Skip to content

Commit

Permalink
feat: Add load balancer, log entry, org policy, database.version, exf…
Browse files Browse the repository at this point in the history
…iltration.total_exfiltrated_bytes, file.disk_path, indicator.signature_type, and kubernetes.objects to finding's list of attributes

PiperOrigin-RevId: 609614842
  • Loading branch information
Google APIs authored and Copybara-Service committed Feb 23, 2024
1 parent 4e6304c commit d2c86cf
Show file tree
Hide file tree
Showing 12 changed files with 337 additions and 60 deletions.
3 changes: 3 additions & 0 deletions google/cloud/securitycenter/v1/BUILD.bazel
Original file line number Diff line number Diff line change
Expand Up @@ -44,11 +44,14 @@ proto_library(
"kernel_rootkit.proto",
"kubernetes.proto",
"label.proto",
"load_balancer.proto",
"log_entry.proto",
"mitre_attack.proto",
"mute_config.proto",
"notification_config.proto",
"notification_message.proto",
"organization_settings.proto",
"org_policy.proto",
"process.proto",
"resource.proto",
"run_asset_discovery_response.proto",
Expand Down
15 changes: 10 additions & 5 deletions google/cloud/securitycenter/v1/database.proto
Original file line number Diff line number Diff line change
Expand Up @@ -31,12 +31,12 @@ option ruby_package = "Google::Cloud::SecurityCenter::V1";
// name](https://google.aip.dev/122#full-resource-names) populated because these
// resource types, such as Cloud SQL databases, are not yet supported by Cloud
// Asset Inventory. In these cases only the display name is provided.
// Some database resources may not have the [full resource
// name](https://google.aip.dev/122#full-resource-names) populated because
// these resource types are not yet supported by Cloud Asset Inventory (e.g.
// Cloud SQL databases). In these cases only the display name will be
// provided.
message Database {
// Some database resources may not have the [full resource
// name](https://google.aip.dev/122#full-resource-names) populated because
// these resource types are not yet supported by Cloud Asset Inventory (e.g.
// Cloud SQL databases). In these cases only the display name will be
// provided.
// The [full resource name](https://google.aip.dev/122#full-resource-names) of
// the database that the user connected to, if it is supported by Cloud Asset
// Inventory.
Expand All @@ -55,4 +55,9 @@ message Database {
// The target usernames, roles, or groups of an SQL privilege grant, which is
// not an IAM policy change.
repeated string grantees = 5;

// The version of the database, for example, POSTGRES_14.
// See [the complete
// list](https://cloud.google.com/sql/docs/mysql/admin-api/rest/v1/SqlDatabaseVersion).
string version = 6;
}
3 changes: 3 additions & 0 deletions google/cloud/securitycenter/v1/exfiltration.proto
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,9 @@ message Exfiltration {
// If there are multiple targets, each target would get a complete copy of the
// "joined" source data.
repeated ExfilResource targets = 2;

// Total exfiltrated bytes processed for the entire job.
int64 total_exfiltrated_bytes = 3;
}

// Resource where data was exfiltrated from or exfiltrated to.
Expand Down
14 changes: 14 additions & 0 deletions google/cloud/securitycenter/v1/file.proto
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,17 @@ option ruby_package = "Google::Cloud::SecurityCenter::V1";
// File information about the related binary/library used by an executable, or
// the script used by a script interpreter
message File {
// Path of the file in terms of underlying disk/partition identifiers.
message DiskPath {
// UUID of the partition (format
// https://wiki.archlinux.org/title/persistent_block_device_naming#by-uuid)
string partition_uuid = 1;

// Relative path of the file in the partition as a JSON encoded string.
// Example: /home/user1/executable_file.sh
string relative_path = 2;
}

// Absolute path of the file as a JSON encoded string.
string path = 1;

Expand All @@ -48,4 +59,7 @@ message File {

// Prefix of the file contents as a JSON-encoded string.
string contents = 6;

// Path of the file in terms of underlying disk/partition identifiers.
DiskPath disk_path = 7;
}
12 changes: 12 additions & 0 deletions google/cloud/securitycenter/v1/finding.proto
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,10 @@ import "google/cloud/securitycenter/v1/iam_binding.proto";
import "google/cloud/securitycenter/v1/indicator.proto";
import "google/cloud/securitycenter/v1/kernel_rootkit.proto";
import "google/cloud/securitycenter/v1/kubernetes.proto";
import "google/cloud/securitycenter/v1/load_balancer.proto";
import "google/cloud/securitycenter/v1/log_entry.proto";
import "google/cloud/securitycenter/v1/mitre_attack.proto";
import "google/cloud/securitycenter/v1/org_policy.proto";
import "google/cloud/securitycenter/v1/process.proto";
import "google/cloud/securitycenter/v1/security_marks.proto";
import "google/cloud/securitycenter/v1/vulnerability.proto";
Expand Down Expand Up @@ -362,9 +365,18 @@ message Finding {
// Signature of the kernel rootkit.
KernelRootkit kernel_rootkit = 50;

// Contains information about the org policies associated with the finding.
repeated OrgPolicy org_policies = 51;

// Represents an application associated with the finding.
Application application = 53;

// Fields related to Backup and DR findings.
BackupDisasterRecovery backup_disaster_recovery = 55;

// Log entries that are relevant to the finding.
repeated LogEntry log_entries = 57;

// The load balancers associated with the finding.
repeated LoadBalancer load_balancers = 58;
}
15 changes: 15 additions & 0 deletions google/cloud/securitycenter/v1/indicator.proto
Original file line number Diff line number Diff line change
Expand Up @@ -59,13 +59,28 @@ message Indicator {
string yara_rule = 5;
}

// Possible resource types to be associated with a signature.
enum SignatureType {
// The default signature type.
SIGNATURE_TYPE_UNSPECIFIED = 0;

// Used for signatures concerning processes.
SIGNATURE_TYPE_PROCESS = 1;

// Used for signatures concerning disks.
SIGNATURE_TYPE_FILE = 2;
}

oneof signature {
// Signature indicating that a binary family was matched.
MemoryHashSignature memory_hash_signature = 6;

// Signature indicating that a YARA rule was matched.
YaraRuleSignature yara_rule_signature = 7;
}

// Describes the type of resource associated with the signature.
SignatureType signature_type = 8;
}

// The list of IP addresses that are associated with the finding.
Expand Down
26 changes: 26 additions & 0 deletions google/cloud/securitycenter/v1/kubernetes.proto
Original file line number Diff line number Diff line change
Expand Up @@ -158,6 +158,29 @@ message Kubernetes {
string version = 7;
}

// Kubernetes object related to the finding, uniquely identified by GKNN.
// Used if the object Kind is not one of Pod, Node, NodePool, Binding, or
// AccessReview.
message Object {
// Kubernetes object group, such as "policy.k8s.io/v1".
string group = 1;

// Kubernetes object kind, such as "Namespace".
string kind = 2;

// Kubernetes object namespace. Must be a valid DNS label. Named
// "ns" to avoid collision with C++ namespace keyword. For details see
// https://kubernetes.io/docs/tasks/administer-cluster/namespaces/.
string ns = 3;

// Kubernetes object name. For details see
// https://kubernetes.io/docs/concepts/overview/working-with-objects/names/.
string name = 4;

// Pod containers associated with this finding, if any.
repeated Container containers = 5;
}

// Kubernetes
// [Pods](https://cloud.google.com/kubernetes-engine/docs/concepts/pod)
// associated with the finding. This field contains Pod records for each
Expand Down Expand Up @@ -187,4 +210,7 @@ message Kubernetes {
// Provides information on any Kubernetes access reviews (privilege checks)
// relevant to the finding.
repeated AccessReview access_reviews = 6;

// Kubernetes objects related to the finding.
repeated Object objects = 7;
}
32 changes: 32 additions & 0 deletions google/cloud/securitycenter/v1/load_balancer.proto
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
// Copyright 2024 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

syntax = "proto3";

package google.cloud.securitycenter.v1;

option csharp_namespace = "Google.Cloud.SecurityCenter.V1";
option go_package = "cloud.google.com/go/securitycenter/apiv1/securitycenterpb;securitycenterpb";
option java_multiple_files = true;
option java_outer_classname = "LoadBalancerProto";
option java_package = "com.google.cloud.securitycenter.v1";
option php_namespace = "Google\\Cloud\\SecurityCenter\\V1";
option ruby_package = "Google::Cloud::SecurityCenter::V1";

// Contains information related to the load balancer associated with the
// finding.
message LoadBalancer {
// The name of the load balancer associated with the finding.
string name = 1;
}
55 changes: 55 additions & 0 deletions google/cloud/securitycenter/v1/log_entry.proto
Original file line number Diff line number Diff line change
@@ -0,0 +1,55 @@
// Copyright 2024 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

syntax = "proto3";

package google.cloud.securitycenter.v1;

import "google/protobuf/timestamp.proto";

option csharp_namespace = "Google.Cloud.SecurityCenter.V1";
option go_package = "cloud.google.com/go/securitycenter/apiv1/securitycenterpb;securitycenterpb";
option java_multiple_files = true;
option java_outer_classname = "LogEntryProto";
option java_package = "com.google.cloud.securitycenter.v1";
option php_namespace = "Google\\Cloud\\SecurityCenter\\V1";
option ruby_package = "Google::Cloud::SecurityCenter::V1";

// An individual entry in a log.
message LogEntry {
oneof log_entry {
// An individual entry in a log stored in Cloud Logging.
CloudLoggingEntry cloud_logging_entry = 1;
}
}

// Metadata taken from a [Cloud Logging
// LogEntry](https://cloud.google.com/logging/docs/reference/v2/rest/v2/LogEntry)
message CloudLoggingEntry {
// A unique identifier for the log entry.
string insert_id = 1;

// The type of the log (part of `log_name`. `log_name` is the resource name of
// the log to which this log entry belongs). For example:
// `cloudresourcemanager.googleapis.com/activity`. Note that this field is not
// URL-encoded, unlike the `LOG_ID` field in `LogEntry`.
string log_id = 2;

// The organization, folder, or project of the monitored resource that
// produced this log entry.
string resource_container = 3;

// The time the event described by the log entry occurred.
google.protobuf.Timestamp timestamp = 4;
}

0 comments on commit d2c86cf

Please sign in to comment.