Class: Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2Finding
- Inherits:
-
Object
- Object
- Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2Finding
- Includes:
- Core::Hashable, Core::JsonObjectSupport
- Defined in:
- lib/google/apis/securitycenter_v1/classes.rb,
lib/google/apis/securitycenter_v1/representations.rb,
lib/google/apis/securitycenter_v1/representations.rb
Overview
Security Command Center finding. A finding is a record of assessment data like security, risk, health, or privacy, that is ingested into Security Command Center for presentation, notification, analysis, policy testing, and enforcement. For example, a cross-site scripting (XSS) vulnerability in an App Engine application is a finding.
Instance Attribute Summary collapse
-
#access ⇒ Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2Access
Represents an access event.
-
#attack_exposure ⇒ Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2AttackExposure
An attack exposure contains the results of an attack path simulation run.
-
#canonical_name ⇒ String
Output only.
-
#category ⇒ String
Immutable.
-
#cloud_dlp_data_profile ⇒ Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2CloudDlpDataProfile
The data profile associated with the finding.
-
#cloud_dlp_inspection ⇒ Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2CloudDlpInspection
Details about the Cloud Data Loss Prevention (Cloud DLP) inspection job that produced the finding.
-
#compliances ⇒ Array<Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2Compliance>
Contains compliance information for security standards associated to the finding.
-
#connections ⇒ Array<Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2Connection>
Contains information about the IP connection associated with the finding.
-
#contacts ⇒ Hash<String,Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2ContactDetails>
Output only.
-
#containers ⇒ Array<Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2Container>
Containers associated with the finding.
-
#create_time ⇒ String
Output only.
-
#database ⇒ Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2Database
Represents database access information, such as queries.
-
#description ⇒ String
Contains more details about the finding.
-
#event_time ⇒ String
The time the finding was first detected.
-
#exfiltration ⇒ Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2Exfiltration
Exfiltration represents a data exfiltration attempt from one or more sources to one or more targets.
-
#external_systems ⇒ Hash<String,Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2ExternalSystem>
Output only.
-
#external_uri ⇒ String
The URI that, if available, points to a web page outside of Security Command Center where additional information about the finding can be found.
-
#files ⇒ Array<Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2File>
File associated with the finding.
-
#finding_class ⇒ String
The class of the finding.
-
#iam_bindings ⇒ Array<Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2IamBinding>
Represents IAM bindings associated with the finding.
-
#indicator ⇒ Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2Indicator
Represents what's commonly known as an indicator of compromise (IoC) in computer forensics.
-
#kernel_rootkit ⇒ Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2KernelRootkit
Kernel mode rootkit signatures.
-
#kubernetes ⇒ Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2Kubernetes
Kubernetes-related attributes.
-
#load_balancers ⇒ Array<Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2LoadBalancer>
The load balancers associated with the finding.
-
#log_entries ⇒ Array<Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2LogEntry>
Log entries that are relevant to the finding.
-
#mitre_attack ⇒ Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2MitreAttack
MITRE ATT&CK tactics and techniques related to this finding.
-
#module_name ⇒ String
Unique identifier of the module which generated the finding.
-
#mute ⇒ String
Indicates the mute state of a finding (either muted, unmuted or undefined).
-
#mute_initiator ⇒ String
Records additional information about the mute operation, for example, the mute configuration that muted the finding and the user who muted the finding.
-
#mute_update_time ⇒ String
Output only.
-
#name ⇒ String
The relative resource name of the finding.
-
#next_steps ⇒ String
Steps to address the finding.
-
#org_policies ⇒ Array<Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2OrgPolicy>
Contains information about the org policies associated with the finding.
-
#parent ⇒ String
The relative resource name of the source and location the finding belongs to.
-
#parent_display_name ⇒ String
Output only.
-
#processes ⇒ Array<Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2Process>
Represents operating system processes associated with the Finding.
-
#resource_name ⇒ String
Immutable.
-
#security_marks ⇒ Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2SecurityMarks
User specified security marks that are attached to the parent Security Command Center resource.
-
#security_posture ⇒ Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2SecurityPosture
Represents a posture that is deployed on Google Cloud by the Security Command Center Posture Management service.
-
#severity ⇒ String
The severity of the finding.
-
#source_properties ⇒ Hash<String,Object>
Source specific properties.
-
#state ⇒ String
Output only.
-
#vulnerability ⇒ Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2Vulnerability
Refers to common vulnerability fields e.g.
Instance Method Summary collapse
-
#initialize(**args) ⇒ GoogleCloudSecuritycenterV2Finding
constructor
A new instance of GoogleCloudSecuritycenterV2Finding.
-
#update!(**args) ⇒ Object
Update properties of this object.
Constructor Details
#initialize(**args) ⇒ GoogleCloudSecuritycenterV2Finding
Returns a new instance of GoogleCloudSecuritycenterV2Finding.
4473 4474 4475 |
# File 'lib/google/apis/securitycenter_v1/classes.rb', line 4473 def initialize(**args) update!(**args) end |
Instance Attribute Details
#access ⇒ Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2Access
Represents an access event.
Corresponds to the JSON property access
4183 4184 4185 |
# File 'lib/google/apis/securitycenter_v1/classes.rb', line 4183 def access @access end |
#attack_exposure ⇒ Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2AttackExposure
An attack exposure contains the results of an attack path simulation run.
Corresponds to the JSON property attackExposure
4188 4189 4190 |
# File 'lib/google/apis/securitycenter_v1/classes.rb', line 4188 def attack_exposure @attack_exposure end |
#canonical_name ⇒ String
Output only. The canonical name of the finding. The following list shows some
examples: + organizations/organization_id/sources/source_id/findings/
finding_id+ `organizations/`organization_id`/sources/`source_id`/locations/`
location_id`/findings/`finding_id + folders/folder_id/sources/source_id/
findings/finding_id+ `folders/`folder_id`/sources/`source_id`/locations/`
location_id`/findings/`finding_id + projects/project_id/sources/
source_id/findings/finding_id+ `projects/`project_id`/sources/`source_id`/
locations/`location_id`/findings/`finding_id The prefix is the closest CRM
ancestor of the resource associated with the finding.
Corresponds to the JSON property canonicalName
4201 4202 4203 |
# File 'lib/google/apis/securitycenter_v1/classes.rb', line 4201 def canonical_name @canonical_name end |
#category ⇒ String
Immutable. The additional taxonomy group within findings from a given source.
Example: "XSS_FLASH_INJECTION"
Corresponds to the JSON property category
4207 4208 4209 |
# File 'lib/google/apis/securitycenter_v1/classes.rb', line 4207 def category @category end |
#cloud_dlp_data_profile ⇒ Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2CloudDlpDataProfile
The data profile associated
with the finding.
Corresponds to the JSON property cloudDlpDataProfile
4213 4214 4215 |
# File 'lib/google/apis/securitycenter_v1/classes.rb', line 4213 def cloud_dlp_data_profile @cloud_dlp_data_profile end |
#cloud_dlp_inspection ⇒ Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2CloudDlpInspection
Details about the Cloud Data Loss Prevention (Cloud DLP) inspection job that produced the
finding.
Corresponds to the JSON property cloudDlpInspection
4220 4221 4222 |
# File 'lib/google/apis/securitycenter_v1/classes.rb', line 4220 def cloud_dlp_inspection @cloud_dlp_inspection end |
#compliances ⇒ Array<Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2Compliance>
Contains compliance information for security standards associated to the
finding.
Corresponds to the JSON property compliances
4226 4227 4228 |
# File 'lib/google/apis/securitycenter_v1/classes.rb', line 4226 def compliances @compliances end |
#connections ⇒ Array<Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2Connection>
Contains information about the IP connection associated with the finding.
Corresponds to the JSON property connections
4231 4232 4233 |
# File 'lib/google/apis/securitycenter_v1/classes.rb', line 4231 def connections @connections end |
#contacts ⇒ Hash<String,Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2ContactDetails>
Output only. Map containing the points of contact for the given finding. The
key represents the type of contact, while the value contains a list of all the
contacts that pertain. Please refer to: https://cloud.google.com/resource-
manager/docs/managing-notification-contacts#notification-categories "
security": "contacts": [ "email": "person1@company.com", "email": "
person2@company.com" ]
Corresponds to the JSON property contacts
4241 4242 4243 |
# File 'lib/google/apis/securitycenter_v1/classes.rb', line 4241 def contacts @contacts end |
#containers ⇒ Array<Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2Container>
Containers associated with the finding. This field provides information for
both Kubernetes and non-Kubernetes containers.
Corresponds to the JSON property containers
4247 4248 4249 |
# File 'lib/google/apis/securitycenter_v1/classes.rb', line 4247 def containers @containers end |
#create_time ⇒ String
Output only. The time at which the finding was created in Security Command
Center.
Corresponds to the JSON property createTime
4253 4254 4255 |
# File 'lib/google/apis/securitycenter_v1/classes.rb', line 4253 def create_time @create_time end |
#database ⇒ Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2Database
Represents database access information, such as queries. A database may be a
sub-resource of an instance (as in the case of Cloud SQL instances or Cloud
Spanner instances), or the database instance itself. Some database resources
might not have the full resource name populated because these resource types, such as Cloud SQL
databases, are not yet supported by Cloud Asset Inventory. In these cases only
the display name is provided.
Corresponds to the JSON property database
4264 4265 4266 |
# File 'lib/google/apis/securitycenter_v1/classes.rb', line 4264 def database @database end |
#description ⇒ String
Contains more details about the finding.
Corresponds to the JSON property description
4269 4270 4271 |
# File 'lib/google/apis/securitycenter_v1/classes.rb', line 4269 def description @description end |
#event_time ⇒ String
The time the finding was first detected. If an existing finding is updated,
then this is the time the update occurred. For example, if the finding
represents an open firewall, this property captures the time the detector
believes the firewall became open. The accuracy is determined by the detector.
If the finding is later resolved, then this time reflects when the finding was
resolved. This must not be set to a value greater than the current timestamp.
Corresponds to the JSON property eventTime
4279 4280 4281 |
# File 'lib/google/apis/securitycenter_v1/classes.rb', line 4279 def event_time @event_time end |
#exfiltration ⇒ Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2Exfiltration
Exfiltration represents a data exfiltration attempt from one or more sources
to one or more targets. The sources attribute lists the sources of the
exfiltrated data. The targets attribute lists the destinations the data was
copied to.
Corresponds to the JSON property exfiltration
4287 4288 4289 |
# File 'lib/google/apis/securitycenter_v1/classes.rb', line 4287 def exfiltration @exfiltration end |
#external_systems ⇒ Hash<String,Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2ExternalSystem>
Output only. Third party SIEM/SOAR fields within SCC, contains external system
information and external system finding fields.
Corresponds to the JSON property externalSystems
4293 4294 4295 |
# File 'lib/google/apis/securitycenter_v1/classes.rb', line 4293 def external_systems @external_systems end |
#external_uri ⇒ String
The URI that, if available, points to a web page outside of Security Command
Center where additional information about the finding can be found. This field
is guaranteed to be either empty or a well formed URL.
Corresponds to the JSON property externalUri
4300 4301 4302 |
# File 'lib/google/apis/securitycenter_v1/classes.rb', line 4300 def external_uri @external_uri end |
#files ⇒ Array<Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2File>
File associated with the finding.
Corresponds to the JSON property files
4305 4306 4307 |
# File 'lib/google/apis/securitycenter_v1/classes.rb', line 4305 def files @files end |
#finding_class ⇒ String
The class of the finding.
Corresponds to the JSON property findingClass
4310 4311 4312 |
# File 'lib/google/apis/securitycenter_v1/classes.rb', line 4310 def finding_class @finding_class end |
#iam_bindings ⇒ Array<Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2IamBinding>
Represents IAM bindings associated with the finding.
Corresponds to the JSON property iamBindings
4315 4316 4317 |
# File 'lib/google/apis/securitycenter_v1/classes.rb', line 4315 def iam_bindings @iam_bindings end |
#indicator ⇒ Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2Indicator
Represents what's commonly known as an indicator of compromise (IoC) in
computer forensics. This is an artifact observed on a network or in an
operating system that, with high confidence, indicates a computer intrusion.
For more information, see Indicator of compromise.
Corresponds to the JSON property indicator
4324 4325 4326 |
# File 'lib/google/apis/securitycenter_v1/classes.rb', line 4324 def indicator @indicator end |
#kernel_rootkit ⇒ Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2KernelRootkit
Kernel mode rootkit signatures.
Corresponds to the JSON property kernelRootkit
4329 4330 4331 |
# File 'lib/google/apis/securitycenter_v1/classes.rb', line 4329 def kernel_rootkit @kernel_rootkit end |
#kubernetes ⇒ Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2Kubernetes
Kubernetes-related attributes.
Corresponds to the JSON property kubernetes
4334 4335 4336 |
# File 'lib/google/apis/securitycenter_v1/classes.rb', line 4334 def kubernetes @kubernetes end |
#load_balancers ⇒ Array<Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2LoadBalancer>
The load balancers associated with the finding.
Corresponds to the JSON property loadBalancers
4339 4340 4341 |
# File 'lib/google/apis/securitycenter_v1/classes.rb', line 4339 def load_balancers @load_balancers end |
#log_entries ⇒ Array<Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2LogEntry>
Log entries that are relevant to the finding.
Corresponds to the JSON property logEntries
4344 4345 4346 |
# File 'lib/google/apis/securitycenter_v1/classes.rb', line 4344 def log_entries @log_entries end |
#mitre_attack ⇒ Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2MitreAttack
MITRE ATT&CK tactics and techniques related to this finding. See: https://
attack.mitre.org
Corresponds to the JSON property mitreAttack
4350 4351 4352 |
# File 'lib/google/apis/securitycenter_v1/classes.rb', line 4350 def mitre_attack @mitre_attack end |
#module_name ⇒ String
Unique identifier of the module which generated the finding. Example: folders/
598186756061/securityHealthAnalyticsSettings/customModules/56799441161885
Corresponds to the JSON property moduleName
4356 4357 4358 |
# File 'lib/google/apis/securitycenter_v1/classes.rb', line 4356 def module_name @module_name end |
#mute ⇒ String
Indicates the mute state of a finding (either muted, unmuted or undefined).
Unlike other attributes of a finding, a finding provider shouldn't set the
value of mute.
Corresponds to the JSON property mute
4363 4364 4365 |
# File 'lib/google/apis/securitycenter_v1/classes.rb', line 4363 def mute @mute end |
#mute_initiator ⇒ String
Records additional information about the mute operation, for example, the
mute configuration that muted the finding and the user who muted the finding.
Corresponds to the JSON property muteInitiator
4370 4371 4372 |
# File 'lib/google/apis/securitycenter_v1/classes.rb', line 4370 def mute_initiator @mute_initiator end |
#mute_update_time ⇒ String
Output only. The most recent time this finding was muted or unmuted.
Corresponds to the JSON property muteUpdateTime
4375 4376 4377 |
# File 'lib/google/apis/securitycenter_v1/classes.rb', line 4375 def mute_update_time @mute_update_time end |
#name ⇒ String
The relative resource name of the finding. The following list
shows some examples: + organizations/organization_id/sources/source_id/
findings/finding_id+ `organizations/`organization_id`/sources/`source_id`/
locations/`location_id`/findings/`finding_id + folders/folder_id/sources/
source_id/findings/finding_id+ `folders/`folder_id`/sources/`source_id`/
locations/`location_id`/findings/`finding_id + projects/project_id/
sources/source_id/findings/finding_id+ `projects/`project_id`/sources/`
source_id`/locations/`location_id`/findings/`finding_id
Corresponds to the JSON property name
4388 4389 4390 |
# File 'lib/google/apis/securitycenter_v1/classes.rb', line 4388 def name @name end |
#next_steps ⇒ String
Steps to address the finding.
Corresponds to the JSON property nextSteps
4393 4394 4395 |
# File 'lib/google/apis/securitycenter_v1/classes.rb', line 4393 def next_steps @next_steps end |
#org_policies ⇒ Array<Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2OrgPolicy>
Contains information about the org policies associated with the finding.
Corresponds to the JSON property orgPolicies
4398 4399 4400 |
# File 'lib/google/apis/securitycenter_v1/classes.rb', line 4398 def org_policies @org_policies end |
#parent ⇒ String
The relative resource name of the source and location the finding belongs to.
See: https://cloud.google.com/apis/design/resource_names#
relative_resource_name This field is immutable after creation time. The
following list shows some examples: + organizations/organization_id/sources/
source_id+ `folders/`folders_id`/sources/`source_id + projects/
projects_id/sources/source_id+ `organizations/`organization_id`/sources/`
source_id`/locations/`location_id + folders/folders_id/sources/source_id
/locations/location_id+ `projects/`projects_id`/sources/`source_id`/
locations/`location_id
Corresponds to the JSON property parent
4411 4412 4413 |
# File 'lib/google/apis/securitycenter_v1/classes.rb', line 4411 def parent @parent end |
#parent_display_name ⇒ String
Output only. The human readable display name of the finding source such as "
Event Threat Detection" or "Security Health Analytics".
Corresponds to the JSON property parentDisplayName
4417 4418 4419 |
# File 'lib/google/apis/securitycenter_v1/classes.rb', line 4417 def parent_display_name @parent_display_name end |
#processes ⇒ Array<Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2Process>
Represents operating system processes associated with the Finding.
Corresponds to the JSON property processes
4422 4423 4424 |
# File 'lib/google/apis/securitycenter_v1/classes.rb', line 4422 def processes @processes end |
#resource_name ⇒ String
Immutable. For findings on Google Cloud resources, the full resource name of
the Google Cloud resource this finding is for. See: https://cloud.google.com/
apis/design/resource_names#full_resource_name When the finding is for a non-
Google Cloud resource, the resourceName can be a customer or partner defined
string.
Corresponds to the JSON property resourceName
4431 4432 4433 |
# File 'lib/google/apis/securitycenter_v1/classes.rb', line 4431 def resource_name @resource_name end |
#security_marks ⇒ Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2SecurityMarks
User specified security marks that are attached to the parent Security Command
Center resource. Security marks are scoped within a Security Command Center
organization -- they can be modified and viewed by all users who have proper
permissions on the organization.
Corresponds to the JSON property securityMarks
4439 4440 4441 |
# File 'lib/google/apis/securitycenter_v1/classes.rb', line 4439 def security_marks @security_marks end |
#security_posture ⇒ Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2SecurityPosture
Represents a posture that is deployed on Google Cloud by the Security Command
Center Posture Management service. A posture contains one or more policy sets.
A policy set is a group of policies that enforce a set of security rules on
Google Cloud.
Corresponds to the JSON property securityPosture
4447 4448 4449 |
# File 'lib/google/apis/securitycenter_v1/classes.rb', line 4447 def security_posture @security_posture end |
#severity ⇒ String
The severity of the finding. This field is managed by the source that writes
the finding.
Corresponds to the JSON property severity
4453 4454 4455 |
# File 'lib/google/apis/securitycenter_v1/classes.rb', line 4453 def severity @severity end |
#source_properties ⇒ Hash<String,Object>
Source specific properties. These properties are managed by the source that
writes the finding. The key names in the source_properties map must be between
1 and 255 characters, and must start with a letter and contain alphanumeric
characters or underscores only.
Corresponds to the JSON property sourceProperties
4461 4462 4463 |
# File 'lib/google/apis/securitycenter_v1/classes.rb', line 4461 def source_properties @source_properties end |
#state ⇒ String
Output only. The state of the finding.
Corresponds to the JSON property state
4466 4467 4468 |
# File 'lib/google/apis/securitycenter_v1/classes.rb', line 4466 def state @state end |
#vulnerability ⇒ Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2Vulnerability
Refers to common vulnerability fields e.g. cve, cvss, cwe etc.
Corresponds to the JSON property vulnerability
4471 4472 4473 |
# File 'lib/google/apis/securitycenter_v1/classes.rb', line 4471 def vulnerability @vulnerability end |
Instance Method Details
#update!(**args) ⇒ Object
Update properties of this object
4478 4479 4480 4481 4482 4483 4484 4485 4486 4487 4488 4489 4490 4491 4492 4493 4494 4495 4496 4497 4498 4499 4500 4501 4502 4503 4504 4505 4506 4507 4508 4509 4510 4511 4512 4513 4514 4515 4516 4517 4518 4519 4520 4521 4522 |
# File 'lib/google/apis/securitycenter_v1/classes.rb', line 4478 def update!(**args) @access = args[:access] if args.key?(:access) @attack_exposure = args[:attack_exposure] if args.key?(:attack_exposure) @canonical_name = args[:canonical_name] if args.key?(:canonical_name) @category = args[:category] if args.key?(:category) @cloud_dlp_data_profile = args[:cloud_dlp_data_profile] if args.key?(:cloud_dlp_data_profile) @cloud_dlp_inspection = args[:cloud_dlp_inspection] if args.key?(:cloud_dlp_inspection) @compliances = args[:compliances] if args.key?(:compliances) @connections = args[:connections] if args.key?(:connections) @contacts = args[:contacts] if args.key?(:contacts) @containers = args[:containers] if args.key?(:containers) @create_time = args[:create_time] if args.key?(:create_time) @database = args[:database] if args.key?(:database) @description = args[:description] if args.key?(:description) @event_time = args[:event_time] if args.key?(:event_time) @exfiltration = args[:exfiltration] if args.key?(:exfiltration) @external_systems = args[:external_systems] if args.key?(:external_systems) @external_uri = args[:external_uri] if args.key?(:external_uri) @files = args[:files] if args.key?(:files) @finding_class = args[:finding_class] if args.key?(:finding_class) @iam_bindings = args[:iam_bindings] if args.key?(:iam_bindings) @indicator = args[:indicator] if args.key?(:indicator) @kernel_rootkit = args[:kernel_rootkit] if args.key?(:kernel_rootkit) @kubernetes = args[:kubernetes] if args.key?(:kubernetes) @load_balancers = args[:load_balancers] if args.key?(:load_balancers) @log_entries = args[:log_entries] if args.key?(:log_entries) @mitre_attack = args[:mitre_attack] if args.key?(:mitre_attack) @module_name = args[:module_name] if args.key?(:module_name) @mute = args[:mute] if args.key?(:mute) @mute_initiator = args[:mute_initiator] if args.key?(:mute_initiator) @mute_update_time = args[:mute_update_time] if args.key?(:mute_update_time) @name = args[:name] if args.key?(:name) @next_steps = args[:next_steps] if args.key?(:next_steps) @org_policies = args[:org_policies] if args.key?(:org_policies) @parent = args[:parent] if args.key?(:parent) @parent_display_name = args[:parent_display_name] if args.key?(:parent_display_name) @processes = args[:processes] if args.key?(:processes) @resource_name = args[:resource_name] if args.key?(:resource_name) @security_marks = args[:security_marks] if args.key?(:security_marks) @security_posture = args[:security_posture] if args.key?(:security_posture) @severity = args[:severity] if args.key?(:severity) @source_properties = args[:source_properties] if args.key?(:source_properties) @state = args[:state] if args.key?(:state) @vulnerability = args[:vulnerability] if args.key?(:vulnerability) end |