securitycenter_service.proto 31 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824
  1. // Copyright 2020 Google LLC
  2. //
  3. // Licensed under the Apache License, Version 2.0 (the "License");
  4. // you may not use this file except in compliance with the License.
  5. // You may obtain a copy of the License at
  6. //
  7. // http://www.apache.org/licenses/LICENSE-2.0
  8. //
  9. // Unless required by applicable law or agreed to in writing, software
  10. // distributed under the License is distributed on an "AS IS" BASIS,
  11. // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  12. // See the License for the specific language governing permissions and
  13. // limitations under the License.
  14. syntax = "proto3";
  15. package google.cloud.securitycenter.v1beta1;
  16. import "google/api/annotations.proto";
  17. import "google/api/client.proto";
  18. import "google/api/field_behavior.proto";
  19. import "google/api/resource.proto";
  20. import "google/cloud/securitycenter/v1beta1/asset.proto";
  21. import "google/cloud/securitycenter/v1beta1/finding.proto";
  22. import "google/cloud/securitycenter/v1beta1/organization_settings.proto";
  23. import "google/cloud/securitycenter/v1beta1/security_marks.proto";
  24. import "google/cloud/securitycenter/v1beta1/source.proto";
  25. import "google/iam/v1/iam_policy.proto";
  26. import "google/iam/v1/policy.proto";
  27. import "google/longrunning/operations.proto";
  28. import "google/protobuf/duration.proto";
  29. import "google/protobuf/empty.proto";
  30. import "google/protobuf/field_mask.proto";
  31. import "google/protobuf/struct.proto";
  32. import "google/protobuf/timestamp.proto";
  33. option go_package = "google.golang.org/genproto/googleapis/cloud/securitycenter/v1beta1;securitycenter";
  34. option java_multiple_files = true;
  35. option java_package = "com.google.cloud.securitycenter.v1beta1";
  36. // V1 Beta APIs for Security Center service.
  37. service SecurityCenter {
  38. option (google.api.default_host) = "securitycenter.googleapis.com";
  39. option (google.api.oauth_scopes) = "https://www.googleapis.com/auth/cloud-platform";
  40. // Creates a source.
  41. rpc CreateSource(CreateSourceRequest) returns (Source) {
  42. option (google.api.http) = {
  43. post: "/v1beta1/{parent=organizations/*}/sources"
  44. body: "source"
  45. };
  46. option (google.api.method_signature) = "parent,source";
  47. }
  48. // Creates a finding. The corresponding source must exist for finding creation
  49. // to succeed.
  50. rpc CreateFinding(CreateFindingRequest) returns (Finding) {
  51. option (google.api.http) = {
  52. post: "/v1beta1/{parent=organizations/*/sources/*}/findings"
  53. body: "finding"
  54. };
  55. option (google.api.method_signature) = "parent,finding_id,finding";
  56. }
  57. // Gets the access control policy on the specified Source.
  58. rpc GetIamPolicy(google.iam.v1.GetIamPolicyRequest) returns (google.iam.v1.Policy) {
  59. option (google.api.http) = {
  60. post: "/v1beta1/{resource=organizations/*/sources/*}:getIamPolicy"
  61. body: "*"
  62. };
  63. option (google.api.method_signature) = "resource";
  64. }
  65. // Gets the settings for an organization.
  66. rpc GetOrganizationSettings(GetOrganizationSettingsRequest) returns (OrganizationSettings) {
  67. option (google.api.http) = {
  68. get: "/v1beta1/{name=organizations/*/organizationSettings}"
  69. };
  70. option (google.api.method_signature) = "name";
  71. }
  72. // Gets a source.
  73. rpc GetSource(GetSourceRequest) returns (Source) {
  74. option (google.api.http) = {
  75. get: "/v1beta1/{name=organizations/*/sources/*}"
  76. };
  77. option (google.api.method_signature) = "name";
  78. }
  79. // Filters an organization's assets and groups them by their specified
  80. // properties.
  81. rpc GroupAssets(GroupAssetsRequest) returns (GroupAssetsResponse) {
  82. option (google.api.http) = {
  83. post: "/v1beta1/{parent=organizations/*}/assets:group"
  84. body: "*"
  85. };
  86. }
  87. // Filters an organization or source's findings and groups them by their
  88. // specified properties.
  89. //
  90. // To group across all sources provide a `-` as the source id.
  91. // Example: /v1beta1/organizations/{organization_id}/sources/-/findings
  92. rpc GroupFindings(GroupFindingsRequest) returns (GroupFindingsResponse) {
  93. option (google.api.http) = {
  94. post: "/v1beta1/{parent=organizations/*/sources/*}/findings:group"
  95. body: "*"
  96. };
  97. option (google.api.method_signature) = "parent,group_by";
  98. }
  99. // Lists an organization's assets.
  100. rpc ListAssets(ListAssetsRequest) returns (ListAssetsResponse) {
  101. option (google.api.http) = {
  102. get: "/v1beta1/{parent=organizations/*}/assets"
  103. };
  104. }
  105. // Lists an organization or source's findings.
  106. //
  107. // To list across all sources provide a `-` as the source id.
  108. // Example: /v1beta1/organizations/{organization_id}/sources/-/findings
  109. rpc ListFindings(ListFindingsRequest) returns (ListFindingsResponse) {
  110. option (google.api.http) = {
  111. get: "/v1beta1/{parent=organizations/*/sources/*}/findings"
  112. };
  113. }
  114. // Lists all sources belonging to an organization.
  115. rpc ListSources(ListSourcesRequest) returns (ListSourcesResponse) {
  116. option (google.api.http) = {
  117. get: "/v1beta1/{parent=organizations/*}/sources"
  118. };
  119. option (google.api.method_signature) = "parent";
  120. }
  121. // Runs asset discovery. The discovery is tracked with a long-running
  122. // operation.
  123. //
  124. // This API can only be called with limited frequency for an organization. If
  125. // it is called too frequently the caller will receive a TOO_MANY_REQUESTS
  126. // error.
  127. rpc RunAssetDiscovery(RunAssetDiscoveryRequest) returns (google.longrunning.Operation) {
  128. option (google.api.http) = {
  129. post: "/v1beta1/{parent=organizations/*}/assets:runDiscovery"
  130. body: "*"
  131. };
  132. option (google.api.method_signature) = "parent";
  133. option (google.longrunning.operation_info) = {
  134. response_type: "google.protobuf.Empty"
  135. metadata_type: "google.protobuf.Empty"
  136. };
  137. }
  138. // Updates the state of a finding.
  139. rpc SetFindingState(SetFindingStateRequest) returns (Finding) {
  140. option (google.api.http) = {
  141. post: "/v1beta1/{name=organizations/*/sources/*/findings/*}:setState"
  142. body: "*"
  143. };
  144. option (google.api.method_signature) = "name,state,start_time";
  145. }
  146. // Sets the access control policy on the specified Source.
  147. rpc SetIamPolicy(google.iam.v1.SetIamPolicyRequest) returns (google.iam.v1.Policy) {
  148. option (google.api.http) = {
  149. post: "/v1beta1/{resource=organizations/*/sources/*}:setIamPolicy"
  150. body: "*"
  151. };
  152. option (google.api.method_signature) = "resource,policy";
  153. }
  154. // Returns the permissions that a caller has on the specified source.
  155. rpc TestIamPermissions(google.iam.v1.TestIamPermissionsRequest) returns (google.iam.v1.TestIamPermissionsResponse) {
  156. option (google.api.http) = {
  157. post: "/v1beta1/{resource=organizations/*/sources/*}:testIamPermissions"
  158. body: "*"
  159. };
  160. option (google.api.method_signature) = "resource,permissions";
  161. }
  162. // Creates or updates a finding. The corresponding source must exist for a
  163. // finding creation to succeed.
  164. rpc UpdateFinding(UpdateFindingRequest) returns (Finding) {
  165. option (google.api.http) = {
  166. patch: "/v1beta1/{finding.name=organizations/*/sources/*/findings/*}"
  167. body: "finding"
  168. };
  169. option (google.api.method_signature) = "finding";
  170. }
  171. // Updates an organization's settings.
  172. rpc UpdateOrganizationSettings(UpdateOrganizationSettingsRequest) returns (OrganizationSettings) {
  173. option (google.api.http) = {
  174. patch: "/v1beta1/{organization_settings.name=organizations/*/organizationSettings}"
  175. body: "organization_settings"
  176. };
  177. option (google.api.method_signature) = "organization_settings";
  178. }
  179. // Updates a source.
  180. rpc UpdateSource(UpdateSourceRequest) returns (Source) {
  181. option (google.api.http) = {
  182. patch: "/v1beta1/{source.name=organizations/*/sources/*}"
  183. body: "source"
  184. };
  185. option (google.api.method_signature) = "source";
  186. }
  187. // Updates security marks.
  188. rpc UpdateSecurityMarks(UpdateSecurityMarksRequest) returns (SecurityMarks) {
  189. option (google.api.http) = {
  190. patch: "/v1beta1/{security_marks.name=organizations/*/assets/*/securityMarks}"
  191. body: "security_marks"
  192. additional_bindings {
  193. patch: "/v1beta1/{security_marks.name=organizations/*/sources/*/findings/*/securityMarks}"
  194. body: "security_marks"
  195. }
  196. };
  197. option (google.api.method_signature) = "security_marks";
  198. }
  199. }
  200. // Request message for creating a finding.
  201. message CreateFindingRequest {
  202. // Required. Resource name of the new finding's parent. Its format should be
  203. // "organizations/[organization_id]/sources/[source_id]".
  204. string parent = 1 [
  205. (google.api.field_behavior) = REQUIRED,
  206. (google.api.resource_reference) = {
  207. type: "securitycenter.googleapis.com/Source"
  208. }
  209. ];
  210. // Required. Unique identifier provided by the client within the parent scope.
  211. // It must be alphanumeric and less than or equal to 32 characters and
  212. // greater than 0 characters in length.
  213. string finding_id = 2 [(google.api.field_behavior) = REQUIRED];
  214. // Required. The Finding being created. The name and security_marks will be ignored as
  215. // they are both output only fields on this resource.
  216. Finding finding = 3 [(google.api.field_behavior) = REQUIRED];
  217. }
  218. // Request message for creating a source.
  219. message CreateSourceRequest {
  220. // Required. Resource name of the new source's parent. Its format should be
  221. // "organizations/[organization_id]".
  222. string parent = 1 [
  223. (google.api.field_behavior) = REQUIRED,
  224. (google.api.resource_reference) = {
  225. type: "cloudresourcemanager.googleapis.com/Organization"
  226. }
  227. ];
  228. // Required. The Source being created, only the display_name and description will be
  229. // used. All other fields will be ignored.
  230. Source source = 2 [(google.api.field_behavior) = REQUIRED];
  231. }
  232. // Request message for getting organization settings.
  233. message GetOrganizationSettingsRequest {
  234. // Required. Name of the organization to get organization settings for. Its format is
  235. // "organizations/[organization_id]/organizationSettings".
  236. string name = 1 [
  237. (google.api.field_behavior) = REQUIRED,
  238. (google.api.resource_reference) = {
  239. type: "securitycenter.googleapis.com/OrganizationSettings"
  240. }
  241. ];
  242. }
  243. // Request message for getting a source.
  244. message GetSourceRequest {
  245. // Required. Relative resource name of the source. Its format is
  246. // "organizations/[organization_id]/source/[source_id]".
  247. string name = 1 [
  248. (google.api.field_behavior) = REQUIRED,
  249. (google.api.resource_reference) = {
  250. type: "securitycenter.googleapis.com/Source"
  251. }
  252. ];
  253. }
  254. // Request message for grouping by assets.
  255. message GroupAssetsRequest {
  256. // Required. Name of the organization to groupBy. Its format is
  257. // "organizations/[organization_id]".
  258. string parent = 1 [
  259. (google.api.field_behavior) = REQUIRED,
  260. (google.api.resource_reference) = {
  261. type: "cloudresourcemanager.googleapis.com/Organization"
  262. }
  263. ];
  264. // Expression that defines the filter to apply across assets.
  265. // The expression is a list of zero or more restrictions combined via logical
  266. // operators `AND` and `OR`.
  267. // Parentheses are not supported, and `OR` has higher precedence than `AND`.
  268. //
  269. // Restrictions have the form `<field> <operator> <value>` and may have a `-`
  270. // character in front of them to indicate negation. The fields map to those
  271. // defined in the Asset resource. Examples include:
  272. //
  273. // * name
  274. // * security_center_properties.resource_name
  275. // * resource_properties.a_property
  276. // * security_marks.marks.marka
  277. //
  278. // The supported operators are:
  279. //
  280. // * `=` for all value types.
  281. // * `>`, `<`, `>=`, `<=` for integer values.
  282. // * `:`, meaning substring matching, for strings.
  283. //
  284. // The supported value types are:
  285. //
  286. // * string literals in quotes.
  287. // * integer literals without quotes.
  288. // * boolean literals `true` and `false` without quotes.
  289. //
  290. // For example, `resource_properties.size = 100` is a valid filter string.
  291. string filter = 2;
  292. // Required. Expression that defines what assets fields to use for grouping. The string
  293. // value should follow SQL syntax: comma separated list of fields. For
  294. // example:
  295. // "security_center_properties.resource_project,security_center_properties.project".
  296. //
  297. // The following fields are supported when compare_duration is not set:
  298. //
  299. // * security_center_properties.resource_project
  300. // * security_center_properties.resource_type
  301. // * security_center_properties.resource_parent
  302. //
  303. // The following fields are supported when compare_duration is set:
  304. //
  305. // * security_center_properties.resource_type
  306. string group_by = 3 [(google.api.field_behavior) = REQUIRED];
  307. // When compare_duration is set, the Asset's "state" property is updated to
  308. // indicate whether the asset was added, removed, or remained present during
  309. // the compare_duration period of time that precedes the read_time. This is
  310. // the time between (read_time - compare_duration) and read_time.
  311. //
  312. // The state value is derived based on the presence of the asset at the two
  313. // points in time. Intermediate state changes between the two times don't
  314. // affect the result. For example, the results aren't affected if the asset is
  315. // removed and re-created again.
  316. //
  317. // Possible "state" values when compare_duration is specified:
  318. //
  319. // * "ADDED": indicates that the asset was not present before
  320. // compare_duration, but present at reference_time.
  321. // * "REMOVED": indicates that the asset was present at the start of
  322. // compare_duration, but not present at reference_time.
  323. // * "ACTIVE": indicates that the asset was present at both the
  324. // start and the end of the time period defined by
  325. // compare_duration and reference_time.
  326. //
  327. // This field is ignored if `state` is not a field in `group_by`.
  328. google.protobuf.Duration compare_duration = 4;
  329. // Time used as a reference point when filtering assets. The filter is limited
  330. // to assets existing at the supplied time and their values are those at that
  331. // specific time. Absence of this field will default to the API's version of
  332. // NOW.
  333. google.protobuf.Timestamp read_time = 5;
  334. // The value returned by the last `GroupAssetsResponse`; indicates
  335. // that this is a continuation of a prior `GroupAssets` call, and that the
  336. // system should return the next page of data.
  337. string page_token = 7;
  338. // The maximum number of results to return in a single response. Default is
  339. // 10, minimum is 1, maximum is 1000.
  340. int32 page_size = 8;
  341. }
  342. // Response message for grouping by assets.
  343. message GroupAssetsResponse {
  344. // Group results. There exists an element for each existing unique
  345. // combination of property/values. The element contains a count for the number
  346. // of times those specific property/values appear.
  347. repeated GroupResult group_by_results = 1;
  348. // Time used for executing the groupBy request.
  349. google.protobuf.Timestamp read_time = 2;
  350. // Token to retrieve the next page of results, or empty if there are no more
  351. // results.
  352. string next_page_token = 3;
  353. }
  354. // Request message for grouping by findings.
  355. message GroupFindingsRequest {
  356. // Required. Name of the source to groupBy. Its format is
  357. // "organizations/[organization_id]/sources/[source_id]". To groupBy across
  358. // all sources provide a source_id of `-`. For example:
  359. // organizations/{organization_id}/sources/-
  360. string parent = 1 [
  361. (google.api.field_behavior) = REQUIRED,
  362. (google.api.resource_reference) = {
  363. type: "securitycenter.googleapis.com/Source"
  364. }
  365. ];
  366. // Expression that defines the filter to apply across findings.
  367. // The expression is a list of one or more restrictions combined via logical
  368. // operators `AND` and `OR`.
  369. // Parentheses are not supported, and `OR` has higher precedence than `AND`.
  370. //
  371. // Restrictions have the form `<field> <operator> <value>` and may have a `-`
  372. // character in front of them to indicate negation. Examples include:
  373. //
  374. // * name
  375. // * source_properties.a_property
  376. // * security_marks.marks.marka
  377. //
  378. // The supported operators are:
  379. //
  380. // * `=` for all value types.
  381. // * `>`, `<`, `>=`, `<=` for integer values.
  382. // * `:`, meaning substring matching, for strings.
  383. //
  384. // The supported value types are:
  385. //
  386. // * string literals in quotes.
  387. // * integer literals without quotes.
  388. // * boolean literals `true` and `false` without quotes.
  389. //
  390. // For example, `source_properties.size = 100` is a valid filter string.
  391. string filter = 2;
  392. // Required. Expression that defines what assets fields to use for grouping (including
  393. // `state`). The string value should follow SQL syntax: comma separated list
  394. // of fields. For example:
  395. // "parent,resource_name".
  396. //
  397. // The following fields are supported:
  398. //
  399. // * resource_name
  400. // * category
  401. // * state
  402. // * parent
  403. string group_by = 3 [(google.api.field_behavior) = REQUIRED];
  404. // Time used as a reference point when filtering findings. The filter is
  405. // limited to findings existing at the supplied time and their values are
  406. // those at that specific time. Absence of this field will default to the
  407. // API's version of NOW.
  408. google.protobuf.Timestamp read_time = 4;
  409. // The value returned by the last `GroupFindingsResponse`; indicates
  410. // that this is a continuation of a prior `GroupFindings` call, and
  411. // that the system should return the next page of data.
  412. string page_token = 5;
  413. // The maximum number of results to return in a single response. Default is
  414. // 10, minimum is 1, maximum is 1000.
  415. int32 page_size = 6;
  416. }
  417. // Response message for group by findings.
  418. message GroupFindingsResponse {
  419. // Group results. There exists an element for each existing unique
  420. // combination of property/values. The element contains a count for the number
  421. // of times those specific property/values appear.
  422. repeated GroupResult group_by_results = 1;
  423. // Time used for executing the groupBy request.
  424. google.protobuf.Timestamp read_time = 2;
  425. // Token to retrieve the next page of results, or empty if there are no more
  426. // results.
  427. string next_page_token = 3;
  428. }
  429. // Result containing the properties and count of a groupBy request.
  430. message GroupResult {
  431. // Properties matching the groupBy fields in the request.
  432. map<string, google.protobuf.Value> properties = 1;
  433. // Total count of resources for the given properties.
  434. int64 count = 2;
  435. }
  436. // Request message for listing sources.
  437. message ListSourcesRequest {
  438. // Required. Resource name of the parent of sources to list. Its format should be
  439. // "organizations/[organization_id]".
  440. string parent = 1 [
  441. (google.api.field_behavior) = REQUIRED,
  442. (google.api.resource_reference) = {
  443. type: "cloudresourcemanager.googleapis.com/Organization"
  444. }
  445. ];
  446. // The value returned by the last `ListSourcesResponse`; indicates
  447. // that this is a continuation of a prior `ListSources` call, and
  448. // that the system should return the next page of data.
  449. string page_token = 2;
  450. // The maximum number of results to return in a single response. Default is
  451. // 10, minimum is 1, maximum is 1000.
  452. int32 page_size = 7;
  453. }
  454. // Response message for listing sources.
  455. message ListSourcesResponse {
  456. // Sources belonging to the requested parent.
  457. repeated Source sources = 1;
  458. // Token to retrieve the next page of results, or empty if there are no more
  459. // results.
  460. string next_page_token = 2;
  461. }
  462. // Request message for listing assets.
  463. message ListAssetsRequest {
  464. // Required. Name of the organization assets should belong to. Its format is
  465. // "organizations/[organization_id]".
  466. string parent = 1 [
  467. (google.api.field_behavior) = REQUIRED,
  468. (google.api.resource_reference) = {
  469. type: "cloudresourcemanager.googleapis.com/Organization"
  470. }
  471. ];
  472. // Expression that defines the filter to apply across assets.
  473. // The expression is a list of zero or more restrictions combined via logical
  474. // operators `AND` and `OR`.
  475. // Parentheses are not supported, and `OR` has higher precedence than `AND`.
  476. //
  477. // Restrictions have the form `<field> <operator> <value>` and may have a `-`
  478. // character in front of them to indicate negation. The fields map to those
  479. // defined in the Asset resource. Examples include:
  480. //
  481. // * name
  482. // * security_center_properties.resource_name
  483. // * resource_properties.a_property
  484. // * security_marks.marks.marka
  485. //
  486. // The supported operators are:
  487. //
  488. // * `=` for all value types.
  489. // * `>`, `<`, `>=`, `<=` for integer values.
  490. // * `:`, meaning substring matching, for strings.
  491. //
  492. // The supported value types are:
  493. //
  494. // * string literals in quotes.
  495. // * integer literals without quotes.
  496. // * boolean literals `true` and `false` without quotes.
  497. //
  498. // For example, `resource_properties.size = 100` is a valid filter string.
  499. string filter = 2;
  500. // Expression that defines what fields and order to use for sorting. The
  501. // string value should follow SQL syntax: comma separated list of fields. For
  502. // example: "name,resource_properties.a_property". The default sorting order
  503. // is ascending. To specify descending order for a field, a suffix " desc"
  504. // should be appended to the field name. For example: "name
  505. // desc,resource_properties.a_property". Redundant space characters in the
  506. // syntax are insignificant. "name desc,resource_properties.a_property" and "
  507. // name desc , resource_properties.a_property " are equivalent.
  508. string order_by = 3;
  509. // Time used as a reference point when filtering assets. The filter is limited
  510. // to assets existing at the supplied time and their values are those at that
  511. // specific time. Absence of this field will default to the API's version of
  512. // NOW.
  513. google.protobuf.Timestamp read_time = 4;
  514. // When compare_duration is set, the ListAssetResult's "state" attribute is
  515. // updated to indicate whether the asset was added, removed, or remained
  516. // present during the compare_duration period of time that precedes the
  517. // read_time. This is the time between (read_time -
  518. // compare_duration) and read_time.
  519. //
  520. // The state value is derived based on the presence of the asset at the two
  521. // points in time. Intermediate state changes between the two times don't
  522. // affect the result. For example, the results aren't affected if the asset is
  523. // removed and re-created again.
  524. //
  525. // Possible "state" values when compare_duration is specified:
  526. //
  527. // * "ADDED": indicates that the asset was not present before
  528. // compare_duration, but present at read_time.
  529. // * "REMOVED": indicates that the asset was present at the start of
  530. // compare_duration, but not present at read_time.
  531. // * "ACTIVE": indicates that the asset was present at both the
  532. // start and the end of the time period defined by
  533. // compare_duration and read_time.
  534. //
  535. // If compare_duration is not specified, then the only possible state is
  536. // "UNUSED", which indicates that the asset is present at read_time.
  537. google.protobuf.Duration compare_duration = 5;
  538. // Optional. A field mask to specify the ListAssetsResult fields to be listed in the
  539. // response.
  540. // An empty field mask will list all fields.
  541. google.protobuf.FieldMask field_mask = 7 [(google.api.field_behavior) = OPTIONAL];
  542. // The value returned by the last `ListAssetsResponse`; indicates
  543. // that this is a continuation of a prior `ListAssets` call, and
  544. // that the system should return the next page of data.
  545. string page_token = 8;
  546. // The maximum number of results to return in a single response. Default is
  547. // 10, minimum is 1, maximum is 1000.
  548. int32 page_size = 9;
  549. }
  550. // Response message for listing assets.
  551. message ListAssetsResponse {
  552. // Result containing the Asset and its State.
  553. message ListAssetsResult {
  554. // State of the asset.
  555. //
  556. // When querying across two points in time this describes
  557. // the change between the two points: ADDED, REMOVED, or ACTIVE.
  558. // If there was no compare_duration supplied in the request the state should
  559. // be: UNUSED
  560. enum State {
  561. // Unspecified state.
  562. STATE_UNSPECIFIED = 0;
  563. // Request did not specify use of this field in the result.
  564. UNUSED = 1;
  565. // Asset was added between the points in time.
  566. ADDED = 2;
  567. // Asset was removed between the points in time.
  568. REMOVED = 3;
  569. // Asset was active at both point(s) in time.
  570. ACTIVE = 4;
  571. }
  572. // Asset matching the search request.
  573. Asset asset = 1;
  574. // State of the asset.
  575. State state = 2;
  576. }
  577. // Assets matching the list request.
  578. repeated ListAssetsResult list_assets_results = 1;
  579. // Time used for executing the list request.
  580. google.protobuf.Timestamp read_time = 2;
  581. // Token to retrieve the next page of results, or empty if there are no more
  582. // results.
  583. string next_page_token = 3;
  584. // The total number of assets matching the query.
  585. int32 total_size = 4;
  586. }
  587. // Request message for listing findings.
  588. message ListFindingsRequest {
  589. // Required. Name of the source the findings belong to. Its format is
  590. // "organizations/[organization_id]/sources/[source_id]". To list across all
  591. // sources provide a source_id of `-`. For example:
  592. // organizations/{organization_id}/sources/-
  593. string parent = 1 [
  594. (google.api.field_behavior) = REQUIRED,
  595. (google.api.resource_reference) = {
  596. type: "securitycenter.googleapis.com/Source"
  597. }
  598. ];
  599. // Expression that defines the filter to apply across findings.
  600. // The expression is a list of one or more restrictions combined via logical
  601. // operators `AND` and `OR`.
  602. // Parentheses are not supported, and `OR` has higher precedence than `AND`.
  603. //
  604. // Restrictions have the form `<field> <operator> <value>` and may have a `-`
  605. // character in front of them to indicate negation. Examples include:
  606. //
  607. // * name
  608. // * source_properties.a_property
  609. // * security_marks.marks.marka
  610. //
  611. // The supported operators are:
  612. //
  613. // * `=` for all value types.
  614. // * `>`, `<`, `>=`, `<=` for integer values.
  615. // * `:`, meaning substring matching, for strings.
  616. //
  617. // The supported value types are:
  618. //
  619. // * string literals in quotes.
  620. // * integer literals without quotes.
  621. // * boolean literals `true` and `false` without quotes.
  622. //
  623. // For example, `source_properties.size = 100` is a valid filter string.
  624. string filter = 2;
  625. // Expression that defines what fields and order to use for sorting. The
  626. // string value should follow SQL syntax: comma separated list of fields. For
  627. // example: "name,resource_properties.a_property". The default sorting order
  628. // is ascending. To specify descending order for a field, a suffix " desc"
  629. // should be appended to the field name. For example: "name
  630. // desc,source_properties.a_property". Redundant space characters in the
  631. // syntax are insignificant. "name desc,source_properties.a_property" and "
  632. // name desc , source_properties.a_property " are equivalent.
  633. string order_by = 3;
  634. // Time used as a reference point when filtering findings. The filter is
  635. // limited to findings existing at the supplied time and their values are
  636. // those at that specific time. Absence of this field will default to the
  637. // API's version of NOW.
  638. google.protobuf.Timestamp read_time = 4;
  639. // Optional. A field mask to specify the Finding fields to be listed in the response.
  640. // An empty field mask will list all fields.
  641. google.protobuf.FieldMask field_mask = 5 [(google.api.field_behavior) = OPTIONAL];
  642. // The value returned by the last `ListFindingsResponse`; indicates
  643. // that this is a continuation of a prior `ListFindings` call, and
  644. // that the system should return the next page of data.
  645. string page_token = 6;
  646. // The maximum number of results to return in a single response. Default is
  647. // 10, minimum is 1, maximum is 1000.
  648. int32 page_size = 7;
  649. }
  650. // Response message for listing findings.
  651. message ListFindingsResponse {
  652. // Findings matching the list request.
  653. repeated Finding findings = 1;
  654. // Time used for executing the list request.
  655. google.protobuf.Timestamp read_time = 2;
  656. // Token to retrieve the next page of results, or empty if there are no more
  657. // results.
  658. string next_page_token = 3;
  659. // The total number of findings matching the query.
  660. int32 total_size = 4;
  661. }
  662. // Request message for updating a finding's state.
  663. message SetFindingStateRequest {
  664. // Required. The relative resource name of the finding. See:
  665. // https://cloud.google.com/apis/design/resource_names#relative_resource_name
  666. // Example:
  667. // "organizations/{organization_id}/sources/{source_id}/finding/{finding_id}".
  668. string name = 1 [
  669. (google.api.field_behavior) = REQUIRED,
  670. (google.api.resource_reference) = {
  671. type: "securitycenter.googleapis.com/Finding"
  672. }
  673. ];
  674. // Required. The desired State of the finding.
  675. Finding.State state = 2 [(google.api.field_behavior) = REQUIRED];
  676. // Required. The time at which the updated state takes effect.
  677. google.protobuf.Timestamp start_time = 3 [(google.api.field_behavior) = REQUIRED];
  678. }
  679. // Request message for running asset discovery for an organization.
  680. message RunAssetDiscoveryRequest {
  681. // Required. Name of the organization to run asset discovery for. Its format is
  682. // "organizations/[organization_id]".
  683. string parent = 1 [
  684. (google.api.field_behavior) = REQUIRED,
  685. (google.api.resource_reference) = {
  686. type: "cloudresourcemanager.googleapis.com/Organization"
  687. }
  688. ];
  689. }
  690. // Request message for updating or creating a finding.
  691. message UpdateFindingRequest {
  692. // Required. The finding resource to update or create if it does not already exist.
  693. // parent, security_marks, and update_time will be ignored.
  694. //
  695. // In the case of creation, the finding id portion of the name must
  696. // alphanumeric and less than or equal to 32 characters and greater than 0
  697. // characters in length.
  698. Finding finding = 1 [(google.api.field_behavior) = REQUIRED];
  699. // The FieldMask to use when updating the finding resource. This field should
  700. // not be specified when creating a finding.
  701. google.protobuf.FieldMask update_mask = 2;
  702. }
  703. // Request message for updating an organization's settings.
  704. message UpdateOrganizationSettingsRequest {
  705. // Required. The organization settings resource to update.
  706. OrganizationSettings organization_settings = 1 [(google.api.field_behavior) = REQUIRED];
  707. // The FieldMask to use when updating the settings resource.
  708. google.protobuf.FieldMask update_mask = 2;
  709. }
  710. // Request message for updating a source.
  711. message UpdateSourceRequest {
  712. // Required. The source resource to update.
  713. Source source = 1 [(google.api.field_behavior) = REQUIRED];
  714. // The FieldMask to use when updating the source resource.
  715. google.protobuf.FieldMask update_mask = 2;
  716. }
  717. // Request message for updating a SecurityMarks resource.
  718. message UpdateSecurityMarksRequest {
  719. // Required. The security marks resource to update.
  720. SecurityMarks security_marks = 1 [(google.api.field_behavior) = REQUIRED];
  721. // The FieldMask to use when updating the security marks resource.
  722. google.protobuf.FieldMask update_mask = 2;
  723. // The time at which the updated SecurityMarks take effect.
  724. google.protobuf.Timestamp start_time = 3;
  725. }