Class: Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV1CustomConfig

Inherits:
Object
  • Object
show all
Includes:
Core::Hashable, Core::JsonObjectSupport
Defined in:
lib/google/apis/securitycenter_v1/classes.rb,
lib/google/apis/securitycenter_v1/representations.rb,
lib/google/apis/securitycenter_v1/representations.rb

Overview

Defines the properties in a custom module configuration for Security Health Analytics. Use the custom module configuration to create custom detectors that generate custom findings for resources that you specify.

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(**args) ⇒ GoogleCloudSecuritycenterV1CustomConfig

Returns a new instance of GoogleCloudSecuritycenterV1CustomConfig.



3209
3210
3211
# File 'lib/google/apis/securitycenter_v1/classes.rb', line 3209

def initialize(**args)
   update!(**args)
end

Instance Attribute Details

#cel_policyGoogle::Apis::SecuritycenterV1::CelPolicySpec

YAML-based rule that uses CEL, which supports the declaration of variables and a filtering predicate. A vulnerable resource is emitted if the evaluation is false. Given: 1) the resource types as: - resource_types: "compute.googleapis. com/Instance" - resource_types: "compute.googleapis.com/Firewall" 2) the CEL policy spec as: name: bad_instance resource_filters: - name: instance resource_type: compute.googleapis.com/Instance filter: > instance.status == ' RUNNING' && 'public' in instance.tags.items - name: firewall resource_type: compute.googleapis.com/Firewall filter: > firewall.direction == 'INGRESS' && ! firewall.disabled && firewall.allowed.exists(rule, rule.IPProtocol.upperAscii() in ['TCP', 'ALL'] && rule.ports.exists(port, network.portsInRange(port, '11- 256'))) rule: match: - predicate: > instance.networkInterfaces.exists(net, firewall.network == net.network) output: > 'message': 'Compute instance with publicly accessible ports', 'instance': instance.name Users are able to join resource types together using the exact format as Kubernetes Validating Admission policies. Corresponds to the JSON property celPolicy



3155
3156
3157
# File 'lib/google/apis/securitycenter_v1/classes.rb', line 3155

def cel_policy
  @cel_policy
end

#custom_outputGoogle::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV1CustomOutputSpec

A set of optional name-value pairs that define custom source properties to return with each finding that is generated by the custom module. The custom source properties that are defined here are included in the finding JSON under sourceProperties. Corresponds to the JSON property customOutput



3163
3164
3165
# File 'lib/google/apis/securitycenter_v1/classes.rb', line 3163

def custom_output
  @custom_output
end

#descriptionString

Text that describes the vulnerability or misconfiguration that the custom module detects. This explanation is returned with each finding instance to help investigators understand the detected issue. The text must be enclosed in quotation marks. Corresponds to the JSON property description

Returns:

  • (String)


3171
3172
3173
# File 'lib/google/apis/securitycenter_v1/classes.rb', line 3171

def description
  @description
end

#predicateGoogle::Apis::SecuritycenterV1::Expr

Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: " Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example ( Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. Corresponds to the JSON property predicate



3190
3191
3192
# File 'lib/google/apis/securitycenter_v1/classes.rb', line 3190

def predicate
  @predicate
end

#recommendationString

An explanation of the recommended steps that security teams can take to resolve the detected issue. This explanation is returned with each finding generated by this module in the nextSteps property of the finding JSON. Corresponds to the JSON property recommendation

Returns:

  • (String)


3197
3198
3199
# File 'lib/google/apis/securitycenter_v1/classes.rb', line 3197

def recommendation
  @recommendation
end

#resource_selectorGoogle::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV1ResourceSelector

Resource for selecting resource type. Corresponds to the JSON property resourceSelector



3202
3203
3204
# File 'lib/google/apis/securitycenter_v1/classes.rb', line 3202

def resource_selector
  @resource_selector
end

#severityString

The severity to assign to findings generated by the module. Corresponds to the JSON property severity

Returns:

  • (String)


3207
3208
3209
# File 'lib/google/apis/securitycenter_v1/classes.rb', line 3207

def severity
  @severity
end

Instance Method Details

#update!(**args) ⇒ Object

Update properties of this object



3214
3215
3216
3217
3218
3219
3220
3221
3222
# File 'lib/google/apis/securitycenter_v1/classes.rb', line 3214

def update!(**args)
  @cel_policy = args[:cel_policy] if args.key?(:cel_policy)
  @custom_output = args[:custom_output] if args.key?(:custom_output)
  @description = args[:description] if args.key?(:description)
  @predicate = args[:predicate] if args.key?(:predicate)
  @recommendation = args[:recommendation] if args.key?(:recommendation)
  @resource_selector = args[:resource_selector] if args.key?(:resource_selector)
  @severity = args[:severity] if args.key?(:severity)
end