diff --git a/docs/dyn/securitycenter_v1.folders.securityHealthAnalyticsSettings.customModules.html b/docs/dyn/securitycenter_v1.folders.securityHealthAnalyticsSettings.customModules.html
index 80bb58cbad..d823c50a1a 100644
--- a/docs/dyn/securitycenter_v1.folders.securityHealthAnalyticsSettings.customModules.html
+++ b/docs/dyn/securitycenter_v1.folders.securityHealthAnalyticsSettings.customModules.html
@@ -669,6 +669,29 @@ Method Details
},
"canonicalName": "A String", # The canonical name of the finding. It's either "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}", "folders/{folder_id}/sources/{source_id}/findings/{finding_id}" or "projects/{project_number}/sources/{source_id}/findings/{finding_id}", depending on the closest CRM ancestor of the resource associated with the finding.
"category": "A String", # The additional taxonomy group within findings from a given source. This field is immutable after creation time. Example: "XSS_FLASH_INJECTION"
+ "cloudArmor": { # Fields related to Google Cloud Armor findings. # Fields related to Cloud Armor findings.
+ "adaptiveProtection": { # Information about [Google Cloud Armor Adaptive Protection](https://cloud.google.com/armor/docs/cloud-armor-overview#google-cloud-armor-adaptive-protection). # Information about potential Layer 7 DDoS attacks identified by [Google Cloud Armor Adaptive Protection](https://cloud.google.com/armor/docs/adaptive-protection-overview).
+ "confidence": 3.14, # A score of 0 means that there is low confidence that the detected event is an actual attack. A score of 1 means that there is high confidence that the detected event is an attack. See the [Adaptive Protection documentation](https://cloud.google.com/armor/docs/adaptive-protection-overview#configure-alert-tuning) for further explanation.
+ },
+ "attack": { # Information about DDoS attack volume and classification. # Information about DDoS attack volume and classification.
+ "classification": "A String", # Type of attack, for example, ‘SYN-flood’, ‘NTP-udp’, or ‘CHARGEN-udp’.
+ "volumeBps": 42, # Total BPS (bytes per second) volume of attack.
+ "volumePps": 42, # Total PPS (packets per second) volume of attack.
+ },
+ "duration": "A String", # Duration of attack from the start until the current moment (updated every 5 minutes).
+ "requests": { # Information about the requests relevant to the finding. # Information about incoming requests evaluated by [Google Cloud Armor security policies](https://cloud.google.com/armor/docs/security-policy-overview).
+ "longTermAllowed": 42, # Allowed RPS (requests per second) over the long term.
+ "longTermDenied": 42, # Denied RPS (requests per second) over the long term.
+ "ratio": 3.14, # For 'Increasing deny ratio', the ratio is the denied traffic divided by the allowed traffic. For 'Allowed traffic spike', the ratio is the allowed traffic in the short term divided by allowed traffic in the long term.
+ "shortTermAllowed": 42, # Allowed RPS (requests per second) in the short term.
+ },
+ "securityPolicy": { # Information about the [Google Cloud Armor security policy](https://cloud.google.com/armor/docs/security-policy-overview) relevant to the finding. # Information about the [Google Cloud Armor security policy](https://cloud.google.com/armor/docs/security-policy-overview) relevant to the finding.
+ "name": "A String", # The name of the Google Cloud Armor security policy, for example, "my-security-policy".
+ "preview": True or False, # Whether or not the associated rule or policy is in preview mode.
+ "type": "A String", # The type of Google Cloud Armor security policy for example, ‘backend security policy’, ‘edge security policy’, ‘network edge security policy’, or ‘always-on DDoS protection’.
+ },
+ "threatVector": "A String", # Distinguish between volumetric & protocol DDoS attack and application layer attacks. For example, “L3_4” for Layer 3 and Layer 4 DDoS attacks, or “L_7” for Layer 7 DDoS attacks.
+ },
"cloudDlpDataProfile": { # The [data profile](https://cloud.google.com/dlp/docs/data-profiles) associated with the finding. # Cloud DLP data profile that is associated with the finding.
"dataProfile": "A String", # Name of the data profile, for example, `projects/123/locations/europe/tableProfiles/8383929`.
"parentType": "A String", # The resource hierarchy level at which the data profile was generated.
@@ -973,6 +996,12 @@ Method Details
"muteUpdateTime": "A String", # Output only. The most recent time this finding was muted or unmuted.
"name": "A String", # The [relative resource name](https://cloud.google.com/apis/design/resource_names#relative_resource_name) of the finding. Example: "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}", "folders/{folder_id}/sources/{source_id}/findings/{finding_id}", "projects/{project_id}/sources/{source_id}/findings/{finding_id}".
"nextSteps": "A String", # Steps to address the finding.
+ "notebook": { # Represents a Jupyter notebook IPYNB file, such as a [Colab Enterprise notebook](https://cloud.google.com/colab/docs/introduction) file, that is associated with a finding. # Notebook associated with the finding.
+ "lastAuthor": "A String", # The user ID of the latest author to modify the notebook.
+ "name": "A String", # The name of the notebook.
+ "notebookUpdateTime": "A String", # The most recent time the notebook was updated.
+ "service": "A String", # The source notebook service, for example, "Colab Enterprise".
+ },
"orgPolicies": [ # Contains information about the org policies associated with the finding.
{ # Contains information about the org policies associated with the finding.
"name": "A String", # The resource name of the org policy. Example: "organizations/{organization_id}/policies/{constraint_name}"
diff --git a/docs/dyn/securitycenter_v1.folders.sources.findings.html b/docs/dyn/securitycenter_v1.folders.sources.findings.html
index 2ae1cb7050..26b5ce22e4 100644
--- a/docs/dyn/securitycenter_v1.folders.sources.findings.html
+++ b/docs/dyn/securitycenter_v1.folders.sources.findings.html
@@ -245,6 +245,29 @@ Method Details
},
"canonicalName": "A String", # The canonical name of the finding. It's either "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}", "folders/{folder_id}/sources/{source_id}/findings/{finding_id}" or "projects/{project_number}/sources/{source_id}/findings/{finding_id}", depending on the closest CRM ancestor of the resource associated with the finding.
"category": "A String", # The additional taxonomy group within findings from a given source. This field is immutable after creation time. Example: "XSS_FLASH_INJECTION"
+ "cloudArmor": { # Fields related to Google Cloud Armor findings. # Fields related to Cloud Armor findings.
+ "adaptiveProtection": { # Information about [Google Cloud Armor Adaptive Protection](https://cloud.google.com/armor/docs/cloud-armor-overview#google-cloud-armor-adaptive-protection). # Information about potential Layer 7 DDoS attacks identified by [Google Cloud Armor Adaptive Protection](https://cloud.google.com/armor/docs/adaptive-protection-overview).
+ "confidence": 3.14, # A score of 0 means that there is low confidence that the detected event is an actual attack. A score of 1 means that there is high confidence that the detected event is an attack. See the [Adaptive Protection documentation](https://cloud.google.com/armor/docs/adaptive-protection-overview#configure-alert-tuning) for further explanation.
+ },
+ "attack": { # Information about DDoS attack volume and classification. # Information about DDoS attack volume and classification.
+ "classification": "A String", # Type of attack, for example, ‘SYN-flood’, ‘NTP-udp’, or ‘CHARGEN-udp’.
+ "volumeBps": 42, # Total BPS (bytes per second) volume of attack.
+ "volumePps": 42, # Total PPS (packets per second) volume of attack.
+ },
+ "duration": "A String", # Duration of attack from the start until the current moment (updated every 5 minutes).
+ "requests": { # Information about the requests relevant to the finding. # Information about incoming requests evaluated by [Google Cloud Armor security policies](https://cloud.google.com/armor/docs/security-policy-overview).
+ "longTermAllowed": 42, # Allowed RPS (requests per second) over the long term.
+ "longTermDenied": 42, # Denied RPS (requests per second) over the long term.
+ "ratio": 3.14, # For 'Increasing deny ratio', the ratio is the denied traffic divided by the allowed traffic. For 'Allowed traffic spike', the ratio is the allowed traffic in the short term divided by allowed traffic in the long term.
+ "shortTermAllowed": 42, # Allowed RPS (requests per second) in the short term.
+ },
+ "securityPolicy": { # Information about the [Google Cloud Armor security policy](https://cloud.google.com/armor/docs/security-policy-overview) relevant to the finding. # Information about the [Google Cloud Armor security policy](https://cloud.google.com/armor/docs/security-policy-overview) relevant to the finding.
+ "name": "A String", # The name of the Google Cloud Armor security policy, for example, "my-security-policy".
+ "preview": True or False, # Whether or not the associated rule or policy is in preview mode.
+ "type": "A String", # The type of Google Cloud Armor security policy for example, ‘backend security policy’, ‘edge security policy’, ‘network edge security policy’, or ‘always-on DDoS protection’.
+ },
+ "threatVector": "A String", # Distinguish between volumetric & protocol DDoS attack and application layer attacks. For example, “L3_4” for Layer 3 and Layer 4 DDoS attacks, or “L_7” for Layer 7 DDoS attacks.
+ },
"cloudDlpDataProfile": { # The [data profile](https://cloud.google.com/dlp/docs/data-profiles) associated with the finding. # Cloud DLP data profile that is associated with the finding.
"dataProfile": "A String", # Name of the data profile, for example, `projects/123/locations/europe/tableProfiles/8383929`.
"parentType": "A String", # The resource hierarchy level at which the data profile was generated.
@@ -549,6 +572,12 @@ Method Details
"muteUpdateTime": "A String", # Output only. The most recent time this finding was muted or unmuted.
"name": "A String", # The [relative resource name](https://cloud.google.com/apis/design/resource_names#relative_resource_name) of the finding. Example: "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}", "folders/{folder_id}/sources/{source_id}/findings/{finding_id}", "projects/{project_id}/sources/{source_id}/findings/{finding_id}".
"nextSteps": "A String", # Steps to address the finding.
+ "notebook": { # Represents a Jupyter notebook IPYNB file, such as a [Colab Enterprise notebook](https://cloud.google.com/colab/docs/introduction) file, that is associated with a finding. # Notebook associated with the finding.
+ "lastAuthor": "A String", # The user ID of the latest author to modify the notebook.
+ "name": "A String", # The name of the notebook.
+ "notebookUpdateTime": "A String", # The most recent time the notebook was updated.
+ "service": "A String", # The source notebook service, for example, "Colab Enterprise".
+ },
"orgPolicies": [ # Contains information about the org policies associated with the finding.
{ # Contains information about the org policies associated with the finding.
"name": "A String", # The resource name of the org policy. Example: "organizations/{organization_id}/policies/{constraint_name}"
@@ -687,6 +716,22 @@ Method Details
},
},
"resource": { # Information related to the Google Cloud resource that is associated with this finding. # Output only. Resource that is associated with this finding.
+ "awsMetadata": { # AWS metadata associated with the resource, only applicable if the finding's cloud provider is Amazon Web Services. # The AWS metadata associated with the finding.
+ "account": { # An AWS account that is a member of an organization. # The AWS account associated with the resource.
+ "id": "A String", # The unique identifier (ID) of the account, containing exactly 12 digits.
+ "name": "A String", # The friendly name of this account.
+ },
+ "organization": { # An organization is a collection of accounts that are centrally managed together using consolidated billing, organized hierarchically with organizational units (OUs), and controlled with policies. # The AWS organization associated with the resource.
+ "id": "A String", # The unique identifier (ID) for the organization. The regex pattern for an organization ID string requires "o-" followed by from 10 to 32 lowercase letters or digits.
+ },
+ "organizationalUnits": [ # A list of AWS organizational units associated with the resource, ordered from lowest level (closest to the account) to highest level.
+ { # An Organizational Unit (OU) is a container of AWS accounts within a root of an organization. Policies that are attached to an OU apply to all accounts contained in that OU and in any child OUs.
+ "id": "A String", # The unique identifier (ID) associated with this OU. The regex pattern for an organizational unit ID string requires "ou-" followed by from 4 to 32 lowercase letters or digits (the ID of the root that contains the OU). This string is followed by a second "-" dash and from 8 to 32 additional lowercase letters or digits. For example, "ou-ab12-cd34ef56".
+ "name": "A String", # The friendly name of the OU.
+ },
+ ],
+ },
+ "cloudProvider": "A String", # Indicates which cloud provider the finding is from.
"displayName": "A String", # The human readable name of the resource.
"folders": [ # Contains a Folder message for each folder in the assets ancestry. The first folder is the deepest nested folder, and the last folder is the folder directly under the Organization.
{ # Message that contains the resource name and display name of a folder resource.
@@ -694,11 +739,24 @@ Method Details
"resourceFolderDisplayName": "A String", # The user defined display name for this folder.
},
],
+ "location": "A String", # The region or location of the service (if applicable).
"name": "A String", # The full resource name of the resource. See: https://cloud.google.com/apis/design/resource_names#full_resource_name
+ "organization": "A String", # Indicates which organization / tenant the finding is for.
"parentDisplayName": "A String", # The human readable name of resource's parent.
"parentName": "A String", # The full resource name of resource's parent.
"projectDisplayName": "A String", # The project ID that the resource belongs to.
"projectName": "A String", # The full resource name of project that the resource belongs to.
+ "resourcePath": { # Represents the path of resources leading up to the resource this finding is about. # Provides the path to the resource within the resource hierarchy.
+ "nodes": [ # The list of nodes that make the up resource path, ordered from lowest level to highest level.
+ { # A node within the resource path. Each node represents a resource within the resource hierarchy.
+ "displayName": "A String", # The display name of the resource this node represents.
+ "id": "A String", # The ID of the resource this node represents.
+ "nodeType": "A String", # The type of resource this node represents.
+ },
+ ],
+ },
+ "resourcePathString": "A String", # A string representation of the resource path. For GCP, it has the format of: org/{organization_id}/folder/{folder_id}/folder/{folder_id}/project/{project_id} where there can be any number of folders. For AWS, it has the format of: org/{organization_id}/ou/{organizational_unit_id}/ou/{organizational_unit_id}/account/{account_id} where there can be any number of organizational units. For Azure, it has the format of: mg/{management_group_id}/mg/{management_group_id}/subscription/{subscription_id}/rg/{resource_group_name} where there can be any number of management groups.
+ "service": "A String", # The service or resource provider associated with the resource.
"type": "A String", # The full resource type of the resource.
},
"stateChange": "A String", # State change of the finding between the points in time.
@@ -787,6 +845,29 @@ Method Details
},
"canonicalName": "A String", # The canonical name of the finding. It's either "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}", "folders/{folder_id}/sources/{source_id}/findings/{finding_id}" or "projects/{project_number}/sources/{source_id}/findings/{finding_id}", depending on the closest CRM ancestor of the resource associated with the finding.
"category": "A String", # The additional taxonomy group within findings from a given source. This field is immutable after creation time. Example: "XSS_FLASH_INJECTION"
+ "cloudArmor": { # Fields related to Google Cloud Armor findings. # Fields related to Cloud Armor findings.
+ "adaptiveProtection": { # Information about [Google Cloud Armor Adaptive Protection](https://cloud.google.com/armor/docs/cloud-armor-overview#google-cloud-armor-adaptive-protection). # Information about potential Layer 7 DDoS attacks identified by [Google Cloud Armor Adaptive Protection](https://cloud.google.com/armor/docs/adaptive-protection-overview).
+ "confidence": 3.14, # A score of 0 means that there is low confidence that the detected event is an actual attack. A score of 1 means that there is high confidence that the detected event is an attack. See the [Adaptive Protection documentation](https://cloud.google.com/armor/docs/adaptive-protection-overview#configure-alert-tuning) for further explanation.
+ },
+ "attack": { # Information about DDoS attack volume and classification. # Information about DDoS attack volume and classification.
+ "classification": "A String", # Type of attack, for example, ‘SYN-flood’, ‘NTP-udp’, or ‘CHARGEN-udp’.
+ "volumeBps": 42, # Total BPS (bytes per second) volume of attack.
+ "volumePps": 42, # Total PPS (packets per second) volume of attack.
+ },
+ "duration": "A String", # Duration of attack from the start until the current moment (updated every 5 minutes).
+ "requests": { # Information about the requests relevant to the finding. # Information about incoming requests evaluated by [Google Cloud Armor security policies](https://cloud.google.com/armor/docs/security-policy-overview).
+ "longTermAllowed": 42, # Allowed RPS (requests per second) over the long term.
+ "longTermDenied": 42, # Denied RPS (requests per second) over the long term.
+ "ratio": 3.14, # For 'Increasing deny ratio', the ratio is the denied traffic divided by the allowed traffic. For 'Allowed traffic spike', the ratio is the allowed traffic in the short term divided by allowed traffic in the long term.
+ "shortTermAllowed": 42, # Allowed RPS (requests per second) in the short term.
+ },
+ "securityPolicy": { # Information about the [Google Cloud Armor security policy](https://cloud.google.com/armor/docs/security-policy-overview) relevant to the finding. # Information about the [Google Cloud Armor security policy](https://cloud.google.com/armor/docs/security-policy-overview) relevant to the finding.
+ "name": "A String", # The name of the Google Cloud Armor security policy, for example, "my-security-policy".
+ "preview": True or False, # Whether or not the associated rule or policy is in preview mode.
+ "type": "A String", # The type of Google Cloud Armor security policy for example, ‘backend security policy’, ‘edge security policy’, ‘network edge security policy’, or ‘always-on DDoS protection’.
+ },
+ "threatVector": "A String", # Distinguish between volumetric & protocol DDoS attack and application layer attacks. For example, “L3_4” for Layer 3 and Layer 4 DDoS attacks, or “L_7” for Layer 7 DDoS attacks.
+ },
"cloudDlpDataProfile": { # The [data profile](https://cloud.google.com/dlp/docs/data-profiles) associated with the finding. # Cloud DLP data profile that is associated with the finding.
"dataProfile": "A String", # Name of the data profile, for example, `projects/123/locations/europe/tableProfiles/8383929`.
"parentType": "A String", # The resource hierarchy level at which the data profile was generated.
@@ -1091,6 +1172,12 @@ Method Details
"muteUpdateTime": "A String", # Output only. The most recent time this finding was muted or unmuted.
"name": "A String", # The [relative resource name](https://cloud.google.com/apis/design/resource_names#relative_resource_name) of the finding. Example: "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}", "folders/{folder_id}/sources/{source_id}/findings/{finding_id}", "projects/{project_id}/sources/{source_id}/findings/{finding_id}".
"nextSteps": "A String", # Steps to address the finding.
+ "notebook": { # Represents a Jupyter notebook IPYNB file, such as a [Colab Enterprise notebook](https://cloud.google.com/colab/docs/introduction) file, that is associated with a finding. # Notebook associated with the finding.
+ "lastAuthor": "A String", # The user ID of the latest author to modify the notebook.
+ "name": "A String", # The name of the notebook.
+ "notebookUpdateTime": "A String", # The most recent time the notebook was updated.
+ "service": "A String", # The source notebook service, for example, "Colab Enterprise".
+ },
"orgPolicies": [ # Contains information about the org policies associated with the finding.
{ # Contains information about the org policies associated with the finding.
"name": "A String", # The resource name of the org policy. Example: "organizations/{organization_id}/policies/{constraint_name}"
@@ -1292,6 +1379,29 @@ Method Details
},
"canonicalName": "A String", # The canonical name of the finding. It's either "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}", "folders/{folder_id}/sources/{source_id}/findings/{finding_id}" or "projects/{project_number}/sources/{source_id}/findings/{finding_id}", depending on the closest CRM ancestor of the resource associated with the finding.
"category": "A String", # The additional taxonomy group within findings from a given source. This field is immutable after creation time. Example: "XSS_FLASH_INJECTION"
+ "cloudArmor": { # Fields related to Google Cloud Armor findings. # Fields related to Cloud Armor findings.
+ "adaptiveProtection": { # Information about [Google Cloud Armor Adaptive Protection](https://cloud.google.com/armor/docs/cloud-armor-overview#google-cloud-armor-adaptive-protection). # Information about potential Layer 7 DDoS attacks identified by [Google Cloud Armor Adaptive Protection](https://cloud.google.com/armor/docs/adaptive-protection-overview).
+ "confidence": 3.14, # A score of 0 means that there is low confidence that the detected event is an actual attack. A score of 1 means that there is high confidence that the detected event is an attack. See the [Adaptive Protection documentation](https://cloud.google.com/armor/docs/adaptive-protection-overview#configure-alert-tuning) for further explanation.
+ },
+ "attack": { # Information about DDoS attack volume and classification. # Information about DDoS attack volume and classification.
+ "classification": "A String", # Type of attack, for example, ‘SYN-flood’, ‘NTP-udp’, or ‘CHARGEN-udp’.
+ "volumeBps": 42, # Total BPS (bytes per second) volume of attack.
+ "volumePps": 42, # Total PPS (packets per second) volume of attack.
+ },
+ "duration": "A String", # Duration of attack from the start until the current moment (updated every 5 minutes).
+ "requests": { # Information about the requests relevant to the finding. # Information about incoming requests evaluated by [Google Cloud Armor security policies](https://cloud.google.com/armor/docs/security-policy-overview).
+ "longTermAllowed": 42, # Allowed RPS (requests per second) over the long term.
+ "longTermDenied": 42, # Denied RPS (requests per second) over the long term.
+ "ratio": 3.14, # For 'Increasing deny ratio', the ratio is the denied traffic divided by the allowed traffic. For 'Allowed traffic spike', the ratio is the allowed traffic in the short term divided by allowed traffic in the long term.
+ "shortTermAllowed": 42, # Allowed RPS (requests per second) in the short term.
+ },
+ "securityPolicy": { # Information about the [Google Cloud Armor security policy](https://cloud.google.com/armor/docs/security-policy-overview) relevant to the finding. # Information about the [Google Cloud Armor security policy](https://cloud.google.com/armor/docs/security-policy-overview) relevant to the finding.
+ "name": "A String", # The name of the Google Cloud Armor security policy, for example, "my-security-policy".
+ "preview": True or False, # Whether or not the associated rule or policy is in preview mode.
+ "type": "A String", # The type of Google Cloud Armor security policy for example, ‘backend security policy’, ‘edge security policy’, ‘network edge security policy’, or ‘always-on DDoS protection’.
+ },
+ "threatVector": "A String", # Distinguish between volumetric & protocol DDoS attack and application layer attacks. For example, “L3_4” for Layer 3 and Layer 4 DDoS attacks, or “L_7” for Layer 7 DDoS attacks.
+ },
"cloudDlpDataProfile": { # The [data profile](https://cloud.google.com/dlp/docs/data-profiles) associated with the finding. # Cloud DLP data profile that is associated with the finding.
"dataProfile": "A String", # Name of the data profile, for example, `projects/123/locations/europe/tableProfiles/8383929`.
"parentType": "A String", # The resource hierarchy level at which the data profile was generated.
@@ -1596,6 +1706,12 @@ Method Details
"muteUpdateTime": "A String", # Output only. The most recent time this finding was muted or unmuted.
"name": "A String", # The [relative resource name](https://cloud.google.com/apis/design/resource_names#relative_resource_name) of the finding. Example: "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}", "folders/{folder_id}/sources/{source_id}/findings/{finding_id}", "projects/{project_id}/sources/{source_id}/findings/{finding_id}".
"nextSteps": "A String", # Steps to address the finding.
+ "notebook": { # Represents a Jupyter notebook IPYNB file, such as a [Colab Enterprise notebook](https://cloud.google.com/colab/docs/introduction) file, that is associated with a finding. # Notebook associated with the finding.
+ "lastAuthor": "A String", # The user ID of the latest author to modify the notebook.
+ "name": "A String", # The name of the notebook.
+ "notebookUpdateTime": "A String", # The most recent time the notebook was updated.
+ "service": "A String", # The source notebook service, for example, "Colab Enterprise".
+ },
"orgPolicies": [ # Contains information about the org policies associated with the finding.
{ # Contains information about the org policies associated with the finding.
"name": "A String", # The resource name of the org policy. Example: "organizations/{organization_id}/policies/{constraint_name}"
@@ -1810,6 +1926,29 @@ Method Details
},
"canonicalName": "A String", # The canonical name of the finding. It's either "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}", "folders/{folder_id}/sources/{source_id}/findings/{finding_id}" or "projects/{project_number}/sources/{source_id}/findings/{finding_id}", depending on the closest CRM ancestor of the resource associated with the finding.
"category": "A String", # The additional taxonomy group within findings from a given source. This field is immutable after creation time. Example: "XSS_FLASH_INJECTION"
+ "cloudArmor": { # Fields related to Google Cloud Armor findings. # Fields related to Cloud Armor findings.
+ "adaptiveProtection": { # Information about [Google Cloud Armor Adaptive Protection](https://cloud.google.com/armor/docs/cloud-armor-overview#google-cloud-armor-adaptive-protection). # Information about potential Layer 7 DDoS attacks identified by [Google Cloud Armor Adaptive Protection](https://cloud.google.com/armor/docs/adaptive-protection-overview).
+ "confidence": 3.14, # A score of 0 means that there is low confidence that the detected event is an actual attack. A score of 1 means that there is high confidence that the detected event is an attack. See the [Adaptive Protection documentation](https://cloud.google.com/armor/docs/adaptive-protection-overview#configure-alert-tuning) for further explanation.
+ },
+ "attack": { # Information about DDoS attack volume and classification. # Information about DDoS attack volume and classification.
+ "classification": "A String", # Type of attack, for example, ‘SYN-flood’, ‘NTP-udp’, or ‘CHARGEN-udp’.
+ "volumeBps": 42, # Total BPS (bytes per second) volume of attack.
+ "volumePps": 42, # Total PPS (packets per second) volume of attack.
+ },
+ "duration": "A String", # Duration of attack from the start until the current moment (updated every 5 minutes).
+ "requests": { # Information about the requests relevant to the finding. # Information about incoming requests evaluated by [Google Cloud Armor security policies](https://cloud.google.com/armor/docs/security-policy-overview).
+ "longTermAllowed": 42, # Allowed RPS (requests per second) over the long term.
+ "longTermDenied": 42, # Denied RPS (requests per second) over the long term.
+ "ratio": 3.14, # For 'Increasing deny ratio', the ratio is the denied traffic divided by the allowed traffic. For 'Allowed traffic spike', the ratio is the allowed traffic in the short term divided by allowed traffic in the long term.
+ "shortTermAllowed": 42, # Allowed RPS (requests per second) in the short term.
+ },
+ "securityPolicy": { # Information about the [Google Cloud Armor security policy](https://cloud.google.com/armor/docs/security-policy-overview) relevant to the finding. # Information about the [Google Cloud Armor security policy](https://cloud.google.com/armor/docs/security-policy-overview) relevant to the finding.
+ "name": "A String", # The name of the Google Cloud Armor security policy, for example, "my-security-policy".
+ "preview": True or False, # Whether or not the associated rule or policy is in preview mode.
+ "type": "A String", # The type of Google Cloud Armor security policy for example, ‘backend security policy’, ‘edge security policy’, ‘network edge security policy’, or ‘always-on DDoS protection’.
+ },
+ "threatVector": "A String", # Distinguish between volumetric & protocol DDoS attack and application layer attacks. For example, “L3_4” for Layer 3 and Layer 4 DDoS attacks, or “L_7” for Layer 7 DDoS attacks.
+ },
"cloudDlpDataProfile": { # The [data profile](https://cloud.google.com/dlp/docs/data-profiles) associated with the finding. # Cloud DLP data profile that is associated with the finding.
"dataProfile": "A String", # Name of the data profile, for example, `projects/123/locations/europe/tableProfiles/8383929`.
"parentType": "A String", # The resource hierarchy level at which the data profile was generated.
@@ -2114,6 +2253,12 @@ Method Details
"muteUpdateTime": "A String", # Output only. The most recent time this finding was muted or unmuted.
"name": "A String", # The [relative resource name](https://cloud.google.com/apis/design/resource_names#relative_resource_name) of the finding. Example: "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}", "folders/{folder_id}/sources/{source_id}/findings/{finding_id}", "projects/{project_id}/sources/{source_id}/findings/{finding_id}".
"nextSteps": "A String", # Steps to address the finding.
+ "notebook": { # Represents a Jupyter notebook IPYNB file, such as a [Colab Enterprise notebook](https://cloud.google.com/colab/docs/introduction) file, that is associated with a finding. # Notebook associated with the finding.
+ "lastAuthor": "A String", # The user ID of the latest author to modify the notebook.
+ "name": "A String", # The name of the notebook.
+ "notebookUpdateTime": "A String", # The most recent time the notebook was updated.
+ "service": "A String", # The source notebook service, for example, "Colab Enterprise".
+ },
"orgPolicies": [ # Contains information about the org policies associated with the finding.
{ # Contains information about the org policies associated with the finding.
"name": "A String", # The resource name of the org policy. Example: "organizations/{organization_id}/policies/{constraint_name}"
@@ -2329,6 +2474,29 @@ Method Details
},
"canonicalName": "A String", # The canonical name of the finding. It's either "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}", "folders/{folder_id}/sources/{source_id}/findings/{finding_id}" or "projects/{project_number}/sources/{source_id}/findings/{finding_id}", depending on the closest CRM ancestor of the resource associated with the finding.
"category": "A String", # The additional taxonomy group within findings from a given source. This field is immutable after creation time. Example: "XSS_FLASH_INJECTION"
+ "cloudArmor": { # Fields related to Google Cloud Armor findings. # Fields related to Cloud Armor findings.
+ "adaptiveProtection": { # Information about [Google Cloud Armor Adaptive Protection](https://cloud.google.com/armor/docs/cloud-armor-overview#google-cloud-armor-adaptive-protection). # Information about potential Layer 7 DDoS attacks identified by [Google Cloud Armor Adaptive Protection](https://cloud.google.com/armor/docs/adaptive-protection-overview).
+ "confidence": 3.14, # A score of 0 means that there is low confidence that the detected event is an actual attack. A score of 1 means that there is high confidence that the detected event is an attack. See the [Adaptive Protection documentation](https://cloud.google.com/armor/docs/adaptive-protection-overview#configure-alert-tuning) for further explanation.
+ },
+ "attack": { # Information about DDoS attack volume and classification. # Information about DDoS attack volume and classification.
+ "classification": "A String", # Type of attack, for example, ‘SYN-flood’, ‘NTP-udp’, or ‘CHARGEN-udp’.
+ "volumeBps": 42, # Total BPS (bytes per second) volume of attack.
+ "volumePps": 42, # Total PPS (packets per second) volume of attack.
+ },
+ "duration": "A String", # Duration of attack from the start until the current moment (updated every 5 minutes).
+ "requests": { # Information about the requests relevant to the finding. # Information about incoming requests evaluated by [Google Cloud Armor security policies](https://cloud.google.com/armor/docs/security-policy-overview).
+ "longTermAllowed": 42, # Allowed RPS (requests per second) over the long term.
+ "longTermDenied": 42, # Denied RPS (requests per second) over the long term.
+ "ratio": 3.14, # For 'Increasing deny ratio', the ratio is the denied traffic divided by the allowed traffic. For 'Allowed traffic spike', the ratio is the allowed traffic in the short term divided by allowed traffic in the long term.
+ "shortTermAllowed": 42, # Allowed RPS (requests per second) in the short term.
+ },
+ "securityPolicy": { # Information about the [Google Cloud Armor security policy](https://cloud.google.com/armor/docs/security-policy-overview) relevant to the finding. # Information about the [Google Cloud Armor security policy](https://cloud.google.com/armor/docs/security-policy-overview) relevant to the finding.
+ "name": "A String", # The name of the Google Cloud Armor security policy, for example, "my-security-policy".
+ "preview": True or False, # Whether or not the associated rule or policy is in preview mode.
+ "type": "A String", # The type of Google Cloud Armor security policy for example, ‘backend security policy’, ‘edge security policy’, ‘network edge security policy’, or ‘always-on DDoS protection’.
+ },
+ "threatVector": "A String", # Distinguish between volumetric & protocol DDoS attack and application layer attacks. For example, “L3_4” for Layer 3 and Layer 4 DDoS attacks, or “L_7” for Layer 7 DDoS attacks.
+ },
"cloudDlpDataProfile": { # The [data profile](https://cloud.google.com/dlp/docs/data-profiles) associated with the finding. # Cloud DLP data profile that is associated with the finding.
"dataProfile": "A String", # Name of the data profile, for example, `projects/123/locations/europe/tableProfiles/8383929`.
"parentType": "A String", # The resource hierarchy level at which the data profile was generated.
@@ -2633,6 +2801,12 @@ Method Details
"muteUpdateTime": "A String", # Output only. The most recent time this finding was muted or unmuted.
"name": "A String", # The [relative resource name](https://cloud.google.com/apis/design/resource_names#relative_resource_name) of the finding. Example: "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}", "folders/{folder_id}/sources/{source_id}/findings/{finding_id}", "projects/{project_id}/sources/{source_id}/findings/{finding_id}".
"nextSteps": "A String", # Steps to address the finding.
+ "notebook": { # Represents a Jupyter notebook IPYNB file, such as a [Colab Enterprise notebook](https://cloud.google.com/colab/docs/introduction) file, that is associated with a finding. # Notebook associated with the finding.
+ "lastAuthor": "A String", # The user ID of the latest author to modify the notebook.
+ "name": "A String", # The name of the notebook.
+ "notebookUpdateTime": "A String", # The most recent time the notebook was updated.
+ "service": "A String", # The source notebook service, for example, "Colab Enterprise".
+ },
"orgPolicies": [ # Contains information about the org policies associated with the finding.
{ # Contains information about the org policies associated with the finding.
"name": "A String", # The resource name of the org policy. Example: "organizations/{organization_id}/policies/{constraint_name}"
diff --git a/docs/dyn/securitycenter_v1.organizations.resourceValueConfigs.html b/docs/dyn/securitycenter_v1.organizations.resourceValueConfigs.html
index 68bc4537eb..30cd455c3b 100644
--- a/docs/dyn/securitycenter_v1.organizations.resourceValueConfigs.html
+++ b/docs/dyn/securitycenter_v1.organizations.resourceValueConfigs.html
@@ -110,6 +110,7 @@ Method Details
{ # Request message to create single resource value config
"parent": "A String", # Required. Resource name of the new ResourceValueConfig's parent.
"resourceValueConfig": { # A resource value config (RVC) is a mapping configuration of user's resources to resource values. Used in Attack path simulations. # Required. The resource value config being created.
+ "cloudProvider": "A String", # Cloud provider this configuration applies to
"createTime": "A String", # Output only. Timestamp this resource value config was created.
"description": "A String", # Description of the resource value config.
"name": "A String", # Name for the resource value config
@@ -143,6 +144,7 @@ Method Details
{ # Response message for BatchCreateResourceValueConfigs
"resourceValueConfigs": [ # The resource value configs created
{ # A resource value config (RVC) is a mapping configuration of user's resources to resource values. Used in Attack path simulations.
+ "cloudProvider": "A String", # Cloud provider this configuration applies to
"createTime": "A String", # Output only. Timestamp this resource value config was created.
"description": "A String", # Description of the resource value config.
"name": "A String", # Name for the resource value config
@@ -203,6 +205,7 @@ Method Details
An object of the form:
{ # A resource value config (RVC) is a mapping configuration of user's resources to resource values. Used in Attack path simulations.
+ "cloudProvider": "A String", # Cloud provider this configuration applies to
"createTime": "A String", # Output only. Timestamp this resource value config was created.
"description": "A String", # Description of the resource value config.
"name": "A String", # Name for the resource value config
@@ -243,6 +246,7 @@ Method Details
"nextPageToken": "A String", # A token, which can be sent as `page_token` to retrieve the next page. If this field is empty, there are no subsequent pages.
"resourceValueConfigs": [ # The resource value configs from the specified parent.
{ # A resource value config (RVC) is a mapping configuration of user's resources to resource values. Used in Attack path simulations.
+ "cloudProvider": "A String", # Cloud provider this configuration applies to
"createTime": "A String", # Output only. Timestamp this resource value config was created.
"description": "A String", # Description of the resource value config.
"name": "A String", # Name for the resource value config
@@ -289,6 +293,7 @@ Method Details
The object takes the form of:
{ # A resource value config (RVC) is a mapping configuration of user's resources to resource values. Used in Attack path simulations.
+ "cloudProvider": "A String", # Cloud provider this configuration applies to
"createTime": "A String", # Output only. Timestamp this resource value config was created.
"description": "A String", # Description of the resource value config.
"name": "A String", # Name for the resource value config
@@ -318,6 +323,7 @@ Method Details
An object of the form:
{ # A resource value config (RVC) is a mapping configuration of user's resources to resource values. Used in Attack path simulations.
+ "cloudProvider": "A String", # Cloud provider this configuration applies to
"createTime": "A String", # Output only. Timestamp this resource value config was created.
"description": "A String", # Description of the resource value config.
"name": "A String", # Name for the resource value config
diff --git a/docs/dyn/securitycenter_v1.organizations.securityHealthAnalyticsSettings.customModules.html b/docs/dyn/securitycenter_v1.organizations.securityHealthAnalyticsSettings.customModules.html
index 36c029dd6d..340617a671 100644
--- a/docs/dyn/securitycenter_v1.organizations.securityHealthAnalyticsSettings.customModules.html
+++ b/docs/dyn/securitycenter_v1.organizations.securityHealthAnalyticsSettings.customModules.html
@@ -669,6 +669,29 @@ Method Details
},
"canonicalName": "A String", # The canonical name of the finding. It's either "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}", "folders/{folder_id}/sources/{source_id}/findings/{finding_id}" or "projects/{project_number}/sources/{source_id}/findings/{finding_id}", depending on the closest CRM ancestor of the resource associated with the finding.
"category": "A String", # The additional taxonomy group within findings from a given source. This field is immutable after creation time. Example: "XSS_FLASH_INJECTION"
+ "cloudArmor": { # Fields related to Google Cloud Armor findings. # Fields related to Cloud Armor findings.
+ "adaptiveProtection": { # Information about [Google Cloud Armor Adaptive Protection](https://cloud.google.com/armor/docs/cloud-armor-overview#google-cloud-armor-adaptive-protection). # Information about potential Layer 7 DDoS attacks identified by [Google Cloud Armor Adaptive Protection](https://cloud.google.com/armor/docs/adaptive-protection-overview).
+ "confidence": 3.14, # A score of 0 means that there is low confidence that the detected event is an actual attack. A score of 1 means that there is high confidence that the detected event is an attack. See the [Adaptive Protection documentation](https://cloud.google.com/armor/docs/adaptive-protection-overview#configure-alert-tuning) for further explanation.
+ },
+ "attack": { # Information about DDoS attack volume and classification. # Information about DDoS attack volume and classification.
+ "classification": "A String", # Type of attack, for example, ‘SYN-flood’, ‘NTP-udp’, or ‘CHARGEN-udp’.
+ "volumeBps": 42, # Total BPS (bytes per second) volume of attack.
+ "volumePps": 42, # Total PPS (packets per second) volume of attack.
+ },
+ "duration": "A String", # Duration of attack from the start until the current moment (updated every 5 minutes).
+ "requests": { # Information about the requests relevant to the finding. # Information about incoming requests evaluated by [Google Cloud Armor security policies](https://cloud.google.com/armor/docs/security-policy-overview).
+ "longTermAllowed": 42, # Allowed RPS (requests per second) over the long term.
+ "longTermDenied": 42, # Denied RPS (requests per second) over the long term.
+ "ratio": 3.14, # For 'Increasing deny ratio', the ratio is the denied traffic divided by the allowed traffic. For 'Allowed traffic spike', the ratio is the allowed traffic in the short term divided by allowed traffic in the long term.
+ "shortTermAllowed": 42, # Allowed RPS (requests per second) in the short term.
+ },
+ "securityPolicy": { # Information about the [Google Cloud Armor security policy](https://cloud.google.com/armor/docs/security-policy-overview) relevant to the finding. # Information about the [Google Cloud Armor security policy](https://cloud.google.com/armor/docs/security-policy-overview) relevant to the finding.
+ "name": "A String", # The name of the Google Cloud Armor security policy, for example, "my-security-policy".
+ "preview": True or False, # Whether or not the associated rule or policy is in preview mode.
+ "type": "A String", # The type of Google Cloud Armor security policy for example, ‘backend security policy’, ‘edge security policy’, ‘network edge security policy’, or ‘always-on DDoS protection’.
+ },
+ "threatVector": "A String", # Distinguish between volumetric & protocol DDoS attack and application layer attacks. For example, “L3_4” for Layer 3 and Layer 4 DDoS attacks, or “L_7” for Layer 7 DDoS attacks.
+ },
"cloudDlpDataProfile": { # The [data profile](https://cloud.google.com/dlp/docs/data-profiles) associated with the finding. # Cloud DLP data profile that is associated with the finding.
"dataProfile": "A String", # Name of the data profile, for example, `projects/123/locations/europe/tableProfiles/8383929`.
"parentType": "A String", # The resource hierarchy level at which the data profile was generated.
@@ -973,6 +996,12 @@ Method Details
"muteUpdateTime": "A String", # Output only. The most recent time this finding was muted or unmuted.
"name": "A String", # The [relative resource name](https://cloud.google.com/apis/design/resource_names#relative_resource_name) of the finding. Example: "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}", "folders/{folder_id}/sources/{source_id}/findings/{finding_id}", "projects/{project_id}/sources/{source_id}/findings/{finding_id}".
"nextSteps": "A String", # Steps to address the finding.
+ "notebook": { # Represents a Jupyter notebook IPYNB file, such as a [Colab Enterprise notebook](https://cloud.google.com/colab/docs/introduction) file, that is associated with a finding. # Notebook associated with the finding.
+ "lastAuthor": "A String", # The user ID of the latest author to modify the notebook.
+ "name": "A String", # The name of the notebook.
+ "notebookUpdateTime": "A String", # The most recent time the notebook was updated.
+ "service": "A String", # The source notebook service, for example, "Colab Enterprise".
+ },
"orgPolicies": [ # Contains information about the org policies associated with the finding.
{ # Contains information about the org policies associated with the finding.
"name": "A String", # The resource name of the org policy. Example: "organizations/{organization_id}/policies/{constraint_name}"
diff --git a/docs/dyn/securitycenter_v1.organizations.simulations.html b/docs/dyn/securitycenter_v1.organizations.simulations.html
index ba1928b578..64dc55f832 100644
--- a/docs/dyn/securitycenter_v1.organizations.simulations.html
+++ b/docs/dyn/securitycenter_v1.organizations.simulations.html
@@ -116,6 +116,7 @@ Method Details
An object of the form:
{ # Attack path simulation
+ "cloudProvider": "A String", # Indicates which cloud provider was used in this simulation.
"createTime": "A String", # Output only. Time simulation was created
"name": "A String", # Full resource name of the Simulation: organizations/123/simulations/456
"resourceValueConfigsMetadata": [ # Resource value configurations' metadata used in this simulation. Maximum of 100.
diff --git a/docs/dyn/securitycenter_v1.organizations.sources.findings.html b/docs/dyn/securitycenter_v1.organizations.sources.findings.html
index c72c0960eb..42c2b47e47 100644
--- a/docs/dyn/securitycenter_v1.organizations.sources.findings.html
+++ b/docs/dyn/securitycenter_v1.organizations.sources.findings.html
@@ -178,6 +178,29 @@ Method Details
},
"canonicalName": "A String", # The canonical name of the finding. It's either "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}", "folders/{folder_id}/sources/{source_id}/findings/{finding_id}" or "projects/{project_number}/sources/{source_id}/findings/{finding_id}", depending on the closest CRM ancestor of the resource associated with the finding.
"category": "A String", # The additional taxonomy group within findings from a given source. This field is immutable after creation time. Example: "XSS_FLASH_INJECTION"
+ "cloudArmor": { # Fields related to Google Cloud Armor findings. # Fields related to Cloud Armor findings.
+ "adaptiveProtection": { # Information about [Google Cloud Armor Adaptive Protection](https://cloud.google.com/armor/docs/cloud-armor-overview#google-cloud-armor-adaptive-protection). # Information about potential Layer 7 DDoS attacks identified by [Google Cloud Armor Adaptive Protection](https://cloud.google.com/armor/docs/adaptive-protection-overview).
+ "confidence": 3.14, # A score of 0 means that there is low confidence that the detected event is an actual attack. A score of 1 means that there is high confidence that the detected event is an attack. See the [Adaptive Protection documentation](https://cloud.google.com/armor/docs/adaptive-protection-overview#configure-alert-tuning) for further explanation.
+ },
+ "attack": { # Information about DDoS attack volume and classification. # Information about DDoS attack volume and classification.
+ "classification": "A String", # Type of attack, for example, ‘SYN-flood’, ‘NTP-udp’, or ‘CHARGEN-udp’.
+ "volumeBps": 42, # Total BPS (bytes per second) volume of attack.
+ "volumePps": 42, # Total PPS (packets per second) volume of attack.
+ },
+ "duration": "A String", # Duration of attack from the start until the current moment (updated every 5 minutes).
+ "requests": { # Information about the requests relevant to the finding. # Information about incoming requests evaluated by [Google Cloud Armor security policies](https://cloud.google.com/armor/docs/security-policy-overview).
+ "longTermAllowed": 42, # Allowed RPS (requests per second) over the long term.
+ "longTermDenied": 42, # Denied RPS (requests per second) over the long term.
+ "ratio": 3.14, # For 'Increasing deny ratio', the ratio is the denied traffic divided by the allowed traffic. For 'Allowed traffic spike', the ratio is the allowed traffic in the short term divided by allowed traffic in the long term.
+ "shortTermAllowed": 42, # Allowed RPS (requests per second) in the short term.
+ },
+ "securityPolicy": { # Information about the [Google Cloud Armor security policy](https://cloud.google.com/armor/docs/security-policy-overview) relevant to the finding. # Information about the [Google Cloud Armor security policy](https://cloud.google.com/armor/docs/security-policy-overview) relevant to the finding.
+ "name": "A String", # The name of the Google Cloud Armor security policy, for example, "my-security-policy".
+ "preview": True or False, # Whether or not the associated rule or policy is in preview mode.
+ "type": "A String", # The type of Google Cloud Armor security policy for example, ‘backend security policy’, ‘edge security policy’, ‘network edge security policy’, or ‘always-on DDoS protection’.
+ },
+ "threatVector": "A String", # Distinguish between volumetric & protocol DDoS attack and application layer attacks. For example, “L3_4” for Layer 3 and Layer 4 DDoS attacks, or “L_7” for Layer 7 DDoS attacks.
+ },
"cloudDlpDataProfile": { # The [data profile](https://cloud.google.com/dlp/docs/data-profiles) associated with the finding. # Cloud DLP data profile that is associated with the finding.
"dataProfile": "A String", # Name of the data profile, for example, `projects/123/locations/europe/tableProfiles/8383929`.
"parentType": "A String", # The resource hierarchy level at which the data profile was generated.
@@ -482,6 +505,12 @@ Method Details
"muteUpdateTime": "A String", # Output only. The most recent time this finding was muted or unmuted.
"name": "A String", # The [relative resource name](https://cloud.google.com/apis/design/resource_names#relative_resource_name) of the finding. Example: "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}", "folders/{folder_id}/sources/{source_id}/findings/{finding_id}", "projects/{project_id}/sources/{source_id}/findings/{finding_id}".
"nextSteps": "A String", # Steps to address the finding.
+ "notebook": { # Represents a Jupyter notebook IPYNB file, such as a [Colab Enterprise notebook](https://cloud.google.com/colab/docs/introduction) file, that is associated with a finding. # Notebook associated with the finding.
+ "lastAuthor": "A String", # The user ID of the latest author to modify the notebook.
+ "name": "A String", # The name of the notebook.
+ "notebookUpdateTime": "A String", # The most recent time the notebook was updated.
+ "service": "A String", # The source notebook service, for example, "Colab Enterprise".
+ },
"orgPolicies": [ # Contains information about the org policies associated with the finding.
{ # Contains information about the org policies associated with the finding.
"name": "A String", # The resource name of the org policy. Example: "organizations/{organization_id}/policies/{constraint_name}"
@@ -683,6 +712,29 @@ Method Details
},
"canonicalName": "A String", # The canonical name of the finding. It's either "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}", "folders/{folder_id}/sources/{source_id}/findings/{finding_id}" or "projects/{project_number}/sources/{source_id}/findings/{finding_id}", depending on the closest CRM ancestor of the resource associated with the finding.
"category": "A String", # The additional taxonomy group within findings from a given source. This field is immutable after creation time. Example: "XSS_FLASH_INJECTION"
+ "cloudArmor": { # Fields related to Google Cloud Armor findings. # Fields related to Cloud Armor findings.
+ "adaptiveProtection": { # Information about [Google Cloud Armor Adaptive Protection](https://cloud.google.com/armor/docs/cloud-armor-overview#google-cloud-armor-adaptive-protection). # Information about potential Layer 7 DDoS attacks identified by [Google Cloud Armor Adaptive Protection](https://cloud.google.com/armor/docs/adaptive-protection-overview).
+ "confidence": 3.14, # A score of 0 means that there is low confidence that the detected event is an actual attack. A score of 1 means that there is high confidence that the detected event is an attack. See the [Adaptive Protection documentation](https://cloud.google.com/armor/docs/adaptive-protection-overview#configure-alert-tuning) for further explanation.
+ },
+ "attack": { # Information about DDoS attack volume and classification. # Information about DDoS attack volume and classification.
+ "classification": "A String", # Type of attack, for example, ‘SYN-flood’, ‘NTP-udp’, or ‘CHARGEN-udp’.
+ "volumeBps": 42, # Total BPS (bytes per second) volume of attack.
+ "volumePps": 42, # Total PPS (packets per second) volume of attack.
+ },
+ "duration": "A String", # Duration of attack from the start until the current moment (updated every 5 minutes).
+ "requests": { # Information about the requests relevant to the finding. # Information about incoming requests evaluated by [Google Cloud Armor security policies](https://cloud.google.com/armor/docs/security-policy-overview).
+ "longTermAllowed": 42, # Allowed RPS (requests per second) over the long term.
+ "longTermDenied": 42, # Denied RPS (requests per second) over the long term.
+ "ratio": 3.14, # For 'Increasing deny ratio', the ratio is the denied traffic divided by the allowed traffic. For 'Allowed traffic spike', the ratio is the allowed traffic in the short term divided by allowed traffic in the long term.
+ "shortTermAllowed": 42, # Allowed RPS (requests per second) in the short term.
+ },
+ "securityPolicy": { # Information about the [Google Cloud Armor security policy](https://cloud.google.com/armor/docs/security-policy-overview) relevant to the finding. # Information about the [Google Cloud Armor security policy](https://cloud.google.com/armor/docs/security-policy-overview) relevant to the finding.
+ "name": "A String", # The name of the Google Cloud Armor security policy, for example, "my-security-policy".
+ "preview": True or False, # Whether or not the associated rule or policy is in preview mode.
+ "type": "A String", # The type of Google Cloud Armor security policy for example, ‘backend security policy’, ‘edge security policy’, ‘network edge security policy’, or ‘always-on DDoS protection’.
+ },
+ "threatVector": "A String", # Distinguish between volumetric & protocol DDoS attack and application layer attacks. For example, “L3_4” for Layer 3 and Layer 4 DDoS attacks, or “L_7” for Layer 7 DDoS attacks.
+ },
"cloudDlpDataProfile": { # The [data profile](https://cloud.google.com/dlp/docs/data-profiles) associated with the finding. # Cloud DLP data profile that is associated with the finding.
"dataProfile": "A String", # Name of the data profile, for example, `projects/123/locations/europe/tableProfiles/8383929`.
"parentType": "A String", # The resource hierarchy level at which the data profile was generated.
@@ -987,6 +1039,12 @@ Method Details
"muteUpdateTime": "A String", # Output only. The most recent time this finding was muted or unmuted.
"name": "A String", # The [relative resource name](https://cloud.google.com/apis/design/resource_names#relative_resource_name) of the finding. Example: "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}", "folders/{folder_id}/sources/{source_id}/findings/{finding_id}", "projects/{project_id}/sources/{source_id}/findings/{finding_id}".
"nextSteps": "A String", # Steps to address the finding.
+ "notebook": { # Represents a Jupyter notebook IPYNB file, such as a [Colab Enterprise notebook](https://cloud.google.com/colab/docs/introduction) file, that is associated with a finding. # Notebook associated with the finding.
+ "lastAuthor": "A String", # The user ID of the latest author to modify the notebook.
+ "name": "A String", # The name of the notebook.
+ "notebookUpdateTime": "A String", # The most recent time the notebook was updated.
+ "service": "A String", # The source notebook service, for example, "Colab Enterprise".
+ },
"orgPolicies": [ # Contains information about the org policies associated with the finding.
{ # Contains information about the org policies associated with the finding.
"name": "A String", # The resource name of the org policy. Example: "organizations/{organization_id}/policies/{constraint_name}"
@@ -1259,6 +1317,29 @@ Method Details
},
"canonicalName": "A String", # The canonical name of the finding. It's either "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}", "folders/{folder_id}/sources/{source_id}/findings/{finding_id}" or "projects/{project_number}/sources/{source_id}/findings/{finding_id}", depending on the closest CRM ancestor of the resource associated with the finding.
"category": "A String", # The additional taxonomy group within findings from a given source. This field is immutable after creation time. Example: "XSS_FLASH_INJECTION"
+ "cloudArmor": { # Fields related to Google Cloud Armor findings. # Fields related to Cloud Armor findings.
+ "adaptiveProtection": { # Information about [Google Cloud Armor Adaptive Protection](https://cloud.google.com/armor/docs/cloud-armor-overview#google-cloud-armor-adaptive-protection). # Information about potential Layer 7 DDoS attacks identified by [Google Cloud Armor Adaptive Protection](https://cloud.google.com/armor/docs/adaptive-protection-overview).
+ "confidence": 3.14, # A score of 0 means that there is low confidence that the detected event is an actual attack. A score of 1 means that there is high confidence that the detected event is an attack. See the [Adaptive Protection documentation](https://cloud.google.com/armor/docs/adaptive-protection-overview#configure-alert-tuning) for further explanation.
+ },
+ "attack": { # Information about DDoS attack volume and classification. # Information about DDoS attack volume and classification.
+ "classification": "A String", # Type of attack, for example, ‘SYN-flood’, ‘NTP-udp’, or ‘CHARGEN-udp’.
+ "volumeBps": 42, # Total BPS (bytes per second) volume of attack.
+ "volumePps": 42, # Total PPS (packets per second) volume of attack.
+ },
+ "duration": "A String", # Duration of attack from the start until the current moment (updated every 5 minutes).
+ "requests": { # Information about the requests relevant to the finding. # Information about incoming requests evaluated by [Google Cloud Armor security policies](https://cloud.google.com/armor/docs/security-policy-overview).
+ "longTermAllowed": 42, # Allowed RPS (requests per second) over the long term.
+ "longTermDenied": 42, # Denied RPS (requests per second) over the long term.
+ "ratio": 3.14, # For 'Increasing deny ratio', the ratio is the denied traffic divided by the allowed traffic. For 'Allowed traffic spike', the ratio is the allowed traffic in the short term divided by allowed traffic in the long term.
+ "shortTermAllowed": 42, # Allowed RPS (requests per second) in the short term.
+ },
+ "securityPolicy": { # Information about the [Google Cloud Armor security policy](https://cloud.google.com/armor/docs/security-policy-overview) relevant to the finding. # Information about the [Google Cloud Armor security policy](https://cloud.google.com/armor/docs/security-policy-overview) relevant to the finding.
+ "name": "A String", # The name of the Google Cloud Armor security policy, for example, "my-security-policy".
+ "preview": True or False, # Whether or not the associated rule or policy is in preview mode.
+ "type": "A String", # The type of Google Cloud Armor security policy for example, ‘backend security policy’, ‘edge security policy’, ‘network edge security policy’, or ‘always-on DDoS protection’.
+ },
+ "threatVector": "A String", # Distinguish between volumetric & protocol DDoS attack and application layer attacks. For example, “L3_4” for Layer 3 and Layer 4 DDoS attacks, or “L_7” for Layer 7 DDoS attacks.
+ },
"cloudDlpDataProfile": { # The [data profile](https://cloud.google.com/dlp/docs/data-profiles) associated with the finding. # Cloud DLP data profile that is associated with the finding.
"dataProfile": "A String", # Name of the data profile, for example, `projects/123/locations/europe/tableProfiles/8383929`.
"parentType": "A String", # The resource hierarchy level at which the data profile was generated.
@@ -1563,6 +1644,12 @@ Method Details
"muteUpdateTime": "A String", # Output only. The most recent time this finding was muted or unmuted.
"name": "A String", # The [relative resource name](https://cloud.google.com/apis/design/resource_names#relative_resource_name) of the finding. Example: "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}", "folders/{folder_id}/sources/{source_id}/findings/{finding_id}", "projects/{project_id}/sources/{source_id}/findings/{finding_id}".
"nextSteps": "A String", # Steps to address the finding.
+ "notebook": { # Represents a Jupyter notebook IPYNB file, such as a [Colab Enterprise notebook](https://cloud.google.com/colab/docs/introduction) file, that is associated with a finding. # Notebook associated with the finding.
+ "lastAuthor": "A String", # The user ID of the latest author to modify the notebook.
+ "name": "A String", # The name of the notebook.
+ "notebookUpdateTime": "A String", # The most recent time the notebook was updated.
+ "service": "A String", # The source notebook service, for example, "Colab Enterprise".
+ },
"orgPolicies": [ # Contains information about the org policies associated with the finding.
{ # Contains information about the org policies associated with the finding.
"name": "A String", # The resource name of the org policy. Example: "organizations/{organization_id}/policies/{constraint_name}"
@@ -1701,6 +1788,22 @@ Method Details
},
},
"resource": { # Information related to the Google Cloud resource that is associated with this finding. # Output only. Resource that is associated with this finding.
+ "awsMetadata": { # AWS metadata associated with the resource, only applicable if the finding's cloud provider is Amazon Web Services. # The AWS metadata associated with the finding.
+ "account": { # An AWS account that is a member of an organization. # The AWS account associated with the resource.
+ "id": "A String", # The unique identifier (ID) of the account, containing exactly 12 digits.
+ "name": "A String", # The friendly name of this account.
+ },
+ "organization": { # An organization is a collection of accounts that are centrally managed together using consolidated billing, organized hierarchically with organizational units (OUs), and controlled with policies. # The AWS organization associated with the resource.
+ "id": "A String", # The unique identifier (ID) for the organization. The regex pattern for an organization ID string requires "o-" followed by from 10 to 32 lowercase letters or digits.
+ },
+ "organizationalUnits": [ # A list of AWS organizational units associated with the resource, ordered from lowest level (closest to the account) to highest level.
+ { # An Organizational Unit (OU) is a container of AWS accounts within a root of an organization. Policies that are attached to an OU apply to all accounts contained in that OU and in any child OUs.
+ "id": "A String", # The unique identifier (ID) associated with this OU. The regex pattern for an organizational unit ID string requires "ou-" followed by from 4 to 32 lowercase letters or digits (the ID of the root that contains the OU). This string is followed by a second "-" dash and from 8 to 32 additional lowercase letters or digits. For example, "ou-ab12-cd34ef56".
+ "name": "A String", # The friendly name of the OU.
+ },
+ ],
+ },
+ "cloudProvider": "A String", # Indicates which cloud provider the finding is from.
"displayName": "A String", # The human readable name of the resource.
"folders": [ # Contains a Folder message for each folder in the assets ancestry. The first folder is the deepest nested folder, and the last folder is the folder directly under the Organization.
{ # Message that contains the resource name and display name of a folder resource.
@@ -1708,11 +1811,24 @@ Method Details
"resourceFolderDisplayName": "A String", # The user defined display name for this folder.
},
],
+ "location": "A String", # The region or location of the service (if applicable).
"name": "A String", # The full resource name of the resource. See: https://cloud.google.com/apis/design/resource_names#full_resource_name
+ "organization": "A String", # Indicates which organization / tenant the finding is for.
"parentDisplayName": "A String", # The human readable name of resource's parent.
"parentName": "A String", # The full resource name of resource's parent.
"projectDisplayName": "A String", # The project ID that the resource belongs to.
"projectName": "A String", # The full resource name of project that the resource belongs to.
+ "resourcePath": { # Represents the path of resources leading up to the resource this finding is about. # Provides the path to the resource within the resource hierarchy.
+ "nodes": [ # The list of nodes that make the up resource path, ordered from lowest level to highest level.
+ { # A node within the resource path. Each node represents a resource within the resource hierarchy.
+ "displayName": "A String", # The display name of the resource this node represents.
+ "id": "A String", # The ID of the resource this node represents.
+ "nodeType": "A String", # The type of resource this node represents.
+ },
+ ],
+ },
+ "resourcePathString": "A String", # A string representation of the resource path. For GCP, it has the format of: org/{organization_id}/folder/{folder_id}/folder/{folder_id}/project/{project_id} where there can be any number of folders. For AWS, it has the format of: org/{organization_id}/ou/{organizational_unit_id}/ou/{organizational_unit_id}/account/{account_id} where there can be any number of organizational units. For Azure, it has the format of: mg/{management_group_id}/mg/{management_group_id}/subscription/{subscription_id}/rg/{resource_group_name} where there can be any number of management groups.
+ "service": "A String", # The service or resource provider associated with the resource.
"type": "A String", # The full resource type of the resource.
},
"stateChange": "A String", # State change of the finding between the points in time.
@@ -1801,6 +1917,29 @@ Method Details
},
"canonicalName": "A String", # The canonical name of the finding. It's either "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}", "folders/{folder_id}/sources/{source_id}/findings/{finding_id}" or "projects/{project_number}/sources/{source_id}/findings/{finding_id}", depending on the closest CRM ancestor of the resource associated with the finding.
"category": "A String", # The additional taxonomy group within findings from a given source. This field is immutable after creation time. Example: "XSS_FLASH_INJECTION"
+ "cloudArmor": { # Fields related to Google Cloud Armor findings. # Fields related to Cloud Armor findings.
+ "adaptiveProtection": { # Information about [Google Cloud Armor Adaptive Protection](https://cloud.google.com/armor/docs/cloud-armor-overview#google-cloud-armor-adaptive-protection). # Information about potential Layer 7 DDoS attacks identified by [Google Cloud Armor Adaptive Protection](https://cloud.google.com/armor/docs/adaptive-protection-overview).
+ "confidence": 3.14, # A score of 0 means that there is low confidence that the detected event is an actual attack. A score of 1 means that there is high confidence that the detected event is an attack. See the [Adaptive Protection documentation](https://cloud.google.com/armor/docs/adaptive-protection-overview#configure-alert-tuning) for further explanation.
+ },
+ "attack": { # Information about DDoS attack volume and classification. # Information about DDoS attack volume and classification.
+ "classification": "A String", # Type of attack, for example, ‘SYN-flood’, ‘NTP-udp’, or ‘CHARGEN-udp’.
+ "volumeBps": 42, # Total BPS (bytes per second) volume of attack.
+ "volumePps": 42, # Total PPS (packets per second) volume of attack.
+ },
+ "duration": "A String", # Duration of attack from the start until the current moment (updated every 5 minutes).
+ "requests": { # Information about the requests relevant to the finding. # Information about incoming requests evaluated by [Google Cloud Armor security policies](https://cloud.google.com/armor/docs/security-policy-overview).
+ "longTermAllowed": 42, # Allowed RPS (requests per second) over the long term.
+ "longTermDenied": 42, # Denied RPS (requests per second) over the long term.
+ "ratio": 3.14, # For 'Increasing deny ratio', the ratio is the denied traffic divided by the allowed traffic. For 'Allowed traffic spike', the ratio is the allowed traffic in the short term divided by allowed traffic in the long term.
+ "shortTermAllowed": 42, # Allowed RPS (requests per second) in the short term.
+ },
+ "securityPolicy": { # Information about the [Google Cloud Armor security policy](https://cloud.google.com/armor/docs/security-policy-overview) relevant to the finding. # Information about the [Google Cloud Armor security policy](https://cloud.google.com/armor/docs/security-policy-overview) relevant to the finding.
+ "name": "A String", # The name of the Google Cloud Armor security policy, for example, "my-security-policy".
+ "preview": True or False, # Whether or not the associated rule or policy is in preview mode.
+ "type": "A String", # The type of Google Cloud Armor security policy for example, ‘backend security policy’, ‘edge security policy’, ‘network edge security policy’, or ‘always-on DDoS protection’.
+ },
+ "threatVector": "A String", # Distinguish between volumetric & protocol DDoS attack and application layer attacks. For example, “L3_4” for Layer 3 and Layer 4 DDoS attacks, or “L_7” for Layer 7 DDoS attacks.
+ },
"cloudDlpDataProfile": { # The [data profile](https://cloud.google.com/dlp/docs/data-profiles) associated with the finding. # Cloud DLP data profile that is associated with the finding.
"dataProfile": "A String", # Name of the data profile, for example, `projects/123/locations/europe/tableProfiles/8383929`.
"parentType": "A String", # The resource hierarchy level at which the data profile was generated.
@@ -2105,6 +2244,12 @@ Method Details
"muteUpdateTime": "A String", # Output only. The most recent time this finding was muted or unmuted.
"name": "A String", # The [relative resource name](https://cloud.google.com/apis/design/resource_names#relative_resource_name) of the finding. Example: "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}", "folders/{folder_id}/sources/{source_id}/findings/{finding_id}", "projects/{project_id}/sources/{source_id}/findings/{finding_id}".
"nextSteps": "A String", # Steps to address the finding.
+ "notebook": { # Represents a Jupyter notebook IPYNB file, such as a [Colab Enterprise notebook](https://cloud.google.com/colab/docs/introduction) file, that is associated with a finding. # Notebook associated with the finding.
+ "lastAuthor": "A String", # The user ID of the latest author to modify the notebook.
+ "name": "A String", # The name of the notebook.
+ "notebookUpdateTime": "A String", # The most recent time the notebook was updated.
+ "service": "A String", # The source notebook service, for example, "Colab Enterprise".
+ },
"orgPolicies": [ # Contains information about the org policies associated with the finding.
{ # Contains information about the org policies associated with the finding.
"name": "A String", # The resource name of the org policy. Example: "organizations/{organization_id}/policies/{constraint_name}"
@@ -2306,6 +2451,29 @@ Method Details
},
"canonicalName": "A String", # The canonical name of the finding. It's either "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}", "folders/{folder_id}/sources/{source_id}/findings/{finding_id}" or "projects/{project_number}/sources/{source_id}/findings/{finding_id}", depending on the closest CRM ancestor of the resource associated with the finding.
"category": "A String", # The additional taxonomy group within findings from a given source. This field is immutable after creation time. Example: "XSS_FLASH_INJECTION"
+ "cloudArmor": { # Fields related to Google Cloud Armor findings. # Fields related to Cloud Armor findings.
+ "adaptiveProtection": { # Information about [Google Cloud Armor Adaptive Protection](https://cloud.google.com/armor/docs/cloud-armor-overview#google-cloud-armor-adaptive-protection). # Information about potential Layer 7 DDoS attacks identified by [Google Cloud Armor Adaptive Protection](https://cloud.google.com/armor/docs/adaptive-protection-overview).
+ "confidence": 3.14, # A score of 0 means that there is low confidence that the detected event is an actual attack. A score of 1 means that there is high confidence that the detected event is an attack. See the [Adaptive Protection documentation](https://cloud.google.com/armor/docs/adaptive-protection-overview#configure-alert-tuning) for further explanation.
+ },
+ "attack": { # Information about DDoS attack volume and classification. # Information about DDoS attack volume and classification.
+ "classification": "A String", # Type of attack, for example, ‘SYN-flood’, ‘NTP-udp’, or ‘CHARGEN-udp’.
+ "volumeBps": 42, # Total BPS (bytes per second) volume of attack.
+ "volumePps": 42, # Total PPS (packets per second) volume of attack.
+ },
+ "duration": "A String", # Duration of attack from the start until the current moment (updated every 5 minutes).
+ "requests": { # Information about the requests relevant to the finding. # Information about incoming requests evaluated by [Google Cloud Armor security policies](https://cloud.google.com/armor/docs/security-policy-overview).
+ "longTermAllowed": 42, # Allowed RPS (requests per second) over the long term.
+ "longTermDenied": 42, # Denied RPS (requests per second) over the long term.
+ "ratio": 3.14, # For 'Increasing deny ratio', the ratio is the denied traffic divided by the allowed traffic. For 'Allowed traffic spike', the ratio is the allowed traffic in the short term divided by allowed traffic in the long term.
+ "shortTermAllowed": 42, # Allowed RPS (requests per second) in the short term.
+ },
+ "securityPolicy": { # Information about the [Google Cloud Armor security policy](https://cloud.google.com/armor/docs/security-policy-overview) relevant to the finding. # Information about the [Google Cloud Armor security policy](https://cloud.google.com/armor/docs/security-policy-overview) relevant to the finding.
+ "name": "A String", # The name of the Google Cloud Armor security policy, for example, "my-security-policy".
+ "preview": True or False, # Whether or not the associated rule or policy is in preview mode.
+ "type": "A String", # The type of Google Cloud Armor security policy for example, ‘backend security policy’, ‘edge security policy’, ‘network edge security policy’, or ‘always-on DDoS protection’.
+ },
+ "threatVector": "A String", # Distinguish between volumetric & protocol DDoS attack and application layer attacks. For example, “L3_4” for Layer 3 and Layer 4 DDoS attacks, or “L_7” for Layer 7 DDoS attacks.
+ },
"cloudDlpDataProfile": { # The [data profile](https://cloud.google.com/dlp/docs/data-profiles) associated with the finding. # Cloud DLP data profile that is associated with the finding.
"dataProfile": "A String", # Name of the data profile, for example, `projects/123/locations/europe/tableProfiles/8383929`.
"parentType": "A String", # The resource hierarchy level at which the data profile was generated.
@@ -2610,6 +2778,12 @@ Method Details
"muteUpdateTime": "A String", # Output only. The most recent time this finding was muted or unmuted.
"name": "A String", # The [relative resource name](https://cloud.google.com/apis/design/resource_names#relative_resource_name) of the finding. Example: "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}", "folders/{folder_id}/sources/{source_id}/findings/{finding_id}", "projects/{project_id}/sources/{source_id}/findings/{finding_id}".
"nextSteps": "A String", # Steps to address the finding.
+ "notebook": { # Represents a Jupyter notebook IPYNB file, such as a [Colab Enterprise notebook](https://cloud.google.com/colab/docs/introduction) file, that is associated with a finding. # Notebook associated with the finding.
+ "lastAuthor": "A String", # The user ID of the latest author to modify the notebook.
+ "name": "A String", # The name of the notebook.
+ "notebookUpdateTime": "A String", # The most recent time the notebook was updated.
+ "service": "A String", # The source notebook service, for example, "Colab Enterprise".
+ },
"orgPolicies": [ # Contains information about the org policies associated with the finding.
{ # Contains information about the org policies associated with the finding.
"name": "A String", # The resource name of the org policy. Example: "organizations/{organization_id}/policies/{constraint_name}"
@@ -2824,6 +2998,29 @@ Method Details
},
"canonicalName": "A String", # The canonical name of the finding. It's either "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}", "folders/{folder_id}/sources/{source_id}/findings/{finding_id}" or "projects/{project_number}/sources/{source_id}/findings/{finding_id}", depending on the closest CRM ancestor of the resource associated with the finding.
"category": "A String", # The additional taxonomy group within findings from a given source. This field is immutable after creation time. Example: "XSS_FLASH_INJECTION"
+ "cloudArmor": { # Fields related to Google Cloud Armor findings. # Fields related to Cloud Armor findings.
+ "adaptiveProtection": { # Information about [Google Cloud Armor Adaptive Protection](https://cloud.google.com/armor/docs/cloud-armor-overview#google-cloud-armor-adaptive-protection). # Information about potential Layer 7 DDoS attacks identified by [Google Cloud Armor Adaptive Protection](https://cloud.google.com/armor/docs/adaptive-protection-overview).
+ "confidence": 3.14, # A score of 0 means that there is low confidence that the detected event is an actual attack. A score of 1 means that there is high confidence that the detected event is an attack. See the [Adaptive Protection documentation](https://cloud.google.com/armor/docs/adaptive-protection-overview#configure-alert-tuning) for further explanation.
+ },
+ "attack": { # Information about DDoS attack volume and classification. # Information about DDoS attack volume and classification.
+ "classification": "A String", # Type of attack, for example, ‘SYN-flood’, ‘NTP-udp’, or ‘CHARGEN-udp’.
+ "volumeBps": 42, # Total BPS (bytes per second) volume of attack.
+ "volumePps": 42, # Total PPS (packets per second) volume of attack.
+ },
+ "duration": "A String", # Duration of attack from the start until the current moment (updated every 5 minutes).
+ "requests": { # Information about the requests relevant to the finding. # Information about incoming requests evaluated by [Google Cloud Armor security policies](https://cloud.google.com/armor/docs/security-policy-overview).
+ "longTermAllowed": 42, # Allowed RPS (requests per second) over the long term.
+ "longTermDenied": 42, # Denied RPS (requests per second) over the long term.
+ "ratio": 3.14, # For 'Increasing deny ratio', the ratio is the denied traffic divided by the allowed traffic. For 'Allowed traffic spike', the ratio is the allowed traffic in the short term divided by allowed traffic in the long term.
+ "shortTermAllowed": 42, # Allowed RPS (requests per second) in the short term.
+ },
+ "securityPolicy": { # Information about the [Google Cloud Armor security policy](https://cloud.google.com/armor/docs/security-policy-overview) relevant to the finding. # Information about the [Google Cloud Armor security policy](https://cloud.google.com/armor/docs/security-policy-overview) relevant to the finding.
+ "name": "A String", # The name of the Google Cloud Armor security policy, for example, "my-security-policy".
+ "preview": True or False, # Whether or not the associated rule or policy is in preview mode.
+ "type": "A String", # The type of Google Cloud Armor security policy for example, ‘backend security policy’, ‘edge security policy’, ‘network edge security policy’, or ‘always-on DDoS protection’.
+ },
+ "threatVector": "A String", # Distinguish between volumetric & protocol DDoS attack and application layer attacks. For example, “L3_4” for Layer 3 and Layer 4 DDoS attacks, or “L_7” for Layer 7 DDoS attacks.
+ },
"cloudDlpDataProfile": { # The [data profile](https://cloud.google.com/dlp/docs/data-profiles) associated with the finding. # Cloud DLP data profile that is associated with the finding.
"dataProfile": "A String", # Name of the data profile, for example, `projects/123/locations/europe/tableProfiles/8383929`.
"parentType": "A String", # The resource hierarchy level at which the data profile was generated.
@@ -3128,6 +3325,12 @@ Method Details
"muteUpdateTime": "A String", # Output only. The most recent time this finding was muted or unmuted.
"name": "A String", # The [relative resource name](https://cloud.google.com/apis/design/resource_names#relative_resource_name) of the finding. Example: "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}", "folders/{folder_id}/sources/{source_id}/findings/{finding_id}", "projects/{project_id}/sources/{source_id}/findings/{finding_id}".
"nextSteps": "A String", # Steps to address the finding.
+ "notebook": { # Represents a Jupyter notebook IPYNB file, such as a [Colab Enterprise notebook](https://cloud.google.com/colab/docs/introduction) file, that is associated with a finding. # Notebook associated with the finding.
+ "lastAuthor": "A String", # The user ID of the latest author to modify the notebook.
+ "name": "A String", # The name of the notebook.
+ "notebookUpdateTime": "A String", # The most recent time the notebook was updated.
+ "service": "A String", # The source notebook service, for example, "Colab Enterprise".
+ },
"orgPolicies": [ # Contains information about the org policies associated with the finding.
{ # Contains information about the org policies associated with the finding.
"name": "A String", # The resource name of the org policy. Example: "organizations/{organization_id}/policies/{constraint_name}"
@@ -3343,6 +3546,29 @@ Method Details
},
"canonicalName": "A String", # The canonical name of the finding. It's either "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}", "folders/{folder_id}/sources/{source_id}/findings/{finding_id}" or "projects/{project_number}/sources/{source_id}/findings/{finding_id}", depending on the closest CRM ancestor of the resource associated with the finding.
"category": "A String", # The additional taxonomy group within findings from a given source. This field is immutable after creation time. Example: "XSS_FLASH_INJECTION"
+ "cloudArmor": { # Fields related to Google Cloud Armor findings. # Fields related to Cloud Armor findings.
+ "adaptiveProtection": { # Information about [Google Cloud Armor Adaptive Protection](https://cloud.google.com/armor/docs/cloud-armor-overview#google-cloud-armor-adaptive-protection). # Information about potential Layer 7 DDoS attacks identified by [Google Cloud Armor Adaptive Protection](https://cloud.google.com/armor/docs/adaptive-protection-overview).
+ "confidence": 3.14, # A score of 0 means that there is low confidence that the detected event is an actual attack. A score of 1 means that there is high confidence that the detected event is an attack. See the [Adaptive Protection documentation](https://cloud.google.com/armor/docs/adaptive-protection-overview#configure-alert-tuning) for further explanation.
+ },
+ "attack": { # Information about DDoS attack volume and classification. # Information about DDoS attack volume and classification.
+ "classification": "A String", # Type of attack, for example, ‘SYN-flood’, ‘NTP-udp’, or ‘CHARGEN-udp’.
+ "volumeBps": 42, # Total BPS (bytes per second) volume of attack.
+ "volumePps": 42, # Total PPS (packets per second) volume of attack.
+ },
+ "duration": "A String", # Duration of attack from the start until the current moment (updated every 5 minutes).
+ "requests": { # Information about the requests relevant to the finding. # Information about incoming requests evaluated by [Google Cloud Armor security policies](https://cloud.google.com/armor/docs/security-policy-overview).
+ "longTermAllowed": 42, # Allowed RPS (requests per second) over the long term.
+ "longTermDenied": 42, # Denied RPS (requests per second) over the long term.
+ "ratio": 3.14, # For 'Increasing deny ratio', the ratio is the denied traffic divided by the allowed traffic. For 'Allowed traffic spike', the ratio is the allowed traffic in the short term divided by allowed traffic in the long term.
+ "shortTermAllowed": 42, # Allowed RPS (requests per second) in the short term.
+ },
+ "securityPolicy": { # Information about the [Google Cloud Armor security policy](https://cloud.google.com/armor/docs/security-policy-overview) relevant to the finding. # Information about the [Google Cloud Armor security policy](https://cloud.google.com/armor/docs/security-policy-overview) relevant to the finding.
+ "name": "A String", # The name of the Google Cloud Armor security policy, for example, "my-security-policy".
+ "preview": True or False, # Whether or not the associated rule or policy is in preview mode.
+ "type": "A String", # The type of Google Cloud Armor security policy for example, ‘backend security policy’, ‘edge security policy’, ‘network edge security policy’, or ‘always-on DDoS protection’.
+ },
+ "threatVector": "A String", # Distinguish between volumetric & protocol DDoS attack and application layer attacks. For example, “L3_4” for Layer 3 and Layer 4 DDoS attacks, or “L_7” for Layer 7 DDoS attacks.
+ },
"cloudDlpDataProfile": { # The [data profile](https://cloud.google.com/dlp/docs/data-profiles) associated with the finding. # Cloud DLP data profile that is associated with the finding.
"dataProfile": "A String", # Name of the data profile, for example, `projects/123/locations/europe/tableProfiles/8383929`.
"parentType": "A String", # The resource hierarchy level at which the data profile was generated.
@@ -3647,6 +3873,12 @@ Method Details
"muteUpdateTime": "A String", # Output only. The most recent time this finding was muted or unmuted.
"name": "A String", # The [relative resource name](https://cloud.google.com/apis/design/resource_names#relative_resource_name) of the finding. Example: "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}", "folders/{folder_id}/sources/{source_id}/findings/{finding_id}", "projects/{project_id}/sources/{source_id}/findings/{finding_id}".
"nextSteps": "A String", # Steps to address the finding.
+ "notebook": { # Represents a Jupyter notebook IPYNB file, such as a [Colab Enterprise notebook](https://cloud.google.com/colab/docs/introduction) file, that is associated with a finding. # Notebook associated with the finding.
+ "lastAuthor": "A String", # The user ID of the latest author to modify the notebook.
+ "name": "A String", # The name of the notebook.
+ "notebookUpdateTime": "A String", # The most recent time the notebook was updated.
+ "service": "A String", # The source notebook service, for example, "Colab Enterprise".
+ },
"orgPolicies": [ # Contains information about the org policies associated with the finding.
{ # Contains information about the org policies associated with the finding.
"name": "A String", # The resource name of the org policy. Example: "organizations/{organization_id}/policies/{constraint_name}"
diff --git a/docs/dyn/securitycenter_v1.projects.securityHealthAnalyticsSettings.customModules.html b/docs/dyn/securitycenter_v1.projects.securityHealthAnalyticsSettings.customModules.html
index a1ca00864f..32c4d3da31 100644
--- a/docs/dyn/securitycenter_v1.projects.securityHealthAnalyticsSettings.customModules.html
+++ b/docs/dyn/securitycenter_v1.projects.securityHealthAnalyticsSettings.customModules.html
@@ -669,6 +669,29 @@ Method Details
},
"canonicalName": "A String", # The canonical name of the finding. It's either "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}", "folders/{folder_id}/sources/{source_id}/findings/{finding_id}" or "projects/{project_number}/sources/{source_id}/findings/{finding_id}", depending on the closest CRM ancestor of the resource associated with the finding.
"category": "A String", # The additional taxonomy group within findings from a given source. This field is immutable after creation time. Example: "XSS_FLASH_INJECTION"
+ "cloudArmor": { # Fields related to Google Cloud Armor findings. # Fields related to Cloud Armor findings.
+ "adaptiveProtection": { # Information about [Google Cloud Armor Adaptive Protection](https://cloud.google.com/armor/docs/cloud-armor-overview#google-cloud-armor-adaptive-protection). # Information about potential Layer 7 DDoS attacks identified by [Google Cloud Armor Adaptive Protection](https://cloud.google.com/armor/docs/adaptive-protection-overview).
+ "confidence": 3.14, # A score of 0 means that there is low confidence that the detected event is an actual attack. A score of 1 means that there is high confidence that the detected event is an attack. See the [Adaptive Protection documentation](https://cloud.google.com/armor/docs/adaptive-protection-overview#configure-alert-tuning) for further explanation.
+ },
+ "attack": { # Information about DDoS attack volume and classification. # Information about DDoS attack volume and classification.
+ "classification": "A String", # Type of attack, for example, ‘SYN-flood’, ‘NTP-udp’, or ‘CHARGEN-udp’.
+ "volumeBps": 42, # Total BPS (bytes per second) volume of attack.
+ "volumePps": 42, # Total PPS (packets per second) volume of attack.
+ },
+ "duration": "A String", # Duration of attack from the start until the current moment (updated every 5 minutes).
+ "requests": { # Information about the requests relevant to the finding. # Information about incoming requests evaluated by [Google Cloud Armor security policies](https://cloud.google.com/armor/docs/security-policy-overview).
+ "longTermAllowed": 42, # Allowed RPS (requests per second) over the long term.
+ "longTermDenied": 42, # Denied RPS (requests per second) over the long term.
+ "ratio": 3.14, # For 'Increasing deny ratio', the ratio is the denied traffic divided by the allowed traffic. For 'Allowed traffic spike', the ratio is the allowed traffic in the short term divided by allowed traffic in the long term.
+ "shortTermAllowed": 42, # Allowed RPS (requests per second) in the short term.
+ },
+ "securityPolicy": { # Information about the [Google Cloud Armor security policy](https://cloud.google.com/armor/docs/security-policy-overview) relevant to the finding. # Information about the [Google Cloud Armor security policy](https://cloud.google.com/armor/docs/security-policy-overview) relevant to the finding.
+ "name": "A String", # The name of the Google Cloud Armor security policy, for example, "my-security-policy".
+ "preview": True or False, # Whether or not the associated rule or policy is in preview mode.
+ "type": "A String", # The type of Google Cloud Armor security policy for example, ‘backend security policy’, ‘edge security policy’, ‘network edge security policy’, or ‘always-on DDoS protection’.
+ },
+ "threatVector": "A String", # Distinguish between volumetric & protocol DDoS attack and application layer attacks. For example, “L3_4” for Layer 3 and Layer 4 DDoS attacks, or “L_7” for Layer 7 DDoS attacks.
+ },
"cloudDlpDataProfile": { # The [data profile](https://cloud.google.com/dlp/docs/data-profiles) associated with the finding. # Cloud DLP data profile that is associated with the finding.
"dataProfile": "A String", # Name of the data profile, for example, `projects/123/locations/europe/tableProfiles/8383929`.
"parentType": "A String", # The resource hierarchy level at which the data profile was generated.
@@ -973,6 +996,12 @@ Method Details
"muteUpdateTime": "A String", # Output only. The most recent time this finding was muted or unmuted.
"name": "A String", # The [relative resource name](https://cloud.google.com/apis/design/resource_names#relative_resource_name) of the finding. Example: "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}", "folders/{folder_id}/sources/{source_id}/findings/{finding_id}", "projects/{project_id}/sources/{source_id}/findings/{finding_id}".
"nextSteps": "A String", # Steps to address the finding.
+ "notebook": { # Represents a Jupyter notebook IPYNB file, such as a [Colab Enterprise notebook](https://cloud.google.com/colab/docs/introduction) file, that is associated with a finding. # Notebook associated with the finding.
+ "lastAuthor": "A String", # The user ID of the latest author to modify the notebook.
+ "name": "A String", # The name of the notebook.
+ "notebookUpdateTime": "A String", # The most recent time the notebook was updated.
+ "service": "A String", # The source notebook service, for example, "Colab Enterprise".
+ },
"orgPolicies": [ # Contains information about the org policies associated with the finding.
{ # Contains information about the org policies associated with the finding.
"name": "A String", # The resource name of the org policy. Example: "organizations/{organization_id}/policies/{constraint_name}"
diff --git a/docs/dyn/securitycenter_v1.projects.sources.findings.html b/docs/dyn/securitycenter_v1.projects.sources.findings.html
index 6ccfa0d21a..c3bae825e7 100644
--- a/docs/dyn/securitycenter_v1.projects.sources.findings.html
+++ b/docs/dyn/securitycenter_v1.projects.sources.findings.html
@@ -245,6 +245,29 @@ Method Details
},
"canonicalName": "A String", # The canonical name of the finding. It's either "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}", "folders/{folder_id}/sources/{source_id}/findings/{finding_id}" or "projects/{project_number}/sources/{source_id}/findings/{finding_id}", depending on the closest CRM ancestor of the resource associated with the finding.
"category": "A String", # The additional taxonomy group within findings from a given source. This field is immutable after creation time. Example: "XSS_FLASH_INJECTION"
+ "cloudArmor": { # Fields related to Google Cloud Armor findings. # Fields related to Cloud Armor findings.
+ "adaptiveProtection": { # Information about [Google Cloud Armor Adaptive Protection](https://cloud.google.com/armor/docs/cloud-armor-overview#google-cloud-armor-adaptive-protection). # Information about potential Layer 7 DDoS attacks identified by [Google Cloud Armor Adaptive Protection](https://cloud.google.com/armor/docs/adaptive-protection-overview).
+ "confidence": 3.14, # A score of 0 means that there is low confidence that the detected event is an actual attack. A score of 1 means that there is high confidence that the detected event is an attack. See the [Adaptive Protection documentation](https://cloud.google.com/armor/docs/adaptive-protection-overview#configure-alert-tuning) for further explanation.
+ },
+ "attack": { # Information about DDoS attack volume and classification. # Information about DDoS attack volume and classification.
+ "classification": "A String", # Type of attack, for example, ‘SYN-flood’, ‘NTP-udp’, or ‘CHARGEN-udp’.
+ "volumeBps": 42, # Total BPS (bytes per second) volume of attack.
+ "volumePps": 42, # Total PPS (packets per second) volume of attack.
+ },
+ "duration": "A String", # Duration of attack from the start until the current moment (updated every 5 minutes).
+ "requests": { # Information about the requests relevant to the finding. # Information about incoming requests evaluated by [Google Cloud Armor security policies](https://cloud.google.com/armor/docs/security-policy-overview).
+ "longTermAllowed": 42, # Allowed RPS (requests per second) over the long term.
+ "longTermDenied": 42, # Denied RPS (requests per second) over the long term.
+ "ratio": 3.14, # For 'Increasing deny ratio', the ratio is the denied traffic divided by the allowed traffic. For 'Allowed traffic spike', the ratio is the allowed traffic in the short term divided by allowed traffic in the long term.
+ "shortTermAllowed": 42, # Allowed RPS (requests per second) in the short term.
+ },
+ "securityPolicy": { # Information about the [Google Cloud Armor security policy](https://cloud.google.com/armor/docs/security-policy-overview) relevant to the finding. # Information about the [Google Cloud Armor security policy](https://cloud.google.com/armor/docs/security-policy-overview) relevant to the finding.
+ "name": "A String", # The name of the Google Cloud Armor security policy, for example, "my-security-policy".
+ "preview": True or False, # Whether or not the associated rule or policy is in preview mode.
+ "type": "A String", # The type of Google Cloud Armor security policy for example, ‘backend security policy’, ‘edge security policy’, ‘network edge security policy’, or ‘always-on DDoS protection’.
+ },
+ "threatVector": "A String", # Distinguish between volumetric & protocol DDoS attack and application layer attacks. For example, “L3_4” for Layer 3 and Layer 4 DDoS attacks, or “L_7” for Layer 7 DDoS attacks.
+ },
"cloudDlpDataProfile": { # The [data profile](https://cloud.google.com/dlp/docs/data-profiles) associated with the finding. # Cloud DLP data profile that is associated with the finding.
"dataProfile": "A String", # Name of the data profile, for example, `projects/123/locations/europe/tableProfiles/8383929`.
"parentType": "A String", # The resource hierarchy level at which the data profile was generated.
@@ -549,6 +572,12 @@ Method Details
"muteUpdateTime": "A String", # Output only. The most recent time this finding was muted or unmuted.
"name": "A String", # The [relative resource name](https://cloud.google.com/apis/design/resource_names#relative_resource_name) of the finding. Example: "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}", "folders/{folder_id}/sources/{source_id}/findings/{finding_id}", "projects/{project_id}/sources/{source_id}/findings/{finding_id}".
"nextSteps": "A String", # Steps to address the finding.
+ "notebook": { # Represents a Jupyter notebook IPYNB file, such as a [Colab Enterprise notebook](https://cloud.google.com/colab/docs/introduction) file, that is associated with a finding. # Notebook associated with the finding.
+ "lastAuthor": "A String", # The user ID of the latest author to modify the notebook.
+ "name": "A String", # The name of the notebook.
+ "notebookUpdateTime": "A String", # The most recent time the notebook was updated.
+ "service": "A String", # The source notebook service, for example, "Colab Enterprise".
+ },
"orgPolicies": [ # Contains information about the org policies associated with the finding.
{ # Contains information about the org policies associated with the finding.
"name": "A String", # The resource name of the org policy. Example: "organizations/{organization_id}/policies/{constraint_name}"
@@ -687,6 +716,22 @@ Method Details
},
},
"resource": { # Information related to the Google Cloud resource that is associated with this finding. # Output only. Resource that is associated with this finding.
+ "awsMetadata": { # AWS metadata associated with the resource, only applicable if the finding's cloud provider is Amazon Web Services. # The AWS metadata associated with the finding.
+ "account": { # An AWS account that is a member of an organization. # The AWS account associated with the resource.
+ "id": "A String", # The unique identifier (ID) of the account, containing exactly 12 digits.
+ "name": "A String", # The friendly name of this account.
+ },
+ "organization": { # An organization is a collection of accounts that are centrally managed together using consolidated billing, organized hierarchically with organizational units (OUs), and controlled with policies. # The AWS organization associated with the resource.
+ "id": "A String", # The unique identifier (ID) for the organization. The regex pattern for an organization ID string requires "o-" followed by from 10 to 32 lowercase letters or digits.
+ },
+ "organizationalUnits": [ # A list of AWS organizational units associated with the resource, ordered from lowest level (closest to the account) to highest level.
+ { # An Organizational Unit (OU) is a container of AWS accounts within a root of an organization. Policies that are attached to an OU apply to all accounts contained in that OU and in any child OUs.
+ "id": "A String", # The unique identifier (ID) associated with this OU. The regex pattern for an organizational unit ID string requires "ou-" followed by from 4 to 32 lowercase letters or digits (the ID of the root that contains the OU). This string is followed by a second "-" dash and from 8 to 32 additional lowercase letters or digits. For example, "ou-ab12-cd34ef56".
+ "name": "A String", # The friendly name of the OU.
+ },
+ ],
+ },
+ "cloudProvider": "A String", # Indicates which cloud provider the finding is from.
"displayName": "A String", # The human readable name of the resource.
"folders": [ # Contains a Folder message for each folder in the assets ancestry. The first folder is the deepest nested folder, and the last folder is the folder directly under the Organization.
{ # Message that contains the resource name and display name of a folder resource.
@@ -694,11 +739,24 @@ Method Details
"resourceFolderDisplayName": "A String", # The user defined display name for this folder.
},
],
+ "location": "A String", # The region or location of the service (if applicable).
"name": "A String", # The full resource name of the resource. See: https://cloud.google.com/apis/design/resource_names#full_resource_name
+ "organization": "A String", # Indicates which organization / tenant the finding is for.
"parentDisplayName": "A String", # The human readable name of resource's parent.
"parentName": "A String", # The full resource name of resource's parent.
"projectDisplayName": "A String", # The project ID that the resource belongs to.
"projectName": "A String", # The full resource name of project that the resource belongs to.
+ "resourcePath": { # Represents the path of resources leading up to the resource this finding is about. # Provides the path to the resource within the resource hierarchy.
+ "nodes": [ # The list of nodes that make the up resource path, ordered from lowest level to highest level.
+ { # A node within the resource path. Each node represents a resource within the resource hierarchy.
+ "displayName": "A String", # The display name of the resource this node represents.
+ "id": "A String", # The ID of the resource this node represents.
+ "nodeType": "A String", # The type of resource this node represents.
+ },
+ ],
+ },
+ "resourcePathString": "A String", # A string representation of the resource path. For GCP, it has the format of: org/{organization_id}/folder/{folder_id}/folder/{folder_id}/project/{project_id} where there can be any number of folders. For AWS, it has the format of: org/{organization_id}/ou/{organizational_unit_id}/ou/{organizational_unit_id}/account/{account_id} where there can be any number of organizational units. For Azure, it has the format of: mg/{management_group_id}/mg/{management_group_id}/subscription/{subscription_id}/rg/{resource_group_name} where there can be any number of management groups.
+ "service": "A String", # The service or resource provider associated with the resource.
"type": "A String", # The full resource type of the resource.
},
"stateChange": "A String", # State change of the finding between the points in time.
@@ -787,6 +845,29 @@ Method Details
},
"canonicalName": "A String", # The canonical name of the finding. It's either "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}", "folders/{folder_id}/sources/{source_id}/findings/{finding_id}" or "projects/{project_number}/sources/{source_id}/findings/{finding_id}", depending on the closest CRM ancestor of the resource associated with the finding.
"category": "A String", # The additional taxonomy group within findings from a given source. This field is immutable after creation time. Example: "XSS_FLASH_INJECTION"
+ "cloudArmor": { # Fields related to Google Cloud Armor findings. # Fields related to Cloud Armor findings.
+ "adaptiveProtection": { # Information about [Google Cloud Armor Adaptive Protection](https://cloud.google.com/armor/docs/cloud-armor-overview#google-cloud-armor-adaptive-protection). # Information about potential Layer 7 DDoS attacks identified by [Google Cloud Armor Adaptive Protection](https://cloud.google.com/armor/docs/adaptive-protection-overview).
+ "confidence": 3.14, # A score of 0 means that there is low confidence that the detected event is an actual attack. A score of 1 means that there is high confidence that the detected event is an attack. See the [Adaptive Protection documentation](https://cloud.google.com/armor/docs/adaptive-protection-overview#configure-alert-tuning) for further explanation.
+ },
+ "attack": { # Information about DDoS attack volume and classification. # Information about DDoS attack volume and classification.
+ "classification": "A String", # Type of attack, for example, ‘SYN-flood’, ‘NTP-udp’, or ‘CHARGEN-udp’.
+ "volumeBps": 42, # Total BPS (bytes per second) volume of attack.
+ "volumePps": 42, # Total PPS (packets per second) volume of attack.
+ },
+ "duration": "A String", # Duration of attack from the start until the current moment (updated every 5 minutes).
+ "requests": { # Information about the requests relevant to the finding. # Information about incoming requests evaluated by [Google Cloud Armor security policies](https://cloud.google.com/armor/docs/security-policy-overview).
+ "longTermAllowed": 42, # Allowed RPS (requests per second) over the long term.
+ "longTermDenied": 42, # Denied RPS (requests per second) over the long term.
+ "ratio": 3.14, # For 'Increasing deny ratio', the ratio is the denied traffic divided by the allowed traffic. For 'Allowed traffic spike', the ratio is the allowed traffic in the short term divided by allowed traffic in the long term.
+ "shortTermAllowed": 42, # Allowed RPS (requests per second) in the short term.
+ },
+ "securityPolicy": { # Information about the [Google Cloud Armor security policy](https://cloud.google.com/armor/docs/security-policy-overview) relevant to the finding. # Information about the [Google Cloud Armor security policy](https://cloud.google.com/armor/docs/security-policy-overview) relevant to the finding.
+ "name": "A String", # The name of the Google Cloud Armor security policy, for example, "my-security-policy".
+ "preview": True or False, # Whether or not the associated rule or policy is in preview mode.
+ "type": "A String", # The type of Google Cloud Armor security policy for example, ‘backend security policy’, ‘edge security policy’, ‘network edge security policy’, or ‘always-on DDoS protection’.
+ },
+ "threatVector": "A String", # Distinguish between volumetric & protocol DDoS attack and application layer attacks. For example, “L3_4” for Layer 3 and Layer 4 DDoS attacks, or “L_7” for Layer 7 DDoS attacks.
+ },
"cloudDlpDataProfile": { # The [data profile](https://cloud.google.com/dlp/docs/data-profiles) associated with the finding. # Cloud DLP data profile that is associated with the finding.
"dataProfile": "A String", # Name of the data profile, for example, `projects/123/locations/europe/tableProfiles/8383929`.
"parentType": "A String", # The resource hierarchy level at which the data profile was generated.
@@ -1091,6 +1172,12 @@ Method Details
"muteUpdateTime": "A String", # Output only. The most recent time this finding was muted or unmuted.
"name": "A String", # The [relative resource name](https://cloud.google.com/apis/design/resource_names#relative_resource_name) of the finding. Example: "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}", "folders/{folder_id}/sources/{source_id}/findings/{finding_id}", "projects/{project_id}/sources/{source_id}/findings/{finding_id}".
"nextSteps": "A String", # Steps to address the finding.
+ "notebook": { # Represents a Jupyter notebook IPYNB file, such as a [Colab Enterprise notebook](https://cloud.google.com/colab/docs/introduction) file, that is associated with a finding. # Notebook associated with the finding.
+ "lastAuthor": "A String", # The user ID of the latest author to modify the notebook.
+ "name": "A String", # The name of the notebook.
+ "notebookUpdateTime": "A String", # The most recent time the notebook was updated.
+ "service": "A String", # The source notebook service, for example, "Colab Enterprise".
+ },
"orgPolicies": [ # Contains information about the org policies associated with the finding.
{ # Contains information about the org policies associated with the finding.
"name": "A String", # The resource name of the org policy. Example: "organizations/{organization_id}/policies/{constraint_name}"
@@ -1292,6 +1379,29 @@ Method Details
},
"canonicalName": "A String", # The canonical name of the finding. It's either "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}", "folders/{folder_id}/sources/{source_id}/findings/{finding_id}" or "projects/{project_number}/sources/{source_id}/findings/{finding_id}", depending on the closest CRM ancestor of the resource associated with the finding.
"category": "A String", # The additional taxonomy group within findings from a given source. This field is immutable after creation time. Example: "XSS_FLASH_INJECTION"
+ "cloudArmor": { # Fields related to Google Cloud Armor findings. # Fields related to Cloud Armor findings.
+ "adaptiveProtection": { # Information about [Google Cloud Armor Adaptive Protection](https://cloud.google.com/armor/docs/cloud-armor-overview#google-cloud-armor-adaptive-protection). # Information about potential Layer 7 DDoS attacks identified by [Google Cloud Armor Adaptive Protection](https://cloud.google.com/armor/docs/adaptive-protection-overview).
+ "confidence": 3.14, # A score of 0 means that there is low confidence that the detected event is an actual attack. A score of 1 means that there is high confidence that the detected event is an attack. See the [Adaptive Protection documentation](https://cloud.google.com/armor/docs/adaptive-protection-overview#configure-alert-tuning) for further explanation.
+ },
+ "attack": { # Information about DDoS attack volume and classification. # Information about DDoS attack volume and classification.
+ "classification": "A String", # Type of attack, for example, ‘SYN-flood’, ‘NTP-udp’, or ‘CHARGEN-udp’.
+ "volumeBps": 42, # Total BPS (bytes per second) volume of attack.
+ "volumePps": 42, # Total PPS (packets per second) volume of attack.
+ },
+ "duration": "A String", # Duration of attack from the start until the current moment (updated every 5 minutes).
+ "requests": { # Information about the requests relevant to the finding. # Information about incoming requests evaluated by [Google Cloud Armor security policies](https://cloud.google.com/armor/docs/security-policy-overview).
+ "longTermAllowed": 42, # Allowed RPS (requests per second) over the long term.
+ "longTermDenied": 42, # Denied RPS (requests per second) over the long term.
+ "ratio": 3.14, # For 'Increasing deny ratio', the ratio is the denied traffic divided by the allowed traffic. For 'Allowed traffic spike', the ratio is the allowed traffic in the short term divided by allowed traffic in the long term.
+ "shortTermAllowed": 42, # Allowed RPS (requests per second) in the short term.
+ },
+ "securityPolicy": { # Information about the [Google Cloud Armor security policy](https://cloud.google.com/armor/docs/security-policy-overview) relevant to the finding. # Information about the [Google Cloud Armor security policy](https://cloud.google.com/armor/docs/security-policy-overview) relevant to the finding.
+ "name": "A String", # The name of the Google Cloud Armor security policy, for example, "my-security-policy".
+ "preview": True or False, # Whether or not the associated rule or policy is in preview mode.
+ "type": "A String", # The type of Google Cloud Armor security policy for example, ‘backend security policy’, ‘edge security policy’, ‘network edge security policy’, or ‘always-on DDoS protection’.
+ },
+ "threatVector": "A String", # Distinguish between volumetric & protocol DDoS attack and application layer attacks. For example, “L3_4” for Layer 3 and Layer 4 DDoS attacks, or “L_7” for Layer 7 DDoS attacks.
+ },
"cloudDlpDataProfile": { # The [data profile](https://cloud.google.com/dlp/docs/data-profiles) associated with the finding. # Cloud DLP data profile that is associated with the finding.
"dataProfile": "A String", # Name of the data profile, for example, `projects/123/locations/europe/tableProfiles/8383929`.
"parentType": "A String", # The resource hierarchy level at which the data profile was generated.
@@ -1596,6 +1706,12 @@ Method Details
"muteUpdateTime": "A String", # Output only. The most recent time this finding was muted or unmuted.
"name": "A String", # The [relative resource name](https://cloud.google.com/apis/design/resource_names#relative_resource_name) of the finding. Example: "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}", "folders/{folder_id}/sources/{source_id}/findings/{finding_id}", "projects/{project_id}/sources/{source_id}/findings/{finding_id}".
"nextSteps": "A String", # Steps to address the finding.
+ "notebook": { # Represents a Jupyter notebook IPYNB file, such as a [Colab Enterprise notebook](https://cloud.google.com/colab/docs/introduction) file, that is associated with a finding. # Notebook associated with the finding.
+ "lastAuthor": "A String", # The user ID of the latest author to modify the notebook.
+ "name": "A String", # The name of the notebook.
+ "notebookUpdateTime": "A String", # The most recent time the notebook was updated.
+ "service": "A String", # The source notebook service, for example, "Colab Enterprise".
+ },
"orgPolicies": [ # Contains information about the org policies associated with the finding.
{ # Contains information about the org policies associated with the finding.
"name": "A String", # The resource name of the org policy. Example: "organizations/{organization_id}/policies/{constraint_name}"
@@ -1810,6 +1926,29 @@ Method Details
},
"canonicalName": "A String", # The canonical name of the finding. It's either "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}", "folders/{folder_id}/sources/{source_id}/findings/{finding_id}" or "projects/{project_number}/sources/{source_id}/findings/{finding_id}", depending on the closest CRM ancestor of the resource associated with the finding.
"category": "A String", # The additional taxonomy group within findings from a given source. This field is immutable after creation time. Example: "XSS_FLASH_INJECTION"
+ "cloudArmor": { # Fields related to Google Cloud Armor findings. # Fields related to Cloud Armor findings.
+ "adaptiveProtection": { # Information about [Google Cloud Armor Adaptive Protection](https://cloud.google.com/armor/docs/cloud-armor-overview#google-cloud-armor-adaptive-protection). # Information about potential Layer 7 DDoS attacks identified by [Google Cloud Armor Adaptive Protection](https://cloud.google.com/armor/docs/adaptive-protection-overview).
+ "confidence": 3.14, # A score of 0 means that there is low confidence that the detected event is an actual attack. A score of 1 means that there is high confidence that the detected event is an attack. See the [Adaptive Protection documentation](https://cloud.google.com/armor/docs/adaptive-protection-overview#configure-alert-tuning) for further explanation.
+ },
+ "attack": { # Information about DDoS attack volume and classification. # Information about DDoS attack volume and classification.
+ "classification": "A String", # Type of attack, for example, ‘SYN-flood’, ‘NTP-udp’, or ‘CHARGEN-udp’.
+ "volumeBps": 42, # Total BPS (bytes per second) volume of attack.
+ "volumePps": 42, # Total PPS (packets per second) volume of attack.
+ },
+ "duration": "A String", # Duration of attack from the start until the current moment (updated every 5 minutes).
+ "requests": { # Information about the requests relevant to the finding. # Information about incoming requests evaluated by [Google Cloud Armor security policies](https://cloud.google.com/armor/docs/security-policy-overview).
+ "longTermAllowed": 42, # Allowed RPS (requests per second) over the long term.
+ "longTermDenied": 42, # Denied RPS (requests per second) over the long term.
+ "ratio": 3.14, # For 'Increasing deny ratio', the ratio is the denied traffic divided by the allowed traffic. For 'Allowed traffic spike', the ratio is the allowed traffic in the short term divided by allowed traffic in the long term.
+ "shortTermAllowed": 42, # Allowed RPS (requests per second) in the short term.
+ },
+ "securityPolicy": { # Information about the [Google Cloud Armor security policy](https://cloud.google.com/armor/docs/security-policy-overview) relevant to the finding. # Information about the [Google Cloud Armor security policy](https://cloud.google.com/armor/docs/security-policy-overview) relevant to the finding.
+ "name": "A String", # The name of the Google Cloud Armor security policy, for example, "my-security-policy".
+ "preview": True or False, # Whether or not the associated rule or policy is in preview mode.
+ "type": "A String", # The type of Google Cloud Armor security policy for example, ‘backend security policy’, ‘edge security policy’, ‘network edge security policy’, or ‘always-on DDoS protection’.
+ },
+ "threatVector": "A String", # Distinguish between volumetric & protocol DDoS attack and application layer attacks. For example, “L3_4” for Layer 3 and Layer 4 DDoS attacks, or “L_7” for Layer 7 DDoS attacks.
+ },
"cloudDlpDataProfile": { # The [data profile](https://cloud.google.com/dlp/docs/data-profiles) associated with the finding. # Cloud DLP data profile that is associated with the finding.
"dataProfile": "A String", # Name of the data profile, for example, `projects/123/locations/europe/tableProfiles/8383929`.
"parentType": "A String", # The resource hierarchy level at which the data profile was generated.
@@ -2114,6 +2253,12 @@ Method Details
"muteUpdateTime": "A String", # Output only. The most recent time this finding was muted or unmuted.
"name": "A String", # The [relative resource name](https://cloud.google.com/apis/design/resource_names#relative_resource_name) of the finding. Example: "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}", "folders/{folder_id}/sources/{source_id}/findings/{finding_id}", "projects/{project_id}/sources/{source_id}/findings/{finding_id}".
"nextSteps": "A String", # Steps to address the finding.
+ "notebook": { # Represents a Jupyter notebook IPYNB file, such as a [Colab Enterprise notebook](https://cloud.google.com/colab/docs/introduction) file, that is associated with a finding. # Notebook associated with the finding.
+ "lastAuthor": "A String", # The user ID of the latest author to modify the notebook.
+ "name": "A String", # The name of the notebook.
+ "notebookUpdateTime": "A String", # The most recent time the notebook was updated.
+ "service": "A String", # The source notebook service, for example, "Colab Enterprise".
+ },
"orgPolicies": [ # Contains information about the org policies associated with the finding.
{ # Contains information about the org policies associated with the finding.
"name": "A String", # The resource name of the org policy. Example: "organizations/{organization_id}/policies/{constraint_name}"
@@ -2329,6 +2474,29 @@ Method Details
},
"canonicalName": "A String", # The canonical name of the finding. It's either "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}", "folders/{folder_id}/sources/{source_id}/findings/{finding_id}" or "projects/{project_number}/sources/{source_id}/findings/{finding_id}", depending on the closest CRM ancestor of the resource associated with the finding.
"category": "A String", # The additional taxonomy group within findings from a given source. This field is immutable after creation time. Example: "XSS_FLASH_INJECTION"
+ "cloudArmor": { # Fields related to Google Cloud Armor findings. # Fields related to Cloud Armor findings.
+ "adaptiveProtection": { # Information about [Google Cloud Armor Adaptive Protection](https://cloud.google.com/armor/docs/cloud-armor-overview#google-cloud-armor-adaptive-protection). # Information about potential Layer 7 DDoS attacks identified by [Google Cloud Armor Adaptive Protection](https://cloud.google.com/armor/docs/adaptive-protection-overview).
+ "confidence": 3.14, # A score of 0 means that there is low confidence that the detected event is an actual attack. A score of 1 means that there is high confidence that the detected event is an attack. See the [Adaptive Protection documentation](https://cloud.google.com/armor/docs/adaptive-protection-overview#configure-alert-tuning) for further explanation.
+ },
+ "attack": { # Information about DDoS attack volume and classification. # Information about DDoS attack volume and classification.
+ "classification": "A String", # Type of attack, for example, ‘SYN-flood’, ‘NTP-udp’, or ‘CHARGEN-udp’.
+ "volumeBps": 42, # Total BPS (bytes per second) volume of attack.
+ "volumePps": 42, # Total PPS (packets per second) volume of attack.
+ },
+ "duration": "A String", # Duration of attack from the start until the current moment (updated every 5 minutes).
+ "requests": { # Information about the requests relevant to the finding. # Information about incoming requests evaluated by [Google Cloud Armor security policies](https://cloud.google.com/armor/docs/security-policy-overview).
+ "longTermAllowed": 42, # Allowed RPS (requests per second) over the long term.
+ "longTermDenied": 42, # Denied RPS (requests per second) over the long term.
+ "ratio": 3.14, # For 'Increasing deny ratio', the ratio is the denied traffic divided by the allowed traffic. For 'Allowed traffic spike', the ratio is the allowed traffic in the short term divided by allowed traffic in the long term.
+ "shortTermAllowed": 42, # Allowed RPS (requests per second) in the short term.
+ },
+ "securityPolicy": { # Information about the [Google Cloud Armor security policy](https://cloud.google.com/armor/docs/security-policy-overview) relevant to the finding. # Information about the [Google Cloud Armor security policy](https://cloud.google.com/armor/docs/security-policy-overview) relevant to the finding.
+ "name": "A String", # The name of the Google Cloud Armor security policy, for example, "my-security-policy".
+ "preview": True or False, # Whether or not the associated rule or policy is in preview mode.
+ "type": "A String", # The type of Google Cloud Armor security policy for example, ‘backend security policy’, ‘edge security policy’, ‘network edge security policy’, or ‘always-on DDoS protection’.
+ },
+ "threatVector": "A String", # Distinguish between volumetric & protocol DDoS attack and application layer attacks. For example, “L3_4” for Layer 3 and Layer 4 DDoS attacks, or “L_7” for Layer 7 DDoS attacks.
+ },
"cloudDlpDataProfile": { # The [data profile](https://cloud.google.com/dlp/docs/data-profiles) associated with the finding. # Cloud DLP data profile that is associated with the finding.
"dataProfile": "A String", # Name of the data profile, for example, `projects/123/locations/europe/tableProfiles/8383929`.
"parentType": "A String", # The resource hierarchy level at which the data profile was generated.
@@ -2633,6 +2801,12 @@ Method Details
"muteUpdateTime": "A String", # Output only. The most recent time this finding was muted or unmuted.
"name": "A String", # The [relative resource name](https://cloud.google.com/apis/design/resource_names#relative_resource_name) of the finding. Example: "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}", "folders/{folder_id}/sources/{source_id}/findings/{finding_id}", "projects/{project_id}/sources/{source_id}/findings/{finding_id}".
"nextSteps": "A String", # Steps to address the finding.
+ "notebook": { # Represents a Jupyter notebook IPYNB file, such as a [Colab Enterprise notebook](https://cloud.google.com/colab/docs/introduction) file, that is associated with a finding. # Notebook associated with the finding.
+ "lastAuthor": "A String", # The user ID of the latest author to modify the notebook.
+ "name": "A String", # The name of the notebook.
+ "notebookUpdateTime": "A String", # The most recent time the notebook was updated.
+ "service": "A String", # The source notebook service, for example, "Colab Enterprise".
+ },
"orgPolicies": [ # Contains information about the org policies associated with the finding.
{ # Contains information about the org policies associated with the finding.
"name": "A String", # The resource name of the org policy. Example: "organizations/{organization_id}/policies/{constraint_name}"
diff --git a/googleapiclient/discovery_cache/documents/securitycenter.v1.json b/googleapiclient/discovery_cache/documents/securitycenter.v1.json
index 7ef3e28639..33ebac40b6 100644
--- a/googleapiclient/discovery_cache/documents/securitycenter.v1.json
+++ b/googleapiclient/discovery_cache/documents/securitycenter.v1.json
@@ -5820,7 +5820,7 @@
}
}
},
-"revision": "20240328",
+"revision": "20240415",
"rootUrl": "https://securitycenter.googleapis.com/",
"schemas": {
"Access": {
@@ -5912,6 +5912,18 @@
},
"type": "object"
},
+"AdaptiveProtection": {
+"description": "Information about [Google Cloud Armor Adaptive Protection](https://cloud.google.com/armor/docs/cloud-armor-overview#google-cloud-armor-adaptive-protection).",
+"id": "AdaptiveProtection",
+"properties": {
+"confidence": {
+"description": "A score of 0 means that there is low confidence that the detected event is an actual attack. A score of 1 means that there is high confidence that the detected event is an attack. See the [Adaptive Protection documentation](https://cloud.google.com/armor/docs/adaptive-protection-overview#configure-alert-tuning) for further explanation.",
+"format": "double",
+"type": "number"
+}
+},
+"type": "object"
+},
"Application": {
"description": "Represents an application associated with a finding.",
"id": "Application",
@@ -6006,6 +6018,27 @@
},
"type": "object"
},
+"Attack": {
+"description": "Information about DDoS attack volume and classification.",
+"id": "Attack",
+"properties": {
+"classification": {
+"description": "Type of attack, for example, \u2018SYN-flood\u2019, \u2018NTP-udp\u2019, or \u2018CHARGEN-udp\u2019.",
+"type": "string"
+},
+"volumeBps": {
+"description": "Total BPS (bytes per second) volume of attack.",
+"format": "int32",
+"type": "integer"
+},
+"volumePps": {
+"description": "Total PPS (packets per second) volume of attack.",
+"format": "int32",
+"type": "integer"
+}
+},
+"type": "object"
+},
"AttackExposure": {
"description": "An attack exposure contains the results of an attack path simulation run.",
"id": "AttackExposure",
@@ -6225,6 +6258,69 @@
},
"type": "object"
},
+"AwsAccount": {
+"description": "An AWS account that is a member of an organization.",
+"id": "AwsAccount",
+"properties": {
+"id": {
+"description": "The unique identifier (ID) of the account, containing exactly 12 digits.",
+"type": "string"
+},
+"name": {
+"description": "The friendly name of this account.",
+"type": "string"
+}
+},
+"type": "object"
+},
+"AwsMetadata": {
+"description": "AWS metadata associated with the resource, only applicable if the finding's cloud provider is Amazon Web Services.",
+"id": "AwsMetadata",
+"properties": {
+"account": {
+"$ref": "AwsAccount",
+"description": "The AWS account associated with the resource."
+},
+"organization": {
+"$ref": "AwsOrganization",
+"description": "The AWS organization associated with the resource."
+},
+"organizationalUnits": {
+"description": "A list of AWS organizational units associated with the resource, ordered from lowest level (closest to the account) to highest level.",
+"items": {
+"$ref": "AwsOrganizationalUnit"
+},
+"type": "array"
+}
+},
+"type": "object"
+},
+"AwsOrganization": {
+"description": "An organization is a collection of accounts that are centrally managed together using consolidated billing, organized hierarchically with organizational units (OUs), and controlled with policies.",
+"id": "AwsOrganization",
+"properties": {
+"id": {
+"description": "The unique identifier (ID) for the organization. The regex pattern for an organization ID string requires \"o-\" followed by from 10 to 32 lowercase letters or digits.",
+"type": "string"
+}
+},
+"type": "object"
+},
+"AwsOrganizationalUnit": {
+"description": "An Organizational Unit (OU) is a container of AWS accounts within a root of an organization. Policies that are attached to an OU apply to all accounts contained in that OU and in any child OUs.",
+"id": "AwsOrganizationalUnit",
+"properties": {
+"id": {
+"description": "The unique identifier (ID) associated with this OU. The regex pattern for an organizational unit ID string requires \"ou-\" followed by from 4 to 32 lowercase letters or digits (the ID of the root that contains the OU). This string is followed by a second \"-\" dash and from 8 to 32 additional lowercase letters or digits. For example, \"ou-ab12-cd34ef56\".",
+"type": "string"
+},
+"name": {
+"description": "The friendly name of the OU.",
+"type": "string"
+}
+},
+"type": "object"
+},
"BackupDisasterRecovery": {
"description": "Information related to Google Cloud Backup and DR Service findings.",
"id": "BackupDisasterRecovery",
@@ -6348,6 +6444,38 @@
},
"type": "object"
},
+"CloudArmor": {
+"description": "Fields related to Google Cloud Armor findings.",
+"id": "CloudArmor",
+"properties": {
+"adaptiveProtection": {
+"$ref": "AdaptiveProtection",
+"description": "Information about potential Layer 7 DDoS attacks identified by [Google Cloud Armor Adaptive Protection](https://cloud.google.com/armor/docs/adaptive-protection-overview)."
+},
+"attack": {
+"$ref": "Attack",
+"description": "Information about DDoS attack volume and classification."
+},
+"duration": {
+"description": "Duration of attack from the start until the current moment (updated every 5 minutes).",
+"format": "google-duration",
+"type": "string"
+},
+"requests": {
+"$ref": "Requests",
+"description": "Information about incoming requests evaluated by [Google Cloud Armor security policies](https://cloud.google.com/armor/docs/security-policy-overview)."
+},
+"securityPolicy": {
+"$ref": "SecurityPolicy",
+"description": "Information about the [Google Cloud Armor security policy](https://cloud.google.com/armor/docs/security-policy-overview) relevant to the finding."
+},
+"threatVector": {
+"description": "Distinguish between volumetric & protocol DDoS attack and application layer attacks. For example, \u201cL3_4\u201d for Layer 3 and Layer 4 DDoS attacks, or \u201cL_7\u201d for Layer 7 DDoS attacks.",
+"type": "string"
+}
+},
+"type": "object"
+},
"CloudDlpDataProfile": {
"description": "The [data profile](https://cloud.google.com/dlp/docs/data-profiles) associated with the finding.",
"id": "CloudDlpDataProfile",
@@ -6451,6 +6579,22 @@
"description": "The category of Findings matching.",
"type": "string"
},
+"cloudProvider": {
+"description": "The cloud provider for the compliance snapshot.",
+"enum": [
+"CLOUD_PROVIDER_UNSPECIFIED",
+"GOOGLE_CLOUD_PLATFORM",
+"AMAZON_WEB_SERVICES",
+"MICROSOFT_AZURE"
+],
+"enumDescriptions": [
+"The cloud provider is unspecified.",
+"The cloud provider is Google Cloud Platform.",
+"The cloud provider is Amazon Web Services.",
+"The cloud provider is Microsoft Azure."
+],
+"type": "string"
+},
"complianceStandard": {
"description": "The compliance standard (ie CIS).",
"type": "string"
@@ -6472,10 +6616,6 @@
"description": "The compliance snapshot name. Format: //sources//complianceSnapshots/",
"type": "string"
},
-"projectDisplayName": {
-"description": "The CRM resource display name that is closest to the snapshot the Findings belong to.",
-"type": "string"
-},
"snapshotTime": {
"description": "The snapshot time of the snapshot.",
"format": "google-datetime",
@@ -7176,6 +7316,10 @@
"description": "The additional taxonomy group within findings from a given source. This field is immutable after creation time. Example: \"XSS_FLASH_INJECTION\"",
"type": "string"
},
+"cloudArmor": {
+"$ref": "CloudArmor",
+"description": "Fields related to Cloud Armor findings."
+},
"cloudDlpDataProfile": {
"$ref": "CloudDlpDataProfile",
"description": "Cloud DLP data profile that is associated with the finding."
@@ -7351,6 +7495,10 @@
"description": "Steps to address the finding.",
"type": "string"
},
+"notebook": {
+"$ref": "Notebook",
+"description": "Notebook associated with the finding."
+},
"orgPolicies": {
"description": "Contains information about the org policies associated with the finding.",
"items": {
@@ -7448,6 +7596,41 @@
},
"type": "object"
},
+"GcpMetadata": {
+"description": "GCP metadata associated with the resource, only applicable if the finding's cloud provider is Google Cloud Platform.",
+"id": "GcpMetadata",
+"properties": {
+"folders": {
+"description": "Output only. Contains a Folder message for each folder in the assets ancestry. The first folder is the deepest nested folder, and the last folder is the folder directly under the Organization.",
+"items": {
+"$ref": "GoogleCloudSecuritycenterV2Folder"
+},
+"readOnly": true,
+"type": "array"
+},
+"organization": {
+"description": "The name of the organization that the resource belongs to.",
+"type": "string"
+},
+"parent": {
+"description": "The full resource name of resource's parent.",
+"type": "string"
+},
+"parentDisplayName": {
+"description": "The human readable name of resource's parent.",
+"type": "string"
+},
+"project": {
+"description": "The full resource name of project that the resource belongs to.",
+"type": "string"
+},
+"projectDisplayName": {
+"description": "The project ID that the resource belongs to.",
+"type": "string"
+}
+},
+"type": "object"
+},
"Geolocation": {
"description": "Represents a geographical location for a given access.",
"id": "Geolocation",
@@ -7792,6 +7975,26 @@
"description": "Information related to the Google Cloud resource.",
"id": "GoogleCloudSecuritycenterV1Resource",
"properties": {
+"awsMetadata": {
+"$ref": "AwsMetadata",
+"description": "The AWS metadata associated with the finding."
+},
+"cloudProvider": {
+"description": "Indicates which cloud provider the resource resides in.",
+"enum": [
+"CLOUD_PROVIDER_UNSPECIFIED",
+"GOOGLE_CLOUD_PLATFORM",
+"AMAZON_WEB_SERVICES",
+"MICROSOFT_AZURE"
+],
+"enumDescriptions": [
+"The cloud provider is unspecified.",
+"The cloud provider is Google Cloud Platform.",
+"The cloud provider is Amazon Web Services.",
+"The cloud provider is Microsoft Azure."
+],
+"type": "string"
+},
"displayName": {
"description": "The human readable name of the resource.",
"type": "string"
@@ -7804,10 +8007,18 @@
"readOnly": true,
"type": "array"
},
+"location": {
+"description": "The region or location of the service (if applicable).",
+"type": "string"
+},
"name": {
"description": "The full resource name of the resource. See: https://cloud.google.com/apis/design/resource_names#full_resource_name",
"type": "string"
},
+"organization": {
+"description": "Indicates which organization or tenant in the cloud provider the finding applies to.",
+"type": "string"
+},
"parent": {
"description": "The full resource name of resource's parent.",
"type": "string"
@@ -7824,6 +8035,18 @@
"description": "The project ID that the resource belongs to.",
"type": "string"
},
+"resourcePath": {
+"$ref": "ResourcePath",
+"description": "Provides the path to the resource within the resource hierarchy."
+},
+"resourcePathString": {
+"description": "A string representation of the resource path. For GCP, it has the format of: organizations/{organization_id}/folders/{folder_id}/folders/{folder_id}/projects/{project_id} where there can be any number of folders. For AWS, it has the format of: org/{organization_id}/ou/{organizational_unit_id}/ou/{organizational_unit_id}/account/{account_id} where there can be any number of organizational units. For Azure, it has the format of: mg/{management_group_id}/mg/{management_group_id}/subscription/{subscription_id}/rg/{resource_group_name} where there can be any number of management groups.",
+"type": "string"
+},
+"service": {
+"description": "The parent service or product from which the resource is provided, for example, GKE or SNS.",
+"type": "string"
+},
"type": {
"description": "The full resource type of the resource.",
"type": "string"
@@ -7849,6 +8072,22 @@
"description": "A resource value config (RVC) is a mapping configuration of user's resources to resource values. Used in Attack path simulations.",
"id": "GoogleCloudSecuritycenterV1ResourceValueConfig",
"properties": {
+"cloudProvider": {
+"description": "Cloud provider this configuration applies to",
+"enum": [
+"CLOUD_PROVIDER_UNSPECIFIED",
+"GOOGLE_CLOUD_PLATFORM",
+"AMAZON_WEB_SERVICES",
+"MICROSOFT_AZURE"
+],
+"enumDescriptions": [
+"The cloud provider is unspecified.",
+"The cloud provider is Google Cloud Platform.",
+"The cloud provider is Amazon Web Services.",
+"The cloud provider is Microsoft Azure."
+],
+"type": "string"
+},
"createTime": {
"description": "Output only. Timestamp this resource value config was created.",
"format": "google-datetime",
@@ -8359,6 +8598,18 @@
},
"type": "object"
},
+"GoogleCloudSecuritycenterV2AdaptiveProtection": {
+"description": "Information about [Google Cloud Armor Adaptive Protection](https://cloud.google.com/armor/docs/cloud-armor-overview#google-cloud-armor-adaptive-protection).",
+"id": "GoogleCloudSecuritycenterV2AdaptiveProtection",
+"properties": {
+"confidence": {
+"description": "A score of 0 means that there is low confidence that the detected event is an actual attack. A score of 1 means that there is high confidence that the detected event is an attack. See the [Adaptive Protection documentation](https://cloud.google.com/armor/docs/adaptive-protection-overview#configure-alert-tuning) for further explanation.",
+"format": "double",
+"type": "number"
+}
+},
+"type": "object"
+},
"GoogleCloudSecuritycenterV2Application": {
"description": "Represents an application associated with a finding.",
"id": "GoogleCloudSecuritycenterV2Application",
@@ -8374,6 +8625,27 @@
},
"type": "object"
},
+"GoogleCloudSecuritycenterV2Attack": {
+"description": "Information about DDoS attack volume and classification.",
+"id": "GoogleCloudSecuritycenterV2Attack",
+"properties": {
+"classification": {
+"description": "Type of attack, for example, \u2018SYN-flood\u2019, \u2018NTP-udp\u2019, or \u2018CHARGEN-udp\u2019.",
+"type": "string"
+},
+"volumeBps": {
+"description": "Total BPS (bytes per second) volume of attack.",
+"format": "int32",
+"type": "integer"
+},
+"volumePps": {
+"description": "Total PPS (packets per second) volume of attack.",
+"format": "int32",
+"type": "integer"
+}
+},
+"type": "object"
+},
"GoogleCloudSecuritycenterV2AttackExposure": {
"description": "An attack exposure contains the results of an attack path simulation run.",
"id": "GoogleCloudSecuritycenterV2AttackExposure",
@@ -8425,6 +8697,69 @@
},
"type": "object"
},
+"GoogleCloudSecuritycenterV2AwsAccount": {
+"description": "An AWS account that is a member of an organization.",
+"id": "GoogleCloudSecuritycenterV2AwsAccount",
+"properties": {
+"id": {
+"description": "The unique identifier (ID) of the account, containing exactly 12 digits.",
+"type": "string"
+},
+"name": {
+"description": "The friendly name of this account.",
+"type": "string"
+}
+},
+"type": "object"
+},
+"GoogleCloudSecuritycenterV2AwsMetadata": {
+"description": "AWS metadata associated with the resource, only applicable if the finding's cloud provider is Amazon Web Services.",
+"id": "GoogleCloudSecuritycenterV2AwsMetadata",
+"properties": {
+"account": {
+"$ref": "GoogleCloudSecuritycenterV2AwsAccount",
+"description": "The AWS account associated with the resource."
+},
+"organization": {
+"$ref": "GoogleCloudSecuritycenterV2AwsOrganization",
+"description": "The AWS organization associated with the resource."
+},
+"organizationalUnits": {
+"description": "A list of AWS organizational units associated with the resource, ordered from lowest level (closest to the account) to highest level.",
+"items": {
+"$ref": "GoogleCloudSecuritycenterV2AwsOrganizationalUnit"
+},
+"type": "array"
+}
+},
+"type": "object"
+},
+"GoogleCloudSecuritycenterV2AwsOrganization": {
+"description": "An organization is a collection of accounts that are centrally managed together using consolidated billing, organized hierarchically with organizational units (OUs), and controlled with policies.",
+"id": "GoogleCloudSecuritycenterV2AwsOrganization",
+"properties": {
+"id": {
+"description": "The unique identifier (ID) for the organization. The regex pattern for an organization ID string requires \"o-\" followed by from 10 to 32 lowercase letters or digits.",
+"type": "string"
+}
+},
+"type": "object"
+},
+"GoogleCloudSecuritycenterV2AwsOrganizationalUnit": {
+"description": "An Organizational Unit (OU) is a container of AWS accounts within a root of an organization. Policies that are attached to an OU apply to all accounts contained in that OU and in any child OUs.",
+"id": "GoogleCloudSecuritycenterV2AwsOrganizationalUnit",
+"properties": {
+"id": {
+"description": "The unique identifier (ID) associated with this OU. The regex pattern for an organizational unit ID string requires \"ou-\" followed by from 4 to 32 lowercase letters or digits (the ID of the root that contains the OU). This string is followed by a second \"-\" dash and from 8 to 32 additional lowercase letters or digits. For example, \"ou-ab12-cd34ef56\".",
+"type": "string"
+},
+"name": {
+"description": "The friendly name of the OU.",
+"type": "string"
+}
+},
+"type": "object"
+},
"GoogleCloudSecuritycenterV2BackupDisasterRecovery": {
"description": "Information related to Google Cloud Backup and DR Service findings.",
"id": "GoogleCloudSecuritycenterV2BackupDisasterRecovery",
@@ -8559,6 +8894,38 @@
"properties": {},
"type": "object"
},
+"GoogleCloudSecuritycenterV2CloudArmor": {
+"description": "Fields related to Google Cloud Armor findings.",
+"id": "GoogleCloudSecuritycenterV2CloudArmor",
+"properties": {
+"adaptiveProtection": {
+"$ref": "GoogleCloudSecuritycenterV2AdaptiveProtection",
+"description": "Information about potential Layer 7 DDoS attacks identified by [Google Cloud Armor Adaptive Protection](https://cloud.google.com/armor/docs/adaptive-protection-overview)."
+},
+"attack": {
+"$ref": "GoogleCloudSecuritycenterV2Attack",
+"description": "Information about DDoS attack volume and classification."
+},
+"duration": {
+"description": "Duration of attack from the start until the current moment (updated every 5 minutes).",
+"format": "google-duration",
+"type": "string"
+},
+"requests": {
+"$ref": "GoogleCloudSecuritycenterV2Requests",
+"description": "Information about incoming requests evaluated by [Google Cloud Armor security policies](https://cloud.google.com/armor/docs/security-policy-overview)."
+},
+"securityPolicy": {
+"$ref": "GoogleCloudSecuritycenterV2SecurityPolicy",
+"description": "Information about the [Google Cloud Armor security policy](https://cloud.google.com/armor/docs/security-policy-overview) relevant to the finding."
+},
+"threatVector": {
+"description": "Distinguish between volumetric & protocol DDoS attack and application layer attacks. For example, \u201cL3_4\u201d for Layer 3 and Layer 4 DDoS attacks, or \u201cL_7\u201d for Layer 7 DDoS attacks.",
+"type": "string"
+}
+},
+"type": "object"
+},
"GoogleCloudSecuritycenterV2CloudDlpDataProfile": {
"description": "The [data profile](https://cloud.google.com/dlp/docs/data-profiles) associated with the finding.",
"id": "GoogleCloudSecuritycenterV2CloudDlpDataProfile",
@@ -9211,6 +9578,10 @@
"description": "Immutable. The additional taxonomy group within findings from a given source. Example: \"XSS_FLASH_INJECTION\"",
"type": "string"
},
+"cloudArmor": {
+"$ref": "GoogleCloudSecuritycenterV2CloudArmor",
+"description": "Fields related to Cloud Armor findings."
+},
"cloudDlpDataProfile": {
"$ref": "GoogleCloudSecuritycenterV2CloudDlpDataProfile",
"description": "Cloud DLP data profile that is associated with the finding."
@@ -9387,6 +9758,10 @@
"description": "Steps to address the finding.",
"type": "string"
},
+"notebook": {
+"$ref": "GoogleCloudSecuritycenterV2Notebook",
+"description": "Notebook associated with the finding."
+},
"orgPolicies": {
"description": "Contains information about the org policies associated with the finding.",
"items": {
@@ -9470,6 +9845,21 @@
},
"type": "object"
},
+"GoogleCloudSecuritycenterV2Folder": {
+"description": "Message that contains the resource name and display name of a folder resource.",
+"id": "GoogleCloudSecuritycenterV2Folder",
+"properties": {
+"resourceFolder": {
+"description": "Full resource name of this folder. See: https://cloud.google.com/apis/design/resource_names#full_resource_name",
+"type": "string"
+},
+"resourceFolderDisplayName": {
+"description": "The user defined display name for this folder.",
+"type": "string"
+}
+},
+"type": "object"
+},
"GoogleCloudSecuritycenterV2Geolocation": {
"description": "Represents a geographical location for a given access.",
"id": "GoogleCloudSecuritycenterV2Geolocation",
@@ -9757,6 +10147,7 @@
"PROCESS_DISCOVERY",
"COMMAND_AND_SCRIPTING_INTERPRETER",
"UNIX_SHELL",
+"PYTHON",
"PERMISSION_GROUPS_DISCOVERY",
"CLOUD_GROUPS",
"APPLICATION_LAYER_PROTOCOL",
@@ -9818,6 +10209,7 @@
"T1057",
"T1059",
"T1059.004",
+"T1059.006",
"T1069",
"T1069.003",
"T1071",
@@ -9924,6 +10316,7 @@
"PROCESS_DISCOVERY",
"COMMAND_AND_SCRIPTING_INTERPRETER",
"UNIX_SHELL",
+"PYTHON",
"PERMISSION_GROUPS_DISCOVERY",
"CLOUD_GROUPS",
"APPLICATION_LAYER_PROTOCOL",
@@ -9985,6 +10378,7 @@
"T1057",
"T1059",
"T1059.004",
+"T1059.006",
"T1069",
"T1069.003",
"T1071",
@@ -10124,6 +10518,30 @@
},
"type": "object"
},
+"GoogleCloudSecuritycenterV2Notebook": {
+"description": "Represents a Jupyter notebook IPYNB file, such as a [Colab Enterprise notebook](https://cloud.google.com/colab/docs/introduction) file, that is associated with a finding.",
+"id": "GoogleCloudSecuritycenterV2Notebook",
+"properties": {
+"lastAuthor": {
+"description": "The user ID of the latest author to modify the notebook.",
+"type": "string"
+},
+"name": {
+"description": "The name of the notebook.",
+"type": "string"
+},
+"notebookUpdateTime": {
+"description": "The most recent time the notebook was updated.",
+"format": "google-datetime",
+"type": "string"
+},
+"service": {
+"description": "The source notebook service, for example, \"Colab Enterprise\".",
+"type": "string"
+}
+},
+"type": "object"
+},
"GoogleCloudSecuritycenterV2NotificationMessage": {
"description": "Cloud SCC's Notification",
"id": "GoogleCloudSecuritycenterV2NotificationMessage",
@@ -10357,18 +10775,85 @@
},
"type": "object"
},
+"GoogleCloudSecuritycenterV2Requests": {
+"description": "Information about the requests relevant to the finding.",
+"id": "GoogleCloudSecuritycenterV2Requests",
+"properties": {
+"longTermAllowed": {
+"description": "Allowed RPS (requests per second) over the long term.",
+"format": "int32",
+"type": "integer"
+},
+"longTermDenied": {
+"description": "Denied RPS (requests per second) over the long term.",
+"format": "int32",
+"type": "integer"
+},
+"ratio": {
+"description": "For 'Increasing deny ratio', the ratio is the denied traffic divided by the allowed traffic. For 'Allowed traffic spike', the ratio is the allowed traffic in the short term divided by allowed traffic in the long term.",
+"format": "double",
+"type": "number"
+},
+"shortTermAllowed": {
+"description": "Allowed RPS (requests per second) in the short term.",
+"format": "int32",
+"type": "integer"
+}
+},
+"type": "object"
+},
"GoogleCloudSecuritycenterV2Resource": {
"description": "Information related to the Google Cloud resource.",
"id": "GoogleCloudSecuritycenterV2Resource",
"properties": {
+"awsMetadata": {
+"$ref": "GoogleCloudSecuritycenterV2AwsMetadata",
+"description": "The AWS metadata associated with the finding."
+},
+"cloudProvider": {
+"description": "Indicates which cloud provider the finding is from.",
+"enum": [
+"CLOUD_PROVIDER_UNSPECIFIED",
+"GOOGLE_CLOUD_PLATFORM",
+"AMAZON_WEB_SERVICES",
+"MICROSOFT_AZURE"
+],
+"enumDescriptions": [
+"The cloud provider is unspecified.",
+"The cloud provider is Google Cloud Platform.",
+"The cloud provider is Amazon Web Services.",
+"The cloud provider is Microsoft Azure."
+],
+"type": "string"
+},
"displayName": {
"description": "The human readable name of the resource.",
"type": "string"
},
+"gcpMetadata": {
+"$ref": "GcpMetadata",
+"description": "The GCP metadata associated with the finding."
+},
+"location": {
+"description": "The region or location of the service (if applicable).",
+"type": "string"
+},
"name": {
"description": "The full resource name of the resource. See: https://cloud.google.com/apis/design/resource_names#full_resource_name",
"type": "string"
},
+"resourcePath": {
+"$ref": "GoogleCloudSecuritycenterV2ResourcePath",
+"description": "Provides the path to the resource within the resource hierarchy."
+},
+"resourcePathString": {
+"description": "A string representation of the resource path. For GCP, it has the format of: organizations/{organization_id}/folders/{folder_id}/folders/{folder_id}/projects/{project_id} where there can be any number of folders. For AWS, it has the format of: org/{organization_id}/ou/{organizational_unit_id}/ou/{organizational_unit_id}/account/{account_id} where there can be any number of organizational units. For Azure, it has the format of: mg/{management_group_id}/mg/{management_group_id}/subscription/{subscription_id}/rg/{resource_group_name} where there can be any number of management groups.",
+"type": "string"
+},
+"service": {
+"description": "The service or resource provider associated with the resource.",
+"type": "string"
+},
"type": {
"description": "The full resource type of the resource.",
"type": "string"
@@ -10376,10 +10861,83 @@
},
"type": "object"
},
+"GoogleCloudSecuritycenterV2ResourcePath": {
+"description": "Represents the path of resources leading up to the resource this finding is about.",
+"id": "GoogleCloudSecuritycenterV2ResourcePath",
+"properties": {
+"nodes": {
+"description": "The list of nodes that make the up resource path, ordered from lowest level to highest level.",
+"items": {
+"$ref": "GoogleCloudSecuritycenterV2ResourcePathNode"
+},
+"type": "array"
+}
+},
+"type": "object"
+},
+"GoogleCloudSecuritycenterV2ResourcePathNode": {
+"description": "A node within the resource path. Each node represents a resource within the resource hierarchy.",
+"id": "GoogleCloudSecuritycenterV2ResourcePathNode",
+"properties": {
+"displayName": {
+"description": "The display name of the resource this node represents.",
+"type": "string"
+},
+"id": {
+"description": "The ID of the resource this node represents.",
+"type": "string"
+},
+"nodeType": {
+"description": "The type of resource this node represents.",
+"enum": [
+"RESOURCE_PATH_NODE_TYPE_UNSPECIFIED",
+"GCP_ORGANIZATION",
+"GCP_FOLDER",
+"GCP_PROJECT",
+"AWS_ORGANIZATION",
+"AWS_ORGANIZATIONAL_UNIT",
+"AWS_ACCOUNT",
+"AZURE_MANAGEMENT_GROUP",
+"AZURE_SUBSCRIPTION",
+"AZURE_RESOURCE_GROUP"
+],
+"enumDescriptions": [
+"Node type is unspecified.",
+"The node represents a GCP organization.",
+"The node represents a GCP folder.",
+"The node represents a GCP project.",
+"The node represents an AWS organization.",
+"The node represents an AWS organizational unit.",
+"The node represents an AWS account.",
+"The node represents an Azure management group.",
+"The node represents an Azure subscription.",
+"The node represents an Azure resource group."
+],
+"type": "string"
+}
+},
+"type": "object"
+},
"GoogleCloudSecuritycenterV2ResourceValueConfig": {
"description": "A resource value config (RVC) is a mapping configuration of user's resources to resource values. Used in Attack path simulations.",
"id": "GoogleCloudSecuritycenterV2ResourceValueConfig",
"properties": {
+"cloudProvider": {
+"description": "Cloud provider this configuration applies to",
+"enum": [
+"CLOUD_PROVIDER_UNSPECIFIED",
+"GOOGLE_CLOUD_PLATFORM",
+"AMAZON_WEB_SERVICES",
+"MICROSOFT_AZURE"
+],
+"enumDescriptions": [
+"The cloud provider is unspecified.",
+"The cloud provider is Google Cloud Platform.",
+"The cloud provider is Amazon Web Services.",
+"The cloud provider is Microsoft Azure."
+],
+"type": "string"
+},
"createTime": {
"description": "Output only. Timestamp this resource value config was created.",
"format": "google-datetime",
@@ -10501,7 +11059,7 @@
"id": "GoogleCloudSecuritycenterV2SecurityMarks",
"properties": {
"canonicalName": {
-"description": "The canonical name of the marks. The following list shows some examples: + `organizations/{organization_id}/assets/{asset_id}/securityMarks\" + `organizations/{organization_id}/sources/{source_id}/findings/{finding_id}/securityMarks\" + `organizations/{organization_id}/sources/{source_id}/locations/{location}/findings/{finding_id}/securityMarks\" + `folders/{folder_id}/assets/{asset_id}/securityMarks\" + `folders/{folder_id}/sources/{source_id}/findings/{finding_id}/securityMarks\" + `folders/{folder_id}/sources/{source_id}/locations/{location}/findings/{finding_id}/securityMarks\" + `projects/{project_number}/assets/{asset_id}/securityMarks\" + `projects/{project_number}/sources/{source_id}/findings/{finding_id}/securityMarks\" + `projects/{project_number}/sources/{source_id}/locations/{location}/findings/{finding_id}/securityMarks\"",
+"description": "The canonical name of the marks. The following list shows some examples: + `organizations/{organization_id}/assets/{asset_id}/securityMarks` + `organizations/{organization_id}/sources/{source_id}/findings/{finding_id}/securityMarks` + `organizations/{organization_id}/sources/{source_id}/locations/{location}/findings/{finding_id}/securityMarks` + `folders/{folder_id}/assets/{asset_id}/securityMarks` + `folders/{folder_id}/sources/{source_id}/findings/{finding_id}/securityMarks` + `folders/{folder_id}/sources/{source_id}/locations/{location}/findings/{finding_id}/securityMarks` + `projects/{project_number}/assets/{asset_id}/securityMarks` + `projects/{project_number}/sources/{source_id}/findings/{finding_id}/securityMarks` + `projects/{project_number}/sources/{source_id}/locations/{location}/findings/{finding_id}/securityMarks`",
"type": "string"
},
"marks": {
@@ -10518,6 +11076,25 @@
},
"type": "object"
},
+"GoogleCloudSecuritycenterV2SecurityPolicy": {
+"description": "Information about the [Google Cloud Armor security policy](https://cloud.google.com/armor/docs/security-policy-overview) relevant to the finding.",
+"id": "GoogleCloudSecuritycenterV2SecurityPolicy",
+"properties": {
+"name": {
+"description": "The name of the Google Cloud Armor security policy, for example, \"my-security-policy\".",
+"type": "string"
+},
+"preview": {
+"description": "Whether or not the associated rule or policy is in preview mode.",
+"type": "boolean"
+},
+"type": {
+"description": "The type of Google Cloud Armor security policy for example, \u2018backend security policy\u2019, \u2018edge security policy\u2019, \u2018network edge security policy\u2019, or \u2018always-on DDoS protection\u2019.",
+"type": "string"
+}
+},
+"type": "object"
+},
"GoogleCloudSecuritycenterV2SecurityPosture": {
"description": "Represents a posture that is deployed on Google Cloud by the Security Command Center Posture Management service. A posture contains one or more policy sets. A policy set is a group of policies that enforce a set of security rules on Google Cloud.",
"id": "GoogleCloudSecuritycenterV2SecurityPosture",
@@ -11519,6 +12096,7 @@
"PROCESS_DISCOVERY",
"COMMAND_AND_SCRIPTING_INTERPRETER",
"UNIX_SHELL",
+"PYTHON",
"PERMISSION_GROUPS_DISCOVERY",
"CLOUD_GROUPS",
"APPLICATION_LAYER_PROTOCOL",
@@ -11580,6 +12158,7 @@
"T1057",
"T1059",
"T1059.004",
+"T1059.006",
"T1069",
"T1069.003",
"T1071",
@@ -11686,6 +12265,7 @@
"PROCESS_DISCOVERY",
"COMMAND_AND_SCRIPTING_INTERPRETER",
"UNIX_SHELL",
+"PYTHON",
"PERMISSION_GROUPS_DISCOVERY",
"CLOUD_GROUPS",
"APPLICATION_LAYER_PROTOCOL",
@@ -11747,6 +12327,7 @@
"T1057",
"T1059",
"T1059.004",
+"T1059.006",
"T1069",
"T1069.003",
"T1071",
@@ -11838,6 +12419,30 @@
},
"type": "object"
},
+"Notebook": {
+"description": "Represents a Jupyter notebook IPYNB file, such as a [Colab Enterprise notebook](https://cloud.google.com/colab/docs/introduction) file, that is associated with a finding.",
+"id": "Notebook",
+"properties": {
+"lastAuthor": {
+"description": "The user ID of the latest author to modify the notebook.",
+"type": "string"
+},
+"name": {
+"description": "The name of the notebook.",
+"type": "string"
+},
+"notebookUpdateTime": {
+"description": "The most recent time the notebook was updated.",
+"format": "google-datetime",
+"type": "string"
+},
+"service": {
+"description": "The source notebook service, for example, \"Colab Enterprise\".",
+"type": "string"
+}
+},
+"type": "object"
+},
"NotificationConfig": {
"description": "Cloud Security Command Center (Cloud SCC) notification configs. A notification config is a Cloud SCC resource that contains the configuration to send notifications for create/update events of findings, assets and etc.",
"id": "NotificationConfig",
@@ -12199,10 +12804,57 @@
},
"type": "object"
},
+"Requests": {
+"description": "Information about the requests relevant to the finding.",
+"id": "Requests",
+"properties": {
+"longTermAllowed": {
+"description": "Allowed RPS (requests per second) over the long term.",
+"format": "int32",
+"type": "integer"
+},
+"longTermDenied": {
+"description": "Denied RPS (requests per second) over the long term.",
+"format": "int32",
+"type": "integer"
+},
+"ratio": {
+"description": "For 'Increasing deny ratio', the ratio is the denied traffic divided by the allowed traffic. For 'Allowed traffic spike', the ratio is the allowed traffic in the short term divided by allowed traffic in the long term.",
+"format": "double",
+"type": "number"
+},
+"shortTermAllowed": {
+"description": "Allowed RPS (requests per second) in the short term.",
+"format": "int32",
+"type": "integer"
+}
+},
+"type": "object"
+},
"Resource": {
"description": "Information related to the Google Cloud resource that is associated with this finding.",
"id": "Resource",
"properties": {
+"awsMetadata": {
+"$ref": "AwsMetadata",
+"description": "The AWS metadata associated with the finding."
+},
+"cloudProvider": {
+"description": "Indicates which cloud provider the finding is from.",
+"enum": [
+"CLOUD_PROVIDER_UNSPECIFIED",
+"GOOGLE_CLOUD_PLATFORM",
+"AMAZON_WEB_SERVICES",
+"MICROSOFT_AZURE"
+],
+"enumDescriptions": [
+"The cloud provider is unspecified.",
+"The cloud provider is Google Cloud Platform.",
+"The cloud provider is Amazon Web Services.",
+"The cloud provider is Microsoft Azure."
+],
+"type": "string"
+},
"displayName": {
"description": "The human readable name of the resource.",
"type": "string"
@@ -12214,10 +12866,18 @@
},
"type": "array"
},
+"location": {
+"description": "The region or location of the service (if applicable).",
+"type": "string"
+},
"name": {
"description": "The full resource name of the resource. See: https://cloud.google.com/apis/design/resource_names#full_resource_name",
"type": "string"
},
+"organization": {
+"description": "Indicates which organization / tenant the finding is for.",
+"type": "string"
+},
"parentDisplayName": {
"description": "The human readable name of resource's parent.",
"type": "string"
@@ -12234,6 +12894,18 @@
"description": "The full resource name of project that the resource belongs to.",
"type": "string"
},
+"resourcePath": {
+"$ref": "ResourcePath",
+"description": "Provides the path to the resource within the resource hierarchy."
+},
+"resourcePathString": {
+"description": "A string representation of the resource path. For GCP, it has the format of: org/{organization_id}/folder/{folder_id}/folder/{folder_id}/project/{project_id} where there can be any number of folders. For AWS, it has the format of: org/{organization_id}/ou/{organizational_unit_id}/ou/{organizational_unit_id}/account/{account_id} where there can be any number of organizational units. For Azure, it has the format of: mg/{management_group_id}/mg/{management_group_id}/subscription/{subscription_id}/rg/{resource_group_name} where there can be any number of management groups.",
+"type": "string"
+},
+"service": {
+"description": "The service or resource provider associated with the resource.",
+"type": "string"
+},
"type": {
"description": "The full resource type of the resource.",
"type": "string"
@@ -12241,6 +12913,63 @@
},
"type": "object"
},
+"ResourcePath": {
+"description": "Represents the path of resources leading up to the resource this finding is about.",
+"id": "ResourcePath",
+"properties": {
+"nodes": {
+"description": "The list of nodes that make the up resource path, ordered from lowest level to highest level.",
+"items": {
+"$ref": "ResourcePathNode"
+},
+"type": "array"
+}
+},
+"type": "object"
+},
+"ResourcePathNode": {
+"description": "A node within the resource path. Each node represents a resource within the resource hierarchy.",
+"id": "ResourcePathNode",
+"properties": {
+"displayName": {
+"description": "The display name of the resource this node represents.",
+"type": "string"
+},
+"id": {
+"description": "The ID of the resource this node represents.",
+"type": "string"
+},
+"nodeType": {
+"description": "The type of resource this node represents.",
+"enum": [
+"RESOURCE_PATH_NODE_TYPE_UNSPECIFIED",
+"GCP_ORGANIZATION",
+"GCP_FOLDER",
+"GCP_PROJECT",
+"AWS_ORGANIZATION",
+"AWS_ORGANIZATIONAL_UNIT",
+"AWS_ACCOUNT",
+"AZURE_MANAGEMENT_GROUP",
+"AZURE_SUBSCRIPTION",
+"AZURE_RESOURCE_GROUP"
+],
+"enumDescriptions": [
+"Node type is unspecified.",
+"The node represents a GCP organization.",
+"The node represents a GCP folder.",
+"The node represents a GCP project.",
+"The node represents an AWS organization.",
+"The node represents an AWS organizational unit.",
+"The node represents an AWS account.",
+"The node represents an Azure management group.",
+"The node represents an Azure subscription.",
+"The node represents an Azure resource group."
+],
+"type": "string"
+}
+},
+"type": "object"
+},
"ResourceValueConfigMetadata": {
"description": "Metadata about a ResourceValueConfig. For example, id and name.",
"id": "ResourceValueConfigMetadata",
@@ -12378,6 +13107,25 @@
},
"type": "object"
},
+"SecurityPolicy": {
+"description": "Information about the [Google Cloud Armor security policy](https://cloud.google.com/armor/docs/security-policy-overview) relevant to the finding.",
+"id": "SecurityPolicy",
+"properties": {
+"name": {
+"description": "The name of the Google Cloud Armor security policy, for example, \"my-security-policy\".",
+"type": "string"
+},
+"preview": {
+"description": "Whether or not the associated rule or policy is in preview mode.",
+"type": "boolean"
+},
+"type": {
+"description": "The type of Google Cloud Armor security policy for example, \u2018backend security policy\u2019, \u2018edge security policy\u2019, \u2018network edge security policy\u2019, or \u2018always-on DDoS protection\u2019.",
+"type": "string"
+}
+},
+"type": "object"
+},
"SecurityPosture": {
"description": "Represents a posture that is deployed on Google Cloud by the Security Command Center Posture Management service. A posture contains one or more policy sets. A policy set is a group of policies that enforce a set of security rules on Google Cloud.",
"id": "SecurityPosture",
@@ -12572,6 +13320,22 @@
"description": "Attack path simulation",
"id": "Simulation",
"properties": {
+"cloudProvider": {
+"description": "Indicates which cloud provider was used in this simulation.",
+"enum": [
+"CLOUD_PROVIDER_UNSPECIFIED",
+"GOOGLE_CLOUD_PLATFORM",
+"AMAZON_WEB_SERVICES",
+"MICROSOFT_AZURE"
+],
+"enumDescriptions": [
+"The cloud provider is unspecified.",
+"The cloud provider is Google Cloud Platform.",
+"The cloud provider is Amazon Web Services.",
+"The cloud provider is Microsoft Azure."
+],
+"type": "string"
+},
"createTime": {
"description": "Output only. Time simulation was created",
"format": "google-datetime",
@@ -12844,6 +13608,57 @@
},
"type": "object"
},
+"VulnerabilityCountBySeverity": {
+"description": "Vulnerability count by severity.",
+"id": "VulnerabilityCountBySeverity",
+"properties": {
+"severityToFindingCount": {
+"additionalProperties": {
+"format": "int64",
+"type": "string"
+},
+"description": "Key is the Severity enum.",
+"type": "object"
+}
+},
+"type": "object"
+},
+"VulnerabilitySnapshot": {
+"description": "Result containing the properties and count of a VulnerabilitySnapshot request.",
+"id": "VulnerabilitySnapshot",
+"properties": {
+"cloudProvider": {
+"description": "The cloud provider for the vulnerability snapshot.",
+"enum": [
+"CLOUD_PROVIDER_UNSPECIFIED",
+"GOOGLE_CLOUD_PLATFORM",
+"AMAZON_WEB_SERVICES",
+"MICROSOFT_AZURE"
+],
+"enumDescriptions": [
+"The cloud provider is unspecified.",
+"The cloud provider is Google Cloud Platform.",
+"The cloud provider is Amazon Web Services.",
+"The cloud provider is Microsoft Azure."
+],
+"type": "string"
+},
+"findingCount": {
+"$ref": "VulnerabilityCountBySeverity",
+"description": "The vulnerability count by severity."
+},
+"name": {
+"description": "Identifier. The vulnerability snapshot name. Format: //locations//vulnerabilitySnapshots/",
+"type": "string"
+},
+"snapshotTime": {
+"description": "The time that the snapshot was taken.",
+"format": "google-datetime",
+"type": "string"
+}
+},
+"type": "object"
+},
"YaraRuleSignature": {
"description": "A signature corresponding to a YARA rule.",
"id": "YaraRuleSignature",
diff --git a/googleapiclient/discovery_cache/documents/securitycenter.v1beta1.json b/googleapiclient/discovery_cache/documents/securitycenter.v1beta1.json
index 0767a785a6..19a0d12973 100644
--- a/googleapiclient/discovery_cache/documents/securitycenter.v1beta1.json
+++ b/googleapiclient/discovery_cache/documents/securitycenter.v1beta1.json
@@ -896,7 +896,7 @@
}
}
},
-"revision": "20240328",
+"revision": "20240415",
"rootUrl": "https://securitycenter.googleapis.com/",
"schemas": {
"Access": {
@@ -988,6 +988,18 @@
},
"type": "object"
},
+"AdaptiveProtection": {
+"description": "Information about [Google Cloud Armor Adaptive Protection](https://cloud.google.com/armor/docs/cloud-armor-overview#google-cloud-armor-adaptive-protection).",
+"id": "AdaptiveProtection",
+"properties": {
+"confidence": {
+"description": "A score of 0 means that there is low confidence that the detected event is an actual attack. A score of 1 means that there is high confidence that the detected event is an attack. See the [Adaptive Protection documentation](https://cloud.google.com/armor/docs/adaptive-protection-overview#configure-alert-tuning) for further explanation.",
+"format": "double",
+"type": "number"
+}
+},
+"type": "object"
+},
"Application": {
"description": "Represents an application associated with a finding.",
"id": "Application",
@@ -1067,6 +1079,27 @@
},
"type": "object"
},
+"Attack": {
+"description": "Information about DDoS attack volume and classification.",
+"id": "Attack",
+"properties": {
+"classification": {
+"description": "Type of attack, for example, \u2018SYN-flood\u2019, \u2018NTP-udp\u2019, or \u2018CHARGEN-udp\u2019.",
+"type": "string"
+},
+"volumeBps": {
+"description": "Total BPS (bytes per second) volume of attack.",
+"format": "int32",
+"type": "integer"
+},
+"volumePps": {
+"description": "Total PPS (packets per second) volume of attack.",
+"format": "int32",
+"type": "integer"
+}
+},
+"type": "object"
+},
"AttackExposure": {
"description": "An attack exposure contains the results of an attack path simulation run.",
"id": "AttackExposure",
@@ -1165,6 +1198,69 @@
},
"type": "object"
},
+"AwsAccount": {
+"description": "An AWS account that is a member of an organization.",
+"id": "AwsAccount",
+"properties": {
+"id": {
+"description": "The unique identifier (ID) of the account, containing exactly 12 digits.",
+"type": "string"
+},
+"name": {
+"description": "The friendly name of this account.",
+"type": "string"
+}
+},
+"type": "object"
+},
+"AwsMetadata": {
+"description": "AWS metadata associated with the resource, only applicable if the finding's cloud provider is Amazon Web Services.",
+"id": "AwsMetadata",
+"properties": {
+"account": {
+"$ref": "AwsAccount",
+"description": "The AWS account associated with the resource."
+},
+"organization": {
+"$ref": "AwsOrganization",
+"description": "The AWS organization associated with the resource."
+},
+"organizationalUnits": {
+"description": "A list of AWS organizational units associated with the resource, ordered from lowest level (closest to the account) to highest level.",
+"items": {
+"$ref": "AwsOrganizationalUnit"
+},
+"type": "array"
+}
+},
+"type": "object"
+},
+"AwsOrganization": {
+"description": "An organization is a collection of accounts that are centrally managed together using consolidated billing, organized hierarchically with organizational units (OUs), and controlled with policies.",
+"id": "AwsOrganization",
+"properties": {
+"id": {
+"description": "The unique identifier (ID) for the organization. The regex pattern for an organization ID string requires \"o-\" followed by from 10 to 32 lowercase letters or digits.",
+"type": "string"
+}
+},
+"type": "object"
+},
+"AwsOrganizationalUnit": {
+"description": "An Organizational Unit (OU) is a container of AWS accounts within a root of an organization. Policies that are attached to an OU apply to all accounts contained in that OU and in any child OUs.",
+"id": "AwsOrganizationalUnit",
+"properties": {
+"id": {
+"description": "The unique identifier (ID) associated with this OU. The regex pattern for an organizational unit ID string requires \"ou-\" followed by from 4 to 32 lowercase letters or digits (the ID of the root that contains the OU). This string is followed by a second \"-\" dash and from 8 to 32 additional lowercase letters or digits. For example, \"ou-ab12-cd34ef56\".",
+"type": "string"
+},
+"name": {
+"description": "The friendly name of the OU.",
+"type": "string"
+}
+},
+"type": "object"
+},
"BackupDisasterRecovery": {
"description": "Information related to Google Cloud Backup and DR Service findings.",
"id": "BackupDisasterRecovery",
@@ -1250,6 +1346,38 @@
"properties": {},
"type": "object"
},
+"CloudArmor": {
+"description": "Fields related to Google Cloud Armor findings.",
+"id": "CloudArmor",
+"properties": {
+"adaptiveProtection": {
+"$ref": "AdaptiveProtection",
+"description": "Information about potential Layer 7 DDoS attacks identified by [Google Cloud Armor Adaptive Protection](https://cloud.google.com/armor/docs/adaptive-protection-overview)."
+},
+"attack": {
+"$ref": "Attack",
+"description": "Information about DDoS attack volume and classification."
+},
+"duration": {
+"description": "Duration of attack from the start until the current moment (updated every 5 minutes).",
+"format": "google-duration",
+"type": "string"
+},
+"requests": {
+"$ref": "Requests",
+"description": "Information about incoming requests evaluated by [Google Cloud Armor security policies](https://cloud.google.com/armor/docs/security-policy-overview)."
+},
+"securityPolicy": {
+"$ref": "SecurityPolicy",
+"description": "Information about the [Google Cloud Armor security policy](https://cloud.google.com/armor/docs/security-policy-overview) relevant to the finding."
+},
+"threatVector": {
+"description": "Distinguish between volumetric & protocol DDoS attack and application layer attacks. For example, \u201cL3_4\u201d for Layer 3 and Layer 4 DDoS attacks, or \u201cL_7\u201d for Layer 7 DDoS attacks.",
+"type": "string"
+}
+},
+"type": "object"
+},
"CloudDlpDataProfile": {
"description": "The [data profile](https://cloud.google.com/dlp/docs/data-profiles) associated with the finding.",
"id": "CloudDlpDataProfile",
@@ -1353,6 +1481,22 @@
"description": "The category of Findings matching.",
"type": "string"
},
+"cloudProvider": {
+"description": "The cloud provider for the compliance snapshot.",
+"enum": [
+"CLOUD_PROVIDER_UNSPECIFIED",
+"GOOGLE_CLOUD_PLATFORM",
+"AMAZON_WEB_SERVICES",
+"MICROSOFT_AZURE"
+],
+"enumDescriptions": [
+"The cloud provider is unspecified.",
+"The cloud provider is Google Cloud Platform.",
+"The cloud provider is Amazon Web Services.",
+"The cloud provider is Microsoft Azure."
+],
+"type": "string"
+},
"complianceStandard": {
"description": "The compliance standard (ie CIS).",
"type": "string"
@@ -1374,10 +1518,6 @@
"description": "The compliance snapshot name. Format: //sources//complianceSnapshots/",
"type": "string"
},
-"projectDisplayName": {
-"description": "The CRM resource display name that is closest to the snapshot the Findings belong to.",
-"type": "string"
-},
"snapshotTime": {
"description": "The snapshot time of the snapshot.",
"format": "google-datetime",
@@ -1913,6 +2053,10 @@
"description": "The additional taxonomy group within findings from a given source. This field is immutable after creation time. Example: \"XSS_FLASH_INJECTION\"",
"type": "string"
},
+"cloudArmor": {
+"$ref": "CloudArmor",
+"description": "Fields related to Cloud Armor findings."
+},
"cloudDlpDataProfile": {
"$ref": "CloudDlpDataProfile",
"description": "Cloud DLP data profile that is associated with the finding."
@@ -2088,6 +2232,10 @@
"description": "Steps to address the finding.",
"type": "string"
},
+"notebook": {
+"$ref": "Notebook",
+"description": "Notebook associated with the finding."
+},
"orgPolicies": {
"description": "Contains information about the org policies associated with the finding.",
"items": {
@@ -2185,6 +2333,41 @@
},
"type": "object"
},
+"GcpMetadata": {
+"description": "GCP metadata associated with the resource, only applicable if the finding's cloud provider is Google Cloud Platform.",
+"id": "GcpMetadata",
+"properties": {
+"folders": {
+"description": "Output only. Contains a Folder message for each folder in the assets ancestry. The first folder is the deepest nested folder, and the last folder is the folder directly under the Organization.",
+"items": {
+"$ref": "GoogleCloudSecuritycenterV2Folder"
+},
+"readOnly": true,
+"type": "array"
+},
+"organization": {
+"description": "The name of the organization that the resource belongs to.",
+"type": "string"
+},
+"parent": {
+"description": "The full resource name of resource's parent.",
+"type": "string"
+},
+"parentDisplayName": {
+"description": "The human readable name of resource's parent.",
+"type": "string"
+},
+"project": {
+"description": "The full resource name of project that the resource belongs to.",
+"type": "string"
+},
+"projectDisplayName": {
+"description": "The project ID that the resource belongs to.",
+"type": "string"
+}
+},
+"type": "object"
+},
"Geolocation": {
"description": "Represents a geographical location for a given access.",
"id": "Geolocation",
@@ -2529,6 +2712,26 @@
"description": "Information related to the Google Cloud resource.",
"id": "GoogleCloudSecuritycenterV1Resource",
"properties": {
+"awsMetadata": {
+"$ref": "AwsMetadata",
+"description": "The AWS metadata associated with the finding."
+},
+"cloudProvider": {
+"description": "Indicates which cloud provider the resource resides in.",
+"enum": [
+"CLOUD_PROVIDER_UNSPECIFIED",
+"GOOGLE_CLOUD_PLATFORM",
+"AMAZON_WEB_SERVICES",
+"MICROSOFT_AZURE"
+],
+"enumDescriptions": [
+"The cloud provider is unspecified.",
+"The cloud provider is Google Cloud Platform.",
+"The cloud provider is Amazon Web Services.",
+"The cloud provider is Microsoft Azure."
+],
+"type": "string"
+},
"displayName": {
"description": "The human readable name of the resource.",
"type": "string"
@@ -2541,10 +2744,18 @@
"readOnly": true,
"type": "array"
},
+"location": {
+"description": "The region or location of the service (if applicable).",
+"type": "string"
+},
"name": {
"description": "The full resource name of the resource. See: https://cloud.google.com/apis/design/resource_names#full_resource_name",
"type": "string"
},
+"organization": {
+"description": "Indicates which organization or tenant in the cloud provider the finding applies to.",
+"type": "string"
+},
"parent": {
"description": "The full resource name of resource's parent.",
"type": "string"
@@ -2561,6 +2772,18 @@
"description": "The project ID that the resource belongs to.",
"type": "string"
},
+"resourcePath": {
+"$ref": "ResourcePath",
+"description": "Provides the path to the resource within the resource hierarchy."
+},
+"resourcePathString": {
+"description": "A string representation of the resource path. For GCP, it has the format of: organizations/{organization_id}/folders/{folder_id}/folders/{folder_id}/projects/{project_id} where there can be any number of folders. For AWS, it has the format of: org/{organization_id}/ou/{organizational_unit_id}/ou/{organizational_unit_id}/account/{account_id} where there can be any number of organizational units. For Azure, it has the format of: mg/{management_group_id}/mg/{management_group_id}/subscription/{subscription_id}/rg/{resource_group_name} where there can be any number of management groups.",
+"type": "string"
+},
+"service": {
+"description": "The parent service or product from which the resource is provided, for example, GKE or SNS.",
+"type": "string"
+},
"type": {
"description": "The full resource type of the resource.",
"type": "string"
@@ -2586,6 +2809,22 @@
"description": "A resource value config (RVC) is a mapping configuration of user's resources to resource values. Used in Attack path simulations.",
"id": "GoogleCloudSecuritycenterV1ResourceValueConfig",
"properties": {
+"cloudProvider": {
+"description": "Cloud provider this configuration applies to",
+"enum": [
+"CLOUD_PROVIDER_UNSPECIFIED",
+"GOOGLE_CLOUD_PLATFORM",
+"AMAZON_WEB_SERVICES",
+"MICROSOFT_AZURE"
+],
+"enumDescriptions": [
+"The cloud provider is unspecified.",
+"The cloud provider is Google Cloud Platform.",
+"The cloud provider is Amazon Web Services.",
+"The cloud provider is Microsoft Azure."
+],
+"type": "string"
+},
"createTime": {
"description": "Output only. Timestamp this resource value config was created.",
"format": "google-datetime",
@@ -3177,6 +3416,18 @@
},
"type": "object"
},
+"GoogleCloudSecuritycenterV2AdaptiveProtection": {
+"description": "Information about [Google Cloud Armor Adaptive Protection](https://cloud.google.com/armor/docs/cloud-armor-overview#google-cloud-armor-adaptive-protection).",
+"id": "GoogleCloudSecuritycenterV2AdaptiveProtection",
+"properties": {
+"confidence": {
+"description": "A score of 0 means that there is low confidence that the detected event is an actual attack. A score of 1 means that there is high confidence that the detected event is an attack. See the [Adaptive Protection documentation](https://cloud.google.com/armor/docs/adaptive-protection-overview#configure-alert-tuning) for further explanation.",
+"format": "double",
+"type": "number"
+}
+},
+"type": "object"
+},
"GoogleCloudSecuritycenterV2Application": {
"description": "Represents an application associated with a finding.",
"id": "GoogleCloudSecuritycenterV2Application",
@@ -3192,6 +3443,27 @@
},
"type": "object"
},
+"GoogleCloudSecuritycenterV2Attack": {
+"description": "Information about DDoS attack volume and classification.",
+"id": "GoogleCloudSecuritycenterV2Attack",
+"properties": {
+"classification": {
+"description": "Type of attack, for example, \u2018SYN-flood\u2019, \u2018NTP-udp\u2019, or \u2018CHARGEN-udp\u2019.",
+"type": "string"
+},
+"volumeBps": {
+"description": "Total BPS (bytes per second) volume of attack.",
+"format": "int32",
+"type": "integer"
+},
+"volumePps": {
+"description": "Total PPS (packets per second) volume of attack.",
+"format": "int32",
+"type": "integer"
+}
+},
+"type": "object"
+},
"GoogleCloudSecuritycenterV2AttackExposure": {
"description": "An attack exposure contains the results of an attack path simulation run.",
"id": "GoogleCloudSecuritycenterV2AttackExposure",
@@ -3243,6 +3515,69 @@
},
"type": "object"
},
+"GoogleCloudSecuritycenterV2AwsAccount": {
+"description": "An AWS account that is a member of an organization.",
+"id": "GoogleCloudSecuritycenterV2AwsAccount",
+"properties": {
+"id": {
+"description": "The unique identifier (ID) of the account, containing exactly 12 digits.",
+"type": "string"
+},
+"name": {
+"description": "The friendly name of this account.",
+"type": "string"
+}
+},
+"type": "object"
+},
+"GoogleCloudSecuritycenterV2AwsMetadata": {
+"description": "AWS metadata associated with the resource, only applicable if the finding's cloud provider is Amazon Web Services.",
+"id": "GoogleCloudSecuritycenterV2AwsMetadata",
+"properties": {
+"account": {
+"$ref": "GoogleCloudSecuritycenterV2AwsAccount",
+"description": "The AWS account associated with the resource."
+},
+"organization": {
+"$ref": "GoogleCloudSecuritycenterV2AwsOrganization",
+"description": "The AWS organization associated with the resource."
+},
+"organizationalUnits": {
+"description": "A list of AWS organizational units associated with the resource, ordered from lowest level (closest to the account) to highest level.",
+"items": {
+"$ref": "GoogleCloudSecuritycenterV2AwsOrganizationalUnit"
+},
+"type": "array"
+}
+},
+"type": "object"
+},
+"GoogleCloudSecuritycenterV2AwsOrganization": {
+"description": "An organization is a collection of accounts that are centrally managed together using consolidated billing, organized hierarchically with organizational units (OUs), and controlled with policies.",
+"id": "GoogleCloudSecuritycenterV2AwsOrganization",
+"properties": {
+"id": {
+"description": "The unique identifier (ID) for the organization. The regex pattern for an organization ID string requires \"o-\" followed by from 10 to 32 lowercase letters or digits.",
+"type": "string"
+}
+},
+"type": "object"
+},
+"GoogleCloudSecuritycenterV2AwsOrganizationalUnit": {
+"description": "An Organizational Unit (OU) is a container of AWS accounts within a root of an organization. Policies that are attached to an OU apply to all accounts contained in that OU and in any child OUs.",
+"id": "GoogleCloudSecuritycenterV2AwsOrganizationalUnit",
+"properties": {
+"id": {
+"description": "The unique identifier (ID) associated with this OU. The regex pattern for an organizational unit ID string requires \"ou-\" followed by from 4 to 32 lowercase letters or digits (the ID of the root that contains the OU). This string is followed by a second \"-\" dash and from 8 to 32 additional lowercase letters or digits. For example, \"ou-ab12-cd34ef56\".",
+"type": "string"
+},
+"name": {
+"description": "The friendly name of the OU.",
+"type": "string"
+}
+},
+"type": "object"
+},
"GoogleCloudSecuritycenterV2BackupDisasterRecovery": {
"description": "Information related to Google Cloud Backup and DR Service findings.",
"id": "GoogleCloudSecuritycenterV2BackupDisasterRecovery",
@@ -3377,6 +3712,38 @@
"properties": {},
"type": "object"
},
+"GoogleCloudSecuritycenterV2CloudArmor": {
+"description": "Fields related to Google Cloud Armor findings.",
+"id": "GoogleCloudSecuritycenterV2CloudArmor",
+"properties": {
+"adaptiveProtection": {
+"$ref": "GoogleCloudSecuritycenterV2AdaptiveProtection",
+"description": "Information about potential Layer 7 DDoS attacks identified by [Google Cloud Armor Adaptive Protection](https://cloud.google.com/armor/docs/adaptive-protection-overview)."
+},
+"attack": {
+"$ref": "GoogleCloudSecuritycenterV2Attack",
+"description": "Information about DDoS attack volume and classification."
+},
+"duration": {
+"description": "Duration of attack from the start until the current moment (updated every 5 minutes).",
+"format": "google-duration",
+"type": "string"
+},
+"requests": {
+"$ref": "GoogleCloudSecuritycenterV2Requests",
+"description": "Information about incoming requests evaluated by [Google Cloud Armor security policies](https://cloud.google.com/armor/docs/security-policy-overview)."
+},
+"securityPolicy": {
+"$ref": "GoogleCloudSecuritycenterV2SecurityPolicy",
+"description": "Information about the [Google Cloud Armor security policy](https://cloud.google.com/armor/docs/security-policy-overview) relevant to the finding."
+},
+"threatVector": {
+"description": "Distinguish between volumetric & protocol DDoS attack and application layer attacks. For example, \u201cL3_4\u201d for Layer 3 and Layer 4 DDoS attacks, or \u201cL_7\u201d for Layer 7 DDoS attacks.",
+"type": "string"
+}
+},
+"type": "object"
+},
"GoogleCloudSecuritycenterV2CloudDlpDataProfile": {
"description": "The [data profile](https://cloud.google.com/dlp/docs/data-profiles) associated with the finding.",
"id": "GoogleCloudSecuritycenterV2CloudDlpDataProfile",
@@ -4029,6 +4396,10 @@
"description": "Immutable. The additional taxonomy group within findings from a given source. Example: \"XSS_FLASH_INJECTION\"",
"type": "string"
},
+"cloudArmor": {
+"$ref": "GoogleCloudSecuritycenterV2CloudArmor",
+"description": "Fields related to Cloud Armor findings."
+},
"cloudDlpDataProfile": {
"$ref": "GoogleCloudSecuritycenterV2CloudDlpDataProfile",
"description": "Cloud DLP data profile that is associated with the finding."
@@ -4205,6 +4576,10 @@
"description": "Steps to address the finding.",
"type": "string"
},
+"notebook": {
+"$ref": "GoogleCloudSecuritycenterV2Notebook",
+"description": "Notebook associated with the finding."
+},
"orgPolicies": {
"description": "Contains information about the org policies associated with the finding.",
"items": {
@@ -4288,6 +4663,21 @@
},
"type": "object"
},
+"GoogleCloudSecuritycenterV2Folder": {
+"description": "Message that contains the resource name and display name of a folder resource.",
+"id": "GoogleCloudSecuritycenterV2Folder",
+"properties": {
+"resourceFolder": {
+"description": "Full resource name of this folder. See: https://cloud.google.com/apis/design/resource_names#full_resource_name",
+"type": "string"
+},
+"resourceFolderDisplayName": {
+"description": "The user defined display name for this folder.",
+"type": "string"
+}
+},
+"type": "object"
+},
"GoogleCloudSecuritycenterV2Geolocation": {
"description": "Represents a geographical location for a given access.",
"id": "GoogleCloudSecuritycenterV2Geolocation",
@@ -4575,6 +4965,7 @@
"PROCESS_DISCOVERY",
"COMMAND_AND_SCRIPTING_INTERPRETER",
"UNIX_SHELL",
+"PYTHON",
"PERMISSION_GROUPS_DISCOVERY",
"CLOUD_GROUPS",
"APPLICATION_LAYER_PROTOCOL",
@@ -4636,6 +5027,7 @@
"T1057",
"T1059",
"T1059.004",
+"T1059.006",
"T1069",
"T1069.003",
"T1071",
@@ -4742,6 +5134,7 @@
"PROCESS_DISCOVERY",
"COMMAND_AND_SCRIPTING_INTERPRETER",
"UNIX_SHELL",
+"PYTHON",
"PERMISSION_GROUPS_DISCOVERY",
"CLOUD_GROUPS",
"APPLICATION_LAYER_PROTOCOL",
@@ -4803,6 +5196,7 @@
"T1057",
"T1059",
"T1059.004",
+"T1059.006",
"T1069",
"T1069.003",
"T1071",
@@ -4942,6 +5336,30 @@
},
"type": "object"
},
+"GoogleCloudSecuritycenterV2Notebook": {
+"description": "Represents a Jupyter notebook IPYNB file, such as a [Colab Enterprise notebook](https://cloud.google.com/colab/docs/introduction) file, that is associated with a finding.",
+"id": "GoogleCloudSecuritycenterV2Notebook",
+"properties": {
+"lastAuthor": {
+"description": "The user ID of the latest author to modify the notebook.",
+"type": "string"
+},
+"name": {
+"description": "The name of the notebook.",
+"type": "string"
+},
+"notebookUpdateTime": {
+"description": "The most recent time the notebook was updated.",
+"format": "google-datetime",
+"type": "string"
+},
+"service": {
+"description": "The source notebook service, for example, \"Colab Enterprise\".",
+"type": "string"
+}
+},
+"type": "object"
+},
"GoogleCloudSecuritycenterV2NotificationMessage": {
"description": "Cloud SCC's Notification",
"id": "GoogleCloudSecuritycenterV2NotificationMessage",
@@ -5175,18 +5593,85 @@
},
"type": "object"
},
+"GoogleCloudSecuritycenterV2Requests": {
+"description": "Information about the requests relevant to the finding.",
+"id": "GoogleCloudSecuritycenterV2Requests",
+"properties": {
+"longTermAllowed": {
+"description": "Allowed RPS (requests per second) over the long term.",
+"format": "int32",
+"type": "integer"
+},
+"longTermDenied": {
+"description": "Denied RPS (requests per second) over the long term.",
+"format": "int32",
+"type": "integer"
+},
+"ratio": {
+"description": "For 'Increasing deny ratio', the ratio is the denied traffic divided by the allowed traffic. For 'Allowed traffic spike', the ratio is the allowed traffic in the short term divided by allowed traffic in the long term.",
+"format": "double",
+"type": "number"
+},
+"shortTermAllowed": {
+"description": "Allowed RPS (requests per second) in the short term.",
+"format": "int32",
+"type": "integer"
+}
+},
+"type": "object"
+},
"GoogleCloudSecuritycenterV2Resource": {
"description": "Information related to the Google Cloud resource.",
"id": "GoogleCloudSecuritycenterV2Resource",
"properties": {
+"awsMetadata": {
+"$ref": "GoogleCloudSecuritycenterV2AwsMetadata",
+"description": "The AWS metadata associated with the finding."
+},
+"cloudProvider": {
+"description": "Indicates which cloud provider the finding is from.",
+"enum": [
+"CLOUD_PROVIDER_UNSPECIFIED",
+"GOOGLE_CLOUD_PLATFORM",
+"AMAZON_WEB_SERVICES",
+"MICROSOFT_AZURE"
+],
+"enumDescriptions": [
+"The cloud provider is unspecified.",
+"The cloud provider is Google Cloud Platform.",
+"The cloud provider is Amazon Web Services.",
+"The cloud provider is Microsoft Azure."
+],
+"type": "string"
+},
"displayName": {
"description": "The human readable name of the resource.",
"type": "string"
},
+"gcpMetadata": {
+"$ref": "GcpMetadata",
+"description": "The GCP metadata associated with the finding."
+},
+"location": {
+"description": "The region or location of the service (if applicable).",
+"type": "string"
+},
"name": {
"description": "The full resource name of the resource. See: https://cloud.google.com/apis/design/resource_names#full_resource_name",
"type": "string"
},
+"resourcePath": {
+"$ref": "GoogleCloudSecuritycenterV2ResourcePath",
+"description": "Provides the path to the resource within the resource hierarchy."
+},
+"resourcePathString": {
+"description": "A string representation of the resource path. For GCP, it has the format of: organizations/{organization_id}/folders/{folder_id}/folders/{folder_id}/projects/{project_id} where there can be any number of folders. For AWS, it has the format of: org/{organization_id}/ou/{organizational_unit_id}/ou/{organizational_unit_id}/account/{account_id} where there can be any number of organizational units. For Azure, it has the format of: mg/{management_group_id}/mg/{management_group_id}/subscription/{subscription_id}/rg/{resource_group_name} where there can be any number of management groups.",
+"type": "string"
+},
+"service": {
+"description": "The service or resource provider associated with the resource.",
+"type": "string"
+},
"type": {
"description": "The full resource type of the resource.",
"type": "string"
@@ -5194,10 +5679,83 @@
},
"type": "object"
},
+"GoogleCloudSecuritycenterV2ResourcePath": {
+"description": "Represents the path of resources leading up to the resource this finding is about.",
+"id": "GoogleCloudSecuritycenterV2ResourcePath",
+"properties": {
+"nodes": {
+"description": "The list of nodes that make the up resource path, ordered from lowest level to highest level.",
+"items": {
+"$ref": "GoogleCloudSecuritycenterV2ResourcePathNode"
+},
+"type": "array"
+}
+},
+"type": "object"
+},
+"GoogleCloudSecuritycenterV2ResourcePathNode": {
+"description": "A node within the resource path. Each node represents a resource within the resource hierarchy.",
+"id": "GoogleCloudSecuritycenterV2ResourcePathNode",
+"properties": {
+"displayName": {
+"description": "The display name of the resource this node represents.",
+"type": "string"
+},
+"id": {
+"description": "The ID of the resource this node represents.",
+"type": "string"
+},
+"nodeType": {
+"description": "The type of resource this node represents.",
+"enum": [
+"RESOURCE_PATH_NODE_TYPE_UNSPECIFIED",
+"GCP_ORGANIZATION",
+"GCP_FOLDER",
+"GCP_PROJECT",
+"AWS_ORGANIZATION",
+"AWS_ORGANIZATIONAL_UNIT",
+"AWS_ACCOUNT",
+"AZURE_MANAGEMENT_GROUP",
+"AZURE_SUBSCRIPTION",
+"AZURE_RESOURCE_GROUP"
+],
+"enumDescriptions": [
+"Node type is unspecified.",
+"The node represents a GCP organization.",
+"The node represents a GCP folder.",
+"The node represents a GCP project.",
+"The node represents an AWS organization.",
+"The node represents an AWS organizational unit.",
+"The node represents an AWS account.",
+"The node represents an Azure management group.",
+"The node represents an Azure subscription.",
+"The node represents an Azure resource group."
+],
+"type": "string"
+}
+},
+"type": "object"
+},
"GoogleCloudSecuritycenterV2ResourceValueConfig": {
"description": "A resource value config (RVC) is a mapping configuration of user's resources to resource values. Used in Attack path simulations.",
"id": "GoogleCloudSecuritycenterV2ResourceValueConfig",
"properties": {
+"cloudProvider": {
+"description": "Cloud provider this configuration applies to",
+"enum": [
+"CLOUD_PROVIDER_UNSPECIFIED",
+"GOOGLE_CLOUD_PLATFORM",
+"AMAZON_WEB_SERVICES",
+"MICROSOFT_AZURE"
+],
+"enumDescriptions": [
+"The cloud provider is unspecified.",
+"The cloud provider is Google Cloud Platform.",
+"The cloud provider is Amazon Web Services.",
+"The cloud provider is Microsoft Azure."
+],
+"type": "string"
+},
"createTime": {
"description": "Output only. Timestamp this resource value config was created.",
"format": "google-datetime",
@@ -5319,7 +5877,7 @@
"id": "GoogleCloudSecuritycenterV2SecurityMarks",
"properties": {
"canonicalName": {
-"description": "The canonical name of the marks. The following list shows some examples: + `organizations/{organization_id}/assets/{asset_id}/securityMarks\" + `organizations/{organization_id}/sources/{source_id}/findings/{finding_id}/securityMarks\" + `organizations/{organization_id}/sources/{source_id}/locations/{location}/findings/{finding_id}/securityMarks\" + `folders/{folder_id}/assets/{asset_id}/securityMarks\" + `folders/{folder_id}/sources/{source_id}/findings/{finding_id}/securityMarks\" + `folders/{folder_id}/sources/{source_id}/locations/{location}/findings/{finding_id}/securityMarks\" + `projects/{project_number}/assets/{asset_id}/securityMarks\" + `projects/{project_number}/sources/{source_id}/findings/{finding_id}/securityMarks\" + `projects/{project_number}/sources/{source_id}/locations/{location}/findings/{finding_id}/securityMarks\"",
+"description": "The canonical name of the marks. The following list shows some examples: + `organizations/{organization_id}/assets/{asset_id}/securityMarks` + `organizations/{organization_id}/sources/{source_id}/findings/{finding_id}/securityMarks` + `organizations/{organization_id}/sources/{source_id}/locations/{location}/findings/{finding_id}/securityMarks` + `folders/{folder_id}/assets/{asset_id}/securityMarks` + `folders/{folder_id}/sources/{source_id}/findings/{finding_id}/securityMarks` + `folders/{folder_id}/sources/{source_id}/locations/{location}/findings/{finding_id}/securityMarks` + `projects/{project_number}/assets/{asset_id}/securityMarks` + `projects/{project_number}/sources/{source_id}/findings/{finding_id}/securityMarks` + `projects/{project_number}/sources/{source_id}/locations/{location}/findings/{finding_id}/securityMarks`",
"type": "string"
},
"marks": {
@@ -5336,6 +5894,25 @@
},
"type": "object"
},
+"GoogleCloudSecuritycenterV2SecurityPolicy": {
+"description": "Information about the [Google Cloud Armor security policy](https://cloud.google.com/armor/docs/security-policy-overview) relevant to the finding.",
+"id": "GoogleCloudSecuritycenterV2SecurityPolicy",
+"properties": {
+"name": {
+"description": "The name of the Google Cloud Armor security policy, for example, \"my-security-policy\".",
+"type": "string"
+},
+"preview": {
+"description": "Whether or not the associated rule or policy is in preview mode.",
+"type": "boolean"
+},
+"type": {
+"description": "The type of Google Cloud Armor security policy for example, \u2018backend security policy\u2019, \u2018edge security policy\u2019, \u2018network edge security policy\u2019, or \u2018always-on DDoS protection\u2019.",
+"type": "string"
+}
+},
+"type": "object"
+},
"GoogleCloudSecuritycenterV2SecurityPosture": {
"description": "Represents a posture that is deployed on Google Cloud by the Security Command Center Posture Management service. A posture contains one or more policy sets. A policy set is a group of policies that enforce a set of security rules on Google Cloud.",
"id": "GoogleCloudSecuritycenterV2SecurityPosture",
@@ -6058,6 +6635,7 @@
"PROCESS_DISCOVERY",
"COMMAND_AND_SCRIPTING_INTERPRETER",
"UNIX_SHELL",
+"PYTHON",
"PERMISSION_GROUPS_DISCOVERY",
"CLOUD_GROUPS",
"APPLICATION_LAYER_PROTOCOL",
@@ -6119,6 +6697,7 @@
"T1057",
"T1059",
"T1059.004",
+"T1059.006",
"T1069",
"T1069.003",
"T1071",
@@ -6225,6 +6804,7 @@
"PROCESS_DISCOVERY",
"COMMAND_AND_SCRIPTING_INTERPRETER",
"UNIX_SHELL",
+"PYTHON",
"PERMISSION_GROUPS_DISCOVERY",
"CLOUD_GROUPS",
"APPLICATION_LAYER_PROTOCOL",
@@ -6286,6 +6866,7 @@
"T1057",
"T1059",
"T1059.004",
+"T1059.006",
"T1069",
"T1069.003",
"T1071",
@@ -6377,6 +6958,30 @@
},
"type": "object"
},
+"Notebook": {
+"description": "Represents a Jupyter notebook IPYNB file, such as a [Colab Enterprise notebook](https://cloud.google.com/colab/docs/introduction) file, that is associated with a finding.",
+"id": "Notebook",
+"properties": {
+"lastAuthor": {
+"description": "The user ID of the latest author to modify the notebook.",
+"type": "string"
+},
+"name": {
+"description": "The name of the notebook.",
+"type": "string"
+},
+"notebookUpdateTime": {
+"description": "The most recent time the notebook was updated.",
+"format": "google-datetime",
+"type": "string"
+},
+"service": {
+"description": "The source notebook service, for example, \"Colab Enterprise\".",
+"type": "string"
+}
+},
+"type": "object"
+},
"Object": {
"description": "Kubernetes object related to the finding, uniquely identified by GKNN. Used if the object Kind is not one of Pod, Node, NodePool, Binding, or AccessReview.",
"id": "Object",
@@ -6676,6 +7281,90 @@
},
"type": "object"
},
+"Requests": {
+"description": "Information about the requests relevant to the finding.",
+"id": "Requests",
+"properties": {
+"longTermAllowed": {
+"description": "Allowed RPS (requests per second) over the long term.",
+"format": "int32",
+"type": "integer"
+},
+"longTermDenied": {
+"description": "Denied RPS (requests per second) over the long term.",
+"format": "int32",
+"type": "integer"
+},
+"ratio": {
+"description": "For 'Increasing deny ratio', the ratio is the denied traffic divided by the allowed traffic. For 'Allowed traffic spike', the ratio is the allowed traffic in the short term divided by allowed traffic in the long term.",
+"format": "double",
+"type": "number"
+},
+"shortTermAllowed": {
+"description": "Allowed RPS (requests per second) in the short term.",
+"format": "int32",
+"type": "integer"
+}
+},
+"type": "object"
+},
+"ResourcePath": {
+"description": "Represents the path of resources leading up to the resource this finding is about.",
+"id": "ResourcePath",
+"properties": {
+"nodes": {
+"description": "The list of nodes that make the up resource path, ordered from lowest level to highest level.",
+"items": {
+"$ref": "ResourcePathNode"
+},
+"type": "array"
+}
+},
+"type": "object"
+},
+"ResourcePathNode": {
+"description": "A node within the resource path. Each node represents a resource within the resource hierarchy.",
+"id": "ResourcePathNode",
+"properties": {
+"displayName": {
+"description": "The display name of the resource this node represents.",
+"type": "string"
+},
+"id": {
+"description": "The ID of the resource this node represents.",
+"type": "string"
+},
+"nodeType": {
+"description": "The type of resource this node represents.",
+"enum": [
+"RESOURCE_PATH_NODE_TYPE_UNSPECIFIED",
+"GCP_ORGANIZATION",
+"GCP_FOLDER",
+"GCP_PROJECT",
+"AWS_ORGANIZATION",
+"AWS_ORGANIZATIONAL_UNIT",
+"AWS_ACCOUNT",
+"AZURE_MANAGEMENT_GROUP",
+"AZURE_SUBSCRIPTION",
+"AZURE_RESOURCE_GROUP"
+],
+"enumDescriptions": [
+"Node type is unspecified.",
+"The node represents a GCP organization.",
+"The node represents a GCP folder.",
+"The node represents a GCP project.",
+"The node represents an AWS organization.",
+"The node represents an AWS organizational unit.",
+"The node represents an AWS account.",
+"The node represents an Azure management group.",
+"The node represents an Azure subscription.",
+"The node represents an Azure resource group."
+],
+"type": "string"
+}
+},
+"type": "object"
+},
"Role": {
"description": "Kubernetes Role or ClusterRole.",
"id": "Role",
@@ -6783,6 +7472,25 @@
},
"type": "object"
},
+"SecurityPolicy": {
+"description": "Information about the [Google Cloud Armor security policy](https://cloud.google.com/armor/docs/security-policy-overview) relevant to the finding.",
+"id": "SecurityPolicy",
+"properties": {
+"name": {
+"description": "The name of the Google Cloud Armor security policy, for example, \"my-security-policy\".",
+"type": "string"
+},
+"preview": {
+"description": "Whether or not the associated rule or policy is in preview mode.",
+"type": "boolean"
+},
+"type": {
+"description": "The type of Google Cloud Armor security policy for example, \u2018backend security policy\u2019, \u2018edge security policy\u2019, \u2018network edge security policy\u2019, or \u2018always-on DDoS protection\u2019.",
+"type": "string"
+}
+},
+"type": "object"
+},
"SecurityPosture": {
"description": "Represents a posture that is deployed on Google Cloud by the Security Command Center Posture Management service. A posture contains one or more policy sets. A policy set is a group of policies that enforce a set of security rules on Google Cloud.",
"id": "SecurityPosture",
@@ -7042,6 +7750,57 @@
},
"type": "object"
},
+"VulnerabilityCountBySeverity": {
+"description": "Vulnerability count by severity.",
+"id": "VulnerabilityCountBySeverity",
+"properties": {
+"severityToFindingCount": {
+"additionalProperties": {
+"format": "int64",
+"type": "string"
+},
+"description": "Key is the Severity enum.",
+"type": "object"
+}
+},
+"type": "object"
+},
+"VulnerabilitySnapshot": {
+"description": "Result containing the properties and count of a VulnerabilitySnapshot request.",
+"id": "VulnerabilitySnapshot",
+"properties": {
+"cloudProvider": {
+"description": "The cloud provider for the vulnerability snapshot.",
+"enum": [
+"CLOUD_PROVIDER_UNSPECIFIED",
+"GOOGLE_CLOUD_PLATFORM",
+"AMAZON_WEB_SERVICES",
+"MICROSOFT_AZURE"
+],
+"enumDescriptions": [
+"The cloud provider is unspecified.",
+"The cloud provider is Google Cloud Platform.",
+"The cloud provider is Amazon Web Services.",
+"The cloud provider is Microsoft Azure."
+],
+"type": "string"
+},
+"findingCount": {
+"$ref": "VulnerabilityCountBySeverity",
+"description": "The vulnerability count by severity."
+},
+"name": {
+"description": "Identifier. The vulnerability snapshot name. Format: //locations//vulnerabilitySnapshots/",
+"type": "string"
+},
+"snapshotTime": {
+"description": "The time that the snapshot was taken.",
+"format": "google-datetime",
+"type": "string"
+}
+},
+"type": "object"
+},
"YaraRuleSignature": {
"description": "A signature corresponding to a YARA rule.",
"id": "YaraRuleSignature",
diff --git a/googleapiclient/discovery_cache/documents/securitycenter.v1beta2.json b/googleapiclient/discovery_cache/documents/securitycenter.v1beta2.json
index c6b73d07e0..3cb45605e1 100644
--- a/googleapiclient/discovery_cache/documents/securitycenter.v1beta2.json
+++ b/googleapiclient/discovery_cache/documents/securitycenter.v1beta2.json
@@ -1906,7 +1906,7 @@
}
}
},
-"revision": "20240328",
+"revision": "20240415",
"rootUrl": "https://securitycenter.googleapis.com/",
"schemas": {
"Access": {
@@ -1998,6 +1998,18 @@
},
"type": "object"
},
+"AdaptiveProtection": {
+"description": "Information about [Google Cloud Armor Adaptive Protection](https://cloud.google.com/armor/docs/cloud-armor-overview#google-cloud-armor-adaptive-protection).",
+"id": "AdaptiveProtection",
+"properties": {
+"confidence": {
+"description": "A score of 0 means that there is low confidence that the detected event is an actual attack. A score of 1 means that there is high confidence that the detected event is an attack. See the [Adaptive Protection documentation](https://cloud.google.com/armor/docs/adaptive-protection-overview#configure-alert-tuning) for further explanation.",
+"format": "double",
+"type": "number"
+}
+},
+"type": "object"
+},
"Application": {
"description": "Represents an application associated with a finding.",
"id": "Application",
@@ -2013,6 +2025,27 @@
},
"type": "object"
},
+"Attack": {
+"description": "Information about DDoS attack volume and classification.",
+"id": "Attack",
+"properties": {
+"classification": {
+"description": "Type of attack, for example, \u2018SYN-flood\u2019, \u2018NTP-udp\u2019, or \u2018CHARGEN-udp\u2019.",
+"type": "string"
+},
+"volumeBps": {
+"description": "Total BPS (bytes per second) volume of attack.",
+"format": "int32",
+"type": "integer"
+},
+"volumePps": {
+"description": "Total PPS (packets per second) volume of attack.",
+"format": "int32",
+"type": "integer"
+}
+},
+"type": "object"
+},
"AttackExposure": {
"description": "An attack exposure contains the results of an attack path simulation run.",
"id": "AttackExposure",
@@ -2063,6 +2096,69 @@
},
"type": "object"
},
+"AwsAccount": {
+"description": "An AWS account that is a member of an organization.",
+"id": "AwsAccount",
+"properties": {
+"id": {
+"description": "The unique identifier (ID) of the account, containing exactly 12 digits.",
+"type": "string"
+},
+"name": {
+"description": "The friendly name of this account.",
+"type": "string"
+}
+},
+"type": "object"
+},
+"AwsMetadata": {
+"description": "AWS metadata associated with the resource, only applicable if the finding's cloud provider is Amazon Web Services.",
+"id": "AwsMetadata",
+"properties": {
+"account": {
+"$ref": "AwsAccount",
+"description": "The AWS account associated with the resource."
+},
+"organization": {
+"$ref": "AwsOrganization",
+"description": "The AWS organization associated with the resource."
+},
+"organizationalUnits": {
+"description": "A list of AWS organizational units associated with the resource, ordered from lowest level (closest to the account) to highest level.",
+"items": {
+"$ref": "AwsOrganizationalUnit"
+},
+"type": "array"
+}
+},
+"type": "object"
+},
+"AwsOrganization": {
+"description": "An organization is a collection of accounts that are centrally managed together using consolidated billing, organized hierarchically with organizational units (OUs), and controlled with policies.",
+"id": "AwsOrganization",
+"properties": {
+"id": {
+"description": "The unique identifier (ID) for the organization. The regex pattern for an organization ID string requires \"o-\" followed by from 10 to 32 lowercase letters or digits.",
+"type": "string"
+}
+},
+"type": "object"
+},
+"AwsOrganizationalUnit": {
+"description": "An Organizational Unit (OU) is a container of AWS accounts within a root of an organization. Policies that are attached to an OU apply to all accounts contained in that OU and in any child OUs.",
+"id": "AwsOrganizationalUnit",
+"properties": {
+"id": {
+"description": "The unique identifier (ID) associated with this OU. The regex pattern for an organizational unit ID string requires \"ou-\" followed by from 4 to 32 lowercase letters or digits (the ID of the root that contains the OU). This string is followed by a second \"-\" dash and from 8 to 32 additional lowercase letters or digits. For example, \"ou-ab12-cd34ef56\".",
+"type": "string"
+},
+"name": {
+"description": "The friendly name of the OU.",
+"type": "string"
+}
+},
+"type": "object"
+},
"BackupDisasterRecovery": {
"description": "Information related to Google Cloud Backup and DR Service findings.",
"id": "BackupDisasterRecovery",
@@ -2120,6 +2216,38 @@
},
"type": "object"
},
+"CloudArmor": {
+"description": "Fields related to Google Cloud Armor findings.",
+"id": "CloudArmor",
+"properties": {
+"adaptiveProtection": {
+"$ref": "AdaptiveProtection",
+"description": "Information about potential Layer 7 DDoS attacks identified by [Google Cloud Armor Adaptive Protection](https://cloud.google.com/armor/docs/adaptive-protection-overview)."
+},
+"attack": {
+"$ref": "Attack",
+"description": "Information about DDoS attack volume and classification."
+},
+"duration": {
+"description": "Duration of attack from the start until the current moment (updated every 5 minutes).",
+"format": "google-duration",
+"type": "string"
+},
+"requests": {
+"$ref": "Requests",
+"description": "Information about incoming requests evaluated by [Google Cloud Armor security policies](https://cloud.google.com/armor/docs/security-policy-overview)."
+},
+"securityPolicy": {
+"$ref": "SecurityPolicy",
+"description": "Information about the [Google Cloud Armor security policy](https://cloud.google.com/armor/docs/security-policy-overview) relevant to the finding."
+},
+"threatVector": {
+"description": "Distinguish between volumetric & protocol DDoS attack and application layer attacks. For example, \u201cL3_4\u201d for Layer 3 and Layer 4 DDoS attacks, or \u201cL_7\u201d for Layer 7 DDoS attacks.",
+"type": "string"
+}
+},
+"type": "object"
+},
"CloudDlpDataProfile": {
"description": "The [data profile](https://cloud.google.com/dlp/docs/data-profiles) associated with the finding.",
"id": "CloudDlpDataProfile",
@@ -2223,6 +2351,22 @@
"description": "The category of Findings matching.",
"type": "string"
},
+"cloudProvider": {
+"description": "The cloud provider for the compliance snapshot.",
+"enum": [
+"CLOUD_PROVIDER_UNSPECIFIED",
+"GOOGLE_CLOUD_PLATFORM",
+"AMAZON_WEB_SERVICES",
+"MICROSOFT_AZURE"
+],
+"enumDescriptions": [
+"The cloud provider is unspecified.",
+"The cloud provider is Google Cloud Platform.",
+"The cloud provider is Amazon Web Services.",
+"The cloud provider is Microsoft Azure."
+],
+"type": "string"
+},
"complianceStandard": {
"description": "The compliance standard (ie CIS).",
"type": "string"
@@ -2244,10 +2388,6 @@
"description": "The compliance snapshot name. Format: //sources//complianceSnapshots/",
"type": "string"
},
-"projectDisplayName": {
-"description": "The CRM resource display name that is closest to the snapshot the Findings belong to.",
-"type": "string"
-},
"snapshotTime": {
"description": "The snapshot time of the snapshot.",
"format": "google-datetime",
@@ -2930,6 +3070,10 @@
"description": "The additional taxonomy group within findings from a given source. This field is immutable after creation time. Example: \"XSS_FLASH_INJECTION\"",
"type": "string"
},
+"cloudArmor": {
+"$ref": "CloudArmor",
+"description": "Fields related to Cloud Armor findings."
+},
"cloudDlpDataProfile": {
"$ref": "CloudDlpDataProfile",
"description": "Cloud DLP data profile that is associated with the finding."
@@ -3105,6 +3249,10 @@
"description": "Steps to address the finding.",
"type": "string"
},
+"notebook": {
+"$ref": "Notebook",
+"description": "Notebook associated with the finding."
+},
"orgPolicies": {
"description": "Contains information about the org policies associated with the finding.",
"items": {
@@ -3202,6 +3350,41 @@
},
"type": "object"
},
+"GcpMetadata": {
+"description": "GCP metadata associated with the resource, only applicable if the finding's cloud provider is Google Cloud Platform.",
+"id": "GcpMetadata",
+"properties": {
+"folders": {
+"description": "Output only. Contains a Folder message for each folder in the assets ancestry. The first folder is the deepest nested folder, and the last folder is the folder directly under the Organization.",
+"items": {
+"$ref": "GoogleCloudSecuritycenterV2Folder"
+},
+"readOnly": true,
+"type": "array"
+},
+"organization": {
+"description": "The name of the organization that the resource belongs to.",
+"type": "string"
+},
+"parent": {
+"description": "The full resource name of resource's parent.",
+"type": "string"
+},
+"parentDisplayName": {
+"description": "The human readable name of resource's parent.",
+"type": "string"
+},
+"project": {
+"description": "The full resource name of project that the resource belongs to.",
+"type": "string"
+},
+"projectDisplayName": {
+"description": "The project ID that the resource belongs to.",
+"type": "string"
+}
+},
+"type": "object"
+},
"Geolocation": {
"description": "Represents a geographical location for a given access.",
"id": "Geolocation",
@@ -3523,6 +3706,26 @@
"description": "Information related to the Google Cloud resource.",
"id": "GoogleCloudSecuritycenterV1Resource",
"properties": {
+"awsMetadata": {
+"$ref": "AwsMetadata",
+"description": "The AWS metadata associated with the finding."
+},
+"cloudProvider": {
+"description": "Indicates which cloud provider the resource resides in.",
+"enum": [
+"CLOUD_PROVIDER_UNSPECIFIED",
+"GOOGLE_CLOUD_PLATFORM",
+"AMAZON_WEB_SERVICES",
+"MICROSOFT_AZURE"
+],
+"enumDescriptions": [
+"The cloud provider is unspecified.",
+"The cloud provider is Google Cloud Platform.",
+"The cloud provider is Amazon Web Services.",
+"The cloud provider is Microsoft Azure."
+],
+"type": "string"
+},
"displayName": {
"description": "The human readable name of the resource.",
"type": "string"
@@ -3535,10 +3738,18 @@
"readOnly": true,
"type": "array"
},
+"location": {
+"description": "The region or location of the service (if applicable).",
+"type": "string"
+},
"name": {
"description": "The full resource name of the resource. See: https://cloud.google.com/apis/design/resource_names#full_resource_name",
"type": "string"
},
+"organization": {
+"description": "Indicates which organization or tenant in the cloud provider the finding applies to.",
+"type": "string"
+},
"parent": {
"description": "The full resource name of resource's parent.",
"type": "string"
@@ -3555,6 +3766,18 @@
"description": "The project ID that the resource belongs to.",
"type": "string"
},
+"resourcePath": {
+"$ref": "ResourcePath",
+"description": "Provides the path to the resource within the resource hierarchy."
+},
+"resourcePathString": {
+"description": "A string representation of the resource path. For GCP, it has the format of: organizations/{organization_id}/folders/{folder_id}/folders/{folder_id}/projects/{project_id} where there can be any number of folders. For AWS, it has the format of: org/{organization_id}/ou/{organizational_unit_id}/ou/{organizational_unit_id}/account/{account_id} where there can be any number of organizational units. For Azure, it has the format of: mg/{management_group_id}/mg/{management_group_id}/subscription/{subscription_id}/rg/{resource_group_name} where there can be any number of management groups.",
+"type": "string"
+},
+"service": {
+"description": "The parent service or product from which the resource is provided, for example, GKE or SNS.",
+"type": "string"
+},
"type": {
"description": "The full resource type of the resource.",
"type": "string"
@@ -3580,6 +3803,22 @@
"description": "A resource value config (RVC) is a mapping configuration of user's resources to resource values. Used in Attack path simulations.",
"id": "GoogleCloudSecuritycenterV1ResourceValueConfig",
"properties": {
+"cloudProvider": {
+"description": "Cloud provider this configuration applies to",
+"enum": [
+"CLOUD_PROVIDER_UNSPECIFIED",
+"GOOGLE_CLOUD_PLATFORM",
+"AMAZON_WEB_SERVICES",
+"MICROSOFT_AZURE"
+],
+"enumDescriptions": [
+"The cloud provider is unspecified.",
+"The cloud provider is Google Cloud Platform.",
+"The cloud provider is Amazon Web Services.",
+"The cloud provider is Microsoft Azure."
+],
+"type": "string"
+},
"createTime": {
"description": "Output only. Timestamp this resource value config was created.",
"format": "google-datetime",
@@ -4090,6 +4329,18 @@
},
"type": "object"
},
+"GoogleCloudSecuritycenterV2AdaptiveProtection": {
+"description": "Information about [Google Cloud Armor Adaptive Protection](https://cloud.google.com/armor/docs/cloud-armor-overview#google-cloud-armor-adaptive-protection).",
+"id": "GoogleCloudSecuritycenterV2AdaptiveProtection",
+"properties": {
+"confidence": {
+"description": "A score of 0 means that there is low confidence that the detected event is an actual attack. A score of 1 means that there is high confidence that the detected event is an attack. See the [Adaptive Protection documentation](https://cloud.google.com/armor/docs/adaptive-protection-overview#configure-alert-tuning) for further explanation.",
+"format": "double",
+"type": "number"
+}
+},
+"type": "object"
+},
"GoogleCloudSecuritycenterV2Application": {
"description": "Represents an application associated with a finding.",
"id": "GoogleCloudSecuritycenterV2Application",
@@ -4105,6 +4356,27 @@
},
"type": "object"
},
+"GoogleCloudSecuritycenterV2Attack": {
+"description": "Information about DDoS attack volume and classification.",
+"id": "GoogleCloudSecuritycenterV2Attack",
+"properties": {
+"classification": {
+"description": "Type of attack, for example, \u2018SYN-flood\u2019, \u2018NTP-udp\u2019, or \u2018CHARGEN-udp\u2019.",
+"type": "string"
+},
+"volumeBps": {
+"description": "Total BPS (bytes per second) volume of attack.",
+"format": "int32",
+"type": "integer"
+},
+"volumePps": {
+"description": "Total PPS (packets per second) volume of attack.",
+"format": "int32",
+"type": "integer"
+}
+},
+"type": "object"
+},
"GoogleCloudSecuritycenterV2AttackExposure": {
"description": "An attack exposure contains the results of an attack path simulation run.",
"id": "GoogleCloudSecuritycenterV2AttackExposure",
@@ -4156,6 +4428,69 @@
},
"type": "object"
},
+"GoogleCloudSecuritycenterV2AwsAccount": {
+"description": "An AWS account that is a member of an organization.",
+"id": "GoogleCloudSecuritycenterV2AwsAccount",
+"properties": {
+"id": {
+"description": "The unique identifier (ID) of the account, containing exactly 12 digits.",
+"type": "string"
+},
+"name": {
+"description": "The friendly name of this account.",
+"type": "string"
+}
+},
+"type": "object"
+},
+"GoogleCloudSecuritycenterV2AwsMetadata": {
+"description": "AWS metadata associated with the resource, only applicable if the finding's cloud provider is Amazon Web Services.",
+"id": "GoogleCloudSecuritycenterV2AwsMetadata",
+"properties": {
+"account": {
+"$ref": "GoogleCloudSecuritycenterV2AwsAccount",
+"description": "The AWS account associated with the resource."
+},
+"organization": {
+"$ref": "GoogleCloudSecuritycenterV2AwsOrganization",
+"description": "The AWS organization associated with the resource."
+},
+"organizationalUnits": {
+"description": "A list of AWS organizational units associated with the resource, ordered from lowest level (closest to the account) to highest level.",
+"items": {
+"$ref": "GoogleCloudSecuritycenterV2AwsOrganizationalUnit"
+},
+"type": "array"
+}
+},
+"type": "object"
+},
+"GoogleCloudSecuritycenterV2AwsOrganization": {
+"description": "An organization is a collection of accounts that are centrally managed together using consolidated billing, organized hierarchically with organizational units (OUs), and controlled with policies.",
+"id": "GoogleCloudSecuritycenterV2AwsOrganization",
+"properties": {
+"id": {
+"description": "The unique identifier (ID) for the organization. The regex pattern for an organization ID string requires \"o-\" followed by from 10 to 32 lowercase letters or digits.",
+"type": "string"
+}
+},
+"type": "object"
+},
+"GoogleCloudSecuritycenterV2AwsOrganizationalUnit": {
+"description": "An Organizational Unit (OU) is a container of AWS accounts within a root of an organization. Policies that are attached to an OU apply to all accounts contained in that OU and in any child OUs.",
+"id": "GoogleCloudSecuritycenterV2AwsOrganizationalUnit",
+"properties": {
+"id": {
+"description": "The unique identifier (ID) associated with this OU. The regex pattern for an organizational unit ID string requires \"ou-\" followed by from 4 to 32 lowercase letters or digits (the ID of the root that contains the OU). This string is followed by a second \"-\" dash and from 8 to 32 additional lowercase letters or digits. For example, \"ou-ab12-cd34ef56\".",
+"type": "string"
+},
+"name": {
+"description": "The friendly name of the OU.",
+"type": "string"
+}
+},
+"type": "object"
+},
"GoogleCloudSecuritycenterV2BackupDisasterRecovery": {
"description": "Information related to Google Cloud Backup and DR Service findings.",
"id": "GoogleCloudSecuritycenterV2BackupDisasterRecovery",
@@ -4290,6 +4625,38 @@
"properties": {},
"type": "object"
},
+"GoogleCloudSecuritycenterV2CloudArmor": {
+"description": "Fields related to Google Cloud Armor findings.",
+"id": "GoogleCloudSecuritycenterV2CloudArmor",
+"properties": {
+"adaptiveProtection": {
+"$ref": "GoogleCloudSecuritycenterV2AdaptiveProtection",
+"description": "Information about potential Layer 7 DDoS attacks identified by [Google Cloud Armor Adaptive Protection](https://cloud.google.com/armor/docs/adaptive-protection-overview)."
+},
+"attack": {
+"$ref": "GoogleCloudSecuritycenterV2Attack",
+"description": "Information about DDoS attack volume and classification."
+},
+"duration": {
+"description": "Duration of attack from the start until the current moment (updated every 5 minutes).",
+"format": "google-duration",
+"type": "string"
+},
+"requests": {
+"$ref": "GoogleCloudSecuritycenterV2Requests",
+"description": "Information about incoming requests evaluated by [Google Cloud Armor security policies](https://cloud.google.com/armor/docs/security-policy-overview)."
+},
+"securityPolicy": {
+"$ref": "GoogleCloudSecuritycenterV2SecurityPolicy",
+"description": "Information about the [Google Cloud Armor security policy](https://cloud.google.com/armor/docs/security-policy-overview) relevant to the finding."
+},
+"threatVector": {
+"description": "Distinguish between volumetric & protocol DDoS attack and application layer attacks. For example, \u201cL3_4\u201d for Layer 3 and Layer 4 DDoS attacks, or \u201cL_7\u201d for Layer 7 DDoS attacks.",
+"type": "string"
+}
+},
+"type": "object"
+},
"GoogleCloudSecuritycenterV2CloudDlpDataProfile": {
"description": "The [data profile](https://cloud.google.com/dlp/docs/data-profiles) associated with the finding.",
"id": "GoogleCloudSecuritycenterV2CloudDlpDataProfile",
@@ -4942,6 +5309,10 @@
"description": "Immutable. The additional taxonomy group within findings from a given source. Example: \"XSS_FLASH_INJECTION\"",
"type": "string"
},
+"cloudArmor": {
+"$ref": "GoogleCloudSecuritycenterV2CloudArmor",
+"description": "Fields related to Cloud Armor findings."
+},
"cloudDlpDataProfile": {
"$ref": "GoogleCloudSecuritycenterV2CloudDlpDataProfile",
"description": "Cloud DLP data profile that is associated with the finding."
@@ -5118,6 +5489,10 @@
"description": "Steps to address the finding.",
"type": "string"
},
+"notebook": {
+"$ref": "GoogleCloudSecuritycenterV2Notebook",
+"description": "Notebook associated with the finding."
+},
"orgPolicies": {
"description": "Contains information about the org policies associated with the finding.",
"items": {
@@ -5201,6 +5576,21 @@
},
"type": "object"
},
+"GoogleCloudSecuritycenterV2Folder": {
+"description": "Message that contains the resource name and display name of a folder resource.",
+"id": "GoogleCloudSecuritycenterV2Folder",
+"properties": {
+"resourceFolder": {
+"description": "Full resource name of this folder. See: https://cloud.google.com/apis/design/resource_names#full_resource_name",
+"type": "string"
+},
+"resourceFolderDisplayName": {
+"description": "The user defined display name for this folder.",
+"type": "string"
+}
+},
+"type": "object"
+},
"GoogleCloudSecuritycenterV2Geolocation": {
"description": "Represents a geographical location for a given access.",
"id": "GoogleCloudSecuritycenterV2Geolocation",
@@ -5488,6 +5878,7 @@
"PROCESS_DISCOVERY",
"COMMAND_AND_SCRIPTING_INTERPRETER",
"UNIX_SHELL",
+"PYTHON",
"PERMISSION_GROUPS_DISCOVERY",
"CLOUD_GROUPS",
"APPLICATION_LAYER_PROTOCOL",
@@ -5549,6 +5940,7 @@
"T1057",
"T1059",
"T1059.004",
+"T1059.006",
"T1069",
"T1069.003",
"T1071",
@@ -5655,6 +6047,7 @@
"PROCESS_DISCOVERY",
"COMMAND_AND_SCRIPTING_INTERPRETER",
"UNIX_SHELL",
+"PYTHON",
"PERMISSION_GROUPS_DISCOVERY",
"CLOUD_GROUPS",
"APPLICATION_LAYER_PROTOCOL",
@@ -5716,6 +6109,7 @@
"T1057",
"T1059",
"T1059.004",
+"T1059.006",
"T1069",
"T1069.003",
"T1071",
@@ -5855,6 +6249,30 @@
},
"type": "object"
},
+"GoogleCloudSecuritycenterV2Notebook": {
+"description": "Represents a Jupyter notebook IPYNB file, such as a [Colab Enterprise notebook](https://cloud.google.com/colab/docs/introduction) file, that is associated with a finding.",
+"id": "GoogleCloudSecuritycenterV2Notebook",
+"properties": {
+"lastAuthor": {
+"description": "The user ID of the latest author to modify the notebook.",
+"type": "string"
+},
+"name": {
+"description": "The name of the notebook.",
+"type": "string"
+},
+"notebookUpdateTime": {
+"description": "The most recent time the notebook was updated.",
+"format": "google-datetime",
+"type": "string"
+},
+"service": {
+"description": "The source notebook service, for example, \"Colab Enterprise\".",
+"type": "string"
+}
+},
+"type": "object"
+},
"GoogleCloudSecuritycenterV2NotificationMessage": {
"description": "Cloud SCC's Notification",
"id": "GoogleCloudSecuritycenterV2NotificationMessage",
@@ -6088,18 +6506,85 @@
},
"type": "object"
},
+"GoogleCloudSecuritycenterV2Requests": {
+"description": "Information about the requests relevant to the finding.",
+"id": "GoogleCloudSecuritycenterV2Requests",
+"properties": {
+"longTermAllowed": {
+"description": "Allowed RPS (requests per second) over the long term.",
+"format": "int32",
+"type": "integer"
+},
+"longTermDenied": {
+"description": "Denied RPS (requests per second) over the long term.",
+"format": "int32",
+"type": "integer"
+},
+"ratio": {
+"description": "For 'Increasing deny ratio', the ratio is the denied traffic divided by the allowed traffic. For 'Allowed traffic spike', the ratio is the allowed traffic in the short term divided by allowed traffic in the long term.",
+"format": "double",
+"type": "number"
+},
+"shortTermAllowed": {
+"description": "Allowed RPS (requests per second) in the short term.",
+"format": "int32",
+"type": "integer"
+}
+},
+"type": "object"
+},
"GoogleCloudSecuritycenterV2Resource": {
"description": "Information related to the Google Cloud resource.",
"id": "GoogleCloudSecuritycenterV2Resource",
"properties": {
+"awsMetadata": {
+"$ref": "GoogleCloudSecuritycenterV2AwsMetadata",
+"description": "The AWS metadata associated with the finding."
+},
+"cloudProvider": {
+"description": "Indicates which cloud provider the finding is from.",
+"enum": [
+"CLOUD_PROVIDER_UNSPECIFIED",
+"GOOGLE_CLOUD_PLATFORM",
+"AMAZON_WEB_SERVICES",
+"MICROSOFT_AZURE"
+],
+"enumDescriptions": [
+"The cloud provider is unspecified.",
+"The cloud provider is Google Cloud Platform.",
+"The cloud provider is Amazon Web Services.",
+"The cloud provider is Microsoft Azure."
+],
+"type": "string"
+},
"displayName": {
"description": "The human readable name of the resource.",
"type": "string"
},
+"gcpMetadata": {
+"$ref": "GcpMetadata",
+"description": "The GCP metadata associated with the finding."
+},
+"location": {
+"description": "The region or location of the service (if applicable).",
+"type": "string"
+},
"name": {
"description": "The full resource name of the resource. See: https://cloud.google.com/apis/design/resource_names#full_resource_name",
"type": "string"
},
+"resourcePath": {
+"$ref": "GoogleCloudSecuritycenterV2ResourcePath",
+"description": "Provides the path to the resource within the resource hierarchy."
+},
+"resourcePathString": {
+"description": "A string representation of the resource path. For GCP, it has the format of: organizations/{organization_id}/folders/{folder_id}/folders/{folder_id}/projects/{project_id} where there can be any number of folders. For AWS, it has the format of: org/{organization_id}/ou/{organizational_unit_id}/ou/{organizational_unit_id}/account/{account_id} where there can be any number of organizational units. For Azure, it has the format of: mg/{management_group_id}/mg/{management_group_id}/subscription/{subscription_id}/rg/{resource_group_name} where there can be any number of management groups.",
+"type": "string"
+},
+"service": {
+"description": "The service or resource provider associated with the resource.",
+"type": "string"
+},
"type": {
"description": "The full resource type of the resource.",
"type": "string"
@@ -6107,10 +6592,83 @@
},
"type": "object"
},
+"GoogleCloudSecuritycenterV2ResourcePath": {
+"description": "Represents the path of resources leading up to the resource this finding is about.",
+"id": "GoogleCloudSecuritycenterV2ResourcePath",
+"properties": {
+"nodes": {
+"description": "The list of nodes that make the up resource path, ordered from lowest level to highest level.",
+"items": {
+"$ref": "GoogleCloudSecuritycenterV2ResourcePathNode"
+},
+"type": "array"
+}
+},
+"type": "object"
+},
+"GoogleCloudSecuritycenterV2ResourcePathNode": {
+"description": "A node within the resource path. Each node represents a resource within the resource hierarchy.",
+"id": "GoogleCloudSecuritycenterV2ResourcePathNode",
+"properties": {
+"displayName": {
+"description": "The display name of the resource this node represents.",
+"type": "string"
+},
+"id": {
+"description": "The ID of the resource this node represents.",
+"type": "string"
+},
+"nodeType": {
+"description": "The type of resource this node represents.",
+"enum": [
+"RESOURCE_PATH_NODE_TYPE_UNSPECIFIED",
+"GCP_ORGANIZATION",
+"GCP_FOLDER",
+"GCP_PROJECT",
+"AWS_ORGANIZATION",
+"AWS_ORGANIZATIONAL_UNIT",
+"AWS_ACCOUNT",
+"AZURE_MANAGEMENT_GROUP",
+"AZURE_SUBSCRIPTION",
+"AZURE_RESOURCE_GROUP"
+],
+"enumDescriptions": [
+"Node type is unspecified.",
+"The node represents a GCP organization.",
+"The node represents a GCP folder.",
+"The node represents a GCP project.",
+"The node represents an AWS organization.",
+"The node represents an AWS organizational unit.",
+"The node represents an AWS account.",
+"The node represents an Azure management group.",
+"The node represents an Azure subscription.",
+"The node represents an Azure resource group."
+],
+"type": "string"
+}
+},
+"type": "object"
+},
"GoogleCloudSecuritycenterV2ResourceValueConfig": {
"description": "A resource value config (RVC) is a mapping configuration of user's resources to resource values. Used in Attack path simulations.",
"id": "GoogleCloudSecuritycenterV2ResourceValueConfig",
"properties": {
+"cloudProvider": {
+"description": "Cloud provider this configuration applies to",
+"enum": [
+"CLOUD_PROVIDER_UNSPECIFIED",
+"GOOGLE_CLOUD_PLATFORM",
+"AMAZON_WEB_SERVICES",
+"MICROSOFT_AZURE"
+],
+"enumDescriptions": [
+"The cloud provider is unspecified.",
+"The cloud provider is Google Cloud Platform.",
+"The cloud provider is Amazon Web Services.",
+"The cloud provider is Microsoft Azure."
+],
+"type": "string"
+},
"createTime": {
"description": "Output only. Timestamp this resource value config was created.",
"format": "google-datetime",
@@ -6232,7 +6790,7 @@
"id": "GoogleCloudSecuritycenterV2SecurityMarks",
"properties": {
"canonicalName": {
-"description": "The canonical name of the marks. The following list shows some examples: + `organizations/{organization_id}/assets/{asset_id}/securityMarks\" + `organizations/{organization_id}/sources/{source_id}/findings/{finding_id}/securityMarks\" + `organizations/{organization_id}/sources/{source_id}/locations/{location}/findings/{finding_id}/securityMarks\" + `folders/{folder_id}/assets/{asset_id}/securityMarks\" + `folders/{folder_id}/sources/{source_id}/findings/{finding_id}/securityMarks\" + `folders/{folder_id}/sources/{source_id}/locations/{location}/findings/{finding_id}/securityMarks\" + `projects/{project_number}/assets/{asset_id}/securityMarks\" + `projects/{project_number}/sources/{source_id}/findings/{finding_id}/securityMarks\" + `projects/{project_number}/sources/{source_id}/locations/{location}/findings/{finding_id}/securityMarks\"",
+"description": "The canonical name of the marks. The following list shows some examples: + `organizations/{organization_id}/assets/{asset_id}/securityMarks` + `organizations/{organization_id}/sources/{source_id}/findings/{finding_id}/securityMarks` + `organizations/{organization_id}/sources/{source_id}/locations/{location}/findings/{finding_id}/securityMarks` + `folders/{folder_id}/assets/{asset_id}/securityMarks` + `folders/{folder_id}/sources/{source_id}/findings/{finding_id}/securityMarks` + `folders/{folder_id}/sources/{source_id}/locations/{location}/findings/{finding_id}/securityMarks` + `projects/{project_number}/assets/{asset_id}/securityMarks` + `projects/{project_number}/sources/{source_id}/findings/{finding_id}/securityMarks` + `projects/{project_number}/sources/{source_id}/locations/{location}/findings/{finding_id}/securityMarks`",
"type": "string"
},
"marks": {
@@ -6249,6 +6807,25 @@
},
"type": "object"
},
+"GoogleCloudSecuritycenterV2SecurityPolicy": {
+"description": "Information about the [Google Cloud Armor security policy](https://cloud.google.com/armor/docs/security-policy-overview) relevant to the finding.",
+"id": "GoogleCloudSecuritycenterV2SecurityPolicy",
+"properties": {
+"name": {
+"description": "The name of the Google Cloud Armor security policy, for example, \"my-security-policy\".",
+"type": "string"
+},
+"preview": {
+"description": "Whether or not the associated rule or policy is in preview mode.",
+"type": "boolean"
+},
+"type": {
+"description": "The type of Google Cloud Armor security policy for example, \u2018backend security policy\u2019, \u2018edge security policy\u2019, \u2018network edge security policy\u2019, or \u2018always-on DDoS protection\u2019.",
+"type": "string"
+}
+},
+"type": "object"
+},
"GoogleCloudSecuritycenterV2SecurityPosture": {
"description": "Represents a posture that is deployed on Google Cloud by the Security Command Center Posture Management service. A posture contains one or more policy sets. A policy set is a group of policies that enforce a set of security rules on Google Cloud.",
"id": "GoogleCloudSecuritycenterV2SecurityPosture",
@@ -6722,6 +7299,7 @@
"PROCESS_DISCOVERY",
"COMMAND_AND_SCRIPTING_INTERPRETER",
"UNIX_SHELL",
+"PYTHON",
"PERMISSION_GROUPS_DISCOVERY",
"CLOUD_GROUPS",
"APPLICATION_LAYER_PROTOCOL",
@@ -6783,6 +7361,7 @@
"T1057",
"T1059",
"T1059.004",
+"T1059.006",
"T1069",
"T1069.003",
"T1071",
@@ -6889,6 +7468,7 @@
"PROCESS_DISCOVERY",
"COMMAND_AND_SCRIPTING_INTERPRETER",
"UNIX_SHELL",
+"PYTHON",
"PERMISSION_GROUPS_DISCOVERY",
"CLOUD_GROUPS",
"APPLICATION_LAYER_PROTOCOL",
@@ -6950,6 +7530,7 @@
"T1057",
"T1059",
"T1059.004",
+"T1059.006",
"T1069",
"T1069.003",
"T1071",
@@ -7041,6 +7622,30 @@
},
"type": "object"
},
+"Notebook": {
+"description": "Represents a Jupyter notebook IPYNB file, such as a [Colab Enterprise notebook](https://cloud.google.com/colab/docs/introduction) file, that is associated with a finding.",
+"id": "Notebook",
+"properties": {
+"lastAuthor": {
+"description": "The user ID of the latest author to modify the notebook.",
+"type": "string"
+},
+"name": {
+"description": "The name of the notebook.",
+"type": "string"
+},
+"notebookUpdateTime": {
+"description": "The most recent time the notebook was updated.",
+"format": "google-datetime",
+"type": "string"
+},
+"service": {
+"description": "The source notebook service, for example, \"Colab Enterprise\".",
+"type": "string"
+}
+},
+"type": "object"
+},
"Object": {
"description": "Kubernetes object related to the finding, uniquely identified by GKNN. Used if the object Kind is not one of Pod, Node, NodePool, Binding, or AccessReview.",
"id": "Object",
@@ -7295,6 +7900,90 @@
},
"type": "object"
},
+"Requests": {
+"description": "Information about the requests relevant to the finding.",
+"id": "Requests",
+"properties": {
+"longTermAllowed": {
+"description": "Allowed RPS (requests per second) over the long term.",
+"format": "int32",
+"type": "integer"
+},
+"longTermDenied": {
+"description": "Denied RPS (requests per second) over the long term.",
+"format": "int32",
+"type": "integer"
+},
+"ratio": {
+"description": "For 'Increasing deny ratio', the ratio is the denied traffic divided by the allowed traffic. For 'Allowed traffic spike', the ratio is the allowed traffic in the short term divided by allowed traffic in the long term.",
+"format": "double",
+"type": "number"
+},
+"shortTermAllowed": {
+"description": "Allowed RPS (requests per second) in the short term.",
+"format": "int32",
+"type": "integer"
+}
+},
+"type": "object"
+},
+"ResourcePath": {
+"description": "Represents the path of resources leading up to the resource this finding is about.",
+"id": "ResourcePath",
+"properties": {
+"nodes": {
+"description": "The list of nodes that make the up resource path, ordered from lowest level to highest level.",
+"items": {
+"$ref": "ResourcePathNode"
+},
+"type": "array"
+}
+},
+"type": "object"
+},
+"ResourcePathNode": {
+"description": "A node within the resource path. Each node represents a resource within the resource hierarchy.",
+"id": "ResourcePathNode",
+"properties": {
+"displayName": {
+"description": "The display name of the resource this node represents.",
+"type": "string"
+},
+"id": {
+"description": "The ID of the resource this node represents.",
+"type": "string"
+},
+"nodeType": {
+"description": "The type of resource this node represents.",
+"enum": [
+"RESOURCE_PATH_NODE_TYPE_UNSPECIFIED",
+"GCP_ORGANIZATION",
+"GCP_FOLDER",
+"GCP_PROJECT",
+"AWS_ORGANIZATION",
+"AWS_ORGANIZATIONAL_UNIT",
+"AWS_ACCOUNT",
+"AZURE_MANAGEMENT_GROUP",
+"AZURE_SUBSCRIPTION",
+"AZURE_RESOURCE_GROUP"
+],
+"enumDescriptions": [
+"Node type is unspecified.",
+"The node represents a GCP organization.",
+"The node represents a GCP folder.",
+"The node represents a GCP project.",
+"The node represents an AWS organization.",
+"The node represents an AWS organizational unit.",
+"The node represents an AWS account.",
+"The node represents an Azure management group.",
+"The node represents an Azure subscription.",
+"The node represents an Azure resource group."
+],
+"type": "string"
+}
+},
+"type": "object"
+},
"Role": {
"description": "Kubernetes Role or ClusterRole.",
"id": "Role",
@@ -7437,6 +8126,25 @@
},
"type": "object"
},
+"SecurityPolicy": {
+"description": "Information about the [Google Cloud Armor security policy](https://cloud.google.com/armor/docs/security-policy-overview) relevant to the finding.",
+"id": "SecurityPolicy",
+"properties": {
+"name": {
+"description": "The name of the Google Cloud Armor security policy, for example, \"my-security-policy\".",
+"type": "string"
+},
+"preview": {
+"description": "Whether or not the associated rule or policy is in preview mode.",
+"type": "boolean"
+},
+"type": {
+"description": "The type of Google Cloud Armor security policy for example, \u2018backend security policy\u2019, \u2018edge security policy\u2019, \u2018network edge security policy\u2019, or \u2018always-on DDoS protection\u2019.",
+"type": "string"
+}
+},
+"type": "object"
+},
"SecurityPosture": {
"description": "Represents a posture that is deployed on Google Cloud by the Security Command Center Posture Management service. A posture contains one or more policy sets. A policy set is a group of policies that enforce a set of security rules on Google Cloud.",
"id": "SecurityPosture",
@@ -7658,6 +8366,57 @@
},
"type": "object"
},
+"VulnerabilityCountBySeverity": {
+"description": "Vulnerability count by severity.",
+"id": "VulnerabilityCountBySeverity",
+"properties": {
+"severityToFindingCount": {
+"additionalProperties": {
+"format": "int64",
+"type": "string"
+},
+"description": "Key is the Severity enum.",
+"type": "object"
+}
+},
+"type": "object"
+},
+"VulnerabilitySnapshot": {
+"description": "Result containing the properties and count of a VulnerabilitySnapshot request.",
+"id": "VulnerabilitySnapshot",
+"properties": {
+"cloudProvider": {
+"description": "The cloud provider for the vulnerability snapshot.",
+"enum": [
+"CLOUD_PROVIDER_UNSPECIFIED",
+"GOOGLE_CLOUD_PLATFORM",
+"AMAZON_WEB_SERVICES",
+"MICROSOFT_AZURE"
+],
+"enumDescriptions": [
+"The cloud provider is unspecified.",
+"The cloud provider is Google Cloud Platform.",
+"The cloud provider is Amazon Web Services.",
+"The cloud provider is Microsoft Azure."
+],
+"type": "string"
+},
+"findingCount": {
+"$ref": "VulnerabilityCountBySeverity",
+"description": "The vulnerability count by severity."
+},
+"name": {
+"description": "Identifier. The vulnerability snapshot name. Format: //locations//vulnerabilitySnapshots/",
+"type": "string"
+},
+"snapshotTime": {
+"description": "The time that the snapshot was taken.",
+"format": "google-datetime",
+"type": "string"
+}
+},
+"type": "object"
+},
"WebSecurityScannerSettings": {
"description": "Resource capturing the settings for the Web Security Scanner service.",
"id": "WebSecurityScannerSettings",