Class: Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV1CustomConfig
- Inherits:
-
Object
- Object
- Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV1CustomConfig
- Includes:
- Core::Hashable, Core::JsonObjectSupport
- Defined in:
- lib/google/apis/securitycenter_v1/classes.rb,
lib/google/apis/securitycenter_v1/representations.rb,
lib/google/apis/securitycenter_v1/representations.rb
Overview
Defines the properties in a custom module configuration for Security Health Analytics. Use the custom module configuration to create custom detectors that generate custom findings for resources that you specify.
Instance Attribute Summary collapse
-
#cel_policy ⇒ Google::Apis::SecuritycenterV1::CelPolicySpec
YAML-based rule that uses CEL, which supports the declaration of variables and a filtering predicate.
-
#custom_output ⇒ Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV1CustomOutputSpec
A set of optional name-value pairs that define custom source properties to return with each finding that is generated by the custom module.
-
#description ⇒ String
Text that describes the vulnerability or misconfiguration that the custom module detects.
-
#predicate ⇒ Google::Apis::SecuritycenterV1::Expr
Represents a textual expression in the Common Expression Language (CEL) syntax.
-
#recommendation ⇒ String
An explanation of the recommended steps that security teams can take to resolve the detected issue.
-
#resource_selector ⇒ Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV1ResourceSelector
Resource for selecting resource type.
-
#severity ⇒ String
The severity to assign to findings generated by the module.
Instance Method Summary collapse
-
#initialize(**args) ⇒ GoogleCloudSecuritycenterV1CustomConfig
constructor
A new instance of GoogleCloudSecuritycenterV1CustomConfig.
-
#update!(**args) ⇒ Object
Update properties of this object.
Constructor Details
#initialize(**args) ⇒ GoogleCloudSecuritycenterV1CustomConfig
Returns a new instance of GoogleCloudSecuritycenterV1CustomConfig.
3209 3210 3211 |
# File 'lib/google/apis/securitycenter_v1/classes.rb', line 3209 def initialize(**args) update!(**args) end |
Instance Attribute Details
#cel_policy ⇒ Google::Apis::SecuritycenterV1::CelPolicySpec
YAML-based rule that uses CEL, which supports the declaration of variables and
a filtering predicate. A vulnerable resource is emitted if the evaluation is
false. Given: 1) the resource types as: - resource_types: "compute.googleapis.
com/Instance" - resource_types: "compute.googleapis.com/Firewall" 2) the CEL
policy spec as: name: bad_instance resource_filters: - name: instance
resource_type: compute.googleapis.com/Instance filter: > instance.status == '
RUNNING' && 'public' in instance.tags.items - name: firewall resource_type:
compute.googleapis.com/Firewall filter: > firewall.direction == 'INGRESS' && !
firewall.disabled && firewall.allowed.exists(rule, rule.IPProtocol.upperAscii()
in ['TCP', 'ALL'] && rule.ports.exists(port, network.portsInRange(port, '11-
256'))) rule: match: - predicate: > instance.networkInterfaces.exists(net,
firewall.network == net.network) output: > 'message': 'Compute instance with
publicly accessible ports', 'instance': instance.name Users are able to join
resource types together using the exact format as Kubernetes Validating
Admission policies.
Corresponds to the JSON property celPolicy
3155 3156 3157 |
# File 'lib/google/apis/securitycenter_v1/classes.rb', line 3155 def cel_policy @cel_policy end |
#custom_output ⇒ Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV1CustomOutputSpec
A set of optional name-value pairs that define custom source properties to
return with each finding that is generated by the custom module. The custom
source properties that are defined here are included in the finding JSON under
sourceProperties.
Corresponds to the JSON property customOutput
3163 3164 3165 |
# File 'lib/google/apis/securitycenter_v1/classes.rb', line 3163 def custom_output @custom_output end |
#description ⇒ String
Text that describes the vulnerability or misconfiguration that the custom
module detects. This explanation is returned with each finding instance to
help investigators understand the detected issue. The text must be enclosed in
quotation marks.
Corresponds to the JSON property description
3171 3172 3173 |
# File 'lib/google/apis/securitycenter_v1/classes.rb', line 3171 def description @description end |
#predicate ⇒ Google::Apis::SecuritycenterV1::Expr
Represents a textual expression in the Common Expression Language (CEL) syntax.
CEL is a C-like expression language. The syntax and semantics of CEL are
documented at https://github.com/google/cel-spec. Example (Comparison): title:
"Summary size limit" description: "Determines if a summary is less than 100
chars" expression: "document.summary.size() < 100" Example (Equality): title: "
Requestor is owner" description: "Determines if requestor is the document
owner" expression: "document.owner == request.auth.claims.email" Example (
Logic): title: "Public documents" description: "Determine whether the document
should be publicly visible" expression: "document.type != 'private' &&
document.type != 'internal'" Example (Data Manipulation): title: "Notification
string" description: "Create a notification string with a timestamp."
expression: "'New message received at ' + string(document.create_time)" The
exact variables and functions that may be referenced within an expression are
determined by the service that evaluates it. See the service documentation for
additional information.
Corresponds to the JSON property predicate
3190 3191 3192 |
# File 'lib/google/apis/securitycenter_v1/classes.rb', line 3190 def predicate @predicate end |
#recommendation ⇒ String
An explanation of the recommended steps that security teams can take to
resolve the detected issue. This explanation is returned with each finding
generated by this module in the nextSteps property of the finding JSON.
Corresponds to the JSON property recommendation
3197 3198 3199 |
# File 'lib/google/apis/securitycenter_v1/classes.rb', line 3197 def recommendation @recommendation end |
#resource_selector ⇒ Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV1ResourceSelector
Resource for selecting resource type.
Corresponds to the JSON property resourceSelector
3202 3203 3204 |
# File 'lib/google/apis/securitycenter_v1/classes.rb', line 3202 def resource_selector @resource_selector end |
#severity ⇒ String
The severity to assign to findings generated by the module.
Corresponds to the JSON property severity
3207 3208 3209 |
# File 'lib/google/apis/securitycenter_v1/classes.rb', line 3207 def severity @severity end |
Instance Method Details
#update!(**args) ⇒ Object
Update properties of this object
3214 3215 3216 3217 3218 3219 3220 3221 3222 |
# File 'lib/google/apis/securitycenter_v1/classes.rb', line 3214 def update!(**args) @cel_policy = args[:cel_policy] if args.key?(:cel_policy) @custom_output = args[:custom_output] if args.key?(:custom_output) @description = args[:description] if args.key?(:description) @predicate = args[:predicate] if args.key?(:predicate) @recommendation = args[:recommendation] if args.key?(:recommendation) @resource_selector = args[:resource_selector] if args.key?(:resource_selector) @severity = args[:severity] if args.key?(:severity) end |