1// Copyright 2021 Google LLC 2// 3// Licensed under the Apache License, Version 2.0 (the "License"); 4// you may not use this file except in compliance with the License. 5// You may obtain a copy of the License at 6// 7// http://www.apache.org/licenses/LICENSE-2.0 8// 9// Unless required by applicable law or agreed to in writing, software 10// distributed under the License is distributed on an "AS IS" BASIS, 11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12// See the License for the specific language governing permissions and 13// limitations under the License. 14 15syntax = "proto3"; 16 17package google.cloud.securitycenter.v1p1beta1; 18 19import "google/api/field_behavior.proto"; 20import "google/api/resource.proto"; 21import "google/cloud/securitycenter/v1p1beta1/security_marks.proto"; 22import "google/protobuf/struct.proto"; 23import "google/protobuf/timestamp.proto"; 24 25option csharp_namespace = "Google.Cloud.SecurityCenter.V1P1Beta1"; 26option go_package = "cloud.google.com/go/securitycenter/apiv1p1beta1/securitycenterpb;securitycenterpb"; 27option java_multiple_files = true; 28option java_package = "com.google.cloud.securitycenter.v1p1beta1"; 29option php_namespace = "Google\\Cloud\\SecurityCenter\\V1p1beta1"; 30option ruby_package = "Google::Cloud::SecurityCenter::V1p1beta1"; 31 32// Security Command Center finding. 33// 34// A finding is a record of assessment data (security, risk, health or privacy) 35// ingested into Security Command Center for presentation, notification, 36// analysis, policy testing, and enforcement. For example, an XSS vulnerability 37// in an App Engine application is a finding. 38message Finding { 39 option (google.api.resource) = { 40 type: "securitycenter.googleapis.com/Finding" 41 pattern: "organizations/{organization}/sources/{source}/findings/{finding}" 42 pattern: "folders/{folder}/sources/{source}/findings/{finding}" 43 pattern: "projects/{project}/sources/{source}/findings/{finding}" 44 }; 45 46 // The state of the finding. 47 enum State { 48 // Unspecified state. 49 STATE_UNSPECIFIED = 0; 50 51 // The finding requires attention and has not been addressed yet. 52 ACTIVE = 1; 53 54 // The finding has been fixed, triaged as a non-issue or otherwise addressed 55 // and is no longer active. 56 INACTIVE = 2; 57 } 58 59 // The severity of the finding. This field is managed by the source that 60 // writes the finding. 61 enum Severity { 62 // No severity specified. The default value. 63 SEVERITY_UNSPECIFIED = 0; 64 65 // Critical severity. 66 CRITICAL = 1; 67 68 // High severity. 69 HIGH = 2; 70 71 // Medium severity. 72 MEDIUM = 3; 73 74 // Low severity. 75 LOW = 4; 76 } 77 78 // The relative resource name of this finding. See: 79 // https://cloud.google.com/apis/design/resource_names#relative_resource_name 80 // Example: 81 // "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}" 82 string name = 1; 83 84 // The relative resource name of the source the finding belongs to. See: 85 // https://cloud.google.com/apis/design/resource_names#relative_resource_name 86 // This field is immutable after creation time. 87 // For example: 88 // "organizations/{organization_id}/sources/{source_id}" 89 string parent = 2; 90 91 // For findings on Google Cloud resources, the full resource 92 // name of the Google Cloud resource this finding is for. See: 93 // https://cloud.google.com/apis/design/resource_names#full_resource_name 94 // When the finding is for a non-Google Cloud resource, the resourceName can 95 // be a customer or partner defined string. This field is immutable after 96 // creation time. 97 string resource_name = 3; 98 99 // The state of the finding. 100 State state = 4; 101 102 // The additional taxonomy group within findings from a given source. 103 // This field is immutable after creation time. 104 // Example: "XSS_FLASH_INJECTION" 105 string category = 5; 106 107 // The URI that, if available, points to a web page outside of Security 108 // Command Center where additional information about the finding can be found. 109 // This field is guaranteed to be either empty or a well formed URL. 110 string external_uri = 6; 111 112 // Source specific properties. These properties are managed by the source 113 // that writes the finding. The key names in the source_properties map must be 114 // between 1 and 255 characters, and must start with a letter and contain 115 // alphanumeric characters or underscores only. 116 map<string, google.protobuf.Value> source_properties = 7; 117 118 // Output only. User specified security marks. These marks are entirely 119 // managed by the user and come from the SecurityMarks resource that belongs 120 // to the finding. 121 SecurityMarks security_marks = 8 [(google.api.field_behavior) = OUTPUT_ONLY]; 122 123 // The time at which the event took place, or when an update to the finding 124 // occurred. For example, if the finding represents an open firewall it would 125 // capture the time the detector believes the firewall became open. The 126 // accuracy is determined by the detector. If the finding were to be resolved 127 // afterward, this time would reflect when the finding was resolved. Must not 128 // be set to a value greater than the current timestamp. 129 google.protobuf.Timestamp event_time = 9; 130 131 // The time at which the finding was created in Security Command Center. 132 google.protobuf.Timestamp create_time = 10; 133 134 // The severity of the finding. This field is managed by the source that 135 // writes the finding. 136 Severity severity = 13; 137 138 // The canonical name of the finding. It's either 139 // "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}", 140 // "folders/{folder_id}/sources/{source_id}/findings/{finding_id}" or 141 // "projects/{project_number}/sources/{source_id}/findings/{finding_id}", 142 // depending on the closest CRM ancestor of the resource associated with the 143 // finding. 144 string canonical_name = 14; 145} 146