SecurityCenterClient

Required. Resource name of the new finding's parent. Its format should be "organizations/[organization_id]/sources/[source_id]".

Required. Unique identifier provided by the client within the parent scope. It must be alphanumeric and less than or equal to 32 characters and greater than 0 characters in length.

Required. The Finding being created. The name and security_marks will be ignored as they are both output only fields on this resource.

Required. Resource name of the new notification config's parent. Its format is "organizations/[organization_id]".

Required. Unique identifier provided by the client within the parent scope. It must be between 1 and 128 characters, and contains alphanumeric characters, underscores or hyphens only.

Required. The notification config being created. The name and the service account will be ignored as they are both output only fields on this resource.

Required. Resource name of the new source's parent. Its format should be "organizations/[organization_id]".

Required. The Source being created, only the display_name and description will be used. All other fields will be ignored.

Required. Name of the notification config to delete. Its format is "organizations/[organization_id]/notificationConfigs/[config_id]".

REQUIRED: The resource for which the policy is being requested. See the operation documentation for the appropriate value for this field.

OPTIONAL: A GetPolicyOptions object for specifying options to GetIamPolicy. This field is only used by Cloud IAM.

Required. Name of the notification config to get. Its format is "organizations/[organization_id]/notificationConfigs/[config_id]".

Required. Name of the organization to get organization settings for. Its format is "organizations/[organization_id]/organizationSettings".

Required. Relative resource name of the source. Its format is "organizations/[organization_id]/source/[source_id]".

Required. Name of the organization to groupBy. Its format is "organizations/[organization_id]".

Expression that defines the filter to apply across assets. The expression is a list of zero or more restrictions combined via logical operators AND and OR. Parentheses are supported, and OR has higher precedence than AND.

Restrictions have the form <field> <operator> <value> and may have a - character in front of them to indicate negation. The fields map to those defined in the Asset resource. Examples include:

• name
• security_center_properties.resource_name
• resource_properties.a_property
• security_marks.marks.marka

The supported operators are:

• = for all value types.
• >, <, >=, <= for integer values.
• :, meaning substring matching, for strings.

The supported value types are:

• string literals in quotes.
• integer literals without quotes.
• boolean literals true and false without quotes.

The following field and operator combinations are supported:

• name: =

• update_time: =, >, <, >=, <=

  Usage: This should be milliseconds since epoch or an RFC3339 string. Examples: update_time = "2019-06-10T16:07:18-07:00" update_time = 1560208038000

• create_time: =, >, <, >=, <=

  Usage: This should be milliseconds since epoch or an RFC3339 string. Examples: create_time = "2019-06-10T16:07:18-07:00" create_time = 1560208038000

• iam_policy.policy_blob: =, :

• resource_properties: =, :, >, <, >=, <=

• security_marks.marks: =, :

• security_center_properties.resource_name: =, :

• security_center_properties.resource_display_name: =, :

• security_center_properties.resource_type: =, :

• security_center_properties.resource_parent: =, :

• security_center_properties.resource_parent_display_name: =, :

• security_center_properties.resource_project: =, :

• security_center_properties.resource_project_display_name: =, :

• security_center_properties.resource_owners: =, :

For example, resource_properties.size = 100 is a valid filter string.

Use a partial match on the empty string to filter based on a property existing:resource_properties.my_property : ""

Use a negated partial match on the empty string to filter based on a property not existing: -resource_properties.my_property : ""

Required. Expression that defines what assets fields to use for grouping. The string value should follow SQL syntax: comma separated list of fields. For example: "security_center_properties.resource_project,security_center_properties.project".

The following fields are supported when compare_duration is not set:

• security_center_properties.resource_project
• security_center_properties.resource_project_display_name
• security_center_properties.resource_type
• security_center_properties.resource_parent
• security_center_properties.resource_parent_display_name

The following fields are supported when compare_duration is set:

• security_center_properties.resource_type
• security_center_properties.resource_project_display_name
• security_center_properties.resource_parent_display_name

When compare_duration is set, the GroupResult's "state_change" property is updated to indicate whether the asset was added, removed, or remained present during the compare_duration period of time that precedes the read_time. This is the time between (read_time - compare_duration) and read_time.

The state change value is derived based on the presence of the asset at the two points in time. Intermediate state changes between the two times don't affect the result. For example, the results aren't affected if the asset is removed and re-created again.

Possible "state_change" values when compare_duration is specified:

• "ADDED": indicates that the asset was not present at the start of compare_duration, but present at reference_time.
• "REMOVED": indicates that the asset was present at the start of compare_duration, but not present at reference_time.
• "ACTIVE": indicates that the asset was present at both the start and the end of the time period defined by compare_duration and reference_time.

If compare_duration is not specified, then the only possible state_change is "UNUSED", which will be the state_change set for all assets present at read_time.

If this field is set then state_change must be a specified field in group_by.

Time used as a reference point when filtering assets. The filter is limited to assets existing at the supplied time and their values are those at that specific time. Absence of this field will default to the API's version of NOW.

The value returned by the last GroupAssetsResponse; indicates that this is a continuation of a prior GroupAssets call, and that the system should return the next page of data.

The maximum number of results to return in a single response. Default is 10, minimum is 1, maximum is 1000.

Required. Name of the organization to groupBy. Its format is "organizations/[organization_id]".

Expression that defines the filter to apply across assets. The expression is a list of zero or more restrictions combined via logical operators AND and OR. Parentheses are supported, and OR has higher precedence than AND.

Restrictions have the form <field> <operator> <value> and may have a - character in front of them to indicate negation. The fields map to those defined in the Asset resource. Examples include:

• name
• security_center_properties.resource_name
• resource_properties.a_property
• security_marks.marks.marka

The supported operators are:

• = for all value types.
• >, <, >=, <= for integer values.
• :, meaning substring matching, for strings.

The supported value types are:

• string literals in quotes.
• integer literals without quotes.
• boolean literals true and false without quotes.

The following field and operator combinations are supported:

• name: =

• update_time: =, >, <, >=, <=

  Usage: This should be milliseconds since epoch or an RFC3339 string. Examples: update_time = "2019-06-10T16:07:18-07:00" update_time = 1560208038000

• create_time: =, >, <, >=, <=

  Usage: This should be milliseconds since epoch or an RFC3339 string. Examples: create_time = "2019-06-10T16:07:18-07:00" create_time = 1560208038000

• iam_policy.policy_blob: =, :

• resource_properties: =, :, >, <, >=, <=

• security_marks.marks: =, :

• security_center_properties.resource_name: =, :

• security_center_properties.resource_display_name: =, :

• security_center_properties.resource_type: =, :

• security_center_properties.resource_parent: =, :

• security_center_properties.resource_parent_display_name: =, :

• security_center_properties.resource_project: =, :

• security_center_properties.resource_project_display_name: =, :

• security_center_properties.resource_owners: =, :

For example, resource_properties.size = 100 is a valid filter string.

Use a partial match on the empty string to filter based on a property existing:resource_properties.my_property : ""

Use a negated partial match on the empty string to filter based on a property not existing: -resource_properties.my_property : ""

Required. Expression that defines what assets fields to use for grouping. The string value should follow SQL syntax: comma separated list of fields. For example: "security_center_properties.resource_project,security_center_properties.project".

The following fields are supported when compare_duration is not set:

• security_center_properties.resource_project
• security_center_properties.resource_project_display_name
• security_center_properties.resource_type
• security_center_properties.resource_parent
• security_center_properties.resource_parent_display_name

The following fields are supported when compare_duration is set:

• security_center_properties.resource_type
• security_center_properties.resource_project_display_name
• security_center_properties.resource_parent_display_name

When compare_duration is set, the GroupResult's "state_change" property is updated to indicate whether the asset was added, removed, or remained present during the compare_duration period of time that precedes the read_time. This is the time between (read_time - compare_duration) and read_time.

The state change value is derived based on the presence of the asset at the two points in time. Intermediate state changes between the two times don't affect the result. For example, the results aren't affected if the asset is removed and re-created again.

Possible "state_change" values when compare_duration is specified:

• "ADDED": indicates that the asset was not present at the start of compare_duration, but present at reference_time.
• "REMOVED": indicates that the asset was present at the start of compare_duration, but not present at reference_time.
• "ACTIVE": indicates that the asset was present at both the start and the end of the time period defined by compare_duration and reference_time.

If compare_duration is not specified, then the only possible state_change is "UNUSED", which will be the state_change set for all assets present at read_time.

If this field is set then state_change must be a specified field in group_by.

Time used as a reference point when filtering assets. The filter is limited to assets existing at the supplied time and their values are those at that specific time. Absence of this field will default to the API's version of NOW.

The value returned by the last GroupAssetsResponse; indicates that this is a continuation of a prior GroupAssets call, and that the system should return the next page of data.

The maximum number of results to return in a single response. Default is 10, minimum is 1, maximum is 1000.

Required. Name of the organization to groupBy. Its format is "organizations/[organization_id]".

Expression that defines the filter to apply across assets. The expression is a list of zero or more restrictions combined via logical operators AND and OR. Parentheses are supported, and OR has higher precedence than AND.

Restrictions have the form <field> <operator> <value> and may have a - character in front of them to indicate negation. The fields map to those defined in the Asset resource. Examples include:

• name
• security_center_properties.resource_name
• resource_properties.a_property
• security_marks.marks.marka

The supported operators are:

• = for all value types.
• >, <, >=, <= for integer values.
• :, meaning substring matching, for strings.

The supported value types are:

• string literals in quotes.
• integer literals without quotes.
• boolean literals true and false without quotes.

The following field and operator combinations are supported:

• name: =

• update_time: =, >, <, >=, <=

  Usage: This should be milliseconds since epoch or an RFC3339 string. Examples: update_time = "2019-06-10T16:07:18-07:00" update_time = 1560208038000

• create_time: =, >, <, >=, <=

  Usage: This should be milliseconds since epoch or an RFC3339 string. Examples: create_time = "2019-06-10T16:07:18-07:00" create_time = 1560208038000

• iam_policy.policy_blob: =, :

• resource_properties: =, :, >, <, >=, <=

• security_marks.marks: =, :

• security_center_properties.resource_name: =, :

• security_center_properties.resource_display_name: =, :

• security_center_properties.resource_type: =, :

• security_center_properties.resource_parent: =, :

• security_center_properties.resource_parent_display_name: =, :

• security_center_properties.resource_project: =, :

• security_center_properties.resource_project_display_name: =, :

• security_center_properties.resource_owners: =, :

For example, resource_properties.size = 100 is a valid filter string.

Use a partial match on the empty string to filter based on a property existing:resource_properties.my_property : ""

Use a negated partial match on the empty string to filter based on a property not existing: -resource_properties.my_property : ""

Required. Expression that defines what assets fields to use for grouping. The string value should follow SQL syntax: comma separated list of fields. For example: "security_center_properties.resource_project,security_center_properties.project".

The following fields are supported when compare_duration is not set:

• security_center_properties.resource_project
• security_center_properties.resource_project_display_name
• security_center_properties.resource_type
• security_center_properties.resource_parent
• security_center_properties.resource_parent_display_name

The following fields are supported when compare_duration is set:

• security_center_properties.resource_type
• security_center_properties.resource_project_display_name
• security_center_properties.resource_parent_display_name

When compare_duration is set, the GroupResult's "state_change" property is updated to indicate whether the asset was added, removed, or remained present during the compare_duration period of time that precedes the read_time. This is the time between (read_time - compare_duration) and read_time.

The state change value is derived based on the presence of the asset at the two points in time. Intermediate state changes between the two times don't affect the result. For example, the results aren't affected if the asset is removed and re-created again.

Possible "state_change" values when compare_duration is specified:

• "ADDED": indicates that the asset was not present at the start of compare_duration, but present at reference_time.
• "REMOVED": indicates that the asset was present at the start of compare_duration, but not present at reference_time.
• "ACTIVE": indicates that the asset was present at both the start and the end of the time period defined by compare_duration and reference_time.

If compare_duration is not specified, then the only possible state_change is "UNUSED", which will be the state_change set for all assets present at read_time.

If this field is set then state_change must be a specified field in group_by.

Time used as a reference point when filtering assets. The filter is limited to assets existing at the supplied time and their values are those at that specific time. Absence of this field will default to the API's version of NOW.

The value returned by the last GroupAssetsResponse; indicates that this is a continuation of a prior GroupAssets call, and that the system should return the next page of data.

The maximum number of results to return in a single response. Default is 10, minimum is 1, maximum is 1000.

Required. Name of the source to groupBy. Its format is "organizations/[organization_id]/sources/[source_id]". To groupBy across all sources provide a source_id of -. For example: organizations/{organization_id}/sources/-

Expression that defines the filter to apply across findings. The expression is a list of one or more restrictions combined via logical operators AND and OR. Parentheses are supported, and OR has higher precedence than AND.

Restrictions have the form <field> <operator> <value> and may have a - character in front of them to indicate negation. Examples include:

• name
• source_properties.a_property
• security_marks.marks.marka

The supported operators are:

• = for all value types.
• >, <, >=, <= for integer values.
• :, meaning substring matching, for strings.

The supported value types are:

• string literals in quotes.
• integer literals without quotes.
• boolean literals true and false without quotes.

The following field and operator combinations are supported:

• name: =

• parent: =, :

• resource_name: =, :

• state: =, :

• category: =, :

• external_uri: =, :

• event_time: =, >, <, >=, <=

  Usage: This should be milliseconds since epoch or an RFC3339 string. Examples: event_time = "2019-06-10T16:07:18-07:00" event_time = 1560208038000

• security_marks.marks: =, :

• source_properties: =, :, >, <, >=, <=

For example, source_properties.size = 100 is a valid filter string.

Use a partial match on the empty string to filter based on a property existing: source_properties.my_property : ""

Use a negated partial match on the empty string to filter based on a property not existing: -source_properties.my_property : ""

Required. Expression that defines what assets fields to use for grouping (including state_change). The string value should follow SQL syntax: comma separated list of fields. For example: "parent,resource_name".

The following fields are supported:

• resource_name
• category
• state
• parent

The following fields are supported when compare_duration is set:

• state_change

Time used as a reference point when filtering findings. The filter is limited to findings existing at the supplied time and their values are those at that specific time. Absence of this field will default to the API's version of NOW.

When compare_duration is set, the GroupResult's "state_change" attribute is updated to indicate whether the finding had its state changed, the finding's state remained unchanged, or if the finding was added during the compare_duration period of time that precedes the read_time. This is the time between (read_time - compare_duration) and read_time.

The state_change value is derived based on the presence and state of the finding at the two points in time. Intermediate state changes between the two times don't affect the result. For example, the results aren't affected if the finding is made inactive and then active again.

Possible "state_change" values when compare_duration is specified:

• "CHANGED": indicates that the finding was present and matched the given filter at the start of compare_duration, but changed its state at read_time.
• "UNCHANGED": indicates that the finding was present and matched the given filter at the start of compare_duration and did not change state at read_time.
• "ADDED": indicates that the finding did not match the given filter or was not present at the start of compare_duration, but was present at read_time.
• "REMOVED": indicates that the finding was present and matched the filter at the start of compare_duration, but did not match the filter at read_time.

If compare_duration is not specified, then the only possible state_change is "UNUSED", which will be the state_change set for all findings present at read_time.

If this field is set then state_change must be a specified field in group_by.

The value returned by the last GroupFindingsResponse; indicates that this is a continuation of a prior GroupFindings call, and that the system should return the next page of data.

The maximum number of results to return in a single response. Default is 10, minimum is 1, maximum is 1000.

Required. Name of the source to groupBy. Its format is "organizations/[organization_id]/sources/[source_id]". To groupBy across all sources provide a source_id of -. For example: organizations/{organization_id}/sources/-

Expression that defines the filter to apply across findings. The expression is a list of one or more restrictions combined via logical operators AND and OR. Parentheses are supported, and OR has higher precedence than AND.

Restrictions have the form <field> <operator> <value> and may have a - character in front of them to indicate negation. Examples include:

• name
• source_properties.a_property
• security_marks.marks.marka

The supported operators are:

• = for all value types.
• >, <, >=, <= for integer values.
• :, meaning substring matching, for strings.

The supported value types are:

• string literals in quotes.
• integer literals without quotes.
• boolean literals true and false without quotes.

The following field and operator combinations are supported:

• name: =

• parent: =, :

• resource_name: =, :

• state: =, :

• category: =, :

• external_uri: =, :

• event_time: =, >, <, >=, <=

  Usage: This should be milliseconds since epoch or an RFC3339 string. Examples: event_time = "2019-06-10T16:07:18-07:00" event_time = 1560208038000

• security_marks.marks: =, :

• source_properties: =, :, >, <, >=, <=

For example, source_properties.size = 100 is a valid filter string.

Use a partial match on the empty string to filter based on a property existing: source_properties.my_property : ""

Use a negated partial match on the empty string to filter based on a property not existing: -source_properties.my_property : ""

Required. Expression that defines what assets fields to use for grouping (including state_change). The string value should follow SQL syntax: comma separated list of fields. For example: "parent,resource_name".

The following fields are supported:

• resource_name
• category
• state
• parent

The following fields are supported when compare_duration is set:

• state_change

Time used as a reference point when filtering findings. The filter is limited to findings existing at the supplied time and their values are those at that specific time. Absence of this field will default to the API's version of NOW.

When compare_duration is set, the GroupResult's "state_change" attribute is updated to indicate whether the finding had its state changed, the finding's state remained unchanged, or if the finding was added during the compare_duration period of time that precedes the read_time. This is the time between (read_time - compare_duration) and read_time.

The state_change value is derived based on the presence and state of the finding at the two points in time. Intermediate state changes between the two times don't affect the result. For example, the results aren't affected if the finding is made inactive and then active again.

Possible "state_change" values when compare_duration is specified:

• "CHANGED": indicates that the finding was present and matched the given filter at the start of compare_duration, but changed its state at read_time.
• "UNCHANGED": indicates that the finding was present and matched the given filter at the start of compare_duration and did not change state at read_time.
• "ADDED": indicates that the finding did not match the given filter or was not present at the start of compare_duration, but was present at read_time.
• "REMOVED": indicates that the finding was present and matched the filter at the start of compare_duration, but did not match the filter at read_time.

If compare_duration is not specified, then the only possible state_change is "UNUSED", which will be the state_change set for all findings present at read_time.

If this field is set then state_change must be a specified field in group_by.

The value returned by the last GroupFindingsResponse; indicates that this is a continuation of a prior GroupFindings call, and that the system should return the next page of data.

The maximum number of results to return in a single response. Default is 10, minimum is 1, maximum is 1000.

Required. Name of the source to groupBy. Its format is "organizations/[organization_id]/sources/[source_id]". To groupBy across all sources provide a source_id of -. For example: organizations/{organization_id}/sources/-

Expression that defines the filter to apply across findings. The expression is a list of one or more restrictions combined via logical operators AND and OR. Parentheses are supported, and OR has higher precedence than AND.

Restrictions have the form <field> <operator> <value> and may have a - character in front of them to indicate negation. Examples include:

• name
• source_properties.a_property
• security_marks.marks.marka

The supported operators are:

• = for all value types.
• >, <, >=, <= for integer values.
• :, meaning substring matching, for strings.

The supported value types are:

• string literals in quotes.
• integer literals without quotes.
• boolean literals true and false without quotes.

The following field and operator combinations are supported:

• name: =

• parent: =, :

• resource_name: =, :

• state: =, :

• category: =, :

• external_uri: =, :

• event_time: =, >, <, >=, <=

  Usage: This should be milliseconds since epoch or an RFC3339 string. Examples: event_time = "2019-06-10T16:07:18-07:00" event_time = 1560208038000

• security_marks.marks: =, :

• source_properties: =, :, >, <, >=, <=

For example, source_properties.size = 100 is a valid filter string.

Use a partial match on the empty string to filter based on a property existing: source_properties.my_property : ""

Use a negated partial match on the empty string to filter based on a property not existing: -source_properties.my_property : ""

Required. Expression that defines what assets fields to use for grouping (including state_change). The string value should follow SQL syntax: comma separated list of fields. For example: "parent,resource_name".

The following fields are supported:

• resource_name
• category
• state
• parent

The following fields are supported when compare_duration is set:

• state_change

Time used as a reference point when filtering findings. The filter is limited to findings existing at the supplied time and their values are those at that specific time. Absence of this field will default to the API's version of NOW.

When compare_duration is set, the GroupResult's "state_change" attribute is updated to indicate whether the finding had its state changed, the finding's state remained unchanged, or if the finding was added during the compare_duration period of time that precedes the read_time. This is the time between (read_time - compare_duration) and read_time.

The state_change value is derived based on the presence and state of the finding at the two points in time. Intermediate state changes between the two times don't affect the result. For example, the results aren't affected if the finding is made inactive and then active again.

Possible "state_change" values when compare_duration is specified:

• "CHANGED": indicates that the finding was present and matched the given filter at the start of compare_duration, but changed its state at read_time.
• "UNCHANGED": indicates that the finding was present and matched the given filter at the start of compare_duration and did not change state at read_time.
• "ADDED": indicates that the finding did not match the given filter or was not present at the start of compare_duration, but was present at read_time.
• "REMOVED": indicates that the finding was present and matched the filter at the start of compare_duration, but did not match the filter at read_time.

If compare_duration is not specified, then the only possible state_change is "UNUSED", which will be the state_change set for all findings present at read_time.

If this field is set then state_change must be a specified field in group_by.

The value returned by the last GroupFindingsResponse; indicates that this is a continuation of a prior GroupFindings call, and that the system should return the next page of data.

The maximum number of results to return in a single response. Default is 10, minimum is 1, maximum is 1000.

Required. Name of the organization assets should belong to. Its format is "organizations/[organization_id]".

Expression that defines the filter to apply across assets. The expression is a list of zero or more restrictions combined via logical operators AND and OR. Parentheses are supported, and OR has higher precedence than AND.

Restrictions have the form <field> <operator> <value> and may have a - character in front of them to indicate negation. The fields map to those defined in the Asset resource. Examples include:

• name
• security_center_properties.resource_name
• resource_properties.a_property
• security_marks.marks.marka

The supported operators are:

• = for all value types.
• >, <, >=, <= for integer values.
• :, meaning substring matching, for strings.

The supported value types are:

• string literals in quotes.
• integer literals without quotes.
• boolean literals true and false without quotes.

The following are the allowed field and operator combinations:

• name: =

• update_time: =, >, <, >=, <=

  Usage: This should be milliseconds since epoch or an RFC3339 string. Examples: update_time = "2019-06-10T16:07:18-07:00" update_time = 1560208038000

• create_time: =, >, <, >=, <=

  Usage: This should be milliseconds since epoch or an RFC3339 string. Examples: create_time = "2019-06-10T16:07:18-07:00" create_time = 1560208038000

• iam_policy.policy_blob: =, :

• resource_properties: =, :, >, <, >=, <=

• security_marks.marks: =, :

• security_center_properties.resource_name: =, :

• security_center_properties.resource_display_name: =, :

• security_center_properties.resource_type: =, :

• security_center_properties.resource_parent: =, :

• security_center_properties.resource_parent_display_name: =, :

• security_center_properties.resource_project: =, :

• security_center_properties.resource_project_display_name: =, :

• security_center_properties.resource_owners: =, :

For example, resource_properties.size = 100 is a valid filter string.

Use a partial match on the empty string to filter based on a property existing: resource_properties.my_property : ""

Use a negated partial match on the empty string to filter based on a property not existing: -resource_properties.my_property : ""

Expression that defines what fields and order to use for sorting. The string value should follow SQL syntax: comma separated list of fields. For example: "name,resource_properties.a_property". The default sorting order is ascending. To specify descending order for a field, a suffix " desc" should be appended to the field name. For example: "name desc,resource_properties.a_property". Redundant space characters in the syntax are insignificant. "name desc,resource_properties.a_property" and " name desc , resource_properties.a_property " are equivalent.

The following fields are supported: name update_time resource_properties security_marks.marks security_center_properties.resource_name security_center_properties.resource_display_name security_center_properties.resource_parent security_center_properties.resource_parent_display_name security_center_properties.resource_project security_center_properties.resource_project_display_name security_center_properties.resource_type

Time used as a reference point when filtering assets. The filter is limited to assets existing at the supplied time and their values are those at that specific time. Absence of this field will default to the API's version of NOW.

When compare_duration is set, the ListAssetsResult's "state_change" attribute is updated to indicate whether the asset was added, removed, or remained present during the compare_duration period of time that precedes the read_time. This is the time between (read_time - compare_duration) and read_time.

The state_change value is derived based on the presence of the asset at the two points in time. Intermediate state changes between the two times don't affect the result. For example, the results aren't affected if the asset is removed and re-created again.

Possible "state_change" values when compare_duration is specified:

• "ADDED": indicates that the asset was not present at the start of compare_duration, but present at read_time.
• "REMOVED": indicates that the asset was present at the start of compare_duration, but not present at read_time.
• "ACTIVE": indicates that the asset was present at both the start and the end of the time period defined by compare_duration and read_time.

If compare_duration is not specified, then the only possible state_change is "UNUSED", which will be the state_change set for all assets present at read_time.

Optional. A field mask to specify the ListAssetsResult fields to be listed in the response. An empty field mask will list all fields.

The value returned by the last ListAssetsResponse; indicates that this is a continuation of a prior ListAssets call, and that the system should return the next page of data.

The maximum number of results to return in a single response. Default is 10, minimum is 1, maximum is 1000.

Required. Name of the organization assets should belong to. Its format is "organizations/[organization_id]".

Expression that defines the filter to apply across assets. The expression is a list of zero or more restrictions combined via logical operators AND and OR. Parentheses are supported, and OR has higher precedence than AND.

Restrictions have the form <field> <operator> <value> and may have a - character in front of them to indicate negation. The fields map to those defined in the Asset resource. Examples include:

• name
• security_center_properties.resource_name
• resource_properties.a_property
• security_marks.marks.marka

The supported operators are:

• = for all value types.
• >, <, >=, <= for integer values.
• :, meaning substring matching, for strings.

The supported value types are:

• string literals in quotes.
• integer literals without quotes.
• boolean literals true and false without quotes.

The following are the allowed field and operator combinations:

• name: =

• update_time: =, >, <, >=, <=

  Usage: This should be milliseconds since epoch or an RFC3339 string. Examples: update_time = "2019-06-10T16:07:18-07:00" update_time = 1560208038000

• create_time: =, >, <, >=, <=

  Usage: This should be milliseconds since epoch or an RFC3339 string. Examples: create_time = "2019-06-10T16:07:18-07:00" create_time = 1560208038000

• iam_policy.policy_blob: =, :

• resource_properties: =, :, >, <, >=, <=

• security_marks.marks: =, :

• security_center_properties.resource_name: =, :

• security_center_properties.resource_display_name: =, :

• security_center_properties.resource_type: =, :

• security_center_properties.resource_parent: =, :

• security_center_properties.resource_parent_display_name: =, :

• security_center_properties.resource_project: =, :

• security_center_properties.resource_project_display_name: =, :

• security_center_properties.resource_owners: =, :

For example, resource_properties.size = 100 is a valid filter string.

Use a partial match on the empty string to filter based on a property existing: resource_properties.my_property : ""

Use a negated partial match on the empty string to filter based on a property not existing: -resource_properties.my_property : ""

Expression that defines what fields and order to use for sorting. The string value should follow SQL syntax: comma separated list of fields. For example: "name,resource_properties.a_property". The default sorting order is ascending. To specify descending order for a field, a suffix " desc" should be appended to the field name. For example: "name desc,resource_properties.a_property". Redundant space characters in the syntax are insignificant. "name desc,resource_properties.a_property" and " name desc , resource_properties.a_property " are equivalent.

The following fields are supported: name update_time resource_properties security_marks.marks security_center_properties.resource_name security_center_properties.resource_display_name security_center_properties.resource_parent security_center_properties.resource_parent_display_name security_center_properties.resource_project security_center_properties.resource_project_display_name security_center_properties.resource_type

Time used as a reference point when filtering assets. The filter is limited to assets existing at the supplied time and their values are those at that specific time. Absence of this field will default to the API's version of NOW.

When compare_duration is set, the ListAssetsResult's "state_change" attribute is updated to indicate whether the asset was added, removed, or remained present during the compare_duration period of time that precedes the read_time. This is the time between (read_time - compare_duration) and read_time.

The state_change value is derived based on the presence of the asset at the two points in time. Intermediate state changes between the two times don't affect the result. For example, the results aren't affected if the asset is removed and re-created again.

Possible "state_change" values when compare_duration is specified:

• "ADDED": indicates that the asset was not present at the start of compare_duration, but present at read_time.
• "REMOVED": indicates that the asset was present at the start of compare_duration, but not present at read_time.
• "ACTIVE": indicates that the asset was present at both the start and the end of the time period defined by compare_duration and read_time.

If compare_duration is not specified, then the only possible state_change is "UNUSED", which will be the state_change set for all assets present at read_time.

Optional. A field mask to specify the ListAssetsResult fields to be listed in the response. An empty field mask will list all fields.

The value returned by the last ListAssetsResponse; indicates that this is a continuation of a prior ListAssets call, and that the system should return the next page of data.

The maximum number of results to return in a single response. Default is 10, minimum is 1, maximum is 1000.

Required. Name of the organization assets should belong to. Its format is "organizations/[organization_id]".

Expression that defines the filter to apply across assets. The expression is a list of zero or more restrictions combined via logical operators AND and OR. Parentheses are supported, and OR has higher precedence than AND.

Restrictions have the form <field> <operator> <value> and may have a - character in front of them to indicate negation. The fields map to those defined in the Asset resource. Examples include:

• name
• security_center_properties.resource_name
• resource_properties.a_property
• security_marks.marks.marka

The supported operators are:

• = for all value types.
• >, <, >=, <= for integer values.
• :, meaning substring matching, for strings.

The supported value types are:

• string literals in quotes.
• integer literals without quotes.
• boolean literals true and false without quotes.

The following are the allowed field and operator combinations:

• name: =

• update_time: =, >, <, >=, <=

  Usage: This should be milliseconds since epoch or an RFC3339 string. Examples: update_time = "2019-06-10T16:07:18-07:00" update_time = 1560208038000

• create_time: =, >, <, >=, <=

  Usage: This should be milliseconds since epoch or an RFC3339 string. Examples: create_time = "2019-06-10T16:07:18-07:00" create_time = 1560208038000

• iam_policy.policy_blob: =, :

• resource_properties: =, :, >, <, >=, <=

• security_marks.marks: =, :

• security_center_properties.resource_name: =, :

• security_center_properties.resource_display_name: =, :

• security_center_properties.resource_type: =, :

• security_center_properties.resource_parent: =, :

• security_center_properties.resource_parent_display_name: =, :

• security_center_properties.resource_project: =, :

• security_center_properties.resource_project_display_name: =, :

• security_center_properties.resource_owners: =, :

For example, resource_properties.size = 100 is a valid filter string.

Use a partial match on the empty string to filter based on a property existing: resource_properties.my_property : ""

Use a negated partial match on the empty string to filter based on a property not existing: -resource_properties.my_property : ""

Expression that defines what fields and order to use for sorting. The string value should follow SQL syntax: comma separated list of fields. For example: "name,resource_properties.a_property". The default sorting order is ascending. To specify descending order for a field, a suffix " desc" should be appended to the field name. For example: "name desc,resource_properties.a_property". Redundant space characters in the syntax are insignificant. "name desc,resource_properties.a_property" and " name desc , resource_properties.a_property " are equivalent.

The following fields are supported: name update_time resource_properties security_marks.marks security_center_properties.resource_name security_center_properties.resource_display_name security_center_properties.resource_parent security_center_properties.resource_parent_display_name security_center_properties.resource_project security_center_properties.resource_project_display_name security_center_properties.resource_type

Time used as a reference point when filtering assets. The filter is limited to assets existing at the supplied time and their values are those at that specific time. Absence of this field will default to the API's version of NOW.

When compare_duration is set, the ListAssetsResult's "state_change" attribute is updated to indicate whether the asset was added, removed, or remained present during the compare_duration period of time that precedes the read_time. This is the time between (read_time - compare_duration) and read_time.

The state_change value is derived based on the presence of the asset at the two points in time. Intermediate state changes between the two times don't affect the result. For example, the results aren't affected if the asset is removed and re-created again.

Possible "state_change" values when compare_duration is specified:

• "ADDED": indicates that the asset was not present at the start of compare_duration, but present at read_time.
• "REMOVED": indicates that the asset was present at the start of compare_duration, but not present at read_time.
• "ACTIVE": indicates that the asset was present at both the start and the end of the time period defined by compare_duration and read_time.

If compare_duration is not specified, then the only possible state_change is "UNUSED", which will be the state_change set for all assets present at read_time.

Optional. A field mask to specify the ListAssetsResult fields to be listed in the response. An empty field mask will list all fields.

The value returned by the last ListAssetsResponse; indicates that this is a continuation of a prior ListAssets call, and that the system should return the next page of data.

The maximum number of results to return in a single response. Default is 10, minimum is 1, maximum is 1000.

Required. Name of the source the findings belong to. Its format is "organizations/[organization_id]/sources/[source_id]". To list across all sources provide a source_id of -. For example: organizations/{organization_id}/sources/-

Expression that defines the filter to apply across findings. The expression is a list of one or more restrictions combined via logical operators AND and OR. Parentheses are supported, and OR has higher precedence than AND.

Restrictions have the form <field> <operator> <value> and may have a - character in front of them to indicate negation. Examples include:

• name
• source_properties.a_property
• security_marks.marks.marka

The supported operators are:

• = for all value types.
• >, <, >=, <= for integer values.
• :, meaning substring matching, for strings.

The supported value types are:

• string literals in quotes.
• integer literals without quotes.
• boolean literals true and false without quotes.

The following field and operator combinations are supported:

name: = parent: =, : resource_name: =, : state: =, : category: =, : external_uri: =, : event_time: =, >, <, >=, <=

Usage: This should be milliseconds since epoch or an RFC3339 string.
Examples:
  `event_time = "2019-06-10T16:07:18-07:00"`
  `event_time = 1560208038000`

security_marks.marks: =, : source_properties: =, :, >, <, >=, <=

For example, source_properties.size = 100 is a valid filter string.

Use a partial match on the empty string to filter based on a property existing: source_properties.my_property : ""

Use a negated partial match on the empty string to filter based on a property not existing: -source_properties.my_property : ""

Expression that defines what fields and order to use for sorting. The string value should follow SQL syntax: comma separated list of fields. For example: "name,resource_properties.a_property". The default sorting order is ascending. To specify descending order for a field, a suffix " desc" should be appended to the field name. For example: "name desc,source_properties.a_property". Redundant space characters in the syntax are insignificant. "name desc,source_properties.a_property" and " name desc , source_properties.a_property " are equivalent.

The following fields are supported: name parent state category resource_name event_time source_properties security_marks.marks

Time used as a reference point when filtering findings. The filter is limited to findings existing at the supplied time and their values are those at that specific time. Absence of this field will default to the API's version of NOW.

When compare_duration is set, the ListFindingsResult's "state_change" attribute is updated to indicate whether the finding had its state changed, the finding's state remained unchanged, or if the finding was added in any state during the compare_duration period of time that precedes the read_time. This is the time between (read_time - compare_duration) and read_time.

The state_change value is derived based on the presence and state of the finding at the two points in time. Intermediate state changes between the two times don't affect the result. For example, the results aren't affected if the finding is made inactive and then active again.

Possible "state_change" values when compare_duration is specified:

• "CHANGED": indicates that the finding was present and matched the given filter at the start of compare_duration, but changed its state at read_time.
• "UNCHANGED": indicates that the finding was present and matched the given filter at the start of compare_duration and did not change state at read_time.
• "ADDED": indicates that the finding did not match the given filter or was not present at the start of compare_duration, but was present at read_time.
• "REMOVED": indicates that the finding was present and matched the filter at the start of compare_duration, but did not match the filter at read_time.

If compare_duration is not specified, then the only possible state_change is "UNUSED", which will be the state_change set for all findings present at read_time.

Optional. A field mask to specify the Finding fields to be listed in the response. An empty field mask will list all fields.

The value returned by the last ListFindingsResponse; indicates that this is a continuation of a prior ListFindings call, and that the system should return the next page of data.

The maximum number of results to return in a single response. Default is 10, minimum is 1, maximum is 1000.

Required. Name of the source the findings belong to. Its format is "organizations/[organization_id]/sources/[source_id]". To list across all sources provide a source_id of -. For example: organizations/{organization_id}/sources/-

Expression that defines the filter to apply across findings. The expression is a list of one or more restrictions combined via logical operators AND and OR. Parentheses are supported, and OR has higher precedence than AND.

Restrictions have the form <field> <operator> <value> and may have a - character in front of them to indicate negation. Examples include:

• name
• source_properties.a_property
• security_marks.marks.marka

The supported operators are:

• = for all value types.
• >, <, >=, <= for integer values.
• :, meaning substring matching, for strings.

The supported value types are:

• string literals in quotes.
• integer literals without quotes.
• boolean literals true and false without quotes.

The following field and operator combinations are supported:

name: = parent: =, : resource_name: =, : state: =, : category: =, : external_uri: =, : event_time: =, >, <, >=, <=

Usage: This should be milliseconds since epoch or an RFC3339 string.
Examples:
  `event_time = "2019-06-10T16:07:18-07:00"`
  `event_time = 1560208038000`

security_marks.marks: =, : source_properties: =, :, >, <, >=, <=

For example, source_properties.size = 100 is a valid filter string.

Use a partial match on the empty string to filter based on a property existing: source_properties.my_property : ""

Use a negated partial match on the empty string to filter based on a property not existing: -source_properties.my_property : ""

Expression that defines what fields and order to use for sorting. The string value should follow SQL syntax: comma separated list of fields. For example: "name,resource_properties.a_property". The default sorting order is ascending. To specify descending order for a field, a suffix " desc" should be appended to the field name. For example: "name desc,source_properties.a_property". Redundant space characters in the syntax are insignificant. "name desc,source_properties.a_property" and " name desc , source_properties.a_property " are equivalent.

The following fields are supported: name parent state category resource_name event_time source_properties security_marks.marks

Time used as a reference point when filtering findings. The filter is limited to findings existing at the supplied time and their values are those at that specific time. Absence of this field will default to the API's version of NOW.

When compare_duration is set, the ListFindingsResult's "state_change" attribute is updated to indicate whether the finding had its state changed, the finding's state remained unchanged, or if the finding was added in any state during the compare_duration period of time that precedes the read_time. This is the time between (read_time - compare_duration) and read_time.

The state_change value is derived based on the presence and state of the finding at the two points in time. Intermediate state changes between the two times don't affect the result. For example, the results aren't affected if the finding is made inactive and then active again.

Possible "state_change" values when compare_duration is specified:

• "CHANGED": indicates that the finding was present and matched the given filter at the start of compare_duration, but changed its state at read_time.
• "UNCHANGED": indicates that the finding was present and matched the given filter at the start of compare_duration and did not change state at read_time.
• "ADDED": indicates that the finding did not match the given filter or was not present at the start of compare_duration, but was present at read_time.
• "REMOVED": indicates that the finding was present and matched the filter at the start of compare_duration, but did not match the filter at read_time.

If compare_duration is not specified, then the only possible state_change is "UNUSED", which will be the state_change set for all findings present at read_time.

Optional. A field mask to specify the Finding fields to be listed in the response. An empty field mask will list all fields.

The value returned by the last ListFindingsResponse; indicates that this is a continuation of a prior ListFindings call, and that the system should return the next page of data.

The maximum number of results to return in a single response. Default is 10, minimum is 1, maximum is 1000.

Required. Name of the source the findings belong to. Its format is "organizations/[organization_id]/sources/[source_id]". To list across all sources provide a source_id of -. For example: organizations/{organization_id}/sources/-

Expression that defines the filter to apply across findings. The expression is a list of one or more restrictions combined via logical operators AND and OR. Parentheses are supported, and OR has higher precedence than AND.

Restrictions have the form <field> <operator> <value> and may have a - character in front of them to indicate negation. Examples include:

• name
• source_properties.a_property
• security_marks.marks.marka

The supported operators are:

• = for all value types.
• >, <, >=, <= for integer values.
• :, meaning substring matching, for strings.

The supported value types are:

• string literals in quotes.
• integer literals without quotes.
• boolean literals true and false without quotes.

The following field and operator combinations are supported:

name: = parent: =, : resource_name: =, : state: =, : category: =, : external_uri: =, : event_time: =, >, <, >=, <=

Usage: This should be milliseconds since epoch or an RFC3339 string.
Examples:
  `event_time = "2019-06-10T16:07:18-07:00"`
  `event_time = 1560208038000`

security_marks.marks: =, : source_properties: =, :, >, <, >=, <=

For example, source_properties.size = 100 is a valid filter string.

Use a partial match on the empty string to filter based on a property existing: source_properties.my_property : ""

Use a negated partial match on the empty string to filter based on a property not existing: -source_properties.my_property : ""

Expression that defines what fields and order to use for sorting. The string value should follow SQL syntax: comma separated list of fields. For example: "name,resource_properties.a_property". The default sorting order is ascending. To specify descending order for a field, a suffix " desc" should be appended to the field name. For example: "name desc,source_properties.a_property". Redundant space characters in the syntax are insignificant. "name desc,source_properties.a_property" and " name desc , source_properties.a_property " are equivalent.

The following fields are supported: name parent state category resource_name event_time source_properties security_marks.marks

Time used as a reference point when filtering findings. The filter is limited to findings existing at the supplied time and their values are those at that specific time. Absence of this field will default to the API's version of NOW.

When compare_duration is set, the ListFindingsResult's "state_change" attribute is updated to indicate whether the finding had its state changed, the finding's state remained unchanged, or if the finding was added in any state during the compare_duration period of time that precedes the read_time. This is the time between (read_time - compare_duration) and read_time.

The state_change value is derived based on the presence and state of the finding at the two points in time. Intermediate state changes between the two times don't affect the result. For example, the results aren't affected if the finding is made inactive and then active again.

Possible "state_change" values when compare_duration is specified:

• "CHANGED": indicates that the finding was present and matched the given filter at the start of compare_duration, but changed its state at read_time.
• "UNCHANGED": indicates that the finding was present and matched the given filter at the start of compare_duration and did not change state at read_time.
• "ADDED": indicates that the finding did not match the given filter or was not present at the start of compare_duration, but was present at read_time.
• "REMOVED": indicates that the finding was present and matched the filter at the start of compare_duration, but did not match the filter at read_time.

If compare_duration is not specified, then the only possible state_change is "UNUSED", which will be the state_change set for all findings present at read_time.

Optional. A field mask to specify the Finding fields to be listed in the response. An empty field mask will list all fields.

The value returned by the last ListFindingsResponse; indicates that this is a continuation of a prior ListFindings call, and that the system should return the next page of data.

The maximum number of results to return in a single response. Default is 10, minimum is 1, maximum is 1000.

Required. Name of the organization to list notification configs. Its format is "organizations/[organization_id]".

The value returned by the last ListNotificationConfigsResponse; indicates that this is a continuation of a prior ListNotificationConfigs call, and that the system should return the next page of data.

The maximum number of results to return in a single response. Default is 10, minimum is 1, maximum is 1000.

Required. Name of the organization to list notification configs. Its format is "organizations/[organization_id]".

The value returned by the last ListNotificationConfigsResponse; indicates that this is a continuation of a prior ListNotificationConfigs call, and that the system should return the next page of data.

The maximum number of results to return in a single response. Default is 10, minimum is 1, maximum is 1000.

Required. Name of the organization to list notification configs. Its format is "organizations/[organization_id]".

The value returned by the last ListNotificationConfigsResponse; indicates that this is a continuation of a prior ListNotificationConfigs call, and that the system should return the next page of data.

The maximum number of results to return in a single response. Default is 10, minimum is 1, maximum is 1000.

Required. Resource name of the parent of sources to list. Its format should be "organizations/[organization_id]".

The value returned by the last ListSourcesResponse; indicates that this is a continuation of a prior ListSources call, and that the system should return the next page of data.

The maximum number of results to return in a single response. Default is 10, minimum is 1, maximum is 1000.

Required. Resource name of the parent of sources to list. Its format should be "organizations/[organization_id]".

The value returned by the last ListSourcesResponse; indicates that this is a continuation of a prior ListSources call, and that the system should return the next page of data.

The maximum number of results to return in a single response. Default is 10, minimum is 1, maximum is 1000.

Required. Resource name of the parent of sources to list. Its format should be "organizations/[organization_id]".

The value returned by the last ListSourcesResponse; indicates that this is a continuation of a prior ListSources call, and that the system should return the next page of data.

The maximum number of results to return in a single response. Default is 10, minimum is 1, maximum is 1000.

Required. Name of the organization to run asset discovery for. Its format is "organizations/[organization_id]".

Required. The relative resource name of the finding. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name Example: "organizations/{organization_id}/sources/{source_id}/finding/{finding_id}".

Required. The desired State of the finding.

Required. The time at which the updated state takes effect.

REQUIRED: The resource for which the policy is being specified. See the operation documentation for the appropriate value for this field.

REQUIRED: The complete policy to be applied to the resource. The size of the policy is limited to a few 10s of KB. An empty policy is a valid policy but certain Cloud Platform services (such as Projects) might reject them.

REQUIRED: The resource for which the policy detail is being requested. See the operation documentation for the appropriate value for this field.

The set of permissions to check for the resource. Permissions with wildcards (such as '' or 'storage.') are not allowed. For more information see IAM Overview.

Required. The finding resource to update or create if it does not already exist. parent, security_marks, and update_time will be ignored.

In the case of creation, the finding id portion of the name must be alphanumeric and less than or equal to 32 characters and greater than 0 characters in length.

The FieldMask to use when updating the finding resource. This field should not be specified when creating a finding.

When updating a finding, an empty mask is treated as updating all mutable fields and replacing source_properties. Individual source_properties can be added/updated by using "source_properties." in the field mask.

Required. The notification config to update.

The FieldMask to use when updating the notification config.

If empty all mutable fields will be updated.

Required. The organization settings resource to update.

The FieldMask to use when updating the settings resource.

If empty all mutable fields will be updated.

Required. The security marks resource to update.

The FieldMask to use when updating the security marks resource.

The field mask must not contain duplicate fields. If empty or set to "marks", all marks will be replaced. Individual marks can be updated using "marks.<mark_key>".

The time at which the updated SecurityMarks take effect. If not set uses current server time. Updates will be applied to the SecurityMarks that are active immediately preceding this time.

Required. The source resource to update.

The FieldMask to use when updating the source resource.

If empty all mutable fields will be updated.