Class SimulatedFinding (0.1.18)

SimulatedFinding(mapping=None, *, ignore_unknown_fields=False, **kwargs)

The minimum set of fields needed to represent a simulated finding from a Security Health Analytics custom module.

Attributes

Name Description
name str
Identifier. The `relative resource name
parent str
The relative resource name __ of the source the finding belongs to. For example, organizations/{organization_id}/sources/{source_id}. This field is immutable after creation time.
resource_name str
For findings on Google Cloud resources, the `full resource name
category str
The additional taxonomy group within findings from a given source. For example, XSS_FLASH_INJECTION. This field is immutable after creation time.
state google.cloud.securitycentermanagement_v1.types.SimulatedFinding.State
Output only. The state of the finding.
source_properties MutableMapping[str, google.protobuf.struct_pb2.Value]
Source-specific properties. These properties are managed by the source that writes the finding. The key names must be between 1 and 255 characters; they must start with a letter and contain alphanumeric characters or underscores only.
event_time google.protobuf.timestamp_pb2.Timestamp
The time the finding was first detected. If an existing finding is updated, then this is the time the update occurred. If the finding is later resolved, then this time reflects when the finding was resolved. For example, if the finding represents an open firewall, this property captures the time the detector believes the firewall became open. The accuracy is determined by the detector. The event time must not be set to a value greater than the current timestamp.
severity google.cloud.securitycentermanagement_v1.types.SimulatedFinding.Severity
The severity of the finding. This field is managed by the source that writes the finding.
finding_class google.cloud.securitycentermanagement_v1.types.SimulatedFinding.FindingClass
The class of the finding.

Classes

FindingClass

FindingClass(value)

Represents what kind of finding it is.

Severity

Severity(value)

The severity of the finding.

    For threats: Indicates a threat that is able to
    access, modify, or delete data or execute
    unauthorized code within existing resources.
HIGH (2):
    For vulnerabilities: A high-risk
    vulnerability can be easily discovered and
    exploited in combination with other
    vulnerabilities in order to gain direct access
    and the ability to execute arbitrary code,
    exfiltrate data, and otherwise gain additional
    access and privileges to cloud resources and
    workloads. An example is a database with weak or
    no passwords that is only accessible internally.
    This database could easily be compromised by an
    actor that had access to the internal network.

    For threats: Indicates a threat that is able to
    create new computational resources in an
    environment but not able to access data or
    execute code in existing resources.
MEDIUM (3):
    For vulnerabilities: A medium-risk
    vulnerability could be used by an actor to gain
    access to resources or privileges that enable
    them to eventually (through multiple steps or a
    complex exploit) gain access and the ability to
    execute arbitrary code or exfiltrate data. An
    example is a service account with access to more
    projects than it should have. If an actor gains
    access to the service account, they could
    potentially use that access to manipulate a
    project the service account was not intended to.

    For threats: Indicates a threat that is able to
    cause operational impact but may not access data
    or execute unauthorized code.
LOW (4):
    For vulnerabilities: A low-risk vulnerability
    hampers a security organization's ability to
    detect vulnerabilities or active threats in
    their deployment, or prevents the root cause
    investigation of security issues. An example is
    monitoring and logs being disabled for resource
    configurations and access.

    For threats: Indicates a threat that has
    obtained minimal access to an environment but is
    not able to access data, execute code, or create
    resources.

SourcePropertiesEntry

SourcePropertiesEntry(mapping=None, *, ignore_unknown_fields=False, **kwargs)

The abstract base class for a message.

Parameters
Name Description
kwargs dict

Keys and values corresponding to the fields of the message.

mapping Union[dict, .Message]

A dictionary or message to be used to determine the values for this message.

ignore_unknown_fields Optional(bool)

If True, do not raise errors for unknown fields. Only applied if mapping is a mapping type or there are keyword parameters.

State

State(value)

The state of the finding.