Google Cloud Security Command Center V1 Client - Class Finding (1.13.1)

Reference documentation and code samples for the Google Cloud Security Command Center V1 Client class Finding.

Security Command Center finding.

A finding is a record of assessment data like security, risk, health, or privacy, that is ingested into Security Command Center for presentation, notification, analysis, policy testing, and enforcement. For example, a cross-site scripting (XSS) vulnerability in an App Engine application is a finding.

Generated from protobuf message google.cloud.securitycenter.v1.Finding

Constructor.

The relative resource name of this finding. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name Example: "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}"

Generated from protobuf field string name = 1;

The relative resource name of this finding. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name Example: "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}"

Generated from protobuf field string name = 1;

The relative resource name of the source the finding belongs to. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name This field is immutable after creation time.

For example: "organizations/{organization_id}/sources/{source_id}"

Generated from protobuf field string parent = 2;

The relative resource name of the source the finding belongs to. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name This field is immutable after creation time.

For example: "organizations/{organization_id}/sources/{source_id}"

Generated from protobuf field string parent = 2;

For findings on Google Cloud resources, the full resource name of the Google Cloud resource this finding is for. See: https://cloud.google.com/apis/design/resource_names#full_resource_name When the finding is for a non-Google Cloud resource, the resourceName can be a customer or partner defined string. This field is immutable after creation time.

Generated from protobuf field string resource_name = 3;

For findings on Google Cloud resources, the full resource name of the Google Cloud resource this finding is for. See: https://cloud.google.com/apis/design/resource_names#full_resource_name When the finding is for a non-Google Cloud resource, the resourceName can be a customer or partner defined string. This field is immutable after creation time.

Generated from protobuf field string resource_name = 3;

The state of the finding.

Generated from protobuf field .google.cloud.securitycenter.v1.Finding.State state = 4;

The state of the finding.

Generated from protobuf field .google.cloud.securitycenter.v1.Finding.State state = 4;

The additional taxonomy group within findings from a given source.

This field is immutable after creation time. Example: "XSS_FLASH_INJECTION"

Generated from protobuf field string category = 5;

The additional taxonomy group within findings from a given source.

This field is immutable after creation time. Example: "XSS_FLASH_INJECTION"

Generated from protobuf field string category = 5;

The URI that, if available, points to a web page outside of Security Command Center where additional information about the finding can be found.

This field is guaranteed to be either empty or a well formed URL.

Generated from protobuf field string external_uri = 6;

The URI that, if available, points to a web page outside of Security Command Center where additional information about the finding can be found.

This field is guaranteed to be either empty or a well formed URL.

Generated from protobuf field string external_uri = 6;

Source specific properties. These properties are managed by the source that writes the finding. The key names in the source_properties map must be between 1 and 255 characters, and must start with a letter and contain alphanumeric characters or underscores only.

Generated from protobuf field map<string, .google.protobuf.Value> source_properties = 7;

Source specific properties. These properties are managed by the source that writes the finding. The key names in the source_properties map must be between 1 and 255 characters, and must start with a letter and contain alphanumeric characters or underscores only.

Generated from protobuf field map<string, .google.protobuf.Value> source_properties = 7;

Output only. User specified security marks. These marks are entirely managed by the user and come from the SecurityMarks resource that belongs to the finding.

Generated from protobuf field .google.cloud.securitycenter.v1.SecurityMarks security_marks = 8 [(.google.api.field_behavior) = OUTPUT_ONLY];

Output only. User specified security marks. These marks are entirely managed by the user and come from the SecurityMarks resource that belongs to the finding.

Generated from protobuf field .google.cloud.securitycenter.v1.SecurityMarks security_marks = 8 [(.google.api.field_behavior) = OUTPUT_ONLY];

The time the finding was first detected. If an existing finding is updated, then this is the time the update occurred.

For example, if the finding represents an open firewall, this property captures the time the detector believes the firewall became open. The accuracy is determined by the detector. If the finding is later resolved, then this time reflects when the finding was resolved. This must not be set to a value greater than the current timestamp.

Generated from protobuf field .google.protobuf.Timestamp event_time = 9;

The time the finding was first detected. If an existing finding is updated, then this is the time the update occurred.

For example, if the finding represents an open firewall, this property captures the time the detector believes the firewall became open. The accuracy is determined by the detector. If the finding is later resolved, then this time reflects when the finding was resolved. This must not be set to a value greater than the current timestamp.

Generated from protobuf field .google.protobuf.Timestamp event_time = 9;

The time at which the finding was created in Security Command Center.

Generated from protobuf field .google.protobuf.Timestamp create_time = 10;

The time at which the finding was created in Security Command Center.

Generated from protobuf field .google.protobuf.Timestamp create_time = 10;

The severity of the finding. This field is managed by the source that writes the finding.

Generated from protobuf field .google.cloud.securitycenter.v1.Finding.Severity severity = 12;

The severity of the finding. This field is managed by the source that writes the finding.

Generated from protobuf field .google.cloud.securitycenter.v1.Finding.Severity severity = 12;

The canonical name of the finding. It's either "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}", "folders/{folder_id}/sources/{source_id}/findings/{finding_id}" or "projects/{project_number}/sources/{source_id}/findings/{finding_id}", depending on the closest CRM ancestor of the resource associated with the finding.

Generated from protobuf field string canonical_name = 14;

The canonical name of the finding. It's either "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}", "folders/{folder_id}/sources/{source_id}/findings/{finding_id}" or "projects/{project_number}/sources/{source_id}/findings/{finding_id}", depending on the closest CRM ancestor of the resource associated with the finding.

Generated from protobuf field string canonical_name = 14;

Indicates the mute state of a finding (either muted, unmuted or undefined). Unlike other attributes of a finding, a finding provider shouldn't set the value of mute.

Generated from protobuf field .google.cloud.securitycenter.v1.Finding.Mute mute = 15;

Indicates the mute state of a finding (either muted, unmuted or undefined). Unlike other attributes of a finding, a finding provider shouldn't set the value of mute.

Generated from protobuf field .google.cloud.securitycenter.v1.Finding.Mute mute = 15;

The class of the finding.

Generated from protobuf field .google.cloud.securitycenter.v1.Finding.FindingClass finding_class = 17;

The class of the finding.

Generated from protobuf field .google.cloud.securitycenter.v1.Finding.FindingClass finding_class = 17;

Represents what's commonly known as an Indicator of compromise (IoC) in computer forensics. This is an artifact observed on a network or in an operating system that, with high confidence, indicates a computer intrusion.

Reference: https://en.wikipedia.org/wiki/Indicator_of_compromise

Generated from protobuf field .google.cloud.securitycenter.v1.Indicator indicator = 18;

Represents what's commonly known as an Indicator of compromise (IoC) in computer forensics. This is an artifact observed on a network or in an operating system that, with high confidence, indicates a computer intrusion.

Reference: https://en.wikipedia.org/wiki/Indicator_of_compromise

Generated from protobuf field .google.cloud.securitycenter.v1.Indicator indicator = 18;

Represents vulnerability-specific fields like CVE and CVS scores.

CVE stands for Common Vulnerabilities and Exposures (https://cve.mitre.org/about/)

Generated from protobuf field .google.cloud.securitycenter.v1.Vulnerability vulnerability = 20;

Represents vulnerability-specific fields like CVE and CVS scores.

CVE stands for Common Vulnerabilities and Exposures (https://cve.mitre.org/about/)

Generated from protobuf field .google.cloud.securitycenter.v1.Vulnerability vulnerability = 20;

Output only. The most recent time this finding was muted or unmuted.

Generated from protobuf field .google.protobuf.Timestamp mute_update_time = 21 [(.google.api.field_behavior) = OUTPUT_ONLY];

Output only. The most recent time this finding was muted or unmuted.

Generated from protobuf field .google.protobuf.Timestamp mute_update_time = 21 [(.google.api.field_behavior) = OUTPUT_ONLY];

Output only. Third party SIEM/SOAR fields within SCC, contains external system information and external system finding fields.

Generated from protobuf field map<string, .google.cloud.securitycenter.v1.ExternalSystem> external_systems = 22 [(.google.api.field_behavior) = OUTPUT_ONLY];

Output only. Third party SIEM/SOAR fields within SCC, contains external system information and external system finding fields.

Generated from protobuf field map<string, .google.cloud.securitycenter.v1.ExternalSystem> external_systems = 22 [(.google.api.field_behavior) = OUTPUT_ONLY];

MITRE ATT&CK tactics and techniques related to this finding.

See: https://attack.mitre.org

Generated from protobuf field .google.cloud.securitycenter.v1.MitreAttack mitre_attack = 25;

MITRE ATT&CK tactics and techniques related to this finding.

See: https://attack.mitre.org

Generated from protobuf field .google.cloud.securitycenter.v1.MitreAttack mitre_attack = 25;

Access details associated to the Finding, such as more information on the caller, which method was accessed, from where, etc.

Generated from protobuf field .google.cloud.securitycenter.v1.Access access = 26;

Access details associated to the Finding, such as more information on the caller, which method was accessed, from where, etc.

Generated from protobuf field .google.cloud.securitycenter.v1.Access access = 26;

Contains information about the IP connection associated with the finding.

Generated from protobuf field repeated .google.cloud.securitycenter.v1.Connection connections = 31;

Contains information about the IP connection associated with the finding.

Generated from protobuf field repeated .google.cloud.securitycenter.v1.Connection connections = 31;

First known as mute_annotation. Records additional information about the mute operation e.g. mute config that muted the finding, user who muted the finding, etc. Unlike other attributes of a finding, a finding provider shouldn't set the value of mute.

Generated from protobuf field string mute_initiator = 28;

First known as mute_annotation. Records additional information about the mute operation e.g. mute config that muted the finding, user who muted the finding, etc. Unlike other attributes of a finding, a finding provider shouldn't set the value of mute.

Generated from protobuf field string mute_initiator = 28;

Represents operating system processes associated with the Finding.

Generated from protobuf field repeated .google.cloud.securitycenter.v1.Process processes = 30;

Represents operating system processes associated with the Finding.

Generated from protobuf field repeated .google.cloud.securitycenter.v1.Process processes = 30;

Output only. Map containing the points of contact for the given finding. The key represents the type of contact, while the value contains a list of all the contacts that pertain. Please refer to: https://cloud.google.com/resource-manager/docs/managing-notification-contacts#notification-categories { "security": { "contacts": [ { "email": "person1@company.com" }, { "email": "person2@company.com" } ] } }

Generated from protobuf field map<string, .google.cloud.securitycenter.v1.ContactDetails> contacts = 33 [(.google.api.field_behavior) = OUTPUT_ONLY];

Output only. Map containing the points of contact for the given finding. The key represents the type of contact, while the value contains a list of all the contacts that pertain. Please refer to: https://cloud.google.com/resource-manager/docs/managing-notification-contacts#notification-categories { "security": { "contacts": [ { "email": "person1@company.com" }, { "email": "person2@company.com" } ] } }

Generated from protobuf field map<string, .google.cloud.securitycenter.v1.ContactDetails> contacts = 33 [(.google.api.field_behavior) = OUTPUT_ONLY];

Contains compliance information for security standards associated to the finding.

Generated from protobuf field repeated .google.cloud.securitycenter.v1.Compliance compliances = 34;

Contains compliance information for security standards associated to the finding.

Generated from protobuf field repeated .google.cloud.securitycenter.v1.Compliance compliances = 34;

Output only. The human readable display name of the finding source such as "Event Threat Detection" or "Security Health Analytics".

Generated from protobuf field string parent_display_name = 36 [(.google.api.field_behavior) = OUTPUT_ONLY];

Output only. The human readable display name of the finding source such as "Event Threat Detection" or "Security Health Analytics".

Generated from protobuf field string parent_display_name = 36 [(.google.api.field_behavior) = OUTPUT_ONLY];

Contains more detail about the finding.

Generated from protobuf field string description = 37;

Contains more detail about the finding.

Generated from protobuf field string description = 37;

Represents exfiltration associated with the Finding.

Generated from protobuf field .google.cloud.securitycenter.v1.Exfiltration exfiltration = 38;

Represents exfiltration associated with the Finding.

Generated from protobuf field .google.cloud.securitycenter.v1.Exfiltration exfiltration = 38;

Represents IAM bindings associated with the Finding.

Generated from protobuf field repeated .google.cloud.securitycenter.v1.IamBinding iam_bindings = 39;

Represents IAM bindings associated with the Finding.

Generated from protobuf field repeated .google.cloud.securitycenter.v1.IamBinding iam_bindings = 39;

Next steps associate to the finding.

Generated from protobuf field string next_steps = 40;

Next steps associate to the finding.

Generated from protobuf field string next_steps = 40;

Containers associated with the finding. containers provides information for both Kubernetes and non-Kubernetes containers.

Generated from protobuf field repeated .google.cloud.securitycenter.v1.Container containers = 42;

Containers associated with the finding. containers provides information for both Kubernetes and non-Kubernetes containers.

Generated from protobuf field repeated .google.cloud.securitycenter.v1.Container containers = 42;

Kubernetes resources associated with the finding.

Generated from protobuf field .google.cloud.securitycenter.v1.Kubernetes kubernetes = 43;

Kubernetes resources associated with the finding.

Generated from protobuf field .google.cloud.securitycenter.v1.Kubernetes kubernetes = 43;

Database associated with the finding.

Generated from protobuf field .google.cloud.securitycenter.v1.Database database = 44;

Database associated with the finding.

Generated from protobuf field .google.cloud.securitycenter.v1.Database database = 44;

File associated with the finding.

Generated from protobuf field repeated .google.cloud.securitycenter.v1.File files = 46;

File associated with the finding.

Generated from protobuf field repeated .google.cloud.securitycenter.v1.File files = 46;

Kernel Rootkit signature.

Generated from protobuf field .google.cloud.securitycenter.v1.KernelRootkit kernel_rootkit = 50;

Kernel Rootkit signature.

Generated from protobuf field .google.cloud.securitycenter.v1.KernelRootkit kernel_rootkit = 50;