Reference documentation and code samples for the Cloud Security Command Center V1 API class Google::Cloud::SecurityCenter::V1::Finding.
Security Command Center finding.
A finding is a record of assessment data like security, risk, health, or privacy, that is ingested into Security Command Center for presentation, notification, analysis, policy testing, and enforcement. For example, a cross-site scripting (XSS) vulnerability in an App Engine application is a finding.
Inherits
- Object
Extended By
- Google::Protobuf::MessageExts::ClassMethods
Includes
- Google::Protobuf::MessageExts
Methods
#access
def access() -> ::Google::Cloud::SecurityCenter::V1::Access
- (::Google::Cloud::SecurityCenter::V1::Access) — Access details associated to the Finding, such as more information on the caller, which method was accessed, from where, etc.
#access=
def access=(value) -> ::Google::Cloud::SecurityCenter::V1::Access
- value (::Google::Cloud::SecurityCenter::V1::Access) — Access details associated to the Finding, such as more information on the caller, which method was accessed, from where, etc.
- (::Google::Cloud::SecurityCenter::V1::Access) — Access details associated to the Finding, such as more information on the caller, which method was accessed, from where, etc.
#canonical_name
def canonical_name() -> ::String
- (::String) — The canonical name of the finding. It's either "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}", "folders/{folder_id}/sources/{source_id}/findings/{finding_id}" or "projects/{project_number}/sources/{source_id}/findings/{finding_id}", depending on the closest CRM ancestor of the resource associated with the finding.
#canonical_name=
def canonical_name=(value) -> ::String
- value (::String) — The canonical name of the finding. It's either "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}", "folders/{folder_id}/sources/{source_id}/findings/{finding_id}" or "projects/{project_number}/sources/{source_id}/findings/{finding_id}", depending on the closest CRM ancestor of the resource associated with the finding.
- (::String) — The canonical name of the finding. It's either "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}", "folders/{folder_id}/sources/{source_id}/findings/{finding_id}" or "projects/{project_number}/sources/{source_id}/findings/{finding_id}", depending on the closest CRM ancestor of the resource associated with the finding.
#category
def category() -> ::String
- (::String) — The additional taxonomy group within findings from a given source. This field is immutable after creation time. Example: "XSS_FLASH_INJECTION"
#category=
def category=(value) -> ::String
- value (::String) — The additional taxonomy group within findings from a given source. This field is immutable after creation time. Example: "XSS_FLASH_INJECTION"
- (::String) — The additional taxonomy group within findings from a given source. This field is immutable after creation time. Example: "XSS_FLASH_INJECTION"
#compliances
def compliances() -> ::Array<::Google::Cloud::SecurityCenter::V1::Compliance>
- (::Array<::Google::Cloud::SecurityCenter::V1::Compliance>) — Contains compliance information for security standards associated to the finding.
#compliances=
def compliances=(value) -> ::Array<::Google::Cloud::SecurityCenter::V1::Compliance>
- value (::Array<::Google::Cloud::SecurityCenter::V1::Compliance>) — Contains compliance information for security standards associated to the finding.
- (::Array<::Google::Cloud::SecurityCenter::V1::Compliance>) — Contains compliance information for security standards associated to the finding.
#connections
def connections() -> ::Array<::Google::Cloud::SecurityCenter::V1::Connection>
- (::Array<::Google::Cloud::SecurityCenter::V1::Connection>) — Contains information about the IP connection associated with the finding.
#connections=
def connections=(value) -> ::Array<::Google::Cloud::SecurityCenter::V1::Connection>
- value (::Array<::Google::Cloud::SecurityCenter::V1::Connection>) — Contains information about the IP connection associated with the finding.
- (::Array<::Google::Cloud::SecurityCenter::V1::Connection>) — Contains information about the IP connection associated with the finding.
#contacts
def contacts() -> ::Google::Protobuf::Map{::String => ::Google::Cloud::SecurityCenter::V1::ContactDetails}
-
(::Google::Protobuf::Map{::String => ::Google::Cloud::SecurityCenter::V1::ContactDetails}) —
Output only. Map containing the points of contact for the given finding. The key represents the type of contact, while the value contains a list of all the contacts that pertain. Please refer to: https://cloud.google.com/resource-manager/docs/managing-notification-contacts#notification-categories
{ "security": { "contacts": [ { "email": "person1@company.com" }, { "email": "person2@company.com" } ] } }
#containers
def containers() -> ::Array<::Google::Cloud::SecurityCenter::V1::Container>
- (::Array<::Google::Cloud::SecurityCenter::V1::Container>) — Containers associated with the finding. containers provides information for both Kubernetes and non-Kubernetes containers.
#containers=
def containers=(value) -> ::Array<::Google::Cloud::SecurityCenter::V1::Container>
- value (::Array<::Google::Cloud::SecurityCenter::V1::Container>) — Containers associated with the finding. containers provides information for both Kubernetes and non-Kubernetes containers.
- (::Array<::Google::Cloud::SecurityCenter::V1::Container>) — Containers associated with the finding. containers provides information for both Kubernetes and non-Kubernetes containers.
#create_time
def create_time() -> ::Google::Protobuf::Timestamp
- (::Google::Protobuf::Timestamp) — The time at which the finding was created in Security Command Center.
#create_time=
def create_time=(value) -> ::Google::Protobuf::Timestamp
- value (::Google::Protobuf::Timestamp) — The time at which the finding was created in Security Command Center.
- (::Google::Protobuf::Timestamp) — The time at which the finding was created in Security Command Center.
#database
def database() -> ::Google::Cloud::SecurityCenter::V1::Database
- (::Google::Cloud::SecurityCenter::V1::Database) — Database associated with the finding.
#database=
def database=(value) -> ::Google::Cloud::SecurityCenter::V1::Database
- value (::Google::Cloud::SecurityCenter::V1::Database) — Database associated with the finding.
- (::Google::Cloud::SecurityCenter::V1::Database) — Database associated with the finding.
#description
def description() -> ::String
- (::String) — Contains more detail about the finding.
#description=
def description=(value) -> ::String
- value (::String) — Contains more detail about the finding.
- (::String) — Contains more detail about the finding.
#event_time
def event_time() -> ::Google::Protobuf::Timestamp
- (::Google::Protobuf::Timestamp) — The time the finding was first detected. If an existing finding is updated, then this is the time the update occurred. For example, if the finding represents an open firewall, this property captures the time the detector believes the firewall became open. The accuracy is determined by the detector. If the finding is later resolved, then this time reflects when the finding was resolved. This must not be set to a value greater than the current timestamp.
#event_time=
def event_time=(value) -> ::Google::Protobuf::Timestamp
- value (::Google::Protobuf::Timestamp) — The time the finding was first detected. If an existing finding is updated, then this is the time the update occurred. For example, if the finding represents an open firewall, this property captures the time the detector believes the firewall became open. The accuracy is determined by the detector. If the finding is later resolved, then this time reflects when the finding was resolved. This must not be set to a value greater than the current timestamp.
- (::Google::Protobuf::Timestamp) — The time the finding was first detected. If an existing finding is updated, then this is the time the update occurred. For example, if the finding represents an open firewall, this property captures the time the detector believes the firewall became open. The accuracy is determined by the detector. If the finding is later resolved, then this time reflects when the finding was resolved. This must not be set to a value greater than the current timestamp.
#exfiltration
def exfiltration() -> ::Google::Cloud::SecurityCenter::V1::Exfiltration
- (::Google::Cloud::SecurityCenter::V1::Exfiltration) — Represents exfiltration associated with the Finding.
#exfiltration=
def exfiltration=(value) -> ::Google::Cloud::SecurityCenter::V1::Exfiltration
- value (::Google::Cloud::SecurityCenter::V1::Exfiltration) — Represents exfiltration associated with the Finding.
- (::Google::Cloud::SecurityCenter::V1::Exfiltration) — Represents exfiltration associated with the Finding.
#external_systems
def external_systems() -> ::Google::Protobuf::Map{::String => ::Google::Cloud::SecurityCenter::V1::ExternalSystem}
- (::Google::Protobuf::Map{::String => ::Google::Cloud::SecurityCenter::V1::ExternalSystem}) — Output only. Third party SIEM/SOAR fields within SCC, contains external system information and external system finding fields.
#external_uri
def external_uri() -> ::String
- (::String) — The URI that, if available, points to a web page outside of Security Command Center where additional information about the finding can be found. This field is guaranteed to be either empty or a well formed URL.
#external_uri=
def external_uri=(value) -> ::String
- value (::String) — The URI that, if available, points to a web page outside of Security Command Center where additional information about the finding can be found. This field is guaranteed to be either empty or a well formed URL.
- (::String) — The URI that, if available, points to a web page outside of Security Command Center where additional information about the finding can be found. This field is guaranteed to be either empty or a well formed URL.
#files
def files() -> ::Array<::Google::Cloud::SecurityCenter::V1::File>
- (::Array<::Google::Cloud::SecurityCenter::V1::File>) — File associated with the finding.
#files=
def files=(value) -> ::Array<::Google::Cloud::SecurityCenter::V1::File>
- value (::Array<::Google::Cloud::SecurityCenter::V1::File>) — File associated with the finding.
- (::Array<::Google::Cloud::SecurityCenter::V1::File>) — File associated with the finding.
#finding_class
def finding_class() -> ::Google::Cloud::SecurityCenter::V1::Finding::FindingClass
- (::Google::Cloud::SecurityCenter::V1::Finding::FindingClass) — The class of the finding.
#finding_class=
def finding_class=(value) -> ::Google::Cloud::SecurityCenter::V1::Finding::FindingClass
- value (::Google::Cloud::SecurityCenter::V1::Finding::FindingClass) — The class of the finding.
- (::Google::Cloud::SecurityCenter::V1::Finding::FindingClass) — The class of the finding.
#iam_bindings
def iam_bindings() -> ::Array<::Google::Cloud::SecurityCenter::V1::IamBinding>
- (::Array<::Google::Cloud::SecurityCenter::V1::IamBinding>) — Represents IAM bindings associated with the Finding.
#iam_bindings=
def iam_bindings=(value) -> ::Array<::Google::Cloud::SecurityCenter::V1::IamBinding>
- value (::Array<::Google::Cloud::SecurityCenter::V1::IamBinding>) — Represents IAM bindings associated with the Finding.
- (::Array<::Google::Cloud::SecurityCenter::V1::IamBinding>) — Represents IAM bindings associated with the Finding.
#indicator
def indicator() -> ::Google::Cloud::SecurityCenter::V1::Indicator
- (::Google::Cloud::SecurityCenter::V1::Indicator) — Represents what's commonly known as an Indicator of compromise (IoC) in computer forensics. This is an artifact observed on a network or in an operating system that, with high confidence, indicates a computer intrusion. Reference: https://en.wikipedia.org/wiki/Indicator_of_compromise
#indicator=
def indicator=(value) -> ::Google::Cloud::SecurityCenter::V1::Indicator
- value (::Google::Cloud::SecurityCenter::V1::Indicator) — Represents what's commonly known as an Indicator of compromise (IoC) in computer forensics. This is an artifact observed on a network or in an operating system that, with high confidence, indicates a computer intrusion. Reference: https://en.wikipedia.org/wiki/Indicator_of_compromise
- (::Google::Cloud::SecurityCenter::V1::Indicator) — Represents what's commonly known as an Indicator of compromise (IoC) in computer forensics. This is an artifact observed on a network or in an operating system that, with high confidence, indicates a computer intrusion. Reference: https://en.wikipedia.org/wiki/Indicator_of_compromise
#kubernetes
def kubernetes() -> ::Google::Cloud::SecurityCenter::V1::Kubernetes
- (::Google::Cloud::SecurityCenter::V1::Kubernetes) — Kubernetes resources associated with the finding.
#kubernetes=
def kubernetes=(value) -> ::Google::Cloud::SecurityCenter::V1::Kubernetes
- value (::Google::Cloud::SecurityCenter::V1::Kubernetes) — Kubernetes resources associated with the finding.
- (::Google::Cloud::SecurityCenter::V1::Kubernetes) — Kubernetes resources associated with the finding.
#mitre_attack
def mitre_attack() -> ::Google::Cloud::SecurityCenter::V1::MitreAttack
- (::Google::Cloud::SecurityCenter::V1::MitreAttack) — MITRE ATT&CK tactics and techniques related to this finding. See: https://attack.mitre.org
#mitre_attack=
def mitre_attack=(value) -> ::Google::Cloud::SecurityCenter::V1::MitreAttack
- value (::Google::Cloud::SecurityCenter::V1::MitreAttack) — MITRE ATT&CK tactics and techniques related to this finding. See: https://attack.mitre.org
- (::Google::Cloud::SecurityCenter::V1::MitreAttack) — MITRE ATT&CK tactics and techniques related to this finding. See: https://attack.mitre.org
#mute
def mute() -> ::Google::Cloud::SecurityCenter::V1::Finding::Mute
- (::Google::Cloud::SecurityCenter::V1::Finding::Mute) — Indicates the mute state of a finding (either muted, unmuted or undefined). Unlike other attributes of a finding, a finding provider shouldn't set the value of mute.
#mute=
def mute=(value) -> ::Google::Cloud::SecurityCenter::V1::Finding::Mute
- value (::Google::Cloud::SecurityCenter::V1::Finding::Mute) — Indicates the mute state of a finding (either muted, unmuted or undefined). Unlike other attributes of a finding, a finding provider shouldn't set the value of mute.
- (::Google::Cloud::SecurityCenter::V1::Finding::Mute) — Indicates the mute state of a finding (either muted, unmuted or undefined). Unlike other attributes of a finding, a finding provider shouldn't set the value of mute.
#mute_initiator
def mute_initiator() -> ::String
- (::String) — First known as mute_annotation. Records additional information about the mute operation e.g. mute config that muted the finding, user who muted the finding, etc. Unlike other attributes of a finding, a finding provider shouldn't set the value of mute.
#mute_initiator=
def mute_initiator=(value) -> ::String
- value (::String) — First known as mute_annotation. Records additional information about the mute operation e.g. mute config that muted the finding, user who muted the finding, etc. Unlike other attributes of a finding, a finding provider shouldn't set the value of mute.
- (::String) — First known as mute_annotation. Records additional information about the mute operation e.g. mute config that muted the finding, user who muted the finding, etc. Unlike other attributes of a finding, a finding provider shouldn't set the value of mute.
#mute_update_time
def mute_update_time() -> ::Google::Protobuf::Timestamp
- (::Google::Protobuf::Timestamp) — Output only. The most recent time this finding was muted or unmuted.
#name
def name() -> ::String
- (::String) — The relative resource name of this finding. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name Example: "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}"
#name=
def name=(value) -> ::String
- value (::String) — The relative resource name of this finding. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name Example: "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}"
- (::String) — The relative resource name of this finding. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name Example: "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}"
#next_steps
def next_steps() -> ::String
- (::String) — Next steps associate to the finding.
#next_steps=
def next_steps=(value) -> ::String
- value (::String) — Next steps associate to the finding.
- (::String) — Next steps associate to the finding.
#parent
def parent() -> ::String
- (::String) — The relative resource name of the source the finding belongs to. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name This field is immutable after creation time. For example: "organizations/{organization_id}/sources/{source_id}"
#parent=
def parent=(value) -> ::String
- value (::String) — The relative resource name of the source the finding belongs to. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name This field is immutable after creation time. For example: "organizations/{organization_id}/sources/{source_id}"
- (::String) — The relative resource name of the source the finding belongs to. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name This field is immutable after creation time. For example: "organizations/{organization_id}/sources/{source_id}"
#parent_display_name
def parent_display_name() -> ::String
- (::String) — Output only. The human readable display name of the finding source such as "Event Threat Detection" or "Security Health Analytics".
#processes
def processes() -> ::Array<::Google::Cloud::SecurityCenter::V1::Process>
- (::Array<::Google::Cloud::SecurityCenter::V1::Process>) — Represents operating system processes associated with the Finding.
#processes=
def processes=(value) -> ::Array<::Google::Cloud::SecurityCenter::V1::Process>
- value (::Array<::Google::Cloud::SecurityCenter::V1::Process>) — Represents operating system processes associated with the Finding.
- (::Array<::Google::Cloud::SecurityCenter::V1::Process>) — Represents operating system processes associated with the Finding.
#resource_name
def resource_name() -> ::String
- (::String) — For findings on Google Cloud resources, the full resource name of the Google Cloud resource this finding is for. See: https://cloud.google.com/apis/design/resource_names#full_resource_name When the finding is for a non-Google Cloud resource, the resourceName can be a customer or partner defined string. This field is immutable after creation time.
#resource_name=
def resource_name=(value) -> ::String
- value (::String) — For findings on Google Cloud resources, the full resource name of the Google Cloud resource this finding is for. See: https://cloud.google.com/apis/design/resource_names#full_resource_name When the finding is for a non-Google Cloud resource, the resourceName can be a customer or partner defined string. This field is immutable after creation time.
- (::String) — For findings on Google Cloud resources, the full resource name of the Google Cloud resource this finding is for. See: https://cloud.google.com/apis/design/resource_names#full_resource_name When the finding is for a non-Google Cloud resource, the resourceName can be a customer or partner defined string. This field is immutable after creation time.
#security_marks
def security_marks() -> ::Google::Cloud::SecurityCenter::V1::SecurityMarks
- (::Google::Cloud::SecurityCenter::V1::SecurityMarks) — Output only. User specified security marks. These marks are entirely managed by the user and come from the SecurityMarks resource that belongs to the finding.
#severity
def severity() -> ::Google::Cloud::SecurityCenter::V1::Finding::Severity
- (::Google::Cloud::SecurityCenter::V1::Finding::Severity) — The severity of the finding. This field is managed by the source that writes the finding.
#severity=
def severity=(value) -> ::Google::Cloud::SecurityCenter::V1::Finding::Severity
- value (::Google::Cloud::SecurityCenter::V1::Finding::Severity) — The severity of the finding. This field is managed by the source that writes the finding.
- (::Google::Cloud::SecurityCenter::V1::Finding::Severity) — The severity of the finding. This field is managed by the source that writes the finding.
#source_properties
def source_properties() -> ::Google::Protobuf::Map{::String => ::Google::Protobuf::Value}
- (::Google::Protobuf::Map{::String => ::Google::Protobuf::Value}) — Source specific properties. These properties are managed by the source that writes the finding. The key names in the source_properties map must be between 1 and 255 characters, and must start with a letter and contain alphanumeric characters or underscores only.
#source_properties=
def source_properties=(value) -> ::Google::Protobuf::Map{::String => ::Google::Protobuf::Value}
- value (::Google::Protobuf::Map{::String => ::Google::Protobuf::Value}) — Source specific properties. These properties are managed by the source that writes the finding. The key names in the source_properties map must be between 1 and 255 characters, and must start with a letter and contain alphanumeric characters or underscores only.
- (::Google::Protobuf::Map{::String => ::Google::Protobuf::Value}) — Source specific properties. These properties are managed by the source that writes the finding. The key names in the source_properties map must be between 1 and 255 characters, and must start with a letter and contain alphanumeric characters or underscores only.
#state
def state() -> ::Google::Cloud::SecurityCenter::V1::Finding::State
- (::Google::Cloud::SecurityCenter::V1::Finding::State) — The state of the finding.
#state=
def state=(value) -> ::Google::Cloud::SecurityCenter::V1::Finding::State
- value (::Google::Cloud::SecurityCenter::V1::Finding::State) — The state of the finding.
- (::Google::Cloud::SecurityCenter::V1::Finding::State) — The state of the finding.
#vulnerability
def vulnerability() -> ::Google::Cloud::SecurityCenter::V1::Vulnerability
- (::Google::Cloud::SecurityCenter::V1::Vulnerability) — Represents vulnerability specific fields like cve, cvss scores etc. CVE stands for Common Vulnerabilities and Exposures (https://cve.mitre.org/about/)
#vulnerability=
def vulnerability=(value) -> ::Google::Cloud::SecurityCenter::V1::Vulnerability
- value (::Google::Cloud::SecurityCenter::V1::Vulnerability) — Represents vulnerability specific fields like cve, cvss scores etc. CVE stands for Common Vulnerabilities and Exposures (https://cve.mitre.org/about/)
- (::Google::Cloud::SecurityCenter::V1::Vulnerability) — Represents vulnerability specific fields like cve, cvss scores etc. CVE stands for Common Vulnerabilities and Exposures (https://cve.mitre.org/about/)