CustomConfig

JSON representation
Expr
- JSON representation
CustomOutputSpec
- JSON representation
Property
- JSON representation
ResourceSelector
- JSON representation
Severity

Defines the properties in a custom module configuration for Security Health Analytics. Use the custom module configuration to create custom detectors that generate custom findings for resources that you specify.

JSON representation

JSON representation
{ "predicate": { object (`Expr`) }, "customOutput": { object (`CustomOutputSpec`) }, "resourceSelector": { object (`ResourceSelector`) }, "severity": enum (`Severity`), "description": string, "recommendation": string }

{
  "predicate": {
    object (Expr)
  },
  "customOutput": {
    object (CustomOutputSpec)
  },
  "resourceSelector": {
    object (ResourceSelector)
  },
  "severity": enum (Severity),
  "description": string,
  "recommendation": string
}

Fields
`predicate`	`object (Expr)` Optional. The CEL expression to evaluate to produce findings. When the expression evaluates to true against a resource, a finding is generated.
`customOutput`	`object (CustomOutputSpec)` Optional. Custom output properties.
`resourceSelector`	`object (ResourceSelector)` Optional. The Cloud Asset Inventory resource types that the custom module operates on. For information about resource types, see Supported asset types. Each custom module can specify up to 5 resource types.
`severity`	`enum (Severity)` Optional. The severity to assign to findings generated by the module.
`description`	`string` Optional. Text that describes the vulnerability or misconfiguration that the custom module detects. This explanation is returned with each finding instance to help investigators understand the detected issue. The text must be enclosed in quotation marks.
`recommendation`	`string` Optional. An explanation of the recommended steps that security teams can take to resolve the detected issue. This explanation is returned with each finding generated by this module in the `nextSteps` property of the finding JSON.

Expr

Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec.

Example (Comparison):

title: "Summary size limit"
description: "Determines if a summary is less than 100 chars"
expression: "document.summary.size() < 100"

Example (Equality):

title: "Requestor is owner"
description: "Determines if requestor is the document owner"
expression: "document.owner == request.auth.claims.email"

Example (Logic):

title: "Public documents"
description: "Determine whether the document should be publicly visible"
expression: "document.type != 'private' && document.type != 'internal'"

Example (Data Manipulation):

title: "Notification string"
description: "Create a notification string with a timestamp."
expression: "'New message received at ' + string(document.create_time)"

The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information.

JSON representation
{ "expression": string, "title": string, "description": string, "location": string }

Fields
`expression`	`string` Textual representation of an expression in Common Expression Language syntax.
`title`	`string` Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
`description`	`string` Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
`location`	`string` Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.

CustomOutputSpec

A set of optional name-value pairs that define custom source properties to return with each finding that is generated by the custom module. The custom source properties that are defined here are included in the finding JSON under sourceProperties.

JSON representation
{ "properties": [ { object (`Property`) } ] }

Fields

Fields
`properties[]`	`object (Property)` Optional. A list of custom output properties to add to the finding.

properties[]

object (Property)

Optional. A list of custom output properties to add to the finding.

Property

An individual name-value pair that defines a custom source property.

JSON representation
{ "name": string, "valueExpression": { object (`Expr`) } }

Fields

Fields
`name`	`string` Optional. Name of the property for the custom output.
`valueExpression`	`object (Expr)` Optional. The CEL expression for the custom output. A resource property can be specified to return the value of the property or a text string enclosed in quotation marks.

name

string

Optional. Name of the property for the custom output.

valueExpression

object (Expr)

Optional. The CEL expression for the custom output. A resource property can be specified to return the value of the property or a text string enclosed in quotation marks.

ResourceSelector

Resource for selecting resource type.

JSON representation
{ "resourceTypes": [ string ] }

Fields

Fields
`resourceTypes[]`	`string` Optional. The resource types to run the detector on.

resourceTypes[]

string

Optional. The resource types to run the detector on.

Severity

Defines the valid value options for the severity of a finding.

Enums
`SEVERITY_UNSPECIFIED`	Unspecified severity.
`CRITICAL`	Critical severity.
`HIGH`	High severity.
`MEDIUM`	Medium severity.
`LOW`	Low severity.