feat: [securitycenter] enable Dynamic Mute (#5599)

* feat: enable Dynamic Mute
feat: New values `EXPLOITATION_FOR_PRIVILEGE_ESCALATION` corresponding to T1068 and `INDICATOR_REMOVAL_FILE_DELETION` corresponding to T1070.004 are added to enum `Technique`
docs: T1068 is added for value `EXPLOITATION_FOR_PRIVILEGE_ESCALATION` and T1070.004 is added for value `INDICATOR_REMOVAL_FILE_DELETION` for enum `Technique

PiperOrigin-RevId: 658541020

Source-Link: googleapis/googleapis@c37b7f0

Source-Link: googleapis/googleapis-gen@2472a8c
Copy-Tag: eyJwIjoicGFja2FnZXMvZ29vZ2xlLWNsb3VkLXNlY3VyaXR5Y2VudGVyLy5Pd2xCb3QueWFtbCIsImgiOiIyNDcyYThjMGNkMGEyZTk3NTlhZjhlMDQxMzRiZTA4YjZhM2E1ZWQ1In0=

* 🦉 Updates from OwlBot post-processor

See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md

---------

Co-authored-by: Owl Bot <gcf-owl-bot[bot]@users.noreply.github.com>

packages/google-cloud-securitycenter/protos/google/cloud/securitycenter/v2/attack_exposure.proto

@@ -51,7 +51,7 @@ message AttackExposure {
 
   // The resource name of the attack path simulation result that contains the
   // details regarding this attack exposure score.
-  // Example: organizations/123/simulations/456/attackExposureResults/789
+  // Example: `organizations/123/simulations/456/attackExposureResults/789`
   string attack_exposure_result = 3;
 
   // Output only. What state this AttackExposure is in. This captures whether or

packages/google-cloud-securitycenter/protos/google/cloud/securitycenter/v2/attack_path.proto

@@ -41,7 +41,7 @@ message AttackPath {
     // A finding that is associated with this node in the attack path.
     message PathNodeAssociatedFinding {
       // Canonical name of the associated findings. Example:
-      // organizations/123/sources/456/findings/789
+      // `organizations/123/sources/456/findings/789`
       string canonical_finding = 1;
 
       // The additional taxonomy group within findings from a given source.
@@ -90,11 +90,11 @@ message AttackPath {
     // The name of the resource at this point in the attack path.
     // The format of the name follows the Cloud Asset Inventory [resource
     // name
-    // format]("https://cloud.google.com/asset-inventory/docs/resource-name-format")
+    // format](https://cloud.google.com/asset-inventory/docs/resource-name-format)
     string resource = 1;
 
     // The [supported resource
-    // type](https://cloud.google.com/asset-inventory/docs/supported-asset-types")
+    // type](https://cloud.google.com/asset-inventory/docs/supported-asset-types)
     string resource_type = 2;
 
     // Human-readable name of this resource.

packages/google-cloud-securitycenter/protos/google/cloud/securitycenter/v2/bigquery_export.proto

@@ -39,7 +39,7 @@ message BigQueryExport {
     singular: "bigQueryExport"
   };
 
-  // The relative resource name of this export. See:
+  // Identifier. The relative resource name of this export. See:
   // https://cloud.google.com/apis/design/resource_names#relative_resource_name.
   // The following list shows some examples:
   //
@@ -51,7 +51,7 @@ message BigQueryExport {
   //
   // This field is provided in responses, and is ignored when provided in create
   // requests.
-  string name = 1;
+  string name = 1 [(google.api.field_behavior) = IDENTIFIER];
 
   // The description of the export (max of 1024 characters).
   string description = 2;
@@ -80,7 +80,7 @@ message BigQueryExport {
 
   // The dataset to write findings' updates to. Its format is
   // "projects/[project_id]/datasets/[bigquery_dataset_id]".
-  // BigQuery Dataset unique ID  must contain only letters (a-z, A-Z), numbers
+  // BigQuery dataset unique ID  must contain only letters (a-z, A-Z), numbers
   // (0-9), or underscores (_).
   string dataset = 4;
 

packages/google-cloud-securitycenter/protos/google/cloud/securitycenter/v2/finding.proto

@@ -167,6 +167,41 @@ message Finding {
     UNDEFINED = 3;
   }
 
+  // Mute information about the finding, including whether the finding has a
+  // static mute or any matching dynamic mute rules.
+  message MuteInfo {
+    // Information about the static mute state. A static mute state overrides
+    // any dynamic mute rules that apply to this finding. The static mute state
+    // can be set by a static mute rule or by muting the finding directly.
+    message StaticMute {
+      // The static mute state. If the value is `MUTED` or `UNMUTED`, then the
+      // finding's overall mute state will have the same value.
+      Mute state = 1;
+
+      // When the static mute was applied.
+      google.protobuf.Timestamp apply_time = 2;
+    }
+
+    // The record of a dynamic mute rule that matches the finding.
+    message DynamicMuteRecord {
+      // The relative resource name of the mute rule, represented by a mute
+      // config, that created this record, for example
+      // `organizations/123/muteConfigs/mymuteconfig` or
+      // `organizations/123/locations/global/muteConfigs/mymuteconfig`.
+      string mute_config = 1;
+
+      // When the dynamic mute rule first matched the finding.
+      google.protobuf.Timestamp match_time = 2;
+    }
+
+    // If set, the static mute applied to this finding. Static mutes override
+    // dynamic mutes. If unset, there is no static mute.
+    StaticMute static_mute = 1;
+
+    // The list of dynamic mute rules that currently match the finding.
+    repeated DynamicMuteRecord dynamic_mute_records = 2;
+  }
+
   // Represents what kind of Finding it is.
   enum FindingClass {
     // Unspecified finding class.
@@ -300,6 +335,9 @@ message Finding {
   // shouldn't set the value of mute.
   Mute mute = 15;
 
+  // Output only. The mute information regarding this finding.
+  MuteInfo mute_info = 53 [(google.api.field_behavior) = OUTPUT_ONLY];
+
   // The class of the finding.
   FindingClass finding_class = 16;
 

packages/google-cloud-securitycenter/protos/google/cloud/securitycenter/v2/mitre_attack.proto

@@ -78,7 +78,7 @@ message MitreAttack {
 
   // MITRE ATT&CK techniques that can be referenced by SCC findings.
   // See: https://attack.mitre.org/techniques/enterprise/
-  // Next ID: 63
+  // Next ID: 65
   enum Technique {
     // Unspecified value.
     TECHNIQUE_UNSPECIFIED = 0;
@@ -110,12 +110,18 @@ message MitreAttack {
     // T1059.006
     PYTHON = 59;
 
+    // T1068
+    EXPLOITATION_FOR_PRIVILEGE_ESCALATION = 63;
+
     // T1069
     PERMISSION_GROUPS_DISCOVERY = 18;
 
     // T1069.003
     CLOUD_GROUPS = 19;
 
+    // T1070.004
+    INDICATOR_REMOVAL_FILE_DELETION = 64;
+
     // T1071
     APPLICATION_LAYER_PROTOCOL = 45;
 
@@ -257,7 +263,7 @@ message MitreAttack {
     // T1595.001
     SCANNING_IP_BLOCKS = 2;
 
-    // T1613
+    // T1609
     CONTAINER_ADMINISTRATION_COMMAND = 60;
 
     // T1611

packages/google-cloud-securitycenter/protos/google/cloud/securitycenter/v2/mute_config.proto

@@ -52,10 +52,18 @@ message MuteConfig {
     // findings to muted. Once the static mute state has been set, finding or
     // config modifications will not affect the state.
     STATIC = 1;
+
+    // A dynamic mute config, which is applied to existing and future matching
+    // findings, setting their dynamic mute state to "muted". If the config is
+    // updated or deleted, or a matching finding is updated, such that the
+    // finding doesn't match the config, the config will be removed from the
+    // finding, and the finding's dynamic mute state may become "unmuted"
+    // (unless other configs still match).
+    DYNAMIC = 2;
   }
 
-  // This field will be ignored if provided on config creation. The following
-  // list shows some examples of the format:
+  // Identifier. This field will be ignored if provided on config creation. The
+  // following list shows some examples of the format:
   //
   // + `organizations/{organization}/muteConfigs/{mute_config}`
   // +
@@ -64,7 +72,7 @@ message MuteConfig {
   // + `folders/{folder}/locations/{location}/muteConfigs/{mute_config}`
   // + `projects/{project}/muteConfigs/{mute_config}`
   // + `projects/{project}/locations/{location}/muteConfigs/{mute_config}`
-  string name = 1;
+  string name = 1 [(google.api.field_behavior) = IDENTIFIER];
 
   // A description of the mute config.
   string description = 2;
@@ -111,4 +119,10 @@ message MuteConfig {
   // Required. The type of the mute config, which determines what type of mute
   // state the config affects. Immutable after creation.
   MuteConfigType type = 8 [(google.api.field_behavior) = REQUIRED];
+
+  // Optional. The expiry of the mute config. Only applicable for dynamic
+  // configs. If the expiry is set, when the config expires, it is removed from
+  // all findings.
+  google.protobuf.Timestamp expiry_time = 9
+      [(google.api.field_behavior) = OPTIONAL];
 }

packages/google-cloud-securitycenter/protos/google/cloud/securitycenter/v2/notification_config.proto

@@ -72,7 +72,7 @@ message NotificationConfig {
     string filter = 1;
   }
 
-  // The relative resource name of this notification config. See:
+  // Identifier. The relative resource name of this notification config. See:
   // https://cloud.google.com/apis/design/resource_names#relative_resource_name
   // The following list shows some examples:
   // +
@@ -81,7 +81,7 @@ message NotificationConfig {
   // `folders/{folder_id}/locations/{location_id}/notificationConfigs/notify_public_bucket`
   // +
   // `projects/{project_id}/locations/{location_id}/notificationConfigs/notify_public_bucket`
-  string name = 1;
+  string name = 1 [(google.api.field_behavior) = IDENTIFIER];
 
   // The description of the notification config (max of 1024 characters).
   string description = 2;

packages/google-cloud-securitycenter/protos/google/cloud/securitycenter/v2/resource.proto

@@ -64,13 +64,13 @@ message Resource {
 
   // A string representation of the resource path.
   // For Google Cloud, it has the format of
-  // organizations/{organization_id}/folders/{folder_id}/folders/{folder_id}/projects/{project_id}
+  // `organizations/{organization_id}/folders/{folder_id}/folders/{folder_id}/projects/{project_id}`
   // where there can be any number of folders.
   // For AWS, it has the format of
-  // org/{organization_id}/ou/{organizational_unit_id}/ou/{organizational_unit_id}/account/{account_id}
+  // `org/{organization_id}/ou/{organizational_unit_id}/ou/{organizational_unit_id}/account/{account_id}`
   // where there can be any number of organizational units.
   // For Azure, it has the format of
-  // mg/{management_group_id}/mg/{management_group_id}/subscription/{subscription_id}/rg/{resource_group_name}
+  // `mg/{management_group_id}/mg/{management_group_id}/subscription/{subscription_id}/rg/{resource_group_name}`
   // where there can be any number of management groups.
   string resource_path_string = 11;
 }
@@ -168,7 +168,7 @@ message AzureMetadata {
   // Represents an Azure management group.
   message AzureManagementGroup {
     // The UUID of the Azure management group, for example,
-    // "20000000-0001-0000-0000-000000000000".
+    // `20000000-0001-0000-0000-000000000000`.
     string id = 1;
 
     // The display name of the Azure management group.
@@ -178,7 +178,7 @@ message AzureMetadata {
   // Represents an Azure subscription.
   message AzureSubscription {
     // The UUID of the Azure subscription, for example,
-    // "291bba3f-e0a5-47bc-a099-3bdcb2a50a05".
+    // `291bba3f-e0a5-47bc-a099-3bdcb2a50a05`.
     string id = 1;
 
     // The display name of the Azure subscription.

packages/google-cloud-securitycenter/protos/google/cloud/securitycenter/v2/resource_value_config.proto

@@ -53,34 +53,34 @@ message ResourceValueConfig {
     ResourceValue medium_sensitivity_mapping = 2;
   }
 
-  // Name for the resource value configuration
-  string name = 1;
+  // Identifier. Name for the resource value configuration
+  string name = 1 [(google.api.field_behavior) = IDENTIFIER];
 
   // Resource value level this expression represents
-  // Only required when there is no SDP mapping in the request
+  // Only required when there is no Sensitive Data Protection mapping in the
+  // request
   ResourceValue resource_value = 2;
 
-  // Required. Tag values combined with <code>AND</code> to check against.
+  // Tag values combined with `AND` to check against.
   // Values in the form "tagValues/123"
-  // Example: [ "tagValues/123", "tagValues/456", "tagValues/789" ]
+  // Example: `[ "tagValues/123", "tagValues/456", "tagValues/789" ]`
   // https://cloud.google.com/resource-manager/docs/tags/tags-creating-and-managing
-  repeated string tag_values = 3 [(google.api.field_behavior) = REQUIRED];
+  repeated string tag_values = 3;
 
   // Apply resource_value only to resources that match resource_type.
-  // resource_type will be checked with <code>AND</code> of other resources.
+  // resource_type will be checked with `AND` of other resources.
   // For example, "storage.googleapis.com/Bucket" with resource_value "HIGH"
   // will apply "HIGH" value only to "storage.googleapis.com/Bucket" resources.
   string resource_type = 4;
 
   // Project or folder to scope this configuration to.
   // For example, "project/456" would apply this configuration only to resources
-  // in "project/456" scope will be checked with <code>AND</code> of other
-  // resources.
+  // in "project/456" scope and will be checked with `AND` of other resources.
   string scope = 5;
 
-  // List of resource labels to search for, evaluated with <code>AND</code>.
+  // List of resource labels to search for, evaluated with `AND`.
   // For example, "resource_labels_selector": {"key": "value", "env": "prod"}
-  // will match resources with labels "key": "value" <code>AND</code> "env":
+  // will match resources with labels "key": "value" `AND` "env":
   // "prod"
   // https://cloud.google.com/resource-manager/docs/creating-managing-labels
   map<string, string> resource_labels_selector = 6;