Method: organizations.sources.findings.list

Lists an organization or source's findings.

To list across all sources provide a - as the source id. Example: /v1/organizations/{organization_id}/sources/-/findings

HTTP request

GET https://securitycenter.googleapis.com/v1/{parent=organizations/*/sources/*}/findings

The URL uses gRPC Transcoding syntax.

Path parameters

Parameters
parent

string

Required. Name of the source the findings belong to. Its format is "organizations/[organization_id]/sources/[source_id], folders/[folder_id]/sources/[source_id], or projects/[projectId]/sources/[source_id]". To list across all sources provide a source_id of -. For example: organizations/{organization_id}/sources/-, folders/{folder_id}/sources/- or projects/{projects_id}/sources/-

Query parameters

Parameters
filter

string

Expression that defines the filter to apply across findings. The expression is a list of one or more restrictions combined via logical operators AND and OR. Parentheses are supported, and OR has higher precedence than AND.

Restrictions have the form <field> <operator> <value> and may have a - character in front of them to indicate negation. Examples include:

  • name
  • sourceProperties.a_property
  • securityMarks.marks.marka

The supported operators are:

  • = for all value types.
  • >, <, >=, <= for integer values.
  • :, meaning substring matching, for strings.

The supported value types are:

  • string literals in quotes.
  • integer literals without quotes.
  • boolean literals true and false without quotes.

The following field and operator combinations are supported:

  • name: =
  • parent: =, :
  • resourceName: =, :
  • state: =, :
  • category: =, :
  • externalUri: =, :
  • eventTime: =, >, <, >=, <=

Usage: This should be milliseconds since epoch or an RFC3339 string. Examples: eventTime = "2019-06-10T16:07:18-07:00" eventTime = 1560208038000

  • severity: =, :
  • workflowState: =, :
  • securityMarks.marks: =, :
  • sourceProperties: =, :, >, <, >=, <=

For example, sourceProperties.size = 100 is a valid filter string.

Use a partial match on the empty string to filter based on a property existing: sourceProperties.my_property : ""

Use a negated partial match on the empty string to filter based on a property not existing: -sourceProperties.my_property : ""

  • resource:
  • resource.name: =, :
  • resource.parent_name: =, :
  • resource.parent_display_name: =, :
  • resource.project_name: =, :
  • resource.project_display_name: =, :
  • resource.type: =, :
  • resource.folders.resource_folder: =, :
  • resource.display_name: =, :
orderBy

string

Expression that defines what fields and order to use for sorting. The string value should follow SQL syntax: comma separated list of fields. For example: "name,resourceProperties.a_property". The default sorting order is ascending. To specify descending order for a field, a suffix " desc" should be appended to the field name. For example: "name desc,sourceProperties.a_property". Redundant space characters in the syntax are insignificant. "name desc,sourceProperties.a_property" and " name desc , sourceProperties.a_property " are equivalent.

The fo