Security Command Center finding.
A finding is a record of assessment data like security, risk, health, or privacy, that is ingested into Security Command Center for presentation, notification, analysis, policy testing, and enforcement. For example, a cross-site scripting (XSS) vulnerability in an App Engine application is a finding.
Inherits
- Object
Extended By
- Google::Protobuf::MessageExts::ClassMethods
Includes
- Google::Protobuf::MessageExts
Methods
#access
def access() -> ::Google::Cloud::SecurityCenter::V1::Access
Returns
- (::Google::Cloud::SecurityCenter::V1::Access) — Access details associated to the Finding, such as more information on the caller, which method was accessed, from where, etc.
#access=
def access=(value) -> ::Google::Cloud::SecurityCenter::V1::Access
Parameter
- value (::Google::Cloud::SecurityCenter::V1::Access) — Access details associated to the Finding, such as more information on the caller, which method was accessed, from where, etc.
Returns
- (::Google::Cloud::SecurityCenter::V1::Access) — Access details associated to the Finding, such as more information on the caller, which method was accessed, from where, etc.
#canonical_name
def canonical_name() -> ::String
Returns
- (::String) — The canonical name of the finding. It's either "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}", "folders/{folder_id}/sources/{source_id}/findings/{finding_id}" or "projects/{project_number}/sources/{source_id}/findings/{finding_id}", depending on the closest CRM ancestor of the resource associated with the finding.
#canonical_name=
def canonical_name=(value) -> ::String
Parameter
- value (::String) — The canonical name of the finding. It's either "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}", "folders/{folder_id}/sources/{source_id}/findings/{finding_id}" or "projects/{project_number}/sources/{source_id}/findings/{finding_id}", depending on the closest CRM ancestor of the resource associated with the finding.
Returns
- (::String) — The canonical name of the finding. It's either "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}", "folders/{folder_id}/sources/{source_id}/findings/{finding_id}" or "projects/{project_number}/sources/{source_id}/findings/{finding_id}", depending on the closest CRM ancestor of the resource associated with the finding.
#category
def category() -> ::String
Returns
- (::String) — The additional taxonomy group within findings from a given source. This field is immutable after creation time. Example: "XSS_FLASH_INJECTION"
#category=
def category=(value) -> ::String
Parameter
- value (::String) — The additional taxonomy group within findings from a given source. This field is immutable after creation time. Example: "XSS_FLASH_INJECTION"
Returns
- (::String) — The additional taxonomy group within findings from a given source. This field is immutable after creation time. Example: "XSS_FLASH_INJECTION"
#create_time
def create_time() -> ::Google::Protobuf::Timestamp
Returns
- (::Google::Protobuf::Timestamp) — The time at which the finding was created in Security Command Center.
#create_time=
def create_time=(value) -> ::Google::Protobuf::Timestamp
Parameter
- value (::Google::Protobuf::Timestamp) — The time at which the finding was created in Security Command Center.
Returns
- (::Google::Protobuf::Timestamp) — The time at which the finding was created in Security Command Center.
#event_time
def event_time() -> ::Google::Protobuf::Timestamp
Returns
- (::Google::Protobuf::Timestamp) — The time the finding was first detected. If an existing finding is updated, then this is the time the update occurred. For example, if the finding represents an open firewall, this property captures the time the detector believes the firewall became open. The accuracy is determined by the detector. If the finding is later resolved, then this time reflects when the finding was resolved. This must not be set to a value greater than the current timestamp.
#event_time=
def event_time=(value) -> ::Google::Protobuf::Timestamp
Parameter
- value (::Google::Protobuf::Timestamp) — The time the finding was first detected. If an existing finding is updated, then this is the time the update occurred. For example, if the finding represents an open firewall, this property captures the time the detector believes the firewall became open. The accuracy is determined by the detector. If the finding is later resolved, then this time reflects when the finding was resolved. This must not be set to a value greater than the current timestamp.
Returns
- (::Google::Protobuf::Timestamp) — The time the finding was first detected. If an existing finding is updated, then this is the time the update occurred. For example, if the finding represents an open firewall, this property captures the time the detector believes the firewall became open. The accuracy is determined by the detector. If the finding is later resolved, then this time reflects when the finding was resolved. This must not be set to a value greater than the current timestamp.
#external_systems
def external_systems() -> ::Google::Protobuf::Map{::String => ::Google::Cloud::SecurityCenter::V1::ExternalSystem}
Returns
- (::Google::Protobuf::Map{::String => ::Google::Cloud::SecurityCenter::V1::ExternalSystem}) — Output only. Third party SIEM/SOAR fields within SCC, contains external system information and external system finding fields.
#external_uri
def external_uri() -> ::String
Returns
- (::String) — The URI that, if available, points to a web page outside of Security Command Center where additional information about the finding can be found. This field is guaranteed to be either empty or a well formed URL.
#external_uri=
def external_uri=(value) -> ::String
Parameter
- value (::String) — The URI that, if available, points to a web page outside of Security Command Center where additional information about the finding can be found. This field is guaranteed to be either empty or a well formed URL.
Returns
- (::String) — The URI that, if available, points to a web page outside of Security Command Center where additional information about the finding can be found. This field is guaranteed to be either empty or a well formed URL.
#finding_class
def finding_class() -> ::Google::Cloud::SecurityCenter::V1::Finding::FindingClass
Returns
- (::Google::Cloud::SecurityCenter::V1::Finding::FindingClass) — The class of the finding.
#finding_class=
def finding_class=(value) -> ::Google::Cloud::SecurityCenter::V1::Finding::FindingClass
Parameter
- value (::Google::Cloud::SecurityCenter::V1::Finding::FindingClass) — The class of the finding.
Returns
- (::Google::Cloud::SecurityCenter::V1::Finding::FindingClass) — The class of the finding.
#indicator
def indicator() -> ::Google::Cloud::SecurityCenter::V1::Indicator
Returns
- (::Google::Cloud::SecurityCenter::V1::Indicator) — Represents what's commonly known as an Indicator of compromise (IoC) in computer forensics. This is an artifact observed on a network or in an operating system that, with high confidence, indicates a computer intrusion. Reference: https://en.wikipedia.org/wiki/Indicator_of_compromise
#indicator=
def indicator=(value) -> ::Google::Cloud::SecurityCenter::V1::Indicator
Parameter
- value (::Google::Cloud::SecurityCenter::V1::Indicator) — Represents what's commonly known as an Indicator of compromise (IoC) in computer forensics. This is an artifact observed on a network or in an operating system that, with high confidence, indicates a computer intrusion. Reference: https://en.wikipedia.org/wiki/Indicator_of_compromise
Returns
- (::Google::Cloud::SecurityCenter::V1::Indicator) — Represents what's commonly known as an Indicator of compromise (IoC) in computer forensics. This is an artifact observed on a network or in an operating system that, with high confidence, indicates a computer intrusion. Reference: https://en.wikipedia.org/wiki/Indicator_of_compromise
#mitre_attack
def mitre_attack() -> ::Google::Cloud::SecurityCenter::V1::MitreAttack
Returns
- (::Google::Cloud::SecurityCenter::V1::MitreAttack) — MITRE ATT&CK tactics and techniques related to this finding. See: https://attack.mitre.org
#mitre_attack=
def mitre_attack=(value) -> ::Google::Cloud::SecurityCenter::V1::MitreAttack
Parameter
- value (::Google::Cloud::SecurityCenter::V1::MitreAttack) — MITRE ATT&CK tactics and techniques related to this finding. See: https://attack.mitre.org
Returns
- (::Google::Cloud::SecurityCenter::V1::MitreAttack) — MITRE ATT&CK tactics and techniques related to this finding. See: https://attack.mitre.org
#mute
def mute() -> ::Google::Cloud::SecurityCenter::V1::Finding::Mute
Returns
- (::Google::Cloud::SecurityCenter::V1::Finding::Mute) — Indicates the mute state of a finding (either unspecified, muted, unmuted or undefined). Unlike other attributes of a finding, a finding provider shouldn't set the value of mute.
#mute=
def mute=(value) -> ::Google::Cloud::SecurityCenter::V1::Finding::Mute
Parameter
- value (::Google::Cloud::SecurityCenter::V1::Finding::Mute) — Indicates the mute state of a finding (either unspecified, muted, unmuted or undefined). Unlike other attributes of a finding, a finding provider shouldn't set the value of mute.
Returns
- (::Google::Cloud::SecurityCenter::V1::Finding::Mute) — Indicates the mute state of a finding (either unspecified, muted, unmuted or undefined). Unlike other attributes of a finding, a finding provider shouldn't set the value of mute.
#mute_initiator
def mute_initiator() -> ::String
Returns
- (::String) — First known as mute_annotation. Records additional information about the mute operation e.g. mute config that muted the finding, user who muted the finding, etc. Unlike other attributes of a finding, a finding provider shouldn't set the value of mute.
#mute_initiator=
def mute_initiator=(value) -> ::String
Parameter
- value (::String) — First known as mute_annotation. Records additional information about the mute operation e.g. mute config that muted the finding, user who muted the finding, etc. Unlike other attributes of a finding, a finding provider shouldn't set the value of mute.
Returns
- (::String) — First known as mute_annotation. Records additional information about the mute operation e.g. mute config that muted the finding, user who muted the finding, etc. Unlike other attributes of a finding, a finding provider shouldn't set the value of mute.
#mute_update_time
def mute_update_time() -> ::Google::Protobuf::Timestamp
Returns
- (::Google::Protobuf::Timestamp) — Output only. The most recent time this finding was muted or unmuted.
#name
def name() -> ::String
Returns
- (::String) — The relative resource name of this finding. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name Example: "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}"
#name=
def name=(value) -> ::String
Parameter
- value (::String) — The relative resource name of this finding. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name Example: "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}"
Returns
- (::String) — The relative resource name of this finding. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name Example: "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}"
#parent
def parent() -> ::String
Returns
- (::String) — The relative resource name of the source the finding belongs to. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name This field is immutable after creation time. For example: "organizations/{organization_id}/sources/{source_id}"
#parent=
def parent=(value) -> ::String
Parameter
- value (::String) — The relative resource name of the source the finding belongs to. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name This field is immutable after creation time. For example: "organizations/{organization_id}/sources/{source_id}"
Returns
- (::String) — The relative resource name of the source the finding belongs to. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name This field is immutable after creation time. For example: "organizations/{organization_id}/sources/{source_id}"
#resource_name
def resource_name() -> ::String
Returns
- (::String) — For findings on Google Cloud resources, the full resource name of the Google Cloud resource this finding is for. See: https://cloud.google.com/apis/design/resource_names#full_resource_name When the finding is for a non-Google Cloud resource, the resourceName can be a customer or partner defined string. This field is immutable after creation time.
#resource_name=
def resource_name=(value) -> ::String
Parameter
- value (::String) — For findings on Google Cloud resources, the full resource name of the Google Cloud resource this finding is for. See: https://cloud.google.com/apis/design/resource_names#full_resource_name When the finding is for a non-Google Cloud resource, the resourceName can be a customer or partner defined string. This field is immutable after creation time.
Returns
- (::String) — For findings on Google Cloud resources, the full resource name of the Google Cloud resource this finding is for. See: https://cloud.google.com/apis/design/resource_names#full_resource_name When the finding is for a non-Google Cloud resource, the resourceName can be a customer or partner defined string. This field is immutable after creation time.
#security_marks
def security_marks() -> ::Google::Cloud::SecurityCenter::V1::SecurityMarks
Returns
- (::Google::Cloud::SecurityCenter::V1::SecurityMarks) — Output only. User specified security marks. These marks are entirely managed by the user and come from the SecurityMarks resource that belongs to the finding.
#severity
def severity() -> ::Google::Cloud::SecurityCenter::V1::Finding::Severity
Returns
- (::Google::Cloud::SecurityCenter::V1::Finding::Severity) — The severity of the finding. This field is managed by the source that writes the finding.
#severity=
def severity=(value) -> ::Google::Cloud::SecurityCenter::V1::Finding::Severity
Parameter
- value (::Google::Cloud::SecurityCenter::V1::Finding::Severity) — The severity of the finding. This field is managed by the source that writes the finding.
Returns
- (::Google::Cloud::SecurityCenter::V1::Finding::Severity) — The severity of the finding. This field is managed by the source that writes the finding.
#source_properties
def source_properties() -> ::Google::Protobuf::Map{::String => ::Google::Protobuf::Value}
Returns
- (::Google::Protobuf::Map{::String => ::Google::Protobuf::Value}) — Source specific properties. These properties are managed by the source that writes the finding. The key names in the source_properties map must be between 1 and 255 characters, and must start with a letter and contain alphanumeric characters or underscores only.
#source_properties=
def source_properties=(value) -> ::Google::Protobuf::Map{::String => ::Google::Protobuf::Value}
Parameter
- value (::Google::Protobuf::Map{::String => ::Google::Protobuf::Value}) — Source specific properties. These properties are managed by the source that writes the finding. The key names in the source_properties map must be between 1 and 255 characters, and must start with a letter and contain alphanumeric characters or underscores only.
Returns
- (::Google::Protobuf::Map{::String => ::Google::Protobuf::Value}) — Source specific properties. These properties are managed by the source that writes the finding. The key names in the source_properties map must be between 1 and 255 characters, and must start with a letter and contain alphanumeric characters or underscores only.
#state
def state() -> ::Google::Cloud::SecurityCenter::V1::Finding::State
Returns
- (::Google::Cloud::SecurityCenter::V1::Finding::State) — The state of the finding.
#state=
def state=(value) -> ::Google::Cloud::SecurityCenter::V1::Finding::State
Parameter
- value (::Google::Cloud::SecurityCenter::V1::Finding::State) — The state of the finding.
Returns
- (::Google::Cloud::SecurityCenter::V1::Finding::State) — The state of the finding.
#vulnerability
def vulnerability() -> ::Google::Cloud::SecurityCenter::V1::Vulnerability
Returns
- (::Google::Cloud::SecurityCenter::V1::Vulnerability) — Represents vulnerability specific fields like cve, cvss scores etc. CVE stands for Common Vulnerabilities and Exposures (https://cve.mitre.org/about/)
#vulnerability=
def vulnerability=(value) -> ::Google::Cloud::SecurityCenter::V1::Vulnerability
Parameter
- value (::Google::Cloud::SecurityCenter::V1::Vulnerability) — Represents vulnerability specific fields like cve, cvss scores etc. CVE stands for Common Vulnerabilities and Exposures (https://cve.mitre.org/about/)
Returns
- (::Google::Cloud::SecurityCenter::V1::Vulnerability) — Represents vulnerability specific fields like cve, cvss scores etc. CVE stands for Common Vulnerabilities and Exposures (https://cve.mitre.org/about/)