Class CustomConfig (1.31.0)

CustomConfig(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Defines the properties in a custom module configuration for Security Health Analytics. Use the custom module configuration to create custom detectors that generate custom findings for resources that you specify.


predicate google.type.expr_pb2.Expr
The CEL expression to evaluate to produce findings. When the expression evaluates to true against a resource, a finding is generated.
Custom output properties.
The resource types that the custom module operates on. Each custom module can specify up to 5 resource types.
The severity to assign to findings generated by the module.
description str
Text that describes the vulnerability or misconfiguration that the custom module detects. This explanation is returned with each finding instance to help investigators understand the detected issue. The text must be enclosed in quotation marks.
recommendation str
An explanation of the recommended steps that security teams can take to resolve the detected issue. This explanation is returned with each finding generated by this module in the nextSteps property of the finding JSON.



CustomOutputSpec(mapping=None, *, ignore_unknown_fields=False, **kwargs)

A set of optional name-value pairs that define custom source properties to return with each finding that is generated by the custom module. The custom source properties that are defined here are included in the finding JSON under sourceProperties.


ResourceSelector(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Resource for selecting resource type.



Defines the valid value options for the severity of a finding.

Values: SEVERITY_UNSPECIFIED (0): Unspecified severity. CRITICAL (1): Critical severity. HIGH (2): High severity. MEDIUM (3): Medium severity. LOW (4): Low severity.