diff --git a/google/cloud/securitycenter/v1/BUILD.bazel b/google/cloud/securitycenter/v1/BUILD.bazel index 2548ac5c13e67..40171eb3e1ded 100644 --- a/google/cloud/securitycenter/v1/BUILD.bazel +++ b/google/cloud/securitycenter/v1/BUILD.bazel @@ -58,6 +58,7 @@ proto_library( "security_health_analytics_custom_config.proto", "security_health_analytics_custom_module.proto", "security_marks.proto", + "security_posture.proto", "securitycenter_service.proto", "source.proto", "vulnerability.proto", diff --git a/google/cloud/securitycenter/v1/external_system.proto b/google/cloud/securitycenter/v1/external_system.proto index 0e23d6a675f69..3bf44779cb93c 100644 --- a/google/cloud/securitycenter/v1/external_system.proto +++ b/google/cloud/securitycenter/v1/external_system.proto @@ -36,6 +36,29 @@ message ExternalSystem { pattern: "projects/{project}/sources/{source}/findings/{finding}/externalSystems/{externalsystem}" }; + // Information about the ticket, if any, that is being used to track the + // resolution of the issue that is identified by this finding. + message TicketInfo { + // The identifier of the ticket in the ticket system. + string id = 1; + + // The assignee of the ticket in the ticket system. + string assignee = 2; + + // The description of the ticket in the ticket system. + string description = 3; + + // The link to the ticket in the ticket system. + string uri = 4; + + // The latest status of the ticket, as reported by the ticket system. + string status = 5; + + // The time when the ticket was last updated, as reported by the ticket + // system. + google.protobuf.Timestamp update_time = 6; + } + // Full resource name of the external system, for example: // "organizations/1234/sources/5678/findings/123456/externalSystems/jira", // "folders/1234/sources/5678/findings/123456/externalSystems/jira", @@ -45,14 +68,34 @@ message ExternalSystem { // References primary/secondary etc assignees in the external system. repeated string assignees = 2; - // Identifier that's used to track the given finding in the external system. + // The identifier that's used to track the finding's corresponding case in the + // external system. string external_uid = 3; - // Most recent status of the corresponding finding's ticket/tracker in the - // external system. + // The most recent status of the finding's corresponding case, as reported by + // the external system. string status = 4; - // The most recent time when the corresponding finding's ticket/tracker was - // updated in the external system. + // The time when the case was last updated, as reported by the external + // system. google.protobuf.Timestamp external_system_update_time = 5; + + // The link to the finding's corresponding case in the external system. + string case_uri = 6; + + // The priority of the finding's corresponding case in the external system. + string case_priority = 7; + + // The SLA of the finding's corresponding case in the external system. + google.protobuf.Timestamp case_sla = 9; + + // The time when the case was created, as reported by the external system. + google.protobuf.Timestamp case_create_time = 10; + + // The time when the case was closed, as reported by the external system. + google.protobuf.Timestamp case_close_time = 11; + + // Information about the ticket, if any, that is being used to track the + // resolution of the issue that is identified by this finding. + TicketInfo ticket_info = 8; } diff --git a/google/cloud/securitycenter/v1/finding.proto b/google/cloud/securitycenter/v1/finding.proto index 088c9fd3ba259..c79a1e3196639 100644 --- a/google/cloud/securitycenter/v1/finding.proto +++ b/google/cloud/securitycenter/v1/finding.proto @@ -41,6 +41,7 @@ import "google/cloud/securitycenter/v1/mitre_attack.proto"; import "google/cloud/securitycenter/v1/org_policy.proto"; import "google/cloud/securitycenter/v1/process.proto"; import "google/cloud/securitycenter/v1/security_marks.proto"; +import "google/cloud/securitycenter/v1/security_posture.proto"; import "google/cloud/securitycenter/v1/vulnerability.proto"; import "google/protobuf/struct.proto"; import "google/protobuf/timestamp.proto"; @@ -176,6 +177,10 @@ message Finding { // Describes an error that prevents some SCC functionality. SCC_ERROR = 5; + + // Describes a potential security risk due to a change in the security + // posture. + POSTURE_VIOLATION = 6; } // The [relative resource @@ -374,6 +379,9 @@ message Finding { // Fields related to Backup and DR findings. BackupDisasterRecovery backup_disaster_recovery = 55; + // The security posture associated with the finding. + SecurityPosture security_posture = 56; + // Log entries that are relevant to the finding. repeated LogEntry log_entries = 57; diff --git a/google/cloud/securitycenter/v1/security_posture.proto b/google/cloud/securitycenter/v1/security_posture.proto new file mode 100644 index 0000000000000..5367b1e908e53 --- /dev/null +++ b/google/cloud/securitycenter/v1/security_posture.proto @@ -0,0 +1,76 @@ +// Copyright 2024 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +syntax = "proto3"; + +package google.cloud.securitycenter.v1; + +option csharp_namespace = "Google.Cloud.SecurityCenter.V1"; +option go_package = "cloud.google.com/go/securitycenter/apiv1/securitycenterpb;securitycenterpb"; +option java_multiple_files = true; +option java_outer_classname = "SecurityPostureProto"; +option java_package = "com.google.cloud.securitycenter.v1"; +option php_namespace = "Google\\Cloud\\SecurityCenter\\V1"; +option ruby_package = "Google::Cloud::SecurityCenter::V1"; + +// Represents a posture that is deployed on Google Cloud by the +// Security Command Center Posture Management service. +// A posture contains one or more policy sets. A policy set is a +// group of policies that enforce a set of security rules on Google +// Cloud. +message SecurityPosture { + // The policy field that violates the deployed posture and its expected and + // detected values. + message PolicyDriftDetails { + // The name of the updated field, for example + // constraint.implementation.policy_rules[0].enforce + string field = 1; + + // The value of this field that was configured in a posture, for example, + // `true` or `allowed_values={"projects/29831892"}`. + string expected_value = 2; + + // The detected value that violates the deployed posture, for example, + // `false` or `allowed_values={"projects/22831892"}`. + string detected_value = 3; + } + + // Name of the posture, for example, `CIS-Posture`. + string name = 1; + + // The version of the posture, for example, `c7cfa2a8`. + string revision_id = 2; + + // The project, folder, or organization on which the posture is deployed, + // for example, `projects/{project_number}`. + string posture_deployment_resource = 3; + + // The name of the posture deployment, for example, + // `organizations/{org_id}/posturedeployments/{posture_deployment_id}`. + string posture_deployment = 4; + + // The name of the updated policy, for example, + // `projects/{project_id}/policies/{constraint_name}`. + string changed_policy = 5; + + // The name of the updated policyset, for example, `cis-policyset`. + string policy_set = 6; + + // The ID of the updated policy, for example, `compute-policy-1`. + string policy = 7; + + // The details about a change in an updated policy that violates the deployed + // posture. + repeated PolicyDriftDetails policy_drift_details = 8; +}