public sealed class Finding : IMessage<Finding>, IEquatable<Finding>, IDeepCloneable<Finding>, IBufferMessage, IMessage
Reference documentation and code samples for the Google Cloud Security Command Center v1 API class Finding.
Security Command Center finding.
A finding is a record of assessment data like security, risk, health, or privacy, that is ingested into Security Command Center for presentation, notification, analysis, policy testing, and enforcement. For example, a cross-site scripting (XSS) vulnerability in an App Engine application is a finding.
Namespace
Google.Cloud.SecurityCenter.V1Assembly
Google.Cloud.SecurityCenter.V1.dll
Constructors
Finding()
public Finding()
Finding(Finding)
public Finding(Finding other)
Parameter | |
---|---|
Name | Description |
other | Finding |
Properties
Access
public Access Access { get; set; }
Access details associated with the finding, such as more information on the caller, which method was accessed, and from where.
Property Value | |
---|---|
Type | Description |
Access |
Application
public Application Application { get; set; }
Represents an application associated with the finding.
Property Value | |
---|---|
Type | Description |
Application |
BackupDisasterRecovery
public BackupDisasterRecovery BackupDisasterRecovery { get; set; }
Fields related to Backup and DR findings.
Property Value | |
---|---|
Type | Description |
BackupDisasterRecovery |
CanonicalName
public string CanonicalName { get; set; }
The canonical name of the finding. It's either "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}", "folders/{folder_id}/sources/{source_id}/findings/{finding_id}" or "projects/{project_number}/sources/{source_id}/findings/{finding_id}", depending on the closest CRM ancestor of the resource associated with the finding.
Property Value | |
---|---|
Type | Description |
string |
Category
public string Category { get; set; }
The additional taxonomy group within findings from a given source. This field is immutable after creation time. Example: "XSS_FLASH_INJECTION"
Property Value | |
---|---|
Type | Description |
string |
CloudDlpDataProfile
public CloudDlpDataProfile CloudDlpDataProfile { get; set; }
Cloud DLP data profile that is associated with the finding.
Property Value | |
---|---|
Type | Description |
CloudDlpDataProfile |
CloudDlpInspection
public CloudDlpInspection CloudDlpInspection { get; set; }
Cloud Data Loss Prevention (Cloud DLP) inspection results that are associated with the finding.
Property Value | |
---|---|
Type | Description |
CloudDlpInspection |
Compliances
public RepeatedField<Compliance> Compliances { get; }
Contains compliance information for security standards associated to the finding.
Property Value | |
---|---|
Type | Description |
RepeatedFieldCompliance |
Connections
public RepeatedField<Connection> Connections { get; }
Contains information about the IP connection associated with the finding.
Property Value | |
---|---|
Type | Description |
RepeatedFieldConnection |
Contacts
public MapField<string, ContactDetails> Contacts { get; }
Output only. Map containing the points of contact for the given finding. The key represents the type of contact, while the value contains a list of all the contacts that pertain. Please refer to: https://cloud.google.com/resource-manager/docs/managing-notification-contacts#notification-categories
{
"security": {
"contacts": [
{
"email": "person1@company.com"
},
{
"email": "person2@company.com"
}
]
}
}
Property Value | |
---|---|
Type | Description |
MapFieldstringContactDetails |
Containers
public RepeatedField<Container> Containers { get; }
Containers associated with the finding. This field provides information for both Kubernetes and non-Kubernetes containers.
Property Value | |
---|---|
Type | Description |
RepeatedFieldContainer |
CreateTime
public Timestamp CreateTime { get; set; }
The time at which the finding was created in Security Command Center.
Property Value | |
---|---|
Type | Description |
Timestamp |
Database
public Database Database { get; set; }
Database associated with the finding.
Property Value | |
---|---|
Type | Description |
Database |
Description
public string Description { get; set; }
Contains more details about the finding.
Property Value | |
---|---|
Type | Description |
string |
EventTime
public Timestamp EventTime { get; set; }
The time the finding was first detected. If an existing finding is updated, then this is the time the update occurred. For example, if the finding represents an open firewall, this property captures the time the detector believes the firewall became open. The accuracy is determined by the detector. If the finding is later resolved, then this time reflects when the finding was resolved. This must not be set to a value greater than the current timestamp.
Property Value | |
---|---|
Type | Description |
Timestamp |
Exfiltration
public Exfiltration Exfiltration { get; set; }
Represents exfiltrations associated with the finding.
Property Value | |
---|---|
Type | Description |
Exfiltration |
ExternalSystems
public MapField<string, ExternalSystem> ExternalSystems { get; }
Output only. Third party SIEM/SOAR fields within SCC, contains external system information and external system finding fields.
Property Value | |
---|---|
Type | Description |
MapFieldstringExternalSystem |
ExternalUri
public string ExternalUri { get; set; }
The URI that, if available, points to a web page outside of Security Command Center where additional information about the finding can be found. This field is guaranteed to be either empty or a well formed URL.
Property Value | |
---|---|
Type | Description |
string |
Files
public RepeatedField<File> Files { get; }
File associated with the finding.
Property Value | |
---|---|
Type | Description |
RepeatedFieldFile |
FindingClass
public Finding.Types.FindingClass FindingClass { get; set; }
The class of the finding.
Property Value | |
---|---|
Type | Description |
FindingTypesFindingClass |
FindingName
public FindingName FindingName { get; set; }
FindingName-typed view over the Name resource name property.
Property Value | |
---|---|
Type | Description |
FindingName |
IamBindings
public RepeatedField<IamBinding> IamBindings { get; }
Represents IAM bindings associated with the finding.
Property Value | |
---|---|
Type | Description |
RepeatedFieldIamBinding |
Indicator
public Indicator Indicator { get; set; }
Represents what's commonly known as an indicator of compromise (IoC) in computer forensics. This is an artifact observed on a network or in an operating system that, with high confidence, indicates a computer intrusion. For more information, see Indicator of compromise.
Property Value | |
---|---|
Type | Description |
Indicator |
KernelRootkit
public KernelRootkit KernelRootkit { get; set; }
Signature of the kernel rootkit.
Property Value | |
---|---|
Type | Description |
KernelRootkit |
Kubernetes
public Kubernetes Kubernetes { get; set; }
Kubernetes resources associated with the finding.
Property Value | |
---|---|
Type | Description |
Kubernetes |
LoadBalancers
public RepeatedField<LoadBalancer> LoadBalancers { get; }
The load balancers associated with the finding.
Property Value | |
---|---|
Type | Description |
RepeatedFieldLoadBalancer |
LogEntries
public RepeatedField<LogEntry> LogEntries { get; }
Log entries that are relevant to the finding.
Property Value | |
---|---|
Type | Description |
RepeatedFieldLogEntry |
MitreAttack
public MitreAttack MitreAttack { get; set; }
MITRE ATT&CK tactics and techniques related to this finding. See: https://attack.mitre.org
Property Value | |
---|---|
Type | Description |
MitreAttack |
ModuleName
public string ModuleName { get; set; }
Unique identifier of the module which generated the finding. Example: folders/598186756061/securityHealthAnalyticsSettings/customModules/56799441161885
Property Value | |
---|---|
Type | Description |
string |
Mute
public Finding.Types.Mute Mute { get; set; }
Indicates the mute state of a finding (either muted, unmuted or undefined). Unlike other attributes of a finding, a finding provider shouldn't set the value of mute.
Property Value | |
---|---|
Type | Description |
FindingTypesMute |
MuteInitiator
public string MuteInitiator { get; set; }
Records additional information about the mute operation, for example, the mute configuration that muted the finding and the user who muted the finding.
Property Value | |
---|---|
Type | Description |
string |
MuteUpdateTime
public Timestamp MuteUpdateTime { get; set; }
Output only. The most recent time this finding was muted or unmuted.
Property Value | |
---|---|
Type | Description |
Timestamp |
Name
public string Name { get; set; }
The relative resource name of the finding. Example: "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}", "folders/{folder_id}/sources/{source_id}/findings/{finding_id}", "projects/{project_id}/sources/{source_id}/findings/{finding_id}".
Property Value | |
---|---|
Type | Description |
string |
NextSteps
public string NextSteps { get; set; }
Steps to address the finding.
Property Value | |
---|---|
Type | Description |
string |
Notebook
public Notebook Notebook { get; set; }
Notebook associated with the finding.
Property Value | |
---|---|
Type | Description |
Notebook |
OrgPolicies
public RepeatedField<OrgPolicy> OrgPolicies { get; }
Contains information about the org policies associated with the finding.
Property Value | |
---|---|
Type | Description |
RepeatedFieldOrgPolicy |
Parent
public string Parent { get; set; }
The relative resource name of the source the finding belongs to. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name This field is immutable after creation time. For example: "organizations/{organization_id}/sources/{source_id}"
Property Value | |
---|---|
Type | Description |
string |
ParentDisplayName
public string ParentDisplayName { get; set; }
Output only. The human readable display name of the finding source such as "Event Threat Detection" or "Security Health Analytics".
Property Value | |
---|---|
Type | Description |
string |
Processes
public RepeatedField<Process> Processes { get; }
Represents operating system processes associated with the Finding.
Property Value | |
---|---|
Type | Description |
RepeatedFieldProcess |
ResourceName
public string ResourceName { get; set; }
For findings on Google Cloud resources, the full resource name of the Google Cloud resource this finding is for. See: https://cloud.google.com/apis/design/resource_names#full_resource_name When the finding is for a non-Google Cloud resource, the resourceName can be a customer or partner defined string. This field is immutable after creation time.
Property Value | |
---|---|
Type | Description |
string |
SecurityMarks
public SecurityMarks SecurityMarks { get; set; }
Output only. User specified security marks. These marks are entirely managed by the user and come from the SecurityMarks resource that belongs to the finding.
Property Value | |
---|---|
Type | Description |
SecurityMarks |
SecurityPosture
public SecurityPosture SecurityPosture { get; set; }
The security posture associated with the finding.
Property Value | |
---|---|
Type | Description |
SecurityPosture |
Severity
public Finding.Types.Severity Severity { get; set; }
The severity of the finding. This field is managed by the source that writes the finding.
Property Value | |
---|---|
Type | Description |
FindingTypesSeverity |
SourceProperties
public MapField<string, Value> SourceProperties { get; }
Source specific properties. These properties are managed by the source that writes the finding. The key names in the source_properties map must be between 1 and 255 characters, and must start with a letter and contain alphanumeric characters or underscores only.
Property Value | |
---|---|
Type | Description |
MapFieldstringValue |
State
public Finding.Types.State State { get; set; }
The state of the finding.
Property Value | |
---|---|
Type | Description |
FindingTypesState |
Vulnerability
public Vulnerability Vulnerability { get; set; }
Represents vulnerability-specific fields like CVE and CVSS scores. CVE stands for Common Vulnerabilities and Exposures (https://cve.mitre.org/about/)
Property Value | |
---|---|
Type | Description |
Vulnerability |