ListFindingsResponse

JSON representation
ListFindingsResult
- JSON representation
StateChange
Resource
- JSON representation
AwsMetadata
- JSON representation
AwsOrganization
- JSON representation
AwsOrganizationalUnit
- JSON representation
AwsAccount
- JSON representation
ResourcePath
- JSON representation
ResourcePathNode
- JSON representation
ResourcePathNodeType

Response message for listing findings.

JSON representation
{ "listFindingsResults": [ { object (`ListFindingsResult`) } ], "readTime": string, "nextPageToken": string, "totalSize": integer }

Fields
`listFindingsResults[]`	`object (ListFindingsResult)` Findings matching the list request.
`readTime`	`string (Timestamp format)` Time used for executing the list request. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: `"2014-10-02T15:01:23Z"` and `"2014-10-02T15:01:23.045123456Z"`.
`nextPageToken`	`string` Token to retrieve the next page of results, or empty if there are no more results.
`totalSize`	`integer` The total number of findings matching the query.

ListFindingsResult

Result containing the Finding and its StateChange.

JSON representation
{ "finding": { object (`Finding`) }, "stateChange": enum (`StateChange`), "resource": { object (`Resource`) } }

Fields

Fields
`finding`	`object (Finding)` Finding matching the search request.
`stateChange`	`enum (StateChange)` State change of the finding between the points in time.
`resource`	`object (Resource)` Output only. Resource that is associated with this finding.

finding

object (Finding)

Finding matching the search request.

stateChange

enum (StateChange)

State change of the finding between the points in time.

resource

object (Resource)

Output only. Resource that is associated with this finding.

StateChange

The change in state of the finding.

When querying across two points in time this describes the change in the finding between the two points: CHANGED, UNCHANGED, ADDED, or REMOVED. Findings can not be deleted, so REMOVED implies that the finding at timestamp does not match the filter specified, but it did at timestamp - compareDuration. If there was no compareDuration supplied in the request the state change will be: UNUSED

Enums
`UNUSED`	State change is unused, this is the canonical default for this enum.
`CHANGED`	The finding has changed state in some way between the points in time and existed at both points.
`UNCHANGED`	The finding has not changed state between the points in time and existed at both points.
`ADDED`	The finding was created between the points in time.
`REMOVED`	The finding at timestamp does not match the filter specified, but it did at timestamp - compareDuration.

Resource

Information related to the Google Cloud resource that is associated with this finding.

JSON representation

JSON representation
{ "name": string, "displayName": string, "type": string, "projectName": string, "projectDisplayName": string, "parentName": string, "parentDisplayName": string, "folders": [ { object (`Folder`) } ], "cloudProvider": enum (`CloudProvider`), "organization": string, "service": string, "location": string, "resourcePath": { object (`ResourcePath`) }, "resourcePathString": string, // Union field `cloud_provider_metadata` can be only one of the following: "awsMetadata": { object (`AwsMetadata`) } // End of list of possible types for union field `cloud_provider_metadata`. }

{
  "name": string,
  "displayName": string,
  "type": string,
  "projectName": string,
  "projectDisplayName": string,
  "parentName": string,
  "parentDisplayName": string,
  "folders": [
    {
      object (Folder)
    }
  ],
  "cloudProvider": enum (CloudProvider),
  "organization": string,
  "service": string,
  "location": string,
  "resourcePath": {
    object (ResourcePath)
  },
  "resourcePathString": string,

  // Union field cloud_provider_metadata can be only one of the following:
  "awsMetadata": {
    object (AwsMetadata)
  }
  // End of list of possible types for union field cloud_provider_metadata.
}

Fields
`name`	`string` The full resource name of the resource. See: https://cloud.google.com/apis/design/resource_names#full_resource_name
`displayName`	`string` The human readable name of the resource.
`type`	`string` The full resource type of the resource.
`projectName`	`string` The full resource name of project that the resource belongs to.
`projectDisplayName`	`string` The project ID that the resource belongs to.
`parentName`	`string` The full resource name of resource's parent.
`parentDisplayName`	`string` The human readable name of resource's parent.
`folders[]`	`object (Folder)` Contains a Folder message for each folder in the assets ancestry. The first folder is the deepest nested folder, and the last folder is the folder directly under the Organization.
`cloudProvider`	`enum (CloudProvider)` Indicates which cloud provider the finding is from.
`organization`	`string` Indicates which organization / tenant the finding is for.
`service`	`string` The service or resource provider associated with the resource.
`location`	`string` The region or location of the service (if applicable).
`resourcePath`	`object (ResourcePath)` Provides the path to the resource within the resource hierarchy.
`resourcePathString`	`string` A string representation of the resource path. For Google Cloud, it has the format of `org/{organization_id}/folder/{folder_id}/folder/{folder_id}/project/{projectId}` where there can be any number of folders. For AWS, it has the format of `org/{organization_id}/ou/{organizational_unit_id}/ou/{organizational_unit_id}/account/{accountId}` where there can be any number of organizational units.
Union field `cloud_provider_metadata`. `cloud_provider_metadata` can be only one of the following:
`awsMetadata`	`object (AwsMetadata)` The AWS metadata associated with the finding.

AwsMetadata

AWS metadata associated with the resource, only applicable if the finding's cloud provider is Amazon Web Services.

JSON representation
{ "organization": { object (`AwsOrganization`) }, "organizationalUnits": [ { object (`AwsOrganizationalUnit`) } ], "account": { object (`AwsAccount`) } }

Fields

organization

object (AwsOrganization)

The AWS organization associated with the resource.

organizationalUnits[]

object (AwsOrganizationalUnit)

A list of AWS organizational units associated with the resource, ordered from lowest level (closest to the account) to highest level.

account

object (AwsAccount)

The AWS account associated with the resource.

AwsOrganization

An organization is a collection of accounts that are centrally managed together using consolidated billing, organized hierarchically with organizational units (OUs), and controlled with policies.

JSON representation
{ "id": string }

Fields
`id`	`string` The unique identifier (ID) for the organization. The regex pattern for an organization ID string requires "o-" followed by from 10 to 32 lowercase letters or digits.

AwsOrganizationalUnit

An Organizational Unit (OU) is a container of AWS accounts within a root of an organization. Policies that are attached to an OU apply to all accounts contained in that OU and in any child OUs.

JSON representation
{ "id": string, "name": string }

Fields

Fields
`id`	`string` The unique identifier (ID) associated with this OU. The regex pattern for an organizational unit ID string requires "ou-" followed by from 4 to 32 lowercase letters or digits (the ID of the root that contains the OU). This string is followed by a second "-" dash and from 8 to 32 additional lowercase letters or digits. For example, "ou-ab12-cd34ef56".
`name`	`string` The friendly name of the OU.

id

string

The unique identifier (ID) associated with this OU. The regex pattern for an organizational unit ID string requires "ou-" followed by from 4 to 32 lowercase letters or digits (the ID of the root that contains the OU). This string is followed by a second "-" dash and from 8 to 32 additional lowercase letters or digits. For example, "ou-ab12-cd34ef56".

name

string

The friendly name of the OU.

AwsAccount

An AWS account that is a member of an organization.

JSON representation
{ "id": string, "name": string }

Fields

Fields
`id`	`string` The unique identifier (ID) of the account, containing exactly 12 digits.
`name`	`string` The friendly name of this account.

id

string

The unique identifier (ID) of the account, containing exactly 12 digits.

name

string

The friendly name of this account.

ResourcePath

Represents the path of resources leading up to the resource this finding is about.

JSON representation
{ "nodes": [ { object (`ResourcePathNode`) } ] }

Fields

Fields
`nodes[]`	`object (ResourcePathNode)` The list of nodes that make the up resource path, ordered from lowest level to highest level.

nodes[]

object (ResourcePathNode)

The list of nodes that make the up resource path, ordered from lowest level to highest level.

ResourcePathNode

A node within the resource path. Each node represents a resource within the resource hierarchy.

JSON representation
{ "nodeType": enum (`ResourcePathNodeType`), "id": string, "displayName": string }

Fields

Fields
`nodeType`	`enum (ResourcePathNodeType)` The type of resource this node represents.
`id`	`string` The ID of the resource this node represents.
`displayName`	`string` The display name of the resource this node represents.

nodeType

enum (ResourcePathNodeType)

The type of resource this node represents.

id

string

The ID of the resource this node represents.

displayName

string

The display name of the resource this node represents.

ResourcePathNodeType

The type of resource the node represents.

Enums
`RESOURCE_PATH_NODE_TYPE_UNSPECIFIED`	Node type is unspecified.
`GCP_ORGANIZATION`	The node represents a Google Cloud organization.
`GCP_FOLDER`	The node represents a Google Cloud folder.
`GCP_PROJECT`	The node represents a Google Cloud project.
`AWS_ORGANIZATION`	The node represents an AWS organization.
`AWS_ORGANIZATIONAL_UNIT`	The node represents an AWS organizational unit.
`AWS_ACCOUNT`	The node represents an AWS account.