Google Cloud Security Command Center V1 Client - Class Finding (1.15.1)

Reference documentation and code samples for the Google Cloud Security Command Center V1 Client class Finding.

Security Command Center finding.

A finding is a record of assessment data like security, risk, health, or privacy, that is ingested into Security Command Center for presentation, notification, analysis, policy testing, and enforcement. For example, a cross-site scripting (XSS) vulnerability in an App Engine application is a finding.

Generated from protobuf message google.cloud.securitycenter.v1.Finding

Methods

__construct

Constructor.

Parameters
NameDescription
data array

Optional. Data for populating the Message object.

↳ name string

The relative resource name of the finding. Example: "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}", "folders/{folder_id}/sources/{source_id}/findings/{finding_id}", "projects/{project_id}/sources/{source_id}/findings/{finding_id}".

↳ parent string

The relative resource name of the source the finding belongs to. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name This field is immutable after creation time. For example: "organizations/{organization_id}/sources/{source_id}"

↳ resource_name string

For findings on Google Cloud resources, the full resource name of the Google Cloud resource this finding is for. See: https://cloud.google.com/apis/design/resource_names#full_resource_name When the finding is for a non-Google Cloud resource, the resourceName can be a customer or partner defined string. This field is immutable after creation time.

↳ state int

The state of the finding.

↳ category string

The additional taxonomy group within findings from a given source. This field is immutable after creation time. Example: "XSS_FLASH_INJECTION"

↳ external_uri string

The URI that, if available, points to a web page outside of Security Command Center where additional information about the finding can be found. This field is guaranteed to be either empty or a well formed URL.

↳ source_properties array|Google\Protobuf\Internal\MapField

Source specific properties. These properties are managed by the source that writes the finding. The key names in the source_properties map must be between 1 and 255 characters, and must start with a letter and contain alphanumeric characters or underscores only.

↳ security_marks Google\Cloud\SecurityCenter\V1\SecurityMarks

Output only. User specified security marks. These marks are entirely managed by the user and come from the SecurityMarks resource that belongs to the finding.

↳ event_time Google\Protobuf\Timestamp

The time the finding was first detected. If an existing finding is updated, then this is the time the update occurred. For example, if the finding represents an open firewall, this property captures the time the detector believes the firewall became open. The accuracy is determined by the detector. If the finding is later resolved, then this time reflects when the finding was resolved. This must not be set to a value greater than the current timestamp.

↳ create_time Google\Protobuf\Timestamp

The time at which the finding was created in Security Command Center.

↳ severity int

The severity of the finding. This field is managed by the source that writes the finding.

↳ canonical_name string

The canonical name of the finding. It's either "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}", "folders/{folder_id}/sources/{source_id}/findings/{finding_id}" or "projects/{project_number}/sources/{source_id}/findings/{finding_id}", depending on the closest CRM ancestor of the resource associated with the finding.

↳ mute int

Indicates the mute state of a finding (either muted, unmuted or undefined). Unlike other attributes of a finding, a finding provider shouldn't set the value of mute.

↳ finding_class int

The class of the finding.

↳ indicator Google\Cloud\SecurityCenter\V1\Indicator

Represents what's commonly known as an indicator of compromise (IoC) in computer forensics. This is an artifact observed on a network or in an operating system that, with high confidence, indicates a computer intrusion. For more information, see Indicator of compromise.

↳ vulnerability Google\Cloud\SecurityCenter\V1\Vulnerability

Represents vulnerability-specific fields like CVE and CVSS scores. CVE stands for Common Vulnerabilities and Exposures (https://cve.mitre.org/about/)

↳ mute_update_time Google\Protobuf\Timestamp

Output only. The most recent time this finding was muted or unmuted.

↳ external_systems array|Google\Protobuf\Internal\MapField

Output only. Third party SIEM/SOAR fields within SCC, contains external system information and external system finding fields.

↳ mitre_attack Google\Cloud\SecurityCenter\V1\MitreAttack

MITRE ATT&CK tactics and techniques related to this finding. See: https://attack.mitre.org

↳ access Google\Cloud\SecurityCenter\V1\Access

Access details associated with the finding, such as more information on the caller, which method was accessed, and from where.

↳ connections array<Google\Cloud\SecurityCenter\V1\Connection>

Contains information about the IP connection associated with the finding.

↳ mute_initiator string

Records additional information about the mute operation, for example, the mute configuration that muted the finding and the user who muted the finding.

↳ processes array<Google\Cloud\SecurityCenter\V1\Process>

Represents operating system processes associated with the Finding.

↳ contacts array|Google\Protobuf\Internal\MapField

Output only. Map containing the points of contact for the given finding. The key represents the type of contact, while the value contains a list of all the contacts that pertain. Please refer to: https://cloud.google.com/resource-manager/docs/managing-notification-contacts#notification-categories { "security": { "contacts": [ { "email": "person1@company.com" }, { "email": "person2@company.com" } ] } }

↳ compliances array<Google\Cloud\SecurityCenter\V1\Compliance>

Contains compliance information for security standards associated to the finding.

↳ parent_display_name string

Output only. The human readable display name of the finding source such as "Event Threat Detection" or "Security Health Analytics".

↳ description string

Contains more details about the finding.

↳ exfiltration Google\Cloud\SecurityCenter\V1\Exfiltration

Represents exfiltrations associated with the finding.

↳ iam_bindings array<Google\Cloud\SecurityCenter\V1\IamBinding>

Represents IAM bindings associated with the finding.

↳ next_steps string

Steps to address the finding.

↳ module_name string

Unique identifier of the module which generated the finding. Example: folders/598186756061/securityHealthAnalyticsSettings/customModules/56799441161885

↳ containers array<Google\Cloud\SecurityCenter\V1\Container>

Containers associated with the finding. This field provides information for both Kubernetes and non-Kubernetes containers.

↳ kubernetes Google\Cloud\SecurityCenter\V1\Kubernetes

Kubernetes resources associated with the finding.

↳ database Google\Cloud\SecurityCenter\V1\Database

Database associated with the finding.

↳ files array<Google\Cloud\SecurityCenter\V1\File>

File associated with the finding.

↳ cloud_dlp_inspection Google\Cloud\SecurityCenter\V1\CloudDlpInspection

Cloud Data Loss Prevention (Cloud DLP) inspection results that are associated with the finding.

↳ cloud_dlp_data_profile Google\Cloud\SecurityCenter\V1\CloudDlpDataProfile

Cloud DLP data profile that is associated with the finding.

↳ kernel_rootkit Google\Cloud\SecurityCenter\V1\KernelRootkit

Signature of the kernel rootkit.

getName

The relative resource name of the finding. Example: "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}", "folders/{folder_id}/sources/{source_id}/findings/{finding_id}", "projects/{project_id}/sources/{source_id}/findings/{finding_id}".

Returns
TypeDescription
string

setName

The relative resource name of the finding. Example: "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}", "folders/{folder_id}/sources/{source_id}/findings/{finding_id}", "projects/{project_id}/sources/{source_id}/findings/{finding_id}".

Parameter
NameDescription
var string
Returns
TypeDescription
$this

getParent

The relative resource name of the source the finding belongs to. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name This field is immutable after creation time.

For example: "organizations/{organization_id}/sources/{source_id}"

Returns
TypeDescription
string

setParent

The relative resource name of the source the finding belongs to. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name This field is immutable after creation time.

For example: "organizations/{organization_id}/sources/{source_id}"

Parameter
NameDescription
var string
Returns
TypeDescription
$this

getResourceName

For findings on Google Cloud resources, the full resource name of the Google Cloud resource this finding is for. See: https://cloud.google.com/apis/design/resource_names#full_resource_name When the finding is for a non-Google Cloud resource, the resourceName can be a customer or partner defined string. This field is immutable after creation time.

Returns
TypeDescription
string

setResourceName

For findings on Google Cloud resources, the full resource name of the Google Cloud resource this finding is for. See: https://cloud.google.com/apis/design/resource_names#full_resource_name When the finding is for a non-Google Cloud resource, the resourceName can be a customer or partner defined string. This field is immutable after creation time.

Parameter
NameDescription
var string
Returns
TypeDescription
$this

getState

The state of the finding.

Returns
TypeDescription
int

setState

The state of the finding.

Parameter
NameDescription
var int
Returns
TypeDescription
$this

getCategory

The additional taxonomy group within findings from a given source.

This field is immutable after creation time. Example: "XSS_FLASH_INJECTION"

Returns
TypeDescription
string

setCategory

The additional taxonomy group within findings from a given source.

This field is immutable after creation time. Example: "XSS_FLASH_INJECTION"

Parameter
NameDescription
var string
Returns
TypeDescription
$this

getExternalUri

The URI that, if available, points to a web page outside of Security Command Center where additional information about the finding can be found.

This field is guaranteed to be either empty or a well formed URL.

Returns
TypeDescription
string

setExternalUri

The URI that, if available, points to a web page outside of Security Command Center where additional information about the finding can be found.

This field is guaranteed to be either empty or a well formed URL.

Parameter
NameDescription
var string
Returns
TypeDescription
$this

getSourceProperties

Source specific properties. These properties are managed by the source that writes the finding. The key names in the source_properties map must be between 1 and 255 characters, and must start with a letter and contain alphanumeric characters or underscores only.

Returns
TypeDescription
Google\Protobuf\Internal\MapField

setSourceProperties

Source specific properties. These properties are managed by the source that writes the finding. The key names in the source_properties map must be between 1 and 255 characters, and must start with a letter and contain alphanumeric characters or underscores only.

Parameter
NameDescription
var array|Google\Protobuf\Internal\MapField
Returns
TypeDescription
$this

getSecurityMarks

Output only. User specified security marks. These marks are entirely managed by the user and come from the SecurityMarks resource that belongs to the finding.

Returns
TypeDescription
Google\Cloud\SecurityCenter\V1\SecurityMarks|null

hasSecurityMarks

clearSecurityMarks

setSecurityMarks

Output only. User specified security marks. These marks are entirely managed by the user and come from the SecurityMarks resource that belongs to the finding.

Parameter
NameDescription
var Google\Cloud\SecurityCenter\V1\SecurityMarks
Returns
TypeDescription
$this

getEventTime

The time the finding was first detected. If an existing finding is updated, then this is the time the update occurred.

For example, if the finding represents an open firewall, this property captures the time the detector believes the firewall became open. The accuracy is determined by the detector. If the finding is later resolved, then this time reflects when the finding was resolved. This must not be set to a value greater than the current timestamp.

Returns
TypeDescription
Google\Protobuf\Timestamp|null

hasEventTime

clearEventTime

setEventTime

The time the finding was first detected. If an existing finding is updated, then this is the time the update occurred.

For example, if the finding represents an open firewall, this property captures the time the detector believes the firewall became open. The accuracy is determined by the detector. If the finding is later resolved, then this time reflects when the finding was resolved. This must not be set to a value greater than the current timestamp.

Parameter
NameDescription
var Google\Protobuf\Timestamp
Returns
TypeDescription
$this

getCreateTime

The time at which the finding was created in Security Command Center.

Returns
TypeDescription
Google\Protobuf\Timestamp|null

hasCreateTime

clearCreateTime

setCreateTime

The time at which the finding was created in Security Command Center.

Parameter
NameDescription
var Google\Protobuf\Timestamp
Returns
TypeDescription
$this

getSeverity

The severity of the finding. This field is managed by the source that writes the finding.

Returns
TypeDescription
int

setSeverity

The severity of the finding. This field is managed by the source that writes the finding.

Parameter
NameDescription
var int
Returns
TypeDescription
$this

getCanonicalName

The canonical name of the finding. It's either "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}", "folders/{folder_id}/sources/{source_id}/findings/{finding_id}" or "projects/{project_number}/sources/{source_id}/findings/{finding_id}", depending on the closest CRM ancestor of the resource associated with the finding.

Returns
TypeDescription
string

setCanonicalName

The canonical name of the finding. It's either "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}", "folders/{folder_id}/sources/{source_id}/findings/{finding_id}" or "projects/{project_number}/sources/{source_id}/findings/{finding_id}", depending on the closest CRM ancestor of the resource associated with the finding.

Parameter
NameDescription
var string
Returns
TypeDescription
$this

getMute

Indicates the mute state of a finding (either muted, unmuted or undefined). Unlike other attributes of a finding, a finding provider shouldn't set the value of mute.

Returns
TypeDescription
int

setMute

Indicates the mute state of a finding (either muted, unmuted or undefined). Unlike other attributes of a finding, a finding provider shouldn't set the value of mute.

Parameter
NameDescription
var int
Returns
TypeDescription
$this

getFindingClass

The class of the finding.

Returns
TypeDescription
int

setFindingClass

The class of the finding.

Parameter
NameDescription
var int
Returns
TypeDescription
$this

getIndicator

Represents what's commonly known as an indicator of compromise (IoC) in computer forensics. This is an artifact observed on a network or in an operating system that, with high confidence, indicates a computer intrusion. For more information, see Indicator of compromise.

Returns
TypeDescription
Google\Cloud\SecurityCenter\V1\Indicator|null

hasIndicator

clearIndicator

setIndicator

Represents what's commonly known as an indicator of compromise (IoC) in computer forensics. This is an artifact observed on a network or in an operating system that, with high confidence, indicates a computer intrusion. For more information, see Indicator of compromise.

Parameter
NameDescription
var Google\Cloud\SecurityCenter\V1\Indicator
Returns
TypeDescription
$this

getVulnerability

Represents vulnerability-specific fields like CVE and CVSS scores.

CVE stands for Common Vulnerabilities and Exposures (https://cve.mitre.org/about/)

Returns
TypeDescription
Google\Cloud\SecurityCenter\V1\Vulnerability|null

hasVulnerability

clearVulnerability

setVulnerability

Represents vulnerability-specific fields like CVE and CVSS scores.

CVE stands for Common Vulnerabilities and Exposures (https://cve.mitre.org/about/)

Parameter
NameDescription
var Google\Cloud\SecurityCenter\V1\Vulnerability
Returns
TypeDescription
$this

getMuteUpdateTime

Output only. The most recent time this finding was muted or unmuted.

Returns
TypeDescription
Google\Protobuf\Timestamp|null

hasMuteUpdateTime

clearMuteUpdateTime

setMuteUpdateTime

Output only. The most recent time this finding was muted or unmuted.

Parameter
NameDescription
var Google\Protobuf\Timestamp
Returns
TypeDescription
$this

getExternalSystems

Output only. Third party SIEM/SOAR fields within SCC, contains external system information and external system finding fields.

Returns
TypeDescription
Google\Protobuf\Internal\MapField

setExternalSystems

Output only. Third party SIEM/SOAR fields within SCC, contains external system information and external system finding fields.

Parameter
NameDescription
var array|Google\Protobuf\Internal\MapField
Returns
TypeDescription
$this

getMitreAttack

MITRE ATT&CK tactics and techniques related to this finding.

See: https://attack.mitre.org

Returns
TypeDescription
Google\Cloud\SecurityCenter\V1\MitreAttack|null

hasMitreAttack

clearMitreAttack

setMitreAttack

MITRE ATT&CK tactics and techniques related to this finding.

See: https://attack.mitre.org

Parameter
NameDescription
var Google\Cloud\SecurityCenter\V1\MitreAttack
Returns
TypeDescription
$this

getAccess

Access details associated with the finding, such as more information on the caller, which method was accessed, and from where.

Returns
TypeDescription
Google\Cloud\SecurityCenter\V1\Access|null

hasAccess

clearAccess

setAccess

Access details associated with the finding, such as more information on the caller, which method was accessed, and from where.

Parameter
NameDescription
var Google\Cloud\SecurityCenter\V1\Access
Returns
TypeDescription
$this

getConnections

Contains information about the IP connection associated with the finding.

Returns
TypeDescription
Google\Protobuf\Internal\RepeatedField

setConnections

Contains information about the IP connection associated with the finding.

Parameter
NameDescription
var array<Google\Cloud\SecurityCenter\V1\Connection>
Returns
TypeDescription
$this

getMuteInitiator

Records additional information about the mute operation, for example, the mute configuration that muted the finding and the user who muted the finding.

Returns
TypeDescription
string

setMuteInitiator

Records additional information about the mute operation, for example, the mute configuration that muted the finding and the user who muted the finding.

Parameter
NameDescription
var string
Returns
TypeDescription
$this

getProcesses

Represents operating system processes associated with the Finding.

Returns
TypeDescription
Google\Protobuf\Internal\RepeatedField

setProcesses

Represents operating system processes associated with the Finding.

Parameter
NameDescription
var array<Google\Cloud\SecurityCenter\V1\Process>
Returns
TypeDescription
$this

getContacts

Output only. Map containing the points of contact for the given finding.

The key represents the type of contact, while the value contains a list of all the contacts that pertain. Please refer to: https://cloud.google.com/resource-manager/docs/managing-notification-contacts#notification-categories { "security": { "contacts": [ { "email": "person1@company.com" }, { "email": "person2@company.com" } ] } }

Returns
TypeDescription
Google\Protobuf\Internal\MapField

setContacts

Output only. Map containing the points of contact for the given finding.

The key represents the type of contact, while the value contains a list of all the contacts that pertain. Please refer to: https://cloud.google.com/resource-manager/docs/managing-notification-contacts#notification-categories { "security": { "contacts": [ { "email": "person1@company.com" }, { "email": "person2@company.com" } ] } }

Parameter
NameDescription
var array|Google\Protobuf\Internal\MapField
Returns
TypeDescription
$this

getCompliances

Contains compliance information for security standards associated to the finding.

Returns
TypeDescription
Google\Protobuf\Internal\RepeatedField

setCompliances

Contains compliance information for security standards associated to the finding.

Parameter
NameDescription
var array<Google\Cloud\SecurityCenter\V1\Compliance>
Returns
TypeDescription
$this

getParentDisplayName

Output only. The human readable display name of the finding source such as "Event Threat Detection" or "Security Health Analytics".

Returns
TypeDescription
string

setParentDisplayName

Output only. The human readable display name of the finding source such as "Event Threat Detection" or "Security Health Analytics".

Parameter
NameDescription
var string
Returns
TypeDescription
$this

getDescription

Contains more details about the finding.

Returns
TypeDescription
string

setDescription

Contains more details about the finding.

Parameter
NameDescription
var string
Returns
TypeDescription
$this

getExfiltration

Represents exfiltrations associated with the finding.

Returns
TypeDescription
Google\Cloud\SecurityCenter\V1\Exfiltration|null

hasExfiltration

clearExfiltration

setExfiltration

Represents exfiltrations associated with the finding.

Parameter
NameDescription
var Google\Cloud\SecurityCenter\V1\Exfiltration
Returns
TypeDescription
$this

getIamBindings

Represents IAM bindings associated with the finding.

Returns
TypeDescription
Google\Protobuf\Internal\RepeatedField

setIamBindings

Represents IAM bindings associated with the finding.

Parameter
NameDescription
var array<Google\Cloud\SecurityCenter\V1\IamBinding>
Returns
TypeDescription
$this

getNextSteps

Steps to address the finding.

Returns
TypeDescription
string

setNextSteps

Steps to address the finding.

Parameter
NameDescription
var string
Returns
TypeDescription
$this

getModuleName

Unique identifier of the module which generated the finding.

Example: folders/598186756061/securityHealthAnalyticsSettings/customModules/56799441161885

Returns
TypeDescription
string

setModuleName

Unique identifier of the module which generated the finding.

Example: folders/598186756061/securityHealthAnalyticsSettings/customModules/56799441161885

Parameter
NameDescription
var string
Returns
TypeDescription
$this

getContainers

Containers associated with the finding. This field provides information for both Kubernetes and non-Kubernetes containers.

Returns
TypeDescription
Google\Protobuf\Internal\RepeatedField

setContainers

Containers associated with the finding. This field provides information for both Kubernetes and non-Kubernetes containers.

Parameter
NameDescription
var array<Google\Cloud\SecurityCenter\V1\Container>
Returns
TypeDescription
$this

getKubernetes

Kubernetes resources associated with the finding.

Returns
TypeDescription
Google\Cloud\SecurityCenter\V1\Kubernetes|null

hasKubernetes

clearKubernetes

setKubernetes

Kubernetes resources associated with the finding.

Parameter
NameDescription
var Google\Cloud\SecurityCenter\V1\Kubernetes
Returns
TypeDescription
$this

getDatabase

Database associated with the finding.

Returns
TypeDescription
Google\Cloud\SecurityCenter\V1\Database|null

hasDatabase

clearDatabase

setDatabase

Database associated with the finding.

Parameter
NameDescription
var Google\Cloud\SecurityCenter\V1\Database
Returns
TypeDescription
$this

getFiles

File associated with the finding.

Returns
TypeDescription
Google\Protobuf\Internal\RepeatedField

setFiles

File associated with the finding.

Parameter
NameDescription
var array<Google\Cloud\SecurityCenter\V1\File>
Returns
TypeDescription
$this

getCloudDlpInspection

Cloud Data Loss Prevention (Cloud DLP) inspection results that are associated with the finding.

Returns
TypeDescription
Google\Cloud\SecurityCenter\V1\CloudDlpInspection|null

hasCloudDlpInspection

clearCloudDlpInspection

setCloudDlpInspection

Cloud Data Loss Prevention (Cloud DLP) inspection results that are associated with the finding.

Parameter
NameDescription
var Google\Cloud\SecurityCenter\V1\CloudDlpInspection
Returns
TypeDescription
$this

getCloudDlpDataProfile

Cloud DLP data profile that is associated with the finding.

Returns
TypeDescription
Google\Cloud\SecurityCenter\V1\CloudDlpDataProfile|null

hasCloudDlpDataProfile

clearCloudDlpDataProfile

setCloudDlpDataProfile

Cloud DLP data profile that is associated with the finding.

Parameter
NameDescription
var Google\Cloud\SecurityCenter\V1\CloudDlpDataProfile
Returns
TypeDescription
$this

getKernelRootkit

Signature of the kernel rootkit.

Returns
TypeDescription
Google\Cloud\SecurityCenter\V1\KernelRootkit|null

hasKernelRootkit

clearKernelRootkit

setKernelRootkit

Signature of the kernel rootkit.

Parameter
NameDescription
var Google\Cloud\SecurityCenter\V1\KernelRootkit
Returns
TypeDescription
$this