1// Copyright 2020 Google LLC 2// 3// Licensed under the Apache License, Version 2.0 (the "License"); 4// you may not use this file except in compliance with the License. 5// You may obtain a copy of the License at 6// 7// http://www.apache.org/licenses/LICENSE-2.0 8// 9// Unless required by applicable law or agreed to in writing, software 10// distributed under the License is distributed on an "AS IS" BASIS, 11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12// See the License for the specific language governing permissions and 13// limitations under the License. 14 15syntax = "proto3"; 16 17package google.cloud.securitycenter.v1beta1; 18 19import "google/api/annotations.proto"; 20import "google/api/client.proto"; 21import "google/api/field_behavior.proto"; 22import "google/api/resource.proto"; 23import "google/cloud/securitycenter/v1beta1/asset.proto"; 24import "google/cloud/securitycenter/v1beta1/finding.proto"; 25import "google/cloud/securitycenter/v1beta1/organization_settings.proto"; 26import "google/cloud/securitycenter/v1beta1/security_marks.proto"; 27import "google/cloud/securitycenter/v1beta1/source.proto"; 28import "google/iam/v1/iam_policy.proto"; 29import "google/iam/v1/policy.proto"; 30import "google/longrunning/operations.proto"; 31import "google/protobuf/duration.proto"; 32import "google/protobuf/field_mask.proto"; 33import "google/protobuf/struct.proto"; 34import "google/protobuf/timestamp.proto"; 35 36option go_package = "cloud.google.com/go/securitycenter/apiv1beta1/securitycenterpb;securitycenterpb"; 37option java_multiple_files = true; 38option java_package = "com.google.cloud.securitycenter.v1beta1"; 39 40// V1 Beta APIs for Security Center service. 41service SecurityCenter { 42 option (google.api.default_host) = "securitycenter.googleapis.com"; 43 option (google.api.oauth_scopes) = "https://www.googleapis.com/auth/cloud-platform"; 44 45 // Creates a source. 46 rpc CreateSource(CreateSourceRequest) returns (Source) { 47 option (google.api.http) = { 48 post: "/v1beta1/{parent=organizations/*}/sources" 49 body: "source" 50 }; 51 option (google.api.method_signature) = "parent,source"; 52 } 53 54 // Creates a finding. The corresponding source must exist for finding creation 55 // to succeed. 56 rpc CreateFinding(CreateFindingRequest) returns (Finding) { 57 option (google.api.http) = { 58 post: "/v1beta1/{parent=organizations/*/sources/*}/findings" 59 body: "finding" 60 }; 61 option (google.api.method_signature) = "parent,finding_id,finding"; 62 } 63 64 // Gets the access control policy on the specified Source. 65 rpc GetIamPolicy(google.iam.v1.GetIamPolicyRequest) returns (google.iam.v1.Policy) { 66 option (google.api.http) = { 67 post: "/v1beta1/{resource=organizations/*/sources/*}:getIamPolicy" 68 body: "*" 69 }; 70 option (google.api.method_signature) = "resource"; 71 } 72 73 // Gets the settings for an organization. 74 rpc GetOrganizationSettings(GetOrganizationSettingsRequest) returns (OrganizationSettings) { 75 option (google.api.http) = { 76 get: "/v1beta1/{name=organizations/*/organizationSettings}" 77 }; 78 option (google.api.method_signature) = "name"; 79 } 80 81 // Gets a source. 82 rpc GetSource(GetSourceRequest) returns (Source) { 83 option (google.api.http) = { 84 get: "/v1beta1/{name=organizations/*/sources/*}" 85 }; 86 option (google.api.method_signature) = "name"; 87 } 88 89 // Filters an organization's assets and groups them by their specified 90 // properties. 91 rpc GroupAssets(GroupAssetsRequest) returns (GroupAssetsResponse) { 92 option (google.api.http) = { 93 post: "/v1beta1/{parent=organizations/*}/assets:group" 94 body: "*" 95 }; 96 } 97 98 // Filters an organization or source's findings and groups them by their 99 // specified properties. 100 // 101 // To group across all sources provide a `-` as the source id. 102 // Example: /v1beta1/organizations/{organization_id}/sources/-/findings 103 rpc GroupFindings(GroupFindingsRequest) returns (GroupFindingsResponse) { 104 option (google.api.http) = { 105 post: "/v1beta1/{parent=organizations/*/sources/*}/findings:group" 106 body: "*" 107 }; 108 option (google.api.method_signature) = "parent,group_by"; 109 } 110 111 // Lists an organization's assets. 112 rpc ListAssets(ListAssetsRequest) returns (ListAssetsResponse) { 113 option (google.api.http) = { 114 get: "/v1beta1/{parent=organizations/*}/assets" 115 }; 116 } 117 118 // Lists an organization or source's findings. 119 // 120 // To list across all sources provide a `-` as the source id. 121 // Example: /v1beta1/organizations/{organization_id}/sources/-/findings 122 rpc ListFindings(ListFindingsRequest) returns (ListFindingsResponse) { 123 option (google.api.http) = { 124 get: "/v1beta1/{parent=organizations/*/sources/*}/findings" 125 }; 126 } 127 128 // Lists all sources belonging to an organization. 129 rpc ListSources(ListSourcesRequest) returns (ListSourcesResponse) { 130 option (google.api.http) = { 131 get: "/v1beta1/{parent=organizations/*}/sources" 132 }; 133 option (google.api.method_signature) = "parent"; 134 } 135 136 // Runs asset discovery. The discovery is tracked with a long-running 137 // operation. 138 // 139 // This API can only be called with limited frequency for an organization. If 140 // it is called too frequently the caller will receive a TOO_MANY_REQUESTS 141 // error. 142 rpc RunAssetDiscovery(RunAssetDiscoveryRequest) returns (google.longrunning.Operation) { 143 option (google.api.http) = { 144 post: "/v1beta1/{parent=organizations/*}/assets:runDiscovery" 145 body: "*" 146 }; 147 option (google.api.method_signature) = "parent"; 148 option (google.longrunning.operation_info) = { 149 response_type: "google.protobuf.Empty" 150 metadata_type: "google.protobuf.Empty" 151 }; 152 } 153 154 // Updates the state of a finding. 155 rpc SetFindingState(SetFindingStateRequest) returns (Finding) { 156 option (google.api.http) = { 157 post: "/v1beta1/{name=organizations/*/sources/*/findings/*}:setState" 158 body: "*" 159 }; 160 option (google.api.method_signature) = "name,state,start_time"; 161 } 162 163 // Sets the access control policy on the specified Source. 164 rpc SetIamPolicy(google.iam.v1.SetIamPolicyRequest) returns (google.iam.v1.Policy) { 165 option (google.api.http) = { 166 post: "/v1beta1/{resource=organizations/*/sources/*}:setIamPolicy" 167 body: "*" 168 }; 169 option (google.api.method_signature) = "resource,policy"; 170 } 171 172 // Returns the permissions that a caller has on the specified source. 173 rpc TestIamPermissions(google.iam.v1.TestIamPermissionsRequest) returns (google.iam.v1.TestIamPermissionsResponse) { 174 option (google.api.http) = { 175 post: "/v1beta1/{resource=organizations/*/sources/*}:testIamPermissions" 176 body: "*" 177 }; 178 option (google.api.method_signature) = "resource,permissions"; 179 } 180 181 // Creates or updates a finding. The corresponding source must exist for a 182 // finding creation to succeed. 183 rpc UpdateFinding(UpdateFindingRequest) returns (Finding) { 184 option (google.api.http) = { 185 patch: "/v1beta1/{finding.name=organizations/*/sources/*/findings/*}" 186 body: "finding" 187 }; 188 option (google.api.method_signature) = "finding"; 189 } 190 191 // Updates an organization's settings. 192 rpc UpdateOrganizationSettings(UpdateOrganizationSettingsRequest) returns (OrganizationSettings) { 193 option (google.api.http) = { 194 patch: "/v1beta1/{organization_settings.name=organizations/*/organizationSettings}" 195 body: "organization_settings" 196 }; 197 option (google.api.method_signature) = "organization_settings"; 198 } 199 200 // Updates a source. 201 rpc UpdateSource(UpdateSourceRequest) returns (Source) { 202 option (google.api.http) = { 203 patch: "/v1beta1/{source.name=organizations/*/sources/*}" 204 body: "source" 205 }; 206 option (google.api.method_signature) = "source"; 207 } 208 209 // Updates security marks. 210 rpc UpdateSecurityMarks(UpdateSecurityMarksRequest) returns (SecurityMarks) { 211 option (google.api.http) = { 212 patch: "/v1beta1/{security_marks.name=organizations/*/assets/*/securityMarks}" 213 body: "security_marks" 214 additional_bindings { 215 patch: "/v1beta1/{security_marks.name=organizations/*/sources/*/findings/*/securityMarks}" 216 body: "security_marks" 217 } 218 }; 219 option (google.api.method_signature) = "security_marks"; 220 } 221} 222 223// Request message for creating a finding. 224message CreateFindingRequest { 225 // Required. Resource name of the new finding's parent. Its format should be 226 // "organizations/[organization_id]/sources/[source_id]". 227 string parent = 1 [ 228 (google.api.field_behavior) = REQUIRED, 229 (google.api.resource_reference) = { 230 type: "securitycenter.googleapis.com/Source" 231 } 232 ]; 233 234 // Required. Unique identifier provided by the client within the parent scope. 235 // It must be alphanumeric and less than or equal to 32 characters and 236 // greater than 0 characters in length. 237 string finding_id = 2 [(google.api.field_behavior) = REQUIRED]; 238 239 // Required. The Finding being created. The name and security_marks will be ignored as 240 // they are both output only fields on this resource. 241 Finding finding = 3 [(google.api.field_behavior) = REQUIRED]; 242} 243 244// Request message for creating a source. 245message CreateSourceRequest { 246 // Required. Resource name of the new source's parent. Its format should be 247 // "organizations/[organization_id]". 248 string parent = 1 [ 249 (google.api.field_behavior) = REQUIRED, 250 (google.api.resource_reference) = { 251 type: "cloudresourcemanager.googleapis.com/Organization" 252 } 253 ]; 254 255 // Required. The Source being created, only the display_name and description will be 256 // used. All other fields will be ignored. 257 Source source = 2 [(google.api.field_behavior) = REQUIRED]; 258} 259 260// Request message for getting organization settings. 261message GetOrganizationSettingsRequest { 262 // Required. Name of the organization to get organization settings for. Its format is 263 // "organizations/[organization_id]/organizationSettings". 264 string name = 1 [ 265 (google.api.field_behavior) = REQUIRED, 266 (google.api.resource_reference) = { 267 type: "securitycenter.googleapis.com/OrganizationSettings" 268 } 269 ]; 270} 271 272// Request message for getting a source. 273message GetSourceRequest { 274 // Required. Relative resource name of the source. Its format is 275 // "organizations/[organization_id]/source/[source_id]". 276 string name = 1 [ 277 (google.api.field_behavior) = REQUIRED, 278 (google.api.resource_reference) = { 279 type: "securitycenter.googleapis.com/Source" 280 } 281 ]; 282} 283 284// Request message for grouping by assets. 285message GroupAssetsRequest { 286 // Required. Name of the organization to groupBy. Its format is 287 // "organizations/[organization_id]". 288 string parent = 1 [ 289 (google.api.field_behavior) = REQUIRED, 290 (google.api.resource_reference) = { 291 type: "cloudresourcemanager.googleapis.com/Organization" 292 } 293 ]; 294 295 // Expression that defines the filter to apply across assets. 296 // The expression is a list of zero or more restrictions combined via logical 297 // operators `AND` and `OR`. 298 // Parentheses are not supported, and `OR` has higher precedence than `AND`. 299 // 300 // Restrictions have the form `<field> <operator> <value>` and may have a `-` 301 // character in front of them to indicate negation. The fields map to those 302 // defined in the Asset resource. Examples include: 303 // 304 // * name 305 // * security_center_properties.resource_name 306 // * resource_properties.a_property 307 // * security_marks.marks.marka 308 // 309 // The supported operators are: 310 // 311 // * `=` for all value types. 312 // * `>`, `<`, `>=`, `<=` for integer values. 313 // * `:`, meaning substring matching, for strings. 314 // 315 // The supported value types are: 316 // 317 // * string literals in quotes. 318 // * integer literals without quotes. 319 // * boolean literals `true` and `false` without quotes. 320 // 321 // For example, `resource_properties.size = 100` is a valid filter string. 322 string filter = 2; 323 324 // Required. Expression that defines what assets fields to use for grouping. The string 325 // value should follow SQL syntax: comma separated list of fields. For 326 // example: 327 // "security_center_properties.resource_project,security_center_properties.project". 328 // 329 // The following fields are supported when compare_duration is not set: 330 // 331 // * security_center_properties.resource_project 332 // * security_center_properties.resource_type 333 // * security_center_properties.resource_parent 334 // 335 // The following fields are supported when compare_duration is set: 336 // 337 // * security_center_properties.resource_type 338 string group_by = 3 [(google.api.field_behavior) = REQUIRED]; 339 340 // When compare_duration is set, the Asset's "state" property is updated to 341 // indicate whether the asset was added, removed, or remained present during 342 // the compare_duration period of time that precedes the read_time. This is 343 // the time between (read_time - compare_duration) and read_time. 344 // 345 // The state value is derived based on the presence of the asset at the two 346 // points in time. Intermediate state changes between the two times don't 347 // affect the result. For example, the results aren't affected if the asset is 348 // removed and re-created again. 349 // 350 // Possible "state" values when compare_duration is specified: 351 // 352 // * "ADDED": indicates that the asset was not present before 353 // compare_duration, but present at reference_time. 354 // * "REMOVED": indicates that the asset was present at the start of 355 // compare_duration, but not present at reference_time. 356 // * "ACTIVE": indicates that the asset was present at both the 357 // start and the end of the time period defined by 358 // compare_duration and reference_time. 359 // 360 // This field is ignored if `state` is not a field in `group_by`. 361 google.protobuf.Duration compare_duration = 4; 362 363 // Time used as a reference point when filtering assets. The filter is limited 364 // to assets existing at the supplied time and their values are those at that 365 // specific time. Absence of this field will default to the API's version of 366 // NOW. 367 google.protobuf.Timestamp read_time = 5; 368 369 // The value returned by the last `GroupAssetsResponse`; indicates 370 // that this is a continuation of a prior `GroupAssets` call, and that the 371 // system should return the next page of data. 372 string page_token = 7; 373 374 // The maximum number of results to return in a single response. Default is 375 // 10, minimum is 1, maximum is 1000. 376 int32 page_size = 8; 377} 378 379// Response message for grouping by assets. 380message GroupAssetsResponse { 381 // Group results. There exists an element for each existing unique 382 // combination of property/values. The element contains a count for the number 383 // of times those specific property/values appear. 384 repeated GroupResult group_by_results = 1; 385 386 // Time used for executing the groupBy request. 387 google.protobuf.Timestamp read_time = 2; 388 389 // Token to retrieve the next page of results, or empty if there are no more 390 // results. 391 string next_page_token = 3; 392} 393 394// Request message for grouping by findings. 395message GroupFindingsRequest { 396 // Required. Name of the source to groupBy. Its format is 397 // "organizations/[organization_id]/sources/[source_id]". To groupBy across 398 // all sources provide a source_id of `-`. For example: 399 // organizations/{organization_id}/sources/- 400 string parent = 1 [ 401 (google.api.field_behavior) = REQUIRED, 402 (google.api.resource_reference) = { 403 type: "securitycenter.googleapis.com/Source" 404 } 405 ]; 406 407 // Expression that defines the filter to apply across findings. 408 // The expression is a list of one or more restrictions combined via logical 409 // operators `AND` and `OR`. 410 // Parentheses are not supported, and `OR` has higher precedence than `AND`. 411 // 412 // Restrictions have the form `<field> <operator> <value>` and may have a `-` 413 // character in front of them to indicate negation. Examples include: 414 // 415 // * name 416 // * source_properties.a_property 417 // * security_marks.marks.marka 418 // 419 // The supported operators are: 420 // 421 // * `=` for all value types. 422 // * `>`, `<`, `>=`, `<=` for integer values. 423 // * `:`, meaning substring matching, for strings. 424 // 425 // The supported value types are: 426 // 427 // * string literals in quotes. 428 // * integer literals without quotes. 429 // * boolean literals `true` and `false` without quotes. 430 // 431 // For example, `source_properties.size = 100` is a valid filter string. 432 string filter = 2; 433 434 // Required. Expression that defines what assets fields to use for grouping (including 435 // `state`). The string value should follow SQL syntax: comma separated list 436 // of fields. For example: 437 // "parent,resource_name". 438 // 439 // The following fields are supported: 440 // 441 // * resource_name 442 // * category 443 // * state 444 // * parent 445 string group_by = 3 [(google.api.field_behavior) = REQUIRED]; 446 447 // Time used as a reference point when filtering findings. The filter is 448 // limited to findings existing at the supplied time and their values are 449 // those at that specific time. Absence of this field will default to the 450 // API's version of NOW. 451 google.protobuf.Timestamp read_time = 4; 452 453 // The value returned by the last `GroupFindingsResponse`; indicates 454 // that this is a continuation of a prior `GroupFindings` call, and 455 // that the system should return the next page of data. 456 string page_token = 5; 457 458 // The maximum number of results to return in a single response. Default is 459 // 10, minimum is 1, maximum is 1000. 460 int32 page_size = 6; 461} 462 463// Response message for group by findings. 464message GroupFindingsResponse { 465 // Group results. There exists an element for each existing unique 466 // combination of property/values. The element contains a count for the number 467 // of times those specific property/values appear. 468 repeated GroupResult group_by_results = 1; 469 470 // Time used for executing the groupBy request. 471 google.protobuf.Timestamp read_time = 2; 472 473 // Token to retrieve the next page of results, or empty if there are no more 474 // results. 475 string next_page_token = 3; 476} 477 478// Result containing the properties and count of a groupBy request. 479message GroupResult { 480 // Properties matching the groupBy fields in the request. 481 map<string, google.protobuf.Value> properties = 1; 482 483 // Total count of resources for the given properties. 484 int64 count = 2; 485} 486 487// Request message for listing sources. 488message ListSourcesRequest { 489 // Required. Resource name of the parent of sources to list. Its format should be 490 // "organizations/[organization_id]". 491 string parent = 1 [ 492 (google.api.field_behavior) = REQUIRED, 493 (google.api.resource_reference) = { 494 type: "cloudresourcemanager.googleapis.com/Organization" 495 } 496 ]; 497 498 // The value returned by the last `ListSourcesResponse`; indicates 499 // that this is a continuation of a prior `ListSources` call, and 500 // that the system should return the next page of data. 501 string page_token = 2; 502 503 // The maximum number of results to return in a single response. Default is 504 // 10, minimum is 1, maximum is 1000. 505 int32 page_size = 7; 506} 507 508// Response message for listing sources. 509message ListSourcesResponse { 510 // Sources belonging to the requested parent. 511 repeated Source sources = 1; 512 513 // Token to retrieve the next page of results, or empty if there are no more 514 // results. 515 string next_page_token = 2; 516} 517 518// Request message for listing assets. 519message ListAssetsRequest { 520 // Required. Name of the organization assets should belong to. Its format is 521 // "organizations/[organization_id]". 522 string parent = 1 [ 523 (google.api.field_behavior) = REQUIRED, 524 (google.api.resource_reference) = { 525 type: "cloudresourcemanager.googleapis.com/Organization" 526 } 527 ]; 528 529 // Expression that defines the filter to apply across assets. 530 // The expression is a list of zero or more restrictions combined via logical 531 // operators `AND` and `OR`. 532 // Parentheses are not supported, and `OR` has higher precedence than `AND`. 533 // 534 // Restrictions have the form `<field> <operator> <value>` and may have a `-` 535 // character in front of them to indicate negation. The fields map to those 536 // defined in the Asset resource. Examples include: 537 // 538 // * name 539 // * security_center_properties.resource_name 540 // * resource_properties.a_property 541 // * security_marks.marks.marka 542 // 543 // The supported operators are: 544 // 545 // * `=` for all value types. 546 // * `>`, `<`, `>=`, `<=` for integer values. 547 // * `:`, meaning substring matching, for strings. 548 // 549 // The supported value types are: 550 // 551 // * string literals in quotes. 552 // * integer literals without quotes. 553 // * boolean literals `true` and `false` without quotes. 554 // 555 // For example, `resource_properties.size = 100` is a valid filter string. 556 string filter = 2; 557 558 // Expression that defines what fields and order to use for sorting. The 559 // string value should follow SQL syntax: comma separated list of fields. For 560 // example: "name,resource_properties.a_property". The default sorting order 561 // is ascending. To specify descending order for a field, a suffix " desc" 562 // should be appended to the field name. For example: "name 563 // desc,resource_properties.a_property". Redundant space characters in the 564 // syntax are insignificant. "name desc,resource_properties.a_property" and " 565 // name desc , resource_properties.a_property " are equivalent. 566 string order_by = 3; 567 568 // Time used as a reference point when filtering assets. The filter is limited 569 // to assets existing at the supplied time and their values are those at that 570 // specific time. Absence of this field will default to the API's version of 571 // NOW. 572 google.protobuf.Timestamp read_time = 4; 573 574 // When compare_duration is set, the ListAssetResult's "state" attribute is 575 // updated to indicate whether the asset was added, removed, or remained 576 // present during the compare_duration period of time that precedes the 577 // read_time. This is the time between (read_time - 578 // compare_duration) and read_time. 579 // 580 // The state value is derived based on the presence of the asset at the two 581 // points in time. Intermediate state changes between the two times don't 582 // affect the result. For example, the results aren't affected if the asset is 583 // removed and re-created again. 584 // 585 // Possible "state" values when compare_duration is specified: 586 // 587 // * "ADDED": indicates that the asset was not present before 588 // compare_duration, but present at read_time. 589 // * "REMOVED": indicates that the asset was present at the start of 590 // compare_duration, but not present at read_time. 591 // * "ACTIVE": indicates that the asset was present at both the 592 // start and the end of the time period defined by 593 // compare_duration and read_time. 594 // 595 // If compare_duration is not specified, then the only possible state is 596 // "UNUSED", which indicates that the asset is present at read_time. 597 google.protobuf.Duration compare_duration = 5; 598 599 // Optional. A field mask to specify the ListAssetsResult fields to be listed in the 600 // response. 601 // An empty field mask will list all fields. 602 google.protobuf.FieldMask field_mask = 7 [(google.api.field_behavior) = OPTIONAL]; 603 604 // The value returned by the last `ListAssetsResponse`; indicates 605 // that this is a continuation of a prior `ListAssets` call, and 606 // that the system should return the next page of data. 607 string page_token = 8; 608 609 // The maximum number of results to return in a single response. Default is 610 // 10, minimum is 1, maximum is 1000. 611 int32 page_size = 9; 612} 613 614// Response message for listing assets. 615message ListAssetsResponse { 616 // Result containing the Asset and its State. 617 message ListAssetsResult { 618 // State of the asset. 619 // 620 // When querying across two points in time this describes 621 // the change between the two points: ADDED, REMOVED, or ACTIVE. 622 // If there was no compare_duration supplied in the request the state should 623 // be: UNUSED 624 enum State { 625 // Unspecified state. 626 STATE_UNSPECIFIED = 0; 627 628 // Request did not specify use of this field in the result. 629 UNUSED = 1; 630 631 // Asset was added between the points in time. 632 ADDED = 2; 633 634 // Asset was removed between the points in time. 635 REMOVED = 3; 636 637 // Asset was active at both point(s) in time. 638 ACTIVE = 4; 639 } 640 641 // Asset matching the search request. 642 Asset asset = 1; 643 644 // State of the asset. 645 State state = 2; 646 } 647 648 // Assets matching the list request. 649 repeated ListAssetsResult list_assets_results = 1; 650 651 // Time used for executing the list request. 652 google.protobuf.Timestamp read_time = 2; 653 654 // Token to retrieve the next page of results, or empty if there are no more 655 // results. 656 string next_page_token = 3; 657 658 // The total number of assets matching the query. 659 int32 total_size = 4; 660} 661 662// Request message for listing findings. 663message ListFindingsRequest { 664 // Required. Name of the source the findings belong to. Its format is 665 // "organizations/[organization_id]/sources/[source_id]". To list across all 666 // sources provide a source_id of `-`. For example: 667 // organizations/{organization_id}/sources/- 668 string parent = 1 [ 669 (google.api.field_behavior) = REQUIRED, 670 (google.api.resource_reference) = { 671 type: "securitycenter.googleapis.com/Source" 672 } 673 ]; 674 675 // Expression that defines the filter to apply across findings. 676 // The expression is a list of one or more restrictions combined via logical 677 // operators `AND` and `OR`. 678 // Parentheses are not supported, and `OR` has higher precedence than `AND`. 679 // 680 // Restrictions have the form `<field> <operator> <value>` and may have a `-` 681 // character in front of them to indicate negation. Examples include: 682 // 683 // * name 684 // * source_properties.a_property 685 // * security_marks.marks.marka 686 // 687 // The supported operators are: 688 // 689 // * `=` for all value types. 690 // * `>`, `<`, `>=`, `<=` for integer values. 691 // * `:`, meaning substring matching, for strings. 692 // 693 // The supported value types are: 694 // 695 // * string literals in quotes. 696 // * integer literals without quotes. 697 // * boolean literals `true` and `false` without quotes. 698 // 699 // For example, `source_properties.size = 100` is a valid filter string. 700 string filter = 2; 701 702 // Expression that defines what fields and order to use for sorting. The 703 // string value should follow SQL syntax: comma separated list of fields. For 704 // example: "name,resource_properties.a_property". The default sorting order 705 // is ascending. To specify descending order for a field, a suffix " desc" 706 // should be appended to the field name. For example: "name 707 // desc,source_properties.a_property". Redundant space characters in the 708 // syntax are insignificant. "name desc,source_properties.a_property" and " 709 // name desc , source_properties.a_property " are equivalent. 710 string order_by = 3; 711 712 // Time used as a reference point when filtering findings. The filter is 713 // limited to findings existing at the supplied time and their values are 714 // those at that specific time. Absence of this field will default to the 715 // API's version of NOW. 716 google.protobuf.Timestamp read_time = 4; 717 718 // Optional. A field mask to specify the Finding fields to be listed in the response. 719 // An empty field mask will list all fields. 720 google.protobuf.FieldMask field_mask = 5 [(google.api.field_behavior) = OPTIONAL]; 721 722 // The value returned by the last `ListFindingsResponse`; indicates 723 // that this is a continuation of a prior `ListFindings` call, and 724 // that the system should return the next page of data. 725 string page_token = 6; 726 727 // The maximum number of results to return in a single response. Default is 728 // 10, minimum is 1, maximum is 1000. 729 int32 page_size = 7; 730} 731 732// Response message for listing findings. 733message ListFindingsResponse { 734 // Findings matching the list request. 735 repeated Finding findings = 1; 736 737 // Time used for executing the list request. 738 google.protobuf.Timestamp read_time = 2; 739 740 // Token to retrieve the next page of results, or empty if there are no more 741 // results. 742 string next_page_token = 3; 743 744 // The total number of findings matching the query. 745 int32 total_size = 4; 746} 747 748// Request message for updating a finding's state. 749message SetFindingStateRequest { 750 // Required. The relative resource name of the finding. See: 751 // https://cloud.google.com/apis/design/resource_names#relative_resource_name 752 // Example: 753 // "organizations/{organization_id}/sources/{source_id}/finding/{finding_id}". 754 string name = 1 [ 755 (google.api.field_behavior) = REQUIRED, 756 (google.api.resource_reference) = { 757 type: "securitycenter.googleapis.com/Finding" 758 } 759 ]; 760 761 // Required. The desired State of the finding. 762 Finding.State state = 2 [(google.api.field_behavior) = REQUIRED]; 763 764 // Required. The time at which the updated state takes effect. 765 google.protobuf.Timestamp start_time = 3 [(google.api.field_behavior) = REQUIRED]; 766} 767 768// Request message for running asset discovery for an organization. 769message RunAssetDiscoveryRequest { 770 // Required. Name of the organization to run asset discovery for. Its format is 771 // "organizations/[organization_id]". 772 string parent = 1 [ 773 (google.api.field_behavior) = REQUIRED, 774 (google.api.resource_reference) = { 775 type: "cloudresourcemanager.googleapis.com/Organization" 776 } 777 ]; 778} 779 780// Request message for updating or creating a finding. 781message UpdateFindingRequest { 782 // Required. The finding resource to update or create if it does not already exist. 783 // parent, security_marks, and update_time will be ignored. 784 // 785 // In the case of creation, the finding id portion of the name must 786 // alphanumeric and less than or equal to 32 characters and greater than 0 787 // characters in length. 788 Finding finding = 1 [(google.api.field_behavior) = REQUIRED]; 789 790 // The FieldMask to use when updating the finding resource. This field should 791 // not be specified when creating a finding. 792 google.protobuf.FieldMask update_mask = 2; 793} 794 795// Request message for updating an organization's settings. 796message UpdateOrganizationSettingsRequest { 797 // Required. The organization settings resource to update. 798 OrganizationSettings organization_settings = 1 [(google.api.field_behavior) = REQUIRED]; 799 800 // The FieldMask to use when updating the settings resource. 801 google.protobuf.FieldMask update_mask = 2; 802} 803 804// Request message for updating a source. 805message UpdateSourceRequest { 806 // Required. The source resource to update. 807 Source source = 1 [(google.api.field_behavior) = REQUIRED]; 808 809 // The FieldMask to use when updating the source resource. 810 google.protobuf.FieldMask update_mask = 2; 811} 812 813// Request message for updating a SecurityMarks resource. 814message UpdateSecurityMarksRequest { 815 // Required. The security marks resource to update. 816 SecurityMarks security_marks = 1 [(google.api.field_behavior) = REQUIRED]; 817 818 // The FieldMask to use when updating the security marks resource. 819 google.protobuf.FieldMask update_mask = 2; 820 821 // The time at which the updated SecurityMarks take effect. 822 google.protobuf.Timestamp start_time = 3; 823} 824