As of January 1, 2020 this library no longer supports Python 2 on the latest released version. Library versions released prior to that date will continue to be available. For more information please visit Python 2 support on Google Cloud.

Types for Google Cloud Securitycenter v2 API

class google.cloud.securitycenter_v2.types.Access(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

Represents an access event.

principal_email

Associated email, such as “foo@google.com”.

The email address of the authenticated user or a service account acting on behalf of a third party principal making the request. For third party identity callers, the principal_subject field is populated instead of this field. For privacy reasons, the principal email address is sometimes redacted. For more information, see Caller identities in audit logs.

Type

str

caller_ip

Caller’s IP address, such as “1.1.1.1”.

Type

str

caller_ip_geo

The caller IP’s geolocation, which identifies where the call came from.

Type

google.cloud.securitycenter_v2.types.Geolocation

user_agent_family

Type of user agent associated with the finding. For example, an operating system shell or an embedded or standalone application.

Type

str

user_agent

The caller’s user agent string associated with the finding.

Type

str

service_name

This is the API service that the service account made a call to, e.g. “iam.googleapis.com”.

Type

str

method_name

The method that the service account called, e.g. “SetIamPolicy”.

Type

str

principal_subject

A string that represents the principal_subject that is associated with the identity. Unlike principal_email, principal_subject supports principals that aren’t associated with email addresses, such as third party principals. For most identities, the format is principal://iam.googleapis.com/{identity pool name}/subject/{subject}. Some GKE identities, such as GKE_WORKLOAD, FREEFORM, and GKE_HUB_WORKLOAD, still use the legacy format serviceAccount:{identity pool name}[{subject}].

Type

str

service_account_key_name

The name of the service account key that was used to create or exchange credentials when authenticating the service account that made the request. This is a scheme-less URI full resource name. For example:

“//iam.googleapis.com/projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}”.

Type

str

service_account_delegation_info

The identity delegation history of an authenticated service account that made the request. The serviceAccountDelegationInfo[] object contains information about the real authorities that try to access Google Cloud resources by delegating on a service account. When multiple authorities are present, they are guaranteed to be sorted based on the original ordering of the identity delegation events.

Type

MutableSequence[google.cloud.securitycenter_v2.types.ServiceAccountDelegationInfo]

user_name

A string that represents a username. The username provided depends on the type of the finding and is likely not an IAM principal. For example, this can be a system username if the finding is related to a virtual machine, or it can be an application login username.

Type

str

class google.cloud.securitycenter_v2.types.AdaptiveProtection(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

Information about Google Cloud Armor Adaptive Protection.

confidence

A score of 0 means that there is low confidence that the detected event is an actual attack. A score of 1 means that there is high confidence that the detected event is an attack. See the Adaptive Protection documentation for further explanation.

Type

float

class google.cloud.securitycenter_v2.types.Application(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

Represents an application associated with a finding.

base_uri

The base URI that identifies the network location of the application in which the vulnerability was detected. For example, http://example.com.

Type

str

full_uri

The full URI with payload that could be used to reproduce the vulnerability. For example, http://example.com?p=aMmYgI6H.

Type

str

class google.cloud.securitycenter_v2.types.Attack(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

Information about DDoS attack volume and classification.

volume_pps

Total PPS (packets per second) volume of attack.

Type

int

volume_bps

Total BPS (bytes per second) volume of attack.

Type

int

classification

Type of attack, for example, ‘SYN-flood’, ‘NTP-udp’, or ‘CHARGEN-udp’.

Type

str

class google.cloud.securitycenter_v2.types.AttackExposure(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

An attack exposure contains the results of an attack path simulation run.

score

A number between 0 (inclusive) and infinity that represents how important this finding is to remediate. The higher the score, the more important it is to remediate.

Type

float

latest_calculation_time

The most recent time the attack exposure was updated on this finding.

Type

google.protobuf.timestamp_pb2.Timestamp

attack_exposure_result

The resource name of the attack path simulation result that contains the details regarding this attack exposure score. Example: organizations/123/simulations/456/attackExposureResults/789

Type

str

state

Output only. What state this AttackExposure is in. This captures whether or not an attack exposure has been calculated or not.

Type

google.cloud.securitycenter_v2.types.AttackExposure.State

exposed_high_value_resources_count

The number of high value resources that are exposed as a result of this finding.

Type

int

exposed_medium_value_resources_count

The number of medium value resources that are exposed as a result of this finding.

Type

int

exposed_low_value_resources_count

The number of high value resources that are exposed as a result of this finding.

Type

int

class State(value)

Bases: proto.enums.Enum

This enum defines the various states an AttackExposure can be in.

Values:

STATE_UNSPECIFIED (0):

The state is not specified.

CALCULATED (1):

The attack exposure has been calculated.

NOT_CALCULATED (2):

The attack exposure has not been calculated.

class google.cloud.securitycenter_v2.types.AttackPath(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

A path that an attacker could take to reach an exposed resource.

name

The attack path name, for example, organizations/12/simulations/34/valuedResources/56/attackPaths/78

Type

str

path_nodes

A list of nodes that exist in this attack path.

Type

MutableSequence[google.cloud.securitycenter_v2.types.AttackPath.AttackPathNode]

edges

A list of the edges between nodes in this attack path.

Type

MutableSequence[google.cloud.securitycenter_v2.types.AttackPath.AttackPathEdge]

class AttackPathEdge(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

Represents a connection between a source node and a destination node in this attack path.

source

The attack node uuid of the source node.

Type

str

destination

The attack node uuid of the destination node.

Type

str

class AttackPathNode(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

Represents one point that an attacker passes through in this attack path.

resource

The name of the resource at this point in the attack path. The format of the name follows the Cloud Asset Inventory resource name format

Type

str

resource_type

The supported resource type

Type

str

display_name

Human-readable name of this resource.

Type

str

associated_findings

The findings associated with this node in the attack path.

Type

MutableSequence[google.cloud.securitycenter_v2.types.AttackPath.AttackPathNode.PathNodeAssociatedFinding]

uuid

Unique id of the attack path node.

Type

str

attack_steps

A list of attack step nodes that exist in this attack path node.

Type

MutableSequence[google.cloud.securitycenter_v2.types.AttackPath.AttackPathNode.AttackStepNode]

class AttackStepNode(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

Detailed steps the attack can take between path nodes.

uuid

Unique ID for one Node

Type

str

type_

Attack step type. Can be either AND, OR or DEFENSE

Type

google.cloud.securitycenter_v2.types.AttackPath.AttackPathNode.NodeType

display_name

User friendly name of the attack step

Type

str

labels

Attack step labels for metadata

Type

MutableMapping[str, str]

description

Attack step description

Type

str

class LabelsEntry(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

class NodeType(value)

Bases: proto.enums.Enum

The type of the incoming attack step node.

Values:

NODE_TYPE_UNSPECIFIED (0):

Type not specified

NODE_TYPE_AND (1):

Incoming edge joined with AND

NODE_TYPE_OR (2):

Incoming edge joined with OR

NODE_TYPE_DEFENSE (3):

Incoming edge is defense

NODE_TYPE_ATTACKER (4):

Incoming edge is attacker

class PathNodeAssociatedFinding(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

A finding that is associated with this node in the attack path.

canonical_finding

Canonical name of the associated findings. Example: organizations/123/sources/456/findings/789

Type

str

finding_category

The additional taxonomy group within findings from a given source.

Type

str

name

Full resource name of the finding.

Type

str

class google.cloud.securitycenter_v2.types.AwsMetadata(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

AWS metadata associated with the resource, only applicable if the finding’s cloud provider is Amazon Web Services.

organization

The AWS organization associated with the resource.

Type

google.cloud.securitycenter_v2.types.AwsMetadata.AwsOrganization

organizational_units

A list of AWS organizational units associated with the resource, ordered from lowest level (closest to the account) to highest level.

Type

MutableSequence[google.cloud.securitycenter_v2.types.AwsMetadata.AwsOrganizationalUnit]

account

The AWS account associated with the resource.

Type

google.cloud.securitycenter_v2.types.AwsMetadata.AwsAccount

class AwsAccount(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

An AWS account that is a member of an organization.

id

The unique identifier (ID) of the account, containing exactly 12 digits.

Type

str

name

The friendly name of this account.

Type

str

class AwsOrganization(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

An organization is a collection of accounts that are centrally managed together using consolidated billing, organized hierarchically with organizational units (OUs), and controlled with policies.

id

The unique identifier (ID) for the organization. The regex pattern for an organization ID string requires “o-” followed by from 10 to 32 lowercase letters or digits.

Type

str

class AwsOrganizationalUnit(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

An Organizational Unit (OU) is a container of AWS accounts within a root of an organization. Policies that are attached to an OU apply to all accounts contained in that OU and in any child OUs.

id

The unique identifier (ID) associated with this OU. The regex pattern for an organizational unit ID string requires “ou-” followed by from 4 to 32 lowercase letters or digits (the ID of the root that contains the OU). This string is followed by a second “-” dash and from 8 to 32 additional lowercase letters or digits. For example, “ou-ab12-cd34ef56”.

Type

str

name

The friendly name of the OU.

Type

str

class google.cloud.securitycenter_v2.types.AzureMetadata(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

Azure metadata associated with the resource, only applicable if the finding’s cloud provider is Microsoft Azure.

management_groups

A list of Azure management groups associated with the resource, ordered from lowest level (closest to the subscription) to highest level.

Type

MutableSequence[google.cloud.securitycenter_v2.types.AzureMetadata.AzureManagementGroup]

subscription

The Azure subscription associated with the resource.

Type

google.cloud.securitycenter_v2.types.AzureMetadata.AzureSubscription

resource_group

The Azure resource group associated with the resource.

Type

google.cloud.securitycenter_v2.types.AzureMetadata.AzureResourceGroup

class AzureManagementGroup(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

Represents an Azure management group.

id

The UUID of the Azure management group, for example, 20000000-0001-0000-0000-000000000000.

Type

str

display_name

The display name of the Azure management group.

Type

str

class AzureResourceGroup(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

Represents an Azure resource group.

name

The name of the Azure resource group. This is not a UUID.

Type

str

class AzureSubscription(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

Represents an Azure subscription.

id

The UUID of the Azure subscription, for example, 291bba3f-e0a5-47bc-a099-3bdcb2a50a05.

Type

str

display_name

The display name of the Azure subscription.

Type

str

class google.cloud.securitycenter_v2.types.BackupDisasterRecovery(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

Information related to Google Cloud Backup and DR Service findings.

backup_template

The name of a Backup and DR template which comprises one or more backup policies. See the Backup and DR documentation for more information. For example, snap-ov.

Type

str

policies

The names of Backup and DR policies that are associated with a template and that define when to run a backup, how frequently to run a backup, and how long to retain the backup image. For example, onvaults.

Type

MutableSequence[str]

host

The name of a Backup and DR host, which is managed by the backup and recovery appliance and known to the management console. The host can be of type Generic (for example, Compute Engine, SQL Server, Oracle DB, SMB file system, etc.), vCenter, or an ESX server. See the Backup and DR documentation on hosts for more information. For example, centos7-01.

Type

str

applications

The names of Backup and DR applications. An application is a VM, database, or file system on a managed host monitored by a backup and recovery appliance. For example, centos7-01-vol00, centos7-01-vol01, centos7-01-vol02.

Type

MutableSequence[str]

storage_pool

The name of the Backup and DR storage pool that the backup and recovery appliance is storing data in. The storage pool could be of type Cloud, Primary, Snapshot, or OnVault. See the Backup and DR documentation on storage pools. For example, DiskPoolOne.

Type

str

policy_options

The names of Backup and DR advanced policy options of a policy applying to an application. See the Backup and DR documentation on policy options. For example, skipofflineappsincongrp, nounmap.

Type

MutableSequence[str]

profile

The name of the Backup and DR resource profile that specifies the storage media for backups of application and VM data. See the Backup and DR documentation on profiles. For example, GCP.

Type

str

appliance

The name of the Backup and DR appliance that captures, moves, and manages the lifecycle of backup data. For example, backup-server-57137.

Type

str

backup_type

The backup type of the Backup and DR image. For example, Snapshot, Remote Snapshot, OnVault.

Type

str

backup_create_time

The timestamp at which the Backup and DR backup was created.

Type

google.protobuf.timestamp_pb2.Timestamp

class google.cloud.securitycenter_v2.types.BatchCreateResourceValueConfigsRequest(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

Request message to create multiple resource value configs

parent

Required. Resource name of the new ResourceValueConfig’s parent. The parent field in the CreateResourceValueConfigRequest messages must either be empty or match this field.

Type

str

requests

Required. The resource value configs to be created.

Type

MutableSequence[google.cloud.securitycenter_v2.types.CreateResourceValueConfigRequest]

class google.cloud.securitycenter_v2.types.BatchCreateResourceValueConfigsResponse(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

Response message for BatchCreateResourceValueConfigs

resource_value_configs

The resource value configs created

Type

MutableSequence[google.cloud.securitycenter_v2.types.ResourceValueConfig]

class google.cloud.securitycenter_v2.types.BigQueryExport(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

Configures how to deliver Findings to BigQuery Instance.

name

Identifier. The relative resource name of this export. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name. The following list shows some examples:

organizations/{organization_id}/locations/{location_id}/bigQueryExports/{export_id}

• folders/{folder_id}/locations/{location_id}/bigQueryExports/{export_id}

projects/{project_id}/locations/{location_id}/bigQueryExports/{export_id}

This field is provided in responses, and is ignored when provided in create requests.

Type

str

description

The description of the export (max of 1024 characters).

Type

str

filter

Expression that defines the filter to apply across create/update events of findings. The expression is a list of zero or more restrictions combined via logical operators AND and OR. Parentheses are supported, and OR has higher precedence than AND.

Restrictions have the form <field> <operator> <value> and may have a - character in front of them to indicate negation. The fields map to those defined in the corresponding resource.

The supported operators are:

• = for all value types.

• >, <, >=, <= for integer values.

• :, meaning substring matching, for strings.

The supported value types are:

• string literals in quotes.

• integer literals without quotes.

• boolean literals true and false without quotes.

Type

str

dataset

The dataset to write findings’ updates to. Its format is “projects/[project_id]/datasets/[bigquery_dataset_id]”. BigQuery dataset unique ID must contain only letters (a-z, A-Z), numbers (0-9), or underscores (_).

Type

str

create_time

Output only. The time at which the BigQuery export was created. This field is set by the server and will be ignored if provided on export on creation.

Type

google.protobuf.timestamp_pb2.Timestamp

update_time

Output only. The most recent time at which the BigQuery export was updated. This field is set by the server and will be ignored if provided on export creation or update.

Type

google.protobuf.timestamp_pb2.Timestamp

most_recent_editor

Output only. Email address of the user who last edited the BigQuery export. This field is set by the server and will be ignored if provided on export creation or update.

Type

str

principal

Output only. The service account that needs permission to create table and upload data to the BigQuery dataset.

Type

str

class google.cloud.securitycenter_v2.types.BulkMuteFindingsRequest(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

Request message for bulk findings update.

Note:

1. If multiple bulk update requests match the same resource, the

   order in which they get executed is not defined.

2. Once a bulk operation is started, there is no way to stop it.

parent

Required. The parent, at which bulk action needs to be applied. If no location is specified, findings are updated in global. The following list shows some examples:

• organizations/[organization_id]

• organizations/[organization_id]/locations/[location_id]

• folders/[folder_id]

• folders/[folder_id]/locations/[location_id]

• projects/[project_id]

• projects/[project_id]/locations/[location_id]

Type

str

filter

Expression that identifies findings that should be updated. The expression is a list of zero or more restrictions combined via logical operators AND and OR. Parentheses are supported, and OR has higher precedence than AND.

Restrictions have the form <field> <operator> <value> and may have a - character in front of them to indicate negation. The fields map to those defined in the corresponding resource.

The supported operators are:

• = for all value types.

• >, <, >=, <= for integer values.

• :, meaning substring matching, for strings.

The supported value types are:

• string literals in quotes.

• integer literals without quotes.

• boolean literals true and false without quotes.

Type

str

mute_state

Optional. All findings matching the given filter will have their mute state set to this value. The default value is MUTED. Setting this to UNDEFINED will clear the mute state on all matching findings.

Type

google.cloud.securitycenter_v2.types.BulkMuteFindingsRequest.MuteState

class MuteState(value)

Bases: proto.enums.Enum

The mute state.

Values:

MUTE_STATE_UNSPECIFIED (0):

Unused.

MUTED (1):

Matching findings will be muted (default).

UNDEFINED (2):

Matching findings will have their mute state cleared.

class google.cloud.securitycenter_v2.types.BulkMuteFindingsResponse(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

The response to a BulkMute request. Contains the LRO information.

class google.cloud.securitycenter_v2.types.CloudArmor(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

Fields related to Google Cloud Armor findings.

security_policy

Information about the Google Cloud Armor security policy relevant to the finding.

Type

google.cloud.securitycenter_v2.types.SecurityPolicy

requests

Information about incoming requests evaluated by Google Cloud Armor security policies.

Type

google.cloud.securitycenter_v2.types.Requests

adaptive_protection

Information about potential Layer 7 DDoS attacks identified by Google Cloud Armor Adaptive Protection.

Type

google.cloud.securitycenter_v2.types.AdaptiveProtection

attack

Information about DDoS attack volume and classification.

Type

google.cloud.securitycenter_v2.types.Attack

threat_vector

Distinguish between volumetric & protocol DDoS attack and application layer attacks. For example, “L3_4” for Layer 3 and Layer 4 DDoS attacks, or “L_7” for Layer 7 DDoS attacks.

Type

str

duration

Duration of attack from the start until the current moment (updated every 5 minutes).

Type

google.protobuf.duration_pb2.Duration

class google.cloud.securitycenter_v2.types.CloudDlpDataProfile(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

The data profile associated with the finding.

data_profile

Name of the data profile, for example, projects/123/locations/europe/tableProfiles/8383929.

Type

str

parent_type

The resource hierarchy level at which the data profile was generated.

Type

google.cloud.securitycenter_v2.types.CloudDlpDataProfile.ParentType

class ParentType(value)

Bases: proto.enums.Enum

Parents for configurations that produce data profile findings.

Values:

PARENT_TYPE_UNSPECIFIED (0):

Unspecified parent type.

ORGANIZATION (1):

Organization-level configurations.

PROJECT (2):

Project-level configurations.

class google.cloud.securitycenter_v2.types.CloudDlpInspection(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

Details about the Cloud Data Loss Prevention (Cloud DLP) inspection job that produced the finding.

inspect_job

Name of the inspection job, for example, projects/123/locations/europe/dlpJobs/i-8383929.

Type

str

info_type

The type of information (or infoType) found, for example, EMAIL_ADDRESS or STREET_ADDRESS.

Type

str

info_type_count

The number of times Cloud DLP found this infoType within this job and resource.

Type

int

full_scan

Whether Cloud DLP scanned the complete resource or a sampled subset.

Type

bool

class google.cloud.securitycenter_v2.types.CloudLoggingEntry(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

Metadata taken from a Cloud Logging LogEntry

insert_id

A unique identifier for the log entry.

Type

str

log_id

The type of the log (part of log_name. log_name is the resource name of the log to which this log entry belongs). For example: cloudresourcemanager.googleapis.com/activity Note that this field is not URL-encoded, unlike in LogEntry.

Type

str

resource_container

The organization, folder, or project of the monitored resource that produced this log entry.

Type

str

timestamp

The time the event described by the log entry occurred.

Type

google.protobuf.timestamp_pb2.Timestamp

class google.cloud.securitycenter_v2.types.CloudProvider(value)

Bases: proto.enums.Enum

The cloud provider the finding pertains to.

Values:

CLOUD_PROVIDER_UNSPECIFIED (0):

The cloud provider is unspecified.

GOOGLE_CLOUD_PLATFORM (1):

The cloud provider is Google Cloud Platform.

AMAZON_WEB_SERVICES (2):

The cloud provider is Amazon Web Services.

MICROSOFT_AZURE (3):

The cloud provider is Microsoft Azure.

class google.cloud.securitycenter_v2.types.Compliance(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

Contains compliance information about a security standard indicating unmet recommendations.

standard

Industry-wide compliance standards or benchmarks, such as CIS, PCI, and OWASP.

Type

str

version

Version of the standard or benchmark, for example, 1.1

Type

str

ids

Policies within the standard or benchmark, for example, A.12.4.1

Type

MutableSequence[str]

class google.cloud.securitycenter_v2.types.Connection(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

Contains information about the IP connection associated with the finding.

destination_ip

Destination IP address. Not present for sockets that are listening and not connected.

Type

str

destination_port

Destination port. Not present for sockets that are listening and not connected.

Type

int

source_ip

Source IP address.

Type

str

source_port

Source port.

Type

int

protocol

IANA Internet Protocol Number such as TCP(6) and UDP(17).

Type

google.cloud.securitycenter_v2.types.Connection.Protocol

class Protocol(value)

Bases: proto.enums.Enum

IANA Internet Protocol Number such as TCP(6) and UDP(17).

Values:

PROTOCOL_UNSPECIFIED (0):

Unspecified protocol (not HOPOPT).

ICMP (1):

Internet Control Message Protocol.

TCP (6):

Transmission Control Protocol.

UDP (17):

User Datagram Protocol.

GRE (47):

Generic Routing Encapsulation.

ESP (50):

Encap Security Payload.

class google.cloud.securitycenter_v2.types.Contact(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

The email address of a contact.

email

An email address. For example, “person123@company.com”.

Type

str

class google.cloud.securitycenter_v2.types.ContactDetails(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

Details about specific contacts

contacts

A list of contacts

Type

MutableSequence[google.cloud.securitycenter_v2.types.Contact]

class google.cloud.securitycenter_v2.types.Container(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

Container associated with the finding.

name

Name of the container.

Type

str

uri

Container image URI provided when configuring a pod or container. This string can identify a container image version using mutable tags.

Type

str

image_id

Optional container image ID, if provided by the container runtime. Uniquely identifies the container image launched using a container image digest.

Type

str

labels

Container labels, as provided by the container runtime.

Type

MutableSequence[google.cloud.securitycenter_v2.types.Label]

create_time

The time that the container was created.

Type

google.protobuf.timestamp_pb2.Timestamp

class google.cloud.securitycenter_v2.types.CreateBigQueryExportRequest(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

Request message for creating a BigQuery export.

parent

Required. The name of the parent resource of the new BigQuery export. Its format is organizations/[organization_id]/locations/[location_id], folders/[folder_id]/locations/[location_id], or projects/[project_id]/locations/[location_id].

Type

str

big_query_export

Required. The BigQuery export being created.

Type

google.cloud.securitycenter_v2.types.BigQueryExport

big_query_export_id

Required. Unique identifier provided by the client within the parent scope. It must consist of only lowercase letters, numbers, and hyphens, must start with a letter, must end with either a letter or a number, and must be 63 characters or less.

Type

str

class google.cloud.securitycenter_v2.types.CreateFindingRequest(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

Request message for creating a finding.

parent

Required. Resource name of the new finding’s parent. The following list shows some examples of the format: + organizations/[organization_id]/sources/[source_id] + organizations/[organization_id]/sources/[source_id]/locations/[location_id]

Type

str

finding_id

Required. Unique identifier provided by the client within the parent scope. It must be alphanumeric and less than or equal to 32 characters and greater than 0 characters in length.

Type

str

finding

Required. The Finding being created. The name and security_marks will be ignored as they are both output only fields on this resource.

Type

google.cloud.securitycenter_v2.types.Finding

class google.cloud.securitycenter_v2.types.CreateMuteConfigRequest(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

Request message for creating a mute config.

parent

Required. Resource name of the new mute configs’s parent. Its format is organizations/[organization_id]/locations/[location_id], folders/[folder_id]/locations/[location_id], or projects/[project_id]/locations/[location_id].

Type

str

mute_config

Required. The mute config being created.

Type

google.cloud.securitycenter_v2.types.MuteConfig

mute_config_id

Required. Unique identifier provided by the client within the parent scope. It must consist of only lowercase letters, numbers, and hyphens, must start with a letter, must end with either a letter or a number, and must be 63 characters or less.

Type

str

class google.cloud.securitycenter_v2.types.CreateNotificationConfigRequest(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

Request message for creating a notification config.

parent

Required. Resource name of the new notification config’s parent. Its format is organizations/[organization_id]/locations/[location_id], folders/[folder_id]/locations/[location_id], or projects/[project_id]/locations/[location_id].

Type

str

config_id

Required. Unique identifier provided by the client within the parent scope. It must be between 1 and 128 characters and contain alphanumeric characters, underscores, or hyphens only.

Type

str

notification_config

Required. The notification config being created. The name and the service account will be ignored as they are both output only fields on this resource.

Type

google.cloud.securitycenter_v2.types.NotificationConfig

class google.cloud.securitycenter_v2.types.CreateResourceValueConfigRequest(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

Request message to create single resource value config

parent

Required. Resource name of the new ResourceValueConfig’s parent.

Type

str

resource_value_config

Required. The resource value config being created.

Type

google.cloud.securitycenter_v2.types.ResourceValueConfig

class google.cloud.securitycenter_v2.types.CreateSourceRequest(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

Request message for creating a source.

parent

Required. Resource name of the new source’s parent. Its format should be organizations/[organization_id].

Type

str

source

Required. The Source being created, only the display_name and description will be used. All other fields will be ignored.

Type

google.cloud.securitycenter_v2.types.Source

class google.cloud.securitycenter_v2.types.Cve(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

CVE stands for Common Vulnerabilities and Exposures. Information from the CVE record that describes this vulnerability.

id

The unique identifier for the vulnerability. e.g. CVE-2021-34527

Type

str

references

Additional information about the CVE. e.g. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34527

Type

MutableSequence[google.cloud.securitycenter_v2.types.Reference]

cvssv3

Describe Common Vulnerability Scoring System specified at https://www.first.org/cvss/v3.1/specification-document

Type

google.cloud.securitycenter_v2.types.Cvssv3

upstream_fix_available

Whether upstream fix is available for the CVE.

Type

bool

impact

The potential impact of the vulnerability if it was to be exploited.

Type

google.cloud.securitycenter_v2.types.Cve.RiskRating

exploitation_activity

The exploitation activity of the vulnerability in the wild.

Type

google.cloud.securitycenter_v2.types.Cve.ExploitationActivity

observed_in_the_wild

Whether or not the vulnerability has been observed in the wild.

Type

bool

zero_day

Whether or not the vulnerability was zero day when the finding was published.

Type

bool

exploit_release_date

Date the first publicly available exploit or PoC was released.

Type

google.protobuf.timestamp_pb2.Timestamp

class ExploitationActivity(value)

Bases: proto.enums.Enum

The possible values of exploitation activity of the vulnerability in the wild.

Values:

EXPLOITATION_ACTIVITY_UNSPECIFIED (0):

Invalid or empty value.

WIDE (1):

Exploitation has been reported or confirmed to widely occur.

CONFIRMED (2):

Limited reported or confirmed exploitation activities.

AVAILABLE (3):

Exploit is publicly available.

ANTICIPATED (4):

No known exploitation activity, but has a high potential for exploitation.

NO_KNOWN (5):

No known exploitation activity.

class RiskRating(value)

Bases: proto.enums.Enum

The possible values of impact of the vulnerability if it was to be exploited.

Values:

RISK_RATING_UNSPECIFIED (0):

Invalid or empty value.

LOW (1):

Exploitation would have little to no security impact.

MEDIUM (2):

Exploitation would enable attackers to perform activities, or could allow attackers to have a direct impact, but would require additional steps.

HIGH (3):

Exploitation would enable attackers to have a notable direct impact without needing to overcome any major mitigating factors.

CRITICAL (4):

Exploitation would fundamentally undermine the security of affected systems, enable actors to perform significant attacks with minimal effort, with little to no mitigating factors to overcome.

class google.cloud.securitycenter_v2.types.Cvssv3(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

Common Vulnerability Scoring System version 3.

base_score

The base score is a function of the base metric scores.

Type

float

attack_vector

Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments. This metric reflects the context by which vulnerability exploitation is possible.

Type

google.cloud.securitycenter_v2.types.Cvssv3.AttackVector

attack_complexity

This metric describes the conditions beyond the attacker’s control that must exist in order to exploit the vulnerability.

Type

google.cloud.securitycenter_v2.types.Cvssv3.AttackComplexity

privileges_required

This metric describes the level of privileges an attacker must possess before successfully exploiting the vulnerability.

Type

google.cloud.securitycenter_v2.types.Cvssv3.PrivilegesRequired

user_interaction

This metric captures the requirement for a human user, other than the attacker, to participate in the successful compromise of the vulnerable component.

Type

google.cloud.securitycenter_v2.types.Cvssv3.UserInteraction

scope

The Scope metric captures whether a vulnerability in one vulnerable component impacts resources in components beyond its security scope.

Type

google.cloud.securitycenter_v2.types.Cvssv3.Scope

confidentiality_impact

This metric measures the impact to the confidentiality of the information resources managed by a software component due to a successfully exploited vulnerability.

Type

google.cloud.securitycenter_v2.types.Cvssv3.Impact

integrity_impact

This metric measures the impact to integrity of a successfully exploited vulnerability.

Type

google.cloud.securitycenter_v2.types.Cvssv3.Impact

availability_impact

This metric measures the impact to the availability of the impacted component resulting from a successfully exploited vulnerability.

Type

google.cloud.securitycenter_v2.types.Cvssv3.Impact

class AttackComplexity(value)

Bases: proto.enums.Enum

This metric describes the conditions beyond the attacker’s control that must exist in order to exploit the vulnerability.

Values:

ATTACK_COMPLEXITY_UNSPECIFIED (0):

Invalid value.

ATTACK_COMPLEXITY_LOW (1):

Specialized access conditions or extenuating circumstances do not exist. An attacker can expect repeatable success when attacking the vulnerable component.

ATTACK_COMPLEXITY_HIGH (2):

A successful attack depends on conditions beyond the attacker’s control. That is, a successful attack cannot be accomplished at will, but requires the attacker to invest in some measurable amount of effort in preparation or execution against the vulnerable component before a successful attack can be expected.

class AttackVector(value)

Bases: proto.enums.Enum

This metric reflects the context by which vulnerability exploitation is possible.

Values:

ATTACK_VECTOR_UNSPECIFIED (0):

Invalid value.

ATTACK_VECTOR_NETWORK (1):

The vulnerable component is bound to the network stack and the set of possible attackers extends beyond the other options listed below, up to and including the entire Internet.

ATTACK_VECTOR_ADJACENT (2):

The vulnerable component is bound to the network stack, but the attack is limited at the protocol level to a logically adjacent topology.

ATTACK_VECTOR_LOCAL (3):

The vulnerable component is not bound to the network stack and the attacker’s path is via read/write/execute capabilities.

ATTACK_VECTOR_PHYSICAL (4):

The attack requires the attacker to physically touch or manipulate the vulnerable component.

class Impact(value)

Bases: proto.enums.Enum

The Impact metrics capture the effects of a successfully exploited vulnerability on the component that suffers the worst outcome that is most directly and predictably associated with the attack.

Values:

IMPACT_UNSPECIFIED (0):

Invalid value.

IMPACT_HIGH (1):

High impact.

IMPACT_LOW (2):

Low impact.

IMPACT_NONE (3):

No impact.

class PrivilegesRequired(value)

Bases: proto.enums.Enum

This metric describes the level of privileges an attacker must possess before successfully exploiting the vulnerability.

Values:

PRIVILEGES_REQUIRED_UNSPECIFIED (0):

Invalid value.

PRIVILEGES_REQUIRED_NONE (1):

The attacker is unauthorized prior to attack, and therefore does not require any access to settings or files of the vulnerable system to carry out an attack.

PRIVILEGES_REQUIRED_LOW (2):

The attacker requires privileges that provide basic user capabilities that could normally affect only settings and files owned by a user. Alternatively, an attacker with Low privileges has the ability to access only non-sensitive resources.

PRIVILEGES_REQUIRED_HIGH (3):

The attacker requires privileges that provide significant (e.g., administrative) control over the vulnerable component allowing access to component-wide settings and files.

class Scope(value)

Bases: proto.enums.Enum

The Scope metric captures whether a vulnerability in one vulnerable component impacts resources in components beyond its security scope.

Values:

SCOPE_UNSPECIFIED (0):

Invalid value.

SCOPE_UNCHANGED (1):

An exploited vulnerability can only affect resources managed by the same security authority.

SCOPE_CHANGED (2):

An exploited vulnerability can affect resources beyond the security scope managed by the security authority of the vulnerable component.

class UserInteraction(value)

Bases: proto.enums.Enum

This metric captures the requirement for a human user, other than the attacker, to participate in the successful compromise of the vulnerable component.

Values:

USER_INTERACTION_UNSPECIFIED (0):

Invalid value.

USER_INTERACTION_NONE (1):

The vulnerable system can be exploited without interaction from any user.

USER_INTERACTION_REQUIRED (2):

Successful exploitation of this vulnerability requires a user to take some action before the vulnerability can be exploited.

class google.cloud.securitycenter_v2.types.Database(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

Represents database access information, such as queries. A database may be a sub-resource of an instance (as in the case of Cloud SQL instances or Cloud Spanner instances), or the database instance itself. Some database resources might not have the full resource name populated because these resource types, such as Cloud SQL databases, are not yet supported by Cloud Asset Inventory. In these cases only the display name is provided.

name

Some database resources may not have the full resource name populated because these resource types are not yet supported by Cloud Asset Inventory (e.g. Cloud SQL databases). In these cases only the display name will be provided. The full resource name of the database that the user connected to, if it is supported by Cloud Asset Inventory.

Type

str

display_name

The human-readable name of the database that the user connected to.

Type

str

user_name

The username used to connect to the database. The username might not be an IAM principal and does not have a set format.

Type

str

query

The SQL statement that is associated with the database access.

Type

str

grantees

The target usernames, roles, or groups of an SQL privilege grant, which is not an IAM policy change.

Type

MutableSequence[str]

version

The version of the database, for example, POSTGRES_14. See the complete list.

Type

str

class google.cloud.securitycenter_v2.types.DeleteBigQueryExportRequest(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

Request message for deleting a BigQuery export.

name

Required. The name of the BigQuery export to delete. The following list shows some examples of the format:

organizations/{organization}/locations/{location}/bigQueryExports/{export_id}

• folders/{folder}/locations/{location}/bigQueryExports/{export_id}

• projects/{project}/locations/{location}/bigQueryExports/{export_id}

Type

str

class google.cloud.securitycenter_v2.types.DeleteMuteConfigRequest(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

Request message for deleting a mute config. If no location is specified, default is global.

name

Required. Name of the mute config to delete. The following list shows some examples of the format:

• organizations/{organization}/muteConfigs/{config_id}

organizations/{organization}/locations/{location}/muteConfigs/{config_id}

• folders/{folder}/muteConfigs/{config_id}

• folders/{folder}/locations/{location}/muteConfigs/{config_id}

• projects/{project}/muteConfigs/{config_id}

• projects/{project}/locations/{location}/muteConfigs/{config_id}

Type

str

class google.cloud.securitycenter_v2.types.DeleteNotificationConfigRequest(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

Request message for deleting a notification config.

name

Required. Name of the notification config to delete. The following list shows some examples of the format:

organizations/[organization_id]/locations/[location_id]/notificationConfigs/[config_id] + folders/[folder_id]/locations/[location_id]notificationConfigs/[config_id] + projects/[project_id]/locations/[location_id]notificationConfigs/[config_id]

Type

str

class google.cloud.securitycenter_v2.types.DeleteResourceValueConfigRequest(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

Request message to delete resource value config

name

Required. Name of the ResourceValueConfig to delete

Type

str

class google.cloud.securitycenter_v2.types.EnvironmentVariable(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

A name-value pair representing an environment variable used in an operating system process.

name

Environment variable name as a JSON encoded string.

Type

str

val

Environment variable value as a JSON encoded string.

Type

str

class google.cloud.securitycenter_v2.types.ExfilResource(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

Resource where data was exfiltrated from or exfiltrated to.

name

The resource’s full resource name.

Type

str

components

Subcomponents of the asset that was exfiltrated, like URIs used during exfiltration, table names, databases, and filenames. For example, multiple tables might have been exfiltrated from the same Cloud SQL instance, or multiple files might have been exfiltrated from the same Cloud Storage bucket.

Type

MutableSequence[str]

class google.cloud.securitycenter_v2.types.Exfiltration(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

Exfiltration represents a data exfiltration attempt from one or more sources to one or more targets. The sources attribute lists the sources of the exfiltrated data. The targets attribute lists the destinations the data was copied to.

sources

If there are multiple sources, then the data is considered “joined” between them. For instance, BigQuery can join multiple tables, and each table would be considered a source.

Type

MutableSequence[google.cloud.securitycenter_v2.types.ExfilResource]

targets

If there are multiple targets, each target would get a complete copy of the “joined” source data.

Type

MutableSequence[google.cloud.securitycenter_v2.types.ExfilResource]

total_exfiltrated_bytes

Total exfiltrated bytes processed for the entire job.

Type

int

class google.cloud.securitycenter_v2.types.ExternalSystem(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

Representation of third party SIEM/SOAR fields within SCC.

name

Full resource name of the external system. The following list shows some examples:

• organizations/1234/sources/5678/findings/123456/externalSystems/jira

organizations/1234/sources/5678/locations/us/findings/123456/externalSystems/jira

• folders/1234/sources/5678/findings/123456/externalSystems/jira

folders/1234/sources/5678/locations/us/findings/123456/externalSystems/jira

• projects/1234/sources/5678/findings/123456/externalSystems/jira

projects/1234/sources/5678/locations/us/findings/123456/externalSystems/jira

Type

str

assignees

References primary/secondary etc assignees in the external system.

Type

MutableSequence[str]

external_uid

The identifier that’s used to track the finding’s corresponding case in the external system.

Type

str

status

The most recent status of the finding’s corresponding case, as reported by the external system.

Type

str

external_system_update_time

The time when the case was last updated, as reported by the external system.

Type

google.protobuf.timestamp_pb2.Timestamp

case_uri

The link to the finding’s corresponding case in the external system.

Type

str

case_priority

The priority of the finding’s corresponding case in the external system.

Type

str

case_sla

The SLA of the finding’s corresponding case in the external system.

Type

google.protobuf.timestamp_pb2.Timestamp

case_create_time

The time when the case was created, as reported by the external system.

Type

google.protobuf.timestamp_pb2.Timestamp

case_close_time

The time when the case was closed, as reported by the external system.

Type

google.protobuf.timestamp_pb2.Timestamp

ticket_info

Information about the ticket, if any, that is being used to track the resolution of the issue that is identified by this finding.

Type

google.cloud.securitycenter_v2.types.ExternalSystem.TicketInfo

class TicketInfo(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

Information about the ticket, if any, that is being used to track the resolution of the issue that is identified by this finding.

id

The identifier of the ticket in the ticket system.

Type

str

assignee

The assignee of the ticket in the ticket system.

Type

str

description

The description of the ticket in the ticket system.

Type

str

uri

The link to the ticket in the ticket system.

Type

str

status

The latest status of the ticket, as reported by the ticket system.

Type

str

update_time

The time when the ticket was last updated, as reported by the ticket system.

Type

google.protobuf.timestamp_pb2.Timestamp

class google.cloud.securitycenter_v2.types.File(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

File information about the related binary/library used by an executable, or the script used by a script interpreter

path

Absolute path of the file as a JSON encoded string.

Type

str

size

Size of the file in bytes.

Type

int

sha256

SHA256 hash of the first hashed_size bytes of the file encoded as a hex string. If hashed_size == size, sha256 represents the SHA256 hash of the entire file.

Type

str

hashed_size

The length in bytes of the file prefix that was hashed. If hashed_size == size, any hashes reported represent the entire file.

Type

int

partially_hashed

True when the hash covers only a prefix of the file.

Type

bool

contents

Prefix of the file contents as a JSON-encoded string.

Type

str

disk_path

Path of the file in terms of underlying disk/partition identifiers.

Type

google.cloud.securitycenter_v2.types.File.DiskPath

class DiskPath(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

Path of the file in terms of underlying disk/partition identifiers.

partition_uuid

UUID of the partition (format https://wiki.archlinux.org/title/persistent_block_device_naming#by-uuid)

Type

str

relative_path

Relative path of the file in the partition as a JSON encoded string. Example: /home/user1/executable_file.sh

Type

str

class google.cloud.securitycenter_v2.types.Finding(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

Security Command Center finding.

A finding is a record of assessment data like security, risk, health, or privacy, that is ingested into Security Command Center for presentation, notification, analysis, policy testing, and enforcement. For example, a cross-site scripting (XSS) vulnerability in an App Engine application is a finding.

name

The relative resource name of the finding. The following list shows some examples:

organizations/{organization_id}/sources/{source_id}/findings/{finding_id} + organizations/{organization_id}/sources/{source_id}/locations/{location_id}/findings/{finding_id}

• folders/{folder_id}/sources/{source_id}/findings/{finding_id}

folders/{folder_id}/sources/{source_id}/locations/{location_id}/findings/{finding_id}

• projects/{project_id}/sources/{source_id}/findings/{finding_id}

projects/{project_id}/sources/{source_id}/locations/{location_id}/findings/{finding_id}

Type

str

canonical_name

Output only. The canonical name of the finding. The following list shows some examples:

organizations/{organization_id}/sources/{source_id}/findings/{finding_id} + organizations/{organization_id}/sources/{source_id}/locations/{location_id}/findings/{finding_id}

• folders/{folder_id}/sources/{source_id}/findings/{finding_id}

folders/{folder_id}/sources/{source_id}/locations/{location_id}/findings/{finding_id}

• projects/{project_id}/sources/{source_id}/findings/{finding_id}

projects/{project_id}/sources/{source_id}/locations/{location_id}/findings/{finding_id}

The prefix is the closest CRM ancestor of the resource associated with the finding.

Type

str

parent

The relative resource name of the source and location the finding belongs to. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name This field is immutable after creation time. The following list shows some examples:

• organizations/{organization_id}/sources/{source_id}

• folders/{folders_id}/sources/{source_id}

• projects/{projects_id}/sources/{source_id}

organizations/{organization_id}/sources/{source_id}/locations/{location_id}

• folders/{folders_id}/sources/{source_id}/locations/{location_id}

• projects/{projects_id}/sources/{source_id}/locations/{location_id}

Type

str

resource_name

Immutable. For findings on Google Cloud resources, the full resource name of the Google Cloud resource this finding is for. See: https://cloud.google.com/apis/design/resource_names#full_resource_name When the finding is for a non-Google Cloud resource, the resourceName can be a customer or partner defined string.

Type

str

state

Output only. The state of the finding.

Type

google.cloud.securitycenter_v2.types.Finding.State

category

Immutable. The additional taxonomy group within findings from a given source. Example: “XSS_FLASH_INJECTION”.

Type

str

external_uri

The URI that, if available, points to a web page outside of Security Command Center where additional information about the finding can be found. This field is guaranteed to be either empty or a well formed URL.

Type

str

source_properties

Source specific properties. These properties are managed by the source that writes the finding. The key names in the source_properties map must be between 1 and 255 characters, and must start with a letter and contain alphanumeric characters or underscores only.

Type

MutableMapping[str, google.protobuf.struct_pb2.Value]

security_marks

Output only. User specified security marks. These marks are entirely managed by the user and come from the SecurityMarks resource that belongs to the finding.

Type

google.cloud.securitycenter_v2.types.SecurityMarks

event_time

The time the finding was first detected. If an existing finding is updated, then this is the time the update occurred. For example, if the finding represents an open firewall, this property captures the time the detector believes the firewall became open. The accuracy is determined by the detector. If the finding is later resolved, then this time reflects when the finding was resolved. This must not be set to a value greater than the current timestamp.

Type

google.protobuf.timestamp_pb2.Timestamp

create_time

Output only. The time at which the finding was created in Security Command Center.

Type

google.protobuf.timestamp_pb2.Timestamp

severity

The severity of the finding. This field is managed by the source that writes the finding.

Type

google.cloud.securitycenter_v2.types.Finding.Severity

mute

Indicates the mute state of a finding (either muted, unmuted or undefined). Unlike other attributes of a finding, a finding provider shouldn’t set the value of mute.

Type

google.cloud.securitycenter_v2.types.Finding.Mute

mute_info

Output only. The mute information regarding this finding.

Type

google.cloud.securitycenter_v2.types.Finding.MuteInfo

finding_class

The class of the finding.

Type

google.cloud.securitycenter_v2.types.Finding.FindingClass

indicator

Represents what’s commonly known as an indicator of compromise (IoC) in computer forensics. This is an artifact observed on a network or in an operating system that, with high confidence, indicates a computer intrusion. For more information, see Indicator of compromise.

Type

google.cloud.securitycenter_v2.types.Indicator

vulnerability

Represents vulnerability-specific fields like CVE and CVSS scores. CVE stands for Common Vulnerabilities and Exposures (https://cve.mitre.org/about/)

Type

google.cloud.securitycenter_v2.types.Vulnerability

mute_update_time

Output only. The most recent time this finding was muted or unmuted.

Type

google.protobuf.timestamp_pb2.Timestamp

external_systems

Output only. Third party SIEM/SOAR fields within SCC, contains external system information and external system finding fields.

Type

MutableMapping[str, google.cloud.securitycenter_v2.types.ExternalSystem]

mitre_attack

MITRE ATT&CK tactics and techniques related to this finding. See: https://attack.mitre.org

Type

google.cloud.securitycenter_v2.types.MitreAttack

access

Access details associated with the finding, such as more information on the caller, which method was accessed, and from where.

Type

google.cloud.securitycenter_v2.types.Access

connections

Contains information about the IP connection associated with the finding.

Type

MutableSequence[google.cloud.securitycenter_v2.types.Connection]

mute_initiator

Records additional information about the mute operation, for example, the mute configuration that muted the finding and the user who muted the finding.

Type

str

processes

Represents operating system processes associated with the Finding.

Type

MutableSequence[google.cloud.securitycenter_v2.types.Process]

contacts

Output only. Map containing the points of contact for the given finding. The key represents the type of contact, while the value contains a list of all the contacts that pertain. Please refer to: https://cloud.google.com/resource-manager/docs/managing-notification-contacts#notification-categories

{
  "security": {
    "contacts": [
      {
        "email": "person1@company.com"
      },
      {
        "email": "person2@company.com"
      }
    ]
  }
}

Type

MutableMapping[str, google.cloud.securitycenter_v2.types.ContactDetails]

compliances

Contains compliance information for security standards associated to the finding.

Type

MutableSequence[google.cloud.securitycenter_v2.types.Compliance]

parent_display_name

Output only. The human readable display name of the finding source such as “Event Threat Detection” or “Security Health Analytics”.

Type

str

description

Contains more details about the finding.

Type

str

exfiltration

Represents exfiltrations associated with the finding.

Type

google.cloud.securitycenter_v2.types.Exfiltration

iam_bindings

Represents IAM bindings associated with the finding.

Type

MutableSequence[google.cloud.securitycenter_v2.types.IamBinding]

next_steps

Steps to address the finding.

Type

str

module_name

Unique identifier of the module which generated the finding. Example:

folders/598186756061/securityHealthAnalyticsSettings/customModules/56799441161885

Type

str

containers

Containers associated with the finding. This field provides information for both Kubernetes and non-Kubernetes containers.

Type

MutableSequence[google.cloud.securitycenter_v2.types.Container]

kubernetes

Kubernetes resources associated with the finding.

Type

google.cloud.securitycenter_v2.types.Kubernetes

database

Database associated with the finding.

Type

google.cloud.securitycenter_v2.types.Database

attack_exposure

The results of an attack path simulation relevant to this finding.

Type

google.cloud.securitycenter_v2.types.AttackExposure

files

File associated with the finding.

Type

MutableSequence[google.cloud.securitycenter_v2.types.File]

cloud_dlp_inspection

Cloud Data Loss Prevention (Cloud DLP) inspection results that are associated with the finding.

Type

google.cloud.securitycenter_v2.types.CloudDlpInspection

cloud_dlp_data_profile

Cloud DLP data profile that is associated with the finding.

Type

google.cloud.securitycenter_v2.types.CloudDlpDataProfile

kernel_rootkit

Signature of the kernel rootkit.

Type

google.cloud.securitycenter_v2.types.KernelRootkit

org_policies

Contains information about the org policies associated with the finding.

Type

MutableSequence[google.cloud.securitycenter_v2.types.OrgPolicy]

application

Represents an application associated with the finding.

Type

google.cloud.securitycenter_v2.types.Application

backup_disaster_recovery

Fields related to Backup and DR findings.

Type

google.cloud.securitycenter_v2.types.BackupDisasterRecovery

security_posture

The security posture associated with the finding.

Type

google.cloud.securitycenter_v2.types.SecurityPosture

log_entries

Log entries that are relevant to the finding.

Type

MutableSequence[google.cloud.securitycenter_v2.types.LogEntry]

load_balancers

The load balancers associated with the finding.

Type

MutableSequence[google.cloud.securitycenter_v2.types.LoadBalancer]

cloud_armor

Fields related to Cloud Armor findings.

Type

google.cloud.securitycenter_v2.types.CloudArmor

notebook

Notebook associated with the finding.

Type

google.cloud.securitycenter_v2.types.Notebook

toxic_combination

Contains details about a group of security issues that, when the issues occur together, represent a greater risk than when the issues occur independently. A group of such issues is referred to as a toxic combination. This field cannot be updated. Its value is ignored in all update requests.

Type

google.cloud.securitycenter_v2.types.ToxicCombination

group_memberships

Contains details about groups of which this finding is a member. A group is a collection of findings that are related in some way. This field cannot be updated. Its value is ignored in all update requests.

Type

MutableSequence[google.cloud.securitycenter_v2.types.GroupMembership]

class ContactsEntry(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

class ExternalSystemsEntry(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

class FindingClass(value)

Bases: proto.enums.Enum

Represents what kind of Finding it is.

Values:

FINDING_CLASS_UNSPECIFIED (0):

Unspecified finding class.

THREAT (1):

Describes unwanted or malicious activity.

VULNERABILITY (2):

Describes a potential weakness in software that increases risk to Confidentiality & Integrity & Availability.

MISCONFIGURATION (3):

Describes a potential weakness in cloud resource/asset configuration that increases risk.

OBSERVATION (4):

Describes a security observation that is for informational purposes.

SCC_ERROR (5):

Describes an error that prevents some SCC functionality.

POSTURE_VIOLATION (6):

Describes a potential security risk due to a change in the security posture.

TOXIC_COMBINATION (7):

Describes a combination of security issues that represent a more severe security problem when taken together.

class Mute(value)

Bases: proto.enums.Enum

Mute state a finding can be in.

Values:

MUTE_UNSPECIFIED (0):

Unspecified.

MUTED (1):

Finding has been muted.

UNMUTED (2):

Finding has been unmuted.

UNDEFINED (3):

Finding has never been muted/unmuted.

class MuteInfo(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

Mute information about the finding, including whether the finding has a static mute or any matching dynamic mute rules.

static_mute

If set, the static mute applied to this finding. Static mutes override dynamic mutes. If unset, there is no static mute.

Type

google.cloud.securitycenter_v2.types.Finding.MuteInfo.StaticMute

dynamic_mute_records

The list of dynamic mute rules that currently match the finding.

Type

MutableSequence[google.cloud.securitycenter_v2.types.Finding.MuteInfo.DynamicMuteRecord]

class DynamicMuteRecord(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

The record of a dynamic mute rule that matches the finding.

mute_config

The relative resource name of the mute rule, represented by a mute config, that created this record, for example organizations/123/muteConfigs/mymuteconfig or organizations/123/locations/global/muteConfigs/mymuteconfig.

Type

str

match_time

When the dynamic mute rule first matched the finding.

Type

google.protobuf.timestamp_pb2.Timestamp

class StaticMute(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

Information about the static mute state. A static mute state overrides any dynamic mute rules that apply to this finding. The static mute state can be set by a static mute rule or by muting the finding directly.

state

The static mute state. If the value is MUTED or UNMUTED, then the finding’s overall mute state will have the same value.

Type

google.cloud.securitycenter_v2.types.Finding.Mute

apply_time

When the static mute was applied.

Type

google.protobuf.timestamp_pb2.Timestamp

class Severity(value)

Bases: proto.enums.Enum

The severity of the finding.

Values:

SEVERITY_UNSPECIFIED (0):

This value is used for findings when a source doesn’t write a severity value.

CRITICAL (1):

Vulnerability:

A critical vulnerability is easily discoverable by an external actor, exploitable, and results in the direct ability to execute arbitrary code, exfiltrate data, and otherwise gain additional access and privileges to cloud resources and workloads. Examples include publicly accessible unprotected user data and public SSH access with weak or no passwords.

Threat:

Indicates a threat that is able to access, modify, or delete data or execute unauthorized code within existing resources.

HIGH (2):

Vulnerability:

A high risk vulnerability can be easily discovered and exploited in combination with other vulnerabilities in order to gain direct access and the ability to execute arbitrary code, exfiltrate data, and otherwise gain additional access and privileges to cloud resources and workloads. An example is a database with weak or no passwords that is only accessible internally. This database could easily be compromised by an actor that had access to the internal network.

Threat:

Indicates a threat that is able to create new computational resources in an environment but not able to access data or execute code in existing resources.

MEDIUM (3):

Vulnerability:

A medium risk vulnerability could be used by an actor to gain access to resources or privileges that enable them to eventually (through multiple steps or a complex exploit) gain access and the ability to execute arbitrary code or exfiltrate data. An example is a service account with access to more projects than it should have. If an actor gains access to the service account, they could potentially use that access to manipulate a project the service account was not intended to.

Threat:

Indicates a threat that is able to cause operational impact but may not access data or execute unauthorized code.

LOW (4):

Vulnerability:

A low risk vulnerability hampers a security organization’s ability to detect vulnerabilities or active threats in their deployment, or prevents the root cause investigation of security issues. An example is monitoring and logs being disabled for resource configurations and access.

Threat:

Indicates a threat that has obtained minimal access to an environment but is not able to access data, execute code, or create resources.

class SourcePropertiesEntry(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

class State(value)

Bases: proto.enums.Enum

The state of the finding.

Values:

STATE_UNSPECIFIED (0):

Unspecified state.

ACTIVE (1):

The finding requires attention and has not been addressed yet.

INACTIVE (2):

The finding has been fixed, triaged as a non-issue or otherwise addressed and is no longer active.

class google.cloud.securitycenter_v2.types.Folder(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

Message that contains the resource name and display name of a folder resource.

resource_folder

Full resource name of this folder. See: https://cloud.google.com/apis/design/resource_names#full_resource_name

Type

str

resource_folder_display_name

The user defined display name for this folder.

Type

str

class google.cloud.securitycenter_v2.types.GcpMetadata(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

GCP metadata associated with the resource, only applicable if the finding’s cloud provider is Google Cloud Platform.

project

The full resource name of project that the resource belongs to.

Type

str

project_display_name

The project ID that the resource belongs to.

Type

str

parent

The full resource name of resource’s parent.

Type

str

parent_display_name

The human readable name of resource’s parent.

Type

str

folders

Output only. Contains a Folder message for each folder in the assets ancestry. The first folder is the deepest nested folder, and the last folder is the folder directly under the Organization.

Type

MutableSequence[google.cloud.securitycenter_v2.types.Folder]

organization

The name of the organization that the resource belongs to.

Type

str

class google.cloud.securitycenter_v2.types.Geolocation(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

Represents a geographical location for a given access.

region_code

A CLDR.

Type

str

class google.cloud.securitycenter_v2.types.GetBigQueryExportRequest(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

Request message for retrieving a BigQuery export.

name

Required. Name of the BigQuery export to retrieve. The following list shows some examples of the format:

organizations/{organization}/locations/{location}/bigQueryExports/{export_id}

• folders/{folder}/locations/{location}/bigQueryExports/{export_id}

• projects/{project}locations/{location}//bigQueryExports/{export_id}

Type

str

class google.cloud.securitycenter_v2.types.GetMuteConfigRequest(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

Request message for retrieving a mute config. If no location is specified, default is global.

name

Required. Name of the mute config to retrieve. The following list shows some examples of the format:

• organizations/{organization}/muteConfigs/{config_id}

organizations/{organization}/locations/{location}/muteConfigs/{config_id}

• folders/{folder}/muteConfigs/{config_id}

• folders/{folder}/locations/{location}/muteConfigs/{config_id}

• projects/{project}/muteConfigs/{config_id}

• projects/{project}/locations/{location}/muteConfigs/{config_id}

Type

str

class google.cloud.securitycenter_v2.types.GetNotificationConfigRequest(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

Request message for getting a notification config.

name

Required. Name of the notification config to get. The following list shows some examples of the format:

organizations/[organization_id]/locations/[location_id]/notificationConfigs/[config_id] + folders/[folder_id]/locations/[location_id]/notificationConfigs/[config_id] + projects/[project_id]/locations/[location_id]/notificationConfigs/[config_id]

Type

str

class google.cloud.securitycenter_v2.types.GetResourceValueConfigRequest(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

Request message to get resource value config

name

Required. Name of the resource value config to retrieve. Its format is organizations/{organization}/resourceValueConfigs/{config_id}.

Type

str

class google.cloud.securitycenter_v2.types.GetSimulationRequest(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

Request message for getting simulation. Simulation name can include “latest” to retrieve the latest simulation For example, “organizations/123/simulations/latest”

name

Required. The organization name or simulation name of this simulation

Valid format: organizations/{organization}/simulations/latest organizations/{organization}/simulations/{simulation}

Type

str

class google.cloud.securitycenter_v2.types.GetSourceRequest(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

Request message for getting a source.

name

Required. Relative resource name of the source. Its format is organizations/[organization_id]/source/[source_id].

Type

str

class google.cloud.securitycenter_v2.types.GetValuedResourceRequest(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

Request message for getting a valued resource.

name

Required. The name of this valued resource

Valid format: organizations/{organization}/simulations/{simulation}/valuedResources/{valued_resource}

Type

str

class google.cloud.securitycenter_v2.types.GroupFindingsRequest(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

Request message for grouping by findings.

parent

Required. Name of the source to groupBy. If no location is specified, finding is assumed to be in global. The following list shows some examples:

• organizations/[organization_id]/sources/[source_id]

organizations/[organization_id]/sources/[source_id]/locations/[location_id]

• folders/[folder_id]/sources/[source_id]

• folders/[folder_id]/sources/[source_id]/locations/[location_id]

• projects/[project_id]/sources/[source_id]

• projects/[project_id]/sources/[source_id]/locations/[location_id]

To groupBy across all sources provide a source_id of -. The following list shows some examples:

• organizations/{organization_id}/sources/-

• organizations/{organization_id}/sources/-/locations/[location_id]

• folders/{folder_id}/sources/-

• folders/{folder_id}/sources/-/locations/[location_id]

• projects/{project_id}/sources/-

• projects/{project_id}/sources/-/locations/[location_id]

Type

str

filter

Expression that defines the filter to apply across findings. The expression is a list of one or more restrictions combined via logical operators AND and OR. Parentheses are supported, and OR has higher precedence than AND.

Restrictions have the form <field> <operator> <value> and may have a - character in front of them to indicate negation. Examples include:

• name

• security_marks.marks.marka

The supported operators are:

• = for all value types.

• >, <, >=, <= for integer values.

• :, meaning substring matching, for strings.

The supported value types are:

• string literals in quotes.

• integer literals without quotes.

• boolean literals true and false without quotes.

The following field and operator combinations are supported:

• name: =

• parent: =, :

• resource_name: =, :

• state: =, :

• category: =, :

• external_uri: =, :

• event_time: =, >, <, >=, <=

  Usage: This should be milliseconds since epoch or an RFC3339 string. Examples: event_time = "2019-06-10T16:07:18-07:00" event_time = 1560208038000

• severity: =, :

• security_marks.marks: =, :

• resource:

  • resource.name: =, :

  • resource.parent_name: =, :

  • resource.parent_display_name: =, :

  • resource.project_name: =, :

  • resource.project_display_name: =, :

  • resource.type: =, :

Type

str

group_by

Required. Expression that defines what assets fields to use for grouping. The string value should follow SQL syntax: comma separated list of fields. For example: “parent,resource_name”.

Type

str

page_token

The value returned by the last GroupFindingsResponse; indicates that this is a continuation of a prior GroupFindings call, and that the system should return the next page of data.

Type

str

page_size

The maximum number of results to return in a single response. Default is 10, minimum is 1, maximum is 1000.

Type

int

class google.cloud.securitycenter_v2.types.GroupFindingsResponse(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

Response message for group by findings.

group_by_results

Group results. There exists an element for each existing unique combination of property/values. The element contains a count for the number of times those specific property/values appear.

Type

MutableSequence[google.cloud.securitycenter_v2.types.GroupResult]

next_page_token

Token to retrieve the next page of results, or empty if there are no more results.

Type

str

total_size

The total number of results matching the query.

Type

int

class google.cloud.securitycenter_v2.types.GroupMembership(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

Contains details about groups of which this finding is a member. A group is a collection of findings that are related in some way.

group_type

Type of group.

Type

google.cloud.securitycenter_v2.types.GroupMembership.GroupType

group_id

ID of the group.

Type

str

class GroupType(value)

Bases: proto.enums.Enum

Possible types of groups.

Values:

GROUP_TYPE_UNSPECIFIED (0):

Default value.

GROUP_TYPE_TOXIC_COMBINATION (1):

Group represents a toxic combination.

class google.cloud.securitycenter_v2.types.GroupResult(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

Result containing the properties and count of a groupBy request.

properties

Properties matching the groupBy fields in the request.

Type

MutableMapping[str, google.protobuf.struct_pb2.Value]

count

Total count of resources for the given properties.

Type

int

class PropertiesEntry(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

class google.cloud.securitycenter_v2.types.IamBinding(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

Represents a particular IAM binding, which captures a member’s role addition, removal, or state.

action

The action that was performed on a Binding.

Type

google.cloud.securitycenter_v2.types.IamBinding.Action

role

Role that is assigned to “members”. For example, “roles/viewer”, “roles/editor”, or “roles/owner”.

Type

str

member

A single identity requesting access for a Cloud Platform resource, for example, “foo@google.com”.

Type

str

class Action(value)

Bases: proto.enums.Enum

The type of action performed on a Binding in a policy.

Values:

ACTION_UNSPECIFIED (0):

Unspecified.

ADD (1):

Addition of a Binding.

REMOVE (2):

Removal of a Binding.

class google.cloud.securitycenter_v2.types.Indicator(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

Represents what’s commonly known as an indicator of compromise (IoC) in computer forensics. This is an artifact observed on a network or in an operating system that, with high confidence, indicates a computer intrusion. For more information, see Indicator of compromise.

ip_addresses

The list of IP addresses that are associated with the finding.

Type

MutableSequence[str]

domains

List of domains associated to the Finding.

Type

MutableSequence[str]

signatures

The list of matched signatures indicating that the given process is present in the environment.

Type

MutableSequence[google.cloud.securitycenter_v2.types.Indicator.ProcessSignature]

uris

The list of URIs associated to the Findings.

Type

MutableSequence[str]

class ProcessSignature(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

Indicates what signature matched this process.

This message has oneof fields (mutually exclusive fields). For each oneof, at most one member field can be set at the same time. Setting any member of the oneof automatically clears all other members.

memory_hash_signature

Signature indicating that a binary family was matched.

This field is a member of oneof signature.

Type

google.cloud.securitycenter_v2.types.Indicator.ProcessSignature.MemoryHashSignature

yara_rule_signature

Signature indicating that a YARA rule was matched.

This field is a member of oneof signature.

Type

google.cloud.securitycenter_v2.types.Indicator.ProcessSignature.YaraRuleSignature

signature_type

Describes the type of resource associated with the signature.

Type

google.cloud.securitycenter_v2.types.Indicator.ProcessSignature.SignatureType

class MemoryHashSignature(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

A signature corresponding to memory page hashes.

binary_family

The binary family.

Type

str

detections

The list of memory hash detections contributing to the binary family match.

Type

MutableSequence[google.cloud.securitycenter_v2.types.Indicator.ProcessSignature.MemoryHashSignature.Detection]

class Detection(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

Memory hash detection contributing to the binary family match.

binary

The name of the binary associated with the memory hash signature detection.

Type

str

percent_pages_matched

The percentage of memory page hashes in the signature that were matched.

Type

float

class SignatureType(value)

Bases: proto.enums.Enum

Possible resource types to be associated with a signature.

Values:

SIGNATURE_TYPE_UNSPECIFIED (0):

The default signature type.

SIGNATURE_TYPE_PROCESS (1):

Used for signatures concerning processes.

SIGNATURE_TYPE_FILE (2):

Used for signatures concerning disks.

class YaraRuleSignature(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

A signature corresponding to a YARA rule.

yara_rule

The name of the YARA rule.

Type

str

class google.cloud.securitycenter_v2.types.KernelRootkit(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

Kernel mode rootkit signatures.

name

Rootkit name, when available.

Type

str

unexpected_code_modification

True if unexpected modifications of kernel code memory are present.

Type

bool

unexpected_read_only_data_modification

True if unexpected modifications of kernel read-only data memory are present.

Type

bool

unexpected_ftrace_handler

True if ftrace points are present with callbacks pointing to regions that are not in the expected kernel or module code range.

Type

bool

unexpected_kprobe_handler

True if kprobe points are present with callbacks pointing to regions that are not in the expected kernel or module code range.

Type

bool

unexpected_kernel_code_pages

True if kernel code pages that are not in the expected kernel or module code regions are present.

Type

bool

unexpected_system_call_handler

True if system call handlers that are are not in the expected kernel or module code regions are present.

Type

bool

unexpected_interrupt_handler

True if interrupt handlers that are are not in the expected kernel or module code regions are present.

Type

bool

unexpected_processes_in_runqueue

True if unexpected processes in the scheduler run queue are present. Such processes are in the run queue, but not in the process task list.

Type

bool

class google.cloud.securitycenter_v2.types.Kubernetes(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

Kubernetes-related attributes.

pods

Kubernetes Pods associated with the finding. This field contains Pod records for each container that is owned by a Pod.

Type

MutableSequence[google.cloud.securitycenter_v2.types.Kubernetes.Pod]

nodes

Provides Kubernetes node information.

Type

MutableSequence[google.cloud.securitycenter_v2.types.Kubernetes.Node]

node_pools

GKE node pools associated with the finding. This field contains node pool information for each node, when it is available.

Type

MutableSequence[google.cloud.securitycenter_v2.types.Kubernetes.NodePool]

roles

Provides Kubernetes role information for findings that involve Roles or ClusterRoles.

Type

MutableSequence[google.cloud.securitycenter_v2.types.Kubernetes.Role]

bindings

Provides Kubernetes role binding information for findings that involve RoleBindings or ClusterRoleBindings.

Type

MutableSequence[google.cloud.securitycenter_v2.types.Kubernetes.Binding]

access_reviews

Provides information on any Kubernetes access reviews (privilege checks) relevant to the finding.

Type

MutableSequence[google.cloud.securitycenter_v2.types.Kubernetes.AccessReview]

objects

Kubernetes objects related to the finding.

Type

MutableSequence[google.cloud.securitycenter_v2.types.Kubernetes.Object]

class AccessReview(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

Conveys information about a Kubernetes access review (such as one returned by a `kubectl auth can-i <https://kubernetes.io/docs/reference/access-authn-authz/authorization/#checking-api-access>`__ command) that was involved in a finding.

group

The API group of the resource. “*” means all.

Type

str

ns

Namespace of the action being requested. Currently, there is no distinction between no namespace and all namespaces. Both are represented by “” (empty).

Type

str

name

The name of the resource being requested. Empty means all.

Type

str

resource

The optional resource type requested. “*” means all.

Type

str

subresource

The optional subresource type.

Type

str

verb

A Kubernetes resource API verb, like get, list, watch, create, update, delete, proxy. “*” means all.

Type

str

version

The API version of the resource. “*” means all.

Type

str

class Binding(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

Represents a Kubernetes RoleBinding or ClusterRoleBinding.

ns

Namespace for the binding.

Type

str

name

Name for the binding.

Type

str

role

The Role or ClusterRole referenced by the binding.

Type

google.cloud.securitycenter_v2.types.Kubernetes.Role

subjects

Represents one or more subjects that are bound to the role. Not always available for PATCH requests.

Type

MutableSequence[google.cloud.securitycenter_v2.types.Kubernetes.Subject]

class Node(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

Kubernetes nodes associated with the finding.

name

Full resource name of the Compute Engine VM running the cluster node.

Type

str

class NodePool(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

Provides GKE node pool information.

name

Kubernetes node pool name.

Type

str

nodes

Nodes associated with the finding.

Type

MutableSequence[google.cloud.securitycenter_v2.types.Kubernetes.Node]

class Object(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

Kubernetes object related to the finding, uniquely identified by GKNN. Used if the object Kind is not one of Pod, Node, NodePool, Binding, or AccessReview.

group

Kubernetes object group, such as “policy.k8s.io/v1”.

Type

str

kind

Kubernetes object kind, such as “Namespace”.

Type

str

ns

Kubernetes object namespace. Must be a valid DNS label. Named “ns” to avoid collision with C++ namespace keyword. For details see https://kubernetes.io/docs/tasks/administer-cluster/namespaces/.

Type

str

name

Kubernetes object name. For details see https://kubernetes.io/docs/concepts/overview/working-with-objects/names/.

Type

str

containers

Pod containers associated with this finding, if any.

Type

MutableSequence[google.cloud.securitycenter_v2.types.Container]

class Pod(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

A Kubernetes Pod.

ns

Kubernetes Pod namespace.

Type

str

name

Kubernetes Pod name.

Type

str

labels

Pod labels. For Kubernetes containers, these are applied to the container.

Type

MutableSequence[google.cloud.securitycenter_v2.types.Label]

containers

Pod containers associated with this finding, if any.

Type

MutableSequence[google.cloud.securitycenter_v2.types.Container]

class Role(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

Kubernetes Role or ClusterRole.

kind

Role type.

Type

google.cloud.securitycenter_v2.types.Kubernetes.Role.Kind

ns

Role namespace.

Type

str

name

Role name.

Type

str

class Kind(value)

Bases: proto.enums.Enum

Types of Kubernetes roles.

Values:

KIND_UNSPECIFIED (0):

Role type is not specified.

ROLE (1):

Kubernetes Role.

CLUSTER_ROLE (2):

Kubernetes ClusterRole.

class Subject(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

Represents a Kubernetes subject.

kind

Authentication type for the subject.

Type

google.cloud.securitycenter_v2.types.Kubernetes.Subject.AuthType

ns

Namespace for the subject.

Type

str

name

Name for the subject.

Type

str

class AuthType(value)

Bases: proto.enums.Enum

Auth types that can be used for the subject’s kind field.

Values:

AUTH_TYPE_UNSPECIFIED (0):

Authentication is not specified.

USER (1):

User with valid certificate.

SERVICEACCOUNT (2):

Users managed by Kubernetes API with credentials stored as secrets.

GROUP (3):

Collection of users.

class google.cloud.securitycenter_v2.types.Label(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

Represents a generic name-value label. A label has separate name and value fields to support filtering with the contains() function. For more information, see Filtering on array-type fields.

name

Name of the label.

Type

str

value

Value that corresponds to the label’s name.

Type

str

class google.cloud.securitycenter_v2.types.ListAttackPathsRequest(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

Request message for listing the attack paths for a given simulation or valued resource.

parent

Required. Name of parent to list attack paths.

Valid formats: organizations/{organization}, organizations/{organization}/simulations/{simulation} organizations/{organization}/simulations/{simulation}/attackExposureResults/{attack_exposure_result_v2} organizations/{organization}/simulations/{simulation}/valuedResources/{valued_resource}

Type

str

filter

The filter expression that filters the attack path in the response. Supported fields:

• valued_resources supports =

Type

str

page_token

The value returned by the last ListAttackPathsResponse; indicates that this is a continuation of a prior ListAttackPaths call, and that the system should return the next page of data.

Type

str

page_size

The maximum number of results to return in a single response. Default is 10, minimum is 1, maximum is 1000.

Type

int

class google.cloud.securitycenter_v2.types.ListAttackPathsResponse(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

Response message for listing the attack paths for a given simulation or valued resource.

attack_paths

The attack paths that the attack path simulation identified.

Type

MutableSequence[google.cloud.securitycenter_v2.types.AttackPath]

next_page_token

Token to retrieve the next page of results, or empty if there are no more results.

Type

str

class google.cloud.securitycenter_v2.types.ListBigQueryExportsRequest(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

Request message for listing BigQuery exports at a given scope e.g. organization, folder or project.

parent

Required. The parent, which owns the collection of BigQuery exports. Its format is organizations/[organization_id]/locations/[location_id], folders/[folder_id]/locations/[location_id], or projects/[project_id]/locations/[location_id].

Type

str

page_size

The maximum number of configs to return. The service may return fewer than this value. If unspecified, at most 10 configs will be returned. The maximum value is 1000; values above 1000 will be coerced to 1000.

Type

int

page_token

A page token, received from a previous ListBigQueryExports call. Provide this to retrieve the subsequent page. When paginating, all other parameters provided to ListBigQueryExports must match the call that provided the page token.

Type

str

class google.cloud.securitycenter_v2.types.ListBigQueryExportsResponse(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

Response message for listing BigQuery exports.

big_query_exports

The BigQuery exports from the specified parent.

Type

MutableSequence[google.cloud.securitycenter_v2.types.BigQueryExport]

next_page_token

A token, which can be sent as page_token to retrieve the next page. If this field is omitted, there are no subsequent pages.

Type

str

class google.cloud.securitycenter_v2.types.ListFindingsRequest(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

Request message for listing findings.

parent

Required. Name of the source the findings belong to. If no location is specified, the default is global. The following list shows some examples:

• organizations/[organization_id]/sources/[source_id]

organizations/[organization_id]/sources/[source_id]/locations/[location_id]

• folders/[folder_id]/sources/[source_id]

• folders/[folder_id]/sources/[source_id]/locations/[location_id]

• projects/[project_id]/sources/[source_id]

• projects/[project_id]/sources/[source_id]/locations/[location_id]

To list across all sources provide a source_id of -. The following list shows some examples:

• organizations/{organization_id}/sources/-

• organizations/{organization_id}/sources/-/locations/{location_id}

• folders/{folder_id}/sources/-

• folders/{folder_id}/sources/-locations/{location_id}

• projects/{projects_id}/sources/-

• projects/{projects_id}/sources/-/locations/{location_id}

Type

str

filter

Expression that defines the filter to apply across findings. The expression is a list of one or more restrictions combined via logical operators AND and OR. Parentheses are supported, and OR has higher precedence than AND.

Restrictions have the form <field> <operator> <value> and may have a - character in front of them to indicate negation. Examples include:

• name

• security_marks.marks.marka

The supported operators are:

• = for all value types.

• >, <, >=, <= for integer values.

• :, meaning substring matching, for strings.

The supported value types are:

• string literals in quotes.

• integer literals without quotes.

• boolean literals true and false without quotes.

The following field and operator combinations are supported:

• name: =

• parent: =, :

• resource_name: =, :

• state: =, :

• category: =, :

• external_uri: =, :

• event_time: =, >, <, >=, <=

  Usage: This should be milliseconds since epoch or an RFC3339 string. Examples: event_time = "2019-06-10T16:07:18-07:00" event_time = 1560208038000

• severity: =, :

• security_marks.marks: =, :

• resource:

  • resource.name: =, :

  • resource.parent_name: =, :

  • resource.parent_display_name: =, :

  • resource.project_name: =, :

  • resource.project_display_name: =, :

  • resource.type: =, :

  • resource.folders.resource_folder: =, :

  • resource.display_name: =, :

Type

str

order_by

Expression that defines what fields and order to use for sorting. The string value should follow SQL syntax: comma separated list of fields. For example: “name,parent”. The default sorting order is ascending. To specify descending order for a field, a suffix ” desc” should be appended to the field name. For example: “name desc,parent”. Redundant space characters in the syntax are insignificant. “name desc,parent” and ” name desc , parent ” are equivalent.

The following fields are supported: name parent state category resource_name event_time security_marks.marks

Type

str

field_mask

A field mask to specify the Finding fields to be listed in the response. An empty field mask will list all fields.

Type

google.protobuf.field_mask_pb2.FieldMask

page_token

The value returned by the last ListFindingsResponse; indicates that this is a continuation of a prior ListFindings call, and that the system should return the next page of data.

Type

str

page_size

The maximum number of results to return in a single response. Default is 10, minimum is 1, maximum is 1000.

Type

int

class google.cloud.securitycenter_v2.types.ListFindingsResponse(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

Response message for listing findings.

list_findings_results

Findings matching the list request.

Type

MutableSequence[google.cloud.securitycenter_v2.types.ListFindingsResponse.ListFindingsResult]

next_page_token

Token to retrieve the next page of results, or empty if there are no more results.

Type

str

total_size

The total number of findings matching the query.

Type

int

class ListFindingsResult(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

Result containing the Finding.

finding

Finding matching the search request.

Type

google.cloud.securitycenter_v2.types.Finding

resource

Output only. Resource that is associated with this finding.

Type

google.cloud.securitycenter_v2.types.ListFindingsResponse.ListFindingsResult.Resource

class Resource(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

Information related to the Google Cloud resource that is associated with this finding.

This message has oneof fields (mutually exclusive fields). For each oneof, at most one member field can be set at the same time. Setting any member of the oneof automatically clears all other members.

name

The full resource name of the resource. See: https://cloud.google.com/apis/design/resource_names#full_resource_name

Type

str

display_name

The human readable name of the resource.

Type

str

type_

The full resource type of the resource.

Type

str

cloud_provider

Indicates which cloud provider the finding is from.

Type

google.cloud.securitycenter_v2.types.CloudProvider

service

The service or resource provider associated with the resource.

Type

str

location

The region or location of the service (if applicable).

Type

str

gcp_metadata

The GCP metadata associated with the finding.

This field is a member of oneof cloud_provider_metadata.

Type

google.cloud.securitycenter_v2.types.GcpMetadata

aws_metadata

The AWS metadata associated with the finding.

This field is a member of oneof cloud_provider_metadata.

Type

google.cloud.securitycenter_v2.types.AwsMetadata

azure_metadata

The Azure metadata associated with the finding.

This field is a member of oneof cloud_provider_metadata.

Type

google.cloud.securitycenter_v2.types.AzureMetadata

resource_path

Provides the path to the resource within the resource hierarchy.

Type

google.cloud.securitycenter_v2.types.ResourcePath

resource_path_string

A string representation of the resource path. For Google Cloud, it has the format of organizations/{organization_id}/folders/{folder_id}/folders/{folder_id}/projects/{project_id} where there can be any number of folders. For AWS, it has the format of org/{organization_id}/ou/{organizational_unit_id}/ou/{organizational_unit_id}/account/{account_id} where there can be any number of organizational units. For Azure, it has the format of mg/{management_group_id}/mg/{management_group_id}/subscription/{subscription_id}/rg/{resource_group_name} where there can be any number of management groups.

Type

str

class google.cloud.securitycenter_v2.types.ListMuteConfigsRequest(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

Request message for listing mute configs at a given scope e.g. organization, folder or project. If no location is specified, default is global.

parent

Required. The parent, which owns the collection of mute configs. Its format is organizations/[organization_id]", "folders/[folder_id], projects/[project_id], organizations/[organization_id]/locations/[location_id], folders/[folder_id]/locations/[location_id], projects/[project_id]/locations/[location_id].

Type

str

page_size

The maximum number of configs to return. The service may return fewer than this value. If unspecified, at most 10 configs will be returned. The maximum value is 1000; values above 1000 will be coerced to 1000.

Type

int

page_token

A page token, received from a previous ListMuteConfigs call. Provide this to retrieve the subsequent page.

When paginating, all other parameters provided to ListMuteConfigs must match the call that provided the page token.

Type

str

class google.cloud.securitycenter_v2.types.ListMuteConfigsResponse(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

Response message for listing mute configs.

mute_configs

The mute configs from the specified parent.

Type

MutableSequence[google.cloud.securitycenter_v2.types.MuteConfig]

next_page_token

A token, which can be sent as page_token to retrieve the next page. If this field is omitted, there are no subsequent pages.

Type

str

class google.cloud.securitycenter_v2.types.ListNotificationConfigsRequest(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

Request message for listing notification configs.

parent

Required. The name of the parent in which to list the notification configurations. Its format is “organizations/[organization_id]/locations/[location_id]”, “folders/[folder_id]/locations/[location_id]”, or “projects/[project_id]/locations/[location_id]”.

Type

str

page_token

The value returned by the last ListNotificationConfigsResponse; indicates that this is a continuation of a prior ListNotificationConfigs call, and that the system should return the next page of data.

Type

str

page_size

The maximum number of results to return in a single response. Default is 10, minimum is 1, maximum is 1000.

Type

int

class google.cloud.securitycenter_v2.types.ListNotificationConfigsResponse(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

Response message for listing notification configs.

notification_configs

Notification configs belonging to the requested parent.

Type

MutableSequence[google.cloud.securitycenter_v2.types.NotificationConfig]

next_page_token

Token to retrieve the next page of results, or empty if there are no more results.

Type

str

class google.cloud.securitycenter_v2.types.ListResourceValueConfigsRequest(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

Request message to list resource value configs of a parent

parent

Required. The parent, which owns the collection of resource value configs. Its format is organizations/[organization_id]

Type

str

page_size

The maximum number of configs to return. The service may return fewer than this value. If unspecified, at most 10 configs will be returned. The maximum value is 1000; values above 1000 will be coerced to 1000.

Type

int

page_token

A page token, received from a previous ListResourceValueConfigs call. Provide this to retrieve the subsequent page.

When paginating, all other parameters provided to ListResourceValueConfigs must match the call that provided the page token.

page_size can be specified, and the new page_size will be used.

Type

str

class google.cloud.securitycenter_v2.types.ListResourceValueConfigsResponse(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

Response message to list resource value configs

resource_value_configs

The resource value configs from the specified parent.

Type

MutableSequence[google.cloud.securitycenter_v2.types.ResourceValueConfig]

next_page_token

A token, which can be sent as page_token to retrieve the next page. If this field is empty, there are no subsequent pages.

Type

str

class google.cloud.securitycenter_v2.types.ListSourcesRequest(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

Request message for listing sources.

parent

Required. Resource name of the parent of sources to list. Its format should be organizations/[organization_id], folders/[folder_id], or projects/[project_id].

Type

str

page_token

The value returned by the last ListSourcesResponse; indicates that this is a continuation of a prior ListSources call, and that the system should return the next page of data.

Type

str

page_size

The maximum number of results to return in a single response. Default is 10, minimum is 1, maximum is 1000.

Type

int

class google.cloud.securitycenter_v2.types.ListSourcesResponse(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

Response message for listing sources.

sources

Sources belonging to the requested parent.

Type

MutableSequence[google.cloud.securitycenter_v2.types.Source]

next_page_token

Token to retrieve the next page of results, or empty if there are no more results.

Type

str

class google.cloud.securitycenter_v2.types.ListValuedResourcesRequest(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

Request message for listing the valued resources for a given simulation.

parent

Required. Name of parent to list exposed resources.

Valid formats: organizations/{organization}, organizations/{organization}/simulations/{simulation} organizations/{organization}/simulations/{simulation}/attackExposureResults/{attack_exposure_result_v2}

Type

str

filter

The filter expression that filters the valued resources in the response. Supported fields:

• resource_value supports =

• resource_type supports =

Type

str

page_token

The value returned by the last ListValuedResourcesResponse; indicates that this is a continuation of a prior ListValuedResources call, and that the system should return the next page of data.

Type

str

page_size

The maximum number of results to return in a single response. Default is 10, minimum is 1, maximum is 1000.

Type

int

order_by

Optional. The fields by which to order the valued resources response.

Supported fields:

• exposed_score

• resource_value

• resource_type

Values should be a comma separated list of fields. For example: exposed_score,resource_value.

The default sorting order is descending. To specify ascending or descending order for a field, append a ” ASC” or a ” DESC” suffix, respectively; for example: exposed_score DESC.

Type

str

class google.cloud.securitycenter_v2.types.ListValuedResourcesResponse(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

Response message for listing the valued resources for a given simulation.

valued_resources

The valued resources that the attack path simulation identified.

Type

MutableSequence[google.cloud.securitycenter_v2.types.ValuedResource]

next_page_token

Token to retrieve the next page of results, or empty if there are no more results.

Type

str

total_size

The estimated total number of results matching the query.

Type

int

class google.cloud.securitycenter_v2.types.LoadBalancer(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

Contains information related to the load balancer associated with the finding.

name

The name of the load balancer associated with the finding.

Type

str

class google.cloud.securitycenter_v2.types.LogEntry(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

An individual entry in a log.

cloud_logging_entry

An individual entry in a log stored in Cloud Logging.

This field is a member of oneof log_entry.

Type

google.cloud.securitycenter_v2.types.CloudLoggingEntry

class google.cloud.securitycenter_v2.types.MitreAttack(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

MITRE ATT&CK tactics and techniques related to this finding. See: https://attack.mitre.org

primary_tactic

The MITRE ATT&CK tactic most closely represented by this finding, if any.

Type

google.cloud.securitycenter_v2.types.MitreAttack.Tactic

primary_techniques

The MITRE ATT&CK technique most closely represented by this finding, if any. primary_techniques is a repeated field because there are multiple levels of MITRE ATT&CK techniques. If the technique most closely represented by this finding is a sub-technique (e.g. SCANNING_IP_BLOCKS), both the sub-technique and its parent technique(s) will be listed (e.g. SCANNING_IP_BLOCKS, ACTIVE_SCANNING).

Type

MutableSequence[google.cloud.securitycenter_v2.types.MitreAttack.Technique]

additional_tactics

Additional MITRE ATT&CK tactics related to this finding, if any.

Type

MutableSequence[google.cloud.securitycenter_v2.types.MitreAttack.Tactic]

additional_techniques

Additional MITRE ATT&CK techniques related to this finding, if any, along with any of their respective parent techniques.

Type

MutableSequence[google.cloud.securitycenter_v2.types.MitreAttack.Technique]

version

The MITRE ATT&CK version referenced by the above fields. E.g. “8”.

Type

str

class Tactic(value)

Bases: proto.enums.Enum

MITRE ATT&CK tactics that can be referenced by SCC findings. See: https://attack.mitre.org/tactics/enterprise/

Values:

TACTIC_UNSPECIFIED (0):

Unspecified value.

RECONNAISSANCE (1):

TA0043

RESOURCE_DEVELOPMENT (2):

TA0042

INITIAL_ACCESS (5):

TA0001

EXECUTION (3):

TA0002

PERSISTENCE (6):

TA0003

PRIVILEGE_ESCALATION (8):

TA0004

DEFENSE_EVASION (7):

TA0005

CREDENTIAL_ACCESS (9):

TA0006

DISCOVERY (10):

TA0007

LATERAL_MOVEMENT (11):

TA0008

COLLECTION (12):

TA0009

COMMAND_AND_CONTROL (4):

TA0011

EXFILTRATION (13):

TA0010

IMPACT (14):

TA0040

class Technique(value)

Bases: proto.enums.Enum

MITRE ATT&CK techniques that can be referenced by SCC findings. See: https://attack.mitre.org/techniques/enterprise/ Next ID: 65

Values:

TECHNIQUE_UNSPECIFIED (0):

Unspecified value.

MASQUERADING (49):

T1036

MATCH_LEGITIMATE_NAME_OR_LOCATION (50):

T1036.005

BOOT_OR_LOGON_INITIALIZATION_SCRIPTS (37):

T1037

STARTUP_ITEMS (38):

T1037.005

NETWORK_SERVICE_DISCOVERY (32):

T1046

PROCESS_DISCOVERY (56):

T1057

COMMAND_AND_SCRIPTING_INTERPRETER (6):

T1059

UNIX_SHELL (7):

T1059.004

PYTHON (59):

T1059.006

EXPLOITATION_FOR_PRIVILEGE_ESCALATION (63):

T1068

PERMISSION_GROUPS_DISCOVERY (18):

T1069

CLOUD_GROUPS (19):

T1069.003

INDICATOR_REMOVAL_FILE_DELETION (64):

T1070.004

APPLICATION_LAYER_PROTOCOL (45):

T1071

DNS (46):

T1071.004

SOFTWARE_DEPLOYMENT_TOOLS (47):

T1072

VALID_ACCOUNTS (14):

T1078

DEFAULT_ACCOUNTS (35):

T1078.001

LOCAL_ACCOUNTS (15):

T1078.003

CLOUD_ACCOUNTS (16):

T1078.004

PROXY (9):

T1090

EXTERNAL_PROXY (10):

T1090.002

MULTI_HOP_PROXY (11):

T1090.003

ACCOUNT_MANIPULATION (22):

T1098

ADDITIONAL_CLOUD_CREDENTIALS (40):

T1098.001

SSH_AUTHORIZED_KEYS (23):

T1098.004

ADDITIONAL_CONTAINER_CLUSTER_ROLES (58):

T1098.006

INGRESS_TOOL_TRANSFER (3):

T1105

NATIVE_API (4):

T1106

BRUTE_FORCE (44):

T1110

SHARED_MODULES (5):

T1129

ACCESS_TOKEN_MANIPULATION (33):

T1134

TOKEN_IMPERSONATION_OR_THEFT (39):

T1134.001

EXPLOIT_PUBLIC_FACING_APPLICATION (27):

T1190

DOMAIN_POLICY_MODIFICATION (30):

T1484

DATA_DESTRUCTION (29):

T1485

SERVICE_STOP (52):

T1489

INHIBIT_SYSTEM_RECOVERY (36):

T1490

RESOURCE_HIJACKING (8):

T1496

NETWORK_DENIAL_OF_SERVICE (17):

T1498

CLOUD_SERVICE_DISCOVERY (48):

T1526

STEAL_APPLICATION_ACCESS_TOKEN (42):

T1528

ACCOUNT_ACCESS_REMOVAL (51):

T1531

STEAL_WEB_SESSION_COOKIE (25):

T1539

CREATE_OR_MODIFY_SYSTEM_PROCESS (24):

T1543

ABUSE_ELEVATION_CONTROL_MECHANISM (34):

T1548

UNSECURED_CREDENTIALS (13):

T1552

MODIFY_AUTHENTICATION_PROCESS (28):

T1556

IMPAIR_DEFENSES (31):

T1562

DISABLE_OR_MODIFY_TOOLS (55):

T1562.001

EXFILTRATION_OVER_WEB_SERVICE (20):

T1567

EXFILTRATION_TO_CLOUD_STORAGE (21):

T1567.002

DYNAMIC_RESOLUTION (12):

T1568

LATERAL_TOOL_TRANSFER (41):

T1570

MODIFY_CLOUD_COMPUTE_INFRASTRUCTURE (26):

T1578

CREATE_SNAPSHOT (54):

T1578.001

CLOUD_INFRASTRUCTURE_DISCOVERY (53):

T1580

OBTAIN_CAPABILITIES (43):

T1588

ACTIVE_SCANNING (1):

T1595

SCANNING_IP_BLOCKS (2):

T1595.001

CONTAINER_ADMINISTRATION_COMMAND (60):

T1609

ESCAPE_TO_HOST (61):

T1611

CONTAINER_AND_RESOURCE_DISCOVERY (57):

T1613

STEAL_OR_FORGE_AUTHENTICATION_CERTIFICATES (62):

T1649

class google.cloud.securitycenter_v2.types.MuteConfig(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

A mute config is a Cloud SCC resource that contains the configuration to mute create/update events of findings.

name

Identifier. This field will be ignored if provided on config creation. The following list shows some examples of the format:

• organizations/{organization}/muteConfigs/{mute_config}

organizations/{organization}locations/{location}//muteConfigs/{mute_config}

• folders/{folder}/muteConfigs/{mute_config}

• folders/{folder}/locations/{location}/muteConfigs/{mute_config}

• projects/{project}/muteConfigs/{mute_config}

• projects/{project}/locations/{location}/muteConfigs/{mute_config}

Type

str

description

A description of the mute config.

Type

str

filter

Required. An expression that defines the filter to apply across create/update events of findings. While creating a filter string, be mindful of the scope in which the mute configuration is being created. E.g., If a filter contains project = X but is created under the project = Y scope, it might not match any findings.

The following field and operator combinations are supported:

• severity: =, :

• category: =, :

• resource.name: =, :

• resource.project_name: =, :

• resource.project_display_name: =, :

• resource.folders.resource_folder: =, :

• resource.parent_name: =, :

• resource.parent_display_name: =, :

• resource.type: =, :

• finding_class: =, :

• indicator.ip_addresses: =, :

• indicator.domains: =, :

Type

str

create_time

Output only. The time at which the mute config was created. This field is set by the server and will be ignored if provided on config creation.

Type

google.protobuf.timestamp_pb2.Timestamp

update_time

Output only. The most recent time at which the mute config was updated. This field is set by the server and will be ignored if provided on config creation or update.

Type

google.protobuf.timestamp_pb2.Timestamp

most_recent_editor

Output only. Email address of the user who last edited the mute config. This field is set by the server and will be ignored if provided on config creation or update.

Type

str

type_

Required. The type of the mute config, which determines what type of mute state the config affects. Immutable after creation.

Type

google.cloud.securitycenter_v2.types.MuteConfig.MuteConfigType

expiry_time

Optional. The expiry of the mute config. Only applicable for dynamic configs. If the expiry is set, when the config expires, it is removed from all findings.

Type

google.protobuf.timestamp_pb2.Timestamp

class MuteConfigType(value)

Bases: proto.enums.Enum

The type of MuteConfig.

Values:

MUTE_CONFIG_TYPE_UNSPECIFIED (0):

Unused.

STATIC (1):

A static mute config, which sets the static mute state of future matching findings to muted. Once the static mute state has been set, finding or config modifications will not affect the state.

DYNAMIC (2):

A dynamic mute config, which is applied to existing and future matching findings, setting their dynamic mute state to “muted”. If the config is updated or deleted, or a matching finding is updated, such that the finding doesn’t match the config, the config will be removed from the finding, and the finding’s dynamic mute state may become “unmuted” (unless other configs still match).

class google.cloud.securitycenter_v2.types.Notebook(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

Represents a Jupyter notebook IPYNB file, such as a Colab Enterprise notebook file, that is associated with a finding.

name

The name of the notebook.

Type

str

service

The source notebook service, for example, “Colab Enterprise”.

Type

str

last_author

The user ID of the latest author to modify the notebook.

Type

str

notebook_update_time

The most recent time the notebook was updated.

Type

google.protobuf.timestamp_pb2.Timestamp

class google.cloud.securitycenter_v2.types.NotificationConfig(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

Cloud Security Command Center (Cloud SCC) notification configs. A notification config is a Cloud SCC resource that contains the configuration to send notifications for create/update events of findings, assets and etc.

name

Identifier. The relative resource name of this notification config. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name The following list shows some examples: + organizations/{organization_id}/locations/{location_id}/notificationConfigs/notify_public_bucket + folders/{folder_id}/locations/{location_id}/notificationConfigs/notify_public_bucket + projects/{project_id}/locations/{location_id}/notificationConfigs/notify_public_bucket

Type

str

description

The description of the notification config (max of 1024 characters).

Type

str

pubsub_topic

The Pub/Sub topic to send notifications to. Its format is “projects/[project_id]/topics/[topic]”.

Type

str

service_account

Output only. The service account that needs “pubsub.topics.publish” permission to publish to the Pub/Sub topic.

Type

str

streaming_config

The config for triggering streaming-based notifications.

This field is a member of oneof notify_config.

Type

google.cloud.securitycenter_v2.types.NotificationConfig.StreamingConfig

class StreamingConfig(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

The config for streaming-based notifications, which send each event as soon as it is detected.

filter

Expression that defines the filter to apply across create/update events of assets or findings as specified by the event type. The expression is a list of zero or more restrictions combined via logical operators AND and OR. Parentheses are supported, and OR has higher precedence than AND.

Restrictions have the form <field> <operator> <value> and may have a - character in front of them to indicate negation. The fields map to those defined in the corresponding resource.

The supported operators are:

• = for all value types.

• >, <, >=, <= for integer values.

• :, meaning substring matching, for strings.

The supported value types are:

• string literals in quotes.

• integer literals without quotes.

• boolean literals true and false without quotes.

Type

str

class google.cloud.securitycenter_v2.types.NotificationMessage(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

Cloud SCC’s Notification

notification_config_name

Name of the notification config that generated current notification.

Type

str

finding

If it’s a Finding based notification config, this field will be populated.

This field is a member of oneof event.

Type

google.cloud.securitycenter_v2.types.Finding

resource

The Cloud resource tied to this notification’s Finding.

Type

google.cloud.securitycenter_v2.types.Resource

class google.cloud.securitycenter_v2.types.OrgPolicy(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

Contains information about the org policies associated with the finding.

name

The resource name of the org policy. Example: “organizations/{organization_id}/policies/{constraint_name}”.

Type

str

class google.cloud.securitycenter_v2.types.Package(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

Package is a generic definition of a package.

package_name

The name of the package where the vulnerability was detected.

Type

str

cpe_uri

The CPE URI where the vulnerability was detected.

Type

str

package_type

Type of package, for example, os, maven, or go.

Type

str

package_version

The version of the package.

Type

str

class google.cloud.securitycenter_v2.types.Process(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

Represents an operating system process.

name

The process name, as displayed in utilities like top and ps. This name can be accessed through /proc/[pid]/comm and changed with prctl(PR_SET_NAME).

Type

str

binary

File information for the process executable.

Type

google.cloud.securitycenter_v2.types.File

libraries

File information for libraries loaded by the process.

Type

MutableSequence[google.cloud.securitycenter_v2.types.File]

script

When the process represents the invocation of a script, binary provides information about the interpreter, while script provides information about the script file provided to the interpreter.

Type

google.cloud.securitycenter_v2.types.File

args

Process arguments as JSON encoded strings.

Type

MutableSequence[str]

arguments_truncated

True if args is incomplete.

Type

bool

env_variables

Process environment variables.

Type

MutableSequence[google.cloud.securitycenter_v2.types.EnvironmentVariable]

env_variables_truncated

True if env_variables is incomplete.

Type

bool

pid

The process ID.

Type

int

parent_pid

The parent process ID.

Type

int

class google.cloud.securitycenter_v2.types.Reference(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

Additional Links

source

Source of the reference e.g. NVD

Type

str

uri

Uri for the mentioned source e.g. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34527.

Type

str

class google.cloud.securitycenter_v2.types.Requests(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

Information about the requests relevant to the finding.

ratio

For ‘Increasing deny ratio’, the ratio is the denied traffic divided by the allowed traffic. For ‘Allowed traffic spike’, the ratio is the allowed traffic in the short term divided by allowed traffic in the long term.

Type

float

short_term_allowed

Allowed RPS (requests per second) in the short term.

Type

int

long_term_allowed

Allowed RPS (requests per second) over the long term.

Type

int

long_term_denied

Denied RPS (requests per second) over the long term.

Type

int

class google.cloud.securitycenter_v2.types.Resource(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

Information related to the Google Cloud resource.

This message has oneof fields (mutually exclusive fields). For each oneof, at most one member field can be set at the same time. Setting any member of the oneof automatically clears all other members.

name

The full resource name of the resource. See: https://cloud.google.com/apis/design/resource_names#full_resource_name

Type

str

display_name

The human readable name of the resource.

Type

str

type_

The full resource type of the resource.

Type

str

cloud_provider

Indicates which cloud provider the finding is from.

Type

google.cloud.securitycenter_v2.types.CloudProvider

service

The service or resource provider associated with the resource.

Type

str

location

The region or location of the service (if applicable).

Type

str

gcp_metadata

The GCP metadata associated with the finding.

This field is a member of oneof cloud_provider_metadata.

Type

google.cloud.securitycenter_v2.types.GcpMetadata

aws_metadata

The AWS metadata associated with the finding.

This field is a member of oneof cloud_provider_metadata.

Type

google.cloud.securitycenter_v2.types.AwsMetadata

azure_metadata

The Azure metadata associated with the finding.

This field is a member of oneof cloud_provider_metadata.

Type

google.cloud.securitycenter_v2.types.AzureMetadata

resource_path

Provides the path to the resource within the resource hierarchy.

Type

google.cloud.securitycenter_v2.types.ResourcePath

resource_path_string

A string representation of the resource path. For Google Cloud, it has the format of organizations/{organization_id}/folders/{folder_id}/folders/{folder_id}/projects/{project_id} where there can be any number of folders. For AWS, it has the format of org/{organization_id}/ou/{organizational_unit_id}/ou/{organizational_unit_id}/account/{account_id} where there can be any number of organizational units. For Azure, it has the format of mg/{management_group_id}/mg/{management_group_id}/subscription/{subscription_id}/rg/{resource_group_name} where there can be any number of management groups.

Type

str

class google.cloud.securitycenter_v2.types.ResourcePath(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

Represents the path of resources leading up to the resource this finding is about.

nodes

The list of nodes that make the up resource path, ordered from lowest level to highest level.

Type

MutableSequence[google.cloud.securitycenter_v2.types.ResourcePath.ResourcePathNode]

class ResourcePathNode(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

A node within the resource path. Each node represents a resource within the resource hierarchy.

node_type

The type of resource this node represents.

Type

google.cloud.securitycenter_v2.types.ResourcePath.ResourcePathNodeType

id

The ID of the resource this node represents.

Type

str

display_name

The display name of the resource this node represents.

Type

str

class ResourcePathNodeType(value)

Bases: proto.enums.Enum

The type of resource the node represents.

Values:

RESOURCE_PATH_NODE_TYPE_UNSPECIFIED (0):

Node type is unspecified.

GCP_ORGANIZATION (1):

The node represents a Google Cloud organization.

GCP_FOLDER (2):

The node represents a Google Cloud folder.

GCP_PROJECT (3):

The node represents a Google Cloud project.

AWS_ORGANIZATION (4):

The node represents an AWS organization.

AWS_ORGANIZATIONAL_UNIT (5):

The node represents an AWS organizational unit.

AWS_ACCOUNT (6):

The node represents an AWS account.

AZURE_MANAGEMENT_GROUP (7):

The node represents an Azure management group.

AZURE_SUBSCRIPTION (8):

The node represents an Azure subscription.

AZURE_RESOURCE_GROUP (9):

The node represents an Azure resource group.

class google.cloud.securitycenter_v2.types.ResourceValue(value)

Bases: proto.enums.Enum

Value enum to map to a resource

Values:

RESOURCE_VALUE_UNSPECIFIED (0):

Unspecific value

HIGH (1):

High resource value

MEDIUM (2):

Medium resource value

LOW (3):

Low resource value

NONE (4):

No resource value, e.g. ignore these resources

class google.cloud.securitycenter_v2.types.ResourceValueConfig(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

A resource value configuration (RVC) is a mapping configuration of user’s resources to resource values. Used in Attack path simulations.

name

Identifier. Name for the resource value configuration

Type

str

resource_value

Resource value level this expression represents Only required when there is no Sensitive Data Protection mapping in the request

Type

google.cloud.securitycenter_v2.types.ResourceValue

tag_values

Tag values combined with AND to check against. Values in the form “tagValues/123” Example: [ "tagValues/123", "tagValues/456", "tagValues/789" ] https://cloud.google.com/resource-manager/docs/tags/tags-creating-and-managing

Type

MutableSequence[str]

resource_type

Apply resource_value only to resources that match resource_type. resource_type will be checked with AND of other resources. For example, “storage.googleapis.com/Bucket” with resource_value “HIGH” will apply “HIGH” value only to “storage.googleapis.com/Bucket” resources.

Type

str

scope

Project or folder to scope this configuration to. For example, “project/456” would apply this configuration only to resources in “project/456” scope and will be checked with AND of other resources.

Type

str

resource_labels_selector

List of resource labels to search for, evaluated with AND. For example, “resource_labels_selector”: {“key”: “value”, “env”: “prod”} will match resources with labels “key”: “value” AND “env”: “prod” https://cloud.google.com/resource-manager/docs/creating-managing-labels

Type

MutableMapping[str, str]

description

Description of the resource value configuration.

Type

str

create_time

Output only. Timestamp this resource value configuration was created.

Type

google.protobuf.timestamp_pb2.Timestamp

update_time

Output only. Timestamp this resource value configuration was last updated.

Type

google.protobuf.timestamp_pb2.Timestamp

cloud_provider

Cloud provider this configuration applies to

Type

google.cloud.securitycenter_v2.types.CloudProvider

sensitive_data_protection_mapping

A mapping of the sensitivity on Sensitive Data Protection finding to resource values. This mapping can only be used in combination with a resource_type that is related to BigQuery, e.g. “bigquery.googleapis.com/Dataset”.

Type

google.cloud.securitycenter_v2.types.ResourceValueConfig.SensitiveDataProtectionMapping

class ResourceLabelsSelectorEntry(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

class SensitiveDataProtectionMapping(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

Resource value mapping for Sensitive Data Protection findings If any of these mappings have a resource value that is not unspecified, the resource_value field will be ignored when reading this configuration.

high_sensitivity_mapping

Resource value mapping for high-sensitivity Sensitive Data Protection findings

Type

google.cloud.securitycenter_v2.types.ResourceValue

medium_sensitivity_mapping

Resource value mapping for medium-sensitivity Sensitive Data Protection findings

Type

google.cloud.securitycenter_v2.types.ResourceValue

class google.cloud.securitycenter_v2.types.ResourceValueConfigMetadata(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

Metadata about a ResourceValueConfig. For example, id and name.

name

Resource value config name

Type

str

class google.cloud.securitycenter_v2.types.SecurityBulletin(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

SecurityBulletin are notifications of vulnerabilities of Google products.

bulletin_id

ID of the bulletin corresponding to the vulnerability.

Type

str

submission_time

Submission time of this Security Bulletin.

Type

google.protobuf.timestamp_pb2.Timestamp

suggested_upgrade_version

This represents a version that the cluster receiving this notification should be upgraded to, based on its current version. For example, 1.15.0

Type

str

class google.cloud.securitycenter_v2.types.SecurityMarks(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

User specified security marks that are attached to the parent Security Command Center resource. Security marks are scoped within a Security Command Center organization – they can be modified and viewed by all users who have proper permissions on the organization.

name

The relative resource name of the SecurityMarks. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name The following list shows some examples:

• organizations/{organization_id}/assets/{asset_id}/securityMarks

organizations/{organization_id}/sources/{source_id}/findings/{finding_id}/securityMarks + organizations/{organization_id}/sources/{source_id}/locations/{location}/findings/{finding_id}/securityMarks

Type

str

marks

Mutable user specified security marks belonging to the parent resource. Constraints are as follows:

• Keys and values are treated as case insensitive

• Keys must be between 1 - 256 characters (inclusive)

• Keys must be letters, numbers, underscores, or dashes

• Values have leading and trailing whitespace trimmed, remaining characters must be between 1 - 4096 characters (inclusive)

Type

MutableMapping[str, str]

canonical_name

The canonical name of the marks. The following list shows some examples:

• organizations/{organization_id}/assets/{asset_id}/securityMarks

organizations/{organization_id}/sources/{source_id}/findings/{finding_id}/securityMarks + organizations/{organization_id}/sources/{source_id}/locations/{location}/findings/{finding_id}/securityMarks

• folders/{folder_id}/assets/{asset_id}/securityMarks

folders/{folder_id}/sources/{source_id}/findings/{finding_id}/securityMarks + folders/{folder_id}/sources/{source_id}/locations/{location}/findings/{finding_id}/securityMarks

• projects/{project_number}/assets/{asset_id}/securityMarks

projects/{project_number}/sources/{source_id}/findings/{finding_id}/securityMarks + projects/{project_number}/sources/{source_id}/locations/{location}/findings/{finding_id}/securityMarks

Type

str

class MarksEntry(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

class google.cloud.securitycenter_v2.types.SecurityPolicy(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

Information about the Google Cloud Armor security policy relevant to the finding.

name

The name of the Google Cloud Armor security policy, for example, “my-security-policy”.

Type

str

type_

The type of Google Cloud Armor security policy for example, ‘backend security policy’, ‘edge security policy’, ‘network edge security policy’, or ‘always-on DDoS protection’.

Type

str

preview

Whether or not the associated rule or policy is in preview mode.

Type

bool

class google.cloud.securitycenter_v2.types.SecurityPosture(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

Represents a posture that is deployed on Google Cloud by the Security Command Center Posture Management service. A posture contains one or more policy sets. A policy set is a group of policies that enforce a set of security rules on Google Cloud.

name

Name of the posture, for example, CIS-Posture.

Type

str

revision_id

The version of the posture, for example, c7cfa2a8.

Type

str

posture_deployment_resource

The project, folder, or organization on which the posture is deployed, for example, projects/{project_number}.

Type

str

posture_deployment

The name of the posture deployment, for example, organizations/{org_id}/posturedeployments/{posture_deployment_id}.

Type

str

changed_policy

The name of the updated policy, for example, projects/{project_id}/policies/{constraint_name}.

Type

str

policy_set

The name of the updated policy set, for example, cis-policyset.

Type

str

policy

The ID of the updated policy, for example, compute-policy-1.

Type

str

policy_drift_details

The details about a change in an updated policy that violates the deployed posture.

Type

MutableSequence[google.cloud.securitycenter_v2.types.SecurityPosture.PolicyDriftDetails]

class PolicyDriftDetails(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

The policy field that violates the deployed posture and its expected and detected values.

field

The name of the updated field, for example constraint.implementation.policy_rules[0].enforce

Type

str

expected_value

The value of this field that was configured in a posture, for example, true or allowed_values={"projects/29831892"}.

Type

str

detected_value

The detected value that violates the deployed posture, for example, false or allowed_values={"projects/22831892"}.

Type

str

class google.cloud.securitycenter_v2.types.ServiceAccountDelegationInfo(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

Identity delegation history of an authenticated service account.

principal_email

The email address of a Google account.

Type

str

principal_subject

A string representing the principal_subject associated with the identity. As compared to principal_email, supports principals that aren’t associated with email addresses, such as third party principals. For most identities, the format will be principal://iam.googleapis.com/{identity pool name}/subjects/{subject} except for some GKE identities (GKE_WORKLOAD, FREEFORM, GKE_HUB_WORKLOAD) that are still in the legacy format serviceAccount:{identity pool name}[{subject}]

Type

str

class google.cloud.securitycenter_v2.types.SetFindingStateRequest(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

Request message for updating a finding’s state.

name

Required. The relative resource name of the finding. If no location is specified, finding is assumed to be in global. The following list shows some examples:

organizations/{organization_id}/sources/{source_id}/findings/{finding_id} + organizations/{organization_id}/sources/{source_id}/locations/{location_id}/findings/{finding_id}

• folders/{folder_id}/sources/{source_id}/findings/{finding_id}

folders/{folder_id}/sources/{source_id}/locations/{location_id}/findings/{finding_id}

• projects/{project_id}/sources/{source_id}/findings/{finding_id}

projects/{project_id}/sources/{source_id}/locations/{location_id}/findings/{finding_id}

Type

str

state

Required. The desired State of the finding.

Type

google.cloud.securitycenter_v2.types.Finding.State

class google.cloud.securitycenter_v2.types.SetMuteRequest(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

Request message for updating a finding’s mute status.

name

Required. The relative resource name of the finding. If no location is specified, finding is assumed to be in global. The following list shows some examples:

organizations/{organization_id}/sources/{source_id}/findings/{finding_id} + organizations/{organization_id}/sources/{source_id}/locations/{location_id}/findings/{finding_id}

• folders/{folder_id}/sources/{source_id}/findings/{finding_id}

folders/{folder_id}/sources/{source_id}/locations/{location_id}/findings/{finding_id}

• projects/{project_id}/sources/{source_id}/findings/{finding_id}

projects/{project_id}/sources/{source_id}/locations/{location_id}/findings/{finding_id}

Type

str

mute

Required. The desired state of the Mute.

Type

google.cloud.securitycenter_v2.types.Finding.Mute

class google.cloud.securitycenter_v2.types.Simulation(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

Attack path simulation

name

Full resource name of the Simulation: organizations/123/simulations/456

Type

str

create_time

Output only. Time simulation was created

Type

google.protobuf.timestamp_pb2.Timestamp

resource_value_configs_metadata

Resource value configurations’ metadata used in this simulation. Maximum of 100.

Type

MutableSequence[google.cloud.securitycenter_v2.types.ResourceValueConfigMetadata]

cloud_provider

Indicates which cloud provider was used in this simulation.

Type

google.cloud.securitycenter_v2.types.CloudProvider

class google.cloud.securitycenter_v2.types.Source(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

Security Command Center finding source. A finding source is an entity or a mechanism that can produce a finding. A source is like a container of findings that come from the same scanner, logger, monitor, and other tools.

name

The relative resource name of this source. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name Example: “organizations/{organization_id}/sources/{source_id}”.

Type

str

display_name

The source’s display name. A source’s display name must be unique amongst its siblings, for example, two sources with the same parent can’t share the same display name. The display name must have a length between 1 and 64 characters (inclusive).

Type

str

description

The description of the source (max of 1024 characters). Example:

“Web Security Scanner is a web security scanner for common vulnerabilities in App Engine applications. It can automatically scan and detect four common vulnerabilities, including cross-site-scripting (XSS), Flash injection, mixed content (HTTP in HTTPS), and outdated or insecure libraries.”.

Type

str

canonical_name

The canonical name of the finding source. It’s either “organizations/{organization_id}/sources/{source_id}”, “folders/{folder_id}/sources/{source_id}”, or “projects/{project_number}/sources/{source_id}”, depending on the closest CRM ancestor of the resource associated with the finding.

Type

str

class google.cloud.securitycenter_v2.types.ToxicCombination(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

Contains details about a group of security issues that, when the issues occur together, represent a greater risk than when the issues occur independently. A group of such issues is referred to as a toxic combination.

attack_exposure_score

The Attack exposure score of this toxic combination. The score is a measure of how much this toxic combination exposes one or more high-value resources to potential attack.

Type

float

related_findings

List of resource names of findings associated with this toxic combination. For example, organizations/123/sources/456/findings/789.

Type

MutableSequence[str]

class google.cloud.securitycenter_v2.types.UpdateBigQueryExportRequest(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

Request message for updating a BigQuery export.

big_query_export

Required. The BigQuery export being updated.

Type

google.cloud.securitycenter_v2.types.BigQueryExport

update_mask

The list of fields to be updated. If empty all mutable fields will be updated.

Type

google.protobuf.field_mask_pb2.FieldMask

class google.cloud.securitycenter_v2.types.UpdateExternalSystemRequest(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

Request message for updating a ExternalSystem resource.

external_system

Required. The external system resource to update.

Type

google.cloud.securitycenter_v2.types.ExternalSystem

update_mask

The FieldMask to use when updating the external system resource. If empty all mutable fields will be updated.

Type

google.protobuf.field_mask_pb2.FieldMask

class google.cloud.securitycenter_v2.types.UpdateFindingRequest(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

Request message for updating or creating a finding.

finding

Required. The finding resource to update or create if it does not already exist. parent, security_marks, and update_time will be ignored.

In the case of creation, the finding id portion of the name must be alphanumeric and less than or equal to 32 characters and greater than 0 characters in length.

Type

google.cloud.securitycenter_v2.types.Finding

update_mask

The FieldMask to use when updating the finding resource. This field should not be specified when creating a finding.

When updating a finding, an empty mask is treated as updating all mutable fields and replacing source_properties. Individual source_properties can be added/updated by using “source_properties.” in the field mask.

Type

google.protobuf.field_mask_pb2.FieldMask

class google.cloud.securitycenter_v2.types.UpdateMuteConfigRequest(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

Request message for updating a mute config.

mute_config

Required. The mute config being updated.

Type

google.cloud.securitycenter_v2.types.MuteConfig

update_mask

The list of fields to be updated. If empty all mutable fields will be updated.

Type

google.protobuf.field_mask_pb2.FieldMask

class google.cloud.securitycenter_v2.types.UpdateNotificationConfigRequest(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

Request message for updating a notification config.

notification_config

Required. The notification config to update.

Type

google.cloud.securitycenter_v2.types.NotificationConfig

update_mask

The FieldMask to use when updating the notification config. If empty all mutable fields will be updated.

Type

google.protobuf.field_mask_pb2.FieldMask

class google.cloud.securitycenter_v2.types.UpdateResourceValueConfigRequest(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

Request message to update resource value config

resource_value_config

Required. The resource value config being updated.

Type

google.cloud.securitycenter_v2.types.ResourceValueConfig

update_mask

The list of fields to be updated. If empty all mutable fields will be updated.

To update nested fields, include the top level field in the mask For example, to update gcp_metadata.resource_type, include the “gcp_metadata” field mask

Type

google.protobuf.field_mask_pb2.FieldMask

class google.cloud.securitycenter_v2.types.UpdateSecurityMarksRequest(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

Request message for updating a SecurityMarks resource.

security_marks

Required. The security marks resource to update.

Type

google.cloud.securitycenter_v2.types.SecurityMarks

update_mask

The FieldMask to use when updating the security marks resource.

The field mask must not contain duplicate fields. If empty or set to “marks”, all marks will be replaced. Individual marks can be updated using “marks.<mark_key>”.

Type

google.protobuf.field_mask_pb2.FieldMask

class google.cloud.securitycenter_v2.types.UpdateSourceRequest(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

Request message for updating a source.

source

Required. The source resource to update.

Type

google.cloud.securitycenter_v2.types.Source

update_mask

The FieldMask to use when updating the source resource. If empty all mutable fields will be updated.

Type

google.protobuf.field_mask_pb2.FieldMask

class google.cloud.securitycenter_v2.types.ValuedResource(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

A resource that is determined to have value to a user’s system

name

Valued resource name, for example, e.g.: organizations/123/simulations/456/valuedResources/789

Type

str

resource

The full resource name of the valued resource.

Type

str

resource_type

The resource type of the valued resource.

Type

str

display_name

Human-readable name of the valued resource.

Type

str

resource_value

How valuable this resource is.

Type

google.cloud.securitycenter_v2.types.ValuedResource.ResourceValue

exposed_score

Exposed score for this valued resource. A value of 0 means no exposure was detected exposure.

Type

float

resource_value_configs_used

List of resource value configurations’ metadata used to determine the value of this resource. Maximum of 100.

Type

MutableSequence[google.cloud.securitycenter_v2.types.ResourceValueConfigMetadata]

class ResourceValue(value)

Bases: proto.enums.Enum

How valuable the resource is.

Values:

RESOURCE_VALUE_UNSPECIFIED (0):

The resource value isn’t specified.

RESOURCE_VALUE_LOW (1):

This is a low-value resource.

RESOURCE_VALUE_MEDIUM (2):

This is a medium-value resource.

RESOURCE_VALUE_HIGH (3):

This is a high-value resource.

class google.cloud.securitycenter_v2.types.Vulnerability(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

Refers to common vulnerability fields e.g. cve, cvss, cwe etc.

cve

CVE stands for Common Vulnerabilities and Exposures (https://cve.mitre.org/about/)

Type

google.cloud.securitycenter_v2.types.Cve

offending_package

The offending package is relevant to the finding.

Type

google.cloud.securitycenter_v2.types.Package

fixed_package

The fixed package is relevant to the finding.

Type

google.cloud.securitycenter_v2.types.Package

security_bulletin

The security bulletin is relevant to this finding.

Type

google.cloud.securitycenter_v2.types.SecurityBulletin