1// Copyright 2023 Google LLC 2// 3// Licensed under the Apache License, Version 2.0 (the "License"); 4// you may not use this file except in compliance with the License. 5// You may obtain a copy of the License at 6// 7// http://www.apache.org/licenses/LICENSE-2.0 8// 9// Unless required by applicable law or agreed to in writing, software 10// distributed under the License is distributed on an "AS IS" BASIS, 11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12// See the License for the specific language governing permissions and 13// limitations under the License. 14 15syntax = "proto3"; 16 17package google.cloud.securitycenter.v1; 18 19import "google/api/annotations.proto"; 20import "google/api/client.proto"; 21import "google/api/field_behavior.proto"; 22import "google/api/resource.proto"; 23import "google/cloud/securitycenter/v1/asset.proto"; 24import "google/cloud/securitycenter/v1/bigquery_export.proto"; 25import "google/cloud/securitycenter/v1/effective_security_health_analytics_custom_module.proto"; 26import "google/cloud/securitycenter/v1/external_system.proto"; 27import "google/cloud/securitycenter/v1/finding.proto"; 28import "google/cloud/securitycenter/v1/folder.proto"; 29import "google/cloud/securitycenter/v1/mute_config.proto"; 30import "google/cloud/securitycenter/v1/notification_config.proto"; 31import "google/cloud/securitycenter/v1/organization_settings.proto"; 32import "google/cloud/securitycenter/v1/run_asset_discovery_response.proto"; 33import "google/cloud/securitycenter/v1/security_health_analytics_custom_config.proto"; 34import "google/cloud/securitycenter/v1/security_health_analytics_custom_module.proto"; 35import "google/cloud/securitycenter/v1/security_marks.proto"; 36import "google/cloud/securitycenter/v1/source.proto"; 37import "google/iam/v1/iam_policy.proto"; 38import "google/iam/v1/policy.proto"; 39import "google/longrunning/operations.proto"; 40import "google/protobuf/duration.proto"; 41import "google/protobuf/empty.proto"; 42import "google/protobuf/field_mask.proto"; 43import "google/protobuf/struct.proto"; 44import "google/protobuf/timestamp.proto"; 45import "google/rpc/status.proto"; 46 47option csharp_namespace = "Google.Cloud.SecurityCenter.V1"; 48option go_package = "cloud.google.com/go/securitycenter/apiv1/securitycenterpb;securitycenterpb"; 49option java_multiple_files = true; 50option java_package = "com.google.cloud.securitycenter.v1"; 51option php_namespace = "Google\\Cloud\\SecurityCenter\\V1"; 52option ruby_package = "Google::Cloud::SecurityCenter::V1"; 53 54// V1 APIs for Security Center service. 55service SecurityCenter { 56 option (google.api.default_host) = "securitycenter.googleapis.com"; 57 option (google.api.oauth_scopes) = 58 "https://www.googleapis.com/auth/cloud-platform"; 59 60 // Kicks off an LRO to bulk mute findings for a parent based on a filter. The 61 // parent can be either an organization, folder or project. The findings 62 // matched by the filter will be muted after the LRO is done. 63 rpc BulkMuteFindings(BulkMuteFindingsRequest) 64 returns (google.longrunning.Operation) { 65 option (google.api.http) = { 66 post: "/v1/{parent=organizations/*}/findings:bulkMute" 67 body: "*" 68 additional_bindings { 69 post: "/v1/{parent=folders/*}/findings:bulkMute" 70 body: "*" 71 } 72 additional_bindings { 73 post: "/v1/{parent=projects/*}/findings:bulkMute" 74 body: "*" 75 } 76 }; 77 option (google.api.method_signature) = "parent"; 78 option (google.longrunning.operation_info) = { 79 response_type: "google.cloud.securitycenter.v1.BulkMuteFindingsResponse" 80 metadata_type: "google.protobuf.Empty" 81 }; 82 } 83 84 // Creates a resident SecurityHealthAnalyticsCustomModule at the scope of the 85 // given CRM parent, and also creates inherited 86 // SecurityHealthAnalyticsCustomModules for all CRM descendants of the given 87 // parent. These modules are enabled by default. 88 rpc CreateSecurityHealthAnalyticsCustomModule( 89 CreateSecurityHealthAnalyticsCustomModuleRequest) 90 returns (SecurityHealthAnalyticsCustomModule) { 91 option (google.api.http) = { 92 post: "/v1/{parent=organizations/*/securityHealthAnalyticsSettings}/customModules" 93 body: "security_health_analytics_custom_module" 94 additional_bindings { 95 post: "/v1/{parent=folders/*/securityHealthAnalyticsSettings}/customModules" 96 body: "security_health_analytics_custom_module" 97 } 98 additional_bindings { 99 post: "/v1/{parent=projects/*/securityHealthAnalyticsSettings}/customModules" 100 body: "security_health_analytics_custom_module" 101 } 102 }; 103 option (google.api.method_signature) = 104 "parent,security_health_analytics_custom_module"; 105 } 106 107 // Creates a source. 108 rpc CreateSource(CreateSourceRequest) returns (Source) { 109 option (google.api.http) = { 110 post: "/v1/{parent=organizations/*}/sources" 111 body: "source" 112 }; 113 option (google.api.method_signature) = "parent,source"; 114 } 115 116 // Creates a finding. The corresponding source must exist for finding creation 117 // to succeed. 118 rpc CreateFinding(CreateFindingRequest) returns (Finding) { 119 option (google.api.http) = { 120 post: "/v1/{parent=organizations/*/sources/*}/findings" 121 body: "finding" 122 }; 123 option (google.api.method_signature) = "parent,finding_id,finding"; 124 } 125 126 // Creates a mute config. 127 rpc CreateMuteConfig(CreateMuteConfigRequest) returns (MuteConfig) { 128 option (google.api.http) = { 129 post: "/v1/{parent=organizations/*}/muteConfigs" 130 body: "mute_config" 131 additional_bindings { 132 post: "/v1/{parent=folders/*}/muteConfigs" 133 body: "mute_config" 134 } 135 additional_bindings { 136 post: "/v1/{parent=projects/*}/muteConfigs" 137 body: "mute_config" 138 } 139 }; 140 option (google.api.method_signature) = "parent,mute_config"; 141 option (google.api.method_signature) = "parent,mute_config,mute_config_id"; 142 } 143 144 // Creates a notification config. 145 rpc CreateNotificationConfig(CreateNotificationConfigRequest) 146 returns (NotificationConfig) { 147 option (google.api.http) = { 148 post: "/v1/{parent=organizations/*}/notificationConfigs" 149 body: "notification_config" 150 additional_bindings { 151 post: "/v1/{parent=folders/*}/notificationConfigs" 152 body: "notification_config" 153 } 154 additional_bindings { 155 post: "/v1/{parent=projects/*}/notificationConfigs" 156 body: "notification_config" 157 } 158 }; 159 option (google.api.method_signature) = 160 "parent,config_id,notification_config"; 161 option (google.api.method_signature) = "parent,notification_config"; 162 } 163 164 // Deletes an existing mute config. 165 rpc DeleteMuteConfig(DeleteMuteConfigRequest) 166 returns (google.protobuf.Empty) { 167 option (google.api.http) = { 168 delete: "/v1/{name=organizations/*/muteConfigs/*}" 169 additional_bindings { delete: "/v1/{name=folders/*/muteConfigs/*}" } 170 additional_bindings { delete: "/v1/{name=projects/*/muteConfigs/*}" } 171 }; 172 option (google.api.method_signature) = "name"; 173 } 174 175 // Deletes a notification config. 176 rpc DeleteNotificationConfig(DeleteNotificationConfigRequest) 177 returns (google.protobuf.Empty) { 178 option (google.api.http) = { 179 delete: "/v1/{name=organizations/*/notificationConfigs/*}" 180 additional_bindings { 181 delete: "/v1/{name=folders/*/notificationConfigs/*}" 182 } 183 additional_bindings { 184 delete: "/v1/{name=projects/*/notificationConfigs/*}" 185 } 186 }; 187 option (google.api.method_signature) = "name"; 188 } 189 190 // Deletes the specified SecurityHealthAnalyticsCustomModule and all of its 191 // descendants in the CRM hierarchy. This method is only supported for 192 // resident custom modules. 193 rpc DeleteSecurityHealthAnalyticsCustomModule( 194 DeleteSecurityHealthAnalyticsCustomModuleRequest) 195 returns (google.protobuf.Empty) { 196 option (google.api.http) = { 197 delete: "/v1/{name=organizations/*/securityHealthAnalyticsSettings/customModules/*}" 198 additional_bindings { 199 delete: "/v1/{name=folders/*/securityHealthAnalyticsSettings/customModules/*}" 200 } 201 additional_bindings { 202 delete: "/v1/{name=projects/*/securityHealthAnalyticsSettings/customModules/*}" 203 } 204 }; 205 option (google.api.method_signature) = "name"; 206 } 207 208 // Gets a BigQuery export. 209 rpc GetBigQueryExport(GetBigQueryExportRequest) returns (BigQueryExport) { 210 option (google.api.http) = { 211 get: "/v1/{name=organizations/*/bigQueryExports/*}" 212 additional_bindings { get: "/v1/{name=folders/*/bigQueryExports/*}" } 213 additional_bindings { get: "/v1/{name=projects/*/bigQueryExports/*}" } 214 }; 215 option (google.api.method_signature) = "name"; 216 } 217 218 // Gets the access control policy on the specified Source. 219 rpc GetIamPolicy(google.iam.v1.GetIamPolicyRequest) 220 returns (google.iam.v1.Policy) { 221 option (google.api.http) = { 222 post: "/v1/{resource=organizations/*/sources/*}:getIamPolicy" 223 body: "*" 224 }; 225 option (google.api.method_signature) = "resource"; 226 } 227 228 // Gets a mute config. 229 rpc GetMuteConfig(GetMuteConfigRequest) returns (MuteConfig) { 230 option (google.api.http) = { 231 get: "/v1/{name=organizations/*/muteConfigs/*}" 232 additional_bindings { get: "/v1/{name=folders/*/muteConfigs/*}" } 233 additional_bindings { get: "/v1/{name=projects/*/muteConfigs/*}" } 234 }; 235 option (google.api.method_signature) = "name"; 236 } 237 238 // Gets a notification config. 239 rpc GetNotificationConfig(GetNotificationConfigRequest) 240 returns (NotificationConfig) { 241 option (google.api.http) = { 242 get: "/v1/{name=organizations/*/notificationConfigs/*}" 243 additional_bindings { get: "/v1/{name=folders/*/notificationConfigs/*}" } 244 additional_bindings { get: "/v1/{name=projects/*/notificationConfigs/*}" } 245 }; 246 option (google.api.method_signature) = "name"; 247 } 248 249 // Gets the settings for an organization. 250 rpc GetOrganizationSettings(GetOrganizationSettingsRequest) 251 returns (OrganizationSettings) { 252 option (google.api.http) = { 253 get: "/v1/{name=organizations/*/organizationSettings}" 254 }; 255 option (google.api.method_signature) = "name"; 256 } 257 258 // Retrieves an EffectiveSecurityHealthAnalyticsCustomModule. 259 rpc GetEffectiveSecurityHealthAnalyticsCustomModule( 260 GetEffectiveSecurityHealthAnalyticsCustomModuleRequest) 261 returns (EffectiveSecurityHealthAnalyticsCustomModule) { 262 option (google.api.http) = { 263 get: "/v1/{name=organizations/*/securityHealthAnalyticsSettings/effectiveCustomModules/*}" 264 additional_bindings { 265 get: "/v1/{name=folders/*/securityHealthAnalyticsSettings/effectiveCustomModules/*}" 266 } 267 additional_bindings { 268 get: "/v1/{name=projects/*/securityHealthAnalyticsSettings/effectiveCustomModules/*}" 269 } 270 }; 271 option (google.api.method_signature) = "name"; 272 } 273 274 // Retrieves a SecurityHealthAnalyticsCustomModule. 275 rpc GetSecurityHealthAnalyticsCustomModule( 276 GetSecurityHealthAnalyticsCustomModuleRequest) 277 returns (SecurityHealthAnalyticsCustomModule) { 278 option (google.api.http) = { 279 get: "/v1/{name=organizations/*/securityHealthAnalyticsSettings/customModules/*}" 280 additional_bindings { 281 get: "/v1/{name=folders/*/securityHealthAnalyticsSettings/customModules/*}" 282 } 283 additional_bindings { 284 get: "/v1/{name=projects/*/securityHealthAnalyticsSettings/customModules/*}" 285 } 286 }; 287 option (google.api.method_signature) = "name"; 288 } 289 290 // Gets a source. 291 rpc GetSource(GetSourceRequest) returns (Source) { 292 option (google.api.http) = { 293 get: "/v1/{name=organizations/*/sources/*}" 294 }; 295 option (google.api.method_signature) = "name"; 296 } 297 298 // Filters an organization's assets and groups them by their specified 299 // properties. 300 rpc GroupAssets(GroupAssetsRequest) returns (GroupAssetsResponse) { 301 option deprecated = true; 302 option (google.api.http) = { 303 post: "/v1/{parent=organizations/*}/assets:group" 304 body: "*" 305 additional_bindings { 306 post: "/v1/{parent=folders/*}/assets:group" 307 body: "*" 308 } 309 additional_bindings { 310 post: "/v1/{parent=projects/*}/assets:group" 311 body: "*" 312 } 313 }; 314 } 315 316 // Filters an organization or source's findings and groups them by their 317 // specified properties. 318 // 319 // To group across all sources provide a `-` as the source id. 320 // Example: /v1/organizations/{organization_id}/sources/-/findings, 321 // /v1/folders/{folder_id}/sources/-/findings, 322 // /v1/projects/{project_id}/sources/-/findings 323 rpc GroupFindings(GroupFindingsRequest) returns (GroupFindingsResponse) { 324 option (google.api.http) = { 325 post: "/v1/{parent=organizations/*/sources/*}/findings:group" 326 body: "*" 327 additional_bindings { 328 post: "/v1/{parent=folders/*/sources/*}/findings:group" 329 body: "*" 330 } 331 additional_bindings { 332 post: "/v1/{parent=projects/*/sources/*}/findings:group" 333 body: "*" 334 } 335 }; 336 option (google.api.method_signature) = "parent,group_by"; 337 } 338 339 // Lists an organization's assets. 340 rpc ListAssets(ListAssetsRequest) returns (ListAssetsResponse) { 341 option deprecated = true; 342 option (google.api.http) = { 343 get: "/v1/{parent=organizations/*}/assets" 344 additional_bindings { get: "/v1/{parent=folders/*}/assets" } 345 additional_bindings { get: "/v1/{parent=projects/*}/assets" } 346 }; 347 } 348 349 // Returns a list of all resident SecurityHealthAnalyticsCustomModules under 350 // the given CRM parent and all of the parent’s CRM descendants. 351 rpc ListDescendantSecurityHealthAnalyticsCustomModules( 352 ListDescendantSecurityHealthAnalyticsCustomModulesRequest) 353 returns (ListDescendantSecurityHealthAnalyticsCustomModulesResponse) { 354 option (google.api.http) = { 355 get: "/v1/{parent=organizations/*/securityHealthAnalyticsSettings}/customModules:listDescendant" 356 additional_bindings { 357 get: "/v1/{parent=folders/*/securityHealthAnalyticsSettings}/customModules:listDescendant" 358 } 359 additional_bindings { 360 get: "/v1/{parent=projects/*/securityHealthAnalyticsSettings}/customModules:listDescendant" 361 } 362 }; 363 option (google.api.method_signature) = "parent"; 364 } 365 366 // Lists an organization or source's findings. 367 // 368 // To list across all sources provide a `-` as the source id. 369 // Example: /v1/organizations/{organization_id}/sources/-/findings 370 rpc ListFindings(ListFindingsRequest) returns (ListFindingsResponse) { 371 option (google.api.http) = { 372 get: "/v1/{parent=organizations/*/sources/*}/findings" 373 additional_bindings { get: "/v1/{parent=folders/*/sources/*}/findings" } 374 additional_bindings { get: "/v1/{parent=projects/*/sources/*}/findings" } 375 }; 376 } 377 378 // Lists mute configs. 379 rpc ListMuteConfigs(ListMuteConfigsRequest) 380 returns (ListMuteConfigsResponse) { 381 option (google.api.http) = { 382 get: "/v1/{parent=organizations/*}/muteConfigs" 383 additional_bindings { get: "/v1/{parent=folders/*}/muteConfigs" } 384 additional_bindings { get: "/v1/{parent=projects/*}/muteConfigs" } 385 }; 386 option (google.api.method_signature) = "parent"; 387 } 388 389 // Lists notification configs. 390 rpc ListNotificationConfigs(ListNotificationConfigsRequest) 391 returns (ListNotificationConfigsResponse) { 392 option (google.api.http) = { 393 get: "/v1/{parent=organizations/*}/notificationConfigs" 394 additional_bindings { get: "/v1/{parent=folders/*}/notificationConfigs" } 395 additional_bindings { get: "/v1/{parent=projects/*}/notificationConfigs" } 396 }; 397 option (google.api.method_signature) = "parent"; 398 } 399 400 // Returns a list of all EffectiveSecurityHealthAnalyticsCustomModules for the 401 // given parent. This includes resident modules defined at the scope of the 402 // parent, and inherited modules, inherited from CRM ancestors. 403 rpc ListEffectiveSecurityHealthAnalyticsCustomModules( 404 ListEffectiveSecurityHealthAnalyticsCustomModulesRequest) 405 returns (ListEffectiveSecurityHealthAnalyticsCustomModulesResponse) { 406 option (google.api.http) = { 407 get: "/v1/{parent=organizations/*/securityHealthAnalyticsSettings}/effectiveCustomModules" 408 additional_bindings { 409 get: "/v1/{parent=folders/*/securityHealthAnalyticsSettings}/effectiveCustomModules" 410 } 411 additional_bindings { 412 get: "/v1/{parent=projects/*/securityHealthAnalyticsSettings}/effectiveCustomModules" 413 } 414 }; 415 option (google.api.method_signature) = "parent"; 416 } 417 418 // Returns a list of all SecurityHealthAnalyticsCustomModules for the given 419 // parent. This includes resident modules defined at the scope of the parent, 420 // and inherited modules, inherited from CRM ancestors. 421 rpc ListSecurityHealthAnalyticsCustomModules( 422 ListSecurityHealthAnalyticsCustomModulesRequest) 423 returns (ListSecurityHealthAnalyticsCustomModulesResponse) { 424 option (google.api.http) = { 425 get: "/v1/{parent=organizations/*/securityHealthAnalyticsSettings}/customModules" 426 additional_bindings { 427 get: "/v1/{parent=folders/*/securityHealthAnalyticsSettings}/customModules" 428 } 429 additional_bindings { 430 get: "/v1/{parent=projects/*/securityHealthAnalyticsSettings}/customModules" 431 } 432 }; 433 option (google.api.method_signature) = "parent"; 434 } 435 436 // Lists all sources belonging to an organization. 437 rpc ListSources(ListSourcesRequest) returns (ListSourcesResponse) { 438 option (google.api.http) = { 439 get: "/v1/{parent=organizations/*}/sources" 440 additional_bindings { get: "/v1/{parent=folders/*}/sources" } 441 additional_bindings { get: "/v1/{parent=projects/*}/sources" } 442 }; 443 option (google.api.method_signature) = "parent"; 444 } 445 446 // Runs asset discovery. The discovery is tracked with a long-running 447 // operation. 448 // 449 // This API can only be called with limited frequency for an organization. If 450 // it is called too frequently the caller will receive a TOO_MANY_REQUESTS 451 // error. 452 rpc RunAssetDiscovery(RunAssetDiscoveryRequest) 453 returns (google.longrunning.Operation) { 454 option deprecated = true; 455 option (google.api.http) = { 456 post: "/v1/{parent=organizations/*}/assets:runDiscovery" 457 body: "*" 458 }; 459 option (google.api.method_signature) = "parent"; 460 option (google.longrunning.operation_info) = { 461 response_type: "google.cloud.securitycenter.v1.RunAssetDiscoveryResponse" 462 metadata_type: "google.protobuf.Empty" 463 }; 464 } 465 466 // Updates the state of a finding. 467 rpc SetFindingState(SetFindingStateRequest) returns (Finding) { 468 option (google.api.http) = { 469 post: "/v1/{name=organizations/*/sources/*/findings/*}:setState" 470 body: "*" 471 additional_bindings { 472 post: "/v1/{name=folders/*/sources/*/findings/*}:setState" 473 body: "*" 474 } 475 additional_bindings { 476 post: "/v1/{name=projects/*/sources/*/findings/*}:setState" 477 body: "*" 478 } 479 }; 480 option (google.api.method_signature) = "name,state,start_time"; 481 } 482 483 // Updates the mute state of a finding. 484 rpc SetMute(SetMuteRequest) returns (Finding) { 485 option (google.api.http) = { 486 post: "/v1/{name=organizations/*/sources/*/findings/*}:setMute" 487 body: "*" 488 additional_bindings { 489 post: "/v1/{name=folders/*/sources/*/findings/*}:setMute" 490 body: "*" 491 } 492 additional_bindings { 493 post: "/v1/{name=projects/*/sources/*/findings/*}:setMute" 494 body: "*" 495 } 496 }; 497 option (google.api.method_signature) = "name,mute"; 498 } 499 500 // Sets the access control policy on the specified Source. 501 rpc SetIamPolicy(google.iam.v1.SetIamPolicyRequest) 502 returns (google.iam.v1.Policy) { 503 option (google.api.http) = { 504 post: "/v1/{resource=organizations/*/sources/*}:setIamPolicy" 505 body: "*" 506 }; 507 option (google.api.method_signature) = "resource,policy"; 508 } 509 510 // Returns the permissions that a caller has on the specified source. 511 rpc TestIamPermissions(google.iam.v1.TestIamPermissionsRequest) 512 returns (google.iam.v1.TestIamPermissionsResponse) { 513 option (google.api.http) = { 514 post: "/v1/{resource=organizations/*/sources/*}:testIamPermissions" 515 body: "*" 516 }; 517 option (google.api.method_signature) = "resource,permissions"; 518 } 519 520 // Simulates a given SecurityHealthAnalyticsCustomModule and Resource. 521 rpc SimulateSecurityHealthAnalyticsCustomModule( 522 SimulateSecurityHealthAnalyticsCustomModuleRequest) 523 returns (SimulateSecurityHealthAnalyticsCustomModuleResponse) { 524 option (google.api.http) = { 525 post: "/v1/{parent=organizations/*/securityHealthAnalyticsSettings}/customModules:simulate" 526 body: "*" 527 additional_bindings { 528 post: "/v1/{parent=folders/*/securityHealthAnalyticsSettings}/customModules:simulate" 529 body: "*" 530 } 531 additional_bindings { 532 post: "/v1/{parent=projects/*/securityHealthAnalyticsSettings}/customModules:simulate" 533 body: "*" 534 } 535 }; 536 option (google.api.method_signature) = "parent,custom_config,resource"; 537 } 538 539 // Updates external system. This is for a given finding. 540 rpc UpdateExternalSystem(UpdateExternalSystemRequest) 541 returns (ExternalSystem) { 542 option (google.api.http) = { 543 patch: "/v1/{external_system.name=organizations/*/sources/*/findings/*/externalSystems/*}" 544 body: "external_system" 545 additional_bindings { 546 patch: "/v1/{external_system.name=folders/*/sources/*/findings/*/externalSystems/*}" 547 body: "external_system" 548 } 549 additional_bindings { 550 patch: "/v1/{external_system.name=projects/*/sources/*/findings/*/externalSystems/*}" 551 body: "external_system" 552 } 553 }; 554 option (google.api.method_signature) = "external_system,update_mask"; 555 } 556 557 // Creates or updates a finding. The corresponding source must exist for a 558 // finding creation to succeed. 559 rpc UpdateFinding(UpdateFindingRequest) returns (Finding) { 560 option (google.api.http) = { 561 patch: "/v1/{finding.name=organizations/*/sources/*/findings/*}" 562 body: "finding" 563 additional_bindings { 564 patch: "/v1/{finding.name=folders/*/sources/*/findings/*}" 565 body: "finding" 566 } 567 additional_bindings { 568 patch: "/v1/{finding.name=projects/*/sources/*/findings/*}" 569 body: "finding" 570 } 571 }; 572 option (google.api.method_signature) = "finding"; 573 } 574 575 // Updates a mute config. 576 rpc UpdateMuteConfig(UpdateMuteConfigRequest) returns (MuteConfig) { 577 option (google.api.http) = { 578 patch: "/v1/{mute_config.name=organizations/*/muteConfigs/*}" 579 body: "mute_config" 580 additional_bindings { 581 patch: "/v1/{mute_config.name=folders/*/muteConfigs/*}" 582 body: "mute_config" 583 } 584 additional_bindings { 585 patch: "/v1/{mute_config.name=projects/*/muteConfigs/*}" 586 body: "mute_config" 587 } 588 }; 589 option (google.api.method_signature) = "mute_config,update_mask"; 590 } 591 592 // 593 // Updates a notification config. The following update 594 // fields are allowed: description, pubsub_topic, streaming_config.filter 595 rpc UpdateNotificationConfig(UpdateNotificationConfigRequest) 596 returns (NotificationConfig) { 597 option (google.api.http) = { 598 patch: "/v1/{notification_config.name=organizations/*/notificationConfigs/*}" 599 body: "notification_config" 600 additional_bindings { 601 patch: "/v1/{notification_config.name=folders/*/notificationConfigs/*}" 602 body: "notification_config" 603 } 604 additional_bindings { 605 patch: "/v1/{notification_config.name=projects/*/notificationConfigs/*}" 606 body: "notification_config" 607 } 608 }; 609 option (google.api.method_signature) = "notification_config"; 610 option (google.api.method_signature) = "notification_config,update_mask"; 611 } 612 613 // Updates an organization's settings. 614 rpc UpdateOrganizationSettings(UpdateOrganizationSettingsRequest) 615 returns (OrganizationSettings) { 616 option (google.api.http) = { 617 patch: "/v1/{organization_settings.name=organizations/*/organizationSettings}" 618 body: "organization_settings" 619 }; 620 option (google.api.method_signature) = "organization_settings"; 621 } 622 623 // Updates the SecurityHealthAnalyticsCustomModule under the given name based 624 // on the given update mask. Updating the enablement state is supported on 625 // both resident and inherited modules (though resident modules cannot have an 626 // enablement state of "inherited"). Updating the display name and custom 627 // config of a module is supported on resident modules only. 628 rpc UpdateSecurityHealthAnalyticsCustomModule( 629 UpdateSecurityHealthAnalyticsCustomModuleRequest) 630 returns (SecurityHealthAnalyticsCustomModule) { 631 option (google.api.http) = { 632 patch: "/v1/{security_health_analytics_custom_module.name=organizations/*/securityHealthAnalyticsSettings/customModules/*}" 633 body: "security_health_analytics_custom_module" 634 additional_bindings { 635 patch: "/v1/{security_health_analytics_custom_module.name=folders/*/securityHealthAnalyticsSettings/customModules/*}" 636 body: "security_health_analytics_custom_module" 637 } 638 additional_bindings { 639 patch: "/v1/{security_health_analytics_custom_module.name=projects/*/securityHealthAnalyticsSettings/customModules/*}" 640 body: "security_health_analytics_custom_module" 641 } 642 }; 643 option (google.api.method_signature) = 644 "security_health_analytics_custom_module,update_mask"; 645 } 646 647 // Updates a source. 648 rpc UpdateSource(UpdateSourceRequest) returns (Source) { 649 option (google.api.http) = { 650 patch: "/v1/{source.name=organizations/*/sources/*}" 651 body: "source" 652 }; 653 option (google.api.method_signature) = "source"; 654 } 655 656 // Updates security marks. 657 rpc UpdateSecurityMarks(UpdateSecurityMarksRequest) returns (SecurityMarks) { 658 option (google.api.http) = { 659 patch: "/v1/{security_marks.name=organizations/*/assets/*/securityMarks}" 660 body: "security_marks" 661 additional_bindings { 662 patch: "/v1/{security_marks.name=folders/*/assets/*/securityMarks}" 663 body: "security_marks" 664 } 665 additional_bindings { 666 patch: "/v1/{security_marks.name=projects/*/assets/*/securityMarks}" 667 body: "security_marks" 668 } 669 additional_bindings { 670 patch: "/v1/{security_marks.name=organizations/*/sources/*/findings/*/securityMarks}" 671 body: "security_marks" 672 } 673 additional_bindings { 674 patch: "/v1/{security_marks.name=folders/*/sources/*/findings/*/securityMarks}" 675 body: "security_marks" 676 } 677 additional_bindings { 678 patch: "/v1/{security_marks.name=projects/*/sources/*/findings/*/securityMarks}" 679 body: "security_marks" 680 } 681 }; 682 option (google.api.method_signature) = "security_marks"; 683 } 684 685 // Creates a BigQuery export. 686 rpc CreateBigQueryExport(CreateBigQueryExportRequest) 687 returns (BigQueryExport) { 688 option (google.api.http) = { 689 post: "/v1/{parent=organizations/*}/bigQueryExports" 690 body: "big_query_export" 691 additional_bindings { 692 post: "/v1/{parent=folders/*}/bigQueryExports" 693 body: "big_query_export" 694 } 695 additional_bindings { 696 post: "/v1/{parent=projects/*}/bigQueryExports" 697 body: "big_query_export" 698 } 699 }; 700 option (google.api.method_signature) = 701 "parent,big_query_export,big_query_export_id"; 702 } 703 704 // Deletes an existing BigQuery export. 705 rpc DeleteBigQueryExport(DeleteBigQueryExportRequest) 706 returns (google.protobuf.Empty) { 707 option (google.api.http) = { 708 delete: "/v1/{name=organizations/*/bigQueryExports/*}" 709 additional_bindings { delete: "/v1/{name=folders/*/bigQueryExports/*}" } 710 additional_bindings { delete: "/v1/{name=projects/*/bigQueryExports/*}" } 711 }; 712 option (google.api.method_signature) = "name"; 713 } 714 715 // Updates a BigQuery export. 716 rpc UpdateBigQueryExport(UpdateBigQueryExportRequest) 717 returns (BigQueryExport) { 718 option (google.api.http) = { 719 patch: "/v1/{big_query_export.name=organizations/*/bigQueryExports/*}" 720 body: "big_query_export" 721 additional_bindings { 722 patch: "/v1/{big_query_export.name=folders/*/bigQueryExports/*}" 723 body: "big_query_export" 724 } 725 additional_bindings { 726 patch: "/v1/{big_query_export.name=projects/*/bigQueryExports/*}" 727 body: "big_query_export" 728 } 729 }; 730 option (google.api.method_signature) = "big_query_export,update_mask"; 731 } 732 733 // Lists BigQuery exports. Note that when requesting BigQuery exports at a 734 // given level all exports under that level are also returned e.g. if 735 // requesting BigQuery exports under a folder, then all BigQuery exports 736 // immediately under the folder plus the ones created under the projects 737 // within the folder are returned. 738 rpc ListBigQueryExports(ListBigQueryExportsRequest) 739 returns (ListBigQueryExportsResponse) { 740 option (google.api.http) = { 741 get: "/v1/{parent=organizations/*}/bigQueryExports" 742 additional_bindings { get: "/v1/{parent=folders/*}/bigQueryExports" } 743 additional_bindings { get: "/v1/{parent=projects/*}/bigQueryExports" } 744 }; 745 option (google.api.method_signature) = "parent"; 746 } 747} 748 749// Request message for bulk findings update. 750// 751// Note: 752// 1. If multiple bulk update requests match the same resource, the order in 753// which they get executed is not defined. 754// 2. Once a bulk operation is started, there is no way to stop it. 755message BulkMuteFindingsRequest { 756 // Required. The parent, at which bulk action needs to be applied. Its format 757 // is "organizations/[organization_id]", "folders/[folder_id]", 758 // "projects/[project_id]". 759 string parent = 1 [ 760 (google.api.field_behavior) = REQUIRED, 761 (google.api.resource_reference) = { type: "*" } 762 ]; 763 764 // Expression that identifies findings that should be updated. 765 // The expression is a list of zero or more restrictions combined 766 // via logical operators `AND` and `OR`. Parentheses are supported, and `OR` 767 // has higher precedence than `AND`. 768 // 769 // Restrictions have the form `<field> <operator> <value>` and may have a 770 // `-` character in front of them to indicate negation. The fields map to 771 // those defined in the corresponding resource. 772 // 773 // The supported operators are: 774 // 775 // * `=` for all value types. 776 // * `>`, `<`, `>=`, `<=` for integer values. 777 // * `:`, meaning substring matching, for strings. 778 // 779 // The supported value types are: 780 // 781 // * string literals in quotes. 782 // * integer literals without quotes. 783 // * boolean literals `true` and `false` without quotes. 784 string filter = 2; 785 786 // This can be a mute configuration name or any identifier for mute/unmute 787 // of findings based on the filter. 788 string mute_annotation = 3 [deprecated = true]; 789} 790 791// The response to a BulkMute request. Contains the LRO information. 792message BulkMuteFindingsResponse {} 793 794// Request message for creating a finding. 795message CreateFindingRequest { 796 // Required. Resource name of the new finding's parent. Its format should be 797 // "organizations/[organization_id]/sources/[source_id]". 798 string parent = 1 [ 799 (google.api.field_behavior) = REQUIRED, 800 (google.api.resource_reference) = { 801 type: "securitycenter.googleapis.com/Source" 802 } 803 ]; 804 805 // Required. Unique identifier provided by the client within the parent scope. 806 // It must be alphanumeric and less than or equal to 32 characters and 807 // greater than 0 characters in length. 808 string finding_id = 2 [(google.api.field_behavior) = REQUIRED]; 809 810 // Required. The Finding being created. The name and security_marks will be 811 // ignored as they are both output only fields on this resource. 812 Finding finding = 3 [(google.api.field_behavior) = REQUIRED]; 813} 814 815// Request message for creating a mute config. 816message CreateMuteConfigRequest { 817 // Required. Resource name of the new mute configs's parent. Its format is 818 // "organizations/[organization_id]", "folders/[folder_id]", or 819 // "projects/[project_id]". 820 string parent = 1 [ 821 (google.api.field_behavior) = REQUIRED, 822 (google.api.resource_reference) = { 823 child_type: "securitycenter.googleapis.com/MuteConfig" 824 } 825 ]; 826 827 // Required. The mute config being created. 828 MuteConfig mute_config = 2 [(google.api.field_behavior) = REQUIRED]; 829 830 // Required. Unique identifier provided by the client within the parent scope. 831 // It must consist of only lowercase letters, numbers, and hyphens, must start 832 // with a letter, must end with either a letter or a number, and must be 63 833 // characters or less. 834 string mute_config_id = 3 [(google.api.field_behavior) = REQUIRED]; 835} 836 837// Request message for creating a notification config. 838message CreateNotificationConfigRequest { 839 // Required. Resource name of the new notification config's parent. Its format 840 // is "organizations/[organization_id]", "folders/[folder_id]", or 841 // "projects/[project_id]". 842 string parent = 1 [ 843 (google.api.field_behavior) = REQUIRED, 844 (google.api.resource_reference) = { 845 child_type: "securitycenter.googleapis.com/NotificationConfig" 846 } 847 ]; 848 849 // Required. 850 // Unique identifier provided by the client within the parent scope. 851 // It must be between 1 and 128 characters and contain alphanumeric 852 // characters, underscores, or hyphens only. 853 string config_id = 2 [(google.api.field_behavior) = REQUIRED]; 854 855 // Required. The notification config being created. The name and the service 856 // account will be ignored as they are both output only fields on this 857 // resource. 858 NotificationConfig notification_config = 3 859 [(google.api.field_behavior) = REQUIRED]; 860} 861 862// Request message for creating Security Health Analytics custom modules. 863message CreateSecurityHealthAnalyticsCustomModuleRequest { 864 // Required. Resource name of the new custom module's parent. Its format is 865 // "organizations/{organization}/securityHealthAnalyticsSettings", 866 // "folders/{folder}/securityHealthAnalyticsSettings", or 867 // "projects/{project}/securityHealthAnalyticsSettings" 868 string parent = 1 [ 869 (google.api.field_behavior) = REQUIRED, 870 (google.api.resource_reference) = { 871 child_type: "securitycenter.googleapis.com/SecurityHealthAnalyticsCustomModule" 872 } 873 ]; 874 875 // Required. SecurityHealthAnalytics custom module to create. The provided 876 // name is ignored and reset with provided parent information and 877 // server-generated ID. 878 SecurityHealthAnalyticsCustomModule security_health_analytics_custom_module = 879 2 [(google.api.field_behavior) = REQUIRED]; 880} 881 882// Request message for creating a source. 883message CreateSourceRequest { 884 // Required. Resource name of the new source's parent. Its format should be 885 // "organizations/[organization_id]". 886 string parent = 1 [ 887 (google.api.field_behavior) = REQUIRED, 888 (google.api.resource_reference) = { 889 type: "cloudresourcemanager.googleapis.com/Organization" 890 } 891 ]; 892 893 // Required. The Source being created, only the display_name and description 894 // will be used. All other fields will be ignored. 895 Source source = 2 [(google.api.field_behavior) = REQUIRED]; 896} 897 898// Request message for deleting a mute config. 899message DeleteMuteConfigRequest { 900 // Required. Name of the mute config to delete. Its format is 901 // organizations/{organization}/muteConfigs/{config_id}, 902 // folders/{folder}/muteConfigs/{config_id}, or 903 // projects/{project}/muteConfigs/{config_id} 904 string name = 1 [ 905 (google.api.field_behavior) = REQUIRED, 906 (google.api.resource_reference) = { 907 type: "securitycenter.googleapis.com/MuteConfig" 908 } 909 ]; 910} 911 912// Request message for deleting a notification config. 913message DeleteNotificationConfigRequest { 914 // Required. Name of the notification config to delete. Its format is 915 // "organizations/[organization_id]/notificationConfigs/[config_id]", 916 // "folders/[folder_id]/notificationConfigs/[config_id]", 917 // or "projects/[project_id]/notificationConfigs/[config_id]". 918 string name = 1 [ 919 (google.api.field_behavior) = REQUIRED, 920 (google.api.resource_reference) = { 921 type: "securitycenter.googleapis.com/NotificationConfig" 922 } 923 ]; 924} 925 926// Request message for deleting Security Health Analytics custom modules. 927message DeleteSecurityHealthAnalyticsCustomModuleRequest { 928 // Required. Name of the custom module to delete. Its format is 929 // "organizations/{organization}/securityHealthAnalyticsSettings/customModules/{customModule}", 930 // "folders/{folder}/securityHealthAnalyticsSettings/customModules/{customModule}", 931 // or 932 // "projects/{project}/securityHealthAnalyticsSettings/customModules/{customModule}" 933 string name = 1 [ 934 (google.api.field_behavior) = REQUIRED, 935 (google.api.resource_reference) = { 936 type: "securitycenter.googleapis.com/SecurityHealthAnalyticsCustomModule" 937 } 938 ]; 939} 940 941// Request message for retrieving a BigQuery export. 942message GetBigQueryExportRequest { 943 // Required. Name of the BigQuery export to retrieve. Its format is 944 // organizations/{organization}/bigQueryExports/{export_id}, 945 // folders/{folder}/bigQueryExports/{export_id}, or 946 // projects/{project}/bigQueryExports/{export_id} 947 string name = 1 [ 948 (google.api.field_behavior) = REQUIRED, 949 (google.api.resource_reference) = { 950 type: "securitycenter.googleapis.com/BigQueryExport" 951 } 952 ]; 953} 954 955// Request message for retrieving a mute config. 956message GetMuteConfigRequest { 957 // Required. Name of the mute config to retrieve. Its format is 958 // organizations/{organization}/muteConfigs/{config_id}, 959 // folders/{folder}/muteConfigs/{config_id}, or 960 // projects/{project}/muteConfigs/{config_id} 961 string name = 1 [ 962 (google.api.field_behavior) = REQUIRED, 963 (google.api.resource_reference) = { 964 type: "securitycenter.googleapis.com/MuteConfig" 965 } 966 ]; 967} 968 969// Request message for getting a notification config. 970message GetNotificationConfigRequest { 971 // Required. Name of the notification config to get. Its format is 972 // "organizations/[organization_id]/notificationConfigs/[config_id]", 973 // "folders/[folder_id]/notificationConfigs/[config_id]", 974 // or "projects/[project_id]/notificationConfigs/[config_id]". 975 string name = 1 [ 976 (google.api.field_behavior) = REQUIRED, 977 (google.api.resource_reference) = { 978 type: "securitycenter.googleapis.com/NotificationConfig" 979 } 980 ]; 981} 982 983// Request message for getting organization settings. 984message GetOrganizationSettingsRequest { 985 // Required. Name of the organization to get organization settings for. Its 986 // format is "organizations/[organization_id]/organizationSettings". 987 string name = 1 [ 988 (google.api.field_behavior) = REQUIRED, 989 (google.api.resource_reference) = { 990 type: "securitycenter.googleapis.com/OrganizationSettings" 991 } 992 ]; 993} 994 995// Request message for getting effective Security Health Analytics custom 996// modules. 997message GetEffectiveSecurityHealthAnalyticsCustomModuleRequest { 998 // Required. Name of the effective custom module to get. Its format is 999 // "organizations/{organization}/securityHealthAnalyticsSettings/effectiveCustomModules/{customModule}", 1000 // "folders/{folder}/securityHealthAnalyticsSettings/effectiveCustomModules/{customModule}", 1001 // or 1002 // "projects/{project}/securityHealthAnalyticsSettings/effectiveCustomModules/{customModule}" 1003 string name = 1 [ 1004 (google.api.field_behavior) = REQUIRED, 1005 (google.api.resource_reference) = { 1006 type: "securitycenter.googleapis.com/EffectiveSecurityHealthAnalyticsCustomModule" 1007 } 1008 ]; 1009} 1010 1011// Request message for getting Security Health Analytics custom modules. 1012message GetSecurityHealthAnalyticsCustomModuleRequest { 1013 // Required. Name of the custom module to get. Its format is 1014 // "organizations/{organization}/securityHealthAnalyticsSettings/customModules/{customModule}", 1015 // "folders/{folder}/securityHealthAnalyticsSettings/customModules/{customModule}", 1016 // or 1017 // "projects/{project}/securityHealthAnalyticsSettings/customModules/{customModule}" 1018 string name = 1 [ 1019 (google.api.field_behavior) = REQUIRED, 1020 (google.api.resource_reference) = { 1021 type: "securitycenter.googleapis.com/SecurityHealthAnalyticsCustomModule" 1022 } 1023 ]; 1024} 1025 1026// Request message for getting a source. 1027message GetSourceRequest { 1028 // Required. Relative resource name of the source. Its format is 1029 // "organizations/[organization_id]/source/[source_id]". 1030 string name = 1 [ 1031 (google.api.field_behavior) = REQUIRED, 1032 (google.api.resource_reference) = { 1033 type: "securitycenter.googleapis.com/Source" 1034 } 1035 ]; 1036} 1037 1038// Request message for grouping by assets. 1039message GroupAssetsRequest { 1040 // Required. The name of the parent to group the assets by. Its format is 1041 // "organizations/[organization_id]", "folders/[folder_id]", or 1042 // "projects/[project_id]". 1043 string parent = 1 [ 1044 (google.api.field_behavior) = REQUIRED, 1045 (google.api.resource_reference) = { 1046 child_type: "securitycenter.googleapis.com/Asset" 1047 } 1048 ]; 1049 1050 // Expression that defines the filter to apply across assets. 1051 // The expression is a list of zero or more restrictions combined via logical 1052 // operators `AND` and `OR`. 1053 // Parentheses are supported, and `OR` has higher precedence than `AND`. 1054 // 1055 // Restrictions have the form `<field> <operator> <value>` and may have a `-` 1056 // character in front of them to indicate negation. The fields map to those 1057 // defined in the Asset resource. Examples include: 1058 // 1059 // * name 1060 // * security_center_properties.resource_name 1061 // * resource_properties.a_property 1062 // * security_marks.marks.marka 1063 // 1064 // The supported operators are: 1065 // 1066 // * `=` for all value types. 1067 // * `>`, `<`, `>=`, `<=` for integer values. 1068 // * `:`, meaning substring matching, for strings. 1069 // 1070 // The supported value types are: 1071 // 1072 // * string literals in quotes. 1073 // * integer literals without quotes. 1074 // * boolean literals `true` and `false` without quotes. 1075 // 1076 // The following field and operator combinations are supported: 1077 // 1078 // * name: `=` 1079 // * update_time: `=`, `>`, `<`, `>=`, `<=` 1080 // 1081 // Usage: This should be milliseconds since epoch or an RFC3339 string. 1082 // Examples: 1083 // `update_time = "2019-06-10T16:07:18-07:00"` 1084 // `update_time = 1560208038000` 1085 // 1086 // * create_time: `=`, `>`, `<`, `>=`, `<=` 1087 // 1088 // Usage: This should be milliseconds since epoch or an RFC3339 string. 1089 // Examples: 1090 // `create_time = "2019-06-10T16:07:18-07:00"` 1091 // `create_time = 1560208038000` 1092 // 1093 // * iam_policy.policy_blob: `=`, `:` 1094 // * resource_properties: `=`, `:`, `>`, `<`, `>=`, `<=` 1095 // * security_marks.marks: `=`, `:` 1096 // * security_center_properties.resource_name: `=`, `:` 1097 // * security_center_properties.resource_display_name: `=`, `:` 1098 // * security_center_properties.resource_type: `=`, `:` 1099 // * security_center_properties.resource_parent: `=`, `:` 1100 // * security_center_properties.resource_parent_display_name: `=`, `:` 1101 // * security_center_properties.resource_project: `=`, `:` 1102 // * security_center_properties.resource_project_display_name: `=`, `:` 1103 // * security_center_properties.resource_owners: `=`, `:` 1104 // 1105 // For example, `resource_properties.size = 100` is a valid filter string. 1106 // 1107 // Use a partial match on the empty string to filter based on a property 1108 // existing: `resource_properties.my_property : ""` 1109 // 1110 // Use a negated partial match on the empty string to filter based on a 1111 // property not existing: `-resource_properties.my_property : ""` 1112 string filter = 2; 1113 1114 // Required. Expression that defines what assets fields to use for grouping. 1115 // The string value should follow SQL syntax: comma separated list of fields. 1116 // For example: 1117 // "security_center_properties.resource_project,security_center_properties.project". 1118 // 1119 // The following fields are supported when compare_duration is not set: 1120 // 1121 // * security_center_properties.resource_project 1122 // * security_center_properties.resource_project_display_name 1123 // * security_center_properties.resource_type 1124 // * security_center_properties.resource_parent 1125 // * security_center_properties.resource_parent_display_name 1126 // 1127 // The following fields are supported when compare_duration is set: 1128 // 1129 // * security_center_properties.resource_type 1130 // * security_center_properties.resource_project_display_name 1131 // * security_center_properties.resource_parent_display_name 1132 string group_by = 3 [(google.api.field_behavior) = REQUIRED]; 1133 1134 // When compare_duration is set, the GroupResult's "state_change" property is 1135 // updated to indicate whether the asset was added, removed, or remained 1136 // present during the compare_duration period of time that precedes the 1137 // read_time. This is the time between (read_time - compare_duration) and 1138 // read_time. 1139 // 1140 // The state change value is derived based on the presence of the asset at the 1141 // two points in time. Intermediate state changes between the two times don't 1142 // affect the result. For example, the results aren't affected if the asset is 1143 // removed and re-created again. 1144 // 1145 // Possible "state_change" values when compare_duration is specified: 1146 // 1147 // * "ADDED": indicates that the asset was not present at the start of 1148 // compare_duration, but present at reference_time. 1149 // * "REMOVED": indicates that the asset was present at the start of 1150 // compare_duration, but not present at reference_time. 1151 // * "ACTIVE": indicates that the asset was present at both the 1152 // start and the end of the time period defined by 1153 // compare_duration and reference_time. 1154 // 1155 // If compare_duration is not specified, then the only possible state_change 1156 // is "UNUSED", which will be the state_change set for all assets present at 1157 // read_time. 1158 // 1159 // If this field is set then `state_change` must be a specified field in 1160 // `group_by`. 1161 google.protobuf.Duration compare_duration = 4; 1162 1163 // Time used as a reference point when filtering assets. The filter is limited 1164 // to assets existing at the supplied time and their values are those at that 1165 // specific time. Absence of this field will default to the API's version of 1166 // NOW. 1167 google.protobuf.Timestamp read_time = 5; 1168 1169 // The value returned by the last `GroupAssetsResponse`; indicates 1170 // that this is a continuation of a prior `GroupAssets` call, and that the 1171 // system should return the next page of data. 1172 string page_token = 7; 1173 1174 // The maximum number of results to return in a single response. Default is 1175 // 10, minimum is 1, maximum is 1000. 1176 int32 page_size = 8; 1177} 1178 1179// Response message for grouping by assets. 1180message GroupAssetsResponse { 1181 // Group results. There exists an element for each existing unique 1182 // combination of property/values. The element contains a count for the number 1183 // of times those specific property/values appear. 1184 repeated GroupResult group_by_results = 1; 1185 1186 // Time used for executing the groupBy request. 1187 google.protobuf.Timestamp read_time = 2; 1188 1189 // Token to retrieve the next page of results, or empty if there are no more 1190 // results. 1191 string next_page_token = 3; 1192 1193 // The total number of results matching the query. 1194 int32 total_size = 4; 1195} 1196 1197// Request message for grouping by findings. 1198message GroupFindingsRequest { 1199 // Required. Name of the source to groupBy. Its format is 1200 // "organizations/[organization_id]/sources/[source_id]", 1201 // folders/[folder_id]/sources/[source_id], or 1202 // projects/[project_id]/sources/[source_id]. To groupBy across all sources 1203 // provide a source_id of `-`. For example: 1204 // organizations/{organization_id}/sources/-, folders/{folder_id}/sources/-, 1205 // or projects/{project_id}/sources/- 1206 string parent = 1 [ 1207 (google.api.field_behavior) = REQUIRED, 1208 (google.api.resource_reference) = { 1209 type: "securitycenter.googleapis.com/Source" 1210 } 1211 ]; 1212 1213 // Expression that defines the filter to apply across findings. 1214 // The expression is a list of one or more restrictions combined via logical 1215 // operators `AND` and `OR`. 1216 // Parentheses are supported, and `OR` has higher precedence than `AND`. 1217 // 1218 // Restrictions have the form `<field> <operator> <value>` and may have a `-` 1219 // character in front of them to indicate negation. Examples include: 1220 // 1221 // * name 1222 // * source_properties.a_property 1223 // * security_marks.marks.marka 1224 // 1225 // The supported operators are: 1226 // 1227 // * `=` for all value types. 1228 // * `>`, `<`, `>=`, `<=` for integer values. 1229 // * `:`, meaning substring matching, for strings. 1230 // 1231 // The supported value types are: 1232 // 1233 // * string literals in quotes. 1234 // * integer literals without quotes. 1235 // * boolean literals `true` and `false` without quotes. 1236 // 1237 // The following field and operator combinations are supported: 1238 // 1239 // * name: `=` 1240 // * parent: `=`, `:` 1241 // * resource_name: `=`, `:` 1242 // * state: `=`, `:` 1243 // * category: `=`, `:` 1244 // * external_uri: `=`, `:` 1245 // * event_time: `=`, `>`, `<`, `>=`, `<=` 1246 // 1247 // Usage: This should be milliseconds since epoch or an RFC3339 string. 1248 // Examples: 1249 // `event_time = "2019-06-10T16:07:18-07:00"` 1250 // `event_time = 1560208038000` 1251 // 1252 // * severity: `=`, `:` 1253 // * workflow_state: `=`, `:` 1254 // * security_marks.marks: `=`, `:` 1255 // * source_properties: `=`, `:`, `>`, `<`, `>=`, `<=` 1256 // 1257 // For example, `source_properties.size = 100` is a valid filter string. 1258 // 1259 // Use a partial match on the empty string to filter based on a property 1260 // existing: `source_properties.my_property : ""` 1261 // 1262 // Use a negated partial match on the empty string to filter based on a 1263 // property not existing: `-source_properties.my_property : ""` 1264 // 1265 // * resource: 1266 // * resource.name: `=`, `:` 1267 // * resource.parent_name: `=`, `:` 1268 // * resource.parent_display_name: `=`, `:` 1269 // * resource.project_name: `=`, `:` 1270 // * resource.project_display_name: `=`, `:` 1271 // * resource.type: `=`, `:` 1272 string filter = 2; 1273 1274 // Required. Expression that defines what assets fields to use for grouping 1275 // (including `state_change`). The string value should follow SQL syntax: 1276 // comma separated list of fields. For example: "parent,resource_name". 1277 // 1278 // The following fields are supported: 1279 // 1280 // * resource_name 1281 // * category 1282 // * state 1283 // * parent 1284 // * severity 1285 // 1286 // The following fields are supported when compare_duration is set: 1287 // 1288 // * state_change 1289 string group_by = 3 [(google.api.field_behavior) = REQUIRED]; 1290 1291 // Time used as a reference point when filtering findings. The filter is 1292 // limited to findings existing at the supplied time and their values are 1293 // those at that specific time. Absence of this field will default to the 1294 // API's version of NOW. 1295 google.protobuf.Timestamp read_time = 4; 1296 1297 // When compare_duration is set, the GroupResult's "state_change" attribute is 1298 // updated to indicate whether the finding had its state changed, the 1299 // finding's state remained unchanged, or if the finding was added during the 1300 // compare_duration period of time that precedes the read_time. This is the 1301 // time between (read_time - compare_duration) and read_time. 1302 // 1303 // The state_change value is derived based on the presence and state of the 1304 // finding at the two points in time. Intermediate state changes between the 1305 // two times don't affect the result. For example, the results aren't affected 1306 // if the finding is made inactive and then active again. 1307 // 1308 // Possible "state_change" values when compare_duration is specified: 1309 // 1310 // * "CHANGED": indicates that the finding was present and matched the given 1311 // filter at the start of compare_duration, but changed its 1312 // state at read_time. 1313 // * "UNCHANGED": indicates that the finding was present and matched the given 1314 // filter at the start of compare_duration and did not change 1315 // state at read_time. 1316 // * "ADDED": indicates that the finding did not match the given filter or 1317 // was not present at the start of compare_duration, but was 1318 // present at read_time. 1319 // * "REMOVED": indicates that the finding was present and matched the 1320 // filter at the start of compare_duration, but did not match 1321 // the filter at read_time. 1322 // 1323 // If compare_duration is not specified, then the only possible state_change 1324 // is "UNUSED", which will be the state_change set for all findings present 1325 // at read_time. 1326 // 1327 // If this field is set then `state_change` must be a specified field in 1328 // `group_by`. 1329 google.protobuf.Duration compare_duration = 5; 1330 1331 // The value returned by the last `GroupFindingsResponse`; indicates 1332 // that this is a continuation of a prior `GroupFindings` call, and 1333 // that the system should return the next page of data. 1334 string page_token = 7; 1335 1336 // The maximum number of results to return in a single response. Default is 1337 // 10, minimum is 1, maximum is 1000. 1338 int32 page_size = 8; 1339} 1340 1341// Response message for group by findings. 1342message GroupFindingsResponse { 1343 // Group results. There exists an element for each existing unique 1344 // combination of property/values. The element contains a count for the number 1345 // of times those specific property/values appear. 1346 repeated GroupResult group_by_results = 1; 1347 1348 // Time used for executing the groupBy request. 1349 google.protobuf.Timestamp read_time = 2; 1350 1351 // Token to retrieve the next page of results, or empty if there are no more 1352 // results. 1353 string next_page_token = 3; 1354 1355 // The total number of results matching the query. 1356 int32 total_size = 4; 1357} 1358 1359// Result containing the properties and count of a groupBy request. 1360message GroupResult { 1361 // Properties matching the groupBy fields in the request. 1362 map<string, google.protobuf.Value> properties = 1; 1363 1364 // Total count of resources for the given properties. 1365 int64 count = 2; 1366} 1367 1368// Request message for listing descendant Security Health Analytics custom 1369// modules. 1370message ListDescendantSecurityHealthAnalyticsCustomModulesRequest { 1371 // Required. Name of parent to list descendant custom modules. Its format is 1372 // "organizations/{organization}/securityHealthAnalyticsSettings", 1373 // "folders/{folder}/securityHealthAnalyticsSettings", or 1374 // "projects/{project}/securityHealthAnalyticsSettings" 1375 string parent = 1 [ 1376 (google.api.field_behavior) = REQUIRED, 1377 (google.api.resource_reference) = { 1378 child_type: "securitycenter.googleapis.com/SecurityHealthAnalyticsCustomModule" 1379 } 1380 ]; 1381 1382 // The maximum number of results to return in a single response. Default is 1383 // 10, minimum is 1, maximum is 1000. 1384 int32 page_size = 2; 1385 1386 // The value returned by the last call indicating a continuation 1387 string page_token = 3; 1388} 1389 1390// Response message for listing descendant Security Health Analytics custom 1391// modules. 1392message ListDescendantSecurityHealthAnalyticsCustomModulesResponse { 1393 // Custom modules belonging to the requested parent and its descendants. 1394 repeated SecurityHealthAnalyticsCustomModule 1395 security_health_analytics_custom_modules = 1; 1396 1397 // If not empty, indicates that there may be more custom modules to be 1398 // returned. 1399 string next_page_token = 2; 1400} 1401 1402// Request message for listing mute configs at a given scope e.g. organization, 1403// folder or project. 1404message ListMuteConfigsRequest { 1405 // Required. The parent, which owns the collection of mute configs. Its format 1406 // is "organizations/[organization_id]", "folders/[folder_id]", 1407 // "projects/[project_id]". 1408 string parent = 1 [ 1409 (google.api.field_behavior) = REQUIRED, 1410 (google.api.resource_reference) = { 1411 child_type: "securitycenter.googleapis.com/MuteConfig" 1412 } 1413 ]; 1414 1415 // The maximum number of configs to return. The service may return fewer than 1416 // this value. 1417 // If unspecified, at most 10 configs will be returned. 1418 // The maximum value is 1000; values above 1000 will be coerced to 1000. 1419 int32 page_size = 2; 1420 1421 // A page token, received from a previous `ListMuteConfigs` call. 1422 // Provide this to retrieve the subsequent page. 1423 // 1424 // When paginating, all other parameters provided to `ListMuteConfigs` must 1425 // match the call that provided the page token. 1426 string page_token = 3; 1427} 1428 1429// Response message for listing mute configs. 1430message ListMuteConfigsResponse { 1431 // The mute configs from the specified parent. 1432 repeated MuteConfig mute_configs = 1; 1433 1434 // A token, which can be sent as `page_token` to retrieve the next page. 1435 // If this field is omitted, there are no subsequent pages. 1436 string next_page_token = 2; 1437} 1438 1439// Request message for listing notification configs. 1440message ListNotificationConfigsRequest { 1441 // Required. The name of the parent in which to list the notification 1442 // configurations. Its format is "organizations/[organization_id]", 1443 // "folders/[folder_id]", or "projects/[project_id]". 1444 string parent = 1 [ 1445 (google.api.field_behavior) = REQUIRED, 1446 (google.api.resource_reference) = { 1447 child_type: "securitycenter.googleapis.com/NotificationConfig" 1448 } 1449 ]; 1450 1451 // The value returned by the last `ListNotificationConfigsResponse`; indicates 1452 // that this is a continuation of a prior `ListNotificationConfigs` call, and 1453 // that the system should return the next page of data. 1454 string page_token = 2; 1455 1456 // The maximum number of results to return in a single response. Default is 1457 // 10, minimum is 1, maximum is 1000. 1458 int32 page_size = 3; 1459} 1460 1461// Response message for listing notification configs. 1462message ListNotificationConfigsResponse { 1463 // Notification configs belonging to the requested parent. 1464 repeated NotificationConfig notification_configs = 1; 1465 1466 // Token to retrieve the next page of results, or empty if there are no more 1467 // results. 1468 string next_page_token = 2; 1469} 1470 1471// Request message for listing effective Security Health Analytics custom 1472// modules. 1473message ListEffectiveSecurityHealthAnalyticsCustomModulesRequest { 1474 // Required. Name of parent to list effective custom modules. Its format is 1475 // "organizations/{organization}/securityHealthAnalyticsSettings", 1476 // "folders/{folder}/securityHealthAnalyticsSettings", or 1477 // "projects/{project}/securityHealthAnalyticsSettings" 1478 string parent = 1 [ 1479 (google.api.field_behavior) = REQUIRED, 1480 (google.api.resource_reference) = { 1481 child_type: "securitycenter.googleapis.com/SecurityHealthAnalyticsCustomModule" 1482 } 1483 ]; 1484 1485 // The maximum number of results to return in a single response. Default is 1486 // 10, minimum is 1, maximum is 1000. 1487 int32 page_size = 2; 1488 1489 // The value returned by the last call indicating a continuation 1490 string page_token = 3; 1491} 1492 1493// Response message for listing effective Security Health Analytics custom 1494// modules. 1495message ListEffectiveSecurityHealthAnalyticsCustomModulesResponse { 1496 // Effective custom modules belonging to the requested parent. 1497 repeated EffectiveSecurityHealthAnalyticsCustomModule 1498 effective_security_health_analytics_custom_modules = 1; 1499 1500 // If not empty, indicates that there may be more effective custom modules to 1501 // be returned. 1502 string next_page_token = 2; 1503} 1504 1505// Request message for listing Security Health Analytics custom modules. 1506message ListSecurityHealthAnalyticsCustomModulesRequest { 1507 // Required. Name of parent to list custom modules. Its format is 1508 // "organizations/{organization}/securityHealthAnalyticsSettings", 1509 // "folders/{folder}/securityHealthAnalyticsSettings", or 1510 // "projects/{project}/securityHealthAnalyticsSettings" 1511 string parent = 1 [ 1512 (google.api.field_behavior) = REQUIRED, 1513 (google.api.resource_reference) = { 1514 child_type: "securitycenter.googleapis.com/SecurityHealthAnalyticsCustomModule" 1515 } 1516 ]; 1517 1518 // The maximum number of results to return in a single response. Default is 1519 // 10, minimum is 1, maximum is 1000. 1520 int32 page_size = 2; 1521 1522 // The value returned by the last call indicating a continuation 1523 string page_token = 3; 1524} 1525 1526// Response message for listing Security Health Analytics custom modules. 1527message ListSecurityHealthAnalyticsCustomModulesResponse { 1528 // Custom modules belonging to the requested parent. 1529 repeated SecurityHealthAnalyticsCustomModule 1530 security_health_analytics_custom_modules = 1; 1531 1532 // If not empty, indicates that there may be more custom modules to be 1533 // returned. 1534 string next_page_token = 2; 1535} 1536 1537// Request message for listing sources. 1538message ListSourcesRequest { 1539 // Required. Resource name of the parent of sources to list. Its format should 1540 // be "organizations/[organization_id]", "folders/[folder_id]", or 1541 // "projects/[project_id]". 1542 string parent = 1 [ 1543 (google.api.field_behavior) = REQUIRED, 1544 (google.api.resource_reference) = { 1545 child_type: "securitycenter.googleapis.com/Source" 1546 } 1547 ]; 1548 1549 // The value returned by the last `ListSourcesResponse`; indicates 1550 // that this is a continuation of a prior `ListSources` call, and 1551 // that the system should return the next page of data. 1552 string page_token = 2; 1553 1554 // The maximum number of results to return in a single response. Default is 1555 // 10, minimum is 1, maximum is 1000. 1556 int32 page_size = 7; 1557} 1558 1559// Response message for listing sources. 1560message ListSourcesResponse { 1561 // Sources belonging to the requested parent. 1562 repeated Source sources = 1; 1563 1564 // Token to retrieve the next page of results, or empty if there are no more 1565 // results. 1566 string next_page_token = 2; 1567} 1568 1569// Request message for listing assets. 1570message ListAssetsRequest { 1571 // Required. The name of the parent resource that contains the assets. The 1572 // value that you can specify on parent depends on the method in which you 1573 // specify parent. You can specify one of the following values: 1574 // "organizations/[organization_id]", "folders/[folder_id]", or 1575 // "projects/[project_id]". 1576 string parent = 1 [ 1577 (google.api.field_behavior) = REQUIRED, 1578 (google.api.resource_reference) = { 1579 child_type: "securitycenter.googleapis.com/Asset" 1580 } 1581 ]; 1582 1583 // Expression that defines the filter to apply across assets. 1584 // The expression is a list of zero or more restrictions combined via logical 1585 // operators `AND` and `OR`. 1586 // Parentheses are supported, and `OR` has higher precedence than `AND`. 1587 // 1588 // Restrictions have the form `<field> <operator> <value>` and may have a `-` 1589 // character in front of them to indicate negation. The fields map to those 1590 // defined in the Asset resource. Examples include: 1591 // 1592 // * name 1593 // * security_center_properties.resource_name 1594 // * resource_properties.a_property 1595 // * security_marks.marks.marka 1596 // 1597 // The supported operators are: 1598 // 1599 // * `=` for all value types. 1600 // * `>`, `<`, `>=`, `<=` for integer values. 1601 // * `:`, meaning substring matching, for strings. 1602 // 1603 // The supported value types are: 1604 // 1605 // * string literals in quotes. 1606 // * integer literals without quotes. 1607 // * boolean literals `true` and `false` without quotes. 1608 // 1609 // The following are the allowed field and operator combinations: 1610 // 1611 // * name: `=` 1612 // * update_time: `=`, `>`, `<`, `>=`, `<=` 1613 // 1614 // Usage: This should be milliseconds since epoch or an RFC3339 string. 1615 // Examples: 1616 // `update_time = "2019-06-10T16:07:18-07:00"` 1617 // `update_time = 1560208038000` 1618 // 1619 // * create_time: `=`, `>`, `<`, `>=`, `<=` 1620 // 1621 // Usage: This should be milliseconds since epoch or an RFC3339 string. 1622 // Examples: 1623 // `create_time = "2019-06-10T16:07:18-07:00"` 1624 // `create_time = 1560208038000` 1625 // 1626 // * iam_policy.policy_blob: `=`, `:` 1627 // * resource_properties: `=`, `:`, `>`, `<`, `>=`, `<=` 1628 // * security_marks.marks: `=`, `:` 1629 // * security_center_properties.resource_name: `=`, `:` 1630 // * security_center_properties.resource_display_name: `=`, `:` 1631 // * security_center_properties.resource_type: `=`, `:` 1632 // * security_center_properties.resource_parent: `=`, `:` 1633 // * security_center_properties.resource_parent_display_name: `=`, `:` 1634 // * security_center_properties.resource_project: `=`, `:` 1635 // * security_center_properties.resource_project_display_name: `=`, `:` 1636 // * security_center_properties.resource_owners: `=`, `:` 1637 // 1638 // For example, `resource_properties.size = 100` is a valid filter string. 1639 // 1640 // Use a partial match on the empty string to filter based on a property 1641 // existing: `resource_properties.my_property : ""` 1642 // 1643 // Use a negated partial match on the empty string to filter based on a 1644 // property not existing: `-resource_properties.my_property : ""` 1645 string filter = 2; 1646 1647 // Expression that defines what fields and order to use for sorting. The 1648 // string value should follow SQL syntax: comma separated list of fields. For 1649 // example: "name,resource_properties.a_property". The default sorting order 1650 // is ascending. To specify descending order for a field, a suffix " desc" 1651 // should be appended to the field name. For example: "name 1652 // desc,resource_properties.a_property". Redundant space characters in the 1653 // syntax are insignificant. "name desc,resource_properties.a_property" and " 1654 // name desc , resource_properties.a_property " are equivalent. 1655 // 1656 // The following fields are supported: 1657 // name 1658 // update_time 1659 // resource_properties 1660 // security_marks.marks 1661 // security_center_properties.resource_name 1662 // security_center_properties.resource_display_name 1663 // security_center_properties.resource_parent 1664 // security_center_properties.resource_parent_display_name 1665 // security_center_properties.resource_project 1666 // security_center_properties.resource_project_display_name 1667 // security_center_properties.resource_type 1668 string order_by = 3; 1669 1670 // Time used as a reference point when filtering assets. The filter is limited 1671 // to assets existing at the supplied time and their values are those at that 1672 // specific time. Absence of this field will default to the API's version of 1673 // NOW. 1674 google.protobuf.Timestamp read_time = 4; 1675 1676 // When compare_duration is set, the ListAssetsResult's "state_change" 1677 // attribute is updated to indicate whether the asset was added, removed, or 1678 // remained present during the compare_duration period of time that precedes 1679 // the read_time. This is the time between (read_time - compare_duration) and 1680 // read_time. 1681 // 1682 // The state_change value is derived based on the presence of the asset at the 1683 // two points in time. Intermediate state changes between the two times don't 1684 // affect the result. For example, the results aren't affected if the asset is 1685 // removed and re-created again. 1686 // 1687 // Possible "state_change" values when compare_duration is specified: 1688 // 1689 // * "ADDED": indicates that the asset was not present at the start of 1690 // compare_duration, but present at read_time. 1691 // * "REMOVED": indicates that the asset was present at the start of 1692 // compare_duration, but not present at read_time. 1693 // * "ACTIVE": indicates that the asset was present at both the 1694 // start and the end of the time period defined by 1695 // compare_duration and read_time. 1696 // 1697 // If compare_duration is not specified, then the only possible state_change 1698 // is "UNUSED", which will be the state_change set for all assets present at 1699 // read_time. 1700 google.protobuf.Duration compare_duration = 5; 1701 1702 // A field mask to specify the ListAssetsResult fields to be listed in the 1703 // response. 1704 // An empty field mask will list all fields. 1705 google.protobuf.FieldMask field_mask = 7; 1706 1707 // The value returned by the last `ListAssetsResponse`; indicates 1708 // that this is a continuation of a prior `ListAssets` call, and 1709 // that the system should return the next page of data. 1710 string page_token = 8; 1711 1712 // The maximum number of results to return in a single response. Default is 1713 // 10, minimum is 1, maximum is 1000. 1714 int32 page_size = 9; 1715} 1716 1717// Response message for listing assets. 1718message ListAssetsResponse { 1719 // Result containing the Asset and its State. 1720 message ListAssetsResult { 1721 // The change in state of the asset. 1722 // 1723 // When querying across two points in time this describes 1724 // the change between the two points: ADDED, REMOVED, or ACTIVE. 1725 // If there was no compare_duration supplied in the request the state change 1726 // will be: UNUSED 1727 enum StateChange { 1728 // State change is unused, this is the canonical default for this enum. 1729 UNUSED = 0; 1730 1731 // Asset was added between the points in time. 1732 ADDED = 1; 1733 1734 // Asset was removed between the points in time. 1735 REMOVED = 2; 1736 1737 // Asset was present at both point(s) in time. 1738 ACTIVE = 3; 1739 } 1740 1741 // Asset matching the search request. 1742 Asset asset = 1; 1743 1744 // State change of the asset between the points in time. 1745 StateChange state_change = 2; 1746 } 1747 1748 // Assets matching the list request. 1749 repeated ListAssetsResult list_assets_results = 1; 1750 1751 // Time used for executing the list request. 1752 google.protobuf.Timestamp read_time = 2; 1753 1754 // Token to retrieve the next page of results, or empty if there are no more 1755 // results. 1756 string next_page_token = 3; 1757 1758 // The total number of assets matching the query. 1759 int32 total_size = 4; 1760} 1761 1762// Request message for listing findings. 1763message ListFindingsRequest { 1764 // Required. Name of the source the findings belong to. Its format is 1765 // "organizations/[organization_id]/sources/[source_id], 1766 // folders/[folder_id]/sources/[source_id], or 1767 // projects/[project_id]/sources/[source_id]". To list across all sources 1768 // provide a source_id of `-`. For example: 1769 // organizations/{organization_id}/sources/-, folders/{folder_id}/sources/- or 1770 // projects/{projects_id}/sources/- 1771 string parent = 1 [ 1772 (google.api.field_behavior) = REQUIRED, 1773 (google.api.resource_reference) = { 1774 type: "securitycenter.googleapis.com/Source" 1775 } 1776 ]; 1777 1778 // Expression that defines the filter to apply across findings. 1779 // The expression is a list of one or more restrictions combined via logical 1780 // operators `AND` and `OR`. 1781 // Parentheses are supported, and `OR` has higher precedence than `AND`. 1782 // 1783 // Restrictions have the form `<field> <operator> <value>` and may have a `-` 1784 // character in front of them to indicate negation. Examples include: 1785 // 1786 // * name 1787 // * source_properties.a_property 1788 // * security_marks.marks.marka 1789 // 1790 // The supported operators are: 1791 // 1792 // * `=` for all value types. 1793 // * `>`, `<`, `>=`, `<=` for integer values. 1794 // * `:`, meaning substring matching, for strings. 1795 // 1796 // The supported value types are: 1797 // 1798 // * string literals in quotes. 1799 // * integer literals without quotes. 1800 // * boolean literals `true` and `false` without quotes. 1801 // 1802 // The following field and operator combinations are supported: 1803 // 1804 // * name: `=` 1805 // * parent: `=`, `:` 1806 // * resource_name: `=`, `:` 1807 // * state: `=`, `:` 1808 // * category: `=`, `:` 1809 // * external_uri: `=`, `:` 1810 // * event_time: `=`, `>`, `<`, `>=`, `<=` 1811 // 1812 // Usage: This should be milliseconds since epoch or an RFC3339 string. 1813 // Examples: 1814 // `event_time = "2019-06-10T16:07:18-07:00"` 1815 // `event_time = 1560208038000` 1816 // 1817 // * severity: `=`, `:` 1818 // * workflow_state: `=`, `:` 1819 // * security_marks.marks: `=`, `:` 1820 // * source_properties: `=`, `:`, `>`, `<`, `>=`, `<=` 1821 // 1822 // For example, `source_properties.size = 100` is a valid filter string. 1823 // 1824 // Use a partial match on the empty string to filter based on a property 1825 // existing: `source_properties.my_property : ""` 1826 // 1827 // Use a negated partial match on the empty string to filter based on a 1828 // property not existing: `-source_properties.my_property : ""` 1829 // 1830 // * resource: 1831 // * resource.name: `=`, `:` 1832 // * resource.parent_name: `=`, `:` 1833 // * resource.parent_display_name: `=`, `:` 1834 // * resource.project_name: `=`, `:` 1835 // * resource.project_display_name: `=`, `:` 1836 // * resource.type: `=`, `:` 1837 // * resource.folders.resource_folder: `=`, `:` 1838 // * resource.display_name: `=`, `:` 1839 string filter = 2; 1840 1841 // Expression that defines what fields and order to use for sorting. The 1842 // string value should follow SQL syntax: comma separated list of fields. For 1843 // example: "name,resource_properties.a_property". The default sorting order 1844 // is ascending. To specify descending order for a field, a suffix " desc" 1845 // should be appended to the field name. For example: "name 1846 // desc,source_properties.a_property". Redundant space characters in the 1847 // syntax are insignificant. "name desc,source_properties.a_property" and " 1848 // name desc , source_properties.a_property " are equivalent. 1849 // 1850 // The following fields are supported: 1851 // name 1852 // parent 1853 // state 1854 // category 1855 // resource_name 1856 // event_time 1857 // source_properties 1858 // security_marks.marks 1859 string order_by = 3; 1860 1861 // Time used as a reference point when filtering findings. The filter is 1862 // limited to findings existing at the supplied time and their values are 1863 // those at that specific time. Absence of this field will default to the 1864 // API's version of NOW. 1865 google.protobuf.Timestamp read_time = 4; 1866 1867 // When compare_duration is set, the ListFindingsResult's "state_change" 1868 // attribute is updated to indicate whether the finding had its state changed, 1869 // the finding's state remained unchanged, or if the finding was added in any 1870 // state during the compare_duration period of time that precedes the 1871 // read_time. This is the time between (read_time - compare_duration) and 1872 // read_time. 1873 // 1874 // The state_change value is derived based on the presence and state of the 1875 // finding at the two points in time. Intermediate state changes between the 1876 // two times don't affect the result. For example, the results aren't affected 1877 // if the finding is made inactive and then active again. 1878 // 1879 // Possible "state_change" values when compare_duration is specified: 1880 // 1881 // * "CHANGED": indicates that the finding was present and matched the given 1882 // filter at the start of compare_duration, but changed its 1883 // state at read_time. 1884 // * "UNCHANGED": indicates that the finding was present and matched the given 1885 // filter at the start of compare_duration and did not change 1886 // state at read_time. 1887 // * "ADDED": indicates that the finding did not match the given filter or 1888 // was not present at the start of compare_duration, but was 1889 // present at read_time. 1890 // * "REMOVED": indicates that the finding was present and matched the 1891 // filter at the start of compare_duration, but did not match 1892 // the filter at read_time. 1893 // 1894 // If compare_duration is not specified, then the only possible state_change 1895 // is "UNUSED", which will be the state_change set for all findings present at 1896 // read_time. 1897 google.protobuf.Duration compare_duration = 5; 1898 1899 // A field mask to specify the Finding fields to be listed in the response. 1900 // An empty field mask will list all fields. 1901 google.protobuf.FieldMask field_mask = 7; 1902 1903 // The value returned by the last `ListFindingsResponse`; indicates 1904 // that this is a continuation of a prior `ListFindings` call, and 1905 // that the system should return the next page of data. 1906 string page_token = 8; 1907 1908 // The maximum number of results to return in a single response. Default is 1909 // 10, minimum is 1, maximum is 1000. 1910 int32 page_size = 9; 1911} 1912 1913// Response message for listing findings. 1914message ListFindingsResponse { 1915 // Result containing the Finding and its StateChange. 1916 message ListFindingsResult { 1917 // The change in state of the finding. 1918 // 1919 // When querying across two points in time this describes 1920 // the change in the finding between the two points: CHANGED, UNCHANGED, 1921 // ADDED, or REMOVED. Findings can not be deleted, so REMOVED implies that 1922 // the finding at timestamp does not match the filter specified, but it did 1923 // at timestamp - compare_duration. If there was no compare_duration 1924 // supplied in the request the state change will be: UNUSED 1925 enum StateChange { 1926 // State change is unused, this is the canonical default for this enum. 1927 UNUSED = 0; 1928 1929 // The finding has changed state in some way between the points in time 1930 // and existed at both points. 1931 CHANGED = 1; 1932 1933 // The finding has not changed state between the points in time and 1934 // existed at both points. 1935 UNCHANGED = 2; 1936 1937 // The finding was created between the points in time. 1938 ADDED = 3; 1939 1940 // The finding at timestamp does not match the filter specified, but it 1941 // did at timestamp - compare_duration. 1942 REMOVED = 4; 1943 } 1944 1945 // Information related to the Google Cloud resource that is 1946 // associated with this finding. 1947 message Resource { 1948 // The full resource name of the resource. See: 1949 // https://cloud.google.com/apis/design/resource_names#full_resource_name 1950 string name = 1; 1951 1952 // The human readable name of the resource. 1953 string display_name = 8; 1954 1955 // The full resource type of the resource. 1956 string type = 6; 1957 1958 // The full resource name of project that the resource belongs to. 1959 string project_name = 2; 1960 1961 // The project ID that the resource belongs to. 1962 string project_display_name = 3; 1963 1964 // The full resource name of resource's parent. 1965 string parent_name = 4; 1966 1967 // The human readable name of resource's parent. 1968 string parent_display_name = 5; 1969 1970 // Contains a Folder message for each folder in the assets ancestry. 1971 // The first folder is the deepest nested folder, and the last folder is 1972 // the folder directly under the Organization. 1973 repeated Folder folders = 7; 1974 } 1975 1976 // Finding matching the search request. 1977 Finding finding = 1; 1978 1979 // State change of the finding between the points in time. 1980 StateChange state_change = 2; 1981 1982 // Output only. Resource that is associated with this finding. 1983 Resource resource = 3 [(google.api.field_behavior) = OUTPUT_ONLY]; 1984 } 1985 1986 // Findings matching the list request. 1987 repeated ListFindingsResult list_findings_results = 1; 1988 1989 // Time used for executing the list request. 1990 google.protobuf.Timestamp read_time = 2; 1991 1992 // Token to retrieve the next page of results, or empty if there are no more 1993 // results. 1994 string next_page_token = 3; 1995 1996 // The total number of findings matching the query. 1997 int32 total_size = 4; 1998} 1999 2000// Request message for updating a finding's state. 2001message SetFindingStateRequest { 2002 // Required. The [relative resource 2003 // name](https://cloud.google.com/apis/design/resource_names#relative_resource_name) 2004 // of the finding. Example: 2005 // "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}", 2006 // "folders/{folder_id}/sources/{source_id}/findings/{finding_id}", 2007 // "projects/{project_id}/sources/{source_id}/findings/{finding_id}". 2008 string name = 1 [ 2009 (google.api.field_behavior) = REQUIRED, 2010 (google.api.resource_reference) = { 2011 type: "securitycenter.googleapis.com/Finding" 2012 } 2013 ]; 2014 2015 // Required. The desired State of the finding. 2016 Finding.State state = 2 [(google.api.field_behavior) = REQUIRED]; 2017 2018 // Required. The time at which the updated state takes effect. 2019 google.protobuf.Timestamp start_time = 3 2020 [(google.api.field_behavior) = REQUIRED]; 2021} 2022 2023// Request message for updating a finding's mute status. 2024message SetMuteRequest { 2025 // Required. The [relative resource 2026 // name](https://cloud.google.com/apis/design/resource_names#relative_resource_name) 2027 // of the finding. Example: 2028 // "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}", 2029 // "folders/{folder_id}/sources/{source_id}/findings/{finding_id}", 2030 // "projects/{project_id}/sources/{source_id}/findings/{finding_id}". 2031 string name = 1 [ 2032 (google.api.field_behavior) = REQUIRED, 2033 (google.api.resource_reference) = { 2034 type: "securitycenter.googleapis.com/Finding" 2035 } 2036 ]; 2037 2038 // Required. The desired state of the Mute. 2039 Finding.Mute mute = 2 [(google.api.field_behavior) = REQUIRED]; 2040} 2041 2042// Request message for running asset discovery for an organization. 2043message RunAssetDiscoveryRequest { 2044 // Required. Name of the organization to run asset discovery for. Its format 2045 // is "organizations/[organization_id]". 2046 string parent = 1 [ 2047 (google.api.field_behavior) = REQUIRED, 2048 (google.api.resource_reference) = { 2049 type: "cloudresourcemanager.googleapis.com/Organization" 2050 } 2051 ]; 2052} 2053 2054// Request message to simulate a CustomConfig against a given test resource. 2055// Maximum size of the request is 4 MB by default. 2056message SimulateSecurityHealthAnalyticsCustomModuleRequest { 2057 // Manually constructed resource name. If the custom module evaluates against 2058 // only the resource data, you can omit the `iam_policy_data` field. If it 2059 // evaluates only the `iam_policy_data` field, you can omit the resource data. 2060 message SimulatedResource { 2061 // Required. The type of the resource, for example, 2062 // `compute.googleapis.com/Disk`. 2063 string resource_type = 1 [(google.api.field_behavior) = REQUIRED]; 2064 2065 // Optional. A representation of the Google Cloud resource. Should match the 2066 // Google Cloud resource JSON format. 2067 google.protobuf.Struct resource_data = 2 2068 [(google.api.field_behavior) = OPTIONAL]; 2069 2070 // Optional. A representation of the IAM policy. 2071 google.iam.v1.Policy iam_policy_data = 3 2072 [(google.api.field_behavior) = OPTIONAL]; 2073 } 2074 2075 // Required. The relative resource name of the organization, project, or 2076 // folder. For more information about relative resource names, see [Relative 2077 // Resource 2078 // Name](https://cloud.google.com/apis/design/resource_names#relative_resource_name) 2079 // Example: `organizations/{organization_id}` 2080 string parent = 1 [(google.api.field_behavior) = REQUIRED]; 2081 2082 // Required. The custom configuration that you need to test. 2083 CustomConfig custom_config = 2 [(google.api.field_behavior) = REQUIRED]; 2084 2085 // Required. Resource data to simulate custom module against. 2086 SimulatedResource resource = 3 [(google.api.field_behavior) = REQUIRED]; 2087} 2088 2089// Response message for simulating a `SecurityHealthAnalyticsCustomModule` 2090// against a given resource. 2091message SimulateSecurityHealthAnalyticsCustomModuleResponse { 2092 // Possible test result. 2093 message SimulatedResult { 2094 oneof result { 2095 // Finding that would be published for the test case, 2096 // if a violation is detected. 2097 Finding finding = 1; 2098 2099 // Indicates that the test case does not trigger any violation. 2100 google.protobuf.Empty no_violation = 2; 2101 2102 // Error encountered during the test. 2103 google.rpc.Status error = 3; 2104 } 2105 } 2106 2107 // Result for test case in the corresponding request. 2108 SimulatedResult result = 1; 2109} 2110 2111// Request message for updating a ExternalSystem resource. 2112message UpdateExternalSystemRequest { 2113 // Required. The external system resource to update. 2114 ExternalSystem external_system = 1 [(google.api.field_behavior) = REQUIRED]; 2115 2116 // The FieldMask to use when updating the external system resource. 2117 // 2118 // If empty all mutable fields will be updated. 2119 google.protobuf.FieldMask update_mask = 2; 2120} 2121 2122// Request message for updating or creating a finding. 2123message UpdateFindingRequest { 2124 // Required. The finding resource to update or create if it does not already 2125 // exist. parent, security_marks, and update_time will be ignored. 2126 // 2127 // In the case of creation, the finding id portion of the name must be 2128 // alphanumeric and less than or equal to 32 characters and greater than 0 2129 // characters in length. 2130 Finding finding = 1 [(google.api.field_behavior) = REQUIRED]; 2131 2132 // The FieldMask to use when updating the finding resource. This field should 2133 // not be specified when creating a finding. 2134 // 2135 // When updating a finding, an empty mask is treated as updating all mutable 2136 // fields and replacing source_properties. Individual source_properties can 2137 // be added/updated by using "source_properties.<property key>" in the field 2138 // mask. 2139 google.protobuf.FieldMask update_mask = 2; 2140} 2141 2142// Request message for updating a mute config. 2143message UpdateMuteConfigRequest { 2144 // Required. The mute config being updated. 2145 MuteConfig mute_config = 1 [(google.api.field_behavior) = REQUIRED]; 2146 2147 // The list of fields to be updated. 2148 // If empty all mutable fields will be updated. 2149 google.protobuf.FieldMask update_mask = 2; 2150} 2151 2152// Request message for updating a notification config. 2153message UpdateNotificationConfigRequest { 2154 // Required. The notification config to update. 2155 NotificationConfig notification_config = 1 2156 [(google.api.field_behavior) = REQUIRED]; 2157 2158 // The FieldMask to use when updating the notification config. 2159 // 2160 // If empty all mutable fields will be updated. 2161 google.protobuf.FieldMask update_mask = 2; 2162} 2163 2164// Request message for updating an organization's settings. 2165message UpdateOrganizationSettingsRequest { 2166 // Required. The organization settings resource to update. 2167 OrganizationSettings organization_settings = 1 2168 [(google.api.field_behavior) = REQUIRED]; 2169 2170 // The FieldMask to use when updating the settings resource. 2171 // 2172 // If empty all mutable fields will be updated. 2173 google.protobuf.FieldMask update_mask = 2; 2174} 2175 2176// Request message for updating Security Health Analytics custom modules. 2177message UpdateSecurityHealthAnalyticsCustomModuleRequest { 2178 // Required. The SecurityHealthAnalytics custom module to update. 2179 SecurityHealthAnalyticsCustomModule security_health_analytics_custom_module = 2180 1 [(google.api.field_behavior) = REQUIRED]; 2181 2182 // The list of fields to update. 2183 google.protobuf.FieldMask update_mask = 2; 2184} 2185 2186// Request message for updating a source. 2187message UpdateSourceRequest { 2188 // Required. The source resource to update. 2189 Source source = 1 [(google.api.field_behavior) = REQUIRED]; 2190 2191 // The FieldMask to use when updating the source resource. 2192 // 2193 // If empty all mutable fields will be updated. 2194 google.protobuf.FieldMask update_mask = 2; 2195} 2196 2197// Request message for updating a SecurityMarks resource. 2198message UpdateSecurityMarksRequest { 2199 // Required. The security marks resource to update. 2200 SecurityMarks security_marks = 1 [(google.api.field_behavior) = REQUIRED]; 2201 2202 // The FieldMask to use when updating the security marks resource. 2203 // 2204 // The field mask must not contain duplicate fields. 2205 // If empty or set to "marks", all marks will be replaced. Individual 2206 // marks can be updated using "marks.<mark_key>". 2207 google.protobuf.FieldMask update_mask = 2; 2208 2209 // The time at which the updated SecurityMarks take effect. 2210 // If not set uses current server time. Updates will be applied to the 2211 // SecurityMarks that are active immediately preceding this time. Must be 2212 // earlier or equal to the server time. 2213 google.protobuf.Timestamp start_time = 3; 2214} 2215 2216// Request message for creating a BigQuery export. 2217message CreateBigQueryExportRequest { 2218 // Required. The name of the parent resource of the new BigQuery export. Its 2219 // format is "organizations/[organization_id]", "folders/[folder_id]", or 2220 // "projects/[project_id]". 2221 string parent = 1 [ 2222 (google.api.field_behavior) = REQUIRED, 2223 (google.api.resource_reference) = { 2224 child_type: "securitycenter.googleapis.com/BigQueryExport" 2225 } 2226 ]; 2227 2228 // Required. The BigQuery export being created. 2229 BigQueryExport big_query_export = 2 [(google.api.field_behavior) = REQUIRED]; 2230 2231 // Required. Unique identifier provided by the client within the parent scope. 2232 // It must consist of only lowercase letters, numbers, and hyphens, must start 2233 // with a letter, must end with either a letter or a number, and must be 63 2234 // characters or less. 2235 string big_query_export_id = 3 [(google.api.field_behavior) = REQUIRED]; 2236} 2237 2238// Request message for updating a BigQuery export. 2239message UpdateBigQueryExportRequest { 2240 // Required. The BigQuery export being updated. 2241 BigQueryExport big_query_export = 1 [(google.api.field_behavior) = REQUIRED]; 2242 2243 // The list of fields to be updated. 2244 // If empty all mutable fields will be updated. 2245 google.protobuf.FieldMask update_mask = 2; 2246} 2247 2248// Request message for listing BigQuery exports at a given scope e.g. 2249// organization, folder or project. 2250message ListBigQueryExportsRequest { 2251 // Required. The parent, which owns the collection of BigQuery exports. Its 2252 // format is "organizations/[organization_id]", "folders/[folder_id]", 2253 // "projects/[project_id]". 2254 string parent = 1 [ 2255 (google.api.field_behavior) = REQUIRED, 2256 (google.api.resource_reference) = { 2257 child_type: "securitycenter.googleapis.com/BigQueryExport" 2258 } 2259 ]; 2260 2261 // The maximum number of configs to return. The service may return fewer than 2262 // this value. 2263 // If unspecified, at most 10 configs will be returned. 2264 // The maximum value is 1000; values above 1000 will be coerced to 1000. 2265 int32 page_size = 2; 2266 2267 // A page token, received from a previous `ListBigQueryExports` call. 2268 // Provide this to retrieve the subsequent page. 2269 // When paginating, all other parameters provided to `ListBigQueryExports` 2270 // must match the call that provided the page token. 2271 string page_token = 3; 2272} 2273 2274// Response message for listing BigQuery exports. 2275message ListBigQueryExportsResponse { 2276 // The BigQuery exports from the specified parent. 2277 repeated BigQueryExport big_query_exports = 1; 2278 2279 // A token, which can be sent as `page_token` to retrieve the next page. 2280 // If this field is omitted, there are no subsequent pages. 2281 string next_page_token = 2; 2282} 2283 2284// Request message for deleting a BigQuery export. 2285message DeleteBigQueryExportRequest { 2286 // Required. The name of the BigQuery export to delete. Its format is 2287 // organizations/{organization}/bigQueryExports/{export_id}, 2288 // folders/{folder}/bigQueryExports/{export_id}, or 2289 // projects/{project}/bigQueryExports/{export_id} 2290 string name = 1 [ 2291 (google.api.field_behavior) = REQUIRED, 2292 (google.api.resource_reference) = { 2293 type: "securitycenter.googleapis.com/BigQueryExport" 2294 } 2295 ]; 2296} 2297