Class: Google::Cloud::SecurityCenter::V1::Indicator

Inherits:
Object
  • Object
show all
Extended by:
Protobuf::MessageExts::ClassMethods
Includes:
Protobuf::MessageExts
Defined in:
proto_docs/google/cloud/securitycenter/v1/indicator.rb

Overview

Represents what's commonly known as an indicator of compromise (IoC) in computer forensics. This is an artifact observed on a network or in an operating system that, with high confidence, indicates a computer intrusion. For more information, see Indicator of compromise.

Defined Under Namespace

Classes: ProcessSignature

Instance Attribute Summary collapse

Instance Attribute Details

#domains::Array<::String>

Returns List of domains associated to the Finding.

Returns:

  • (::Array<::String>)

    List of domains associated to the Finding.



42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
 
# File 'proto_docs/google/cloud/securitycenter/v1/indicator.rb', line 42

class Indicator
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Indicates what signature matched this process.
  # @!attribute [rw] memory_hash_signature
  #   @return [::Google::Cloud::SecurityCenter::V1::Indicator::ProcessSignature::MemoryHashSignature]
  #     Signature indicating that a binary family was matched.
  # @!attribute [rw] yara_rule_signature
  #   @return [::Google::Cloud::SecurityCenter::V1::Indicator::ProcessSignature::YaraRuleSignature]
  #     Signature indicating that a YARA rule was matched.
  # @!attribute [rw] signature_type
  #   @return [::Google::Cloud::SecurityCenter::V1::Indicator::ProcessSignature::SignatureType]
  #     Describes the type of resource associated with the signature.
  class ProcessSignature
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # A signature corresponding to memory page hashes.
    # @!attribute [rw] binary_family
    #   @return [::String]
    #     The binary family.
    # @!attribute [rw] detections
    #   @return [::Array<::Google::Cloud::SecurityCenter::V1::Indicator::ProcessSignature::MemoryHashSignature::Detection>]
    #     The list of memory hash detections contributing to the binary family
    #     match.
    class MemoryHashSignature
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods

      # Memory hash detection contributing to the binary family match.
      # @!attribute [rw] binary
      #   @return [::String]
      #     The name of the binary associated with the memory hash
      #     signature detection.
      # @!attribute [rw] percent_pages_matched
      #   @return [::Float]
      #     The percentage of memory page hashes in the signature
      #     that were matched.
      class Detection
        include ::Google::Protobuf::MessageExts
        extend ::Google::Protobuf::MessageExts::ClassMethods
      end
    end

    # A signature corresponding to a YARA rule.
    # @!attribute [rw] yara_rule
    #   @return [::String]
    #     The name of the YARA rule.
    class YaraRuleSignature
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods
    end

    # Possible resource types to be associated with a signature.
    module SignatureType
      # The default signature type.
      SIGNATURE_TYPE_UNSPECIFIED = 0

      # Used for signatures concerning processes.
      SIGNATURE_TYPE_PROCESS = 1

      # Used for signatures concerning disks.
      SIGNATURE_TYPE_FILE = 2
    end
  end
end

#ip_addresses::Array<::String>

Returns The list of IP addresses that are associated with the finding.

Returns:

  • (::Array<::String>)

    The list of IP addresses that are associated with the finding.



42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
 
# File 'proto_docs/google/cloud/securitycenter/v1/indicator.rb', line 42

class Indicator
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Indicates what signature matched this process.
  # @!attribute [rw] memory_hash_signature
  #   @return [::Google::Cloud::SecurityCenter::V1::Indicator::ProcessSignature::MemoryHashSignature]
  #     Signature indicating that a binary family was matched.
  # @!attribute [rw] yara_rule_signature
  #   @return [::Google::Cloud::SecurityCenter::V1::Indicator::ProcessSignature::YaraRuleSignature]
  #     Signature indicating that a YARA rule was matched.
  # @!attribute [rw] signature_type
  #   @return [::Google::Cloud::SecurityCenter::V1::Indicator::ProcessSignature::SignatureType]
  #     Describes the type of resource associated with the signature.
  class ProcessSignature
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # A signature corresponding to memory page hashes.
    # @!attribute [rw] binary_family
    #   @return [::String]
    #     The binary family.
    # @!attribute [rw] detections
    #   @return [::Array<::Google::Cloud::SecurityCenter::V1::Indicator::ProcessSignature::MemoryHashSignature::Detection>]
    #     The list of memory hash detections contributing to the binary family
    #     match.
    class MemoryHashSignature
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods

      # Memory hash detection contributing to the binary family match.
      # @!attribute [rw] binary
      #   @return [::String]
      #     The name of the binary associated with the memory hash
      #     signature detection.
      # @!attribute [rw] percent_pages_matched
      #   @return [::Float]
      #     The percentage of memory page hashes in the signature
      #     that were matched.
      class Detection
        include ::Google::Protobuf::MessageExts
        extend ::Google::Protobuf::MessageExts::ClassMethods
      end
    end

    # A signature corresponding to a YARA rule.
    # @!attribute [rw] yara_rule
    #   @return [::String]
    #     The name of the YARA rule.
    class YaraRuleSignature
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods
    end

    # Possible resource types to be associated with a signature.
    module SignatureType
      # The default signature type.
      SIGNATURE_TYPE_UNSPECIFIED = 0

      # Used for signatures concerning processes.
      SIGNATURE_TYPE_PROCESS = 1

      # Used for signatures concerning disks.
      SIGNATURE_TYPE_FILE = 2
    end
  end
end

#signatures::Array<::Google::Cloud::SecurityCenter::V1::Indicator::ProcessSignature>

Returns The list of matched signatures indicating that the given process is present in the environment.

Returns:



42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
 
# File 'proto_docs/google/cloud/securitycenter/v1/indicator.rb', line 42

class Indicator
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Indicates what signature matched this process.
  # @!attribute [rw] memory_hash_signature
  #   @return [::Google::Cloud::SecurityCenter::V1::Indicator::ProcessSignature::MemoryHashSignature]
  #     Signature indicating that a binary family was matched.
  # @!attribute [rw] yara_rule_signature
  #   @return [::Google::Cloud::SecurityCenter::V1::Indicator::ProcessSignature::YaraRuleSignature]
  #     Signature indicating that a YARA rule was matched.
  # @!attribute [rw] signature_type
  #   @return [::Google::Cloud::SecurityCenter::V1::Indicator::ProcessSignature::SignatureType]
  #     Describes the type of resource associated with the signature.
  class ProcessSignature
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # A signature corresponding to memory page hashes.
    # @!attribute [rw] binary_family
    #   @return [::String]
    #     The binary family.
    # @!attribute [rw] detections
    #   @return [::Array<::Google::Cloud::SecurityCenter::V1::Indicator::ProcessSignature::MemoryHashSignature::Detection>]
    #     The list of memory hash detections contributing to the binary family
    #     match.
    class MemoryHashSignature
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods

      # Memory hash detection contributing to the binary family match.
      # @!attribute [rw] binary
      #   @return [::String]
      #     The name of the binary associated with the memory hash
      #     signature detection.
      # @!attribute [rw] percent_pages_matched
      #   @return [::Float]
      #     The percentage of memory page hashes in the signature
      #     that were matched.
      class Detection
        include ::Google::Protobuf::MessageExts
        extend ::Google::Protobuf::MessageExts::ClassMethods
      end
    end

    # A signature corresponding to a YARA rule.
    # @!attribute [rw] yara_rule
    #   @return [::String]
    #     The name of the YARA rule.
    class YaraRuleSignature
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods
    end

    # Possible resource types to be associated with a signature.
    module SignatureType
      # The default signature type.
      SIGNATURE_TYPE_UNSPECIFIED = 0

      # Used for signatures concerning processes.
      SIGNATURE_TYPE_PROCESS = 1

      # Used for signatures concerning disks.
      SIGNATURE_TYPE_FILE = 2
    end
  end
end

#uris::Array<::String>

Returns The list of URIs associated to the Findings.

Returns:

  • (::Array<::String>)

    The list of URIs associated to the Findings.



42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
 
# File 'proto_docs/google/cloud/securitycenter/v1/indicator.rb', line 42

class Indicator
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Indicates what signature matched this process.
  # @!attribute [rw] memory_hash_signature
  #   @return [::Google::Cloud::SecurityCenter::V1::Indicator::ProcessSignature::MemoryHashSignature]
  #     Signature indicating that a binary family was matched.
  # @!attribute [rw] yara_rule_signature
  #   @return [::Google::Cloud::SecurityCenter::V1::Indicator::ProcessSignature::YaraRuleSignature]
  #     Signature indicating that a YARA rule was matched.
  # @!attribute [rw] signature_type
  #   @return [::Google::Cloud::SecurityCenter::V1::Indicator::ProcessSignature::SignatureType]
  #     Describes the type of resource associated with the signature.
  class ProcessSignature
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # A signature corresponding to memory page hashes.
    # @!attribute [rw] binary_family
    #   @return [::String]
    #     The binary family.
    # @!attribute [rw] detections
    #   @return [::Array<::Google::Cloud::SecurityCenter::V1::Indicator::ProcessSignature::MemoryHashSignature::Detection>]
    #     The list of memory hash detections contributing to the binary family
    #     match.
    class MemoryHashSignature
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods

      # Memory hash detection contributing to the binary family match.
      # @!attribute [rw] binary
      #   @return [::String]
      #     The name of the binary associated with the memory hash
      #     signature detection.
      # @!attribute [rw] percent_pages_matched
      #   @return [::Float]
      #     The percentage of memory page hashes in the signature
      #     that were matched.
      class Detection
        include ::Google::Protobuf::MessageExts
        extend ::Google::Protobuf::MessageExts::ClassMethods
      end
    end

    # A signature corresponding to a YARA rule.
    # @!attribute [rw] yara_rule
    #   @return [::String]
    #     The name of the YARA rule.
    class YaraRuleSignature
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods
    end

    # Possible resource types to be associated with a signature.
    module SignatureType
      # The default signature type.
      SIGNATURE_TYPE_UNSPECIFIED = 0

      # Used for signatures concerning processes.
      SIGNATURE_TYPE_PROCESS = 1

      # Used for signatures concerning disks.
      SIGNATURE_TYPE_FILE = 2
    end
  end
end