 string. Examples: "create_time = \"2019-06-10T16:07:18-07:00\"" "create_time = 1560208038000" iam_policy.policy_blob | '=', ':' resource_properties | '=', ':', '>', '<', '>=', '<=' security_marks | '=', ':' security_center_properties.resource_name | '=', ':' security_center_properties.resource_type | '=', ':' security_center_properties.resource_parent | '=', ':' security_center_properties.resource_project | '=', ':' security_center_properties.resource_owners | '=', ':' For example, `resource_properties.size = 100` is a valid filter string.
string group_by = 3
Expression that defines what assets fields to use for grouping. The string value should follow SQL syntax: comma separated list of fields. For example: "security_center_properties.resource_project,security_center_properties.project". The following fields are supported when compare_duration is not set: * security_center_properties.resource_project * security_center_properties.resource_type * security_center_properties.resource_parent The following fields are supported when compare_duration is set: * security_center_properties.resource_type
optional compare_duration = 4
When compare_duration is set, the GroupResult's "state_change" property is updated to indicate whether the asset was added, removed, or remained present during the compare_duration period of time that precedes the read_time. This is the time between (read_time - compare_duration) and read_time. The state change value is derived based on the presence of the asset at the two points in time. Intermediate state changes between the two times don't affect the result. For example, the results aren't affected if the asset is removed and re-created again. Possible "state_change" values when compare_duration is specified: * "ADDED": indicates that the asset was not present at the start of compare_duration, but present at reference_time. * "REMOVED": indicates that the asset was present at the start of compare_duration, but not present at reference_time. * "ACTIVE": indicates that the asset was present at both the start and the end of the time period defined by compare_duration and reference_time. If compare_duration is not specified, then the only possible state_change is "UNUSED", which will be the state_change set for all assets present at read_time. If this field is set then `state_change` must be a specified field in `group_by`.
optional read_time = 5
Time used as a reference point when filtering assets. The filter is limited to assets existing at the supplied time and their values are those at that specific time. Absence of this field will default to the API's version of NOW.
string page_token = 7
The value returned by the last `GroupAssetsResponse`; indicates that this is a continuation of a prior `GroupAssets` call, and that the system should return the next page of data.
int32 page_size = 8
The maximum number of results to return in a single response. Default is 10, minimum is 1, maximum is 1000.
message
securitycenter_service.proto:375Response message for grouping by assets.
repeated group_by_results = 1
Group results. There exists an element for each existing unique combination of property/values. The element contains a count for the number of times those specific property/values appear.
optional read_time = 2
Time used for executing the groupBy request.
string next_page_token = 3
Token to retrieve the next page of results, or empty if there are no more results.
int32 total_size = 4
The total number of results matching the query.
Filters an organization or source's findings and groups them by their specified properties. To group across all sources provide a `-` as the source id. Example: /v1/organizations/123/sources/-/findings
message
securitycenter_service.proto:393Request message for grouping by findings.
string parent = 1
Name of the source to groupBy. Its format is "organizations/[organization_id]/sources/[source_id]". To groupBy across all sources provide a source_id of `-`. For example: organizations/123/sources/-
string filter = 2
Expression that defines the filter to apply across findings. The expression is a list of one or more restrictions combined via logical operators `AND` and `OR`. Parentheses are supported, and `OR` has higher precedence than `AND`. Restrictions have the form `<field> <operator> <value>` and may have a `-` character in front of them to indicate negation. Examples include: * name * source_properties.a_property * security_marks.marks.marka The supported operators are: * `=` for all value types. * `>`, `<`, `>=`, `<=` for integer values. * `:`, meaning substring matching, for strings. The supported value types are: * string literals in quotes. * integer literals without quotes. * boolean literals `true` and `false` without quotes. The following field and operator combinations are supported: name | `=` parent | '=', ':' resource_name | '=', ':' state | '=', ':' category | '=', ':' external_uri | '=', ':' event_time | `=`, `>`, `<`, `>=`, `<=` Usage: This should be milliseconds since epoch or an RFC3339 string. Examples: "event_time = \"2019-06-10T16:07:18-07:00\"" "event_time = 1560208038000" security_marks | '=', ':' source_properties | '=', ':', `>`, `<`, `>=`, `<=` For example, `source_properties.size = 100` is a valid filter string.
string group_by = 3
Expression that defines what assets fields to use for grouping (including `state_change`). The string value should follow SQL syntax: comma separated list of fields. For example: "parent,resource_name". The following fields are supported: * resource_name * category * state * parent The following fields are supported when compare_duration is set: * state_change
optional read_time = 4
Time used as a reference point when filtering findings. The filter is limited to findings existing at the supplied time and their values are those at that specific time. Absence of this field will default to the API's version of NOW.
optional compare_duration = 5
When compare_duration is set, the GroupResult's "state_change" attribute is updated to indicate whether the finding had its state changed, the finding's state remained unchanged, or if the finding was added during the compare_duration period of time that precedes the read_time. This is the time between (read_time - compare_duration) and read_time. The state_change value is derived based on the presence and state of the finding at the two points in time. Intermediate state changes between the two times don't affect the result. For example, the results aren't affected if the finding is made inactive and then active again. Possible "state_change" values when compare_duration is specified: * "CHANGED": indicates that the finding was present at the start of compare_duration, but changed its state at read_time. * "UNCHANGED": indicates that the finding was present at the start of compare_duration and did not change state at read_time. * "ADDED": indicates that the finding was not present at the start of compare_duration, but was present at read_time. If compare_duration is not specified, then the only possible state_change is "UNUSED", which will be the state_change set for all findings present at read_time. If this field is set then `state_change` must be a specified field in `group_by`.
string page_token = 7
The value returned by the last `GroupFindingsResponse`; indicates that this is a continuation of a prior `GroupFindings` call, and that the system should return the next page of data.
int32 page_size = 8
The maximum number of results to return in a single response. Default is 10, minimum is 1, maximum is 1000.
message
securitycenter_service.proto:507Response message for group by findings.
repeated group_by_results = 1
Group results. There exists an element for each existing unique combination of property/values. The element contains a count for the number of times those specific property/values appear.
optional read_time = 2
Time used for executing the groupBy request.
string next_page_token = 3
Token to retrieve the next page of results, or empty if there are no more results.
int32 total_size = 4
The total number of results matching the query.
Lists an organization's assets.
message
securitycenter_service.proto:560Request message for listing assets.
string parent = 1
Name of the organization assets should belong to. Its format is "organizations/[organization_id]".
string filter = 2
Expression that defines the filter to apply across assets. The expression is a list of zero or more restrictions combined via logical operators `AND` and `OR`. Parentheses are supported, and `OR` has higher precedence than `AND`. Restrictions have the form `<field> <operator> <value>` and may have a `-` character in front of them to indicate negation. The fields map to those defined in the Asset resource. Examples include: * name * security_center_properties.resource_name * resource_properties.a_property * security_marks.marks.marka The supported operators are: * `=` for all value types. * `>`, `<`, `>=`, `<=` for integer values. * `:`, meaning substring matching, for strings. The supported value types are: * string literals in quotes. * integer literals without quotes. * boolean literals `true` and `false` without quotes. The following are the allowed field and operator combinations: name | `=` update_time | `=`, `>`, `<`, `>=`, `<=` Usage: This should be milliseconds since epoch or an RFC3339 string. Examples: "update_time = \"2019-06-10T16:07:18-07:00\"" "update_time = 1560208038000" create_time | `=`, `>`, `<`, `>=`, `<=` Usage: This should be milliseconds since epoch or an RFC3339 string. Examples: "create_time = \"2019-06-10T16:07:18-07:00\"" "create_time = 1560208038000" iam_policy.policy_blob | '=', ':' resource_properties | '=', ':', `>`, `<`, `>=`, `<=` security_marks | '=', ':' security_center_properties.resource_name | '=', ':' security_center_properties.resource_type | '=', ':' security_center_properties.resource_parent | '=', ':' security_center_properties.resource_project | '=', ':' security_center_properties.resource_owners | '=', ':' For example, `resource_properties.size = 100` is a valid filter string.
string order_by = 3
Expression that defines what fields and order to use for sorting. The string value should follow SQL syntax: comma separated list of fields. For example: "name,resource_properties.a_property". The default sorting order is ascending. To specify descending order for a field, a suffix " desc" should be appended to the field name. For example: "name desc,resource_properties.a_property". Redundant space characters in the syntax are insignificant. "name desc,resource_properties.a_property" and " name desc , resource_properties.a_property " are equivalent. The following fields are supported: name update_time resource_properties security_marks security_center_properties.resource_name security_center_properties.resource_parent security_center_properties.resource_project security_center_properties.resource_type
optional read_time = 4
Time used as a reference point when filtering assets. The filter is limited to assets existing at the supplied time and their values are those at that specific time. Absence of this field will default to the API's version of NOW.
optional compare_duration = 5
When compare_duration is set, the ListAssetsResult's "state_change" attribute is updated to indicate whether the asset was added, removed, or remained present during the compare_duration period of time that precedes the read_time. This is the time between (read_time - compare_duration) and read_time. The state_change value is derived based on the presence of the asset at the two points in time. Intermediate state changes between the two times don't affect the result. For example, the results aren't affected if the asset is removed and re-created again. Possible "state_change" values when compare_duration is specified: * "ADDED": indicates that the asset was not present at the start of compare_duration, but present at read_time. * "REMOVED": indicates that the asset was present at the start of compare_duration, but not present at read_time. * "ACTIVE": indicates that the asset was present at both the start and the end of the time period defined by compare_duration and read_time. If compare_duration is not specified, then the only possible state_change is "UNUSED", which will be the state_change set for all assets present at read_time.
optional field_mask = 7
Optional. A field mask to specify the ListAssetsResult fields to be listed in the response. An empty field mask will list all fields.
string page_token = 8
The value returned by the last `ListAssetsResponse`; indicates that this is a continuation of a prior `ListAssets` call, and that the system should return the next page of data.
int32 page_size = 9
The maximum number of results to return in a single response. Default is 10, minimum is 1, maximum is 1000.
message
securitycenter_service.proto:691Response message for listing assets.
repeated list_assets_results = 1
Assets matching the list request.
optional read_time = 2
Time used for executing the list request.
string next_page_token = 3
Token to retrieve the next page of results, or empty if there are no more results.
int32 total_size = 4
The total number of assets matching the query.
Lists an organization or source's findings. To list across all sources provide a `-` as the source id. Example: /v1/organizations/123/sources/-/findings
message
securitycenter_service.proto:736Request message for listing findings.
string parent = 1
Name of the source the findings belong to. Its format is "organizations/[organization_id]/sources/[source_id]". To list across all sources provide a source_id of `-`. For example: organizations/123/sources/-
string filter = 2
Expression that defines the filter to apply across findings. The expression is a list of one or more restrictions combined via logical operators `AND` and `OR`. Parentheses are supported, and `OR` has higher precedence than `AND`. Restrictions have the form `<field> <operator> <value>` and may have a `-` character in front of them to indicate negation. Examples include: * name * source_properties.a_property * security_marks.marks.marka The supported operators are: * `=` for all value types. * `>`, `<`, `>=`, `<=` for integer values. * `:`, meaning substring matching, for strings. The supported value types are: * string literals in quotes. * integer literals without quotes. * boolean literals `true` and `false` without quotes. The following field and operator combinations are supported: name | `=` parent | '=', ':' resource_name | '=', ':' state | '=', ':' category | '=', ':' external_uri | '=', ':' event_time | `=`, `>`, `<`, `>=`, `<=` Usage: This should be milliseconds since epoch or an RFC3339 string. Examples: "event_time = \"2019-06-10T16:07:18-07:00\"" "event_time = 1560208038000" security_marks | '=', ':' source_properties | '=', ':', `>`, `<`, `>=`, `<=` For example, `source_properties.size = 100` is a valid filter string.
string order_by = 3
Expression that defines what fields and order to use for sorting. The string value should follow SQL syntax: comma separated list of fields. For example: "name,resource_properties.a_property". The default sorting order is ascending. To specify descending order for a field, a suffix " desc" should be appended to the field name. For example: "name desc,source_properties.a_property". Redundant space characters in the syntax are insignificant. "name desc,source_properties.a_property" and " name desc , source_properties.a_property " are equivalent. The following fields are supported: name parent state category resource_name event_time source_properties security_marks
optional read_time = 4
Time used as a reference point when filtering findings. The filter is limited to findings existing at the supplied time and their values are those at that specific time. Absence of this field will default to the API's version of NOW.
optional compare_duration = 5
When compare_duration is set, the ListFindingsResult's "state_change" attribute is updated to indicate whether the finding had its state changed, the finding's state remained unchanged, or if the finding was added in any state during the compare_duration period of time that precedes the read_time. This is the time between (read_time - compare_duration) and read_time. The state_change value is derived based on the presence and state of the finding at the two points in time. Intermediate state changes between the two times don't affect the result. For example, the results aren't affected if the finding is made inactive and then active again. Possible "state_change" values when compare_duration is specified: * "CHANGED": indicates that the finding was present at the start of compare_duration, but changed its state at read_time. * "UNCHANGED": indicates that the finding was present at the start of compare_duration and did not change state at read_time. * "ADDED": indicates that the finding was not present at the start of compare_duration, but was present at read_time. If compare_duration is not specified, then the only possible state_change is "UNUSED", which will be the state_change set for all findings present at read_time.
optional field_mask = 7
Optional. A field mask to specify the Finding fields to be listed in the response. An empty field mask will list all fields.
string page_token = 8
The value returned by the last `ListFindingsResponse`; indicates that this is a continuation of a prior `ListFindings` call, and that the system should return the next page of data.
int32 page_size = 9
The maximum number of results to return in a single response. Default is 10, minimum is 1, maximum is 1000.
message
securitycenter_service.proto:858Response message for listing findings.
repeated list_findings_results = 1
Findings matching the list request.
optional read_time = 2
Time used for executing the list request.
string next_page_token = 3
Token to retrieve the next page of results, or empty if there are no more results.
int32 total_size = 4
The total number of findings matching the query.
Lists all sources belonging to an organization.
message
securitycenter_service.proto:534Request message for listing sources.
string parent = 1
Resource name of the parent of sources to list. Its format should be "organizations/[organization_id]".
string page_token = 2
The value returned by the last `ListSourcesResponse`; indicates that this is a continuation of a prior `ListSources` call, and that the system should return the next page of data.
int32 page_size = 7
The maximum number of results to return in a single response. Default is 10, minimum is 1, maximum is 1000.
message
securitycenter_service.proto:550Response message for listing sources.
repeated sources = 1
Sources belonging to the requested parent.
string next_page_token = 2
Token to retrieve the next page of results, or empty if there are no more results.
Runs asset discovery. The discovery is tracked with a long-running operation. This API can only be called with limited frequency for an organization. If it is called too frequently the caller will receive a TOO_MANY_REQUESTS error.
message
securitycenter_service.proto:926Request message for running asset discovery for an organization.
string parent = 1
Name of the organization to run asset discovery for. Its format is "organizations/[organization_id]".
Updates the state of a finding.
message
securitycenter_service.proto:911Request message for updating a finding's state.
string name = 1
The relative resource name of the finding. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name Example: "organizations/123/sources/456/finding/789".
Finding.State state = 2
The desired State of the finding.
optional start_time = 3
The time at which the updated state takes effect.
Sets the access control policy on the specified Source.
Returns the permissions that a caller has on the specified source.
Creates or updates a finding. The corresponding source must exist for a finding creation to succeed.
message
securitycenter_service.proto:933Request message for updating or creating a finding.
optional finding = 1
The finding resource to update or create if it does not already exist. parent, security_marks, and update_time will be ignored. In the case of creation, the finding id portion of the name must be alphanumeric and less than or equal to 32 characters and greater than 0 characters in length.
optional update_mask = 2
The FieldMask to use when updating the finding resource. This field should not be specified when creating a finding. When updating a finding, an empty mask is treated as updating all mutable fields and replacing source_properties. Individual source_properties can be added/updated by using "source_properties.<property key>" in the field mask.
Updates an organization's settings.
message
securitycenter_service.proto:953Request message for updating an organization's settings.
optional organization_settings = 1
The organization settings resource to update.
optional update_mask = 2
The FieldMask to use when updating the settings resource. If empty all mutable fields will be updated.
Updates a source.
message
securitycenter_service.proto:964Request message for updating a source.
optional source = 1
The source resource to update.
optional update_mask = 2
The FieldMask to use when updating the source resource. If empty all mutable fields will be updated.
Updates security marks.
message
securitycenter_service.proto:975Request message for updating a SecurityMarks resource.
optional security_marks = 1
The security marks resource to update.
optional update_mask = 2
The FieldMask to use when updating the security marks resource. The field mask must not contain duplicate fields. If empty or set to "marks", all marks will be replaced. Individual marks can be updated using "marks.<mark_key>".
optional start_time = 3
The time at which the updated SecurityMarks take effect. If not set uses current server time. Updates will be applied to the SecurityMarks that are active immediately preceding this time.
message
asset.proto:38Cloud Security Command Center's (Cloud SCC) representation of a Google Cloud Platform (GCP) resource. The Asset is a Cloud SCC resource that captures information about a single GCP resource. All modifications to an Asset are only within the context of Cloud SCC and don't affect the referenced GCP resource.
Used in:
string name = 1
The relative resource name of this asset. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name Example: "organizations/123/assets/456".
optional security_center_properties = 2
Cloud SCC managed properties. These properties are managed by Cloud SCC and cannot be modified by the user.
map<string, > resource_properties = 7
Resource managed properties. These properties are managed and defined by the GCP resource and cannot be modified by the user.
optional security_marks = 8
User specified security marks. These marks are entirely managed by the user and come from the SecurityMarks resource that belongs to the asset.
optional create_time = 9
The time at which the asset was created in Cloud SCC.
optional update_time = 10
The time at which the asset was last updated, added, or deleted in Cloud SCC.
optional iam_policy = 11
IAM Policy information associated with the GCP resource described by the Cloud SCC asset. This information is managed and defined by the GCP resource and cannot be modified by the user.
message
asset.proto:68IAM Policy information associated with the GCP resource described by the Cloud SCC asset. This information is managed and defined by the GCP resource and cannot be modified by the user.
Used in:
string policy_blob = 1
The JSON representation of the Policy associated with the asset. See https://cloud.google.com/iam/reference/rest/v1/Policy for format details.
message
asset.proto:41Cloud SCC managed properties. These properties are managed by Cloud SCC and cannot be modified by the user.
Used in:
string resource_name = 1
The full resource name of the GCP resource this asset represents. This field is immutable after create time. See: https://cloud.google.com/apis/design/resource_names#full_resource_name
string resource_type = 2
The type of the GCP resource. Examples include: APPLICATION, PROJECT, and ORGANIZATION. This is a case insensitive field defined by Cloud SCC and/or the producer of the resource and is immutable after create time.
string resource_parent = 3
The full resource name of the immediate parent of the resource. See: https://cloud.google.com/apis/design/resource_names#full_resource_name
string resource_project = 4
The full resource name of the project the resource belongs to. See: https://cloud.google.com/apis/design/resource_names#full_resource_name
repeated string resource_owners = 5
Owners of the Google Cloud resource.
message
finding.proto:38Cloud Security Command Center (Cloud SCC) finding. A finding is a record of assessment data (security, risk, health or privacy) ingested into Cloud SCC for presentation, notification, analysis, policy testing, and enforcement. For example, an XSS vulnerability in an App Engine application is a finding.
Used as response type in: SecurityCenter.CreateFinding, SecurityCenter.SetFindingState, SecurityCenter.UpdateFinding
Used as field type in: , ,
string name = 1
The relative resource name of this finding. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name Example: "organizations/123/sources/456/findings/789"
string parent = 2
The relative resource name of the source the finding belongs to. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name This field is immutable after creation time. For example: "organizations/123/sources/456"
string resource_name = 3
The full resource name of the Google Cloud Platform (GCP) resource this finding is for. See: https://cloud.google.com/apis/design/resource_names#full_resource_name This field is immutable after creation time.
Finding.State state = 4
The state of the finding.
string category = 5
The additional taxonomy group within findings from a given source. This field is immutable after creation time. Example: "XSS_FLASH_INJECTION"
string external_uri = 6
The URI that, if available, points to a web page outside of Cloud SCC where additional information about the finding can be found. This field is guaranteed to be either empty or a well formed URL.
map<string, > source_properties = 7
Source specific properties. These properties are managed by the source that writes the finding. The key names in the source_properties map must be between 1 and 255 characters, and must start with a letter and contain alphanumeric characters or underscores only.
optional security_marks = 8
Output only. User specified security marks. These marks are entirely managed by the user and come from the SecurityMarks resource that belongs to the finding.
optional event_time = 9
The time at which the event took place. For example, if the finding represents an open firewall it would capture the time the open firewall was detected.
optional create_time = 10
The time at which the finding was created in Cloud SCC.
The state of the finding.
Used in: ,
STATE_UNSPECIFIED = 0
Unspecified state.
ACTIVE = 1
The finding requires attention and has not been addressed yet.
INACTIVE = 2
The finding has been fixed, triaged as a non-issue or otherwise addressed and is no longer active.
message
securitycenter_service.proto:525Result containing the properties and count of a groupBy request.
Used in: ,
map<string, > properties = 1
Properties matching the groupBy fields in the request.
int64 count = 2
Total count of resources for the given properties.
message
securitycenter_service.proto:693Result containing the Asset and its State.
Used in:
optional asset = 1
Asset matching the search request.
ListAssetsResult.StateChange state_change = 2
State change of the asset between the points in time.
The change in state of the asset. When querying across two points in time this describes the change between the two points: ADDED, REMOVED, or ACTIVE. If there was no compare_duration supplied in the request the state change will be: UNUSED
Used in:
UNUSED = 0
State change is unused, this is the canonical default for this enum.
ADDED = 1
Asset was added between the points in time.
REMOVED = 2
Asset was removed between the points in time.
ACTIVE = 3
Asset was present at both point(s) in time.
message
securitycenter_service.proto:860Result containing the Finding and its StateChange.
Used in:
optional finding = 1
Finding matching the search request.
ListFindingsResult.StateChange state_change = 2
State change of the finding between the points in time.
The change in state of the finding. When querying across two points in time this describes the change in the finding between the two points: CHANGED, UNCHANGED, ADDED, or REMOVED. Findings can not be deleted, so REMOVED implies that the finding at timestamp does not match the filter specified, but it did at timestamp - compare_duration. If there was no compare_duration supplied in the request the state change will be: UNUSED
Used in:
UNUSED = 0
State change is unused, this is the canonical default for this enum.
CHANGED = 1
The finding has changed state in some way between the points in time and existed at both points.
UNCHANGED = 2
The finding has not changed state between the points in time and existed at both points.
ADDED = 3
The finding was created between the points in time.
REMOVED = 4
The finding at timestamp does not match the filter specified, but it did at timestamp - compare_duration.
message
organization_settings.proto:31User specified settings that are attached to the Cloud Security Command Center (Cloud SCC) organization.
Used as response type in: SecurityCenter.GetOrganizationSettings, SecurityCenter.UpdateOrganizationSettings
Used as field type in:
string name = 1
The relative resource name of the settings. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name Example: "organizations/123/organizationSettings".
bool enable_asset_discovery = 2
A flag that indicates if Asset Discovery should be enabled. If the flag is set to `true`, then discovery of assets will occur. If it is set to `false, all historical assets will remain, but discovery of future assets will not occur.
optional asset_discovery_config = 3
The configuration used for Asset Discovery runs.
message
organization_settings.proto:33The configuration used for Asset Discovery runs.
Used in:
repeated string project_ids = 1
The project ids to use for filtering asset discovery.
AssetDiscoveryConfig.InclusionMode inclusion_mode = 2
The mode to use for filtering asset discovery.
The mode of inclusion when running Asset Discovery. Asset discovery can be limited by explicitly identifying projects to be included or excluded. If INCLUDE_ONLY is set, then only those projects within the organization and their children are discovered during asset discovery. If EXCLUDE is set, then projects that don't match those projects are discovered during asset discovery. If neither are set, then all projects within the organization are discovered during asset discovery.
Used in:
INCLUSION_MODE_UNSPECIFIED = 0
Unspecified. Setting the mode with this value will disable inclusion/exclusion filtering for Asset Discovery.
INCLUDE_ONLY = 1
Asset Discovery will capture only the resources within the projects specified. All other resources will be ignored.
EXCLUDE = 2
Asset Discovery will ignore all resources under the projects specified. All other resources will be retrieved.
Response of asset discovery run
RunAssetDiscoveryResponse.State state = 1
The state of an asset discovery run.
optional duration = 2
The duration between asset discovery run start and end
The state of an asset discovery run.
Used in:
STATE_UNSPECIFIED = 0
Asset discovery run state was unspecified.
COMPLETED = 1
Asset discovery run completed successfully.
SUPERSEDED = 2
Asset discovery run was cancelled with tasks still pending, as another run for the same organization was started with a higher priority.
TERMINATED = 3
Asset discovery run was killed and terminated.
message
security_marks.proto:33User specified security marks that are attached to the parent Cloud Security Command Center (Cloud SCC) resource. Security marks are scoped within a Cloud SCC organization -- they can be modified and viewed by all users who have proper permissions on the organization.
Used as response type in: SecurityCenter.UpdateSecurityMarks
Used as field type in: , ,
string name = 1
The relative resource name of the SecurityMarks. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name Examples: "organizations/123/assets/456/securityMarks" "organizations/123/sources/456/findings/789/securityMarks".
map<string, string> marks = 2
Mutable user specified security marks belonging to the parent resource. Constraints are as follows: - Keys and values are treated as case insensitive - Keys must be between 1 - 256 characters (inclusive) - Keys must be letters, numbers, underscores, or dashes - Values have leading and trailing whitespace trimmed, remaining characters must be between 1 - 4096 characters (inclusive)
message
source.proto:32Cloud Security Command Center's (Cloud SCC) finding source. A finding source is an entity or a mechanism that can produce a finding. A source is like a container of findings that come from the same scanner, logger, monitor, etc.
Used as response type in: SecurityCenter.CreateSource, SecurityCenter.GetSource, SecurityCenter.UpdateSource
Used as field type in: , ,
string name = 1
The relative resource name of this source. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name Example: "organizations/123/sources/456"
string display_name = 2
The source’s display name. A source’s display name must be unique amongst its siblings, for example, two sources with the same parent can't share the same display name. The display name must start and end with a letter or digit, may contain letters, digits, spaces, hyphens, and underscores, and can be no longer than 32 characters. This is captured by the regular expression: [\p{L}\p{N}]({\p{L}\p{N}_- ]{0,30}[\p{L}\p{N}])?.
string description = 3
The description of the source (max of 1024 characters). Example: "Cloud Security Scanner is a web security scanner for common vulnerabilities in App Engine applications. It can automatically scan and detect four common vulnerabilities, including cross-site-scripting (XSS), Flash injection, mixed content (HTTP in HTTPS), and outdated/insecure libraries."