Class SecurityCenterClient (1.5.2)

SecurityCenterClient(*, credentials: Optional[google.auth.credentials.Credentials] = None, transport: Optional[Union[str, google.cloud.securitycenter_v1.services.security_center.transports.base.SecurityCenterTransport]] = None, client_options: Optional[google.api_core.client_options.ClientOptions] = None, client_info: google.api_core.gapic_v1.client_info.ClientInfo = <google.api_core.gapic_v1.client_info.ClientInfo object>)

V1 APIs for Security Center service.

Properties

transport

Returns the transport used by the client instance.

Returns
TypeDescription
SecurityCenterTransportThe transport used by the client instance.

Methods

SecurityCenterClient

SecurityCenterClient(*, credentials: Optional[google.auth.credentials.Credentials] = None, transport: Optional[Union[str, google.cloud.securitycenter_v1.services.security_center.transports.base.SecurityCenterTransport]] = None, client_options: Optional[google.api_core.client_options.ClientOptions] = None, client_info: google.api_core.gapic_v1.client_info.ClientInfo = <google.api_core.gapic_v1.client_info.ClientInfo object>)

Instantiates the security center client.

Parameters
NameDescription
credentials Optional[google.auth.credentials.Credentials]

The authorization credentials to attach to requests. These credentials identify the application to the service; if none are specified, the client will attempt to ascertain the credentials from the environment.

transport Union[str, SecurityCenterTransport]

The transport to use. If set to None, a transport is chosen automatically.

client_options google.api_core.client_options.ClientOptions

Custom options for the client. It won't take effect if a transport instance is provided. (1) The api_endpoint property can be used to override the default endpoint provided by the client. GOOGLE_API_USE_MTLS_ENDPOINT environment variable can also be used to override the endpoint: "always" (always use the default mTLS endpoint), "never" (always use the default regular endpoint) and "auto" (auto switch to the default mTLS endpoint if client certificate is present, this is the default value). However, the api_endpoint property takes precedence if provided. (2) If GOOGLE_API_USE_CLIENT_CERTIFICATE environment variable is "true", then the client_cert_source property can be used to provide client certificate for mutual TLS transport. If not provided, the default SSL client certificate will be used if present. If GOOGLE_API_USE_CLIENT_CERTIFICATE is "false" or not set, no client certificate will be used.

client_info google.api_core.gapic_v1.client_info.ClientInfo

The client info used to send a user-agent string along with API requests. If None, then default info will be used. Generally, you only need to set this if you're developing your own client library.

Exceptions
TypeDescription
google.auth.exceptions.MutualTLSChannelErrorIf mutual TLS transport creation failed for any reason.

asset_path

asset_path(organization: str, asset: str)

Returns a fully-qualified asset string.

common_billing_account_path

common_billing_account_path(billing_account: str)

Returns a fully-qualified billing_account string.

common_folder_path

common_folder_path(folder: str)

Returns a fully-qualified folder string.

common_location_path

common_location_path(project: str, location: str)

Returns a fully-qualified location string.

common_organization_path

common_organization_path(organization: str)

Returns a fully-qualified organization string.

common_project_path

common_project_path(project: str)

Returns a fully-qualified project string.

create_finding

create_finding(request: Optional[Union[google.cloud.securitycenter_v1.types.securitycenter_service.CreateFindingRequest, dict]] = None, *, parent: Optional[str] = None, finding_id: Optional[str] = None, finding: Optional[google.cloud.securitycenter_v1.types.finding.Finding] = None, retry: google.api_core.retry.Retry = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())

Creates a finding. The corresponding source must exist for finding creation to succeed.

Parameters
NameDescription
request Union[google.cloud.securitycenter_v1.types.CreateFindingRequest, dict]

The request object. Request message for creating a finding.

parent str

Required. Resource name of the new finding's parent. Its format should be "organizations/[organization_id]/sources/[source_id]". This corresponds to the parent field on the request instance; if request is provided, this should not be set.

finding_id str

Required. Unique identifier provided by the client within the parent scope. It must be alphanumeric and less than or equal to 32 characters and greater than 0 characters in length. This corresponds to the finding_id field on the request instance; if request is provided, this should not be set.

finding google.cloud.securitycenter_v1.types.Finding

Required. The Finding being created. The name and security_marks will be ignored as they are both output only fields on this resource. This corresponds to the finding field on the request instance; if request is provided, this should not be set.

retry google.api_core.retry.Retry

Designation of what errors, if any, should be retried.

timeout float

The timeout for this request.

metadata Sequence[Tuple[str, str]]

Strings which should be sent along with the request as metadata.

Returns
TypeDescription
google.cloud.securitycenter_v1.types.FindingSecurity Command Center finding. A finding is a record of assessment data like security, risk, health, or privacy, that is ingested into Security Command Center for presentation, notification, analysis, policy testing, and enforcement. For example, a cross-site scripting (XSS) vulnerability in an App Engine application is a finding.

create_notification_config

create_notification_config(request: Optional[Union[google.cloud.securitycenter_v1.types.securitycenter_service.CreateNotificationConfigRequest, dict]] = None, *, parent: Optional[str] = None, config_id: Optional[str] = None, notification_config: Optional[google.cloud.securitycenter_v1.types.notification_config.NotificationConfig] = None, retry: google.api_core.retry.Retry = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())

Creates a notification config.

Parameters
NameDescription
request Union[google.cloud.securitycenter_v1.types.CreateNotificationConfigRequest, dict]

The request object. Request message for creating a notification config.

parent str

Required. Resource name of the new notification config's parent. Its format is "organizations/[organization_id]". This corresponds to the parent field on the request instance; if request is provided, this should not be set.

config_id str

Required. Unique identifier provided by the client within the parent scope. It must be between 1 and 128 characters, and contains alphanumeric characters, underscores or hyphens only. This corresponds to the config_id field on the request instance; if request is provided, this should not be set.

notification_config google.cloud.securitycenter_v1.types.NotificationConfig

Required. The notification config being created. The name and the service account will be ignored as they are both output only fields on this resource. This corresponds to the notification_config field on the request instance; if request is provided, this should not be set.

retry google.api_core.retry.Retry

Designation of what errors, if any, should be retried.

timeout float

The timeout for this request.

metadata Sequence[Tuple[str, str]]

Strings which should be sent along with the request as metadata.

Returns
TypeDescription
google.cloud.securitycenter_v1.types.NotificationConfigCloud Security Command Center (Cloud SCC) notification configs. A notification config is a Cloud SCC resource that contains the configuration to send notifications for create/update events of findings, assets and etc.

create_source

create_source(request: Optional[Union[google.cloud.securitycenter_v1.types.securitycenter_service.CreateSourceRequest, dict]] = None, *, parent: Optional[str] = None, source: Optional[google.cloud.securitycenter_v1.types.source.Source] = None, retry: google.api_core.retry.Retry = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())

Creates a source.

Parameters
NameDescription
request Union[google.cloud.securitycenter_v1.types.CreateSourceRequest, dict]

The request object. Request message for creating a source.

parent str

Required. Resource name of the new source's parent. Its format should be "organizations/[organization_id]". This corresponds to the parent field on the request instance; if request is provided, this should not be set.

source google.cloud.securitycenter_v1.types.Source

Required. The Source being created, only the display_name and description will be used. All other fields will be ignored. This corresponds to the source field on the request instance; if request is provided, this should not be set.

retry google.api_core.retry.Retry

Designation of what errors, if any, should be retried.

timeout float

The timeout for this request.

metadata Sequence[Tuple[str, str]]

Strings which should be sent along with the request as metadata.

Returns
TypeDescription
google.cloud.securitycenter_v1.types.SourceSecurity Command Center finding source. A finding source is an entity or a mechanism that can produce a finding. A source is like a container of findings that come from the same scanner, logger, monitor, and other tools.

delete_notification_config

delete_notification_config(request: Optional[Union[google.cloud.securitycenter_v1.types.securitycenter_service.DeleteNotificationConfigRequest, dict]] = None, *, name: Optional[str] = None, retry: google.api_core.retry.Retry = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())

Deletes a notification config.

Parameters
NameDescription
request Union[google.cloud.securitycenter_v1.types.DeleteNotificationConfigRequest, dict]

The request object. Request message for deleting a notification config.

name str

Required. Name of the notification config to delete. Its format is "organizations/[organization_id]/notificationConfigs/[config_id]". This corresponds to the name field on the request instance; if request is provided, this should not be set.

retry google.api_core.retry.Retry

Designation of what errors, if any, should be retried.

timeout float

The timeout for this request.

metadata Sequence[Tuple[str, str]]

Strings which should be sent along with the request as metadata.

finding_path

finding_path(organization: str, source: str, finding: str)

Returns a fully-qualified finding string.

from_service_account_file

from_service_account_file(filename: str, *args, **kwargs)

Creates an instance of this client using the provided credentials file.

Parameter
NameDescription
filename str

The path to the service account private key json file.

Returns
TypeDescription
SecurityCenterClientThe constructed client.

from_service_account_info

from_service_account_info(info: dict, *args, **kwargs)

Creates an instance of this client using the provided credentials info.

Parameter
NameDescription
info dict

The service account private key info.

Returns
TypeDescription
SecurityCenterClientThe constructed client.

from_service_account_json

from_service_account_json(filename: str, *args, **kwargs)

Creates an instance of this client using the provided credentials file.

Parameter
NameDescription
filename str

The path to the service account private key json file.

Returns
TypeDescription
SecurityCenterClientThe constructed client.

get_iam_policy

get_iam_policy(request: Optional[Union[google.iam.v1.iam_policy_pb2.GetIamPolicyRequest, dict]] = None, *, resource: Optional[str] = None, retry: google.api_core.retry.Retry = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())

Gets the access control policy on the specified Source.

Parameters
NameDescription
request Union[google.iam.v1.iam_policy_pb2.GetIamPolicyRequest, dict]

The request object. Request message for GetIamPolicy method.

resource str

REQUIRED: The resource for which the policy is being requested. See the operation documentation for the appropriate value for this field. This corresponds to the resource field on the request instance; if request is provided, this should not be set.

retry google.api_core.retry.Retry

Designation of what errors, if any, should be retried.

timeout float

The timeout for this request.

metadata Sequence[Tuple[str, str]]

Strings which should be sent along with the request as metadata.

Returns
TypeDescription
google.iam.v1.policy_pb2.PolicyDefines an Identity and Access Management (IAM) policy. It is used to specify access control policies for Cloud Platform resources. A Policy is a collection of bindings. A binding binds one or more members to a single role. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A role is a named list of permissions (defined by IAM or configured by users). A binding can optionally specify a condition, which is a logic expression that further constrains the role binding based on attributes about the request and/or target resource. **JSON Example** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": ["user:eve@example.com"], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01t00:00:00.000z')",="" }="" }="" ]="" }="" **yaml="" example**="" bindings:="" -="" members:="" -="" user:\="" mike@example.com="" -="" group:\="" admins@example.com="" -="" domain:google.com="" -="" serviceaccount:\="" my-project-id@appspot.gserviceaccount.com="" role:="" roles/resourcemanager.organizationadmin="" -="" members:="" -="" user:\="" eve@example.com="" role:="" roles/resourcemanager.organizationviewer="" condition:="" title:="" expirable="" access="" description:="" does="" not="" grant="" access="" after="" sep="" 2020="" expression:="" request.time="">< timestamp('2020-10-01t00:00:00.000z')="" for="" a="" description="" of="" iam="" and="" its="" features,="" see="" the="" [iam="" developer's="" guide](\="">

get_notification_config

get_notification_config(request: Optional[Union[google.cloud.securitycenter_v1.types.securitycenter_service.GetNotificationConfigRequest, dict]] = None, *, name: Optional[str] = None, retry: google.api_core.retry.Retry = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())

Gets a notification config.

Parameters
NameDescription
request Union[google.cloud.securitycenter_v1.types.GetNotificationConfigRequest, dict]

The request object. Request message for getting a notification config.

name str

Required. Name of the notification config to get. Its format is "organizations/[organization_id]/notificationConfigs/[config_id]". This corresponds to the name field on the request instance; if request is provided, this should not be set.

retry google.api_core.retry.Retry

Designation of what errors, if any, should be retried.

timeout float

The timeout for this request.

metadata Sequence[Tuple[str, str]]

Strings which should be sent along with the request as metadata.

Returns
TypeDescription
google.cloud.securitycenter_v1.types.NotificationConfigCloud Security Command Center (Cloud SCC) notification configs. A notification config is a Cloud SCC resource that contains the configuration to send notifications for create/update events of findings, assets and etc.

get_organization_settings

get_organization_settings(request: Optional[Union[google.cloud.securitycenter_v1.types.securitycenter_service.GetOrganizationSettingsRequest, dict]] = None, *, name: Optional[str] = None, retry: google.api_core.retry.Retry = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())

Gets the settings for an organization.

Parameters
NameDescription
request Union[google.cloud.securitycenter_v1.types.GetOrganizationSettingsRequest, dict]

The request object. Request message for getting organization settings.

name str

Required. Name of the organization to get organization settings for. Its format is "organizations/[organization_id]/organizationSettings". This corresponds to the name field on the request instance; if request is provided, this should not be set.

retry google.api_core.retry.Retry

Designation of what errors, if any, should be retried.

timeout float

The timeout for this request.

metadata Sequence[Tuple[str, str]]

Strings which should be sent along with the request as metadata.

Returns
TypeDescription
google.cloud.securitycenter_v1.types.OrganizationSettingsUser specified settings that are attached to the Security Command Center organization.

get_source

get_source(request: Optional[Union[google.cloud.securitycenter_v1.types.securitycenter_service.GetSourceRequest, dict]] = None, *, name: Optional[str] = None, retry: google.api_core.retry.Retry = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())

Gets a source.

Parameters
NameDescription
request Union[google.cloud.securitycenter_v1.types.GetSourceRequest, dict]

The request object. Request message for getting a source.

name str

Required. Relative resource name of the source. Its format is "organizations/[organization_id]/source/[source_id]". This corresponds to the name field on the request instance; if request is provided, this should not be set.

retry google.api_core.retry.Retry

Designation of what errors, if any, should be retried.

timeout float

The timeout for this request.

metadata Sequence[Tuple[str, str]]

Strings which should be sent along with the request as metadata.

Returns
TypeDescription
google.cloud.securitycenter_v1.types.SourceSecurity Command Center finding source. A finding source is an entity or a mechanism that can produce a finding. A source is like a container of findings that come from the same scanner, logger, monitor, and other tools.

group_assets

group_assets(request: Optional[Union[google.cloud.securitycenter_v1.types.securitycenter_service.GroupAssetsRequest, dict]] = None, *, retry: google.api_core.retry.Retry = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())

Filters an organization's assets and groups them by their specified properties.

Parameters
NameDescription
request Union[google.cloud.securitycenter_v1.types.GroupAssetsRequest, dict]

The request object. Request message for grouping by assets.

retry google.api_core.retry.Retry

Designation of what errors, if any, should be retried.

timeout float

The timeout for this request.

metadata Sequence[Tuple[str, str]]

Strings which should be sent along with the request as metadata.

Returns
TypeDescription
google.cloud.securitycenter_v1.services.security_center.pagers.GroupAssetsPagerResponse message for grouping by assets. Iterating over this object will yield results and resolve additional pages automatically.

group_findings

group_findings(request: Optional[Union[google.cloud.securitycenter_v1.types.securitycenter_service.GroupFindingsRequest, dict]] = None, *, parent: Optional[str] = None, group_by: Optional[str] = None, retry: google.api_core.retry.Retry = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())

Filters an organization or source's findings and groups them by their specified properties.

To group across all sources provide a - as the source id. Example: /v1/organizations/{organization_id}/sources/-/findings, /v1/folders/{folder_id}/sources/-/findings, /v1/projects/{project_id}/sources/-/findings

Parameters
NameDescription
request Union[google.cloud.securitycenter_v1.types.GroupFindingsRequest, dict]

The request object. Request message for grouping by findings.

parent str

Required. Name of the source to groupBy. Its format is "organizations/[organization_id]/sources/[source_id]", folders/[folder_id]/sources/[source_id], or projects/[project_id]/sources/[source_id]. To groupBy across all sources provide a source_id of -. For example: organizations/{organization_id}/sources/-, folders/{folder_id}/sources/-, or projects/{project_id}/sources/- This corresponds to the parent field on the request instance; if request is provided, this should not be set.

group_by str

Required. Expression that defines what assets fields to use for grouping (including state_change). The string value should follow SQL syntax: comma separated list of fields. For example: "parent,resource_name". The following fields are supported: - resource_name - category - state - parent - severity The following fields are supported when compare_duration is set: - state_change This corresponds to the group_by field on the request instance; if request is provided, this should not be set.

retry google.api_core.retry.Retry

Designation of what errors, if any, should be retried.

timeout float

The timeout for this request.

metadata Sequence[Tuple[str, str]]

Strings which should be sent along with the request as metadata.

Returns
TypeDescription
google.cloud.securitycenter_v1.services.security_center.pagers.GroupFindingsPagerResponse message for group by findings. Iterating over this object will yield results and resolve additional pages automatically.

list_assets

list_assets(request: Optional[Union[google.cloud.securitycenter_v1.types.securitycenter_service.ListAssetsRequest, dict]] = None, *, retry: google.api_core.retry.Retry = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())

Lists an organization's assets.

Parameters
NameDescription
request Union[google.cloud.securitycenter_v1.types.ListAssetsRequest, dict]

The request object. Request message for listing assets.

retry google.api_core.retry.Retry

Designation of what errors, if any, should be retried.

timeout float

The timeout for this request.

metadata Sequence[Tuple[str, str]]

Strings which should be sent along with the request as metadata.

Returns
TypeDescription
google.cloud.securitycenter_v1.services.security_center.pagers.ListAssetsPagerResponse message for listing assets. Iterating over this object will yield results and resolve additional pages automatically.

list_findings

list_findings(request: Optional[Union[google.cloud.securitycenter_v1.types.securitycenter_service.ListFindingsRequest, dict]] = None, *, retry: google.api_core.retry.Retry = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())

Lists an organization or source's findings.

To list across all sources provide a - as the source id. Example: /v1/organizations/{organization_id}/sources/-/findings

Parameters
NameDescription
request Union[google.cloud.securitycenter_v1.types.ListFindingsRequest, dict]

The request object. Request message for listing findings.

retry google.api_core.retry.Retry

Designation of what errors, if any, should be retried.

timeout float

The timeout for this request.

metadata Sequence[Tuple[str, str]]

Strings which should be sent along with the request as metadata.

Returns
TypeDescription
google.cloud.securitycenter_v1.services.security_center.pagers.ListFindingsPagerResponse message for listing findings. Iterating over this object will yield results and resolve additional pages automatically.

list_notification_configs

list_notification_configs(request: Optional[Union[google.cloud.securitycenter_v1.types.securitycenter_service.ListNotificationConfigsRequest, dict]] = None, *, parent: Optional[str] = None, retry: google.api_core.retry.Retry = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())

Lists notification configs.

Parameters
NameDescription
request Union[google.cloud.securitycenter_v1.types.ListNotificationConfigsRequest, dict]

The request object. Request message for listing notification configs.

parent str

Required. Name of the organization to list notification configs. Its format is "organizations/[organization_id]". This corresponds to the parent field on the request instance; if request is provided, this should not be set.

retry google.api_core.retry.Retry

Designation of what errors, if any, should be retried.

timeout float

The timeout for this request.

metadata Sequence[Tuple[str, str]]

Strings which should be sent along with the request as metadata.

Returns
TypeDescription
google.cloud.securitycenter_v1.services.security_center.pagers.ListNotificationConfigsPagerResponse message for listing notification configs. Iterating over this object will yield results and resolve additional pages automatically.

list_sources

list_sources(request: Optional[Union[google.cloud.securitycenter_v1.types.securitycenter_service.ListSourcesRequest, dict]] = None, *, parent: Optional[str] = None, retry: google.api_core.retry.Retry = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())

Lists all sources belonging to an organization.

Parameters
NameDescription
request Union[google.cloud.securitycenter_v1.types.ListSourcesRequest, dict]

The request object. Request message for listing sources.

parent str

Required. Resource name of the parent of sources to list. Its format should be "organizations/[organization_id], folders/[folder_id], or projects/[project_id]". This corresponds to the parent field on the request instance; if request is provided, this should not be set.

retry google.api_core.retry.Retry

Designation of what errors, if any, should be retried.

timeout float

The timeout for this request.

metadata Sequence[Tuple[str, str]]

Strings which should be sent along with the request as metadata.

Returns
TypeDescription
google.cloud.securitycenter_v1.services.security_center.pagers.ListSourcesPagerResponse message for listing sources. Iterating over this object will yield results and resolve additional pages automatically.

notification_config_path

notification_config_path(organization: str, notification_config: str)

Returns a fully-qualified notification_config string.

organization_settings_path

organization_settings_path(organization: str)

Returns a fully-qualified organization_settings string.

parse_asset_path

parse_asset_path(path: str)

Parses a asset path into its component segments.

parse_common_billing_account_path

parse_common_billing_account_path(path: str)

Parse a billing_account path into its component segments.

parse_common_folder_path

parse_common_folder_path(path: str)

Parse a folder path into its component segments.

parse_common_location_path

parse_common_location_path(path: str)

Parse a location path into its component segments.

parse_common_organization_path

parse_common_organization_path(path: str)

Parse a organization path into its component segments.

parse_common_project_path

parse_common_project_path(path: str)

Parse a project path into its component segments.

parse_finding_path

parse_finding_path(path: str)

Parses a finding path into its component segments.

parse_notification_config_path

parse_notification_config_path(path: str)

Parses a notification_config path into its component segments.

parse_organization_settings_path

parse_organization_settings_path(path: str)

Parses a organization_settings path into its component segments.

parse_security_marks_path

parse_security_marks_path(path: str)

Parses a security_marks path into its component segments.

parse_source_path

parse_source_path(path: str)

Parses a source path into its component segments.

parse_topic_path

parse_topic_path(path: str)

Parses a topic path into its component segments.

run_asset_discovery

run_asset_discovery(request: Optional[Union[google.cloud.securitycenter_v1.types.securitycenter_service.RunAssetDiscoveryRequest, dict]] = None, *, parent: Optional[str] = None, retry: google.api_core.retry.Retry = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())

Runs asset discovery. The discovery is tracked with a long-running operation.

This API can only be called with limited frequency for an organization. If it is called too frequently the caller will receive a TOO_MANY_REQUESTS error.

Parameters
NameDescription
request Union[google.cloud.securitycenter_v1.types.RunAssetDiscoveryRequest, dict]

The request object. Request message for running asset discovery for an organization.

parent str

Required. Name of the organization to run asset discovery for. Its format is "organizations/[organization_id]". This corresponds to the parent field on the request instance; if request is provided, this should not be set.

retry google.api_core.retry.Retry

Designation of what errors, if any, should be retried.

timeout float

The timeout for this request.

metadata Sequence[Tuple[str, str]]

Strings which should be sent along with the request as metadata.

Returns
TypeDescription
google.api_core.operation.OperationAn object representing a long-running operation. The result type for the operation will be RunAssetDiscoveryResponse Response of asset discovery run

security_marks_path

security_marks_path(organization: str, asset: str)

Returns a fully-qualified security_marks string.

set_finding_state

set_finding_state(request: Optional[Union[google.cloud.securitycenter_v1.types.securitycenter_service.SetFindingStateRequest, dict]] = None, *, name: Optional[str] = None, state: Optional[google.cloud.securitycenter_v1.types.finding.Finding.State] = None, start_time: Optional[google.protobuf.timestamp_pb2.Timestamp] = None, retry: google.api_core.retry.Retry = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())

Updates the state of a finding.

Parameters
NameDescription
request Union[google.cloud.securitycenter_v1.types.SetFindingStateRequest, dict]

The request object. Request message for updating a finding's state.

name str

Required. The relative resource name of the finding. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name Example: "organizations/{organization_id}/sources/{source_id}/finding/{finding_id}". This corresponds to the name field on the request instance; if request is provided, this should not be set.

state google.cloud.securitycenter_v1.types.Finding.State

Required. The desired State of the finding. This corresponds to the state field on the request instance; if request is provided, this should not be set.

start_time google.protobuf.timestamp_pb2.Timestamp

Required. The time at which the updated state takes effect. This corresponds to the start_time field on the request instance; if request is provided, this should not be set.

retry google.api_core.retry.Retry

Designation of what errors, if any, should be retried.

timeout float

The timeout for this request.

metadata Sequence[Tuple[str, str]]

Strings which should be sent along with the request as metadata.

Returns
TypeDescription
google.cloud.securitycenter_v1.types.FindingSecurity Command Center finding. A finding is a record of assessment data like security, risk, health, or privacy, that is ingested into Security Command Center for presentation, notification, analysis, policy testing, and enforcement. For example, a cross-site scripting (XSS) vulnerability in an App Engine application is a finding.

set_iam_policy

set_iam_policy(request: Optional[Union[google.iam.v1.iam_policy_pb2.SetIamPolicyRequest, dict]] = None, *, resource: Optional[str] = None, retry: google.api_core.retry.Retry = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())

Sets the access control policy on the specified Source.

Parameters
NameDescription
request Union[google.iam.v1.iam_policy_pb2.SetIamPolicyRequest, dict]

The request object. Request message for SetIamPolicy method.

resource str

REQUIRED: The resource for which the policy is being specified. See the operation documentation for the appropriate value for this field. This corresponds to the resource field on the request instance; if request is provided, this should not be set.

retry google.api_core.retry.Retry

Designation of what errors, if any, should be retried.

timeout float

The timeout for this request.

metadata Sequence[Tuple[str, str]]

Strings which should be sent along with the request as metadata.

Returns
TypeDescription
google.iam.v1.policy_pb2.PolicyDefines an Identity and Access Management (IAM) policy. It is used to specify access control policies for Cloud Platform resources. A Policy is a collection of bindings. A binding binds one or more members to a single role. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A role is a named list of permissions (defined by IAM or configured by users). A binding can optionally specify a condition, which is a logic expression that further constrains the role binding based on attributes about the request and/or target resource. **JSON Example** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": ["user:eve@example.com"], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01t00:00:00.000z')",="" }="" }="" ]="" }="" **yaml="" example**="" bindings:="" -="" members:="" -="" user:\="" mike@example.com="" -="" group:\="" admins@example.com="" -="" domain:google.com="" -="" serviceaccount:\="" my-project-id@appspot.gserviceaccount.com="" role:="" roles/resourcemanager.organizationadmin="" -="" members:="" -="" user:\="" eve@example.com="" role:="" roles/resourcemanager.organizationviewer="" condition:="" title:="" expirable="" access="" description:="" does="" not="" grant="" access="" after="" sep="" 2020="" expression:="" request.time="">< timestamp('2020-10-01t00:00:00.000z')="" for="" a="" description="" of="" iam="" and="" its="" features,="" see="" the="" [iam="" developer's="" guide](\="">

source_path

source_path(organization: str, source: str)

Returns a fully-qualified source string.

test_iam_permissions

test_iam_permissions(request: Optional[Union[google.iam.v1.iam_policy_pb2.TestIamPermissionsRequest, dict]] = None, *, resource: Optional[str] = None, permissions: Optional[Sequence[str]] = None, retry: google.api_core.retry.Retry = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())

Returns the permissions that a caller has on the specified source.

Parameters
NameDescription
request Union[google.iam.v1.iam_policy_pb2.TestIamPermissionsRequest, dict]

The request object. Request message for TestIamPermissions method.

resource str

REQUIRED: The resource for which the policy detail is being requested. See the operation documentation for the appropriate value for this field. This corresponds to the resource field on the request instance; if request is provided, this should not be set.

permissions Sequence[str]

The set of permissions to check for the resource. Permissions with wildcards (such as '' or 'storage.') are not allowed. For more information see IAM Overview https://cloud.google.com/iam/docs/overview#permissions__. This corresponds to the permissions field on the request instance; if request is provided, this should not be set.

retry google.api_core.retry.Retry

Designation of what errors, if any, should be retried.

timeout float

The timeout for this request.

metadata Sequence[Tuple[str, str]]

Strings which should be sent along with the request as metadata.

Returns
TypeDescription
google.iam.v1.iam_policy_pb2.TestIamPermissionsResponseResponse message for TestIamPermissions method.

topic_path

topic_path(project: str, topic: str)

Returns a fully-qualified topic string.

update_finding

update_finding(request: Optional[Union[google.cloud.securitycenter_v1.types.securitycenter_service.UpdateFindingRequest, dict]] = None, *, finding: Optional[google.cloud.securitycenter_v1.types.finding.Finding] = None, retry: google.api_core.retry.Retry = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())

Creates or updates a finding. The corresponding source must exist for a finding creation to succeed.

Parameters
NameDescription
request Union[google.cloud.securitycenter_v1.types.UpdateFindingRequest, dict]

The request object. Request message for updating or creating a finding.

finding google.cloud.securitycenter_v1.types.Finding

Required. The finding resource to update or create if it does not already exist. parent, security_marks, and update_time will be ignored. In the case of creation, the finding id portion of the name must be alphanumeric and less than or equal to 32 characters and greater than 0 characters in length. This corresponds to the finding field on the request instance; if request is provided, this should not be set.

retry google.api_core.retry.Retry

Designation of what errors, if any, should be retried.

timeout float

The timeout for this request.

metadata Sequence[Tuple[str, str]]

Strings which should be sent along with the request as metadata.

Returns
TypeDescription
google.cloud.securitycenter_v1.types.FindingSecurity Command Center finding. A finding is a record of assessment data like security, risk, health, or privacy, that is ingested into Security Command Center for presentation, notification, analysis, policy testing, and enforcement. For example, a cross-site scripting (XSS) vulnerability in an App Engine application is a finding.

update_notification_config

update_notification_config(request: Optional[Union[google.cloud.securitycenter_v1.types.securitycenter_service.UpdateNotificationConfigRequest, dict]] = None, *, notification_config: Optional[google.cloud.securitycenter_v1.types.notification_config.NotificationConfig] = None, update_mask: Optional[google.protobuf.field_mask_pb2.FieldMask] = None, retry: google.api_core.retry.Retry = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())

Updates a notification config. The following update fields are allowed: description, pubsub_topic, streaming_config.filter

Parameters
NameDescription
request Union[google.cloud.securitycenter_v1.types.UpdateNotificationConfigRequest, dict]

The request object. Request message for updating a notification config.

notification_config google.cloud.securitycenter_v1.types.NotificationConfig

Required. The notification config to update. This corresponds to the notification_config field on the request instance; if request is provided, this should not be set.

update_mask google.protobuf.field_mask_pb2.FieldMask

The FieldMask to use when updating the notification config. If empty all mutable fields will be updated. This corresponds to the update_mask field on the request instance; if request is provided, this should not be set.

retry google.api_core.retry.Retry

Designation of what errors, if any, should be retried.

timeout float

The timeout for this request.

metadata Sequence[Tuple[str, str]]

Strings which should be sent along with the request as metadata.

Returns
TypeDescription
google.cloud.securitycenter_v1.types.NotificationConfigCloud Security Command Center (Cloud SCC) notification configs. A notification config is a Cloud SCC resource that contains the configuration to send notifications for create/update events of findings, assets and etc.

update_organization_settings

update_organization_settings(request: Optional[Union[google.cloud.securitycenter_v1.types.securitycenter_service.UpdateOrganizationSettingsRequest, dict]] = None, *, organization_settings: Optional[google.cloud.securitycenter_v1.types.organization_settings.OrganizationSettings] = None, retry: google.api_core.retry.Retry = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())

Updates an organization's settings.

Parameters
NameDescription
request Union[google.cloud.securitycenter_v1.types.UpdateOrganizationSettingsRequest, dict]

The request object. Request message for updating an organization's settings.

organization_settings google.cloud.securitycenter_v1.types.OrganizationSettings

Required. The organization settings resource to update. This corresponds to the organization_settings field on the request instance; if request is provided, this should not be set.

retry google.api_core.retry.Retry

Designation of what errors, if any, should be retried.

timeout float

The timeout for this request.

metadata Sequence[Tuple[str, str]]

Strings which should be sent along with the request as metadata.

Returns
TypeDescription
google.cloud.securitycenter_v1.types.OrganizationSettingsUser specified settings that are attached to the Security Command Center organization.

update_security_marks

update_security_marks(request: Optional[Union[google.cloud.securitycenter_v1.types.securitycenter_service.UpdateSecurityMarksRequest, dict]] = None, *, security_marks: Optional[google.cloud.securitycenter_v1.types.security_marks.SecurityMarks] = None, retry: google.api_core.retry.Retry = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())

Updates security marks.

Parameters
NameDescription
request Union[google.cloud.securitycenter_v1.types.UpdateSecurityMarksRequest, dict]

The request object. Request message for updating a SecurityMarks resource.

security_marks google.cloud.securitycenter_v1.types.SecurityMarks

Required. The security marks resource to update. This corresponds to the security_marks field on the request instance; if request is provided, this should not be set.

retry google.api_core.retry.Retry

Designation of what errors, if any, should be retried.

timeout float

The timeout for this request.

metadata Sequence[Tuple[str, str]]

Strings which should be sent along with the request as metadata.

Returns
TypeDescription
google.cloud.securitycenter_v1.types.SecurityMarksUser specified security marks that are attached to the parent Security Command Center resource. Security marks are scoped within a Security Command Center organization -- they can be modified and viewed by all users who have proper permissions on the organization.

update_source

update_source(request: Optional[Union[google.cloud.securitycenter_v1.types.securitycenter_service.UpdateSourceRequest, dict]] = None, *, source: Optional[google.cloud.securitycenter_v1.types.source.Source] = None, retry: google.api_core.retry.Retry = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())

Updates a source.

Parameters
NameDescription
request Union[google.cloud.securitycenter_v1.types.UpdateSourceRequest, dict]

The request object. Request message for updating a source.

source google.cloud.securitycenter_v1.types.Source

Required. The source resource to update. This corresponds to the source field on the request instance; if request is provided, this should not be set.

retry google.api_core.retry.Retry

Designation of what errors, if any, should be retried.

timeout float

The timeout for this request.

metadata Sequence[Tuple[str, str]]

Strings which should be sent along with the request as metadata.

Returns
TypeDescription
google.cloud.securitycenter_v1.types.SourceSecurity Command Center finding source. A finding source is an entity or a mechanism that can produce a finding. A source is like a container of findings that come from the same scanner, logger, monitor, and other tools.