Google Cloud Security Command Center V1p1beta1 Client - Class SecurityCenterClient (1.15.1)

Reference documentation and code samples for the Google Cloud Security Command Center V1p1beta1 Client class SecurityCenterClient.

Service Description: V1p1Beta1 APIs for Security Center service.

This class provides the ability to make remote calls to the backing service through method calls that map to API methods. Sample code to get started:

$securityCenterClient = new SecurityCenterClient();
try {
    $formattedParent = $securityCenterClient->sourceName('[ORGANIZATION]', '[SOURCE]');
    $findingId = 'finding_id';
    $finding = new Finding();
    $response = $securityCenterClient->createFinding($formattedParent, $findingId, $finding);
} finally {
    $securityCenterClient->close();
}

Many parameters require resource names to be formatted in a particular way. To assist with these names, this class includes a format method for each type of name, and additionally a parseName method to extract the individual identifiers contained within formatted names that are returned by the API.

Methods

findingName

Formats a string containing the fully-qualified path to represent a finding resource.

Parameters
NameDescription
organization string
source string
finding string
Returns
TypeDescription
stringThe formatted finding resource.

folderName

Formats a string containing the fully-qualified path to represent a folder resource.

Parameter
NameDescription
folder string
Returns
TypeDescription
stringThe formatted folder resource.

folderAssetSecurityMarksName

Formats a string containing the fully-qualified path to represent a folder_asset_securityMarks resource.

Parameters
NameDescription
folder string
asset string
Returns
TypeDescription
stringThe formatted folder_asset_securityMarks resource.

folderSourceName

Formats a string containing the fully-qualified path to represent a folder_source resource.

Parameters
NameDescription
folder string
source string
Returns
TypeDescription
stringThe formatted folder_source resource.

folderSourceFindingName

Formats a string containing the fully-qualified path to represent a folder_source_finding resource.

Parameters
NameDescription
folder string
source string
finding string
Returns
TypeDescription
stringThe formatted folder_source_finding resource.

folderSourceFindingSecurityMarksName

Formats a string containing the fully-qualified path to represent a folder_source_finding_securityMarks resource.

Parameters
NameDescription
folder string
source string
finding string
Returns
TypeDescription
stringThe formatted folder_source_finding_securityMarks resource.

notificationConfigName

Formats a string containing the fully-qualified path to represent a notification_config resource.

Parameters
NameDescription
organization string
notificationConfig string
Returns
TypeDescription
stringThe formatted notification_config resource.

organizationName

Formats a string containing the fully-qualified path to represent a organization resource.

Parameter
NameDescription
organization string
Returns
TypeDescription
stringThe formatted organization resource.

organizationAssetSecurityMarksName

Formats a string containing the fully-qualified path to represent a organization_asset_securityMarks resource.

Parameters
NameDescription
organization string
asset string
Returns
TypeDescription
stringThe formatted organization_asset_securityMarks resource.

organizationSettingsName

Formats a string containing the fully-qualified path to represent a organization_settings resource.

Parameter
NameDescription
organization string
Returns
TypeDescription
stringThe formatted organization_settings resource.

organizationSourceName

Formats a string containing the fully-qualified path to represent a organization_source resource.

Parameters
NameDescription
organization string
source string
Returns
TypeDescription
stringThe formatted organization_source resource.

organizationSourceFindingName

Formats a string containing the fully-qualified path to represent a organization_source_finding resource.

Parameters
NameDescription
organization string
source string
finding string
Returns
TypeDescription
stringThe formatted organization_source_finding resource.

organizationSourceFindingSecurityMarksName

Formats a string containing the fully-qualified path to represent a organization_source_finding_securityMarks resource.

Parameters
NameDescription
organization string
source string
finding string
Returns
TypeDescription
stringThe formatted organization_source_finding_securityMarks resource.

projectName

Formats a string containing the fully-qualified path to represent a project resource.

Parameter
NameDescription
project string
Returns
TypeDescription
stringThe formatted project resource.

projectAssetSecurityMarksName

Formats a string containing the fully-qualified path to represent a project_asset_securityMarks resource.

Parameters
NameDescription
project string
asset string
Returns
TypeDescription
stringThe formatted project_asset_securityMarks resource.

projectSourceName

Formats a string containing the fully-qualified path to represent a project_source resource.

Parameters
NameDescription
project string
source string
Returns
TypeDescription
stringThe formatted project_source resource.

projectSourceFindingName

Formats a string containing the fully-qualified path to represent a project_source_finding resource.

Parameters
NameDescription
project string
source string
finding string
Returns
TypeDescription
stringThe formatted project_source_finding resource.

projectSourceFindingSecurityMarksName

Formats a string containing the fully-qualified path to represent a project_source_finding_securityMarks resource.

Parameters
NameDescription
project string
source string
finding string
Returns
TypeDescription
stringThe formatted project_source_finding_securityMarks resource.

securityMarksName

Formats a string containing the fully-qualified path to represent a security_marks resource.

Parameters
NameDescription
organization string
asset string
Returns
TypeDescription
stringThe formatted security_marks resource.

sourceName

Formats a string containing the fully-qualified path to represent a source resource.

Parameters
NameDescription
organization string
source string
Returns
TypeDescription
stringThe formatted source resource.

topicName

Formats a string containing the fully-qualified path to represent a topic resource.

Parameters
NameDescription
project string
topic string
Returns
TypeDescription
stringThe formatted topic resource.

parseName

Parses a formatted name string and returns an associative array of the components in the name.

The following name formats are supported: Template: Pattern

  • finding: organizations/{organization}/sources/{source}/findings/{finding}
  • folder: folders/{folder}
  • folderAssetSecurityMarks: folders/{folder}/assets/{asset}/securityMarks
  • folderSource: folders/{folder}/sources/{source}
  • folderSourceFinding: folders/{folder}/sources/{source}/findings/{finding}
  • folderSourceFindingSecurityMarks: folders/{folder}/sources/{source}/findings/{finding}/securityMarks
  • notificationConfig: organizations/{organization}/notificationConfigs/{notification_config}
  • organization: organizations/{organization}
  • organizationAssetSecurityMarks: organizations/{organization}/assets/{asset}/securityMarks
  • organizationSettings: organizations/{organization}/organizationSettings
  • organizationSource: organizations/{organization}/sources/{source}
  • organizationSourceFinding: organizations/{organization}/sources/{source}/findings/{finding}
  • organizationSourceFindingSecurityMarks: organizations/{organization}/sources/{source}/findings/{finding}/securityMarks
  • project: projects/{project}
  • projectAssetSecurityMarks: projects/{project}/assets/{asset}/securityMarks
  • projectSource: projects/{project}/sources/{source}
  • projectSourceFinding: projects/{project}/sources/{source}/findings/{finding}
  • projectSourceFindingSecurityMarks: projects/{project}/sources/{source}/findings/{finding}/securityMarks
  • securityMarks: organizations/{organization}/assets/{asset}/securityMarks
  • source: organizations/{organization}/sources/{source}
  • topic: projects/{project}/topics/{topic}

The optional $template argument can be supplied to specify a particular pattern, and must match one of the templates listed above. If no $template argument is provided, or if the $template argument does not match one of the templates listed, then parseName will check each of the supported templates, and return the first match.

Parameters
NameDescription
formattedName string

The formatted name string

template string

Optional name of template to match

Returns
TypeDescription
arrayAn associative array from name component IDs to component values.

getOperationsClient

Return an OperationsClient object with the same endpoint as $this.

Returns
TypeDescription
Google\ApiCore\LongRunning\OperationsClient

resumeOperation

Resume an existing long running operation that was previously started by a long running API method. If $methodName is not provided, or does not match a long running API method, then the operation can still be resumed, but the OperationResponse object will not deserialize the final response.

Parameters
NameDescription
operationName string

The name of the long running operation

methodName string

The name of the method used to start the operation

Returns
TypeDescription
Google\ApiCore\OperationResponse

__construct

Constructor.

Parameters
NameDescription
options array

Optional. Options for configuring the service API wrapper.

↳ apiEndpoint string

The address of the API remote host. May optionally include the port, formatted as "

↳ credentials string|array|FetchAuthTokenInterface|CredentialsWrapper

The credentials to be used by the client to authorize API calls. This option accepts either a path to a credentials file, or a decoded credentials file as a PHP array. Advanced usage: In addition, this option can also accept a pre-constructed Google\Auth\FetchAuthTokenInterface object or Google\ApiCore\CredentialsWrapper object. Note that when one of these objects are provided, any settings in $credentialsConfig will be ignored.

↳ credentialsConfig array

Options used to configure credentials, including auth token caching, for the client. For a full list of supporting configuration options, see Google\ApiCore\CredentialsWrapper::build() .

↳ disableRetries bool

Determines whether or not retries defined by the client configuration should be disabled. Defaults to false.

↳ clientConfig string|array

Client method configuration, including retry settings. This option can be either a path to a JSON file, or a PHP array containing the decoded JSON data. By default this settings points to the default client config file, which is provided in the resources folder.

↳ transport string|TransportInterface

The transport used for executing network requests. May be either the string rest or grpc. Defaults to grpc if gRPC support is detected on the system. Advanced usage: Additionally, it is possible to pass in an already instantiated Google\ApiCore\Transport\TransportInterface object. Note that when this object is provided, any settings in $transportConfig, and any $apiEndpoint setting, will be ignored.

↳ transportConfig array

Configuration options that will be used to construct the transport. Options for each supported transport type should be passed in a key for that transport. For example: $transportConfig = [ 'grpc' => [...], 'rest' => [...], ]; See the Google\ApiCore\Transport\GrpcTransport::build() and Google\ApiCore\Transport\RestTransport::build() methods for the supported options.

↳ clientCertSource callable

A callable which returns the client cert as a string. This can be used to provide a certificate and private key to the transport layer for mTLS.

createFinding

Creates a finding. The corresponding source must exist for finding creation to succeed.

Parameters
NameDescription
parent string

Required. Resource name of the new finding's parent. Its format should be "organizations/[organization_id]/sources/[source_id]".

findingId string

Required. Unique identifier provided by the client within the parent scope.

finding Google\Cloud\SecurityCenter\V1p1beta1\Finding

Required. The Finding being created. The name and security_marks will be ignored as they are both output only fields on this resource.

optionalArgs array

Optional.

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
TypeDescription
Google\Cloud\SecurityCenter\V1p1beta1\Finding
Example
use Google\ApiCore\ApiException;
use Google\Cloud\SecurityCenter\V1p1beta1\Finding;
use Google\Cloud\SecurityCenter\V1p1beta1\SecurityCenterClient;

/**
 * @param string $formattedParent Resource name of the new finding's parent. Its format should be
 *                                "organizations/[organization_id]/sources/[source_id]". Please see
 *                                {@see SecurityCenterClient::sourceName()} for help formatting this field.
 * @param string $findingId       Unique identifier provided by the client within the parent scope.
 */
function create_finding_sample(string $formattedParent, string $findingId): void
{
    // Create a client.
    $securityCenterClient = new SecurityCenterClient();

    // Prepare any non-scalar elements to be passed along with the request.
    $finding = new Finding();

    // Call the API and handle any network failures.
    try {
        /** @var Finding $response */
        $response = $securityCenterClient->createFinding($formattedParent, $findingId, $finding);
        printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $formattedParent = SecurityCenterClient::sourceName('[ORGANIZATION]', '[SOURCE]');
    $findingId = '[FINDING_ID]';

    create_finding_sample($formattedParent, $findingId);
}

createNotificationConfig

Creates a notification config.

Parameters
NameDescription
parent string

Required. Resource name of the new notification config's parent. Its format is "organizations/[organization_id]".

configId string

Required. Unique identifier provided by the client within the parent scope. It must be between 1 and 128 characters, and contains alphanumeric characters, underscores or hyphens only.

notificationConfig Google\Cloud\SecurityCenter\V1p1beta1\NotificationConfig

Required. The notification config being created. The name and the service account will be ignored as they are both output only fields on this resource.

optionalArgs array

Optional.

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
TypeDescription
Google\Cloud\SecurityCenter\V1p1beta1\NotificationConfig
Example
use Google\ApiCore\ApiException;
use Google\Cloud\SecurityCenter\V1p1beta1\NotificationConfig;
use Google\Cloud\SecurityCenter\V1p1beta1\SecurityCenterClient;

/**
 * @param string $formattedParent Resource name of the new notification config's parent. Its format is
 *                                "organizations/[organization_id]". Please see
 *                                {@see SecurityCenterClient::organizationName()} for help formatting this field.
 * @param string $configId        Unique identifier provided by the client within the parent scope.
 *                                It must be between 1 and 128 characters, and contains alphanumeric
 *                                characters, underscores or hyphens only.
 */
function create_notification_config_sample(string $formattedParent, string $configId): void
{
    // Create a client.
    $securityCenterClient = new SecurityCenterClient();

    // Prepare any non-scalar elements to be passed along with the request.
    $notificationConfig = new NotificationConfig();

    // Call the API and handle any network failures.
    try {
        /** @var NotificationConfig $response */
        $response = $securityCenterClient->createNotificationConfig(
            $formattedParent,
            $configId,
            $notificationConfig
        );
        printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $formattedParent = SecurityCenterClient::organizationName('[ORGANIZATION]');
    $configId = '[CONFIG_ID]';

    create_notification_config_sample($formattedParent, $configId);
}

createSource

Creates a source.

Parameters
NameDescription
parent string

Required. Resource name of the new source's parent. Its format should be "organizations/[organization_id]".

source Google\Cloud\SecurityCenter\V1p1beta1\Source

Required. The Source being created, only the display_name and description will be used. All other fields will be ignored.

optionalArgs array

Optional.

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
TypeDescription
Google\Cloud\SecurityCenter\V1p1beta1\Source
Example
use Google\ApiCore\ApiException;
use Google\Cloud\SecurityCenter\V1p1beta1\SecurityCenterClient;
use Google\Cloud\SecurityCenter\V1p1beta1\Source;

/**
 * @param string $formattedParent Resource name of the new source's parent. Its format should be
 *                                "organizations/[organization_id]". Please see
 *                                {@see SecurityCenterClient::organizationName()} for help formatting this field.
 */
function create_source_sample(string $formattedParent): void
{
    // Create a client.
    $securityCenterClient = new SecurityCenterClient();

    // Prepare any non-scalar elements to be passed along with the request.
    $source = new Source();

    // Call the API and handle any network failures.
    try {
        /** @var Source $response */
        $response = $securityCenterClient->createSource($formattedParent, $source);
        printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $formattedParent = SecurityCenterClient::organizationName('[ORGANIZATION]');

    create_source_sample($formattedParent);
}

deleteNotificationConfig

Deletes a notification config.

Parameters
NameDescription
name string

Required. Name of the notification config to delete. Its format is "organizations/[organization_id]/notificationConfigs/[config_id]".

optionalArgs array

Optional.

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Example
use Google\ApiCore\ApiException;
use Google\Cloud\SecurityCenter\V1p1beta1\SecurityCenterClient;

/**
 * @param string $formattedName Name of the notification config to delete. Its format is
 *                              "organizations/[organization_id]/notificationConfigs/[config_id]". Please see
 *                              {@see SecurityCenterClient::notificationConfigName()} for help formatting this field.
 */
function delete_notification_config_sample(string $formattedName): void
{
    // Create a client.
    $securityCenterClient = new SecurityCenterClient();

    // Call the API and handle any network failures.
    try {
        $securityCenterClient->deleteNotificationConfig($formattedName);
        printf('Call completed successfully.' . PHP_EOL);
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $formattedName = SecurityCenterClient::notificationConfigName(
        '[ORGANIZATION]',
        '[NOTIFICATION_CONFIG]'
    );

    delete_notification_config_sample($formattedName);
}

getIamPolicy

Gets the access control policy on the specified Source.

Parameters
NameDescription
resource string

REQUIRED: The resource for which the policy is being requested. See the operation documentation for the appropriate value for this field.

optionalArgs array

Optional.

↳ options GetPolicyOptions

OPTIONAL: A GetPolicyOptions object for specifying options to GetIamPolicy.

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
TypeDescription
Google\Cloud\Iam\V1\Policy
Example
use Google\ApiCore\ApiException;
use Google\Cloud\Iam\V1\Policy;
use Google\Cloud\SecurityCenter\V1p1beta1\SecurityCenterClient;

/**
 * @param string $resource REQUIRED: The resource for which the policy is being requested.
 *                         See the operation documentation for the appropriate value for this field.
 */
function get_iam_policy_sample(string $resource): void
{
    // Create a client.
    $securityCenterClient = new SecurityCenterClient();

    // Call the API and handle any network failures.
    try {
        /** @var Policy $response */
        $response = $securityCenterClient->getIamPolicy($resource);
        printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $resource = '[RESOURCE]';

    get_iam_policy_sample($resource);
}

getNotificationConfig

Gets a notification config.

Parameters
NameDescription
name string

Required. Name of the notification config to get. Its format is "organizations/[organization_id]/notificationConfigs/[config_id]".

optionalArgs array

Optional.

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
TypeDescription
Google\Cloud\SecurityCenter\V1p1beta1\NotificationConfig
Example
use Google\ApiCore\ApiException;
use Google\Cloud\SecurityCenter\V1p1beta1\NotificationConfig;
use Google\Cloud\SecurityCenter\V1p1beta1\SecurityCenterClient;

/**
 * @param string $formattedName Name of the notification config to get. Its format is
 *                              "organizations/[organization_id]/notificationConfigs/[config_id]". Please see
 *                              {@see SecurityCenterClient::notificationConfigName()} for help formatting this field.
 */
function get_notification_config_sample(string $formattedName): void
{
    // Create a client.
    $securityCenterClient = new SecurityCenterClient();

    // Call the API and handle any network failures.
    try {
        /** @var NotificationConfig $response */
        $response = $securityCenterClient->getNotificationConfig($formattedName);
        printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $formattedName = SecurityCenterClient::notificationConfigName(
        '[ORGANIZATION]',
        '[NOTIFICATION_CONFIG]'
    );

    get_notification_config_sample($formattedName);
}

getOrganizationSettings

Gets the settings for an organization.

Parameters
NameDescription
name string

Required. Name of the organization to get organization settings for. Its format is "organizations/[organization_id]/organizationSettings".

optionalArgs array

Optional.

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
TypeDescription
Google\Cloud\SecurityCenter\V1p1beta1\OrganizationSettings
Example
use Google\ApiCore\ApiException;
use Google\Cloud\SecurityCenter\V1p1beta1\OrganizationSettings;
use Google\Cloud\SecurityCenter\V1p1beta1\SecurityCenterClient;

/**
 * @param string $formattedName Name of the organization to get organization settings for. Its format is
 *                              "organizations/[organization_id]/organizationSettings". Please see
 *                              {@see SecurityCenterClient::organizationSettingsName()} for help formatting this field.
 */
function get_organization_settings_sample(string $formattedName): void
{
    // Create a client.
    $securityCenterClient = new SecurityCenterClient();

    // Call the API and handle any network failures.
    try {
        /** @var OrganizationSettings $response */
        $response = $securityCenterClient->getOrganizationSettings($formattedName);
        printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $formattedName = SecurityCenterClient::organizationSettingsName('[ORGANIZATION]');

    get_organization_settings_sample($formattedName);
}

getSource

Gets a source.

Parameters
NameDescription
name string

Required. Relative resource name of the source. Its format is "organizations/[organization_id]/source/[source_id]".

optionalArgs array

Optional.

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
TypeDescription
Google\Cloud\SecurityCenter\V1p1beta1\Source
Example
use Google\ApiCore\ApiException;
use Google\Cloud\SecurityCenter\V1p1beta1\SecurityCenterClient;
use Google\Cloud\SecurityCenter\V1p1beta1\Source;

/**
 * @param string $formattedName Relative resource name of the source. Its format is
 *                              "organizations/[organization_id]/source/[source_id]". Please see
 *                              {@see SecurityCenterClient::sourceName()} for help formatting this field.
 */
function get_source_sample(string $formattedName): void
{
    // Create a client.
    $securityCenterClient = new SecurityCenterClient();

    // Call the API and handle any network failures.
    try {
        /** @var Source $response */
        $response = $securityCenterClient->getSource($formattedName);
        printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $formattedName = SecurityCenterClient::sourceName('[ORGANIZATION]', '[SOURCE]');

    get_source_sample($formattedName);
}

groupAssets

Filters an organization's assets and groups them by their specified properties.

Parameters
NameDescription
parent string

Required. Name of the organization to groupBy. Its format is "organizations/[organization_id], folders/[folder_id], or projects/[project_id]".

groupBy string

Required. Expression that defines what assets fields to use for grouping. The string value should follow SQL syntax: comma separated list of fields. For example: "security_center_properties.resource_project,security_center_properties.project".

The following fields are supported when compare_duration is not set:

  • security_center_properties.resource_project
  • security_center_properties.resource_project_display_name
  • security_center_properties.resource_type
  • security_center_properties.resource_parent
  • security_center_properties.resource_parent_display_name

The following fields are supported when compare_duration is set:

  • security_center_properties.resource_type
  • security_center_properties.resource_project_display_name
  • security_center_properties.resource_parent_display_name
optionalArgs array

Optional.

↳ filter string

Expression that defines the filter to apply across assets. The expression is a list of zero or more restrictions combined via logical operators AND and OR. Parentheses are supported, and OR has higher precedence than AND. Restrictions have the form <field> <operator> <value> and may have a - character in front of them to indicate negation. The fields map to those defined in the Asset resource. Examples include: * name * security_center_properties.resource_name * resource_properties.a_property * security_marks.marks.marka The supported operators are: * = for all value types. * >, <, >=, <= for integer values. * :, meaning substring matching, for strings. The supported value types are: * string literals in quotes. * integer literals without quotes. * boolean literals true and false without quotes. The following field and operator combinations are supported: * name: = * update_time: =, >, <, >=, <= Usage: This should be milliseconds since epoch or an RFC3339 string. Examples: update_time = "2019-06-10T16:07:18-07:00" update_time = 1560208038000 * create_time: =, >, <, >=, <= Usage: This should be milliseconds since epoch or an RFC3339 string. Examples: create_time = "2019-06-10T16:07:18-07:00" create_time = 1560208038000 * iam_policy.policy_blob: =, : * resource_properties: =, :, >, <, >=, <= * security_marks.marks: =, : * security_center_properties.resource_name: =, : * security_center_properties.resource_name_display_name: =, : * security_center_properties.resource_type: =, : * security_center_properties.resource_parent: =, : * security_center_properties.resource_parent_display_name: =, : * security_center_properties.resource_project: =, : * security_center_properties.resource_project_display_name: =, : * security_center_properties.resource_owners: =, : For example, resource_properties.size = 100 is a valid filter string. Use a partial match on the empty string to filter based on a property existing: resource_properties.my_property : "" Use a negated partial match on the empty string to filter based on a property not existing: -resource_properties.my_property : ""

↳ compareDuration Duration

When compare_duration is set, the GroupResult's "state_change" property is updated to indicate whether the asset was added, removed, or remained present during the compare_duration period of time that precedes the read_time. This is the time between (read_time - compare_duration) and read_time. The state change value is derived based on the presence of the asset at the two points in time. Intermediate state changes between the two times don't affect the result. For example, the results aren't affected if the asset is removed and re-created again. Possible "state_change" values when compare_duration is specified: * "ADDED": indicates that the asset was not present at the start of compare_duration, but present at reference_time. * "REMOVED": indicates that the asset was present at the start of compare_duration, but not present at reference_time. * "ACTIVE": indicates that the asset was present at both the start and the end of the time period defined by compare_duration and reference_time. If compare_duration is not specified, then the only possible state_change is "UNUSED", which will be the state_change set for all assets present at read_time. If this field is set then state_change must be a specified field in group_by.

↳ readTime Timestamp

Time used as a reference point when filtering assets. The filter is limited to assets existing at the supplied time and their values are those at that specific time. Absence of this field will default to the API's version of NOW.

↳ pageToken string

A page token is used to specify a page of values to be returned. If no page token is specified (the default), the first page of values will be returned. Any page token used here must have been generated by a previous call to the API.

↳ pageSize int

The maximum number of resources contained in the underlying API response. The API may return fewer values in a page, even if there are additional values to be retrieved.

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
TypeDescription
Google\ApiCore\PagedListResponse
Example
use Google\ApiCore\ApiException;
use Google\ApiCore\PagedListResponse;
use Google\Cloud\SecurityCenter\V1p1beta1\GroupResult;
use Google\Cloud\SecurityCenter\V1p1beta1\SecurityCenterClient;

/**
 * @param string $formattedParent Name of the organization to groupBy. Its format is
 *                                "organizations/[organization_id], folders/[folder_id], or
 *                                projects/[project_id]". Please see
 *                                {@see SecurityCenterClient::projectName()} for help formatting this field.
 * @param string $groupBy         Expression that defines what assets fields to use for grouping. The string
 *                                value should follow SQL syntax: comma separated list of fields. For
 *                                example:
 *                                "security_center_properties.resource_project,security_center_properties.project".
 *
 *                                The following fields are supported when compare_duration is not set:
 *
 *                                * security_center_properties.resource_project
 *                                * security_center_properties.resource_project_display_name
 *                                * security_center_properties.resource_type
 *                                * security_center_properties.resource_parent
 *                                * security_center_properties.resource_parent_display_name
 *
 *                                The following fields are supported when compare_duration is set:
 *
 *                                * security_center_properties.resource_type
 *                                * security_center_properties.resource_project_display_name
 *                                * security_center_properties.resource_parent_display_name
 */
function group_assets_sample(string $formattedParent, string $groupBy): void
{
    // Create a client.
    $securityCenterClient = new SecurityCenterClient();

    // Call the API and handle any network failures.
    try {
        /** @var PagedListResponse $response */
        $response = $securityCenterClient->groupAssets($formattedParent, $groupBy);

        /** @var GroupResult $element */
        foreach ($response as $element) {
            printf('Element data: %s' . PHP_EOL, $element->serializeToJsonString());
        }
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $formattedParent = SecurityCenterClient::projectName('[PROJECT]');
    $groupBy = '[GROUP_BY]';

    group_assets_sample($formattedParent, $groupBy);
}

groupFindings

Filters an organization or source's findings and groups them by their specified properties.

To group across all sources provide a - as the source id. Example: /v1/organizations/{organization_id}/sources/-/findings, /v1/folders/{folder_id}/sources/-/findings, /v1/projects/{project_id}/sources/-/findings

Parameters
NameDescription
parent string

Required. Name of the source to groupBy. Its format is "organizations/[organization_id]/sources/[source_id]", folders/[folder_id]/sources/[source_id], or projects/[project_id]/sources/[source_id]. To groupBy across all sources provide a source_id of -. For example: organizations/{organization_id}/sources/-, folders/{folder_id}/sources/-, or projects/{project_id}/sources/-

groupBy string

Required. Expression that defines what assets fields to use for grouping (including state_change). The string value should follow SQL syntax: comma separated list of fields. For example: "parent,resource_name".

The following fields are supported:

  • resource_name
  • category
  • state
  • parent
  • severity

The following fields are supported when compare_duration is set:

  • state_change
optionalArgs array

Optional.

↳ filter string

Expression that defines the filter to apply across findings. The expression is a list of one or more restrictions combined via logical operators AND and OR. Parentheses are supported, and OR has higher precedence than AND. Restrictions have the form <field> <operator> <value> and may have a - character in front of them to indicate negation. Examples include: * name * source_properties.a_property * security_marks.marks.marka The supported operators are: * = for all value types. * >, <, >=, <= for integer values. * :, meaning substring matching, for strings. The supported value types are: * string literals in quotes. * integer literals without quotes. * boolean literals true and false without quotes. The following field and operator combinations are supported: * name: = * parent: =, : * resource_name: =, : * state: =, : * category: =, : * external_uri: =, : * event_time: =, >, <, >=, <= * severity: =, : Usage: This should be milliseconds since epoch or an RFC3339 string. Examples: event_time = "2019-06-10T16:07:18-07:00" event_time = 1560208038000 * security_marks.marks: =, : * source_properties: =, :, >, <, >=, <= For example, source_properties.size = 100 is a valid filter string. Use a partial match on the empty string to filter based on a property existing: source_properties.my_property : "" Use a negated partial match on the empty string to filter based on a property not existing: -source_properties.my_property : ""

↳ readTime Timestamp

Time used as a reference point when filtering findings. The filter is limited to findings existing at the supplied time and their values are those at that specific time. Absence of this field will default to the API's version of NOW.

↳ compareDuration Duration

When compare_duration is set, the GroupResult's "state_change" attribute is updated to indicate whether the finding had its state changed, the finding's state remained unchanged, or if the finding was added during the compare_duration period of time that precedes the read_time. This is the time between (read_time - compare_duration) and read_time. The state_change value is derived based on the presence and state of the finding at the two points in time. Intermediate state changes between the two times don't affect the result. For example, the results aren't affected if the finding is made inactive and then active again. Possible "state_change" values when compare_duration is specified: * "CHANGED": indicates that the finding was present and matched the given filter at the start of compare_duration, but changed its state at read_time. * "UNCHANGED": indicates that the finding was present and matched the given filter at the start of compare_duration and did not change state at read_time. * "ADDED": indicates that the finding did not match the given filter or was not present at the start of compare_duration, but was present at read_time. * "REMOVED": indicates that the finding was present and matched the filter at the start of compare_duration, but did not match the filter at read_time. If compare_duration is not specified, then the only possible state_change is "UNUSED", which will be the state_change set for all findings present at read_time. If this field is set then state_change must be a specified field in group_by.

↳ pageToken string

A page token is used to specify a page of values to be returned. If no page token is specified (the default), the first page of values will be returned. Any page token used here must have been generated by a previous call to the API.

↳ pageSize int

The maximum number of resources contained in the underlying API response. The API may return fewer values in a page, even if there are additional values to be retrieved.

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
TypeDescription
Google\ApiCore\PagedListResponse
Example
use Google\ApiCore\ApiException;
use Google\ApiCore\PagedListResponse;
use Google\Cloud\SecurityCenter\V1p1beta1\GroupResult;
use Google\Cloud\SecurityCenter\V1p1beta1\SecurityCenterClient;

/**
 * @param string $formattedParent Name of the source to groupBy. Its format is
 *                                "organizations/[organization_id]/sources/[source_id]",
 *                                folders/[folder_id]/sources/[source_id], or
 *                                projects/[project_id]/sources/[source_id]. To groupBy across all sources
 *                                provide a source_id of `-`. For example:
 *                                organizations/{organization_id}/sources/-, folders/{folder_id}/sources/-,
 *                                or projects/{project_id}/sources/-
 *                                Please see {@see SecurityCenterClient::sourceName()} for help formatting this field.
 * @param string $groupBy         Expression that defines what assets fields to use for grouping (including
 *                                `state_change`). The string value should follow SQL syntax: comma separated
 *                                list of fields. For example: "parent,resource_name".
 *
 *                                The following fields are supported:
 *
 *                                * resource_name
 *                                * category
 *                                * state
 *                                * parent
 *                                * severity
 *
 *                                The following fields are supported when compare_duration is set:
 *
 *                                * state_change
 */
function group_findings_sample(string $formattedParent, string $groupBy): void
{
    // Create a client.
    $securityCenterClient = new SecurityCenterClient();

    // Call the API and handle any network failures.
    try {
        /** @var PagedListResponse $response */
        $response = $securityCenterClient->groupFindings($formattedParent, $groupBy);

        /** @var GroupResult $element */
        foreach ($response as $element) {
            printf('Element data: %s' . PHP_EOL, $element->serializeToJsonString());
        }
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $formattedParent = SecurityCenterClient::sourceName('[ORGANIZATION]', '[SOURCE]');
    $groupBy = '[GROUP_BY]';

    group_findings_sample($formattedParent, $groupBy);
}

listAssets

Lists an organization's assets.

Parameters
NameDescription
parent string

Required. Name of the organization assets should belong to. Its format is "organizations/[organization_id], folders/[folder_id], or projects/[project_id]".

optionalArgs array

Optional.

↳ filter string

Expression that defines the filter to apply across assets. The expression is a list of zero or more restrictions combined via logical operators AND and OR. Parentheses are supported, and OR has higher precedence than AND. Restrictions have the form <field> <operator> <value> and may have a - character in front of them to indicate negation. The fields map to those defined in the Asset resource. Examples include: * name * security_center_properties.resource_name * resource_properties.a_property * security_marks.marks.marka The supported operators are: * = for all value types. * >, <, >=, <= for integer values. * :, meaning substring matching, for strings. The supported value types are: * string literals in quotes. * integer literals without quotes. * boolean literals true and false without quotes. The following are the allowed field and operator combinations: * name: = * update_time: =, >, <, >=, <= Usage: This should be milliseconds since epoch or an RFC3339 string. Examples: update_time = "2019-06-10T16:07:18-07:00" update_time = 1560208038000 * create_time: =, >, <, >=, <= Usage: This should be milliseconds since epoch or an RFC3339 string. Examples: create_time = "2019-06-10T16:07:18-07:00" create_time = 1560208038000 * iam_policy.policy_blob: =, : * resource_properties: =, :, >, <, >=, <= * security_marks.marks: =, : * security_center_properties.resource_name: =, : * security_center_properties.resource_display_name: =, : * security_center_properties.resource_type: =, : * security_center_properties.resource_parent: =, : * security_center_properties.resource_parent_display_name: =, : * security_center_properties.resource_project: =, : * security_center_properties.resource_project_display_name: =, : * security_center_properties.resource_owners: =, : For example, resource_properties.size = 100 is a valid filter string. Use a partial match on the empty string to filter based on a property existing: resource_properties.my_property : "" Use a negated partial match on the empty string to filter based on a property not existing: -resource_properties.my_property : ""

↳ orderBy string

Expression that defines what fields and order to use for sorting. The string value should follow SQL syntax: comma separated list of fields. For example: "name,resource_properties.a_property". The default sorting order is ascending. To specify descending order for a field, a suffix " desc" should be appended to the field name. For example: "name desc,resource_properties.a_property". Redundant space characters in the syntax are insignificant. "name desc,resource_properties.a_property" and " name desc , resource_properties.a_property " are equivalent. The following fields are supported: name update_time resource_properties security_marks.marks security_center_properties.resource_name security_center_properties.resource_display_name security_center_properties.resource_parent security_center_properties.resource_parent_display_name security_center_properties.resource_project security_center_properties.resource_project_display_name security_center_properties.resource_type

↳ readTime Timestamp

Time used as a reference point when filtering assets. The filter is limited to assets existing at the supplied time and their values are those at that specific time. Absence of this field will default to the API's version of NOW.

↳ compareDuration Duration

When compare_duration is set, the ListAssetsResult's "state_change" attribute is updated to indicate whether the asset was added, removed, or remained present during the compare_duration period of time that precedes the read_time. This is the time between (read_time - compare_duration) and read_time. The state_change value is derived based on the presence of the asset at the two points in time. Intermediate state changes between the two times don't affect the result. For example, the results aren't affected if the asset is removed and re-created again. Possible "state_change" values when compare_duration is specified: * "ADDED": indicates that the asset was not present at the start of compare_duration, but present at read_time. * "REMOVED": indicates that the asset was present at the start of compare_duration, but not present at read_time. * "ACTIVE": indicates that the asset was present at both the start and the end of the time period defined by compare_duration and read_time. If compare_duration is not specified, then the only possible state_change is "UNUSED", which will be the state_change set for all assets present at read_time.

↳ fieldMask FieldMask

A field mask to specify the ListAssetsResult fields to be listed in the response. An empty field mask will list all fields.

↳ pageToken string

A page token is used to specify a page of values to be returned. If no page token is specified (the default), the first page of values will be returned. Any page token used here must have been generated by a previous call to the API.

↳ pageSize int

The maximum number of resources contained in the underlying API response. The API may return fewer values in a page, even if there are additional values to be retrieved.

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
TypeDescription
Google\ApiCore\PagedListResponse
Example
use Google\ApiCore\ApiException;
use Google\ApiCore\PagedListResponse;
use Google\Cloud\SecurityCenter\V1p1beta1\ListAssetsResponse\ListAssetsResult;
use Google\Cloud\SecurityCenter\V1p1beta1\SecurityCenterClient;

/**
 * @param string $formattedParent Name of the organization assets should belong to. Its format is
 *                                "organizations/[organization_id], folders/[folder_id], or
 *                                projects/[project_id]". Please see
 *                                {@see SecurityCenterClient::projectName()} for help formatting this field.
 */
function list_assets_sample(string $formattedParent): void
{
    // Create a client.
    $securityCenterClient = new SecurityCenterClient();

    // Call the API and handle any network failures.
    try {
        /** @var PagedListResponse $response */
        $response = $securityCenterClient->listAssets($formattedParent);

        /** @var ListAssetsResult $element */
        foreach ($response as $element) {
            printf('Element data: %s' . PHP_EOL, $element->serializeToJsonString());
        }
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $formattedParent = SecurityCenterClient::projectName('[PROJECT]');

    list_assets_sample($formattedParent);
}

listFindings

Lists an organization or source's findings.

To list across all sources provide a - as the source id. Example: /v1p1beta1/organizations/{organization_id}/sources/-/findings

Parameters
NameDescription
parent string

Required. Name of the source the findings belong to. Its format is "organizations/[organization_id]/sources/[source_id], folders/[folder_id]/sources/[source_id], or projects/[project_id]/sources/[source_id]". To list across all sources provide a source_id of -. For example: organizations/{organization_id}/sources/-, folders/{folder_id}/sources/- or projects/{projects_id}/sources/-

optionalArgs array

Optional.

↳ filter string

Expression that defines the filter to apply across findings. The expression is a list of one or more restrictions combined via logical operators AND and OR. Parentheses are supported, and OR has higher precedence than AND. Restrictions have the form <field> <operator> <value> and may have a - character in front of them to indicate negation. Examples include: * name * source_properties.a_property * security_marks.marks.marka The supported operators are: * = for all value types. * >, <, >=, <= for integer values. * :, meaning substring matching, for strings. The supported value types are: * string literals in quotes. * integer literals without quotes. * boolean literals true and false without quotes. The following field and operator combinations are supported: * name: = * parent: =, : * resource_name: =, : * state: =, : * category: =, : * external_uri: =, : * event_time: =, >, <, >=, <= * severity: =, : Usage: This should be milliseconds since epoch or an RFC3339 string. Examples: event_time = "2019-06-10T16:07:18-07:00" event_time = 1560208038000 security_marks.marks: =, : source_properties: =, :, >, <, >=, <= For example, source_properties.size = 100 is a valid filter string. Use a partial match on the empty string to filter based on a property existing: source_properties.my_property : "" Use a negated partial match on the empty string to filter based on a property not existing: -source_properties.my_property : ""

↳ orderBy string

Expression that defines what fields and order to use for sorting. The string value should follow SQL syntax: comma separated list of fields. For example: "name,resource_properties.a_property". The default sorting order is ascending. To specify descending order for a field, a suffix " desc" should be appended to the field name. For example: "name desc,source_properties.a_property". Redundant space characters in the syntax are insignificant. "name desc,source_properties.a_property" and " name desc , source_properties.a_property " are equivalent. The following fields are supported: name parent state category resource_name event_time source_properties security_marks.marks

↳ readTime Timestamp

Time used as a reference point when filtering findings. The filter is limited to findings existing at the supplied time and their values are those at that specific time. Absence of this field will default to the API's version of NOW.

↳ compareDuration Duration

When compare_duration is set, the ListFindingsResult's "state_change" attribute is updated to indicate whether the finding had its state changed, the finding's state remained unchanged, or if the finding was added in any state during the compare_duration period of time that precedes the read_time. This is the time between (read_time - compare_duration) and read_time. The state_change value is derived based on the presence and state of the finding at the two points in time. Intermediate state changes between the two times don't affect the result. For example, the results aren't affected if the finding is made inactive and then active again. Possible "state_change" values when compare_duration is specified: * "CHANGED": indicates that the finding was present and matched the given filter at the start of compare_duration, but changed its state at read_time. * "UNCHANGED": indicates that the finding was present and matched the given filter at the start of compare_duration and did not change state at read_time. * "ADDED": indicates that the finding did not match the given filter or was not present at the start of compare_duration, but was present at read_time. * "REMOVED": indicates that the finding was present and matched the filter at the start of compare_duration, but did not match the filter at read_time. If compare_duration is not specified, then the only possible state_change is "UNUSED", which will be the state_change set for all findings present at read_time.

↳ fieldMask FieldMask

A field mask to specify the Finding fields to be listed in the response. An empty field mask will list all fields.

↳ pageToken string

A page token is used to specify a page of values to be returned. If no page token is specified (the default), the first page of values will be returned. Any page token used here must have been generated by a previous call to the API.

↳ pageSize int

The maximum number of resources contained in the underlying API response. The API may return fewer values in a page, even if there are additional values to be retrieved.

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
TypeDescription
Google\ApiCore\PagedListResponse
Example
use Google\ApiCore\ApiException;
use Google\ApiCore\PagedListResponse;
use Google\Cloud\SecurityCenter\V1p1beta1\ListFindingsResponse\ListFindingsResult;
use Google\Cloud\SecurityCenter\V1p1beta1\SecurityCenterClient;

/**
 * @param string $formattedParent Name of the source the findings belong to. Its format is
 *                                "organizations/[organization_id]/sources/[source_id],
 *                                folders/[folder_id]/sources/[source_id], or
 *                                projects/[project_id]/sources/[source_id]". To list across all sources
 *                                provide a source_id of `-`. For example:
 *                                organizations/{organization_id}/sources/-, folders/{folder_id}/sources/- or
 *                                projects/{projects_id}/sources/-
 *                                Please see {@see SecurityCenterClient::sourceName()} for help formatting this field.
 */
function list_findings_sample(string $formattedParent): void
{
    // Create a client.
    $securityCenterClient = new SecurityCenterClient();

    // Call the API and handle any network failures.
    try {
        /** @var PagedListResponse $response */
        $response = $securityCenterClient->listFindings($formattedParent);

        /** @var ListFindingsResult $element */
        foreach ($response as $element) {
            printf('Element data: %s' . PHP_EOL, $element->serializeToJsonString());
        }
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $formattedParent = SecurityCenterClient::sourceName('[ORGANIZATION]', '[SOURCE]');

    list_findings_sample($formattedParent);
}

listNotificationConfigs

Lists notification configs.

Parameters
NameDescription
parent string

Required. Name of the organization to list notification configs. Its format is "organizations/[organization_id]".

optionalArgs array

Optional.

↳ pageToken string

A page token is used to specify a page of values to be returned. If no page token is specified (the default), the first page of values will be returned. Any page token used here must have been generated by a previous call to the API.

↳ pageSize int

The maximum number of resources contained in the underlying API response. The API may return fewer values in a page, even if there are additional values to be retrieved.

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
TypeDescription
Google\ApiCore\PagedListResponse
Example
use Google\ApiCore\ApiException;
use Google\ApiCore\PagedListResponse;
use Google\Cloud\SecurityCenter\V1p1beta1\NotificationConfig;
use Google\Cloud\SecurityCenter\V1p1beta1\SecurityCenterClient;

/**
 * @param string $formattedParent Name of the organization to list notification configs.
 *                                Its format is "organizations/[organization_id]". Please see
 *                                {@see SecurityCenterClient::organizationName()} for help formatting this field.
 */
function list_notification_configs_sample(string $formattedParent): void
{
    // Create a client.
    $securityCenterClient = new SecurityCenterClient();

    // Call the API and handle any network failures.
    try {
        /** @var PagedListResponse $response */
        $response = $securityCenterClient->listNotificationConfigs($formattedParent);

        /** @var NotificationConfig $element */
        foreach ($response as $element) {
            printf('Element data: %s' . PHP_EOL, $element->serializeToJsonString());
        }
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $formattedParent = SecurityCenterClient::organizationName('[ORGANIZATION]');

    list_notification_configs_sample($formattedParent);
}

listSources

Lists all sources belonging to an organization.

Parameters
NameDescription
parent string

Required. Resource name of the parent of sources to list. Its format should be "organizations/[organization_id], folders/[folder_id], or projects/[project_id]".

optionalArgs array

Optional.

↳ pageToken string

A page token is used to specify a page of values to be returned. If no page token is specified (the default), the first page of values will be returned. Any page token used here must have been generated by a previous call to the API.

↳ pageSize int

The maximum number of resources contained in the underlying API response. The API may return fewer values in a page, even if there are additional values to be retrieved.

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
TypeDescription
Google\ApiCore\PagedListResponse
Example
use Google\ApiCore\ApiException;
use Google\ApiCore\PagedListResponse;
use Google\Cloud\SecurityCenter\V1p1beta1\SecurityCenterClient;
use Google\Cloud\SecurityCenter\V1p1beta1\Source;

/**
 * @param string $formattedParent Resource name of the parent of sources to list. Its format should be
 *                                "organizations/[organization_id], folders/[folder_id], or
 *                                projects/[project_id]". Please see
 *                                {@see SecurityCenterClient::projectName()} for help formatting this field.
 */
function list_sources_sample(string $formattedParent): void
{
    // Create a client.
    $securityCenterClient = new SecurityCenterClient();

    // Call the API and handle any network failures.
    try {
        /** @var PagedListResponse $response */
        $response = $securityCenterClient->listSources($formattedParent);

        /** @var Source $element */
        foreach ($response as $element) {
            printf('Element data: %s' . PHP_EOL, $element->serializeToJsonString());
        }
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $formattedParent = SecurityCenterClient::projectName('[PROJECT]');

    list_sources_sample($formattedParent);
}

runAssetDiscovery

Runs asset discovery. The discovery is tracked with a long-running operation.

This API can only be called with limited frequency for an organization. If it is called too frequently the caller will receive a TOO_MANY_REQUESTS error.

Parameters
NameDescription
parent string

Required. Name of the organization to run asset discovery for. Its format is "organizations/[organization_id]".

optionalArgs array

Optional.

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
TypeDescription
Google\ApiCore\OperationResponse
Example
use Google\ApiCore\ApiException;
use Google\ApiCore\OperationResponse;
use Google\Cloud\SecurityCenter\V1p1beta1\RunAssetDiscoveryResponse;
use Google\Cloud\SecurityCenter\V1p1beta1\SecurityCenterClient;
use Google\Rpc\Status;

/**
 * @param string $formattedParent Name of the organization to run asset discovery for. Its format is
 *                                "organizations/[organization_id]". Please see
 *                                {@see SecurityCenterClient::organizationName()} for help formatting this field.
 */
function run_asset_discovery_sample(string $formattedParent): void
{
    // Create a client.
    $securityCenterClient = new SecurityCenterClient();

    // Call the API and handle any network failures.
    try {
        /** @var OperationResponse $response */
        $response = $securityCenterClient->runAssetDiscovery($formattedParent);
        $response->pollUntilComplete();

        if ($response->operationSucceeded()) {
            /** @var RunAssetDiscoveryResponse $result */
            $result = $response->getResult();
            printf('Operation successful with response data: %s' . PHP_EOL, $result->serializeToJsonString());
        } else {
            /** @var Status $error */
            $error = $response->getError();
            printf('Operation failed with error data: %s' . PHP_EOL, $error->serializeToJsonString());
        }
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $formattedParent = SecurityCenterClient::organizationName('[ORGANIZATION]');

    run_asset_discovery_sample($formattedParent);
}

setFindingState

Updates the state of a finding.

Parameters
NameDescription
name string

Required. The relative resource name of the finding. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name Example: "organizations/{organization_id}/sources/{source_id}/finding/{finding_id}".

state int

Required. The desired State of the finding. For allowed values, use constants defined on {@see \Google\Cloud\SecurityCenter\V1p1beta1\Finding\State}

startTime Google\Protobuf\Timestamp

Required. The time at which the updated state takes effect.

optionalArgs array

Optional.

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
TypeDescription
Google\Cloud\SecurityCenter\V1p1beta1\Finding
Example
use Google\ApiCore\ApiException;
use Google\Cloud\SecurityCenter\V1p1beta1\Finding;
use Google\Cloud\SecurityCenter\V1p1beta1\Finding\State;
use Google\Cloud\SecurityCenter\V1p1beta1\SecurityCenterClient;
use Google\Protobuf\Timestamp;

/**
 * @param string $formattedName The relative resource name of the finding. See:
 *                              https://cloud.google.com/apis/design/resource_names#relative_resource_name
 *                              Example:
 *                              "organizations/{organization_id}/sources/{source_id}/finding/{finding_id}". Please see
 *                              {@see SecurityCenterClient::findingName()} for help formatting this field.
 * @param int    $state         The desired State of the finding.
 */
function set_finding_state_sample(string $formattedName, int $state): void
{
    // Create a client.
    $securityCenterClient = new SecurityCenterClient();

    // Prepare any non-scalar elements to be passed along with the request.
    $startTime = new Timestamp();

    // Call the API and handle any network failures.
    try {
        /** @var Finding $response */
        $response = $securityCenterClient->setFindingState($formattedName, $state, $startTime);
        printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $formattedName = SecurityCenterClient::findingName('[ORGANIZATION]', '[SOURCE]', '[FINDING]');
    $state = State::STATE_UNSPECIFIED;

    set_finding_state_sample($formattedName, $state);
}

setIamPolicy

Sets the access control policy on the specified Source.

Parameters
NameDescription
resource string

REQUIRED: The resource for which the policy is being specified. See the operation documentation for the appropriate value for this field.

policy Google\Cloud\Iam\V1\Policy

REQUIRED: The complete policy to be applied to the resource. The size of the policy is limited to a few 10s of KB. An empty policy is a valid policy but certain Cloud Platform services (such as Projects) might reject them.

optionalArgs array

Optional.

↳ updateMask FieldMask

OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only the fields in the mask will be modified. If no mask is provided, the following default mask is used: paths: "bindings, etag"

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
TypeDescription
Google\Cloud\Iam\V1\Policy
Example
use Google\ApiCore\ApiException;
use Google\Cloud\Iam\V1\Policy;
use Google\Cloud\SecurityCenter\V1p1beta1\SecurityCenterClient;

/**
 * @param string $resource REQUIRED: The resource for which the policy is being specified.
 *                         See the operation documentation for the appropriate value for this field.
 */
function set_iam_policy_sample(string $resource): void
{
    // Create a client.
    $securityCenterClient = new SecurityCenterClient();

    // Prepare any non-scalar elements to be passed along with the request.
    $policy = new Policy();

    // Call the API and handle any network failures.
    try {
        /** @var Policy $response */
        $response = $securityCenterClient->setIamPolicy($resource, $policy);
        printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $resource = '[RESOURCE]';

    set_iam_policy_sample($resource);
}

testIamPermissions

Returns the permissions that a caller has on the specified source.

Parameters
NameDescription
resource string

REQUIRED: The resource for which the policy detail is being requested. See the operation documentation for the appropriate value for this field.

permissions string[]

The set of permissions to check for the resource. Permissions with wildcards (such as '' or 'storage.') are not allowed. For more information see IAM Overview.

optionalArgs array

Optional.

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
TypeDescription
Google\Cloud\Iam\V1\TestIamPermissionsResponse
Example
use Google\ApiCore\ApiException;
use Google\Cloud\Iam\V1\TestIamPermissionsResponse;
use Google\Cloud\SecurityCenter\V1p1beta1\SecurityCenterClient;

/**
 * @param string $resource           REQUIRED: The resource for which the policy detail is being requested.
 *                                   See the operation documentation for the appropriate value for this field.
 * @param string $permissionsElement The set of permissions to check for the `resource`. Permissions with
 *                                   wildcards (such as '*' or 'storage.*') are not allowed. For more
 *                                   information see
 *                                   [IAM Overview](https://cloud.google.com/iam/docs/overview#permissions).
 */
function test_iam_permissions_sample(string $resource, string $permissionsElement): void
{
    // Create a client.
    $securityCenterClient = new SecurityCenterClient();

    // Prepare any non-scalar elements to be passed along with the request.
    $permissions = [$permissionsElement,];

    // Call the API and handle any network failures.
    try {
        /** @var TestIamPermissionsResponse $response */
        $response = $securityCenterClient->testIamPermissions($resource, $permissions);
        printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $resource = '[RESOURCE]';
    $permissionsElement = '[PERMISSIONS]';

    test_iam_permissions_sample($resource, $permissionsElement);
}

updateFinding

Creates or updates a finding. The corresponding source must exist for a finding creation to succeed.

Parameters
NameDescription
finding Google\Cloud\SecurityCenter\V1p1beta1\Finding

Required. The finding resource to update or create if it does not already exist. parent, security_marks, and update_time will be ignored.

In the case of creation, the finding id portion of the name must be alphanumeric and less than or equal to 32 characters and greater than 0 characters in length.

optionalArgs array

Optional.

↳ updateMask FieldMask

The FieldMask to use when updating the finding resource. This field should not be specified when creating a finding. When updating a finding, an empty mask is treated as updating all mutable fields and replacing source_properties. Individual source_properties can be added/updated by using "source_properties.

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
TypeDescription
Google\Cloud\SecurityCenter\V1p1beta1\Finding
Example
use Google\ApiCore\ApiException;
use Google\Cloud\SecurityCenter\V1p1beta1\Finding;
use Google\Cloud\SecurityCenter\V1p1beta1\SecurityCenterClient;

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function update_finding_sample(): void
{
    // Create a client.
    $securityCenterClient = new SecurityCenterClient();

    // Prepare any non-scalar elements to be passed along with the request.
    $finding = new Finding();

    // Call the API and handle any network failures.
    try {
        /** @var Finding $response */
        $response = $securityCenterClient->updateFinding($finding);
        printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

updateNotificationConfig

Updates a notification config. The following update fields are allowed: description, pubsub_topic, streaming_config.filter

Parameters
NameDescription
notificationConfig Google\Cloud\SecurityCenter\V1p1beta1\NotificationConfig

Required. The notification config to update.

optionalArgs array

Optional.

↳ updateMask FieldMask

The FieldMask to use when updating the notification config. If empty all mutable fields will be updated.

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
TypeDescription
Google\Cloud\SecurityCenter\V1p1beta1\NotificationConfig
Example
use Google\ApiCore\ApiException;
use Google\Cloud\SecurityCenter\V1p1beta1\NotificationConfig;
use Google\Cloud\SecurityCenter\V1p1beta1\SecurityCenterClient;

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function update_notification_config_sample(): void
{
    // Create a client.
    $securityCenterClient = new SecurityCenterClient();

    // Prepare any non-scalar elements to be passed along with the request.
    $notificationConfig = new NotificationConfig();

    // Call the API and handle any network failures.
    try {
        /** @var NotificationConfig $response */
        $response = $securityCenterClient->updateNotificationConfig($notificationConfig);
        printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

updateOrganizationSettings

Updates an organization's settings.

Parameters
NameDescription
organizationSettings Google\Cloud\SecurityCenter\V1p1beta1\OrganizationSettings

Required. The organization settings resource to update.

optionalArgs array

Optional.

↳ updateMask FieldMask

The FieldMask to use when updating the settings resource. If empty all mutable fields will be updated.

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
TypeDescription
Google\Cloud\SecurityCenter\V1p1beta1\OrganizationSettings
Example
use Google\ApiCore\ApiException;
use Google\Cloud\SecurityCenter\V1p1beta1\OrganizationSettings;
use Google\Cloud\SecurityCenter\V1p1beta1\SecurityCenterClient;

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function update_organization_settings_sample(): void
{
    // Create a client.
    $securityCenterClient = new SecurityCenterClient();

    // Prepare any non-scalar elements to be passed along with the request.
    $organizationSettings = new OrganizationSettings();

    // Call the API and handle any network failures.
    try {
        /** @var OrganizationSettings $response */
        $response = $securityCenterClient->updateOrganizationSettings($organizationSettings);
        printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

updateSecurityMarks

Updates security marks.

Parameters
NameDescription
securityMarks Google\Cloud\SecurityCenter\V1p1beta1\SecurityMarks

Required. The security marks resource to update.

optionalArgs array

Optional.

↳ updateMask FieldMask

The FieldMask to use when updating the security marks resource. The field mask must not contain duplicate fields. If empty or set to "marks", all marks will be replaced. Individual marks can be updated using "marks.<mark_key>".

↳ startTime Timestamp

The time at which the updated SecurityMarks take effect. If not set uses current server time. Updates will be applied to the SecurityMarks that are active immediately preceding this time.

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
TypeDescription
Google\Cloud\SecurityCenter\V1p1beta1\SecurityMarks
Example
use Google\ApiCore\ApiException;
use Google\Cloud\SecurityCenter\V1p1beta1\SecurityCenterClient;
use Google\Cloud\SecurityCenter\V1p1beta1\SecurityMarks;

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function update_security_marks_sample(): void
{
    // Create a client.
    $securityCenterClient = new SecurityCenterClient();

    // Prepare any non-scalar elements to be passed along with the request.
    $securityMarks = new SecurityMarks();

    // Call the API and handle any network failures.
    try {
        /** @var SecurityMarks $response */
        $response = $securityCenterClient->updateSecurityMarks($securityMarks);
        printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

updateSource

Updates a source.

Parameters
NameDescription
source Google\Cloud\SecurityCenter\V1p1beta1\Source

Required. The source resource to update.

optionalArgs array

Optional.

↳ updateMask FieldMask

The FieldMask to use when updating the source resource. If empty all mutable fields will be updated.

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
TypeDescription
Google\Cloud\SecurityCenter\V1p1beta1\Source
Example
use Google\ApiCore\ApiException;
use Google\Cloud\SecurityCenter\V1p1beta1\SecurityCenterClient;
use Google\Cloud\SecurityCenter\V1p1beta1\Source;

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function update_source_sample(): void
{
    // Create a client.
    $securityCenterClient = new SecurityCenterClient();

    // Prepare any non-scalar elements to be passed along with the request.
    $source = new Source();

    // Call the API and handle any network failures.
    try {
        /** @var Source $response */
        $response = $securityCenterClient->updateSource($source);
        printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

Constants

SERVICE_NAME

Value: 'google.cloud.securitycenter.v1p1beta1.SecurityCenter'

The name of the service.

SERVICE_ADDRESS

Value: 'securitycenter.googleapis.com'

The default address of the service.

DEFAULT_SERVICE_PORT

Value: 443

The default port of the service.

CODEGEN_NAME

Value: 'gapic'

The name of the code generator, to be included in the agent header.