SimulatedFinding(mapping=None, *, ignore_unknown_fields=False, **kwargs)The minimum set of fields needed to represent a simulated finding from a Security Health Analytics custom module.
Attributes |
|
|---|---|
| Name | Description |
name |
str
Identifier. The `relative resource name |
parent |
str
The relative resource name __
of the source the finding belongs to. For example,
organizations/{organization_id}/sources/{source_id}.
This field is immutable after creation time.
|
resource_name |
str
For findings on Google Cloud resources, the `full resource name |
category |
str
The additional taxonomy group within findings from a given source. For example, XSS_FLASH_INJECTION. This field is
immutable after creation time.
|
state |
google.cloud.securitycentermanagement_v1.types.SimulatedFinding.State
Output only. The state of the finding. |
source_properties |
MutableMapping[str, google.protobuf.struct_pb2.Value]
Source-specific properties. These properties are managed by the source that writes the finding. The key names must be between 1 and 255 characters; they must start with a letter and contain alphanumeric characters or underscores only. |
event_time |
google.protobuf.timestamp_pb2.Timestamp
The time the finding was first detected. If an existing finding is updated, then this is the time the update occurred. If the finding is later resolved, then this time reflects when the finding was resolved. For example, if the finding represents an open firewall, this property captures the time the detector believes the firewall became open. The accuracy is determined by the detector. The event time must not be set to a value greater than the current timestamp. |
severity |
google.cloud.securitycentermanagement_v1.types.SimulatedFinding.Severity
The severity of the finding. This field is managed by the source that writes the finding. |
finding_class |
google.cloud.securitycentermanagement_v1.types.SimulatedFinding.FindingClass
The class of the finding. |
Classes
FindingClass
FindingClass(value)Represents what kind of finding it is.
Severity
Severity(value)The severity of the finding.
For threats: Indicates a threat that is able to
access, modify, or delete data or execute
unauthorized code within existing resources.
HIGH (2):
For vulnerabilities: A high-risk
vulnerability can be easily discovered and
exploited in combination with other
vulnerabilities in order to gain direct access
and the ability to execute arbitrary code,
exfiltrate data, and otherwise gain additional
access and privileges to cloud resources and
workloads. An example is a database with weak or
no passwords that is only accessible internally.
This database could easily be compromised by an
actor that had access to the internal network.
For threats: Indicates a threat that is able to
create new computational resources in an
environment but not able to access data or
execute code in existing resources.
MEDIUM (3):
For vulnerabilities: A medium-risk
vulnerability could be used by an actor to gain
access to resources or privileges that enable
them to eventually (through multiple steps or a
complex exploit) gain access and the ability to
execute arbitrary code or exfiltrate data. An
example is a service account with access to more
projects than it should have. If an actor gains
access to the service account, they could
potentially use that access to manipulate a
project the service account was not intended to.
For threats: Indicates a threat that is able to
cause operational impact but may not access data
or execute unauthorized code.
LOW (4):
For vulnerabilities: A low-risk vulnerability
hampers a security organization's ability to
detect vulnerabilities or active threats in
their deployment, or prevents the root cause
investigation of security issues. An example is
monitoring and logs being disabled for resource
configurations and access.
For threats: Indicates a threat that has
obtained minimal access to an environment but is
not able to access data, execute code, or create
resources.
SourcePropertiesEntry
SourcePropertiesEntry(mapping=None, *, ignore_unknown_fields=False, **kwargs)The abstract base class for a message.
| Parameters | |
|---|---|
| Name | Description |
kwargs |
dict
Keys and values corresponding to the fields of the message. |
mapping |
Union[dict,
A dictionary or message to be used to determine the values for this message. |
ignore_unknown_fields |
Optional(bool)
If True, do not raise errors for unknown fields. Only applied if |
State
State(value)The state of the finding.