1// Copyright 2023 Google LLC 2// 3// Licensed under the Apache License, Version 2.0 (the "License"); 4// you may not use this file except in compliance with the License. 5// You may obtain a copy of the License at 6// 7// http://www.apache.org/licenses/LICENSE-2.0 8// 9// Unless required by applicable law or agreed to in writing, software 10// distributed under the License is distributed on an "AS IS" BASIS, 11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12// See the License for the specific language governing permissions and 13// limitations under the License. 14 15syntax = "proto3"; 16 17package google.cloud.securitycenter.v1; 18 19option csharp_namespace = "Google.Cloud.SecurityCenter.V1"; 20option go_package = "cloud.google.com/go/securitycenter/apiv1/securitycenterpb;securitycenterpb"; 21option java_multiple_files = true; 22option java_outer_classname = "ExfiltrationProto"; 23option java_package = "com.google.cloud.securitycenter.v1"; 24option php_namespace = "Google\\Cloud\\SecurityCenter\\V1"; 25option ruby_package = "Google::Cloud::SecurityCenter::V1"; 26 27// Exfiltration represents a data exfiltration attempt from one or more sources 28// to one or more targets. The `sources` attribute lists the sources of the 29// exfiltrated data. The `targets` attribute lists the destinations the data was 30// copied to. 31message Exfiltration { 32 // If there are multiple sources, then the data is considered "joined" between 33 // them. For instance, BigQuery can join multiple tables, and each 34 // table would be considered a source. 35 repeated ExfilResource sources = 1; 36 37 // If there are multiple targets, each target would get a complete copy of the 38 // "joined" source data. 39 repeated ExfilResource targets = 2; 40 41 // Total exfiltrated bytes processed for the entire job. 42 int64 total_exfiltrated_bytes = 3; 43} 44 45// Resource where data was exfiltrated from or exfiltrated to. 46message ExfilResource { 47 // The resource's [full resource 48 // name](https://cloud.google.com/apis/design/resource_names#full_resource_name). 49 string name = 1; 50 51 // Subcomponents of the asset that was exfiltrated, like URIs used during 52 // exfiltration, table names, databases, and filenames. For example, multiple 53 // tables might have been exfiltrated from the same Cloud SQL instance, or 54 // multiple files might have been exfiltrated from the same Cloud Storage 55 // bucket. 56 repeated string components = 2; 57} 58