v1beta1

Unspecified. Setting the mode with this value will disable inclusion/exclusion filtering for Asset Discovery.

Asset Discovery will capture only the resources within the projects specified. All other resources will be ignored.

Asset Discovery will ignore all resources under the projects specified. All other resources will be retrieved.

Unspecified state.

The finding requires attention and has not been addressed yet.

The finding has been fixed, triaged as a non-issue or otherwise addressed and is no longer active.

Unspecified state.

Request did not specify use of this field in the result.

Asset was added between the points in time.

Asset was removed between the points in time.

Asset was active at both point(s) in time.

The relative resource name of this asset. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name Example: "organizations/123/assets/456".

Cloud SCC managed properties. These properties are managed by Cloud SCC and cannot be modified by the user.

This object should have the same structure as SecurityCenterProperties

Resource managed properties. These properties are managed and defined by the GCP resource and cannot be modified by the user.

User specified security marks. These marks are entirely managed by the user and come from the SecurityMarks resource that belongs to the asset.

This object should have the same structure as SecurityMarks

The time at which the asset was created in Cloud SCC.

This object should have the same structure as Timestamp

The time at which the asset was last updated, added, or deleted in Cloud SCC.

This object should have the same structure as Timestamp

The project ids to use for filtering asset discovery.

The mode to use for filtering asset discovery.

The number should be among the values of InclusionMode

Resource name of the new finding's parent. Its format should be "organizations/[organization_id]/sources/[source_id]".

Unique identifier provided by the client within the parent scope. It must be alphanumeric and less than or equal to 32 characters and greater than 0 characters in length.

The Finding being created. The name and security_marks will be ignored as they are both output only fields on this resource.

This object should have the same structure as Finding

Resource name of the new source's parent. Its format should be "organizations/[organization_id]".

The Source being created, only the display_name and description will be used. All other fields will be ignored.

This object should have the same structure as Source

The relative resource name of this finding. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name Example: "organizations/123/sources/456/findings/789"

The relative resource name of the source the finding belongs to. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name This field is immutable after creation time. For example: "organizations/123/sources/456"

The full resource name of the Google Cloud Platform (GCP) resource this finding is for. See: https://cloud.google.com/apis/design/resource_names#full_resource_name This field is immutable after creation time.

The state of the finding.

The number should be among the values of State

The additional taxonomy group within findings from a given source. This field is immutable after creation time. Example: "XSS_FLASH_INJECTION"

The URI that, if available, points to a web page outside of Cloud SCC where additional information about the finding can be found. This field is guaranteed to be either empty or a well formed URL.

Source specific properties. These properties are managed by the source that writes the finding. The key names in the source_properties map must be between 1 and 255 characters, and must start with a letter and contain alphanumeric characters or underscores only.

Output only. User specified security marks. These marks are entirely managed by the user and come from the SecurityMarks resource that belongs to the finding.

This object should have the same structure as SecurityMarks

The time at which the event took place. For example, if the finding represents an open firewall it would capture the time the open firewall was detected.

This object should have the same structure as Timestamp

The time at which the finding was created in Cloud SCC.

This object should have the same structure as Timestamp

Name of the organization to get organization settings for. Its format is "organizations/[organization_id]/organizationSettings".

Relative resource name of the source. Its format is "organizations/[organization_id]/source/[source_id]".

Name of the organization to groupBy. Its format is "organizations/[organization_id]".

Expression that defines the filter to apply across assets. The expression is a list of zero or more restrictions combined via logical operators AND and OR. Parentheses are not supported, and OR has higher precedence than AND.

Restrictions have the form <field> <operator> <value> and may have a - character in front of them to indicate negation. The fields map to those defined in the Asset resource. Examples include:

• name
• security_center_properties.resource_name
• resource_properties.a_property
• security_marks.marks.marka

The supported operators are:

• = for all value types.
• >, <, >=, <= for integer values.
• :, meaning substring matching, for strings.

The supported value types are:

• string literals in quotes.
• integer literals without quotes.
• boolean literals true and false without quotes.

For example, resource_properties.size = 100 is a valid filter string.

Expression that defines what assets fields to use for grouping. The string value should follow SQL syntax: comma separated list of fields. For example: "security_center_properties.resource_project,security_center_properties.project".

The following fields are supported when compare_duration is not set:

• security_center_properties.resource_project
• security_center_properties.resource_type
• security_center_properties.resource_parent

The following fields are supported when compare_duration is set:

• security_center_properties.resource_type

When compare_duration is set, the Asset's "state" property is updated to indicate whether the asset was added, removed, or remained present during the compare_duration period of time that precedes the read_time. This is the time between (read_time - compare_duration) and read_time.

The state value is derived based on the presence of the asset at the two points in time. Intermediate state changes between the two times don't affect the result. For example, the results aren't affected if the asset is removed and re-created again.

Possible "state" values when compare_duration is specified:

• "ADDED": indicates that the asset was not present before compare_duration, but present at reference_time.
• "REMOVED": indicates that the asset was present at the start of compare_duration, but not present at reference_time.
• "ACTIVE": indicates that the asset was present at both the start and the end of the time period defined by compare_duration and reference_time.

This field is ignored if state is not a field in group_by.

This object should have the same structure as Duration

Time used as a reference point when filtering assets. The filter is limited to assets existing at the supplied time and their values are those at that specific time. Absence of this field will default to the API's version of NOW.

This object should have the same structure as Timestamp

The value returned by the last GroupAssetsResponse; indicates that this is a continuation of a prior GroupAssets call, and that the system should return the next page of data.

The maximum number of results to return in a single response. Default is 10, minimum is 1, maximum is 1000.

Group results. There exists an element for each existing unique combination of property/values. The element contains a count for the number of times those specific property/values appear.

This object should have the same structure as GroupResult

Time used for executing the groupBy request.

This object should have the same structure as Timestamp

Token to retrieve the next page of results, or empty if there are no more results.

Name of the source to groupBy. Its format is "organizations/[organization_id]/sources/[source_id]". To groupBy across all sources provide a source_id of -. For example: organizations/123/sources/-

Expression that defines the filter to apply across findings. The expression is a list of one or more restrictions combined via logical operators AND and OR. Parentheses are not supported, and OR has higher precedence than AND.

Restrictions have the form <field> <operator> <value> and may have a - character in front of them to indicate negation. Examples include:

• name
• source_properties.a_property
• security_marks.marks.marka

The supported operators are:

• = for all value types.
• >, <, >=, <= for integer values.
• :, meaning substring matching, for strings.

The supported value types are:

• string literals in quotes.
• integer literals without quotes.
• boolean literals true and false without quotes.

For example, source_properties.size = 100 is a valid filter string.

Expression that defines what assets fields to use for grouping (including state). The string value should follow SQL syntax: comma separated list of fields. For example: "parent,resource_name".

The following fields are supported:

• resource_name
• category
• state
• parent

Time used as a reference point when filtering findings. The filter is limited to findings existing at the supplied time and their values are those at that specific time. Absence of this field will default to the API's version of NOW.

This object should have the same structure as Timestamp

The value returned by the last GroupFindingsResponse; indicates that this is a continuation of a prior GroupFindings call, and that the system should return the next page of data.

The maximum number of results to return in a single response. Default is 10, minimum is 1, maximum is 1000.

Group results. There exists an element for each existing unique combination of property/values. The element contains a count for the number of times those specific property/values appear.

This object should have the same structure as GroupResult

Time used for executing the groupBy request.

This object should have the same structure as Timestamp

Token to retrieve the next page of results, or empty if there are no more results.

Properties matching the groupBy fields in the request.

Total count of resources for the given properties.

Name of the organization assets should belong to. Its format is "organizations/[organization_id]".

Expression that defines the filter to apply across assets. The expression is a list of zero or more restrictions combined via logical operators AND and OR. Parentheses are not supported, and OR has higher precedence than AND.

Restrictions have the form <field> <operator> <value> and may have a - character in front of them to indicate negation. The fields map to those defined in the Asset resource. Examples include:

• name
• security_center_properties.resource_name
• resource_properties.a_property
• security_marks.marks.marka

The supported operators are:

• = for all value types.
• >, <, >=, <= for integer values.
• :, meaning substring matching, for strings.

The supported value types are:

• string literals in quotes.
• integer literals without quotes.
• boolean literals true and false without quotes.

For example, resource_properties.size = 100 is a valid filter string.

Expression that defines what fields and order to use for sorting. The string value should follow SQL syntax: comma separated list of fields. For example: "name,resource_properties.a_property". The default sorting order is ascending. To specify descending order for a field, a suffix " desc" should be appended to the field name. For example: "name desc,resource_properties.a_property". Redundant space characters in the syntax are insignificant. "name desc,resource_properties.a_property" and " name desc , resource_properties.a_property " are equivalent.

Time used as a reference point when filtering assets. The filter is limited to assets existing at the supplied time and their values are those at that specific time. Absence of this field will default to the API's version of NOW.

This object should have the same structure as Timestamp

When compare_duration is set, the ListAssetResult's "state" attribute is updated to indicate whether the asset was added, removed, or remained present during the compare_duration period of time that precedes the read_time. This is the time between (read_time - compare_duration) and read_time.

The state value is derived based on the presence of the asset at the two points in time. Intermediate state changes between the two times don't affect the result. For example, the results aren't affected if the asset is removed and re-created again.

Possible "state" values when compare_duration is specified:

• "ADDED": indicates that the asset was not present before compare_duration, but present at read_time.
• "REMOVED": indicates that the asset was present at the start of compare_duration, but not present at read_time.
• "ACTIVE": indicates that the asset was present at both the start and the end of the time period defined by compare_duration and read_time.

If compare_duration is not specified, then the only possible state is "UNUSED", which indicates that the asset is present at read_time.

This object should have the same structure as Duration

Optional.

A field mask to specify the ListAssetsResult fields to be listed in the response. An empty field mask will list all fields.

This object should have the same structure as FieldMask

The value returned by the last ListAssetsResponse; indicates that this is a continuation of a prior ListAssets call, and that the system should return the next page of data.

The maximum number of results to return in a single response. Default is 10, minimum is 1, maximum is 1000.

Assets matching the list request.

This object should have the same structure as ListAssetsResult

Time used for executing the list request.

This object should have the same structure as Timestamp

Token to retrieve the next page of results, or empty if there are no more results.

The total number of assets matching the query.

Asset matching the search request.

This object should have the same structure as Asset

State of the asset.

The number should be among the values of State

Name of the source the findings belong to. Its format is "organizations/[organization_id]/sources/[source_id]". To list across all sources provide a source_id of -. For example: organizations/123/sources/-

Expression that defines the filter to apply across findings. The expression is a list of one or more restrictions combined via logical operators AND and OR. Parentheses are not supported, and OR has higher precedence than AND.

Restrictions have the form <field> <operator> <value> and may have a - character in front of them to indicate negation. Examples include:

• name
• source_properties.a_property
• security_marks.marks.marka

The supported operators are:

• = for all value types.
• >, <, >=, <= for integer values.
• :, meaning substring matching, for strings.

The supported value types are:

• string literals in quotes.
• integer literals without quotes.
• boolean literals true and false without quotes.

For example, source_properties.size = 100 is a valid filter string.

Expression that defines what fields and order to use for sorting. The string value should follow SQL syntax: comma separated list of fields. For example: "name,resource_properties.a_property". The default sorting order is ascending. To specify descending order for a field, a suffix " desc" should be appended to the field name. For example: "name desc,source_properties.a_property". Redundant space characters in the syntax are insignificant. "name desc,source_properties.a_property" and " name desc , source_properties.a_property " are equivalent.

Time used as a reference point when filtering findings. The filter is limited to findings existing at the supplied time and their values are those at that specific time. Absence of this field will default to the API's version of NOW.

This object should have the same structure as Timestamp

Optional.

A field mask to specify the Finding fields to be listed in the response. An empty field mask will list all fields.

This object should have the same structure as FieldMask

The value returned by the last ListFindingsResponse; indicates that this is a continuation of a prior ListFindings call, and that the system should return the next page of data.

The maximum number of results to return in a single response. Default is 10, minimum is 1, maximum is 1000.

Findings matching the list request.

This object should have the same structure as Finding

Time used for executing the list request.

This object should have the same structure as Timestamp

Token to retrieve the next page of results, or empty if there are no more results.

The total number of findings matching the query.

Resource name of the parent of sources to list. Its format should be "organizations/[organization_id]".

The value returned by the last ListSourcesResponse; indicates that this is a continuation of a prior ListSources call, and that the system should return the next page of data.

The maximum number of results to return in a single response. Default is 10, minimum is 1, maximum is 1000.

Sources belonging to the requested parent.

This object should have the same structure as Source

Token to retrieve the next page of results, or empty if there are no more results.

The relative resource name of the settings. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name Example: "organizations/123/organizationSettings".

A flag that indicates if Asset Discovery should be enabled. If the flag is set to true, then discovery of assets will occur. If it is set to `false, all historical assets will remain, but discovery of future assets will not occur.

The configuration used for Asset Discovery runs.

This object should have the same structure as AssetDiscoveryConfig

Name of the organization to run asset discovery for. Its format is "organizations/[organization_id]".

The full resource name of the GCP resource this asset represents. This field is immutable after create time. See: https://cloud.google.com/apis/design/resource_names#full_resource_name

The type of the GCP resource. Examples include: APPLICATION, PROJECT, and ORGANIZATION. This is a case insensitive field defined by Cloud SCC and/or the producer of the resource and is immutable after create time.

The full resource name of the immediate parent of the resource. See: https://cloud.google.com/apis/design/resource_names#full_resource_name

The full resource name of the project the resource belongs to. See: https://cloud.google.com/apis/design/resource_names#full_resource_name

Owners of the Google Cloud resource.

The relative resource name of the SecurityMarks. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name Examples: "organizations/123/assets/456/securityMarks" "organizations/123/sources/456/findings/789/securityMarks".

Mutable user specified security marks belonging to the parent resource. Constraints are as follows: - Keys and values are treated as case insensitive - Keys must be alphanumeric and between 1 - 256 characters (inclusive) - Values have leading and trailing whitespace trimmed, remaining characters must be between 1 - 4096 characters (inclusive)

The relative resource name of the finding. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name Example: "organizations/123/sources/456/finding/789".

The desired State of the finding.

The number should be among the values of State

The time at which the updated state takes effect.

This object should have the same structure as Timestamp

The relative resource name of this source. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name Example: "organizations/123/sources/456"

The source's display name. A source's display name must be unique amongst its siblings, for example, two sources with the same parent can't share the same display name. The display name must start and end with a letter or digit, may contain letters, digits, spaces, hyphens, and underscores, and can be no longer than 32 characters. This is captured by the regular expression: \[\p{L}\p{N}]({\p{L}\p{N}_- ]{0,30}[\p{L}\p{N}])?.

The description of the source (max of 1024 characters). Example: "Cloud Security Scanner is a web security scanner for common vulnerabilities in App Engine applications. It can automatically scan and detect four common vulnerabilities, including cross-site-scripting (XSS), Flash injection, mixed content (HTTP in HTTPS), and outdated/insecure libraries."

The finding resource to update or create if it does not already exist. parent, security_marks, and update_time will be ignored.

In the case of creation, the finding id portion of the name must alphanumeric and less than or equal to 32 characters and greater than 0 characters in length.

This object should have the same structure as Finding

The FieldMask to use when updating the finding resource. This field should not be specified when creating a finding.

This object should have the same structure as FieldMask

The organization settings resource to update.

This object should have the same structure as OrganizationSettings

The FieldMask to use when updating the settings resource.

This object should have the same structure as FieldMask

The security marks resource to update.

This object should have the same structure as SecurityMarks

The FieldMask to use when updating the security marks resource.

This object should have the same structure as FieldMask

The time at which the updated SecurityMarks take effect.

This object should have the same structure as Timestamp

The source resource to update.

This object should have the same structure as Source

The FieldMask to use when updating the source resource.

This object should have the same structure as FieldMask