diff --git a/apigee/v1/apigee-api.json b/apigee/v1/apigee-api.json index 34925499429..e79d5e0148a 100644 --- a/apigee/v1/apigee-api.json +++ b/apigee/v1/apigee-api.json @@ -6651,6 +6651,34 @@ }, "securityIncidents": { "methods": { + "batchUpdate": { + "description": "BatchUpdateSecurityIncident updates multiple existing security incidents.", + "flatPath": "v1/organizations/{organizationsId}/environments/{environmentsId}/securityIncidents:batchUpdate", + "httpMethod": "POST", + "id": "apigee.organizations.environments.securityIncidents.batchUpdate", + "parameterOrder": [ + "parent" + ], + "parameters": { + "parent": { + "description": "Optional. The parent resource shared by all security incidents being updated. If this is set, the parent field in the UpdateSecurityIncidentRequest messages must either be empty or match this field.", + "location": "path", + "pattern": "^organizations/[^/]+/environments/[^/]+$", + "required": true, + "type": "string" + } + }, + "path": "v1/{+parent}/securityIncidents:batchUpdate", + "request": { + "$ref": "GoogleCloudApigeeV1BatchUpdateSecurityIncidentsRequest" + }, + "response": { + "$ref": "GoogleCloudApigeeV1BatchUpdateSecurityIncidentsResponse" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform" + ] + }, "get": { "description": "GetSecurityIncident gets the specified security incident. Returns NOT_FOUND if security incident is not present for the specified organization and environment.", "flatPath": "v1/organizations/{organizationsId}/environments/{environmentsId}/securityIncidents/{securityIncidentsId}", @@ -6716,6 +6744,40 @@ "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ] + }, + "patch": { + "description": "UpdateSecurityIncidents updates an existing security incident.", + "flatPath": "v1/organizations/{organizationsId}/environments/{environmentsId}/securityIncidents/{securityIncidentsId}", + "httpMethod": "PATCH", + "id": "apigee.organizations.environments.securityIncidents.patch", + "parameterOrder": [ + "name" + ], + "parameters": { + "name": { + "description": "Immutable. Name of the security incident resource. Format: organizations/{org}/environments/{environment}/securityIncidents/{incident} Example: organizations/apigee-org/environments/dev/securityIncidents/1234-5678-9101-1111", + "location": "path", + "pattern": "^organizations/[^/]+/environments/[^/]+/securityIncidents/[^/]+$", + "required": true, + "type": "string" + }, + "updateMask": { + "description": "Required. The list of fields to update. Allowed fields are: LINT.IfChange(allowed_update_fields_comment) - observability LINT.ThenChange()", + "format": "google-fieldmask", + "location": "query", + "type": "string" + } + }, + "path": "v1/{+name}", + "request": { + "$ref": "GoogleCloudApigeeV1SecurityIncident" + }, + "response": { + "$ref": "GoogleCloudApigeeV1SecurityIncident" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform" + ] } } }, @@ -9609,7 +9671,7 @@ } } }, - "revision": "20231114", + "revision": "20231130", "rootUrl": "https://apigee.googleapis.com/", "schemas": { "EdgeConfigstoreBundleBadBundle": { @@ -10760,6 +10822,35 @@ }, "type": "object" }, + "GoogleCloudApigeeV1BatchUpdateSecurityIncidentsRequest": { + "description": "Request for BatchUpdateSecurityIncident.", + "id": "GoogleCloudApigeeV1BatchUpdateSecurityIncidentsRequest", + "properties": { + "requests": { + "description": "Optional. Required. The request message specifying the resources to update. A maximum of 1000 can be modified in a batch.", + "items": { + "$ref": "GoogleCloudApigeeV1UpdateSecurityIncidentRequest" + }, + "type": "array" + } + }, + "type": "object" + }, + "GoogleCloudApigeeV1BatchUpdateSecurityIncidentsResponse": { + "description": "Response for BatchUpdateSecurityIncident.", + "id": "GoogleCloudApigeeV1BatchUpdateSecurityIncidentsResponse", + "properties": { + "securityIncidents": { + "description": "Output only. Updated security incidents", + "items": { + "$ref": "GoogleCloudApigeeV1SecurityIncident" + }, + "readOnly": true, + "type": "array" + } + }, + "type": "object" + }, "GoogleCloudApigeeV1CanaryEvaluation": { "description": "CanaryEvaluation represents the canary analysis between two versions of the runtime that is serving requests.", "id": "GoogleCloudApigeeV1CanaryEvaluation", @@ -15962,10 +16053,30 @@ "readOnly": true, "type": "string" }, + "lastObservabilityChangeTime": { + "description": "Output only. The time when the incident observability was last changed.", + "format": "google-datetime", + "readOnly": true, + "type": "string" + }, "name": { "description": "Immutable. Name of the security incident resource. Format: organizations/{org}/environments/{environment}/securityIncidents/{incident} Example: organizations/apigee-org/environments/dev/securityIncidents/1234-5678-9101-1111", "type": "string" }, + "observability": { + "description": "Optional. Indicates if the user archived this incident.", + "enum": [ + "OBSERVABILITY_UNSPECIFIED", + "ACTIVE", + "ARCHIVED" + ], + "enumDescriptions": [ + "The incident observability is unspecified.", + "The incident is currently active. Can change to this status from archived.", + "The incident is currently archived and was archived by the customer." + ], + "type": "string" + }, "riskLevel": { "description": "Output only. Risk level of the incident.", "enum": [ @@ -16000,7 +16111,8 @@ "type": "string" }, "displayName": { - "description": "Display name of the security profile.", + "deprecated": true, + "description": "DEPRECATED: DO NOT USE Display name of the security profile.", "type": "string" }, "environments": { @@ -16043,7 +16155,8 @@ "type": "string" }, "revisionPublishTime": { - "description": "Output only. The time when revision was published. Once published, the security profile revision cannot be updated further and can be attached to environments.", + "deprecated": true, + "description": "Output only. DEPRECATED: DO NOT USE The time when revision was published. Once published, the security profile revision cannot be updated further and can be attached to environments.", "format": "google-datetime", "readOnly": true, "type": "string" @@ -16097,7 +16210,8 @@ "type": "string" }, "securityProfileRevisionId": { - "description": "Revision ID of the security profile.", + "deprecated": true, + "description": "DEPRECATED: DO NOT USE Revision ID of the security profile.", "format": "int64", "type": "string" } @@ -17005,6 +17119,22 @@ }, "type": "object" }, + "GoogleCloudApigeeV1UpdateSecurityIncidentRequest": { + "description": "Request for UpdateSecurityIncident.", + "id": "GoogleCloudApigeeV1UpdateSecurityIncidentRequest", + "properties": { + "securityIncident": { + "$ref": "GoogleCloudApigeeV1SecurityIncident", + "description": "Required. The security incident to update. Must contain all existing populated fields of the current incident." + }, + "updateMask": { + "description": "Required. The list of fields to update. Allowed fields are: LINT.IfChange(allowed_update_fields_comment) - observability LINT.ThenChange()", + "format": "google-fieldmask", + "type": "string" + } + }, + "type": "object" + }, "GoogleIamV1AuditConfig": { "description": "Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both `allServices` and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { \"audit_configs\": [ { \"service\": \"allServices\", \"audit_log_configs\": [ { \"log_type\": \"DATA_READ\", \"exempted_members\": [ \"user:jose@example.com\" ] }, { \"log_type\": \"DATA_WRITE\" }, { \"log_type\": \"ADMIN_READ\" } ] }, { \"service\": \"sampleservice.googleapis.com\", \"audit_log_configs\": [ { \"log_type\": \"DATA_READ\" }, { \"log_type\": \"DATA_WRITE\", \"exempted_members\": [ \"user:aliya@example.com\" ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts `jose@example.com` from DATA_READ logging, and `aliya@example.com` from DATA_WRITE logging.", "id": "GoogleIamV1AuditConfig", diff --git a/apigee/v1/apigee-gen.go b/apigee/v1/apigee-gen.go index b1159113eb4..c9b76c2edb2 100644 --- a/apigee/v1/apigee-gen.go +++ b/apigee/v1/apigee-gen.go @@ -2899,6 +2899,70 @@ func (s *GoogleCloudApigeeV1Attributes) MarshalJSON() ([]byte, error) { return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) } +// GoogleCloudApigeeV1BatchUpdateSecurityIncidentsRequest: Request for +// BatchUpdateSecurityIncident. +type GoogleCloudApigeeV1BatchUpdateSecurityIncidentsRequest struct { + // Requests: Optional. Required. The request message specifying the + // resources to update. A maximum of 1000 can be modified in a batch. + Requests []*GoogleCloudApigeeV1UpdateSecurityIncidentRequest `json:"requests,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Requests") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Requests") to include in + // API requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudApigeeV1BatchUpdateSecurityIncidentsRequest) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudApigeeV1BatchUpdateSecurityIncidentsRequest + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudApigeeV1BatchUpdateSecurityIncidentsResponse: Response for +// BatchUpdateSecurityIncident. +type GoogleCloudApigeeV1BatchUpdateSecurityIncidentsResponse struct { + // SecurityIncidents: Output only. Updated security incidents + SecurityIncidents []*GoogleCloudApigeeV1SecurityIncident `json:"securityIncidents,omitempty"` + + // ServerResponse contains the HTTP response code and headers from the + // server. + googleapi.ServerResponse `json:"-"` + + // ForceSendFields is a list of field names (e.g. "SecurityIncidents") + // to unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "SecurityIncidents") to + // include in API requests with the JSON null value. By default, fields + // with empty values are omitted from API requests. However, any field + // with an empty value appearing in NullFields will be sent to the + // server as null. It is an error if a field in this list has a + // non-empty value. This may be used to include null fields in Patch + // requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudApigeeV1BatchUpdateSecurityIncidentsResponse) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudApigeeV1BatchUpdateSecurityIncidentsResponse + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + // GoogleCloudApigeeV1CanaryEvaluation: CanaryEvaluation represents the // canary analysis between two versions of the runtime that is serving // requests. @@ -11058,6 +11122,10 @@ type GoogleCloudApigeeV1SecurityIncident struct { // the incident were last detected. LastDetectedTime string `json:"lastDetectedTime,omitempty"` + // LastObservabilityChangeTime: Output only. The time when the incident + // observability was last changed. + LastObservabilityChangeTime string `json:"lastObservabilityChangeTime,omitempty"` + // Name: Immutable. Name of the security incident resource. Format: // organizations/{org}/environments/{environment}/securityIncidents/{inci // dent} Example: @@ -11065,6 +11133,18 @@ type GoogleCloudApigeeV1SecurityIncident struct { // 9101-1111 Name string `json:"name,omitempty"` + // Observability: Optional. Indicates if the user archived this + // incident. + // + // Possible values: + // "OBSERVABILITY_UNSPECIFIED" - The incident observability is + // unspecified. + // "ACTIVE" - The incident is currently active. Can change to this + // status from archived. + // "ARCHIVED" - The incident is currently archived and was archived by + // the customer. + Observability string `json:"observability,omitempty"` + // RiskLevel: Output only. Risk level of the incident. // // Possible values: @@ -11111,7 +11191,8 @@ type GoogleCloudApigeeV1SecurityProfile struct { // Description: Description of the security profile. Description string `json:"description,omitempty"` - // DisplayName: Display name of the security profile. + // DisplayName: DEPRECATED: DO NOT USE Display name of the security + // profile. DisplayName string `json:"displayName,omitempty"` // Environments: List of environments attached to security profile. @@ -11139,9 +11220,10 @@ type GoogleCloudApigeeV1SecurityProfile struct { // RevisionId: Output only. Revision ID of the security profile. RevisionId int64 `json:"revisionId,omitempty,string"` - // RevisionPublishTime: Output only. The time when revision was - // published. Once published, the security profile revision cannot be - // updated further and can be attached to environments. + // RevisionPublishTime: Output only. DEPRECATED: DO NOT USE The time + // when revision was published. Once published, the security profile + // revision cannot be updated further and can be attached to + // environments. RevisionPublishTime string `json:"revisionPublishTime,omitempty"` // RevisionUpdateTime: Output only. The time when revision was updated. @@ -11222,7 +11304,8 @@ type GoogleCloudApigeeV1SecurityProfileEnvironmentAssociation struct { // to. Name string `json:"name,omitempty"` - // SecurityProfileRevisionId: Revision ID of the security profile. + // SecurityProfileRevisionId: DEPRECATED: DO NOT USE Revision ID of the + // security profile. SecurityProfileRevisionId int64 `json:"securityProfileRevisionId,omitempty,string"` // ServerResponse contains the HTTP response code and headers from the @@ -12745,6 +12828,42 @@ func (s *GoogleCloudApigeeV1UpdateError) MarshalJSON() ([]byte, error) { return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) } +// GoogleCloudApigeeV1UpdateSecurityIncidentRequest: Request for +// UpdateSecurityIncident. +type GoogleCloudApigeeV1UpdateSecurityIncidentRequest struct { + // SecurityIncident: Required. The security incident to update. Must + // contain all existing populated fields of the current incident. + SecurityIncident *GoogleCloudApigeeV1SecurityIncident `json:"securityIncident,omitempty"` + + // UpdateMask: Required. The list of fields to update. Allowed fields + // are: LINT.IfChange(allowed_update_fields_comment) - observability + // LINT.ThenChange() + UpdateMask string `json:"updateMask,omitempty"` + + // ForceSendFields is a list of field names (e.g. "SecurityIncident") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "SecurityIncident") to + // include in API requests with the JSON null value. By default, fields + // with empty values are omitted from API requests. However, any field + // with an empty value appearing in NullFields will be sent to the + // server as null. It is an error if a field in this list has a + // non-empty value. This may be used to include null fields in Patch + // requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudApigeeV1UpdateSecurityIncidentRequest) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudApigeeV1UpdateSecurityIncidentRequest + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + // GoogleIamV1AuditConfig: Specifies the audit configuration for a // service. The configuration determines which permission types are // logged, and what identities, if any, are exempted from logging. An @@ -46635,6 +46754,155 @@ func (c *OrganizationsEnvironmentsSecurityActionsListCall) Pages(ctx context.Con } } +// method id "apigee.organizations.environments.securityIncidents.batchUpdate": + +type OrganizationsEnvironmentsSecurityIncidentsBatchUpdateCall struct { + s *Service + parent string + googlecloudapigeev1batchupdatesecurityincidentsrequest *GoogleCloudApigeeV1BatchUpdateSecurityIncidentsRequest + urlParams_ gensupport.URLParams + ctx_ context.Context + header_ http.Header +} + +// BatchUpdate: BatchUpdateSecurityIncident updates multiple existing +// security incidents. +// +// - parent: Optional. The parent resource shared by all security +// incidents being updated. If this is set, the parent field in the +// UpdateSecurityIncidentRequest messages must either be empty or +// match this field. +func (r *OrganizationsEnvironmentsSecurityIncidentsService) BatchUpdate(parent string, googlecloudapigeev1batchupdatesecurityincidentsrequest *GoogleCloudApigeeV1BatchUpdateSecurityIncidentsRequest) *OrganizationsEnvironmentsSecurityIncidentsBatchUpdateCall { + c := &OrganizationsEnvironmentsSecurityIncidentsBatchUpdateCall{s: r.s, urlParams_: make(gensupport.URLParams)} + c.parent = parent + c.googlecloudapigeev1batchupdatesecurityincidentsrequest = googlecloudapigeev1batchupdatesecurityincidentsrequest + return c +} + +// Fields allows partial responses to be retrieved. See +// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse +// for more information. +func (c *OrganizationsEnvironmentsSecurityIncidentsBatchUpdateCall) Fields(s ...googleapi.Field) *OrganizationsEnvironmentsSecurityIncidentsBatchUpdateCall { + c.urlParams_.Set("fields", googleapi.CombineFields(s)) + return c +} + +// Context sets the context to be used in this call's Do method. Any +// pending HTTP request will be aborted if the provided context is +// canceled. +func (c *OrganizationsEnvironmentsSecurityIncidentsBatchUpdateCall) Context(ctx context.Context) *OrganizationsEnvironmentsSecurityIncidentsBatchUpdateCall { + c.ctx_ = ctx + return c +} + +// Header returns an http.Header that can be modified by the caller to +// add HTTP headers to the request. +func (c *OrganizationsEnvironmentsSecurityIncidentsBatchUpdateCall) Header() http.Header { + if c.header_ == nil { + c.header_ = make(http.Header) + } + return c.header_ +} + +func (c *OrganizationsEnvironmentsSecurityIncidentsBatchUpdateCall) doRequest(alt string) (*http.Response, error) { + reqHeaders := make(http.Header) + reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version) + for k, v := range c.header_ { + reqHeaders[k] = v + } + reqHeaders.Set("User-Agent", c.s.userAgent()) + var body io.Reader = nil + body, err := googleapi.WithoutDataWrapper.JSONReader(c.googlecloudapigeev1batchupdatesecurityincidentsrequest) + if err != nil { + return nil, err + } + reqHeaders.Set("Content-Type", "application/json") + c.urlParams_.Set("alt", alt) + c.urlParams_.Set("prettyPrint", "false") + urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+parent}/securityIncidents:batchUpdate") + urls += "?" + c.urlParams_.Encode() + req, err := http.NewRequest("POST", urls, body) + if err != nil { + return nil, err + } + req.Header = reqHeaders + googleapi.Expand(req.URL, map[string]string{ + "parent": c.parent, + }) + return gensupport.SendRequest(c.ctx_, c.s.client, req) +} + +// Do executes the "apigee.organizations.environments.securityIncidents.batchUpdate" call. +// Exactly one of +// *GoogleCloudApigeeV1BatchUpdateSecurityIncidentsResponse or error +// will be non-nil. Any non-2xx status code is an error. Response +// headers are in either +// *GoogleCloudApigeeV1BatchUpdateSecurityIncidentsResponse.ServerRespons +// e.Header or (if a response was returned at all) in +// error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check +// whether the returned error was because http.StatusNotModified was +// returned. +func (c *OrganizationsEnvironmentsSecurityIncidentsBatchUpdateCall) Do(opts ...googleapi.CallOption) (*GoogleCloudApigeeV1BatchUpdateSecurityIncidentsResponse, error) { + gensupport.SetOptions(c.urlParams_, opts...) + res, err := c.doRequest("json") + if res != nil && res.StatusCode == http.StatusNotModified { + if res.Body != nil { + res.Body.Close() + } + return nil, gensupport.WrapError(&googleapi.Error{ + Code: res.StatusCode, + Header: res.Header, + }) + } + if err != nil { + return nil, err + } + defer googleapi.CloseBody(res) + if err := googleapi.CheckResponse(res); err != nil { + return nil, gensupport.WrapError(err) + } + ret := &GoogleCloudApigeeV1BatchUpdateSecurityIncidentsResponse{ + ServerResponse: googleapi.ServerResponse{ + Header: res.Header, + HTTPStatusCode: res.StatusCode, + }, + } + target := &ret + if err := gensupport.DecodeResponse(target, res); err != nil { + return nil, err + } + return ret, nil + // { + // "description": "BatchUpdateSecurityIncident updates multiple existing security incidents.", + // "flatPath": "v1/organizations/{organizationsId}/environments/{environmentsId}/securityIncidents:batchUpdate", + // "httpMethod": "POST", + // "id": "apigee.organizations.environments.securityIncidents.batchUpdate", + // "parameterOrder": [ + // "parent" + // ], + // "parameters": { + // "parent": { + // "description": "Optional. The parent resource shared by all security incidents being updated. If this is set, the parent field in the UpdateSecurityIncidentRequest messages must either be empty or match this field.", + // "location": "path", + // "pattern": "^organizations/[^/]+/environments/[^/]+$", + // "required": true, + // "type": "string" + // } + // }, + // "path": "v1/{+parent}/securityIncidents:batchUpdate", + // "request": { + // "$ref": "GoogleCloudApigeeV1BatchUpdateSecurityIncidentsRequest" + // }, + // "response": { + // "$ref": "GoogleCloudApigeeV1BatchUpdateSecurityIncidentsResponse" + // }, + // "scopes": [ + // "https://www.googleapis.com/auth/cloud-platform" + // ] + // } + +} + // method id "apigee.organizations.environments.securityIncidents.get": type OrganizationsEnvironmentsSecurityIncidentsGetCall struct { @@ -47000,6 +47268,168 @@ func (c *OrganizationsEnvironmentsSecurityIncidentsListCall) Pages(ctx context.C } } +// method id "apigee.organizations.environments.securityIncidents.patch": + +type OrganizationsEnvironmentsSecurityIncidentsPatchCall struct { + s *Service + name string + googlecloudapigeev1securityincident *GoogleCloudApigeeV1SecurityIncident + urlParams_ gensupport.URLParams + ctx_ context.Context + header_ http.Header +} + +// Patch: UpdateSecurityIncidents updates an existing security incident. +// +// - name: Immutable. Name of the security incident resource. Format: +// organizations/{org}/environments/{environment}/securityIncidents/{in +// cident} Example: +// organizations/apigee-org/environments/dev/securityIncidents/1234-567 +// 8-9101-1111. +func (r *OrganizationsEnvironmentsSecurityIncidentsService) Patch(name string, googlecloudapigeev1securityincident *GoogleCloudApigeeV1SecurityIncident) *OrganizationsEnvironmentsSecurityIncidentsPatchCall { + c := &OrganizationsEnvironmentsSecurityIncidentsPatchCall{s: r.s, urlParams_: make(gensupport.URLParams)} + c.name = name + c.googlecloudapigeev1securityincident = googlecloudapigeev1securityincident + return c +} + +// UpdateMask sets the optional parameter "updateMask": Required. The +// list of fields to update. Allowed fields are: +// LINT.IfChange(allowed_update_fields_comment) - observability +// LINT.ThenChange() +func (c *OrganizationsEnvironmentsSecurityIncidentsPatchCall) UpdateMask(updateMask string) *OrganizationsEnvironmentsSecurityIncidentsPatchCall { + c.urlParams_.Set("updateMask", updateMask) + return c +} + +// Fields allows partial responses to be retrieved. See +// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse +// for more information. +func (c *OrganizationsEnvironmentsSecurityIncidentsPatchCall) Fields(s ...googleapi.Field) *OrganizationsEnvironmentsSecurityIncidentsPatchCall { + c.urlParams_.Set("fields", googleapi.CombineFields(s)) + return c +} + +// Context sets the context to be used in this call's Do method. Any +// pending HTTP request will be aborted if the provided context is +// canceled. +func (c *OrganizationsEnvironmentsSecurityIncidentsPatchCall) Context(ctx context.Context) *OrganizationsEnvironmentsSecurityIncidentsPatchCall { + c.ctx_ = ctx + return c +} + +// Header returns an http.Header that can be modified by the caller to +// add HTTP headers to the request. +func (c *OrganizationsEnvironmentsSecurityIncidentsPatchCall) Header() http.Header { + if c.header_ == nil { + c.header_ = make(http.Header) + } + return c.header_ +} + +func (c *OrganizationsEnvironmentsSecurityIncidentsPatchCall) doRequest(alt string) (*http.Response, error) { + reqHeaders := make(http.Header) + reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version) + for k, v := range c.header_ { + reqHeaders[k] = v + } + reqHeaders.Set("User-Agent", c.s.userAgent()) + var body io.Reader = nil + body, err := googleapi.WithoutDataWrapper.JSONReader(c.googlecloudapigeev1securityincident) + if err != nil { + return nil, err + } + reqHeaders.Set("Content-Type", "application/json") + c.urlParams_.Set("alt", alt) + c.urlParams_.Set("prettyPrint", "false") + urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}") + urls += "?" + c.urlParams_.Encode() + req, err := http.NewRequest("PATCH", urls, body) + if err != nil { + return nil, err + } + req.Header = reqHeaders + googleapi.Expand(req.URL, map[string]string{ + "name": c.name, + }) + return gensupport.SendRequest(c.ctx_, c.s.client, req) +} + +// Do executes the "apigee.organizations.environments.securityIncidents.patch" call. +// Exactly one of *GoogleCloudApigeeV1SecurityIncident or error will be +// non-nil. Any non-2xx status code is an error. Response headers are in +// either *GoogleCloudApigeeV1SecurityIncident.ServerResponse.Header or +// (if a response was returned at all) in +// error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check +// whether the returned error was because http.StatusNotModified was +// returned. +func (c *OrganizationsEnvironmentsSecurityIncidentsPatchCall) Do(opts ...googleapi.CallOption) (*GoogleCloudApigeeV1SecurityIncident, error) { + gensupport.SetOptions(c.urlParams_, opts...) + res, err := c.doRequest("json") + if res != nil && res.StatusCode == http.StatusNotModified { + if res.Body != nil { + res.Body.Close() + } + return nil, gensupport.WrapError(&googleapi.Error{ + Code: res.StatusCode, + Header: res.Header, + }) + } + if err != nil { + return nil, err + } + defer googleapi.CloseBody(res) + if err := googleapi.CheckResponse(res); err != nil { + return nil, gensupport.WrapError(err) + } + ret := &GoogleCloudApigeeV1SecurityIncident{ + ServerResponse: googleapi.ServerResponse{ + Header: res.Header, + HTTPStatusCode: res.StatusCode, + }, + } + target := &ret + if err := gensupport.DecodeResponse(target, res); err != nil { + return nil, err + } + return ret, nil + // { + // "description": "UpdateSecurityIncidents updates an existing security incident.", + // "flatPath": "v1/organizations/{organizationsId}/environments/{environmentsId}/securityIncidents/{securityIncidentsId}", + // "httpMethod": "PATCH", + // "id": "apigee.organizations.environments.securityIncidents.patch", + // "parameterOrder": [ + // "name" + // ], + // "parameters": { + // "name": { + // "description": "Immutable. Name of the security incident resource. Format: organizations/{org}/environments/{environment}/securityIncidents/{incident} Example: organizations/apigee-org/environments/dev/securityIncidents/1234-5678-9101-1111", + // "location": "path", + // "pattern": "^organizations/[^/]+/environments/[^/]+/securityIncidents/[^/]+$", + // "required": true, + // "type": "string" + // }, + // "updateMask": { + // "description": "Required. The list of fields to update. Allowed fields are: LINT.IfChange(allowed_update_fields_comment) - observability LINT.ThenChange()", + // "format": "google-fieldmask", + // "location": "query", + // "type": "string" + // } + // }, + // "path": "v1/{+name}", + // "request": { + // "$ref": "GoogleCloudApigeeV1SecurityIncident" + // }, + // "response": { + // "$ref": "GoogleCloudApigeeV1SecurityIncident" + // }, + // "scopes": [ + // "https://www.googleapis.com/auth/cloud-platform" + // ] + // } + +} + // method id "apigee.organizations.environments.securityReports.create": type OrganizationsEnvironmentsSecurityReportsCreateCall struct { diff --git a/calendar/v3/calendar-api.json b/calendar/v3/calendar-api.json index 8a4db5e2993..21bdbdaa7ec 100644 --- a/calendar/v3/calendar-api.json +++ b/calendar/v3/calendar-api.json @@ -1088,7 +1088,7 @@ "type": "string" }, "eventTypes": { - "description": "Event types to return. Optional. Possible values are: \n- \"default\" \n- \"focusTime\" \n- \"outOfOffice\" \n- \"workingLocation\"This parameter can be repeated multiple times to return events of different types. Currently, these are the only allowed values for this field: \n- [\"default\", \"focusTime\", \"outOfOffice\"] \n- [\"default\", \"focusTime\", \"outOfOffice\", \"workingLocation\"] \n- [\"workingLocation\"] The default is [\"default\", \"focusTime\", \"outOfOffice\"].\nAdditional combinations of these four event types will be made available in later releases.", + "description": "Event types to return. Optional. Possible values are: \n- \"default\" \n- \"focusTime\" \n- \"outOfOffice\" \n- \"workingLocation\"This parameter can be repeated multiple times to return events of different types. The default is [\"default\", \"focusTime\", \"outOfOffice\"].", "location": "query", "repeated": true, "type": "string" @@ -1491,7 +1491,7 @@ "type": "string" }, "eventTypes": { - "description": "Event types to return. Optional. Possible values are: \n- \"default\" \n- \"focusTime\" \n- \"outOfOffice\" \n- \"workingLocation\"This parameter can be repeated multiple times to return events of different types. Currently, these are the only allowed values for this field: \n- [\"default\", \"focusTime\", \"outOfOffice\"] \n- [\"default\", \"focusTime\", \"outOfOffice\", \"workingLocation\"] \n- [\"workingLocation\"] The default is [\"default\", \"focusTime\", \"outOfOffice\"].\nAdditional combinations of these four event types will be made available in later releases.", + "description": "Event types to return. Optional. Possible values are: \n- \"default\" \n- \"focusTime\" \n- \"outOfOffice\" \n- \"workingLocation\"This parameter can be repeated multiple times to return events of different types. The default is [\"default\", \"focusTime\", \"outOfOffice\"].", "location": "query", "repeated": true, "type": "string" @@ -1735,7 +1735,7 @@ } } }, - "revision": "20231116", + "revision": "20231123", "rootUrl": "https://www.googleapis.com/", "schemas": { "Acl": { @@ -2392,7 +2392,7 @@ }, "eventType": { "default": "default", - "description": "Specific type of the event. This cannot be modified after the event is created. Possible values are: \n- \"default\" - A regular event or not further specified. \n- \"outOfOffice\" - An out-of-office event. \n- \"focusTime\" - A focus-time event. \n- \"workingLocation\" - A working location event. Currently, only \"default \" and \"workingLocation\" events can be created using the API. Extended support for other event types will be made available in later releases.", + "description": "Specific type of the event. This cannot be modified after the event is created. Possible values are: \n- \"default\" - A regular event or not further specified. \n- \"outOfOffice\" - An out-of-office event. An outOfOfficeProperties parameter must be supplied to make a valid event (even if empty). \n- \"focusTime\" - A focus-time event. A focusTimeProperties parameter must be supplied to make a valid event (even if empty). \n- \"workingLocation\" - A working location event. Currently, only \"default \" and \"workingLocation\" events can be created using the API. Extended support for other event types will be made available in later releases.", "type": "string" }, "extendedProperties": { @@ -2419,7 +2419,7 @@ }, "focusTimeProperties": { "$ref": "EventFocusTimeProperties", - "description": "Focus Time event data." + "description": "Focus Time event data. Required if eventType is focusTime." }, "gadget": { "description": "A gadget that extends this event. Gadgets are deprecated; this structure is instead only used for returning birthday calendar metadata.", @@ -2544,7 +2544,7 @@ }, "outOfOfficeProperties": { "$ref": "EventOutOfOfficeProperties", - "description": "Out of office event data." + "description": "Out of office event data. Required if eventType is outOfOffice." }, "privateCopy": { "default": "false", diff --git a/calendar/v3/calendar-gen.go b/calendar/v3/calendar-gen.go index ad7116b51de..d0881564fd8 100644 --- a/calendar/v3/calendar-gen.go +++ b/calendar/v3/calendar-gen.go @@ -1373,8 +1373,10 @@ type Event struct { // EventType: Specific type of the event. This cannot be modified after // the event is created. Possible values are: // - "default" - A regular event or not further specified. - // - "outOfOffice" - An out-of-office event. - // - "focusTime" - A focus-time event. + // - "outOfOffice" - An out-of-office event. An outOfOfficeProperties + // parameter must be supplied to make a valid event (even if empty). + // - "focusTime" - A focus-time event. A focusTimeProperties parameter + // must be supplied to make a valid event (even if empty). // - "workingLocation" - A working location event. Currently, only // "default " and "workingLocation" events can be created using the API. // Extended support for other event types will be made available in @@ -1384,7 +1386,8 @@ type Event struct { // ExtendedProperties: Extended properties of the event. ExtendedProperties *EventExtendedProperties `json:"extendedProperties,omitempty"` - // FocusTimeProperties: Focus Time event data. + // FocusTimeProperties: Focus Time event data. Required if eventType is + // focusTime. FocusTimeProperties *EventFocusTimeProperties `json:"focusTimeProperties,omitempty"` // Gadget: A gadget that extends this event. Gadgets are deprecated; @@ -1473,7 +1476,8 @@ type Event struct { // instance was moved to a different time. Immutable. OriginalStartTime *EventDateTime `json:"originalStartTime,omitempty"` - // OutOfOfficeProperties: Out of office event data. + // OutOfOfficeProperties: Out of office event data. Required if + // eventType is outOfOffice. OutOfOfficeProperties *EventOutOfOfficeProperties `json:"outOfOfficeProperties,omitempty"` // PrivateCopy: If set to True, Event propagation is disabled. Note that @@ -7185,14 +7189,8 @@ func (c *EventsListCall) AlwaysIncludeEmail(alwaysIncludeEmail bool) *EventsList // - "focusTime" // - "outOfOffice" // - "workingLocation"This parameter can be repeated multiple times to -// return events of different types. Currently, these are the only -// allowed values for this field: -// - ["default", "focusTime", "outOfOffice"] -// - ["default", "focusTime", "outOfOffice", "workingLocation"] -// - ["workingLocation"] The default is ["default", "focusTime", -// "outOfOffice"]. -// Additional combinations of these four event types will be made -// available in later releases. +// return events of different types. The default is ["default", +// "focusTime", "outOfOffice"]. func (c *EventsListCall) EventTypes(eventTypes ...string) *EventsListCall { c.urlParams_.SetMulti("eventTypes", append([]string{}, eventTypes...)) return c @@ -7509,7 +7507,7 @@ func (c *EventsListCall) Do(opts ...googleapi.CallOption) (*Events, error) { // "type": "string" // }, // "eventTypes": { - // "description": "Event types to return. Optional. Possible values are: \n- \"default\" \n- \"focusTime\" \n- \"outOfOffice\" \n- \"workingLocation\"This parameter can be repeated multiple times to return events of different types. Currently, these are the only allowed values for this field: \n- [\"default\", \"focusTime\", \"outOfOffice\"] \n- [\"default\", \"focusTime\", \"outOfOffice\", \"workingLocation\"] \n- [\"workingLocation\"] The default is [\"default\", \"focusTime\", \"outOfOffice\"].\nAdditional combinations of these four event types will be made available in later releases.", + // "description": "Event types to return. Optional. Possible values are: \n- \"default\" \n- \"focusTime\" \n- \"outOfOffice\" \n- \"workingLocation\"This parameter can be repeated multiple times to return events of different types. The default is [\"default\", \"focusTime\", \"outOfOffice\"].", // "location": "query", // "repeated": true, // "type": "string" @@ -8624,14 +8622,8 @@ func (c *EventsWatchCall) AlwaysIncludeEmail(alwaysIncludeEmail bool) *EventsWat // - "focusTime" // - "outOfOffice" // - "workingLocation"This parameter can be repeated multiple times to -// return events of different types. Currently, these are the only -// allowed values for this field: -// - ["default", "focusTime", "outOfOffice"] -// - ["default", "focusTime", "outOfOffice", "workingLocation"] -// - ["workingLocation"] The default is ["default", "focusTime", -// "outOfOffice"]. -// Additional combinations of these four event types will be made -// available in later releases. +// return events of different types. The default is ["default", +// "focusTime", "outOfOffice"]. func (c *EventsWatchCall) EventTypes(eventTypes ...string) *EventsWatchCall { c.urlParams_.SetMulti("eventTypes", append([]string{}, eventTypes...)) return c @@ -8940,7 +8932,7 @@ func (c *EventsWatchCall) Do(opts ...googleapi.CallOption) (*Channel, error) { // "type": "string" // }, // "eventTypes": { - // "description": "Event types to return. Optional. Possible values are: \n- \"default\" \n- \"focusTime\" \n- \"outOfOffice\" \n- \"workingLocation\"This parameter can be repeated multiple times to return events of different types. Currently, these are the only allowed values for this field: \n- [\"default\", \"focusTime\", \"outOfOffice\"] \n- [\"default\", \"focusTime\", \"outOfOffice\", \"workingLocation\"] \n- [\"workingLocation\"] The default is [\"default\", \"focusTime\", \"outOfOffice\"].\nAdditional combinations of these four event types will be made available in later releases.", + // "description": "Event types to return. Optional. Possible values are: \n- \"default\" \n- \"focusTime\" \n- \"outOfOffice\" \n- \"workingLocation\"This parameter can be repeated multiple times to return events of different types. The default is [\"default\", \"focusTime\", \"outOfOffice\"].", // "location": "query", // "repeated": true, // "type": "string" diff --git a/displayvideo/v1/displayvideo-api.json b/displayvideo/v1/displayvideo-api.json index d9116c4e93e..2d8aecb9f16 100644 --- a/displayvideo/v1/displayvideo-api.json +++ b/displayvideo/v1/displayvideo-api.json @@ -8146,7 +8146,7 @@ } } }, - "revision": "20231113", + "revision": "20231129", "rootUrl": "https://displayvideo.googleapis.com/", "schemas": { "ActivateManualTriggerRequest": { @@ -10337,7 +10337,7 @@ "CONSENT_STATUS_DENIED" ], "enumDescriptions": [ - "Consent is not specified.", + "Not specified.", "Consent is granted.", "Consent is denied." ], @@ -10351,7 +10351,7 @@ "CONSENT_STATUS_DENIED" ], "enumDescriptions": [ - "Consent is not specified.", + "Not specified.", "Consent is granted.", "Consent is denied." ], @@ -10406,7 +10406,7 @@ "properties": { "consent": { "$ref": "Consent", - "description": "Input only. User consent status." + "description": "Input only. The consent setting for the users in contact_infos." }, "contactInfos": { "description": "A list of ContactInfo objects defining Customer Match audience members. The size of members after splitting the contact_infos mustn't be greater than 500,000.", @@ -16406,7 +16406,7 @@ "properties": { "consent": { "$ref": "Consent", - "description": "Input only. User consent status." + "description": "Input only. The consent setting for the users in mobile_device_ids." }, "mobileDeviceIds": { "description": "A list of mobile device IDs defining Customer Match audience members. The size of mobile_device_ids mustn't be greater than 500,000.", diff --git a/displayvideo/v1/displayvideo-gen.go b/displayvideo/v1/displayvideo-gen.go index 216136b8c33..734927a7de5 100644 --- a/displayvideo/v1/displayvideo-gen.go +++ b/displayvideo/v1/displayvideo-gen.go @@ -4319,7 +4319,7 @@ type Consent struct { // AdPersonalization: Represents consent for ad personalization. // // Possible values: - // "CONSENT_STATUS_UNSPECIFIED" - Consent is not specified. + // "CONSENT_STATUS_UNSPECIFIED" - Not specified. // "CONSENT_STATUS_GRANTED" - Consent is granted. // "CONSENT_STATUS_DENIED" - Consent is denied. AdPersonalization string `json:"adPersonalization,omitempty"` @@ -4327,7 +4327,7 @@ type Consent struct { // AdUserData: Represents consent for ad user data. // // Possible values: - // "CONSENT_STATUS_UNSPECIFIED" - Consent is not specified. + // "CONSENT_STATUS_UNSPECIFIED" - Not specified. // "CONSENT_STATUS_GRANTED" - Consent is granted. // "CONSENT_STATUS_DENIED" - Consent is denied. AdUserData string `json:"adUserData,omitempty"` @@ -4417,7 +4417,8 @@ func (s *ContactInfo) MarshalJSON() ([]byte, error) { // ContactInfoList: Wrapper message for a list of contact information // defining Customer Match audience members. type ContactInfoList struct { - // Consent: Input only. User consent status. + // Consent: Input only. The consent setting for the users in + // contact_infos. Consent *Consent `json:"consent,omitempty"` // ContactInfos: A list of ContactInfo objects defining Customer Match @@ -12524,7 +12525,8 @@ func (s *MobileApp) MarshalJSON() ([]byte, error) { // MobileDeviceIdList: Wrapper message for a list of mobile device IDs // defining Customer Match audience members. type MobileDeviceIdList struct { - // Consent: Input only. User consent status. + // Consent: Input only. The consent setting for the users in + // mobile_device_ids. Consent *Consent `json:"consent,omitempty"` // MobileDeviceIds: A list of mobile device IDs defining Customer Match diff --git a/displayvideo/v2/displayvideo-api.json b/displayvideo/v2/displayvideo-api.json index a464003aff2..f96275a6c4e 100644 --- a/displayvideo/v2/displayvideo-api.json +++ b/displayvideo/v2/displayvideo-api.json @@ -9172,7 +9172,7 @@ } } }, - "revision": "20231113", + "revision": "20231129", "rootUrl": "https://displayvideo.googleapis.com/", "schemas": { "ActivateManualTriggerRequest": { @@ -11637,7 +11637,7 @@ "CONSENT_STATUS_DENIED" ], "enumDescriptions": [ - "Consent is not specified.", + "Not specified.", "Consent is granted.", "Consent is denied." ], @@ -11651,7 +11651,7 @@ "CONSENT_STATUS_DENIED" ], "enumDescriptions": [ - "Consent is not specified.", + "Not specified.", "Consent is granted.", "Consent is denied." ], @@ -11706,7 +11706,7 @@ "properties": { "consent": { "$ref": "Consent", - "description": "Input only. User consent status." + "description": "Input only. The consent setting for the users in contact_infos." }, "contactInfos": { "description": "A list of ContactInfo objects defining Customer Match audience members. The size of members after splitting the contact_infos mustn't be greater than 500,000.", @@ -18123,7 +18123,7 @@ "properties": { "consent": { "$ref": "Consent", - "description": "Input only. User consent status." + "description": "Input only. The consent setting for the users in mobile_device_ids." }, "mobileDeviceIds": { "description": "A list of mobile device IDs defining Customer Match audience members. The size of mobile_device_ids mustn't be greater than 500,000.", diff --git a/displayvideo/v2/displayvideo-gen.go b/displayvideo/v2/displayvideo-gen.go index bb3880600dc..a0c080960c1 100644 --- a/displayvideo/v2/displayvideo-gen.go +++ b/displayvideo/v2/displayvideo-gen.go @@ -4849,7 +4849,7 @@ type Consent struct { // AdPersonalization: Represents consent for ad personalization. // // Possible values: - // "CONSENT_STATUS_UNSPECIFIED" - Consent is not specified. + // "CONSENT_STATUS_UNSPECIFIED" - Not specified. // "CONSENT_STATUS_GRANTED" - Consent is granted. // "CONSENT_STATUS_DENIED" - Consent is denied. AdPersonalization string `json:"adPersonalization,omitempty"` @@ -4857,7 +4857,7 @@ type Consent struct { // AdUserData: Represents consent for ad user data. // // Possible values: - // "CONSENT_STATUS_UNSPECIFIED" - Consent is not specified. + // "CONSENT_STATUS_UNSPECIFIED" - Not specified. // "CONSENT_STATUS_GRANTED" - Consent is granted. // "CONSENT_STATUS_DENIED" - Consent is denied. AdUserData string `json:"adUserData,omitempty"` @@ -4947,7 +4947,8 @@ func (s *ContactInfo) MarshalJSON() ([]byte, error) { // ContactInfoList: Wrapper message for a list of contact information // defining Customer Match audience members. type ContactInfoList struct { - // Consent: Input only. User consent status. + // Consent: Input only. The consent setting for the users in + // contact_infos. Consent *Consent `json:"consent,omitempty"` // ContactInfos: A list of ContactInfo objects defining Customer Match @@ -13647,7 +13648,8 @@ func (s *MobileApp) MarshalJSON() ([]byte, error) { // MobileDeviceIdList: Wrapper message for a list of mobile device IDs // defining Customer Match audience members. type MobileDeviceIdList struct { - // Consent: Input only. User consent status. + // Consent: Input only. The consent setting for the users in + // mobile_device_ids. Consent *Consent `json:"consent,omitempty"` // MobileDeviceIds: A list of mobile device IDs defining Customer Match diff --git a/displayvideo/v3/displayvideo-api.json b/displayvideo/v3/displayvideo-api.json index 883f502788e..5bc84ff1741 100644 --- a/displayvideo/v3/displayvideo-api.json +++ b/displayvideo/v3/displayvideo-api.json @@ -9127,7 +9127,7 @@ } } }, - "revision": "20231113", + "revision": "20231129", "rootUrl": "https://displayvideo.googleapis.com/", "schemas": { "ActiveViewVideoViewabilityMetricConfig": { @@ -12196,7 +12196,7 @@ "CONSENT_STATUS_DENIED" ], "enumDescriptions": [ - "Consent is not specified.", + "Not specified.", "Consent is granted.", "Consent is denied." ], @@ -12210,7 +12210,7 @@ "CONSENT_STATUS_DENIED" ], "enumDescriptions": [ - "Consent is not specified.", + "Not specified.", "Consent is granted.", "Consent is denied." ], @@ -12265,7 +12265,7 @@ "properties": { "consent": { "$ref": "Consent", - "description": "Input only. User consent status." + "description": "Input only. The consent setting for the users in contact_infos." }, "contactInfos": { "description": "A list of ContactInfo objects defining Customer Match audience members. The size of members after splitting the contact_infos mustn't be greater than 500,000.", @@ -18805,7 +18805,7 @@ "properties": { "consent": { "$ref": "Consent", - "description": "Input only. User consent status." + "description": "Input only. The consent setting for the users in mobile_device_ids." }, "mobileDeviceIds": { "description": "A list of mobile device IDs defining Customer Match audience members. The size of mobile_device_ids mustn't be greater than 500,000.", diff --git a/displayvideo/v3/displayvideo-gen.go b/displayvideo/v3/displayvideo-gen.go index e998b76a2e7..636dd24e690 100644 --- a/displayvideo/v3/displayvideo-gen.go +++ b/displayvideo/v3/displayvideo-gen.go @@ -5581,7 +5581,7 @@ type Consent struct { // AdPersonalization: Represents consent for ad personalization. // // Possible values: - // "CONSENT_STATUS_UNSPECIFIED" - Consent is not specified. + // "CONSENT_STATUS_UNSPECIFIED" - Not specified. // "CONSENT_STATUS_GRANTED" - Consent is granted. // "CONSENT_STATUS_DENIED" - Consent is denied. AdPersonalization string `json:"adPersonalization,omitempty"` @@ -5589,7 +5589,7 @@ type Consent struct { // AdUserData: Represents consent for ad user data. // // Possible values: - // "CONSENT_STATUS_UNSPECIFIED" - Consent is not specified. + // "CONSENT_STATUS_UNSPECIFIED" - Not specified. // "CONSENT_STATUS_GRANTED" - Consent is granted. // "CONSENT_STATUS_DENIED" - Consent is denied. AdUserData string `json:"adUserData,omitempty"` @@ -5679,7 +5679,8 @@ func (s *ContactInfo) MarshalJSON() ([]byte, error) { // ContactInfoList: Wrapper message for a list of contact information // defining Customer Match audience members. type ContactInfoList struct { - // Consent: Input only. User consent status. + // Consent: Input only. The consent setting for the users in + // contact_infos. Consent *Consent `json:"consent,omitempty"` // ContactInfos: A list of ContactInfo objects defining Customer Match @@ -14566,7 +14567,8 @@ func (s *MobileApp) MarshalJSON() ([]byte, error) { // MobileDeviceIdList: Wrapper message for a list of mobile device IDs // defining Customer Match audience members. type MobileDeviceIdList struct { - // Consent: Input only. User consent status. + // Consent: Input only. The consent setting for the users in + // mobile_device_ids. Consent *Consent `json:"consent,omitempty"` // MobileDeviceIds: A list of mobile device IDs defining Customer Match diff --git a/documentai/v1beta3/documentai-api.json b/documentai/v1beta3/documentai-api.json index 05d96e1f1d4..03a82076e6a 100644 --- a/documentai/v1beta3/documentai-api.json +++ b/documentai/v1beta3/documentai-api.json @@ -1284,7 +1284,7 @@ } } }, - "revision": "20231116", + "revision": "20231130", "rootUrl": "https://documentai.googleapis.com/", "schemas": { "GoogleCloudDocumentaiUiv1beta3AutoLabelDocumentsMetadata": { @@ -8755,6 +8755,10 @@ "$ref": "GoogleCloudDocumentaiV1beta3DocumentSchema", "description": "Optional. The schema the processor version will be trained with." }, + "foundationModelTuningOptions": { + "$ref": "GoogleCloudDocumentaiV1beta3TrainProcessorVersionRequestFoundationModelTuningOptions", + "description": "Options to control foundation model tuning of a processor." + }, "inputData": { "$ref": "GoogleCloudDocumentaiV1beta3TrainProcessorVersionRequestInputData", "description": "Optional. The input data used to train the ProcessorVersion." @@ -8787,6 +8791,23 @@ }, "type": "object" }, + "GoogleCloudDocumentaiV1beta3TrainProcessorVersionRequestFoundationModelTuningOptions": { + "description": "Options to control foundation model tuning of the processor.", + "id": "GoogleCloudDocumentaiV1beta3TrainProcessorVersionRequestFoundationModelTuningOptions", + "properties": { + "learningRateMultiplier": { + "description": "Optional. The multiplier to apply to the recommended learning rate. Valid values are between [0.1, 10]. If not provided, recommended learning rate will be used.", + "format": "float", + "type": "number" + }, + "trainSteps": { + "description": "Optional. The number of steps to run for model tuning. Valid values are between [1, 400]. If not provided, recommended steps will be used.", + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, "GoogleCloudDocumentaiV1beta3TrainProcessorVersionRequestInputData": { "description": "The input data used to train a new ProcessorVersion.", "id": "GoogleCloudDocumentaiV1beta3TrainProcessorVersionRequestInputData", diff --git a/documentai/v1beta3/documentai-gen.go b/documentai/v1beta3/documentai-gen.go index 77ffd61d25c..dfd0c43523c 100644 --- a/documentai/v1beta3/documentai-gen.go +++ b/documentai/v1beta3/documentai-gen.go @@ -12853,6 +12853,10 @@ type GoogleCloudDocumentaiV1beta3TrainProcessorVersionRequest struct { // trained with. DocumentSchema *GoogleCloudDocumentaiV1beta3DocumentSchema `json:"documentSchema,omitempty"` + // FoundationModelTuningOptions: Options to control foundation model + // tuning of a processor. + FoundationModelTuningOptions *GoogleCloudDocumentaiV1beta3TrainProcessorVersionRequestFoundationModelTuningOptions `json:"foundationModelTuningOptions,omitempty"` + // InputData: Optional. The input data used to train the // ProcessorVersion. InputData *GoogleCloudDocumentaiV1beta3TrainProcessorVersionRequestInputData `json:"inputData,omitempty"` @@ -12921,6 +12925,59 @@ func (s *GoogleCloudDocumentaiV1beta3TrainProcessorVersionRequestCustomDocumentE return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) } +// GoogleCloudDocumentaiV1beta3TrainProcessorVersionRequestFoundationMode +// lTuningOptions: Options to control foundation model tuning of the +// processor. +type GoogleCloudDocumentaiV1beta3TrainProcessorVersionRequestFoundationModelTuningOptions struct { + // LearningRateMultiplier: Optional. The multiplier to apply to the + // recommended learning rate. Valid values are between [0.1, 10]. If not + // provided, recommended learning rate will be used. + LearningRateMultiplier float64 `json:"learningRateMultiplier,omitempty"` + + // TrainSteps: Optional. The number of steps to run for model tuning. + // Valid values are between [1, 400]. If not provided, recommended steps + // will be used. + TrainSteps int64 `json:"trainSteps,omitempty"` + + // ForceSendFields is a list of field names (e.g. + // "LearningRateMultiplier") to unconditionally include in API requests. + // By default, fields with empty or default values are omitted from API + // requests. However, any non-pointer, non-interface field appearing in + // ForceSendFields will be sent to the server regardless of whether the + // field is empty or not. This may be used to include empty fields in + // Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "LearningRateMultiplier") + // to include in API requests with the JSON null value. By default, + // fields with empty values are omitted from API requests. However, any + // field with an empty value appearing in NullFields will be sent to the + // server as null. It is an error if a field in this list has a + // non-empty value. This may be used to include null fields in Patch + // requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudDocumentaiV1beta3TrainProcessorVersionRequestFoundationModelTuningOptions) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudDocumentaiV1beta3TrainProcessorVersionRequestFoundationModelTuningOptions + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +func (s *GoogleCloudDocumentaiV1beta3TrainProcessorVersionRequestFoundationModelTuningOptions) UnmarshalJSON(data []byte) error { + type NoMethod GoogleCloudDocumentaiV1beta3TrainProcessorVersionRequestFoundationModelTuningOptions + var s1 struct { + LearningRateMultiplier gensupport.JSONFloat64 `json:"learningRateMultiplier"` + *NoMethod + } + s1.NoMethod = (*NoMethod)(s) + if err := json.Unmarshal(data, &s1); err != nil { + return err + } + s.LearningRateMultiplier = float64(s1.LearningRateMultiplier) + return nil +} + // GoogleCloudDocumentaiV1beta3TrainProcessorVersionRequestInputData: // The input data used to train a new ProcessorVersion. type GoogleCloudDocumentaiV1beta3TrainProcessorVersionRequestInputData struct { diff --git a/securitycenter/v1/securitycenter-api.json b/securitycenter/v1/securitycenter-api.json index 34d61980c72..d326c56260c 100644 --- a/securitycenter/v1/securitycenter-api.json +++ b/securitycenter/v1/securitycenter-api.json @@ -1038,7 +1038,7 @@ ], "parameters": { "parent": { - "description": "Required. The relative resource name of the organization, project, or folder. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name An example is: \"organizations/{organization_id}\".", + "description": "Required. The relative resource name of the organization, project, or folder. For more information about relative resource names, see [Relative Resource Name](https://cloud.google.com/apis/design/resource_names#relative_resource_name) Example: `organizations/{organization_id}`", "location": "path", "pattern": "^folders/[^/]+/securityHealthAnalyticsSettings$", "required": true, @@ -2916,7 +2916,7 @@ ], "parameters": { "parent": { - "description": "Required. The relative resource name of the organization, project, or folder. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name An example is: \"organizations/{organization_id}\".", + "description": "Required. The relative resource name of the organization, project, or folder. For more information about relative resource names, see [Relative Resource Name](https://cloud.google.com/apis/design/resource_names#relative_resource_name) Example: `organizations/{organization_id}`", "location": "path", "pattern": "^organizations/[^/]+/securityHealthAnalyticsSettings$", "required": true, @@ -3173,6 +3173,31 @@ }, "valuedResources": { "methods": { + "get": { + "description": "Get the valued resource by name", + "flatPath": "v1/organizations/{organizationsId}/simulations/{simulationsId}/valuedResources/{valuedResourcesId}", + "httpMethod": "GET", + "id": "securitycenter.organizations.simulations.valuedResources.get", + "parameterOrder": [ + "name" + ], + "parameters": { + "name": { + "description": "Required. The name of this valued resource Valid format: \"organizations/{organization}/simulations/{simulation}/valuedResources/{valued_resource}\"", + "location": "path", + "pattern": "^organizations/[^/]+/simulations/[^/]+/valuedResources/[^/]+$", + "required": true, + "type": "string" + } + }, + "path": "v1/{+name}", + "response": { + "$ref": "ValuedResource" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform" + ] + }, "list": { "description": "Lists the valued resources for a set of simulation results and filter.", "flatPath": "v1/organizations/{organizationsId}/simulations/{simulationsId}/valuedResources", @@ -4712,7 +4737,7 @@ ], "parameters": { "parent": { - "description": "Required. The relative resource name of the organization, project, or folder. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name An example is: \"organizations/{organization_id}\".", + "description": "Required. The relative resource name of the organization, project, or folder. For more information about relative resource names, see [Relative Resource Name](https://cloud.google.com/apis/design/resource_names#relative_resource_name) Example: `organizations/{organization_id}`", "location": "path", "pattern": "^projects/[^/]+/securityHealthAnalyticsSettings$", "required": true, @@ -5110,7 +5135,7 @@ } } }, - "revision": "20231102", + "revision": "20231128", "rootUrl": "https://securitycenter.googleapis.com/", "schemas": { "Access": { @@ -5202,6 +5227,21 @@ }, "type": "object" }, + "Application": { + "description": "Represents an application associated with a finding.", + "id": "Application", + "properties": { + "baseUri": { + "description": "The base URI that identifies the network location of the application in which the vulnerability was detected. Examples: http://11.22.33.44, http://foo.com, http://11.22.33.44:8080", + "type": "string" + }, + "fullUri": { + "description": "The full URI with payload that can be used to reproduce the vulnerability. Example: http://11.22.33.44/reflected/parameter/attribute/singlequoted/js?p=aMmYgI6H", + "type": "string" + } + }, + "type": "object" + }, "Asset": { "description": "Security Command Center representation of a Google Cloud resource. The Asset is a Security Command Center resource that captures information about a single Google Cloud resource. All modifications to an Asset are only within the context of Security Command Center and don't affect the referenced Google Cloud resource.", "id": "Asset", @@ -5500,6 +5540,63 @@ }, "type": "object" }, + "BackupDisasterRecovery": { + "description": "Information related to Google Cloud Backup and DR Service findings.", + "id": "BackupDisasterRecovery", + "properties": { + "appliance": { + "description": "The name of the Backup and DR appliance that captures, moves, and manages the lifecycle of backup data. For example, “backup-server-57137”.", + "type": "string" + }, + "applications": { + "description": "The names of Backup and DR applications. An application is a VM, database, or file system on a managed host monitored by a backup and recovery appliance. For example, “centos7-01-vol00”, “centos7-01-vol01”, “centos7-01-vol02”.", + "items": { + "type": "string" + }, + "type": "array" + }, + "backupCreateTime": { + "description": "The timestamp at which the Backup and DR backup was created.", + "format": "google-datetime", + "type": "string" + }, + "backupTemplate": { + "description": "The name of a Backup and DR template which comprises one or more backup policies. See the [Backup and DR documentation](https://cloud.google.com/backup-disaster-recovery/docs/concepts/backup-plan#temp) for more information. For example, “snap-ov”.", + "type": "string" + }, + "backupType": { + "description": "The backup type of the Backup and DR image. For example, “Snapshot”, “Remote Snapshot”, “OnVault”.", + "type": "string" + }, + "host": { + "description": "The name of a Backup and DR host, which is managed by the backup and recovery appliance and known to the management console. The host can be of type Generic (for example, Compute Engine, SQL Server, Oracle DB, SMB file system, etc.), vCenter, or an ESX server. See the [Backup and DR documentation on hosts](https://cloud.google.com/backup-disaster-recovery/docs/configuration/manage-hosts-and-their-applications) for more information. For example, “centos7-01”.", + "type": "string" + }, + "policies": { + "description": "The names of Backup and DR policies that are associated with a template and that define when to run a backup, how frequently to run a backup, and how long to retain the backup image. For example, “onvaults”.", + "items": { + "type": "string" + }, + "type": "array" + }, + "policyOptions": { + "description": "The names of Backup and DR advanced policy options of a policy applying to an application. See the [Backup and DR documentation on policy options](https://cloud.google.com/backup-disaster-recovery/docs/create-plan/policy-settings). For example, “skipofflineappsincongrp, nounmap”.", + "items": { + "type": "string" + }, + "type": "array" + }, + "profile": { + "description": "The name of the Backup and DR resource profile that specifies the storage media for backups of application and VM data. See the [Backup and DR documentation on profiles](https://cloud.google.com/backup-disaster-recovery/docs/concepts/backup-plan#profile). For example, “GCP”.", + "type": "string" + }, + "storagePool": { + "description": "The name of the Backup and DR storage pool that the backup and recovery appliance is storing data in. The storage pool could be of type Cloud, Primary, Snapshot, or OnVault. See the [Backup and DR documentation on storage pools](https://cloud.google.com/backup-disaster-recovery/docs/concepts/storage-pools). For example, “DiskPoolOne”.", + "type": "string" + } + }, + "type": "object" + }, "BatchCreateResourceValueConfigsRequest": { "description": "Request message to create multiple resource value configs", "id": "BatchCreateResourceValueConfigsRequest", @@ -5661,6 +5758,47 @@ }, "type": "object" }, + "ComplianceSnapshot": { + "description": "Result containing the properties and count of a ComplianceSnapshot request.", + "id": "ComplianceSnapshot", + "properties": { + "category": { + "description": "The category of Findings matching.", + "type": "string" + }, + "complianceStandard": { + "description": "The compliance standard (ie CIS).", + "type": "string" + }, + "complianceVersion": { + "description": "The compliance version (ie 1.3) in CIS 1.3.", + "type": "string" + }, + "count": { + "description": "Total count of findings for the given properties.", + "format": "int64", + "type": "string" + }, + "leafContainerResource": { + "description": "The leaf container resource name that is closest to the snapshot.", + "type": "string" + }, + "name": { + "description": "The compliance snapshot name. Format: //sources//complianceSnapshots/", + "type": "string" + }, + "projectDisplayName": { + "description": "The CRM resource display name that is closest to the snapshot the Findings belong to.", + "type": "string" + }, + "snapshotTime": { + "description": "The snapshot time of the snapshot.", + "format": "google-datetime", + "type": "string" + } + }, + "type": "object" + }, "Connection": { "description": "Contains information about the IP connection associated with the finding.", "id": "Connection", @@ -6210,10 +6348,18 @@ "$ref": "Access", "description": "Access details associated with the finding, such as more information on the caller, which method was accessed, and from where." }, + "application": { + "$ref": "Application", + "description": "Represents an application associated with the finding." + }, "attackExposure": { "$ref": "AttackExposure", "description": "The results of an attack path simulation relevant to this finding." }, + "backupDisasterRecovery": { + "$ref": "BackupDisasterRecovery", + "description": "Fields related to Backup and DR findings." + }, "canonicalName": { "description": "The canonical name of the finding. It's either \"organizations/{organization_id}/sources/{source_id}/findings/{finding_id}\", \"folders/{folder_id}/sources/{source_id}/findings/{finding_id}\" or \"projects/{project_number}/sources/{source_id}/findings/{finding_id}\", depending on the closest CRM ancestor of the resource associated with the finding.", "type": "string" @@ -7242,6 +7388,2077 @@ }, "type": "object" }, + "GoogleCloudSecuritycenterV2Access": { + "description": "Represents an access event.", + "id": "GoogleCloudSecuritycenterV2Access", + "properties": { + "callerIp": { + "description": "Caller's IP address, such as \"1.1.1.1\".", + "type": "string" + }, + "callerIpGeo": { + "$ref": "GoogleCloudSecuritycenterV2Geolocation", + "description": "The caller IP's geolocation, which identifies where the call came from." + }, + "methodName": { + "description": "The method that the service account called, e.g. \"SetIamPolicy\".", + "type": "string" + }, + "principalEmail": { + "description": "Associated email, such as \"foo@google.com\". The email address of the authenticated user or a service account acting on behalf of a third party principal making the request. For third party identity callers, the `principal_subject` field is populated instead of this field. For privacy reasons, the principal email address is sometimes redacted. For more information, see [Caller identities in audit logs](https://cloud.google.com/logging/docs/audit#user-id).", + "type": "string" + }, + "principalSubject": { + "description": "A string that represents the principal_subject that is associated with the identity. Unlike `principal_email`, `principal_subject` supports principals that aren't associated with email addresses, such as third party principals. For most identities, the format is `principal://iam.googleapis.com/{identity pool name}/subject/{subject}`. Some GKE identities, such as GKE_WORKLOAD, FREEFORM, and GKE_HUB_WORKLOAD, still use the legacy format `serviceAccount:{identity pool name}[{subject}]`.", + "type": "string" + }, + "serviceAccountDelegationInfo": { + "description": "The identity delegation history of an authenticated service account that made the request. The `serviceAccountDelegationInfo[]` object contains information about the real authorities that try to access Google Cloud resources by delegating on a service account. When multiple authorities are present, they are guaranteed to be sorted based on the original ordering of the identity delegation events.", + "items": { + "$ref": "GoogleCloudSecuritycenterV2ServiceAccountDelegationInfo" + }, + "type": "array" + }, + "serviceAccountKeyName": { + "description": "The name of the service account key that was used to create or exchange credentials when authenticating the service account that made the request. This is a scheme-less URI full resource name. For example: \"//iam.googleapis.com/projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}\". ", + "type": "string" + }, + "serviceName": { + "description": "This is the API service that the service account made a call to, e.g. \"iam.googleapis.com\"", + "type": "string" + }, + "userAgent": { + "description": "The caller's user agent string associated with the finding.", + "type": "string" + }, + "userAgentFamily": { + "description": "Type of user agent associated with the finding. For example, an operating system shell or an embedded or standalone application.", + "type": "string" + }, + "userName": { + "description": "A string that represents a username. The username provided depends on the type of the finding and is likely not an IAM principal. For example, this can be a system username if the finding is related to a virtual machine, or it can be an application login username.", + "type": "string" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2AccessReview": { + "description": "Conveys information about a Kubernetes access review (such as one returned by a [`kubectl auth can-i`](https://kubernetes.io/docs/reference/access-authn-authz/authorization/#checking-api-access) command) that was involved in a finding.", + "id": "GoogleCloudSecuritycenterV2AccessReview", + "properties": { + "group": { + "description": "The API group of the resource. \"*\" means all.", + "type": "string" + }, + "name": { + "description": "The name of the resource being requested. Empty means all.", + "type": "string" + }, + "ns": { + "description": "Namespace of the action being requested. Currently, there is no distinction between no namespace and all namespaces. Both are represented by \"\" (empty).", + "type": "string" + }, + "resource": { + "description": "The optional resource type requested. \"*\" means all.", + "type": "string" + }, + "subresource": { + "description": "The optional subresource type.", + "type": "string" + }, + "verb": { + "description": "A Kubernetes resource API verb, like get, list, watch, create, update, delete, proxy. \"*\" means all.", + "type": "string" + }, + "version": { + "description": "The API version of the resource. \"*\" means all.", + "type": "string" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2Application": { + "description": "Represents an application associated with a finding.", + "id": "GoogleCloudSecuritycenterV2Application", + "properties": { + "baseUri": { + "description": "The base URI that identifies the network location of the application in which the vulnerability was detected. Examples: http://11.22.33.44, http://foo.com, http://11.22.33.44:8080", + "type": "string" + }, + "fullUri": { + "description": "The full URI with payload that could be used to reproduce the vulnerability. Example: http://11.22.33.44/reflected/parameter/attribute/singlequoted/js?p=aMmYgI6H", + "type": "string" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2AttackExposure": { + "description": "An attack exposure contains the results of an attack path simulation run.", + "id": "GoogleCloudSecuritycenterV2AttackExposure", + "properties": { + "attackExposureResult": { + "description": "The resource name of the attack path simulation result that contains the details regarding this attack exposure score. Example: organizations/123/attackExposureResults/456", + "type": "string" + }, + "exposedHighValueResourcesCount": { + "description": "The number of high value resources that are exposed as a result of this finding.", + "format": "int32", + "type": "integer" + }, + "exposedLowValueResourcesCount": { + "description": "The number of high value resources that are exposed as a result of this finding.", + "format": "int32", + "type": "integer" + }, + "exposedMediumValueResourcesCount": { + "description": "The number of medium value resources that are exposed as a result of this finding.", + "format": "int32", + "type": "integer" + }, + "latestCalculationTime": { + "description": "The most recent time the attack exposure was updated on this finding.", + "format": "google-datetime", + "type": "string" + }, + "score": { + "description": "A number between 0 (inclusive) and infinity that represents how important this finding is to remediate. The higher the score, the more important it is to remediate.", + "format": "double", + "type": "number" + }, + "state": { + "description": "Output only. What state this AttackExposure is in. This captures whether or not an attack exposure has been calculated or not.", + "enum": [ + "STATE_UNSPECIFIED", + "CALCULATED", + "NOT_CALCULATED" + ], + "enumDescriptions": [ + "The state is not specified.", + "The attack exposure has been calculated.", + "The attack exposure has not been calculated." + ], + "readOnly": true, + "type": "string" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2BackupDisasterRecovery": { + "description": "Information related to Google Cloud Backup and DR Service findings.", + "id": "GoogleCloudSecuritycenterV2BackupDisasterRecovery", + "properties": { + "appliance": { + "description": "The name of the Backup and DR appliance that captures, moves, and manages the lifecycle of backup data. For example, “backup-server-57137”.", + "type": "string" + }, + "applications": { + "description": "The names of Backup and DR applications. An application is a VM, database, or file system on a managed host monitored by a backup and recovery appliance. For example, “centos7-01-vol00”, “centos7-01-vol01”, “centos7-01-vol02”.", + "items": { + "type": "string" + }, + "type": "array" + }, + "backupCreateTime": { + "description": "The timestamp at which the Backup and DR backup was created.", + "format": "google-datetime", + "type": "string" + }, + "backupTemplate": { + "description": "The name of a Backup and DR template which comprises one or more backup policies. See the [Backup and DR documentation](https://cloud.google.com/backup-disaster-recovery/docs/concepts/backup-plan#temp) for more information. For example, “snap-ov”.", + "type": "string" + }, + "backupType": { + "description": "The backup type of the Backup and DR image. For example, “Snapshot”, “Remote Snapshot”, “OnVault”.", + "type": "string" + }, + "host": { + "description": "The name of a Backup and DR host, which is managed by the backup and recovery appliance and known to the management console. The host can be of type Generic (for example, Compute Engine, SQL Server, Oracle DB, SMB file system, etc.), vCenter, or an ESX server. See the [Backup and DR documentation on hosts](https://cloud.google.com/backup-disaster-recovery/docs/configuration/manage-hosts-and-their-applications) for more information. For example, “centos7-01”.", + "type": "string" + }, + "policies": { + "description": "The names of Backup and DR policies that are associated with a template and that define when to run a backup, how frequently to run a backup, and how long to retain the backup image. For example, “onvaults”.", + "items": { + "type": "string" + }, + "type": "array" + }, + "policyOptions": { + "description": "The names of Backup and DR advanced policy options of a policy applying to an application. See the [Backup and DR documentation on policy options](https://cloud.google.com/backup-disaster-recovery/docs/create-plan/policy-settings). For example, “skipofflineappsincongrp, nounmap”.", + "items": { + "type": "string" + }, + "type": "array" + }, + "profile": { + "description": "The name of the Backup and DR resource profile that specifies the storage media for backups of application and VM data. See the [Backup and DR documentation on profiles](https://cloud.google.com/backup-disaster-recovery/docs/concepts/backup-plan#profile). For example, “GCP”.", + "type": "string" + }, + "storagePool": { + "description": "The name of the Backup and DR storage pool that the backup and recovery appliance is storing data in. The storage pool could be of type Cloud, Primary, Snapshot, or OnVault. See the [Backup and DR documentation on storage pools](https://cloud.google.com/backup-disaster-recovery/docs/concepts/storage-pools). For example, “DiskPoolOne”.", + "type": "string" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2BigQueryExport": { + "description": "Configures how to deliver Findings to BigQuery Instance.", + "id": "GoogleCloudSecuritycenterV2BigQueryExport", + "properties": { + "createTime": { + "description": "Output only. The time at which the BigQuery export was created. This field is set by the server and will be ignored if provided on export on creation.", + "format": "google-datetime", + "readOnly": true, + "type": "string" + }, + "dataset": { + "description": "The dataset to write findings' updates to. Its format is \"projects/[project_id]/datasets/[bigquery_dataset_id]\". BigQuery Dataset unique ID must contain only letters (a-z, A-Z), numbers (0-9), or underscores (_).", + "type": "string" + }, + "description": { + "description": "The description of the export (max of 1024 characters).", + "type": "string" + }, + "filter": { + "description": "Expression that defines the filter to apply across create/update events of findings. The expression is a list of zero or more restrictions combined via logical operators `AND` and `OR`. Parentheses are supported, and `OR` has higher precedence than `AND`. Restrictions have the form ` ` and may have a `-` character in front of them to indicate negation. The fields map to those defined in the corresponding resource. The supported operators are: * `=` for all value types. * `\u003e`, `\u003c`, `\u003e=`, `\u003c=` for integer values. * `:`, meaning substring matching, for strings. The supported value types are: * string literals in quotes. * integer literals without quotes. * boolean literals `true` and `false` without quotes.", + "type": "string" + }, + "mostRecentEditor": { + "description": "Output only. Email address of the user who last edited the BigQuery export. This field is set by the server and will be ignored if provided on export creation or update.", + "readOnly": true, + "type": "string" + }, + "name": { + "description": "The relative resource name of this export. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name. The following list shows some examples: + `organizations/{organization_id}/locations/{location_id}/bigQueryExports/{export_id}` + `folders/{folder_id}/locations/{location_id}/bigQueryExports/{export_id}` + `projects/{project_id}/locations/{location_id}/bigQueryExports/{export_id}` This field is provided in responses, and is ignored when provided in create requests.", + "type": "string" + }, + "principal": { + "description": "Output only. The service account that needs permission to create table and upload data to the BigQuery dataset.", + "readOnly": true, + "type": "string" + }, + "updateTime": { + "description": "Output only. The most recent time at which the BigQuery export was updated. This field is set by the server and will be ignored if provided on export creation or update.", + "format": "google-datetime", + "readOnly": true, + "type": "string" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2Binding": { + "description": "Represents a Kubernetes RoleBinding or ClusterRoleBinding.", + "id": "GoogleCloudSecuritycenterV2Binding", + "properties": { + "name": { + "description": "Name for the binding.", + "type": "string" + }, + "ns": { + "description": "Namespace for the binding.", + "type": "string" + }, + "role": { + "$ref": "GoogleCloudSecuritycenterV2Role", + "description": "The Role or ClusterRole referenced by the binding." + }, + "subjects": { + "description": "Represents one or more subjects that are bound to the role. Not always available for PATCH requests.", + "items": { + "$ref": "GoogleCloudSecuritycenterV2Subject" + }, + "type": "array" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2BulkMuteFindingsResponse": { + "description": "The response to a BulkMute request. Contains the LRO information.", + "id": "GoogleCloudSecuritycenterV2BulkMuteFindingsResponse", + "properties": {}, + "type": "object" + }, + "GoogleCloudSecuritycenterV2CloudDlpDataProfile": { + "description": "The [data profile](https://cloud.google.com/dlp/docs/data-profiles) associated with the finding.", + "id": "GoogleCloudSecuritycenterV2CloudDlpDataProfile", + "properties": { + "dataProfile": { + "description": "Name of the data profile, for example, `projects/123/locations/europe/tableProfiles/8383929`.", + "type": "string" + }, + "parentType": { + "description": "The resource hierarchy level at which the data profile was generated.", + "enum": [ + "PARENT_TYPE_UNSPECIFIED", + "ORGANIZATION", + "PROJECT" + ], + "enumDescriptions": [ + "Unspecified parent type.", + "Organization-level configurations.", + "Project-level configurations." + ], + "type": "string" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2CloudDlpInspection": { + "description": "Details about the Cloud Data Loss Prevention (Cloud DLP) [inspection job](https://cloud.google.com/dlp/docs/concepts-job-triggers) that produced the finding.", + "id": "GoogleCloudSecuritycenterV2CloudDlpInspection", + "properties": { + "fullScan": { + "description": "Whether Cloud DLP scanned the complete resource or a sampled subset.", + "type": "boolean" + }, + "infoType": { + "description": "The type of information (or *[infoType](https://cloud.google.com/dlp/docs/infotypes-reference)*) found, for example, `EMAIL_ADDRESS` or `STREET_ADDRESS`.", + "type": "string" + }, + "infoTypeCount": { + "description": "The number of times Cloud DLP found this infoType within this job and resource.", + "format": "int64", + "type": "string" + }, + "inspectJob": { + "description": "Name of the inspection job, for example, `projects/123/locations/europe/dlpJobs/i-8383929`.", + "type": "string" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2CloudLoggingEntry": { + "description": "Metadata taken from a [Cloud Logging LogEntry](https://cloud.google.com/logging/docs/reference/v2/rest/v2/LogEntry)", + "id": "GoogleCloudSecuritycenterV2CloudLoggingEntry", + "properties": { + "insertId": { + "description": "A unique identifier for the log entry.", + "type": "string" + }, + "logId": { + "description": "The type of the log (part of `log_name`. `log_name` is the resource name of the log to which this log entry belongs). For example: `cloudresourcemanager.googleapis.com/activity` Note that this field is not URL-encoded, unlike in `LogEntry`.", + "type": "string" + }, + "resourceContainer": { + "description": "The organization, folder, or project of the monitored resource that produced this log entry.", + "type": "string" + }, + "timestamp": { + "description": "The time the event described by the log entry occurred.", + "format": "google-datetime", + "type": "string" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2Compliance": { + "description": "Contains compliance information about a security standard indicating unmet recommendations.", + "id": "GoogleCloudSecuritycenterV2Compliance", + "properties": { + "ids": { + "description": "Policies within the standard or benchmark, for example, A.12.4.1", + "items": { + "type": "string" + }, + "type": "array" + }, + "standard": { + "description": "Industry-wide compliance standards or benchmarks, such as CIS, PCI, and OWASP.", + "type": "string" + }, + "version": { + "description": "Version of the standard or benchmark, for example, 1.1", + "type": "string" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2Connection": { + "description": "Contains information about the IP connection associated with the finding.", + "id": "GoogleCloudSecuritycenterV2Connection", + "properties": { + "destinationIp": { + "description": "Destination IP address. Not present for sockets that are listening and not connected.", + "type": "string" + }, + "destinationPort": { + "description": "Destination port. Not present for sockets that are listening and not connected.", + "format": "int32", + "type": "integer" + }, + "protocol": { + "description": "IANA Internet Protocol Number such as TCP(6) and UDP(17).", + "enum": [ + "PROTOCOL_UNSPECIFIED", + "ICMP", + "TCP", + "UDP", + "GRE", + "ESP" + ], + "enumDescriptions": [ + "Unspecified protocol (not HOPOPT).", + "Internet Control Message Protocol.", + "Transmission Control Protocol.", + "User Datagram Protocol.", + "Generic Routing Encapsulation.", + "Encap Security Payload." + ], + "type": "string" + }, + "sourceIp": { + "description": "Source IP address.", + "type": "string" + }, + "sourcePort": { + "description": "Source port.", + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2Contact": { + "description": "The email address of a contact.", + "id": "GoogleCloudSecuritycenterV2Contact", + "properties": { + "email": { + "description": "An email address. For example, \"`person123@company.com`\".", + "type": "string" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2ContactDetails": { + "description": "Details about specific contacts", + "id": "GoogleCloudSecuritycenterV2ContactDetails", + "properties": { + "contacts": { + "description": "A list of contacts", + "items": { + "$ref": "GoogleCloudSecuritycenterV2Contact" + }, + "type": "array" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2Container": { + "description": "Container associated with the finding.", + "id": "GoogleCloudSecuritycenterV2Container", + "properties": { + "createTime": { + "description": "The time that the container was created.", + "format": "google-datetime", + "type": "string" + }, + "imageId": { + "description": "Optional container image ID, if provided by the container runtime. Uniquely identifies the container image launched using a container image digest.", + "type": "string" + }, + "labels": { + "description": "Container labels, as provided by the container runtime.", + "items": { + "$ref": "GoogleCloudSecuritycenterV2Label" + }, + "type": "array" + }, + "name": { + "description": "Name of the container.", + "type": "string" + }, + "uri": { + "description": "Container image URI provided when configuring a pod or container. This string can identify a container image version using mutable tags.", + "type": "string" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2Cve": { + "description": "CVE stands for Common Vulnerabilities and Exposures. More information: https://cve.mitre.org", + "id": "GoogleCloudSecuritycenterV2Cve", + "properties": { + "cvssv3": { + "$ref": "GoogleCloudSecuritycenterV2Cvssv3", + "description": "Describe Common Vulnerability Scoring System specified at https://www.first.org/cvss/v3.1/specification-document" + }, + "id": { + "description": "The unique identifier for the vulnerability. e.g. CVE-2021-34527", + "type": "string" + }, + "references": { + "description": "Additional information about the CVE. e.g. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34527", + "items": { + "$ref": "GoogleCloudSecuritycenterV2Reference" + }, + "type": "array" + }, + "upstreamFixAvailable": { + "description": "Whether upstream fix is available for the CVE.", + "type": "boolean" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2Cvssv3": { + "description": "Common Vulnerability Scoring System version 3.", + "id": "GoogleCloudSecuritycenterV2Cvssv3", + "properties": { + "attackComplexity": { + "description": "This metric describes the conditions beyond the attacker's control that must exist in order to exploit the vulnerability.", + "enum": [ + "ATTACK_COMPLEXITY_UNSPECIFIED", + "ATTACK_COMPLEXITY_LOW", + "ATTACK_COMPLEXITY_HIGH" + ], + "enumDescriptions": [ + "Invalid value.", + "Specialized access conditions or extenuating circumstances do not exist. An attacker can expect repeatable success when attacking the vulnerable component.", + "A successful attack depends on conditions beyond the attacker's control. That is, a successful attack cannot be accomplished at will, but requires the attacker to invest in some measurable amount of effort in preparation or execution against the vulnerable component before a successful attack can be expected." + ], + "type": "string" + }, + "attackVector": { + "description": "Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments. This metric reflects the context by which vulnerability exploitation is possible.", + "enum": [ + "ATTACK_VECTOR_UNSPECIFIED", + "ATTACK_VECTOR_NETWORK", + "ATTACK_VECTOR_ADJACENT", + "ATTACK_VECTOR_LOCAL", + "ATTACK_VECTOR_PHYSICAL" + ], + "enumDescriptions": [ + "Invalid value.", + "The vulnerable component is bound to the network stack and the set of possible attackers extends beyond the other options listed below, up to and including the entire Internet.", + "The vulnerable component is bound to the network stack, but the attack is limited at the protocol level to a logically adjacent topology.", + "The vulnerable component is not bound to the network stack and the attacker's path is via read/write/execute capabilities.", + "The attack requires the attacker to physically touch or manipulate the vulnerable component." + ], + "type": "string" + }, + "availabilityImpact": { + "description": "This metric measures the impact to the availability of the impacted component resulting from a successfully exploited vulnerability.", + "enum": [ + "IMPACT_UNSPECIFIED", + "IMPACT_HIGH", + "IMPACT_LOW", + "IMPACT_NONE" + ], + "enumDescriptions": [ + "Invalid value.", + "High impact.", + "Low impact.", + "No impact." + ], + "type": "string" + }, + "baseScore": { + "description": "The base score is a function of the base metric scores.", + "format": "double", + "type": "number" + }, + "confidentialityImpact": { + "description": "This metric measures the impact to the confidentiality of the information resources managed by a software component due to a successfully exploited vulnerability.", + "enum": [ + "IMPACT_UNSPECIFIED", + "IMPACT_HIGH", + "IMPACT_LOW", + "IMPACT_NONE" + ], + "enumDescriptions": [ + "Invalid value.", + "High impact.", + "Low impact.", + "No impact." + ], + "type": "string" + }, + "integrityImpact": { + "description": "This metric measures the impact to integrity of a successfully exploited vulnerability.", + "enum": [ + "IMPACT_UNSPECIFIED", + "IMPACT_HIGH", + "IMPACT_LOW", + "IMPACT_NONE" + ], + "enumDescriptions": [ + "Invalid value.", + "High impact.", + "Low impact.", + "No impact." + ], + "type": "string" + }, + "privilegesRequired": { + "description": "This metric describes the level of privileges an attacker must possess before successfully exploiting the vulnerability.", + "enum": [ + "PRIVILEGES_REQUIRED_UNSPECIFIED", + "PRIVILEGES_REQUIRED_NONE", + "PRIVILEGES_REQUIRED_LOW", + "PRIVILEGES_REQUIRED_HIGH" + ], + "enumDescriptions": [ + "Invalid value.", + "The attacker is unauthorized prior to attack, and therefore does not require any access to settings or files of the vulnerable system to carry out an attack.", + "The attacker requires privileges that provide basic user capabilities that could normally affect only settings and files owned by a user. Alternatively, an attacker with Low privileges has the ability to access only non-sensitive resources.", + "The attacker requires privileges that provide significant (e.g., administrative) control over the vulnerable component allowing access to component-wide settings and files." + ], + "type": "string" + }, + "scope": { + "description": "The Scope metric captures whether a vulnerability in one vulnerable component impacts resources in components beyond its security scope.", + "enum": [ + "SCOPE_UNSPECIFIED", + "SCOPE_UNCHANGED", + "SCOPE_CHANGED" + ], + "enumDescriptions": [ + "Invalid value.", + "An exploited vulnerability can only affect resources managed by the same security authority.", + "An exploited vulnerability can affect resources beyond the security scope managed by the security authority of the vulnerable component." + ], + "type": "string" + }, + "userInteraction": { + "description": "This metric captures the requirement for a human user, other than the attacker, to participate in the successful compromise of the vulnerable component.", + "enum": [ + "USER_INTERACTION_UNSPECIFIED", + "USER_INTERACTION_NONE", + "USER_INTERACTION_REQUIRED" + ], + "enumDescriptions": [ + "Invalid value.", + "The vulnerable system can be exploited without interaction from any user.", + "Successful exploitation of this vulnerability requires a user to take some action before the vulnerability can be exploited." + ], + "type": "string" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2Database": { + "description": "Represents database access information, such as queries. A database may be a sub-resource of an instance (as in the case of Cloud SQL instances or Cloud Spanner instances), or the database instance itself. Some database resources might not have the [full resource name](https://google.aip.dev/122#full-resource-names) populated because these resource types, such as Cloud SQL databases, are not yet supported by Cloud Asset Inventory. In these cases only the display name is provided.", + "id": "GoogleCloudSecuritycenterV2Database", + "properties": { + "displayName": { + "description": "The human-readable name of the database that the user connected to.", + "type": "string" + }, + "grantees": { + "description": "The target usernames, roles, or groups of an SQL privilege grant, which is not an IAM policy change.", + "items": { + "type": "string" + }, + "type": "array" + }, + "name": { + "description": "Some database resources may not have the [full resource name](https://google.aip.dev/122#full-resource-names) populated because these resource types are not yet supported by Cloud Asset Inventory (e.g. Cloud SQL databases). In these cases only the display name will be provided. The [full resource name](https://google.aip.dev/122#full-resource-names) of the database that the user connected to, if it is supported by Cloud Asset Inventory.", + "type": "string" + }, + "query": { + "description": "The SQL statement that is associated with the database access.", + "type": "string" + }, + "userName": { + "description": "The username used to connect to the database. The username might not be an IAM principal and does not have a set format.", + "type": "string" + }, + "version": { + "description": "The version of the database, for example, POSTGRES_14. See [the complete list](https://cloud.google.com/sql/docs/mysql/admin-api/rest/v1/SqlDatabaseVersion).", + "type": "string" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2Detection": { + "description": "Memory hash detection contributing to the binary family match.", + "id": "GoogleCloudSecuritycenterV2Detection", + "properties": { + "binary": { + "description": "The name of the binary associated with the memory hash signature detection.", + "type": "string" + }, + "percentPagesMatched": { + "description": "The percentage of memory page hashes in the signature that were matched.", + "format": "double", + "type": "number" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2EnvironmentVariable": { + "description": "A name-value pair representing an environment variable used in an operating system process.", + "id": "GoogleCloudSecuritycenterV2EnvironmentVariable", + "properties": { + "name": { + "description": "Environment variable name as a JSON encoded string.", + "type": "string" + }, + "val": { + "description": "Environment variable value as a JSON encoded string.", + "type": "string" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2ExfilResource": { + "description": "Resource where data was exfiltrated from or exfiltrated to.", + "id": "GoogleCloudSecuritycenterV2ExfilResource", + "properties": { + "components": { + "description": "Subcomponents of the asset that was exfiltrated, like URIs used during exfiltration, table names, databases, and filenames. For example, multiple tables might have been exfiltrated from the same Cloud SQL instance, or multiple files might have been exfiltrated from the same Cloud Storage bucket.", + "items": { + "type": "string" + }, + "type": "array" + }, + "name": { + "description": "The resource's [full resource name](https://cloud.google.com/apis/design/resource_names#full_resource_name).", + "type": "string" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2Exfiltration": { + "description": "Exfiltration represents a data exfiltration attempt from one or more sources to one or more targets. The `sources` attribute lists the sources of the exfiltrated data. The `targets` attribute lists the destinations the data was copied to.", + "id": "GoogleCloudSecuritycenterV2Exfiltration", + "properties": { + "sources": { + "description": "If there are multiple sources, then the data is considered \"joined\" between them. For instance, BigQuery can join multiple tables, and each table would be considered a source.", + "items": { + "$ref": "GoogleCloudSecuritycenterV2ExfilResource" + }, + "type": "array" + }, + "targets": { + "description": "If there are multiple targets, each target would get a complete copy of the \"joined\" source data.", + "items": { + "$ref": "GoogleCloudSecuritycenterV2ExfilResource" + }, + "type": "array" + }, + "totalExfiltratedBytes": { + "description": "Total exfiltrated bytes processed for the entire job.", + "format": "int64", + "type": "string" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2ExternalSystem": { + "description": "Representation of third party SIEM/SOAR fields within SCC.", + "id": "GoogleCloudSecuritycenterV2ExternalSystem", + "properties": { + "assignees": { + "description": "References primary/secondary etc assignees in the external system.", + "items": { + "type": "string" + }, + "type": "array" + }, + "externalSystemUpdateTime": { + "description": "The time when the case was last updated, as reported by the external system.", + "format": "google-datetime", + "type": "string" + }, + "externalUid": { + "description": "The identifier that's used to track the finding's corresponding case in the external system.", + "type": "string" + }, + "name": { + "description": "Full resource name of the external system. The following list shows some examples: + `organizations/1234/sources/5678/findings/123456/externalSystems/jira` + `organizations/1234/sources/5678/locations/us/findings/123456/externalSystems/jira` + `folders/1234/sources/5678/findings/123456/externalSystems/jira` + `folders/1234/sources/5678/locations/us/findings/123456/externalSystems/jira` + `projects/1234/sources/5678/findings/123456/externalSystems/jira` + `projects/1234/sources/5678/locations/us/findings/123456/externalSystems/jira`", + "type": "string" + }, + "status": { + "description": "The most recent status of the finding's corresponding case, as reported by the external system.", + "type": "string" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2File": { + "description": "File information about the related binary/library used by an executable, or the script used by a script interpreter", + "id": "GoogleCloudSecuritycenterV2File", + "properties": { + "contents": { + "description": "Prefix of the file contents as a JSON-encoded string.", + "type": "string" + }, + "hashedSize": { + "description": "The length in bytes of the file prefix that was hashed. If hashed_size == size, any hashes reported represent the entire file.", + "format": "int64", + "type": "string" + }, + "partiallyHashed": { + "description": "True when the hash covers only a prefix of the file.", + "type": "boolean" + }, + "path": { + "description": "Absolute path of the file as a JSON encoded string.", + "type": "string" + }, + "sha256": { + "description": "SHA256 hash of the first hashed_size bytes of the file encoded as a hex string. If hashed_size == size, sha256 represents the SHA256 hash of the entire file.", + "type": "string" + }, + "size": { + "description": "Size of the file in bytes.", + "format": "int64", + "type": "string" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2Finding": { + "description": "Security Command Center finding. A finding is a record of assessment data like security, risk, health, or privacy, that is ingested into Security Command Center for presentation, notification, analysis, policy testing, and enforcement. For example, a cross-site scripting (XSS) vulnerability in an App Engine application is a finding.", + "id": "GoogleCloudSecuritycenterV2Finding", + "properties": { + "access": { + "$ref": "GoogleCloudSecuritycenterV2Access", + "description": "Access details associated with the finding, such as more information on the caller, which method was accessed, and from where." + }, + "application": { + "$ref": "GoogleCloudSecuritycenterV2Application", + "description": "Represents an application associated with the finding." + }, + "attackExposure": { + "$ref": "GoogleCloudSecuritycenterV2AttackExposure", + "description": "The results of an attack path simulation relevant to this finding." + }, + "backupDisasterRecovery": { + "$ref": "GoogleCloudSecuritycenterV2BackupDisasterRecovery", + "description": "Fields related to Backup and DR findings." + }, + "canonicalName": { + "description": "Output only. The canonical name of the finding. The following list shows some examples: + `organizations/{organization_id}/sources/{source_id}/findings/{finding_id}` + `organizations/{organization_id}/sources/{source_id}/locations/{location_id}/findings/{finding_id}` + `folders/{folder_id}/sources/{source_id}/findings/{finding_id}` + `folders/{folder_id}/sources/{source_id}/locations/{location_id}/findings/{finding_id}` + `projects/{project_id}/sources/{source_id}/findings/{finding_id}` + `projects/{project_id}/sources/{source_id}/locations/{location_id}/findings/{finding_id}` The prefix is the closest CRM ancestor of the resource associated with the finding.", + "readOnly": true, + "type": "string" + }, + "category": { + "description": "Immutable. The additional taxonomy group within findings from a given source. Example: \"XSS_FLASH_INJECTION\"", + "type": "string" + }, + "cloudDlpDataProfile": { + "$ref": "GoogleCloudSecuritycenterV2CloudDlpDataProfile", + "description": "Cloud DLP data profile that is associated with the finding." + }, + "cloudDlpInspection": { + "$ref": "GoogleCloudSecuritycenterV2CloudDlpInspection", + "description": "Cloud Data Loss Prevention (Cloud DLP) inspection results that are associated with the finding." + }, + "compliances": { + "description": "Contains compliance information for security standards associated to the finding.", + "items": { + "$ref": "GoogleCloudSecuritycenterV2Compliance" + }, + "type": "array" + }, + "connections": { + "description": "Contains information about the IP connection associated with the finding.", + "items": { + "$ref": "GoogleCloudSecuritycenterV2Connection" + }, + "type": "array" + }, + "contacts": { + "additionalProperties": { + "$ref": "GoogleCloudSecuritycenterV2ContactDetails" + }, + "description": "Output only. Map containing the points of contact for the given finding. The key represents the type of contact, while the value contains a list of all the contacts that pertain. Please refer to: https://cloud.google.com/resource-manager/docs/managing-notification-contacts#notification-categories { \"security\": { \"contacts\": [ { \"email\": \"person1@company.com\" }, { \"email\": \"person2@company.com\" } ] } }", + "readOnly": true, + "type": "object" + }, + "containers": { + "description": "Containers associated with the finding. This field provides information for both Kubernetes and non-Kubernetes containers.", + "items": { + "$ref": "GoogleCloudSecuritycenterV2Container" + }, + "type": "array" + }, + "createTime": { + "description": "Output only. The time at which the finding was created in Security Command Center.", + "format": "google-datetime", + "readOnly": true, + "type": "string" + }, + "database": { + "$ref": "GoogleCloudSecuritycenterV2Database", + "description": "Database associated with the finding." + }, + "description": { + "description": "Contains more details about the finding.", + "type": "string" + }, + "eventTime": { + "description": "The time the finding was first detected. If an existing finding is updated, then this is the time the update occurred. For example, if the finding represents an open firewall, this property captures the time the detector believes the firewall became open. The accuracy is determined by the detector. If the finding is later resolved, then this time reflects when the finding was resolved. This must not be set to a value greater than the current timestamp.", + "format": "google-datetime", + "type": "string" + }, + "exfiltration": { + "$ref": "GoogleCloudSecuritycenterV2Exfiltration", + "description": "Represents exfiltrations associated with the finding." + }, + "externalSystems": { + "additionalProperties": { + "$ref": "GoogleCloudSecuritycenterV2ExternalSystem" + }, + "description": "Output only. Third party SIEM/SOAR fields within SCC, contains external system information and external system finding fields.", + "readOnly": true, + "type": "object" + }, + "externalUri": { + "description": "The URI that, if available, points to a web page outside of Security Command Center where additional information about the finding can be found. This field is guaranteed to be either empty or a well formed URL.", + "type": "string" + }, + "files": { + "description": "File associated with the finding.", + "items": { + "$ref": "GoogleCloudSecuritycenterV2File" + }, + "type": "array" + }, + "findingClass": { + "description": "The class of the finding.", + "enum": [ + "FINDING_CLASS_UNSPECIFIED", + "THREAT", + "VULNERABILITY", + "MISCONFIGURATION", + "OBSERVATION", + "SCC_ERROR", + "POSTURE_VIOLATION" + ], + "enumDescriptions": [ + "Unspecified finding class.", + "Describes unwanted or malicious activity.", + "Describes a potential weakness in software that increases risk to Confidentiality \u0026 Integrity \u0026 Availability.", + "Describes a potential weakness in cloud resource/asset configuration that increases risk.", + "Describes a security observation that is for informational purposes.", + "Describes an error that prevents some SCC functionality.", + "Describes a potential security risk due to a change in the security posture." + ], + "type": "string" + }, + "iamBindings": { + "description": "Represents IAM bindings associated with the finding.", + "items": { + "$ref": "GoogleCloudSecuritycenterV2IamBinding" + }, + "type": "array" + }, + "indicator": { + "$ref": "GoogleCloudSecuritycenterV2Indicator", + "description": "Represents what's commonly known as an *indicator of compromise* (IoC) in computer forensics. This is an artifact observed on a network or in an operating system that, with high confidence, indicates a computer intrusion. For more information, see [Indicator of compromise](https://en.wikipedia.org/wiki/Indicator_of_compromise)." + }, + "kernelRootkit": { + "$ref": "GoogleCloudSecuritycenterV2KernelRootkit", + "description": "Signature of the kernel rootkit." + }, + "kubernetes": { + "$ref": "GoogleCloudSecuritycenterV2Kubernetes", + "description": "Kubernetes resources associated with the finding." + }, + "loadBalancers": { + "description": "The load balancers associated with the finding.", + "items": { + "$ref": "GoogleCloudSecuritycenterV2LoadBalancer" + }, + "type": "array" + }, + "logEntries": { + "description": "Log entries that are relevant to the finding.", + "items": { + "$ref": "GoogleCloudSecuritycenterV2LogEntry" + }, + "type": "array" + }, + "mitreAttack": { + "$ref": "GoogleCloudSecuritycenterV2MitreAttack", + "description": "MITRE ATT\u0026CK tactics and techniques related to this finding. See: https://attack.mitre.org" + }, + "moduleName": { + "description": "Unique identifier of the module which generated the finding. Example: folders/598186756061/securityHealthAnalyticsSettings/customModules/56799441161885", + "type": "string" + }, + "mute": { + "description": "Indicates the mute state of a finding (either muted, unmuted or undefined). Unlike other attributes of a finding, a finding provider shouldn't set the value of mute.", + "enum": [ + "MUTE_UNSPECIFIED", + "MUTED", + "UNMUTED", + "UNDEFINED" + ], + "enumDescriptions": [ + "Unspecified.", + "Finding has been muted.", + "Finding has been unmuted.", + "Finding has never been muted/unmuted." + ], + "type": "string" + }, + "muteInitiator": { + "description": "Records additional information about the mute operation, for example, the [mute configuration](https://cloud.google.com/security-command-center/docs/how-to-mute-findings) that muted the finding and the user who muted the finding.", + "type": "string" + }, + "muteUpdateTime": { + "description": "Output only. The most recent time this finding was muted or unmuted.", + "format": "google-datetime", + "readOnly": true, + "type": "string" + }, + "name": { + "description": "The [relative resource name](https://cloud.google.com/apis/design/resource_names#relative_resource_name) of the finding. The following list shows some examples: + `organizations/{organization_id}/sources/{source_id}/findings/{finding_id}` + `organizations/{organization_id}/sources/{source_id}/locations/{location_id}/findings/{finding_id}` + `folders/{folder_id}/sources/{source_id}/findings/{finding_id}` + `folders/{folder_id}/sources/{source_id}/locations/{location_id}/findings/{finding_id}` + `projects/{project_id}/sources/{source_id}/findings/{finding_id}` + `projects/{project_id}/sources/{source_id}/locations/{location_id}/findings/{finding_id}`", + "type": "string" + }, + "nextSteps": { + "description": "Steps to address the finding.", + "type": "string" + }, + "orgPolicies": { + "description": "Contains information about the org policies associated with the finding.", + "items": { + "$ref": "GoogleCloudSecuritycenterV2OrgPolicy" + }, + "type": "array" + }, + "parent": { + "description": "The relative resource name of the source and location the finding belongs to. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name This field is immutable after creation time. The following list shows some examples: + `organizations/{organization_id}/sources/{source_id}` + `folders/{folders_id}/sources/{source_id}` + `projects/{projects_id}/sources/{source_id}` + `organizations/{organization_id}/sources/{source_id}/locations/{location_id}` + `folders/{folders_id}/sources/{source_id}/locations/{location_id}` + `projects/{projects_id}/sources/{source_id}/locations/{location_id}`", + "type": "string" + }, + "parentDisplayName": { + "description": "Output only. The human readable display name of the finding source such as \"Event Threat Detection\" or \"Security Health Analytics\".", + "readOnly": true, + "type": "string" + }, + "processes": { + "description": "Represents operating system processes associated with the Finding.", + "items": { + "$ref": "GoogleCloudSecuritycenterV2Process" + }, + "type": "array" + }, + "resourceName": { + "description": "Immutable. For findings on Google Cloud resources, the full resource name of the Google Cloud resource this finding is for. See: https://cloud.google.com/apis/design/resource_names#full_resource_name When the finding is for a non-Google Cloud resource, the resourceName can be a customer or partner defined string.", + "type": "string" + }, + "securityMarks": { + "$ref": "GoogleCloudSecuritycenterV2SecurityMarks", + "description": "Output only. User specified security marks. These marks are entirely managed by the user and come from the SecurityMarks resource that belongs to the finding.", + "readOnly": true + }, + "securityPosture": { + "$ref": "GoogleCloudSecuritycenterV2SecurityPosture", + "description": "The security posture associated with the finding." + }, + "severity": { + "description": "The severity of the finding. This field is managed by the source that writes the finding.", + "enum": [ + "SEVERITY_UNSPECIFIED", + "CRITICAL", + "HIGH", + "MEDIUM", + "LOW" + ], + "enumDescriptions": [ + "This value is used for findings when a source doesn't write a severity value.", + "Vulnerability: A critical vulnerability is easily discoverable by an external actor, exploitable, and results in the direct ability to execute arbitrary code, exfiltrate data, and otherwise gain additional access and privileges to cloud resources and workloads. Examples include publicly accessible unprotected user data and public SSH access with weak or no passwords. Threat: Indicates a threat that is able to access, modify, or delete data or execute unauthorized code within existing resources.", + "Vulnerability: A high risk vulnerability can be easily discovered and exploited in combination with other vulnerabilities in order to gain direct access and the ability to execute arbitrary code, exfiltrate data, and otherwise gain additional access and privileges to cloud resources and workloads. An example is a database with weak or no passwords that is only accessible internally. This database could easily be compromised by an actor that had access to the internal network. Threat: Indicates a threat that is able to create new computational resources in an environment but not able to access data or execute code in existing resources.", + "Vulnerability: A medium risk vulnerability could be used by an actor to gain access to resources or privileges that enable them to eventually (through multiple steps or a complex exploit) gain access and the ability to execute arbitrary code or exfiltrate data. An example is a service account with access to more projects than it should have. If an actor gains access to the service account, they could potentially use that access to manipulate a project the service account was not intended to. Threat: Indicates a threat that is able to cause operational impact but may not access data or execute unauthorized code.", + "Vulnerability: A low risk vulnerability hampers a security organization's ability to detect vulnerabilities or active threats in their deployment, or prevents the root cause investigation of security issues. An example is monitoring and logs being disabled for resource configurations and access. Threat: Indicates a threat that has obtained minimal access to an environment but is not able to access data, execute code, or create resources." + ], + "type": "string" + }, + "sourceProperties": { + "additionalProperties": { + "type": "any" + }, + "description": "Source specific properties. These properties are managed by the source that writes the finding. The key names in the source_properties map must be between 1 and 255 characters, and must start with a letter and contain alphanumeric characters or underscores only.", + "type": "object" + }, + "state": { + "description": "Output only. The state of the finding.", + "enum": [ + "STATE_UNSPECIFIED", + "ACTIVE", + "INACTIVE" + ], + "enumDescriptions": [ + "Unspecified state.", + "The finding requires attention and has not been addressed yet.", + "The finding has been fixed, triaged as a non-issue or otherwise addressed and is no longer active." + ], + "readOnly": true, + "type": "string" + }, + "vulnerability": { + "$ref": "GoogleCloudSecuritycenterV2Vulnerability", + "description": "Represents vulnerability-specific fields like CVE and CVSS scores. CVE stands for Common Vulnerabilities and Exposures (https://cve.mitre.org/about/)" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2Geolocation": { + "description": "Represents a geographical location for a given access.", + "id": "GoogleCloudSecuritycenterV2Geolocation", + "properties": { + "regionCode": { + "description": "A CLDR.", + "type": "string" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2IamBinding": { + "description": "Represents a particular IAM binding, which captures a member's role addition, removal, or state.", + "id": "GoogleCloudSecuritycenterV2IamBinding", + "properties": { + "action": { + "description": "The action that was performed on a Binding.", + "enum": [ + "ACTION_UNSPECIFIED", + "ADD", + "REMOVE" + ], + "enumDescriptions": [ + "Unspecified.", + "Addition of a Binding.", + "Removal of a Binding." + ], + "type": "string" + }, + "member": { + "description": "A single identity requesting access for a Cloud Platform resource, for example, \"foo@google.com\".", + "type": "string" + }, + "role": { + "description": "Role that is assigned to \"members\". For example, \"roles/viewer\", \"roles/editor\", or \"roles/owner\".", + "type": "string" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2Indicator": { + "description": "Represents what's commonly known as an _indicator of compromise_ (IoC) in computer forensics. This is an artifact observed on a network or in an operating system that, with high confidence, indicates a computer intrusion. For more information, see [Indicator of compromise](https://en.wikipedia.org/wiki/Indicator_of_compromise).", + "id": "GoogleCloudSecuritycenterV2Indicator", + "properties": { + "domains": { + "description": "List of domains associated to the Finding.", + "items": { + "type": "string" + }, + "type": "array" + }, + "ipAddresses": { + "description": "The list of IP addresses that are associated with the finding.", + "items": { + "type": "string" + }, + "type": "array" + }, + "signatures": { + "description": "The list of matched signatures indicating that the given process is present in the environment.", + "items": { + "$ref": "GoogleCloudSecuritycenterV2ProcessSignature" + }, + "type": "array" + }, + "uris": { + "description": "The list of URIs associated to the Findings.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2KernelRootkit": { + "description": "Kernel mode rootkit signatures.", + "id": "GoogleCloudSecuritycenterV2KernelRootkit", + "properties": { + "name": { + "description": "Rootkit name, when available.", + "type": "string" + }, + "unexpectedCodeModification": { + "description": "True if unexpected modifications of kernel code memory are present.", + "type": "boolean" + }, + "unexpectedFtraceHandler": { + "description": "True if `ftrace` points are present with callbacks pointing to regions that are not in the expected kernel or module code range.", + "type": "boolean" + }, + "unexpectedInterruptHandler": { + "description": "True if interrupt handlers that are are not in the expected kernel or module code regions are present.", + "type": "boolean" + }, + "unexpectedKernelCodePages": { + "description": "True if kernel code pages that are not in the expected kernel or module code regions are present.", + "type": "boolean" + }, + "unexpectedKprobeHandler": { + "description": "True if `kprobe` points are present with callbacks pointing to regions that are not in the expected kernel or module code range.", + "type": "boolean" + }, + "unexpectedProcessesInRunqueue": { + "description": "True if unexpected processes in the scheduler run queue are present. Such processes are in the run queue, but not in the process task list.", + "type": "boolean" + }, + "unexpectedReadOnlyDataModification": { + "description": "True if unexpected modifications of kernel read-only data memory are present.", + "type": "boolean" + }, + "unexpectedSystemCallHandler": { + "description": "True if system call handlers that are are not in the expected kernel or module code regions are present.", + "type": "boolean" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2Kubernetes": { + "description": "Kubernetes-related attributes.", + "id": "GoogleCloudSecuritycenterV2Kubernetes", + "properties": { + "accessReviews": { + "description": "Provides information on any Kubernetes access reviews (privilege checks) relevant to the finding.", + "items": { + "$ref": "GoogleCloudSecuritycenterV2AccessReview" + }, + "type": "array" + }, + "bindings": { + "description": "Provides Kubernetes role binding information for findings that involve [RoleBindings or ClusterRoleBindings](https://cloud.google.com/kubernetes-engine/docs/how-to/role-based-access-control).", + "items": { + "$ref": "GoogleCloudSecuritycenterV2Binding" + }, + "type": "array" + }, + "nodePools": { + "description": "GKE [node pools](https://cloud.google.com/kubernetes-engine/docs/concepts/node-pools) associated with the finding. This field contains node pool information for each node, when it is available.", + "items": { + "$ref": "GoogleCloudSecuritycenterV2NodePool" + }, + "type": "array" + }, + "nodes": { + "description": "Provides Kubernetes [node](https://cloud.google.com/kubernetes-engine/docs/concepts/cluster-architecture#nodes) information.", + "items": { + "$ref": "GoogleCloudSecuritycenterV2Node" + }, + "type": "array" + }, + "objects": { + "description": "Kubernetes objects related to the finding.", + "items": { + "$ref": "GoogleCloudSecuritycenterV2Object" + }, + "type": "array" + }, + "pods": { + "description": "Kubernetes [Pods](https://cloud.google.com/kubernetes-engine/docs/concepts/pod) associated with the finding. This field contains Pod records for each container that is owned by a Pod.", + "items": { + "$ref": "GoogleCloudSecuritycenterV2Pod" + }, + "type": "array" + }, + "roles": { + "description": "Provides Kubernetes role information for findings that involve [Roles or ClusterRoles](https://cloud.google.com/kubernetes-engine/docs/how-to/role-based-access-control).", + "items": { + "$ref": "GoogleCloudSecuritycenterV2Role" + }, + "type": "array" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2Label": { + "description": "Represents a generic name-value label. A label has separate name and value fields to support filtering with the `contains()` function. For more information, see [Filtering on array-type fields](https://cloud.google.com/security-command-center/docs/how-to-api-list-findings#array-contains-filtering).", + "id": "GoogleCloudSecuritycenterV2Label", + "properties": { + "name": { + "description": "Name of the label.", + "type": "string" + }, + "value": { + "description": "Value that corresponds to the label's name.", + "type": "string" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2LoadBalancer": { + "description": "Contains information related to the load balancer associated with the finding.", + "id": "GoogleCloudSecuritycenterV2LoadBalancer", + "properties": { + "name": { + "description": "The name of the load balancer associated with the finding.", + "type": "string" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2LogEntry": { + "description": "An individual entry in a log.", + "id": "GoogleCloudSecuritycenterV2LogEntry", + "properties": { + "cloudLoggingEntry": { + "$ref": "GoogleCloudSecuritycenterV2CloudLoggingEntry", + "description": "An individual entry in a log stored in Cloud Logging." + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2MemoryHashSignature": { + "description": "A signature corresponding to memory page hashes.", + "id": "GoogleCloudSecuritycenterV2MemoryHashSignature", + "properties": { + "binaryFamily": { + "description": "The binary family.", + "type": "string" + }, + "detections": { + "description": "The list of memory hash detections contributing to the binary family match.", + "items": { + "$ref": "GoogleCloudSecuritycenterV2Detection" + }, + "type": "array" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2MitreAttack": { + "description": "MITRE ATT\u0026CK tactics and techniques related to this finding. See: https://attack.mitre.org", + "id": "GoogleCloudSecuritycenterV2MitreAttack", + "properties": { + "additionalTactics": { + "description": "Additional MITRE ATT\u0026CK tactics related to this finding, if any.", + "items": { + "enum": [ + "TACTIC_UNSPECIFIED", + "RECONNAISSANCE", + "RESOURCE_DEVELOPMENT", + "INITIAL_ACCESS", + "EXECUTION", + "PERSISTENCE", + "PRIVILEGE_ESCALATION", + "DEFENSE_EVASION", + "CREDENTIAL_ACCESS", + "DISCOVERY", + "LATERAL_MOVEMENT", + "COLLECTION", + "COMMAND_AND_CONTROL", + "EXFILTRATION", + "IMPACT" + ], + "enumDescriptions": [ + "Unspecified value.", + "TA0043", + "TA0042", + "TA0001", + "TA0002", + "TA0003", + "TA0004", + "TA0005", + "TA0006", + "TA0007", + "TA0008", + "TA0009", + "TA0011", + "TA0010", + "TA0040" + ], + "type": "string" + }, + "type": "array" + }, + "additionalTechniques": { + "description": "Additional MITRE ATT\u0026CK techniques related to this finding, if any, along with any of their respective parent techniques.", + "items": { + "enum": [ + "TECHNIQUE_UNSPECIFIED", + "ACTIVE_SCANNING", + "SCANNING_IP_BLOCKS", + "INGRESS_TOOL_TRANSFER", + "NATIVE_API", + "SHARED_MODULES", + "COMMAND_AND_SCRIPTING_INTERPRETER", + "UNIX_SHELL", + "RESOURCE_HIJACKING", + "PROXY", + "EXTERNAL_PROXY", + "MULTI_HOP_PROXY", + "DYNAMIC_RESOLUTION", + "UNSECURED_CREDENTIALS", + "VALID_ACCOUNTS", + "LOCAL_ACCOUNTS", + "CLOUD_ACCOUNTS", + "NETWORK_DENIAL_OF_SERVICE", + "PERMISSION_GROUPS_DISCOVERY", + "CLOUD_GROUPS", + "EXFILTRATION_OVER_WEB_SERVICE", + "EXFILTRATION_TO_CLOUD_STORAGE", + "ACCOUNT_MANIPULATION", + "SSH_AUTHORIZED_KEYS", + "CREATE_OR_MODIFY_SYSTEM_PROCESS", + "STEAL_WEB_SESSION_COOKIE", + "MODIFY_CLOUD_COMPUTE_INFRASTRUCTURE", + "EXPLOIT_PUBLIC_FACING_APPLICATION", + "MODIFY_AUTHENTICATION_PROCESS", + "DATA_DESTRUCTION", + "DOMAIN_POLICY_MODIFICATION", + "IMPAIR_DEFENSES", + "NETWORK_SERVICE_DISCOVERY", + "ACCESS_TOKEN_MANIPULATION", + "ABUSE_ELEVATION_CONTROL_MECHANISM", + "DEFAULT_ACCOUNTS", + "INHIBIT_SYSTEM_RECOVERY" + ], + "enumDescriptions": [ + "Unspecified value.", + "T1595", + "T1595.001", + "T1105", + "T1106", + "T1129", + "T1059", + "T1059.004", + "T1496", + "T1090", + "T1090.002", + "T1090.003", + "T1568", + "T1552", + "T1078", + "T1078.003", + "T1078.004", + "T1498", + "T1069", + "T1069.003", + "T1567", + "T1567.002", + "T1098", + "T1098.004", + "T1543", + "T1539", + "T1578", + "T1190", + "T1556", + "T1485", + "T1484", + "T1562", + "T1046", + "T1134", + "T1548", + "T1078.001", + "T1490" + ], + "type": "string" + }, + "type": "array" + }, + "primaryTactic": { + "description": "The MITRE ATT\u0026CK tactic most closely represented by this finding, if any.", + "enum": [ + "TACTIC_UNSPECIFIED", + "RECONNAISSANCE", + "RESOURCE_DEVELOPMENT", + "INITIAL_ACCESS", + "EXECUTION", + "PERSISTENCE", + "PRIVILEGE_ESCALATION", + "DEFENSE_EVASION", + "CREDENTIAL_ACCESS", + "DISCOVERY", + "LATERAL_MOVEMENT", + "COLLECTION", + "COMMAND_AND_CONTROL", + "EXFILTRATION", + "IMPACT" + ], + "enumDescriptions": [ + "Unspecified value.", + "TA0043", + "TA0042", + "TA0001", + "TA0002", + "TA0003", + "TA0004", + "TA0005", + "TA0006", + "TA0007", + "TA0008", + "TA0009", + "TA0011", + "TA0010", + "TA0040" + ], + "type": "string" + }, + "primaryTechniques": { + "description": "The MITRE ATT\u0026CK technique most closely represented by this finding, if any. primary_techniques is a repeated field because there are multiple levels of MITRE ATT\u0026CK techniques. If the technique most closely represented by this finding is a sub-technique (e.g. `SCANNING_IP_BLOCKS`), both the sub-technique and its parent technique(s) will be listed (e.g. `SCANNING_IP_BLOCKS`, `ACTIVE_SCANNING`).", + "items": { + "enum": [ + "TECHNIQUE_UNSPECIFIED", + "ACTIVE_SCANNING", + "SCANNING_IP_BLOCKS", + "INGRESS_TOOL_TRANSFER", + "NATIVE_API", + "SHARED_MODULES", + "COMMAND_AND_SCRIPTING_INTERPRETER", + "UNIX_SHELL", + "RESOURCE_HIJACKING", + "PROXY", + "EXTERNAL_PROXY", + "MULTI_HOP_PROXY", + "DYNAMIC_RESOLUTION", + "UNSECURED_CREDENTIALS", + "VALID_ACCOUNTS", + "LOCAL_ACCOUNTS", + "CLOUD_ACCOUNTS", + "NETWORK_DENIAL_OF_SERVICE", + "PERMISSION_GROUPS_DISCOVERY", + "CLOUD_GROUPS", + "EXFILTRATION_OVER_WEB_SERVICE", + "EXFILTRATION_TO_CLOUD_STORAGE", + "ACCOUNT_MANIPULATION", + "SSH_AUTHORIZED_KEYS", + "CREATE_OR_MODIFY_SYSTEM_PROCESS", + "STEAL_WEB_SESSION_COOKIE", + "MODIFY_CLOUD_COMPUTE_INFRASTRUCTURE", + "EXPLOIT_PUBLIC_FACING_APPLICATION", + "MODIFY_AUTHENTICATION_PROCESS", + "DATA_DESTRUCTION", + "DOMAIN_POLICY_MODIFICATION", + "IMPAIR_DEFENSES", + "NETWORK_SERVICE_DISCOVERY", + "ACCESS_TOKEN_MANIPULATION", + "ABUSE_ELEVATION_CONTROL_MECHANISM", + "DEFAULT_ACCOUNTS", + "INHIBIT_SYSTEM_RECOVERY" + ], + "enumDescriptions": [ + "Unspecified value.", + "T1595", + "T1595.001", + "T1105", + "T1106", + "T1129", + "T1059", + "T1059.004", + "T1496", + "T1090", + "T1090.002", + "T1090.003", + "T1568", + "T1552", + "T1078", + "T1078.003", + "T1078.004", + "T1498", + "T1069", + "T1069.003", + "T1567", + "T1567.002", + "T1098", + "T1098.004", + "T1543", + "T1539", + "T1578", + "T1190", + "T1556", + "T1485", + "T1484", + "T1562", + "T1046", + "T1134", + "T1548", + "T1078.001", + "T1490" + ], + "type": "string" + }, + "type": "array" + }, + "version": { + "description": "The MITRE ATT\u0026CK version referenced by the above fields. E.g. \"8\".", + "type": "string" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2MuteConfig": { + "description": "A mute config is a Cloud SCC resource that contains the configuration to mute create/update events of findings.", + "id": "GoogleCloudSecuritycenterV2MuteConfig", + "properties": { + "createTime": { + "description": "Output only. The time at which the mute config was created. This field is set by the server and will be ignored if provided on config creation.", + "format": "google-datetime", + "readOnly": true, + "type": "string" + }, + "description": { + "description": "A description of the mute config.", + "type": "string" + }, + "filter": { + "description": "Required. An expression that defines the filter to apply across create/update events of findings. While creating a filter string, be mindful of the scope in which the mute configuration is being created. E.g., If a filter contains project = X but is created under the project = Y scope, it might not match any findings. The following field and operator combinations are supported: * severity: `=`, `:` * category: `=`, `:` * resource.name: `=`, `:` * resource.project_name: `=`, `:` * resource.project_display_name: `=`, `:` * resource.folders.resource_folder: `=`, `:` * resource.parent_name: `=`, `:` * resource.parent_display_name: `=`, `:` * resource.type: `=`, `:` * finding_class: `=`, `:` * indicator.ip_addresses: `=`, `:` * indicator.domains: `=`, `:`", + "type": "string" + }, + "mostRecentEditor": { + "description": "Output only. Email address of the user who last edited the mute config. This field is set by the server and will be ignored if provided on config creation or update.", + "readOnly": true, + "type": "string" + }, + "name": { + "description": "This field will be ignored if provided on config creation. The following list shows some examples of the format: + `organizations/{organization}/muteConfigs/{mute_config}` + `organizations/{organization}locations/{location}//muteConfigs/{mute_config}` + `folders/{folder}/muteConfigs/{mute_config}` + `folders/{folder}/locations/{location}/muteConfigs/{mute_config}` + `projects/{project}/muteConfigs/{mute_config}` + `projects/{project}/locations/{location}/muteConfigs/{mute_config}`", + "type": "string" + }, + "updateTime": { + "description": "Output only. The most recent time at which the mute config was updated. This field is set by the server and will be ignored if provided on config creation or update.", + "format": "google-datetime", + "readOnly": true, + "type": "string" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2Node": { + "description": "Kubernetes nodes associated with the finding.", + "id": "GoogleCloudSecuritycenterV2Node", + "properties": { + "name": { + "description": "[Full resource name](https://google.aip.dev/122#full-resource-names) of the Compute Engine VM running the cluster node.", + "type": "string" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2NodePool": { + "description": "Provides GKE node pool information.", + "id": "GoogleCloudSecuritycenterV2NodePool", + "properties": { + "name": { + "description": "Kubernetes node pool name.", + "type": "string" + }, + "nodes": { + "description": "Nodes associated with the finding.", + "items": { + "$ref": "GoogleCloudSecuritycenterV2Node" + }, + "type": "array" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2NotificationMessage": { + "description": "Cloud SCC's Notification", + "id": "GoogleCloudSecuritycenterV2NotificationMessage", + "properties": { + "finding": { + "$ref": "GoogleCloudSecuritycenterV2Finding", + "description": "If it's a Finding based notification config, this field will be populated." + }, + "notificationConfigName": { + "description": "Name of the notification config that generated current notification.", + "type": "string" + }, + "resource": { + "$ref": "GoogleCloudSecuritycenterV2Resource", + "description": "The Cloud resource tied to this notification's Finding." + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2Object": { + "description": "Kubernetes object related to the finding, uniquely identified by GKNN. Used if the object Kind is not one of Pod, Node, NodePool, Binding, or AccessReview.", + "id": "GoogleCloudSecuritycenterV2Object", + "properties": { + "containers": { + "description": "Pod containers associated with this finding, if any.", + "items": { + "$ref": "GoogleCloudSecuritycenterV2Container" + }, + "type": "array" + }, + "group": { + "description": "Kubernetes object group, such as \"policy.k8s.io/v1\".", + "type": "string" + }, + "kind": { + "description": "Kubernetes object kind, such as \"Namespace\".", + "type": "string" + }, + "name": { + "description": "Kubernetes object name. For details see https://kubernetes.io/docs/concepts/overview/working-with-objects/names/.", + "type": "string" + }, + "ns": { + "description": "Kubernetes object namespace. Must be a valid DNS label. Named \"ns\" to avoid collision with C++ namespace keyword. For details see https://kubernetes.io/docs/tasks/administer-cluster/namespaces/.", + "type": "string" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2OrgPolicy": { + "description": "Contains information about the org policies associated with the finding.", + "id": "GoogleCloudSecuritycenterV2OrgPolicy", + "properties": { + "name": { + "description": "The resource name of the org policy. Example: \"organizations/{organization_id}/policies/{constraint_name}\"", + "type": "string" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2Pod": { + "description": "A Kubernetes Pod.", + "id": "GoogleCloudSecuritycenterV2Pod", + "properties": { + "containers": { + "description": "Pod containers associated with this finding, if any.", + "items": { + "$ref": "GoogleCloudSecuritycenterV2Container" + }, + "type": "array" + }, + "labels": { + "description": "Pod labels. For Kubernetes containers, these are applied to the container.", + "items": { + "$ref": "GoogleCloudSecuritycenterV2Label" + }, + "type": "array" + }, + "name": { + "description": "Kubernetes Pod name.", + "type": "string" + }, + "ns": { + "description": "Kubernetes Pod namespace.", + "type": "string" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2Process": { + "description": "Represents an operating system process.", + "id": "GoogleCloudSecuritycenterV2Process", + "properties": { + "args": { + "description": "Process arguments as JSON encoded strings.", + "items": { + "type": "string" + }, + "type": "array" + }, + "argumentsTruncated": { + "description": "True if `args` is incomplete.", + "type": "boolean" + }, + "binary": { + "$ref": "GoogleCloudSecuritycenterV2File", + "description": "File information for the process executable." + }, + "envVariables": { + "description": "Process environment variables.", + "items": { + "$ref": "GoogleCloudSecuritycenterV2EnvironmentVariable" + }, + "type": "array" + }, + "envVariablesTruncated": { + "description": "True if `env_variables` is incomplete.", + "type": "boolean" + }, + "libraries": { + "description": "File information for libraries loaded by the process.", + "items": { + "$ref": "GoogleCloudSecuritycenterV2File" + }, + "type": "array" + }, + "name": { + "description": "The process name, as displayed in utilities like `top` and `ps`. This name can be accessed through `/proc/[pid]/comm` and changed with `prctl(PR_SET_NAME)`.", + "type": "string" + }, + "parentPid": { + "description": "The parent process ID.", + "format": "int64", + "type": "string" + }, + "pid": { + "description": "The process ID.", + "format": "int64", + "type": "string" + }, + "script": { + "$ref": "GoogleCloudSecuritycenterV2File", + "description": "When the process represents the invocation of a script, `binary` provides information about the interpreter, while `script` provides information about the script file provided to the interpreter." + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2ProcessSignature": { + "description": "Indicates what signature matched this process.", + "id": "GoogleCloudSecuritycenterV2ProcessSignature", + "properties": { + "memoryHashSignature": { + "$ref": "GoogleCloudSecuritycenterV2MemoryHashSignature", + "description": "Signature indicating that a binary family was matched." + }, + "yaraRuleSignature": { + "$ref": "GoogleCloudSecuritycenterV2YaraRuleSignature", + "description": "Signature indicating that a YARA rule was matched." + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2Reference": { + "description": "Additional Links", + "id": "GoogleCloudSecuritycenterV2Reference", + "properties": { + "source": { + "description": "Source of the reference e.g. NVD", + "type": "string" + }, + "uri": { + "description": "Uri for the mentioned source e.g. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34527.", + "type": "string" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2Resource": { + "description": "Information related to the Google Cloud resource.", + "id": "GoogleCloudSecuritycenterV2Resource", + "properties": { + "displayName": { + "description": "The human readable name of the resource.", + "type": "string" + }, + "name": { + "description": "The full resource name of the resource. See: https://cloud.google.com/apis/design/resource_names#full_resource_name", + "type": "string" + }, + "type": { + "description": "The full resource type of the resource.", + "type": "string" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2ResourceValueConfig": { + "description": "A resource value config (RVC) is a mapping configuration of user's resources to resource values. Used in Attack path simulations.", + "id": "GoogleCloudSecuritycenterV2ResourceValueConfig", + "properties": { + "createTime": { + "description": "Output only. Timestamp this resource value config was created.", + "format": "google-datetime", + "readOnly": true, + "type": "string" + }, + "description": { + "description": "Description of the resource value config.", + "type": "string" + }, + "name": { + "description": "Name for the resource value config", + "type": "string" + }, + "resourceLabelsSelector": { + "additionalProperties": { + "type": "string" + }, + "description": "List of resource labels to search for, evaluated with AND. E.g. \"resource_labels_selector\": {\"key\": \"value\", \"env\": \"prod\"} will match resources with labels \"key\": \"value\" AND \"env\": \"prod\" https://cloud.google.com/resource-manager/docs/creating-managing-labels", + "type": "object" + }, + "resourceType": { + "description": "Apply resource_value only to resources that match resource_type. resource_type will be checked with \"AND\" of other resources. E.g. \"storage.googleapis.com/Bucket\" with resource_value \"HIGH\" will apply \"HIGH\" value only to \"storage.googleapis.com/Bucket\" resources.", + "type": "string" + }, + "resourceValue": { + "description": "Required. Resource value level this expression represents", + "enum": [ + "RESOURCE_VALUE_UNSPECIFIED", + "HIGH", + "MEDIUM", + "LOW", + "NONE" + ], + "enumDescriptions": [ + "Unspecific value", + "High resource value", + "Medium resource value", + "Low resource value", + "No resource value, e.g. ignore these resources" + ], + "type": "string" + }, + "scope": { + "description": "Project or folder to scope this config to. For example, \"project/456\" would apply this config only to resources in \"project/456\" scope will be checked with \"AND\" of other resources.", + "type": "string" + }, + "tagValues": { + "description": "Required. Tag values combined with AND to check against. Values in the form \"tagValues/123\" E.g. [ \"tagValues/123\", \"tagValues/456\", \"tagValues/789\" ] https://cloud.google.com/resource-manager/docs/tags/tags-creating-and-managing", + "items": { + "type": "string" + }, + "type": "array" + }, + "updateTime": { + "description": "Output only. Timestamp this resource value config was last updated.", + "format": "google-datetime", + "readOnly": true, + "type": "string" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2Role": { + "description": "Kubernetes Role or ClusterRole.", + "id": "GoogleCloudSecuritycenterV2Role", + "properties": { + "kind": { + "description": "Role type.", + "enum": [ + "KIND_UNSPECIFIED", + "ROLE", + "CLUSTER_ROLE" + ], + "enumDescriptions": [ + "Role type is not specified.", + "Kubernetes Role.", + "Kubernetes ClusterRole." + ], + "type": "string" + }, + "name": { + "description": "Role name.", + "type": "string" + }, + "ns": { + "description": "Role namespace.", + "type": "string" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2SecurityMarks": { + "description": "User specified security marks that are attached to the parent Security Command Center resource. Security marks are scoped within a Security Command Center organization -- they can be modified and viewed by all users who have proper permissions on the organization.", + "id": "GoogleCloudSecuritycenterV2SecurityMarks", + "properties": { + "canonicalName": { + "description": "The canonical name of the marks. The following list shows some examples: + `organizations/{organization_id}/assets/{asset_id}/securityMarks\" + `organizations/{organization_id}/sources/{source_id}/findings/{finding_id}/securityMarks\" + `organizations/{organization_id}/sources/{source_id}/locations/{location}/findings/{finding_id}/securityMarks\" + `folders/{folder_id}/assets/{asset_id}/securityMarks\" + `folders/{folder_id}/sources/{source_id}/findings/{finding_id}/securityMarks\" + `folders/{folder_id}/sources/{source_id}/locations/{location}/findings/{finding_id}/securityMarks\" + `projects/{project_number}/assets/{asset_id}/securityMarks\" + `projects/{project_number}/sources/{source_id}/findings/{finding_id}/securityMarks\" + `projects/{project_number}/sources/{source_id}/locations/{location}/findings/{finding_id}/securityMarks\"", + "type": "string" + }, + "marks": { + "additionalProperties": { + "type": "string" + }, + "description": "Mutable user specified security marks belonging to the parent resource. Constraints are as follows: * Keys and values are treated as case insensitive * Keys must be between 1 - 256 characters (inclusive) * Keys must be letters, numbers, underscores, or dashes * Values have leading and trailing whitespace trimmed, remaining characters must be between 1 - 4096 characters (inclusive)", + "type": "object" + }, + "name": { + "description": "The relative resource name of the SecurityMarks. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name The following list shows some examples: + `organizations/{organization_id}/assets/{asset_id}/securityMarks` + `organizations/{organization_id}/sources/{source_id}/findings/{finding_id}/securityMarks` + `organizations/{organization_id}/sources/{source_id}/locations/{location}/findings/{finding_id}/securityMarks`", + "type": "string" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2SecurityPosture": { + "description": "Represents a posture that is deployed on Google Cloud by the Security Command Center Posture Management service. A posture contains one or more policy sets. A policy set is a group of policies that enforce a set of security rules on Google Cloud.", + "id": "GoogleCloudSecuritycenterV2SecurityPosture", + "properties": { + "changedPolicy": { + "description": "The name of the policy that has been updated, for example, `projects/{project_id}/policies/{constraint_name}`.", + "type": "string" + }, + "name": { + "description": "Name of the posture, for example, `organizations/{org_id}/locations/{location}/postures/{posture_name}`.", + "type": "string" + }, + "postureDeployment": { + "description": "The name of the posture deployment, for example, `projects/{project_id}/posturedeployments/{posture_deployment_id}`.", + "type": "string" + }, + "postureDeploymentResource": { + "description": "The project, folder, or organization on which the posture is deployed, for example, `projects/{project_id}`.", + "type": "string" + }, + "revisionId": { + "description": "The version of the posture, for example, `c7cfa2a8`.", + "type": "string" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2ServiceAccountDelegationInfo": { + "description": "Identity delegation history of an authenticated service account.", + "id": "GoogleCloudSecuritycenterV2ServiceAccountDelegationInfo", + "properties": { + "principalEmail": { + "description": "The email address of a Google account.", + "type": "string" + }, + "principalSubject": { + "description": "A string representing the principal_subject associated with the identity. As compared to `principal_email`, supports principals that aren't associated with email addresses, such as third party principals. For most identities, the format will be `principal://iam.googleapis.com/{identity pool name}/subjects/{subject}` except for some GKE identities (GKE_WORKLOAD, FREEFORM, GKE_HUB_WORKLOAD) that are still in the legacy format `serviceAccount:{identity pool name}[{subject}]`", + "type": "string" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2Subject": { + "description": "Represents a Kubernetes subject.", + "id": "GoogleCloudSecuritycenterV2Subject", + "properties": { + "kind": { + "description": "Authentication type for the subject.", + "enum": [ + "AUTH_TYPE_UNSPECIFIED", + "USER", + "SERVICEACCOUNT", + "GROUP" + ], + "enumDescriptions": [ + "Authentication is not specified.", + "User with valid certificate.", + "Users managed by Kubernetes API with credentials stored as secrets.", + "Collection of users." + ], + "type": "string" + }, + "name": { + "description": "Name for the subject.", + "type": "string" + }, + "ns": { + "description": "Namespace for the subject.", + "type": "string" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2Vulnerability": { + "description": "Refers to common vulnerability fields e.g. cve, cvss, cwe etc.", + "id": "GoogleCloudSecuritycenterV2Vulnerability", + "properties": { + "cve": { + "$ref": "GoogleCloudSecuritycenterV2Cve", + "description": "CVE stands for Common Vulnerabilities and Exposures (https://cve.mitre.org/about/)" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2YaraRuleSignature": { + "description": "A signature corresponding to a YARA rule.", + "id": "GoogleCloudSecuritycenterV2YaraRuleSignature", + "properties": { + "yaraRule": { + "description": "The name of the YARA rule.", + "type": "string" + } + }, + "type": "object" + }, "GroupAssetsRequest": { "description": "Request message for grouping by assets.", "id": "GroupAssetsRequest", @@ -8285,7 +10502,7 @@ "type": "string" }, "kind": { - "description": "Kubernetes object kind, such as “Namespace”.", + "description": "Kubernetes object kind, such as \"Namespace\".", "type": "string" }, "name": { @@ -8818,7 +11035,7 @@ "properties": { "customConfig": { "$ref": "GoogleCloudSecuritycenterV1CustomConfig", - "description": "Required. The user specified custom configuration to test." + "description": "Required. The custom configuration that you need to test." }, "resource": { "$ref": "SimulatedResource", @@ -8828,7 +11045,7 @@ "type": "object" }, "SimulateSecurityHealthAnalyticsCustomModuleResponse": { - "description": "Response message for simulating a SecurityHealthAnalyticsCustomModule against a given resource.", + "description": "Response message for simulating a `SecurityHealthAnalyticsCustomModule` against a given resource.", "id": "SimulateSecurityHealthAnalyticsCustomModuleResponse", "properties": { "result": { @@ -8839,7 +11056,7 @@ "type": "object" }, "SimulatedResource": { - "description": "Manually constructed resource. If the custom module only evaluates against the resource data, the iam_policy_data field can be omitted, and vice versa.", + "description": "Manually constructed resource name. If the custom module evaluates against only the resource data, you can omit the `iam_policy_data` field. If it evaluates only the `iam_policy_data` field, you can omit the resource data.", "id": "SimulatedResource", "properties": { "iamPolicyData": { @@ -8851,11 +11068,11 @@ "description": "Properties of the object.", "type": "any" }, - "description": "Optional. A representation of the GCP resource. Should match the GCP resource JSON format.", + "description": "Optional. A representation of the Google Cloud resource. Should match the Google Cloud resource JSON format.", "type": "object" }, "resourceType": { - "description": "Required. The type of the resource, e.g. `compute.googleapis.com/Disk`.", + "description": "Required. The type of the resource, for example, `compute.googleapis.com/Disk`.", "type": "string" } }, diff --git a/securitycenter/v1/securitycenter-gen.go b/securitycenter/v1/securitycenter-gen.go index 91ce54175fd..c662f88af64 100644 --- a/securitycenter/v1/securitycenter-gen.go +++ b/securitycenter/v1/securitycenter-gen.go @@ -928,6 +928,41 @@ func (s *AccessReview) MarshalJSON() ([]byte, error) { return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) } +// Application: Represents an application associated with a finding. +type Application struct { + // BaseUri: The base URI that identifies the network location of the + // application in which the vulnerability was detected. Examples: + // http://11.22.33.44, http://foo.com, http://11.22.33.44:8080 + BaseUri string `json:"baseUri,omitempty"` + + // FullUri: The full URI with payload that can be used to reproduce the + // vulnerability. Example: + // http://11.22.33.44/reflected/parameter/attribute/singlequoted/js?p=aMmYgI6H + FullUri string `json:"fullUri,omitempty"` + + // ForceSendFields is a list of field names (e.g. "BaseUri") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "BaseUri") to include in + // API requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *Application) MarshalJSON() ([]byte, error) { + type NoMethod Application + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + // Asset: Security Command Center representation of a Google Cloud // resource. The Asset is a Security Command Center resource that // captures information about a single Google Cloud resource. All @@ -1384,6 +1419,94 @@ func (s *AuditLogConfig) MarshalJSON() ([]byte, error) { return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) } +// BackupDisasterRecovery: Information related to Google Cloud Backup +// and DR Service findings. +type BackupDisasterRecovery struct { + // Appliance: The name of the Backup and DR appliance that captures, + // moves, and manages the lifecycle of backup data. For example, + // “backup-server-57137”. + Appliance string `json:"appliance,omitempty"` + + // Applications: The names of Backup and DR applications. An application + // is a VM, database, or file system on a managed host monitored by a + // backup and recovery appliance. For example, “centos7-01-vol00”, + // “centos7-01-vol01”, “centos7-01-vol02”. + Applications []string `json:"applications,omitempty"` + + // BackupCreateTime: The timestamp at which the Backup and DR backup was + // created. + BackupCreateTime string `json:"backupCreateTime,omitempty"` + + // BackupTemplate: The name of a Backup and DR template which comprises + // one or more backup policies. See the Backup and DR documentation + // (https://cloud.google.com/backup-disaster-recovery/docs/concepts/backup-plan#temp) + // for more information. For example, “snap-ov”. + BackupTemplate string `json:"backupTemplate,omitempty"` + + // BackupType: The backup type of the Backup and DR image. For example, + // “Snapshot”, “Remote Snapshot”, “OnVault”. + BackupType string `json:"backupType,omitempty"` + + // Host: The name of a Backup and DR host, which is managed by the + // backup and recovery appliance and known to the management console. + // The host can be of type Generic (for example, Compute Engine, SQL + // Server, Oracle DB, SMB file system, etc.), vCenter, or an ESX server. + // See the Backup and DR documentation on hosts + // (https://cloud.google.com/backup-disaster-recovery/docs/configuration/manage-hosts-and-their-applications) + // for more information. For example, “centos7-01”. + Host string `json:"host,omitempty"` + + // Policies: The names of Backup and DR policies that are associated + // with a template and that define when to run a backup, how frequently + // to run a backup, and how long to retain the backup image. For + // example, “onvaults”. + Policies []string `json:"policies,omitempty"` + + // PolicyOptions: The names of Backup and DR advanced policy options of + // a policy applying to an application. See the Backup and DR + // documentation on policy options + // (https://cloud.google.com/backup-disaster-recovery/docs/create-plan/policy-settings). + // For example, “skipofflineappsincongrp, nounmap”. + PolicyOptions []string `json:"policyOptions,omitempty"` + + // Profile: The name of the Backup and DR resource profile that + // specifies the storage media for backups of application and VM data. + // See the Backup and DR documentation on profiles + // (https://cloud.google.com/backup-disaster-recovery/docs/concepts/backup-plan#profile). + // For example, “GCP”. + Profile string `json:"profile,omitempty"` + + // StoragePool: The name of the Backup and DR storage pool that the + // backup and recovery appliance is storing data in. The storage pool + // could be of type Cloud, Primary, Snapshot, or OnVault. See the Backup + // and DR documentation on storage pools + // (https://cloud.google.com/backup-disaster-recovery/docs/concepts/storage-pools). + // For example, “DiskPoolOne”. + StoragePool string `json:"storagePool,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Appliance") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Appliance") to include in + // API requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *BackupDisasterRecovery) MarshalJSON() ([]byte, error) { + type NoMethod BackupDisasterRecovery + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + // BatchCreateResourceValueConfigsRequest: Request message to create // multiple resource value configs type BatchCreateResourceValueConfigsRequest struct { @@ -1735,6 +1858,59 @@ func (s *Compliance) MarshalJSON() ([]byte, error) { return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) } +// ComplianceSnapshot: Result containing the properties and count of a +// ComplianceSnapshot request. +type ComplianceSnapshot struct { + // Category: The category of Findings matching. + Category string `json:"category,omitempty"` + + // ComplianceStandard: The compliance standard (ie CIS). + ComplianceStandard string `json:"complianceStandard,omitempty"` + + // ComplianceVersion: The compliance version (ie 1.3) in CIS 1.3. + ComplianceVersion string `json:"complianceVersion,omitempty"` + + // Count: Total count of findings for the given properties. + Count int64 `json:"count,omitempty,string"` + + // LeafContainerResource: The leaf container resource name that is + // closest to the snapshot. + LeafContainerResource string `json:"leafContainerResource,omitempty"` + + // Name: The compliance snapshot name. Format: + // //sources//complianceSnapshots/ + Name string `json:"name,omitempty"` + + // ProjectDisplayName: The CRM resource display name that is closest to + // the snapshot the Findings belong to. + ProjectDisplayName string `json:"projectDisplayName,omitempty"` + + // SnapshotTime: The snapshot time of the snapshot. + SnapshotTime string `json:"snapshotTime,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Category") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Category") to include in + // API requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *ComplianceSnapshot) MarshalJSON() ([]byte, error) { + type NoMethod ComplianceSnapshot + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + // Connection: Contains information about the IP connection associated // with the finding. type Connection struct { @@ -2613,10 +2789,16 @@ type Finding struct { // information on the caller, which method was accessed, and from where. Access *Access `json:"access,omitempty"` + // Application: Represents an application associated with the finding. + Application *Application `json:"application,omitempty"` + // AttackExposure: The results of an attack path simulation relevant to // this finding. AttackExposure *AttackExposure `json:"attackExposure,omitempty"` + // BackupDisasterRecovery: Fields related to Backup and DR findings. + BackupDisasterRecovery *BackupDisasterRecovery `json:"backupDisasterRecovery,omitempty"` + // CanonicalName: The canonical name of the finding. It's either // "organizations/{organization_id}/sources/{source_id}/findings/{finding // _id}", @@ -4038,38 +4220,3061 @@ type GoogleCloudSecuritycenterV1p1beta1NotificationMessage struct { NullFields []string `json:"-"` } -func (s *GoogleCloudSecuritycenterV1p1beta1NotificationMessage) MarshalJSON() ([]byte, error) { - type NoMethod GoogleCloudSecuritycenterV1p1beta1NotificationMessage +func (s *GoogleCloudSecuritycenterV1p1beta1NotificationMessage) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV1p1beta1NotificationMessage + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV1p1beta1Resource: Information related to +// the Google Cloud resource. +type GoogleCloudSecuritycenterV1p1beta1Resource struct { + // Folders: Output only. Contains a Folder message for each folder in + // the assets ancestry. The first folder is the deepest nested folder, + // and the last folder is the folder directly under the Organization. + Folders []*GoogleCloudSecuritycenterV1p1beta1Folder `json:"folders,omitempty"` + + // Name: The full resource name of the resource. See: + // https://cloud.google.com/apis/design/resource_names#full_resource_name + Name string `json:"name,omitempty"` + + // Parent: The full resource name of resource's parent. + Parent string `json:"parent,omitempty"` + + // ParentDisplayName: The human readable name of resource's parent. + ParentDisplayName string `json:"parentDisplayName,omitempty"` + + // Project: The full resource name of project that the resource belongs + // to. + Project string `json:"project,omitempty"` + + // ProjectDisplayName: The project id that the resource belongs to. + ProjectDisplayName string `json:"projectDisplayName,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Folders") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Folders") to include in + // API requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV1p1beta1Resource) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV1p1beta1Resource + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV1p1beta1RunAssetDiscoveryResponse: Response +// of asset discovery run +type GoogleCloudSecuritycenterV1p1beta1RunAssetDiscoveryResponse struct { + // Duration: The duration between asset discovery run start and end + Duration string `json:"duration,omitempty"` + + // State: The state of an asset discovery run. + // + // Possible values: + // "STATE_UNSPECIFIED" - Asset discovery run state was unspecified. + // "COMPLETED" - Asset discovery run completed successfully. + // "SUPERSEDED" - Asset discovery run was cancelled with tasks still + // pending, as another run for the same organization was started with a + // higher priority. + // "TERMINATED" - Asset discovery run was killed and terminated. + State string `json:"state,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Duration") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Duration") to include in + // API requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV1p1beta1RunAssetDiscoveryResponse) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV1p1beta1RunAssetDiscoveryResponse + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV1p1beta1SecurityMarks: User specified +// security marks that are attached to the parent Security Command +// Center resource. Security marks are scoped within a Security Command +// Center organization -- they can be modified and viewed by all users +// who have proper permissions on the organization. +type GoogleCloudSecuritycenterV1p1beta1SecurityMarks struct { + // CanonicalName: The canonical name of the marks. Examples: + // "organizations/{organization_id}/assets/{asset_id}/securityMarks" + // "folders/{folder_id}/assets/{asset_id}/securityMarks" + // "projects/{project_number}/assets/{asset_id}/securityMarks" + // "organizations/{organization_id}/sources/{source_id}/findings/{finding + // _id}/securityMarks" + // "folders/{folder_id}/sources/{source_id}/findings/{finding_id}/securit + // yMarks" + // "projects/{project_number}/sources/{source_id}/findings/{finding_id}/s + // ecurityMarks" + CanonicalName string `json:"canonicalName,omitempty"` + + // Marks: Mutable user specified security marks belonging to the parent + // resource. Constraints are as follows: * Keys and values are treated + // as case insensitive * Keys must be between 1 - 256 characters + // (inclusive) * Keys must be letters, numbers, underscores, or dashes * + // Values have leading and trailing whitespace trimmed, remaining + // characters must be between 1 - 4096 characters (inclusive) + Marks map[string]string `json:"marks,omitempty"` + + // Name: The relative resource name of the SecurityMarks. See: + // https://cloud.google.com/apis/design/resource_names#relative_resource_name + // Examples: + // "organizations/{organization_id}/assets/{asset_id}/securityMarks" + // "organizations/{organization_id}/sources/{source_id}/findings/{finding + // _id}/securityMarks". + Name string `json:"name,omitempty"` + + // ForceSendFields is a list of field names (e.g. "CanonicalName") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "CanonicalName") to include + // in API requests with the JSON null value. By default, fields with + // empty values are omitted from API requests. However, any field with + // an empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV1p1beta1SecurityMarks) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV1p1beta1SecurityMarks + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2Access: Represents an access event. +type GoogleCloudSecuritycenterV2Access struct { + // CallerIp: Caller's IP address, such as "1.1.1.1". + CallerIp string `json:"callerIp,omitempty"` + + // CallerIpGeo: The caller IP's geolocation, which identifies where the + // call came from. + CallerIpGeo *GoogleCloudSecuritycenterV2Geolocation `json:"callerIpGeo,omitempty"` + + // MethodName: The method that the service account called, e.g. + // "SetIamPolicy". + MethodName string `json:"methodName,omitempty"` + + // PrincipalEmail: Associated email, such as "foo@google.com". The email + // address of the authenticated user or a service account acting on + // behalf of a third party principal making the request. For third party + // identity callers, the `principal_subject` field is populated instead + // of this field. For privacy reasons, the principal email address is + // sometimes redacted. For more information, see Caller identities in + // audit logs (https://cloud.google.com/logging/docs/audit#user-id). + PrincipalEmail string `json:"principalEmail,omitempty"` + + // PrincipalSubject: A string that represents the principal_subject that + // is associated with the identity. Unlike `principal_email`, + // `principal_subject` supports principals that aren't associated with + // email addresses, such as third party principals. For most identities, + // the format is `principal://iam.googleapis.com/{identity pool + // name}/subject/{subject}`. Some GKE identities, such as GKE_WORKLOAD, + // FREEFORM, and GKE_HUB_WORKLOAD, still use the legacy format + // `serviceAccount:{identity pool name}[{subject}]`. + PrincipalSubject string `json:"principalSubject,omitempty"` + + // ServiceAccountDelegationInfo: The identity delegation history of an + // authenticated service account that made the request. The + // `serviceAccountDelegationInfo[]` object contains information about + // the real authorities that try to access Google Cloud resources by + // delegating on a service account. When multiple authorities are + // present, they are guaranteed to be sorted based on the original + // ordering of the identity delegation events. + ServiceAccountDelegationInfo []*GoogleCloudSecuritycenterV2ServiceAccountDelegationInfo `json:"serviceAccountDelegationInfo,omitempty"` + + // ServiceAccountKeyName: The name of the service account key that was + // used to create or exchange credentials when authenticating the + // service account that made the request. This is a scheme-less URI full + // resource name. For example: + // "//iam.googleapis.com/projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/ + // keys/{key}". + ServiceAccountKeyName string `json:"serviceAccountKeyName,omitempty"` + + // ServiceName: This is the API service that the service account made a + // call to, e.g. "iam.googleapis.com" + ServiceName string `json:"serviceName,omitempty"` + + // UserAgent: The caller's user agent string associated with the + // finding. + UserAgent string `json:"userAgent,omitempty"` + + // UserAgentFamily: Type of user agent associated with the finding. For + // example, an operating system shell or an embedded or standalone + // application. + UserAgentFamily string `json:"userAgentFamily,omitempty"` + + // UserName: A string that represents a username. The username provided + // depends on the type of the finding and is likely not an IAM + // principal. For example, this can be a system username if the finding + // is related to a virtual machine, or it can be an application login + // username. + UserName string `json:"userName,omitempty"` + + // ForceSendFields is a list of field names (e.g. "CallerIp") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "CallerIp") to include in + // API requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2Access) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2Access + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2AccessReview: Conveys information about a +// Kubernetes access review (such as one returned by a `kubectl auth +// can-i` +// (https://kubernetes.io/docs/reference/access-authn-authz/authorization/#checking-api-access) +// command) that was involved in a finding. +type GoogleCloudSecuritycenterV2AccessReview struct { + // Group: The API group of the resource. "*" means all. + Group string `json:"group,omitempty"` + + // Name: The name of the resource being requested. Empty means all. + Name string `json:"name,omitempty"` + + // Ns: Namespace of the action being requested. Currently, there is no + // distinction between no namespace and all namespaces. Both are + // represented by "" (empty). + Ns string `json:"ns,omitempty"` + + // Resource: The optional resource type requested. "*" means all. + Resource string `json:"resource,omitempty"` + + // Subresource: The optional subresource type. + Subresource string `json:"subresource,omitempty"` + + // Verb: A Kubernetes resource API verb, like get, list, watch, create, + // update, delete, proxy. "*" means all. + Verb string `json:"verb,omitempty"` + + // Version: The API version of the resource. "*" means all. + Version string `json:"version,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Group") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Group") to include in API + // requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2AccessReview) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2AccessReview + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2Application: Represents an application +// associated with a finding. +type GoogleCloudSecuritycenterV2Application struct { + // BaseUri: The base URI that identifies the network location of the + // application in which the vulnerability was detected. Examples: + // http://11.22.33.44, http://foo.com, http://11.22.33.44:8080 + BaseUri string `json:"baseUri,omitempty"` + + // FullUri: The full URI with payload that could be used to reproduce + // the vulnerability. Example: + // http://11.22.33.44/reflected/parameter/attribute/singlequoted/js?p=aMmYgI6H + FullUri string `json:"fullUri,omitempty"` + + // ForceSendFields is a list of field names (e.g. "BaseUri") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "BaseUri") to include in + // API requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2Application) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2Application + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2AttackExposure: An attack exposure +// contains the results of an attack path simulation run. +type GoogleCloudSecuritycenterV2AttackExposure struct { + // AttackExposureResult: The resource name of the attack path simulation + // result that contains the details regarding this attack exposure + // score. Example: organizations/123/attackExposureResults/456 + AttackExposureResult string `json:"attackExposureResult,omitempty"` + + // ExposedHighValueResourcesCount: The number of high value resources + // that are exposed as a result of this finding. + ExposedHighValueResourcesCount int64 `json:"exposedHighValueResourcesCount,omitempty"` + + // ExposedLowValueResourcesCount: The number of high value resources + // that are exposed as a result of this finding. + ExposedLowValueResourcesCount int64 `json:"exposedLowValueResourcesCount,omitempty"` + + // ExposedMediumValueResourcesCount: The number of medium value + // resources that are exposed as a result of this finding. + ExposedMediumValueResourcesCount int64 `json:"exposedMediumValueResourcesCount,omitempty"` + + // LatestCalculationTime: The most recent time the attack exposure was + // updated on this finding. + LatestCalculationTime string `json:"latestCalculationTime,omitempty"` + + // Score: A number between 0 (inclusive) and infinity that represents + // how important this finding is to remediate. The higher the score, the + // more important it is to remediate. + Score float64 `json:"score,omitempty"` + + // State: Output only. What state this AttackExposure is in. This + // captures whether or not an attack exposure has been calculated or + // not. + // + // Possible values: + // "STATE_UNSPECIFIED" - The state is not specified. + // "CALCULATED" - The attack exposure has been calculated. + // "NOT_CALCULATED" - The attack exposure has not been calculated. + State string `json:"state,omitempty"` + + // ForceSendFields is a list of field names (e.g. + // "AttackExposureResult") to unconditionally include in API requests. + // By default, fields with empty or default values are omitted from API + // requests. However, any non-pointer, non-interface field appearing in + // ForceSendFields will be sent to the server regardless of whether the + // field is empty or not. This may be used to include empty fields in + // Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "AttackExposureResult") to + // include in API requests with the JSON null value. By default, fields + // with empty values are omitted from API requests. However, any field + // with an empty value appearing in NullFields will be sent to the + // server as null. It is an error if a field in this list has a + // non-empty value. This may be used to include null fields in Patch + // requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2AttackExposure) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2AttackExposure + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +func (s *GoogleCloudSecuritycenterV2AttackExposure) UnmarshalJSON(data []byte) error { + type NoMethod GoogleCloudSecuritycenterV2AttackExposure + var s1 struct { + Score gensupport.JSONFloat64 `json:"score"` + *NoMethod + } + s1.NoMethod = (*NoMethod)(s) + if err := json.Unmarshal(data, &s1); err != nil { + return err + } + s.Score = float64(s1.Score) + return nil +} + +// GoogleCloudSecuritycenterV2BackupDisasterRecovery: Information +// related to Google Cloud Backup and DR Service findings. +type GoogleCloudSecuritycenterV2BackupDisasterRecovery struct { + // Appliance: The name of the Backup and DR appliance that captures, + // moves, and manages the lifecycle of backup data. For example, + // “backup-server-57137”. + Appliance string `json:"appliance,omitempty"` + + // Applications: The names of Backup and DR applications. An application + // is a VM, database, or file system on a managed host monitored by a + // backup and recovery appliance. For example, “centos7-01-vol00”, + // “centos7-01-vol01”, “centos7-01-vol02”. + Applications []string `json:"applications,omitempty"` + + // BackupCreateTime: The timestamp at which the Backup and DR backup was + // created. + BackupCreateTime string `json:"backupCreateTime,omitempty"` + + // BackupTemplate: The name of a Backup and DR template which comprises + // one or more backup policies. See the Backup and DR documentation + // (https://cloud.google.com/backup-disaster-recovery/docs/concepts/backup-plan#temp) + // for more information. For example, “snap-ov”. + BackupTemplate string `json:"backupTemplate,omitempty"` + + // BackupType: The backup type of the Backup and DR image. For example, + // “Snapshot”, “Remote Snapshot”, “OnVault”. + BackupType string `json:"backupType,omitempty"` + + // Host: The name of a Backup and DR host, which is managed by the + // backup and recovery appliance and known to the management console. + // The host can be of type Generic (for example, Compute Engine, SQL + // Server, Oracle DB, SMB file system, etc.), vCenter, or an ESX server. + // See the Backup and DR documentation on hosts + // (https://cloud.google.com/backup-disaster-recovery/docs/configuration/manage-hosts-and-their-applications) + // for more information. For example, “centos7-01”. + Host string `json:"host,omitempty"` + + // Policies: The names of Backup and DR policies that are associated + // with a template and that define when to run a backup, how frequently + // to run a backup, and how long to retain the backup image. For + // example, “onvaults”. + Policies []string `json:"policies,omitempty"` + + // PolicyOptions: The names of Backup and DR advanced policy options of + // a policy applying to an application. See the Backup and DR + // documentation on policy options + // (https://cloud.google.com/backup-disaster-recovery/docs/create-plan/policy-settings). + // For example, “skipofflineappsincongrp, nounmap”. + PolicyOptions []string `json:"policyOptions,omitempty"` + + // Profile: The name of the Backup and DR resource profile that + // specifies the storage media for backups of application and VM data. + // See the Backup and DR documentation on profiles + // (https://cloud.google.com/backup-disaster-recovery/docs/concepts/backup-plan#profile). + // For example, “GCP”. + Profile string `json:"profile,omitempty"` + + // StoragePool: The name of the Backup and DR storage pool that the + // backup and recovery appliance is storing data in. The storage pool + // could be of type Cloud, Primary, Snapshot, or OnVault. See the Backup + // and DR documentation on storage pools + // (https://cloud.google.com/backup-disaster-recovery/docs/concepts/storage-pools). + // For example, “DiskPoolOne”. + StoragePool string `json:"storagePool,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Appliance") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Appliance") to include in + // API requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2BackupDisasterRecovery) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2BackupDisasterRecovery + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2BigQueryExport: Configures how to deliver +// Findings to BigQuery Instance. +type GoogleCloudSecuritycenterV2BigQueryExport struct { + // CreateTime: Output only. The time at which the BigQuery export was + // created. This field is set by the server and will be ignored if + // provided on export on creation. + CreateTime string `json:"createTime,omitempty"` + + // Dataset: The dataset to write findings' updates to. Its format is + // "projects/[project_id]/datasets/[bigquery_dataset_id]". BigQuery + // Dataset unique ID must contain only letters (a-z, A-Z), numbers + // (0-9), or underscores (_). + Dataset string `json:"dataset,omitempty"` + + // Description: The description of the export (max of 1024 characters). + Description string `json:"description,omitempty"` + + // Filter: Expression that defines the filter to apply across + // create/update events of findings. The expression is a list of zero or + // more restrictions combined via logical operators `AND` and `OR`. + // Parentheses are supported, and `OR` has higher precedence than `AND`. + // Restrictions have the form ` ` and may have a `-` character in front + // of them to indicate negation. The fields map to those defined in the + // corresponding resource. The supported operators are: * `=` for all + // value types. * `>`, `<`, `>=`, `<=` for integer values. * `:`, + // meaning substring matching, for strings. The supported value types + // are: * string literals in quotes. * integer literals without quotes. + // * boolean literals `true` and `false` without quotes. + Filter string `json:"filter,omitempty"` + + // MostRecentEditor: Output only. Email address of the user who last + // edited the BigQuery export. This field is set by the server and will + // be ignored if provided on export creation or update. + MostRecentEditor string `json:"mostRecentEditor,omitempty"` + + // Name: The relative resource name of this export. See: + // https://cloud.google.com/apis/design/resource_names#relative_resource_name. + // The following list shows some examples: + + // `organizations/{organization_id}/locations/{location_id}/bigQueryExpor + // ts/{export_id}` + + // `folders/{folder_id}/locations/{location_id}/bigQueryExports/{export_i + // d}` + + // `projects/{project_id}/locations/{location_id}/bigQueryExports/{export + // _id}` This field is provided in responses, and is ignored when + // provided in create requests. + Name string `json:"name,omitempty"` + + // Principal: Output only. The service account that needs permission to + // create table and upload data to the BigQuery dataset. + Principal string `json:"principal,omitempty"` + + // UpdateTime: Output only. The most recent time at which the BigQuery + // export was updated. This field is set by the server and will be + // ignored if provided on export creation or update. + UpdateTime string `json:"updateTime,omitempty"` + + // ForceSendFields is a list of field names (e.g. "CreateTime") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "CreateTime") to include in + // API requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2BigQueryExport) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2BigQueryExport + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2Binding: Represents a Kubernetes +// RoleBinding or ClusterRoleBinding. +type GoogleCloudSecuritycenterV2Binding struct { + // Name: Name for the binding. + Name string `json:"name,omitempty"` + + // Ns: Namespace for the binding. + Ns string `json:"ns,omitempty"` + + // Role: The Role or ClusterRole referenced by the binding. + Role *GoogleCloudSecuritycenterV2Role `json:"role,omitempty"` + + // Subjects: Represents one or more subjects that are bound to the role. + // Not always available for PATCH requests. + Subjects []*GoogleCloudSecuritycenterV2Subject `json:"subjects,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Name") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Name") to include in API + // requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2Binding) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2Binding + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2BulkMuteFindingsResponse: The response to +// a BulkMute request. Contains the LRO information. +type GoogleCloudSecuritycenterV2BulkMuteFindingsResponse struct { +} + +// GoogleCloudSecuritycenterV2CloudDlpDataProfile: The data profile +// (https://cloud.google.com/dlp/docs/data-profiles) associated with the +// finding. +type GoogleCloudSecuritycenterV2CloudDlpDataProfile struct { + // DataProfile: Name of the data profile, for example, + // `projects/123/locations/europe/tableProfiles/8383929`. + DataProfile string `json:"dataProfile,omitempty"` + + // ParentType: The resource hierarchy level at which the data profile + // was generated. + // + // Possible values: + // "PARENT_TYPE_UNSPECIFIED" - Unspecified parent type. + // "ORGANIZATION" - Organization-level configurations. + // "PROJECT" - Project-level configurations. + ParentType string `json:"parentType,omitempty"` + + // ForceSendFields is a list of field names (e.g. "DataProfile") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "DataProfile") to include + // in API requests with the JSON null value. By default, fields with + // empty values are omitted from API requests. However, any field with + // an empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2CloudDlpDataProfile) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2CloudDlpDataProfile + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2CloudDlpInspection: Details about the +// Cloud Data Loss Prevention (Cloud DLP) inspection job +// (https://cloud.google.com/dlp/docs/concepts-job-triggers) that +// produced the finding. +type GoogleCloudSecuritycenterV2CloudDlpInspection struct { + // FullScan: Whether Cloud DLP scanned the complete resource or a + // sampled subset. + FullScan bool `json:"fullScan,omitempty"` + + // InfoType: The type of information (or *infoType + // (https://cloud.google.com/dlp/docs/infotypes-reference)*) found, for + // example, `EMAIL_ADDRESS` or `STREET_ADDRESS`. + InfoType string `json:"infoType,omitempty"` + + // InfoTypeCount: The number of times Cloud DLP found this infoType + // within this job and resource. + InfoTypeCount int64 `json:"infoTypeCount,omitempty,string"` + + // InspectJob: Name of the inspection job, for example, + // `projects/123/locations/europe/dlpJobs/i-8383929`. + InspectJob string `json:"inspectJob,omitempty"` + + // ForceSendFields is a list of field names (e.g. "FullScan") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "FullScan") to include in + // API requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2CloudDlpInspection) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2CloudDlpInspection + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2CloudLoggingEntry: Metadata taken from a +// Cloud Logging LogEntry +// (https://cloud.google.com/logging/docs/reference/v2/rest/v2/LogEntry) +type GoogleCloudSecuritycenterV2CloudLoggingEntry struct { + // InsertId: A unique identifier for the log entry. + InsertId string `json:"insertId,omitempty"` + + // LogId: The type of the log (part of `log_name`. `log_name` is the + // resource name of the log to which this log entry belongs). For + // example: `cloudresourcemanager.googleapis.com/activity` Note that + // this field is not URL-encoded, unlike in `LogEntry`. + LogId string `json:"logId,omitempty"` + + // ResourceContainer: The organization, folder, or project of the + // monitored resource that produced this log entry. + ResourceContainer string `json:"resourceContainer,omitempty"` + + // Timestamp: The time the event described by the log entry occurred. + Timestamp string `json:"timestamp,omitempty"` + + // ForceSendFields is a list of field names (e.g. "InsertId") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "InsertId") to include in + // API requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2CloudLoggingEntry) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2CloudLoggingEntry + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2Compliance: Contains compliance +// information about a security standard indicating unmet +// recommendations. +type GoogleCloudSecuritycenterV2Compliance struct { + // Ids: Policies within the standard or benchmark, for example, A.12.4.1 + Ids []string `json:"ids,omitempty"` + + // Standard: Industry-wide compliance standards or benchmarks, such as + // CIS, PCI, and OWASP. + Standard string `json:"standard,omitempty"` + + // Version: Version of the standard or benchmark, for example, 1.1 + Version string `json:"version,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Ids") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Ids") to include in API + // requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2Compliance) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2Compliance + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2Connection: Contains information about the +// IP connection associated with the finding. +type GoogleCloudSecuritycenterV2Connection struct { + // DestinationIp: Destination IP address. Not present for sockets that + // are listening and not connected. + DestinationIp string `json:"destinationIp,omitempty"` + + // DestinationPort: Destination port. Not present for sockets that are + // listening and not connected. + DestinationPort int64 `json:"destinationPort,omitempty"` + + // Protocol: IANA Internet Protocol Number such as TCP(6) and UDP(17). + // + // Possible values: + // "PROTOCOL_UNSPECIFIED" - Unspecified protocol (not HOPOPT). + // "ICMP" - Internet Control Message Protocol. + // "TCP" - Transmission Control Protocol. + // "UDP" - User Datagram Protocol. + // "GRE" - Generic Routing Encapsulation. + // "ESP" - Encap Security Payload. + Protocol string `json:"protocol,omitempty"` + + // SourceIp: Source IP address. + SourceIp string `json:"sourceIp,omitempty"` + + // SourcePort: Source port. + SourcePort int64 `json:"sourcePort,omitempty"` + + // ForceSendFields is a list of field names (e.g. "DestinationIp") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "DestinationIp") to include + // in API requests with the JSON null value. By default, fields with + // empty values are omitted from API requests. However, any field with + // an empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2Connection) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2Connection + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2Contact: The email address of a contact. +type GoogleCloudSecuritycenterV2Contact struct { + // Email: An email address. For example, "person123@company.com". + Email string `json:"email,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Email") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Email") to include in API + // requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2Contact) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2Contact + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2ContactDetails: Details about specific +// contacts +type GoogleCloudSecuritycenterV2ContactDetails struct { + // Contacts: A list of contacts + Contacts []*GoogleCloudSecuritycenterV2Contact `json:"contacts,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Contacts") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Contacts") to include in + // API requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2ContactDetails) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2ContactDetails + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2Container: Container associated with the +// finding. +type GoogleCloudSecuritycenterV2Container struct { + // CreateTime: The time that the container was created. + CreateTime string `json:"createTime,omitempty"` + + // ImageId: Optional container image ID, if provided by the container + // runtime. Uniquely identifies the container image launched using a + // container image digest. + ImageId string `json:"imageId,omitempty"` + + // Labels: Container labels, as provided by the container runtime. + Labels []*GoogleCloudSecuritycenterV2Label `json:"labels,omitempty"` + + // Name: Name of the container. + Name string `json:"name,omitempty"` + + // Uri: Container image URI provided when configuring a pod or + // container. This string can identify a container image version using + // mutable tags. + Uri string `json:"uri,omitempty"` + + // ForceSendFields is a list of field names (e.g. "CreateTime") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "CreateTime") to include in + // API requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2Container) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2Container + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2Cve: CVE stands for Common Vulnerabilities +// and Exposures. More information: https://cve.mitre.org +type GoogleCloudSecuritycenterV2Cve struct { + // Cvssv3: Describe Common Vulnerability Scoring System specified at + // https://www.first.org/cvss/v3.1/specification-document + Cvssv3 *GoogleCloudSecuritycenterV2Cvssv3 `json:"cvssv3,omitempty"` + + // Id: The unique identifier for the vulnerability. e.g. CVE-2021-34527 + Id string `json:"id,omitempty"` + + // References: Additional information about the CVE. e.g. + // https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34527 + References []*GoogleCloudSecuritycenterV2Reference `json:"references,omitempty"` + + // UpstreamFixAvailable: Whether upstream fix is available for the CVE. + UpstreamFixAvailable bool `json:"upstreamFixAvailable,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Cvssv3") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Cvssv3") to include in API + // requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2Cve) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2Cve + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2Cvssv3: Common Vulnerability Scoring +// System version 3. +type GoogleCloudSecuritycenterV2Cvssv3 struct { + // AttackComplexity: This metric describes the conditions beyond the + // attacker's control that must exist in order to exploit the + // vulnerability. + // + // Possible values: + // "ATTACK_COMPLEXITY_UNSPECIFIED" - Invalid value. + // "ATTACK_COMPLEXITY_LOW" - Specialized access conditions or + // extenuating circumstances do not exist. An attacker can expect + // repeatable success when attacking the vulnerable component. + // "ATTACK_COMPLEXITY_HIGH" - A successful attack depends on + // conditions beyond the attacker's control. That is, a successful + // attack cannot be accomplished at will, but requires the attacker to + // invest in some measurable amount of effort in preparation or + // execution against the vulnerable component before a successful attack + // can be expected. + AttackComplexity string `json:"attackComplexity,omitempty"` + + // AttackVector: Base Metrics Represents the intrinsic characteristics + // of a vulnerability that are constant over time and across user + // environments. This metric reflects the context by which vulnerability + // exploitation is possible. + // + // Possible values: + // "ATTACK_VECTOR_UNSPECIFIED" - Invalid value. + // "ATTACK_VECTOR_NETWORK" - The vulnerable component is bound to the + // network stack and the set of possible attackers extends beyond the + // other options listed below, up to and including the entire Internet. + // "ATTACK_VECTOR_ADJACENT" - The vulnerable component is bound to the + // network stack, but the attack is limited at the protocol level to a + // logically adjacent topology. + // "ATTACK_VECTOR_LOCAL" - The vulnerable component is not bound to + // the network stack and the attacker's path is via read/write/execute + // capabilities. + // "ATTACK_VECTOR_PHYSICAL" - The attack requires the attacker to + // physically touch or manipulate the vulnerable component. + AttackVector string `json:"attackVector,omitempty"` + + // AvailabilityImpact: This metric measures the impact to the + // availability of the impacted component resulting from a successfully + // exploited vulnerability. + // + // Possible values: + // "IMPACT_UNSPECIFIED" - Invalid value. + // "IMPACT_HIGH" - High impact. + // "IMPACT_LOW" - Low impact. + // "IMPACT_NONE" - No impact. + AvailabilityImpact string `json:"availabilityImpact,omitempty"` + + // BaseScore: The base score is a function of the base metric scores. + BaseScore float64 `json:"baseScore,omitempty"` + + // ConfidentialityImpact: This metric measures the impact to the + // confidentiality of the information resources managed by a software + // component due to a successfully exploited vulnerability. + // + // Possible values: + // "IMPACT_UNSPECIFIED" - Invalid value. + // "IMPACT_HIGH" - High impact. + // "IMPACT_LOW" - Low impact. + // "IMPACT_NONE" - No impact. + ConfidentialityImpact string `json:"confidentialityImpact,omitempty"` + + // IntegrityImpact: This metric measures the impact to integrity of a + // successfully exploited vulnerability. + // + // Possible values: + // "IMPACT_UNSPECIFIED" - Invalid value. + // "IMPACT_HIGH" - High impact. + // "IMPACT_LOW" - Low impact. + // "IMPACT_NONE" - No impact. + IntegrityImpact string `json:"integrityImpact,omitempty"` + + // PrivilegesRequired: This metric describes the level of privileges an + // attacker must possess before successfully exploiting the + // vulnerability. + // + // Possible values: + // "PRIVILEGES_REQUIRED_UNSPECIFIED" - Invalid value. + // "PRIVILEGES_REQUIRED_NONE" - The attacker is unauthorized prior to + // attack, and therefore does not require any access to settings or + // files of the vulnerable system to carry out an attack. + // "PRIVILEGES_REQUIRED_LOW" - The attacker requires privileges that + // provide basic user capabilities that could normally affect only + // settings and files owned by a user. Alternatively, an attacker with + // Low privileges has the ability to access only non-sensitive + // resources. + // "PRIVILEGES_REQUIRED_HIGH" - The attacker requires privileges that + // provide significant (e.g., administrative) control over the + // vulnerable component allowing access to component-wide settings and + // files. + PrivilegesRequired string `json:"privilegesRequired,omitempty"` + + // Scope: The Scope metric captures whether a vulnerability in one + // vulnerable component impacts resources in components beyond its + // security scope. + // + // Possible values: + // "SCOPE_UNSPECIFIED" - Invalid value. + // "SCOPE_UNCHANGED" - An exploited vulnerability can only affect + // resources managed by the same security authority. + // "SCOPE_CHANGED" - An exploited vulnerability can affect resources + // beyond the security scope managed by the security authority of the + // vulnerable component. + Scope string `json:"scope,omitempty"` + + // UserInteraction: This metric captures the requirement for a human + // user, other than the attacker, to participate in the successful + // compromise of the vulnerable component. + // + // Possible values: + // "USER_INTERACTION_UNSPECIFIED" - Invalid value. + // "USER_INTERACTION_NONE" - The vulnerable system can be exploited + // without interaction from any user. + // "USER_INTERACTION_REQUIRED" - Successful exploitation of this + // vulnerability requires a user to take some action before the + // vulnerability can be exploited. + UserInteraction string `json:"userInteraction,omitempty"` + + // ForceSendFields is a list of field names (e.g. "AttackComplexity") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "AttackComplexity") to + // include in API requests with the JSON null value. By default, fields + // with empty values are omitted from API requests. However, any field + // with an empty value appearing in NullFields will be sent to the + // server as null. It is an error if a field in this list has a + // non-empty value. This may be used to include null fields in Patch + // requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2Cvssv3) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2Cvssv3 + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +func (s *GoogleCloudSecuritycenterV2Cvssv3) UnmarshalJSON(data []byte) error { + type NoMethod GoogleCloudSecuritycenterV2Cvssv3 + var s1 struct { + BaseScore gensupport.JSONFloat64 `json:"baseScore"` + *NoMethod + } + s1.NoMethod = (*NoMethod)(s) + if err := json.Unmarshal(data, &s1); err != nil { + return err + } + s.BaseScore = float64(s1.BaseScore) + return nil +} + +// GoogleCloudSecuritycenterV2Database: Represents database access +// information, such as queries. A database may be a sub-resource of an +// instance (as in the case of Cloud SQL instances or Cloud Spanner +// instances), or the database instance itself. Some database resources +// might not have the full resource name +// (https://google.aip.dev/122#full-resource-names) populated because +// these resource types, such as Cloud SQL databases, are not yet +// supported by Cloud Asset Inventory. In these cases only the display +// name is provided. +type GoogleCloudSecuritycenterV2Database struct { + // DisplayName: The human-readable name of the database that the user + // connected to. + DisplayName string `json:"displayName,omitempty"` + + // Grantees: The target usernames, roles, or groups of an SQL privilege + // grant, which is not an IAM policy change. + Grantees []string `json:"grantees,omitempty"` + + // Name: Some database resources may not have the full resource name + // (https://google.aip.dev/122#full-resource-names) populated because + // these resource types are not yet supported by Cloud Asset Inventory + // (e.g. Cloud SQL databases). In these cases only the display name will + // be provided. The full resource name + // (https://google.aip.dev/122#full-resource-names) of the database that + // the user connected to, if it is supported by Cloud Asset Inventory. + Name string `json:"name,omitempty"` + + // Query: The SQL statement that is associated with the database access. + Query string `json:"query,omitempty"` + + // UserName: The username used to connect to the database. The username + // might not be an IAM principal and does not have a set format. + UserName string `json:"userName,omitempty"` + + // Version: The version of the database, for example, POSTGRES_14. See + // the complete list + // (https://cloud.google.com/sql/docs/mysql/admin-api/rest/v1/SqlDatabaseVersion). + Version string `json:"version,omitempty"` + + // ForceSendFields is a list of field names (e.g. "DisplayName") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "DisplayName") to include + // in API requests with the JSON null value. By default, fields with + // empty values are omitted from API requests. However, any field with + // an empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2Database) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2Database + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2Detection: Memory hash detection +// contributing to the binary family match. +type GoogleCloudSecuritycenterV2Detection struct { + // Binary: The name of the binary associated with the memory hash + // signature detection. + Binary string `json:"binary,omitempty"` + + // PercentPagesMatched: The percentage of memory page hashes in the + // signature that were matched. + PercentPagesMatched float64 `json:"percentPagesMatched,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Binary") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Binary") to include in API + // requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2Detection) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2Detection + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +func (s *GoogleCloudSecuritycenterV2Detection) UnmarshalJSON(data []byte) error { + type NoMethod GoogleCloudSecuritycenterV2Detection + var s1 struct { + PercentPagesMatched gensupport.JSONFloat64 `json:"percentPagesMatched"` + *NoMethod + } + s1.NoMethod = (*NoMethod)(s) + if err := json.Unmarshal(data, &s1); err != nil { + return err + } + s.PercentPagesMatched = float64(s1.PercentPagesMatched) + return nil +} + +// GoogleCloudSecuritycenterV2EnvironmentVariable: A name-value pair +// representing an environment variable used in an operating system +// process. +type GoogleCloudSecuritycenterV2EnvironmentVariable struct { + // Name: Environment variable name as a JSON encoded string. + Name string `json:"name,omitempty"` + + // Val: Environment variable value as a JSON encoded string. + Val string `json:"val,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Name") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Name") to include in API + // requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2EnvironmentVariable) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2EnvironmentVariable + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2ExfilResource: Resource where data was +// exfiltrated from or exfiltrated to. +type GoogleCloudSecuritycenterV2ExfilResource struct { + // Components: Subcomponents of the asset that was exfiltrated, like + // URIs used during exfiltration, table names, databases, and filenames. + // For example, multiple tables might have been exfiltrated from the + // same Cloud SQL instance, or multiple files might have been + // exfiltrated from the same Cloud Storage bucket. + Components []string `json:"components,omitempty"` + + // Name: The resource's full resource name + // (https://cloud.google.com/apis/design/resource_names#full_resource_name). + Name string `json:"name,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Components") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Components") to include in + // API requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2ExfilResource) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2ExfilResource + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2Exfiltration: Exfiltration represents a +// data exfiltration attempt from one or more sources to one or more +// targets. The `sources` attribute lists the sources of the exfiltrated +// data. The `targets` attribute lists the destinations the data was +// copied to. +type GoogleCloudSecuritycenterV2Exfiltration struct { + // Sources: If there are multiple sources, then the data is considered + // "joined" between them. For instance, BigQuery can join multiple + // tables, and each table would be considered a source. + Sources []*GoogleCloudSecuritycenterV2ExfilResource `json:"sources,omitempty"` + + // Targets: If there are multiple targets, each target would get a + // complete copy of the "joined" source data. + Targets []*GoogleCloudSecuritycenterV2ExfilResource `json:"targets,omitempty"` + + // TotalExfiltratedBytes: Total exfiltrated bytes processed for the + // entire job. + TotalExfiltratedBytes int64 `json:"totalExfiltratedBytes,omitempty,string"` + + // ForceSendFields is a list of field names (e.g. "Sources") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Sources") to include in + // API requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2Exfiltration) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2Exfiltration + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2ExternalSystem: Representation of third +// party SIEM/SOAR fields within SCC. +type GoogleCloudSecuritycenterV2ExternalSystem struct { + // Assignees: References primary/secondary etc assignees in the external + // system. + Assignees []string `json:"assignees,omitempty"` + + // ExternalSystemUpdateTime: The time when the case was last updated, as + // reported by the external system. + ExternalSystemUpdateTime string `json:"externalSystemUpdateTime,omitempty"` + + // ExternalUid: The identifier that's used to track the finding's + // corresponding case in the external system. + ExternalUid string `json:"externalUid,omitempty"` + + // Name: Full resource name of the external system. The following list + // shows some examples: + + // `organizations/1234/sources/5678/findings/123456/externalSystems/jira` + // + + // `organizations/1234/sources/5678/locations/us/findings/123456/external + // Systems/jira` + + // `folders/1234/sources/5678/findings/123456/externalSystems/jira` + + // `folders/1234/sources/5678/locations/us/findings/123456/externalSystem + // s/jira` + + // `projects/1234/sources/5678/findings/123456/externalSystems/jira` + + // `projects/1234/sources/5678/locations/us/findings/123456/externalSyste + // ms/jira` + Name string `json:"name,omitempty"` + + // Status: The most recent status of the finding's corresponding case, + // as reported by the external system. + Status string `json:"status,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Assignees") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Assignees") to include in + // API requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2ExternalSystem) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2ExternalSystem + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2File: File information about the related +// binary/library used by an executable, or the script used by a script +// interpreter +type GoogleCloudSecuritycenterV2File struct { + // Contents: Prefix of the file contents as a JSON-encoded string. + Contents string `json:"contents,omitempty"` + + // HashedSize: The length in bytes of the file prefix that was hashed. + // If hashed_size == size, any hashes reported represent the entire + // file. + HashedSize int64 `json:"hashedSize,omitempty,string"` + + // PartiallyHashed: True when the hash covers only a prefix of the file. + PartiallyHashed bool `json:"partiallyHashed,omitempty"` + + // Path: Absolute path of the file as a JSON encoded string. + Path string `json:"path,omitempty"` + + // Sha256: SHA256 hash of the first hashed_size bytes of the file + // encoded as a hex string. If hashed_size == size, sha256 represents + // the SHA256 hash of the entire file. + Sha256 string `json:"sha256,omitempty"` + + // Size: Size of the file in bytes. + Size int64 `json:"size,omitempty,string"` + + // ForceSendFields is a list of field names (e.g. "Contents") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Contents") to include in + // API requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2File) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2File + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2Finding: Security Command Center finding. +// A finding is a record of assessment data like security, risk, health, +// or privacy, that is ingested into Security Command Center for +// presentation, notification, analysis, policy testing, and +// enforcement. For example, a cross-site scripting (XSS) vulnerability +// in an App Engine application is a finding. +type GoogleCloudSecuritycenterV2Finding struct { + // Access: Access details associated with the finding, such as more + // information on the caller, which method was accessed, and from where. + Access *GoogleCloudSecuritycenterV2Access `json:"access,omitempty"` + + // Application: Represents an application associated with the finding. + Application *GoogleCloudSecuritycenterV2Application `json:"application,omitempty"` + + // AttackExposure: The results of an attack path simulation relevant to + // this finding. + AttackExposure *GoogleCloudSecuritycenterV2AttackExposure `json:"attackExposure,omitempty"` + + // BackupDisasterRecovery: Fields related to Backup and DR findings. + BackupDisasterRecovery *GoogleCloudSecuritycenterV2BackupDisasterRecovery `json:"backupDisasterRecovery,omitempty"` + + // CanonicalName: Output only. The canonical name of the finding. The + // following list shows some examples: + + // `organizations/{organization_id}/sources/{source_id}/findings/{finding + // _id}` + + // `organizations/{organization_id}/sources/{source_id}/locations/{locati + // on_id}/findings/{finding_id}` + + // `folders/{folder_id}/sources/{source_id}/findings/{finding_id}` + + // `folders/{folder_id}/sources/{source_id}/locations/{location_id}/findi + // ngs/{finding_id}` + + // `projects/{project_id}/sources/{source_id}/findings/{finding_id}` + + // `projects/{project_id}/sources/{source_id}/locations/{location_id}/fin + // dings/{finding_id}` The prefix is the closest CRM ancestor of the + // resource associated with the finding. + CanonicalName string `json:"canonicalName,omitempty"` + + // Category: Immutable. The additional taxonomy group within findings + // from a given source. Example: "XSS_FLASH_INJECTION" + Category string `json:"category,omitempty"` + + // CloudDlpDataProfile: Cloud DLP data profile that is associated with + // the finding. + CloudDlpDataProfile *GoogleCloudSecuritycenterV2CloudDlpDataProfile `json:"cloudDlpDataProfile,omitempty"` + + // CloudDlpInspection: Cloud Data Loss Prevention (Cloud DLP) inspection + // results that are associated with the finding. + CloudDlpInspection *GoogleCloudSecuritycenterV2CloudDlpInspection `json:"cloudDlpInspection,omitempty"` + + // Compliances: Contains compliance information for security standards + // associated to the finding. + Compliances []*GoogleCloudSecuritycenterV2Compliance `json:"compliances,omitempty"` + + // Connections: Contains information about the IP connection associated + // with the finding. + Connections []*GoogleCloudSecuritycenterV2Connection `json:"connections,omitempty"` + + // Contacts: Output only. Map containing the points of contact for the + // given finding. The key represents the type of contact, while the + // value contains a list of all the contacts that pertain. Please refer + // to: + // https://cloud.google.com/resource-manager/docs/managing-notification-contacts#notification-categories + // { "security": { "contacts": [ { "email": "person1@company.com" }, { + // "email": "person2@company.com" } ] } } + Contacts map[string]GoogleCloudSecuritycenterV2ContactDetails `json:"contacts,omitempty"` + + // Containers: Containers associated with the finding. This field + // provides information for both Kubernetes and non-Kubernetes + // containers. + Containers []*GoogleCloudSecuritycenterV2Container `json:"containers,omitempty"` + + // CreateTime: Output only. The time at which the finding was created in + // Security Command Center. + CreateTime string `json:"createTime,omitempty"` + + // Database: Database associated with the finding. + Database *GoogleCloudSecuritycenterV2Database `json:"database,omitempty"` + + // Description: Contains more details about the finding. + Description string `json:"description,omitempty"` + + // EventTime: The time the finding was first detected. If an existing + // finding is updated, then this is the time the update occurred. For + // example, if the finding represents an open firewall, this property + // captures the time the detector believes the firewall became open. The + // accuracy is determined by the detector. If the finding is later + // resolved, then this time reflects when the finding was resolved. This + // must not be set to a value greater than the current timestamp. + EventTime string `json:"eventTime,omitempty"` + + // Exfiltration: Represents exfiltrations associated with the finding. + Exfiltration *GoogleCloudSecuritycenterV2Exfiltration `json:"exfiltration,omitempty"` + + // ExternalSystems: Output only. Third party SIEM/SOAR fields within + // SCC, contains external system information and external system finding + // fields. + ExternalSystems map[string]GoogleCloudSecuritycenterV2ExternalSystem `json:"externalSystems,omitempty"` + + // ExternalUri: The URI that, if available, points to a web page outside + // of Security Command Center where additional information about the + // finding can be found. This field is guaranteed to be either empty or + // a well formed URL. + ExternalUri string `json:"externalUri,omitempty"` + + // Files: File associated with the finding. + Files []*GoogleCloudSecuritycenterV2File `json:"files,omitempty"` + + // FindingClass: The class of the finding. + // + // Possible values: + // "FINDING_CLASS_UNSPECIFIED" - Unspecified finding class. + // "THREAT" - Describes unwanted or malicious activity. + // "VULNERABILITY" - Describes a potential weakness in software that + // increases risk to Confidentiality & Integrity & Availability. + // "MISCONFIGURATION" - Describes a potential weakness in cloud + // resource/asset configuration that increases risk. + // "OBSERVATION" - Describes a security observation that is for + // informational purposes. + // "SCC_ERROR" - Describes an error that prevents some SCC + // functionality. + // "POSTURE_VIOLATION" - Describes a potential security risk due to a + // change in the security posture. + FindingClass string `json:"findingClass,omitempty"` + + // IamBindings: Represents IAM bindings associated with the finding. + IamBindings []*GoogleCloudSecuritycenterV2IamBinding `json:"iamBindings,omitempty"` + + // Indicator: Represents what's commonly known as an *indicator of + // compromise* (IoC) in computer forensics. This is an artifact observed + // on a network or in an operating system that, with high confidence, + // indicates a computer intrusion. For more information, see Indicator + // of compromise + // (https://en.wikipedia.org/wiki/Indicator_of_compromise). + Indicator *GoogleCloudSecuritycenterV2Indicator `json:"indicator,omitempty"` + + // KernelRootkit: Signature of the kernel rootkit. + KernelRootkit *GoogleCloudSecuritycenterV2KernelRootkit `json:"kernelRootkit,omitempty"` + + // Kubernetes: Kubernetes resources associated with the finding. + Kubernetes *GoogleCloudSecuritycenterV2Kubernetes `json:"kubernetes,omitempty"` + + // LoadBalancers: The load balancers associated with the finding. + LoadBalancers []*GoogleCloudSecuritycenterV2LoadBalancer `json:"loadBalancers,omitempty"` + + // LogEntries: Log entries that are relevant to the finding. + LogEntries []*GoogleCloudSecuritycenterV2LogEntry `json:"logEntries,omitempty"` + + // MitreAttack: MITRE ATT&CK tactics and techniques related to this + // finding. See: https://attack.mitre.org + MitreAttack *GoogleCloudSecuritycenterV2MitreAttack `json:"mitreAttack,omitempty"` + + // ModuleName: Unique identifier of the module which generated the + // finding. Example: + // folders/598186756061/securityHealthAnalyticsSettings/customModules/567 + // 99441161885 + ModuleName string `json:"moduleName,omitempty"` + + // Mute: Indicates the mute state of a finding (either muted, unmuted or + // undefined). Unlike other attributes of a finding, a finding provider + // shouldn't set the value of mute. + // + // Possible values: + // "MUTE_UNSPECIFIED" - Unspecified. + // "MUTED" - Finding has been muted. + // "UNMUTED" - Finding has been unmuted. + // "UNDEFINED" - Finding has never been muted/unmuted. + Mute string `json:"mute,omitempty"` + + // MuteInitiator: Records additional information about the mute + // operation, for example, the mute configuration + // (https://cloud.google.com/security-command-center/docs/how-to-mute-findings) + // that muted the finding and the user who muted the finding. + MuteInitiator string `json:"muteInitiator,omitempty"` + + // MuteUpdateTime: Output only. The most recent time this finding was + // muted or unmuted. + MuteUpdateTime string `json:"muteUpdateTime,omitempty"` + + // Name: The relative resource name + // (https://cloud.google.com/apis/design/resource_names#relative_resource_name) + // of the finding. The following list shows some examples: + + // `organizations/{organization_id}/sources/{source_id}/findings/{finding + // _id}` + + // `organizations/{organization_id}/sources/{source_id}/locations/{locati + // on_id}/findings/{finding_id}` + + // `folders/{folder_id}/sources/{source_id}/findings/{finding_id}` + + // `folders/{folder_id}/sources/{source_id}/locations/{location_id}/findi + // ngs/{finding_id}` + + // `projects/{project_id}/sources/{source_id}/findings/{finding_id}` + + // `projects/{project_id}/sources/{source_id}/locations/{location_id}/fin + // dings/{finding_id}` + Name string `json:"name,omitempty"` + + // NextSteps: Steps to address the finding. + NextSteps string `json:"nextSteps,omitempty"` + + // OrgPolicies: Contains information about the org policies associated + // with the finding. + OrgPolicies []*GoogleCloudSecuritycenterV2OrgPolicy `json:"orgPolicies,omitempty"` + + // Parent: The relative resource name of the source and location the + // finding belongs to. See: + // https://cloud.google.com/apis/design/resource_names#relative_resource_name + // This field is immutable after creation time. The following list shows + // some examples: + + // `organizations/{organization_id}/sources/{source_id}` + + // `folders/{folders_id}/sources/{source_id}` + + // `projects/{projects_id}/sources/{source_id}` + + // `organizations/{organization_id}/sources/{source_id}/locations/{locati + // on_id}` + + // `folders/{folders_id}/sources/{source_id}/locations/{location_id}` + + // `projects/{projects_id}/sources/{source_id}/locations/{location_id}` + Parent string `json:"parent,omitempty"` + + // ParentDisplayName: Output only. The human readable display name of + // the finding source such as "Event Threat Detection" or "Security + // Health Analytics". + ParentDisplayName string `json:"parentDisplayName,omitempty"` + + // Processes: Represents operating system processes associated with the + // Finding. + Processes []*GoogleCloudSecuritycenterV2Process `json:"processes,omitempty"` + + // ResourceName: Immutable. For findings on Google Cloud resources, the + // full resource name of the Google Cloud resource this finding is for. + // See: + // https://cloud.google.com/apis/design/resource_names#full_resource_name + // When the finding is for a non-Google Cloud resource, the resourceName + // can be a customer or partner defined string. + ResourceName string `json:"resourceName,omitempty"` + + // SecurityMarks: Output only. User specified security marks. These + // marks are entirely managed by the user and come from the + // SecurityMarks resource that belongs to the finding. + SecurityMarks *GoogleCloudSecuritycenterV2SecurityMarks `json:"securityMarks,omitempty"` + + // SecurityPosture: The security posture associated with the finding. + SecurityPosture *GoogleCloudSecuritycenterV2SecurityPosture `json:"securityPosture,omitempty"` + + // Severity: The severity of the finding. This field is managed by the + // source that writes the finding. + // + // Possible values: + // "SEVERITY_UNSPECIFIED" - This value is used for findings when a + // source doesn't write a severity value. + // "CRITICAL" - Vulnerability: A critical vulnerability is easily + // discoverable by an external actor, exploitable, and results in the + // direct ability to execute arbitrary code, exfiltrate data, and + // otherwise gain additional access and privileges to cloud resources + // and workloads. Examples include publicly accessible unprotected user + // data and public SSH access with weak or no passwords. Threat: + // Indicates a threat that is able to access, modify, or delete data or + // execute unauthorized code within existing resources. + // "HIGH" - Vulnerability: A high risk vulnerability can be easily + // discovered and exploited in combination with other vulnerabilities in + // order to gain direct access and the ability to execute arbitrary + // code, exfiltrate data, and otherwise gain additional access and + // privileges to cloud resources and workloads. An example is a database + // with weak or no passwords that is only accessible internally. This + // database could easily be compromised by an actor that had access to + // the internal network. Threat: Indicates a threat that is able to + // create new computational resources in an environment but not able to + // access data or execute code in existing resources. + // "MEDIUM" - Vulnerability: A medium risk vulnerability could be used + // by an actor to gain access to resources or privileges that enable + // them to eventually (through multiple steps or a complex exploit) gain + // access and the ability to execute arbitrary code or exfiltrate data. + // An example is a service account with access to more projects than it + // should have. If an actor gains access to the service account, they + // could potentially use that access to manipulate a project the service + // account was not intended to. Threat: Indicates a threat that is able + // to cause operational impact but may not access data or execute + // unauthorized code. + // "LOW" - Vulnerability: A low risk vulnerability hampers a security + // organization's ability to detect vulnerabilities or active threats in + // their deployment, or prevents the root cause investigation of + // security issues. An example is monitoring and logs being disabled for + // resource configurations and access. Threat: Indicates a threat that + // has obtained minimal access to an environment but is not able to + // access data, execute code, or create resources. + Severity string `json:"severity,omitempty"` + + // SourceProperties: Source specific properties. These properties are + // managed by the source that writes the finding. The key names in the + // source_properties map must be between 1 and 255 characters, and must + // start with a letter and contain alphanumeric characters or + // underscores only. + SourceProperties googleapi.RawMessage `json:"sourceProperties,omitempty"` + + // State: Output only. The state of the finding. + // + // Possible values: + // "STATE_UNSPECIFIED" - Unspecified state. + // "ACTIVE" - The finding requires attention and has not been + // addressed yet. + // "INACTIVE" - The finding has been fixed, triaged as a non-issue or + // otherwise addressed and is no longer active. + State string `json:"state,omitempty"` + + // Vulnerability: Represents vulnerability-specific fields like CVE and + // CVSS scores. CVE stands for Common Vulnerabilities and Exposures + // (https://cve.mitre.org/about/) + Vulnerability *GoogleCloudSecuritycenterV2Vulnerability `json:"vulnerability,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Access") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Access") to include in API + // requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2Finding) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2Finding + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2Geolocation: Represents a geographical +// location for a given access. +type GoogleCloudSecuritycenterV2Geolocation struct { + // RegionCode: A CLDR. + RegionCode string `json:"regionCode,omitempty"` + + // ForceSendFields is a list of field names (e.g. "RegionCode") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "RegionCode") to include in + // API requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2Geolocation) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2Geolocation + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2IamBinding: Represents a particular IAM +// binding, which captures a member's role addition, removal, or state. +type GoogleCloudSecuritycenterV2IamBinding struct { + // Action: The action that was performed on a Binding. + // + // Possible values: + // "ACTION_UNSPECIFIED" - Unspecified. + // "ADD" - Addition of a Binding. + // "REMOVE" - Removal of a Binding. + Action string `json:"action,omitempty"` + + // Member: A single identity requesting access for a Cloud Platform + // resource, for example, "foo@google.com". + Member string `json:"member,omitempty"` + + // Role: Role that is assigned to "members". For example, + // "roles/viewer", "roles/editor", or "roles/owner". + Role string `json:"role,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Action") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Action") to include in API + // requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2IamBinding) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2IamBinding + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2Indicator: Represents what's commonly +// known as an _indicator of compromise_ (IoC) in computer forensics. +// This is an artifact observed on a network or in an operating system +// that, with high confidence, indicates a computer intrusion. For more +// information, see Indicator of compromise +// (https://en.wikipedia.org/wiki/Indicator_of_compromise). +type GoogleCloudSecuritycenterV2Indicator struct { + // Domains: List of domains associated to the Finding. + Domains []string `json:"domains,omitempty"` + + // IpAddresses: The list of IP addresses that are associated with the + // finding. + IpAddresses []string `json:"ipAddresses,omitempty"` + + // Signatures: The list of matched signatures indicating that the given + // process is present in the environment. + Signatures []*GoogleCloudSecuritycenterV2ProcessSignature `json:"signatures,omitempty"` + + // Uris: The list of URIs associated to the Findings. + Uris []string `json:"uris,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Domains") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Domains") to include in + // API requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2Indicator) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2Indicator + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2KernelRootkit: Kernel mode rootkit +// signatures. +type GoogleCloudSecuritycenterV2KernelRootkit struct { + // Name: Rootkit name, when available. + Name string `json:"name,omitempty"` + + // UnexpectedCodeModification: True if unexpected modifications of + // kernel code memory are present. + UnexpectedCodeModification bool `json:"unexpectedCodeModification,omitempty"` + + // UnexpectedFtraceHandler: True if `ftrace` points are present with + // callbacks pointing to regions that are not in the expected kernel or + // module code range. + UnexpectedFtraceHandler bool `json:"unexpectedFtraceHandler,omitempty"` + + // UnexpectedInterruptHandler: True if interrupt handlers that are are + // not in the expected kernel or module code regions are present. + UnexpectedInterruptHandler bool `json:"unexpectedInterruptHandler,omitempty"` + + // UnexpectedKernelCodePages: True if kernel code pages that are not in + // the expected kernel or module code regions are present. + UnexpectedKernelCodePages bool `json:"unexpectedKernelCodePages,omitempty"` + + // UnexpectedKprobeHandler: True if `kprobe` points are present with + // callbacks pointing to regions that are not in the expected kernel or + // module code range. + UnexpectedKprobeHandler bool `json:"unexpectedKprobeHandler,omitempty"` + + // UnexpectedProcessesInRunqueue: True if unexpected processes in the + // scheduler run queue are present. Such processes are in the run queue, + // but not in the process task list. + UnexpectedProcessesInRunqueue bool `json:"unexpectedProcessesInRunqueue,omitempty"` + + // UnexpectedReadOnlyDataModification: True if unexpected modifications + // of kernel read-only data memory are present. + UnexpectedReadOnlyDataModification bool `json:"unexpectedReadOnlyDataModification,omitempty"` + + // UnexpectedSystemCallHandler: True if system call handlers that are + // are not in the expected kernel or module code regions are present. + UnexpectedSystemCallHandler bool `json:"unexpectedSystemCallHandler,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Name") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Name") to include in API + // requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2KernelRootkit) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2KernelRootkit + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2Kubernetes: Kubernetes-related attributes. +type GoogleCloudSecuritycenterV2Kubernetes struct { + // AccessReviews: Provides information on any Kubernetes access reviews + // (privilege checks) relevant to the finding. + AccessReviews []*GoogleCloudSecuritycenterV2AccessReview `json:"accessReviews,omitempty"` + + // Bindings: Provides Kubernetes role binding information for findings + // that involve RoleBindings or ClusterRoleBindings + // (https://cloud.google.com/kubernetes-engine/docs/how-to/role-based-access-control). + Bindings []*GoogleCloudSecuritycenterV2Binding `json:"bindings,omitempty"` + + // NodePools: GKE node pools + // (https://cloud.google.com/kubernetes-engine/docs/concepts/node-pools) + // associated with the finding. This field contains node pool + // information for each node, when it is available. + NodePools []*GoogleCloudSecuritycenterV2NodePool `json:"nodePools,omitempty"` + + // Nodes: Provides Kubernetes node + // (https://cloud.google.com/kubernetes-engine/docs/concepts/cluster-architecture#nodes) + // information. + Nodes []*GoogleCloudSecuritycenterV2Node `json:"nodes,omitempty"` + + // Objects: Kubernetes objects related to the finding. + Objects []*GoogleCloudSecuritycenterV2Object `json:"objects,omitempty"` + + // Pods: Kubernetes Pods + // (https://cloud.google.com/kubernetes-engine/docs/concepts/pod) + // associated with the finding. This field contains Pod records for each + // container that is owned by a Pod. + Pods []*GoogleCloudSecuritycenterV2Pod `json:"pods,omitempty"` + + // Roles: Provides Kubernetes role information for findings that involve + // Roles or ClusterRoles + // (https://cloud.google.com/kubernetes-engine/docs/how-to/role-based-access-control). + Roles []*GoogleCloudSecuritycenterV2Role `json:"roles,omitempty"` + + // ForceSendFields is a list of field names (e.g. "AccessReviews") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "AccessReviews") to include + // in API requests with the JSON null value. By default, fields with + // empty values are omitted from API requests. However, any field with + // an empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2Kubernetes) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2Kubernetes + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2Label: Represents a generic name-value +// label. A label has separate name and value fields to support +// filtering with the `contains()` function. For more information, see +// Filtering on array-type fields +// (https://cloud.google.com/security-command-center/docs/how-to-api-list-findings#array-contains-filtering). +type GoogleCloudSecuritycenterV2Label struct { + // Name: Name of the label. + Name string `json:"name,omitempty"` + + // Value: Value that corresponds to the label's name. + Value string `json:"value,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Name") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Name") to include in API + // requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2Label) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2Label + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2LoadBalancer: Contains information related +// to the load balancer associated with the finding. +type GoogleCloudSecuritycenterV2LoadBalancer struct { + // Name: The name of the load balancer associated with the finding. + Name string `json:"name,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Name") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Name") to include in API + // requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2LoadBalancer) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2LoadBalancer + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2LogEntry: An individual entry in a log. +type GoogleCloudSecuritycenterV2LogEntry struct { + // CloudLoggingEntry: An individual entry in a log stored in Cloud + // Logging. + CloudLoggingEntry *GoogleCloudSecuritycenterV2CloudLoggingEntry `json:"cloudLoggingEntry,omitempty"` + + // ForceSendFields is a list of field names (e.g. "CloudLoggingEntry") + // to unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "CloudLoggingEntry") to + // include in API requests with the JSON null value. By default, fields + // with empty values are omitted from API requests. However, any field + // with an empty value appearing in NullFields will be sent to the + // server as null. It is an error if a field in this list has a + // non-empty value. This may be used to include null fields in Patch + // requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2LogEntry) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2LogEntry + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2MemoryHashSignature: A signature +// corresponding to memory page hashes. +type GoogleCloudSecuritycenterV2MemoryHashSignature struct { + // BinaryFamily: The binary family. + BinaryFamily string `json:"binaryFamily,omitempty"` + + // Detections: The list of memory hash detections contributing to the + // binary family match. + Detections []*GoogleCloudSecuritycenterV2Detection `json:"detections,omitempty"` + + // ForceSendFields is a list of field names (e.g. "BinaryFamily") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "BinaryFamily") to include + // in API requests with the JSON null value. By default, fields with + // empty values are omitted from API requests. However, any field with + // an empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2MemoryHashSignature) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2MemoryHashSignature + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2MitreAttack: MITRE ATT&CK tactics and +// techniques related to this finding. See: https://attack.mitre.org +type GoogleCloudSecuritycenterV2MitreAttack struct { + // AdditionalTactics: Additional MITRE ATT&CK tactics related to this + // finding, if any. + // + // Possible values: + // "TACTIC_UNSPECIFIED" - Unspecified value. + // "RECONNAISSANCE" - TA0043 + // "RESOURCE_DEVELOPMENT" - TA0042 + // "INITIAL_ACCESS" - TA0001 + // "EXECUTION" - TA0002 + // "PERSISTENCE" - TA0003 + // "PRIVILEGE_ESCALATION" - TA0004 + // "DEFENSE_EVASION" - TA0005 + // "CREDENTIAL_ACCESS" - TA0006 + // "DISCOVERY" - TA0007 + // "LATERAL_MOVEMENT" - TA0008 + // "COLLECTION" - TA0009 + // "COMMAND_AND_CONTROL" - TA0011 + // "EXFILTRATION" - TA0010 + // "IMPACT" - TA0040 + AdditionalTactics []string `json:"additionalTactics,omitempty"` + + // AdditionalTechniques: Additional MITRE ATT&CK techniques related to + // this finding, if any, along with any of their respective parent + // techniques. + // + // Possible values: + // "TECHNIQUE_UNSPECIFIED" - Unspecified value. + // "ACTIVE_SCANNING" - T1595 + // "SCANNING_IP_BLOCKS" - T1595.001 + // "INGRESS_TOOL_TRANSFER" - T1105 + // "NATIVE_API" - T1106 + // "SHARED_MODULES" - T1129 + // "COMMAND_AND_SCRIPTING_INTERPRETER" - T1059 + // "UNIX_SHELL" - T1059.004 + // "RESOURCE_HIJACKING" - T1496 + // "PROXY" - T1090 + // "EXTERNAL_PROXY" - T1090.002 + // "MULTI_HOP_PROXY" - T1090.003 + // "DYNAMIC_RESOLUTION" - T1568 + // "UNSECURED_CREDENTIALS" - T1552 + // "VALID_ACCOUNTS" - T1078 + // "LOCAL_ACCOUNTS" - T1078.003 + // "CLOUD_ACCOUNTS" - T1078.004 + // "NETWORK_DENIAL_OF_SERVICE" - T1498 + // "PERMISSION_GROUPS_DISCOVERY" - T1069 + // "CLOUD_GROUPS" - T1069.003 + // "EXFILTRATION_OVER_WEB_SERVICE" - T1567 + // "EXFILTRATION_TO_CLOUD_STORAGE" - T1567.002 + // "ACCOUNT_MANIPULATION" - T1098 + // "SSH_AUTHORIZED_KEYS" - T1098.004 + // "CREATE_OR_MODIFY_SYSTEM_PROCESS" - T1543 + // "STEAL_WEB_SESSION_COOKIE" - T1539 + // "MODIFY_CLOUD_COMPUTE_INFRASTRUCTURE" - T1578 + // "EXPLOIT_PUBLIC_FACING_APPLICATION" - T1190 + // "MODIFY_AUTHENTICATION_PROCESS" - T1556 + // "DATA_DESTRUCTION" - T1485 + // "DOMAIN_POLICY_MODIFICATION" - T1484 + // "IMPAIR_DEFENSES" - T1562 + // "NETWORK_SERVICE_DISCOVERY" - T1046 + // "ACCESS_TOKEN_MANIPULATION" - T1134 + // "ABUSE_ELEVATION_CONTROL_MECHANISM" - T1548 + // "DEFAULT_ACCOUNTS" - T1078.001 + // "INHIBIT_SYSTEM_RECOVERY" - T1490 + AdditionalTechniques []string `json:"additionalTechniques,omitempty"` + + // PrimaryTactic: The MITRE ATT&CK tactic most closely represented by + // this finding, if any. + // + // Possible values: + // "TACTIC_UNSPECIFIED" - Unspecified value. + // "RECONNAISSANCE" - TA0043 + // "RESOURCE_DEVELOPMENT" - TA0042 + // "INITIAL_ACCESS" - TA0001 + // "EXECUTION" - TA0002 + // "PERSISTENCE" - TA0003 + // "PRIVILEGE_ESCALATION" - TA0004 + // "DEFENSE_EVASION" - TA0005 + // "CREDENTIAL_ACCESS" - TA0006 + // "DISCOVERY" - TA0007 + // "LATERAL_MOVEMENT" - TA0008 + // "COLLECTION" - TA0009 + // "COMMAND_AND_CONTROL" - TA0011 + // "EXFILTRATION" - TA0010 + // "IMPACT" - TA0040 + PrimaryTactic string `json:"primaryTactic,omitempty"` + + // PrimaryTechniques: The MITRE ATT&CK technique most closely + // represented by this finding, if any. primary_techniques is a repeated + // field because there are multiple levels of MITRE ATT&CK techniques. + // If the technique most closely represented by this finding is a + // sub-technique (e.g. `SCANNING_IP_BLOCKS`), both the sub-technique and + // its parent technique(s) will be listed (e.g. `SCANNING_IP_BLOCKS`, + // `ACTIVE_SCANNING`). + // + // Possible values: + // "TECHNIQUE_UNSPECIFIED" - Unspecified value. + // "ACTIVE_SCANNING" - T1595 + // "SCANNING_IP_BLOCKS" - T1595.001 + // "INGRESS_TOOL_TRANSFER" - T1105 + // "NATIVE_API" - T1106 + // "SHARED_MODULES" - T1129 + // "COMMAND_AND_SCRIPTING_INTERPRETER" - T1059 + // "UNIX_SHELL" - T1059.004 + // "RESOURCE_HIJACKING" - T1496 + // "PROXY" - T1090 + // "EXTERNAL_PROXY" - T1090.002 + // "MULTI_HOP_PROXY" - T1090.003 + // "DYNAMIC_RESOLUTION" - T1568 + // "UNSECURED_CREDENTIALS" - T1552 + // "VALID_ACCOUNTS" - T1078 + // "LOCAL_ACCOUNTS" - T1078.003 + // "CLOUD_ACCOUNTS" - T1078.004 + // "NETWORK_DENIAL_OF_SERVICE" - T1498 + // "PERMISSION_GROUPS_DISCOVERY" - T1069 + // "CLOUD_GROUPS" - T1069.003 + // "EXFILTRATION_OVER_WEB_SERVICE" - T1567 + // "EXFILTRATION_TO_CLOUD_STORAGE" - T1567.002 + // "ACCOUNT_MANIPULATION" - T1098 + // "SSH_AUTHORIZED_KEYS" - T1098.004 + // "CREATE_OR_MODIFY_SYSTEM_PROCESS" - T1543 + // "STEAL_WEB_SESSION_COOKIE" - T1539 + // "MODIFY_CLOUD_COMPUTE_INFRASTRUCTURE" - T1578 + // "EXPLOIT_PUBLIC_FACING_APPLICATION" - T1190 + // "MODIFY_AUTHENTICATION_PROCESS" - T1556 + // "DATA_DESTRUCTION" - T1485 + // "DOMAIN_POLICY_MODIFICATION" - T1484 + // "IMPAIR_DEFENSES" - T1562 + // "NETWORK_SERVICE_DISCOVERY" - T1046 + // "ACCESS_TOKEN_MANIPULATION" - T1134 + // "ABUSE_ELEVATION_CONTROL_MECHANISM" - T1548 + // "DEFAULT_ACCOUNTS" - T1078.001 + // "INHIBIT_SYSTEM_RECOVERY" - T1490 + PrimaryTechniques []string `json:"primaryTechniques,omitempty"` + + // Version: The MITRE ATT&CK version referenced by the above fields. + // E.g. "8". + Version string `json:"version,omitempty"` + + // ForceSendFields is a list of field names (e.g. "AdditionalTactics") + // to unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "AdditionalTactics") to + // include in API requests with the JSON null value. By default, fields + // with empty values are omitted from API requests. However, any field + // with an empty value appearing in NullFields will be sent to the + // server as null. It is an error if a field in this list has a + // non-empty value. This may be used to include null fields in Patch + // requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2MitreAttack) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2MitreAttack + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2MuteConfig: A mute config is a Cloud SCC +// resource that contains the configuration to mute create/update events +// of findings. +type GoogleCloudSecuritycenterV2MuteConfig struct { + // CreateTime: Output only. The time at which the mute config was + // created. This field is set by the server and will be ignored if + // provided on config creation. + CreateTime string `json:"createTime,omitempty"` + + // Description: A description of the mute config. + Description string `json:"description,omitempty"` + + // Filter: Required. An expression that defines the filter to apply + // across create/update events of findings. While creating a filter + // string, be mindful of the scope in which the mute configuration is + // being created. E.g., If a filter contains project = X but is created + // under the project = Y scope, it might not match any findings. The + // following field and operator combinations are supported: * severity: + // `=`, `:` * category: `=`, `:` * resource.name: `=`, `:` * + // resource.project_name: `=`, `:` * resource.project_display_name: `=`, + // `:` * resource.folders.resource_folder: `=`, `:` * + // resource.parent_name: `=`, `:` * resource.parent_display_name: `=`, + // `:` * resource.type: `=`, `:` * finding_class: `=`, `:` * + // indicator.ip_addresses: `=`, `:` * indicator.domains: `=`, `:` + Filter string `json:"filter,omitempty"` + + // MostRecentEditor: Output only. Email address of the user who last + // edited the mute config. This field is set by the server and will be + // ignored if provided on config creation or update. + MostRecentEditor string `json:"mostRecentEditor,omitempty"` + + // Name: This field will be ignored if provided on config creation. The + // following list shows some examples of the format: + + // `organizations/{organization}/muteConfigs/{mute_config}` + + // `organizations/{organization}locations/{location}//muteConfigs/{mute_c + // onfig}` + `folders/{folder}/muteConfigs/{mute_config}` + + // `folders/{folder}/locations/{location}/muteConfigs/{mute_config}` + + // `projects/{project}/muteConfigs/{mute_config}` + + // `projects/{project}/locations/{location}/muteConfigs/{mute_config}` + Name string `json:"name,omitempty"` + + // UpdateTime: Output only. The most recent time at which the mute + // config was updated. This field is set by the server and will be + // ignored if provided on config creation or update. + UpdateTime string `json:"updateTime,omitempty"` + + // ForceSendFields is a list of field names (e.g. "CreateTime") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "CreateTime") to include in + // API requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2MuteConfig) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2MuteConfig + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2Node: Kubernetes nodes associated with the +// finding. +type GoogleCloudSecuritycenterV2Node struct { + // Name: Full resource name + // (https://google.aip.dev/122#full-resource-names) of the Compute + // Engine VM running the cluster node. + Name string `json:"name,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Name") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Name") to include in API + // requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2Node) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2Node + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2NodePool: Provides GKE node pool +// information. +type GoogleCloudSecuritycenterV2NodePool struct { + // Name: Kubernetes node pool name. + Name string `json:"name,omitempty"` + + // Nodes: Nodes associated with the finding. + Nodes []*GoogleCloudSecuritycenterV2Node `json:"nodes,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Name") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Name") to include in API + // requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2NodePool) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2NodePool + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2NotificationMessage: Cloud SCC's +// Notification +type GoogleCloudSecuritycenterV2NotificationMessage struct { + // Finding: If it's a Finding based notification config, this field will + // be populated. + Finding *GoogleCloudSecuritycenterV2Finding `json:"finding,omitempty"` + + // NotificationConfigName: Name of the notification config that + // generated current notification. + NotificationConfigName string `json:"notificationConfigName,omitempty"` + + // Resource: The Cloud resource tied to this notification's Finding. + Resource *GoogleCloudSecuritycenterV2Resource `json:"resource,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Finding") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Finding") to include in + // API requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2NotificationMessage) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2NotificationMessage + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2Object: Kubernetes object related to the +// finding, uniquely identified by GKNN. Used if the object Kind is not +// one of Pod, Node, NodePool, Binding, or AccessReview. +type GoogleCloudSecuritycenterV2Object struct { + // Containers: Pod containers associated with this finding, if any. + Containers []*GoogleCloudSecuritycenterV2Container `json:"containers,omitempty"` + + // Group: Kubernetes object group, such as "policy.k8s.io/v1". + Group string `json:"group,omitempty"` + + // Kind: Kubernetes object kind, such as "Namespace". + Kind string `json:"kind,omitempty"` + + // Name: Kubernetes object name. For details see + // https://kubernetes.io/docs/concepts/overview/working-with-objects/names/. + Name string `json:"name,omitempty"` + + // Ns: Kubernetes object namespace. Must be a valid DNS label. Named + // "ns" to avoid collision with C++ namespace keyword. For details see + // https://kubernetes.io/docs/tasks/administer-cluster/namespaces/. + Ns string `json:"ns,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Containers") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Containers") to include in + // API requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2Object) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2Object + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2OrgPolicy: Contains information about the +// org policies associated with the finding. +type GoogleCloudSecuritycenterV2OrgPolicy struct { + // Name: The resource name of the org policy. Example: + // "organizations/{organization_id}/policies/{constraint_name}" + Name string `json:"name,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Name") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Name") to include in API + // requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2OrgPolicy) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2OrgPolicy + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2Pod: A Kubernetes Pod. +type GoogleCloudSecuritycenterV2Pod struct { + // Containers: Pod containers associated with this finding, if any. + Containers []*GoogleCloudSecuritycenterV2Container `json:"containers,omitempty"` + + // Labels: Pod labels. For Kubernetes containers, these are applied to + // the container. + Labels []*GoogleCloudSecuritycenterV2Label `json:"labels,omitempty"` + + // Name: Kubernetes Pod name. + Name string `json:"name,omitempty"` + + // Ns: Kubernetes Pod namespace. + Ns string `json:"ns,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Containers") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Containers") to include in + // API requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2Pod) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2Pod + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2Process: Represents an operating system +// process. +type GoogleCloudSecuritycenterV2Process struct { + // Args: Process arguments as JSON encoded strings. + Args []string `json:"args,omitempty"` + + // ArgumentsTruncated: True if `args` is incomplete. + ArgumentsTruncated bool `json:"argumentsTruncated,omitempty"` + + // Binary: File information for the process executable. + Binary *GoogleCloudSecuritycenterV2File `json:"binary,omitempty"` + + // EnvVariables: Process environment variables. + EnvVariables []*GoogleCloudSecuritycenterV2EnvironmentVariable `json:"envVariables,omitempty"` + + // EnvVariablesTruncated: True if `env_variables` is incomplete. + EnvVariablesTruncated bool `json:"envVariablesTruncated,omitempty"` + + // Libraries: File information for libraries loaded by the process. + Libraries []*GoogleCloudSecuritycenterV2File `json:"libraries,omitempty"` + + // Name: The process name, as displayed in utilities like `top` and + // `ps`. This name can be accessed through `/proc/[pid]/comm` and + // changed with `prctl(PR_SET_NAME)`. + Name string `json:"name,omitempty"` + + // ParentPid: The parent process ID. + ParentPid int64 `json:"parentPid,omitempty,string"` + + // Pid: The process ID. + Pid int64 `json:"pid,omitempty,string"` + + // Script: When the process represents the invocation of a script, + // `binary` provides information about the interpreter, while `script` + // provides information about the script file provided to the + // interpreter. + Script *GoogleCloudSecuritycenterV2File `json:"script,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Args") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Args") to include in API + // requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2Process) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2Process + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2ProcessSignature: Indicates what signature +// matched this process. +type GoogleCloudSecuritycenterV2ProcessSignature struct { + // MemoryHashSignature: Signature indicating that a binary family was + // matched. + MemoryHashSignature *GoogleCloudSecuritycenterV2MemoryHashSignature `json:"memoryHashSignature,omitempty"` + + // YaraRuleSignature: Signature indicating that a YARA rule was matched. + YaraRuleSignature *GoogleCloudSecuritycenterV2YaraRuleSignature `json:"yaraRuleSignature,omitempty"` + + // ForceSendFields is a list of field names (e.g. "MemoryHashSignature") + // to unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "MemoryHashSignature") to + // include in API requests with the JSON null value. By default, fields + // with empty values are omitted from API requests. However, any field + // with an empty value appearing in NullFields will be sent to the + // server as null. It is an error if a field in this list has a + // non-empty value. This may be used to include null fields in Patch + // requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2ProcessSignature) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2ProcessSignature + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2Reference: Additional Links +type GoogleCloudSecuritycenterV2Reference struct { + // Source: Source of the reference e.g. NVD + Source string `json:"source,omitempty"` + + // Uri: Uri for the mentioned source e.g. + // https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34527. + Uri string `json:"uri,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Source") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Source") to include in API + // requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2Reference) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2Reference + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2Resource: Information related to the +// Google Cloud resource. +type GoogleCloudSecuritycenterV2Resource struct { + // DisplayName: The human readable name of the resource. + DisplayName string `json:"displayName,omitempty"` + + // Name: The full resource name of the resource. See: + // https://cloud.google.com/apis/design/resource_names#full_resource_name + Name string `json:"name,omitempty"` + + // Type: The full resource type of the resource. + Type string `json:"type,omitempty"` + + // ForceSendFields is a list of field names (e.g. "DisplayName") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "DisplayName") to include + // in API requests with the JSON null value. By default, fields with + // empty values are omitted from API requests. However, any field with + // an empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2Resource) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2Resource + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2ResourceValueConfig: A resource value +// config (RVC) is a mapping configuration of user's resources to +// resource values. Used in Attack path simulations. +type GoogleCloudSecuritycenterV2ResourceValueConfig struct { + // CreateTime: Output only. Timestamp this resource value config was + // created. + CreateTime string `json:"createTime,omitempty"` + + // Description: Description of the resource value config. + Description string `json:"description,omitempty"` + + // Name: Name for the resource value config + Name string `json:"name,omitempty"` + + // ResourceLabelsSelector: List of resource labels to search for, + // evaluated with AND. E.g. "resource_labels_selector": {"key": "value", + // "env": "prod"} will match resources with labels "key": "value" AND + // "env": "prod" + // https://cloud.google.com/resource-manager/docs/creating-managing-labels + ResourceLabelsSelector map[string]string `json:"resourceLabelsSelector,omitempty"` + + // ResourceType: Apply resource_value only to resources that match + // resource_type. resource_type will be checked with "AND" of other + // resources. E.g. "storage.googleapis.com/Bucket" with resource_value + // "HIGH" will apply "HIGH" value only to + // "storage.googleapis.com/Bucket" resources. + ResourceType string `json:"resourceType,omitempty"` + + // ResourceValue: Required. Resource value level this expression + // represents + // + // Possible values: + // "RESOURCE_VALUE_UNSPECIFIED" - Unspecific value + // "HIGH" - High resource value + // "MEDIUM" - Medium resource value + // "LOW" - Low resource value + // "NONE" - No resource value, e.g. ignore these resources + ResourceValue string `json:"resourceValue,omitempty"` + + // Scope: Project or folder to scope this config to. For example, + // "project/456" would apply this config only to resources in + // "project/456" scope will be checked with "AND" of other resources. + Scope string `json:"scope,omitempty"` + + // TagValues: Required. Tag values combined with AND to check against. + // Values in the form "tagValues/123" E.g. [ "tagValues/123", + // "tagValues/456", "tagValues/789" ] + // https://cloud.google.com/resource-manager/docs/tags/tags-creating-and-managing + TagValues []string `json:"tagValues,omitempty"` + + // UpdateTime: Output only. Timestamp this resource value config was + // last updated. + UpdateTime string `json:"updateTime,omitempty"` + + // ForceSendFields is a list of field names (e.g. "CreateTime") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "CreateTime") to include in + // API requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2ResourceValueConfig) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2ResourceValueConfig + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2Role: Kubernetes Role or ClusterRole. +type GoogleCloudSecuritycenterV2Role struct { + // Kind: Role type. + // + // Possible values: + // "KIND_UNSPECIFIED" - Role type is not specified. + // "ROLE" - Kubernetes Role. + // "CLUSTER_ROLE" - Kubernetes ClusterRole. + Kind string `json:"kind,omitempty"` + + // Name: Role name. + Name string `json:"name,omitempty"` + + // Ns: Role namespace. + Ns string `json:"ns,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Kind") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Kind") to include in API + // requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2Role) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2Role + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2SecurityMarks: User specified security +// marks that are attached to the parent Security Command Center +// resource. Security marks are scoped within a Security Command Center +// organization -- they can be modified and viewed by all users who have +// proper permissions on the organization. +type GoogleCloudSecuritycenterV2SecurityMarks struct { + // CanonicalName: The canonical name of the marks. The following list + // shows some examples: + + // `organizations/{organization_id}/assets/{asset_id}/securityMarks" + + // `organizations/{organization_id}/sources/{source_id}/findings/{finding + // _id}/securityMarks" + + // `organizations/{organization_id}/sources/{source_id}/locations/{locati + // on}/findings/{finding_id}/securityMarks" + + // `folders/{folder_id}/assets/{asset_id}/securityMarks" + + // `folders/{folder_id}/sources/{source_id}/findings/{finding_id}/securit + // yMarks" + + // `folders/{folder_id}/sources/{source_id}/locations/{location}/findings + // /{finding_id}/securityMarks" + + // `projects/{project_number}/assets/{asset_id}/securityMarks" + + // `projects/{project_number}/sources/{source_id}/findings/{finding_id}/s + // ecurityMarks" + + // `projects/{project_number}/sources/{source_id}/locations/{location}/fi + // ndings/{finding_id}/securityMarks" + CanonicalName string `json:"canonicalName,omitempty"` + + // Marks: Mutable user specified security marks belonging to the parent + // resource. Constraints are as follows: * Keys and values are treated + // as case insensitive * Keys must be between 1 - 256 characters + // (inclusive) * Keys must be letters, numbers, underscores, or dashes * + // Values have leading and trailing whitespace trimmed, remaining + // characters must be between 1 - 4096 characters (inclusive) + Marks map[string]string `json:"marks,omitempty"` + + // Name: The relative resource name of the SecurityMarks. See: + // https://cloud.google.com/apis/design/resource_names#relative_resource_name + // The following list shows some examples: + + // `organizations/{organization_id}/assets/{asset_id}/securityMarks` + + // `organizations/{organization_id}/sources/{source_id}/findings/{finding + // _id}/securityMarks` + + // `organizations/{organization_id}/sources/{source_id}/locations/{locati + // on}/findings/{finding_id}/securityMarks` + Name string `json:"name,omitempty"` + + // ForceSendFields is a list of field names (e.g. "CanonicalName") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "CanonicalName") to include + // in API requests with the JSON null value. By default, fields with + // empty values are omitted from API requests. However, any field with + // an empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2SecurityMarks) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2SecurityMarks + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2SecurityPosture: Represents a posture that +// is deployed on Google Cloud by the Security Command Center Posture +// Management service. A posture contains one or more policy sets. A +// policy set is a group of policies that enforce a set of security +// rules on Google Cloud. +type GoogleCloudSecuritycenterV2SecurityPosture struct { + // ChangedPolicy: The name of the policy that has been updated, for + // example, `projects/{project_id}/policies/{constraint_name}`. + ChangedPolicy string `json:"changedPolicy,omitempty"` + + // Name: Name of the posture, for example, + // `organizations/{org_id}/locations/{location}/postures/{posture_name}`. + Name string `json:"name,omitempty"` + + // PostureDeployment: The name of the posture deployment, for example, + // `projects/{project_id}/posturedeployments/{posture_deployment_id}`. + PostureDeployment string `json:"postureDeployment,omitempty"` + + // PostureDeploymentResource: The project, folder, or organization on + // which the posture is deployed, for example, `projects/{project_id}`. + PostureDeploymentResource string `json:"postureDeploymentResource,omitempty"` + + // RevisionId: The version of the posture, for example, `c7cfa2a8`. + RevisionId string `json:"revisionId,omitempty"` + + // ForceSendFields is a list of field names (e.g. "ChangedPolicy") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "ChangedPolicy") to include + // in API requests with the JSON null value. By default, fields with + // empty values are omitted from API requests. However, any field with + // an empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2SecurityPosture) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2SecurityPosture + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2ServiceAccountDelegationInfo: Identity +// delegation history of an authenticated service account. +type GoogleCloudSecuritycenterV2ServiceAccountDelegationInfo struct { + // PrincipalEmail: The email address of a Google account. + PrincipalEmail string `json:"principalEmail,omitempty"` + + // PrincipalSubject: A string representing the principal_subject + // associated with the identity. As compared to `principal_email`, + // supports principals that aren't associated with email addresses, such + // as third party principals. For most identities, the format will be + // `principal://iam.googleapis.com/{identity pool + // name}/subjects/{subject}` except for some GKE identities + // (GKE_WORKLOAD, FREEFORM, GKE_HUB_WORKLOAD) that are still in the + // legacy format `serviceAccount:{identity pool name}[{subject}]` + PrincipalSubject string `json:"principalSubject,omitempty"` + + // ForceSendFields is a list of field names (e.g. "PrincipalEmail") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "PrincipalEmail") to + // include in API requests with the JSON null value. By default, fields + // with empty values are omitted from API requests. However, any field + // with an empty value appearing in NullFields will be sent to the + // server as null. It is an error if a field in this list has a + // non-empty value. This may be used to include null fields in Patch + // requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2ServiceAccountDelegationInfo) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2ServiceAccountDelegationInfo raw := NoMethod(*s) return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) } -// GoogleCloudSecuritycenterV1p1beta1Resource: Information related to -// the Google Cloud resource. -type GoogleCloudSecuritycenterV1p1beta1Resource struct { - // Folders: Output only. Contains a Folder message for each folder in - // the assets ancestry. The first folder is the deepest nested folder, - // and the last folder is the folder directly under the Organization. - Folders []*GoogleCloudSecuritycenterV1p1beta1Folder `json:"folders,omitempty"` +// GoogleCloudSecuritycenterV2Subject: Represents a Kubernetes subject. +type GoogleCloudSecuritycenterV2Subject struct { + // Kind: Authentication type for the subject. + // + // Possible values: + // "AUTH_TYPE_UNSPECIFIED" - Authentication is not specified. + // "USER" - User with valid certificate. + // "SERVICEACCOUNT" - Users managed by Kubernetes API with credentials + // stored as secrets. + // "GROUP" - Collection of users. + Kind string `json:"kind,omitempty"` - // Name: The full resource name of the resource. See: - // https://cloud.google.com/apis/design/resource_names#full_resource_name + // Name: Name for the subject. Name string `json:"name,omitempty"` - // Parent: The full resource name of resource's parent. - Parent string `json:"parent,omitempty"` - - // ParentDisplayName: The human readable name of resource's parent. - ParentDisplayName string `json:"parentDisplayName,omitempty"` - - // Project: The full resource name of project that the resource belongs - // to. - Project string `json:"project,omitempty"` - - // ProjectDisplayName: The project id that the resource belongs to. - ProjectDisplayName string `json:"projectDisplayName,omitempty"` + // Ns: Namespace for the subject. + Ns string `json:"ns,omitempty"` - // ForceSendFields is a list of field names (e.g. "Folders") to + // ForceSendFields is a list of field names (e.g. "Kind") to // unconditionally include in API requests. By default, fields with // empty or default values are omitted from API requests. However, any // non-pointer, non-interface field appearing in ForceSendFields will be @@ -4077,8 +7282,8 @@ type GoogleCloudSecuritycenterV1p1beta1Resource struct { // This may be used to include empty fields in Patch requests. ForceSendFields []string `json:"-"` - // NullFields is a list of field names (e.g. "Folders") to include in - // API requests with the JSON null value. By default, fields with empty + // NullFields is a list of field names (e.g. "Kind") to include in API + // requests with the JSON null value. By default, fields with empty // values are omitted from API requests. However, any field with an // empty value appearing in NullFields will be sent to the server as // null. It is an error if a field in this list has a non-empty value. @@ -4086,30 +7291,20 @@ type GoogleCloudSecuritycenterV1p1beta1Resource struct { NullFields []string `json:"-"` } -func (s *GoogleCloudSecuritycenterV1p1beta1Resource) MarshalJSON() ([]byte, error) { - type NoMethod GoogleCloudSecuritycenterV1p1beta1Resource +func (s *GoogleCloudSecuritycenterV2Subject) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2Subject raw := NoMethod(*s) return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) } -// GoogleCloudSecuritycenterV1p1beta1RunAssetDiscoveryResponse: Response -// of asset discovery run -type GoogleCloudSecuritycenterV1p1beta1RunAssetDiscoveryResponse struct { - // Duration: The duration between asset discovery run start and end - Duration string `json:"duration,omitempty"` - - // State: The state of an asset discovery run. - // - // Possible values: - // "STATE_UNSPECIFIED" - Asset discovery run state was unspecified. - // "COMPLETED" - Asset discovery run completed successfully. - // "SUPERSEDED" - Asset discovery run was cancelled with tasks still - // pending, as another run for the same organization was started with a - // higher priority. - // "TERMINATED" - Asset discovery run was killed and terminated. - State string `json:"state,omitempty"` +// GoogleCloudSecuritycenterV2Vulnerability: Refers to common +// vulnerability fields e.g. cve, cvss, cwe etc. +type GoogleCloudSecuritycenterV2Vulnerability struct { + // Cve: CVE stands for Common Vulnerabilities and Exposures + // (https://cve.mitre.org/about/) + Cve *GoogleCloudSecuritycenterV2Cve `json:"cve,omitempty"` - // ForceSendFields is a list of field names (e.g. "Duration") to + // ForceSendFields is a list of field names (e.g. "Cve") to // unconditionally include in API requests. By default, fields with // empty or default values are omitted from API requests. However, any // non-pointer, non-interface field appearing in ForceSendFields will be @@ -4117,8 +7312,8 @@ type GoogleCloudSecuritycenterV1p1beta1RunAssetDiscoveryResponse struct { // This may be used to include empty fields in Patch requests. ForceSendFields []string `json:"-"` - // NullFields is a list of field names (e.g. "Duration") to include in - // API requests with the JSON null value. By default, fields with empty + // NullFields is a list of field names (e.g. "Cve") to include in API + // requests with the JSON null value. By default, fields with empty // values are omitted from API requests. However, any field with an // empty value appearing in NullFields will be sent to the server as // null. It is an error if a field in this list has a non-empty value. @@ -4126,47 +7321,19 @@ type GoogleCloudSecuritycenterV1p1beta1RunAssetDiscoveryResponse struct { NullFields []string `json:"-"` } -func (s *GoogleCloudSecuritycenterV1p1beta1RunAssetDiscoveryResponse) MarshalJSON() ([]byte, error) { - type NoMethod GoogleCloudSecuritycenterV1p1beta1RunAssetDiscoveryResponse +func (s *GoogleCloudSecuritycenterV2Vulnerability) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2Vulnerability raw := NoMethod(*s) return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) } -// GoogleCloudSecuritycenterV1p1beta1SecurityMarks: User specified -// security marks that are attached to the parent Security Command -// Center resource. Security marks are scoped within a Security Command -// Center organization -- they can be modified and viewed by all users -// who have proper permissions on the organization. -type GoogleCloudSecuritycenterV1p1beta1SecurityMarks struct { - // CanonicalName: The canonical name of the marks. Examples: - // "organizations/{organization_id}/assets/{asset_id}/securityMarks" - // "folders/{folder_id}/assets/{asset_id}/securityMarks" - // "projects/{project_number}/assets/{asset_id}/securityMarks" - // "organizations/{organization_id}/sources/{source_id}/findings/{finding - // _id}/securityMarks" - // "folders/{folder_id}/sources/{source_id}/findings/{finding_id}/securit - // yMarks" - // "projects/{project_number}/sources/{source_id}/findings/{finding_id}/s - // ecurityMarks" - CanonicalName string `json:"canonicalName,omitempty"` - - // Marks: Mutable user specified security marks belonging to the parent - // resource. Constraints are as follows: * Keys and values are treated - // as case insensitive * Keys must be between 1 - 256 characters - // (inclusive) * Keys must be letters, numbers, underscores, or dashes * - // Values have leading and trailing whitespace trimmed, remaining - // characters must be between 1 - 4096 characters (inclusive) - Marks map[string]string `json:"marks,omitempty"` - - // Name: The relative resource name of the SecurityMarks. See: - // https://cloud.google.com/apis/design/resource_names#relative_resource_name - // Examples: - // "organizations/{organization_id}/assets/{asset_id}/securityMarks" - // "organizations/{organization_id}/sources/{source_id}/findings/{finding - // _id}/securityMarks". - Name string `json:"name,omitempty"` +// GoogleCloudSecuritycenterV2YaraRuleSignature: A signature +// corresponding to a YARA rule. +type GoogleCloudSecuritycenterV2YaraRuleSignature struct { + // YaraRule: The name of the YARA rule. + YaraRule string `json:"yaraRule,omitempty"` - // ForceSendFields is a list of field names (e.g. "CanonicalName") to + // ForceSendFields is a list of field names (e.g. "YaraRule") to // unconditionally include in API requests. By default, fields with // empty or default values are omitted from API requests. However, any // non-pointer, non-interface field appearing in ForceSendFields will be @@ -4174,17 +7341,17 @@ type GoogleCloudSecuritycenterV1p1beta1SecurityMarks struct { // This may be used to include empty fields in Patch requests. ForceSendFields []string `json:"-"` - // NullFields is a list of field names (e.g. "CanonicalName") to include - // in API requests with the JSON null value. By default, fields with - // empty values are omitted from API requests. However, any field with - // an empty value appearing in NullFields will be sent to the server as + // NullFields is a list of field names (e.g. "YaraRule") to include in + // API requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as // null. It is an error if a field in this list has a non-empty value. // This may be used to include null fields in Patch requests. NullFields []string `json:"-"` } -func (s *GoogleCloudSecuritycenterV1p1beta1SecurityMarks) MarshalJSON() ([]byte, error) { - type NoMethod GoogleCloudSecuritycenterV1p1beta1SecurityMarks +func (s *GoogleCloudSecuritycenterV2YaraRuleSignature) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2YaraRuleSignature raw := NoMethod(*s) return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) } @@ -5823,7 +8990,7 @@ type Object struct { // Group: Kubernetes object group, such as "policy.k8s.io/v1". Group string `json:"group,omitempty"` - // Kind: Kubernetes object kind, such as “Namespace”. + // Kind: Kubernetes object kind, such as "Namespace". Kind string `json:"kind,omitempty"` // Name: Kubernetes object name. For details see @@ -6795,7 +9962,7 @@ func (s *SetMuteRequest) MarshalJSON() ([]byte, error) { // to simulate a CustomConfig against a given test resource. Maximum // size of the request is 4 MB by default. type SimulateSecurityHealthAnalyticsCustomModuleRequest struct { - // CustomConfig: Required. The user specified custom configuration to + // CustomConfig: Required. The custom configuration that you need to // test. CustomConfig *GoogleCloudSecuritycenterV1CustomConfig `json:"customConfig,omitempty"` @@ -6826,8 +9993,8 @@ func (s *SimulateSecurityHealthAnalyticsCustomModuleRequest) MarshalJSON() ([]by } // SimulateSecurityHealthAnalyticsCustomModuleResponse: Response message -// for simulating a SecurityHealthAnalyticsCustomModule against a given -// resource. +// for simulating a `SecurityHealthAnalyticsCustomModule` against a +// given resource. type SimulateSecurityHealthAnalyticsCustomModuleResponse struct { // Result: Result for test case in the corresponding request. Result *SimulatedResult `json:"result,omitempty"` @@ -6859,18 +10026,19 @@ func (s *SimulateSecurityHealthAnalyticsCustomModuleResponse) MarshalJSON() ([]b return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) } -// SimulatedResource: Manually constructed resource. If the custom -// module only evaluates against the resource data, the iam_policy_data -// field can be omitted, and vice versa. +// SimulatedResource: Manually constructed resource name. If the custom +// module evaluates against only the resource data, you can omit the +// `iam_policy_data` field. If it evaluates only the `iam_policy_data` +// field, you can omit the resource data. type SimulatedResource struct { // IamPolicyData: Optional. A representation of the IAM policy. IamPolicyData *Policy `json:"iamPolicyData,omitempty"` - // ResourceData: Optional. A representation of the GCP resource. Should - // match the GCP resource JSON format. + // ResourceData: Optional. A representation of the Google Cloud + // resource. Should match the Google Cloud resource JSON format. ResourceData googleapi.RawMessage `json:"resourceData,omitempty"` - // ResourceType: Required. The type of the resource, e.g. + // ResourceType: Required. The type of the resource, for example, // `compute.googleapis.com/Disk`. ResourceType string `json:"resourceType,omitempty"` @@ -7327,6 +10495,10 @@ type ValuedResource struct { // 100. ResourceValueConfigsUsed []*ResourceValueConfigMetadata `json:"resourceValueConfigsUsed,omitempty"` + // ServerResponse contains the HTTP response code and headers from the + // server. + googleapi.ServerResponse `json:"-"` + // ForceSendFields is a list of field names (e.g. "DisplayName") to // unconditionally include in API requests. By default, fields with // empty or default values are omitted from API requests. However, any @@ -12163,9 +15335,10 @@ type FoldersSecurityHealthAnalyticsSettingsCustomModulesSimulateCall struct { // Resource. // // - parent: The relative resource name of the organization, project, or -// folder. See: -// https://cloud.google.com/apis/design/resource_names#relative_resource_name -// An example is: "organizations/{organization_id}". +// folder. For more information about relative resource names, see +// Relative Resource Name +// (https://cloud.google.com/apis/design/resource_names#relative_resource_name) +// Example: `organizations/{organization_id}`. func (r *FoldersSecurityHealthAnalyticsSettingsCustomModulesService) Simulate(parent string, simulatesecurityhealthanalyticscustommodulerequest *SimulateSecurityHealthAnalyticsCustomModuleRequest) *FoldersSecurityHealthAnalyticsSettingsCustomModulesSimulateCall { c := &FoldersSecurityHealthAnalyticsSettingsCustomModulesSimulateCall{s: r.s, urlParams_: make(gensupport.URLParams)} c.parent = parent @@ -12275,7 +15448,7 @@ func (c *FoldersSecurityHealthAnalyticsSettingsCustomModulesSimulateCall) Do(opt // ], // "parameters": { // "parent": { - // "description": "Required. The relative resource name of the organization, project, or folder. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name An example is: \"organizations/{organization_id}\".", + // "description": "Required. The relative resource name of the organization, project, or folder. For more information about relative resource names, see [Relative Resource Name](https://cloud.google.com/apis/design/resource_names#relative_resource_name) Example: `organizations/{organization_id}`", // "location": "path", // "pattern": "^folders/[^/]+/securityHealthAnalyticsSettings$", // "required": true, @@ -21697,9 +24870,10 @@ type OrganizationsSecurityHealthAnalyticsSettingsCustomModulesSimulateCall struc // Resource. // // - parent: The relative resource name of the organization, project, or -// folder. See: -// https://cloud.google.com/apis/design/resource_names#relative_resource_name -// An example is: "organizations/{organization_id}". +// folder. For more information about relative resource names, see +// Relative Resource Name +// (https://cloud.google.com/apis/design/resource_names#relative_resource_name) +// Example: `organizations/{organization_id}`. func (r *OrganizationsSecurityHealthAnalyticsSettingsCustomModulesService) Simulate(parent string, simulatesecurityhealthanalyticscustommodulerequest *SimulateSecurityHealthAnalyticsCustomModuleRequest) *OrganizationsSecurityHealthAnalyticsSettingsCustomModulesSimulateCall { c := &OrganizationsSecurityHealthAnalyticsSettingsCustomModulesSimulateCall{s: r.s, urlParams_: make(gensupport.URLParams)} c.parent = parent @@ -21809,7 +24983,7 @@ func (c *OrganizationsSecurityHealthAnalyticsSettingsCustomModulesSimulateCall) // ], // "parameters": { // "parent": { - // "description": "Required. The relative resource name of the organization, project, or folder. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name An example is: \"organizations/{organization_id}\".", + // "description": "Required. The relative resource name of the organization, project, or folder. For more information about relative resource names, see [Relative Resource Name](https://cloud.google.com/apis/design/resource_names#relative_resource_name) Example: `organizations/{organization_id}`", // "location": "path", // "pattern": "^organizations/[^/]+/securityHealthAnalyticsSettings$", // "required": true, @@ -22979,6 +26153,154 @@ func (c *OrganizationsSimulationsAttackPathsListCall) Pages(ctx context.Context, } } +// method id "securitycenter.organizations.simulations.valuedResources.get": + +type OrganizationsSimulationsValuedResourcesGetCall struct { + s *Service + name string + urlParams_ gensupport.URLParams + ifNoneMatch_ string + ctx_ context.Context + header_ http.Header +} + +// Get: Get the valued resource by name +// +// - name: The name of this valued resource Valid format: +// "organizations/{organization}/simulations/{simulation}/valuedResourc +// es/{valued_resource}". +func (r *OrganizationsSimulationsValuedResourcesService) Get(name string) *OrganizationsSimulationsValuedResourcesGetCall { + c := &OrganizationsSimulationsValuedResourcesGetCall{s: r.s, urlParams_: make(gensupport.URLParams)} + c.name = name + return c +} + +// Fields allows partial responses to be retrieved. See +// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse +// for more information. +func (c *OrganizationsSimulationsValuedResourcesGetCall) Fields(s ...googleapi.Field) *OrganizationsSimulationsValuedResourcesGetCall { + c.urlParams_.Set("fields", googleapi.CombineFields(s)) + return c +} + +// IfNoneMatch sets the optional parameter which makes the operation +// fail if the object's ETag matches the given value. This is useful for +// getting updates only after the object has changed since the last +// request. Use googleapi.IsNotModified to check whether the response +// error from Do is the result of In-None-Match. +func (c *OrganizationsSimulationsValuedResourcesGetCall) IfNoneMatch(entityTag string) *OrganizationsSimulationsValuedResourcesGetCall { + c.ifNoneMatch_ = entityTag + return c +} + +// Context sets the context to be used in this call's Do method. Any +// pending HTTP request will be aborted if the provided context is +// canceled. +func (c *OrganizationsSimulationsValuedResourcesGetCall) Context(ctx context.Context) *OrganizationsSimulationsValuedResourcesGetCall { + c.ctx_ = ctx + return c +} + +// Header returns an http.Header that can be modified by the caller to +// add HTTP headers to the request. +func (c *OrganizationsSimulationsValuedResourcesGetCall) Header() http.Header { + if c.header_ == nil { + c.header_ = make(http.Header) + } + return c.header_ +} + +func (c *OrganizationsSimulationsValuedResourcesGetCall) doRequest(alt string) (*http.Response, error) { + reqHeaders := make(http.Header) + reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version) + for k, v := range c.header_ { + reqHeaders[k] = v + } + reqHeaders.Set("User-Agent", c.s.userAgent()) + if c.ifNoneMatch_ != "" { + reqHeaders.Set("If-None-Match", c.ifNoneMatch_) + } + var body io.Reader = nil + c.urlParams_.Set("alt", alt) + c.urlParams_.Set("prettyPrint", "false") + urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}") + urls += "?" + c.urlParams_.Encode() + req, err := http.NewRequest("GET", urls, body) + if err != nil { + return nil, err + } + req.Header = reqHeaders + googleapi.Expand(req.URL, map[string]string{ + "name": c.name, + }) + return gensupport.SendRequest(c.ctx_, c.s.client, req) +} + +// Do executes the "securitycenter.organizations.simulations.valuedResources.get" call. +// Exactly one of *ValuedResource or error will be non-nil. Any non-2xx +// status code is an error. Response headers are in either +// *ValuedResource.ServerResponse.Header or (if a response was returned +// at all) in error.(*googleapi.Error).Header. Use +// googleapi.IsNotModified to check whether the returned error was +// because http.StatusNotModified was returned. +func (c *OrganizationsSimulationsValuedResourcesGetCall) Do(opts ...googleapi.CallOption) (*ValuedResource, error) { + gensupport.SetOptions(c.urlParams_, opts...) + res, err := c.doRequest("json") + if res != nil && res.StatusCode == http.StatusNotModified { + if res.Body != nil { + res.Body.Close() + } + return nil, gensupport.WrapError(&googleapi.Error{ + Code: res.StatusCode, + Header: res.Header, + }) + } + if err != nil { + return nil, err + } + defer googleapi.CloseBody(res) + if err := googleapi.CheckResponse(res); err != nil { + return nil, gensupport.WrapError(err) + } + ret := &ValuedResource{ + ServerResponse: googleapi.ServerResponse{ + Header: res.Header, + HTTPStatusCode: res.StatusCode, + }, + } + target := &ret + if err := gensupport.DecodeResponse(target, res); err != nil { + return nil, err + } + return ret, nil + // { + // "description": "Get the valued resource by name", + // "flatPath": "v1/organizations/{organizationsId}/simulations/{simulationsId}/valuedResources/{valuedResourcesId}", + // "httpMethod": "GET", + // "id": "securitycenter.organizations.simulations.valuedResources.get", + // "parameterOrder": [ + // "name" + // ], + // "parameters": { + // "name": { + // "description": "Required. The name of this valued resource Valid format: \"organizations/{organization}/simulations/{simulation}/valuedResources/{valued_resource}\"", + // "location": "path", + // "pattern": "^organizations/[^/]+/simulations/[^/]+/valuedResources/[^/]+$", + // "required": true, + // "type": "string" + // } + // }, + // "path": "v1/{+name}", + // "response": { + // "$ref": "ValuedResource" + // }, + // "scopes": [ + // "https://www.googleapis.com/auth/cloud-platform" + // ] + // } + +} + // method id "securitycenter.organizations.simulations.valuedResources.list": type OrganizationsSimulationsValuedResourcesListCall struct { @@ -30691,9 +34013,10 @@ type ProjectsSecurityHealthAnalyticsSettingsCustomModulesSimulateCall struct { // Resource. // // - parent: The relative resource name of the organization, project, or -// folder. See: -// https://cloud.google.com/apis/design/resource_names#relative_resource_name -// An example is: "organizations/{organization_id}". +// folder. For more information about relative resource names, see +// Relative Resource Name +// (https://cloud.google.com/apis/design/resource_names#relative_resource_name) +// Example: `organizations/{organization_id}`. func (r *ProjectsSecurityHealthAnalyticsSettingsCustomModulesService) Simulate(parent string, simulatesecurityhealthanalyticscustommodulerequest *SimulateSecurityHealthAnalyticsCustomModuleRequest) *ProjectsSecurityHealthAnalyticsSettingsCustomModulesSimulateCall { c := &ProjectsSecurityHealthAnalyticsSettingsCustomModulesSimulateCall{s: r.s, urlParams_: make(gensupport.URLParams)} c.parent = parent @@ -30803,7 +34126,7 @@ func (c *ProjectsSecurityHealthAnalyticsSettingsCustomModulesSimulateCall) Do(op // ], // "parameters": { // "parent": { - // "description": "Required. The relative resource name of the organization, project, or folder. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name An example is: \"organizations/{organization_id}\".", + // "description": "Required. The relative resource name of the organization, project, or folder. For more information about relative resource names, see [Relative Resource Name](https://cloud.google.com/apis/design/resource_names#relative_resource_name) Example: `organizations/{organization_id}`", // "location": "path", // "pattern": "^projects/[^/]+/securityHealthAnalyticsSettings$", // "required": true, diff --git a/securitycenter/v1beta1/securitycenter-api.json b/securitycenter/v1beta1/securitycenter-api.json index 309f7ce5d8c..309fcc29607 100644 --- a/securitycenter/v1beta1/securitycenter-api.json +++ b/securitycenter/v1beta1/securitycenter-api.json @@ -896,7 +896,7 @@ } } }, - "revision": "20231102", + "revision": "20231128", "rootUrl": "https://securitycenter.googleapis.com/", "schemas": { "Access": { @@ -988,6 +988,21 @@ }, "type": "object" }, + "Application": { + "description": "Represents an application associated with a finding.", + "id": "Application", + "properties": { + "baseUri": { + "description": "The base URI that identifies the network location of the application in which the vulnerability was detected. Examples: http://11.22.33.44, http://foo.com, http://11.22.33.44:8080", + "type": "string" + }, + "fullUri": { + "description": "The full URI with payload that can be used to reproduce the vulnerability. Example: http://11.22.33.44/reflected/parameter/attribute/singlequoted/js?p=aMmYgI6H", + "type": "string" + } + }, + "type": "object" + }, "Asset": { "description": "Security Command Center representation of a Google Cloud resource. The Asset is a Security Command Center resource that captures information about a single Google Cloud resource. All modifications to an Asset are only within the context of Security Command Center and don't affect the referenced Google Cloud resource.", "id": "Asset", @@ -1150,6 +1165,63 @@ }, "type": "object" }, + "BackupDisasterRecovery": { + "description": "Information related to Google Cloud Backup and DR Service findings.", + "id": "BackupDisasterRecovery", + "properties": { + "appliance": { + "description": "The name of the Backup and DR appliance that captures, moves, and manages the lifecycle of backup data. For example, “backup-server-57137”.", + "type": "string" + }, + "applications": { + "description": "The names of Backup and DR applications. An application is a VM, database, or file system on a managed host monitored by a backup and recovery appliance. For example, “centos7-01-vol00”, “centos7-01-vol01”, “centos7-01-vol02”.", + "items": { + "type": "string" + }, + "type": "array" + }, + "backupCreateTime": { + "description": "The timestamp at which the Backup and DR backup was created.", + "format": "google-datetime", + "type": "string" + }, + "backupTemplate": { + "description": "The name of a Backup and DR template which comprises one or more backup policies. See the [Backup and DR documentation](https://cloud.google.com/backup-disaster-recovery/docs/concepts/backup-plan#temp) for more information. For example, “snap-ov”.", + "type": "string" + }, + "backupType": { + "description": "The backup type of the Backup and DR image. For example, “Snapshot”, “Remote Snapshot”, “OnVault”.", + "type": "string" + }, + "host": { + "description": "The name of a Backup and DR host, which is managed by the backup and recovery appliance and known to the management console. The host can be of type Generic (for example, Compute Engine, SQL Server, Oracle DB, SMB file system, etc.), vCenter, or an ESX server. See the [Backup and DR documentation on hosts](https://cloud.google.com/backup-disaster-recovery/docs/configuration/manage-hosts-and-their-applications) for more information. For example, “centos7-01”.", + "type": "string" + }, + "policies": { + "description": "The names of Backup and DR policies that are associated with a template and that define when to run a backup, how frequently to run a backup, and how long to retain the backup image. For example, “onvaults”.", + "items": { + "type": "string" + }, + "type": "array" + }, + "policyOptions": { + "description": "The names of Backup and DR advanced policy options of a policy applying to an application. See the [Backup and DR documentation on policy options](https://cloud.google.com/backup-disaster-recovery/docs/create-plan/policy-settings). For example, “skipofflineappsincongrp, nounmap”.", + "items": { + "type": "string" + }, + "type": "array" + }, + "profile": { + "description": "The name of the Backup and DR resource profile that specifies the storage media for backups of application and VM data. See the [Backup and DR documentation on profiles](https://cloud.google.com/backup-disaster-recovery/docs/concepts/backup-plan#profile). For example, “GCP”.", + "type": "string" + }, + "storagePool": { + "description": "The name of the Backup and DR storage pool that the backup and recovery appliance is storing data in. The storage pool could be of type Cloud, Primary, Snapshot, or OnVault. See the [Backup and DR documentation on storage pools](https://cloud.google.com/backup-disaster-recovery/docs/concepts/storage-pools). For example, “DiskPoolOne”.", + "type": "string" + } + }, + "type": "object" + }, "Binding": { "description": "Associates `members`, or principals, with a `role`.", "id": "Binding", @@ -1273,6 +1345,47 @@ }, "type": "object" }, + "ComplianceSnapshot": { + "description": "Result containing the properties and count of a ComplianceSnapshot request.", + "id": "ComplianceSnapshot", + "properties": { + "category": { + "description": "The category of Findings matching.", + "type": "string" + }, + "complianceStandard": { + "description": "The compliance standard (ie CIS).", + "type": "string" + }, + "complianceVersion": { + "description": "The compliance version (ie 1.3) in CIS 1.3.", + "type": "string" + }, + "count": { + "description": "Total count of findings for the given properties.", + "format": "int64", + "type": "string" + }, + "leafContainerResource": { + "description": "The leaf container resource name that is closest to the snapshot.", + "type": "string" + }, + "name": { + "description": "The compliance snapshot name. Format: //sources//complianceSnapshots/", + "type": "string" + }, + "projectDisplayName": { + "description": "The CRM resource display name that is closest to the snapshot the Findings belong to.", + "type": "string" + }, + "snapshotTime": { + "description": "The snapshot time of the snapshot.", + "format": "google-datetime", + "type": "string" + } + }, + "type": "object" + }, "Connection": { "description": "Contains information about the IP connection associated with the finding.", "id": "Connection", @@ -1715,10 +1828,18 @@ "$ref": "Access", "description": "Access details associated with the finding, such as more information on the caller, which method was accessed, and from where." }, + "application": { + "$ref": "Application", + "description": "Represents an application associated with the finding." + }, "attackExposure": { "$ref": "AttackExposure", "description": "The results of an attack path simulation relevant to this finding." }, + "backupDisasterRecovery": { + "$ref": "BackupDisasterRecovery", + "description": "Fields related to Backup and DR findings." + }, "canonicalName": { "description": "The canonical name of the finding. It's either \"organizations/{organization_id}/sources/{source_id}/findings/{finding_id}\", \"folders/{folder_id}/sources/{source_id}/findings/{finding_id}\" or \"projects/{project_number}/sources/{source_id}/findings/{finding_id}\", depending on the closest CRM ancestor of the resource associated with the finding.", "type": "string" @@ -2828,6 +2949,2077 @@ }, "type": "object" }, + "GoogleCloudSecuritycenterV2Access": { + "description": "Represents an access event.", + "id": "GoogleCloudSecuritycenterV2Access", + "properties": { + "callerIp": { + "description": "Caller's IP address, such as \"1.1.1.1\".", + "type": "string" + }, + "callerIpGeo": { + "$ref": "GoogleCloudSecuritycenterV2Geolocation", + "description": "The caller IP's geolocation, which identifies where the call came from." + }, + "methodName": { + "description": "The method that the service account called, e.g. \"SetIamPolicy\".", + "type": "string" + }, + "principalEmail": { + "description": "Associated email, such as \"foo@google.com\". The email address of the authenticated user or a service account acting on behalf of a third party principal making the request. For third party identity callers, the `principal_subject` field is populated instead of this field. For privacy reasons, the principal email address is sometimes redacted. For more information, see [Caller identities in audit logs](https://cloud.google.com/logging/docs/audit#user-id).", + "type": "string" + }, + "principalSubject": { + "description": "A string that represents the principal_subject that is associated with the identity. Unlike `principal_email`, `principal_subject` supports principals that aren't associated with email addresses, such as third party principals. For most identities, the format is `principal://iam.googleapis.com/{identity pool name}/subject/{subject}`. Some GKE identities, such as GKE_WORKLOAD, FREEFORM, and GKE_HUB_WORKLOAD, still use the legacy format `serviceAccount:{identity pool name}[{subject}]`.", + "type": "string" + }, + "serviceAccountDelegationInfo": { + "description": "The identity delegation history of an authenticated service account that made the request. The `serviceAccountDelegationInfo[]` object contains information about the real authorities that try to access Google Cloud resources by delegating on a service account. When multiple authorities are present, they are guaranteed to be sorted based on the original ordering of the identity delegation events.", + "items": { + "$ref": "GoogleCloudSecuritycenterV2ServiceAccountDelegationInfo" + }, + "type": "array" + }, + "serviceAccountKeyName": { + "description": "The name of the service account key that was used to create or exchange credentials when authenticating the service account that made the request. This is a scheme-less URI full resource name. For example: \"//iam.googleapis.com/projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}\". ", + "type": "string" + }, + "serviceName": { + "description": "This is the API service that the service account made a call to, e.g. \"iam.googleapis.com\"", + "type": "string" + }, + "userAgent": { + "description": "The caller's user agent string associated with the finding.", + "type": "string" + }, + "userAgentFamily": { + "description": "Type of user agent associated with the finding. For example, an operating system shell or an embedded or standalone application.", + "type": "string" + }, + "userName": { + "description": "A string that represents a username. The username provided depends on the type of the finding and is likely not an IAM principal. For example, this can be a system username if the finding is related to a virtual machine, or it can be an application login username.", + "type": "string" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2AccessReview": { + "description": "Conveys information about a Kubernetes access review (such as one returned by a [`kubectl auth can-i`](https://kubernetes.io/docs/reference/access-authn-authz/authorization/#checking-api-access) command) that was involved in a finding.", + "id": "GoogleCloudSecuritycenterV2AccessReview", + "properties": { + "group": { + "description": "The API group of the resource. \"*\" means all.", + "type": "string" + }, + "name": { + "description": "The name of the resource being requested. Empty means all.", + "type": "string" + }, + "ns": { + "description": "Namespace of the action being requested. Currently, there is no distinction between no namespace and all namespaces. Both are represented by \"\" (empty).", + "type": "string" + }, + "resource": { + "description": "The optional resource type requested. \"*\" means all.", + "type": "string" + }, + "subresource": { + "description": "The optional subresource type.", + "type": "string" + }, + "verb": { + "description": "A Kubernetes resource API verb, like get, list, watch, create, update, delete, proxy. \"*\" means all.", + "type": "string" + }, + "version": { + "description": "The API version of the resource. \"*\" means all.", + "type": "string" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2Application": { + "description": "Represents an application associated with a finding.", + "id": "GoogleCloudSecuritycenterV2Application", + "properties": { + "baseUri": { + "description": "The base URI that identifies the network location of the application in which the vulnerability was detected. Examples: http://11.22.33.44, http://foo.com, http://11.22.33.44:8080", + "type": "string" + }, + "fullUri": { + "description": "The full URI with payload that could be used to reproduce the vulnerability. Example: http://11.22.33.44/reflected/parameter/attribute/singlequoted/js?p=aMmYgI6H", + "type": "string" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2AttackExposure": { + "description": "An attack exposure contains the results of an attack path simulation run.", + "id": "GoogleCloudSecuritycenterV2AttackExposure", + "properties": { + "attackExposureResult": { + "description": "The resource name of the attack path simulation result that contains the details regarding this attack exposure score. Example: organizations/123/attackExposureResults/456", + "type": "string" + }, + "exposedHighValueResourcesCount": { + "description": "The number of high value resources that are exposed as a result of this finding.", + "format": "int32", + "type": "integer" + }, + "exposedLowValueResourcesCount": { + "description": "The number of high value resources that are exposed as a result of this finding.", + "format": "int32", + "type": "integer" + }, + "exposedMediumValueResourcesCount": { + "description": "The number of medium value resources that are exposed as a result of this finding.", + "format": "int32", + "type": "integer" + }, + "latestCalculationTime": { + "description": "The most recent time the attack exposure was updated on this finding.", + "format": "google-datetime", + "type": "string" + }, + "score": { + "description": "A number between 0 (inclusive) and infinity that represents how important this finding is to remediate. The higher the score, the more important it is to remediate.", + "format": "double", + "type": "number" + }, + "state": { + "description": "Output only. What state this AttackExposure is in. This captures whether or not an attack exposure has been calculated or not.", + "enum": [ + "STATE_UNSPECIFIED", + "CALCULATED", + "NOT_CALCULATED" + ], + "enumDescriptions": [ + "The state is not specified.", + "The attack exposure has been calculated.", + "The attack exposure has not been calculated." + ], + "readOnly": true, + "type": "string" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2BackupDisasterRecovery": { + "description": "Information related to Google Cloud Backup and DR Service findings.", + "id": "GoogleCloudSecuritycenterV2BackupDisasterRecovery", + "properties": { + "appliance": { + "description": "The name of the Backup and DR appliance that captures, moves, and manages the lifecycle of backup data. For example, “backup-server-57137”.", + "type": "string" + }, + "applications": { + "description": "The names of Backup and DR applications. An application is a VM, database, or file system on a managed host monitored by a backup and recovery appliance. For example, “centos7-01-vol00”, “centos7-01-vol01”, “centos7-01-vol02”.", + "items": { + "type": "string" + }, + "type": "array" + }, + "backupCreateTime": { + "description": "The timestamp at which the Backup and DR backup was created.", + "format": "google-datetime", + "type": "string" + }, + "backupTemplate": { + "description": "The name of a Backup and DR template which comprises one or more backup policies. See the [Backup and DR documentation](https://cloud.google.com/backup-disaster-recovery/docs/concepts/backup-plan#temp) for more information. For example, “snap-ov”.", + "type": "string" + }, + "backupType": { + "description": "The backup type of the Backup and DR image. For example, “Snapshot”, “Remote Snapshot”, “OnVault”.", + "type": "string" + }, + "host": { + "description": "The name of a Backup and DR host, which is managed by the backup and recovery appliance and known to the management console. The host can be of type Generic (for example, Compute Engine, SQL Server, Oracle DB, SMB file system, etc.), vCenter, or an ESX server. See the [Backup and DR documentation on hosts](https://cloud.google.com/backup-disaster-recovery/docs/configuration/manage-hosts-and-their-applications) for more information. For example, “centos7-01”.", + "type": "string" + }, + "policies": { + "description": "The names of Backup and DR policies that are associated with a template and that define when to run a backup, how frequently to run a backup, and how long to retain the backup image. For example, “onvaults”.", + "items": { + "type": "string" + }, + "type": "array" + }, + "policyOptions": { + "description": "The names of Backup and DR advanced policy options of a policy applying to an application. See the [Backup and DR documentation on policy options](https://cloud.google.com/backup-disaster-recovery/docs/create-plan/policy-settings). For example, “skipofflineappsincongrp, nounmap”.", + "items": { + "type": "string" + }, + "type": "array" + }, + "profile": { + "description": "The name of the Backup and DR resource profile that specifies the storage media for backups of application and VM data. See the [Backup and DR documentation on profiles](https://cloud.google.com/backup-disaster-recovery/docs/concepts/backup-plan#profile). For example, “GCP”.", + "type": "string" + }, + "storagePool": { + "description": "The name of the Backup and DR storage pool that the backup and recovery appliance is storing data in. The storage pool could be of type Cloud, Primary, Snapshot, or OnVault. See the [Backup and DR documentation on storage pools](https://cloud.google.com/backup-disaster-recovery/docs/concepts/storage-pools). For example, “DiskPoolOne”.", + "type": "string" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2BigQueryExport": { + "description": "Configures how to deliver Findings to BigQuery Instance.", + "id": "GoogleCloudSecuritycenterV2BigQueryExport", + "properties": { + "createTime": { + "description": "Output only. The time at which the BigQuery export was created. This field is set by the server and will be ignored if provided on export on creation.", + "format": "google-datetime", + "readOnly": true, + "type": "string" + }, + "dataset": { + "description": "The dataset to write findings' updates to. Its format is \"projects/[project_id]/datasets/[bigquery_dataset_id]\". BigQuery Dataset unique ID must contain only letters (a-z, A-Z), numbers (0-9), or underscores (_).", + "type": "string" + }, + "description": { + "description": "The description of the export (max of 1024 characters).", + "type": "string" + }, + "filter": { + "description": "Expression that defines the filter to apply across create/update events of findings. The expression is a list of zero or more restrictions combined via logical operators `AND` and `OR`. Parentheses are supported, and `OR` has higher precedence than `AND`. Restrictions have the form ` ` and may have a `-` character in front of them to indicate negation. The fields map to those defined in the corresponding resource. The supported operators are: * `=` for all value types. * `\u003e`, `\u003c`, `\u003e=`, `\u003c=` for integer values. * `:`, meaning substring matching, for strings. The supported value types are: * string literals in quotes. * integer literals without quotes. * boolean literals `true` and `false` without quotes.", + "type": "string" + }, + "mostRecentEditor": { + "description": "Output only. Email address of the user who last edited the BigQuery export. This field is set by the server and will be ignored if provided on export creation or update.", + "readOnly": true, + "type": "string" + }, + "name": { + "description": "The relative resource name of this export. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name. The following list shows some examples: + `organizations/{organization_id}/locations/{location_id}/bigQueryExports/{export_id}` + `folders/{folder_id}/locations/{location_id}/bigQueryExports/{export_id}` + `projects/{project_id}/locations/{location_id}/bigQueryExports/{export_id}` This field is provided in responses, and is ignored when provided in create requests.", + "type": "string" + }, + "principal": { + "description": "Output only. The service account that needs permission to create table and upload data to the BigQuery dataset.", + "readOnly": true, + "type": "string" + }, + "updateTime": { + "description": "Output only. The most recent time at which the BigQuery export was updated. This field is set by the server and will be ignored if provided on export creation or update.", + "format": "google-datetime", + "readOnly": true, + "type": "string" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2Binding": { + "description": "Represents a Kubernetes RoleBinding or ClusterRoleBinding.", + "id": "GoogleCloudSecuritycenterV2Binding", + "properties": { + "name": { + "description": "Name for the binding.", + "type": "string" + }, + "ns": { + "description": "Namespace for the binding.", + "type": "string" + }, + "role": { + "$ref": "GoogleCloudSecuritycenterV2Role", + "description": "The Role or ClusterRole referenced by the binding." + }, + "subjects": { + "description": "Represents one or more subjects that are bound to the role. Not always available for PATCH requests.", + "items": { + "$ref": "GoogleCloudSecuritycenterV2Subject" + }, + "type": "array" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2BulkMuteFindingsResponse": { + "description": "The response to a BulkMute request. Contains the LRO information.", + "id": "GoogleCloudSecuritycenterV2BulkMuteFindingsResponse", + "properties": {}, + "type": "object" + }, + "GoogleCloudSecuritycenterV2CloudDlpDataProfile": { + "description": "The [data profile](https://cloud.google.com/dlp/docs/data-profiles) associated with the finding.", + "id": "GoogleCloudSecuritycenterV2CloudDlpDataProfile", + "properties": { + "dataProfile": { + "description": "Name of the data profile, for example, `projects/123/locations/europe/tableProfiles/8383929`.", + "type": "string" + }, + "parentType": { + "description": "The resource hierarchy level at which the data profile was generated.", + "enum": [ + "PARENT_TYPE_UNSPECIFIED", + "ORGANIZATION", + "PROJECT" + ], + "enumDescriptions": [ + "Unspecified parent type.", + "Organization-level configurations.", + "Project-level configurations." + ], + "type": "string" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2CloudDlpInspection": { + "description": "Details about the Cloud Data Loss Prevention (Cloud DLP) [inspection job](https://cloud.google.com/dlp/docs/concepts-job-triggers) that produced the finding.", + "id": "GoogleCloudSecuritycenterV2CloudDlpInspection", + "properties": { + "fullScan": { + "description": "Whether Cloud DLP scanned the complete resource or a sampled subset.", + "type": "boolean" + }, + "infoType": { + "description": "The type of information (or *[infoType](https://cloud.google.com/dlp/docs/infotypes-reference)*) found, for example, `EMAIL_ADDRESS` or `STREET_ADDRESS`.", + "type": "string" + }, + "infoTypeCount": { + "description": "The number of times Cloud DLP found this infoType within this job and resource.", + "format": "int64", + "type": "string" + }, + "inspectJob": { + "description": "Name of the inspection job, for example, `projects/123/locations/europe/dlpJobs/i-8383929`.", + "type": "string" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2CloudLoggingEntry": { + "description": "Metadata taken from a [Cloud Logging LogEntry](https://cloud.google.com/logging/docs/reference/v2/rest/v2/LogEntry)", + "id": "GoogleCloudSecuritycenterV2CloudLoggingEntry", + "properties": { + "insertId": { + "description": "A unique identifier for the log entry.", + "type": "string" + }, + "logId": { + "description": "The type of the log (part of `log_name`. `log_name` is the resource name of the log to which this log entry belongs). For example: `cloudresourcemanager.googleapis.com/activity` Note that this field is not URL-encoded, unlike in `LogEntry`.", + "type": "string" + }, + "resourceContainer": { + "description": "The organization, folder, or project of the monitored resource that produced this log entry.", + "type": "string" + }, + "timestamp": { + "description": "The time the event described by the log entry occurred.", + "format": "google-datetime", + "type": "string" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2Compliance": { + "description": "Contains compliance information about a security standard indicating unmet recommendations.", + "id": "GoogleCloudSecuritycenterV2Compliance", + "properties": { + "ids": { + "description": "Policies within the standard or benchmark, for example, A.12.4.1", + "items": { + "type": "string" + }, + "type": "array" + }, + "standard": { + "description": "Industry-wide compliance standards or benchmarks, such as CIS, PCI, and OWASP.", + "type": "string" + }, + "version": { + "description": "Version of the standard or benchmark, for example, 1.1", + "type": "string" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2Connection": { + "description": "Contains information about the IP connection associated with the finding.", + "id": "GoogleCloudSecuritycenterV2Connection", + "properties": { + "destinationIp": { + "description": "Destination IP address. Not present for sockets that are listening and not connected.", + "type": "string" + }, + "destinationPort": { + "description": "Destination port. Not present for sockets that are listening and not connected.", + "format": "int32", + "type": "integer" + }, + "protocol": { + "description": "IANA Internet Protocol Number such as TCP(6) and UDP(17).", + "enum": [ + "PROTOCOL_UNSPECIFIED", + "ICMP", + "TCP", + "UDP", + "GRE", + "ESP" + ], + "enumDescriptions": [ + "Unspecified protocol (not HOPOPT).", + "Internet Control Message Protocol.", + "Transmission Control Protocol.", + "User Datagram Protocol.", + "Generic Routing Encapsulation.", + "Encap Security Payload." + ], + "type": "string" + }, + "sourceIp": { + "description": "Source IP address.", + "type": "string" + }, + "sourcePort": { + "description": "Source port.", + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2Contact": { + "description": "The email address of a contact.", + "id": "GoogleCloudSecuritycenterV2Contact", + "properties": { + "email": { + "description": "An email address. For example, \"`person123@company.com`\".", + "type": "string" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2ContactDetails": { + "description": "Details about specific contacts", + "id": "GoogleCloudSecuritycenterV2ContactDetails", + "properties": { + "contacts": { + "description": "A list of contacts", + "items": { + "$ref": "GoogleCloudSecuritycenterV2Contact" + }, + "type": "array" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2Container": { + "description": "Container associated with the finding.", + "id": "GoogleCloudSecuritycenterV2Container", + "properties": { + "createTime": { + "description": "The time that the container was created.", + "format": "google-datetime", + "type": "string" + }, + "imageId": { + "description": "Optional container image ID, if provided by the container runtime. Uniquely identifies the container image launched using a container image digest.", + "type": "string" + }, + "labels": { + "description": "Container labels, as provided by the container runtime.", + "items": { + "$ref": "GoogleCloudSecuritycenterV2Label" + }, + "type": "array" + }, + "name": { + "description": "Name of the container.", + "type": "string" + }, + "uri": { + "description": "Container image URI provided when configuring a pod or container. This string can identify a container image version using mutable tags.", + "type": "string" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2Cve": { + "description": "CVE stands for Common Vulnerabilities and Exposures. More information: https://cve.mitre.org", + "id": "GoogleCloudSecuritycenterV2Cve", + "properties": { + "cvssv3": { + "$ref": "GoogleCloudSecuritycenterV2Cvssv3", + "description": "Describe Common Vulnerability Scoring System specified at https://www.first.org/cvss/v3.1/specification-document" + }, + "id": { + "description": "The unique identifier for the vulnerability. e.g. CVE-2021-34527", + "type": "string" + }, + "references": { + "description": "Additional information about the CVE. e.g. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34527", + "items": { + "$ref": "GoogleCloudSecuritycenterV2Reference" + }, + "type": "array" + }, + "upstreamFixAvailable": { + "description": "Whether upstream fix is available for the CVE.", + "type": "boolean" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2Cvssv3": { + "description": "Common Vulnerability Scoring System version 3.", + "id": "GoogleCloudSecuritycenterV2Cvssv3", + "properties": { + "attackComplexity": { + "description": "This metric describes the conditions beyond the attacker's control that must exist in order to exploit the vulnerability.", + "enum": [ + "ATTACK_COMPLEXITY_UNSPECIFIED", + "ATTACK_COMPLEXITY_LOW", + "ATTACK_COMPLEXITY_HIGH" + ], + "enumDescriptions": [ + "Invalid value.", + "Specialized access conditions or extenuating circumstances do not exist. An attacker can expect repeatable success when attacking the vulnerable component.", + "A successful attack depends on conditions beyond the attacker's control. That is, a successful attack cannot be accomplished at will, but requires the attacker to invest in some measurable amount of effort in preparation or execution against the vulnerable component before a successful attack can be expected." + ], + "type": "string" + }, + "attackVector": { + "description": "Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments. This metric reflects the context by which vulnerability exploitation is possible.", + "enum": [ + "ATTACK_VECTOR_UNSPECIFIED", + "ATTACK_VECTOR_NETWORK", + "ATTACK_VECTOR_ADJACENT", + "ATTACK_VECTOR_LOCAL", + "ATTACK_VECTOR_PHYSICAL" + ], + "enumDescriptions": [ + "Invalid value.", + "The vulnerable component is bound to the network stack and the set of possible attackers extends beyond the other options listed below, up to and including the entire Internet.", + "The vulnerable component is bound to the network stack, but the attack is limited at the protocol level to a logically adjacent topology.", + "The vulnerable component is not bound to the network stack and the attacker's path is via read/write/execute capabilities.", + "The attack requires the attacker to physically touch or manipulate the vulnerable component." + ], + "type": "string" + }, + "availabilityImpact": { + "description": "This metric measures the impact to the availability of the impacted component resulting from a successfully exploited vulnerability.", + "enum": [ + "IMPACT_UNSPECIFIED", + "IMPACT_HIGH", + "IMPACT_LOW", + "IMPACT_NONE" + ], + "enumDescriptions": [ + "Invalid value.", + "High impact.", + "Low impact.", + "No impact." + ], + "type": "string" + }, + "baseScore": { + "description": "The base score is a function of the base metric scores.", + "format": "double", + "type": "number" + }, + "confidentialityImpact": { + "description": "This metric measures the impact to the confidentiality of the information resources managed by a software component due to a successfully exploited vulnerability.", + "enum": [ + "IMPACT_UNSPECIFIED", + "IMPACT_HIGH", + "IMPACT_LOW", + "IMPACT_NONE" + ], + "enumDescriptions": [ + "Invalid value.", + "High impact.", + "Low impact.", + "No impact." + ], + "type": "string" + }, + "integrityImpact": { + "description": "This metric measures the impact to integrity of a successfully exploited vulnerability.", + "enum": [ + "IMPACT_UNSPECIFIED", + "IMPACT_HIGH", + "IMPACT_LOW", + "IMPACT_NONE" + ], + "enumDescriptions": [ + "Invalid value.", + "High impact.", + "Low impact.", + "No impact." + ], + "type": "string" + }, + "privilegesRequired": { + "description": "This metric describes the level of privileges an attacker must possess before successfully exploiting the vulnerability.", + "enum": [ + "PRIVILEGES_REQUIRED_UNSPECIFIED", + "PRIVILEGES_REQUIRED_NONE", + "PRIVILEGES_REQUIRED_LOW", + "PRIVILEGES_REQUIRED_HIGH" + ], + "enumDescriptions": [ + "Invalid value.", + "The attacker is unauthorized prior to attack, and therefore does not require any access to settings or files of the vulnerable system to carry out an attack.", + "The attacker requires privileges that provide basic user capabilities that could normally affect only settings and files owned by a user. Alternatively, an attacker with Low privileges has the ability to access only non-sensitive resources.", + "The attacker requires privileges that provide significant (e.g., administrative) control over the vulnerable component allowing access to component-wide settings and files." + ], + "type": "string" + }, + "scope": { + "description": "The Scope metric captures whether a vulnerability in one vulnerable component impacts resources in components beyond its security scope.", + "enum": [ + "SCOPE_UNSPECIFIED", + "SCOPE_UNCHANGED", + "SCOPE_CHANGED" + ], + "enumDescriptions": [ + "Invalid value.", + "An exploited vulnerability can only affect resources managed by the same security authority.", + "An exploited vulnerability can affect resources beyond the security scope managed by the security authority of the vulnerable component." + ], + "type": "string" + }, + "userInteraction": { + "description": "This metric captures the requirement for a human user, other than the attacker, to participate in the successful compromise of the vulnerable component.", + "enum": [ + "USER_INTERACTION_UNSPECIFIED", + "USER_INTERACTION_NONE", + "USER_INTERACTION_REQUIRED" + ], + "enumDescriptions": [ + "Invalid value.", + "The vulnerable system can be exploited without interaction from any user.", + "Successful exploitation of this vulnerability requires a user to take some action before the vulnerability can be exploited." + ], + "type": "string" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2Database": { + "description": "Represents database access information, such as queries. A database may be a sub-resource of an instance (as in the case of Cloud SQL instances or Cloud Spanner instances), or the database instance itself. Some database resources might not have the [full resource name](https://google.aip.dev/122#full-resource-names) populated because these resource types, such as Cloud SQL databases, are not yet supported by Cloud Asset Inventory. In these cases only the display name is provided.", + "id": "GoogleCloudSecuritycenterV2Database", + "properties": { + "displayName": { + "description": "The human-readable name of the database that the user connected to.", + "type": "string" + }, + "grantees": { + "description": "The target usernames, roles, or groups of an SQL privilege grant, which is not an IAM policy change.", + "items": { + "type": "string" + }, + "type": "array" + }, + "name": { + "description": "Some database resources may not have the [full resource name](https://google.aip.dev/122#full-resource-names) populated because these resource types are not yet supported by Cloud Asset Inventory (e.g. Cloud SQL databases). In these cases only the display name will be provided. The [full resource name](https://google.aip.dev/122#full-resource-names) of the database that the user connected to, if it is supported by Cloud Asset Inventory.", + "type": "string" + }, + "query": { + "description": "The SQL statement that is associated with the database access.", + "type": "string" + }, + "userName": { + "description": "The username used to connect to the database. The username might not be an IAM principal and does not have a set format.", + "type": "string" + }, + "version": { + "description": "The version of the database, for example, POSTGRES_14. See [the complete list](https://cloud.google.com/sql/docs/mysql/admin-api/rest/v1/SqlDatabaseVersion).", + "type": "string" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2Detection": { + "description": "Memory hash detection contributing to the binary family match.", + "id": "GoogleCloudSecuritycenterV2Detection", + "properties": { + "binary": { + "description": "The name of the binary associated with the memory hash signature detection.", + "type": "string" + }, + "percentPagesMatched": { + "description": "The percentage of memory page hashes in the signature that were matched.", + "format": "double", + "type": "number" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2EnvironmentVariable": { + "description": "A name-value pair representing an environment variable used in an operating system process.", + "id": "GoogleCloudSecuritycenterV2EnvironmentVariable", + "properties": { + "name": { + "description": "Environment variable name as a JSON encoded string.", + "type": "string" + }, + "val": { + "description": "Environment variable value as a JSON encoded string.", + "type": "string" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2ExfilResource": { + "description": "Resource where data was exfiltrated from or exfiltrated to.", + "id": "GoogleCloudSecuritycenterV2ExfilResource", + "properties": { + "components": { + "description": "Subcomponents of the asset that was exfiltrated, like URIs used during exfiltration, table names, databases, and filenames. For example, multiple tables might have been exfiltrated from the same Cloud SQL instance, or multiple files might have been exfiltrated from the same Cloud Storage bucket.", + "items": { + "type": "string" + }, + "type": "array" + }, + "name": { + "description": "The resource's [full resource name](https://cloud.google.com/apis/design/resource_names#full_resource_name).", + "type": "string" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2Exfiltration": { + "description": "Exfiltration represents a data exfiltration attempt from one or more sources to one or more targets. The `sources` attribute lists the sources of the exfiltrated data. The `targets` attribute lists the destinations the data was copied to.", + "id": "GoogleCloudSecuritycenterV2Exfiltration", + "properties": { + "sources": { + "description": "If there are multiple sources, then the data is considered \"joined\" between them. For instance, BigQuery can join multiple tables, and each table would be considered a source.", + "items": { + "$ref": "GoogleCloudSecuritycenterV2ExfilResource" + }, + "type": "array" + }, + "targets": { + "description": "If there are multiple targets, each target would get a complete copy of the \"joined\" source data.", + "items": { + "$ref": "GoogleCloudSecuritycenterV2ExfilResource" + }, + "type": "array" + }, + "totalExfiltratedBytes": { + "description": "Total exfiltrated bytes processed for the entire job.", + "format": "int64", + "type": "string" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2ExternalSystem": { + "description": "Representation of third party SIEM/SOAR fields within SCC.", + "id": "GoogleCloudSecuritycenterV2ExternalSystem", + "properties": { + "assignees": { + "description": "References primary/secondary etc assignees in the external system.", + "items": { + "type": "string" + }, + "type": "array" + }, + "externalSystemUpdateTime": { + "description": "The time when the case was last updated, as reported by the external system.", + "format": "google-datetime", + "type": "string" + }, + "externalUid": { + "description": "The identifier that's used to track the finding's corresponding case in the external system.", + "type": "string" + }, + "name": { + "description": "Full resource name of the external system. The following list shows some examples: + `organizations/1234/sources/5678/findings/123456/externalSystems/jira` + `organizations/1234/sources/5678/locations/us/findings/123456/externalSystems/jira` + `folders/1234/sources/5678/findings/123456/externalSystems/jira` + `folders/1234/sources/5678/locations/us/findings/123456/externalSystems/jira` + `projects/1234/sources/5678/findings/123456/externalSystems/jira` + `projects/1234/sources/5678/locations/us/findings/123456/externalSystems/jira`", + "type": "string" + }, + "status": { + "description": "The most recent status of the finding's corresponding case, as reported by the external system.", + "type": "string" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2File": { + "description": "File information about the related binary/library used by an executable, or the script used by a script interpreter", + "id": "GoogleCloudSecuritycenterV2File", + "properties": { + "contents": { + "description": "Prefix of the file contents as a JSON-encoded string.", + "type": "string" + }, + "hashedSize": { + "description": "The length in bytes of the file prefix that was hashed. If hashed_size == size, any hashes reported represent the entire file.", + "format": "int64", + "type": "string" + }, + "partiallyHashed": { + "description": "True when the hash covers only a prefix of the file.", + "type": "boolean" + }, + "path": { + "description": "Absolute path of the file as a JSON encoded string.", + "type": "string" + }, + "sha256": { + "description": "SHA256 hash of the first hashed_size bytes of the file encoded as a hex string. If hashed_size == size, sha256 represents the SHA256 hash of the entire file.", + "type": "string" + }, + "size": { + "description": "Size of the file in bytes.", + "format": "int64", + "type": "string" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2Finding": { + "description": "Security Command Center finding. A finding is a record of assessment data like security, risk, health, or privacy, that is ingested into Security Command Center for presentation, notification, analysis, policy testing, and enforcement. For example, a cross-site scripting (XSS) vulnerability in an App Engine application is a finding.", + "id": "GoogleCloudSecuritycenterV2Finding", + "properties": { + "access": { + "$ref": "GoogleCloudSecuritycenterV2Access", + "description": "Access details associated with the finding, such as more information on the caller, which method was accessed, and from where." + }, + "application": { + "$ref": "GoogleCloudSecuritycenterV2Application", + "description": "Represents an application associated with the finding." + }, + "attackExposure": { + "$ref": "GoogleCloudSecuritycenterV2AttackExposure", + "description": "The results of an attack path simulation relevant to this finding." + }, + "backupDisasterRecovery": { + "$ref": "GoogleCloudSecuritycenterV2BackupDisasterRecovery", + "description": "Fields related to Backup and DR findings." + }, + "canonicalName": { + "description": "Output only. The canonical name of the finding. The following list shows some examples: + `organizations/{organization_id}/sources/{source_id}/findings/{finding_id}` + `organizations/{organization_id}/sources/{source_id}/locations/{location_id}/findings/{finding_id}` + `folders/{folder_id}/sources/{source_id}/findings/{finding_id}` + `folders/{folder_id}/sources/{source_id}/locations/{location_id}/findings/{finding_id}` + `projects/{project_id}/sources/{source_id}/findings/{finding_id}` + `projects/{project_id}/sources/{source_id}/locations/{location_id}/findings/{finding_id}` The prefix is the closest CRM ancestor of the resource associated with the finding.", + "readOnly": true, + "type": "string" + }, + "category": { + "description": "Immutable. The additional taxonomy group within findings from a given source. Example: \"XSS_FLASH_INJECTION\"", + "type": "string" + }, + "cloudDlpDataProfile": { + "$ref": "GoogleCloudSecuritycenterV2CloudDlpDataProfile", + "description": "Cloud DLP data profile that is associated with the finding." + }, + "cloudDlpInspection": { + "$ref": "GoogleCloudSecuritycenterV2CloudDlpInspection", + "description": "Cloud Data Loss Prevention (Cloud DLP) inspection results that are associated with the finding." + }, + "compliances": { + "description": "Contains compliance information for security standards associated to the finding.", + "items": { + "$ref": "GoogleCloudSecuritycenterV2Compliance" + }, + "type": "array" + }, + "connections": { + "description": "Contains information about the IP connection associated with the finding.", + "items": { + "$ref": "GoogleCloudSecuritycenterV2Connection" + }, + "type": "array" + }, + "contacts": { + "additionalProperties": { + "$ref": "GoogleCloudSecuritycenterV2ContactDetails" + }, + "description": "Output only. Map containing the points of contact for the given finding. The key represents the type of contact, while the value contains a list of all the contacts that pertain. Please refer to: https://cloud.google.com/resource-manager/docs/managing-notification-contacts#notification-categories { \"security\": { \"contacts\": [ { \"email\": \"person1@company.com\" }, { \"email\": \"person2@company.com\" } ] } }", + "readOnly": true, + "type": "object" + }, + "containers": { + "description": "Containers associated with the finding. This field provides information for both Kubernetes and non-Kubernetes containers.", + "items": { + "$ref": "GoogleCloudSecuritycenterV2Container" + }, + "type": "array" + }, + "createTime": { + "description": "Output only. The time at which the finding was created in Security Command Center.", + "format": "google-datetime", + "readOnly": true, + "type": "string" + }, + "database": { + "$ref": "GoogleCloudSecuritycenterV2Database", + "description": "Database associated with the finding." + }, + "description": { + "description": "Contains more details about the finding.", + "type": "string" + }, + "eventTime": { + "description": "The time the finding was first detected. If an existing finding is updated, then this is the time the update occurred. For example, if the finding represents an open firewall, this property captures the time the detector believes the firewall became open. The accuracy is determined by the detector. If the finding is later resolved, then this time reflects when the finding was resolved. This must not be set to a value greater than the current timestamp.", + "format": "google-datetime", + "type": "string" + }, + "exfiltration": { + "$ref": "GoogleCloudSecuritycenterV2Exfiltration", + "description": "Represents exfiltrations associated with the finding." + }, + "externalSystems": { + "additionalProperties": { + "$ref": "GoogleCloudSecuritycenterV2ExternalSystem" + }, + "description": "Output only. Third party SIEM/SOAR fields within SCC, contains external system information and external system finding fields.", + "readOnly": true, + "type": "object" + }, + "externalUri": { + "description": "The URI that, if available, points to a web page outside of Security Command Center where additional information about the finding can be found. This field is guaranteed to be either empty or a well formed URL.", + "type": "string" + }, + "files": { + "description": "File associated with the finding.", + "items": { + "$ref": "GoogleCloudSecuritycenterV2File" + }, + "type": "array" + }, + "findingClass": { + "description": "The class of the finding.", + "enum": [ + "FINDING_CLASS_UNSPECIFIED", + "THREAT", + "VULNERABILITY", + "MISCONFIGURATION", + "OBSERVATION", + "SCC_ERROR", + "POSTURE_VIOLATION" + ], + "enumDescriptions": [ + "Unspecified finding class.", + "Describes unwanted or malicious activity.", + "Describes a potential weakness in software that increases risk to Confidentiality \u0026 Integrity \u0026 Availability.", + "Describes a potential weakness in cloud resource/asset configuration that increases risk.", + "Describes a security observation that is for informational purposes.", + "Describes an error that prevents some SCC functionality.", + "Describes a potential security risk due to a change in the security posture." + ], + "type": "string" + }, + "iamBindings": { + "description": "Represents IAM bindings associated with the finding.", + "items": { + "$ref": "GoogleCloudSecuritycenterV2IamBinding" + }, + "type": "array" + }, + "indicator": { + "$ref": "GoogleCloudSecuritycenterV2Indicator", + "description": "Represents what's commonly known as an *indicator of compromise* (IoC) in computer forensics. This is an artifact observed on a network or in an operating system that, with high confidence, indicates a computer intrusion. For more information, see [Indicator of compromise](https://en.wikipedia.org/wiki/Indicator_of_compromise)." + }, + "kernelRootkit": { + "$ref": "GoogleCloudSecuritycenterV2KernelRootkit", + "description": "Signature of the kernel rootkit." + }, + "kubernetes": { + "$ref": "GoogleCloudSecuritycenterV2Kubernetes", + "description": "Kubernetes resources associated with the finding." + }, + "loadBalancers": { + "description": "The load balancers associated with the finding.", + "items": { + "$ref": "GoogleCloudSecuritycenterV2LoadBalancer" + }, + "type": "array" + }, + "logEntries": { + "description": "Log entries that are relevant to the finding.", + "items": { + "$ref": "GoogleCloudSecuritycenterV2LogEntry" + }, + "type": "array" + }, + "mitreAttack": { + "$ref": "GoogleCloudSecuritycenterV2MitreAttack", + "description": "MITRE ATT\u0026CK tactics and techniques related to this finding. See: https://attack.mitre.org" + }, + "moduleName": { + "description": "Unique identifier of the module which generated the finding. Example: folders/598186756061/securityHealthAnalyticsSettings/customModules/56799441161885", + "type": "string" + }, + "mute": { + "description": "Indicates the mute state of a finding (either muted, unmuted or undefined). Unlike other attributes of a finding, a finding provider shouldn't set the value of mute.", + "enum": [ + "MUTE_UNSPECIFIED", + "MUTED", + "UNMUTED", + "UNDEFINED" + ], + "enumDescriptions": [ + "Unspecified.", + "Finding has been muted.", + "Finding has been unmuted.", + "Finding has never been muted/unmuted." + ], + "type": "string" + }, + "muteInitiator": { + "description": "Records additional information about the mute operation, for example, the [mute configuration](https://cloud.google.com/security-command-center/docs/how-to-mute-findings) that muted the finding and the user who muted the finding.", + "type": "string" + }, + "muteUpdateTime": { + "description": "Output only. The most recent time this finding was muted or unmuted.", + "format": "google-datetime", + "readOnly": true, + "type": "string" + }, + "name": { + "description": "The [relative resource name](https://cloud.google.com/apis/design/resource_names#relative_resource_name) of the finding. The following list shows some examples: + `organizations/{organization_id}/sources/{source_id}/findings/{finding_id}` + `organizations/{organization_id}/sources/{source_id}/locations/{location_id}/findings/{finding_id}` + `folders/{folder_id}/sources/{source_id}/findings/{finding_id}` + `folders/{folder_id}/sources/{source_id}/locations/{location_id}/findings/{finding_id}` + `projects/{project_id}/sources/{source_id}/findings/{finding_id}` + `projects/{project_id}/sources/{source_id}/locations/{location_id}/findings/{finding_id}`", + "type": "string" + }, + "nextSteps": { + "description": "Steps to address the finding.", + "type": "string" + }, + "orgPolicies": { + "description": "Contains information about the org policies associated with the finding.", + "items": { + "$ref": "GoogleCloudSecuritycenterV2OrgPolicy" + }, + "type": "array" + }, + "parent": { + "description": "The relative resource name of the source and location the finding belongs to. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name This field is immutable after creation time. The following list shows some examples: + `organizations/{organization_id}/sources/{source_id}` + `folders/{folders_id}/sources/{source_id}` + `projects/{projects_id}/sources/{source_id}` + `organizations/{organization_id}/sources/{source_id}/locations/{location_id}` + `folders/{folders_id}/sources/{source_id}/locations/{location_id}` + `projects/{projects_id}/sources/{source_id}/locations/{location_id}`", + "type": "string" + }, + "parentDisplayName": { + "description": "Output only. The human readable display name of the finding source such as \"Event Threat Detection\" or \"Security Health Analytics\".", + "readOnly": true, + "type": "string" + }, + "processes": { + "description": "Represents operating system processes associated with the Finding.", + "items": { + "$ref": "GoogleCloudSecuritycenterV2Process" + }, + "type": "array" + }, + "resourceName": { + "description": "Immutable. For findings on Google Cloud resources, the full resource name of the Google Cloud resource this finding is for. See: https://cloud.google.com/apis/design/resource_names#full_resource_name When the finding is for a non-Google Cloud resource, the resourceName can be a customer or partner defined string.", + "type": "string" + }, + "securityMarks": { + "$ref": "GoogleCloudSecuritycenterV2SecurityMarks", + "description": "Output only. User specified security marks. These marks are entirely managed by the user and come from the SecurityMarks resource that belongs to the finding.", + "readOnly": true + }, + "securityPosture": { + "$ref": "GoogleCloudSecuritycenterV2SecurityPosture", + "description": "The security posture associated with the finding." + }, + "severity": { + "description": "The severity of the finding. This field is managed by the source that writes the finding.", + "enum": [ + "SEVERITY_UNSPECIFIED", + "CRITICAL", + "HIGH", + "MEDIUM", + "LOW" + ], + "enumDescriptions": [ + "This value is used for findings when a source doesn't write a severity value.", + "Vulnerability: A critical vulnerability is easily discoverable by an external actor, exploitable, and results in the direct ability to execute arbitrary code, exfiltrate data, and otherwise gain additional access and privileges to cloud resources and workloads. Examples include publicly accessible unprotected user data and public SSH access with weak or no passwords. Threat: Indicates a threat that is able to access, modify, or delete data or execute unauthorized code within existing resources.", + "Vulnerability: A high risk vulnerability can be easily discovered and exploited in combination with other vulnerabilities in order to gain direct access and the ability to execute arbitrary code, exfiltrate data, and otherwise gain additional access and privileges to cloud resources and workloads. An example is a database with weak or no passwords that is only accessible internally. This database could easily be compromised by an actor that had access to the internal network. Threat: Indicates a threat that is able to create new computational resources in an environment but not able to access data or execute code in existing resources.", + "Vulnerability: A medium risk vulnerability could be used by an actor to gain access to resources or privileges that enable them to eventually (through multiple steps or a complex exploit) gain access and the ability to execute arbitrary code or exfiltrate data. An example is a service account with access to more projects than it should have. If an actor gains access to the service account, they could potentially use that access to manipulate a project the service account was not intended to. Threat: Indicates a threat that is able to cause operational impact but may not access data or execute unauthorized code.", + "Vulnerability: A low risk vulnerability hampers a security organization's ability to detect vulnerabilities or active threats in their deployment, or prevents the root cause investigation of security issues. An example is monitoring and logs being disabled for resource configurations and access. Threat: Indicates a threat that has obtained minimal access to an environment but is not able to access data, execute code, or create resources." + ], + "type": "string" + }, + "sourceProperties": { + "additionalProperties": { + "type": "any" + }, + "description": "Source specific properties. These properties are managed by the source that writes the finding. The key names in the source_properties map must be between 1 and 255 characters, and must start with a letter and contain alphanumeric characters or underscores only.", + "type": "object" + }, + "state": { + "description": "Output only. The state of the finding.", + "enum": [ + "STATE_UNSPECIFIED", + "ACTIVE", + "INACTIVE" + ], + "enumDescriptions": [ + "Unspecified state.", + "The finding requires attention and has not been addressed yet.", + "The finding has been fixed, triaged as a non-issue or otherwise addressed and is no longer active." + ], + "readOnly": true, + "type": "string" + }, + "vulnerability": { + "$ref": "GoogleCloudSecuritycenterV2Vulnerability", + "description": "Represents vulnerability-specific fields like CVE and CVSS scores. CVE stands for Common Vulnerabilities and Exposures (https://cve.mitre.org/about/)" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2Geolocation": { + "description": "Represents a geographical location for a given access.", + "id": "GoogleCloudSecuritycenterV2Geolocation", + "properties": { + "regionCode": { + "description": "A CLDR.", + "type": "string" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2IamBinding": { + "description": "Represents a particular IAM binding, which captures a member's role addition, removal, or state.", + "id": "GoogleCloudSecuritycenterV2IamBinding", + "properties": { + "action": { + "description": "The action that was performed on a Binding.", + "enum": [ + "ACTION_UNSPECIFIED", + "ADD", + "REMOVE" + ], + "enumDescriptions": [ + "Unspecified.", + "Addition of a Binding.", + "Removal of a Binding." + ], + "type": "string" + }, + "member": { + "description": "A single identity requesting access for a Cloud Platform resource, for example, \"foo@google.com\".", + "type": "string" + }, + "role": { + "description": "Role that is assigned to \"members\". For example, \"roles/viewer\", \"roles/editor\", or \"roles/owner\".", + "type": "string" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2Indicator": { + "description": "Represents what's commonly known as an _indicator of compromise_ (IoC) in computer forensics. This is an artifact observed on a network or in an operating system that, with high confidence, indicates a computer intrusion. For more information, see [Indicator of compromise](https://en.wikipedia.org/wiki/Indicator_of_compromise).", + "id": "GoogleCloudSecuritycenterV2Indicator", + "properties": { + "domains": { + "description": "List of domains associated to the Finding.", + "items": { + "type": "string" + }, + "type": "array" + }, + "ipAddresses": { + "description": "The list of IP addresses that are associated with the finding.", + "items": { + "type": "string" + }, + "type": "array" + }, + "signatures": { + "description": "The list of matched signatures indicating that the given process is present in the environment.", + "items": { + "$ref": "GoogleCloudSecuritycenterV2ProcessSignature" + }, + "type": "array" + }, + "uris": { + "description": "The list of URIs associated to the Findings.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2KernelRootkit": { + "description": "Kernel mode rootkit signatures.", + "id": "GoogleCloudSecuritycenterV2KernelRootkit", + "properties": { + "name": { + "description": "Rootkit name, when available.", + "type": "string" + }, + "unexpectedCodeModification": { + "description": "True if unexpected modifications of kernel code memory are present.", + "type": "boolean" + }, + "unexpectedFtraceHandler": { + "description": "True if `ftrace` points are present with callbacks pointing to regions that are not in the expected kernel or module code range.", + "type": "boolean" + }, + "unexpectedInterruptHandler": { + "description": "True if interrupt handlers that are are not in the expected kernel or module code regions are present.", + "type": "boolean" + }, + "unexpectedKernelCodePages": { + "description": "True if kernel code pages that are not in the expected kernel or module code regions are present.", + "type": "boolean" + }, + "unexpectedKprobeHandler": { + "description": "True if `kprobe` points are present with callbacks pointing to regions that are not in the expected kernel or module code range.", + "type": "boolean" + }, + "unexpectedProcessesInRunqueue": { + "description": "True if unexpected processes in the scheduler run queue are present. Such processes are in the run queue, but not in the process task list.", + "type": "boolean" + }, + "unexpectedReadOnlyDataModification": { + "description": "True if unexpected modifications of kernel read-only data memory are present.", + "type": "boolean" + }, + "unexpectedSystemCallHandler": { + "description": "True if system call handlers that are are not in the expected kernel or module code regions are present.", + "type": "boolean" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2Kubernetes": { + "description": "Kubernetes-related attributes.", + "id": "GoogleCloudSecuritycenterV2Kubernetes", + "properties": { + "accessReviews": { + "description": "Provides information on any Kubernetes access reviews (privilege checks) relevant to the finding.", + "items": { + "$ref": "GoogleCloudSecuritycenterV2AccessReview" + }, + "type": "array" + }, + "bindings": { + "description": "Provides Kubernetes role binding information for findings that involve [RoleBindings or ClusterRoleBindings](https://cloud.google.com/kubernetes-engine/docs/how-to/role-based-access-control).", + "items": { + "$ref": "GoogleCloudSecuritycenterV2Binding" + }, + "type": "array" + }, + "nodePools": { + "description": "GKE [node pools](https://cloud.google.com/kubernetes-engine/docs/concepts/node-pools) associated with the finding. This field contains node pool information for each node, when it is available.", + "items": { + "$ref": "GoogleCloudSecuritycenterV2NodePool" + }, + "type": "array" + }, + "nodes": { + "description": "Provides Kubernetes [node](https://cloud.google.com/kubernetes-engine/docs/concepts/cluster-architecture#nodes) information.", + "items": { + "$ref": "GoogleCloudSecuritycenterV2Node" + }, + "type": "array" + }, + "objects": { + "description": "Kubernetes objects related to the finding.", + "items": { + "$ref": "GoogleCloudSecuritycenterV2Object" + }, + "type": "array" + }, + "pods": { + "description": "Kubernetes [Pods](https://cloud.google.com/kubernetes-engine/docs/concepts/pod) associated with the finding. This field contains Pod records for each container that is owned by a Pod.", + "items": { + "$ref": "GoogleCloudSecuritycenterV2Pod" + }, + "type": "array" + }, + "roles": { + "description": "Provides Kubernetes role information for findings that involve [Roles or ClusterRoles](https://cloud.google.com/kubernetes-engine/docs/how-to/role-based-access-control).", + "items": { + "$ref": "GoogleCloudSecuritycenterV2Role" + }, + "type": "array" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2Label": { + "description": "Represents a generic name-value label. A label has separate name and value fields to support filtering with the `contains()` function. For more information, see [Filtering on array-type fields](https://cloud.google.com/security-command-center/docs/how-to-api-list-findings#array-contains-filtering).", + "id": "GoogleCloudSecuritycenterV2Label", + "properties": { + "name": { + "description": "Name of the label.", + "type": "string" + }, + "value": { + "description": "Value that corresponds to the label's name.", + "type": "string" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2LoadBalancer": { + "description": "Contains information related to the load balancer associated with the finding.", + "id": "GoogleCloudSecuritycenterV2LoadBalancer", + "properties": { + "name": { + "description": "The name of the load balancer associated with the finding.", + "type": "string" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2LogEntry": { + "description": "An individual entry in a log.", + "id": "GoogleCloudSecuritycenterV2LogEntry", + "properties": { + "cloudLoggingEntry": { + "$ref": "GoogleCloudSecuritycenterV2CloudLoggingEntry", + "description": "An individual entry in a log stored in Cloud Logging." + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2MemoryHashSignature": { + "description": "A signature corresponding to memory page hashes.", + "id": "GoogleCloudSecuritycenterV2MemoryHashSignature", + "properties": { + "binaryFamily": { + "description": "The binary family.", + "type": "string" + }, + "detections": { + "description": "The list of memory hash detections contributing to the binary family match.", + "items": { + "$ref": "GoogleCloudSecuritycenterV2Detection" + }, + "type": "array" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2MitreAttack": { + "description": "MITRE ATT\u0026CK tactics and techniques related to this finding. See: https://attack.mitre.org", + "id": "GoogleCloudSecuritycenterV2MitreAttack", + "properties": { + "additionalTactics": { + "description": "Additional MITRE ATT\u0026CK tactics related to this finding, if any.", + "items": { + "enum": [ + "TACTIC_UNSPECIFIED", + "RECONNAISSANCE", + "RESOURCE_DEVELOPMENT", + "INITIAL_ACCESS", + "EXECUTION", + "PERSISTENCE", + "PRIVILEGE_ESCALATION", + "DEFENSE_EVASION", + "CREDENTIAL_ACCESS", + "DISCOVERY", + "LATERAL_MOVEMENT", + "COLLECTION", + "COMMAND_AND_CONTROL", + "EXFILTRATION", + "IMPACT" + ], + "enumDescriptions": [ + "Unspecified value.", + "TA0043", + "TA0042", + "TA0001", + "TA0002", + "TA0003", + "TA0004", + "TA0005", + "TA0006", + "TA0007", + "TA0008", + "TA0009", + "TA0011", + "TA0010", + "TA0040" + ], + "type": "string" + }, + "type": "array" + }, + "additionalTechniques": { + "description": "Additional MITRE ATT\u0026CK techniques related to this finding, if any, along with any of their respective parent techniques.", + "items": { + "enum": [ + "TECHNIQUE_UNSPECIFIED", + "ACTIVE_SCANNING", + "SCANNING_IP_BLOCKS", + "INGRESS_TOOL_TRANSFER", + "NATIVE_API", + "SHARED_MODULES", + "COMMAND_AND_SCRIPTING_INTERPRETER", + "UNIX_SHELL", + "RESOURCE_HIJACKING", + "PROXY", + "EXTERNAL_PROXY", + "MULTI_HOP_PROXY", + "DYNAMIC_RESOLUTION", + "UNSECURED_CREDENTIALS", + "VALID_ACCOUNTS", + "LOCAL_ACCOUNTS", + "CLOUD_ACCOUNTS", + "NETWORK_DENIAL_OF_SERVICE", + "PERMISSION_GROUPS_DISCOVERY", + "CLOUD_GROUPS", + "EXFILTRATION_OVER_WEB_SERVICE", + "EXFILTRATION_TO_CLOUD_STORAGE", + "ACCOUNT_MANIPULATION", + "SSH_AUTHORIZED_KEYS", + "CREATE_OR_MODIFY_SYSTEM_PROCESS", + "STEAL_WEB_SESSION_COOKIE", + "MODIFY_CLOUD_COMPUTE_INFRASTRUCTURE", + "EXPLOIT_PUBLIC_FACING_APPLICATION", + "MODIFY_AUTHENTICATION_PROCESS", + "DATA_DESTRUCTION", + "DOMAIN_POLICY_MODIFICATION", + "IMPAIR_DEFENSES", + "NETWORK_SERVICE_DISCOVERY", + "ACCESS_TOKEN_MANIPULATION", + "ABUSE_ELEVATION_CONTROL_MECHANISM", + "DEFAULT_ACCOUNTS", + "INHIBIT_SYSTEM_RECOVERY" + ], + "enumDescriptions": [ + "Unspecified value.", + "T1595", + "T1595.001", + "T1105", + "T1106", + "T1129", + "T1059", + "T1059.004", + "T1496", + "T1090", + "T1090.002", + "T1090.003", + "T1568", + "T1552", + "T1078", + "T1078.003", + "T1078.004", + "T1498", + "T1069", + "T1069.003", + "T1567", + "T1567.002", + "T1098", + "T1098.004", + "T1543", + "T1539", + "T1578", + "T1190", + "T1556", + "T1485", + "T1484", + "T1562", + "T1046", + "T1134", + "T1548", + "T1078.001", + "T1490" + ], + "type": "string" + }, + "type": "array" + }, + "primaryTactic": { + "description": "The MITRE ATT\u0026CK tactic most closely represented by this finding, if any.", + "enum": [ + "TACTIC_UNSPECIFIED", + "RECONNAISSANCE", + "RESOURCE_DEVELOPMENT", + "INITIAL_ACCESS", + "EXECUTION", + "PERSISTENCE", + "PRIVILEGE_ESCALATION", + "DEFENSE_EVASION", + "CREDENTIAL_ACCESS", + "DISCOVERY", + "LATERAL_MOVEMENT", + "COLLECTION", + "COMMAND_AND_CONTROL", + "EXFILTRATION", + "IMPACT" + ], + "enumDescriptions": [ + "Unspecified value.", + "TA0043", + "TA0042", + "TA0001", + "TA0002", + "TA0003", + "TA0004", + "TA0005", + "TA0006", + "TA0007", + "TA0008", + "TA0009", + "TA0011", + "TA0010", + "TA0040" + ], + "type": "string" + }, + "primaryTechniques": { + "description": "The MITRE ATT\u0026CK technique most closely represented by this finding, if any. primary_techniques is a repeated field because there are multiple levels of MITRE ATT\u0026CK techniques. If the technique most closely represented by this finding is a sub-technique (e.g. `SCANNING_IP_BLOCKS`), both the sub-technique and its parent technique(s) will be listed (e.g. `SCANNING_IP_BLOCKS`, `ACTIVE_SCANNING`).", + "items": { + "enum": [ + "TECHNIQUE_UNSPECIFIED", + "ACTIVE_SCANNING", + "SCANNING_IP_BLOCKS", + "INGRESS_TOOL_TRANSFER", + "NATIVE_API", + "SHARED_MODULES", + "COMMAND_AND_SCRIPTING_INTERPRETER", + "UNIX_SHELL", + "RESOURCE_HIJACKING", + "PROXY", + "EXTERNAL_PROXY", + "MULTI_HOP_PROXY", + "DYNAMIC_RESOLUTION", + "UNSECURED_CREDENTIALS", + "VALID_ACCOUNTS", + "LOCAL_ACCOUNTS", + "CLOUD_ACCOUNTS", + "NETWORK_DENIAL_OF_SERVICE", + "PERMISSION_GROUPS_DISCOVERY", + "CLOUD_GROUPS", + "EXFILTRATION_OVER_WEB_SERVICE", + "EXFILTRATION_TO_CLOUD_STORAGE", + "ACCOUNT_MANIPULATION", + "SSH_AUTHORIZED_KEYS", + "CREATE_OR_MODIFY_SYSTEM_PROCESS", + "STEAL_WEB_SESSION_COOKIE", + "MODIFY_CLOUD_COMPUTE_INFRASTRUCTURE", + "EXPLOIT_PUBLIC_FACING_APPLICATION", + "MODIFY_AUTHENTICATION_PROCESS", + "DATA_DESTRUCTION", + "DOMAIN_POLICY_MODIFICATION", + "IMPAIR_DEFENSES", + "NETWORK_SERVICE_DISCOVERY", + "ACCESS_TOKEN_MANIPULATION", + "ABUSE_ELEVATION_CONTROL_MECHANISM", + "DEFAULT_ACCOUNTS", + "INHIBIT_SYSTEM_RECOVERY" + ], + "enumDescriptions": [ + "Unspecified value.", + "T1595", + "T1595.001", + "T1105", + "T1106", + "T1129", + "T1059", + "T1059.004", + "T1496", + "T1090", + "T1090.002", + "T1090.003", + "T1568", + "T1552", + "T1078", + "T1078.003", + "T1078.004", + "T1498", + "T1069", + "T1069.003", + "T1567", + "T1567.002", + "T1098", + "T1098.004", + "T1543", + "T1539", + "T1578", + "T1190", + "T1556", + "T1485", + "T1484", + "T1562", + "T1046", + "T1134", + "T1548", + "T1078.001", + "T1490" + ], + "type": "string" + }, + "type": "array" + }, + "version": { + "description": "The MITRE ATT\u0026CK version referenced by the above fields. E.g. \"8\".", + "type": "string" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2MuteConfig": { + "description": "A mute config is a Cloud SCC resource that contains the configuration to mute create/update events of findings.", + "id": "GoogleCloudSecuritycenterV2MuteConfig", + "properties": { + "createTime": { + "description": "Output only. The time at which the mute config was created. This field is set by the server and will be ignored if provided on config creation.", + "format": "google-datetime", + "readOnly": true, + "type": "string" + }, + "description": { + "description": "A description of the mute config.", + "type": "string" + }, + "filter": { + "description": "Required. An expression that defines the filter to apply across create/update events of findings. While creating a filter string, be mindful of the scope in which the mute configuration is being created. E.g., If a filter contains project = X but is created under the project = Y scope, it might not match any findings. The following field and operator combinations are supported: * severity: `=`, `:` * category: `=`, `:` * resource.name: `=`, `:` * resource.project_name: `=`, `:` * resource.project_display_name: `=`, `:` * resource.folders.resource_folder: `=`, `:` * resource.parent_name: `=`, `:` * resource.parent_display_name: `=`, `:` * resource.type: `=`, `:` * finding_class: `=`, `:` * indicator.ip_addresses: `=`, `:` * indicator.domains: `=`, `:`", + "type": "string" + }, + "mostRecentEditor": { + "description": "Output only. Email address of the user who last edited the mute config. This field is set by the server and will be ignored if provided on config creation or update.", + "readOnly": true, + "type": "string" + }, + "name": { + "description": "This field will be ignored if provided on config creation. The following list shows some examples of the format: + `organizations/{organization}/muteConfigs/{mute_config}` + `organizations/{organization}locations/{location}//muteConfigs/{mute_config}` + `folders/{folder}/muteConfigs/{mute_config}` + `folders/{folder}/locations/{location}/muteConfigs/{mute_config}` + `projects/{project}/muteConfigs/{mute_config}` + `projects/{project}/locations/{location}/muteConfigs/{mute_config}`", + "type": "string" + }, + "updateTime": { + "description": "Output only. The most recent time at which the mute config was updated. This field is set by the server and will be ignored if provided on config creation or update.", + "format": "google-datetime", + "readOnly": true, + "type": "string" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2Node": { + "description": "Kubernetes nodes associated with the finding.", + "id": "GoogleCloudSecuritycenterV2Node", + "properties": { + "name": { + "description": "[Full resource name](https://google.aip.dev/122#full-resource-names) of the Compute Engine VM running the cluster node.", + "type": "string" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2NodePool": { + "description": "Provides GKE node pool information.", + "id": "GoogleCloudSecuritycenterV2NodePool", + "properties": { + "name": { + "description": "Kubernetes node pool name.", + "type": "string" + }, + "nodes": { + "description": "Nodes associated with the finding.", + "items": { + "$ref": "GoogleCloudSecuritycenterV2Node" + }, + "type": "array" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2NotificationMessage": { + "description": "Cloud SCC's Notification", + "id": "GoogleCloudSecuritycenterV2NotificationMessage", + "properties": { + "finding": { + "$ref": "GoogleCloudSecuritycenterV2Finding", + "description": "If it's a Finding based notification config, this field will be populated." + }, + "notificationConfigName": { + "description": "Name of the notification config that generated current notification.", + "type": "string" + }, + "resource": { + "$ref": "GoogleCloudSecuritycenterV2Resource", + "description": "The Cloud resource tied to this notification's Finding." + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2Object": { + "description": "Kubernetes object related to the finding, uniquely identified by GKNN. Used if the object Kind is not one of Pod, Node, NodePool, Binding, or AccessReview.", + "id": "GoogleCloudSecuritycenterV2Object", + "properties": { + "containers": { + "description": "Pod containers associated with this finding, if any.", + "items": { + "$ref": "GoogleCloudSecuritycenterV2Container" + }, + "type": "array" + }, + "group": { + "description": "Kubernetes object group, such as \"policy.k8s.io/v1\".", + "type": "string" + }, + "kind": { + "description": "Kubernetes object kind, such as \"Namespace\".", + "type": "string" + }, + "name": { + "description": "Kubernetes object name. For details see https://kubernetes.io/docs/concepts/overview/working-with-objects/names/.", + "type": "string" + }, + "ns": { + "description": "Kubernetes object namespace. Must be a valid DNS label. Named \"ns\" to avoid collision with C++ namespace keyword. For details see https://kubernetes.io/docs/tasks/administer-cluster/namespaces/.", + "type": "string" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2OrgPolicy": { + "description": "Contains information about the org policies associated with the finding.", + "id": "GoogleCloudSecuritycenterV2OrgPolicy", + "properties": { + "name": { + "description": "The resource name of the org policy. Example: \"organizations/{organization_id}/policies/{constraint_name}\"", + "type": "string" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2Pod": { + "description": "A Kubernetes Pod.", + "id": "GoogleCloudSecuritycenterV2Pod", + "properties": { + "containers": { + "description": "Pod containers associated with this finding, if any.", + "items": { + "$ref": "GoogleCloudSecuritycenterV2Container" + }, + "type": "array" + }, + "labels": { + "description": "Pod labels. For Kubernetes containers, these are applied to the container.", + "items": { + "$ref": "GoogleCloudSecuritycenterV2Label" + }, + "type": "array" + }, + "name": { + "description": "Kubernetes Pod name.", + "type": "string" + }, + "ns": { + "description": "Kubernetes Pod namespace.", + "type": "string" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2Process": { + "description": "Represents an operating system process.", + "id": "GoogleCloudSecuritycenterV2Process", + "properties": { + "args": { + "description": "Process arguments as JSON encoded strings.", + "items": { + "type": "string" + }, + "type": "array" + }, + "argumentsTruncated": { + "description": "True if `args` is incomplete.", + "type": "boolean" + }, + "binary": { + "$ref": "GoogleCloudSecuritycenterV2File", + "description": "File information for the process executable." + }, + "envVariables": { + "description": "Process environment variables.", + "items": { + "$ref": "GoogleCloudSecuritycenterV2EnvironmentVariable" + }, + "type": "array" + }, + "envVariablesTruncated": { + "description": "True if `env_variables` is incomplete.", + "type": "boolean" + }, + "libraries": { + "description": "File information for libraries loaded by the process.", + "items": { + "$ref": "GoogleCloudSecuritycenterV2File" + }, + "type": "array" + }, + "name": { + "description": "The process name, as displayed in utilities like `top` and `ps`. This name can be accessed through `/proc/[pid]/comm` and changed with `prctl(PR_SET_NAME)`.", + "type": "string" + }, + "parentPid": { + "description": "The parent process ID.", + "format": "int64", + "type": "string" + }, + "pid": { + "description": "The process ID.", + "format": "int64", + "type": "string" + }, + "script": { + "$ref": "GoogleCloudSecuritycenterV2File", + "description": "When the process represents the invocation of a script, `binary` provides information about the interpreter, while `script` provides information about the script file provided to the interpreter." + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2ProcessSignature": { + "description": "Indicates what signature matched this process.", + "id": "GoogleCloudSecuritycenterV2ProcessSignature", + "properties": { + "memoryHashSignature": { + "$ref": "GoogleCloudSecuritycenterV2MemoryHashSignature", + "description": "Signature indicating that a binary family was matched." + }, + "yaraRuleSignature": { + "$ref": "GoogleCloudSecuritycenterV2YaraRuleSignature", + "description": "Signature indicating that a YARA rule was matched." + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2Reference": { + "description": "Additional Links", + "id": "GoogleCloudSecuritycenterV2Reference", + "properties": { + "source": { + "description": "Source of the reference e.g. NVD", + "type": "string" + }, + "uri": { + "description": "Uri for the mentioned source e.g. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34527.", + "type": "string" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2Resource": { + "description": "Information related to the Google Cloud resource.", + "id": "GoogleCloudSecuritycenterV2Resource", + "properties": { + "displayName": { + "description": "The human readable name of the resource.", + "type": "string" + }, + "name": { + "description": "The full resource name of the resource. See: https://cloud.google.com/apis/design/resource_names#full_resource_name", + "type": "string" + }, + "type": { + "description": "The full resource type of the resource.", + "type": "string" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2ResourceValueConfig": { + "description": "A resource value config (RVC) is a mapping configuration of user's resources to resource values. Used in Attack path simulations.", + "id": "GoogleCloudSecuritycenterV2ResourceValueConfig", + "properties": { + "createTime": { + "description": "Output only. Timestamp this resource value config was created.", + "format": "google-datetime", + "readOnly": true, + "type": "string" + }, + "description": { + "description": "Description of the resource value config.", + "type": "string" + }, + "name": { + "description": "Name for the resource value config", + "type": "string" + }, + "resourceLabelsSelector": { + "additionalProperties": { + "type": "string" + }, + "description": "List of resource labels to search for, evaluated with AND. E.g. \"resource_labels_selector\": {\"key\": \"value\", \"env\": \"prod\"} will match resources with labels \"key\": \"value\" AND \"env\": \"prod\" https://cloud.google.com/resource-manager/docs/creating-managing-labels", + "type": "object" + }, + "resourceType": { + "description": "Apply resource_value only to resources that match resource_type. resource_type will be checked with \"AND\" of other resources. E.g. \"storage.googleapis.com/Bucket\" with resource_value \"HIGH\" will apply \"HIGH\" value only to \"storage.googleapis.com/Bucket\" resources.", + "type": "string" + }, + "resourceValue": { + "description": "Required. Resource value level this expression represents", + "enum": [ + "RESOURCE_VALUE_UNSPECIFIED", + "HIGH", + "MEDIUM", + "LOW", + "NONE" + ], + "enumDescriptions": [ + "Unspecific value", + "High resource value", + "Medium resource value", + "Low resource value", + "No resource value, e.g. ignore these resources" + ], + "type": "string" + }, + "scope": { + "description": "Project or folder to scope this config to. For example, \"project/456\" would apply this config only to resources in \"project/456\" scope will be checked with \"AND\" of other resources.", + "type": "string" + }, + "tagValues": { + "description": "Required. Tag values combined with AND to check against. Values in the form \"tagValues/123\" E.g. [ \"tagValues/123\", \"tagValues/456\", \"tagValues/789\" ] https://cloud.google.com/resource-manager/docs/tags/tags-creating-and-managing", + "items": { + "type": "string" + }, + "type": "array" + }, + "updateTime": { + "description": "Output only. Timestamp this resource value config was last updated.", + "format": "google-datetime", + "readOnly": true, + "type": "string" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2Role": { + "description": "Kubernetes Role or ClusterRole.", + "id": "GoogleCloudSecuritycenterV2Role", + "properties": { + "kind": { + "description": "Role type.", + "enum": [ + "KIND_UNSPECIFIED", + "ROLE", + "CLUSTER_ROLE" + ], + "enumDescriptions": [ + "Role type is not specified.", + "Kubernetes Role.", + "Kubernetes ClusterRole." + ], + "type": "string" + }, + "name": { + "description": "Role name.", + "type": "string" + }, + "ns": { + "description": "Role namespace.", + "type": "string" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2SecurityMarks": { + "description": "User specified security marks that are attached to the parent Security Command Center resource. Security marks are scoped within a Security Command Center organization -- they can be modified and viewed by all users who have proper permissions on the organization.", + "id": "GoogleCloudSecuritycenterV2SecurityMarks", + "properties": { + "canonicalName": { + "description": "The canonical name of the marks. The following list shows some examples: + `organizations/{organization_id}/assets/{asset_id}/securityMarks\" + `organizations/{organization_id}/sources/{source_id}/findings/{finding_id}/securityMarks\" + `organizations/{organization_id}/sources/{source_id}/locations/{location}/findings/{finding_id}/securityMarks\" + `folders/{folder_id}/assets/{asset_id}/securityMarks\" + `folders/{folder_id}/sources/{source_id}/findings/{finding_id}/securityMarks\" + `folders/{folder_id}/sources/{source_id}/locations/{location}/findings/{finding_id}/securityMarks\" + `projects/{project_number}/assets/{asset_id}/securityMarks\" + `projects/{project_number}/sources/{source_id}/findings/{finding_id}/securityMarks\" + `projects/{project_number}/sources/{source_id}/locations/{location}/findings/{finding_id}/securityMarks\"", + "type": "string" + }, + "marks": { + "additionalProperties": { + "type": "string" + }, + "description": "Mutable user specified security marks belonging to the parent resource. Constraints are as follows: * Keys and values are treated as case insensitive * Keys must be between 1 - 256 characters (inclusive) * Keys must be letters, numbers, underscores, or dashes * Values have leading and trailing whitespace trimmed, remaining characters must be between 1 - 4096 characters (inclusive)", + "type": "object" + }, + "name": { + "description": "The relative resource name of the SecurityMarks. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name The following list shows some examples: + `organizations/{organization_id}/assets/{asset_id}/securityMarks` + `organizations/{organization_id}/sources/{source_id}/findings/{finding_id}/securityMarks` + `organizations/{organization_id}/sources/{source_id}/locations/{location}/findings/{finding_id}/securityMarks`", + "type": "string" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2SecurityPosture": { + "description": "Represents a posture that is deployed on Google Cloud by the Security Command Center Posture Management service. A posture contains one or more policy sets. A policy set is a group of policies that enforce a set of security rules on Google Cloud.", + "id": "GoogleCloudSecuritycenterV2SecurityPosture", + "properties": { + "changedPolicy": { + "description": "The name of the policy that has been updated, for example, `projects/{project_id}/policies/{constraint_name}`.", + "type": "string" + }, + "name": { + "description": "Name of the posture, for example, `organizations/{org_id}/locations/{location}/postures/{posture_name}`.", + "type": "string" + }, + "postureDeployment": { + "description": "The name of the posture deployment, for example, `projects/{project_id}/posturedeployments/{posture_deployment_id}`.", + "type": "string" + }, + "postureDeploymentResource": { + "description": "The project, folder, or organization on which the posture is deployed, for example, `projects/{project_id}`.", + "type": "string" + }, + "revisionId": { + "description": "The version of the posture, for example, `c7cfa2a8`.", + "type": "string" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2ServiceAccountDelegationInfo": { + "description": "Identity delegation history of an authenticated service account.", + "id": "GoogleCloudSecuritycenterV2ServiceAccountDelegationInfo", + "properties": { + "principalEmail": { + "description": "The email address of a Google account.", + "type": "string" + }, + "principalSubject": { + "description": "A string representing the principal_subject associated with the identity. As compared to `principal_email`, supports principals that aren't associated with email addresses, such as third party principals. For most identities, the format will be `principal://iam.googleapis.com/{identity pool name}/subjects/{subject}` except for some GKE identities (GKE_WORKLOAD, FREEFORM, GKE_HUB_WORKLOAD) that are still in the legacy format `serviceAccount:{identity pool name}[{subject}]`", + "type": "string" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2Subject": { + "description": "Represents a Kubernetes subject.", + "id": "GoogleCloudSecuritycenterV2Subject", + "properties": { + "kind": { + "description": "Authentication type for the subject.", + "enum": [ + "AUTH_TYPE_UNSPECIFIED", + "USER", + "SERVICEACCOUNT", + "GROUP" + ], + "enumDescriptions": [ + "Authentication is not specified.", + "User with valid certificate.", + "Users managed by Kubernetes API with credentials stored as secrets.", + "Collection of users." + ], + "type": "string" + }, + "name": { + "description": "Name for the subject.", + "type": "string" + }, + "ns": { + "description": "Namespace for the subject.", + "type": "string" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2Vulnerability": { + "description": "Refers to common vulnerability fields e.g. cve, cvss, cwe etc.", + "id": "GoogleCloudSecuritycenterV2Vulnerability", + "properties": { + "cve": { + "$ref": "GoogleCloudSecuritycenterV2Cve", + "description": "CVE stands for Common Vulnerabilities and Exposures (https://cve.mitre.org/about/)" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2YaraRuleSignature": { + "description": "A signature corresponding to a YARA rule.", + "id": "GoogleCloudSecuritycenterV2YaraRuleSignature", + "properties": { + "yaraRule": { + "description": "The name of the YARA rule.", + "type": "string" + } + }, + "type": "object" + }, "GroupAssetsRequest": { "description": "Request message for grouping by assets.", "id": "GroupAssetsRequest", @@ -3600,7 +5792,7 @@ "type": "string" }, "kind": { - "description": "Kubernetes object kind, such as “Namespace”.", + "description": "Kubernetes object kind, such as \"Namespace\".", "type": "string" }, "name": { diff --git a/securitycenter/v1beta1/securitycenter-gen.go b/securitycenter/v1beta1/securitycenter-gen.go index 25623e37d27..48262006f1f 100644 --- a/securitycenter/v1beta1/securitycenter-gen.go +++ b/securitycenter/v1beta1/securitycenter-gen.go @@ -352,6 +352,41 @@ func (s *AccessReview) MarshalJSON() ([]byte, error) { return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) } +// Application: Represents an application associated with a finding. +type Application struct { + // BaseUri: The base URI that identifies the network location of the + // application in which the vulnerability was detected. Examples: + // http://11.22.33.44, http://foo.com, http://11.22.33.44:8080 + BaseUri string `json:"baseUri,omitempty"` + + // FullUri: The full URI with payload that can be used to reproduce the + // vulnerability. Example: + // http://11.22.33.44/reflected/parameter/attribute/singlequoted/js?p=aMmYgI6H + FullUri string `json:"fullUri,omitempty"` + + // ForceSendFields is a list of field names (e.g. "BaseUri") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "BaseUri") to include in + // API requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *Application) MarshalJSON() ([]byte, error) { + type NoMethod Application + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + // Asset: Security Command Center representation of a Google Cloud // resource. The Asset is a Security Command Center resource that // captures information about a single Google Cloud resource. All @@ -624,6 +659,94 @@ func (s *AuditLogConfig) MarshalJSON() ([]byte, error) { return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) } +// BackupDisasterRecovery: Information related to Google Cloud Backup +// and DR Service findings. +type BackupDisasterRecovery struct { + // Appliance: The name of the Backup and DR appliance that captures, + // moves, and manages the lifecycle of backup data. For example, + // “backup-server-57137”. + Appliance string `json:"appliance,omitempty"` + + // Applications: The names of Backup and DR applications. An application + // is a VM, database, or file system on a managed host monitored by a + // backup and recovery appliance. For example, “centos7-01-vol00”, + // “centos7-01-vol01”, “centos7-01-vol02”. + Applications []string `json:"applications,omitempty"` + + // BackupCreateTime: The timestamp at which the Backup and DR backup was + // created. + BackupCreateTime string `json:"backupCreateTime,omitempty"` + + // BackupTemplate: The name of a Backup and DR template which comprises + // one or more backup policies. See the Backup and DR documentation + // (https://cloud.google.com/backup-disaster-recovery/docs/concepts/backup-plan#temp) + // for more information. For example, “snap-ov”. + BackupTemplate string `json:"backupTemplate,omitempty"` + + // BackupType: The backup type of the Backup and DR image. For example, + // “Snapshot”, “Remote Snapshot”, “OnVault”. + BackupType string `json:"backupType,omitempty"` + + // Host: The name of a Backup and DR host, which is managed by the + // backup and recovery appliance and known to the management console. + // The host can be of type Generic (for example, Compute Engine, SQL + // Server, Oracle DB, SMB file system, etc.), vCenter, or an ESX server. + // See the Backup and DR documentation on hosts + // (https://cloud.google.com/backup-disaster-recovery/docs/configuration/manage-hosts-and-their-applications) + // for more information. For example, “centos7-01”. + Host string `json:"host,omitempty"` + + // Policies: The names of Backup and DR policies that are associated + // with a template and that define when to run a backup, how frequently + // to run a backup, and how long to retain the backup image. For + // example, “onvaults”. + Policies []string `json:"policies,omitempty"` + + // PolicyOptions: The names of Backup and DR advanced policy options of + // a policy applying to an application. See the Backup and DR + // documentation on policy options + // (https://cloud.google.com/backup-disaster-recovery/docs/create-plan/policy-settings). + // For example, “skipofflineappsincongrp, nounmap”. + PolicyOptions []string `json:"policyOptions,omitempty"` + + // Profile: The name of the Backup and DR resource profile that + // specifies the storage media for backups of application and VM data. + // See the Backup and DR documentation on profiles + // (https://cloud.google.com/backup-disaster-recovery/docs/concepts/backup-plan#profile). + // For example, “GCP”. + Profile string `json:"profile,omitempty"` + + // StoragePool: The name of the Backup and DR storage pool that the + // backup and recovery appliance is storing data in. The storage pool + // could be of type Cloud, Primary, Snapshot, or OnVault. See the Backup + // and DR documentation on storage pools + // (https://cloud.google.com/backup-disaster-recovery/docs/concepts/storage-pools). + // For example, “DiskPoolOne”. + StoragePool string `json:"storagePool,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Appliance") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Appliance") to include in + // API requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *BackupDisasterRecovery) MarshalJSON() ([]byte, error) { + type NoMethod BackupDisasterRecovery + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + // Binding: Associates `members`, or principals, with a `role`. type Binding struct { // Condition: The condition that is associated with this binding. If the @@ -871,6 +994,59 @@ func (s *Compliance) MarshalJSON() ([]byte, error) { return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) } +// ComplianceSnapshot: Result containing the properties and count of a +// ComplianceSnapshot request. +type ComplianceSnapshot struct { + // Category: The category of Findings matching. + Category string `json:"category,omitempty"` + + // ComplianceStandard: The compliance standard (ie CIS). + ComplianceStandard string `json:"complianceStandard,omitempty"` + + // ComplianceVersion: The compliance version (ie 1.3) in CIS 1.3. + ComplianceVersion string `json:"complianceVersion,omitempty"` + + // Count: Total count of findings for the given properties. + Count int64 `json:"count,omitempty,string"` + + // LeafContainerResource: The leaf container resource name that is + // closest to the snapshot. + LeafContainerResource string `json:"leafContainerResource,omitempty"` + + // Name: The compliance snapshot name. Format: + // //sources//complianceSnapshots/ + Name string `json:"name,omitempty"` + + // ProjectDisplayName: The CRM resource display name that is closest to + // the snapshot the Findings belong to. + ProjectDisplayName string `json:"projectDisplayName,omitempty"` + + // SnapshotTime: The snapshot time of the snapshot. + SnapshotTime string `json:"snapshotTime,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Category") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Category") to include in + // API requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *ComplianceSnapshot) MarshalJSON() ([]byte, error) { + type NoMethod ComplianceSnapshot + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + // Connection: Contains information about the IP connection associated // with the finding. type Connection struct { @@ -1569,10 +1745,16 @@ type Finding struct { // information on the caller, which method was accessed, and from where. Access *Access `json:"access,omitempty"` + // Application: Represents an application associated with the finding. + Application *Application `json:"application,omitempty"` + // AttackExposure: The results of an attack path simulation relevant to // this finding. AttackExposure *AttackExposure `json:"attackExposure,omitempty"` + // BackupDisasterRecovery: Fields related to Backup and DR findings. + BackupDisasterRecovery *BackupDisasterRecovery `json:"backupDisasterRecovery,omitempty"` + // CanonicalName: The canonical name of the finding. It's either // "organizations/{organization_id}/sources/{source_id}/findings/{finding // _id}", @@ -3267,6 +3449,2991 @@ func (s *GoogleCloudSecuritycenterV1p1beta1SecurityMarks) MarshalJSON() ([]byte, return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) } +// GoogleCloudSecuritycenterV2Access: Represents an access event. +type GoogleCloudSecuritycenterV2Access struct { + // CallerIp: Caller's IP address, such as "1.1.1.1". + CallerIp string `json:"callerIp,omitempty"` + + // CallerIpGeo: The caller IP's geolocation, which identifies where the + // call came from. + CallerIpGeo *GoogleCloudSecuritycenterV2Geolocation `json:"callerIpGeo,omitempty"` + + // MethodName: The method that the service account called, e.g. + // "SetIamPolicy". + MethodName string `json:"methodName,omitempty"` + + // PrincipalEmail: Associated email, such as "foo@google.com". The email + // address of the authenticated user or a service account acting on + // behalf of a third party principal making the request. For third party + // identity callers, the `principal_subject` field is populated instead + // of this field. For privacy reasons, the principal email address is + // sometimes redacted. For more information, see Caller identities in + // audit logs (https://cloud.google.com/logging/docs/audit#user-id). + PrincipalEmail string `json:"principalEmail,omitempty"` + + // PrincipalSubject: A string that represents the principal_subject that + // is associated with the identity. Unlike `principal_email`, + // `principal_subject` supports principals that aren't associated with + // email addresses, such as third party principals. For most identities, + // the format is `principal://iam.googleapis.com/{identity pool + // name}/subject/{subject}`. Some GKE identities, such as GKE_WORKLOAD, + // FREEFORM, and GKE_HUB_WORKLOAD, still use the legacy format + // `serviceAccount:{identity pool name}[{subject}]`. + PrincipalSubject string `json:"principalSubject,omitempty"` + + // ServiceAccountDelegationInfo: The identity delegation history of an + // authenticated service account that made the request. The + // `serviceAccountDelegationInfo[]` object contains information about + // the real authorities that try to access Google Cloud resources by + // delegating on a service account. When multiple authorities are + // present, they are guaranteed to be sorted based on the original + // ordering of the identity delegation events. + ServiceAccountDelegationInfo []*GoogleCloudSecuritycenterV2ServiceAccountDelegationInfo `json:"serviceAccountDelegationInfo,omitempty"` + + // ServiceAccountKeyName: The name of the service account key that was + // used to create or exchange credentials when authenticating the + // service account that made the request. This is a scheme-less URI full + // resource name. For example: + // "//iam.googleapis.com/projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/ + // keys/{key}". + ServiceAccountKeyName string `json:"serviceAccountKeyName,omitempty"` + + // ServiceName: This is the API service that the service account made a + // call to, e.g. "iam.googleapis.com" + ServiceName string `json:"serviceName,omitempty"` + + // UserAgent: The caller's user agent string associated with the + // finding. + UserAgent string `json:"userAgent,omitempty"` + + // UserAgentFamily: Type of user agent associated with the finding. For + // example, an operating system shell or an embedded or standalone + // application. + UserAgentFamily string `json:"userAgentFamily,omitempty"` + + // UserName: A string that represents a username. The username provided + // depends on the type of the finding and is likely not an IAM + // principal. For example, this can be a system username if the finding + // is related to a virtual machine, or it can be an application login + // username. + UserName string `json:"userName,omitempty"` + + // ForceSendFields is a list of field names (e.g. "CallerIp") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "CallerIp") to include in + // API requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2Access) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2Access + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2AccessReview: Conveys information about a +// Kubernetes access review (such as one returned by a `kubectl auth +// can-i` +// (https://kubernetes.io/docs/reference/access-authn-authz/authorization/#checking-api-access) +// command) that was involved in a finding. +type GoogleCloudSecuritycenterV2AccessReview struct { + // Group: The API group of the resource. "*" means all. + Group string `json:"group,omitempty"` + + // Name: The name of the resource being requested. Empty means all. + Name string `json:"name,omitempty"` + + // Ns: Namespace of the action being requested. Currently, there is no + // distinction between no namespace and all namespaces. Both are + // represented by "" (empty). + Ns string `json:"ns,omitempty"` + + // Resource: The optional resource type requested. "*" means all. + Resource string `json:"resource,omitempty"` + + // Subresource: The optional subresource type. + Subresource string `json:"subresource,omitempty"` + + // Verb: A Kubernetes resource API verb, like get, list, watch, create, + // update, delete, proxy. "*" means all. + Verb string `json:"verb,omitempty"` + + // Version: The API version of the resource. "*" means all. + Version string `json:"version,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Group") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Group") to include in API + // requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2AccessReview) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2AccessReview + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2Application: Represents an application +// associated with a finding. +type GoogleCloudSecuritycenterV2Application struct { + // BaseUri: The base URI that identifies the network location of the + // application in which the vulnerability was detected. Examples: + // http://11.22.33.44, http://foo.com, http://11.22.33.44:8080 + BaseUri string `json:"baseUri,omitempty"` + + // FullUri: The full URI with payload that could be used to reproduce + // the vulnerability. Example: + // http://11.22.33.44/reflected/parameter/attribute/singlequoted/js?p=aMmYgI6H + FullUri string `json:"fullUri,omitempty"` + + // ForceSendFields is a list of field names (e.g. "BaseUri") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "BaseUri") to include in + // API requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2Application) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2Application + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2AttackExposure: An attack exposure +// contains the results of an attack path simulation run. +type GoogleCloudSecuritycenterV2AttackExposure struct { + // AttackExposureResult: The resource name of the attack path simulation + // result that contains the details regarding this attack exposure + // score. Example: organizations/123/attackExposureResults/456 + AttackExposureResult string `json:"attackExposureResult,omitempty"` + + // ExposedHighValueResourcesCount: The number of high value resources + // that are exposed as a result of this finding. + ExposedHighValueResourcesCount int64 `json:"exposedHighValueResourcesCount,omitempty"` + + // ExposedLowValueResourcesCount: The number of high value resources + // that are exposed as a result of this finding. + ExposedLowValueResourcesCount int64 `json:"exposedLowValueResourcesCount,omitempty"` + + // ExposedMediumValueResourcesCount: The number of medium value + // resources that are exposed as a result of this finding. + ExposedMediumValueResourcesCount int64 `json:"exposedMediumValueResourcesCount,omitempty"` + + // LatestCalculationTime: The most recent time the attack exposure was + // updated on this finding. + LatestCalculationTime string `json:"latestCalculationTime,omitempty"` + + // Score: A number between 0 (inclusive) and infinity that represents + // how important this finding is to remediate. The higher the score, the + // more important it is to remediate. + Score float64 `json:"score,omitempty"` + + // State: Output only. What state this AttackExposure is in. This + // captures whether or not an attack exposure has been calculated or + // not. + // + // Possible values: + // "STATE_UNSPECIFIED" - The state is not specified. + // "CALCULATED" - The attack exposure has been calculated. + // "NOT_CALCULATED" - The attack exposure has not been calculated. + State string `json:"state,omitempty"` + + // ForceSendFields is a list of field names (e.g. + // "AttackExposureResult") to unconditionally include in API requests. + // By default, fields with empty or default values are omitted from API + // requests. However, any non-pointer, non-interface field appearing in + // ForceSendFields will be sent to the server regardless of whether the + // field is empty or not. This may be used to include empty fields in + // Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "AttackExposureResult") to + // include in API requests with the JSON null value. By default, fields + // with empty values are omitted from API requests. However, any field + // with an empty value appearing in NullFields will be sent to the + // server as null. It is an error if a field in this list has a + // non-empty value. This may be used to include null fields in Patch + // requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2AttackExposure) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2AttackExposure + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +func (s *GoogleCloudSecuritycenterV2AttackExposure) UnmarshalJSON(data []byte) error { + type NoMethod GoogleCloudSecuritycenterV2AttackExposure + var s1 struct { + Score gensupport.JSONFloat64 `json:"score"` + *NoMethod + } + s1.NoMethod = (*NoMethod)(s) + if err := json.Unmarshal(data, &s1); err != nil { + return err + } + s.Score = float64(s1.Score) + return nil +} + +// GoogleCloudSecuritycenterV2BackupDisasterRecovery: Information +// related to Google Cloud Backup and DR Service findings. +type GoogleCloudSecuritycenterV2BackupDisasterRecovery struct { + // Appliance: The name of the Backup and DR appliance that captures, + // moves, and manages the lifecycle of backup data. For example, + // “backup-server-57137”. + Appliance string `json:"appliance,omitempty"` + + // Applications: The names of Backup and DR applications. An application + // is a VM, database, or file system on a managed host monitored by a + // backup and recovery appliance. For example, “centos7-01-vol00”, + // “centos7-01-vol01”, “centos7-01-vol02”. + Applications []string `json:"applications,omitempty"` + + // BackupCreateTime: The timestamp at which the Backup and DR backup was + // created. + BackupCreateTime string `json:"backupCreateTime,omitempty"` + + // BackupTemplate: The name of a Backup and DR template which comprises + // one or more backup policies. See the Backup and DR documentation + // (https://cloud.google.com/backup-disaster-recovery/docs/concepts/backup-plan#temp) + // for more information. For example, “snap-ov”. + BackupTemplate string `json:"backupTemplate,omitempty"` + + // BackupType: The backup type of the Backup and DR image. For example, + // “Snapshot”, “Remote Snapshot”, “OnVault”. + BackupType string `json:"backupType,omitempty"` + + // Host: The name of a Backup and DR host, which is managed by the + // backup and recovery appliance and known to the management console. + // The host can be of type Generic (for example, Compute Engine, SQL + // Server, Oracle DB, SMB file system, etc.), vCenter, or an ESX server. + // See the Backup and DR documentation on hosts + // (https://cloud.google.com/backup-disaster-recovery/docs/configuration/manage-hosts-and-their-applications) + // for more information. For example, “centos7-01”. + Host string `json:"host,omitempty"` + + // Policies: The names of Backup and DR policies that are associated + // with a template and that define when to run a backup, how frequently + // to run a backup, and how long to retain the backup image. For + // example, “onvaults”. + Policies []string `json:"policies,omitempty"` + + // PolicyOptions: The names of Backup and DR advanced policy options of + // a policy applying to an application. See the Backup and DR + // documentation on policy options + // (https://cloud.google.com/backup-disaster-recovery/docs/create-plan/policy-settings). + // For example, “skipofflineappsincongrp, nounmap”. + PolicyOptions []string `json:"policyOptions,omitempty"` + + // Profile: The name of the Backup and DR resource profile that + // specifies the storage media for backups of application and VM data. + // See the Backup and DR documentation on profiles + // (https://cloud.google.com/backup-disaster-recovery/docs/concepts/backup-plan#profile). + // For example, “GCP”. + Profile string `json:"profile,omitempty"` + + // StoragePool: The name of the Backup and DR storage pool that the + // backup and recovery appliance is storing data in. The storage pool + // could be of type Cloud, Primary, Snapshot, or OnVault. See the Backup + // and DR documentation on storage pools + // (https://cloud.google.com/backup-disaster-recovery/docs/concepts/storage-pools). + // For example, “DiskPoolOne”. + StoragePool string `json:"storagePool,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Appliance") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Appliance") to include in + // API requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2BackupDisasterRecovery) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2BackupDisasterRecovery + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2BigQueryExport: Configures how to deliver +// Findings to BigQuery Instance. +type GoogleCloudSecuritycenterV2BigQueryExport struct { + // CreateTime: Output only. The time at which the BigQuery export was + // created. This field is set by the server and will be ignored if + // provided on export on creation. + CreateTime string `json:"createTime,omitempty"` + + // Dataset: The dataset to write findings' updates to. Its format is + // "projects/[project_id]/datasets/[bigquery_dataset_id]". BigQuery + // Dataset unique ID must contain only letters (a-z, A-Z), numbers + // (0-9), or underscores (_). + Dataset string `json:"dataset,omitempty"` + + // Description: The description of the export (max of 1024 characters). + Description string `json:"description,omitempty"` + + // Filter: Expression that defines the filter to apply across + // create/update events of findings. The expression is a list of zero or + // more restrictions combined via logical operators `AND` and `OR`. + // Parentheses are supported, and `OR` has higher precedence than `AND`. + // Restrictions have the form ` ` and may have a `-` character in front + // of them to indicate negation. The fields map to those defined in the + // corresponding resource. The supported operators are: * `=` for all + // value types. * `>`, `<`, `>=`, `<=` for integer values. * `:`, + // meaning substring matching, for strings. The supported value types + // are: * string literals in quotes. * integer literals without quotes. + // * boolean literals `true` and `false` without quotes. + Filter string `json:"filter,omitempty"` + + // MostRecentEditor: Output only. Email address of the user who last + // edited the BigQuery export. This field is set by the server and will + // be ignored if provided on export creation or update. + MostRecentEditor string `json:"mostRecentEditor,omitempty"` + + // Name: The relative resource name of this export. See: + // https://cloud.google.com/apis/design/resource_names#relative_resource_name. + // The following list shows some examples: + + // `organizations/{organization_id}/locations/{location_id}/bigQueryExpor + // ts/{export_id}` + + // `folders/{folder_id}/locations/{location_id}/bigQueryExports/{export_i + // d}` + + // `projects/{project_id}/locations/{location_id}/bigQueryExports/{export + // _id}` This field is provided in responses, and is ignored when + // provided in create requests. + Name string `json:"name,omitempty"` + + // Principal: Output only. The service account that needs permission to + // create table and upload data to the BigQuery dataset. + Principal string `json:"principal,omitempty"` + + // UpdateTime: Output only. The most recent time at which the BigQuery + // export was updated. This field is set by the server and will be + // ignored if provided on export creation or update. + UpdateTime string `json:"updateTime,omitempty"` + + // ForceSendFields is a list of field names (e.g. "CreateTime") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "CreateTime") to include in + // API requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2BigQueryExport) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2BigQueryExport + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2Binding: Represents a Kubernetes +// RoleBinding or ClusterRoleBinding. +type GoogleCloudSecuritycenterV2Binding struct { + // Name: Name for the binding. + Name string `json:"name,omitempty"` + + // Ns: Namespace for the binding. + Ns string `json:"ns,omitempty"` + + // Role: The Role or ClusterRole referenced by the binding. + Role *GoogleCloudSecuritycenterV2Role `json:"role,omitempty"` + + // Subjects: Represents one or more subjects that are bound to the role. + // Not always available for PATCH requests. + Subjects []*GoogleCloudSecuritycenterV2Subject `json:"subjects,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Name") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Name") to include in API + // requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2Binding) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2Binding + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2BulkMuteFindingsResponse: The response to +// a BulkMute request. Contains the LRO information. +type GoogleCloudSecuritycenterV2BulkMuteFindingsResponse struct { +} + +// GoogleCloudSecuritycenterV2CloudDlpDataProfile: The data profile +// (https://cloud.google.com/dlp/docs/data-profiles) associated with the +// finding. +type GoogleCloudSecuritycenterV2CloudDlpDataProfile struct { + // DataProfile: Name of the data profile, for example, + // `projects/123/locations/europe/tableProfiles/8383929`. + DataProfile string `json:"dataProfile,omitempty"` + + // ParentType: The resource hierarchy level at which the data profile + // was generated. + // + // Possible values: + // "PARENT_TYPE_UNSPECIFIED" - Unspecified parent type. + // "ORGANIZATION" - Organization-level configurations. + // "PROJECT" - Project-level configurations. + ParentType string `json:"parentType,omitempty"` + + // ForceSendFields is a list of field names (e.g. "DataProfile") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "DataProfile") to include + // in API requests with the JSON null value. By default, fields with + // empty values are omitted from API requests. However, any field with + // an empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2CloudDlpDataProfile) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2CloudDlpDataProfile + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2CloudDlpInspection: Details about the +// Cloud Data Loss Prevention (Cloud DLP) inspection job +// (https://cloud.google.com/dlp/docs/concepts-job-triggers) that +// produced the finding. +type GoogleCloudSecuritycenterV2CloudDlpInspection struct { + // FullScan: Whether Cloud DLP scanned the complete resource or a + // sampled subset. + FullScan bool `json:"fullScan,omitempty"` + + // InfoType: The type of information (or *infoType + // (https://cloud.google.com/dlp/docs/infotypes-reference)*) found, for + // example, `EMAIL_ADDRESS` or `STREET_ADDRESS`. + InfoType string `json:"infoType,omitempty"` + + // InfoTypeCount: The number of times Cloud DLP found this infoType + // within this job and resource. + InfoTypeCount int64 `json:"infoTypeCount,omitempty,string"` + + // InspectJob: Name of the inspection job, for example, + // `projects/123/locations/europe/dlpJobs/i-8383929`. + InspectJob string `json:"inspectJob,omitempty"` + + // ForceSendFields is a list of field names (e.g. "FullScan") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "FullScan") to include in + // API requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2CloudDlpInspection) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2CloudDlpInspection + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2CloudLoggingEntry: Metadata taken from a +// Cloud Logging LogEntry +// (https://cloud.google.com/logging/docs/reference/v2/rest/v2/LogEntry) +type GoogleCloudSecuritycenterV2CloudLoggingEntry struct { + // InsertId: A unique identifier for the log entry. + InsertId string `json:"insertId,omitempty"` + + // LogId: The type of the log (part of `log_name`. `log_name` is the + // resource name of the log to which this log entry belongs). For + // example: `cloudresourcemanager.googleapis.com/activity` Note that + // this field is not URL-encoded, unlike in `LogEntry`. + LogId string `json:"logId,omitempty"` + + // ResourceContainer: The organization, folder, or project of the + // monitored resource that produced this log entry. + ResourceContainer string `json:"resourceContainer,omitempty"` + + // Timestamp: The time the event described by the log entry occurred. + Timestamp string `json:"timestamp,omitempty"` + + // ForceSendFields is a list of field names (e.g. "InsertId") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "InsertId") to include in + // API requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2CloudLoggingEntry) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2CloudLoggingEntry + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2Compliance: Contains compliance +// information about a security standard indicating unmet +// recommendations. +type GoogleCloudSecuritycenterV2Compliance struct { + // Ids: Policies within the standard or benchmark, for example, A.12.4.1 + Ids []string `json:"ids,omitempty"` + + // Standard: Industry-wide compliance standards or benchmarks, such as + // CIS, PCI, and OWASP. + Standard string `json:"standard,omitempty"` + + // Version: Version of the standard or benchmark, for example, 1.1 + Version string `json:"version,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Ids") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Ids") to include in API + // requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2Compliance) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2Compliance + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2Connection: Contains information about the +// IP connection associated with the finding. +type GoogleCloudSecuritycenterV2Connection struct { + // DestinationIp: Destination IP address. Not present for sockets that + // are listening and not connected. + DestinationIp string `json:"destinationIp,omitempty"` + + // DestinationPort: Destination port. Not present for sockets that are + // listening and not connected. + DestinationPort int64 `json:"destinationPort,omitempty"` + + // Protocol: IANA Internet Protocol Number such as TCP(6) and UDP(17). + // + // Possible values: + // "PROTOCOL_UNSPECIFIED" - Unspecified protocol (not HOPOPT). + // "ICMP" - Internet Control Message Protocol. + // "TCP" - Transmission Control Protocol. + // "UDP" - User Datagram Protocol. + // "GRE" - Generic Routing Encapsulation. + // "ESP" - Encap Security Payload. + Protocol string `json:"protocol,omitempty"` + + // SourceIp: Source IP address. + SourceIp string `json:"sourceIp,omitempty"` + + // SourcePort: Source port. + SourcePort int64 `json:"sourcePort,omitempty"` + + // ForceSendFields is a list of field names (e.g. "DestinationIp") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "DestinationIp") to include + // in API requests with the JSON null value. By default, fields with + // empty values are omitted from API requests. However, any field with + // an empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2Connection) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2Connection + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2Contact: The email address of a contact. +type GoogleCloudSecuritycenterV2Contact struct { + // Email: An email address. For example, "person123@company.com". + Email string `json:"email,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Email") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Email") to include in API + // requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2Contact) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2Contact + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2ContactDetails: Details about specific +// contacts +type GoogleCloudSecuritycenterV2ContactDetails struct { + // Contacts: A list of contacts + Contacts []*GoogleCloudSecuritycenterV2Contact `json:"contacts,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Contacts") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Contacts") to include in + // API requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2ContactDetails) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2ContactDetails + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2Container: Container associated with the +// finding. +type GoogleCloudSecuritycenterV2Container struct { + // CreateTime: The time that the container was created. + CreateTime string `json:"createTime,omitempty"` + + // ImageId: Optional container image ID, if provided by the container + // runtime. Uniquely identifies the container image launched using a + // container image digest. + ImageId string `json:"imageId,omitempty"` + + // Labels: Container labels, as provided by the container runtime. + Labels []*GoogleCloudSecuritycenterV2Label `json:"labels,omitempty"` + + // Name: Name of the container. + Name string `json:"name,omitempty"` + + // Uri: Container image URI provided when configuring a pod or + // container. This string can identify a container image version using + // mutable tags. + Uri string `json:"uri,omitempty"` + + // ForceSendFields is a list of field names (e.g. "CreateTime") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "CreateTime") to include in + // API requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2Container) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2Container + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2Cve: CVE stands for Common Vulnerabilities +// and Exposures. More information: https://cve.mitre.org +type GoogleCloudSecuritycenterV2Cve struct { + // Cvssv3: Describe Common Vulnerability Scoring System specified at + // https://www.first.org/cvss/v3.1/specification-document + Cvssv3 *GoogleCloudSecuritycenterV2Cvssv3 `json:"cvssv3,omitempty"` + + // Id: The unique identifier for the vulnerability. e.g. CVE-2021-34527 + Id string `json:"id,omitempty"` + + // References: Additional information about the CVE. e.g. + // https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34527 + References []*GoogleCloudSecuritycenterV2Reference `json:"references,omitempty"` + + // UpstreamFixAvailable: Whether upstream fix is available for the CVE. + UpstreamFixAvailable bool `json:"upstreamFixAvailable,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Cvssv3") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Cvssv3") to include in API + // requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2Cve) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2Cve + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2Cvssv3: Common Vulnerability Scoring +// System version 3. +type GoogleCloudSecuritycenterV2Cvssv3 struct { + // AttackComplexity: This metric describes the conditions beyond the + // attacker's control that must exist in order to exploit the + // vulnerability. + // + // Possible values: + // "ATTACK_COMPLEXITY_UNSPECIFIED" - Invalid value. + // "ATTACK_COMPLEXITY_LOW" - Specialized access conditions or + // extenuating circumstances do not exist. An attacker can expect + // repeatable success when attacking the vulnerable component. + // "ATTACK_COMPLEXITY_HIGH" - A successful attack depends on + // conditions beyond the attacker's control. That is, a successful + // attack cannot be accomplished at will, but requires the attacker to + // invest in some measurable amount of effort in preparation or + // execution against the vulnerable component before a successful attack + // can be expected. + AttackComplexity string `json:"attackComplexity,omitempty"` + + // AttackVector: Base Metrics Represents the intrinsic characteristics + // of a vulnerability that are constant over time and across user + // environments. This metric reflects the context by which vulnerability + // exploitation is possible. + // + // Possible values: + // "ATTACK_VECTOR_UNSPECIFIED" - Invalid value. + // "ATTACK_VECTOR_NETWORK" - The vulnerable component is bound to the + // network stack and the set of possible attackers extends beyond the + // other options listed below, up to and including the entire Internet. + // "ATTACK_VECTOR_ADJACENT" - The vulnerable component is bound to the + // network stack, but the attack is limited at the protocol level to a + // logically adjacent topology. + // "ATTACK_VECTOR_LOCAL" - The vulnerable component is not bound to + // the network stack and the attacker's path is via read/write/execute + // capabilities. + // "ATTACK_VECTOR_PHYSICAL" - The attack requires the attacker to + // physically touch or manipulate the vulnerable component. + AttackVector string `json:"attackVector,omitempty"` + + // AvailabilityImpact: This metric measures the impact to the + // availability of the impacted component resulting from a successfully + // exploited vulnerability. + // + // Possible values: + // "IMPACT_UNSPECIFIED" - Invalid value. + // "IMPACT_HIGH" - High impact. + // "IMPACT_LOW" - Low impact. + // "IMPACT_NONE" - No impact. + AvailabilityImpact string `json:"availabilityImpact,omitempty"` + + // BaseScore: The base score is a function of the base metric scores. + BaseScore float64 `json:"baseScore,omitempty"` + + // ConfidentialityImpact: This metric measures the impact to the + // confidentiality of the information resources managed by a software + // component due to a successfully exploited vulnerability. + // + // Possible values: + // "IMPACT_UNSPECIFIED" - Invalid value. + // "IMPACT_HIGH" - High impact. + // "IMPACT_LOW" - Low impact. + // "IMPACT_NONE" - No impact. + ConfidentialityImpact string `json:"confidentialityImpact,omitempty"` + + // IntegrityImpact: This metric measures the impact to integrity of a + // successfully exploited vulnerability. + // + // Possible values: + // "IMPACT_UNSPECIFIED" - Invalid value. + // "IMPACT_HIGH" - High impact. + // "IMPACT_LOW" - Low impact. + // "IMPACT_NONE" - No impact. + IntegrityImpact string `json:"integrityImpact,omitempty"` + + // PrivilegesRequired: This metric describes the level of privileges an + // attacker must possess before successfully exploiting the + // vulnerability. + // + // Possible values: + // "PRIVILEGES_REQUIRED_UNSPECIFIED" - Invalid value. + // "PRIVILEGES_REQUIRED_NONE" - The attacker is unauthorized prior to + // attack, and therefore does not require any access to settings or + // files of the vulnerable system to carry out an attack. + // "PRIVILEGES_REQUIRED_LOW" - The attacker requires privileges that + // provide basic user capabilities that could normally affect only + // settings and files owned by a user. Alternatively, an attacker with + // Low privileges has the ability to access only non-sensitive + // resources. + // "PRIVILEGES_REQUIRED_HIGH" - The attacker requires privileges that + // provide significant (e.g., administrative) control over the + // vulnerable component allowing access to component-wide settings and + // files. + PrivilegesRequired string `json:"privilegesRequired,omitempty"` + + // Scope: The Scope metric captures whether a vulnerability in one + // vulnerable component impacts resources in components beyond its + // security scope. + // + // Possible values: + // "SCOPE_UNSPECIFIED" - Invalid value. + // "SCOPE_UNCHANGED" - An exploited vulnerability can only affect + // resources managed by the same security authority. + // "SCOPE_CHANGED" - An exploited vulnerability can affect resources + // beyond the security scope managed by the security authority of the + // vulnerable component. + Scope string `json:"scope,omitempty"` + + // UserInteraction: This metric captures the requirement for a human + // user, other than the attacker, to participate in the successful + // compromise of the vulnerable component. + // + // Possible values: + // "USER_INTERACTION_UNSPECIFIED" - Invalid value. + // "USER_INTERACTION_NONE" - The vulnerable system can be exploited + // without interaction from any user. + // "USER_INTERACTION_REQUIRED" - Successful exploitation of this + // vulnerability requires a user to take some action before the + // vulnerability can be exploited. + UserInteraction string `json:"userInteraction,omitempty"` + + // ForceSendFields is a list of field names (e.g. "AttackComplexity") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "AttackComplexity") to + // include in API requests with the JSON null value. By default, fields + // with empty values are omitted from API requests. However, any field + // with an empty value appearing in NullFields will be sent to the + // server as null. It is an error if a field in this list has a + // non-empty value. This may be used to include null fields in Patch + // requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2Cvssv3) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2Cvssv3 + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +func (s *GoogleCloudSecuritycenterV2Cvssv3) UnmarshalJSON(data []byte) error { + type NoMethod GoogleCloudSecuritycenterV2Cvssv3 + var s1 struct { + BaseScore gensupport.JSONFloat64 `json:"baseScore"` + *NoMethod + } + s1.NoMethod = (*NoMethod)(s) + if err := json.Unmarshal(data, &s1); err != nil { + return err + } + s.BaseScore = float64(s1.BaseScore) + return nil +} + +// GoogleCloudSecuritycenterV2Database: Represents database access +// information, such as queries. A database may be a sub-resource of an +// instance (as in the case of Cloud SQL instances or Cloud Spanner +// instances), or the database instance itself. Some database resources +// might not have the full resource name +// (https://google.aip.dev/122#full-resource-names) populated because +// these resource types, such as Cloud SQL databases, are not yet +// supported by Cloud Asset Inventory. In these cases only the display +// name is provided. +type GoogleCloudSecuritycenterV2Database struct { + // DisplayName: The human-readable name of the database that the user + // connected to. + DisplayName string `json:"displayName,omitempty"` + + // Grantees: The target usernames, roles, or groups of an SQL privilege + // grant, which is not an IAM policy change. + Grantees []string `json:"grantees,omitempty"` + + // Name: Some database resources may not have the full resource name + // (https://google.aip.dev/122#full-resource-names) populated because + // these resource types are not yet supported by Cloud Asset Inventory + // (e.g. Cloud SQL databases). In these cases only the display name will + // be provided. The full resource name + // (https://google.aip.dev/122#full-resource-names) of the database that + // the user connected to, if it is supported by Cloud Asset Inventory. + Name string `json:"name,omitempty"` + + // Query: The SQL statement that is associated with the database access. + Query string `json:"query,omitempty"` + + // UserName: The username used to connect to the database. The username + // might not be an IAM principal and does not have a set format. + UserName string `json:"userName,omitempty"` + + // Version: The version of the database, for example, POSTGRES_14. See + // the complete list + // (https://cloud.google.com/sql/docs/mysql/admin-api/rest/v1/SqlDatabaseVersion). + Version string `json:"version,omitempty"` + + // ForceSendFields is a list of field names (e.g. "DisplayName") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "DisplayName") to include + // in API requests with the JSON null value. By default, fields with + // empty values are omitted from API requests. However, any field with + // an empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2Database) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2Database + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2Detection: Memory hash detection +// contributing to the binary family match. +type GoogleCloudSecuritycenterV2Detection struct { + // Binary: The name of the binary associated with the memory hash + // signature detection. + Binary string `json:"binary,omitempty"` + + // PercentPagesMatched: The percentage of memory page hashes in the + // signature that were matched. + PercentPagesMatched float64 `json:"percentPagesMatched,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Binary") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Binary") to include in API + // requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2Detection) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2Detection + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +func (s *GoogleCloudSecuritycenterV2Detection) UnmarshalJSON(data []byte) error { + type NoMethod GoogleCloudSecuritycenterV2Detection + var s1 struct { + PercentPagesMatched gensupport.JSONFloat64 `json:"percentPagesMatched"` + *NoMethod + } + s1.NoMethod = (*NoMethod)(s) + if err := json.Unmarshal(data, &s1); err != nil { + return err + } + s.PercentPagesMatched = float64(s1.PercentPagesMatched) + return nil +} + +// GoogleCloudSecuritycenterV2EnvironmentVariable: A name-value pair +// representing an environment variable used in an operating system +// process. +type GoogleCloudSecuritycenterV2EnvironmentVariable struct { + // Name: Environment variable name as a JSON encoded string. + Name string `json:"name,omitempty"` + + // Val: Environment variable value as a JSON encoded string. + Val string `json:"val,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Name") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Name") to include in API + // requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2EnvironmentVariable) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2EnvironmentVariable + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2ExfilResource: Resource where data was +// exfiltrated from or exfiltrated to. +type GoogleCloudSecuritycenterV2ExfilResource struct { + // Components: Subcomponents of the asset that was exfiltrated, like + // URIs used during exfiltration, table names, databases, and filenames. + // For example, multiple tables might have been exfiltrated from the + // same Cloud SQL instance, or multiple files might have been + // exfiltrated from the same Cloud Storage bucket. + Components []string `json:"components,omitempty"` + + // Name: The resource's full resource name + // (https://cloud.google.com/apis/design/resource_names#full_resource_name). + Name string `json:"name,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Components") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Components") to include in + // API requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2ExfilResource) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2ExfilResource + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2Exfiltration: Exfiltration represents a +// data exfiltration attempt from one or more sources to one or more +// targets. The `sources` attribute lists the sources of the exfiltrated +// data. The `targets` attribute lists the destinations the data was +// copied to. +type GoogleCloudSecuritycenterV2Exfiltration struct { + // Sources: If there are multiple sources, then the data is considered + // "joined" between them. For instance, BigQuery can join multiple + // tables, and each table would be considered a source. + Sources []*GoogleCloudSecuritycenterV2ExfilResource `json:"sources,omitempty"` + + // Targets: If there are multiple targets, each target would get a + // complete copy of the "joined" source data. + Targets []*GoogleCloudSecuritycenterV2ExfilResource `json:"targets,omitempty"` + + // TotalExfiltratedBytes: Total exfiltrated bytes processed for the + // entire job. + TotalExfiltratedBytes int64 `json:"totalExfiltratedBytes,omitempty,string"` + + // ForceSendFields is a list of field names (e.g. "Sources") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Sources") to include in + // API requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2Exfiltration) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2Exfiltration + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2ExternalSystem: Representation of third +// party SIEM/SOAR fields within SCC. +type GoogleCloudSecuritycenterV2ExternalSystem struct { + // Assignees: References primary/secondary etc assignees in the external + // system. + Assignees []string `json:"assignees,omitempty"` + + // ExternalSystemUpdateTime: The time when the case was last updated, as + // reported by the external system. + ExternalSystemUpdateTime string `json:"externalSystemUpdateTime,omitempty"` + + // ExternalUid: The identifier that's used to track the finding's + // corresponding case in the external system. + ExternalUid string `json:"externalUid,omitempty"` + + // Name: Full resource name of the external system. The following list + // shows some examples: + + // `organizations/1234/sources/5678/findings/123456/externalSystems/jira` + // + + // `organizations/1234/sources/5678/locations/us/findings/123456/external + // Systems/jira` + + // `folders/1234/sources/5678/findings/123456/externalSystems/jira` + + // `folders/1234/sources/5678/locations/us/findings/123456/externalSystem + // s/jira` + + // `projects/1234/sources/5678/findings/123456/externalSystems/jira` + + // `projects/1234/sources/5678/locations/us/findings/123456/externalSyste + // ms/jira` + Name string `json:"name,omitempty"` + + // Status: The most recent status of the finding's corresponding case, + // as reported by the external system. + Status string `json:"status,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Assignees") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Assignees") to include in + // API requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2ExternalSystem) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2ExternalSystem + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2File: File information about the related +// binary/library used by an executable, or the script used by a script +// interpreter +type GoogleCloudSecuritycenterV2File struct { + // Contents: Prefix of the file contents as a JSON-encoded string. + Contents string `json:"contents,omitempty"` + + // HashedSize: The length in bytes of the file prefix that was hashed. + // If hashed_size == size, any hashes reported represent the entire + // file. + HashedSize int64 `json:"hashedSize,omitempty,string"` + + // PartiallyHashed: True when the hash covers only a prefix of the file. + PartiallyHashed bool `json:"partiallyHashed,omitempty"` + + // Path: Absolute path of the file as a JSON encoded string. + Path string `json:"path,omitempty"` + + // Sha256: SHA256 hash of the first hashed_size bytes of the file + // encoded as a hex string. If hashed_size == size, sha256 represents + // the SHA256 hash of the entire file. + Sha256 string `json:"sha256,omitempty"` + + // Size: Size of the file in bytes. + Size int64 `json:"size,omitempty,string"` + + // ForceSendFields is a list of field names (e.g. "Contents") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Contents") to include in + // API requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2File) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2File + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2Finding: Security Command Center finding. +// A finding is a record of assessment data like security, risk, health, +// or privacy, that is ingested into Security Command Center for +// presentation, notification, analysis, policy testing, and +// enforcement. For example, a cross-site scripting (XSS) vulnerability +// in an App Engine application is a finding. +type GoogleCloudSecuritycenterV2Finding struct { + // Access: Access details associated with the finding, such as more + // information on the caller, which method was accessed, and from where. + Access *GoogleCloudSecuritycenterV2Access `json:"access,omitempty"` + + // Application: Represents an application associated with the finding. + Application *GoogleCloudSecuritycenterV2Application `json:"application,omitempty"` + + // AttackExposure: The results of an attack path simulation relevant to + // this finding. + AttackExposure *GoogleCloudSecuritycenterV2AttackExposure `json:"attackExposure,omitempty"` + + // BackupDisasterRecovery: Fields related to Backup and DR findings. + BackupDisasterRecovery *GoogleCloudSecuritycenterV2BackupDisasterRecovery `json:"backupDisasterRecovery,omitempty"` + + // CanonicalName: Output only. The canonical name of the finding. The + // following list shows some examples: + + // `organizations/{organization_id}/sources/{source_id}/findings/{finding + // _id}` + + // `organizations/{organization_id}/sources/{source_id}/locations/{locati + // on_id}/findings/{finding_id}` + + // `folders/{folder_id}/sources/{source_id}/findings/{finding_id}` + + // `folders/{folder_id}/sources/{source_id}/locations/{location_id}/findi + // ngs/{finding_id}` + + // `projects/{project_id}/sources/{source_id}/findings/{finding_id}` + + // `projects/{project_id}/sources/{source_id}/locations/{location_id}/fin + // dings/{finding_id}` The prefix is the closest CRM ancestor of the + // resource associated with the finding. + CanonicalName string `json:"canonicalName,omitempty"` + + // Category: Immutable. The additional taxonomy group within findings + // from a given source. Example: "XSS_FLASH_INJECTION" + Category string `json:"category,omitempty"` + + // CloudDlpDataProfile: Cloud DLP data profile that is associated with + // the finding. + CloudDlpDataProfile *GoogleCloudSecuritycenterV2CloudDlpDataProfile `json:"cloudDlpDataProfile,omitempty"` + + // CloudDlpInspection: Cloud Data Loss Prevention (Cloud DLP) inspection + // results that are associated with the finding. + CloudDlpInspection *GoogleCloudSecuritycenterV2CloudDlpInspection `json:"cloudDlpInspection,omitempty"` + + // Compliances: Contains compliance information for security standards + // associated to the finding. + Compliances []*GoogleCloudSecuritycenterV2Compliance `json:"compliances,omitempty"` + + // Connections: Contains information about the IP connection associated + // with the finding. + Connections []*GoogleCloudSecuritycenterV2Connection `json:"connections,omitempty"` + + // Contacts: Output only. Map containing the points of contact for the + // given finding. The key represents the type of contact, while the + // value contains a list of all the contacts that pertain. Please refer + // to: + // https://cloud.google.com/resource-manager/docs/managing-notification-contacts#notification-categories + // { "security": { "contacts": [ { "email": "person1@company.com" }, { + // "email": "person2@company.com" } ] } } + Contacts map[string]GoogleCloudSecuritycenterV2ContactDetails `json:"contacts,omitempty"` + + // Containers: Containers associated with the finding. This field + // provides information for both Kubernetes and non-Kubernetes + // containers. + Containers []*GoogleCloudSecuritycenterV2Container `json:"containers,omitempty"` + + // CreateTime: Output only. The time at which the finding was created in + // Security Command Center. + CreateTime string `json:"createTime,omitempty"` + + // Database: Database associated with the finding. + Database *GoogleCloudSecuritycenterV2Database `json:"database,omitempty"` + + // Description: Contains more details about the finding. + Description string `json:"description,omitempty"` + + // EventTime: The time the finding was first detected. If an existing + // finding is updated, then this is the time the update occurred. For + // example, if the finding represents an open firewall, this property + // captures the time the detector believes the firewall became open. The + // accuracy is determined by the detector. If the finding is later + // resolved, then this time reflects when the finding was resolved. This + // must not be set to a value greater than the current timestamp. + EventTime string `json:"eventTime,omitempty"` + + // Exfiltration: Represents exfiltrations associated with the finding. + Exfiltration *GoogleCloudSecuritycenterV2Exfiltration `json:"exfiltration,omitempty"` + + // ExternalSystems: Output only. Third party SIEM/SOAR fields within + // SCC, contains external system information and external system finding + // fields. + ExternalSystems map[string]GoogleCloudSecuritycenterV2ExternalSystem `json:"externalSystems,omitempty"` + + // ExternalUri: The URI that, if available, points to a web page outside + // of Security Command Center where additional information about the + // finding can be found. This field is guaranteed to be either empty or + // a well formed URL. + ExternalUri string `json:"externalUri,omitempty"` + + // Files: File associated with the finding. + Files []*GoogleCloudSecuritycenterV2File `json:"files,omitempty"` + + // FindingClass: The class of the finding. + // + // Possible values: + // "FINDING_CLASS_UNSPECIFIED" - Unspecified finding class. + // "THREAT" - Describes unwanted or malicious activity. + // "VULNERABILITY" - Describes a potential weakness in software that + // increases risk to Confidentiality & Integrity & Availability. + // "MISCONFIGURATION" - Describes a potential weakness in cloud + // resource/asset configuration that increases risk. + // "OBSERVATION" - Describes a security observation that is for + // informational purposes. + // "SCC_ERROR" - Describes an error that prevents some SCC + // functionality. + // "POSTURE_VIOLATION" - Describes a potential security risk due to a + // change in the security posture. + FindingClass string `json:"findingClass,omitempty"` + + // IamBindings: Represents IAM bindings associated with the finding. + IamBindings []*GoogleCloudSecuritycenterV2IamBinding `json:"iamBindings,omitempty"` + + // Indicator: Represents what's commonly known as an *indicator of + // compromise* (IoC) in computer forensics. This is an artifact observed + // on a network or in an operating system that, with high confidence, + // indicates a computer intrusion. For more information, see Indicator + // of compromise + // (https://en.wikipedia.org/wiki/Indicator_of_compromise). + Indicator *GoogleCloudSecuritycenterV2Indicator `json:"indicator,omitempty"` + + // KernelRootkit: Signature of the kernel rootkit. + KernelRootkit *GoogleCloudSecuritycenterV2KernelRootkit `json:"kernelRootkit,omitempty"` + + // Kubernetes: Kubernetes resources associated with the finding. + Kubernetes *GoogleCloudSecuritycenterV2Kubernetes `json:"kubernetes,omitempty"` + + // LoadBalancers: The load balancers associated with the finding. + LoadBalancers []*GoogleCloudSecuritycenterV2LoadBalancer `json:"loadBalancers,omitempty"` + + // LogEntries: Log entries that are relevant to the finding. + LogEntries []*GoogleCloudSecuritycenterV2LogEntry `json:"logEntries,omitempty"` + + // MitreAttack: MITRE ATT&CK tactics and techniques related to this + // finding. See: https://attack.mitre.org + MitreAttack *GoogleCloudSecuritycenterV2MitreAttack `json:"mitreAttack,omitempty"` + + // ModuleName: Unique identifier of the module which generated the + // finding. Example: + // folders/598186756061/securityHealthAnalyticsSettings/customModules/567 + // 99441161885 + ModuleName string `json:"moduleName,omitempty"` + + // Mute: Indicates the mute state of a finding (either muted, unmuted or + // undefined). Unlike other attributes of a finding, a finding provider + // shouldn't set the value of mute. + // + // Possible values: + // "MUTE_UNSPECIFIED" - Unspecified. + // "MUTED" - Finding has been muted. + // "UNMUTED" - Finding has been unmuted. + // "UNDEFINED" - Finding has never been muted/unmuted. + Mute string `json:"mute,omitempty"` + + // MuteInitiator: Records additional information about the mute + // operation, for example, the mute configuration + // (https://cloud.google.com/security-command-center/docs/how-to-mute-findings) + // that muted the finding and the user who muted the finding. + MuteInitiator string `json:"muteInitiator,omitempty"` + + // MuteUpdateTime: Output only. The most recent time this finding was + // muted or unmuted. + MuteUpdateTime string `json:"muteUpdateTime,omitempty"` + + // Name: The relative resource name + // (https://cloud.google.com/apis/design/resource_names#relative_resource_name) + // of the finding. The following list shows some examples: + + // `organizations/{organization_id}/sources/{source_id}/findings/{finding + // _id}` + + // `organizations/{organization_id}/sources/{source_id}/locations/{locati + // on_id}/findings/{finding_id}` + + // `folders/{folder_id}/sources/{source_id}/findings/{finding_id}` + + // `folders/{folder_id}/sources/{source_id}/locations/{location_id}/findi + // ngs/{finding_id}` + + // `projects/{project_id}/sources/{source_id}/findings/{finding_id}` + + // `projects/{project_id}/sources/{source_id}/locations/{location_id}/fin + // dings/{finding_id}` + Name string `json:"name,omitempty"` + + // NextSteps: Steps to address the finding. + NextSteps string `json:"nextSteps,omitempty"` + + // OrgPolicies: Contains information about the org policies associated + // with the finding. + OrgPolicies []*GoogleCloudSecuritycenterV2OrgPolicy `json:"orgPolicies,omitempty"` + + // Parent: The relative resource name of the source and location the + // finding belongs to. See: + // https://cloud.google.com/apis/design/resource_names#relative_resource_name + // This field is immutable after creation time. The following list shows + // some examples: + + // `organizations/{organization_id}/sources/{source_id}` + + // `folders/{folders_id}/sources/{source_id}` + + // `projects/{projects_id}/sources/{source_id}` + + // `organizations/{organization_id}/sources/{source_id}/locations/{locati + // on_id}` + + // `folders/{folders_id}/sources/{source_id}/locations/{location_id}` + + // `projects/{projects_id}/sources/{source_id}/locations/{location_id}` + Parent string `json:"parent,omitempty"` + + // ParentDisplayName: Output only. The human readable display name of + // the finding source such as "Event Threat Detection" or "Security + // Health Analytics". + ParentDisplayName string `json:"parentDisplayName,omitempty"` + + // Processes: Represents operating system processes associated with the + // Finding. + Processes []*GoogleCloudSecuritycenterV2Process `json:"processes,omitempty"` + + // ResourceName: Immutable. For findings on Google Cloud resources, the + // full resource name of the Google Cloud resource this finding is for. + // See: + // https://cloud.google.com/apis/design/resource_names#full_resource_name + // When the finding is for a non-Google Cloud resource, the resourceName + // can be a customer or partner defined string. + ResourceName string `json:"resourceName,omitempty"` + + // SecurityMarks: Output only. User specified security marks. These + // marks are entirely managed by the user and come from the + // SecurityMarks resource that belongs to the finding. + SecurityMarks *GoogleCloudSecuritycenterV2SecurityMarks `json:"securityMarks,omitempty"` + + // SecurityPosture: The security posture associated with the finding. + SecurityPosture *GoogleCloudSecuritycenterV2SecurityPosture `json:"securityPosture,omitempty"` + + // Severity: The severity of the finding. This field is managed by the + // source that writes the finding. + // + // Possible values: + // "SEVERITY_UNSPECIFIED" - This value is used for findings when a + // source doesn't write a severity value. + // "CRITICAL" - Vulnerability: A critical vulnerability is easily + // discoverable by an external actor, exploitable, and results in the + // direct ability to execute arbitrary code, exfiltrate data, and + // otherwise gain additional access and privileges to cloud resources + // and workloads. Examples include publicly accessible unprotected user + // data and public SSH access with weak or no passwords. Threat: + // Indicates a threat that is able to access, modify, or delete data or + // execute unauthorized code within existing resources. + // "HIGH" - Vulnerability: A high risk vulnerability can be easily + // discovered and exploited in combination with other vulnerabilities in + // order to gain direct access and the ability to execute arbitrary + // code, exfiltrate data, and otherwise gain additional access and + // privileges to cloud resources and workloads. An example is a database + // with weak or no passwords that is only accessible internally. This + // database could easily be compromised by an actor that had access to + // the internal network. Threat: Indicates a threat that is able to + // create new computational resources in an environment but not able to + // access data or execute code in existing resources. + // "MEDIUM" - Vulnerability: A medium risk vulnerability could be used + // by an actor to gain access to resources or privileges that enable + // them to eventually (through multiple steps or a complex exploit) gain + // access and the ability to execute arbitrary code or exfiltrate data. + // An example is a service account with access to more projects than it + // should have. If an actor gains access to the service account, they + // could potentially use that access to manipulate a project the service + // account was not intended to. Threat: Indicates a threat that is able + // to cause operational impact but may not access data or execute + // unauthorized code. + // "LOW" - Vulnerability: A low risk vulnerability hampers a security + // organization's ability to detect vulnerabilities or active threats in + // their deployment, or prevents the root cause investigation of + // security issues. An example is monitoring and logs being disabled for + // resource configurations and access. Threat: Indicates a threat that + // has obtained minimal access to an environment but is not able to + // access data, execute code, or create resources. + Severity string `json:"severity,omitempty"` + + // SourceProperties: Source specific properties. These properties are + // managed by the source that writes the finding. The key names in the + // source_properties map must be between 1 and 255 characters, and must + // start with a letter and contain alphanumeric characters or + // underscores only. + SourceProperties googleapi.RawMessage `json:"sourceProperties,omitempty"` + + // State: Output only. The state of the finding. + // + // Possible values: + // "STATE_UNSPECIFIED" - Unspecified state. + // "ACTIVE" - The finding requires attention and has not been + // addressed yet. + // "INACTIVE" - The finding has been fixed, triaged as a non-issue or + // otherwise addressed and is no longer active. + State string `json:"state,omitempty"` + + // Vulnerability: Represents vulnerability-specific fields like CVE and + // CVSS scores. CVE stands for Common Vulnerabilities and Exposures + // (https://cve.mitre.org/about/) + Vulnerability *GoogleCloudSecuritycenterV2Vulnerability `json:"vulnerability,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Access") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Access") to include in API + // requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2Finding) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2Finding + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2Geolocation: Represents a geographical +// location for a given access. +type GoogleCloudSecuritycenterV2Geolocation struct { + // RegionCode: A CLDR. + RegionCode string `json:"regionCode,omitempty"` + + // ForceSendFields is a list of field names (e.g. "RegionCode") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "RegionCode") to include in + // API requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2Geolocation) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2Geolocation + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2IamBinding: Represents a particular IAM +// binding, which captures a member's role addition, removal, or state. +type GoogleCloudSecuritycenterV2IamBinding struct { + // Action: The action that was performed on a Binding. + // + // Possible values: + // "ACTION_UNSPECIFIED" - Unspecified. + // "ADD" - Addition of a Binding. + // "REMOVE" - Removal of a Binding. + Action string `json:"action,omitempty"` + + // Member: A single identity requesting access for a Cloud Platform + // resource, for example, "foo@google.com". + Member string `json:"member,omitempty"` + + // Role: Role that is assigned to "members". For example, + // "roles/viewer", "roles/editor", or "roles/owner". + Role string `json:"role,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Action") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Action") to include in API + // requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2IamBinding) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2IamBinding + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2Indicator: Represents what's commonly +// known as an _indicator of compromise_ (IoC) in computer forensics. +// This is an artifact observed on a network or in an operating system +// that, with high confidence, indicates a computer intrusion. For more +// information, see Indicator of compromise +// (https://en.wikipedia.org/wiki/Indicator_of_compromise). +type GoogleCloudSecuritycenterV2Indicator struct { + // Domains: List of domains associated to the Finding. + Domains []string `json:"domains,omitempty"` + + // IpAddresses: The list of IP addresses that are associated with the + // finding. + IpAddresses []string `json:"ipAddresses,omitempty"` + + // Signatures: The list of matched signatures indicating that the given + // process is present in the environment. + Signatures []*GoogleCloudSecuritycenterV2ProcessSignature `json:"signatures,omitempty"` + + // Uris: The list of URIs associated to the Findings. + Uris []string `json:"uris,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Domains") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Domains") to include in + // API requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2Indicator) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2Indicator + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2KernelRootkit: Kernel mode rootkit +// signatures. +type GoogleCloudSecuritycenterV2KernelRootkit struct { + // Name: Rootkit name, when available. + Name string `json:"name,omitempty"` + + // UnexpectedCodeModification: True if unexpected modifications of + // kernel code memory are present. + UnexpectedCodeModification bool `json:"unexpectedCodeModification,omitempty"` + + // UnexpectedFtraceHandler: True if `ftrace` points are present with + // callbacks pointing to regions that are not in the expected kernel or + // module code range. + UnexpectedFtraceHandler bool `json:"unexpectedFtraceHandler,omitempty"` + + // UnexpectedInterruptHandler: True if interrupt handlers that are are + // not in the expected kernel or module code regions are present. + UnexpectedInterruptHandler bool `json:"unexpectedInterruptHandler,omitempty"` + + // UnexpectedKernelCodePages: True if kernel code pages that are not in + // the expected kernel or module code regions are present. + UnexpectedKernelCodePages bool `json:"unexpectedKernelCodePages,omitempty"` + + // UnexpectedKprobeHandler: True if `kprobe` points are present with + // callbacks pointing to regions that are not in the expected kernel or + // module code range. + UnexpectedKprobeHandler bool `json:"unexpectedKprobeHandler,omitempty"` + + // UnexpectedProcessesInRunqueue: True if unexpected processes in the + // scheduler run queue are present. Such processes are in the run queue, + // but not in the process task list. + UnexpectedProcessesInRunqueue bool `json:"unexpectedProcessesInRunqueue,omitempty"` + + // UnexpectedReadOnlyDataModification: True if unexpected modifications + // of kernel read-only data memory are present. + UnexpectedReadOnlyDataModification bool `json:"unexpectedReadOnlyDataModification,omitempty"` + + // UnexpectedSystemCallHandler: True if system call handlers that are + // are not in the expected kernel or module code regions are present. + UnexpectedSystemCallHandler bool `json:"unexpectedSystemCallHandler,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Name") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Name") to include in API + // requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2KernelRootkit) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2KernelRootkit + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2Kubernetes: Kubernetes-related attributes. +type GoogleCloudSecuritycenterV2Kubernetes struct { + // AccessReviews: Provides information on any Kubernetes access reviews + // (privilege checks) relevant to the finding. + AccessReviews []*GoogleCloudSecuritycenterV2AccessReview `json:"accessReviews,omitempty"` + + // Bindings: Provides Kubernetes role binding information for findings + // that involve RoleBindings or ClusterRoleBindings + // (https://cloud.google.com/kubernetes-engine/docs/how-to/role-based-access-control). + Bindings []*GoogleCloudSecuritycenterV2Binding `json:"bindings,omitempty"` + + // NodePools: GKE node pools + // (https://cloud.google.com/kubernetes-engine/docs/concepts/node-pools) + // associated with the finding. This field contains node pool + // information for each node, when it is available. + NodePools []*GoogleCloudSecuritycenterV2NodePool `json:"nodePools,omitempty"` + + // Nodes: Provides Kubernetes node + // (https://cloud.google.com/kubernetes-engine/docs/concepts/cluster-architecture#nodes) + // information. + Nodes []*GoogleCloudSecuritycenterV2Node `json:"nodes,omitempty"` + + // Objects: Kubernetes objects related to the finding. + Objects []*GoogleCloudSecuritycenterV2Object `json:"objects,omitempty"` + + // Pods: Kubernetes Pods + // (https://cloud.google.com/kubernetes-engine/docs/concepts/pod) + // associated with the finding. This field contains Pod records for each + // container that is owned by a Pod. + Pods []*GoogleCloudSecuritycenterV2Pod `json:"pods,omitempty"` + + // Roles: Provides Kubernetes role information for findings that involve + // Roles or ClusterRoles + // (https://cloud.google.com/kubernetes-engine/docs/how-to/role-based-access-control). + Roles []*GoogleCloudSecuritycenterV2Role `json:"roles,omitempty"` + + // ForceSendFields is a list of field names (e.g. "AccessReviews") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "AccessReviews") to include + // in API requests with the JSON null value. By default, fields with + // empty values are omitted from API requests. However, any field with + // an empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2Kubernetes) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2Kubernetes + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2Label: Represents a generic name-value +// label. A label has separate name and value fields to support +// filtering with the `contains()` function. For more information, see +// Filtering on array-type fields +// (https://cloud.google.com/security-command-center/docs/how-to-api-list-findings#array-contains-filtering). +type GoogleCloudSecuritycenterV2Label struct { + // Name: Name of the label. + Name string `json:"name,omitempty"` + + // Value: Value that corresponds to the label's name. + Value string `json:"value,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Name") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Name") to include in API + // requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2Label) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2Label + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2LoadBalancer: Contains information related +// to the load balancer associated with the finding. +type GoogleCloudSecuritycenterV2LoadBalancer struct { + // Name: The name of the load balancer associated with the finding. + Name string `json:"name,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Name") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Name") to include in API + // requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2LoadBalancer) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2LoadBalancer + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2LogEntry: An individual entry in a log. +type GoogleCloudSecuritycenterV2LogEntry struct { + // CloudLoggingEntry: An individual entry in a log stored in Cloud + // Logging. + CloudLoggingEntry *GoogleCloudSecuritycenterV2CloudLoggingEntry `json:"cloudLoggingEntry,omitempty"` + + // ForceSendFields is a list of field names (e.g. "CloudLoggingEntry") + // to unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "CloudLoggingEntry") to + // include in API requests with the JSON null value. By default, fields + // with empty values are omitted from API requests. However, any field + // with an empty value appearing in NullFields will be sent to the + // server as null. It is an error if a field in this list has a + // non-empty value. This may be used to include null fields in Patch + // requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2LogEntry) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2LogEntry + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2MemoryHashSignature: A signature +// corresponding to memory page hashes. +type GoogleCloudSecuritycenterV2MemoryHashSignature struct { + // BinaryFamily: The binary family. + BinaryFamily string `json:"binaryFamily,omitempty"` + + // Detections: The list of memory hash detections contributing to the + // binary family match. + Detections []*GoogleCloudSecuritycenterV2Detection `json:"detections,omitempty"` + + // ForceSendFields is a list of field names (e.g. "BinaryFamily") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "BinaryFamily") to include + // in API requests with the JSON null value. By default, fields with + // empty values are omitted from API requests. However, any field with + // an empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2MemoryHashSignature) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2MemoryHashSignature + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2MitreAttack: MITRE ATT&CK tactics and +// techniques related to this finding. See: https://attack.mitre.org +type GoogleCloudSecuritycenterV2MitreAttack struct { + // AdditionalTactics: Additional MITRE ATT&CK tactics related to this + // finding, if any. + // + // Possible values: + // "TACTIC_UNSPECIFIED" - Unspecified value. + // "RECONNAISSANCE" - TA0043 + // "RESOURCE_DEVELOPMENT" - TA0042 + // "INITIAL_ACCESS" - TA0001 + // "EXECUTION" - TA0002 + // "PERSISTENCE" - TA0003 + // "PRIVILEGE_ESCALATION" - TA0004 + // "DEFENSE_EVASION" - TA0005 + // "CREDENTIAL_ACCESS" - TA0006 + // "DISCOVERY" - TA0007 + // "LATERAL_MOVEMENT" - TA0008 + // "COLLECTION" - TA0009 + // "COMMAND_AND_CONTROL" - TA0011 + // "EXFILTRATION" - TA0010 + // "IMPACT" - TA0040 + AdditionalTactics []string `json:"additionalTactics,omitempty"` + + // AdditionalTechniques: Additional MITRE ATT&CK techniques related to + // this finding, if any, along with any of their respective parent + // techniques. + // + // Possible values: + // "TECHNIQUE_UNSPECIFIED" - Unspecified value. + // "ACTIVE_SCANNING" - T1595 + // "SCANNING_IP_BLOCKS" - T1595.001 + // "INGRESS_TOOL_TRANSFER" - T1105 + // "NATIVE_API" - T1106 + // "SHARED_MODULES" - T1129 + // "COMMAND_AND_SCRIPTING_INTERPRETER" - T1059 + // "UNIX_SHELL" - T1059.004 + // "RESOURCE_HIJACKING" - T1496 + // "PROXY" - T1090 + // "EXTERNAL_PROXY" - T1090.002 + // "MULTI_HOP_PROXY" - T1090.003 + // "DYNAMIC_RESOLUTION" - T1568 + // "UNSECURED_CREDENTIALS" - T1552 + // "VALID_ACCOUNTS" - T1078 + // "LOCAL_ACCOUNTS" - T1078.003 + // "CLOUD_ACCOUNTS" - T1078.004 + // "NETWORK_DENIAL_OF_SERVICE" - T1498 + // "PERMISSION_GROUPS_DISCOVERY" - T1069 + // "CLOUD_GROUPS" - T1069.003 + // "EXFILTRATION_OVER_WEB_SERVICE" - T1567 + // "EXFILTRATION_TO_CLOUD_STORAGE" - T1567.002 + // "ACCOUNT_MANIPULATION" - T1098 + // "SSH_AUTHORIZED_KEYS" - T1098.004 + // "CREATE_OR_MODIFY_SYSTEM_PROCESS" - T1543 + // "STEAL_WEB_SESSION_COOKIE" - T1539 + // "MODIFY_CLOUD_COMPUTE_INFRASTRUCTURE" - T1578 + // "EXPLOIT_PUBLIC_FACING_APPLICATION" - T1190 + // "MODIFY_AUTHENTICATION_PROCESS" - T1556 + // "DATA_DESTRUCTION" - T1485 + // "DOMAIN_POLICY_MODIFICATION" - T1484 + // "IMPAIR_DEFENSES" - T1562 + // "NETWORK_SERVICE_DISCOVERY" - T1046 + // "ACCESS_TOKEN_MANIPULATION" - T1134 + // "ABUSE_ELEVATION_CONTROL_MECHANISM" - T1548 + // "DEFAULT_ACCOUNTS" - T1078.001 + // "INHIBIT_SYSTEM_RECOVERY" - T1490 + AdditionalTechniques []string `json:"additionalTechniques,omitempty"` + + // PrimaryTactic: The MITRE ATT&CK tactic most closely represented by + // this finding, if any. + // + // Possible values: + // "TACTIC_UNSPECIFIED" - Unspecified value. + // "RECONNAISSANCE" - TA0043 + // "RESOURCE_DEVELOPMENT" - TA0042 + // "INITIAL_ACCESS" - TA0001 + // "EXECUTION" - TA0002 + // "PERSISTENCE" - TA0003 + // "PRIVILEGE_ESCALATION" - TA0004 + // "DEFENSE_EVASION" - TA0005 + // "CREDENTIAL_ACCESS" - TA0006 + // "DISCOVERY" - TA0007 + // "LATERAL_MOVEMENT" - TA0008 + // "COLLECTION" - TA0009 + // "COMMAND_AND_CONTROL" - TA0011 + // "EXFILTRATION" - TA0010 + // "IMPACT" - TA0040 + PrimaryTactic string `json:"primaryTactic,omitempty"` + + // PrimaryTechniques: The MITRE ATT&CK technique most closely + // represented by this finding, if any. primary_techniques is a repeated + // field because there are multiple levels of MITRE ATT&CK techniques. + // If the technique most closely represented by this finding is a + // sub-technique (e.g. `SCANNING_IP_BLOCKS`), both the sub-technique and + // its parent technique(s) will be listed (e.g. `SCANNING_IP_BLOCKS`, + // `ACTIVE_SCANNING`). + // + // Possible values: + // "TECHNIQUE_UNSPECIFIED" - Unspecified value. + // "ACTIVE_SCANNING" - T1595 + // "SCANNING_IP_BLOCKS" - T1595.001 + // "INGRESS_TOOL_TRANSFER" - T1105 + // "NATIVE_API" - T1106 + // "SHARED_MODULES" - T1129 + // "COMMAND_AND_SCRIPTING_INTERPRETER" - T1059 + // "UNIX_SHELL" - T1059.004 + // "RESOURCE_HIJACKING" - T1496 + // "PROXY" - T1090 + // "EXTERNAL_PROXY" - T1090.002 + // "MULTI_HOP_PROXY" - T1090.003 + // "DYNAMIC_RESOLUTION" - T1568 + // "UNSECURED_CREDENTIALS" - T1552 + // "VALID_ACCOUNTS" - T1078 + // "LOCAL_ACCOUNTS" - T1078.003 + // "CLOUD_ACCOUNTS" - T1078.004 + // "NETWORK_DENIAL_OF_SERVICE" - T1498 + // "PERMISSION_GROUPS_DISCOVERY" - T1069 + // "CLOUD_GROUPS" - T1069.003 + // "EXFILTRATION_OVER_WEB_SERVICE" - T1567 + // "EXFILTRATION_TO_CLOUD_STORAGE" - T1567.002 + // "ACCOUNT_MANIPULATION" - T1098 + // "SSH_AUTHORIZED_KEYS" - T1098.004 + // "CREATE_OR_MODIFY_SYSTEM_PROCESS" - T1543 + // "STEAL_WEB_SESSION_COOKIE" - T1539 + // "MODIFY_CLOUD_COMPUTE_INFRASTRUCTURE" - T1578 + // "EXPLOIT_PUBLIC_FACING_APPLICATION" - T1190 + // "MODIFY_AUTHENTICATION_PROCESS" - T1556 + // "DATA_DESTRUCTION" - T1485 + // "DOMAIN_POLICY_MODIFICATION" - T1484 + // "IMPAIR_DEFENSES" - T1562 + // "NETWORK_SERVICE_DISCOVERY" - T1046 + // "ACCESS_TOKEN_MANIPULATION" - T1134 + // "ABUSE_ELEVATION_CONTROL_MECHANISM" - T1548 + // "DEFAULT_ACCOUNTS" - T1078.001 + // "INHIBIT_SYSTEM_RECOVERY" - T1490 + PrimaryTechniques []string `json:"primaryTechniques,omitempty"` + + // Version: The MITRE ATT&CK version referenced by the above fields. + // E.g. "8". + Version string `json:"version,omitempty"` + + // ForceSendFields is a list of field names (e.g. "AdditionalTactics") + // to unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "AdditionalTactics") to + // include in API requests with the JSON null value. By default, fields + // with empty values are omitted from API requests. However, any field + // with an empty value appearing in NullFields will be sent to the + // server as null. It is an error if a field in this list has a + // non-empty value. This may be used to include null fields in Patch + // requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2MitreAttack) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2MitreAttack + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2MuteConfig: A mute config is a Cloud SCC +// resource that contains the configuration to mute create/update events +// of findings. +type GoogleCloudSecuritycenterV2MuteConfig struct { + // CreateTime: Output only. The time at which the mute config was + // created. This field is set by the server and will be ignored if + // provided on config creation. + CreateTime string `json:"createTime,omitempty"` + + // Description: A description of the mute config. + Description string `json:"description,omitempty"` + + // Filter: Required. An expression that defines the filter to apply + // across create/update events of findings. While creating a filter + // string, be mindful of the scope in which the mute configuration is + // being created. E.g., If a filter contains project = X but is created + // under the project = Y scope, it might not match any findings. The + // following field and operator combinations are supported: * severity: + // `=`, `:` * category: `=`, `:` * resource.name: `=`, `:` * + // resource.project_name: `=`, `:` * resource.project_display_name: `=`, + // `:` * resource.folders.resource_folder: `=`, `:` * + // resource.parent_name: `=`, `:` * resource.parent_display_name: `=`, + // `:` * resource.type: `=`, `:` * finding_class: `=`, `:` * + // indicator.ip_addresses: `=`, `:` * indicator.domains: `=`, `:` + Filter string `json:"filter,omitempty"` + + // MostRecentEditor: Output only. Email address of the user who last + // edited the mute config. This field is set by the server and will be + // ignored if provided on config creation or update. + MostRecentEditor string `json:"mostRecentEditor,omitempty"` + + // Name: This field will be ignored if provided on config creation. The + // following list shows some examples of the format: + + // `organizations/{organization}/muteConfigs/{mute_config}` + + // `organizations/{organization}locations/{location}//muteConfigs/{mute_c + // onfig}` + `folders/{folder}/muteConfigs/{mute_config}` + + // `folders/{folder}/locations/{location}/muteConfigs/{mute_config}` + + // `projects/{project}/muteConfigs/{mute_config}` + + // `projects/{project}/locations/{location}/muteConfigs/{mute_config}` + Name string `json:"name,omitempty"` + + // UpdateTime: Output only. The most recent time at which the mute + // config was updated. This field is set by the server and will be + // ignored if provided on config creation or update. + UpdateTime string `json:"updateTime,omitempty"` + + // ForceSendFields is a list of field names (e.g. "CreateTime") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "CreateTime") to include in + // API requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2MuteConfig) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2MuteConfig + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2Node: Kubernetes nodes associated with the +// finding. +type GoogleCloudSecuritycenterV2Node struct { + // Name: Full resource name + // (https://google.aip.dev/122#full-resource-names) of the Compute + // Engine VM running the cluster node. + Name string `json:"name,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Name") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Name") to include in API + // requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2Node) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2Node + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2NodePool: Provides GKE node pool +// information. +type GoogleCloudSecuritycenterV2NodePool struct { + // Name: Kubernetes node pool name. + Name string `json:"name,omitempty"` + + // Nodes: Nodes associated with the finding. + Nodes []*GoogleCloudSecuritycenterV2Node `json:"nodes,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Name") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Name") to include in API + // requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2NodePool) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2NodePool + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2NotificationMessage: Cloud SCC's +// Notification +type GoogleCloudSecuritycenterV2NotificationMessage struct { + // Finding: If it's a Finding based notification config, this field will + // be populated. + Finding *GoogleCloudSecuritycenterV2Finding `json:"finding,omitempty"` + + // NotificationConfigName: Name of the notification config that + // generated current notification. + NotificationConfigName string `json:"notificationConfigName,omitempty"` + + // Resource: The Cloud resource tied to this notification's Finding. + Resource *GoogleCloudSecuritycenterV2Resource `json:"resource,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Finding") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Finding") to include in + // API requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2NotificationMessage) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2NotificationMessage + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2Object: Kubernetes object related to the +// finding, uniquely identified by GKNN. Used if the object Kind is not +// one of Pod, Node, NodePool, Binding, or AccessReview. +type GoogleCloudSecuritycenterV2Object struct { + // Containers: Pod containers associated with this finding, if any. + Containers []*GoogleCloudSecuritycenterV2Container `json:"containers,omitempty"` + + // Group: Kubernetes object group, such as "policy.k8s.io/v1". + Group string `json:"group,omitempty"` + + // Kind: Kubernetes object kind, such as "Namespace". + Kind string `json:"kind,omitempty"` + + // Name: Kubernetes object name. For details see + // https://kubernetes.io/docs/concepts/overview/working-with-objects/names/. + Name string `json:"name,omitempty"` + + // Ns: Kubernetes object namespace. Must be a valid DNS label. Named + // "ns" to avoid collision with C++ namespace keyword. For details see + // https://kubernetes.io/docs/tasks/administer-cluster/namespaces/. + Ns string `json:"ns,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Containers") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Containers") to include in + // API requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2Object) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2Object + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2OrgPolicy: Contains information about the +// org policies associated with the finding. +type GoogleCloudSecuritycenterV2OrgPolicy struct { + // Name: The resource name of the org policy. Example: + // "organizations/{organization_id}/policies/{constraint_name}" + Name string `json:"name,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Name") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Name") to include in API + // requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2OrgPolicy) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2OrgPolicy + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2Pod: A Kubernetes Pod. +type GoogleCloudSecuritycenterV2Pod struct { + // Containers: Pod containers associated with this finding, if any. + Containers []*GoogleCloudSecuritycenterV2Container `json:"containers,omitempty"` + + // Labels: Pod labels. For Kubernetes containers, these are applied to + // the container. + Labels []*GoogleCloudSecuritycenterV2Label `json:"labels,omitempty"` + + // Name: Kubernetes Pod name. + Name string `json:"name,omitempty"` + + // Ns: Kubernetes Pod namespace. + Ns string `json:"ns,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Containers") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Containers") to include in + // API requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2Pod) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2Pod + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2Process: Represents an operating system +// process. +type GoogleCloudSecuritycenterV2Process struct { + // Args: Process arguments as JSON encoded strings. + Args []string `json:"args,omitempty"` + + // ArgumentsTruncated: True if `args` is incomplete. + ArgumentsTruncated bool `json:"argumentsTruncated,omitempty"` + + // Binary: File information for the process executable. + Binary *GoogleCloudSecuritycenterV2File `json:"binary,omitempty"` + + // EnvVariables: Process environment variables. + EnvVariables []*GoogleCloudSecuritycenterV2EnvironmentVariable `json:"envVariables,omitempty"` + + // EnvVariablesTruncated: True if `env_variables` is incomplete. + EnvVariablesTruncated bool `json:"envVariablesTruncated,omitempty"` + + // Libraries: File information for libraries loaded by the process. + Libraries []*GoogleCloudSecuritycenterV2File `json:"libraries,omitempty"` + + // Name: The process name, as displayed in utilities like `top` and + // `ps`. This name can be accessed through `/proc/[pid]/comm` and + // changed with `prctl(PR_SET_NAME)`. + Name string `json:"name,omitempty"` + + // ParentPid: The parent process ID. + ParentPid int64 `json:"parentPid,omitempty,string"` + + // Pid: The process ID. + Pid int64 `json:"pid,omitempty,string"` + + // Script: When the process represents the invocation of a script, + // `binary` provides information about the interpreter, while `script` + // provides information about the script file provided to the + // interpreter. + Script *GoogleCloudSecuritycenterV2File `json:"script,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Args") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Args") to include in API + // requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2Process) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2Process + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2ProcessSignature: Indicates what signature +// matched this process. +type GoogleCloudSecuritycenterV2ProcessSignature struct { + // MemoryHashSignature: Signature indicating that a binary family was + // matched. + MemoryHashSignature *GoogleCloudSecuritycenterV2MemoryHashSignature `json:"memoryHashSignature,omitempty"` + + // YaraRuleSignature: Signature indicating that a YARA rule was matched. + YaraRuleSignature *GoogleCloudSecuritycenterV2YaraRuleSignature `json:"yaraRuleSignature,omitempty"` + + // ForceSendFields is a list of field names (e.g. "MemoryHashSignature") + // to unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "MemoryHashSignature") to + // include in API requests with the JSON null value. By default, fields + // with empty values are omitted from API requests. However, any field + // with an empty value appearing in NullFields will be sent to the + // server as null. It is an error if a field in this list has a + // non-empty value. This may be used to include null fields in Patch + // requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2ProcessSignature) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2ProcessSignature + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2Reference: Additional Links +type GoogleCloudSecuritycenterV2Reference struct { + // Source: Source of the reference e.g. NVD + Source string `json:"source,omitempty"` + + // Uri: Uri for the mentioned source e.g. + // https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34527. + Uri string `json:"uri,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Source") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Source") to include in API + // requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2Reference) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2Reference + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2Resource: Information related to the +// Google Cloud resource. +type GoogleCloudSecuritycenterV2Resource struct { + // DisplayName: The human readable name of the resource. + DisplayName string `json:"displayName,omitempty"` + + // Name: The full resource name of the resource. See: + // https://cloud.google.com/apis/design/resource_names#full_resource_name + Name string `json:"name,omitempty"` + + // Type: The full resource type of the resource. + Type string `json:"type,omitempty"` + + // ForceSendFields is a list of field names (e.g. "DisplayName") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "DisplayName") to include + // in API requests with the JSON null value. By default, fields with + // empty values are omitted from API requests. However, any field with + // an empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2Resource) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2Resource + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2ResourceValueConfig: A resource value +// config (RVC) is a mapping configuration of user's resources to +// resource values. Used in Attack path simulations. +type GoogleCloudSecuritycenterV2ResourceValueConfig struct { + // CreateTime: Output only. Timestamp this resource value config was + // created. + CreateTime string `json:"createTime,omitempty"` + + // Description: Description of the resource value config. + Description string `json:"description,omitempty"` + + // Name: Name for the resource value config + Name string `json:"name,omitempty"` + + // ResourceLabelsSelector: List of resource labels to search for, + // evaluated with AND. E.g. "resource_labels_selector": {"key": "value", + // "env": "prod"} will match resources with labels "key": "value" AND + // "env": "prod" + // https://cloud.google.com/resource-manager/docs/creating-managing-labels + ResourceLabelsSelector map[string]string `json:"resourceLabelsSelector,omitempty"` + + // ResourceType: Apply resource_value only to resources that match + // resource_type. resource_type will be checked with "AND" of other + // resources. E.g. "storage.googleapis.com/Bucket" with resource_value + // "HIGH" will apply "HIGH" value only to + // "storage.googleapis.com/Bucket" resources. + ResourceType string `json:"resourceType,omitempty"` + + // ResourceValue: Required. Resource value level this expression + // represents + // + // Possible values: + // "RESOURCE_VALUE_UNSPECIFIED" - Unspecific value + // "HIGH" - High resource value + // "MEDIUM" - Medium resource value + // "LOW" - Low resource value + // "NONE" - No resource value, e.g. ignore these resources + ResourceValue string `json:"resourceValue,omitempty"` + + // Scope: Project or folder to scope this config to. For example, + // "project/456" would apply this config only to resources in + // "project/456" scope will be checked with "AND" of other resources. + Scope string `json:"scope,omitempty"` + + // TagValues: Required. Tag values combined with AND to check against. + // Values in the form "tagValues/123" E.g. [ "tagValues/123", + // "tagValues/456", "tagValues/789" ] + // https://cloud.google.com/resource-manager/docs/tags/tags-creating-and-managing + TagValues []string `json:"tagValues,omitempty"` + + // UpdateTime: Output only. Timestamp this resource value config was + // last updated. + UpdateTime string `json:"updateTime,omitempty"` + + // ForceSendFields is a list of field names (e.g. "CreateTime") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "CreateTime") to include in + // API requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2ResourceValueConfig) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2ResourceValueConfig + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2Role: Kubernetes Role or ClusterRole. +type GoogleCloudSecuritycenterV2Role struct { + // Kind: Role type. + // + // Possible values: + // "KIND_UNSPECIFIED" - Role type is not specified. + // "ROLE" - Kubernetes Role. + // "CLUSTER_ROLE" - Kubernetes ClusterRole. + Kind string `json:"kind,omitempty"` + + // Name: Role name. + Name string `json:"name,omitempty"` + + // Ns: Role namespace. + Ns string `json:"ns,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Kind") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Kind") to include in API + // requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2Role) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2Role + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2SecurityMarks: User specified security +// marks that are attached to the parent Security Command Center +// resource. Security marks are scoped within a Security Command Center +// organization -- they can be modified and viewed by all users who have +// proper permissions on the organization. +type GoogleCloudSecuritycenterV2SecurityMarks struct { + // CanonicalName: The canonical name of the marks. The following list + // shows some examples: + + // `organizations/{organization_id}/assets/{asset_id}/securityMarks" + + // `organizations/{organization_id}/sources/{source_id}/findings/{finding + // _id}/securityMarks" + + // `organizations/{organization_id}/sources/{source_id}/locations/{locati + // on}/findings/{finding_id}/securityMarks" + + // `folders/{folder_id}/assets/{asset_id}/securityMarks" + + // `folders/{folder_id}/sources/{source_id}/findings/{finding_id}/securit + // yMarks" + + // `folders/{folder_id}/sources/{source_id}/locations/{location}/findings + // /{finding_id}/securityMarks" + + // `projects/{project_number}/assets/{asset_id}/securityMarks" + + // `projects/{project_number}/sources/{source_id}/findings/{finding_id}/s + // ecurityMarks" + + // `projects/{project_number}/sources/{source_id}/locations/{location}/fi + // ndings/{finding_id}/securityMarks" + CanonicalName string `json:"canonicalName,omitempty"` + + // Marks: Mutable user specified security marks belonging to the parent + // resource. Constraints are as follows: * Keys and values are treated + // as case insensitive * Keys must be between 1 - 256 characters + // (inclusive) * Keys must be letters, numbers, underscores, or dashes * + // Values have leading and trailing whitespace trimmed, remaining + // characters must be between 1 - 4096 characters (inclusive) + Marks map[string]string `json:"marks,omitempty"` + + // Name: The relative resource name of the SecurityMarks. See: + // https://cloud.google.com/apis/design/resource_names#relative_resource_name + // The following list shows some examples: + + // `organizations/{organization_id}/assets/{asset_id}/securityMarks` + + // `organizations/{organization_id}/sources/{source_id}/findings/{finding + // _id}/securityMarks` + + // `organizations/{organization_id}/sources/{source_id}/locations/{locati + // on}/findings/{finding_id}/securityMarks` + Name string `json:"name,omitempty"` + + // ForceSendFields is a list of field names (e.g. "CanonicalName") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "CanonicalName") to include + // in API requests with the JSON null value. By default, fields with + // empty values are omitted from API requests. However, any field with + // an empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2SecurityMarks) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2SecurityMarks + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2SecurityPosture: Represents a posture that +// is deployed on Google Cloud by the Security Command Center Posture +// Management service. A posture contains one or more policy sets. A +// policy set is a group of policies that enforce a set of security +// rules on Google Cloud. +type GoogleCloudSecuritycenterV2SecurityPosture struct { + // ChangedPolicy: The name of the policy that has been updated, for + // example, `projects/{project_id}/policies/{constraint_name}`. + ChangedPolicy string `json:"changedPolicy,omitempty"` + + // Name: Name of the posture, for example, + // `organizations/{org_id}/locations/{location}/postures/{posture_name}`. + Name string `json:"name,omitempty"` + + // PostureDeployment: The name of the posture deployment, for example, + // `projects/{project_id}/posturedeployments/{posture_deployment_id}`. + PostureDeployment string `json:"postureDeployment,omitempty"` + + // PostureDeploymentResource: The project, folder, or organization on + // which the posture is deployed, for example, `projects/{project_id}`. + PostureDeploymentResource string `json:"postureDeploymentResource,omitempty"` + + // RevisionId: The version of the posture, for example, `c7cfa2a8`. + RevisionId string `json:"revisionId,omitempty"` + + // ForceSendFields is a list of field names (e.g. "ChangedPolicy") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "ChangedPolicy") to include + // in API requests with the JSON null value. By default, fields with + // empty values are omitted from API requests. However, any field with + // an empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2SecurityPosture) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2SecurityPosture + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2ServiceAccountDelegationInfo: Identity +// delegation history of an authenticated service account. +type GoogleCloudSecuritycenterV2ServiceAccountDelegationInfo struct { + // PrincipalEmail: The email address of a Google account. + PrincipalEmail string `json:"principalEmail,omitempty"` + + // PrincipalSubject: A string representing the principal_subject + // associated with the identity. As compared to `principal_email`, + // supports principals that aren't associated with email addresses, such + // as third party principals. For most identities, the format will be + // `principal://iam.googleapis.com/{identity pool + // name}/subjects/{subject}` except for some GKE identities + // (GKE_WORKLOAD, FREEFORM, GKE_HUB_WORKLOAD) that are still in the + // legacy format `serviceAccount:{identity pool name}[{subject}]` + PrincipalSubject string `json:"principalSubject,omitempty"` + + // ForceSendFields is a list of field names (e.g. "PrincipalEmail") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "PrincipalEmail") to + // include in API requests with the JSON null value. By default, fields + // with empty values are omitted from API requests. However, any field + // with an empty value appearing in NullFields will be sent to the + // server as null. It is an error if a field in this list has a + // non-empty value. This may be used to include null fields in Patch + // requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2ServiceAccountDelegationInfo) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2ServiceAccountDelegationInfo + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2Subject: Represents a Kubernetes subject. +type GoogleCloudSecuritycenterV2Subject struct { + // Kind: Authentication type for the subject. + // + // Possible values: + // "AUTH_TYPE_UNSPECIFIED" - Authentication is not specified. + // "USER" - User with valid certificate. + // "SERVICEACCOUNT" - Users managed by Kubernetes API with credentials + // stored as secrets. + // "GROUP" - Collection of users. + Kind string `json:"kind,omitempty"` + + // Name: Name for the subject. + Name string `json:"name,omitempty"` + + // Ns: Namespace for the subject. + Ns string `json:"ns,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Kind") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Kind") to include in API + // requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2Subject) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2Subject + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2Vulnerability: Refers to common +// vulnerability fields e.g. cve, cvss, cwe etc. +type GoogleCloudSecuritycenterV2Vulnerability struct { + // Cve: CVE stands for Common Vulnerabilities and Exposures + // (https://cve.mitre.org/about/) + Cve *GoogleCloudSecuritycenterV2Cve `json:"cve,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Cve") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Cve") to include in API + // requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2Vulnerability) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2Vulnerability + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2YaraRuleSignature: A signature +// corresponding to a YARA rule. +type GoogleCloudSecuritycenterV2YaraRuleSignature struct { + // YaraRule: The name of the YARA rule. + YaraRule string `json:"yaraRule,omitempty"` + + // ForceSendFields is a list of field names (e.g. "YaraRule") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "YaraRule") to include in + // API requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2YaraRuleSignature) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2YaraRuleSignature + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + // GroupAssetsRequest: Request message for grouping by assets. type GroupAssetsRequest struct { // CompareDuration: When compare_duration is set, the Asset's "state" @@ -4298,7 +7465,7 @@ type Object struct { // Group: Kubernetes object group, such as "policy.k8s.io/v1". Group string `json:"group,omitempty"` - // Kind: Kubernetes object kind, such as “Namespace”. + // Kind: Kubernetes object kind, such as "Namespace". Kind string `json:"kind,omitempty"` // Name: Kubernetes object name. For details see diff --git a/securitycenter/v1beta2/securitycenter-api.json b/securitycenter/v1beta2/securitycenter-api.json index 82b1105708d..72533cce78e 100644 --- a/securitycenter/v1beta2/securitycenter-api.json +++ b/securitycenter/v1beta2/securitycenter-api.json @@ -1906,7 +1906,7 @@ } } }, - "revision": "20231102", + "revision": "20231128", "rootUrl": "https://securitycenter.googleapis.com/", "schemas": { "Access": { @@ -1998,6 +1998,21 @@ }, "type": "object" }, + "Application": { + "description": "Represents an application associated with a finding.", + "id": "Application", + "properties": { + "baseUri": { + "description": "The base URI that identifies the network location of the application in which the vulnerability was detected. Examples: http://11.22.33.44, http://foo.com, http://11.22.33.44:8080", + "type": "string" + }, + "fullUri": { + "description": "The full URI with payload that can be used to reproduce the vulnerability. Example: http://11.22.33.44/reflected/parameter/attribute/singlequoted/js?p=aMmYgI6H", + "type": "string" + } + }, + "type": "object" + }, "AttackExposure": { "description": "An attack exposure contains the results of an attack path simulation run.", "id": "AttackExposure", @@ -2048,6 +2063,63 @@ }, "type": "object" }, + "BackupDisasterRecovery": { + "description": "Information related to Google Cloud Backup and DR Service findings.", + "id": "BackupDisasterRecovery", + "properties": { + "appliance": { + "description": "The name of the Backup and DR appliance that captures, moves, and manages the lifecycle of backup data. For example, “backup-server-57137”.", + "type": "string" + }, + "applications": { + "description": "The names of Backup and DR applications. An application is a VM, database, or file system on a managed host monitored by a backup and recovery appliance. For example, “centos7-01-vol00”, “centos7-01-vol01”, “centos7-01-vol02”.", + "items": { + "type": "string" + }, + "type": "array" + }, + "backupCreateTime": { + "description": "The timestamp at which the Backup and DR backup was created.", + "format": "google-datetime", + "type": "string" + }, + "backupTemplate": { + "description": "The name of a Backup and DR template which comprises one or more backup policies. See the [Backup and DR documentation](https://cloud.google.com/backup-disaster-recovery/docs/concepts/backup-plan#temp) for more information. For example, “snap-ov”.", + "type": "string" + }, + "backupType": { + "description": "The backup type of the Backup and DR image. For example, “Snapshot”, “Remote Snapshot”, “OnVault”.", + "type": "string" + }, + "host": { + "description": "The name of a Backup and DR host, which is managed by the backup and recovery appliance and known to the management console. The host can be of type Generic (for example, Compute Engine, SQL Server, Oracle DB, SMB file system, etc.), vCenter, or an ESX server. See the [Backup and DR documentation on hosts](https://cloud.google.com/backup-disaster-recovery/docs/configuration/manage-hosts-and-their-applications) for more information. For example, “centos7-01”.", + "type": "string" + }, + "policies": { + "description": "The names of Backup and DR policies that are associated with a template and that define when to run a backup, how frequently to run a backup, and how long to retain the backup image. For example, “onvaults”.", + "items": { + "type": "string" + }, + "type": "array" + }, + "policyOptions": { + "description": "The names of Backup and DR advanced policy options of a policy applying to an application. See the [Backup and DR documentation on policy options](https://cloud.google.com/backup-disaster-recovery/docs/create-plan/policy-settings). For example, “skipofflineappsincongrp, nounmap”.", + "items": { + "type": "string" + }, + "type": "array" + }, + "profile": { + "description": "The name of the Backup and DR resource profile that specifies the storage media for backups of application and VM data. See the [Backup and DR documentation on profiles](https://cloud.google.com/backup-disaster-recovery/docs/concepts/backup-plan#profile). For example, “GCP”.", + "type": "string" + }, + "storagePool": { + "description": "The name of the Backup and DR storage pool that the backup and recovery appliance is storing data in. The storage pool could be of type Cloud, Primary, Snapshot, or OnVault. See the [Backup and DR documentation on storage pools](https://cloud.google.com/backup-disaster-recovery/docs/concepts/storage-pools). For example, “DiskPoolOne”.", + "type": "string" + } + }, + "type": "object" + }, "CloudDlpDataProfile": { "description": "The [data profile](https://cloud.google.com/dlp/docs/data-profiles) associated with the finding.", "id": "CloudDlpDataProfile", @@ -2143,6 +2215,47 @@ }, "type": "object" }, + "ComplianceSnapshot": { + "description": "Result containing the properties and count of a ComplianceSnapshot request.", + "id": "ComplianceSnapshot", + "properties": { + "category": { + "description": "The category of Findings matching.", + "type": "string" + }, + "complianceStandard": { + "description": "The compliance standard (ie CIS).", + "type": "string" + }, + "complianceVersion": { + "description": "The compliance version (ie 1.3) in CIS 1.3.", + "type": "string" + }, + "count": { + "description": "Total count of findings for the given properties.", + "format": "int64", + "type": "string" + }, + "leafContainerResource": { + "description": "The leaf container resource name that is closest to the snapshot.", + "type": "string" + }, + "name": { + "description": "The compliance snapshot name. Format: //sources//complianceSnapshots/", + "type": "string" + }, + "projectDisplayName": { + "description": "The CRM resource display name that is closest to the snapshot the Findings belong to.", + "type": "string" + }, + "snapshotTime": { + "description": "The snapshot time of the snapshot.", + "format": "google-datetime", + "type": "string" + } + }, + "type": "object" + }, "Config": { "description": "Configuration of a module.", "id": "Config", @@ -2732,10 +2845,18 @@ "$ref": "Access", "description": "Access details associated with the finding, such as more information on the caller, which method was accessed, and from where." }, + "application": { + "$ref": "Application", + "description": "Represents an application associated with the finding." + }, "attackExposure": { "$ref": "AttackExposure", "description": "The results of an attack path simulation relevant to this finding." }, + "backupDisasterRecovery": { + "$ref": "BackupDisasterRecovery", + "description": "Fields related to Backup and DR findings." + }, "canonicalName": { "description": "The canonical name of the finding. It's either \"organizations/{organization_id}/sources/{source_id}/findings/{finding_id}\", \"folders/{folder_id}/sources/{source_id}/findings/{finding_id}\" or \"projects/{project_number}/sources/{source_id}/findings/{finding_id}\", depending on the closest CRM ancestor of the resource associated with the finding.", "type": "string" @@ -3741,6 +3862,2077 @@ }, "type": "object" }, + "GoogleCloudSecuritycenterV2Access": { + "description": "Represents an access event.", + "id": "GoogleCloudSecuritycenterV2Access", + "properties": { + "callerIp": { + "description": "Caller's IP address, such as \"1.1.1.1\".", + "type": "string" + }, + "callerIpGeo": { + "$ref": "GoogleCloudSecuritycenterV2Geolocation", + "description": "The caller IP's geolocation, which identifies where the call came from." + }, + "methodName": { + "description": "The method that the service account called, e.g. \"SetIamPolicy\".", + "type": "string" + }, + "principalEmail": { + "description": "Associated email, such as \"foo@google.com\". The email address of the authenticated user or a service account acting on behalf of a third party principal making the request. For third party identity callers, the `principal_subject` field is populated instead of this field. For privacy reasons, the principal email address is sometimes redacted. For more information, see [Caller identities in audit logs](https://cloud.google.com/logging/docs/audit#user-id).", + "type": "string" + }, + "principalSubject": { + "description": "A string that represents the principal_subject that is associated with the identity. Unlike `principal_email`, `principal_subject` supports principals that aren't associated with email addresses, such as third party principals. For most identities, the format is `principal://iam.googleapis.com/{identity pool name}/subject/{subject}`. Some GKE identities, such as GKE_WORKLOAD, FREEFORM, and GKE_HUB_WORKLOAD, still use the legacy format `serviceAccount:{identity pool name}[{subject}]`.", + "type": "string" + }, + "serviceAccountDelegationInfo": { + "description": "The identity delegation history of an authenticated service account that made the request. The `serviceAccountDelegationInfo[]` object contains information about the real authorities that try to access Google Cloud resources by delegating on a service account. When multiple authorities are present, they are guaranteed to be sorted based on the original ordering of the identity delegation events.", + "items": { + "$ref": "GoogleCloudSecuritycenterV2ServiceAccountDelegationInfo" + }, + "type": "array" + }, + "serviceAccountKeyName": { + "description": "The name of the service account key that was used to create or exchange credentials when authenticating the service account that made the request. This is a scheme-less URI full resource name. For example: \"//iam.googleapis.com/projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}\". ", + "type": "string" + }, + "serviceName": { + "description": "This is the API service that the service account made a call to, e.g. \"iam.googleapis.com\"", + "type": "string" + }, + "userAgent": { + "description": "The caller's user agent string associated with the finding.", + "type": "string" + }, + "userAgentFamily": { + "description": "Type of user agent associated with the finding. For example, an operating system shell or an embedded or standalone application.", + "type": "string" + }, + "userName": { + "description": "A string that represents a username. The username provided depends on the type of the finding and is likely not an IAM principal. For example, this can be a system username if the finding is related to a virtual machine, or it can be an application login username.", + "type": "string" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2AccessReview": { + "description": "Conveys information about a Kubernetes access review (such as one returned by a [`kubectl auth can-i`](https://kubernetes.io/docs/reference/access-authn-authz/authorization/#checking-api-access) command) that was involved in a finding.", + "id": "GoogleCloudSecuritycenterV2AccessReview", + "properties": { + "group": { + "description": "The API group of the resource. \"*\" means all.", + "type": "string" + }, + "name": { + "description": "The name of the resource being requested. Empty means all.", + "type": "string" + }, + "ns": { + "description": "Namespace of the action being requested. Currently, there is no distinction between no namespace and all namespaces. Both are represented by \"\" (empty).", + "type": "string" + }, + "resource": { + "description": "The optional resource type requested. \"*\" means all.", + "type": "string" + }, + "subresource": { + "description": "The optional subresource type.", + "type": "string" + }, + "verb": { + "description": "A Kubernetes resource API verb, like get, list, watch, create, update, delete, proxy. \"*\" means all.", + "type": "string" + }, + "version": { + "description": "The API version of the resource. \"*\" means all.", + "type": "string" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2Application": { + "description": "Represents an application associated with a finding.", + "id": "GoogleCloudSecuritycenterV2Application", + "properties": { + "baseUri": { + "description": "The base URI that identifies the network location of the application in which the vulnerability was detected. Examples: http://11.22.33.44, http://foo.com, http://11.22.33.44:8080", + "type": "string" + }, + "fullUri": { + "description": "The full URI with payload that could be used to reproduce the vulnerability. Example: http://11.22.33.44/reflected/parameter/attribute/singlequoted/js?p=aMmYgI6H", + "type": "string" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2AttackExposure": { + "description": "An attack exposure contains the results of an attack path simulation run.", + "id": "GoogleCloudSecuritycenterV2AttackExposure", + "properties": { + "attackExposureResult": { + "description": "The resource name of the attack path simulation result that contains the details regarding this attack exposure score. Example: organizations/123/attackExposureResults/456", + "type": "string" + }, + "exposedHighValueResourcesCount": { + "description": "The number of high value resources that are exposed as a result of this finding.", + "format": "int32", + "type": "integer" + }, + "exposedLowValueResourcesCount": { + "description": "The number of high value resources that are exposed as a result of this finding.", + "format": "int32", + "type": "integer" + }, + "exposedMediumValueResourcesCount": { + "description": "The number of medium value resources that are exposed as a result of this finding.", + "format": "int32", + "type": "integer" + }, + "latestCalculationTime": { + "description": "The most recent time the attack exposure was updated on this finding.", + "format": "google-datetime", + "type": "string" + }, + "score": { + "description": "A number between 0 (inclusive) and infinity that represents how important this finding is to remediate. The higher the score, the more important it is to remediate.", + "format": "double", + "type": "number" + }, + "state": { + "description": "Output only. What state this AttackExposure is in. This captures whether or not an attack exposure has been calculated or not.", + "enum": [ + "STATE_UNSPECIFIED", + "CALCULATED", + "NOT_CALCULATED" + ], + "enumDescriptions": [ + "The state is not specified.", + "The attack exposure has been calculated.", + "The attack exposure has not been calculated." + ], + "readOnly": true, + "type": "string" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2BackupDisasterRecovery": { + "description": "Information related to Google Cloud Backup and DR Service findings.", + "id": "GoogleCloudSecuritycenterV2BackupDisasterRecovery", + "properties": { + "appliance": { + "description": "The name of the Backup and DR appliance that captures, moves, and manages the lifecycle of backup data. For example, “backup-server-57137”.", + "type": "string" + }, + "applications": { + "description": "The names of Backup and DR applications. An application is a VM, database, or file system on a managed host monitored by a backup and recovery appliance. For example, “centos7-01-vol00”, “centos7-01-vol01”, “centos7-01-vol02”.", + "items": { + "type": "string" + }, + "type": "array" + }, + "backupCreateTime": { + "description": "The timestamp at which the Backup and DR backup was created.", + "format": "google-datetime", + "type": "string" + }, + "backupTemplate": { + "description": "The name of a Backup and DR template which comprises one or more backup policies. See the [Backup and DR documentation](https://cloud.google.com/backup-disaster-recovery/docs/concepts/backup-plan#temp) for more information. For example, “snap-ov”.", + "type": "string" + }, + "backupType": { + "description": "The backup type of the Backup and DR image. For example, “Snapshot”, “Remote Snapshot”, “OnVault”.", + "type": "string" + }, + "host": { + "description": "The name of a Backup and DR host, which is managed by the backup and recovery appliance and known to the management console. The host can be of type Generic (for example, Compute Engine, SQL Server, Oracle DB, SMB file system, etc.), vCenter, or an ESX server. See the [Backup and DR documentation on hosts](https://cloud.google.com/backup-disaster-recovery/docs/configuration/manage-hosts-and-their-applications) for more information. For example, “centos7-01”.", + "type": "string" + }, + "policies": { + "description": "The names of Backup and DR policies that are associated with a template and that define when to run a backup, how frequently to run a backup, and how long to retain the backup image. For example, “onvaults”.", + "items": { + "type": "string" + }, + "type": "array" + }, + "policyOptions": { + "description": "The names of Backup and DR advanced policy options of a policy applying to an application. See the [Backup and DR documentation on policy options](https://cloud.google.com/backup-disaster-recovery/docs/create-plan/policy-settings). For example, “skipofflineappsincongrp, nounmap”.", + "items": { + "type": "string" + }, + "type": "array" + }, + "profile": { + "description": "The name of the Backup and DR resource profile that specifies the storage media for backups of application and VM data. See the [Backup and DR documentation on profiles](https://cloud.google.com/backup-disaster-recovery/docs/concepts/backup-plan#profile). For example, “GCP”.", + "type": "string" + }, + "storagePool": { + "description": "The name of the Backup and DR storage pool that the backup and recovery appliance is storing data in. The storage pool could be of type Cloud, Primary, Snapshot, or OnVault. See the [Backup and DR documentation on storage pools](https://cloud.google.com/backup-disaster-recovery/docs/concepts/storage-pools). For example, “DiskPoolOne”.", + "type": "string" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2BigQueryExport": { + "description": "Configures how to deliver Findings to BigQuery Instance.", + "id": "GoogleCloudSecuritycenterV2BigQueryExport", + "properties": { + "createTime": { + "description": "Output only. The time at which the BigQuery export was created. This field is set by the server and will be ignored if provided on export on creation.", + "format": "google-datetime", + "readOnly": true, + "type": "string" + }, + "dataset": { + "description": "The dataset to write findings' updates to. Its format is \"projects/[project_id]/datasets/[bigquery_dataset_id]\". BigQuery Dataset unique ID must contain only letters (a-z, A-Z), numbers (0-9), or underscores (_).", + "type": "string" + }, + "description": { + "description": "The description of the export (max of 1024 characters).", + "type": "string" + }, + "filter": { + "description": "Expression that defines the filter to apply across create/update events of findings. The expression is a list of zero or more restrictions combined via logical operators `AND` and `OR`. Parentheses are supported, and `OR` has higher precedence than `AND`. Restrictions have the form ` ` and may have a `-` character in front of them to indicate negation. The fields map to those defined in the corresponding resource. The supported operators are: * `=` for all value types. * `\u003e`, `\u003c`, `\u003e=`, `\u003c=` for integer values. * `:`, meaning substring matching, for strings. The supported value types are: * string literals in quotes. * integer literals without quotes. * boolean literals `true` and `false` without quotes.", + "type": "string" + }, + "mostRecentEditor": { + "description": "Output only. Email address of the user who last edited the BigQuery export. This field is set by the server and will be ignored if provided on export creation or update.", + "readOnly": true, + "type": "string" + }, + "name": { + "description": "The relative resource name of this export. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name. The following list shows some examples: + `organizations/{organization_id}/locations/{location_id}/bigQueryExports/{export_id}` + `folders/{folder_id}/locations/{location_id}/bigQueryExports/{export_id}` + `projects/{project_id}/locations/{location_id}/bigQueryExports/{export_id}` This field is provided in responses, and is ignored when provided in create requests.", + "type": "string" + }, + "principal": { + "description": "Output only. The service account that needs permission to create table and upload data to the BigQuery dataset.", + "readOnly": true, + "type": "string" + }, + "updateTime": { + "description": "Output only. The most recent time at which the BigQuery export was updated. This field is set by the server and will be ignored if provided on export creation or update.", + "format": "google-datetime", + "readOnly": true, + "type": "string" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2Binding": { + "description": "Represents a Kubernetes RoleBinding or ClusterRoleBinding.", + "id": "GoogleCloudSecuritycenterV2Binding", + "properties": { + "name": { + "description": "Name for the binding.", + "type": "string" + }, + "ns": { + "description": "Namespace for the binding.", + "type": "string" + }, + "role": { + "$ref": "GoogleCloudSecuritycenterV2Role", + "description": "The Role or ClusterRole referenced by the binding." + }, + "subjects": { + "description": "Represents one or more subjects that are bound to the role. Not always available for PATCH requests.", + "items": { + "$ref": "GoogleCloudSecuritycenterV2Subject" + }, + "type": "array" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2BulkMuteFindingsResponse": { + "description": "The response to a BulkMute request. Contains the LRO information.", + "id": "GoogleCloudSecuritycenterV2BulkMuteFindingsResponse", + "properties": {}, + "type": "object" + }, + "GoogleCloudSecuritycenterV2CloudDlpDataProfile": { + "description": "The [data profile](https://cloud.google.com/dlp/docs/data-profiles) associated with the finding.", + "id": "GoogleCloudSecuritycenterV2CloudDlpDataProfile", + "properties": { + "dataProfile": { + "description": "Name of the data profile, for example, `projects/123/locations/europe/tableProfiles/8383929`.", + "type": "string" + }, + "parentType": { + "description": "The resource hierarchy level at which the data profile was generated.", + "enum": [ + "PARENT_TYPE_UNSPECIFIED", + "ORGANIZATION", + "PROJECT" + ], + "enumDescriptions": [ + "Unspecified parent type.", + "Organization-level configurations.", + "Project-level configurations." + ], + "type": "string" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2CloudDlpInspection": { + "description": "Details about the Cloud Data Loss Prevention (Cloud DLP) [inspection job](https://cloud.google.com/dlp/docs/concepts-job-triggers) that produced the finding.", + "id": "GoogleCloudSecuritycenterV2CloudDlpInspection", + "properties": { + "fullScan": { + "description": "Whether Cloud DLP scanned the complete resource or a sampled subset.", + "type": "boolean" + }, + "infoType": { + "description": "The type of information (or *[infoType](https://cloud.google.com/dlp/docs/infotypes-reference)*) found, for example, `EMAIL_ADDRESS` or `STREET_ADDRESS`.", + "type": "string" + }, + "infoTypeCount": { + "description": "The number of times Cloud DLP found this infoType within this job and resource.", + "format": "int64", + "type": "string" + }, + "inspectJob": { + "description": "Name of the inspection job, for example, `projects/123/locations/europe/dlpJobs/i-8383929`.", + "type": "string" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2CloudLoggingEntry": { + "description": "Metadata taken from a [Cloud Logging LogEntry](https://cloud.google.com/logging/docs/reference/v2/rest/v2/LogEntry)", + "id": "GoogleCloudSecuritycenterV2CloudLoggingEntry", + "properties": { + "insertId": { + "description": "A unique identifier for the log entry.", + "type": "string" + }, + "logId": { + "description": "The type of the log (part of `log_name`. `log_name` is the resource name of the log to which this log entry belongs). For example: `cloudresourcemanager.googleapis.com/activity` Note that this field is not URL-encoded, unlike in `LogEntry`.", + "type": "string" + }, + "resourceContainer": { + "description": "The organization, folder, or project of the monitored resource that produced this log entry.", + "type": "string" + }, + "timestamp": { + "description": "The time the event described by the log entry occurred.", + "format": "google-datetime", + "type": "string" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2Compliance": { + "description": "Contains compliance information about a security standard indicating unmet recommendations.", + "id": "GoogleCloudSecuritycenterV2Compliance", + "properties": { + "ids": { + "description": "Policies within the standard or benchmark, for example, A.12.4.1", + "items": { + "type": "string" + }, + "type": "array" + }, + "standard": { + "description": "Industry-wide compliance standards or benchmarks, such as CIS, PCI, and OWASP.", + "type": "string" + }, + "version": { + "description": "Version of the standard or benchmark, for example, 1.1", + "type": "string" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2Connection": { + "description": "Contains information about the IP connection associated with the finding.", + "id": "GoogleCloudSecuritycenterV2Connection", + "properties": { + "destinationIp": { + "description": "Destination IP address. Not present for sockets that are listening and not connected.", + "type": "string" + }, + "destinationPort": { + "description": "Destination port. Not present for sockets that are listening and not connected.", + "format": "int32", + "type": "integer" + }, + "protocol": { + "description": "IANA Internet Protocol Number such as TCP(6) and UDP(17).", + "enum": [ + "PROTOCOL_UNSPECIFIED", + "ICMP", + "TCP", + "UDP", + "GRE", + "ESP" + ], + "enumDescriptions": [ + "Unspecified protocol (not HOPOPT).", + "Internet Control Message Protocol.", + "Transmission Control Protocol.", + "User Datagram Protocol.", + "Generic Routing Encapsulation.", + "Encap Security Payload." + ], + "type": "string" + }, + "sourceIp": { + "description": "Source IP address.", + "type": "string" + }, + "sourcePort": { + "description": "Source port.", + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2Contact": { + "description": "The email address of a contact.", + "id": "GoogleCloudSecuritycenterV2Contact", + "properties": { + "email": { + "description": "An email address. For example, \"`person123@company.com`\".", + "type": "string" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2ContactDetails": { + "description": "Details about specific contacts", + "id": "GoogleCloudSecuritycenterV2ContactDetails", + "properties": { + "contacts": { + "description": "A list of contacts", + "items": { + "$ref": "GoogleCloudSecuritycenterV2Contact" + }, + "type": "array" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2Container": { + "description": "Container associated with the finding.", + "id": "GoogleCloudSecuritycenterV2Container", + "properties": { + "createTime": { + "description": "The time that the container was created.", + "format": "google-datetime", + "type": "string" + }, + "imageId": { + "description": "Optional container image ID, if provided by the container runtime. Uniquely identifies the container image launched using a container image digest.", + "type": "string" + }, + "labels": { + "description": "Container labels, as provided by the container runtime.", + "items": { + "$ref": "GoogleCloudSecuritycenterV2Label" + }, + "type": "array" + }, + "name": { + "description": "Name of the container.", + "type": "string" + }, + "uri": { + "description": "Container image URI provided when configuring a pod or container. This string can identify a container image version using mutable tags.", + "type": "string" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2Cve": { + "description": "CVE stands for Common Vulnerabilities and Exposures. More information: https://cve.mitre.org", + "id": "GoogleCloudSecuritycenterV2Cve", + "properties": { + "cvssv3": { + "$ref": "GoogleCloudSecuritycenterV2Cvssv3", + "description": "Describe Common Vulnerability Scoring System specified at https://www.first.org/cvss/v3.1/specification-document" + }, + "id": { + "description": "The unique identifier for the vulnerability. e.g. CVE-2021-34527", + "type": "string" + }, + "references": { + "description": "Additional information about the CVE. e.g. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34527", + "items": { + "$ref": "GoogleCloudSecuritycenterV2Reference" + }, + "type": "array" + }, + "upstreamFixAvailable": { + "description": "Whether upstream fix is available for the CVE.", + "type": "boolean" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2Cvssv3": { + "description": "Common Vulnerability Scoring System version 3.", + "id": "GoogleCloudSecuritycenterV2Cvssv3", + "properties": { + "attackComplexity": { + "description": "This metric describes the conditions beyond the attacker's control that must exist in order to exploit the vulnerability.", + "enum": [ + "ATTACK_COMPLEXITY_UNSPECIFIED", + "ATTACK_COMPLEXITY_LOW", + "ATTACK_COMPLEXITY_HIGH" + ], + "enumDescriptions": [ + "Invalid value.", + "Specialized access conditions or extenuating circumstances do not exist. An attacker can expect repeatable success when attacking the vulnerable component.", + "A successful attack depends on conditions beyond the attacker's control. That is, a successful attack cannot be accomplished at will, but requires the attacker to invest in some measurable amount of effort in preparation or execution against the vulnerable component before a successful attack can be expected." + ], + "type": "string" + }, + "attackVector": { + "description": "Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments. This metric reflects the context by which vulnerability exploitation is possible.", + "enum": [ + "ATTACK_VECTOR_UNSPECIFIED", + "ATTACK_VECTOR_NETWORK", + "ATTACK_VECTOR_ADJACENT", + "ATTACK_VECTOR_LOCAL", + "ATTACK_VECTOR_PHYSICAL" + ], + "enumDescriptions": [ + "Invalid value.", + "The vulnerable component is bound to the network stack and the set of possible attackers extends beyond the other options listed below, up to and including the entire Internet.", + "The vulnerable component is bound to the network stack, but the attack is limited at the protocol level to a logically adjacent topology.", + "The vulnerable component is not bound to the network stack and the attacker's path is via read/write/execute capabilities.", + "The attack requires the attacker to physically touch or manipulate the vulnerable component." + ], + "type": "string" + }, + "availabilityImpact": { + "description": "This metric measures the impact to the availability of the impacted component resulting from a successfully exploited vulnerability.", + "enum": [ + "IMPACT_UNSPECIFIED", + "IMPACT_HIGH", + "IMPACT_LOW", + "IMPACT_NONE" + ], + "enumDescriptions": [ + "Invalid value.", + "High impact.", + "Low impact.", + "No impact." + ], + "type": "string" + }, + "baseScore": { + "description": "The base score is a function of the base metric scores.", + "format": "double", + "type": "number" + }, + "confidentialityImpact": { + "description": "This metric measures the impact to the confidentiality of the information resources managed by a software component due to a successfully exploited vulnerability.", + "enum": [ + "IMPACT_UNSPECIFIED", + "IMPACT_HIGH", + "IMPACT_LOW", + "IMPACT_NONE" + ], + "enumDescriptions": [ + "Invalid value.", + "High impact.", + "Low impact.", + "No impact." + ], + "type": "string" + }, + "integrityImpact": { + "description": "This metric measures the impact to integrity of a successfully exploited vulnerability.", + "enum": [ + "IMPACT_UNSPECIFIED", + "IMPACT_HIGH", + "IMPACT_LOW", + "IMPACT_NONE" + ], + "enumDescriptions": [ + "Invalid value.", + "High impact.", + "Low impact.", + "No impact." + ], + "type": "string" + }, + "privilegesRequired": { + "description": "This metric describes the level of privileges an attacker must possess before successfully exploiting the vulnerability.", + "enum": [ + "PRIVILEGES_REQUIRED_UNSPECIFIED", + "PRIVILEGES_REQUIRED_NONE", + "PRIVILEGES_REQUIRED_LOW", + "PRIVILEGES_REQUIRED_HIGH" + ], + "enumDescriptions": [ + "Invalid value.", + "The attacker is unauthorized prior to attack, and therefore does not require any access to settings or files of the vulnerable system to carry out an attack.", + "The attacker requires privileges that provide basic user capabilities that could normally affect only settings and files owned by a user. Alternatively, an attacker with Low privileges has the ability to access only non-sensitive resources.", + "The attacker requires privileges that provide significant (e.g., administrative) control over the vulnerable component allowing access to component-wide settings and files." + ], + "type": "string" + }, + "scope": { + "description": "The Scope metric captures whether a vulnerability in one vulnerable component impacts resources in components beyond its security scope.", + "enum": [ + "SCOPE_UNSPECIFIED", + "SCOPE_UNCHANGED", + "SCOPE_CHANGED" + ], + "enumDescriptions": [ + "Invalid value.", + "An exploited vulnerability can only affect resources managed by the same security authority.", + "An exploited vulnerability can affect resources beyond the security scope managed by the security authority of the vulnerable component." + ], + "type": "string" + }, + "userInteraction": { + "description": "This metric captures the requirement for a human user, other than the attacker, to participate in the successful compromise of the vulnerable component.", + "enum": [ + "USER_INTERACTION_UNSPECIFIED", + "USER_INTERACTION_NONE", + "USER_INTERACTION_REQUIRED" + ], + "enumDescriptions": [ + "Invalid value.", + "The vulnerable system can be exploited without interaction from any user.", + "Successful exploitation of this vulnerability requires a user to take some action before the vulnerability can be exploited." + ], + "type": "string" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2Database": { + "description": "Represents database access information, such as queries. A database may be a sub-resource of an instance (as in the case of Cloud SQL instances or Cloud Spanner instances), or the database instance itself. Some database resources might not have the [full resource name](https://google.aip.dev/122#full-resource-names) populated because these resource types, such as Cloud SQL databases, are not yet supported by Cloud Asset Inventory. In these cases only the display name is provided.", + "id": "GoogleCloudSecuritycenterV2Database", + "properties": { + "displayName": { + "description": "The human-readable name of the database that the user connected to.", + "type": "string" + }, + "grantees": { + "description": "The target usernames, roles, or groups of an SQL privilege grant, which is not an IAM policy change.", + "items": { + "type": "string" + }, + "type": "array" + }, + "name": { + "description": "Some database resources may not have the [full resource name](https://google.aip.dev/122#full-resource-names) populated because these resource types are not yet supported by Cloud Asset Inventory (e.g. Cloud SQL databases). In these cases only the display name will be provided. The [full resource name](https://google.aip.dev/122#full-resource-names) of the database that the user connected to, if it is supported by Cloud Asset Inventory.", + "type": "string" + }, + "query": { + "description": "The SQL statement that is associated with the database access.", + "type": "string" + }, + "userName": { + "description": "The username used to connect to the database. The username might not be an IAM principal and does not have a set format.", + "type": "string" + }, + "version": { + "description": "The version of the database, for example, POSTGRES_14. See [the complete list](https://cloud.google.com/sql/docs/mysql/admin-api/rest/v1/SqlDatabaseVersion).", + "type": "string" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2Detection": { + "description": "Memory hash detection contributing to the binary family match.", + "id": "GoogleCloudSecuritycenterV2Detection", + "properties": { + "binary": { + "description": "The name of the binary associated with the memory hash signature detection.", + "type": "string" + }, + "percentPagesMatched": { + "description": "The percentage of memory page hashes in the signature that were matched.", + "format": "double", + "type": "number" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2EnvironmentVariable": { + "description": "A name-value pair representing an environment variable used in an operating system process.", + "id": "GoogleCloudSecuritycenterV2EnvironmentVariable", + "properties": { + "name": { + "description": "Environment variable name as a JSON encoded string.", + "type": "string" + }, + "val": { + "description": "Environment variable value as a JSON encoded string.", + "type": "string" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2ExfilResource": { + "description": "Resource where data was exfiltrated from or exfiltrated to.", + "id": "GoogleCloudSecuritycenterV2ExfilResource", + "properties": { + "components": { + "description": "Subcomponents of the asset that was exfiltrated, like URIs used during exfiltration, table names, databases, and filenames. For example, multiple tables might have been exfiltrated from the same Cloud SQL instance, or multiple files might have been exfiltrated from the same Cloud Storage bucket.", + "items": { + "type": "string" + }, + "type": "array" + }, + "name": { + "description": "The resource's [full resource name](https://cloud.google.com/apis/design/resource_names#full_resource_name).", + "type": "string" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2Exfiltration": { + "description": "Exfiltration represents a data exfiltration attempt from one or more sources to one or more targets. The `sources` attribute lists the sources of the exfiltrated data. The `targets` attribute lists the destinations the data was copied to.", + "id": "GoogleCloudSecuritycenterV2Exfiltration", + "properties": { + "sources": { + "description": "If there are multiple sources, then the data is considered \"joined\" between them. For instance, BigQuery can join multiple tables, and each table would be considered a source.", + "items": { + "$ref": "GoogleCloudSecuritycenterV2ExfilResource" + }, + "type": "array" + }, + "targets": { + "description": "If there are multiple targets, each target would get a complete copy of the \"joined\" source data.", + "items": { + "$ref": "GoogleCloudSecuritycenterV2ExfilResource" + }, + "type": "array" + }, + "totalExfiltratedBytes": { + "description": "Total exfiltrated bytes processed for the entire job.", + "format": "int64", + "type": "string" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2ExternalSystem": { + "description": "Representation of third party SIEM/SOAR fields within SCC.", + "id": "GoogleCloudSecuritycenterV2ExternalSystem", + "properties": { + "assignees": { + "description": "References primary/secondary etc assignees in the external system.", + "items": { + "type": "string" + }, + "type": "array" + }, + "externalSystemUpdateTime": { + "description": "The time when the case was last updated, as reported by the external system.", + "format": "google-datetime", + "type": "string" + }, + "externalUid": { + "description": "The identifier that's used to track the finding's corresponding case in the external system.", + "type": "string" + }, + "name": { + "description": "Full resource name of the external system. The following list shows some examples: + `organizations/1234/sources/5678/findings/123456/externalSystems/jira` + `organizations/1234/sources/5678/locations/us/findings/123456/externalSystems/jira` + `folders/1234/sources/5678/findings/123456/externalSystems/jira` + `folders/1234/sources/5678/locations/us/findings/123456/externalSystems/jira` + `projects/1234/sources/5678/findings/123456/externalSystems/jira` + `projects/1234/sources/5678/locations/us/findings/123456/externalSystems/jira`", + "type": "string" + }, + "status": { + "description": "The most recent status of the finding's corresponding case, as reported by the external system.", + "type": "string" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2File": { + "description": "File information about the related binary/library used by an executable, or the script used by a script interpreter", + "id": "GoogleCloudSecuritycenterV2File", + "properties": { + "contents": { + "description": "Prefix of the file contents as a JSON-encoded string.", + "type": "string" + }, + "hashedSize": { + "description": "The length in bytes of the file prefix that was hashed. If hashed_size == size, any hashes reported represent the entire file.", + "format": "int64", + "type": "string" + }, + "partiallyHashed": { + "description": "True when the hash covers only a prefix of the file.", + "type": "boolean" + }, + "path": { + "description": "Absolute path of the file as a JSON encoded string.", + "type": "string" + }, + "sha256": { + "description": "SHA256 hash of the first hashed_size bytes of the file encoded as a hex string. If hashed_size == size, sha256 represents the SHA256 hash of the entire file.", + "type": "string" + }, + "size": { + "description": "Size of the file in bytes.", + "format": "int64", + "type": "string" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2Finding": { + "description": "Security Command Center finding. A finding is a record of assessment data like security, risk, health, or privacy, that is ingested into Security Command Center for presentation, notification, analysis, policy testing, and enforcement. For example, a cross-site scripting (XSS) vulnerability in an App Engine application is a finding.", + "id": "GoogleCloudSecuritycenterV2Finding", + "properties": { + "access": { + "$ref": "GoogleCloudSecuritycenterV2Access", + "description": "Access details associated with the finding, such as more information on the caller, which method was accessed, and from where." + }, + "application": { + "$ref": "GoogleCloudSecuritycenterV2Application", + "description": "Represents an application associated with the finding." + }, + "attackExposure": { + "$ref": "GoogleCloudSecuritycenterV2AttackExposure", + "description": "The results of an attack path simulation relevant to this finding." + }, + "backupDisasterRecovery": { + "$ref": "GoogleCloudSecuritycenterV2BackupDisasterRecovery", + "description": "Fields related to Backup and DR findings." + }, + "canonicalName": { + "description": "Output only. The canonical name of the finding. The following list shows some examples: + `organizations/{organization_id}/sources/{source_id}/findings/{finding_id}` + `organizations/{organization_id}/sources/{source_id}/locations/{location_id}/findings/{finding_id}` + `folders/{folder_id}/sources/{source_id}/findings/{finding_id}` + `folders/{folder_id}/sources/{source_id}/locations/{location_id}/findings/{finding_id}` + `projects/{project_id}/sources/{source_id}/findings/{finding_id}` + `projects/{project_id}/sources/{source_id}/locations/{location_id}/findings/{finding_id}` The prefix is the closest CRM ancestor of the resource associated with the finding.", + "readOnly": true, + "type": "string" + }, + "category": { + "description": "Immutable. The additional taxonomy group within findings from a given source. Example: \"XSS_FLASH_INJECTION\"", + "type": "string" + }, + "cloudDlpDataProfile": { + "$ref": "GoogleCloudSecuritycenterV2CloudDlpDataProfile", + "description": "Cloud DLP data profile that is associated with the finding." + }, + "cloudDlpInspection": { + "$ref": "GoogleCloudSecuritycenterV2CloudDlpInspection", + "description": "Cloud Data Loss Prevention (Cloud DLP) inspection results that are associated with the finding." + }, + "compliances": { + "description": "Contains compliance information for security standards associated to the finding.", + "items": { + "$ref": "GoogleCloudSecuritycenterV2Compliance" + }, + "type": "array" + }, + "connections": { + "description": "Contains information about the IP connection associated with the finding.", + "items": { + "$ref": "GoogleCloudSecuritycenterV2Connection" + }, + "type": "array" + }, + "contacts": { + "additionalProperties": { + "$ref": "GoogleCloudSecuritycenterV2ContactDetails" + }, + "description": "Output only. Map containing the points of contact for the given finding. The key represents the type of contact, while the value contains a list of all the contacts that pertain. Please refer to: https://cloud.google.com/resource-manager/docs/managing-notification-contacts#notification-categories { \"security\": { \"contacts\": [ { \"email\": \"person1@company.com\" }, { \"email\": \"person2@company.com\" } ] } }", + "readOnly": true, + "type": "object" + }, + "containers": { + "description": "Containers associated with the finding. This field provides information for both Kubernetes and non-Kubernetes containers.", + "items": { + "$ref": "GoogleCloudSecuritycenterV2Container" + }, + "type": "array" + }, + "createTime": { + "description": "Output only. The time at which the finding was created in Security Command Center.", + "format": "google-datetime", + "readOnly": true, + "type": "string" + }, + "database": { + "$ref": "GoogleCloudSecuritycenterV2Database", + "description": "Database associated with the finding." + }, + "description": { + "description": "Contains more details about the finding.", + "type": "string" + }, + "eventTime": { + "description": "The time the finding was first detected. If an existing finding is updated, then this is the time the update occurred. For example, if the finding represents an open firewall, this property captures the time the detector believes the firewall became open. The accuracy is determined by the detector. If the finding is later resolved, then this time reflects when the finding was resolved. This must not be set to a value greater than the current timestamp.", + "format": "google-datetime", + "type": "string" + }, + "exfiltration": { + "$ref": "GoogleCloudSecuritycenterV2Exfiltration", + "description": "Represents exfiltrations associated with the finding." + }, + "externalSystems": { + "additionalProperties": { + "$ref": "GoogleCloudSecuritycenterV2ExternalSystem" + }, + "description": "Output only. Third party SIEM/SOAR fields within SCC, contains external system information and external system finding fields.", + "readOnly": true, + "type": "object" + }, + "externalUri": { + "description": "The URI that, if available, points to a web page outside of Security Command Center where additional information about the finding can be found. This field is guaranteed to be either empty or a well formed URL.", + "type": "string" + }, + "files": { + "description": "File associated with the finding.", + "items": { + "$ref": "GoogleCloudSecuritycenterV2File" + }, + "type": "array" + }, + "findingClass": { + "description": "The class of the finding.", + "enum": [ + "FINDING_CLASS_UNSPECIFIED", + "THREAT", + "VULNERABILITY", + "MISCONFIGURATION", + "OBSERVATION", + "SCC_ERROR", + "POSTURE_VIOLATION" + ], + "enumDescriptions": [ + "Unspecified finding class.", + "Describes unwanted or malicious activity.", + "Describes a potential weakness in software that increases risk to Confidentiality \u0026 Integrity \u0026 Availability.", + "Describes a potential weakness in cloud resource/asset configuration that increases risk.", + "Describes a security observation that is for informational purposes.", + "Describes an error that prevents some SCC functionality.", + "Describes a potential security risk due to a change in the security posture." + ], + "type": "string" + }, + "iamBindings": { + "description": "Represents IAM bindings associated with the finding.", + "items": { + "$ref": "GoogleCloudSecuritycenterV2IamBinding" + }, + "type": "array" + }, + "indicator": { + "$ref": "GoogleCloudSecuritycenterV2Indicator", + "description": "Represents what's commonly known as an *indicator of compromise* (IoC) in computer forensics. This is an artifact observed on a network or in an operating system that, with high confidence, indicates a computer intrusion. For more information, see [Indicator of compromise](https://en.wikipedia.org/wiki/Indicator_of_compromise)." + }, + "kernelRootkit": { + "$ref": "GoogleCloudSecuritycenterV2KernelRootkit", + "description": "Signature of the kernel rootkit." + }, + "kubernetes": { + "$ref": "GoogleCloudSecuritycenterV2Kubernetes", + "description": "Kubernetes resources associated with the finding." + }, + "loadBalancers": { + "description": "The load balancers associated with the finding.", + "items": { + "$ref": "GoogleCloudSecuritycenterV2LoadBalancer" + }, + "type": "array" + }, + "logEntries": { + "description": "Log entries that are relevant to the finding.", + "items": { + "$ref": "GoogleCloudSecuritycenterV2LogEntry" + }, + "type": "array" + }, + "mitreAttack": { + "$ref": "GoogleCloudSecuritycenterV2MitreAttack", + "description": "MITRE ATT\u0026CK tactics and techniques related to this finding. See: https://attack.mitre.org" + }, + "moduleName": { + "description": "Unique identifier of the module which generated the finding. Example: folders/598186756061/securityHealthAnalyticsSettings/customModules/56799441161885", + "type": "string" + }, + "mute": { + "description": "Indicates the mute state of a finding (either muted, unmuted or undefined). Unlike other attributes of a finding, a finding provider shouldn't set the value of mute.", + "enum": [ + "MUTE_UNSPECIFIED", + "MUTED", + "UNMUTED", + "UNDEFINED" + ], + "enumDescriptions": [ + "Unspecified.", + "Finding has been muted.", + "Finding has been unmuted.", + "Finding has never been muted/unmuted." + ], + "type": "string" + }, + "muteInitiator": { + "description": "Records additional information about the mute operation, for example, the [mute configuration](https://cloud.google.com/security-command-center/docs/how-to-mute-findings) that muted the finding and the user who muted the finding.", + "type": "string" + }, + "muteUpdateTime": { + "description": "Output only. The most recent time this finding was muted or unmuted.", + "format": "google-datetime", + "readOnly": true, + "type": "string" + }, + "name": { + "description": "The [relative resource name](https://cloud.google.com/apis/design/resource_names#relative_resource_name) of the finding. The following list shows some examples: + `organizations/{organization_id}/sources/{source_id}/findings/{finding_id}` + `organizations/{organization_id}/sources/{source_id}/locations/{location_id}/findings/{finding_id}` + `folders/{folder_id}/sources/{source_id}/findings/{finding_id}` + `folders/{folder_id}/sources/{source_id}/locations/{location_id}/findings/{finding_id}` + `projects/{project_id}/sources/{source_id}/findings/{finding_id}` + `projects/{project_id}/sources/{source_id}/locations/{location_id}/findings/{finding_id}`", + "type": "string" + }, + "nextSteps": { + "description": "Steps to address the finding.", + "type": "string" + }, + "orgPolicies": { + "description": "Contains information about the org policies associated with the finding.", + "items": { + "$ref": "GoogleCloudSecuritycenterV2OrgPolicy" + }, + "type": "array" + }, + "parent": { + "description": "The relative resource name of the source and location the finding belongs to. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name This field is immutable after creation time. The following list shows some examples: + `organizations/{organization_id}/sources/{source_id}` + `folders/{folders_id}/sources/{source_id}` + `projects/{projects_id}/sources/{source_id}` + `organizations/{organization_id}/sources/{source_id}/locations/{location_id}` + `folders/{folders_id}/sources/{source_id}/locations/{location_id}` + `projects/{projects_id}/sources/{source_id}/locations/{location_id}`", + "type": "string" + }, + "parentDisplayName": { + "description": "Output only. The human readable display name of the finding source such as \"Event Threat Detection\" or \"Security Health Analytics\".", + "readOnly": true, + "type": "string" + }, + "processes": { + "description": "Represents operating system processes associated with the Finding.", + "items": { + "$ref": "GoogleCloudSecuritycenterV2Process" + }, + "type": "array" + }, + "resourceName": { + "description": "Immutable. For findings on Google Cloud resources, the full resource name of the Google Cloud resource this finding is for. See: https://cloud.google.com/apis/design/resource_names#full_resource_name When the finding is for a non-Google Cloud resource, the resourceName can be a customer or partner defined string.", + "type": "string" + }, + "securityMarks": { + "$ref": "GoogleCloudSecuritycenterV2SecurityMarks", + "description": "Output only. User specified security marks. These marks are entirely managed by the user and come from the SecurityMarks resource that belongs to the finding.", + "readOnly": true + }, + "securityPosture": { + "$ref": "GoogleCloudSecuritycenterV2SecurityPosture", + "description": "The security posture associated with the finding." + }, + "severity": { + "description": "The severity of the finding. This field is managed by the source that writes the finding.", + "enum": [ + "SEVERITY_UNSPECIFIED", + "CRITICAL", + "HIGH", + "MEDIUM", + "LOW" + ], + "enumDescriptions": [ + "This value is used for findings when a source doesn't write a severity value.", + "Vulnerability: A critical vulnerability is easily discoverable by an external actor, exploitable, and results in the direct ability to execute arbitrary code, exfiltrate data, and otherwise gain additional access and privileges to cloud resources and workloads. Examples include publicly accessible unprotected user data and public SSH access with weak or no passwords. Threat: Indicates a threat that is able to access, modify, or delete data or execute unauthorized code within existing resources.", + "Vulnerability: A high risk vulnerability can be easily discovered and exploited in combination with other vulnerabilities in order to gain direct access and the ability to execute arbitrary code, exfiltrate data, and otherwise gain additional access and privileges to cloud resources and workloads. An example is a database with weak or no passwords that is only accessible internally. This database could easily be compromised by an actor that had access to the internal network. Threat: Indicates a threat that is able to create new computational resources in an environment but not able to access data or execute code in existing resources.", + "Vulnerability: A medium risk vulnerability could be used by an actor to gain access to resources or privileges that enable them to eventually (through multiple steps or a complex exploit) gain access and the ability to execute arbitrary code or exfiltrate data. An example is a service account with access to more projects than it should have. If an actor gains access to the service account, they could potentially use that access to manipulate a project the service account was not intended to. Threat: Indicates a threat that is able to cause operational impact but may not access data or execute unauthorized code.", + "Vulnerability: A low risk vulnerability hampers a security organization's ability to detect vulnerabilities or active threats in their deployment, or prevents the root cause investigation of security issues. An example is monitoring and logs being disabled for resource configurations and access. Threat: Indicates a threat that has obtained minimal access to an environment but is not able to access data, execute code, or create resources." + ], + "type": "string" + }, + "sourceProperties": { + "additionalProperties": { + "type": "any" + }, + "description": "Source specific properties. These properties are managed by the source that writes the finding. The key names in the source_properties map must be between 1 and 255 characters, and must start with a letter and contain alphanumeric characters or underscores only.", + "type": "object" + }, + "state": { + "description": "Output only. The state of the finding.", + "enum": [ + "STATE_UNSPECIFIED", + "ACTIVE", + "INACTIVE" + ], + "enumDescriptions": [ + "Unspecified state.", + "The finding requires attention and has not been addressed yet.", + "The finding has been fixed, triaged as a non-issue or otherwise addressed and is no longer active." + ], + "readOnly": true, + "type": "string" + }, + "vulnerability": { + "$ref": "GoogleCloudSecuritycenterV2Vulnerability", + "description": "Represents vulnerability-specific fields like CVE and CVSS scores. CVE stands for Common Vulnerabilities and Exposures (https://cve.mitre.org/about/)" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2Geolocation": { + "description": "Represents a geographical location for a given access.", + "id": "GoogleCloudSecuritycenterV2Geolocation", + "properties": { + "regionCode": { + "description": "A CLDR.", + "type": "string" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2IamBinding": { + "description": "Represents a particular IAM binding, which captures a member's role addition, removal, or state.", + "id": "GoogleCloudSecuritycenterV2IamBinding", + "properties": { + "action": { + "description": "The action that was performed on a Binding.", + "enum": [ + "ACTION_UNSPECIFIED", + "ADD", + "REMOVE" + ], + "enumDescriptions": [ + "Unspecified.", + "Addition of a Binding.", + "Removal of a Binding." + ], + "type": "string" + }, + "member": { + "description": "A single identity requesting access for a Cloud Platform resource, for example, \"foo@google.com\".", + "type": "string" + }, + "role": { + "description": "Role that is assigned to \"members\". For example, \"roles/viewer\", \"roles/editor\", or \"roles/owner\".", + "type": "string" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2Indicator": { + "description": "Represents what's commonly known as an _indicator of compromise_ (IoC) in computer forensics. This is an artifact observed on a network or in an operating system that, with high confidence, indicates a computer intrusion. For more information, see [Indicator of compromise](https://en.wikipedia.org/wiki/Indicator_of_compromise).", + "id": "GoogleCloudSecuritycenterV2Indicator", + "properties": { + "domains": { + "description": "List of domains associated to the Finding.", + "items": { + "type": "string" + }, + "type": "array" + }, + "ipAddresses": { + "description": "The list of IP addresses that are associated with the finding.", + "items": { + "type": "string" + }, + "type": "array" + }, + "signatures": { + "description": "The list of matched signatures indicating that the given process is present in the environment.", + "items": { + "$ref": "GoogleCloudSecuritycenterV2ProcessSignature" + }, + "type": "array" + }, + "uris": { + "description": "The list of URIs associated to the Findings.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2KernelRootkit": { + "description": "Kernel mode rootkit signatures.", + "id": "GoogleCloudSecuritycenterV2KernelRootkit", + "properties": { + "name": { + "description": "Rootkit name, when available.", + "type": "string" + }, + "unexpectedCodeModification": { + "description": "True if unexpected modifications of kernel code memory are present.", + "type": "boolean" + }, + "unexpectedFtraceHandler": { + "description": "True if `ftrace` points are present with callbacks pointing to regions that are not in the expected kernel or module code range.", + "type": "boolean" + }, + "unexpectedInterruptHandler": { + "description": "True if interrupt handlers that are are not in the expected kernel or module code regions are present.", + "type": "boolean" + }, + "unexpectedKernelCodePages": { + "description": "True if kernel code pages that are not in the expected kernel or module code regions are present.", + "type": "boolean" + }, + "unexpectedKprobeHandler": { + "description": "True if `kprobe` points are present with callbacks pointing to regions that are not in the expected kernel or module code range.", + "type": "boolean" + }, + "unexpectedProcessesInRunqueue": { + "description": "True if unexpected processes in the scheduler run queue are present. Such processes are in the run queue, but not in the process task list.", + "type": "boolean" + }, + "unexpectedReadOnlyDataModification": { + "description": "True if unexpected modifications of kernel read-only data memory are present.", + "type": "boolean" + }, + "unexpectedSystemCallHandler": { + "description": "True if system call handlers that are are not in the expected kernel or module code regions are present.", + "type": "boolean" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2Kubernetes": { + "description": "Kubernetes-related attributes.", + "id": "GoogleCloudSecuritycenterV2Kubernetes", + "properties": { + "accessReviews": { + "description": "Provides information on any Kubernetes access reviews (privilege checks) relevant to the finding.", + "items": { + "$ref": "GoogleCloudSecuritycenterV2AccessReview" + }, + "type": "array" + }, + "bindings": { + "description": "Provides Kubernetes role binding information for findings that involve [RoleBindings or ClusterRoleBindings](https://cloud.google.com/kubernetes-engine/docs/how-to/role-based-access-control).", + "items": { + "$ref": "GoogleCloudSecuritycenterV2Binding" + }, + "type": "array" + }, + "nodePools": { + "description": "GKE [node pools](https://cloud.google.com/kubernetes-engine/docs/concepts/node-pools) associated with the finding. This field contains node pool information for each node, when it is available.", + "items": { + "$ref": "GoogleCloudSecuritycenterV2NodePool" + }, + "type": "array" + }, + "nodes": { + "description": "Provides Kubernetes [node](https://cloud.google.com/kubernetes-engine/docs/concepts/cluster-architecture#nodes) information.", + "items": { + "$ref": "GoogleCloudSecuritycenterV2Node" + }, + "type": "array" + }, + "objects": { + "description": "Kubernetes objects related to the finding.", + "items": { + "$ref": "GoogleCloudSecuritycenterV2Object" + }, + "type": "array" + }, + "pods": { + "description": "Kubernetes [Pods](https://cloud.google.com/kubernetes-engine/docs/concepts/pod) associated with the finding. This field contains Pod records for each container that is owned by a Pod.", + "items": { + "$ref": "GoogleCloudSecuritycenterV2Pod" + }, + "type": "array" + }, + "roles": { + "description": "Provides Kubernetes role information for findings that involve [Roles or ClusterRoles](https://cloud.google.com/kubernetes-engine/docs/how-to/role-based-access-control).", + "items": { + "$ref": "GoogleCloudSecuritycenterV2Role" + }, + "type": "array" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2Label": { + "description": "Represents a generic name-value label. A label has separate name and value fields to support filtering with the `contains()` function. For more information, see [Filtering on array-type fields](https://cloud.google.com/security-command-center/docs/how-to-api-list-findings#array-contains-filtering).", + "id": "GoogleCloudSecuritycenterV2Label", + "properties": { + "name": { + "description": "Name of the label.", + "type": "string" + }, + "value": { + "description": "Value that corresponds to the label's name.", + "type": "string" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2LoadBalancer": { + "description": "Contains information related to the load balancer associated with the finding.", + "id": "GoogleCloudSecuritycenterV2LoadBalancer", + "properties": { + "name": { + "description": "The name of the load balancer associated with the finding.", + "type": "string" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2LogEntry": { + "description": "An individual entry in a log.", + "id": "GoogleCloudSecuritycenterV2LogEntry", + "properties": { + "cloudLoggingEntry": { + "$ref": "GoogleCloudSecuritycenterV2CloudLoggingEntry", + "description": "An individual entry in a log stored in Cloud Logging." + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2MemoryHashSignature": { + "description": "A signature corresponding to memory page hashes.", + "id": "GoogleCloudSecuritycenterV2MemoryHashSignature", + "properties": { + "binaryFamily": { + "description": "The binary family.", + "type": "string" + }, + "detections": { + "description": "The list of memory hash detections contributing to the binary family match.", + "items": { + "$ref": "GoogleCloudSecuritycenterV2Detection" + }, + "type": "array" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2MitreAttack": { + "description": "MITRE ATT\u0026CK tactics and techniques related to this finding. See: https://attack.mitre.org", + "id": "GoogleCloudSecuritycenterV2MitreAttack", + "properties": { + "additionalTactics": { + "description": "Additional MITRE ATT\u0026CK tactics related to this finding, if any.", + "items": { + "enum": [ + "TACTIC_UNSPECIFIED", + "RECONNAISSANCE", + "RESOURCE_DEVELOPMENT", + "INITIAL_ACCESS", + "EXECUTION", + "PERSISTENCE", + "PRIVILEGE_ESCALATION", + "DEFENSE_EVASION", + "CREDENTIAL_ACCESS", + "DISCOVERY", + "LATERAL_MOVEMENT", + "COLLECTION", + "COMMAND_AND_CONTROL", + "EXFILTRATION", + "IMPACT" + ], + "enumDescriptions": [ + "Unspecified value.", + "TA0043", + "TA0042", + "TA0001", + "TA0002", + "TA0003", + "TA0004", + "TA0005", + "TA0006", + "TA0007", + "TA0008", + "TA0009", + "TA0011", + "TA0010", + "TA0040" + ], + "type": "string" + }, + "type": "array" + }, + "additionalTechniques": { + "description": "Additional MITRE ATT\u0026CK techniques related to this finding, if any, along with any of their respective parent techniques.", + "items": { + "enum": [ + "TECHNIQUE_UNSPECIFIED", + "ACTIVE_SCANNING", + "SCANNING_IP_BLOCKS", + "INGRESS_TOOL_TRANSFER", + "NATIVE_API", + "SHARED_MODULES", + "COMMAND_AND_SCRIPTING_INTERPRETER", + "UNIX_SHELL", + "RESOURCE_HIJACKING", + "PROXY", + "EXTERNAL_PROXY", + "MULTI_HOP_PROXY", + "DYNAMIC_RESOLUTION", + "UNSECURED_CREDENTIALS", + "VALID_ACCOUNTS", + "LOCAL_ACCOUNTS", + "CLOUD_ACCOUNTS", + "NETWORK_DENIAL_OF_SERVICE", + "PERMISSION_GROUPS_DISCOVERY", + "CLOUD_GROUPS", + "EXFILTRATION_OVER_WEB_SERVICE", + "EXFILTRATION_TO_CLOUD_STORAGE", + "ACCOUNT_MANIPULATION", + "SSH_AUTHORIZED_KEYS", + "CREATE_OR_MODIFY_SYSTEM_PROCESS", + "STEAL_WEB_SESSION_COOKIE", + "MODIFY_CLOUD_COMPUTE_INFRASTRUCTURE", + "EXPLOIT_PUBLIC_FACING_APPLICATION", + "MODIFY_AUTHENTICATION_PROCESS", + "DATA_DESTRUCTION", + "DOMAIN_POLICY_MODIFICATION", + "IMPAIR_DEFENSES", + "NETWORK_SERVICE_DISCOVERY", + "ACCESS_TOKEN_MANIPULATION", + "ABUSE_ELEVATION_CONTROL_MECHANISM", + "DEFAULT_ACCOUNTS", + "INHIBIT_SYSTEM_RECOVERY" + ], + "enumDescriptions": [ + "Unspecified value.", + "T1595", + "T1595.001", + "T1105", + "T1106", + "T1129", + "T1059", + "T1059.004", + "T1496", + "T1090", + "T1090.002", + "T1090.003", + "T1568", + "T1552", + "T1078", + "T1078.003", + "T1078.004", + "T1498", + "T1069", + "T1069.003", + "T1567", + "T1567.002", + "T1098", + "T1098.004", + "T1543", + "T1539", + "T1578", + "T1190", + "T1556", + "T1485", + "T1484", + "T1562", + "T1046", + "T1134", + "T1548", + "T1078.001", + "T1490" + ], + "type": "string" + }, + "type": "array" + }, + "primaryTactic": { + "description": "The MITRE ATT\u0026CK tactic most closely represented by this finding, if any.", + "enum": [ + "TACTIC_UNSPECIFIED", + "RECONNAISSANCE", + "RESOURCE_DEVELOPMENT", + "INITIAL_ACCESS", + "EXECUTION", + "PERSISTENCE", + "PRIVILEGE_ESCALATION", + "DEFENSE_EVASION", + "CREDENTIAL_ACCESS", + "DISCOVERY", + "LATERAL_MOVEMENT", + "COLLECTION", + "COMMAND_AND_CONTROL", + "EXFILTRATION", + "IMPACT" + ], + "enumDescriptions": [ + "Unspecified value.", + "TA0043", + "TA0042", + "TA0001", + "TA0002", + "TA0003", + "TA0004", + "TA0005", + "TA0006", + "TA0007", + "TA0008", + "TA0009", + "TA0011", + "TA0010", + "TA0040" + ], + "type": "string" + }, + "primaryTechniques": { + "description": "The MITRE ATT\u0026CK technique most closely represented by this finding, if any. primary_techniques is a repeated field because there are multiple levels of MITRE ATT\u0026CK techniques. If the technique most closely represented by this finding is a sub-technique (e.g. `SCANNING_IP_BLOCKS`), both the sub-technique and its parent technique(s) will be listed (e.g. `SCANNING_IP_BLOCKS`, `ACTIVE_SCANNING`).", + "items": { + "enum": [ + "TECHNIQUE_UNSPECIFIED", + "ACTIVE_SCANNING", + "SCANNING_IP_BLOCKS", + "INGRESS_TOOL_TRANSFER", + "NATIVE_API", + "SHARED_MODULES", + "COMMAND_AND_SCRIPTING_INTERPRETER", + "UNIX_SHELL", + "RESOURCE_HIJACKING", + "PROXY", + "EXTERNAL_PROXY", + "MULTI_HOP_PROXY", + "DYNAMIC_RESOLUTION", + "UNSECURED_CREDENTIALS", + "VALID_ACCOUNTS", + "LOCAL_ACCOUNTS", + "CLOUD_ACCOUNTS", + "NETWORK_DENIAL_OF_SERVICE", + "PERMISSION_GROUPS_DISCOVERY", + "CLOUD_GROUPS", + "EXFILTRATION_OVER_WEB_SERVICE", + "EXFILTRATION_TO_CLOUD_STORAGE", + "ACCOUNT_MANIPULATION", + "SSH_AUTHORIZED_KEYS", + "CREATE_OR_MODIFY_SYSTEM_PROCESS", + "STEAL_WEB_SESSION_COOKIE", + "MODIFY_CLOUD_COMPUTE_INFRASTRUCTURE", + "EXPLOIT_PUBLIC_FACING_APPLICATION", + "MODIFY_AUTHENTICATION_PROCESS", + "DATA_DESTRUCTION", + "DOMAIN_POLICY_MODIFICATION", + "IMPAIR_DEFENSES", + "NETWORK_SERVICE_DISCOVERY", + "ACCESS_TOKEN_MANIPULATION", + "ABUSE_ELEVATION_CONTROL_MECHANISM", + "DEFAULT_ACCOUNTS", + "INHIBIT_SYSTEM_RECOVERY" + ], + "enumDescriptions": [ + "Unspecified value.", + "T1595", + "T1595.001", + "T1105", + "T1106", + "T1129", + "T1059", + "T1059.004", + "T1496", + "T1090", + "T1090.002", + "T1090.003", + "T1568", + "T1552", + "T1078", + "T1078.003", + "T1078.004", + "T1498", + "T1069", + "T1069.003", + "T1567", + "T1567.002", + "T1098", + "T1098.004", + "T1543", + "T1539", + "T1578", + "T1190", + "T1556", + "T1485", + "T1484", + "T1562", + "T1046", + "T1134", + "T1548", + "T1078.001", + "T1490" + ], + "type": "string" + }, + "type": "array" + }, + "version": { + "description": "The MITRE ATT\u0026CK version referenced by the above fields. E.g. \"8\".", + "type": "string" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2MuteConfig": { + "description": "A mute config is a Cloud SCC resource that contains the configuration to mute create/update events of findings.", + "id": "GoogleCloudSecuritycenterV2MuteConfig", + "properties": { + "createTime": { + "description": "Output only. The time at which the mute config was created. This field is set by the server and will be ignored if provided on config creation.", + "format": "google-datetime", + "readOnly": true, + "type": "string" + }, + "description": { + "description": "A description of the mute config.", + "type": "string" + }, + "filter": { + "description": "Required. An expression that defines the filter to apply across create/update events of findings. While creating a filter string, be mindful of the scope in which the mute configuration is being created. E.g., If a filter contains project = X but is created under the project = Y scope, it might not match any findings. The following field and operator combinations are supported: * severity: `=`, `:` * category: `=`, `:` * resource.name: `=`, `:` * resource.project_name: `=`, `:` * resource.project_display_name: `=`, `:` * resource.folders.resource_folder: `=`, `:` * resource.parent_name: `=`, `:` * resource.parent_display_name: `=`, `:` * resource.type: `=`, `:` * finding_class: `=`, `:` * indicator.ip_addresses: `=`, `:` * indicator.domains: `=`, `:`", + "type": "string" + }, + "mostRecentEditor": { + "description": "Output only. Email address of the user who last edited the mute config. This field is set by the server and will be ignored if provided on config creation or update.", + "readOnly": true, + "type": "string" + }, + "name": { + "description": "This field will be ignored if provided on config creation. The following list shows some examples of the format: + `organizations/{organization}/muteConfigs/{mute_config}` + `organizations/{organization}locations/{location}//muteConfigs/{mute_config}` + `folders/{folder}/muteConfigs/{mute_config}` + `folders/{folder}/locations/{location}/muteConfigs/{mute_config}` + `projects/{project}/muteConfigs/{mute_config}` + `projects/{project}/locations/{location}/muteConfigs/{mute_config}`", + "type": "string" + }, + "updateTime": { + "description": "Output only. The most recent time at which the mute config was updated. This field is set by the server and will be ignored if provided on config creation or update.", + "format": "google-datetime", + "readOnly": true, + "type": "string" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2Node": { + "description": "Kubernetes nodes associated with the finding.", + "id": "GoogleCloudSecuritycenterV2Node", + "properties": { + "name": { + "description": "[Full resource name](https://google.aip.dev/122#full-resource-names) of the Compute Engine VM running the cluster node.", + "type": "string" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2NodePool": { + "description": "Provides GKE node pool information.", + "id": "GoogleCloudSecuritycenterV2NodePool", + "properties": { + "name": { + "description": "Kubernetes node pool name.", + "type": "string" + }, + "nodes": { + "description": "Nodes associated with the finding.", + "items": { + "$ref": "GoogleCloudSecuritycenterV2Node" + }, + "type": "array" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2NotificationMessage": { + "description": "Cloud SCC's Notification", + "id": "GoogleCloudSecuritycenterV2NotificationMessage", + "properties": { + "finding": { + "$ref": "GoogleCloudSecuritycenterV2Finding", + "description": "If it's a Finding based notification config, this field will be populated." + }, + "notificationConfigName": { + "description": "Name of the notification config that generated current notification.", + "type": "string" + }, + "resource": { + "$ref": "GoogleCloudSecuritycenterV2Resource", + "description": "The Cloud resource tied to this notification's Finding." + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2Object": { + "description": "Kubernetes object related to the finding, uniquely identified by GKNN. Used if the object Kind is not one of Pod, Node, NodePool, Binding, or AccessReview.", + "id": "GoogleCloudSecuritycenterV2Object", + "properties": { + "containers": { + "description": "Pod containers associated with this finding, if any.", + "items": { + "$ref": "GoogleCloudSecuritycenterV2Container" + }, + "type": "array" + }, + "group": { + "description": "Kubernetes object group, such as \"policy.k8s.io/v1\".", + "type": "string" + }, + "kind": { + "description": "Kubernetes object kind, such as \"Namespace\".", + "type": "string" + }, + "name": { + "description": "Kubernetes object name. For details see https://kubernetes.io/docs/concepts/overview/working-with-objects/names/.", + "type": "string" + }, + "ns": { + "description": "Kubernetes object namespace. Must be a valid DNS label. Named \"ns\" to avoid collision with C++ namespace keyword. For details see https://kubernetes.io/docs/tasks/administer-cluster/namespaces/.", + "type": "string" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2OrgPolicy": { + "description": "Contains information about the org policies associated with the finding.", + "id": "GoogleCloudSecuritycenterV2OrgPolicy", + "properties": { + "name": { + "description": "The resource name of the org policy. Example: \"organizations/{organization_id}/policies/{constraint_name}\"", + "type": "string" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2Pod": { + "description": "A Kubernetes Pod.", + "id": "GoogleCloudSecuritycenterV2Pod", + "properties": { + "containers": { + "description": "Pod containers associated with this finding, if any.", + "items": { + "$ref": "GoogleCloudSecuritycenterV2Container" + }, + "type": "array" + }, + "labels": { + "description": "Pod labels. For Kubernetes containers, these are applied to the container.", + "items": { + "$ref": "GoogleCloudSecuritycenterV2Label" + }, + "type": "array" + }, + "name": { + "description": "Kubernetes Pod name.", + "type": "string" + }, + "ns": { + "description": "Kubernetes Pod namespace.", + "type": "string" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2Process": { + "description": "Represents an operating system process.", + "id": "GoogleCloudSecuritycenterV2Process", + "properties": { + "args": { + "description": "Process arguments as JSON encoded strings.", + "items": { + "type": "string" + }, + "type": "array" + }, + "argumentsTruncated": { + "description": "True if `args` is incomplete.", + "type": "boolean" + }, + "binary": { + "$ref": "GoogleCloudSecuritycenterV2File", + "description": "File information for the process executable." + }, + "envVariables": { + "description": "Process environment variables.", + "items": { + "$ref": "GoogleCloudSecuritycenterV2EnvironmentVariable" + }, + "type": "array" + }, + "envVariablesTruncated": { + "description": "True if `env_variables` is incomplete.", + "type": "boolean" + }, + "libraries": { + "description": "File information for libraries loaded by the process.", + "items": { + "$ref": "GoogleCloudSecuritycenterV2File" + }, + "type": "array" + }, + "name": { + "description": "The process name, as displayed in utilities like `top` and `ps`. This name can be accessed through `/proc/[pid]/comm` and changed with `prctl(PR_SET_NAME)`.", + "type": "string" + }, + "parentPid": { + "description": "The parent process ID.", + "format": "int64", + "type": "string" + }, + "pid": { + "description": "The process ID.", + "format": "int64", + "type": "string" + }, + "script": { + "$ref": "GoogleCloudSecuritycenterV2File", + "description": "When the process represents the invocation of a script, `binary` provides information about the interpreter, while `script` provides information about the script file provided to the interpreter." + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2ProcessSignature": { + "description": "Indicates what signature matched this process.", + "id": "GoogleCloudSecuritycenterV2ProcessSignature", + "properties": { + "memoryHashSignature": { + "$ref": "GoogleCloudSecuritycenterV2MemoryHashSignature", + "description": "Signature indicating that a binary family was matched." + }, + "yaraRuleSignature": { + "$ref": "GoogleCloudSecuritycenterV2YaraRuleSignature", + "description": "Signature indicating that a YARA rule was matched." + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2Reference": { + "description": "Additional Links", + "id": "GoogleCloudSecuritycenterV2Reference", + "properties": { + "source": { + "description": "Source of the reference e.g. NVD", + "type": "string" + }, + "uri": { + "description": "Uri for the mentioned source e.g. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34527.", + "type": "string" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2Resource": { + "description": "Information related to the Google Cloud resource.", + "id": "GoogleCloudSecuritycenterV2Resource", + "properties": { + "displayName": { + "description": "The human readable name of the resource.", + "type": "string" + }, + "name": { + "description": "The full resource name of the resource. See: https://cloud.google.com/apis/design/resource_names#full_resource_name", + "type": "string" + }, + "type": { + "description": "The full resource type of the resource.", + "type": "string" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2ResourceValueConfig": { + "description": "A resource value config (RVC) is a mapping configuration of user's resources to resource values. Used in Attack path simulations.", + "id": "GoogleCloudSecuritycenterV2ResourceValueConfig", + "properties": { + "createTime": { + "description": "Output only. Timestamp this resource value config was created.", + "format": "google-datetime", + "readOnly": true, + "type": "string" + }, + "description": { + "description": "Description of the resource value config.", + "type": "string" + }, + "name": { + "description": "Name for the resource value config", + "type": "string" + }, + "resourceLabelsSelector": { + "additionalProperties": { + "type": "string" + }, + "description": "List of resource labels to search for, evaluated with AND. E.g. \"resource_labels_selector\": {\"key\": \"value\", \"env\": \"prod\"} will match resources with labels \"key\": \"value\" AND \"env\": \"prod\" https://cloud.google.com/resource-manager/docs/creating-managing-labels", + "type": "object" + }, + "resourceType": { + "description": "Apply resource_value only to resources that match resource_type. resource_type will be checked with \"AND\" of other resources. E.g. \"storage.googleapis.com/Bucket\" with resource_value \"HIGH\" will apply \"HIGH\" value only to \"storage.googleapis.com/Bucket\" resources.", + "type": "string" + }, + "resourceValue": { + "description": "Required. Resource value level this expression represents", + "enum": [ + "RESOURCE_VALUE_UNSPECIFIED", + "HIGH", + "MEDIUM", + "LOW", + "NONE" + ], + "enumDescriptions": [ + "Unspecific value", + "High resource value", + "Medium resource value", + "Low resource value", + "No resource value, e.g. ignore these resources" + ], + "type": "string" + }, + "scope": { + "description": "Project or folder to scope this config to. For example, \"project/456\" would apply this config only to resources in \"project/456\" scope will be checked with \"AND\" of other resources.", + "type": "string" + }, + "tagValues": { + "description": "Required. Tag values combined with AND to check against. Values in the form \"tagValues/123\" E.g. [ \"tagValues/123\", \"tagValues/456\", \"tagValues/789\" ] https://cloud.google.com/resource-manager/docs/tags/tags-creating-and-managing", + "items": { + "type": "string" + }, + "type": "array" + }, + "updateTime": { + "description": "Output only. Timestamp this resource value config was last updated.", + "format": "google-datetime", + "readOnly": true, + "type": "string" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2Role": { + "description": "Kubernetes Role or ClusterRole.", + "id": "GoogleCloudSecuritycenterV2Role", + "properties": { + "kind": { + "description": "Role type.", + "enum": [ + "KIND_UNSPECIFIED", + "ROLE", + "CLUSTER_ROLE" + ], + "enumDescriptions": [ + "Role type is not specified.", + "Kubernetes Role.", + "Kubernetes ClusterRole." + ], + "type": "string" + }, + "name": { + "description": "Role name.", + "type": "string" + }, + "ns": { + "description": "Role namespace.", + "type": "string" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2SecurityMarks": { + "description": "User specified security marks that are attached to the parent Security Command Center resource. Security marks are scoped within a Security Command Center organization -- they can be modified and viewed by all users who have proper permissions on the organization.", + "id": "GoogleCloudSecuritycenterV2SecurityMarks", + "properties": { + "canonicalName": { + "description": "The canonical name of the marks. The following list shows some examples: + `organizations/{organization_id}/assets/{asset_id}/securityMarks\" + `organizations/{organization_id}/sources/{source_id}/findings/{finding_id}/securityMarks\" + `organizations/{organization_id}/sources/{source_id}/locations/{location}/findings/{finding_id}/securityMarks\" + `folders/{folder_id}/assets/{asset_id}/securityMarks\" + `folders/{folder_id}/sources/{source_id}/findings/{finding_id}/securityMarks\" + `folders/{folder_id}/sources/{source_id}/locations/{location}/findings/{finding_id}/securityMarks\" + `projects/{project_number}/assets/{asset_id}/securityMarks\" + `projects/{project_number}/sources/{source_id}/findings/{finding_id}/securityMarks\" + `projects/{project_number}/sources/{source_id}/locations/{location}/findings/{finding_id}/securityMarks\"", + "type": "string" + }, + "marks": { + "additionalProperties": { + "type": "string" + }, + "description": "Mutable user specified security marks belonging to the parent resource. Constraints are as follows: * Keys and values are treated as case insensitive * Keys must be between 1 - 256 characters (inclusive) * Keys must be letters, numbers, underscores, or dashes * Values have leading and trailing whitespace trimmed, remaining characters must be between 1 - 4096 characters (inclusive)", + "type": "object" + }, + "name": { + "description": "The relative resource name of the SecurityMarks. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name The following list shows some examples: + `organizations/{organization_id}/assets/{asset_id}/securityMarks` + `organizations/{organization_id}/sources/{source_id}/findings/{finding_id}/securityMarks` + `organizations/{organization_id}/sources/{source_id}/locations/{location}/findings/{finding_id}/securityMarks`", + "type": "string" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2SecurityPosture": { + "description": "Represents a posture that is deployed on Google Cloud by the Security Command Center Posture Management service. A posture contains one or more policy sets. A policy set is a group of policies that enforce a set of security rules on Google Cloud.", + "id": "GoogleCloudSecuritycenterV2SecurityPosture", + "properties": { + "changedPolicy": { + "description": "The name of the policy that has been updated, for example, `projects/{project_id}/policies/{constraint_name}`.", + "type": "string" + }, + "name": { + "description": "Name of the posture, for example, `organizations/{org_id}/locations/{location}/postures/{posture_name}`.", + "type": "string" + }, + "postureDeployment": { + "description": "The name of the posture deployment, for example, `projects/{project_id}/posturedeployments/{posture_deployment_id}`.", + "type": "string" + }, + "postureDeploymentResource": { + "description": "The project, folder, or organization on which the posture is deployed, for example, `projects/{project_id}`.", + "type": "string" + }, + "revisionId": { + "description": "The version of the posture, for example, `c7cfa2a8`.", + "type": "string" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2ServiceAccountDelegationInfo": { + "description": "Identity delegation history of an authenticated service account.", + "id": "GoogleCloudSecuritycenterV2ServiceAccountDelegationInfo", + "properties": { + "principalEmail": { + "description": "The email address of a Google account.", + "type": "string" + }, + "principalSubject": { + "description": "A string representing the principal_subject associated with the identity. As compared to `principal_email`, supports principals that aren't associated with email addresses, such as third party principals. For most identities, the format will be `principal://iam.googleapis.com/{identity pool name}/subjects/{subject}` except for some GKE identities (GKE_WORKLOAD, FREEFORM, GKE_HUB_WORKLOAD) that are still in the legacy format `serviceAccount:{identity pool name}[{subject}]`", + "type": "string" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2Subject": { + "description": "Represents a Kubernetes subject.", + "id": "GoogleCloudSecuritycenterV2Subject", + "properties": { + "kind": { + "description": "Authentication type for the subject.", + "enum": [ + "AUTH_TYPE_UNSPECIFIED", + "USER", + "SERVICEACCOUNT", + "GROUP" + ], + "enumDescriptions": [ + "Authentication is not specified.", + "User with valid certificate.", + "Users managed by Kubernetes API with credentials stored as secrets.", + "Collection of users." + ], + "type": "string" + }, + "name": { + "description": "Name for the subject.", + "type": "string" + }, + "ns": { + "description": "Namespace for the subject.", + "type": "string" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2Vulnerability": { + "description": "Refers to common vulnerability fields e.g. cve, cvss, cwe etc.", + "id": "GoogleCloudSecuritycenterV2Vulnerability", + "properties": { + "cve": { + "$ref": "GoogleCloudSecuritycenterV2Cve", + "description": "CVE stands for Common Vulnerabilities and Exposures (https://cve.mitre.org/about/)" + } + }, + "type": "object" + }, + "GoogleCloudSecuritycenterV2YaraRuleSignature": { + "description": "A signature corresponding to a YARA rule.", + "id": "GoogleCloudSecuritycenterV2YaraRuleSignature", + "properties": { + "yaraRule": { + "description": "The name of the YARA rule.", + "type": "string" + } + }, + "type": "object" + }, "IamBinding": { "description": "Represents a particular IAM binding, which captures a member's role addition, removal, or state.", "id": "IamBinding", @@ -4264,7 +6456,7 @@ "type": "string" }, "kind": { - "description": "Kubernetes object kind, such as “Namespace”.", + "description": "Kubernetes object kind, such as \"Namespace\".", "type": "string" }, "name": { diff --git a/securitycenter/v1beta2/securitycenter-gen.go b/securitycenter/v1beta2/securitycenter-gen.go index c76133147f2..eae40c3552c 100644 --- a/securitycenter/v1beta2/securitycenter-gen.go +++ b/securitycenter/v1beta2/securitycenter-gen.go @@ -580,6 +580,41 @@ func (s *AccessReview) MarshalJSON() ([]byte, error) { return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) } +// Application: Represents an application associated with a finding. +type Application struct { + // BaseUri: The base URI that identifies the network location of the + // application in which the vulnerability was detected. Examples: + // http://11.22.33.44, http://foo.com, http://11.22.33.44:8080 + BaseUri string `json:"baseUri,omitempty"` + + // FullUri: The full URI with payload that can be used to reproduce the + // vulnerability. Example: + // http://11.22.33.44/reflected/parameter/attribute/singlequoted/js?p=aMmYgI6H + FullUri string `json:"fullUri,omitempty"` + + // ForceSendFields is a list of field names (e.g. "BaseUri") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "BaseUri") to include in + // API requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *Application) MarshalJSON() ([]byte, error) { + type NoMethod Application + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + // AttackExposure: An attack exposure contains the results of an attack // path simulation run. type AttackExposure struct { @@ -657,6 +692,94 @@ func (s *AttackExposure) UnmarshalJSON(data []byte) error { return nil } +// BackupDisasterRecovery: Information related to Google Cloud Backup +// and DR Service findings. +type BackupDisasterRecovery struct { + // Appliance: The name of the Backup and DR appliance that captures, + // moves, and manages the lifecycle of backup data. For example, + // “backup-server-57137”. + Appliance string `json:"appliance,omitempty"` + + // Applications: The names of Backup and DR applications. An application + // is a VM, database, or file system on a managed host monitored by a + // backup and recovery appliance. For example, “centos7-01-vol00”, + // “centos7-01-vol01”, “centos7-01-vol02”. + Applications []string `json:"applications,omitempty"` + + // BackupCreateTime: The timestamp at which the Backup and DR backup was + // created. + BackupCreateTime string `json:"backupCreateTime,omitempty"` + + // BackupTemplate: The name of a Backup and DR template which comprises + // one or more backup policies. See the Backup and DR documentation + // (https://cloud.google.com/backup-disaster-recovery/docs/concepts/backup-plan#temp) + // for more information. For example, “snap-ov”. + BackupTemplate string `json:"backupTemplate,omitempty"` + + // BackupType: The backup type of the Backup and DR image. For example, + // “Snapshot”, “Remote Snapshot”, “OnVault”. + BackupType string `json:"backupType,omitempty"` + + // Host: The name of a Backup and DR host, which is managed by the + // backup and recovery appliance and known to the management console. + // The host can be of type Generic (for example, Compute Engine, SQL + // Server, Oracle DB, SMB file system, etc.), vCenter, or an ESX server. + // See the Backup and DR documentation on hosts + // (https://cloud.google.com/backup-disaster-recovery/docs/configuration/manage-hosts-and-their-applications) + // for more information. For example, “centos7-01”. + Host string `json:"host,omitempty"` + + // Policies: The names of Backup and DR policies that are associated + // with a template and that define when to run a backup, how frequently + // to run a backup, and how long to retain the backup image. For + // example, “onvaults”. + Policies []string `json:"policies,omitempty"` + + // PolicyOptions: The names of Backup and DR advanced policy options of + // a policy applying to an application. See the Backup and DR + // documentation on policy options + // (https://cloud.google.com/backup-disaster-recovery/docs/create-plan/policy-settings). + // For example, “skipofflineappsincongrp, nounmap”. + PolicyOptions []string `json:"policyOptions,omitempty"` + + // Profile: The name of the Backup and DR resource profile that + // specifies the storage media for backups of application and VM data. + // See the Backup and DR documentation on profiles + // (https://cloud.google.com/backup-disaster-recovery/docs/concepts/backup-plan#profile). + // For example, “GCP”. + Profile string `json:"profile,omitempty"` + + // StoragePool: The name of the Backup and DR storage pool that the + // backup and recovery appliance is storing data in. The storage pool + // could be of type Cloud, Primary, Snapshot, or OnVault. See the Backup + // and DR documentation on storage pools + // (https://cloud.google.com/backup-disaster-recovery/docs/concepts/storage-pools). + // For example, “DiskPoolOne”. + StoragePool string `json:"storagePool,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Appliance") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Appliance") to include in + // API requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *BackupDisasterRecovery) MarshalJSON() ([]byte, error) { + type NoMethod BackupDisasterRecovery + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + // CloudDlpDataProfile: The data profile // (https://cloud.google.com/dlp/docs/data-profiles) associated with the // finding. @@ -821,6 +944,59 @@ func (s *Compliance) MarshalJSON() ([]byte, error) { return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) } +// ComplianceSnapshot: Result containing the properties and count of a +// ComplianceSnapshot request. +type ComplianceSnapshot struct { + // Category: The category of Findings matching. + Category string `json:"category,omitempty"` + + // ComplianceStandard: The compliance standard (ie CIS). + ComplianceStandard string `json:"complianceStandard,omitempty"` + + // ComplianceVersion: The compliance version (ie 1.3) in CIS 1.3. + ComplianceVersion string `json:"complianceVersion,omitempty"` + + // Count: Total count of findings for the given properties. + Count int64 `json:"count,omitempty,string"` + + // LeafContainerResource: The leaf container resource name that is + // closest to the snapshot. + LeafContainerResource string `json:"leafContainerResource,omitempty"` + + // Name: The compliance snapshot name. Format: + // //sources//complianceSnapshots/ + Name string `json:"name,omitempty"` + + // ProjectDisplayName: The CRM resource display name that is closest to + // the snapshot the Findings belong to. + ProjectDisplayName string `json:"projectDisplayName,omitempty"` + + // SnapshotTime: The snapshot time of the snapshot. + SnapshotTime string `json:"snapshotTime,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Category") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Category") to include in + // API requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *ComplianceSnapshot) MarshalJSON() ([]byte, error) { + type NoMethod ComplianceSnapshot + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + // Config: Configuration of a module. type Config struct { // ModuleEnablementState: The state of enablement for the module at its @@ -1713,10 +1889,16 @@ type Finding struct { // information on the caller, which method was accessed, and from where. Access *Access `json:"access,omitempty"` + // Application: Represents an application associated with the finding. + Application *Application `json:"application,omitempty"` + // AttackExposure: The results of an attack path simulation relevant to // this finding. AttackExposure *AttackExposure `json:"attackExposure,omitempty"` + // BackupDisasterRecovery: Fields related to Backup and DR findings. + BackupDisasterRecovery *BackupDisasterRecovery `json:"backupDisasterRecovery,omitempty"` + // CanonicalName: The canonical name of the finding. It's either // "organizations/{organization_id}/sources/{source_id}/findings/{finding // _id}", @@ -3191,6 +3373,2991 @@ func (s *GoogleCloudSecuritycenterV1p1beta1SecurityMarks) MarshalJSON() ([]byte, return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) } +// GoogleCloudSecuritycenterV2Access: Represents an access event. +type GoogleCloudSecuritycenterV2Access struct { + // CallerIp: Caller's IP address, such as "1.1.1.1". + CallerIp string `json:"callerIp,omitempty"` + + // CallerIpGeo: The caller IP's geolocation, which identifies where the + // call came from. + CallerIpGeo *GoogleCloudSecuritycenterV2Geolocation `json:"callerIpGeo,omitempty"` + + // MethodName: The method that the service account called, e.g. + // "SetIamPolicy". + MethodName string `json:"methodName,omitempty"` + + // PrincipalEmail: Associated email, such as "foo@google.com". The email + // address of the authenticated user or a service account acting on + // behalf of a third party principal making the request. For third party + // identity callers, the `principal_subject` field is populated instead + // of this field. For privacy reasons, the principal email address is + // sometimes redacted. For more information, see Caller identities in + // audit logs (https://cloud.google.com/logging/docs/audit#user-id). + PrincipalEmail string `json:"principalEmail,omitempty"` + + // PrincipalSubject: A string that represents the principal_subject that + // is associated with the identity. Unlike `principal_email`, + // `principal_subject` supports principals that aren't associated with + // email addresses, such as third party principals. For most identities, + // the format is `principal://iam.googleapis.com/{identity pool + // name}/subject/{subject}`. Some GKE identities, such as GKE_WORKLOAD, + // FREEFORM, and GKE_HUB_WORKLOAD, still use the legacy format + // `serviceAccount:{identity pool name}[{subject}]`. + PrincipalSubject string `json:"principalSubject,omitempty"` + + // ServiceAccountDelegationInfo: The identity delegation history of an + // authenticated service account that made the request. The + // `serviceAccountDelegationInfo[]` object contains information about + // the real authorities that try to access Google Cloud resources by + // delegating on a service account. When multiple authorities are + // present, they are guaranteed to be sorted based on the original + // ordering of the identity delegation events. + ServiceAccountDelegationInfo []*GoogleCloudSecuritycenterV2ServiceAccountDelegationInfo `json:"serviceAccountDelegationInfo,omitempty"` + + // ServiceAccountKeyName: The name of the service account key that was + // used to create or exchange credentials when authenticating the + // service account that made the request. This is a scheme-less URI full + // resource name. For example: + // "//iam.googleapis.com/projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/ + // keys/{key}". + ServiceAccountKeyName string `json:"serviceAccountKeyName,omitempty"` + + // ServiceName: This is the API service that the service account made a + // call to, e.g. "iam.googleapis.com" + ServiceName string `json:"serviceName,omitempty"` + + // UserAgent: The caller's user agent string associated with the + // finding. + UserAgent string `json:"userAgent,omitempty"` + + // UserAgentFamily: Type of user agent associated with the finding. For + // example, an operating system shell or an embedded or standalone + // application. + UserAgentFamily string `json:"userAgentFamily,omitempty"` + + // UserName: A string that represents a username. The username provided + // depends on the type of the finding and is likely not an IAM + // principal. For example, this can be a system username if the finding + // is related to a virtual machine, or it can be an application login + // username. + UserName string `json:"userName,omitempty"` + + // ForceSendFields is a list of field names (e.g. "CallerIp") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "CallerIp") to include in + // API requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2Access) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2Access + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2AccessReview: Conveys information about a +// Kubernetes access review (such as one returned by a `kubectl auth +// can-i` +// (https://kubernetes.io/docs/reference/access-authn-authz/authorization/#checking-api-access) +// command) that was involved in a finding. +type GoogleCloudSecuritycenterV2AccessReview struct { + // Group: The API group of the resource. "*" means all. + Group string `json:"group,omitempty"` + + // Name: The name of the resource being requested. Empty means all. + Name string `json:"name,omitempty"` + + // Ns: Namespace of the action being requested. Currently, there is no + // distinction between no namespace and all namespaces. Both are + // represented by "" (empty). + Ns string `json:"ns,omitempty"` + + // Resource: The optional resource type requested. "*" means all. + Resource string `json:"resource,omitempty"` + + // Subresource: The optional subresource type. + Subresource string `json:"subresource,omitempty"` + + // Verb: A Kubernetes resource API verb, like get, list, watch, create, + // update, delete, proxy. "*" means all. + Verb string `json:"verb,omitempty"` + + // Version: The API version of the resource. "*" means all. + Version string `json:"version,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Group") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Group") to include in API + // requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2AccessReview) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2AccessReview + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2Application: Represents an application +// associated with a finding. +type GoogleCloudSecuritycenterV2Application struct { + // BaseUri: The base URI that identifies the network location of the + // application in which the vulnerability was detected. Examples: + // http://11.22.33.44, http://foo.com, http://11.22.33.44:8080 + BaseUri string `json:"baseUri,omitempty"` + + // FullUri: The full URI with payload that could be used to reproduce + // the vulnerability. Example: + // http://11.22.33.44/reflected/parameter/attribute/singlequoted/js?p=aMmYgI6H + FullUri string `json:"fullUri,omitempty"` + + // ForceSendFields is a list of field names (e.g. "BaseUri") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "BaseUri") to include in + // API requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2Application) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2Application + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2AttackExposure: An attack exposure +// contains the results of an attack path simulation run. +type GoogleCloudSecuritycenterV2AttackExposure struct { + // AttackExposureResult: The resource name of the attack path simulation + // result that contains the details regarding this attack exposure + // score. Example: organizations/123/attackExposureResults/456 + AttackExposureResult string `json:"attackExposureResult,omitempty"` + + // ExposedHighValueResourcesCount: The number of high value resources + // that are exposed as a result of this finding. + ExposedHighValueResourcesCount int64 `json:"exposedHighValueResourcesCount,omitempty"` + + // ExposedLowValueResourcesCount: The number of high value resources + // that are exposed as a result of this finding. + ExposedLowValueResourcesCount int64 `json:"exposedLowValueResourcesCount,omitempty"` + + // ExposedMediumValueResourcesCount: The number of medium value + // resources that are exposed as a result of this finding. + ExposedMediumValueResourcesCount int64 `json:"exposedMediumValueResourcesCount,omitempty"` + + // LatestCalculationTime: The most recent time the attack exposure was + // updated on this finding. + LatestCalculationTime string `json:"latestCalculationTime,omitempty"` + + // Score: A number between 0 (inclusive) and infinity that represents + // how important this finding is to remediate. The higher the score, the + // more important it is to remediate. + Score float64 `json:"score,omitempty"` + + // State: Output only. What state this AttackExposure is in. This + // captures whether or not an attack exposure has been calculated or + // not. + // + // Possible values: + // "STATE_UNSPECIFIED" - The state is not specified. + // "CALCULATED" - The attack exposure has been calculated. + // "NOT_CALCULATED" - The attack exposure has not been calculated. + State string `json:"state,omitempty"` + + // ForceSendFields is a list of field names (e.g. + // "AttackExposureResult") to unconditionally include in API requests. + // By default, fields with empty or default values are omitted from API + // requests. However, any non-pointer, non-interface field appearing in + // ForceSendFields will be sent to the server regardless of whether the + // field is empty or not. This may be used to include empty fields in + // Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "AttackExposureResult") to + // include in API requests with the JSON null value. By default, fields + // with empty values are omitted from API requests. However, any field + // with an empty value appearing in NullFields will be sent to the + // server as null. It is an error if a field in this list has a + // non-empty value. This may be used to include null fields in Patch + // requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2AttackExposure) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2AttackExposure + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +func (s *GoogleCloudSecuritycenterV2AttackExposure) UnmarshalJSON(data []byte) error { + type NoMethod GoogleCloudSecuritycenterV2AttackExposure + var s1 struct { + Score gensupport.JSONFloat64 `json:"score"` + *NoMethod + } + s1.NoMethod = (*NoMethod)(s) + if err := json.Unmarshal(data, &s1); err != nil { + return err + } + s.Score = float64(s1.Score) + return nil +} + +// GoogleCloudSecuritycenterV2BackupDisasterRecovery: Information +// related to Google Cloud Backup and DR Service findings. +type GoogleCloudSecuritycenterV2BackupDisasterRecovery struct { + // Appliance: The name of the Backup and DR appliance that captures, + // moves, and manages the lifecycle of backup data. For example, + // “backup-server-57137”. + Appliance string `json:"appliance,omitempty"` + + // Applications: The names of Backup and DR applications. An application + // is a VM, database, or file system on a managed host monitored by a + // backup and recovery appliance. For example, “centos7-01-vol00”, + // “centos7-01-vol01”, “centos7-01-vol02”. + Applications []string `json:"applications,omitempty"` + + // BackupCreateTime: The timestamp at which the Backup and DR backup was + // created. + BackupCreateTime string `json:"backupCreateTime,omitempty"` + + // BackupTemplate: The name of a Backup and DR template which comprises + // one or more backup policies. See the Backup and DR documentation + // (https://cloud.google.com/backup-disaster-recovery/docs/concepts/backup-plan#temp) + // for more information. For example, “snap-ov”. + BackupTemplate string `json:"backupTemplate,omitempty"` + + // BackupType: The backup type of the Backup and DR image. For example, + // “Snapshot”, “Remote Snapshot”, “OnVault”. + BackupType string `json:"backupType,omitempty"` + + // Host: The name of a Backup and DR host, which is managed by the + // backup and recovery appliance and known to the management console. + // The host can be of type Generic (for example, Compute Engine, SQL + // Server, Oracle DB, SMB file system, etc.), vCenter, or an ESX server. + // See the Backup and DR documentation on hosts + // (https://cloud.google.com/backup-disaster-recovery/docs/configuration/manage-hosts-and-their-applications) + // for more information. For example, “centos7-01”. + Host string `json:"host,omitempty"` + + // Policies: The names of Backup and DR policies that are associated + // with a template and that define when to run a backup, how frequently + // to run a backup, and how long to retain the backup image. For + // example, “onvaults”. + Policies []string `json:"policies,omitempty"` + + // PolicyOptions: The names of Backup and DR advanced policy options of + // a policy applying to an application. See the Backup and DR + // documentation on policy options + // (https://cloud.google.com/backup-disaster-recovery/docs/create-plan/policy-settings). + // For example, “skipofflineappsincongrp, nounmap”. + PolicyOptions []string `json:"policyOptions,omitempty"` + + // Profile: The name of the Backup and DR resource profile that + // specifies the storage media for backups of application and VM data. + // See the Backup and DR documentation on profiles + // (https://cloud.google.com/backup-disaster-recovery/docs/concepts/backup-plan#profile). + // For example, “GCP”. + Profile string `json:"profile,omitempty"` + + // StoragePool: The name of the Backup and DR storage pool that the + // backup and recovery appliance is storing data in. The storage pool + // could be of type Cloud, Primary, Snapshot, or OnVault. See the Backup + // and DR documentation on storage pools + // (https://cloud.google.com/backup-disaster-recovery/docs/concepts/storage-pools). + // For example, “DiskPoolOne”. + StoragePool string `json:"storagePool,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Appliance") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Appliance") to include in + // API requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2BackupDisasterRecovery) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2BackupDisasterRecovery + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2BigQueryExport: Configures how to deliver +// Findings to BigQuery Instance. +type GoogleCloudSecuritycenterV2BigQueryExport struct { + // CreateTime: Output only. The time at which the BigQuery export was + // created. This field is set by the server and will be ignored if + // provided on export on creation. + CreateTime string `json:"createTime,omitempty"` + + // Dataset: The dataset to write findings' updates to. Its format is + // "projects/[project_id]/datasets/[bigquery_dataset_id]". BigQuery + // Dataset unique ID must contain only letters (a-z, A-Z), numbers + // (0-9), or underscores (_). + Dataset string `json:"dataset,omitempty"` + + // Description: The description of the export (max of 1024 characters). + Description string `json:"description,omitempty"` + + // Filter: Expression that defines the filter to apply across + // create/update events of findings. The expression is a list of zero or + // more restrictions combined via logical operators `AND` and `OR`. + // Parentheses are supported, and `OR` has higher precedence than `AND`. + // Restrictions have the form ` ` and may have a `-` character in front + // of them to indicate negation. The fields map to those defined in the + // corresponding resource. The supported operators are: * `=` for all + // value types. * `>`, `<`, `>=`, `<=` for integer values. * `:`, + // meaning substring matching, for strings. The supported value types + // are: * string literals in quotes. * integer literals without quotes. + // * boolean literals `true` and `false` without quotes. + Filter string `json:"filter,omitempty"` + + // MostRecentEditor: Output only. Email address of the user who last + // edited the BigQuery export. This field is set by the server and will + // be ignored if provided on export creation or update. + MostRecentEditor string `json:"mostRecentEditor,omitempty"` + + // Name: The relative resource name of this export. See: + // https://cloud.google.com/apis/design/resource_names#relative_resource_name. + // The following list shows some examples: + + // `organizations/{organization_id}/locations/{location_id}/bigQueryExpor + // ts/{export_id}` + + // `folders/{folder_id}/locations/{location_id}/bigQueryExports/{export_i + // d}` + + // `projects/{project_id}/locations/{location_id}/bigQueryExports/{export + // _id}` This field is provided in responses, and is ignored when + // provided in create requests. + Name string `json:"name,omitempty"` + + // Principal: Output only. The service account that needs permission to + // create table and upload data to the BigQuery dataset. + Principal string `json:"principal,omitempty"` + + // UpdateTime: Output only. The most recent time at which the BigQuery + // export was updated. This field is set by the server and will be + // ignored if provided on export creation or update. + UpdateTime string `json:"updateTime,omitempty"` + + // ForceSendFields is a list of field names (e.g. "CreateTime") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "CreateTime") to include in + // API requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2BigQueryExport) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2BigQueryExport + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2Binding: Represents a Kubernetes +// RoleBinding or ClusterRoleBinding. +type GoogleCloudSecuritycenterV2Binding struct { + // Name: Name for the binding. + Name string `json:"name,omitempty"` + + // Ns: Namespace for the binding. + Ns string `json:"ns,omitempty"` + + // Role: The Role or ClusterRole referenced by the binding. + Role *GoogleCloudSecuritycenterV2Role `json:"role,omitempty"` + + // Subjects: Represents one or more subjects that are bound to the role. + // Not always available for PATCH requests. + Subjects []*GoogleCloudSecuritycenterV2Subject `json:"subjects,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Name") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Name") to include in API + // requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2Binding) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2Binding + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2BulkMuteFindingsResponse: The response to +// a BulkMute request. Contains the LRO information. +type GoogleCloudSecuritycenterV2BulkMuteFindingsResponse struct { +} + +// GoogleCloudSecuritycenterV2CloudDlpDataProfile: The data profile +// (https://cloud.google.com/dlp/docs/data-profiles) associated with the +// finding. +type GoogleCloudSecuritycenterV2CloudDlpDataProfile struct { + // DataProfile: Name of the data profile, for example, + // `projects/123/locations/europe/tableProfiles/8383929`. + DataProfile string `json:"dataProfile,omitempty"` + + // ParentType: The resource hierarchy level at which the data profile + // was generated. + // + // Possible values: + // "PARENT_TYPE_UNSPECIFIED" - Unspecified parent type. + // "ORGANIZATION" - Organization-level configurations. + // "PROJECT" - Project-level configurations. + ParentType string `json:"parentType,omitempty"` + + // ForceSendFields is a list of field names (e.g. "DataProfile") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "DataProfile") to include + // in API requests with the JSON null value. By default, fields with + // empty values are omitted from API requests. However, any field with + // an empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2CloudDlpDataProfile) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2CloudDlpDataProfile + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2CloudDlpInspection: Details about the +// Cloud Data Loss Prevention (Cloud DLP) inspection job +// (https://cloud.google.com/dlp/docs/concepts-job-triggers) that +// produced the finding. +type GoogleCloudSecuritycenterV2CloudDlpInspection struct { + // FullScan: Whether Cloud DLP scanned the complete resource or a + // sampled subset. + FullScan bool `json:"fullScan,omitempty"` + + // InfoType: The type of information (or *infoType + // (https://cloud.google.com/dlp/docs/infotypes-reference)*) found, for + // example, `EMAIL_ADDRESS` or `STREET_ADDRESS`. + InfoType string `json:"infoType,omitempty"` + + // InfoTypeCount: The number of times Cloud DLP found this infoType + // within this job and resource. + InfoTypeCount int64 `json:"infoTypeCount,omitempty,string"` + + // InspectJob: Name of the inspection job, for example, + // `projects/123/locations/europe/dlpJobs/i-8383929`. + InspectJob string `json:"inspectJob,omitempty"` + + // ForceSendFields is a list of field names (e.g. "FullScan") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "FullScan") to include in + // API requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2CloudDlpInspection) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2CloudDlpInspection + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2CloudLoggingEntry: Metadata taken from a +// Cloud Logging LogEntry +// (https://cloud.google.com/logging/docs/reference/v2/rest/v2/LogEntry) +type GoogleCloudSecuritycenterV2CloudLoggingEntry struct { + // InsertId: A unique identifier for the log entry. + InsertId string `json:"insertId,omitempty"` + + // LogId: The type of the log (part of `log_name`. `log_name` is the + // resource name of the log to which this log entry belongs). For + // example: `cloudresourcemanager.googleapis.com/activity` Note that + // this field is not URL-encoded, unlike in `LogEntry`. + LogId string `json:"logId,omitempty"` + + // ResourceContainer: The organization, folder, or project of the + // monitored resource that produced this log entry. + ResourceContainer string `json:"resourceContainer,omitempty"` + + // Timestamp: The time the event described by the log entry occurred. + Timestamp string `json:"timestamp,omitempty"` + + // ForceSendFields is a list of field names (e.g. "InsertId") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "InsertId") to include in + // API requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2CloudLoggingEntry) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2CloudLoggingEntry + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2Compliance: Contains compliance +// information about a security standard indicating unmet +// recommendations. +type GoogleCloudSecuritycenterV2Compliance struct { + // Ids: Policies within the standard or benchmark, for example, A.12.4.1 + Ids []string `json:"ids,omitempty"` + + // Standard: Industry-wide compliance standards or benchmarks, such as + // CIS, PCI, and OWASP. + Standard string `json:"standard,omitempty"` + + // Version: Version of the standard or benchmark, for example, 1.1 + Version string `json:"version,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Ids") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Ids") to include in API + // requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2Compliance) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2Compliance + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2Connection: Contains information about the +// IP connection associated with the finding. +type GoogleCloudSecuritycenterV2Connection struct { + // DestinationIp: Destination IP address. Not present for sockets that + // are listening and not connected. + DestinationIp string `json:"destinationIp,omitempty"` + + // DestinationPort: Destination port. Not present for sockets that are + // listening and not connected. + DestinationPort int64 `json:"destinationPort,omitempty"` + + // Protocol: IANA Internet Protocol Number such as TCP(6) and UDP(17). + // + // Possible values: + // "PROTOCOL_UNSPECIFIED" - Unspecified protocol (not HOPOPT). + // "ICMP" - Internet Control Message Protocol. + // "TCP" - Transmission Control Protocol. + // "UDP" - User Datagram Protocol. + // "GRE" - Generic Routing Encapsulation. + // "ESP" - Encap Security Payload. + Protocol string `json:"protocol,omitempty"` + + // SourceIp: Source IP address. + SourceIp string `json:"sourceIp,omitempty"` + + // SourcePort: Source port. + SourcePort int64 `json:"sourcePort,omitempty"` + + // ForceSendFields is a list of field names (e.g. "DestinationIp") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "DestinationIp") to include + // in API requests with the JSON null value. By default, fields with + // empty values are omitted from API requests. However, any field with + // an empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2Connection) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2Connection + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2Contact: The email address of a contact. +type GoogleCloudSecuritycenterV2Contact struct { + // Email: An email address. For example, "person123@company.com". + Email string `json:"email,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Email") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Email") to include in API + // requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2Contact) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2Contact + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2ContactDetails: Details about specific +// contacts +type GoogleCloudSecuritycenterV2ContactDetails struct { + // Contacts: A list of contacts + Contacts []*GoogleCloudSecuritycenterV2Contact `json:"contacts,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Contacts") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Contacts") to include in + // API requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2ContactDetails) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2ContactDetails + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2Container: Container associated with the +// finding. +type GoogleCloudSecuritycenterV2Container struct { + // CreateTime: The time that the container was created. + CreateTime string `json:"createTime,omitempty"` + + // ImageId: Optional container image ID, if provided by the container + // runtime. Uniquely identifies the container image launched using a + // container image digest. + ImageId string `json:"imageId,omitempty"` + + // Labels: Container labels, as provided by the container runtime. + Labels []*GoogleCloudSecuritycenterV2Label `json:"labels,omitempty"` + + // Name: Name of the container. + Name string `json:"name,omitempty"` + + // Uri: Container image URI provided when configuring a pod or + // container. This string can identify a container image version using + // mutable tags. + Uri string `json:"uri,omitempty"` + + // ForceSendFields is a list of field names (e.g. "CreateTime") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "CreateTime") to include in + // API requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2Container) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2Container + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2Cve: CVE stands for Common Vulnerabilities +// and Exposures. More information: https://cve.mitre.org +type GoogleCloudSecuritycenterV2Cve struct { + // Cvssv3: Describe Common Vulnerability Scoring System specified at + // https://www.first.org/cvss/v3.1/specification-document + Cvssv3 *GoogleCloudSecuritycenterV2Cvssv3 `json:"cvssv3,omitempty"` + + // Id: The unique identifier for the vulnerability. e.g. CVE-2021-34527 + Id string `json:"id,omitempty"` + + // References: Additional information about the CVE. e.g. + // https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34527 + References []*GoogleCloudSecuritycenterV2Reference `json:"references,omitempty"` + + // UpstreamFixAvailable: Whether upstream fix is available for the CVE. + UpstreamFixAvailable bool `json:"upstreamFixAvailable,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Cvssv3") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Cvssv3") to include in API + // requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2Cve) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2Cve + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2Cvssv3: Common Vulnerability Scoring +// System version 3. +type GoogleCloudSecuritycenterV2Cvssv3 struct { + // AttackComplexity: This metric describes the conditions beyond the + // attacker's control that must exist in order to exploit the + // vulnerability. + // + // Possible values: + // "ATTACK_COMPLEXITY_UNSPECIFIED" - Invalid value. + // "ATTACK_COMPLEXITY_LOW" - Specialized access conditions or + // extenuating circumstances do not exist. An attacker can expect + // repeatable success when attacking the vulnerable component. + // "ATTACK_COMPLEXITY_HIGH" - A successful attack depends on + // conditions beyond the attacker's control. That is, a successful + // attack cannot be accomplished at will, but requires the attacker to + // invest in some measurable amount of effort in preparation or + // execution against the vulnerable component before a successful attack + // can be expected. + AttackComplexity string `json:"attackComplexity,omitempty"` + + // AttackVector: Base Metrics Represents the intrinsic characteristics + // of a vulnerability that are constant over time and across user + // environments. This metric reflects the context by which vulnerability + // exploitation is possible. + // + // Possible values: + // "ATTACK_VECTOR_UNSPECIFIED" - Invalid value. + // "ATTACK_VECTOR_NETWORK" - The vulnerable component is bound to the + // network stack and the set of possible attackers extends beyond the + // other options listed below, up to and including the entire Internet. + // "ATTACK_VECTOR_ADJACENT" - The vulnerable component is bound to the + // network stack, but the attack is limited at the protocol level to a + // logically adjacent topology. + // "ATTACK_VECTOR_LOCAL" - The vulnerable component is not bound to + // the network stack and the attacker's path is via read/write/execute + // capabilities. + // "ATTACK_VECTOR_PHYSICAL" - The attack requires the attacker to + // physically touch or manipulate the vulnerable component. + AttackVector string `json:"attackVector,omitempty"` + + // AvailabilityImpact: This metric measures the impact to the + // availability of the impacted component resulting from a successfully + // exploited vulnerability. + // + // Possible values: + // "IMPACT_UNSPECIFIED" - Invalid value. + // "IMPACT_HIGH" - High impact. + // "IMPACT_LOW" - Low impact. + // "IMPACT_NONE" - No impact. + AvailabilityImpact string `json:"availabilityImpact,omitempty"` + + // BaseScore: The base score is a function of the base metric scores. + BaseScore float64 `json:"baseScore,omitempty"` + + // ConfidentialityImpact: This metric measures the impact to the + // confidentiality of the information resources managed by a software + // component due to a successfully exploited vulnerability. + // + // Possible values: + // "IMPACT_UNSPECIFIED" - Invalid value. + // "IMPACT_HIGH" - High impact. + // "IMPACT_LOW" - Low impact. + // "IMPACT_NONE" - No impact. + ConfidentialityImpact string `json:"confidentialityImpact,omitempty"` + + // IntegrityImpact: This metric measures the impact to integrity of a + // successfully exploited vulnerability. + // + // Possible values: + // "IMPACT_UNSPECIFIED" - Invalid value. + // "IMPACT_HIGH" - High impact. + // "IMPACT_LOW" - Low impact. + // "IMPACT_NONE" - No impact. + IntegrityImpact string `json:"integrityImpact,omitempty"` + + // PrivilegesRequired: This metric describes the level of privileges an + // attacker must possess before successfully exploiting the + // vulnerability. + // + // Possible values: + // "PRIVILEGES_REQUIRED_UNSPECIFIED" - Invalid value. + // "PRIVILEGES_REQUIRED_NONE" - The attacker is unauthorized prior to + // attack, and therefore does not require any access to settings or + // files of the vulnerable system to carry out an attack. + // "PRIVILEGES_REQUIRED_LOW" - The attacker requires privileges that + // provide basic user capabilities that could normally affect only + // settings and files owned by a user. Alternatively, an attacker with + // Low privileges has the ability to access only non-sensitive + // resources. + // "PRIVILEGES_REQUIRED_HIGH" - The attacker requires privileges that + // provide significant (e.g., administrative) control over the + // vulnerable component allowing access to component-wide settings and + // files. + PrivilegesRequired string `json:"privilegesRequired,omitempty"` + + // Scope: The Scope metric captures whether a vulnerability in one + // vulnerable component impacts resources in components beyond its + // security scope. + // + // Possible values: + // "SCOPE_UNSPECIFIED" - Invalid value. + // "SCOPE_UNCHANGED" - An exploited vulnerability can only affect + // resources managed by the same security authority. + // "SCOPE_CHANGED" - An exploited vulnerability can affect resources + // beyond the security scope managed by the security authority of the + // vulnerable component. + Scope string `json:"scope,omitempty"` + + // UserInteraction: This metric captures the requirement for a human + // user, other than the attacker, to participate in the successful + // compromise of the vulnerable component. + // + // Possible values: + // "USER_INTERACTION_UNSPECIFIED" - Invalid value. + // "USER_INTERACTION_NONE" - The vulnerable system can be exploited + // without interaction from any user. + // "USER_INTERACTION_REQUIRED" - Successful exploitation of this + // vulnerability requires a user to take some action before the + // vulnerability can be exploited. + UserInteraction string `json:"userInteraction,omitempty"` + + // ForceSendFields is a list of field names (e.g. "AttackComplexity") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "AttackComplexity") to + // include in API requests with the JSON null value. By default, fields + // with empty values are omitted from API requests. However, any field + // with an empty value appearing in NullFields will be sent to the + // server as null. It is an error if a field in this list has a + // non-empty value. This may be used to include null fields in Patch + // requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2Cvssv3) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2Cvssv3 + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +func (s *GoogleCloudSecuritycenterV2Cvssv3) UnmarshalJSON(data []byte) error { + type NoMethod GoogleCloudSecuritycenterV2Cvssv3 + var s1 struct { + BaseScore gensupport.JSONFloat64 `json:"baseScore"` + *NoMethod + } + s1.NoMethod = (*NoMethod)(s) + if err := json.Unmarshal(data, &s1); err != nil { + return err + } + s.BaseScore = float64(s1.BaseScore) + return nil +} + +// GoogleCloudSecuritycenterV2Database: Represents database access +// information, such as queries. A database may be a sub-resource of an +// instance (as in the case of Cloud SQL instances or Cloud Spanner +// instances), or the database instance itself. Some database resources +// might not have the full resource name +// (https://google.aip.dev/122#full-resource-names) populated because +// these resource types, such as Cloud SQL databases, are not yet +// supported by Cloud Asset Inventory. In these cases only the display +// name is provided. +type GoogleCloudSecuritycenterV2Database struct { + // DisplayName: The human-readable name of the database that the user + // connected to. + DisplayName string `json:"displayName,omitempty"` + + // Grantees: The target usernames, roles, or groups of an SQL privilege + // grant, which is not an IAM policy change. + Grantees []string `json:"grantees,omitempty"` + + // Name: Some database resources may not have the full resource name + // (https://google.aip.dev/122#full-resource-names) populated because + // these resource types are not yet supported by Cloud Asset Inventory + // (e.g. Cloud SQL databases). In these cases only the display name will + // be provided. The full resource name + // (https://google.aip.dev/122#full-resource-names) of the database that + // the user connected to, if it is supported by Cloud Asset Inventory. + Name string `json:"name,omitempty"` + + // Query: The SQL statement that is associated with the database access. + Query string `json:"query,omitempty"` + + // UserName: The username used to connect to the database. The username + // might not be an IAM principal and does not have a set format. + UserName string `json:"userName,omitempty"` + + // Version: The version of the database, for example, POSTGRES_14. See + // the complete list + // (https://cloud.google.com/sql/docs/mysql/admin-api/rest/v1/SqlDatabaseVersion). + Version string `json:"version,omitempty"` + + // ForceSendFields is a list of field names (e.g. "DisplayName") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "DisplayName") to include + // in API requests with the JSON null value. By default, fields with + // empty values are omitted from API requests. However, any field with + // an empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2Database) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2Database + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2Detection: Memory hash detection +// contributing to the binary family match. +type GoogleCloudSecuritycenterV2Detection struct { + // Binary: The name of the binary associated with the memory hash + // signature detection. + Binary string `json:"binary,omitempty"` + + // PercentPagesMatched: The percentage of memory page hashes in the + // signature that were matched. + PercentPagesMatched float64 `json:"percentPagesMatched,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Binary") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Binary") to include in API + // requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2Detection) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2Detection + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +func (s *GoogleCloudSecuritycenterV2Detection) UnmarshalJSON(data []byte) error { + type NoMethod GoogleCloudSecuritycenterV2Detection + var s1 struct { + PercentPagesMatched gensupport.JSONFloat64 `json:"percentPagesMatched"` + *NoMethod + } + s1.NoMethod = (*NoMethod)(s) + if err := json.Unmarshal(data, &s1); err != nil { + return err + } + s.PercentPagesMatched = float64(s1.PercentPagesMatched) + return nil +} + +// GoogleCloudSecuritycenterV2EnvironmentVariable: A name-value pair +// representing an environment variable used in an operating system +// process. +type GoogleCloudSecuritycenterV2EnvironmentVariable struct { + // Name: Environment variable name as a JSON encoded string. + Name string `json:"name,omitempty"` + + // Val: Environment variable value as a JSON encoded string. + Val string `json:"val,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Name") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Name") to include in API + // requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2EnvironmentVariable) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2EnvironmentVariable + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2ExfilResource: Resource where data was +// exfiltrated from or exfiltrated to. +type GoogleCloudSecuritycenterV2ExfilResource struct { + // Components: Subcomponents of the asset that was exfiltrated, like + // URIs used during exfiltration, table names, databases, and filenames. + // For example, multiple tables might have been exfiltrated from the + // same Cloud SQL instance, or multiple files might have been + // exfiltrated from the same Cloud Storage bucket. + Components []string `json:"components,omitempty"` + + // Name: The resource's full resource name + // (https://cloud.google.com/apis/design/resource_names#full_resource_name). + Name string `json:"name,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Components") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Components") to include in + // API requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2ExfilResource) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2ExfilResource + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2Exfiltration: Exfiltration represents a +// data exfiltration attempt from one or more sources to one or more +// targets. The `sources` attribute lists the sources of the exfiltrated +// data. The `targets` attribute lists the destinations the data was +// copied to. +type GoogleCloudSecuritycenterV2Exfiltration struct { + // Sources: If there are multiple sources, then the data is considered + // "joined" between them. For instance, BigQuery can join multiple + // tables, and each table would be considered a source. + Sources []*GoogleCloudSecuritycenterV2ExfilResource `json:"sources,omitempty"` + + // Targets: If there are multiple targets, each target would get a + // complete copy of the "joined" source data. + Targets []*GoogleCloudSecuritycenterV2ExfilResource `json:"targets,omitempty"` + + // TotalExfiltratedBytes: Total exfiltrated bytes processed for the + // entire job. + TotalExfiltratedBytes int64 `json:"totalExfiltratedBytes,omitempty,string"` + + // ForceSendFields is a list of field names (e.g. "Sources") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Sources") to include in + // API requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2Exfiltration) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2Exfiltration + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2ExternalSystem: Representation of third +// party SIEM/SOAR fields within SCC. +type GoogleCloudSecuritycenterV2ExternalSystem struct { + // Assignees: References primary/secondary etc assignees in the external + // system. + Assignees []string `json:"assignees,omitempty"` + + // ExternalSystemUpdateTime: The time when the case was last updated, as + // reported by the external system. + ExternalSystemUpdateTime string `json:"externalSystemUpdateTime,omitempty"` + + // ExternalUid: The identifier that's used to track the finding's + // corresponding case in the external system. + ExternalUid string `json:"externalUid,omitempty"` + + // Name: Full resource name of the external system. The following list + // shows some examples: + + // `organizations/1234/sources/5678/findings/123456/externalSystems/jira` + // + + // `organizations/1234/sources/5678/locations/us/findings/123456/external + // Systems/jira` + + // `folders/1234/sources/5678/findings/123456/externalSystems/jira` + + // `folders/1234/sources/5678/locations/us/findings/123456/externalSystem + // s/jira` + + // `projects/1234/sources/5678/findings/123456/externalSystems/jira` + + // `projects/1234/sources/5678/locations/us/findings/123456/externalSyste + // ms/jira` + Name string `json:"name,omitempty"` + + // Status: The most recent status of the finding's corresponding case, + // as reported by the external system. + Status string `json:"status,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Assignees") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Assignees") to include in + // API requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2ExternalSystem) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2ExternalSystem + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2File: File information about the related +// binary/library used by an executable, or the script used by a script +// interpreter +type GoogleCloudSecuritycenterV2File struct { + // Contents: Prefix of the file contents as a JSON-encoded string. + Contents string `json:"contents,omitempty"` + + // HashedSize: The length in bytes of the file prefix that was hashed. + // If hashed_size == size, any hashes reported represent the entire + // file. + HashedSize int64 `json:"hashedSize,omitempty,string"` + + // PartiallyHashed: True when the hash covers only a prefix of the file. + PartiallyHashed bool `json:"partiallyHashed,omitempty"` + + // Path: Absolute path of the file as a JSON encoded string. + Path string `json:"path,omitempty"` + + // Sha256: SHA256 hash of the first hashed_size bytes of the file + // encoded as a hex string. If hashed_size == size, sha256 represents + // the SHA256 hash of the entire file. + Sha256 string `json:"sha256,omitempty"` + + // Size: Size of the file in bytes. + Size int64 `json:"size,omitempty,string"` + + // ForceSendFields is a list of field names (e.g. "Contents") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Contents") to include in + // API requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2File) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2File + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2Finding: Security Command Center finding. +// A finding is a record of assessment data like security, risk, health, +// or privacy, that is ingested into Security Command Center for +// presentation, notification, analysis, policy testing, and +// enforcement. For example, a cross-site scripting (XSS) vulnerability +// in an App Engine application is a finding. +type GoogleCloudSecuritycenterV2Finding struct { + // Access: Access details associated with the finding, such as more + // information on the caller, which method was accessed, and from where. + Access *GoogleCloudSecuritycenterV2Access `json:"access,omitempty"` + + // Application: Represents an application associated with the finding. + Application *GoogleCloudSecuritycenterV2Application `json:"application,omitempty"` + + // AttackExposure: The results of an attack path simulation relevant to + // this finding. + AttackExposure *GoogleCloudSecuritycenterV2AttackExposure `json:"attackExposure,omitempty"` + + // BackupDisasterRecovery: Fields related to Backup and DR findings. + BackupDisasterRecovery *GoogleCloudSecuritycenterV2BackupDisasterRecovery `json:"backupDisasterRecovery,omitempty"` + + // CanonicalName: Output only. The canonical name of the finding. The + // following list shows some examples: + + // `organizations/{organization_id}/sources/{source_id}/findings/{finding + // _id}` + + // `organizations/{organization_id}/sources/{source_id}/locations/{locati + // on_id}/findings/{finding_id}` + + // `folders/{folder_id}/sources/{source_id}/findings/{finding_id}` + + // `folders/{folder_id}/sources/{source_id}/locations/{location_id}/findi + // ngs/{finding_id}` + + // `projects/{project_id}/sources/{source_id}/findings/{finding_id}` + + // `projects/{project_id}/sources/{source_id}/locations/{location_id}/fin + // dings/{finding_id}` The prefix is the closest CRM ancestor of the + // resource associated with the finding. + CanonicalName string `json:"canonicalName,omitempty"` + + // Category: Immutable. The additional taxonomy group within findings + // from a given source. Example: "XSS_FLASH_INJECTION" + Category string `json:"category,omitempty"` + + // CloudDlpDataProfile: Cloud DLP data profile that is associated with + // the finding. + CloudDlpDataProfile *GoogleCloudSecuritycenterV2CloudDlpDataProfile `json:"cloudDlpDataProfile,omitempty"` + + // CloudDlpInspection: Cloud Data Loss Prevention (Cloud DLP) inspection + // results that are associated with the finding. + CloudDlpInspection *GoogleCloudSecuritycenterV2CloudDlpInspection `json:"cloudDlpInspection,omitempty"` + + // Compliances: Contains compliance information for security standards + // associated to the finding. + Compliances []*GoogleCloudSecuritycenterV2Compliance `json:"compliances,omitempty"` + + // Connections: Contains information about the IP connection associated + // with the finding. + Connections []*GoogleCloudSecuritycenterV2Connection `json:"connections,omitempty"` + + // Contacts: Output only. Map containing the points of contact for the + // given finding. The key represents the type of contact, while the + // value contains a list of all the contacts that pertain. Please refer + // to: + // https://cloud.google.com/resource-manager/docs/managing-notification-contacts#notification-categories + // { "security": { "contacts": [ { "email": "person1@company.com" }, { + // "email": "person2@company.com" } ] } } + Contacts map[string]GoogleCloudSecuritycenterV2ContactDetails `json:"contacts,omitempty"` + + // Containers: Containers associated with the finding. This field + // provides information for both Kubernetes and non-Kubernetes + // containers. + Containers []*GoogleCloudSecuritycenterV2Container `json:"containers,omitempty"` + + // CreateTime: Output only. The time at which the finding was created in + // Security Command Center. + CreateTime string `json:"createTime,omitempty"` + + // Database: Database associated with the finding. + Database *GoogleCloudSecuritycenterV2Database `json:"database,omitempty"` + + // Description: Contains more details about the finding. + Description string `json:"description,omitempty"` + + // EventTime: The time the finding was first detected. If an existing + // finding is updated, then this is the time the update occurred. For + // example, if the finding represents an open firewall, this property + // captures the time the detector believes the firewall became open. The + // accuracy is determined by the detector. If the finding is later + // resolved, then this time reflects when the finding was resolved. This + // must not be set to a value greater than the current timestamp. + EventTime string `json:"eventTime,omitempty"` + + // Exfiltration: Represents exfiltrations associated with the finding. + Exfiltration *GoogleCloudSecuritycenterV2Exfiltration `json:"exfiltration,omitempty"` + + // ExternalSystems: Output only. Third party SIEM/SOAR fields within + // SCC, contains external system information and external system finding + // fields. + ExternalSystems map[string]GoogleCloudSecuritycenterV2ExternalSystem `json:"externalSystems,omitempty"` + + // ExternalUri: The URI that, if available, points to a web page outside + // of Security Command Center where additional information about the + // finding can be found. This field is guaranteed to be either empty or + // a well formed URL. + ExternalUri string `json:"externalUri,omitempty"` + + // Files: File associated with the finding. + Files []*GoogleCloudSecuritycenterV2File `json:"files,omitempty"` + + // FindingClass: The class of the finding. + // + // Possible values: + // "FINDING_CLASS_UNSPECIFIED" - Unspecified finding class. + // "THREAT" - Describes unwanted or malicious activity. + // "VULNERABILITY" - Describes a potential weakness in software that + // increases risk to Confidentiality & Integrity & Availability. + // "MISCONFIGURATION" - Describes a potential weakness in cloud + // resource/asset configuration that increases risk. + // "OBSERVATION" - Describes a security observation that is for + // informational purposes. + // "SCC_ERROR" - Describes an error that prevents some SCC + // functionality. + // "POSTURE_VIOLATION" - Describes a potential security risk due to a + // change in the security posture. + FindingClass string `json:"findingClass,omitempty"` + + // IamBindings: Represents IAM bindings associated with the finding. + IamBindings []*GoogleCloudSecuritycenterV2IamBinding `json:"iamBindings,omitempty"` + + // Indicator: Represents what's commonly known as an *indicator of + // compromise* (IoC) in computer forensics. This is an artifact observed + // on a network or in an operating system that, with high confidence, + // indicates a computer intrusion. For more information, see Indicator + // of compromise + // (https://en.wikipedia.org/wiki/Indicator_of_compromise). + Indicator *GoogleCloudSecuritycenterV2Indicator `json:"indicator,omitempty"` + + // KernelRootkit: Signature of the kernel rootkit. + KernelRootkit *GoogleCloudSecuritycenterV2KernelRootkit `json:"kernelRootkit,omitempty"` + + // Kubernetes: Kubernetes resources associated with the finding. + Kubernetes *GoogleCloudSecuritycenterV2Kubernetes `json:"kubernetes,omitempty"` + + // LoadBalancers: The load balancers associated with the finding. + LoadBalancers []*GoogleCloudSecuritycenterV2LoadBalancer `json:"loadBalancers,omitempty"` + + // LogEntries: Log entries that are relevant to the finding. + LogEntries []*GoogleCloudSecuritycenterV2LogEntry `json:"logEntries,omitempty"` + + // MitreAttack: MITRE ATT&CK tactics and techniques related to this + // finding. See: https://attack.mitre.org + MitreAttack *GoogleCloudSecuritycenterV2MitreAttack `json:"mitreAttack,omitempty"` + + // ModuleName: Unique identifier of the module which generated the + // finding. Example: + // folders/598186756061/securityHealthAnalyticsSettings/customModules/567 + // 99441161885 + ModuleName string `json:"moduleName,omitempty"` + + // Mute: Indicates the mute state of a finding (either muted, unmuted or + // undefined). Unlike other attributes of a finding, a finding provider + // shouldn't set the value of mute. + // + // Possible values: + // "MUTE_UNSPECIFIED" - Unspecified. + // "MUTED" - Finding has been muted. + // "UNMUTED" - Finding has been unmuted. + // "UNDEFINED" - Finding has never been muted/unmuted. + Mute string `json:"mute,omitempty"` + + // MuteInitiator: Records additional information about the mute + // operation, for example, the mute configuration + // (https://cloud.google.com/security-command-center/docs/how-to-mute-findings) + // that muted the finding and the user who muted the finding. + MuteInitiator string `json:"muteInitiator,omitempty"` + + // MuteUpdateTime: Output only. The most recent time this finding was + // muted or unmuted. + MuteUpdateTime string `json:"muteUpdateTime,omitempty"` + + // Name: The relative resource name + // (https://cloud.google.com/apis/design/resource_names#relative_resource_name) + // of the finding. The following list shows some examples: + + // `organizations/{organization_id}/sources/{source_id}/findings/{finding + // _id}` + + // `organizations/{organization_id}/sources/{source_id}/locations/{locati + // on_id}/findings/{finding_id}` + + // `folders/{folder_id}/sources/{source_id}/findings/{finding_id}` + + // `folders/{folder_id}/sources/{source_id}/locations/{location_id}/findi + // ngs/{finding_id}` + + // `projects/{project_id}/sources/{source_id}/findings/{finding_id}` + + // `projects/{project_id}/sources/{source_id}/locations/{location_id}/fin + // dings/{finding_id}` + Name string `json:"name,omitempty"` + + // NextSteps: Steps to address the finding. + NextSteps string `json:"nextSteps,omitempty"` + + // OrgPolicies: Contains information about the org policies associated + // with the finding. + OrgPolicies []*GoogleCloudSecuritycenterV2OrgPolicy `json:"orgPolicies,omitempty"` + + // Parent: The relative resource name of the source and location the + // finding belongs to. See: + // https://cloud.google.com/apis/design/resource_names#relative_resource_name + // This field is immutable after creation time. The following list shows + // some examples: + + // `organizations/{organization_id}/sources/{source_id}` + + // `folders/{folders_id}/sources/{source_id}` + + // `projects/{projects_id}/sources/{source_id}` + + // `organizations/{organization_id}/sources/{source_id}/locations/{locati + // on_id}` + + // `folders/{folders_id}/sources/{source_id}/locations/{location_id}` + + // `projects/{projects_id}/sources/{source_id}/locations/{location_id}` + Parent string `json:"parent,omitempty"` + + // ParentDisplayName: Output only. The human readable display name of + // the finding source such as "Event Threat Detection" or "Security + // Health Analytics". + ParentDisplayName string `json:"parentDisplayName,omitempty"` + + // Processes: Represents operating system processes associated with the + // Finding. + Processes []*GoogleCloudSecuritycenterV2Process `json:"processes,omitempty"` + + // ResourceName: Immutable. For findings on Google Cloud resources, the + // full resource name of the Google Cloud resource this finding is for. + // See: + // https://cloud.google.com/apis/design/resource_names#full_resource_name + // When the finding is for a non-Google Cloud resource, the resourceName + // can be a customer or partner defined string. + ResourceName string `json:"resourceName,omitempty"` + + // SecurityMarks: Output only. User specified security marks. These + // marks are entirely managed by the user and come from the + // SecurityMarks resource that belongs to the finding. + SecurityMarks *GoogleCloudSecuritycenterV2SecurityMarks `json:"securityMarks,omitempty"` + + // SecurityPosture: The security posture associated with the finding. + SecurityPosture *GoogleCloudSecuritycenterV2SecurityPosture `json:"securityPosture,omitempty"` + + // Severity: The severity of the finding. This field is managed by the + // source that writes the finding. + // + // Possible values: + // "SEVERITY_UNSPECIFIED" - This value is used for findings when a + // source doesn't write a severity value. + // "CRITICAL" - Vulnerability: A critical vulnerability is easily + // discoverable by an external actor, exploitable, and results in the + // direct ability to execute arbitrary code, exfiltrate data, and + // otherwise gain additional access and privileges to cloud resources + // and workloads. Examples include publicly accessible unprotected user + // data and public SSH access with weak or no passwords. Threat: + // Indicates a threat that is able to access, modify, or delete data or + // execute unauthorized code within existing resources. + // "HIGH" - Vulnerability: A high risk vulnerability can be easily + // discovered and exploited in combination with other vulnerabilities in + // order to gain direct access and the ability to execute arbitrary + // code, exfiltrate data, and otherwise gain additional access and + // privileges to cloud resources and workloads. An example is a database + // with weak or no passwords that is only accessible internally. This + // database could easily be compromised by an actor that had access to + // the internal network. Threat: Indicates a threat that is able to + // create new computational resources in an environment but not able to + // access data or execute code in existing resources. + // "MEDIUM" - Vulnerability: A medium risk vulnerability could be used + // by an actor to gain access to resources or privileges that enable + // them to eventually (through multiple steps or a complex exploit) gain + // access and the ability to execute arbitrary code or exfiltrate data. + // An example is a service account with access to more projects than it + // should have. If an actor gains access to the service account, they + // could potentially use that access to manipulate a project the service + // account was not intended to. Threat: Indicates a threat that is able + // to cause operational impact but may not access data or execute + // unauthorized code. + // "LOW" - Vulnerability: A low risk vulnerability hampers a security + // organization's ability to detect vulnerabilities or active threats in + // their deployment, or prevents the root cause investigation of + // security issues. An example is monitoring and logs being disabled for + // resource configurations and access. Threat: Indicates a threat that + // has obtained minimal access to an environment but is not able to + // access data, execute code, or create resources. + Severity string `json:"severity,omitempty"` + + // SourceProperties: Source specific properties. These properties are + // managed by the source that writes the finding. The key names in the + // source_properties map must be between 1 and 255 characters, and must + // start with a letter and contain alphanumeric characters or + // underscores only. + SourceProperties googleapi.RawMessage `json:"sourceProperties,omitempty"` + + // State: Output only. The state of the finding. + // + // Possible values: + // "STATE_UNSPECIFIED" - Unspecified state. + // "ACTIVE" - The finding requires attention and has not been + // addressed yet. + // "INACTIVE" - The finding has been fixed, triaged as a non-issue or + // otherwise addressed and is no longer active. + State string `json:"state,omitempty"` + + // Vulnerability: Represents vulnerability-specific fields like CVE and + // CVSS scores. CVE stands for Common Vulnerabilities and Exposures + // (https://cve.mitre.org/about/) + Vulnerability *GoogleCloudSecuritycenterV2Vulnerability `json:"vulnerability,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Access") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Access") to include in API + // requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2Finding) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2Finding + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2Geolocation: Represents a geographical +// location for a given access. +type GoogleCloudSecuritycenterV2Geolocation struct { + // RegionCode: A CLDR. + RegionCode string `json:"regionCode,omitempty"` + + // ForceSendFields is a list of field names (e.g. "RegionCode") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "RegionCode") to include in + // API requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2Geolocation) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2Geolocation + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2IamBinding: Represents a particular IAM +// binding, which captures a member's role addition, removal, or state. +type GoogleCloudSecuritycenterV2IamBinding struct { + // Action: The action that was performed on a Binding. + // + // Possible values: + // "ACTION_UNSPECIFIED" - Unspecified. + // "ADD" - Addition of a Binding. + // "REMOVE" - Removal of a Binding. + Action string `json:"action,omitempty"` + + // Member: A single identity requesting access for a Cloud Platform + // resource, for example, "foo@google.com". + Member string `json:"member,omitempty"` + + // Role: Role that is assigned to "members". For example, + // "roles/viewer", "roles/editor", or "roles/owner". + Role string `json:"role,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Action") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Action") to include in API + // requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2IamBinding) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2IamBinding + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2Indicator: Represents what's commonly +// known as an _indicator of compromise_ (IoC) in computer forensics. +// This is an artifact observed on a network or in an operating system +// that, with high confidence, indicates a computer intrusion. For more +// information, see Indicator of compromise +// (https://en.wikipedia.org/wiki/Indicator_of_compromise). +type GoogleCloudSecuritycenterV2Indicator struct { + // Domains: List of domains associated to the Finding. + Domains []string `json:"domains,omitempty"` + + // IpAddresses: The list of IP addresses that are associated with the + // finding. + IpAddresses []string `json:"ipAddresses,omitempty"` + + // Signatures: The list of matched signatures indicating that the given + // process is present in the environment. + Signatures []*GoogleCloudSecuritycenterV2ProcessSignature `json:"signatures,omitempty"` + + // Uris: The list of URIs associated to the Findings. + Uris []string `json:"uris,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Domains") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Domains") to include in + // API requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2Indicator) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2Indicator + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2KernelRootkit: Kernel mode rootkit +// signatures. +type GoogleCloudSecuritycenterV2KernelRootkit struct { + // Name: Rootkit name, when available. + Name string `json:"name,omitempty"` + + // UnexpectedCodeModification: True if unexpected modifications of + // kernel code memory are present. + UnexpectedCodeModification bool `json:"unexpectedCodeModification,omitempty"` + + // UnexpectedFtraceHandler: True if `ftrace` points are present with + // callbacks pointing to regions that are not in the expected kernel or + // module code range. + UnexpectedFtraceHandler bool `json:"unexpectedFtraceHandler,omitempty"` + + // UnexpectedInterruptHandler: True if interrupt handlers that are are + // not in the expected kernel or module code regions are present. + UnexpectedInterruptHandler bool `json:"unexpectedInterruptHandler,omitempty"` + + // UnexpectedKernelCodePages: True if kernel code pages that are not in + // the expected kernel or module code regions are present. + UnexpectedKernelCodePages bool `json:"unexpectedKernelCodePages,omitempty"` + + // UnexpectedKprobeHandler: True if `kprobe` points are present with + // callbacks pointing to regions that are not in the expected kernel or + // module code range. + UnexpectedKprobeHandler bool `json:"unexpectedKprobeHandler,omitempty"` + + // UnexpectedProcessesInRunqueue: True if unexpected processes in the + // scheduler run queue are present. Such processes are in the run queue, + // but not in the process task list. + UnexpectedProcessesInRunqueue bool `json:"unexpectedProcessesInRunqueue,omitempty"` + + // UnexpectedReadOnlyDataModification: True if unexpected modifications + // of kernel read-only data memory are present. + UnexpectedReadOnlyDataModification bool `json:"unexpectedReadOnlyDataModification,omitempty"` + + // UnexpectedSystemCallHandler: True if system call handlers that are + // are not in the expected kernel or module code regions are present. + UnexpectedSystemCallHandler bool `json:"unexpectedSystemCallHandler,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Name") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Name") to include in API + // requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2KernelRootkit) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2KernelRootkit + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2Kubernetes: Kubernetes-related attributes. +type GoogleCloudSecuritycenterV2Kubernetes struct { + // AccessReviews: Provides information on any Kubernetes access reviews + // (privilege checks) relevant to the finding. + AccessReviews []*GoogleCloudSecuritycenterV2AccessReview `json:"accessReviews,omitempty"` + + // Bindings: Provides Kubernetes role binding information for findings + // that involve RoleBindings or ClusterRoleBindings + // (https://cloud.google.com/kubernetes-engine/docs/how-to/role-based-access-control). + Bindings []*GoogleCloudSecuritycenterV2Binding `json:"bindings,omitempty"` + + // NodePools: GKE node pools + // (https://cloud.google.com/kubernetes-engine/docs/concepts/node-pools) + // associated with the finding. This field contains node pool + // information for each node, when it is available. + NodePools []*GoogleCloudSecuritycenterV2NodePool `json:"nodePools,omitempty"` + + // Nodes: Provides Kubernetes node + // (https://cloud.google.com/kubernetes-engine/docs/concepts/cluster-architecture#nodes) + // information. + Nodes []*GoogleCloudSecuritycenterV2Node `json:"nodes,omitempty"` + + // Objects: Kubernetes objects related to the finding. + Objects []*GoogleCloudSecuritycenterV2Object `json:"objects,omitempty"` + + // Pods: Kubernetes Pods + // (https://cloud.google.com/kubernetes-engine/docs/concepts/pod) + // associated with the finding. This field contains Pod records for each + // container that is owned by a Pod. + Pods []*GoogleCloudSecuritycenterV2Pod `json:"pods,omitempty"` + + // Roles: Provides Kubernetes role information for findings that involve + // Roles or ClusterRoles + // (https://cloud.google.com/kubernetes-engine/docs/how-to/role-based-access-control). + Roles []*GoogleCloudSecuritycenterV2Role `json:"roles,omitempty"` + + // ForceSendFields is a list of field names (e.g. "AccessReviews") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "AccessReviews") to include + // in API requests with the JSON null value. By default, fields with + // empty values are omitted from API requests. However, any field with + // an empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2Kubernetes) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2Kubernetes + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2Label: Represents a generic name-value +// label. A label has separate name and value fields to support +// filtering with the `contains()` function. For more information, see +// Filtering on array-type fields +// (https://cloud.google.com/security-command-center/docs/how-to-api-list-findings#array-contains-filtering). +type GoogleCloudSecuritycenterV2Label struct { + // Name: Name of the label. + Name string `json:"name,omitempty"` + + // Value: Value that corresponds to the label's name. + Value string `json:"value,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Name") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Name") to include in API + // requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2Label) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2Label + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2LoadBalancer: Contains information related +// to the load balancer associated with the finding. +type GoogleCloudSecuritycenterV2LoadBalancer struct { + // Name: The name of the load balancer associated with the finding. + Name string `json:"name,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Name") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Name") to include in API + // requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2LoadBalancer) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2LoadBalancer + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2LogEntry: An individual entry in a log. +type GoogleCloudSecuritycenterV2LogEntry struct { + // CloudLoggingEntry: An individual entry in a log stored in Cloud + // Logging. + CloudLoggingEntry *GoogleCloudSecuritycenterV2CloudLoggingEntry `json:"cloudLoggingEntry,omitempty"` + + // ForceSendFields is a list of field names (e.g. "CloudLoggingEntry") + // to unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "CloudLoggingEntry") to + // include in API requests with the JSON null value. By default, fields + // with empty values are omitted from API requests. However, any field + // with an empty value appearing in NullFields will be sent to the + // server as null. It is an error if a field in this list has a + // non-empty value. This may be used to include null fields in Patch + // requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2LogEntry) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2LogEntry + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2MemoryHashSignature: A signature +// corresponding to memory page hashes. +type GoogleCloudSecuritycenterV2MemoryHashSignature struct { + // BinaryFamily: The binary family. + BinaryFamily string `json:"binaryFamily,omitempty"` + + // Detections: The list of memory hash detections contributing to the + // binary family match. + Detections []*GoogleCloudSecuritycenterV2Detection `json:"detections,omitempty"` + + // ForceSendFields is a list of field names (e.g. "BinaryFamily") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "BinaryFamily") to include + // in API requests with the JSON null value. By default, fields with + // empty values are omitted from API requests. However, any field with + // an empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2MemoryHashSignature) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2MemoryHashSignature + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2MitreAttack: MITRE ATT&CK tactics and +// techniques related to this finding. See: https://attack.mitre.org +type GoogleCloudSecuritycenterV2MitreAttack struct { + // AdditionalTactics: Additional MITRE ATT&CK tactics related to this + // finding, if any. + // + // Possible values: + // "TACTIC_UNSPECIFIED" - Unspecified value. + // "RECONNAISSANCE" - TA0043 + // "RESOURCE_DEVELOPMENT" - TA0042 + // "INITIAL_ACCESS" - TA0001 + // "EXECUTION" - TA0002 + // "PERSISTENCE" - TA0003 + // "PRIVILEGE_ESCALATION" - TA0004 + // "DEFENSE_EVASION" - TA0005 + // "CREDENTIAL_ACCESS" - TA0006 + // "DISCOVERY" - TA0007 + // "LATERAL_MOVEMENT" - TA0008 + // "COLLECTION" - TA0009 + // "COMMAND_AND_CONTROL" - TA0011 + // "EXFILTRATION" - TA0010 + // "IMPACT" - TA0040 + AdditionalTactics []string `json:"additionalTactics,omitempty"` + + // AdditionalTechniques: Additional MITRE ATT&CK techniques related to + // this finding, if any, along with any of their respective parent + // techniques. + // + // Possible values: + // "TECHNIQUE_UNSPECIFIED" - Unspecified value. + // "ACTIVE_SCANNING" - T1595 + // "SCANNING_IP_BLOCKS" - T1595.001 + // "INGRESS_TOOL_TRANSFER" - T1105 + // "NATIVE_API" - T1106 + // "SHARED_MODULES" - T1129 + // "COMMAND_AND_SCRIPTING_INTERPRETER" - T1059 + // "UNIX_SHELL" - T1059.004 + // "RESOURCE_HIJACKING" - T1496 + // "PROXY" - T1090 + // "EXTERNAL_PROXY" - T1090.002 + // "MULTI_HOP_PROXY" - T1090.003 + // "DYNAMIC_RESOLUTION" - T1568 + // "UNSECURED_CREDENTIALS" - T1552 + // "VALID_ACCOUNTS" - T1078 + // "LOCAL_ACCOUNTS" - T1078.003 + // "CLOUD_ACCOUNTS" - T1078.004 + // "NETWORK_DENIAL_OF_SERVICE" - T1498 + // "PERMISSION_GROUPS_DISCOVERY" - T1069 + // "CLOUD_GROUPS" - T1069.003 + // "EXFILTRATION_OVER_WEB_SERVICE" - T1567 + // "EXFILTRATION_TO_CLOUD_STORAGE" - T1567.002 + // "ACCOUNT_MANIPULATION" - T1098 + // "SSH_AUTHORIZED_KEYS" - T1098.004 + // "CREATE_OR_MODIFY_SYSTEM_PROCESS" - T1543 + // "STEAL_WEB_SESSION_COOKIE" - T1539 + // "MODIFY_CLOUD_COMPUTE_INFRASTRUCTURE" - T1578 + // "EXPLOIT_PUBLIC_FACING_APPLICATION" - T1190 + // "MODIFY_AUTHENTICATION_PROCESS" - T1556 + // "DATA_DESTRUCTION" - T1485 + // "DOMAIN_POLICY_MODIFICATION" - T1484 + // "IMPAIR_DEFENSES" - T1562 + // "NETWORK_SERVICE_DISCOVERY" - T1046 + // "ACCESS_TOKEN_MANIPULATION" - T1134 + // "ABUSE_ELEVATION_CONTROL_MECHANISM" - T1548 + // "DEFAULT_ACCOUNTS" - T1078.001 + // "INHIBIT_SYSTEM_RECOVERY" - T1490 + AdditionalTechniques []string `json:"additionalTechniques,omitempty"` + + // PrimaryTactic: The MITRE ATT&CK tactic most closely represented by + // this finding, if any. + // + // Possible values: + // "TACTIC_UNSPECIFIED" - Unspecified value. + // "RECONNAISSANCE" - TA0043 + // "RESOURCE_DEVELOPMENT" - TA0042 + // "INITIAL_ACCESS" - TA0001 + // "EXECUTION" - TA0002 + // "PERSISTENCE" - TA0003 + // "PRIVILEGE_ESCALATION" - TA0004 + // "DEFENSE_EVASION" - TA0005 + // "CREDENTIAL_ACCESS" - TA0006 + // "DISCOVERY" - TA0007 + // "LATERAL_MOVEMENT" - TA0008 + // "COLLECTION" - TA0009 + // "COMMAND_AND_CONTROL" - TA0011 + // "EXFILTRATION" - TA0010 + // "IMPACT" - TA0040 + PrimaryTactic string `json:"primaryTactic,omitempty"` + + // PrimaryTechniques: The MITRE ATT&CK technique most closely + // represented by this finding, if any. primary_techniques is a repeated + // field because there are multiple levels of MITRE ATT&CK techniques. + // If the technique most closely represented by this finding is a + // sub-technique (e.g. `SCANNING_IP_BLOCKS`), both the sub-technique and + // its parent technique(s) will be listed (e.g. `SCANNING_IP_BLOCKS`, + // `ACTIVE_SCANNING`). + // + // Possible values: + // "TECHNIQUE_UNSPECIFIED" - Unspecified value. + // "ACTIVE_SCANNING" - T1595 + // "SCANNING_IP_BLOCKS" - T1595.001 + // "INGRESS_TOOL_TRANSFER" - T1105 + // "NATIVE_API" - T1106 + // "SHARED_MODULES" - T1129 + // "COMMAND_AND_SCRIPTING_INTERPRETER" - T1059 + // "UNIX_SHELL" - T1059.004 + // "RESOURCE_HIJACKING" - T1496 + // "PROXY" - T1090 + // "EXTERNAL_PROXY" - T1090.002 + // "MULTI_HOP_PROXY" - T1090.003 + // "DYNAMIC_RESOLUTION" - T1568 + // "UNSECURED_CREDENTIALS" - T1552 + // "VALID_ACCOUNTS" - T1078 + // "LOCAL_ACCOUNTS" - T1078.003 + // "CLOUD_ACCOUNTS" - T1078.004 + // "NETWORK_DENIAL_OF_SERVICE" - T1498 + // "PERMISSION_GROUPS_DISCOVERY" - T1069 + // "CLOUD_GROUPS" - T1069.003 + // "EXFILTRATION_OVER_WEB_SERVICE" - T1567 + // "EXFILTRATION_TO_CLOUD_STORAGE" - T1567.002 + // "ACCOUNT_MANIPULATION" - T1098 + // "SSH_AUTHORIZED_KEYS" - T1098.004 + // "CREATE_OR_MODIFY_SYSTEM_PROCESS" - T1543 + // "STEAL_WEB_SESSION_COOKIE" - T1539 + // "MODIFY_CLOUD_COMPUTE_INFRASTRUCTURE" - T1578 + // "EXPLOIT_PUBLIC_FACING_APPLICATION" - T1190 + // "MODIFY_AUTHENTICATION_PROCESS" - T1556 + // "DATA_DESTRUCTION" - T1485 + // "DOMAIN_POLICY_MODIFICATION" - T1484 + // "IMPAIR_DEFENSES" - T1562 + // "NETWORK_SERVICE_DISCOVERY" - T1046 + // "ACCESS_TOKEN_MANIPULATION" - T1134 + // "ABUSE_ELEVATION_CONTROL_MECHANISM" - T1548 + // "DEFAULT_ACCOUNTS" - T1078.001 + // "INHIBIT_SYSTEM_RECOVERY" - T1490 + PrimaryTechniques []string `json:"primaryTechniques,omitempty"` + + // Version: The MITRE ATT&CK version referenced by the above fields. + // E.g. "8". + Version string `json:"version,omitempty"` + + // ForceSendFields is a list of field names (e.g. "AdditionalTactics") + // to unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "AdditionalTactics") to + // include in API requests with the JSON null value. By default, fields + // with empty values are omitted from API requests. However, any field + // with an empty value appearing in NullFields will be sent to the + // server as null. It is an error if a field in this list has a + // non-empty value. This may be used to include null fields in Patch + // requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2MitreAttack) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2MitreAttack + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2MuteConfig: A mute config is a Cloud SCC +// resource that contains the configuration to mute create/update events +// of findings. +type GoogleCloudSecuritycenterV2MuteConfig struct { + // CreateTime: Output only. The time at which the mute config was + // created. This field is set by the server and will be ignored if + // provided on config creation. + CreateTime string `json:"createTime,omitempty"` + + // Description: A description of the mute config. + Description string `json:"description,omitempty"` + + // Filter: Required. An expression that defines the filter to apply + // across create/update events of findings. While creating a filter + // string, be mindful of the scope in which the mute configuration is + // being created. E.g., If a filter contains project = X but is created + // under the project = Y scope, it might not match any findings. The + // following field and operator combinations are supported: * severity: + // `=`, `:` * category: `=`, `:` * resource.name: `=`, `:` * + // resource.project_name: `=`, `:` * resource.project_display_name: `=`, + // `:` * resource.folders.resource_folder: `=`, `:` * + // resource.parent_name: `=`, `:` * resource.parent_display_name: `=`, + // `:` * resource.type: `=`, `:` * finding_class: `=`, `:` * + // indicator.ip_addresses: `=`, `:` * indicator.domains: `=`, `:` + Filter string `json:"filter,omitempty"` + + // MostRecentEditor: Output only. Email address of the user who last + // edited the mute config. This field is set by the server and will be + // ignored if provided on config creation or update. + MostRecentEditor string `json:"mostRecentEditor,omitempty"` + + // Name: This field will be ignored if provided on config creation. The + // following list shows some examples of the format: + + // `organizations/{organization}/muteConfigs/{mute_config}` + + // `organizations/{organization}locations/{location}//muteConfigs/{mute_c + // onfig}` + `folders/{folder}/muteConfigs/{mute_config}` + + // `folders/{folder}/locations/{location}/muteConfigs/{mute_config}` + + // `projects/{project}/muteConfigs/{mute_config}` + + // `projects/{project}/locations/{location}/muteConfigs/{mute_config}` + Name string `json:"name,omitempty"` + + // UpdateTime: Output only. The most recent time at which the mute + // config was updated. This field is set by the server and will be + // ignored if provided on config creation or update. + UpdateTime string `json:"updateTime,omitempty"` + + // ForceSendFields is a list of field names (e.g. "CreateTime") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "CreateTime") to include in + // API requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2MuteConfig) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2MuteConfig + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2Node: Kubernetes nodes associated with the +// finding. +type GoogleCloudSecuritycenterV2Node struct { + // Name: Full resource name + // (https://google.aip.dev/122#full-resource-names) of the Compute + // Engine VM running the cluster node. + Name string `json:"name,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Name") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Name") to include in API + // requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2Node) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2Node + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2NodePool: Provides GKE node pool +// information. +type GoogleCloudSecuritycenterV2NodePool struct { + // Name: Kubernetes node pool name. + Name string `json:"name,omitempty"` + + // Nodes: Nodes associated with the finding. + Nodes []*GoogleCloudSecuritycenterV2Node `json:"nodes,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Name") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Name") to include in API + // requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2NodePool) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2NodePool + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2NotificationMessage: Cloud SCC's +// Notification +type GoogleCloudSecuritycenterV2NotificationMessage struct { + // Finding: If it's a Finding based notification config, this field will + // be populated. + Finding *GoogleCloudSecuritycenterV2Finding `json:"finding,omitempty"` + + // NotificationConfigName: Name of the notification config that + // generated current notification. + NotificationConfigName string `json:"notificationConfigName,omitempty"` + + // Resource: The Cloud resource tied to this notification's Finding. + Resource *GoogleCloudSecuritycenterV2Resource `json:"resource,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Finding") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Finding") to include in + // API requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2NotificationMessage) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2NotificationMessage + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2Object: Kubernetes object related to the +// finding, uniquely identified by GKNN. Used if the object Kind is not +// one of Pod, Node, NodePool, Binding, or AccessReview. +type GoogleCloudSecuritycenterV2Object struct { + // Containers: Pod containers associated with this finding, if any. + Containers []*GoogleCloudSecuritycenterV2Container `json:"containers,omitempty"` + + // Group: Kubernetes object group, such as "policy.k8s.io/v1". + Group string `json:"group,omitempty"` + + // Kind: Kubernetes object kind, such as "Namespace". + Kind string `json:"kind,omitempty"` + + // Name: Kubernetes object name. For details see + // https://kubernetes.io/docs/concepts/overview/working-with-objects/names/. + Name string `json:"name,omitempty"` + + // Ns: Kubernetes object namespace. Must be a valid DNS label. Named + // "ns" to avoid collision with C++ namespace keyword. For details see + // https://kubernetes.io/docs/tasks/administer-cluster/namespaces/. + Ns string `json:"ns,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Containers") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Containers") to include in + // API requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2Object) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2Object + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2OrgPolicy: Contains information about the +// org policies associated with the finding. +type GoogleCloudSecuritycenterV2OrgPolicy struct { + // Name: The resource name of the org policy. Example: + // "organizations/{organization_id}/policies/{constraint_name}" + Name string `json:"name,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Name") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Name") to include in API + // requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2OrgPolicy) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2OrgPolicy + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2Pod: A Kubernetes Pod. +type GoogleCloudSecuritycenterV2Pod struct { + // Containers: Pod containers associated with this finding, if any. + Containers []*GoogleCloudSecuritycenterV2Container `json:"containers,omitempty"` + + // Labels: Pod labels. For Kubernetes containers, these are applied to + // the container. + Labels []*GoogleCloudSecuritycenterV2Label `json:"labels,omitempty"` + + // Name: Kubernetes Pod name. + Name string `json:"name,omitempty"` + + // Ns: Kubernetes Pod namespace. + Ns string `json:"ns,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Containers") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Containers") to include in + // API requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2Pod) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2Pod + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2Process: Represents an operating system +// process. +type GoogleCloudSecuritycenterV2Process struct { + // Args: Process arguments as JSON encoded strings. + Args []string `json:"args,omitempty"` + + // ArgumentsTruncated: True if `args` is incomplete. + ArgumentsTruncated bool `json:"argumentsTruncated,omitempty"` + + // Binary: File information for the process executable. + Binary *GoogleCloudSecuritycenterV2File `json:"binary,omitempty"` + + // EnvVariables: Process environment variables. + EnvVariables []*GoogleCloudSecuritycenterV2EnvironmentVariable `json:"envVariables,omitempty"` + + // EnvVariablesTruncated: True if `env_variables` is incomplete. + EnvVariablesTruncated bool `json:"envVariablesTruncated,omitempty"` + + // Libraries: File information for libraries loaded by the process. + Libraries []*GoogleCloudSecuritycenterV2File `json:"libraries,omitempty"` + + // Name: The process name, as displayed in utilities like `top` and + // `ps`. This name can be accessed through `/proc/[pid]/comm` and + // changed with `prctl(PR_SET_NAME)`. + Name string `json:"name,omitempty"` + + // ParentPid: The parent process ID. + ParentPid int64 `json:"parentPid,omitempty,string"` + + // Pid: The process ID. + Pid int64 `json:"pid,omitempty,string"` + + // Script: When the process represents the invocation of a script, + // `binary` provides information about the interpreter, while `script` + // provides information about the script file provided to the + // interpreter. + Script *GoogleCloudSecuritycenterV2File `json:"script,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Args") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Args") to include in API + // requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2Process) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2Process + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2ProcessSignature: Indicates what signature +// matched this process. +type GoogleCloudSecuritycenterV2ProcessSignature struct { + // MemoryHashSignature: Signature indicating that a binary family was + // matched. + MemoryHashSignature *GoogleCloudSecuritycenterV2MemoryHashSignature `json:"memoryHashSignature,omitempty"` + + // YaraRuleSignature: Signature indicating that a YARA rule was matched. + YaraRuleSignature *GoogleCloudSecuritycenterV2YaraRuleSignature `json:"yaraRuleSignature,omitempty"` + + // ForceSendFields is a list of field names (e.g. "MemoryHashSignature") + // to unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "MemoryHashSignature") to + // include in API requests with the JSON null value. By default, fields + // with empty values are omitted from API requests. However, any field + // with an empty value appearing in NullFields will be sent to the + // server as null. It is an error if a field in this list has a + // non-empty value. This may be used to include null fields in Patch + // requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2ProcessSignature) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2ProcessSignature + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2Reference: Additional Links +type GoogleCloudSecuritycenterV2Reference struct { + // Source: Source of the reference e.g. NVD + Source string `json:"source,omitempty"` + + // Uri: Uri for the mentioned source e.g. + // https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34527. + Uri string `json:"uri,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Source") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Source") to include in API + // requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2Reference) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2Reference + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2Resource: Information related to the +// Google Cloud resource. +type GoogleCloudSecuritycenterV2Resource struct { + // DisplayName: The human readable name of the resource. + DisplayName string `json:"displayName,omitempty"` + + // Name: The full resource name of the resource. See: + // https://cloud.google.com/apis/design/resource_names#full_resource_name + Name string `json:"name,omitempty"` + + // Type: The full resource type of the resource. + Type string `json:"type,omitempty"` + + // ForceSendFields is a list of field names (e.g. "DisplayName") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "DisplayName") to include + // in API requests with the JSON null value. By default, fields with + // empty values are omitted from API requests. However, any field with + // an empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2Resource) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2Resource + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2ResourceValueConfig: A resource value +// config (RVC) is a mapping configuration of user's resources to +// resource values. Used in Attack path simulations. +type GoogleCloudSecuritycenterV2ResourceValueConfig struct { + // CreateTime: Output only. Timestamp this resource value config was + // created. + CreateTime string `json:"createTime,omitempty"` + + // Description: Description of the resource value config. + Description string `json:"description,omitempty"` + + // Name: Name for the resource value config + Name string `json:"name,omitempty"` + + // ResourceLabelsSelector: List of resource labels to search for, + // evaluated with AND. E.g. "resource_labels_selector": {"key": "value", + // "env": "prod"} will match resources with labels "key": "value" AND + // "env": "prod" + // https://cloud.google.com/resource-manager/docs/creating-managing-labels + ResourceLabelsSelector map[string]string `json:"resourceLabelsSelector,omitempty"` + + // ResourceType: Apply resource_value only to resources that match + // resource_type. resource_type will be checked with "AND" of other + // resources. E.g. "storage.googleapis.com/Bucket" with resource_value + // "HIGH" will apply "HIGH" value only to + // "storage.googleapis.com/Bucket" resources. + ResourceType string `json:"resourceType,omitempty"` + + // ResourceValue: Required. Resource value level this expression + // represents + // + // Possible values: + // "RESOURCE_VALUE_UNSPECIFIED" - Unspecific value + // "HIGH" - High resource value + // "MEDIUM" - Medium resource value + // "LOW" - Low resource value + // "NONE" - No resource value, e.g. ignore these resources + ResourceValue string `json:"resourceValue,omitempty"` + + // Scope: Project or folder to scope this config to. For example, + // "project/456" would apply this config only to resources in + // "project/456" scope will be checked with "AND" of other resources. + Scope string `json:"scope,omitempty"` + + // TagValues: Required. Tag values combined with AND to check against. + // Values in the form "tagValues/123" E.g. [ "tagValues/123", + // "tagValues/456", "tagValues/789" ] + // https://cloud.google.com/resource-manager/docs/tags/tags-creating-and-managing + TagValues []string `json:"tagValues,omitempty"` + + // UpdateTime: Output only. Timestamp this resource value config was + // last updated. + UpdateTime string `json:"updateTime,omitempty"` + + // ForceSendFields is a list of field names (e.g. "CreateTime") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "CreateTime") to include in + // API requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2ResourceValueConfig) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2ResourceValueConfig + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2Role: Kubernetes Role or ClusterRole. +type GoogleCloudSecuritycenterV2Role struct { + // Kind: Role type. + // + // Possible values: + // "KIND_UNSPECIFIED" - Role type is not specified. + // "ROLE" - Kubernetes Role. + // "CLUSTER_ROLE" - Kubernetes ClusterRole. + Kind string `json:"kind,omitempty"` + + // Name: Role name. + Name string `json:"name,omitempty"` + + // Ns: Role namespace. + Ns string `json:"ns,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Kind") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Kind") to include in API + // requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2Role) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2Role + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2SecurityMarks: User specified security +// marks that are attached to the parent Security Command Center +// resource. Security marks are scoped within a Security Command Center +// organization -- they can be modified and viewed by all users who have +// proper permissions on the organization. +type GoogleCloudSecuritycenterV2SecurityMarks struct { + // CanonicalName: The canonical name of the marks. The following list + // shows some examples: + + // `organizations/{organization_id}/assets/{asset_id}/securityMarks" + + // `organizations/{organization_id}/sources/{source_id}/findings/{finding + // _id}/securityMarks" + + // `organizations/{organization_id}/sources/{source_id}/locations/{locati + // on}/findings/{finding_id}/securityMarks" + + // `folders/{folder_id}/assets/{asset_id}/securityMarks" + + // `folders/{folder_id}/sources/{source_id}/findings/{finding_id}/securit + // yMarks" + + // `folders/{folder_id}/sources/{source_id}/locations/{location}/findings + // /{finding_id}/securityMarks" + + // `projects/{project_number}/assets/{asset_id}/securityMarks" + + // `projects/{project_number}/sources/{source_id}/findings/{finding_id}/s + // ecurityMarks" + + // `projects/{project_number}/sources/{source_id}/locations/{location}/fi + // ndings/{finding_id}/securityMarks" + CanonicalName string `json:"canonicalName,omitempty"` + + // Marks: Mutable user specified security marks belonging to the parent + // resource. Constraints are as follows: * Keys and values are treated + // as case insensitive * Keys must be between 1 - 256 characters + // (inclusive) * Keys must be letters, numbers, underscores, or dashes * + // Values have leading and trailing whitespace trimmed, remaining + // characters must be between 1 - 4096 characters (inclusive) + Marks map[string]string `json:"marks,omitempty"` + + // Name: The relative resource name of the SecurityMarks. See: + // https://cloud.google.com/apis/design/resource_names#relative_resource_name + // The following list shows some examples: + + // `organizations/{organization_id}/assets/{asset_id}/securityMarks` + + // `organizations/{organization_id}/sources/{source_id}/findings/{finding + // _id}/securityMarks` + + // `organizations/{organization_id}/sources/{source_id}/locations/{locati + // on}/findings/{finding_id}/securityMarks` + Name string `json:"name,omitempty"` + + // ForceSendFields is a list of field names (e.g. "CanonicalName") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "CanonicalName") to include + // in API requests with the JSON null value. By default, fields with + // empty values are omitted from API requests. However, any field with + // an empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2SecurityMarks) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2SecurityMarks + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2SecurityPosture: Represents a posture that +// is deployed on Google Cloud by the Security Command Center Posture +// Management service. A posture contains one or more policy sets. A +// policy set is a group of policies that enforce a set of security +// rules on Google Cloud. +type GoogleCloudSecuritycenterV2SecurityPosture struct { + // ChangedPolicy: The name of the policy that has been updated, for + // example, `projects/{project_id}/policies/{constraint_name}`. + ChangedPolicy string `json:"changedPolicy,omitempty"` + + // Name: Name of the posture, for example, + // `organizations/{org_id}/locations/{location}/postures/{posture_name}`. + Name string `json:"name,omitempty"` + + // PostureDeployment: The name of the posture deployment, for example, + // `projects/{project_id}/posturedeployments/{posture_deployment_id}`. + PostureDeployment string `json:"postureDeployment,omitempty"` + + // PostureDeploymentResource: The project, folder, or organization on + // which the posture is deployed, for example, `projects/{project_id}`. + PostureDeploymentResource string `json:"postureDeploymentResource,omitempty"` + + // RevisionId: The version of the posture, for example, `c7cfa2a8`. + RevisionId string `json:"revisionId,omitempty"` + + // ForceSendFields is a list of field names (e.g. "ChangedPolicy") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "ChangedPolicy") to include + // in API requests with the JSON null value. By default, fields with + // empty values are omitted from API requests. However, any field with + // an empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2SecurityPosture) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2SecurityPosture + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2ServiceAccountDelegationInfo: Identity +// delegation history of an authenticated service account. +type GoogleCloudSecuritycenterV2ServiceAccountDelegationInfo struct { + // PrincipalEmail: The email address of a Google account. + PrincipalEmail string `json:"principalEmail,omitempty"` + + // PrincipalSubject: A string representing the principal_subject + // associated with the identity. As compared to `principal_email`, + // supports principals that aren't associated with email addresses, such + // as third party principals. For most identities, the format will be + // `principal://iam.googleapis.com/{identity pool + // name}/subjects/{subject}` except for some GKE identities + // (GKE_WORKLOAD, FREEFORM, GKE_HUB_WORKLOAD) that are still in the + // legacy format `serviceAccount:{identity pool name}[{subject}]` + PrincipalSubject string `json:"principalSubject,omitempty"` + + // ForceSendFields is a list of field names (e.g. "PrincipalEmail") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "PrincipalEmail") to + // include in API requests with the JSON null value. By default, fields + // with empty values are omitted from API requests. However, any field + // with an empty value appearing in NullFields will be sent to the + // server as null. It is an error if a field in this list has a + // non-empty value. This may be used to include null fields in Patch + // requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2ServiceAccountDelegationInfo) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2ServiceAccountDelegationInfo + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2Subject: Represents a Kubernetes subject. +type GoogleCloudSecuritycenterV2Subject struct { + // Kind: Authentication type for the subject. + // + // Possible values: + // "AUTH_TYPE_UNSPECIFIED" - Authentication is not specified. + // "USER" - User with valid certificate. + // "SERVICEACCOUNT" - Users managed by Kubernetes API with credentials + // stored as secrets. + // "GROUP" - Collection of users. + Kind string `json:"kind,omitempty"` + + // Name: Name for the subject. + Name string `json:"name,omitempty"` + + // Ns: Namespace for the subject. + Ns string `json:"ns,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Kind") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Kind") to include in API + // requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2Subject) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2Subject + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2Vulnerability: Refers to common +// vulnerability fields e.g. cve, cvss, cwe etc. +type GoogleCloudSecuritycenterV2Vulnerability struct { + // Cve: CVE stands for Common Vulnerabilities and Exposures + // (https://cve.mitre.org/about/) + Cve *GoogleCloudSecuritycenterV2Cve `json:"cve,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Cve") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Cve") to include in API + // requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2Vulnerability) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2Vulnerability + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// GoogleCloudSecuritycenterV2YaraRuleSignature: A signature +// corresponding to a YARA rule. +type GoogleCloudSecuritycenterV2YaraRuleSignature struct { + // YaraRule: The name of the YARA rule. + YaraRule string `json:"yaraRule,omitempty"` + + // ForceSendFields is a list of field names (e.g. "YaraRule") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "YaraRule") to include in + // API requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *GoogleCloudSecuritycenterV2YaraRuleSignature) MarshalJSON() ([]byte, error) { + type NoMethod GoogleCloudSecuritycenterV2YaraRuleSignature + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + // IamBinding: Represents a particular IAM binding, which captures a // member's role addition, removal, or state. type IamBinding struct { @@ -3760,7 +6927,7 @@ type Object struct { // Group: Kubernetes object group, such as "policy.k8s.io/v1". Group string `json:"group,omitempty"` - // Kind: Kubernetes object kind, such as “Namespace”. + // Kind: Kubernetes object kind, such as "Namespace". Kind string `json:"kind,omitempty"` // Name: Kubernetes object name. For details see diff --git a/serviceconsumermanagement/v1/serviceconsumermanagement-api.json b/serviceconsumermanagement/v1/serviceconsumermanagement-api.json index 4d837e00db1..66e902a42cc 100644 --- a/serviceconsumermanagement/v1/serviceconsumermanagement-api.json +++ b/serviceconsumermanagement/v1/serviceconsumermanagement-api.json @@ -542,7 +542,7 @@ } } }, - "revision": "20230806", + "revision": "20231128", "rootUrl": "https://serviceconsumermanagement.googleapis.com/", "schemas": { "AddTenantProjectRequest": { @@ -1817,6 +1817,13 @@ "description": "Describes the generator configuration for a method.", "id": "MethodSettings", "properties": { + "autoPopulatedFields": { + "description": "List of top-level fields of the request message, that should be automatically populated by the client libraries based on their (google.api.field_info).format. Currently supported format: UUID4. Example of a YAML configuration: publishing: method_settings: - selector: google.example.v1.ExampleService.CreateExample auto_populated_fields: - request_id", + "items": { + "type": "string" + }, + "type": "array" + }, "longRunning": { "$ref": "LongRunning", "description": "Describes settings to use for long-running operations when generating API methods for RPCs. Complements RPCs that use the annotations in google/longrunning/operations.proto. Example of a YAML configuration:: publishing: method_settings: - selector: google.cloud.speech.v2.Speech.BatchRecognize long_running: initial_poll_delay: seconds: 60 # 1 minute poll_delay_multiplier: 1.5 max_poll_delay: seconds: 360 # 6 minutes total_poll_timeout: seconds: 54000 # 90 minutes" diff --git a/serviceconsumermanagement/v1/serviceconsumermanagement-gen.go b/serviceconsumermanagement/v1/serviceconsumermanagement-gen.go index 3f456a94a5d..a645c2bb348 100644 --- a/serviceconsumermanagement/v1/serviceconsumermanagement-gen.go +++ b/serviceconsumermanagement/v1/serviceconsumermanagement-gen.go @@ -2596,6 +2596,14 @@ func (s *MethodPolicy) MarshalJSON() ([]byte, error) { // MethodSettings: Describes the generator configuration for a method. type MethodSettings struct { + // AutoPopulatedFields: List of top-level fields of the request message, + // that should be automatically populated by the client libraries based + // on their (google.api.field_info).format. Currently supported format: + // UUID4. Example of a YAML configuration: publishing: method_settings: + // - selector: google.example.v1.ExampleService.CreateExample + // auto_populated_fields: - request_id + AutoPopulatedFields []string `json:"autoPopulatedFields,omitempty"` + // LongRunning: Describes settings to use for long-running operations // when generating API methods for RPCs. Complements RPCs that use the // annotations in google/longrunning/operations.proto. Example of a YAML @@ -2611,20 +2619,21 @@ type MethodSettings struct { // options. Selector string `json:"selector,omitempty"` - // ForceSendFields is a list of field names (e.g. "LongRunning") to - // unconditionally include in API requests. By default, fields with + // ForceSendFields is a list of field names (e.g. "AutoPopulatedFields") + // to unconditionally include in API requests. By default, fields with // empty or default values are omitted from API requests. However, any // non-pointer, non-interface field appearing in ForceSendFields will be // sent to the server regardless of whether the field is empty or not. // This may be used to include empty fields in Patch requests. ForceSendFields []string `json:"-"` - // NullFields is a list of field names (e.g. "LongRunning") to include - // in API requests with the JSON null value. By default, fields with - // empty values are omitted from API requests. However, any field with - // an empty value appearing in NullFields will be sent to the server as - // null. It is an error if a field in this list has a non-empty value. - // This may be used to include null fields in Patch requests. + // NullFields is a list of field names (e.g. "AutoPopulatedFields") to + // include in API requests with the JSON null value. By default, fields + // with empty values are omitted from API requests. However, any field + // with an empty value appearing in NullFields will be sent to the + // server as null. It is an error if a field in this list has a + // non-empty value. This may be used to include null fields in Patch + // requests. NullFields []string `json:"-"` } diff --git a/serviceconsumermanagement/v1beta1/serviceconsumermanagement-api.json b/serviceconsumermanagement/v1beta1/serviceconsumermanagement-api.json index c6703efd699..4e0f3874383 100644 --- a/serviceconsumermanagement/v1beta1/serviceconsumermanagement-api.json +++ b/serviceconsumermanagement/v1beta1/serviceconsumermanagement-api.json @@ -532,7 +532,7 @@ } } }, - "revision": "20231116", + "revision": "20231128", "rootUrl": "https://serviceconsumermanagement.googleapis.com/", "schemas": { "Api": { @@ -1683,6 +1683,13 @@ "description": "Describes the generator configuration for a method.", "id": "MethodSettings", "properties": { + "autoPopulatedFields": { + "description": "List of top-level fields of the request message, that should be automatically populated by the client libraries based on their (google.api.field_info).format. Currently supported format: UUID4. Example of a YAML configuration: publishing: method_settings: - selector: google.example.v1.ExampleService.CreateExample auto_populated_fields: - request_id", + "items": { + "type": "string" + }, + "type": "array" + }, "longRunning": { "$ref": "LongRunning", "description": "Describes settings to use for long-running operations when generating API methods for RPCs. Complements RPCs that use the annotations in google/longrunning/operations.proto. Example of a YAML configuration:: publishing: method_settings: - selector: google.cloud.speech.v2.Speech.BatchRecognize long_running: initial_poll_delay: seconds: 60 # 1 minute poll_delay_multiplier: 1.5 max_poll_delay: seconds: 360 # 6 minutes total_poll_timeout: seconds: 54000 # 90 minutes" diff --git a/serviceconsumermanagement/v1beta1/serviceconsumermanagement-gen.go b/serviceconsumermanagement/v1beta1/serviceconsumermanagement-gen.go index e6e46a15e52..9e224e1879c 100644 --- a/serviceconsumermanagement/v1beta1/serviceconsumermanagement-gen.go +++ b/serviceconsumermanagement/v1beta1/serviceconsumermanagement-gen.go @@ -2347,6 +2347,14 @@ func (s *MethodPolicy) MarshalJSON() ([]byte, error) { // MethodSettings: Describes the generator configuration for a method. type MethodSettings struct { + // AutoPopulatedFields: List of top-level fields of the request message, + // that should be automatically populated by the client libraries based + // on their (google.api.field_info).format. Currently supported format: + // UUID4. Example of a YAML configuration: publishing: method_settings: + // - selector: google.example.v1.ExampleService.CreateExample + // auto_populated_fields: - request_id + AutoPopulatedFields []string `json:"autoPopulatedFields,omitempty"` + // LongRunning: Describes settings to use for long-running operations // when generating API methods for RPCs. Complements RPCs that use the // annotations in google/longrunning/operations.proto. Example of a YAML @@ -2362,20 +2370,21 @@ type MethodSettings struct { // options. Selector string `json:"selector,omitempty"` - // ForceSendFields is a list of field names (e.g. "LongRunning") to - // unconditionally include in API requests. By default, fields with + // ForceSendFields is a list of field names (e.g. "AutoPopulatedFields") + // to unconditionally include in API requests. By default, fields with // empty or default values are omitted from API requests. However, any // non-pointer, non-interface field appearing in ForceSendFields will be // sent to the server regardless of whether the field is empty or not. // This may be used to include empty fields in Patch requests. ForceSendFields []string `json:"-"` - // NullFields is a list of field names (e.g. "LongRunning") to include - // in API requests with the JSON null value. By default, fields with - // empty values are omitted from API requests. However, any field with - // an empty value appearing in NullFields will be sent to the server as - // null. It is an error if a field in this list has a non-empty value. - // This may be used to include null fields in Patch requests. + // NullFields is a list of field names (e.g. "AutoPopulatedFields") to + // include in API requests with the JSON null value. By default, fields + // with empty values are omitted from API requests. However, any field + // with an empty value appearing in NullFields will be sent to the + // server as null. It is an error if a field in this list has a + // non-empty value. This may be used to include null fields in Patch + // requests. NullFields []string `json:"-"` } diff --git a/serviceusage/v1/serviceusage-api.json b/serviceusage/v1/serviceusage-api.json index dbd509f028e..df560729b44 100644 --- a/serviceusage/v1/serviceusage-api.json +++ b/serviceusage/v1/serviceusage-api.json @@ -426,7 +426,7 @@ } } }, - "revision": "20231113", + "revision": "20231128", "rootUrl": "https://serviceusage.googleapis.com/", "schemas": { "AddEnableRulesMetadata": { @@ -2367,6 +2367,13 @@ "description": "Describes the generator configuration for a method.", "id": "MethodSettings", "properties": { + "autoPopulatedFields": { + "description": "List of top-level fields of the request message, that should be automatically populated by the client libraries based on their (google.api.field_info).format. Currently supported format: UUID4. Example of a YAML configuration: publishing: method_settings: - selector: google.example.v1.ExampleService.CreateExample auto_populated_fields: - request_id", + "items": { + "type": "string" + }, + "type": "array" + }, "longRunning": { "$ref": "LongRunning", "description": "Describes settings to use for long-running operations when generating API methods for RPCs. Complements RPCs that use the annotations in google/longrunning/operations.proto. Example of a YAML configuration:: publishing: method_settings: - selector: google.cloud.speech.v2.Speech.BatchRecognize long_running: initial_poll_delay: seconds: 60 # 1 minute poll_delay_multiplier: 1.5 max_poll_delay: seconds: 360 # 6 minutes total_poll_timeout: seconds: 54000 # 90 minutes" diff --git a/serviceusage/v1/serviceusage-gen.go b/serviceusage/v1/serviceusage-gen.go index 37348aba616..21f99c7a16c 100644 --- a/serviceusage/v1/serviceusage-gen.go +++ b/serviceusage/v1/serviceusage-gen.go @@ -3556,6 +3556,14 @@ func (s *MethodPolicy) MarshalJSON() ([]byte, error) { // MethodSettings: Describes the generator configuration for a method. type MethodSettings struct { + // AutoPopulatedFields: List of top-level fields of the request message, + // that should be automatically populated by the client libraries based + // on their (google.api.field_info).format. Currently supported format: + // UUID4. Example of a YAML configuration: publishing: method_settings: + // - selector: google.example.v1.ExampleService.CreateExample + // auto_populated_fields: - request_id + AutoPopulatedFields []string `json:"autoPopulatedFields,omitempty"` + // LongRunning: Describes settings to use for long-running operations // when generating API methods for RPCs. Complements RPCs that use the // annotations in google/longrunning/operations.proto. Example of a YAML @@ -3571,20 +3579,21 @@ type MethodSettings struct { // options. Selector string `json:"selector,omitempty"` - // ForceSendFields is a list of field names (e.g. "LongRunning") to - // unconditionally include in API requests. By default, fields with + // ForceSendFields is a list of field names (e.g. "AutoPopulatedFields") + // to unconditionally include in API requests. By default, fields with // empty or default values are omitted from API requests. However, any // non-pointer, non-interface field appearing in ForceSendFields will be // sent to the server regardless of whether the field is empty or not. // This may be used to include empty fields in Patch requests. ForceSendFields []string `json:"-"` - // NullFields is a list of field names (e.g. "LongRunning") to include - // in API requests with the JSON null value. By default, fields with - // empty values are omitted from API requests. However, any field with - // an empty value appearing in NullFields will be sent to the server as - // null. It is an error if a field in this list has a non-empty value. - // This may be used to include null fields in Patch requests. + // NullFields is a list of field names (e.g. "AutoPopulatedFields") to + // include in API requests with the JSON null value. By default, fields + // with empty values are omitted from API requests. However, any field + // with an empty value appearing in NullFields will be sent to the + // server as null. It is an error if a field in this list has a + // non-empty value. This may be used to include null fields in Patch + // requests. NullFields []string `json:"-"` } diff --git a/serviceusage/v1beta1/serviceusage-api.json b/serviceusage/v1beta1/serviceusage-api.json index 1cf5770550d..1ae5280e839 100644 --- a/serviceusage/v1beta1/serviceusage-api.json +++ b/serviceusage/v1beta1/serviceusage-api.json @@ -964,7 +964,7 @@ } } }, - "revision": "20231113", + "revision": "20231128", "rootUrl": "https://serviceusage.googleapis.com/", "schemas": { "AddEnableRulesMetadata": { @@ -3062,6 +3062,13 @@ "description": "Describes the generator configuration for a method.", "id": "MethodSettings", "properties": { + "autoPopulatedFields": { + "description": "List of top-level fields of the request message, that should be automatically populated by the client libraries based on their (google.api.field_info).format. Currently supported format: UUID4. Example of a YAML configuration: publishing: method_settings: - selector: google.example.v1.ExampleService.CreateExample auto_populated_fields: - request_id", + "items": { + "type": "string" + }, + "type": "array" + }, "longRunning": { "$ref": "LongRunning", "description": "Describes settings to use for long-running operations when generating API methods for RPCs. Complements RPCs that use the annotations in google/longrunning/operations.proto. Example of a YAML configuration:: publishing: method_settings: - selector: google.cloud.speech.v2.Speech.BatchRecognize long_running: initial_poll_delay: seconds: 60 # 1 minute poll_delay_multiplier: 1.5 max_poll_delay: seconds: 360 # 6 minutes total_poll_timeout: seconds: 54000 # 90 minutes" diff --git a/serviceusage/v1beta1/serviceusage-gen.go b/serviceusage/v1beta1/serviceusage-gen.go index b719a98338c..4bb013e4204 100644 --- a/serviceusage/v1beta1/serviceusage-gen.go +++ b/serviceusage/v1beta1/serviceusage-gen.go @@ -3855,6 +3855,14 @@ func (s *MethodPolicy) MarshalJSON() ([]byte, error) { // MethodSettings: Describes the generator configuration for a method. type MethodSettings struct { + // AutoPopulatedFields: List of top-level fields of the request message, + // that should be automatically populated by the client libraries based + // on their (google.api.field_info).format. Currently supported format: + // UUID4. Example of a YAML configuration: publishing: method_settings: + // - selector: google.example.v1.ExampleService.CreateExample + // auto_populated_fields: - request_id + AutoPopulatedFields []string `json:"autoPopulatedFields,omitempty"` + // LongRunning: Describes settings to use for long-running operations // when generating API methods for RPCs. Complements RPCs that use the // annotations in google/longrunning/operations.proto. Example of a YAML @@ -3870,20 +3878,21 @@ type MethodSettings struct { // options. Selector string `json:"selector,omitempty"` - // ForceSendFields is a list of field names (e.g. "LongRunning") to - // unconditionally include in API requests. By default, fields with + // ForceSendFields is a list of field names (e.g. "AutoPopulatedFields") + // to unconditionally include in API requests. By default, fields with // empty or default values are omitted from API requests. However, any // non-pointer, non-interface field appearing in ForceSendFields will be // sent to the server regardless of whether the field is empty or not. // This may be used to include empty fields in Patch requests. ForceSendFields []string `json:"-"` - // NullFields is a list of field names (e.g. "LongRunning") to include - // in API requests with the JSON null value. By default, fields with - // empty values are omitted from API requests. However, any field with - // an empty value appearing in NullFields will be sent to the server as - // null. It is an error if a field in this list has a non-empty value. - // This may be used to include null fields in Patch requests. + // NullFields is a list of field names (e.g. "AutoPopulatedFields") to + // include in API requests with the JSON null value. By default, fields + // with empty values are omitted from API requests. However, any field + // with an empty value appearing in NullFields will be sent to the + // server as null. It is an error if a field in this list has a + // non-empty value. This may be used to include null fields in Patch + // requests. NullFields []string `json:"-"` }