Types for Google Cloud Securitycenter v1p1beta1 API¶
- class google.cloud.securitycenter_v1p1beta1.types.Asset(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶
Bases:
proto.message.MessageSecurity Command Center representation of a Google Cloud resource.
The Asset is a Security Command Center resource that captures information about a single Google Cloud resource. All modifications to an Asset are only within the context of Security Command Center and don’t affect the referenced Google Cloud resource.
- name¶
The relative resource name of this asset. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name Example: “organizations/{organization_id}/assets/{asset_id}”.
- Type
- security_center_properties¶
Security Command Center managed properties. These properties are managed by Security Command Center and cannot be modified by the user.
- resource_properties¶
Resource managed properties. These properties are managed and defined by the Google Cloud resource and cannot be modified by the user.
- Type
MutableMapping[str, google.protobuf.struct_pb2.Value]
- security_marks¶
User specified security marks. These marks are entirely managed by the user and come from the SecurityMarks resource that belongs to the asset.
- create_time¶
The time at which the asset was created in Security Command Center.
- update_time¶
The time at which the asset was last updated or added in Cloud SCC.
- iam_policy¶
Cloud IAM Policy information associated with the Google Cloud resource described by the Security Command Center asset. This information is managed and defined by the Google Cloud resource and cannot be modified by the user.
- canonical_name¶
The canonical name of the resource. It’s either “organizations/{organization_id}/assets/{asset_id}”, “folders/{folder_id}/assets/{asset_id}” or “projects/{project_number}/assets/{asset_id}”, depending on the closest CRM ancestor of the resource.
- Type
- class IamPolicy(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶
Bases:
proto.message.MessageCloud IAM Policy information associated with the Google Cloud resource described by the Security Command Center asset. This information is managed and defined by the Google Cloud resource and cannot be modified by the user.
- policy_blob¶
The JSON representation of the Policy associated with the asset. See https://cloud.google.com/iam/docs/reference/rest/v1/Policy for format details.
- Type
- class ResourcePropertiesEntry(mapping=None, *, ignore_unknown_fields=False, **kwargs)¶
Bases:
proto.message.Message
- class SecurityCenterProperties(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶
Bases:
proto.message.MessageSecurity Command Center managed properties. These properties are managed by Security Command Center and cannot be modified by the user.
- resource_name¶
The full resource name of the Google Cloud resource this asset represents. This field is immutable after create time. See: https://cloud.google.com/apis/design/resource_names#full_resource_name
- Type
- resource_type¶
The type of the Google Cloud resource. Examples include: APPLICATION, PROJECT, and ORGANIZATION. This is a case insensitive field defined by Security Command Center and/or the producer of the resource and is immutable after create time.
- Type
- resource_parent¶
The full resource name of the immediate parent of the resource. See: https://cloud.google.com/apis/design/resource_names#full_resource_name
- Type
- resource_project¶
The full resource name of the project the resource belongs to. See: https://cloud.google.com/apis/design/resource_names#full_resource_name
- Type
- resource_parent_display_name¶
The user defined display name for the parent of this resource.
- Type
- resource_project_display_name¶
The user defined display name for the project of this resource.
- Type
- folders¶
Contains a Folder message for each folder in the assets ancestry. The first folder is the deepest nested folder, and the last folder is the folder directly under the Organization.
- Type
MutableSequence[google.cloud.securitycenter_v1p1beta1.types.Folder]
- class google.cloud.securitycenter_v1p1beta1.types.CreateFindingRequest(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶
Bases:
proto.message.MessageRequest message for creating a finding.
- parent¶
Required. Resource name of the new finding’s parent. Its format should be “organizations/[organization_id]/sources/[source_id]”.
- Type
- finding¶
Required. The Finding being created. The name and security_marks will be ignored as they are both output only fields on this resource.
- class google.cloud.securitycenter_v1p1beta1.types.CreateNotificationConfigRequest(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶
Bases:
proto.message.MessageRequest message for creating a notification config.
- parent¶
Required. Resource name of the new notification config’s parent. Its format is “organizations/[organization_id]”.
- Type
- config_id¶
Required. Unique identifier provided by the client within the parent scope. It must be between 1 and 128 characters, and contains alphanumeric characters, underscores or hyphens only.
- Type
- notification_config¶
Required. The notification config being created. The name and the service account will be ignored as they are both output only fields on this resource.
- class google.cloud.securitycenter_v1p1beta1.types.CreateSourceRequest(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶
Bases:
proto.message.MessageRequest message for creating a source.
- parent¶
Required. Resource name of the new source’s parent. Its format should be “organizations/[organization_id]”.
- Type
- source¶
Required. The Source being created, only the display_name and description will be used. All other fields will be ignored.
- class google.cloud.securitycenter_v1p1beta1.types.DeleteNotificationConfigRequest(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶
Bases:
proto.message.MessageRequest message for deleting a notification config.
- class google.cloud.securitycenter_v1p1beta1.types.Finding(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶
Bases:
proto.message.MessageSecurity Command Center finding.
A finding is a record of assessment data (security, risk, health or privacy) ingested into Security Command Center for presentation, notification, analysis, policy testing, and enforcement. For example, an XSS vulnerability in an App Engine application is a finding.
- name¶
The relative resource name of this finding. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name Example: “organizations/{organization_id}/sources/{source_id}/findings/{finding_id}”.
- Type
- parent¶
The relative resource name of the source the finding belongs to. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name This field is immutable after creation time. For example: “organizations/{organization_id}/sources/{source_id}”.
- Type
- resource_name¶
For findings on Google Cloud resources, the full resource name of the Google Cloud resource this finding is for. See: https://cloud.google.com/apis/design/resource_names#full_resource_name When the finding is for a non-Google Cloud resource, the resourceName can be a customer or partner defined string. This field is immutable after creation time.
- Type
- state¶
The state of the finding.
- category¶
The additional taxonomy group within findings from a given source. This field is immutable after creation time. Example: “XSS_FLASH_INJECTION”.
- Type
- external_uri¶
The URI that, if available, points to a web page outside of Security Command Center where additional information about the finding can be found. This field is guaranteed to be either empty or a well formed URL.
- Type
- source_properties¶
Source specific properties. These properties are managed by the source that writes the finding. The key names in the source_properties map must be between 1 and 255 characters, and must start with a letter and contain alphanumeric characters or underscores only.
- Type
MutableMapping[str, google.protobuf.struct_pb2.Value]
- security_marks¶
Output only. User specified security marks. These marks are entirely managed by the user and come from the SecurityMarks resource that belongs to the finding.
- event_time¶
The time at which the event took place, or when an update to the finding occurred. For example, if the finding represents an open firewall it would capture the time the detector believes the firewall became open. The accuracy is determined by the detector. If the finding were to be resolved afterward, this time would reflect when the finding was resolved. Must not be set to a value greater than the current timestamp.
- create_time¶
The time at which the finding was created in Security Command Center.
- severity¶
The severity of the finding. This field is managed by the source that writes the finding.
- canonical_name¶
The canonical name of the finding. It’s either “organizations/{organization_id}/sources/{source_id}/findings/{finding_id}”, “folders/{folder_id}/sources/{source_id}/findings/{finding_id}” or “projects/{project_number}/sources/{source_id}/findings/{finding_id}”, depending on the closest CRM ancestor of the resource associated with the finding.
- Type
- class Severity(value)[source]¶
Bases:
proto.enums.EnumThe severity of the finding. This field is managed by the source that writes the finding.
- Values:
- SEVERITY_UNSPECIFIED (0):
No severity specified. The default value.
- CRITICAL (1):
Critical severity.
- HIGH (2):
High severity.
- MEDIUM (3):
Medium severity.
- LOW (4):
Low severity.
- class SourcePropertiesEntry(mapping=None, *, ignore_unknown_fields=False, **kwargs)¶
Bases:
proto.message.Message
- class State(value)[source]¶
Bases:
proto.enums.EnumThe state of the finding.
- Values:
- STATE_UNSPECIFIED (0):
Unspecified state.
- ACTIVE (1):
The finding requires attention and has not been addressed yet.
- INACTIVE (2):
The finding has been fixed, triaged as a non-issue or otherwise addressed and is no longer active.
- class google.cloud.securitycenter_v1p1beta1.types.Folder(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶
Bases:
proto.message.MessageMessage that contains the resource name and display name of a folder resource.
- resource_folder¶
Full resource name of this folder. See: https://cloud.google.com/apis/design/resource_names#full_resource_name
- Type
- class google.cloud.securitycenter_v1p1beta1.types.GetNotificationConfigRequest(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶
Bases:
proto.message.MessageRequest message for getting a notification config.
- class google.cloud.securitycenter_v1p1beta1.types.GetOrganizationSettingsRequest(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶
Bases:
proto.message.MessageRequest message for getting organization settings.
- class google.cloud.securitycenter_v1p1beta1.types.GetSourceRequest(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶
Bases:
proto.message.MessageRequest message for getting a source.
- class google.cloud.securitycenter_v1p1beta1.types.GroupAssetsRequest(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶
Bases:
proto.message.MessageRequest message for grouping by assets.
- parent¶
Required. Name of the organization to groupBy. Its format is “organizations/[organization_id], folders/[folder_id], or projects/[project_id]”.
- Type
- filter¶
Expression that defines the filter to apply across assets. The expression is a list of zero or more restrictions combined via logical operators
ANDandOR. Parentheses are supported, andORhas higher precedence thanAND.Restrictions have the form
<field> <operator> <value>and may have a-character in front of them to indicate negation. The fields map to those defined in the Asset resource. Examples include:name
security_center_properties.resource_name
resource_properties.a_property
security_marks.marks.marka
The supported operators are:
=for all value types.>,<,>=,<=for integer values.:, meaning substring matching, for strings.
The supported value types are:
string literals in quotes.
integer literals without quotes.
boolean literals
trueandfalsewithout quotes.
The following field and operator combinations are supported:
name:
=update_time:
=,>,<,>=,<=Usage: This should be milliseconds since epoch or an RFC3339 string. Examples:
update_time = "2019-06-10T16:07:18-07:00"update_time = 1560208038000create_time:
=,>,<,>=,<=Usage: This should be milliseconds since epoch or an RFC3339 string. Examples:
create_time = "2019-06-10T16:07:18-07:00"create_time = 1560208038000iam_policy.policy_blob:
=,:resource_properties:
=,:,>,<,>=,<=security_marks.marks:
=,:security_center_properties.resource_name:
=,:security_center_properties.resource_name_display_name:
=,:security_center_properties.resource_type:
=,:security_center_properties.resource_parent:
=,:security_center_properties.resource_parent_display_name:
=,:security_center_properties.resource_project:
=,:security_center_properties.resource_project_display_name:
=,:security_center_properties.resource_owners:
=,:
For example,
resource_properties.size = 100is a valid filter string.Use a partial match on the empty string to filter based on a property existing:
resource_properties.my_property : ""Use a negated partial match on the empty string to filter based on a property not existing:
-resource_properties.my_property : ""- Type
- group_by¶
Required. Expression that defines what assets fields to use for grouping. The string value should follow SQL syntax: comma separated list of fields. For example: “security_center_properties.resource_project,security_center_properties.project”.
The following fields are supported when compare_duration is not set:
security_center_properties.resource_project
security_center_properties.resource_project_display_name
security_center_properties.resource_type
security_center_properties.resource_parent
security_center_properties.resource_parent_display_name
The following fields are supported when compare_duration is set:
security_center_properties.resource_type
security_center_properties.resource_project_display_name
security_center_properties.resource_parent_display_name
- Type
- compare_duration¶
When compare_duration is set, the GroupResult’s “state_change” property is updated to indicate whether the asset was added, removed, or remained present during the compare_duration period of time that precedes the read_time. This is the time between (read_time - compare_duration) and read_time.
The state change value is derived based on the presence of the asset at the two points in time. Intermediate state changes between the two times don’t affect the result. For example, the results aren’t affected if the asset is removed and re-created again.
Possible “state_change” values when compare_duration is specified:
“ADDED”: indicates that the asset was not present at the start of compare_duration, but present at reference_time.
“REMOVED”: indicates that the asset was present at the start of compare_duration, but not present at reference_time.
“ACTIVE”: indicates that the asset was present at both the start and the end of the time period defined by compare_duration and reference_time.
If compare_duration is not specified, then the only possible state_change is “UNUSED”, which will be the state_change set for all assets present at read_time.
If this field is set then
state_changemust be a specified field ingroup_by.
- read_time¶
Time used as a reference point when filtering assets. The filter is limited to assets existing at the supplied time and their values are those at that specific time. Absence of this field will default to the API’s version of NOW.
- page_token¶
The value returned by the last
GroupAssetsResponse; indicates that this is a continuation of a priorGroupAssetscall, and that the system should return the next page of data.- Type
- class google.cloud.securitycenter_v1p1beta1.types.GroupAssetsResponse(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶
Bases:
proto.message.MessageResponse message for grouping by assets.
- group_by_results¶
Group results. There exists an element for each existing unique combination of property/values. The element contains a count for the number of times those specific property/values appear.
- Type
MutableSequence[google.cloud.securitycenter_v1p1beta1.types.GroupResult]
- read_time¶
Time used for executing the groupBy request.
- next_page_token¶
Token to retrieve the next page of results, or empty if there are no more results.
- Type
- class google.cloud.securitycenter_v1p1beta1.types.GroupFindingsRequest(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶
Bases:
proto.message.MessageRequest message for grouping by findings.
- parent¶
Required. Name of the source to groupBy. Its format is “organizations/[organization_id]/sources/[source_id]”, folders/[folder_id]/sources/[source_id], or projects/[project_id]/sources/[source_id]. To groupBy across all sources provide a source_id of
-. For example: organizations/{organization_id}/sources/-, folders/{folder_id}/sources/-, or projects/{project_id}/sources/-- Type
- filter¶
Expression that defines the filter to apply across findings. The expression is a list of one or more restrictions combined via logical operators
ANDandOR. Parentheses are supported, andORhas higher precedence thanAND.Restrictions have the form
<field> <operator> <value>and may have a-character in front of them to indicate negation. Examples include:name
source_properties.a_property
security_marks.marks.marka
The supported operators are:
=for all value types.>,<,>=,<=for integer values.:, meaning substring matching, for strings.
The supported value types are:
string literals in quotes.
integer literals without quotes.
boolean literals
trueandfalsewithout quotes.
The following field and operator combinations are supported:
name:
=parent:
=,:resource_name:
=,:state:
=,:category:
=,:external_uri:
=,:event_time:
=,>,<,>=,<=severity:
=,:Usage: This should be milliseconds since epoch or an RFC3339 string. Examples:
event_time = "2019-06-10T16:07:18-07:00"event_time = 1560208038000security_marks.marks:
=,:source_properties:
=,:,>,<,>=,<=
For example,
source_properties.size = 100is a valid filter string.Use a partial match on the empty string to filter based on a property existing:
source_properties.my_property : ""Use a negated partial match on the empty string to filter based on a property not existing:
-source_properties.my_property : ""- Type
- group_by¶
Required. Expression that defines what assets fields to use for grouping (including
state_change). The string value should follow SQL syntax: comma separated list of fields. For example: “parent,resource_name”.The following fields are supported:
resource_name
category
state
parent
severity
The following fields are supported when compare_duration is set:
state_change
- Type
- read_time¶
Time used as a reference point when filtering findings. The filter is limited to findings existing at the supplied time and their values are those at that specific time. Absence of this field will default to the API’s version of NOW.
- compare_duration¶
When compare_duration is set, the GroupResult’s “state_change” attribute is updated to indicate whether the finding had its state changed, the finding’s state remained unchanged, or if the finding was added during the compare_duration period of time that precedes the read_time. This is the time between (read_time - compare_duration) and read_time.
The state_change value is derived based on the presence and state of the finding at the two points in time. Intermediate state changes between the two times don’t affect the result. For example, the results aren’t affected if the finding is made inactive and then active again.
Possible “state_change” values when compare_duration is specified:
“CHANGED”: indicates that the finding was present and matched the given filter at the start of compare_duration, but changed its state at read_time.
“UNCHANGED”: indicates that the finding was present and matched the given filter at the start of compare_duration and did not change state at read_time.
“ADDED”: indicates that the finding did not match the given filter or was not present at the start of compare_duration, but was present at read_time.
“REMOVED”: indicates that the finding was present and matched the filter at the start of compare_duration, but did not match the filter at read_time.
If compare_duration is not specified, then the only possible state_change is “UNUSED”, which will be the state_change set for all findings present at read_time.
If this field is set then
state_changemust be a specified field ingroup_by.
- page_token¶
The value returned by the last
GroupFindingsResponse; indicates that this is a continuation of a priorGroupFindingscall, and that the system should return the next page of data.- Type
- class google.cloud.securitycenter_v1p1beta1.types.GroupFindingsResponse(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶
Bases:
proto.message.MessageResponse message for group by findings.
- group_by_results¶
Group results. There exists an element for each existing unique combination of property/values. The element contains a count for the number of times those specific property/values appear.
- Type
MutableSequence[google.cloud.securitycenter_v1p1beta1.types.GroupResult]
- read_time¶
Time used for executing the groupBy request.
- next_page_token¶
Token to retrieve the next page of results, or empty if there are no more results.
- Type
- class google.cloud.securitycenter_v1p1beta1.types.GroupResult(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶
Bases:
proto.message.MessageResult containing the properties and count of a groupBy request.
- properties¶
Properties matching the groupBy fields in the request.
- Type
MutableMapping[str, google.protobuf.struct_pb2.Value]
- class PropertiesEntry(mapping=None, *, ignore_unknown_fields=False, **kwargs)¶
Bases:
proto.message.Message
- class google.cloud.securitycenter_v1p1beta1.types.ListAssetsRequest(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶
Bases:
proto.message.MessageRequest message for listing assets.
- parent¶
Required. Name of the organization assets should belong to. Its format is “organizations/[organization_id], folders/[folder_id], or projects/[project_id]”.
- Type
- filter¶
Expression that defines the filter to apply across assets. The expression is a list of zero or more restrictions combined via logical operators
ANDandOR. Parentheses are supported, andORhas higher precedence thanAND.Restrictions have the form
<field> <operator> <value>and may have a-character in front of them to indicate negation. The fields map to those defined in the Asset resource. Examples include:name
security_center_properties.resource_name
resource_properties.a_property
security_marks.marks.marka
The supported operators are:
=for all value types.>,<,>=,<=for integer values.:, meaning substring matching, for strings.
The supported value types are:
string literals in quotes.
integer literals without quotes.
boolean literals
trueandfalsewithout quotes.
The following are the allowed field and operator combinations:
name:
=update_time:
=,>,<,>=,<=Usage: This should be milliseconds since epoch or an RFC3339 string. Examples:
update_time = "2019-06-10T16:07:18-07:00"update_time = 1560208038000create_time:
=,>,<,>=,<=Usage: This should be milliseconds since epoch or an RFC3339 string. Examples:
create_time = "2019-06-10T16:07:18-07:00"create_time = 1560208038000iam_policy.policy_blob:
=,:resource_properties:
=,:,>,<,>=,<=security_marks.marks:
=,:security_center_properties.resource_name:
=,:security_center_properties.resource_display_name:
=,:security_center_properties.resource_type:
=,:security_center_properties.resource_parent:
=,:security_center_properties.resource_parent_display_name:
=,:security_center_properties.resource_project:
=,:security_center_properties.resource_project_display_name:
=,:security_center_properties.resource_owners:
=,:
For example,
resource_properties.size = 100is a valid filter string.Use a partial match on the empty string to filter based on a property existing:
resource_properties.my_property : ""Use a negated partial match on the empty string to filter based on a property not existing:
-resource_properties.my_property : ""- Type
- order_by¶
Expression that defines what fields and order to use for sorting. The string value should follow SQL syntax: comma separated list of fields. For example: “name,resource_properties.a_property”. The default sorting order is ascending. To specify descending order for a field, a suffix ” desc” should be appended to the field name. For example: “name desc,resource_properties.a_property”. Redundant space characters in the syntax are insignificant. “name desc,resource_properties.a_property” and ” name desc , resource_properties.a_property ” are equivalent.
The following fields are supported: name update_time resource_properties security_marks.marks security_center_properties.resource_name security_center_properties.resource_display_name security_center_properties.resource_parent security_center_properties.resource_parent_display_name security_center_properties.resource_project security_center_properties.resource_project_display_name security_center_properties.resource_type
- Type
- read_time¶
Time used as a reference point when filtering assets. The filter is limited to assets existing at the supplied time and their values are those at that specific time. Absence of this field will default to the API’s version of NOW.
- compare_duration¶
When compare_duration is set, the ListAssetsResult’s “state_change” attribute is updated to indicate whether the asset was added, removed, or remained present during the compare_duration period of time that precedes the read_time. This is the time between (read_time - compare_duration) and read_time.
The state_change value is derived based on the presence of the asset at the two points in time. Intermediate state changes between the two times don’t affect the result. For example, the results aren’t affected if the asset is removed and re-created again.
Possible “state_change” values when compare_duration is specified:
“ADDED”: indicates that the asset was not present at the start of compare_duration, but present at read_time.
“REMOVED”: indicates that the asset was present at the start of compare_duration, but not present at read_time.
“ACTIVE”: indicates that the asset was present at both the start and the end of the time period defined by compare_duration and read_time.
If compare_duration is not specified, then the only possible state_change is “UNUSED”, which will be the state_change set for all assets present at read_time.
- field_mask¶
A field mask to specify the ListAssetsResult fields to be listed in the response. An empty field mask will list all fields.
- page_token¶
The value returned by the last
ListAssetsResponse; indicates that this is a continuation of a priorListAssetscall, and that the system should return the next page of data.- Type
- class google.cloud.securitycenter_v1p1beta1.types.ListAssetsResponse(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶
Bases:
proto.message.MessageResponse message for listing assets.
- list_assets_results¶
Assets matching the list request.
- Type
MutableSequence[google.cloud.securitycenter_v1p1beta1.types.ListAssetsResponse.ListAssetsResult]
- read_time¶
Time used for executing the list request.
- next_page_token¶
Token to retrieve the next page of results, or empty if there are no more results.
- Type
- class ListAssetsResult(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶
Bases:
proto.message.MessageResult containing the Asset and its State.
- asset¶
Asset matching the search request.
- state_change¶
State change of the asset between the points in time.
- class StateChange(value)[source]¶
Bases:
proto.enums.EnumThe change in state of the asset.
When querying across two points in time this describes the change between the two points: ADDED, REMOVED, or ACTIVE. If there was no compare_duration supplied in the request the state change will be: UNUSED
- Values:
- UNUSED (0):
State change is unused, this is the canonical default for this enum.
- ADDED (1):
Asset was added between the points in time.
- REMOVED (2):
Asset was removed between the points in time.
- ACTIVE (3):
Asset was present at both point(s) in time.
- class google.cloud.securitycenter_v1p1beta1.types.ListFindingsRequest(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶
Bases:
proto.message.MessageRequest message for listing findings.
- parent¶
Required. Name of the source the findings belong to. Its format is “organizations/[organization_id]/sources/[source_id], folders/[folder_id]/sources/[source_id], or projects/[project_id]/sources/[source_id]”. To list across all sources provide a source_id of
-. For example: organizations/{organization_id}/sources/-, folders/{folder_id}/sources/- or projects/{projects_id}/sources/-- Type
- filter¶
Expression that defines the filter to apply across findings. The expression is a list of one or more restrictions combined via logical operators
ANDandOR. Parentheses are supported, andORhas higher precedence thanAND.Restrictions have the form
<field> <operator> <value>and may have a-character in front of them to indicate negation. Examples include:name
source_properties.a_property
security_marks.marks.marka
The supported operators are:
=for all value types.>,<,>=,<=for integer values.:, meaning substring matching, for strings.
The supported value types are:
string literals in quotes.
integer literals without quotes.
boolean literals
trueandfalsewithout quotes.
The following field and operator combinations are supported:
name:
=parent:
=,:resource_name:
=,:state:
=,:category:
=,:external_uri:
=,:event_time:
=,>,<,>=,<=severity:
=,:Usage: This should be milliseconds since epoch or an RFC3339 string. Examples:
event_time = "2019-06-10T16:07:18-07:00"event_time = 1560208038000
security_marks.marks:
=,:source_properties:=,:,>,<,>=,<=For example,
source_properties.size = 100is a valid filter string.Use a partial match on the empty string to filter based on a property existing:
source_properties.my_property : ""Use a negated partial match on the empty string to filter based on a property not existing:
-source_properties.my_property : ""- Type
- order_by¶
Expression that defines what fields and order to use for sorting. The string value should follow SQL syntax: comma separated list of fields. For example: “name,resource_properties.a_property”. The default sorting order is ascending. To specify descending order for a field, a suffix ” desc” should be appended to the field name. For example: “name desc,source_properties.a_property”. Redundant space characters in the syntax are insignificant. “name desc,source_properties.a_property” and ” name desc , source_properties.a_property ” are equivalent.
The following fields are supported: name parent state category resource_name event_time source_properties security_marks.marks
- Type
- read_time¶
Time used as a reference point when filtering findings. The filter is limited to findings existing at the supplied time and their values are those at that specific time. Absence of this field will default to the API’s version of NOW.
- compare_duration¶
When compare_duration is set, the ListFindingsResult’s “state_change” attribute is updated to indicate whether the finding had its state changed, the finding’s state remained unchanged, or if the finding was added in any state during the compare_duration period of time that precedes the read_time. This is the time between (read_time - compare_duration) and read_time.
The state_change value is derived based on the presence and state of the finding at the two points in time. Intermediate state changes between the two times don’t affect the result. For example, the results aren’t affected if the finding is made inactive and then active again.
Possible “state_change” values when compare_duration is specified:
“CHANGED”: indicates that the finding was present and matched the given filter at the start of compare_duration, but changed its state at read_time.
“UNCHANGED”: indicates that the finding was present and matched the given filter at the start of compare_duration and did not change state at read_time.
“ADDED”: indicates that the finding did not match the given filter or was not present at the start of compare_duration, but was present at read_time.
“REMOVED”: indicates that the finding was present and matched the filter at the start of compare_duration, but did not match the filter at read_time.
If compare_duration is not specified, then the only possible state_change is “UNUSED”, which will be the state_change set for all findings present at read_time.
- field_mask¶
A field mask to specify the Finding fields to be listed in the response. An empty field mask will list all fields.
- page_token¶
The value returned by the last
ListFindingsResponse; indicates that this is a continuation of a priorListFindingscall, and that the system should return the next page of data.- Type
- class google.cloud.securitycenter_v1p1beta1.types.ListFindingsResponse(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶
Bases:
proto.message.MessageResponse message for listing findings.
- list_findings_results¶
Findings matching the list request.
- Type
MutableSequence[google.cloud.securitycenter_v1p1beta1.types.ListFindingsResponse.ListFindingsResult]
- read_time¶
Time used for executing the list request.
- next_page_token¶
Token to retrieve the next page of results, or empty if there are no more results.
- Type
- class ListFindingsResult(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶
Bases:
proto.message.MessageResult containing the Finding and its StateChange.
- finding¶
Finding matching the search request.
- state_change¶
State change of the finding between the points in time.
- resource¶
Output only. Resource that is associated with this finding.
- class Resource(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶
Bases:
proto.message.MessageInformation related to the Google Cloud resource that is associated with this finding.
- name¶
The full resource name of the resource. See: https://cloud.google.com/apis/design/resource_names#full_resource_name
- Type
- folders¶
Contains a Folder message for each folder in the assets ancestry. The first folder is the deepest nested folder, and the last folder is the folder directly under the Organization.
- Type
MutableSequence[google.cloud.securitycenter_v1p1beta1.types.Folder]
- class StateChange(value)[source]¶
Bases:
proto.enums.EnumThe change in state of the finding.
When querying across two points in time this describes the change in the finding between the two points: CHANGED, UNCHANGED, ADDED, or REMOVED. Findings can not be deleted, so REMOVED implies that the finding at timestamp does not match the filter specified, but it did at timestamp - compare_duration. If there was no compare_duration supplied in the request the state change will be: UNUSED
- Values:
- UNUSED (0):
State change is unused, this is the canonical default for this enum.
- CHANGED (1):
The finding has changed state in some way between the points in time and existed at both points.
- UNCHANGED (2):
The finding has not changed state between the points in time and existed at both points.
- ADDED (3):
The finding was created between the points in time.
- REMOVED (4):
The finding at timestamp does not match the filter specified, but it did at timestamp - compare_duration.
- class google.cloud.securitycenter_v1p1beta1.types.ListNotificationConfigsRequest(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶
Bases:
proto.message.MessageRequest message for listing notification configs.
- parent¶
Required. Name of the organization to list notification configs. Its format is “organizations/[organization_id]”.
- Type
- page_token¶
The value returned by the last
ListNotificationConfigsResponse; indicates that this is a continuation of a priorListNotificationConfigscall, and that the system should return the next page of data.- Type
- class google.cloud.securitycenter_v1p1beta1.types.ListNotificationConfigsResponse(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶
Bases:
proto.message.MessageResponse message for listing notification configs.
- notification_configs¶
Notification configs belonging to the requested parent.
- Type
MutableSequence[google.cloud.securitycenter_v1p1beta1.types.NotificationConfig]
- class google.cloud.securitycenter_v1p1beta1.types.ListSourcesRequest(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶
Bases:
proto.message.MessageRequest message for listing sources.
- parent¶
Required. Resource name of the parent of sources to list. Its format should be “organizations/[organization_id], folders/[folder_id], or projects/[project_id]”.
- Type
- page_token¶
The value returned by the last
ListSourcesResponse; indicates that this is a continuation of a priorListSourcescall, and that the system should return the next page of data.- Type
- class google.cloud.securitycenter_v1p1beta1.types.ListSourcesResponse(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶
Bases:
proto.message.MessageResponse message for listing sources.
- sources¶
Sources belonging to the requested parent.
- Type
MutableSequence[google.cloud.securitycenter_v1p1beta1.types.Source]
- class google.cloud.securitycenter_v1p1beta1.types.NotificationConfig(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶
Bases:
proto.message.MessageSecurity Command Center notification configs.
A notification config is a Security Command Center resource that contains the configuration to send notifications for create/update events of findings, assets and etc.
- name¶
The relative resource name of this notification config. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name Example: “organizations/{organization_id}/notificationConfigs/notify_public_bucket”.
- Type
- event_type¶
The type of events the config is for, e.g. FINDING.
- pubsub_topic¶
The Pub/Sub topic to send notifications to. Its format is “projects/[project_id]/topics/[topic]”.
- Type
- service_account¶
Output only. The service account that needs “pubsub.topics.publish” permission to publish to the Pub/Sub topic.
- Type
- streaming_config¶
The config for triggering streaming-based notifications.
This field is a member of oneof
notify_config.
- class EventType(value)[source]¶
Bases:
proto.enums.EnumThe type of events.
- Values:
- EVENT_TYPE_UNSPECIFIED (0):
Unspecified event type.
- FINDING (1):
Events for findings.
- class StreamingConfig(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶
Bases:
proto.message.MessageThe config for streaming-based notifications, which send each event as soon as it is detected.
- filter¶
Expression that defines the filter to apply across create/update events of assets or findings as specified by the event type. The expression is a list of zero or more restrictions combined via logical operators
ANDandOR. Parentheses are supported, andORhas higher precedence thanAND.Restrictions have the form
<field> <operator> <value>and may have a-character in front of them to indicate negation. The fields map to those defined in the corresponding resource.The supported operators are:
=for all value types.>,<,>=,<=for integer values.:, meaning substring matching, for strings.
The supported value types are:
string literals in quotes.
integer literals without quotes.
boolean literals
trueandfalsewithout quotes.
- Type
- class google.cloud.securitycenter_v1p1beta1.types.NotificationMessage(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶
Bases:
proto.message.MessageSecurity Command Center’s Notification
- notification_config_name¶
Name of the notification config that generated current notification.
- Type
- finding¶
If it’s a Finding based notification config, this field will be populated.
This field is a member of oneof
event.
- resource¶
The Cloud resource tied to the notification.
- class google.cloud.securitycenter_v1p1beta1.types.OrganizationSettings(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶
Bases:
proto.message.MessageUser specified settings that are attached to the Security Command Center organization.
- name¶
The relative resource name of the settings. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name Example: “organizations/{organization_id}/organizationSettings”.
- Type
- enable_asset_discovery¶
A flag that indicates if Asset Discovery should be enabled. If the flag is set to
true, then discovery of assets will occur. If it is set to `false, all historical assets will remain, but discovery of future assets will not occur.- Type
- asset_discovery_config¶
The configuration used for Asset Discovery runs.
- class AssetDiscoveryConfig(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶
Bases:
proto.message.MessageThe configuration used for Asset Discovery runs.
- inclusion_mode¶
The mode to use for filtering asset discovery.
- folder_ids¶
The folder ids to use for filtering asset discovery. It consists of only digits, e.g., 756619654966.
- Type
MutableSequence[str]
- class InclusionMode(value)[source]¶
Bases:
proto.enums.EnumThe mode of inclusion when running Asset Discovery. Asset discovery can be limited by explicitly identifying projects to be included or excluded. If INCLUDE_ONLY is set, then only those projects within the organization and their children are discovered during asset discovery. If EXCLUDE is set, then projects that don’t match those projects are discovered during asset discovery. If neither are set, then all projects within the organization are discovered during asset discovery.
- Values:
- INCLUSION_MODE_UNSPECIFIED (0):
Unspecified. Setting the mode with this value will disable inclusion/exclusion filtering for Asset Discovery.
- INCLUDE_ONLY (1):
Asset Discovery will capture only the resources within the projects specified. All other resources will be ignored.
- EXCLUDE (2):
Asset Discovery will ignore all resources under the projects specified. All other resources will be retrieved.
- class google.cloud.securitycenter_v1p1beta1.types.Resource(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶
Bases:
proto.message.MessageInformation related to the Google Cloud resource.
- name¶
The full resource name of the resource. See: https://cloud.google.com/apis/design/resource_names#full_resource_name
- Type
- folders¶
Output only. Contains a Folder message for each folder in the assets ancestry. The first folder is the deepest nested folder, and the last folder is the folder directly under the Organization.
- Type
MutableSequence[google.cloud.securitycenter_v1p1beta1.types.Folder]
- class google.cloud.securitycenter_v1p1beta1.types.RunAssetDiscoveryRequest(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶
Bases:
proto.message.MessageRequest message for running asset discovery for an organization.
- class google.cloud.securitycenter_v1p1beta1.types.RunAssetDiscoveryResponse(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶
Bases:
proto.message.MessageResponse of asset discovery run
- state¶
The state of an asset discovery run.
- duration¶
The duration between asset discovery run start and end
- class State(value)[source]¶
Bases:
proto.enums.EnumThe state of an asset discovery run.
- Values:
- STATE_UNSPECIFIED (0):
Asset discovery run state was unspecified.
- COMPLETED (1):
Asset discovery run completed successfully.
- SUPERSEDED (2):
Asset discovery run was cancelled with tasks still pending, as another run for the same organization was started with a higher priority.
- TERMINATED (3):
Asset discovery run was killed and terminated.
- class google.cloud.securitycenter_v1p1beta1.types.SecurityMarks(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶
Bases:
proto.message.MessageUser specified security marks that are attached to the parent Security Command Center resource. Security marks are scoped within a Security Command Center organization – they can be modified and viewed by all users who have proper permissions on the organization.
- name¶
The relative resource name of the SecurityMarks. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name Examples: “organizations/{organization_id}/assets/{asset_id}/securityMarks” “organizations/{organization_id}/sources/{source_id}/findings/{finding_id}/securityMarks”.
- Type
- marks¶
Mutable user specified security marks belonging to the parent resource. Constraints are as follows:
Keys and values are treated as case insensitive
Keys must be between 1 - 256 characters (inclusive)
Keys must be letters, numbers, underscores, or dashes
Values have leading and trailing whitespace trimmed, remaining characters must be between 1 - 4096 characters (inclusive)
- canonical_name¶
The canonical name of the marks. Examples: “organizations/{organization_id}/assets/{asset_id}/securityMarks” “folders/{folder_id}/assets/{asset_id}/securityMarks” “projects/{project_number}/assets/{asset_id}/securityMarks” “organizations/{organization_id}/sources/{source_id}/findings/{finding_id}/securityMarks” “folders/{folder_id}/sources/{source_id}/findings/{finding_id}/securityMarks” “projects/{project_number}/sources/{source_id}/findings/{finding_id}/securityMarks”.
- Type
- class MarksEntry(mapping=None, *, ignore_unknown_fields=False, **kwargs)¶
Bases:
proto.message.Message
- class google.cloud.securitycenter_v1p1beta1.types.SetFindingStateRequest(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶
Bases:
proto.message.MessageRequest message for updating a finding’s state.
- name¶
Required. The relative resource name of the finding. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name Example: “organizations/{organization_id}/sources/{source_id}/finding/{finding_id}”.
- Type
- state¶
Required. The desired State of the finding.
- start_time¶
Required. The time at which the updated state takes effect.
- class google.cloud.securitycenter_v1p1beta1.types.Source(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶
Bases:
proto.message.MessageSecurity Command Center finding source. A finding source is an entity or a mechanism that can produce a finding. A source is like a container of findings that come from the same scanner, logger, monitor, etc.
- name¶
The relative resource name of this source. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name Example: “organizations/{organization_id}/sources/{source_id}”.
- Type
- display_name¶
The source’s display name. A source’s display name must be unique amongst its siblings, for example, two sources with the same parent can’t share the same display name. The display name must have a length between 1 and 64 characters (inclusive).
- Type
- description¶
The description of the source (max of 1024 characters). Example:
“Web Security Scanner is a web security scanner for common vulnerabilities in App Engine applications. It can automatically scan and detect four common vulnerabilities, including cross-site-scripting (XSS), Flash injection, mixed content (HTTP in HTTPS), and outdated/insecure libraries.”.
- Type
- canonical_name¶
The canonical name of the finding. It’s either “organizations/{organization_id}/sources/{source_id}”, “folders/{folder_id}/sources/{source_id}” or “projects/{project_number}/sources/{source_id}”, depending on the closest CRM ancestor of the resource associated with the finding.
- Type
- class google.cloud.securitycenter_v1p1beta1.types.UpdateFindingRequest(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶
Bases:
proto.message.MessageRequest message for updating or creating a finding.
- finding¶
Required. The finding resource to update or create if it does not already exist. parent, security_marks, and update_time will be ignored.
In the case of creation, the finding id portion of the name must be alphanumeric and less than or equal to 32 characters and greater than 0 characters in length.
- update_mask¶
The FieldMask to use when updating the finding resource. This field should not be specified when creating a finding.
When updating a finding, an empty mask is treated as updating all mutable fields and replacing source_properties. Individual source_properties can be added/updated by using “source_properties.” in the field mask.
- class google.cloud.securitycenter_v1p1beta1.types.UpdateNotificationConfigRequest(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶
Bases:
proto.message.MessageRequest message for updating a notification config.
- notification_config¶
Required. The notification config to update.
- update_mask¶
The FieldMask to use when updating the notification config. If empty all mutable fields will be updated.
- class google.cloud.securitycenter_v1p1beta1.types.UpdateOrganizationSettingsRequest(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶
Bases:
proto.message.MessageRequest message for updating an organization’s settings.
- organization_settings¶
Required. The organization settings resource to update.
- update_mask¶
The FieldMask to use when updating the settings resource. If empty all mutable fields will be updated.
- class google.cloud.securitycenter_v1p1beta1.types.UpdateSecurityMarksRequest(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶
Bases:
proto.message.MessageRequest message for updating a SecurityMarks resource.
- security_marks¶
Required. The security marks resource to update.
- update_mask¶
The FieldMask to use when updating the security marks resource.
The field mask must not contain duplicate fields. If empty or set to “marks”, all marks will be replaced. Individual marks can be updated using “marks.<mark_key>”.
- start_time¶
The time at which the updated SecurityMarks take effect. If not set uses current server time. Updates will be applied to the SecurityMarks that are active immediately preceding this time.
- class google.cloud.securitycenter_v1p1beta1.types.UpdateSourceRequest(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶
Bases:
proto.message.MessageRequest message for updating a source.
- source¶
Required. The source resource to update.
- update_mask¶
The FieldMask to use when updating the source resource. If empty all mutable fields will be updated.
