Cloud Security Command Center V1 API - Class Google::Cloud::SecurityCenter::V1::Finding (v0.34.2)

Reference documentation and code samples for the Cloud Security Command Center V1 API class Google::Cloud::SecurityCenter::V1::Finding.

Security Command Center finding.

A finding is a record of assessment data like security, risk, health, or privacy, that is ingested into Security Command Center for presentation, notification, analysis, policy testing, and enforcement. For example, a cross-site scripting (XSS) vulnerability in an App Engine application is a finding.

Inherits

Object

Extended By

Google::Protobuf::MessageExts::ClassMethods

Includes

Google::Protobuf::MessageExts

Methods

#access

def access() -> ::Google::Cloud::SecurityCenter::V1::Access

Returns

(::Google::Cloud::SecurityCenter::V1::Access) — Access details associated with the finding, such as more information on the caller, which method was accessed, and from where.

#access=

def access=(value) -> ::Google::Cloud::SecurityCenter::V1::Access

Parameter

value (::Google::Cloud::SecurityCenter::V1::Access) — Access details associated with the finding, such as more information on the caller, which method was accessed, and from where.

Returns

(::Google::Cloud::SecurityCenter::V1::Access) — Access details associated with the finding, such as more information on the caller, which method was accessed, and from where.

#canonical_name

def canonical_name() -> ::String

Returns

(::String) — The canonical name of the finding. It's either "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}", "folders/{folder_id}/sources/{source_id}/findings/{finding_id}" or "projects/{project_number}/sources/{source_id}/findings/{finding_id}", depending on the closest CRM ancestor of the resource associated with the finding.

#canonical_name=

def canonical_name=(value) -> ::String

Parameter

value (::String) — The canonical name of the finding. It's either "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}", "folders/{folder_id}/sources/{source_id}/findings/{finding_id}" or "projects/{project_number}/sources/{source_id}/findings/{finding_id}", depending on the closest CRM ancestor of the resource associated with the finding.

Returns

(::String) — The canonical name of the finding. It's either "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}", "folders/{folder_id}/sources/{source_id}/findings/{finding_id}" or "projects/{project_number}/sources/{source_id}/findings/{finding_id}", depending on the closest CRM ancestor of the resource associated with the finding.

#category

def category() -> ::String

Returns

(::String) — The additional taxonomy group within findings from a given source. This field is immutable after creation time. Example: "XSS_FLASH_INJECTION"

#category=

def category=(value) -> ::String

Parameter

value (::String) — The additional taxonomy group within findings from a given source. This field is immutable after creation time. Example: "XSS_FLASH_INJECTION"

Returns

(::String) — The additional taxonomy group within findings from a given source. This field is immutable after creation time. Example: "XSS_FLASH_INJECTION"

#cloud_dlp_data_profile

def cloud_dlp_data_profile() -> ::Google::Cloud::SecurityCenter::V1::CloudDlpDataProfile

Returns

(::Google::Cloud::SecurityCenter::V1::CloudDlpDataProfile) — Cloud DLP data profile that is associated with the finding.

#cloud_dlp_data_profile=

def cloud_dlp_data_profile=(value) -> ::Google::Cloud::SecurityCenter::V1::CloudDlpDataProfile

Parameter

value (::Google::Cloud::SecurityCenter::V1::CloudDlpDataProfile) — Cloud DLP data profile that is associated with the finding.

Returns

(::Google::Cloud::SecurityCenter::V1::CloudDlpDataProfile) — Cloud DLP data profile that is associated with the finding.

#cloud_dlp_inspection

def cloud_dlp_inspection() -> ::Google::Cloud::SecurityCenter::V1::CloudDlpInspection

Returns

(::Google::Cloud::SecurityCenter::V1::CloudDlpInspection) — Cloud Data Loss Prevention (Cloud DLP) inspection results that are associated with the finding.

#cloud_dlp_inspection=

def cloud_dlp_inspection=(value) -> ::Google::Cloud::SecurityCenter::V1::CloudDlpInspection

Parameter

value (::Google::Cloud::SecurityCenter::V1::CloudDlpInspection) — Cloud Data Loss Prevention (Cloud DLP) inspection results that are associated with the finding.

Returns

(::Google::Cloud::SecurityCenter::V1::CloudDlpInspection) — Cloud Data Loss Prevention (Cloud DLP) inspection results that are associated with the finding.

#compliances

def compliances() -> ::Array<::Google::Cloud::SecurityCenter::V1::Compliance>

Returns

(::Array<::Google::Cloud::SecurityCenter::V1::Compliance>) — Contains compliance information for security standards associated to the finding.

#compliances=

def compliances=(value) -> ::Array<::Google::Cloud::SecurityCenter::V1::Compliance>

Parameter

value (::Array<::Google::Cloud::SecurityCenter::V1::Compliance>) — Contains compliance information for security standards associated to the finding.

Returns

(::Array<::Google::Cloud::SecurityCenter::V1::Compliance>) — Contains compliance information for security standards associated to the finding.

#connections

def connections() -> ::Array<::Google::Cloud::SecurityCenter::V1::Connection>

Returns

(::Array<::Google::Cloud::SecurityCenter::V1::Connection>) — Contains information about the IP connection associated with the finding.

#connections=

def connections=(value) -> ::Array<::Google::Cloud::SecurityCenter::V1::Connection>

Parameter

value (::Array<::Google::Cloud::SecurityCenter::V1::Connection>) — Contains information about the IP connection associated with the finding.

Returns

(::Array<::Google::Cloud::SecurityCenter::V1::Connection>) — Contains information about the IP connection associated with the finding.

#contacts

def contacts() -> ::Google::Protobuf::Map{::String => ::Google::Cloud::SecurityCenter::V1::ContactDetails}

Returns

(::Google::Protobuf::Map{::String => ::Google::Cloud::SecurityCenter::V1::ContactDetails}) —
Output only. Map containing the points of contact for the given finding. The key represents the type of contact, while the value contains a list of all the contacts that pertain. Please refer to: https://cloud.google.com/resource-manager/docs/managing-notification-contacts#notification-categories
```
{
  "security": {
    "contacts": [
      {
        "email": "person1@company.com"
      },
      {
        "email": "person2@company.com"
      }
    ]
  }
}
```

#containers

def containers() -> ::Array<::Google::Cloud::SecurityCenter::V1::Container>

Returns

(::Array<::Google::Cloud::SecurityCenter::V1::Container>) — Containers associated with the finding. This field provides information for both Kubernetes and non-Kubernetes containers.

#containers=

def containers=(value) -> ::Array<::Google::Cloud::SecurityCenter::V1::Container>

Parameter

value (::Array<::Google::Cloud::SecurityCenter::V1::Container>) — Containers associated with the finding. This field provides information for both Kubernetes and non-Kubernetes containers.

Returns

(::Array<::Google::Cloud::SecurityCenter::V1::Container>) — Containers associated with the finding. This field provides information for both Kubernetes and non-Kubernetes containers.

#create_time

def create_time() -> ::Google::Protobuf::Timestamp

Returns

(::Google::Protobuf::Timestamp) — The time at which the finding was created in Security Command Center.

#create_time=

def create_time=(value) -> ::Google::Protobuf::Timestamp

Parameter

value (::Google::Protobuf::Timestamp) — The time at which the finding was created in Security Command Center.

Returns

(::Google::Protobuf::Timestamp) — The time at which the finding was created in Security Command Center.

#database

def database() -> ::Google::Cloud::SecurityCenter::V1::Database

Returns

(::Google::Cloud::SecurityCenter::V1::Database) — Database associated with the finding.

#database=

def database=(value) -> ::Google::Cloud::SecurityCenter::V1::Database

Parameter

value (::Google::Cloud::SecurityCenter::V1::Database) — Database associated with the finding.

Returns

(::Google::Cloud::SecurityCenter::V1::Database) — Database associated with the finding.

#description

def description() -> ::String

Returns

(::String) — Contains more details about the finding.

#description=

def description=(value) -> ::String

Parameter

value (::String) — Contains more details about the finding.

Returns

(::String) — Contains more details about the finding.

#event_time

def event_time() -> ::Google::Protobuf::Timestamp

Returns

(::Google::Protobuf::Timestamp) — The time the finding was first detected. If an existing finding is updated, then this is the time the update occurred. For example, if the finding represents an open firewall, this property captures the time the detector believes the firewall became open. The accuracy is determined by the detector. If the finding is later resolved, then this time reflects when the finding was resolved. This must not be set to a value greater than the current timestamp.

#event_time=

def event_time=(value) -> ::Google::Protobuf::Timestamp

Parameter

value (::Google::Protobuf::Timestamp) — The time the finding was first detected. If an existing finding is updated, then this is the time the update occurred. For example, if the finding represents an open firewall, this property captures the time the detector believes the firewall became open. The accuracy is determined by the detector. If the finding is later resolved, then this time reflects when the finding was resolved. This must not be set to a value greater than the current timestamp.

Returns

(::Google::Protobuf::Timestamp) — The time the finding was first detected. If an existing finding is updated, then this is the time the update occurred. For example, if the finding represents an open firewall, this property captures the time the detector believes the firewall became open. The accuracy is determined by the detector. If the finding is later resolved, then this time reflects when the finding was resolved. This must not be set to a value greater than the current timestamp.

#exfiltration

def exfiltration() -> ::Google::Cloud::SecurityCenter::V1::Exfiltration

Returns

(::Google::Cloud::SecurityCenter::V1::Exfiltration) — Represents exfiltrations associated with the finding.

#exfiltration=

def exfiltration=(value) -> ::Google::Cloud::SecurityCenter::V1::Exfiltration

Parameter

value (::Google::Cloud::SecurityCenter::V1::Exfiltration) — Represents exfiltrations associated with the finding.

Returns

(::Google::Cloud::SecurityCenter::V1::Exfiltration) — Represents exfiltrations associated with the finding.

#external_systems

def external_systems() -> ::Google::Protobuf::Map{::String => ::Google::Cloud::SecurityCenter::V1::ExternalSystem}

Returns

(::Google::Protobuf::Map{::String => ::Google::Cloud::SecurityCenter::V1::ExternalSystem}) — Output only. Third party SIEM/SOAR fields within SCC, contains external system information and external system finding fields.

#external_uri

def external_uri() -> ::String

Returns

(::String) — The URI that, if available, points to a web page outside of Security Command Center where additional information about the finding can be found. This field is guaranteed to be either empty or a well formed URL.

#external_uri=

def external_uri=(value) -> ::String

Parameter

value (::String) — The URI that, if available, points to a web page outside of Security Command Center where additional information about the finding can be found. This field is guaranteed to be either empty or a well formed URL.

Returns

(::String) — The URI that, if available, points to a web page outside of Security Command Center where additional information about the finding can be found. This field is guaranteed to be either empty or a well formed URL.

#files

def files() -> ::Array<::Google::Cloud::SecurityCenter::V1::File>

Returns

(::Array<::Google::Cloud::SecurityCenter::V1::File>) — File associated with the finding.

#files=

def files=(value) -> ::Array<::Google::Cloud::SecurityCenter::V1::File>

Parameter

value (::Array<::Google::Cloud::SecurityCenter::V1::File>) — File associated with the finding.

Returns

(::Array<::Google::Cloud::SecurityCenter::V1::File>) — File associated with the finding.

#finding_class

def finding_class() -> ::Google::Cloud::SecurityCenter::V1::Finding::FindingClass

Returns

(::Google::Cloud::SecurityCenter::V1::Finding::FindingClass) — The class of the finding.

#finding_class=

def finding_class=(value) -> ::Google::Cloud::SecurityCenter::V1::Finding::FindingClass

Parameter

value (::Google::Cloud::SecurityCenter::V1::Finding::FindingClass) — The class of the finding.

Returns

(::Google::Cloud::SecurityCenter::V1::Finding::FindingClass) — The class of the finding.

#iam_bindings

def iam_bindings() -> ::Array<::Google::Cloud::SecurityCenter::V1::IamBinding>

Returns

(::Array<::Google::Cloud::SecurityCenter::V1::IamBinding>) — Represents IAM bindings associated with the finding.

#iam_bindings=

def iam_bindings=(value) -> ::Array<::Google::Cloud::SecurityCenter::V1::IamBinding>

Parameter

value (::Array<::Google::Cloud::SecurityCenter::V1::IamBinding>) — Represents IAM bindings associated with the finding.

Returns

(::Array<::Google::Cloud::SecurityCenter::V1::IamBinding>) — Represents IAM bindings associated with the finding.

#indicator

def indicator() -> ::Google::Cloud::SecurityCenter::V1::Indicator

Returns

(::Google::Cloud::SecurityCenter::V1::Indicator) — Represents what's commonly known as an indicator of compromise (IoC) in computer forensics. This is an artifact observed on a network or in an operating system that, with high confidence, indicates a computer intrusion. For more information, see Indicator of compromise.

#indicator=

def indicator=(value) -> ::Google::Cloud::SecurityCenter::V1::Indicator

Parameter

value (::Google::Cloud::SecurityCenter::V1::Indicator) — Represents what's commonly known as an indicator of compromise (IoC) in computer forensics. This is an artifact observed on a network or in an operating system that, with high confidence, indicates a computer intrusion. For more information, see Indicator of compromise.

Returns

(::Google::Cloud::SecurityCenter::V1::Indicator) — Represents what's commonly known as an indicator of compromise (IoC) in computer forensics. This is an artifact observed on a network or in an operating system that, with high confidence, indicates a computer intrusion. For more information, see Indicator of compromise.

#kernel_rootkit

def kernel_rootkit() -> ::Google::Cloud::SecurityCenter::V1::KernelRootkit

Returns

(::Google::Cloud::SecurityCenter::V1::KernelRootkit) — Signature of the kernel rootkit.

#kernel_rootkit=

def kernel_rootkit=(value) -> ::Google::Cloud::SecurityCenter::V1::KernelRootkit

Parameter

value (::Google::Cloud::SecurityCenter::V1::KernelRootkit) — Signature of the kernel rootkit.

Returns

(::Google::Cloud::SecurityCenter::V1::KernelRootkit) — Signature of the kernel rootkit.

#kubernetes

def kubernetes() -> ::Google::Cloud::SecurityCenter::V1::Kubernetes

Returns

(::Google::Cloud::SecurityCenter::V1::Kubernetes) — Kubernetes resources associated with the finding.

#kubernetes=

def kubernetes=(value) -> ::Google::Cloud::SecurityCenter::V1::Kubernetes

Parameter

value (::Google::Cloud::SecurityCenter::V1::Kubernetes) — Kubernetes resources associated with the finding.

Returns

(::Google::Cloud::SecurityCenter::V1::Kubernetes) — Kubernetes resources associated with the finding.

#mitre_attack

def mitre_attack() -> ::Google::Cloud::SecurityCenter::V1::MitreAttack

Returns

(::Google::Cloud::SecurityCenter::V1::MitreAttack) — MITRE ATT&CK tactics and techniques related to this finding. See: https://attack.mitre.org

#mitre_attack=

def mitre_attack=(value) -> ::Google::Cloud::SecurityCenter::V1::MitreAttack

Parameter

value (::Google::Cloud::SecurityCenter::V1::MitreAttack) — MITRE ATT&CK tactics and techniques related to this finding. See: https://attack.mitre.org

Returns

(::Google::Cloud::SecurityCenter::V1::MitreAttack) — MITRE ATT&CK tactics and techniques related to this finding. See: https://attack.mitre.org

#module_name

def module_name() -> ::String

Returns

(::String) — Unique identifier of the module which generated the finding. Example: folders/598186756061/securityHealthAnalyticsSettings/customModules/56799441161885

#module_name=

def module_name=(value) -> ::String

Parameter

value (::String) — Unique identifier of the module which generated the finding. Example: folders/598186756061/securityHealthAnalyticsSettings/customModules/56799441161885

Returns

(::String) — Unique identifier of the module which generated the finding. Example: folders/598186756061/securityHealthAnalyticsSettings/customModules/56799441161885

#mute

def mute() -> ::Google::Cloud::SecurityCenter::V1::Finding::Mute

Returns

(::Google::Cloud::SecurityCenter::V1::Finding::Mute) — Indicates the mute state of a finding (either muted, unmuted or undefined). Unlike other attributes of a finding, a finding provider shouldn't set the value of mute.

#mute=

def mute=(value) -> ::Google::Cloud::SecurityCenter::V1::Finding::Mute

Parameter

value (::Google::Cloud::SecurityCenter::V1::Finding::Mute) — Indicates the mute state of a finding (either muted, unmuted or undefined). Unlike other attributes of a finding, a finding provider shouldn't set the value of mute.

Returns

(::Google::Cloud::SecurityCenter::V1::Finding::Mute) — Indicates the mute state of a finding (either muted, unmuted or undefined). Unlike other attributes of a finding, a finding provider shouldn't set the value of mute.

#mute_initiator

def mute_initiator() -> ::String

Returns

(::String) — Records additional information about the mute operation, for example, the mute configuration that muted the finding and the user who muted the finding.

#mute_initiator=

def mute_initiator=(value) -> ::String

Parameter

value (::String) — Records additional information about the mute operation, for example, the mute configuration that muted the finding and the user who muted the finding.

Returns

(::String) — Records additional information about the mute operation, for example, the mute configuration that muted the finding and the user who muted the finding.

#mute_update_time

def mute_update_time() -> ::Google::Protobuf::Timestamp

Returns

(::Google::Protobuf::Timestamp) — Output only. The most recent time this finding was muted or unmuted.

#name

def name() -> ::String

Returns

(::String) — The relative resource name of the finding. Example: "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}", "folders/{folder_id}/sources/{source_id}/findings/{finding_id}", "projects/{project_id}/sources/{source_id}/findings/{finding_id}".

#name=

def name=(value) -> ::String

Parameter

value (::String) — The relative resource name of the finding. Example: "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}", "folders/{folder_id}/sources/{source_id}/findings/{finding_id}", "projects/{project_id}/sources/{source_id}/findings/{finding_id}".

Returns

(::String) — The relative resource name of the finding. Example: "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}", "folders/{folder_id}/sources/{source_id}/findings/{finding_id}", "projects/{project_id}/sources/{source_id}/findings/{finding_id}".

#next_steps

def next_steps() -> ::String

Returns

(::String) — Steps to address the finding.

#next_steps=

def next_steps=(value) -> ::String

Parameter

value (::String) — Steps to address the finding.

Returns

(::String) — Steps to address the finding.

#parent

def parent() -> ::String

Returns

(::String) — The relative resource name of the source the finding belongs to. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name This field is immutable after creation time. For example: "organizations/{organization_id}/sources/{source_id}"

#parent=

def parent=(value) -> ::String

Parameter

value (::String) — The relative resource name of the source the finding belongs to. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name This field is immutable after creation time. For example: "organizations/{organization_id}/sources/{source_id}"

Returns

(::String) — The relative resource name of the source the finding belongs to. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name This field is immutable after creation time. For example: "organizations/{organization_id}/sources/{source_id}"

#parent_display_name

def parent_display_name() -> ::String

Returns

(::String) — Output only. The human readable display name of the finding source such as "Event Threat Detection" or "Security Health Analytics".

#processes

def processes() -> ::Array<::Google::Cloud::SecurityCenter::V1::Process>

Returns

(::Array<::Google::Cloud::SecurityCenter::V1::Process>) — Represents operating system processes associated with the Finding.

#processes=

def processes=(value) -> ::Array<::Google::Cloud::SecurityCenter::V1::Process>

Parameter

value (::Array<::Google::Cloud::SecurityCenter::V1::Process>) — Represents operating system processes associated with the Finding.

Returns

(::Array<::Google::Cloud::SecurityCenter::V1::Process>) — Represents operating system processes associated with the Finding.

#resource_name

def resource_name() -> ::String

Returns

(::String) — For findings on Google Cloud resources, the full resource name of the Google Cloud resource this finding is for. See: https://cloud.google.com/apis/design/resource_names#full_resource_name When the finding is for a non-Google Cloud resource, the resourceName can be a customer or partner defined string. This field is immutable after creation time.

#resource_name=

def resource_name=(value) -> ::String

Parameter

value (::String) — For findings on Google Cloud resources, the full resource name of the Google Cloud resource this finding is for. See: https://cloud.google.com/apis/design/resource_names#full_resource_name When the finding is for a non-Google Cloud resource, the resourceName can be a customer or partner defined string. This field is immutable after creation time.

Returns

(::String) — For findings on Google Cloud resources, the full resource name of the Google Cloud resource this finding is for. See: https://cloud.google.com/apis/design/resource_names#full_resource_name When the finding is for a non-Google Cloud resource, the resourceName can be a customer or partner defined string. This field is immutable after creation time.

#security_marks

def security_marks() -> ::Google::Cloud::SecurityCenter::V1::SecurityMarks

Returns

(::Google::Cloud::SecurityCenter::V1::SecurityMarks) — Output only. User specified security marks. These marks are entirely managed by the user and come from the SecurityMarks resource that belongs to the finding.

#severity

def severity() -> ::Google::Cloud::SecurityCenter::V1::Finding::Severity

Returns

(::Google::Cloud::SecurityCenter::V1::Finding::Severity) — The severity of the finding. This field is managed by the source that writes the finding.

#severity=

def severity=(value) -> ::Google::Cloud::SecurityCenter::V1::Finding::Severity

Parameter

value (::Google::Cloud::SecurityCenter::V1::Finding::Severity) — The severity of the finding. This field is managed by the source that writes the finding.

Returns

(::Google::Cloud::SecurityCenter::V1::Finding::Severity) — The severity of the finding. This field is managed by the source that writes the finding.

#source_properties

def source_properties() -> ::Google::Protobuf::Map{::String => ::Google::Protobuf::Value}

Returns

(::Google::Protobuf::Map{::String => ::Google::Protobuf::Value}) — Source specific properties. These properties are managed by the source that writes the finding. The key names in the source_properties map must be between 1 and 255 characters, and must start with a letter and contain alphanumeric characters or underscores only.

#source_properties=

def source_properties=(value) -> ::Google::Protobuf::Map{::String => ::Google::Protobuf::Value}

Parameter

value (::Google::Protobuf::Map{::String => ::Google::Protobuf::Value}) — Source specific properties. These properties are managed by the source that writes the finding. The key names in the source_properties map must be between 1 and 255 characters, and must start with a letter and contain alphanumeric characters or underscores only.

Returns

(::Google::Protobuf::Map{::String => ::Google::Protobuf::Value}) — Source specific properties. These properties are managed by the source that writes the finding. The key names in the source_properties map must be between 1 and 255 characters, and must start with a letter and contain alphanumeric characters or underscores only.

#state

def state() -> ::Google::Cloud::SecurityCenter::V1::Finding::State

Returns

(::Google::Cloud::SecurityCenter::V1::Finding::State) — The state of the finding.

#state=

def state=(value) -> ::Google::Cloud::SecurityCenter::V1::Finding::State

Parameter

value (::Google::Cloud::SecurityCenter::V1::Finding::State) — The state of the finding.

Returns

(::Google::Cloud::SecurityCenter::V1::Finding::State) — The state of the finding.

#vulnerability

def vulnerability() -> ::Google::Cloud::SecurityCenter::V1::Vulnerability

Returns

(::Google::Cloud::SecurityCenter::V1::Vulnerability) — Represents vulnerability-specific fields like CVE and CVSS scores. CVE stands for Common Vulnerabilities and Exposures (https://cve.mitre.org/about/)

#vulnerability=

def vulnerability=(value) -> ::Google::Cloud::SecurityCenter::V1::Vulnerability

Parameter

value (::Google::Cloud::SecurityCenter::V1::Vulnerability) — Represents vulnerability-specific fields like CVE and CVSS scores. CVE stands for Common Vulnerabilities and Exposures (https://cve.mitre.org/about/)

Returns

(::Google::Cloud::SecurityCenter::V1::Vulnerability) — Represents vulnerability-specific fields like CVE and CVSS scores. CVE stands for Common Vulnerabilities and Exposures (https://cve.mitre.org/about/)