1// Copyright 2023 Google LLC 2// 3// Licensed under the Apache License, Version 2.0 (the "License"); 4// you may not use this file except in compliance with the License. 5// You may obtain a copy of the License at 6// 7// http://www.apache.org/licenses/LICENSE-2.0 8// 9// Unless required by applicable law or agreed to in writing, software 10// distributed under the License is distributed on an "AS IS" BASIS, 11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12// See the License for the specific language governing permissions and 13// limitations under the License. 14 15syntax = "proto3"; 16 17package google.cloud.securityposture.v1; 18 19import "google/api/field_behavior.proto"; 20import "google/type/expr.proto"; 21 22option go_package = "cloud.google.com/go/securityposture/apiv1/securityposturepb;securityposturepb"; 23option java_multiple_files = true; 24option java_outer_classname = "ShaCustomConfigProto"; 25option java_package = "com.google.cloud.securityposture.v1"; 26 27// Defines the properties in a custom module configuration for Security 28// Health Analytics. Use the custom module configuration to create custom 29// detectors that generate custom findings for resources that you specify. 30message CustomConfig { 31 // A set of optional name-value pairs that define custom source properties to 32 // return with each finding that is generated by the custom module. The custom 33 // source properties that are defined here are included in the finding JSON 34 // under `sourceProperties`. 35 message CustomOutputSpec { 36 // An individual name-value pair that defines a custom source property. 37 message Property { 38 // Required. Name of the property for the custom output. 39 string name = 1 [(google.api.field_behavior) = REQUIRED]; 40 41 // Optional. The CEL expression for the custom output. A resource property 42 // can be specified to return the value of the property or a text string 43 // enclosed in quotation marks. 44 google.type.Expr value_expression = 2 45 [(google.api.field_behavior) = OPTIONAL]; 46 } 47 48 // Optional. A list of custom output properties to add to the finding. 49 repeated Property properties = 1 [(google.api.field_behavior) = OPTIONAL]; 50 } 51 52 // Resource for selecting resource type. 53 message ResourceSelector { 54 // Required. The resource types to run the detector on. 55 repeated string resource_types = 1 [(google.api.field_behavior) = REQUIRED]; 56 } 57 58 // Defines the valid value options for the severity of a finding. 59 enum Severity { 60 // Unspecified severity. 61 SEVERITY_UNSPECIFIED = 0; 62 63 // Critical severity. 64 CRITICAL = 1; 65 66 // High severity. 67 HIGH = 2; 68 69 // Medium severity. 70 MEDIUM = 3; 71 72 // Low severity. 73 LOW = 4; 74 } 75 76 // Required. The CEL expression to evaluate to produce findings. When the 77 // expression evaluates to true against a resource, a finding is generated. 78 google.type.Expr predicate = 1 [(google.api.field_behavior) = REQUIRED]; 79 80 // Optional. Custom output properties. 81 CustomOutputSpec custom_output = 2 [(google.api.field_behavior) = OPTIONAL]; 82 83 // Required. The resource types that the custom module operates on. Each 84 // custom module can specify up to 5 resource types. 85 ResourceSelector resource_selector = 3 86 [(google.api.field_behavior) = REQUIRED]; 87 88 // Required. The severity to assign to findings generated by the module. 89 Severity severity = 4 [(google.api.field_behavior) = REQUIRED]; 90 91 // Optional. Text that describes the vulnerability or misconfiguration that 92 // the custom module detects. This explanation is returned with each finding 93 // instance to help investigators understand the detected issue. The text must 94 // be enclosed in quotation marks. 95 string description = 5 [(google.api.field_behavior) = OPTIONAL]; 96 97 // Optional. An explanation of the recommended steps that security teams can 98 // take to resolve the detected issue. This explanation is returned with each 99 // finding generated by this module in the `nextSteps` property of the finding 100 // JSON. 101 string recommendation = 6 [(google.api.field_behavior) = OPTIONAL]; 102} 103