Module types (0.5.0)

API documentation for securitycenter_v1p1beta1.types module.

API documentation for securitycenter_v1p1beta1.types.Any class.

Cloud Security Command Center's (Cloud SCC) representation of a Google Cloud Platform (GCP) resource.

The Asset is a Cloud SCC resource that captures information about a single GCP resource. All modifications to an Asset are only within the context of Cloud SCC and don't affect the referenced GCP resource.

Cloud SCC managed properties. These properties are managed by Cloud SCC and cannot be modified by the user.

User specified security marks. These marks are entirely managed by the user and come from the SecurityMarks resource that belongs to the asset.

The time at which the asset was last updated, added, or deleted in Cloud SCC.

API documentation for securitycenter_v1p1beta1.types.AuditConfig class.

API documentation for securitycenter_v1p1beta1.types.AuditConfigDelta class.

API documentation for securitycenter_v1p1beta1.types.AuditLogConfig class.

API documentation for securitycenter_v1p1beta1.types.Binding class.

API documentation for securitycenter_v1p1beta1.types.BindingDelta class.

API documentation for securitycenter_v1p1beta1.types.CancelOperationRequest class.

Request message for creating a finding.

Required. Unique identifier provided by the client within the parent scope. It must be alphanumeric and less than or equal to 32 characters and greater than 0 characters in length.

Request message for creating a notification config.

Required. Unique identifier provided by the client within the parent scope. It must be between 1 and 128 characters, and contains alphanumeric characters, underscores or hyphens only.

Request message for creating a source.

Required. The Source being created, only the display_name and description will be used. All other fields will be ignored.

Request message for deleting a notification config.

API documentation for securitycenter_v1p1beta1.types.DeleteOperationRequest class.

API documentation for securitycenter_v1p1beta1.types.Duration class.

API documentation for securitycenter_v1p1beta1.types.Empty class.

API documentation for securitycenter_v1p1beta1.types.Expr class.

API documentation for securitycenter_v1p1beta1.types.FieldMask class.

Cloud Security Command Center (Cloud SCC) finding.

A finding is a record of assessment data (security, risk, health or privacy) ingested into Cloud SCC for presentation, notification, analysis, policy testing, and enforcement. For example, an XSS vulnerability in an App Engine application is a finding.

The relative resource name of the source the finding belongs to. See: https://cloud.google.com/apis/design/resource_names# relative_resource_name This field is immutable after creation time. For example: "organizations/{organization_id}/sources/{source_id}"

The state of the finding.

The URI that, if available, points to a web page outside of Cloud SCC where additional information about the finding can be found. This field is guaranteed to be either empty or a well formed URL.

Output only. User specified security marks. These marks are entirely managed by the user and come from the SecurityMarks resource that belongs to the finding.

The time at which the finding was created in Cloud SCC.

API documentation for securitycenter_v1p1beta1.types.GetIamPolicyRequest class.

Request message for getting a notification config.

API documentation for securitycenter_v1p1beta1.types.GetOperationRequest class.

Request message for getting organization settings.

API documentation for securitycenter_v1p1beta1.types.GetPolicyOptions class.

Request message for getting a source.

Request message for grouping by assets.

Expression that defines the filter to apply across assets. The expression is a list of zero or more restrictions combined via logical operators AND and OR. Parentheses are supported, and OR has higher precedence than AND. Restrictions have the form <field> <operator> <value> and may have a - character in front of them to indicate negation. The fields map to those defined in the Asset resource. Examples include: - name - security_center_properties.resource_name - resource_properties.a_property - security_marks.marks.marka The supported operators are: - = for all value types. - >, <, >=, <= for integer values. - :, meaning substring matching, for strings. The supported value types are: - string literals in quotes. - integer literals without quotes. - boolean literals true and false without quotes. The following field and operator combinations are supported: - name: =

• update_time: =, >, <, >=, <= Usage: This should be milliseconds since epoch or an RFC3339 string. Examples: "update_time = "2019-06-10T16:07:18-07:00"" "update_time = 1560208038000" - create_time: =, >, <, >=, <= Usage: This should be milliseconds since epoch or an RFC3339 string. Examples: "create_time = "2019-06-10T16:07:18-07:00"" "create_time = 1560208038000" - iam_policy.policy_blob: =, : - resource_properties: =, :, >, <, >=, <= - security_marks.marks: =, : - security_center_properties.resource_name: =, : - security_center_properties.resource_name_display_name: =, : - security_center_properties.resource_type: =, : - security_center_properties.resource_parent: =, : - security_center_properties.resource_parent_display_name: =, : - security_center_properties.resource_project: =, : - security_center_properties.resource_project_display_name: =, : - security_center_properties.resource_owners: =, : For example, resource_properties.size = 100 is a valid filter string.

  When compare_duration is set, the GroupResult's "state_change" property is updated to indicate whether the asset was added, removed, or remained present during the compare_duration period of time that precedes the read_time. This is the time between (read_time - compare_duration) and read_time. The state change value is derived based on the presence of the asset at the two points in time. Intermediate state changes between the two times don't affect the result. For example, the results aren't affected if the asset is removed and re-created again. Possible "state_change" values when compare_duration is specified: - "ADDED": indicates that the asset was not present at the start of compare_duration, but present at reference_time. - "REMOVED": indicates that the asset was present at the start of compare_duration, but not present at reference_time. - "ACTIVE": indicates that the asset was present at both the start and the end of the time period defined by compare_duration and reference_time. If compare_duration is not specified, then the only possible state_change is "UNUSED", which will be the state_change set for all assets present at read_time. If this field is set then state_change must be a specified field in group_by.

  Filter that specifies what fields to further filter on after the query filter has been executed. Currently only state_change is supported and requires compare_duration to be specified.

  The maximum number of results to return in a single response. Default is 10, minimum is 1, maximum is 1000.

Response message for grouping by assets.

Time used for executing the groupBy request.

The total number of results matching the query.

Request message for grouping by findings.

Expression that defines the filter to apply across findings. The expression is a list of one or more restrictions combined via logical operators AND and OR. Parentheses are supported, and OR has higher precedence than AND. Restrictions have the form <field> <operator> <value> and may have a - character in front of them to indicate negation. Examples include: - name - source_properties.a_property - security_marks.marks.marka The supported operators are: - = for all value types. - >, <, >=, <= for integer values. - :, meaning substring matching, for strings. The supported value types are: - string literals in quotes. - integer literals without quotes. - boolean literals true and false without quotes. The following field and operator combinations are supported: - name: = - parent: =, : - resource_name: =, : - state: =, : - category: =, : - external_uri: =, : - event_time: =, >, <, >=, <= Usage: This should be milliseconds since epoch or an RFC3339 string. Examples: "event_time = "2019-06-10T16:07:18-07:00"" "event_time = 1560208038000" - security_marks.marks: =, : - source_properties: =, :, >, <, >=, <= For example, source_properties.size = 100 is a valid filter string.

Time used as a reference point when filtering findings. The filter is limited to findings existing at the supplied time and their values are those at that specific time. Absence of this field will default to the API's version of NOW.

Filter that specifies what fields to further filter on after the query filter has been executed. Currently only finding.state and state_change are supported and requires compare_duration to be specified.

The maximum number of results to return in a single response. Default is 10, minimum is 1, maximum is 1000.

Response message for group by findings.

Time used for executing the groupBy request.

The total number of results matching the query.

Result containing the properties and count of a groupBy request.

Total count of resources for the given properties.

Request message for listing assets.

Expression that defines the filter to apply across assets. The expression is a list of zero or more restrictions combined via logical operators AND and OR. Parentheses are supported, and OR has higher precedence than AND. Restrictions have the form <field> <operator> <value> and may have a - character in front of them to indicate negation. The fields map to those defined in the Asset resource. Examples include: - name - security_center_properties.resource_name - resource_properties.a_property - security_marks.marks.marka The supported operators are: - = for all value types. - >, <, >=, <= for integer values. - :, meaning substring matching, for strings. The supported value types are: - string literals in quotes. - integer literals without quotes. - boolean literals true and false without quotes. The following are the allowed field and operator combinations: - name: = - update_time: =, >, <, >=, <= Usage: This should be milliseconds since epoch or an RFC3339 string. Examples: "update_time = "2019-06-10T16:07:18-07:00"" "update_time = 1560208038000" - create_time: =, >, <, >=, <= Usage: This should be milliseconds since epoch or an RFC3339 string. Examples: "create_time = "2019-06-10T16:07:18-07:00"" "create_time = 1560208038000" - iam_policy.policy_blob: =, : - resource_properties: =, :, >, <, >=, <= - security_marks.marks: =, : - security_center_properties.resource_name: =, : - security_center_properties.resource_display_name: =, : - security_center_properties.resource_type: =, : - security_center_properties.resource_parent: =, : - security_center_properties.resource_parent_display_name: =, : - security_center_properties.resource_project: =, : - security_center_properties.resource_project_display_name: =, : - security_center_properties.resource_owners: =, : For example, resource_properties.size = 100 is a valid filter string.

Time used as a reference point when filtering assets. The filter is limited to assets existing at the supplied time and their values are those at that specific time. Absence of this field will default to the API's version of NOW.

Filter that specifies what fields to further filter on after the query filter has been executed. Currently only state_change is supported and requires compare_duration to be specified.

The value returned by the last ListAssetsResponse; indicates that this is a continuation of a prior ListAssets call, and that the system should return the next page of data.

Response message for listing assets.

Time used for executing the list request.

The total number of assets matching the query.

Request message for listing findings.

Expression that defines the filter to apply across findings. The expression is a list of one or more restrictions combined via logical operators AND and OR. Parentheses are supported, and OR has higher precedence than AND. Restrictions have the form <field> <operator> <value> and may have a - character in front of them to indicate negation. Examples include: - name - source_properties.a_property - security_marks.marks.marka The supported operators are: - = for all value types. - >, <, >=, <= for integer values. - :, meaning substring matching, for strings. The supported value types are: - string literals in quotes. - integer literals without quotes. - boolean literals true and false without quotes. The following field and operator combinations are supported: name: = parent: =, : resource_name: =, : state: =, : category: =, : external_uri: =, : event_time: =, >, <, >=, <= Usage: This should be milliseconds since epoch or an RFC3339 string. Examples: "event_time = "2019-06-10T16:07:18-07:00"" "event_time = 1560208038000" security_marks.marks: =, : source_properties: =, :, >, <, >=, <= For example, source_properties.size = 100 is a valid filter string.

Time used as a reference point when filtering findings. The filter is limited to findings existing at the supplied time and their values are those at that specific time. Absence of this field will default to the API's version of NOW.

Filter that specifies what fields to further filter on after the query filter has been executed. Currently only finding.state and state_change are supported and requires compare_duration to be specified.

The value returned by the last ListFindingsResponse; indicates that this is a continuation of a prior ListFindings call, and that the system should return the next page of data.

Response message for listing findings.

Time used for executing the list request.

The total number of findings matching the query.

Request message for listing notification configs.

The value returned by the last ListNotificationConfigsResponse; indicates that this is a continuation of a prior ListNotificationConfigs call, and that the system should return the next page of data.

Response message for listing notification configs.

Token to retrieve the next page of results, or empty if there are no more results.

API documentation for securitycenter_v1p1beta1.types.ListOperationsRequest class.

API documentation for securitycenter_v1p1beta1.types.ListOperationsResponse class.

Request message for listing sources.

The value returned by the last ListSourcesResponse; indicates that this is a continuation of a prior ListSources call, and that the system should return the next page of data.

Response message for listing sources.

Token to retrieve the next page of results, or empty if there are no more results.

API documentation for securitycenter_v1p1beta1.types.ListValue class.

Cloud Security Command Center (Cloud SCC) notification configs.

A notification config is a Cloud SCC resource that contains the configuration to send notifications for create/update events of findings, assets and etc.

The description of the notification config (max of 1024 characters).

The PubSub topic to send notifications to. Its format is "projects/[project_id]/topics/[topic]".

The config for triggering notifications.

Cloud SCC's Notification

Notification Event.

API documentation for securitycenter_v1p1beta1.types.Operation class.

API documentation for securitycenter_v1p1beta1.types.OperationInfo class.

User specified settings that are attached to the Cloud Security Command Center (Cloud SCC) organization.

A flag that indicates if Asset Discovery should be enabled. If the flag is set to true, then discovery of assets will occur. If it is set to `false, all historical assets will remain, but discovery of future assets will not occur.

API documentation for securitycenter_v1p1beta1.types.Policy class.

API documentation for securitycenter_v1p1beta1.types.PolicyDelta class.

Request message for running asset discovery for an organization.

Response of asset discovery run

The duration between asset discovery run start and end

User specified security marks that are attached to the parent Cloud Security Command Center (Cloud SCC) resource. Security marks are scoped within a Cloud SCC organization -- they can be modified and viewed by all users who have proper permissions on the organization.

Mutable user specified security marks belonging to the parent resource. Constraints are as follows: - Keys and values are treated as case insensitive - Keys must be between 1 - 256 characters (inclusive) - Keys must be letters, numbers, underscores, or dashes - Values have leading and trailing whitespace trimmed, remaining characters must be between 1

• 4096 characters (inclusive)

Request message for updating a finding's state.

Required. The desired State of the finding.

API documentation for securitycenter_v1p1beta1.types.SetIamPolicyRequest class.

Cloud Security Command Center's (Cloud SCC) finding source. A finding source is an entity or a mechanism that can produce a finding. A source is like a container of findings that come from the same scanner, logger, monitor, etc.

The source's display name. A source's display name must be unique amongst its siblings, for example, two sources with the same parent can't share the same display name. The display name must have a length between 1 and 64 characters (inclusive).

API documentation for securitycenter_v1p1beta1.types.Status class.

API documentation for securitycenter_v1p1beta1.types.Struct class.

API documentation for securitycenter_v1p1beta1.types.TestIamPermissionsRequest class.

API documentation for securitycenter_v1p1beta1.types.TestIamPermissionsResponse class.

API documentation for securitycenter_v1p1beta1.types.Timestamp class.

Request message for updating or creating a finding.

The FieldMask to use when updating the finding resource. This field should not be specified when creating a finding. When updating a finding, an empty mask is treated as updating all mutable fields and replacing source_properties. Individual source_properties can be added/updated by using "source_properties." in the field mask.

Request message for updating a notification config.

The FieldMask to use when updating the notification config. If empty all mutable fields will be updated.

Request message for updating an organization's settings.

The FieldMask to use when updating the settings resource. If empty all mutable fields will be updated.

Request message for updating a SecurityMarks resource.

The FieldMask to use when updating the security marks resource. The field mask must not contain duplicate fields. If empty or set to "marks", all marks will be replaced. Individual marks can be updated using "marks.".

Request message for updating a source.

The FieldMask to use when updating the source resource. If empty all mutable fields will be updated.

API documentation for securitycenter_v1p1beta1.types.Value class.

API documentation for securitycenter_v1p1beta1.types.WaitOperationRequest class.