securitycenter_service.proto 52 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196119711981199120012011202120312041205120612071208120912101211121212131214121512161217121812191220122112221223122412251226122712281229123012311232123312341235123612371238123912401241124212431244124512461247124812491250125112521253125412551256125712581259126012611262126312641265126612671268126912701271127212731274127512761277127812791280128112821283128412851286128712881289129012911292129312941295129612971298129913001301130213031304130513061307130813091310131113121313131413151316131713181319132013211322132313241325132613271328132913301331133213331334133513361337133813391340134113421343134413451346134713481349135013511352135313541355135613571358135913601361136213631364136513661367
  1. // Copyright 2021 Google LLC
  2. //
  3. // Licensed under the Apache License, Version 2.0 (the "License");
  4. // you may not use this file except in compliance with the License.
  5. // You may obtain a copy of the License at
  6. //
  7. // http://www.apache.org/licenses/LICENSE-2.0
  8. //
  9. // Unless required by applicable law or agreed to in writing, software
  10. // distributed under the License is distributed on an "AS IS" BASIS,
  11. // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  12. // See the License for the specific language governing permissions and
  13. // limitations under the License.
  14. syntax = "proto3";
  15. package google.cloud.securitycenter.v1;
  16. import public "google/cloud/securitycenter/v1/run_asset_discovery_response.proto";
  17. import "google/api/annotations.proto";
  18. import "google/api/client.proto";
  19. import "google/api/field_behavior.proto";
  20. import "google/api/resource.proto";
  21. import "google/cloud/securitycenter/v1/asset.proto";
  22. import "google/cloud/securitycenter/v1/finding.proto";
  23. import "google/cloud/securitycenter/v1/folder.proto";
  24. import "google/cloud/securitycenter/v1/notification_config.proto";
  25. import "google/cloud/securitycenter/v1/organization_settings.proto";
  26. import "google/cloud/securitycenter/v1/security_marks.proto";
  27. import "google/cloud/securitycenter/v1/source.proto";
  28. import "google/iam/v1/iam_policy.proto";
  29. import "google/iam/v1/policy.proto";
  30. import "google/longrunning/operations.proto";
  31. import "google/protobuf/duration.proto";
  32. import "google/protobuf/empty.proto";
  33. import "google/protobuf/field_mask.proto";
  34. import "google/protobuf/struct.proto";
  35. import "google/protobuf/timestamp.proto";
  36. option csharp_namespace = "Google.Cloud.SecurityCenter.V1";
  37. option go_package = "google.golang.org/genproto/googleapis/cloud/securitycenter/v1;securitycenter";
  38. option java_multiple_files = true;
  39. option java_package = "com.google.cloud.securitycenter.v1";
  40. option php_namespace = "Google\\Cloud\\SecurityCenter\\V1";
  41. option ruby_package = "Google::Cloud::SecurityCenter::V1";
  42. // V1 APIs for Security Center service.
  43. service SecurityCenter {
  44. option (google.api.default_host) = "securitycenter.googleapis.com";
  45. option (google.api.oauth_scopes) = "https://www.googleapis.com/auth/cloud-platform";
  46. // Creates a source.
  47. rpc CreateSource(CreateSourceRequest) returns (Source) {
  48. option (google.api.http) = {
  49. post: "/v1/{parent=organizations/*}/sources"
  50. body: "source"
  51. };
  52. option (google.api.method_signature) = "parent,source";
  53. }
  54. // Creates a finding. The corresponding source must exist for finding creation
  55. // to succeed.
  56. rpc CreateFinding(CreateFindingRequest) returns (Finding) {
  57. option (google.api.http) = {
  58. post: "/v1/{parent=organizations/*/sources/*}/findings"
  59. body: "finding"
  60. };
  61. option (google.api.method_signature) = "parent,finding_id,finding";
  62. }
  63. // Creates a notification config.
  64. rpc CreateNotificationConfig(CreateNotificationConfigRequest) returns (NotificationConfig) {
  65. option (google.api.http) = {
  66. post: "/v1/{parent=organizations/*}/notificationConfigs"
  67. body: "notification_config"
  68. };
  69. option (google.api.method_signature) = "parent,config_id,notification_config";
  70. option (google.api.method_signature) = "parent,notification_config";
  71. }
  72. // Deletes a notification config.
  73. rpc DeleteNotificationConfig(DeleteNotificationConfigRequest) returns (google.protobuf.Empty) {
  74. option (google.api.http) = {
  75. delete: "/v1/{name=organizations/*/notificationConfigs/*}"
  76. };
  77. option (google.api.method_signature) = "name";
  78. }
  79. // Gets the access control policy on the specified Source.
  80. rpc GetIamPolicy(google.iam.v1.GetIamPolicyRequest) returns (google.iam.v1.Policy) {
  81. option (google.api.http) = {
  82. post: "/v1/{resource=organizations/*/sources/*}:getIamPolicy"
  83. body: "*"
  84. };
  85. option (google.api.method_signature) = "resource";
  86. }
  87. // Gets a notification config.
  88. rpc GetNotificationConfig(GetNotificationConfigRequest) returns (NotificationConfig) {
  89. option (google.api.http) = {
  90. get: "/v1/{name=organizations/*/notificationConfigs/*}"
  91. };
  92. option (google.api.method_signature) = "name";
  93. }
  94. // Gets the settings for an organization.
  95. rpc GetOrganizationSettings(GetOrganizationSettingsRequest) returns (OrganizationSettings) {
  96. option (google.api.http) = {
  97. get: "/v1/{name=organizations/*/organizationSettings}"
  98. };
  99. option (google.api.method_signature) = "name";
  100. }
  101. // Gets a source.
  102. rpc GetSource(GetSourceRequest) returns (Source) {
  103. option (google.api.http) = {
  104. get: "/v1/{name=organizations/*/sources/*}"
  105. };
  106. option (google.api.method_signature) = "name";
  107. }
  108. // Filters an organization's assets and groups them by their specified
  109. // properties.
  110. rpc GroupAssets(GroupAssetsRequest) returns (GroupAssetsResponse) {
  111. option (google.api.http) = {
  112. post: "/v1/{parent=organizations/*}/assets:group"
  113. body: "*"
  114. additional_bindings {
  115. post: "/v1/{parent=folders/*}/assets:group"
  116. body: "*"
  117. }
  118. additional_bindings {
  119. post: "/v1/{parent=projects/*}/assets:group"
  120. body: "*"
  121. }
  122. };
  123. }
  124. // Filters an organization or source's findings and groups them by their
  125. // specified properties.
  126. //
  127. // To group across all sources provide a `-` as the source id.
  128. // Example: /v1/organizations/{organization_id}/sources/-/findings,
  129. // /v1/folders/{folder_id}/sources/-/findings,
  130. // /v1/projects/{project_id}/sources/-/findings
  131. rpc GroupFindings(GroupFindingsRequest) returns (GroupFindingsResponse) {
  132. option (google.api.http) = {
  133. post: "/v1/{parent=organizations/*/sources/*}/findings:group"
  134. body: "*"
  135. additional_bindings {
  136. post: "/v1/{parent=folders/*/sources/*}/findings:group"
  137. body: "*"
  138. }
  139. additional_bindings {
  140. post: "/v1/{parent=projects/*/sources/*}/findings:group"
  141. body: "*"
  142. }
  143. };
  144. option (google.api.method_signature) = "parent,group_by";
  145. }
  146. // Lists an organization's assets.
  147. rpc ListAssets(ListAssetsRequest) returns (ListAssetsResponse) {
  148. option (google.api.http) = {
  149. get: "/v1/{parent=organizations/*}/assets"
  150. additional_bindings {
  151. get: "/v1/{parent=folders/*}/assets"
  152. }
  153. additional_bindings {
  154. get: "/v1/{parent=projects/*}/assets"
  155. }
  156. };
  157. }
  158. // Lists an organization or source's findings.
  159. //
  160. // To list across all sources provide a `-` as the source id.
  161. // Example: /v1/organizations/{organization_id}/sources/-/findings
  162. rpc ListFindings(ListFindingsRequest) returns (ListFindingsResponse) {
  163. option (google.api.http) = {
  164. get: "/v1/{parent=organizations/*/sources/*}/findings"
  165. additional_bindings {
  166. get: "/v1/{parent=folders/*/sources/*}/findings"
  167. }
  168. additional_bindings {
  169. get: "/v1/{parent=projects/*/sources/*}/findings"
  170. }
  171. };
  172. }
  173. // Lists notification configs.
  174. rpc ListNotificationConfigs(ListNotificationConfigsRequest) returns (ListNotificationConfigsResponse) {
  175. option (google.api.http) = {
  176. get: "/v1/{parent=organizations/*}/notificationConfigs"
  177. };
  178. option (google.api.method_signature) = "parent";
  179. }
  180. // Lists all sources belonging to an organization.
  181. rpc ListSources(ListSourcesRequest) returns (ListSourcesResponse) {
  182. option (google.api.http) = {
  183. get: "/v1/{parent=organizations/*}/sources"
  184. additional_bindings {
  185. get: "/v1/{parent=folders/*}/sources"
  186. }
  187. additional_bindings {
  188. get: "/v1/{parent=projects/*}/sources"
  189. }
  190. };
  191. option (google.api.method_signature) = "parent";
  192. }
  193. // Runs asset discovery. The discovery is tracked with a long-running
  194. // operation.
  195. //
  196. // This API can only be called with limited frequency for an organization. If
  197. // it is called too frequently the caller will receive a TOO_MANY_REQUESTS
  198. // error.
  199. rpc RunAssetDiscovery(RunAssetDiscoveryRequest) returns (google.longrunning.Operation) {
  200. option (google.api.http) = {
  201. post: "/v1/{parent=organizations/*}/assets:runDiscovery"
  202. body: "*"
  203. };
  204. option (google.api.method_signature) = "parent";
  205. option (google.longrunning.operation_info) = {
  206. response_type: "google.cloud.securitycenter.v1.RunAssetDiscoveryResponse"
  207. metadata_type: "google.protobuf.Empty"
  208. };
  209. }
  210. // Updates the state of a finding.
  211. rpc SetFindingState(SetFindingStateRequest) returns (Finding) {
  212. option (google.api.http) = {
  213. post: "/v1/{name=organizations/*/sources/*/findings/*}:setState"
  214. body: "*"
  215. additional_bindings {
  216. post: "/v1/{name=folders/*/sources/*/findings/*}:setState"
  217. body: "*"
  218. }
  219. additional_bindings {
  220. post: "/v1/{name=projects/*/sources/*/findings/*}:setState"
  221. body: "*"
  222. }
  223. };
  224. option (google.api.method_signature) = "name,state,start_time";
  225. }
  226. // Sets the access control policy on the specified Source.
  227. rpc SetIamPolicy(google.iam.v1.SetIamPolicyRequest) returns (google.iam.v1.Policy) {
  228. option (google.api.http) = {
  229. post: "/v1/{resource=organizations/*/sources/*}:setIamPolicy"
  230. body: "*"
  231. };
  232. option (google.api.method_signature) = "resource,policy";
  233. }
  234. // Returns the permissions that a caller has on the specified source.
  235. rpc TestIamPermissions(google.iam.v1.TestIamPermissionsRequest) returns (google.iam.v1.TestIamPermissionsResponse) {
  236. option (google.api.http) = {
  237. post: "/v1/{resource=organizations/*/sources/*}:testIamPermissions"
  238. body: "*"
  239. };
  240. option (google.api.method_signature) = "resource,permissions";
  241. }
  242. // Creates or updates a finding. The corresponding source must exist for a
  243. // finding creation to succeed.
  244. rpc UpdateFinding(UpdateFindingRequest) returns (Finding) {
  245. option (google.api.http) = {
  246. patch: "/v1/{finding.name=organizations/*/sources/*/findings/*}"
  247. body: "finding"
  248. additional_bindings {
  249. patch: "/v1/{finding.name=folders/*/sources/*/findings/*}"
  250. body: "finding"
  251. }
  252. additional_bindings {
  253. patch: "/v1/{finding.name=projects/*/sources/*/findings/*}"
  254. body: "finding"
  255. }
  256. };
  257. option (google.api.method_signature) = "finding";
  258. }
  259. //
  260. // Updates a notification config. The following update
  261. // fields are allowed: description, pubsub_topic, streaming_config.filter
  262. rpc UpdateNotificationConfig(UpdateNotificationConfigRequest) returns (NotificationConfig) {
  263. option (google.api.http) = {
  264. patch: "/v1/{notification_config.name=organizations/*/notificationConfigs/*}"
  265. body: "notification_config"
  266. };
  267. option (google.api.method_signature) = "notification_config";
  268. option (google.api.method_signature) = "notification_config,update_mask";
  269. }
  270. // Updates an organization's settings.
  271. rpc UpdateOrganizationSettings(UpdateOrganizationSettingsRequest) returns (OrganizationSettings) {
  272. option (google.api.http) = {
  273. patch: "/v1/{organization_settings.name=organizations/*/organizationSettings}"
  274. body: "organization_settings"
  275. };
  276. option (google.api.method_signature) = "organization_settings";
  277. }
  278. // Updates a source.
  279. rpc UpdateSource(UpdateSourceRequest) returns (Source) {
  280. option (google.api.http) = {
  281. patch: "/v1/{source.name=organizations/*/sources/*}"
  282. body: "source"
  283. };
  284. option (google.api.method_signature) = "source";
  285. }
  286. // Updates security marks.
  287. rpc UpdateSecurityMarks(UpdateSecurityMarksRequest) returns (SecurityMarks) {
  288. option (google.api.http) = {
  289. patch: "/v1/{security_marks.name=organizations/*/assets/*/securityMarks}"
  290. body: "security_marks"
  291. additional_bindings {
  292. patch: "/v1/{security_marks.name=folders/*/assets/*/securityMarks}"
  293. body: "security_marks"
  294. }
  295. additional_bindings {
  296. patch: "/v1/{security_marks.name=projects/*/assets/*/securityMarks}"
  297. body: "security_marks"
  298. }
  299. additional_bindings {
  300. patch: "/v1/{security_marks.name=organizations/*/sources/*/findings/*/securityMarks}"
  301. body: "security_marks"
  302. }
  303. additional_bindings {
  304. patch: "/v1/{security_marks.name=folders/*/sources/*/findings/*/securityMarks}"
  305. body: "security_marks"
  306. }
  307. additional_bindings {
  308. patch: "/v1/{security_marks.name=projects/*/sources/*/findings/*/securityMarks}"
  309. body: "security_marks"
  310. }
  311. };
  312. option (google.api.method_signature) = "security_marks";
  313. }
  314. }
  315. // Request message for creating a finding.
  316. message CreateFindingRequest {
  317. // Required. Resource name of the new finding's parent. Its format should be
  318. // "organizations/[organization_id]/sources/[source_id]".
  319. string parent = 1 [
  320. (google.api.field_behavior) = REQUIRED,
  321. (google.api.resource_reference) = {
  322. type: "securitycenter.googleapis.com/Source"
  323. }
  324. ];
  325. // Required. Unique identifier provided by the client within the parent scope.
  326. // It must be alphanumeric and less than or equal to 32 characters and
  327. // greater than 0 characters in length.
  328. string finding_id = 2 [(google.api.field_behavior) = REQUIRED];
  329. // Required. The Finding being created. The name and security_marks will be ignored as
  330. // they are both output only fields on this resource.
  331. Finding finding = 3 [(google.api.field_behavior) = REQUIRED];
  332. }
  333. // Request message for creating a notification config.
  334. message CreateNotificationConfigRequest {
  335. // Required. Resource name of the new notification config's parent. Its format is
  336. // "organizations/[organization_id]".
  337. string parent = 1 [
  338. (google.api.field_behavior) = REQUIRED,
  339. (google.api.resource_reference) = {
  340. type: "cloudresourcemanager.googleapis.com/Organization"
  341. }
  342. ];
  343. // Required.
  344. // Unique identifier provided by the client within the parent scope.
  345. // It must be between 1 and 128 characters, and contains alphanumeric
  346. // characters, underscores or hyphens only.
  347. string config_id = 2 [(google.api.field_behavior) = REQUIRED];
  348. // Required. The notification config being created. The name and the service account
  349. // will be ignored as they are both output only fields on this resource.
  350. NotificationConfig notification_config = 3 [(google.api.field_behavior) = REQUIRED];
  351. }
  352. // Request message for creating a source.
  353. message CreateSourceRequest {
  354. // Required. Resource name of the new source's parent. Its format should be
  355. // "organizations/[organization_id]".
  356. string parent = 1 [
  357. (google.api.field_behavior) = REQUIRED,
  358. (google.api.resource_reference) = {
  359. type: "cloudresourcemanager.googleapis.com/Organization"
  360. }
  361. ];
  362. // Required. The Source being created, only the display_name and description will be
  363. // used. All other fields will be ignored.
  364. Source source = 2 [(google.api.field_behavior) = REQUIRED];
  365. }
  366. // Request message for deleting a notification config.
  367. message DeleteNotificationConfigRequest {
  368. // Required. Name of the notification config to delete. Its format is
  369. // "organizations/[organization_id]/notificationConfigs/[config_id]".
  370. string name = 1 [
  371. (google.api.field_behavior) = REQUIRED,
  372. (google.api.resource_reference) = {
  373. type: "securitycenter.googleapis.com/NotificationConfig"
  374. }
  375. ];
  376. }
  377. // Request message for getting a notification config.
  378. message GetNotificationConfigRequest {
  379. // Required. Name of the notification config to get. Its format is
  380. // "organizations/[organization_id]/notificationConfigs/[config_id]".
  381. string name = 1 [
  382. (google.api.field_behavior) = REQUIRED,
  383. (google.api.resource_reference) = {
  384. type: "securitycenter.googleapis.com/NotificationConfig"
  385. }
  386. ];
  387. }
  388. // Request message for getting organization settings.
  389. message GetOrganizationSettingsRequest {
  390. // Required. Name of the organization to get organization settings for. Its format is
  391. // "organizations/[organization_id]/organizationSettings".
  392. string name = 1 [
  393. (google.api.field_behavior) = REQUIRED,
  394. (google.api.resource_reference) = {
  395. type: "securitycenter.googleapis.com/OrganizationSettings"
  396. }
  397. ];
  398. }
  399. // Request message for getting a source.
  400. message GetSourceRequest {
  401. // Required. Relative resource name of the source. Its format is
  402. // "organizations/[organization_id]/source/[source_id]".
  403. string name = 1 [
  404. (google.api.field_behavior) = REQUIRED,
  405. (google.api.resource_reference) = {
  406. type: "securitycenter.googleapis.com/Source"
  407. }
  408. ];
  409. }
  410. // Request message for grouping by assets.
  411. message GroupAssetsRequest {
  412. // Required. Name of the organization to groupBy. Its format is
  413. // "organizations/[organization_id], folders/[folder_id], or
  414. // projects/[project_id]".
  415. string parent = 1 [
  416. (google.api.field_behavior) = REQUIRED,
  417. (google.api.resource_reference) = {
  418. child_type: "securitycenter.googleapis.com/Asset"
  419. }
  420. ];
  421. // Expression that defines the filter to apply across assets.
  422. // The expression is a list of zero or more restrictions combined via logical
  423. // operators `AND` and `OR`.
  424. // Parentheses are supported, and `OR` has higher precedence than `AND`.
  425. //
  426. // Restrictions have the form `<field> <operator> <value>` and may have a `-`
  427. // character in front of them to indicate negation. The fields map to those
  428. // defined in the Asset resource. Examples include:
  429. //
  430. // * name
  431. // * security_center_properties.resource_name
  432. // * resource_properties.a_property
  433. // * security_marks.marks.marka
  434. //
  435. // The supported operators are:
  436. //
  437. // * `=` for all value types.
  438. // * `>`, `<`, `>=`, `<=` for integer values.
  439. // * `:`, meaning substring matching, for strings.
  440. //
  441. // The supported value types are:
  442. //
  443. // * string literals in quotes.
  444. // * integer literals without quotes.
  445. // * boolean literals `true` and `false` without quotes.
  446. //
  447. // The following field and operator combinations are supported:
  448. //
  449. // * name: `=`
  450. // * update_time: `=`, `>`, `<`, `>=`, `<=`
  451. //
  452. // Usage: This should be milliseconds since epoch or an RFC3339 string.
  453. // Examples:
  454. // `update_time = "2019-06-10T16:07:18-07:00"`
  455. // `update_time = 1560208038000`
  456. //
  457. // * create_time: `=`, `>`, `<`, `>=`, `<=`
  458. //
  459. // Usage: This should be milliseconds since epoch or an RFC3339 string.
  460. // Examples:
  461. // `create_time = "2019-06-10T16:07:18-07:00"`
  462. // `create_time = 1560208038000`
  463. //
  464. // * iam_policy.policy_blob: `=`, `:`
  465. // * resource_properties: `=`, `:`, `>`, `<`, `>=`, `<=`
  466. // * security_marks.marks: `=`, `:`
  467. // * security_center_properties.resource_name: `=`, `:`
  468. // * security_center_properties.resource_display_name: `=`, `:`
  469. // * security_center_properties.resource_type: `=`, `:`
  470. // * security_center_properties.resource_parent: `=`, `:`
  471. // * security_center_properties.resource_parent_display_name: `=`, `:`
  472. // * security_center_properties.resource_project: `=`, `:`
  473. // * security_center_properties.resource_project_display_name: `=`, `:`
  474. // * security_center_properties.resource_owners: `=`, `:`
  475. //
  476. // For example, `resource_properties.size = 100` is a valid filter string.
  477. //
  478. // Use a partial match on the empty string to filter based on a property
  479. // existing: `resource_properties.my_property : ""`
  480. //
  481. // Use a negated partial match on the empty string to filter based on a
  482. // property not existing: `-resource_properties.my_property : ""`
  483. string filter = 2;
  484. // Required. Expression that defines what assets fields to use for grouping. The string
  485. // value should follow SQL syntax: comma separated list of fields. For
  486. // example:
  487. // "security_center_properties.resource_project,security_center_properties.project".
  488. //
  489. // The following fields are supported when compare_duration is not set:
  490. //
  491. // * security_center_properties.resource_project
  492. // * security_center_properties.resource_project_display_name
  493. // * security_center_properties.resource_type
  494. // * security_center_properties.resource_parent
  495. // * security_center_properties.resource_parent_display_name
  496. //
  497. // The following fields are supported when compare_duration is set:
  498. //
  499. // * security_center_properties.resource_type
  500. // * security_center_properties.resource_project_display_name
  501. // * security_center_properties.resource_parent_display_name
  502. string group_by = 3 [(google.api.field_behavior) = REQUIRED];
  503. // When compare_duration is set, the GroupResult's "state_change" property is
  504. // updated to indicate whether the asset was added, removed, or remained
  505. // present during the compare_duration period of time that precedes the
  506. // read_time. This is the time between (read_time - compare_duration) and
  507. // read_time.
  508. //
  509. // The state change value is derived based on the presence of the asset at the
  510. // two points in time. Intermediate state changes between the two times don't
  511. // affect the result. For example, the results aren't affected if the asset is
  512. // removed and re-created again.
  513. //
  514. // Possible "state_change" values when compare_duration is specified:
  515. //
  516. // * "ADDED": indicates that the asset was not present at the start of
  517. // compare_duration, but present at reference_time.
  518. // * "REMOVED": indicates that the asset was present at the start of
  519. // compare_duration, but not present at reference_time.
  520. // * "ACTIVE": indicates that the asset was present at both the
  521. // start and the end of the time period defined by
  522. // compare_duration and reference_time.
  523. //
  524. // If compare_duration is not specified, then the only possible state_change
  525. // is "UNUSED", which will be the state_change set for all assets present at
  526. // read_time.
  527. //
  528. // If this field is set then `state_change` must be a specified field in
  529. // `group_by`.
  530. google.protobuf.Duration compare_duration = 4;
  531. // Time used as a reference point when filtering assets. The filter is limited
  532. // to assets existing at the supplied time and their values are those at that
  533. // specific time. Absence of this field will default to the API's version of
  534. // NOW.
  535. google.protobuf.Timestamp read_time = 5;
  536. // The value returned by the last `GroupAssetsResponse`; indicates
  537. // that this is a continuation of a prior `GroupAssets` call, and that the
  538. // system should return the next page of data.
  539. string page_token = 7;
  540. // The maximum number of results to return in a single response. Default is
  541. // 10, minimum is 1, maximum is 1000.
  542. int32 page_size = 8;
  543. }
  544. // Response message for grouping by assets.
  545. message GroupAssetsResponse {
  546. // Group results. There exists an element for each existing unique
  547. // combination of property/values. The element contains a count for the number
  548. // of times those specific property/values appear.
  549. repeated GroupResult group_by_results = 1;
  550. // Time used for executing the groupBy request.
  551. google.protobuf.Timestamp read_time = 2;
  552. // Token to retrieve the next page of results, or empty if there are no more
  553. // results.
  554. string next_page_token = 3;
  555. // The total number of results matching the query.
  556. int32 total_size = 4;
  557. }
  558. // Request message for grouping by findings.
  559. message GroupFindingsRequest {
  560. // Required. Name of the source to groupBy. Its format is
  561. // "organizations/[organization_id]/sources/[source_id]",
  562. // folders/[folder_id]/sources/[source_id], or
  563. // projects/[project_id]/sources/[source_id]. To groupBy across all sources
  564. // provide a source_id of `-`. For example:
  565. // organizations/{organization_id}/sources/-, folders/{folder_id}/sources/-,
  566. // or projects/{project_id}/sources/-
  567. string parent = 1 [
  568. (google.api.field_behavior) = REQUIRED,
  569. (google.api.resource_reference) = {
  570. type: "securitycenter.googleapis.com/Source"
  571. }
  572. ];
  573. // Expression that defines the filter to apply across findings.
  574. // The expression is a list of one or more restrictions combined via logical
  575. // operators `AND` and `OR`.
  576. // Parentheses are supported, and `OR` has higher precedence than `AND`.
  577. //
  578. // Restrictions have the form `<field> <operator> <value>` and may have a `-`
  579. // character in front of them to indicate negation. Examples include:
  580. //
  581. // * name
  582. // * source_properties.a_property
  583. // * security_marks.marks.marka
  584. //
  585. // The supported operators are:
  586. //
  587. // * `=` for all value types.
  588. // * `>`, `<`, `>=`, `<=` for integer values.
  589. // * `:`, meaning substring matching, for strings.
  590. //
  591. // The supported value types are:
  592. //
  593. // * string literals in quotes.
  594. // * integer literals without quotes.
  595. // * boolean literals `true` and `false` without quotes.
  596. //
  597. // The following field and operator combinations are supported:
  598. //
  599. // * name: `=`
  600. // * parent: `=`, `:`
  601. // * resource_name: `=`, `:`
  602. // * state: `=`, `:`
  603. // * category: `=`, `:`
  604. // * external_uri: `=`, `:`
  605. // * event_time: `=`, `>`, `<`, `>=`, `<=`
  606. //
  607. // Usage: This should be milliseconds since epoch or an RFC3339 string.
  608. // Examples:
  609. // `event_time = "2019-06-10T16:07:18-07:00"`
  610. // `event_time = 1560208038000`
  611. //
  612. // * severity: `=`, `:`
  613. // * workflow_state: `=`, `:`
  614. // * security_marks.marks: `=`, `:`
  615. // * source_properties: `=`, `:`, `>`, `<`, `>=`, `<=`
  616. //
  617. // For example, `source_properties.size = 100` is a valid filter string.
  618. //
  619. // Use a partial match on the empty string to filter based on a property
  620. // existing: `source_properties.my_property : ""`
  621. //
  622. // Use a negated partial match on the empty string to filter based on a
  623. // property not existing: `-source_properties.my_property : ""`
  624. //
  625. // * resource:
  626. // * resource.name: `=`, `:`
  627. // * resource.parent_name: `=`, `:`
  628. // * resource.parent_display_name: `=`, `:`
  629. // * resource.project_name: `=`, `:`
  630. // * resource.project_display_name: `=`, `:`
  631. // * resource.type: `=`, `:`
  632. string filter = 2;
  633. // Required. Expression that defines what assets fields to use for grouping (including
  634. // `state_change`). The string value should follow SQL syntax: comma separated
  635. // list of fields. For example: "parent,resource_name".
  636. //
  637. // The following fields are supported:
  638. //
  639. // * resource_name
  640. // * category
  641. // * state
  642. // * parent
  643. // * severity
  644. //
  645. // The following fields are supported when compare_duration is set:
  646. //
  647. // * state_change
  648. string group_by = 3 [(google.api.field_behavior) = REQUIRED];
  649. // Time used as a reference point when filtering findings. The filter is
  650. // limited to findings existing at the supplied time and their values are
  651. // those at that specific time. Absence of this field will default to the
  652. // API's version of NOW.
  653. google.protobuf.Timestamp read_time = 4;
  654. // When compare_duration is set, the GroupResult's "state_change" attribute is
  655. // updated to indicate whether the finding had its state changed, the
  656. // finding's state remained unchanged, or if the finding was added during the
  657. // compare_duration period of time that precedes the read_time. This is the
  658. // time between (read_time - compare_duration) and read_time.
  659. //
  660. // The state_change value is derived based on the presence and state of the
  661. // finding at the two points in time. Intermediate state changes between the
  662. // two times don't affect the result. For example, the results aren't affected
  663. // if the finding is made inactive and then active again.
  664. //
  665. // Possible "state_change" values when compare_duration is specified:
  666. //
  667. // * "CHANGED": indicates that the finding was present and matched the given
  668. // filter at the start of compare_duration, but changed its
  669. // state at read_time.
  670. // * "UNCHANGED": indicates that the finding was present and matched the given
  671. // filter at the start of compare_duration and did not change
  672. // state at read_time.
  673. // * "ADDED": indicates that the finding did not match the given filter or
  674. // was not present at the start of compare_duration, but was
  675. // present at read_time.
  676. // * "REMOVED": indicates that the finding was present and matched the
  677. // filter at the start of compare_duration, but did not match
  678. // the filter at read_time.
  679. //
  680. // If compare_duration is not specified, then the only possible state_change
  681. // is "UNUSED", which will be the state_change set for all findings present
  682. // at read_time.
  683. //
  684. // If this field is set then `state_change` must be a specified field in
  685. // `group_by`.
  686. google.protobuf.Duration compare_duration = 5;
  687. // The value returned by the last `GroupFindingsResponse`; indicates
  688. // that this is a continuation of a prior `GroupFindings` call, and
  689. // that the system should return the next page of data.
  690. string page_token = 7;
  691. // The maximum number of results to return in a single response. Default is
  692. // 10, minimum is 1, maximum is 1000.
  693. int32 page_size = 8;
  694. }
  695. // Response message for group by findings.
  696. message GroupFindingsResponse {
  697. // Group results. There exists an element for each existing unique
  698. // combination of property/values. The element contains a count for the number
  699. // of times those specific property/values appear.
  700. repeated GroupResult group_by_results = 1;
  701. // Time used for executing the groupBy request.
  702. google.protobuf.Timestamp read_time = 2;
  703. // Token to retrieve the next page of results, or empty if there are no more
  704. // results.
  705. string next_page_token = 3;
  706. // The total number of results matching the query.
  707. int32 total_size = 4;
  708. }
  709. // Result containing the properties and count of a groupBy request.
  710. message GroupResult {
  711. // Properties matching the groupBy fields in the request.
  712. map<string, google.protobuf.Value> properties = 1;
  713. // Total count of resources for the given properties.
  714. int64 count = 2;
  715. }
  716. // Request message for listing notification configs.
  717. message ListNotificationConfigsRequest {
  718. // Required. Name of the organization to list notification configs.
  719. // Its format is "organizations/[organization_id]".
  720. string parent = 1 [
  721. (google.api.field_behavior) = REQUIRED,
  722. (google.api.resource_reference) = {
  723. type: "cloudresourcemanager.googleapis.com/Organization"
  724. }
  725. ];
  726. // The value returned by the last `ListNotificationConfigsResponse`; indicates
  727. // that this is a continuation of a prior `ListNotificationConfigs` call, and
  728. // that the system should return the next page of data.
  729. string page_token = 2;
  730. // The maximum number of results to return in a single response. Default is
  731. // 10, minimum is 1, maximum is 1000.
  732. int32 page_size = 3;
  733. }
  734. // Response message for listing notification configs.
  735. message ListNotificationConfigsResponse {
  736. // Notification configs belonging to the requested parent.
  737. repeated NotificationConfig notification_configs = 1;
  738. // Token to retrieve the next page of results, or empty if there are no more
  739. // results.
  740. string next_page_token = 2;
  741. }
  742. // Request message for listing sources.
  743. message ListSourcesRequest {
  744. // Required. Resource name of the parent of sources to list. Its format should be
  745. // "organizations/[organization_id], folders/[folder_id], or
  746. // projects/[project_id]".
  747. string parent = 1 [
  748. (google.api.field_behavior) = REQUIRED,
  749. (google.api.resource_reference) = {
  750. child_type: "securitycenter.googleapis.com/Source"
  751. }
  752. ];
  753. // The value returned by the last `ListSourcesResponse`; indicates
  754. // that this is a continuation of a prior `ListSources` call, and
  755. // that the system should return the next page of data.
  756. string page_token = 2;
  757. // The maximum number of results to return in a single response. Default is
  758. // 10, minimum is 1, maximum is 1000.
  759. int32 page_size = 7;
  760. }
  761. // Response message for listing sources.
  762. message ListSourcesResponse {
  763. // Sources belonging to the requested parent.
  764. repeated Source sources = 1;
  765. // Token to retrieve the next page of results, or empty if there are no more
  766. // results.
  767. string next_page_token = 2;
  768. }
  769. // Request message for listing assets.
  770. message ListAssetsRequest {
  771. // Required. Name of the organization assets should belong to. Its format is
  772. // "organizations/[organization_id], folders/[folder_id], or
  773. // projects/[project_id]".
  774. string parent = 1 [
  775. (google.api.field_behavior) = REQUIRED,
  776. (google.api.resource_reference) = {
  777. child_type: "securitycenter.googleapis.com/Asset"
  778. }
  779. ];
  780. // Expression that defines the filter to apply across assets.
  781. // The expression is a list of zero or more restrictions combined via logical
  782. // operators `AND` and `OR`.
  783. // Parentheses are supported, and `OR` has higher precedence than `AND`.
  784. //
  785. // Restrictions have the form `<field> <operator> <value>` and may have a `-`
  786. // character in front of them to indicate negation. The fields map to those
  787. // defined in the Asset resource. Examples include:
  788. //
  789. // * name
  790. // * security_center_properties.resource_name
  791. // * resource_properties.a_property
  792. // * security_marks.marks.marka
  793. //
  794. // The supported operators are:
  795. //
  796. // * `=` for all value types.
  797. // * `>`, `<`, `>=`, `<=` for integer values.
  798. // * `:`, meaning substring matching, for strings.
  799. //
  800. // The supported value types are:
  801. //
  802. // * string literals in quotes.
  803. // * integer literals without quotes.
  804. // * boolean literals `true` and `false` without quotes.
  805. //
  806. // The following are the allowed field and operator combinations:
  807. //
  808. // * name: `=`
  809. // * update_time: `=`, `>`, `<`, `>=`, `<=`
  810. //
  811. // Usage: This should be milliseconds since epoch or an RFC3339 string.
  812. // Examples:
  813. // `update_time = "2019-06-10T16:07:18-07:00"`
  814. // `update_time = 1560208038000`
  815. //
  816. // * create_time: `=`, `>`, `<`, `>=`, `<=`
  817. //
  818. // Usage: This should be milliseconds since epoch or an RFC3339 string.
  819. // Examples:
  820. // `create_time = "2019-06-10T16:07:18-07:00"`
  821. // `create_time = 1560208038000`
  822. //
  823. // * iam_policy.policy_blob: `=`, `:`
  824. // * resource_properties: `=`, `:`, `>`, `<`, `>=`, `<=`
  825. // * security_marks.marks: `=`, `:`
  826. // * security_center_properties.resource_name: `=`, `:`
  827. // * security_center_properties.resource_display_name: `=`, `:`
  828. // * security_center_properties.resource_type: `=`, `:`
  829. // * security_center_properties.resource_parent: `=`, `:`
  830. // * security_center_properties.resource_parent_display_name: `=`, `:`
  831. // * security_center_properties.resource_project: `=`, `:`
  832. // * security_center_properties.resource_project_display_name: `=`, `:`
  833. // * security_center_properties.resource_owners: `=`, `:`
  834. //
  835. // For example, `resource_properties.size = 100` is a valid filter string.
  836. //
  837. // Use a partial match on the empty string to filter based on a property
  838. // existing: `resource_properties.my_property : ""`
  839. //
  840. // Use a negated partial match on the empty string to filter based on a
  841. // property not existing: `-resource_properties.my_property : ""`
  842. string filter = 2;
  843. // Expression that defines what fields and order to use for sorting. The
  844. // string value should follow SQL syntax: comma separated list of fields. For
  845. // example: "name,resource_properties.a_property". The default sorting order
  846. // is ascending. To specify descending order for a field, a suffix " desc"
  847. // should be appended to the field name. For example: "name
  848. // desc,resource_properties.a_property". Redundant space characters in the
  849. // syntax are insignificant. "name desc,resource_properties.a_property" and "
  850. // name desc , resource_properties.a_property " are equivalent.
  851. //
  852. // The following fields are supported:
  853. // name
  854. // update_time
  855. // resource_properties
  856. // security_marks.marks
  857. // security_center_properties.resource_name
  858. // security_center_properties.resource_display_name
  859. // security_center_properties.resource_parent
  860. // security_center_properties.resource_parent_display_name
  861. // security_center_properties.resource_project
  862. // security_center_properties.resource_project_display_name
  863. // security_center_properties.resource_type
  864. string order_by = 3;
  865. // Time used as a reference point when filtering assets. The filter is limited
  866. // to assets existing at the supplied time and their values are those at that
  867. // specific time. Absence of this field will default to the API's version of
  868. // NOW.
  869. google.protobuf.Timestamp read_time = 4;
  870. // When compare_duration is set, the ListAssetsResult's "state_change"
  871. // attribute is updated to indicate whether the asset was added, removed, or
  872. // remained present during the compare_duration period of time that precedes
  873. // the read_time. This is the time between (read_time - compare_duration) and
  874. // read_time.
  875. //
  876. // The state_change value is derived based on the presence of the asset at the
  877. // two points in time. Intermediate state changes between the two times don't
  878. // affect the result. For example, the results aren't affected if the asset is
  879. // removed and re-created again.
  880. //
  881. // Possible "state_change" values when compare_duration is specified:
  882. //
  883. // * "ADDED": indicates that the asset was not present at the start of
  884. // compare_duration, but present at read_time.
  885. // * "REMOVED": indicates that the asset was present at the start of
  886. // compare_duration, but not present at read_time.
  887. // * "ACTIVE": indicates that the asset was present at both the
  888. // start and the end of the time period defined by
  889. // compare_duration and read_time.
  890. //
  891. // If compare_duration is not specified, then the only possible state_change
  892. // is "UNUSED", which will be the state_change set for all assets present at
  893. // read_time.
  894. google.protobuf.Duration compare_duration = 5;
  895. // A field mask to specify the ListAssetsResult fields to be listed in the
  896. // response.
  897. // An empty field mask will list all fields.
  898. google.protobuf.FieldMask field_mask = 7;
  899. // The value returned by the last `ListAssetsResponse`; indicates
  900. // that this is a continuation of a prior `ListAssets` call, and
  901. // that the system should return the next page of data.
  902. string page_token = 8;
  903. // The maximum number of results to return in a single response. Default is
  904. // 10, minimum is 1, maximum is 1000.
  905. int32 page_size = 9;
  906. }
  907. // Response message for listing assets.
  908. message ListAssetsResponse {
  909. // Result containing the Asset and its State.
  910. message ListAssetsResult {
  911. // The change in state of the asset.
  912. //
  913. // When querying across two points in time this describes
  914. // the change between the two points: ADDED, REMOVED, or ACTIVE.
  915. // If there was no compare_duration supplied in the request the state change
  916. // will be: UNUSED
  917. enum StateChange {
  918. // State change is unused, this is the canonical default for this enum.
  919. UNUSED = 0;
  920. // Asset was added between the points in time.
  921. ADDED = 1;
  922. // Asset was removed between the points in time.
  923. REMOVED = 2;
  924. // Asset was present at both point(s) in time.
  925. ACTIVE = 3;
  926. }
  927. // Asset matching the search request.
  928. Asset asset = 1;
  929. // State change of the asset between the points in time.
  930. StateChange state_change = 2;
  931. }
  932. // Assets matching the list request.
  933. repeated ListAssetsResult list_assets_results = 1;
  934. // Time used for executing the list request.
  935. google.protobuf.Timestamp read_time = 2;
  936. // Token to retrieve the next page of results, or empty if there are no more
  937. // results.
  938. string next_page_token = 3;
  939. // The total number of assets matching the query.
  940. int32 total_size = 4;
  941. }
  942. // Request message for listing findings.
  943. message ListFindingsRequest {
  944. // Required. Name of the source the findings belong to. Its format is
  945. // "organizations/[organization_id]/sources/[source_id],
  946. // folders/[folder_id]/sources/[source_id], or
  947. // projects/[project_id]/sources/[source_id]". To list across all sources
  948. // provide a source_id of `-`. For example:
  949. // organizations/{organization_id}/sources/-, folders/{folder_id}/sources/- or
  950. // projects/{projects_id}/sources/-
  951. string parent = 1 [
  952. (google.api.field_behavior) = REQUIRED,
  953. (google.api.resource_reference) = {
  954. type: "securitycenter.googleapis.com/Source"
  955. }
  956. ];
  957. // Expression that defines the filter to apply across findings.
  958. // The expression is a list of one or more restrictions combined via logical
  959. // operators `AND` and `OR`.
  960. // Parentheses are supported, and `OR` has higher precedence than `AND`.
  961. //
  962. // Restrictions have the form `<field> <operator> <value>` and may have a `-`
  963. // character in front of them to indicate negation. Examples include:
  964. //
  965. // * name
  966. // * source_properties.a_property
  967. // * security_marks.marks.marka
  968. //
  969. // The supported operators are:
  970. //
  971. // * `=` for all value types.
  972. // * `>`, `<`, `>=`, `<=` for integer values.
  973. // * `:`, meaning substring matching, for strings.
  974. //
  975. // The supported value types are:
  976. //
  977. // * string literals in quotes.
  978. // * integer literals without quotes.
  979. // * boolean literals `true` and `false` without quotes.
  980. //
  981. // The following field and operator combinations are supported:
  982. //
  983. // * name: `=`
  984. // * parent: `=`, `:`
  985. // * resource_name: `=`, `:`
  986. // * state: `=`, `:`
  987. // * category: `=`, `:`
  988. // * external_uri: `=`, `:`
  989. // * event_time: `=`, `>`, `<`, `>=`, `<=`
  990. //
  991. // Usage: This should be milliseconds since epoch or an RFC3339 string.
  992. // Examples:
  993. // `event_time = "2019-06-10T16:07:18-07:00"`
  994. // `event_time = 1560208038000`
  995. //
  996. // * severity: `=`, `:`
  997. // * workflow_state: `=`, `:`
  998. // * security_marks.marks: `=`, `:`
  999. // * source_properties: `=`, `:`, `>`, `<`, `>=`, `<=`
  1000. //
  1001. // For example, `source_properties.size = 100` is a valid filter string.
  1002. //
  1003. // Use a partial match on the empty string to filter based on a property
  1004. // existing: `source_properties.my_property : ""`
  1005. //
  1006. // Use a negated partial match on the empty string to filter based on a
  1007. // property not existing: `-source_properties.my_property : ""`
  1008. //
  1009. // * resource:
  1010. // * resource.name: `=`, `:`
  1011. // * resource.parent_name: `=`, `:`
  1012. // * resource.parent_display_name: `=`, `:`
  1013. // * resource.project_name: `=`, `:`
  1014. // * resource.project_display_name: `=`, `:`
  1015. // * resource.type: `=`, `:`
  1016. // * resource.folders.resource_folder: `=`, `:`
  1017. string filter = 2;
  1018. // Expression that defines what fields and order to use for sorting. The
  1019. // string value should follow SQL syntax: comma separated list of fields. For
  1020. // example: "name,resource_properties.a_property". The default sorting order
  1021. // is ascending. To specify descending order for a field, a suffix " desc"
  1022. // should be appended to the field name. For example: "name
  1023. // desc,source_properties.a_property". Redundant space characters in the
  1024. // syntax are insignificant. "name desc,source_properties.a_property" and "
  1025. // name desc , source_properties.a_property " are equivalent.
  1026. //
  1027. // The following fields are supported:
  1028. // name
  1029. // parent
  1030. // state
  1031. // category
  1032. // resource_name
  1033. // event_time
  1034. // source_properties
  1035. // security_marks.marks
  1036. string order_by = 3;
  1037. // Time used as a reference point when filtering findings. The filter is
  1038. // limited to findings existing at the supplied time and their values are
  1039. // those at that specific time. Absence of this field will default to the
  1040. // API's version of NOW.
  1041. google.protobuf.Timestamp read_time = 4;
  1042. // When compare_duration is set, the ListFindingsResult's "state_change"
  1043. // attribute is updated to indicate whether the finding had its state changed,
  1044. // the finding's state remained unchanged, or if the finding was added in any
  1045. // state during the compare_duration period of time that precedes the
  1046. // read_time. This is the time between (read_time - compare_duration) and
  1047. // read_time.
  1048. //
  1049. // The state_change value is derived based on the presence and state of the
  1050. // finding at the two points in time. Intermediate state changes between the
  1051. // two times don't affect the result. For example, the results aren't affected
  1052. // if the finding is made inactive and then active again.
  1053. //
  1054. // Possible "state_change" values when compare_duration is specified:
  1055. //
  1056. // * "CHANGED": indicates that the finding was present and matched the given
  1057. // filter at the start of compare_duration, but changed its
  1058. // state at read_time.
  1059. // * "UNCHANGED": indicates that the finding was present and matched the given
  1060. // filter at the start of compare_duration and did not change
  1061. // state at read_time.
  1062. // * "ADDED": indicates that the finding did not match the given filter or
  1063. // was not present at the start of compare_duration, but was
  1064. // present at read_time.
  1065. // * "REMOVED": indicates that the finding was present and matched the
  1066. // filter at the start of compare_duration, but did not match
  1067. // the filter at read_time.
  1068. //
  1069. // If compare_duration is not specified, then the only possible state_change
  1070. // is "UNUSED", which will be the state_change set for all findings present at
  1071. // read_time.
  1072. google.protobuf.Duration compare_duration = 5;
  1073. // A field mask to specify the Finding fields to be listed in the response.
  1074. // An empty field mask will list all fields.
  1075. google.protobuf.FieldMask field_mask = 7;
  1076. // The value returned by the last `ListFindingsResponse`; indicates
  1077. // that this is a continuation of a prior `ListFindings` call, and
  1078. // that the system should return the next page of data.
  1079. string page_token = 8;
  1080. // The maximum number of results to return in a single response. Default is
  1081. // 10, minimum is 1, maximum is 1000.
  1082. int32 page_size = 9;
  1083. }
  1084. // Response message for listing findings.
  1085. message ListFindingsResponse {
  1086. // Result containing the Finding and its StateChange.
  1087. message ListFindingsResult {
  1088. // Information related to the Google Cloud resource that is
  1089. // associated with this finding.
  1090. message Resource {
  1091. // The full resource name of the resource. See:
  1092. // https://cloud.google.com/apis/design/resource_names#full_resource_name
  1093. string name = 1;
  1094. // The full resource name of project that the resource belongs to.
  1095. string project_name = 2;
  1096. // The human readable name of project that the resource belongs to.
  1097. string project_display_name = 3;
  1098. // The full resource name of resource's parent.
  1099. string parent_name = 4;
  1100. // The human readable name of resource's parent.
  1101. string parent_display_name = 5;
  1102. // Contains a Folder message for each folder in the assets ancestry.
  1103. // The first folder is the deepest nested folder, and the last folder is
  1104. // the folder directly under the Organization.
  1105. repeated Folder folders = 7;
  1106. }
  1107. // The change in state of the finding.
  1108. //
  1109. // When querying across two points in time this describes
  1110. // the change in the finding between the two points: CHANGED, UNCHANGED,
  1111. // ADDED, or REMOVED. Findings can not be deleted, so REMOVED implies that
  1112. // the finding at timestamp does not match the filter specified, but it did
  1113. // at timestamp - compare_duration. If there was no compare_duration
  1114. // supplied in the request the state change will be: UNUSED
  1115. enum StateChange {
  1116. // State change is unused, this is the canonical default for this enum.
  1117. UNUSED = 0;
  1118. // The finding has changed state in some way between the points in time
  1119. // and existed at both points.
  1120. CHANGED = 1;
  1121. // The finding has not changed state between the points in time and
  1122. // existed at both points.
  1123. UNCHANGED = 2;
  1124. // The finding was created between the points in time.
  1125. ADDED = 3;
  1126. // The finding at timestamp does not match the filter specified, but it
  1127. // did at timestamp - compare_duration.
  1128. REMOVED = 4;
  1129. }
  1130. // Finding matching the search request.
  1131. Finding finding = 1;
  1132. // State change of the finding between the points in time.
  1133. StateChange state_change = 2;
  1134. // Output only. Resource that is associated with this finding.
  1135. Resource resource = 3 [(google.api.field_behavior) = OUTPUT_ONLY];
  1136. }
  1137. // Findings matching the list request.
  1138. repeated ListFindingsResult list_findings_results = 1;
  1139. // Time used for executing the list request.
  1140. google.protobuf.Timestamp read_time = 2;
  1141. // Token to retrieve the next page of results, or empty if there are no more
  1142. // results.
  1143. string next_page_token = 3;
  1144. // The total number of findings matching the query.
  1145. int32 total_size = 4;
  1146. }
  1147. // Request message for updating a finding's state.
  1148. message SetFindingStateRequest {
  1149. // Required. The relative resource name of the finding. See:
  1150. // https://cloud.google.com/apis/design/resource_names#relative_resource_name
  1151. // Example:
  1152. // "organizations/{organization_id}/sources/{source_id}/finding/{finding_id}".
  1153. string name = 1 [
  1154. (google.api.field_behavior) = REQUIRED,
  1155. (google.api.resource_reference) = {
  1156. type: "securitycenter.googleapis.com/Finding"
  1157. }
  1158. ];
  1159. // Required. The desired State of the finding.
  1160. Finding.State state = 2 [(google.api.field_behavior) = REQUIRED];
  1161. // Required. The time at which the updated state takes effect.
  1162. google.protobuf.Timestamp start_time = 3 [(google.api.field_behavior) = REQUIRED];
  1163. }
  1164. // Request message for running asset discovery for an organization.
  1165. message RunAssetDiscoveryRequest {
  1166. // Required. Name of the organization to run asset discovery for. Its format is
  1167. // "organizations/[organization_id]".
  1168. string parent = 1 [
  1169. (google.api.field_behavior) = REQUIRED,
  1170. (google.api.resource_reference) = {
  1171. type: "cloudresourcemanager.googleapis.com/Organization"
  1172. }
  1173. ];
  1174. }
  1175. // Request message for updating or creating a finding.
  1176. message UpdateFindingRequest {
  1177. // Required. The finding resource to update or create if it does not already exist.
  1178. // parent, security_marks, and update_time will be ignored.
  1179. //
  1180. // In the case of creation, the finding id portion of the name must be
  1181. // alphanumeric and less than or equal to 32 characters and greater than 0
  1182. // characters in length.
  1183. Finding finding = 1 [(google.api.field_behavior) = REQUIRED];
  1184. // The FieldMask to use when updating the finding resource. This field should
  1185. // not be specified when creating a finding.
  1186. //
  1187. // When updating a finding, an empty mask is treated as updating all mutable
  1188. // fields and replacing source_properties. Individual source_properties can
  1189. // be added/updated by using "source_properties.<property key>" in the field
  1190. // mask.
  1191. google.protobuf.FieldMask update_mask = 2;
  1192. }
  1193. // Request message for updating a notification config.
  1194. message UpdateNotificationConfigRequest {
  1195. // Required. The notification config to update.
  1196. NotificationConfig notification_config = 1 [(google.api.field_behavior) = REQUIRED];
  1197. // The FieldMask to use when updating the notification config.
  1198. //
  1199. // If empty all mutable fields will be updated.
  1200. google.protobuf.FieldMask update_mask = 2;
  1201. }
  1202. // Request message for updating an organization's settings.
  1203. message UpdateOrganizationSettingsRequest {
  1204. // Required. The organization settings resource to update.
  1205. OrganizationSettings organization_settings = 1 [(google.api.field_behavior) = REQUIRED];
  1206. // The FieldMask to use when updating the settings resource.
  1207. //
  1208. // If empty all mutable fields will be updated.
  1209. google.protobuf.FieldMask update_mask = 2;
  1210. }
  1211. // Request message for updating a source.
  1212. message UpdateSourceRequest {
  1213. // Required. The source resource to update.
  1214. Source source = 1 [(google.api.field_behavior) = REQUIRED];
  1215. // The FieldMask to use when updating the source resource.
  1216. //
  1217. // If empty all mutable fields will be updated.
  1218. google.protobuf.FieldMask update_mask = 2;
  1219. }
  1220. // Request message for updating a SecurityMarks resource.
  1221. message UpdateSecurityMarksRequest {
  1222. // Required. The security marks resource to update.
  1223. SecurityMarks security_marks = 1 [(google.api.field_behavior) = REQUIRED];
  1224. // The FieldMask to use when updating the security marks resource.
  1225. //
  1226. // The field mask must not contain duplicate fields.
  1227. // If empty or set to "marks", all marks will be replaced. Individual
  1228. // marks can be updated using "marks.<mark_key>".
  1229. google.protobuf.FieldMask update_mask = 2;
  1230. // The time at which the updated SecurityMarks take effect.
  1231. // If not set uses current server time. Updates will be applied to the
  1232. // SecurityMarks that are active immediately preceding this time.
  1233. google.protobuf.Timestamp start_time = 3;
  1234. }