- JSON representation
- ListFindingsResult
- StateChange
- Resource
- AwsMetadata
- AwsOrganization
- AwsOrganizationalUnit
- AwsAccount
- ResourcePath
- ResourcePathNode
- ResourcePathNodeType
Response message for listing findings.
| JSON representation |
|---|
{
"listFindingsResults": [
{
object ( |
| Fields | |
|---|---|
listFindingsResults[] |
Findings matching the list request. |
readTime |
Time used for executing the list request. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
nextPageToken |
Token to retrieve the next page of results, or empty if there are no more results. |
totalSize |
The total number of findings matching the query. |
ListFindingsResult
Result containing the Finding and its StateChange.
| JSON representation |
|---|
{ "finding": { object ( |
| Fields | |
|---|---|
finding |
Finding matching the search request. |
stateChange |
State change of the finding between the points in time. |
resource |
Output only. Resource that is associated with this finding. |
StateChange
The change in state of the finding.
When querying across two points in time this describes the change in the finding between the two points: CHANGED, UNCHANGED, ADDED, or REMOVED. Findings can not be deleted, so REMOVED implies that the finding at timestamp does not match the filter specified, but it did at timestamp - compareDuration. If there was no compareDuration supplied in the request the state change will be: UNUSED
| Enums | |
|---|---|
UNUSED |
State change is unused, this is the canonical default for this enum. |
CHANGED |
The finding has changed state in some way between the points in time and existed at both points. |
UNCHANGED |
The finding has not changed state between the points in time and existed at both points. |
ADDED |
The finding was created between the points in time. |
REMOVED |
The finding at timestamp does not match the filter specified, but it did at timestamp - compareDuration. |
Resource
Information related to the Google Cloud resource that is associated with this finding.
| JSON representation |
|---|
{ "name": string, "displayName": string, "type": string, "projectName": string, "projectDisplayName": string, "parentName": string, "parentDisplayName": string, "folders": [ { object ( |
| Fields | |
|---|---|
name |
The full resource name of the resource. See: https://cloud.google.com/apis/design/resource_names#full_resource_name |
displayName |
The human readable name of the resource. |
type |
The full resource type of the resource. |
projectName |
The full resource name of project that the resource belongs to. |
projectDisplayName |
The project ID that the resource belongs to. |
parentName |
The full resource name of resource's parent. |
parentDisplayName |
The human readable name of resource's parent. |
folders[] |
Contains a Folder message for each folder in the assets ancestry. The first folder is the deepest nested folder, and the last folder is the folder directly under the Organization. |
cloudProvider |
Indicates which cloud provider the finding is from. |
organization |
Indicates which organization / tenant the finding is for. |
service |
The service or resource provider associated with the resource. |
location |
The region or location of the service (if applicable). |
resourcePath |
Provides the path to the resource within the resource hierarchy. |
resourcePathString |
A string representation of the resource path. For Google Cloud, it has the format of org/{organization_id}/folder/{folder_id}/folder/{folder_id}/project/{projectId} where there can be any number of folders. For AWS, it has the format of org/{organization_id}/ou/{organizational_unit_id}/ou/{organizational_unit_id}/account/{accountId} where there can be any number of organizational units. For Azure, it has the format of mg/{management_group_id}/mg/{management_group_id}/subscription/{subscription_id}/rg/{resource_group_name} where there can be any number of management groups. |
Union field
|
|
awsMetadata |
The AWS metadata associated with the finding. |
AwsMetadata
AWS metadata associated with the resource, only applicable if the finding's cloud provider is Amazon Web Services.
| JSON representation |
|---|
{ "organization": { object ( |
| Fields | |
|---|---|
organization |
The AWS organization associated with the resource. |
organizationalUnits[] |
A list of AWS organizational units associated with the resource, ordered from lowest level (closest to the account) to highest level. |
account |
The AWS account associated with the resource. |
AwsOrganization
An organization is a collection of accounts that are centrally managed together using consolidated billing, organized hierarchically with organizational units (OUs), and controlled with policies.
| JSON representation |
|---|
{ "id": string } |
| Fields | |
|---|---|
id |
The unique identifier (ID) for the organization. The regex pattern for an organization ID string requires "o-" followed by from 10 to 32 lowercase letters or digits. |
AwsOrganizationalUnit
An Organizational Unit (OU) is a container of AWS accounts within a root of an organization. Policies that are attached to an OU apply to all accounts contained in that OU and in any child OUs.
| JSON representation |
|---|
{ "id": string, "name": string } |
| Fields | |
|---|---|
id |
The unique identifier (ID) associated with this OU. The regex pattern for an organizational unit ID string requires "ou-" followed by from 4 to 32 lowercase letters or digits (the ID of the root that contains the OU). This string is followed by a second "-" dash and from 8 to 32 additional lowercase letters or digits. For example, "ou-ab12-cd34ef56". |
name |
The friendly name of the OU. |
AwsAccount
An AWS account that is a member of an organization.
| JSON representation |
|---|
{ "id": string, "name": string } |
| Fields | |
|---|---|
id |
The unique identifier (ID) of the account, containing exactly 12 digits. |
name |
The friendly name of this account. |
ResourcePath
Represents the path of resources leading up to the resource this finding is about.
| JSON representation |
|---|
{
"nodes": [
{
object ( |
| Fields | |
|---|---|
nodes[] |
The list of nodes that make the up resource path, ordered from lowest level to highest level. |
ResourcePathNode
A node within the resource path. Each node represents a resource within the resource hierarchy.
| JSON representation |
|---|
{
"nodeType": enum ( |
| Fields | |
|---|---|
nodeType |
The type of resource this node represents. |
id |
The ID of the resource this node represents. |
displayName |
The display name of the resource this node represents. |
ResourcePathNodeType
The type of resource the node represents.
| Enums | |
|---|---|
RESOURCE_PATH_NODE_TYPE_UNSPECIFIED |
Node type is unspecified. |
GCP_ORGANIZATION |
The node represents a Google Cloud organization. |
GCP_FOLDER |
The node represents a Google Cloud folder. |
GCP_PROJECT |
The node represents a Google Cloud project. |
AWS_ORGANIZATION |
The node represents an AWS organization. |
AWS_ORGANIZATIONAL_UNIT |
The node represents an AWS organizational unit. |
AWS_ACCOUNT |
The node represents an AWS account. |
AZURE_MANAGEMENT_GROUP |
The node represents an Azure management group. |
AZURE_SUBSCRIPTION |
The node represents an Azure subscription. |
AZURE_RESOURCE_GROUP |
The node represents an Azure resource group. |