Security Command Center v2 API - Class GroupFindingsRequest (1.0.0-beta01)

public sealed class GroupFindingsRequest : IPageRequest, IMessage<GroupFindingsRequest>, IEquatable<GroupFindingsRequest>, IDeepCloneable<GroupFindingsRequest>, IBufferMessage, IMessage

Reference documentation and code samples for the Security Command Center v2 API class GroupFindingsRequest.

Request message for grouping by findings.

Inheritance

object > GroupFindingsRequest

Namespace

Google.Cloud.SecurityCenter.V2

Assembly

Google.Cloud.SecurityCenter.V2.dll

Constructors

GroupFindingsRequest()

public GroupFindingsRequest()

GroupFindingsRequest(GroupFindingsRequest)

public GroupFindingsRequest(GroupFindingsRequest other)
Parameter
NameDescription
otherGroupFindingsRequest

Properties

Filter

public string Filter { get; set; }

Expression that defines the filter to apply across findings. The expression is a list of one or more restrictions combined via logical operators AND and OR. Parentheses are supported, and OR has higher precedence than AND.

Restrictions have the form <field> <operator> <value> and may have a - character in front of them to indicate negation. Examples include:

  • name
  • security_marks.marks.marka

The supported operators are:

  • = for all value types.
  • >, <, >=, <= for integer values.
  • :, meaning substring matching, for strings.

The supported value types are:

  • string literals in quotes.
  • integer literals without quotes.
  • boolean literals true and false without quotes.

The following field and operator combinations are supported:

  • name: =
  • parent: =, :
  • resource_name: =, :
  • state: =, :
  • category: =, :
  • external_uri: =, :
  • event_time: =, >, <, >=, <=

    Usage: This should be milliseconds since epoch or an RFC3339 string. Examples: event_time = "2019-06-10T16:07:18-07:00" event_time = 1560208038000

  • severity: =, :

  • security_marks.marks: =, :
  • resource:
    • resource.name: =, :
    • resource.parent_name: =, :
    • resource.parent_display_name: =, :
    • resource.project_name: =, :
    • resource.project_display_name: =, :
    • resource.type: =, :
Property Value
TypeDescription
string

GroupBy

public string GroupBy { get; set; }

Required. Expression that defines what assets fields to use for grouping. The string value should follow SQL syntax: comma separated list of fields. For example: "parent,resource_name".

The following fields are supported:

  • resource_name
  • category
  • state
  • parent
  • severity
Property Value
TypeDescription
string

PageSize

public int PageSize { get; set; }

The maximum number of results to return in a single response. Default is 10, minimum is 1, maximum is 1000.

Property Value
TypeDescription
int

PageToken

public string PageToken { get; set; }

The value returned by the last GroupFindingsResponse; indicates that this is a continuation of a prior GroupFindings call, and that the system should return the next page of data.

Property Value
TypeDescription
string

Parent

public string Parent { get; set; }

Required. Name of the source to groupBy. If no location is specified, finding is assumed to be in global. The following list shows some examples:

  • organizations/[organization_id]/sources/[source_id] + organizations/[organization_id]/sources/[source_id]/locations/[location_id]
  • folders/[folder_id]/sources/[source_id]
  • folders/[folder_id]/sources/[source_id]/locations/[location_id]
  • projects/[project_id]/sources/[source_id]
  • projects/[project_id]/sources/[source_id]/locations/[location_id]

To groupBy across all sources provide a source_id of -. The following list shows some examples:

  • organizations/{organization_id}/sources/-
  • organizations/{organization_id}/sources/-/locations/[location_id]
  • folders/{folder_id}/sources/-
  • folders/{folder_id}/sources/-/locations/[location_id]
  • projects/{project_id}/sources/-
  • projects/{project_id}/sources/-/locations/[location_id]
Property Value
TypeDescription
string

ParentAsSourceName

public SourceName ParentAsSourceName { get; set; }

SourceName-typed view over the Parent resource name property.

Property Value
TypeDescription
SourceName