Enumerations

InclusionMode

static

number

The mode of inclusion when running Asset Discovery. Asset discovery can be limited by explicitly identifying projects to be included or excluded. If INCLUDE_ONLY is set, then only those projects within the organization and their children are discovered during asset discovery. If EXCLUDE is set, then projects that don't match those projects are discovered during asset discovery. If neither are set, then all projects within the organization are discovered during asset discovery.

Value

INCLUSION_MODE_UNSPECIFIED

Unspecified. Setting the mode with this value will disable inclusion/exclusion filtering for Asset Discovery.

INCLUDE_ONLY

Asset Discovery will capture only the resources within the projects specified. All other resources will be ignored.

EXCLUDE

Asset Discovery will ignore all resources under the projects specified. All other resources will be retrieved.

State

static

number

The state of the finding.

Value

STATE_UNSPECIFIED

Unspecified state.

ACTIVE

The finding requires attention and has not been addressed yet.

INACTIVE

The finding has been fixed, triaged as a non-issue or otherwise addressed and is no longer active.

StateChange

static

number

The change in state of the asset.

When querying across two points in time this describes the change between the two points: ADDED, REMOVED, or ACTIVE. If there was no compare_duration supplied in the request the state change will be: UNUSED

Value

UNUSED

State change is unused, this is the canonical default for this enum.

ADDED

Asset was added between the points in time.

REMOVED

Asset was removed between the points in time.

ACTIVE

Asset was present at both point(s) in time.

StateChange

static

number

The change in state of the finding.

When querying across two points in time this describes the change in the finding between the two points: CHANGED, UNCHANGED, ADDED, or REMOVED. Findings can not be deleted, so REMOVED implies that the finding at timestamp does not match the filter specified, but it did at timestamp - compare_duration. If there was no compare_duration supplied in the request the state change will be: UNUSED

Value

UNUSED

State change is unused, this is the canonical default for this enum.

CHANGED

The finding has changed state in some way between the points in time and existed at both points.

UNCHANGED

The finding has not changed state between the points in time and existed at both points.

ADDED

The finding was created between the points in time.

REMOVED

The finding at timestamp does not match the filter specified, but it did at timestamp - compare_duration.

Properties

InclusionMode

static

number

The mode of inclusion when running Asset Discovery. Asset discovery can be limited by explicitly identifying projects to be included or excluded. If INCLUDE_ONLY is set, then only those projects within the organization and their children are discovered during asset discovery. If EXCLUDE is set, then projects that don't match those projects are discovered during asset discovery. If neither are set, then all projects within the organization are discovered during asset discovery.

Value

INCLUSION_MODE_UNSPECIFIED

Unspecified. Setting the mode with this value will disable inclusion/exclusion filtering for Asset Discovery.

INCLUDE_ONLY

Asset Discovery will capture only the resources within the projects specified. All other resources will be ignored.

EXCLUDE

Asset Discovery will ignore all resources under the projects specified. All other resources will be retrieved.

State

static

number

The state of the finding.

Value

STATE_UNSPECIFIED

Unspecified state.

ACTIVE

The finding requires attention and has not been addressed yet.

INACTIVE

The finding has been fixed, triaged as a non-issue or otherwise addressed and is no longer active.

StateChange

static

number

The change in state of the asset.

When querying across two points in time this describes the change between the two points: ADDED, REMOVED, or ACTIVE. If there was no compare_duration supplied in the request the state change will be: UNUSED

Value

UNUSED

State change is unused, this is the canonical default for this enum.

ADDED

Asset was added between the points in time.

REMOVED

Asset was removed between the points in time.

ACTIVE

Asset was present at both point(s) in time.

StateChange

static

number

The change in state of the finding.

When querying across two points in time this describes the change in the finding between the two points: CHANGED, UNCHANGED, ADDED, or REMOVED. Findings can not be deleted, so REMOVED implies that the finding at timestamp does not match the filter specified, but it did at timestamp - compare_duration. If there was no compare_duration supplied in the request the state change will be: UNUSED

Value

UNUSED

State change is unused, this is the canonical default for this enum.

CHANGED

The finding has changed state in some way between the points in time and existed at both points.

UNCHANGED

The finding has not changed state between the points in time and existed at both points.

ADDED

The finding was created between the points in time.

REMOVED

The finding at timestamp does not match the filter specified, but it did at timestamp - compare_duration.

Abstract types

Asset

static

Cloud Security Command Center's (Cloud SCC) representation of a Google Cloud Platform (GCP) resource.

The Asset is a Cloud SCC resource that captures information about a single GCP resource. All modifications to an Asset are only within the context of Cloud SCC and don't affect the referenced GCP resource.

Properties

Parameter

name

string

The relative resource name of this asset. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name Example: "organizations/123/assets/456".

securityCenterProperties

Object

Cloud SCC managed properties. These properties are managed by Cloud SCC and cannot be modified by the user.

This object should have the same structure as SecurityCenterProperties

resourceProperties

Object with Object properties

Resource managed properties. These properties are managed and defined by the GCP resource and cannot be modified by the user.

securityMarks

Object

User specified security marks. These marks are entirely managed by the user and come from the SecurityMarks resource that belongs to the asset.

This object should have the same structure as SecurityMarks

createTime

Object

The time at which the asset was created in Cloud SCC.

This object should have the same structure as Timestamp

updateTime

Object

The time at which the asset was last updated, added, or deleted in Cloud SCC.

This object should have the same structure as Timestamp

iamPolicy

Object

IAM Policy information associated with the GCP resource described by the Cloud SCC asset. This information is managed and defined by the GCP resource and cannot be modified by the user.

This object should have the same structure as IamPolicy

See also

google.cloud.securitycenter.v1.Asset definition in proto format

AssetDiscoveryConfig

static

The configuration used for Asset Discovery runs.

Properties

Parameter

projectIds

Array of string

The project ids to use for filtering asset discovery.

inclusionMode

number

The mode to use for filtering asset discovery.

The number should be among the values of InclusionMode

See also

google.cloud.securitycenter.v1.OrganizationSettings.AssetDiscoveryConfig definition in proto format

CreateFindingRequest

static

Request message for creating a finding.

Properties

Parameter

parent

string

Resource name of the new finding's parent. Its format should be "organizations/[organization_id]/sources/[source_id]".

findingId

string

Unique identifier provided by the client within the parent scope. It must be alphanumeric and less than or equal to 32 characters and greater than 0 characters in length.

finding

Object

The Finding being created. The name and security_marks will be ignored as they are both output only fields on this resource.

This object should have the same structure as Finding

See also

google.cloud.securitycenter.v1.CreateFindingRequest definition in proto format

CreateSourceRequest

static

Request message for creating a source.

Properties

Parameter

parent

string

Resource name of the new source's parent. Its format should be "organizations/[organization_id]".

source

Object

The Source being created, only the display_name and description will be used. All other fields will be ignored.

This object should have the same structure as Source

See also

google.cloud.securitycenter.v1.CreateSourceRequest definition in proto format

Finding

static

Cloud Security Command Center (Cloud SCC) finding.

A finding is a record of assessment data (security, risk, health or privacy) ingested into Cloud SCC for presentation, notification, analysis, policy testing, and enforcement. For example, an XSS vulnerability in an App Engine application is a finding.

Properties

Parameter

name

string

The relative resource name of this finding. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name Example: "organizations/123/sources/456/findings/789"

parent

string

The relative resource name of the source the finding belongs to. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name This field is immutable after creation time. For example: "organizations/123/sources/456"

resourceName

string

The full resource name of the Google Cloud Platform (GCP) resource this finding is for. See: https://cloud.google.com/apis/design/resource_names#full_resource_name This field is immutable after creation time.

state

number

The state of the finding.

The number should be among the values of State

category

string

The additional taxonomy group within findings from a given source. This field is immutable after creation time. Example: "XSS_FLASH_INJECTION"

externalUri

string

The URI that, if available, points to a web page outside of Cloud SCC where additional information about the finding can be found. This field is guaranteed to be either empty or a well formed URL.

sourceProperties

Object with Object properties

Source specific properties. These properties are managed by the source that writes the finding. The key names in the source_properties map must be between 1 and 255 characters, and must start with a letter and contain alphanumeric characters or underscores only.

securityMarks

Object

Output only. User specified security marks. These marks are entirely managed by the user and come from the SecurityMarks resource that belongs to the finding.

This object should have the same structure as SecurityMarks

eventTime

Object

The time at which the event took place. For example, if the finding represents an open firewall it would capture the time the open firewall was detected.

This object should have the same structure as Timestamp

createTime

Object

The time at which the finding was created in Cloud SCC.

This object should have the same structure as Timestamp

See also

google.cloud.securitycenter.v1.Finding definition in proto format

GetOrganizationSettingsRequest

static

Request message for getting organization settings.

Property

Parameter

name

string

Name of the organization to get organization settings for. Its format is "organizations/[organization_id]/organizationSettings".

See also

google.cloud.securitycenter.v1.GetOrganizationSettingsRequest definition in proto format

GetSourceRequest

static

Request message for getting a source.

Property

Parameter

name

string

Relative resource name of the source. Its format is "organizations/[organization_id]/source/[source_id]".

See also

google.cloud.securitycenter.v1.GetSourceRequest definition in proto format

GroupAssetsRequest

static

Request message for grouping by assets.

Properties

Parameter

parent

string

Name of the organization to groupBy. Its format is "organizations/[organization_id]".

filter

string

Expression that defines the filter to apply across assets. The expression is a list of zero or more restrictions combined via logical operators AND and OR. Parentheses are supported, and OR has higher precedence than AND.

Restrictions have the form <field> <operator> <value> and may have a - character in front of them to indicate negation. The fields map to those defined in the Asset resource. Examples include:

  • name
  • security_center_properties.resource_name
  • resource_properties.a_property
  • security_marks.marks.marka

    The supported operators are:

  • = for all value types.

  • >, <, >=, <= for integer values.
  • :, meaning substring matching, for strings.

    The supported value types are:

  • string literals in quotes.

  • integer literals without quotes.
  • boolean literals true and false without quotes.

    For example, resource_properties.size = 100 is a valid filter string.

groupBy

string

Expression that defines what assets fields to use for grouping. The string value should follow SQL syntax: comma separated list of fields. For example: "security_center_properties.resource_project,security_center_properties.project".

The following fields are supported when compare_duration is not set:

  • security_center_properties.resource_project
  • security_center_properties.resource_type
  • security_center_properties.resource_parent

    The following fields are supported when compare_duration is set:

  • security_center_properties.resource_type

compareDuration

Object

When compare_duration is set, the GroupResult's "state_change" property is updated to indicate whether the asset was added, removed, or remained present during the compare_duration period of time that precedes the read_time. This is the time between (read_time - compare_duration) and read_time.

The state change value is derived based on the presence of the asset at the two points in time. Intermediate state changes between the two times don't affect the result. For example, the results aren't affected if the asset is removed and re-created again.

Possible "state_change" values when compare_duration is specified:

  • "ADDED": indicates that the asset was not present at the start of
             compare_duration, but present at reference_time.
  • "REMOVED": indicates that the asset was present at the start of
             compare_duration, but not present at reference_time.
  • "ACTIVE": indicates that the asset was present at both the

             start and the end of the time period defined by
             compare_duration and reference_time.

    If compare_duration is not specified, then the only possible state_change is "UNUSED", which will be the state_change set for all assets present at read_time.

    If this field is set then state_change must be a specified field in group_by.

    This object should have the same structure as Duration

readTime

Object

Time used as a reference point when filtering assets. The filter is limited to assets existing at the supplied time and their values are those at that specific time. Absence of this field will default to the API's version of NOW.

This object should have the same structure as Timestamp

having

string

Filter that specifies what fields to further filter on after the query filter has been executed. Currently only 'state_change' is supported and requires compare_duration to be specified.

pageToken

string

The value returned by the last GroupAssetsResponse; indicates that this is a continuation of a prior GroupAssets call, and that the system should return the next page of data.

pageSize

number

The maximum number of results to return in a single response. Default is 10, minimum is 1, maximum is 1000.

See also

google.cloud.securitycenter.v1.GroupAssetsRequest definition in proto format

GroupAssetsResponse

static

Response message for grouping by assets.

Properties

Parameter

groupByResults

Array of Object

Group results. There exists an element for each existing unique combination of property/values. The element contains a count for the number of times those specific property/values appear.

This object should have the same structure as GroupResult

readTime

Object

Time used for executing the groupBy request.

This object should have the same structure as Timestamp

nextPageToken

string

Token to retrieve the next page of results, or empty if there are no more results.

totalSize

number

The total number of results matching the query.

See also

google.cloud.securitycenter.v1.GroupAssetsResponse definition in proto format

GroupFindingsRequest

static

Request message for grouping by findings.

Properties

Parameter

parent

string

Name of the source to groupBy. Its format is "organizations/[organization_id]/sources/[source_id]". To groupBy across all sources provide a source_id of -. For example: organizations/123/sources/-

filter

string

Expression that defines the filter to apply across findings. The expression is a list of one or more restrictions combined via logical operators AND and OR. Parentheses are supported, and OR has higher precedence than AND.

Restrictions have the form <field> <operator> <value> and may have a - character in front of them to indicate negation. Examples include:

  • name
  • source_properties.a_property
  • security_marks.marks.marka

    The supported operators are:

    • = for all value types.
    • >, <, >=, <= for integer values.
    • :, meaning substring matching, for strings.

    The supported value types are:

    • string literals in quotes.
    • integer literals without quotes.
    • boolean literals true and false without quotes.

    For example, source_properties.size = 100 is a valid filter string.

groupBy

string

Expression that defines what assets fields to use for grouping (including state_change). The string value should follow SQL syntax: comma separated list of fields. For example: "parent,resource_name".

The following fields are supported:

  • resource_name
  • category
  • state
  • state_change
  • parent

readTime

Object

Time used as a reference point when filtering findings. The filter is limited to findings existing at the supplied time and their values are those at that specific time. Absence of this field will default to the API's version of NOW.

This object should have the same structure as Timestamp

compareDuration

Object

When compare_duration is set, the GroupResult's "state_change" attribute is updated to indicate whether the finding had its state changed, the finding's state remained unchanged, or if the finding was added during the compare_duration period of time that precedes the read_time. This is the time between (read_time - compare_duration) and read_time.

The state_change value is derived based on the presence and state of the finding at the two points in time. Intermediate state changes between the two times don't affect the result. For example, the results aren't affected if the finding is made inactive and then active again.

Possible "state_change" values when compare_duration is specified:

  • "CHANGED": indicates that the finding was present at the start of
               compare_duration, but changed its state at read_time.
  • "UNCHANGED": indicates that the finding was present at the start of
               compare_duration and did not change state at read_time.
  • "ADDED": indicates that the finding was not present at the start

               of compare_duration, but was present at read_time.

    If compare_duration is not specified, then the only possible state_change is "UNUSED", which will be the state_change set for all findings present at read_time.

    If this field is set then state_change must be a specified field in group_by.

    This object should have the same structure as Duration

having

string

Filter that specifies what fields to further filter on after the query filter has been executed. Currently only 'finding.state' and 'state_change' are supported and requires compare_duration to be specified.

pageToken

string

The value returned by the last GroupFindingsResponse; indicates that this is a continuation of a prior GroupFindings call, and that the system should return the next page of data.

pageSize

number

The maximum number of results to return in a single response. Default is 10, minimum is 1, maximum is 1000.

See also

google.cloud.securitycenter.v1.GroupFindingsRequest definition in proto format

GroupFindingsResponse

static

Response message for group by findings.

Properties

Parameter

groupByResults

Array of Object

Group results. There exists an element for each existing unique combination of property/values. The element contains a count for the number of times those specific property/values appear.

This object should have the same structure as GroupResult

readTime

Object

Time used for executing the groupBy request.

This object should have the same structure as Timestamp

nextPageToken

string

Token to retrieve the next page of results, or empty if there are no more results.

totalSize

number

The total number of results matching the query.

See also

google.cloud.securitycenter.v1.GroupFindingsResponse definition in proto format

GroupResult

static

Result containing the properties and count of a groupBy request.

Properties

Parameter

properties

Object with Object properties

Properties matching the groupBy fields in the request.

count

number

Total count of resources for the given properties.

See also

google.cloud.securitycenter.v1.GroupResult definition in proto format

IamPolicy

static

IAM Policy information associated with the GCP resource described by the Cloud SCC asset. This information is managed and defined by the GCP resource and cannot be modified by the user.

Property

Parameter

policyBlob

string

The JSON representation of the Policy associated with the asset. See https://cloud.google.com/iam/reference/rest/v1/Policy for format details.

See also

google.cloud.securitycenter.v1.Asset.IamPolicy definition in proto format

ListAssetsRequest

static

Request message for listing assets.

Properties

Parameter

parent

string

Name of the organization assets should belong to. Its format is "organizations/[organization_id]".

filter

string

Expression that defines the filter to apply across assets. The expression is a list of zero or more restrictions combined via logical operators AND and OR. Parentheses are supported, and OR has higher precedence than AND.

Restrictions have the form <field> <operator> <value> and may have a - character in front of them to indicate negation. The fields map to those defined in the Asset resource. Examples include:

  • name
  • security_center_properties.resource_name
  • resource_properties.a_property
  • security_marks.marks.marka

    The supported operators are:

  • = for all value types.

  • >, <, >=, <= for integer values.
  • :, meaning substring matching, for strings.

    The supported value types are:

  • string literals in quotes.

  • integer literals without quotes.
  • boolean literals true and false without quotes.

    For example, resource_properties.size = 100 is a valid filter string.

orderBy

string

Expression that defines what fields and order to use for sorting. The string value should follow SQL syntax: comma separated list of fields. For example: "name,resource_properties.a_property". The default sorting order is ascending. To specify descending order for a field, a suffix " desc" should be appended to the field name. For example: "name desc,resource_properties.a_property". Redundant space characters in the syntax are insignificant. "name desc,resource_properties.a_property" and " name desc , resource_properties.a_property " are equivalent.

readTime

Object

Time used as a reference point when filtering assets. The filter is limited to assets existing at the supplied time and their values are those at that specific time. Absence of this field will default to the API's version of NOW.

This object should have the same structure as Timestamp

compareDuration

Object

When compare_duration is set, the ListAssetsResult's "state_change" attribute is updated to indicate whether the asset was added, removed, or remained present during the compare_duration period of time that precedes the read_time. This is the time between (read_time - compare_duration) and read_time.

The state_change value is derived based on the presence of the asset at the two points in time. Intermediate state changes between the two times don't affect the result. For example, the results aren't affected if the asset is removed and re-created again.

Possible "state_change" values when compare_duration is specified:

  • "ADDED": indicates that the asset was not present at the start of
             compare_duration, but present at read_time.
  • "REMOVED": indicates that the asset was present at the start of
             compare_duration, but not present at read_time.
  • "ACTIVE": indicates that the asset was present at both the

             start and the end of the time period defined by
             compare_duration and read_time.

    If compare_duration is not specified, then the only possible state_change is "UNUSED", which will be the state_change set for all assets present at read_time.

    This object should have the same structure as Duration

having

string

Filter that specifies what fields to further filter on after the query filter has been executed. Currently only 'state_change' is supported and requires compare_duration to be specified.

fieldMask

Object

Optional.

A field mask to specify the ListAssetsResult fields to be listed in the response. An empty field mask will list all fields.

This object should have the same structure as FieldMask

pageToken

string

The value returned by the last ListAssetsResponse; indicates that this is a continuation of a prior ListAssets call, and that the system should return the next page of data.

pageSize

number

The maximum number of results to return in a single response. Default is 10, minimum is 1, maximum is 1000.

See also

google.cloud.securitycenter.v1.ListAssetsRequest definition in proto format

ListAssetsResponse

static

Response message for listing assets.

Properties

Parameter

listAssetsResults

Array of Object

Assets matching the list request.

This object should have the same structure as ListAssetsResult

readTime

Object

Time used for executing the list request.

This object should have the same structure as Timestamp

nextPageToken

string

Token to retrieve the next page of results, or empty if there are no more results.

totalSize

number

The total number of assets matching the query.

See also

google.cloud.securitycenter.v1.ListAssetsResponse definition in proto format

ListAssetsResult

static

Result containing the Asset and its State.

Properties

Parameter

asset

Object

Asset matching the search request.

This object should have the same structure as Asset

stateChange

number

State change of the asset between the points in time.

The number should be among the values of StateChange

See also

google.cloud.securitycenter.v1.ListAssetsResponse.ListAssetsResult definition in proto format

ListFindingsRequest

static

Request message for listing findings.

Properties

Parameter

parent

string

Name of the source the findings belong to. Its format is "organizations/[organization_id]/sources/[source_id]". To list across all sources provide a source_id of -. For example: organizations/123/sources/-

filter

string

Expression that defines the filter to apply across findings. The expression is a list of one or more restrictions combined via logical operators AND and OR. Parentheses are supported, and OR has higher precedence than AND.

Restrictions have the form <field> <operator> <value> and may have a - character in front of them to indicate negation. Examples include:

  • name
  • source_properties.a_property
  • security_marks.marks.marka

    The supported operators are:

    • = for all value types.
    • >, <, >=, <= for integer values.
    • :, meaning substring matching, for strings.

    The supported value types are:

    • string literals in quotes.
    • integer literals without quotes.
    • boolean literals true and false without quotes.

    For example, source_properties.size = 100 is a valid filter string.

orderBy

string

Expression that defines what fields and order to use for sorting. The string value should follow SQL syntax: comma separated list of fields. For example: "name,resource_properties.a_property". The default sorting order is ascending. To specify descending order for a field, a suffix " desc" should be appended to the field name. For example: "name desc,source_properties.a_property". Redundant space characters in the syntax are insignificant. "name desc,source_properties.a_property" and " name desc , source_properties.a_property " are equivalent.

readTime

Object

Time used as a reference point when filtering findings. The filter is limited to findings existing at the supplied time and their values are those at that specific time. Absence of this field will default to the API's version of NOW.

This object should have the same structure as Timestamp

compareDuration

Object

When compare_duration is set, the ListFindingsResult's "state_change" attribute is updated to indicate whether the finding had its state changed, the finding's state remained unchanged, or if the finding was added in any state during the compare_duration period of time that precedes the read_time. This is the time between (read_time - compare_duration) and read_time.

The state_change value is derived based on the presence and state of the finding at the two points in time. Intermediate state changes between the two times don't affect the result. For example, the results aren't affected if the finding is made inactive and then active again.

Possible "state_change" values when compare_duration is specified:

  • "CHANGED": indicates that the finding was present at the start of
               compare_duration, but changed its state at read_time.
  • "UNCHANGED": indicates that the finding was present at the start of
               compare_duration and did not change state at read_time.
  • "ADDED": indicates that the finding was not present at the start

               of compare_duration, but was present at read_time.

    If compare_duration is not specified, then the only possible state_change is "UNUSED", which will be the state_change set for all findings present at read_time.

    This object should have the same structure as Duration

having

string

Filter that specifies what fields to further filter on after the query filter has been executed. Currently only 'finding.state' and 'state_change' are supported and requires compare_duration to be specified.

fieldMask

Object

Optional.

A field mask to specify the Finding fields to be listed in the response. An empty field mask will list all fields.

This object should have the same structure as FieldMask

pageToken

string

The value returned by the last ListFindingsResponse; indicates that this is a continuation of a prior ListFindings call, and that the system should return the next page of data.

pageSize

number

The maximum number of results to return in a single response. Default is 10, minimum is 1, maximum is 1000.

See also

google.cloud.securitycenter.v1.ListFindingsRequest definition in proto format

ListFindingsResponse

static

Response message for listing findings.

Properties

Parameter

listFindingsResults

Array of Object

Findings matching the list request.

This object should have the same structure as ListFindingsResult

readTime

Object

Time used for executing the list request.

This object should have the same structure as Timestamp

nextPageToken

string

Token to retrieve the next page of results, or empty if there are no more results.

totalSize

number

The total number of findings matching the query.

See also

google.cloud.securitycenter.v1.ListFindingsResponse definition in proto format

ListFindingsResult

static

Result containing the Finding and its StateChange.

Properties

Parameter

finding

Object

Finding matching the search request.

This object should have the same structure as Finding

stateChange

number

State change of the finding between the points in time.

The number should be among the values of StateChange

See also

google.cloud.securitycenter.v1.ListFindingsResponse.ListFindingsResult definition in proto format

ListSourcesRequest

static

Request message for listing sources.

Properties

Parameter

parent

string

Resource name of the parent of sources to list. Its format should be "organizations/[organization_id]".

pageToken

string

The value returned by the last ListSourcesResponse; indicates that this is a continuation of a prior ListSources call, and that the system should return the next page of data.

pageSize

number

The maximum number of results to return in a single response. Default is 10, minimum is 1, maximum is 1000.

See also

google.cloud.securitycenter.v1.ListSourcesRequest definition in proto format

ListSourcesResponse

static

Response message for listing sources.

Properties

Parameter

sources

Array of Object

Sources belonging to the requested parent.

This object should have the same structure as Source

nextPageToken

string

Token to retrieve the next page of results, or empty if there are no more results.

See also

google.cloud.securitycenter.v1.ListSourcesResponse definition in proto format

OrganizationSettings

static

User specified settings that are attached to the Cloud Security Command Center (Cloud SCC) organization.

Properties

Parameter

name

string

The relative resource name of the settings. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name Example: "organizations/123/organizationSettings".

enableAssetDiscovery

boolean

A flag that indicates if Asset Discovery should be enabled. If the flag is set to true, then discovery of assets will occur. If it is set to `false, all historical assets will remain, but discovery of future assets will not occur.

assetDiscoveryConfig

Object

The configuration used for Asset Discovery runs.

This object should have the same structure as AssetDiscoveryConfig

See also

google.cloud.securitycenter.v1.OrganizationSettings definition in proto format

RunAssetDiscoveryRequest

static

Request message for running asset discovery for an organization.

Property

Parameter

parent

string

Name of the organization to run asset discovery for. Its format is "organizations/[organization_id]".

See also

google.cloud.securitycenter.v1.RunAssetDiscoveryRequest definition in proto format

SecurityCenterProperties

static

Cloud SCC managed properties. These properties are managed by Cloud SCC and cannot be modified by the user.

Properties

Parameter

resourceName

string

The full resource name of the GCP resource this asset represents. This field is immutable after create time. See: https://cloud.google.com/apis/design/resource_names#full_resource_name

resourceType

string

The type of the GCP resource. Examples include: APPLICATION, PROJECT, and ORGANIZATION. This is a case insensitive field defined by Cloud SCC and/or the producer of the resource and is immutable after create time.

resourceParent

string

The full resource name of the immediate parent of the resource. See: https://cloud.google.com/apis/design/resource_names#full_resource_name

resourceProject

string

The full resource name of the project the resource belongs to. See: https://cloud.google.com/apis/design/resource_names#full_resource_name

resourceOwners

Array of string

Owners of the Google Cloud resource.

See also

google.cloud.securitycenter.v1.Asset.SecurityCenterProperties definition in proto format

SecurityMarks

static

User specified security marks that are attached to the parent Cloud Security Command Center (Cloud SCC) resource. Security marks are scoped within a Cloud SCC organization -- they can be modified and viewed by all users who have proper permissions on the organization.

Properties

Parameter

name

string

The relative resource name of the SecurityMarks. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name Examples: "organizations/123/assets/456/securityMarks" "organizations/123/sources/456/findings/789/securityMarks".

marks

Object with string properties

Mutable user specified security marks belonging to the parent resource. Constraints are as follows:

- Keys and values are treated as case insensitive
- Keys must be between 1 - 256 characters (inclusive)
- Keys must be letters, numbers, underscores, or dashes
- Values have leading and trailing whitespace trimmed, remaining
  characters must be between 1 - 4096 characters (inclusive)
See also

google.cloud.securitycenter.v1.SecurityMarks definition in proto format

SetFindingStateRequest

static

Request message for updating a finding's state.

Properties

Parameter

name

string

The relative resource name of the finding. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name Example: "organizations/123/sources/456/finding/789".

state

number

The desired State of the finding.

The number should be among the values of State

startTime

Object

The time at which the updated state takes effect.

This object should have the same structure as Timestamp

See also

google.cloud.securitycenter.v1.SetFindingStateRequest definition in proto format

Source

static

Cloud Security Command Center's (Cloud SCC) finding source. A finding source is an entity or a mechanism that can produce a finding. A source is like a container of findings that come from the same scanner, logger, monitor, etc.

Properties

Parameter

name

string

The relative resource name of this source. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name Example: "organizations/123/sources/456"

displayName

string

The source’s display name. A source’s display name must be unique amongst its siblings, for example, two sources with the same parent can't share the same display name. The display name must start and end with a letter or digit, may contain letters, digits, spaces, hyphens, and underscores, and can be no longer than 32 characters. This is captured by the regular expression: [\p{L}\p{N}]({\p{L}\p{N}_- ]{0,30}[\p{L}\p{N}])?.

description

string

The description of the source (max of 1024 characters). Example: "Cloud Security Scanner is a web security scanner for common vulnerabilities in App Engine applications. It can automatically scan and detect four common vulnerabilities, including cross-site-scripting (XSS), Flash injection, mixed content (HTTP in HTTPS), and outdated/insecure libraries."

See also

google.cloud.securitycenter.v1.Source definition in proto format

UpdateFindingRequest

static

Request message for updating or creating a finding.

Properties

Parameter

finding

Object

The finding resource to update or create if it does not already exist. parent, security_marks, and update_time will be ignored.

In the case of creation, the finding id portion of the name must be alphanumeric and less than or equal to 32 characters and greater than 0 characters in length.

This object should have the same structure as Finding

updateMask

Object

The FieldMask to use when updating the finding resource. This field should not be specified when creating a finding.

When updating a finding, an empty mask is treated as updating all mutable fields and replacing source_properties. Individual source_properties can be added/updated by using "source_properties. " in the field mask.

This object should have the same structure as FieldMask

See also

google.cloud.securitycenter.v1.UpdateFindingRequest definition in proto format

UpdateOrganizationSettingsRequest

static

Request message for updating an organization's settings.

Properties

Parameter

organizationSettings

Object

The organization settings resource to update.

This object should have the same structure as OrganizationSettings

updateMask

Object

The FieldMask to use when updating the settings resource.

If empty all mutable fields will be updated.

This object should have the same structure as FieldMask

See also

google.cloud.securitycenter.v1.UpdateOrganizationSettingsRequest definition in proto format

UpdateSecurityMarksRequest

static

Request message for updating a SecurityMarks resource.

Properties

Parameter

securityMarks

Object

The security marks resource to update.

This object should have the same structure as SecurityMarks

updateMask

Object

The FieldMask to use when updating the security marks resource.

The field mask must not contain duplicate fields. If empty or set to "marks", all marks will be replaced. Individual marks can be updated using "marks.<mark_key>".

This object should have the same structure as FieldMask

startTime

Object

The time at which the updated SecurityMarks take effect. If not set uses current server time. Updates will be applied to the SecurityMarks that are active immediately preceding this time.

This object should have the same structure as Timestamp

See also

google.cloud.securitycenter.v1.UpdateSecurityMarksRequest definition in proto format

UpdateSourceRequest

static

Request message for updating a source.

Properties

Parameter

source

Object

The source resource to update.

This object should have the same structure as Source

updateMask

Object

The FieldMask to use when updating the source resource.

If empty all mutable fields will be updated.

This object should have the same structure as FieldMask

See also

google.cloud.securitycenter.v1.UpdateSourceRequest definition in proto format