View Source API Reference google_api_security_center v0.29.0
Modules
API client metadata for GoogleApi.SecurityCenter.V1.
API calls for all endpoints tagged Folders.
API calls for all endpoints tagged Organizations.
API calls for all endpoints tagged Projects.
Handle Tesla connections for GoogleApi.SecurityCenter.V1.
Represents an access event.
Conveys information about a Kubernetes access review (such as one returned by a kubectl auth can-i command) that was involved in a finding.
Represents an application associated with a finding.
Security Command Center representation of a Google Cloud resource. The Asset is a Security Command Center resource that captures information about a single Google Cloud resource. All modifications to an Asset are only within the context of Security Command Center and don't affect the referenced Google Cloud resource.
The configuration used for Asset Discovery runs.
An attack exposure contains the results of an attack path simulation run.
A path that an attacker could take to reach an exposed resource.
Represents a connection between a source node and a destination node in this attack path.
Represents one point that an attacker passes through in this attack path.
Detailed steps the attack can take between path nodes.
Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both allServices and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { "audit_configs": [ { "service": "allServices", "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" }, { "log_type": "ADMIN_READ" } ] }, { "service": "sampleservice.googleapis.com", "audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type": "DATA_WRITE", "exempted_members": [ "user:aliya@example.com" ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts jose@example.com from DATA_READ logging, and aliya@example.com from DATA_WRITE logging.
Provides the configuration for logging a type of permissions. Example: { "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" } ] } This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting jose@example.com from DATA_READ logging.
Information related to Google Cloud Backup and DR Service findings.
Request message to create multiple resource value configs
Response message for BatchCreateResourceValueConfigs
Associates members, or principals, with a role.
Request message for bulk findings update. Note: 1. If multiple bulk update requests match the same resource, the order in which they get executed is not defined. 2. Once a bulk operation is started, there is no way to stop it.
The data profile associated with the finding.
Details about the Cloud Data Loss Prevention (Cloud DLP) inspection job that produced the finding.
Metadata taken from a Cloud Logging LogEntry
Contains compliance information about a security standard indicating unmet recommendations.
Result containing the properties and count of a ComplianceSnapshot request.
Contains information about the IP connection associated with the finding.
The email address of a contact.
Details about specific contacts
Container associated with the finding.
Request message to create single resource value config
An error encountered while validating the uploaded configuration of an Event Threat Detection Custom Module.
A list of zero or more errors encountered while validating the uploaded configuration of an Event Threat Detection Custom Module.
CVE stands for Common Vulnerabilities and Exposures. Information from the CVE record that describes this vulnerability.
Common Vulnerability Scoring System version 3.
Represents database access information, such as queries. A database may be a sub-resource of an instance (as in the case of Cloud SQL instances or Cloud Spanner instances), or the database instance itself. Some database resources might not have the full resource name populated because these resource types, such as Cloud SQL databases, are not yet supported by Cloud Asset Inventory. In these cases only the display name is provided.
Memory hash detection contributing to the binary family match.
Path of the file in terms of underlying disk/partition identifiers.
An EffectiveEventThreatDetectionCustomModule is the representation of an Event Threat Detection custom module at a specified level of the resource hierarchy: organization, folder, or project. If a custom module is inherited from a parent organization or folder, the value of the enablement_state property in EffectiveEventThreatDetectionCustomModule is set to the value that is effective in the parent, instead of INHERITED. For example, if the module is enabled in a parent organization or folder, the effective enablement_state for the module in all child folders or projects is also enabled. EffectiveEventThreatDetectionCustomModule is read-only.
A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs. A typical example is to use it as the request or the response type of an API method. For instance: service Foo { rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); }
A name-value pair representing an environment variable used in an operating system process.
Represents an instance of an Event Threat Detection custom module, including its full module name, display name, enablement state, and last updated time. You can create a custom module at the organization, folder, or project level. Custom modules that you create at the organization or folder level are inherited by child folders and projects.
Resource where data was exfiltrated from or exfiltrated to.
Exfiltration represents a data exfiltration attempt from one or more sources to one or more targets. The sources attribute lists the sources of the exfiltrated data. The targets attribute lists the destinations the data was copied to.
Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information.
File information about the related binary/library used by an executable, or the script used by a script interpreter
Security Command Center finding. A finding is a record of assessment data like security, risk, health, or privacy, that is ingested into Security Command Center for presentation, notification, analysis, policy testing, and enforcement. For example, a cross-site scripting (XSS) vulnerability in an App Engine application is a finding.
Message that contains the resource name and display name of a folder resource.
Represents a geographical location for a given access.
Request message for GetIamPolicy method.
Encapsulates settings provided to GetIamPolicy.
Configures how to deliver Findings to BigQuery Instance.
Represents a Kubernetes RoleBinding or ClusterRoleBinding.
The response to a BulkMute request. Contains the LRO information.
Defines the properties in a custom module configuration for Security Health Analytics. Use the custom module configuration to create custom detectors that generate custom findings for resources that you specify.
A set of optional name-value pairs that define custom source properties to return with each finding that is generated by the custom module. The custom source properties that are defined here are included in the finding JSON under sourceProperties.
An EffectiveSecurityHealthAnalyticsCustomModule is the representation of a Security Health Analytics custom module at a specified level of the resource hierarchy: organization, folder, or project. If a custom module is inherited from a parent organization or folder, the value of the enablementState property in EffectiveSecurityHealthAnalyticsCustomModule is set to the value that is effective in the parent, instead of INHERITED. For example, if the module is enabled in a parent organization or folder, the effective enablement_state for the module in all child folders or projects is also enabled. EffectiveSecurityHealthAnalyticsCustomModule is read-only.
Representation of third party SIEM/SOAR fields within SCC.
A mute config is a Cloud SCC resource that contains the configuration to mute create/update events of findings.
Cloud SCC's Notification
An individual name-value pair that defines a custom source property.
Information related to the Google Cloud resource.
Resource for selecting resource type.
A resource value config (RVC) is a mapping configuration of user's resources to resource values. Used in Attack path simulations.
Response of asset discovery run
Represents an instance of a Security Health Analytics custom module, including its full module name, display name, enablement state, and last updated time. You can create a custom module at the organization, folder, or project level. Custom modules that you create at the organization or folder level are inherited by the child folders and projects.
Resource value mapping for Sensitive Data Protection findings. If any of these mappings have a resource value that is not unspecified, the resource_value field will be ignored when reading this configuration.
Response of asset discovery run
Security Command Center finding. A finding is a record of assessment data (security, risk, health or privacy) ingested into Security Command Center for presentation, notification, analysis, policy testing, and enforcement. For example, an XSS vulnerability in an App Engine application is a finding.
Message that contains the resource name and display name of a folder resource.
Security Command Center's Notification
Information related to the Google Cloud resource.
Response of asset discovery run
User specified security marks that are attached to the parent Security Command Center resource. Security marks are scoped within a Security Command Center organization -- they can be modified and viewed by all users who have proper permissions on the organization.
Represents an access event.
Conveys information about a Kubernetes access review (such as one returned by a kubectl auth can-i command) that was involved in a finding.
Represents an application associated with a finding.
An attack exposure contains the results of an attack path simulation run.
Information related to Google Cloud Backup and DR Service findings.
Configures how to deliver Findings to BigQuery Instance.
Represents a Kubernetes RoleBinding or ClusterRoleBinding.
The response to a BulkMute request. Contains the LRO information.
The data profile associated with the finding.
Details about the Cloud Data Loss Prevention (Cloud DLP) inspection job that produced the finding.
Metadata taken from a Cloud Logging LogEntry
Contains compliance information about a security standard indicating unmet recommendations.
Contains information about the IP connection associated with the finding.
The email address of a contact.
Details about specific contacts
Container associated with the finding.
CVE stands for Common Vulnerabilities and Exposures. Information from the CVE record that describes this vulnerability.
Common Vulnerability Scoring System version 3.
Represents database access information, such as queries. A database may be a sub-resource of an instance (as in the case of Cloud SQL instances or Cloud Spanner instances), or the database instance itself. Some database resources might not have the full resource name populated because these resource types, such as Cloud SQL databases, are not yet supported by Cloud Asset Inventory. In these cases only the display name is provided.
Memory hash detection contributing to the binary family match.
Path of the file in terms of underlying disk/partition identifiers.
A name-value pair representing an environment variable used in an operating system process.
Resource where data was exfiltrated from or exfiltrated to.
Exfiltration represents a data exfiltration attempt from one or more sources to one or more targets. The sources attribute lists the sources of the exfiltrated data. The targets attribute lists the destinations the data was copied to.
Representation of third party SIEM/SOAR fields within SCC.
File information about the related binary/library used by an executable, or the script used by a script interpreter
Security Command Center finding. A finding is a record of assessment data like security, risk, health, or privacy, that is ingested into Security Command Center for presentation, notification, analysis, policy testing, and enforcement. For example, a cross-site scripting (XSS) vulnerability in an App Engine application is a finding.
Represents a geographical location for a given access.
Represents a particular IAM binding, which captures a member's role addition, removal, or state.
Represents what's commonly known as an indicator of compromise (IoC) in computer forensics. This is an artifact observed on a network or in an operating system that, with high confidence, indicates a computer intrusion. For more information, see Indicator of compromise.
Kernel mode rootkit signatures.
Kubernetes-related attributes.
Represents a generic name-value label. A label has separate name and value fields to support filtering with the contains() function. For more information, see Filtering on array-type fields.
Contains information related to the load balancer associated with the finding.
An individual entry in a log.
A signature corresponding to memory page hashes.
MITRE ATT&CK tactics and techniques related to this finding. See: https://attack.mitre.org
A mute config is a Cloud SCC resource that contains the configuration to mute create/update events of findings.
Kubernetes nodes associated with the finding.
Provides GKE node pool information.
Cloud SCC's Notification
Kubernetes object related to the finding, uniquely identified by GKNN. Used if the object Kind is not one of Pod, Node, NodePool, Binding, or AccessReview.
Contains information about the org policies associated with the finding.
Package is a generic definition of a package.
A Kubernetes Pod.
The policy field that violates the deployed posture and its expected and detected values.
Represents an operating system process.
Indicates what signature matched this process.
Information related to the Google Cloud resource.
A resource value config (RVC) is a mapping configuration of user's resources to resource values. Used in Attack path simulations.
Kubernetes Role or ClusterRole.
SecurityBulletin are notifications of vulnerabilities of Google products.
User specified security marks that are attached to the parent Security Command Center resource. Security marks are scoped within a Security Command Center organization -- they can be modified and viewed by all users who have proper permissions on the organization.
Represents a posture that is deployed on Google Cloud by the Security Command Center Posture Management service. A posture contains one or more policy sets. A policy set is a group of policies that enforce a set of security rules on Google Cloud.
Resource value mapping for Sensitive Data Protection findings If any of these mappings have a resource value that is not unspecified, the resource_value field will be ignored when reading this configuration.
Identity delegation history of an authenticated service account.
Represents a Kubernetes subject.
Information about the ticket, if any, that is being used to track the resolution of the issue that is identified by this finding.
Refers to common vulnerability fields e.g. cve, cvss, cwe etc.
A signature corresponding to a YARA rule.
Request message for grouping by assets.
Response message for grouping by assets.
Request message for grouping by findings.
Response message for group by findings.
Result containing the properties and count of a groupBy request.
Represents a particular IAM binding, which captures a member's role addition, removal, or state.
Cloud IAM Policy information associated with the Google Cloud resource described by the Security Command Center asset. This information is managed and defined by the Google Cloud resource and cannot be modified by the user.
Represents what's commonly known as an indicator of compromise (IoC) in computer forensics. This is an artifact observed on a network or in an operating system that, with high confidence, indicates a computer intrusion. For more information, see Indicator of compromise.
Kernel mode rootkit signatures.
Kubernetes-related attributes.
Represents a generic name-value label. A label has separate name and value fields to support filtering with the contains() function. For more information, see Filtering on array-type fields.
Response message for listing assets.
Result containing the Asset and its State.
Response message for listing the attack paths for a given simulation or valued resource.
Response message for listing BigQuery exports.
Response for listing current and descendant resident Event Threat Detection custom modules.
Response message for listing descendant Security Health Analytics custom modules.
Response for listing EffectiveEventThreatDetectionCustomModules.
Response message for listing effective Security Health Analytics custom modules.
Response for listing Event Threat Detection custom modules.
Response message for listing findings.
Result containing the Finding and its StateChange.
Response message for listing mute configs.
Response message for listing notification configs.
The response message for Operations.ListOperations.
Response message to list resource value configs
Response message for listing Security Health Analytics custom modules.
Response message for listing sources.
Response message for listing the valued resources for a given simulation.
Contains information related to the load balancer associated with the finding.
An individual entry in a log.
A signature corresponding to memory page hashes.
MITRE ATT&CK tactics and techniques related to this finding. See: https://attack.mitre.org
Kubernetes nodes associated with the finding.
Provides GKE node pool information.
Cloud Security Command Center (Cloud SCC) notification configs. A notification config is a Cloud SCC resource that contains the configuration to send notifications for create/update events of findings, assets and etc.
Kubernetes object related to the finding, uniquely identified by GKNN. Used if the object Kind is not one of Pod, Node, NodePool, Binding, or AccessReview.
This resource represents a long-running operation that is the result of a network API call.
Contains information about the org policies associated with the finding.
User specified settings that are attached to the Security Command Center organization.
Package is a generic definition of a package.
A finding that is associated with this node in the attack path.
A Kubernetes Pod.
An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A Policy is a collection of bindings. A binding binds one or more members, or principals, to a single role. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A role is a named list of permissions; each role can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a binding can also specify a condition, which is a logical expression that allows access to a resource only if the expression evaluates to true. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the IAM documentation. JSON example: { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } YAML example: bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the IAM documentation.
The policy field that violates the deployed posture and its expected and detected values.
A position in the uploaded text version of a module.
Represents an operating system process.
Indicates what signature matched this process.
Additional Links
Information related to the Google Cloud resource that is associated with this finding.
Metadata about a ResourceValueConfig. For example, id and name.
Kubernetes Role or ClusterRole.
Request message for running asset discovery for an organization.
SecurityBulletin are notifications of vulnerabilities of Google products.
Security Command Center managed properties. These properties are managed by Security Command Center and cannot be modified by the user.
User specified security marks that are attached to the parent Security Command Center resource. Security marks are scoped within a Security Command Center organization -- they can be modified and viewed by all users who have proper permissions on the organization.
Represents a posture that is deployed on Google Cloud by the Security Command Center Posture Management service. A posture contains one or more policy sets. A policy set is a group of policies that enforce a set of security rules on Google Cloud.
Identity delegation history of an authenticated service account.
Request message for updating a finding's state.
Request message for SetIamPolicy method.
Request message for updating a finding's mute status.
Request message to simulate a CustomConfig against a given test resource. Maximum size of the request is 4 MB by default.
Response message for simulating a SecurityHealthAnalyticsCustomModule against a given resource.
Manually constructed resource name. If the custom module evaluates against only the resource data, you can omit the iam_policy_data field. If it evaluates only the iam_policy_data field, you can omit the resource data.
Possible test result.
Attack path simulation
Security Command Center finding source. A finding source is an entity or a mechanism that can produce a finding. A source is like a container of findings that come from the same scanner, logger, monitor, and other tools.
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.
The config for streaming-based notifications, which send each event as soon as it is detected.
Represents a Kubernetes subject.
Request message for TestIamPermissions method.
Response message for TestIamPermissions method.
Information about the ticket, if any, that is being used to track the resolution of the issue that is identified by this finding.
Request to validate an Event Threat Detection custom module.
Response to validating an Event Threat Detection custom module.
A resource that is determined to have value to a user's system
Refers to common vulnerability fields e.g. cve, cvss, cwe etc.
A signature corresponding to a YARA rule.