Module types (0.6.0)

API documentation for securitycenter_v1p1beta1.types module.

API documentation for securitycenter_v1p1beta1.types.Any class.

Security Command Center representation of a Google Cloud resource. The Asset is a Security Command Center resource that captures information about a single Google Cloud resource. All modifications to an Asset are only within the context of Security Command Center and don’t affect the referenced Google Cloud resource.

Security Command Center managed properties. These properties are managed by Security Command Center and cannot be modified by the user.

User specified security marks. These marks are entirely managed by the user and come from the SecurityMarks resource that belongs to the asset.

The time at which the asset was last updated, added, or deleted in Cloud SCC.

API documentation for securitycenter_v1p1beta1.types.AuditConfig class.

API documentation for securitycenter_v1p1beta1.types.AuditConfigDelta class.

API documentation for securitycenter_v1p1beta1.types.AuditLogConfig class.

API documentation for securitycenter_v1p1beta1.types.Binding class.

API documentation for securitycenter_v1p1beta1.types.BindingDelta class.

API documentation for securitycenter_v1p1beta1.types.CancelOperationRequest class.

Request message for creating a finding.

Required. Unique identifier provided by the client within the parent scope. It must be alphanumeric and less than or equal to 32 characters and greater than 0 characters in length.

Request message for creating a notification config.

Required. Unique identifier provided by the client within the parent scope. It must be between 1 and 128 characters, and contains alphanumeric characters, underscores or hyphens only.

Request message for creating a source.

Required. The Source being created, only the display_name and description will be used. All other fields will be ignored.

Request message for deleting a notification config.

API documentation for securitycenter_v1p1beta1.types.DeleteOperationRequest class.

API documentation for securitycenter_v1p1beta1.types.Duration class.

API documentation for securitycenter_v1p1beta1.types.Empty class.

API documentation for securitycenter_v1p1beta1.types.Expr class.

API documentation for securitycenter_v1p1beta1.types.FieldMask class.

Security Command Center finding. A finding is a record of assessment data (security, risk, health or privacy) ingested into Security Command Center for presentation, notification, analysis, policy testing, and enforcement. For example, an XSS vulnerability in an App Engine application is a finding.

The relative resource name of the source the finding belongs to. See: https://cloud.google.com/apis/design/resource_names#r elative_resource_name This field is immutable after creation time. For example: “organizations/{organization_id}/sources/{source_id}”

The state of the finding.

The URI that, if available, points to a web page outside of Security Command Center where additional information about the finding can be found. This field is guaranteed to be either empty or a well formed URL.

Output only. User specified security marks. These marks are entirely managed by the user and come from the SecurityMarks resource that belongs to the finding.

The time at which the finding was created in Security Command Center.

API documentation for securitycenter_v1p1beta1.types.GetIamPolicyRequest class.

Request message for getting a notification config.

API documentation for securitycenter_v1p1beta1.types.GetOperationRequest class.

Request message for getting organization settings.

API documentation for securitycenter_v1p1beta1.types.GetPolicyOptions class.

Request message for getting a source.

Request message for grouping by assets.

Expression that defines the filter to apply across assets. The expression is a list of zero or more restrictions combined via logical operators AND and OR. Parentheses are supported, and OR has higher precedence than AND. Restrictions have the form <field> <operator> <value> and may have a - character in front of them to indicate negation. The fields map to those defined in the Asset resource. Examples include: - name - security_center_properties.resource_name - resource_properties.a_property - security_marks.marks.marka The supported operators are: - = for all value types. - >, <, >=, <= for integer values. - :, meaning substring matching, for strings. The supported value types are: - string literals in quotes. - integer literals without quotes. - boolean literals true and false without quotes. The following field and operator combinations are supported: - name: = - update_time: =, >, <, >=, <= Usage: This should be milliseconds since epoch or an RFC3339 string. Examples: update_time = "2019-06-10T16:07:18-07:00" update_time = 1560208038000 - create_time: =, >, <, >=, <= Usage: This should be milliseconds since epoch or an RFC3339 string. Examples: create_time = "2019-06-10T16:07:18-07:00" create_time = 1560208038000 - iam_policy.policy_blob: =, : - resource_properties: =, :, >, <, >=, <= - security_marks.marks: =, : - security_center_properties.resource_name: =, : - security_center_properties.resource_name_display_name: =, : - security_center_properties.resource_type: =, : - security_center_properties.resource_parent: =, : - security_center_properties.resource_parent_display_name: =, : - security_center_properties.resource_project: =, : - security_center_properties.resource_project_display_name: =, : - security_center_properties.resource_owners: =, : For example, resource_properties.size = 100 is a valid filter string. Use a partial match on the empty string to filter based on a property existing: resource_properties.my_property : "" Use a negated partial match on the empty string to filter based on a property not existing: -resource_properties.my_property : ""

When compare_duration is set, the GroupResult’s “state_change” property is updated to indicate whether the asset was added, removed, or remained present during the compare_duration period of time that precedes the read_time. This is the time between (read_time - compare_duration) and read_time. The state change value is derived based on the presence of the asset at the two points in time. Intermediate state changes between the two times don’t affect the result. For example, the results aren’t affected if the asset is removed and re- created again. Possible “state_change” values when compare_duration is specified: - “ADDED”: indicates that the asset was not present at the start of compare_duration, but present at reference_time. - “REMOVED”: indicates that the asset was present at the start of compare_duration, but not present at reference_time. - “ACTIVE”: indicates that the asset was present at both the start and the end of the time period defined by compare_duration and reference_time. If compare_duration is not specified, then the only possible state_change is “UNUSED”, which will be the state_change set for all assets present at read_time. If this field is set then state_change must be a specified field in group_by.

The value returned by the last GroupAssetsResponse; indicates that this is a continuation of a prior GroupAssets call, and that the system should return the next page of data.

Response message for grouping by assets.

Time used for executing the groupBy request.

The total number of results matching the query.

Request message for grouping by findings.

Expression that defines the filter to apply across findings. The expression is a list of one or more restrictions combined via logical operators AND and OR. Parentheses are supported, and OR has higher precedence than AND. Restrictions have the form <field> <operator> <value> and may have a - character in front of them to indicate negation. Examples include: - name - source_properties.a_property - security_marks.marks.marka The supported operators are: - = for all value types. - >, <, >=, <= for integer values. - :, meaning substring matching, for strings. The supported value types are: - string literals in quotes. - integer literals without quotes. - boolean literals true and false without quotes. The following field and operator combinations are supported: - name: = - parent: =, : - resource_name: =, : - state: =, : - category: =, : - external_uri: =, : - event_time: =, >, <, >=, <= Usage: This should be milliseconds since epoch or an RFC3339 string. Examples: event_time = "2019-06-10T16:07:18-07:00" event_time = 1560208038000 - security_marks.marks: =, : - source_properties: =, :, >, <, >=, <= For example, source_properties.size = 100 is a valid filter string. Use a partial match on the empty string to filter based on a property existing: source_properties.my_property : "" Use a negated partial match on the empty string to filter based on a property not existing: -source_properties.my_property : ""

Time used as a reference point when filtering findings. The filter is limited to findings existing at the supplied time and their values are those at that specific time. Absence of this field will default to the API’s version of NOW.

The value returned by the last GroupFindingsResponse; indicates that this is a continuation of a prior GroupFindings call, and that the system should return the next page of data.

Response message for group by findings.

Time used for executing the groupBy request.

The total number of results matching the query.

Result containing the properties and count of a groupBy request.

Total count of resources for the given properties.

Request message for listing assets.

Expression that defines the filter to apply across assets. The expression is a list of zero or more restrictions combined via logical operators AND and OR. Parentheses are supported, and OR has higher precedence than AND. Restrictions have the form <field> <operator> <value> and may have a - character in front of them to indicate negation. The fields map to those defined in the Asset resource. Examples include: - name - security_center_properties.resource_name - resource_properties.a_property - security_marks.marks.marka The supported operators are: - = for all value types. - >, <, >=, <= for integer values. - :, meaning substring matching, for strings. The supported value types are: - string literals in quotes. - integer literals without quotes. - boolean literals true and false without quotes. The following are the allowed field and operator combinations: - name: = - update_time: =, >, <, >=, <= Usage: This should be milliseconds since epoch or an RFC3339 string. Examples: update_time = "2019-06-10T16:07:18-07:00" update_time = 1560208038000 - create_time: =, >, <, >=, <= Usage: This should be milliseconds since epoch or an RFC3339 string. Examples: create_time = "2019-06-10T16:07:18-07:00" create_time = 1560208038000 - iam_policy.policy_blob: =, : - resource_properties: =, :, >, <, >=, <= - security_marks.marks: =, : - security_center_properties.resource_name: =, : - security_center_properties.resource_display_name: =, :

• security_center_properties.resource_type: =, : - security_center_properties.resource_parent: =, : - security_center_properties.resource_parent_display_name: =, : - security_center_properties.resource_project: =, : - security_center_properties.resource_project_display_name: =, : - security_center_properties.resource_owners: =, : For example, resource_properties.size = 100 is a valid filter string. Use a partial match on the empty string to filter based on a property existing: resource_properties.my_property : "" Use a negated partial match on the empty string to filter based on a property not existing: -resource_properties.my_property : ""

  Time used as a reference point when filtering assets. The filter is limited to assets existing at the supplied time and their values are those at that specific time. Absence of this field will default to the API’s version of NOW.

  Optional. A field mask to specify the ListAssetsResult fields to be listed in the response. An empty field mask will list all fields.

  The maximum number of results to return in a single response. Default is 10, minimum is 1, maximum is 1000.

Response message for listing assets.

Time used for executing the list request.

The total number of assets matching the query.

Request message for listing findings.

Expression that defines the filter to apply across findings. The expression is a list of one or more restrictions combined via logical operators AND and OR. Parentheses are supported, and OR has higher precedence than AND. Restrictions have the form <field> <operator> <value> and may have a - character in front of them to indicate negation. Examples include: - name - source_properties.a_property - security_marks.marks.marka The supported operators are: - = for all value types. - >, <, >=, <= for integer values. - :, meaning substring matching, for strings. The supported value types are: - string literals in quotes. - integer literals without quotes. - boolean literals true and false without quotes. The following field and operator combinations are supported: name: = parent: =, : resource_name: =, : state: =, : category: =, : external_uri: =, : event_time: =, >, <, >=, <= Usage: This should be milliseconds since epoch or an RFC3339 string. Examples: event_time = "2019-06-10T16:07:18-07:00" event_time = 1560208038000 security_marks.marks: =, : source_properties: =, :, >, <, >=, <= For example, source_properties.size = 100 is a valid filter string. Use a partial match on the empty string to filter based on a property existing: source_properties.my_property : "" Use a negated partial match on the empty string to filter based on a property not existing: -source_properties.my_property : ""

Time used as a reference point when filtering findings. The filter is limited to findings existing at the supplied time and their values are those at that specific time. Absence of this field will default to the API’s version of NOW.

Optional. A field mask to specify the Finding fields to be listed in the response. An empty field mask will list all fields.

The maximum number of results to return in a single response. Default is 10, minimum is 1, maximum is 1000.

Response message for listing findings.

Time used for executing the list request.

The total number of findings matching the query.

Request message for listing notification configs.

The value returned by the last ListNotificationConfigsResponse; indicates that this is a continuation of a prior ListNotificationConfigs call, and that the system should return the next page of data.

Response message for listing notification configs.

Token to retrieve the next page of results, or empty if there are no more results.

API documentation for securitycenter_v1p1beta1.types.ListOperationsRequest class.

API documentation for securitycenter_v1p1beta1.types.ListOperationsResponse class.

Request message for listing sources.

The value returned by the last ListSourcesResponse; indicates that this is a continuation of a prior ListSources call, and that the system should return the next page of data.

Response message for listing sources.

Token to retrieve the next page of results, or empty if there are no more results.

API documentation for securitycenter_v1p1beta1.types.ListValue class.

Security Command Center notification configs. A notification config is a Security Command Center resource that contains the configuration to send notifications for create/update events of findings, assets and etc.

The description of the notification config (max of 1024 characters).

The Pub/Sub topic to send notifications to. Its format is “projects/[project_id]/topics/[topic]”.

The config for triggering notifications.

Security Command Center’s Notification

Notification Event.

The Cloud resource tied to the notification.

API documentation for securitycenter_v1p1beta1.types.Operation class.

API documentation for securitycenter_v1p1beta1.types.OperationInfo class.

User specified settings that are attached to the Security Command Center organization.

A flag that indicates if Asset Discovery should be enabled. If the flag is set to true, then discovery of assets will occur. If it is set to `false, all historical assets will remain, but discovery of future assets will not occur.

API documentation for securitycenter_v1p1beta1.types.Policy class.

API documentation for securitycenter_v1p1beta1.types.PolicyDelta class.

Information related to the Google Cloud resource.

The full resource name of project that the resource belongs to.

The full resource name of resource’s parent.

Request message for running asset discovery for an organization.

Response of asset discovery run

The duration between asset discovery run start and end

User specified security marks that are attached to the parent Security Command Center resource. Security marks are scoped within a Security Command Center organization – they can be modified and viewed by all users who have proper permissions on the organization.

Mutable user specified security marks belonging to the parent resource. Constraints are as follows: - Keys and values are treated as case insensitive - Keys must be between 1 - 256 characters (inclusive) - Keys must be letters, numbers, underscores, or dashes - Values have leading and trailing whitespace trimmed, remaining characters must be between 1

• 4096 characters (inclusive)

Request message for updating a finding’s state.

Required. The desired State of the finding.

API documentation for securitycenter_v1p1beta1.types.SetIamPolicyRequest class.

Security Command Center finding source. A finding source is an entity or a mechanism that can produce a finding. A source is like a container of findings that come from the same scanner, logger, monitor, etc.

The source’s display name. A source’s display name must be unique amongst its siblings, for example, two sources with the same parent can’t share the same display name. The display name must have a length between 1 and 64 characters (inclusive).

API documentation for securitycenter_v1p1beta1.types.Status class.

API documentation for securitycenter_v1p1beta1.types.Struct class.

API documentation for securitycenter_v1p1beta1.types.TestIamPermissionsRequest class.

API documentation for securitycenter_v1p1beta1.types.TestIamPermissionsResponse class.

API documentation for securitycenter_v1p1beta1.types.Timestamp class.

Request message for updating or creating a finding.

The FieldMask to use when updating the finding resource. This field should not be specified when creating a finding. When updating a finding, an empty mask is treated as updating all mutable fields and replacing source_properties. Individual source_properties can be added/updated by using “source_properties.” in the field mask.

Request message for updating a notification config.

The FieldMask to use when updating the notification config. If empty all mutable fields will be updated.

Request message for updating an organization’s settings.

The FieldMask to use when updating the settings resource. If empty all mutable fields will be updated.

Request message for updating a SecurityMarks resource.

The FieldMask to use when updating the security marks resource. The field mask must not contain duplicate fields. If empty or set to “marks”, all marks will be replaced. Individual marks can be updated using “marks.”.

Request message for updating a source.

The FieldMask to use when updating the source resource. If empty all mutable fields will be updated.

API documentation for securitycenter_v1p1beta1.types.Value class.

API documentation for securitycenter_v1p1beta1.types.WaitOperationRequest class.