Cloud Security Command Center V1 API - Class Google::Cloud::SecurityCenter::V1::Finding (v0.24.0)

Reference documentation and code samples for the Cloud Security Command Center V1 API class Google::Cloud::SecurityCenter::V1::Finding.

Security Command Center finding.

A finding is a record of assessment data like security, risk, health, or privacy, that is ingested into Security Command Center for presentation, notification, analysis, policy testing, and enforcement. For example, a cross-site scripting (XSS) vulnerability in an App Engine application is a finding.

Inherits

  • Object

Extended By

  • Google::Protobuf::MessageExts::ClassMethods

Includes

  • Google::Protobuf::MessageExts

Methods

#access

def access() -> ::Google::Cloud::SecurityCenter::V1::Access
Returns

#access=

def access=(value) -> ::Google::Cloud::SecurityCenter::V1::Access
Parameter
Returns

#canonical_name

def canonical_name() -> ::String
Returns
  • (::String) — The canonical name of the finding. It's either "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}", "folders/{folder_id}/sources/{source_id}/findings/{finding_id}" or "projects/{project_number}/sources/{source_id}/findings/{finding_id}", depending on the closest CRM ancestor of the resource associated with the finding.

#canonical_name=

def canonical_name=(value) -> ::String
Parameter
  • value (::String) — The canonical name of the finding. It's either "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}", "folders/{folder_id}/sources/{source_id}/findings/{finding_id}" or "projects/{project_number}/sources/{source_id}/findings/{finding_id}", depending on the closest CRM ancestor of the resource associated with the finding.
Returns
  • (::String) — The canonical name of the finding. It's either "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}", "folders/{folder_id}/sources/{source_id}/findings/{finding_id}" or "projects/{project_number}/sources/{source_id}/findings/{finding_id}", depending on the closest CRM ancestor of the resource associated with the finding.

#category

def category() -> ::String
Returns
  • (::String) — The additional taxonomy group within findings from a given source. This field is immutable after creation time. Example: "XSS_FLASH_INJECTION"

#category=

def category=(value) -> ::String
Parameter
  • value (::String) — The additional taxonomy group within findings from a given source. This field is immutable after creation time. Example: "XSS_FLASH_INJECTION"
Returns
  • (::String) — The additional taxonomy group within findings from a given source. This field is immutable after creation time. Example: "XSS_FLASH_INJECTION"

#compliances

def compliances() -> ::Array<::Google::Cloud::SecurityCenter::V1::Compliance>
Returns

#compliances=

def compliances=(value) -> ::Array<::Google::Cloud::SecurityCenter::V1::Compliance>
Parameter
Returns

#connections

def connections() -> ::Array<::Google::Cloud::SecurityCenter::V1::Connection>
Returns

#connections=

def connections=(value) -> ::Array<::Google::Cloud::SecurityCenter::V1::Connection>
Parameter
Returns

#contacts

def contacts() -> ::Google::Protobuf::Map{::String => ::Google::Cloud::SecurityCenter::V1::ContactDetails}
Returns
  • (::Google::Protobuf::Map{::String => ::Google::Cloud::SecurityCenter::V1::ContactDetails}) —

    Output only. Map containing the points of contact for the given finding. The key represents the type of contact, while the value contains a list of all the contacts that pertain. Please refer to: https://cloud.google.com/resource-manager/docs/managing-notification-contacts#notification-categories

    {
      "security": {
        "contacts": [
          {
            "email": "person1@company.com"
          },
          {
            "email": "person2@company.com"
          }
        ]
      }
    }
    

#containers

def containers() -> ::Array<::Google::Cloud::SecurityCenter::V1::Container>
Returns

#containers=

def containers=(value) -> ::Array<::Google::Cloud::SecurityCenter::V1::Container>
Parameter
Returns

#create_time

def create_time() -> ::Google::Protobuf::Timestamp
Returns

#create_time=

def create_time=(value) -> ::Google::Protobuf::Timestamp
Parameter
Returns

#database

def database() -> ::Google::Cloud::SecurityCenter::V1::Database
Returns

#database=

def database=(value) -> ::Google::Cloud::SecurityCenter::V1::Database
Parameter
Returns

#description

def description() -> ::String
Returns
  • (::String) — Contains more detail about the finding.

#description=

def description=(value) -> ::String
Parameter
  • value (::String) — Contains more detail about the finding.
Returns
  • (::String) — Contains more detail about the finding.

#event_time

def event_time() -> ::Google::Protobuf::Timestamp
Returns
  • (::Google::Protobuf::Timestamp) — The time the finding was first detected. If an existing finding is updated, then this is the time the update occurred. For example, if the finding represents an open firewall, this property captures the time the detector believes the firewall became open. The accuracy is determined by the detector. If the finding is later resolved, then this time reflects when the finding was resolved. This must not be set to a value greater than the current timestamp.

#event_time=

def event_time=(value) -> ::Google::Protobuf::Timestamp
Parameter
  • value (::Google::Protobuf::Timestamp) — The time the finding was first detected. If an existing finding is updated, then this is the time the update occurred. For example, if the finding represents an open firewall, this property captures the time the detector believes the firewall became open. The accuracy is determined by the detector. If the finding is later resolved, then this time reflects when the finding was resolved. This must not be set to a value greater than the current timestamp.
Returns
  • (::Google::Protobuf::Timestamp) — The time the finding was first detected. If an existing finding is updated, then this is the time the update occurred. For example, if the finding represents an open firewall, this property captures the time the detector believes the firewall became open. The accuracy is determined by the detector. If the finding is later resolved, then this time reflects when the finding was resolved. This must not be set to a value greater than the current timestamp.

#exfiltration

def exfiltration() -> ::Google::Cloud::SecurityCenter::V1::Exfiltration
Returns

#exfiltration=

def exfiltration=(value) -> ::Google::Cloud::SecurityCenter::V1::Exfiltration
Parameter
Returns

#external_systems

def external_systems() -> ::Google::Protobuf::Map{::String => ::Google::Cloud::SecurityCenter::V1::ExternalSystem}
Returns
  • (::Google::Protobuf::Map{::String => ::Google::Cloud::SecurityCenter::V1::ExternalSystem}) — Output only. Third party SIEM/SOAR fields within SCC, contains external system information and external system finding fields.

#external_uri

def external_uri() -> ::String
Returns
  • (::String) — The URI that, if available, points to a web page outside of Security Command Center where additional information about the finding can be found. This field is guaranteed to be either empty or a well formed URL.

#external_uri=

def external_uri=(value) -> ::String
Parameter
  • value (::String) — The URI that, if available, points to a web page outside of Security Command Center where additional information about the finding can be found. This field is guaranteed to be either empty or a well formed URL.
Returns
  • (::String) — The URI that, if available, points to a web page outside of Security Command Center where additional information about the finding can be found. This field is guaranteed to be either empty or a well formed URL.

#files

def files() -> ::Array<::Google::Cloud::SecurityCenter::V1::File>
Returns

#files=

def files=(value) -> ::Array<::Google::Cloud::SecurityCenter::V1::File>
Parameter
Returns

#finding_class

def finding_class() -> ::Google::Cloud::SecurityCenter::V1::Finding::FindingClass
Returns

#finding_class=

def finding_class=(value) -> ::Google::Cloud::SecurityCenter::V1::Finding::FindingClass
Parameter
Returns

#iam_bindings

def iam_bindings() -> ::Array<::Google::Cloud::SecurityCenter::V1::IamBinding>
Returns

#iam_bindings=

def iam_bindings=(value) -> ::Array<::Google::Cloud::SecurityCenter::V1::IamBinding>
Parameter
Returns

#indicator

def indicator() -> ::Google::Cloud::SecurityCenter::V1::Indicator
Returns
  • (::Google::Cloud::SecurityCenter::V1::Indicator) — Represents what's commonly known as an Indicator of compromise (IoC) in computer forensics. This is an artifact observed on a network or in an operating system that, with high confidence, indicates a computer intrusion. Reference: https://en.wikipedia.org/wiki/Indicator_of_compromise

#indicator=

def indicator=(value) -> ::Google::Cloud::SecurityCenter::V1::Indicator
Parameter
  • value (::Google::Cloud::SecurityCenter::V1::Indicator) — Represents what's commonly known as an Indicator of compromise (IoC) in computer forensics. This is an artifact observed on a network or in an operating system that, with high confidence, indicates a computer intrusion. Reference: https://en.wikipedia.org/wiki/Indicator_of_compromise
Returns
  • (::Google::Cloud::SecurityCenter::V1::Indicator) — Represents what's commonly known as an Indicator of compromise (IoC) in computer forensics. This is an artifact observed on a network or in an operating system that, with high confidence, indicates a computer intrusion. Reference: https://en.wikipedia.org/wiki/Indicator_of_compromise

#kernel_rootkit

def kernel_rootkit() -> ::Google::Cloud::SecurityCenter::V1::KernelRootkit
Returns

#kernel_rootkit=

def kernel_rootkit=(value) -> ::Google::Cloud::SecurityCenter::V1::KernelRootkit
Parameter
Returns

#kubernetes

def kubernetes() -> ::Google::Cloud::SecurityCenter::V1::Kubernetes
Returns

#kubernetes=

def kubernetes=(value) -> ::Google::Cloud::SecurityCenter::V1::Kubernetes
Parameter
Returns

#mitre_attack

def mitre_attack() -> ::Google::Cloud::SecurityCenter::V1::MitreAttack
Returns

#mitre_attack=

def mitre_attack=(value) -> ::Google::Cloud::SecurityCenter::V1::MitreAttack
Parameter
Returns

#mute

def mute() -> ::Google::Cloud::SecurityCenter::V1::Finding::Mute
Returns

#mute=

def mute=(value) -> ::Google::Cloud::SecurityCenter::V1::Finding::Mute
Parameter
Returns

#mute_initiator

def mute_initiator() -> ::String
Returns
  • (::String) — First known as mute_annotation. Records additional information about the mute operation e.g. mute config that muted the finding, user who muted the finding, etc. Unlike other attributes of a finding, a finding provider shouldn't set the value of mute.

#mute_initiator=

def mute_initiator=(value) -> ::String
Parameter
  • value (::String) — First known as mute_annotation. Records additional information about the mute operation e.g. mute config that muted the finding, user who muted the finding, etc. Unlike other attributes of a finding, a finding provider shouldn't set the value of mute.
Returns
  • (::String) — First known as mute_annotation. Records additional information about the mute operation e.g. mute config that muted the finding, user who muted the finding, etc. Unlike other attributes of a finding, a finding provider shouldn't set the value of mute.

#mute_update_time

def mute_update_time() -> ::Google::Protobuf::Timestamp
Returns

#name

def name() -> ::String
Returns
  • (::String) — The relative resource name of this finding. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name Example: "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}"

#name=

def name=(value) -> ::String
Parameter
  • value (::String) — The relative resource name of this finding. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name Example: "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}"
Returns
  • (::String) — The relative resource name of this finding. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name Example: "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}"

#next_steps

def next_steps() -> ::String
Returns
  • (::String) — Next steps associate to the finding.

#next_steps=

def next_steps=(value) -> ::String
Parameter
  • value (::String) — Next steps associate to the finding.
Returns
  • (::String) — Next steps associate to the finding.

#parent

def parent() -> ::String
Returns
  • (::String) — The relative resource name of the source the finding belongs to. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name This field is immutable after creation time. For example: "organizations/{organization_id}/sources/{source_id}"

#parent=

def parent=(value) -> ::String
Parameter
  • value (::String) — The relative resource name of the source the finding belongs to. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name This field is immutable after creation time. For example: "organizations/{organization_id}/sources/{source_id}"
Returns
  • (::String) — The relative resource name of the source the finding belongs to. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name This field is immutable after creation time. For example: "organizations/{organization_id}/sources/{source_id}"

#parent_display_name

def parent_display_name() -> ::String
Returns
  • (::String) — Output only. The human readable display name of the finding source such as "Event Threat Detection" or "Security Health Analytics".

#processes

def processes() -> ::Array<::Google::Cloud::SecurityCenter::V1::Process>
Returns

#processes=

def processes=(value) -> ::Array<::Google::Cloud::SecurityCenter::V1::Process>
Parameter
Returns

#resource_name

def resource_name() -> ::String
Returns
  • (::String) — For findings on Google Cloud resources, the full resource name of the Google Cloud resource this finding is for. See: https://cloud.google.com/apis/design/resource_names#full_resource_name When the finding is for a non-Google Cloud resource, the resourceName can be a customer or partner defined string. This field is immutable after creation time.

#resource_name=

def resource_name=(value) -> ::String
Parameter
  • value (::String) — For findings on Google Cloud resources, the full resource name of the Google Cloud resource this finding is for. See: https://cloud.google.com/apis/design/resource_names#full_resource_name When the finding is for a non-Google Cloud resource, the resourceName can be a customer or partner defined string. This field is immutable after creation time.
Returns
  • (::String) — For findings on Google Cloud resources, the full resource name of the Google Cloud resource this finding is for. See: https://cloud.google.com/apis/design/resource_names#full_resource_name When the finding is for a non-Google Cloud resource, the resourceName can be a customer or partner defined string. This field is immutable after creation time.

#security_marks

def security_marks() -> ::Google::Cloud::SecurityCenter::V1::SecurityMarks
Returns

#severity

def severity() -> ::Google::Cloud::SecurityCenter::V1::Finding::Severity
Returns

#severity=

def severity=(value) -> ::Google::Cloud::SecurityCenter::V1::Finding::Severity
Parameter
Returns

#source_properties

def source_properties() -> ::Google::Protobuf::Map{::String => ::Google::Protobuf::Value}
Returns
  • (::Google::Protobuf::Map{::String => ::Google::Protobuf::Value}) — Source specific properties. These properties are managed by the source that writes the finding. The key names in the source_properties map must be between 1 and 255 characters, and must start with a letter and contain alphanumeric characters or underscores only.

#source_properties=

def source_properties=(value) -> ::Google::Protobuf::Map{::String => ::Google::Protobuf::Value}
Parameter
  • value (::Google::Protobuf::Map{::String => ::Google::Protobuf::Value}) — Source specific properties. These properties are managed by the source that writes the finding. The key names in the source_properties map must be between 1 and 255 characters, and must start with a letter and contain alphanumeric characters or underscores only.
Returns
  • (::Google::Protobuf::Map{::String => ::Google::Protobuf::Value}) — Source specific properties. These properties are managed by the source that writes the finding. The key names in the source_properties map must be between 1 and 255 characters, and must start with a letter and contain alphanumeric characters or underscores only.

#state

def state() -> ::Google::Cloud::SecurityCenter::V1::Finding::State
Returns

#state=

def state=(value) -> ::Google::Cloud::SecurityCenter::V1::Finding::State
Parameter
Returns

#vulnerability

def vulnerability() -> ::Google::Cloud::SecurityCenter::V1::Vulnerability
Returns

#vulnerability=

def vulnerability=(value) -> ::Google::Cloud::SecurityCenter::V1::Vulnerability
Parameter
Returns