uR RSrSSKJr SSKJr SSKJr SSKJr Sr "SS\R5r "S S \R5r "S S \R5r "S S\R5r"SS\R5r"SS\R5r"SS\R5r"SS\R5r"SS\R5r"SS\R5r"SS\R5r"SS\R5r"SS \R5r"S!S"\R5r"S#S$\R5r"S%S&\R5r"S'S(\R5r"S)S*\R5r"S+S,\R5r"S-S.\R5r"S/S0\R5r"S1S2\R5r "S3S4\R5r!"S5S6\R5r""S7S8\R5r#"S9S:\R5r$"S;S<\R5r%"S=S>\R5r&"S?S@\R5r'"SASB\R5r("SCSD\R5r)"SESF\R5r*"SGSH\R5r+"SISJ\R5r,"SKSL\R5r-"SMSN\R5r."SOSP\R5r/"SQSR\R5r0"SSST\R5r1"SUSV\R5r2"SWSX\R5r3"SYSZ\R5r4"S[S\\R5r5"S]S^\R5r6"S_S`\R5r7"SaSb\R5r8"ScSd\R5r9"SeSf\R5r:"SgSh\R5r;"SiSj\R5r<"SkSl\R5r="SmSn\R5r>"SoSp\R5r?"SqSr\R5r@"SsSt\R5rA"SuSv\R5rB"SwSx\R5rC"SySz\R5rD"S{S|\R5rE"S}S~\R5rF"SS\R5rG"SS\R5rH"SS\R5rI"SS\R5rJ"SS\R5rK"SS\R5rL"SS\R5rM"SS\R5rN"SS\R5rO"SS\R5rP"SS\R5rQ"SS\R5rR"SS\R5rS"SS\R5rT"SS\R5rU"SS\R5rV"SS\R5rW"SS\R5rX"SS\R5rY"SS\R5rZ"SS\R5r["SS\R5r\"SS\R5r]"SS\R5r^"SS\R5r_"SS\R5r`"SS\R5ra"SS\R5rb"SS\R5rc"SS\R5rd"SS\R5re"SS\R5rf"SS\R5rg"SS\R5rh"SS\R5ri"SS\R5rj"SS\R5rk"SS\R5rl"SS\R5rm"SS\R5rn"SS\R5ro"SS\R5rp"SS\R5rq"SS\R5rr"SS\R5rs"SS\R5rt"SS\R5ru"SS\R5rv"SS\R5rw"SS\R5rx"SS\R5ry"SS\R5rz"SS\R5r{"SS\R5r|"SS\R5r}"SS\R5r~"SS\R5r"SS\R5r"SS\R5r"SS\R5r"SS\R5r"SS\R5r"SS\R5r"SS\R5r"SGS\R5r"GSGS\R5r"GSGS\R5r"GSGS\R5r"GSGS\R5r"GS GS \R5r"GS GS \R5r"GS GS\R5r"GSGS\R5r"GSGS\R5r"GSGS\R5r"GSGS\R5r"GSGS\R5r"GSGS\R5r"GSGS\R5r"GSGS\R5r"GSGS \R5r"GS!GS"\R5r"GS#GS$\R5r"GS%GS&\R5r"GS'GS(\R5r"GS)GS*\R5r"GS+GS,\R5r"GS-GS.\R5r"GS/GS0\R5r"GS1GS2\R5r"GS3GS4\R5r"GS5GS6\R5r"GS7GS8\R5r"GS9GS:\R5r"GS;GS<\R5r"GS=GS>\R5r"GS?GS@\R5r"GSAGSB\R5r"GSCGSD\R5r"GSEGSF\R5r"GSGGSH\R5r"GSIGSJ\R5r"GSKGSL\R5r"GSMGSN\R5r"GSOGSP\R5r"GSQGSR\R5r"GSSGST\R5r"GSUGSV\R5r"GSWGSX\R5r"GSYGSZ\R5r"GS[GS\\R5r"GS]GS^\R5r"GS_GS`\R5r"GSaGSb\R5r"GScGSd\R5r"GSeGSf\R5r"GSgGSh\R5r"GSiGSj\R5r"GSkGSl\R5r"GSmGSn\R5r"GSoGSp\R5r"GSqGSr\R5r"GSsGSt\R5r"GSuGSv\R5r"GSwGSx\R5r"GSyGSz\R5r"GS{GS|\R5r"GS}GS~\R5r"GSGS\R5r"GSGS\R5r"GSGS\R5r"GSGS\R5r"GSGS\R5r"GSGS\R5r"GSGS\R5r"GSGS\R5r"GSGS\R5r"GSGS\R5r"GSGS\R5r"GSGS\R5r"GSGS\R5r"GSGS\R5r"GSGS\R5r"GSGS\R5r"GSGS\R5r"GSGS\R5r"GSGS\R5r"GSGS\R5r"GSGS\R5r"GSGS\R5r"GSGS\R5r"GSGS\R5r"GSGS\R5r"GSGS\R5r"GSGS\R5r"GSGS\R5r"GSGS\R5r"GSGS\R5r"GSGS\R5r"GSGS\R5r"GSGS\R5r"GSGS\R5r"GSGS\R5r"GSGS\R5r"GSGS\R5r"GSGS\R5r"GSGS\R5r"GSGS\R5r"GSGS\R5r"GSGS\R5r"GSGS\R5r"GSGS\R5r"GSGS\R5r"GSGS\R5r"GSGS\R5r"GSGS\R5r"GSGS\R5r"GSGS\R5r"GSGS\R5r"GSGS\R5r"GSGS\R5r"GSGS\R5r"GSGS\R5r"GSGS\R5r"GSGS\R5r"GSGS\R5Gr"GSGS\R5Gr"GSGS\R5Gr"GSGS\R5Gr"GSGS\R5Gr"GSGS\R5Gr"GSGS\R5Gr"GSGS\R5Gr"GSGS\R5Gr"GSGS\R5Gr "GSGS\R5Gr "GSGS\R5Gr "GS GS \R5Gr "GS GS \R5Gr "GS GS\R5Gr"GSGS\R5Gr"GSGS\R5Gr"GSGS\R5Gr"GSGS\R5Gr"GSGS\R5Gr"GSGS\R5Gr"GSGS\R5Gr"GSGS\R5Gr"GSGS \R5Gr"GS!GS"\R5Gr"GS#GS$\R5Gr"GS%GS&\R5Gr"GS'GS(\R5Gr"GS)GS*\R5Gr"GS+GS,\R5Gr"GS-GS.\R5Gr"GS/GS0\R5Gr"GS1GS2\R5Gr "GS3GS4\R5Gr!"GS5GS6\R5Gr""GS7GS8\R5Gr#"GS9GS:\R5Gr$"GS;GS<\R5Gr%"GS=GS>\R5Gr&"GS?GS@\R5Gr'"GSAGSB\R5Gr("GSCGSD\R5Gr)"GSEGSF\R5Gr*"GSGGSH\R5Gr+"GSIGSJ\R5Gr,"GSKGSL\R5Gr-"GSMGSN\R5Gr."GSOGSP\R5Gr/"GSQGSR\R5Gr0"GSSGST\R5Gr1"GSUGSV\R5Gr2"GSWGSX\R5Gr3"GSYGSZ\R5Gr4"GS[GS\\R5Gr5"GS]GS^\R5Gr6"GS_GS`\R5Gr7"GSaGSb\R5Gr8"GScGSd\R5Gr9"GSeGSf\R5Gr:"GSgGSh\R5Gr;"GSiGSj\R5Gr<"GSkGSl\R5Gr="GSmGSn\R5Gr>"GSoGSp\R5Gr?"GSqGSr\R5Gr@"GSsGSt\R5GrA"GSuGSv\R5GrB"GSwGSx\R5GrC"GSyGSz\R5GrD"GS{GS|\R5GrE"GS}GS~\R5GrF"GSGS\R5GrG"GSGS\R5GrH"GSGS\R5GrI"GSGS\R5GrJ"GSGS\R5GrK"GSGS\R5GrL"GSGS\R5GrM"GSGS\R5GrN"GSGS\R5GrO"GSGS\R5GrP"GSGS\R5GrQ"GSGS\R5GrR"GSGS\R5GrS"GSGS\R5GrT"GSGS\R5GrU"GSGS\R5GrV"GSGS\R5GrW"GSGS\R5GrX"GSGS\R5GrY"GSGS\R5GrZ"GSGS\R5Gr["GSGS\R5Gr\"GSGS\R5Gr]"GSGS\R5Gr^"GSGS\R5Gr_"GSGS\R5Gr`"GSGS\R5Gra"GSGS\R5Grb"GSGS\R5Grc"GSGS\R5Grd"GSGS\R5Gre"GSGS\R5Grf"GSGS\R5Grg"GSGS\R5Grh"GSGS\R5Gri"GSGS\R5Grj"GSGS\R5Grk"GSGS\R5Grl"GSGS\R5Grm"GSGS\R5Grn"GSGS\R5Gro"GSGS\R5Grp"GSGS\R5Grq"GSGS\R5Grr"GSGS\R5Grs"GSGS\R5Grt"GSGS\R5Gru"GSGS\R5Grv"GSGS\R5Grw"GSGS\R5Grx"GSGS\R5Gry"GSGS\R5Grz"GSGS\R5Gr{"GSGS\R5Gr|"GSGS\R5Gr}"GSGS\R5Gr~"GSGS\R5Gr"GSGS\R5Gr"GSGS\R5Gr"GSGS\R5Gr"GSGS\R5Gr"GSGS\R5Gr"GSGS\R5Gr"GSGS\R5Gr"GSGS\R5Gr"GSGS\R5Gr"GSGS\R5Gr"GSGS\R5Gr"GSGS\R5Gr"GS GS \R5Gr"GS GS \R5Gr"GS GS\R5Gr"GSGS\R5Gr"GSGS\R5Gr"GSGS\R5Gr"GSGS\R5Gr"GSGS\R5Gr"GSGS\R5Gr"GSGS\R5Gr"GSGS\R5Gr"GSGS \R5Gr"GS!GS"\R5Gr"GS#GS$\R5Gr"GS%GS&\R5Gr"GS'GS(\R5Gr"GS)GS*\R5Gr"GS+GS,\R5Gr"GS-GS.\R5Gr"GS/GS0\R5Gr"GS1GS2\R5Gr"GS3GS4\R5Gr"GS5GS6\R5Gr"GS7GS8\R5Gr"GS9GS:\R5Gr"GS;GS<\R5Gr"GS=GS>\R5Gr"GS?GS@\R5Gr"GSAGSB\R5Gr"GSCGSD\R5Gr"GSEGSF\R5Gr"GSGGSH\R5Gr"GSIGSJ\R5Gr"GSKGSL\R5Gr"GSMGSN\R5Gr"GSOGSP\R5Gr"GSQGSR\R5Gr"GSSGST\R5Gr"GSUGSV\R5Gr"GSWGSX\R5Gr"GSYGSZ\R5Gr"GS[GS\\R5Gr"GS]GS^\R5Gr"GS_GS`\R5Gr"GSaGSb\R5Gr"GScGSd\R5Gr"GSeGSf\R5Gr"GSgGSh\R5Gr"GSiGSj\R5Gr"GSkGSl\R5Gr"GSmGSn\R5Gr"GSoGSp\R5Gr"GSqGSr\R5Gr"GSsGSt\R5Gr"GSuGSv\R5Gr"GSwGSx\R5Gr"GSyGSz\R5Gr"GS{GS|\R5Gr"GS}GS~\R5Gr"GSGS\R5Gr"GSGS\R5Gr"GSGS\R5Gr"GSGS\R5Gr"GSGS\R5Gr"GSGS\R5Gr"GSGS\R5Gr"GSGS\R5Gr"GSGS\R5Gr"GSGS\R5Gr"GSGS\R5Gr"GSGS\R5Gr"GSGS\R5Gr\GR"G\GSGS5 \GR"G\GRGSGS5 \GR"G\GRGSGS5 Gg(zGenerated message classes for securitycenter version v2. Security Command Center API provides access to temporal views of assets and findings within an organization. )absolute_import)messages)encoding) extra_typessecuritycenterc\rSrSrSr\R "S5r\R"SS5r \R "S5r \R "S5r \R "S5r \R"S S S S 9r \R "S 5r\R "S5r\R "S5r\R "S5r\R "S5rSrg)Access Represents an access event. Fields: callerIp: Caller's IP address, such as "1.1.1.1". callerIpGeo: The caller IP's geolocation, which identifies where the call came from. methodName: The method that the service account called, e.g. "SetIamPolicy". principalEmail: Associated email, such as "foo@google.com". The email address of the authenticated user or a service account acting on behalf of a third party principal making the request. For third party identity callers, the `principal_subject` field is populated instead of this field. For privacy reasons, the principal email address is sometimes redacted. For more information, see [Caller identities in audit logs](https://cloud.google.com/logging/docs/audit#user-id). principalSubject: A string that represents the principal_subject that is associated with the identity. Unlike `principal_email`, `principal_subject` supports principals that aren't associated with email addresses, such as third party principals. For most identities, the format is `principal://iam.googleapis.com/{identity pool name}/subject/{subject}`. Some GKE identities, such as GKE_WORKLOAD, FREEFORM, and GKE_HUB_WORKLOAD, still use the legacy format `serviceAccount:{identity pool name}[{subject}]`. serviceAccountDelegationInfo: The identity delegation history of an authenticated service account that made the request. The `serviceAccountDelegationInfo[]` object contains information about the real authorities that try to access Google Cloud resources by delegating on a service account. When multiple authorities are present, they are guaranteed to be sorted based on the original ordering of the identity delegation events. serviceAccountKeyName: The name of the service account key that was used to create or exchange credentials when authenticating the service account that made the request. This is a scheme-less URI full resource name. For example: "//iam.googleapis.com/projects/{PROJECT_ID}/serviceAc counts/{ACCOUNT}/keys/{key}". serviceName: This is the API service that the service account made a call to, e.g. "iam.googleapis.com" userAgent: The caller's user agent string associated with the finding. userAgentFamily: Type of user agent associated with the finding. For example, an operating system shell or an embedded or standalone application. userName: A string that represents a username. The username provided depends on the type of the finding and is likely not an IAM principal. For example, this can be a system username if the finding is related to a virtual machine, or it can be an application login username.  GeolocationServiceAccountDelegationInfoTrepeated N__name__ __module__ __qualname____firstlineno____doc__ _messages StringFieldcallerIp MessageField callerIpGeo methodNameprincipalEmailprincipalSubjectserviceAccountDelegationInfoserviceAccountKeyName serviceName userAgentuserAgentFamilyuserName__static_attributes__rYlib/googlecloudsdk/generated_clients/apis/securitycenter/v2/securitycenter_v2_messages.pyr r s-^ " "1 %(&&}a8+$$Q'*((+.**1-!*!7!78VXYdh!i#//2%%a(+##A&)))"-/  " "2 &(r1r c\rSrSrSr\R "S5r\R "S5r\R "S5r \R "S5r \R "S5r \R "S5r \R "S 5r S rg ) AccessReviewO2Conveys information about a Kubernetes access review (such as one returned by a [`kubectl auth can-i`](https://kubernetes.io/docs/reference/access-authn- authz/authorization/#checking-api-access) command) that was involved in a finding. Fields: group: The API group of the resource. "*" means all. name: The name of the resource being requested. Empty means all. ns: Namespace of the action being requested. Currently, there is no distinction between no namespace and all namespaces. Both are represented by "" (empty). resource: The optional resource type requested. "*" means all. subresource: The optional subresource type. verb: A Kubernetes resource API verb, like get, list, watch, create, update, delete, proxy. "*" means all. version: The API version of the resource. "*" means all. r rrrrrrrNrrrr r!r"r#groupnamensresource subresourceverbversionr0rr1r2r4r4Oy&    "%   q !$Q"  " "1 %(%%a(+   q !$  ! !! $'r1r4c<\rSrSrSr\R "S5rSrg)AdaptiveProtectionlInformation about [Google Cloud Armor Adaptive Protection](https://cloud.google.com/armor/docs/cloud-armor-overview#google- cloud-armor-adaptive-protection). Fields: confidence: A score of 0 means that there is low confidence that the detected event is an actual attack. A score of 1 means that there is high confidence that the detected event is an attack. See the [Adaptive Protection documentation](https://cloud.google.com/armor/docs/adaptive- protection-overview#configure-alert-tuning) for further explanation. r rN rrrr r!r" FloatField confidencer0rr1r2rArAl ##A&*r1rAc<\rSrSrSr\R "S5rSrg)AffectedResources|tDetails about resources affected by this finding. Fields: count: The count of resources affected by the finding. r rN rrrr r!r" IntegerFieldcountr0rr1r2rIrI|   #%r1rIc@\rSrSrSr"SS\R 5r\R"SS5r \R"S5r \R"S5r \R"S5r \R"S 5r\R"S 5r\R"S 5rS rg )AiModelContains information about the AI model associated with the finding. Enums: DeploymentPlatformValueValuesEnum: The platform on which the model is deployed. Fields: deploymentPlatform: The platform on which the model is deployed. displayName: The user defined display name of model. Ex. baseline- classification-model domain: The domain of the model, for example, "image-classification". library: The name of the model library, for example, "transformers". location: The region in which the model is used, for example, "us- central1". name: The name of the AI model, for example, "gemini:1.0.0". publisher: The publisher of the model, for example, "google" or "nvidia". c,\rSrSrSrSrSrSrSrSr Sr g ) )AiModel.DeploymentPlatformValueValuesEnumThe platform on which the model is deployed. Values: DEPLOYMENT_PLATFORM_UNSPECIFIED: Unspecified deployment platform. VERTEX_AI: Vertex AI. GKE: Google Kubernetes Engine. GCE: Google Compute Engine. FINE_TUNED_MODEL: Fine tuned model. rr rrrrN rrrr r!DEPLOYMENT_PLATFORM_UNSPECIFIED VERTEX_AIGKEGCEFINE_TUNED_MODELr0rr1r2!DeploymentPlatformValueValuesEnumrU$'(#I C Cr1r^r rrrrrrrNrrrr r!r"Enumr^ EnumFielddeploymentPlatformr# displayNamedomainlibrarylocationr9 publisherr0rr1r2rQrQ$).. !**+NPQR%%a(+   #&  ! !! $'  " "1 %(   q !$##A&)r1rQc<\rSrSrSr\R "SSSS9rSrg) AllowedRAllowed IP rule. Fields: ipRules: Optional. Optional list of allowed IP rules. IpRuler TrrN rrrr r!r"r%ipRulesr0rr1r2rkrk  " "8Q >'r1rkc`\rSrSrSr\R "S5r\R "S5rSr g) ApplicationajRepresents an application associated with a finding. Fields: baseUri: The base URI that identifies the network location of the application in which the vulnerability was detected. For example, `http://example.com`. fullUri: The full URI with payload that can be used to reproduce the vulnerability. For example, `http://example.com?p=aMmYgI6H`. r rrN rrrr r!r"r#baseUrifullUrir0rr1r2rsrs)  ! !! $'  ! !! $'r1rsc\rSrSrSr\R "S5r\R"S\RRS9r \R"S5r \R"S\RRS9r \R"S5rS rg ) AttackInformation about DDoS attack volume and classification. Fields: classification: Type of attack, for example, 'SYN-flood', 'NTP-udp', or 'CHARGEN-udp'. volumeBps: Total BPS (bytes per second) volume of attack. Deprecated - refer to volume_bps_long instead. volumeBpsLong: Total BPS (bytes per second) volume of attack. volumePps: Total PPS (packets per second) volume of attack. Deprecated - refer to volume_pps_long instead. volumePpsLong: Total PPS (packets per second) volume of attack. r rvariantrrrrNrrrr r!r"r#classificationrMVariantINT32 volumeBps volumeBpsLong volumePps volumePpsLongr0rr1r2rzrzu ((+.$$Q 0A0A0G0GH)((+-$$Q 0A0A0G0GH)((+-r1rzc\rSrSrSr"SS\R 5r\R"S5r \R"S\RRS9r \R"S\RRS9r\R"S \RRS9r\R"S 5r\R""S 5r\R&"SS 5rS rg)AttackExposureaAn attack exposure contains the results of an attack path simulation run. Enums: StateValueValuesEnum: What state this AttackExposure is in. This captures whether or not an attack exposure has been calculated or not. Fields: attackExposureResult: The resource name of the attack path simulation result that contains the details regarding this attack exposure score. Example: `organizations/123/simulations/456/attackExposureResults/789` exposedHighValueResourcesCount: The number of high value resources that are exposed as a result of this finding. exposedLowValueResourcesCount: The number of high value resources that are exposed as a result of this finding. exposedMediumValueResourcesCount: The number of medium value resources that are exposed as a result of this finding. latestCalculationTime: The most recent time the attack exposure was updated on this finding. score: A number between 0 (inclusive) and infinity that represents how important this finding is to remediate. The higher the score, the more important it is to remediate. state: What state this AttackExposure is in. This captures whether or not an attack exposure has been calculated or not. c$\rSrSrSrSrSrSrSrg)#AttackExposure.StateValueValuesEnuma"What state this AttackExposure is in. This captures whether or not an attack exposure has been calculated or not. Values: STATE_UNSPECIFIED: The state is not specified. CALCULATED: The attack exposure has been calculated. NOT_CALCULATED: The attack exposure has not been calculated. rr rrN rrrr r!STATE_UNSPECIFIED CALCULATEDNOT_CALCULATEDr0rr1r2StateValueValuesEnumrJNr1rr rr}rrrrrrNrrrr r!r"rarr#attackExposureResultrMrrexposedHighValueResourcesCountexposedLowValueResourcesCount exposedMediumValueResourcesCountlatestCalculationTimerEscorerbstater0rr1r2rrs4 Y^^ #..q1#,#9#9!YEVEVE\E\#] "+"8"8IDUDUD[D["\%.%;%;AyGXGXG^G^%_"#//2   q !%   4a 8%r1rc\rSrSrSr\R "SSSS9r\R"S5r \R "SS SS9r S r g ) AttackPathia:A path that an attacker could take to reach an exposed resource. Fields: edges: A list of the edges between nodes in this attack path. name: The attack path name, for example, `organizations/12/simulations/34/valuedResources/56/attackPaths/78` pathNodes: A list of nodes that exist in this attack path. AttackPathEdger TrrAttackPathNoderrN) rrrr r!r"r%edgesr#r9 pathNodesr0rr1r2rrsC  !11t D%   q !$$$%5q4H)r1rc`\rSrSrSr\R "S5r\R "S5rSr g)ri zRepresents a connection between a source node and a destination node in this attack path. Fields: destination: The attack node uuid of the destination node. source: The attack node uuid of the source node. r rrN) rrrr r!r"r# destinationsourcer0rr1r2rr s)%%a(+   #&r1rc\rSrSrSr\R "SSSS9r\R "SSSS9r\R"S 5r \R"S 5r \R"S 5r \R"S 5r S rg)ri-aRepresents one point that an attacker passes through in this attack path. Fields: associatedFindings: The findings associated with this node in the attack path. attackSteps: A list of attack step nodes that exist in this attack path node. displayName: Human-readable name of this resource. resource: The name of the resource at this point in the attack path. The format of the name follows the Cloud Asset Inventory [resource name format](https://cloud.google.com/asset-inventory/docs/resource-name- format) resourceType: The [supported resource type](https://cloud.google.com/asset-inventory/docs/supported-asset- types) uuid: Unique id of the attack path node. PathNodeAssociatedFindingr TrAttackStepNoderrrrrrN)rrrr r!r"r%associatedFindings attackStepsr#rdr; resourceTypeuuidr0rr1r2rr-su&!--.I1W[\&&'7TJ+%%a(+  " "1 %(&&q),   q !$r1rcN\rSrSrSr"SS\R 5r\R"S5"SS\R55r \R"S5r \R"S 5r\R"SS 5r\R""SS 5r\R"S 5rS rg)riIaDetailed steps the attack can take between path nodes. Enums: TypeValueValuesEnum: Attack step type. Can be either AND, OR or DEFENSE Messages: LabelsValue: Attack step labels for metadata Fields: description: Attack step description displayName: User friendly name of the attack step labels: Attack step labels for metadata type: Attack step type. Can be either AND, OR or DEFENSE uuid: Unique ID for one Node c,\rSrSrSrSrSrSrSrSr Sr g ) "AttackStepNode.TypeValueValuesEnumiZa"Attack step type. Can be either AND, OR or DEFENSE Values: NODE_TYPE_UNSPECIFIED: Type not specified NODE_TYPE_AND: Incoming edge joined with AND NODE_TYPE_OR: Incoming edge joined with OR NODE_TYPE_DEFENSE: Incoming edge is defense NODE_TYPE_ATTACKER: Incoming edge is attacker rr rrrrN) rrrr r!NODE_TYPE_UNSPECIFIED NODE_TYPE_AND NODE_TYPE_ORNODE_TYPE_DEFENSENODE_TYPE_ATTACKERr0rr1r2TypeValueValuesEnumrZs%MLr1radditionalPropertiescf\rSrSrSr"SS\R 5r\R"SSSS9r Sr g ) AttackStepNode.LabelsValueijzAttack step labels for metadata Messages: AdditionalProperty: An additional property for a LabelsValue object. Fields: additionalProperties: Additional properties of type LabelsValue c`\rSrSrSr\R "S5r\R "S5rSr g)-AttackStepNode.LabelsValue.AdditionalPropertyiuzAn additional property for a LabelsValue object. Fields: key: Name of the additional property. value: A string attribute. r rrN rrrr r!r"r#keyvaluer0rr1r2AdditionalPropertyru)   ! !! $c##A&er1rr TrrN rrrr r!r"Messagerr%rr0rr1r2 LabelsValuerjs2 'Y.. '%112FTXYr1rr rrrrrN)rrrr r!r"rarrMapUnrecognizedFieldsrrr# descriptionrdr%labelsrbtyperr0rr1r2rrIs INN  !!"89ZI%%Z:Z.%%a(+%%a(+  ! !- 3&   2A 6$   q !$r1rc`\rSrSrSr\R "SSSS9r\R"S5r Sr g ) AuditConfigiawSpecifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both `allServices` and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { "audit_configs": [ { "service": "allServices", "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" }, { "log_type": "ADMIN_READ" } ] }, { "service": "sampleservice.googleapis.com", "audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type": "DATA_WRITE", "exempted_members": [ "user:aliya@example.com" ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts `jose@example.com` from DATA_READ logging, and `aliya@example.com` from DATA_WRITE logging. Fields: auditLogConfigs: The configuration for logging of each type of permission. service: Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services. AuditLogConfigr TrrrN) rrrr r!r"r%auditLogConfigsr#servicer0rr1r2rrs.0**+;QN/  ! !! $'r1rc\rSrSrSr"SS\R 5r\R"SSS9r \R"SS5r S r g ) riaRProvides the configuration for logging a type of permissions. Example: { "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" } ] } This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting jose@example.com from DATA_READ logging. Enums: LogTypeValueValuesEnum: The log type that this config enables. Fields: exemptedMembers: Specifies the identities that do not cause logging for this type of permission. Follows the same format of Binding.members. logType: The log type that this config enables. c(\rSrSrSrSrSrSrSrSr g) %AuditLogConfig.LogTypeValueValuesEnumiaThe log type that this config enables. Values: LOG_TYPE_UNSPECIFIED: Default case. Should never be this. ADMIN_READ: Admin reads. Example: CloudIAM getIamPolicy DATA_WRITE: Data writes. Example: CloudSQL Users create DATA_READ: Data reads. Example: CloudSQL Users list rr rrrN) rrrr r!LOG_TYPE_UNSPECIFIED ADMIN_READ DATA_WRITE DATA_READr0rr1r2LogTypeValueValuesEnumrsJJIr1rr TrrrN) rrrr r!r"rarr#exemptedMembersrblogTyper0rr1r2rrs>  y~~ ))!d;/    8! <'r1rc`\rSrSrSr\R "S5r\R "S5rSr g) AwsAccountiAn AWS account that is a member of an organization. Fields: id: The unique identifier (ID) of the account, containing exactly 12 digits. name: The friendly name of this account. r rrN rrrr r!r"r#idr9r0rr1r2rr)Q"   q !$r1rc\rSrSrSr\R "SS5r\R "SS5r\R "SSS S 9r S r g ) AwsMetadataiAWS metadata associated with the resource, only applicable if the finding's cloud provider is Amazon Web Services. Fields: account: The AWS account associated with the resource. organization: The AWS organization associated with the resource. organizationalUnits: A list of AWS organizational units associated with the resource, ordered from lowest level (closest to the account) to highest level. rr AwsOrganizationrAwsOrganizationalUnitrTrrN rrrr r!r"r%account organizationorganizationalUnitsr0rr1r2rrsE   " "< 3'''(91=,!../FTXYr1rc<\rSrSrSr\R "S5rSrg)riAn organization is a collection of accounts that are centrally managed together using consolidated billing, organized hierarchically with organizational units (OUs), and controlled with policies. Fields: id: The unique identifier (ID) for the organization. The regex pattern for an organization ID string requires "o-" followed by from 10 to 32 lowercase letters or digits. r rN rrrr r!r"r#rr0rr1r2rrQ"r1rc`\rSrSrSr\R "S5r\R "S5rSr g)rigAn Organizational Unit (OU) is a container of AWS accounts within a root of an organization. Policies that are attached to an OU apply to all accounts contained in that OU and in any child OUs. Fields: id: The unique identifier (ID) associated with this OU. The regex pattern for an organizational unit ID string requires "ou-" followed by from 4 to 32 lowercase letters or digits (the ID of the root that contains the OU). This string is followed by a second "-" dash and from 8 to 32 additional lowercase letters or digits. For example, "ou-ab12-cd34ef56". name: The friendly name of the OU. r rrNrrr1r2rr) Q"   q !$r1rc`\rSrSrSr\R "S5r\R "S5rSr g)AzureManagementGroupiRepresents an Azure management group. Fields: displayName: The display name of the Azure management group. id: The UUID of the Azure management group, for example, `20000000-0001-0000-0000-000000000000`. r rrN rrrr r!r"r#rdrr0rr1r2rr)%%a(+Q"r1rc\rSrSrSr\R "SSSS9r\R "SS5r\R "S S 5r \R "S S 5r S r g) AzureMetadataiAzure metadata associated with the resource, only applicable if the finding's cloud provider is Microsoft Azure. Fields: managementGroups: A list of Azure management groups associated with the resource, ordered from lowest level (closest to the subscription) to highest level. resourceGroup: The Azure resource group associated with the resource. subscription: The Azure subscription associated with the resource. tenant: The Azure Entra tenant associated with the resource. rr TrAzureResourceGrouprAzureSubscriptionr AzureTenantrrN rrrr r!r"r%managementGroups resourceGroup subscriptiontenantr0rr1r2rrsX ++,BAPTU(()=qA-''(;Q?,  ! !- 3&r1rc`\rSrSrSr\R "S5r\R "S5rSr g)ri&Represents an Azure resource group. Fields: id: The ID of the Azure resource group. name: The name of the Azure resource group. This is not a UUID. r rrNrrr1r2rr&)Q"   q !$r1rc`\rSrSrSr\R "S5r\R "S5rSr g)ri2Represents an Azure subscription. Fields: displayName: The display name of the Azure subscription. id: The UUID of the Azure subscription, for example, `291bba3f-e0a5-47bc-a099-3bdcb2a50a05`. r rrNrrr1r2rr2rr1rc`\rSrSrSr\R "S5r\R "S5rSr g)ri?Represents a Microsoft Entra tenant. Fields: displayName: The display name of the Azure tenant. id: The ID of the Microsoft Entra tenant, for example, "a11aaa11-aa11-1aa1-11aa-1aaa11a". r rrNrrr1r2rr?rr1rcz\rSrSrSr\R "S5r\R "SSS9r\R "S5r \R "S5r \R "S 5r \R "S 5r \R "S SS9r \R "S SS9r\R "S 5r\R "S5rSrg)BackupDisasterRecoveryiL Information related to Google Cloud Backup and DR Service findings. Fields: appliance: The name of the Backup and DR appliance that captures, moves, and manages the lifecycle of backup data. For example, `backup- server-57137`. applications: The names of Backup and DR applications. An application is a VM, database, or file system on a managed host monitored by a backup and recovery appliance. For example, `centos7-01-vol00`, `centos7-01-vol01`, `centos7-01-vol02`. backupCreateTime: The timestamp at which the Backup and DR backup was created. backupTemplate: The name of a Backup and DR template which comprises one or more backup policies. See the [Backup and DR documentation](https://cloud.google.com/backup-disaster- recovery/docs/concepts/backup-plan#temp) for more information. For example, `snap-ov`. backupType: The backup type of the Backup and DR image. For example, `Snapshot`, `Remote Snapshot`, `OnVault`. host: The name of a Backup and DR host, which is managed by the backup and recovery appliance and known to the management console. The host can be of type Generic (for example, Compute Engine, SQL Server, Oracle DB, SMB file system, etc.), vCenter, or an ESX server. See the [Backup and DR documentation on hosts](https://cloud.google.com/backup-disaster- recovery/docs/configuration/manage-hosts-and-their-applications) for more information. For example, `centos7-01`. policies: The names of Backup and DR policies that are associated with a template and that define when to run a backup, how frequently to run a backup, and how long to retain the backup image. For example, `onvaults`. policyOptions: The names of Backup and DR advanced policy options of a policy applying to an application. See the [Backup and DR documentation on policy options](https://cloud.google.com/backup-disaster- recovery/docs/create-plan/policy-settings). For example, `skipofflineappsincongrp, nounmap`. profile: The name of the Backup and DR resource profile that specifies the storage media for backups of application and VM data. See the [Backup and DR documentation on profiles](https://cloud.google.com/backup- disaster-recovery/docs/concepts/backup-plan#profile). For example, `GCP`. storagePool: The name of the Backup and DR storage pool that the backup and recovery appliance is storing data in. The storage pool could be of type Cloud, Primary, Snapshot, or OnVault. See the [Backup and DR documentation on storage pools](https://cloud.google.com/backup- disaster-recovery/docs/concepts/storage-pools). For example, `DiskPoolOne`. r rTrrrrrrrrrrNrrrr r!r"r# appliance applicationsbackupCreateTimebackupTemplate backupTypehostpolicies policyOptionsprofile storagePoolr0rr1r2rrL.`##A&)&&q48,**1-((+.$$Q'*   q !$  " "1t 4(''D9-  ! !! $'%%b)+r1rc<\rSrSrSr\R "SSSS9rSrg) &BatchCreateResourceValueConfigsRequestizRequest message to create multiple resource value configs Fields: requests: Required. The resource value configs to be created. CreateResourceValueConfigRequestr TrrN) rrrr r!r"r%requestsr0rr1r2rrs  # #$FTX Y(r1rc<\rSrSrSr\R "SSSS9rSrg) 'BatchCreateResourceValueConfigsResponseizyResponse message for BatchCreateResourceValueConfigs Fields: resourceValueConfigs: The resource value configs created .GoogleCloudSecuritycenterV2ResourceValueConfigr TrrN) rrrr r!r"r%resourceValueConfigsr0rr1r2rrs! #//0`bcnrsr1rc<\rSrSrSr\R "S5rSrg)BigQueryDestinationizThe destination BigQuery dataset to export findings to. Fields: dataset: Required. The relative resource name of the destination dataset, in the form projects/{projectId}/datasets/{datasetId}. r rN) rrrr r!r"r#datasetr0rr1r2rrs  ! !! $'r1rc\rSrSrSr\R "SS5r\R"SSS9r \R"S5r S r g ) BindingiatAssociates `members`, or principals, with a `role`. Fields: condition: The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource- policies). members: Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other- app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how- to/kubernetes-service-accounts). For example, `my- project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `principal://iam.googleapis.com/locatio ns/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: A single identity in a workforce identity pool. * `principalSet://iam.goog leapis.com/locations/global/workforcePools/{pool_id}/group/{group_id}`: All workforce identities in a group. * `principalSet://iam.googleapis.co m/locations/global/workforcePools/{pool_id}/attribute.{attribute_name}/{ attribute_value}`: All workforce identities with a specific attribute value. * `principalSet://iam.googleapis.com/locations/global/workforcePo ols/{pool_id}/*`: All identities in a workforce identity pool. * `princi pal://iam.googleapis.com/projects/{project_number}/locations/global/work loadIdentityPools/{pool_id}/subject/{subject_attribute_value}`: A single identity in a workload identity pool. * `principalSet://iam.googleapis.c om/projects/{project_number}/locations/global/workloadIdentityPools/{poo l_id}/group/{group_id}`: A workload identity pool group. * `principalSet ://iam.googleapis.com/projects/{project_number}/locations/global/workloa dIdentityPools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: All identities in a workload identity pool with a certain attribute. * ` principalSet://iam.googleapis.com/projects/{project_number}/locations/gl obal/workloadIdentityPools/{pool_id}/*`: All identities in a workload identity pool. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other- app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `deleted:principal://iam.google apis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attr ibute_value}`: Deleted single identity in a workforce identity pool. For example, `deleted:principal://iam.googleapis.com/locations/global/workfo rcePools/my-pool-id/subject/my-subject-attribute-value`. role: Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`. For an overview of the IAM roles and permissions, see the [IAM documentation](https://cloud.google.com/iam/docs/roles-overview). For a list of the available pre-defined roles, see [here](https://cloud.google.com/iam/docs/understanding-roles). Exprr rTrrrN) rrrr r!r"r% conditionr#membersroler0rr1r2rrs?Ob$$VQ/)  ! !!d 3'   q !$r1rc\rSrSrSr"SS\R 5r\R"S5r \R"SS5r Sr g) BulkMuteFindingsRequestiaRequest message for bulk findings update. Note: 1. If multiple bulk update requests match the same resource, the order in which they get executed is not defined. 2. Once a bulk operation is started, there is no way to stop it. Enums: MuteStateValueValuesEnum: Optional. All findings matching the given filter will have their mute state set to this value. The default value is `MUTED`. Setting this to `UNDEFINED` will clear the mute state on all matching findings. Fields: filter: Expression that identifies findings that should be updated. The expression is a list of zero or more restrictions combined via logical operators `AND` and `OR`. Parentheses are supported, and `OR` has higher precedence than `AND`. Restrictions have the form ` ` and may have a `-` character in front of them to indicate negation. The fields map to those defined in the corresponding resource. The supported operators are: * `=` for all value types. * `>`, `<`, `>=`, `<=` for integer values. * `:`, meaning substring matching, for strings. The supported value types are: * string literals in quotes. * integer literals without quotes. * boolean literals `true` and `false` without quotes. muteState: Optional. All findings matching the given filter will have their mute state set to this value. The default value is `MUTED`. Setting this to `UNDEFINED` will clear the mute state on all matching findings. c$\rSrSrSrSrSrSrSrg)0BulkMuteFindingsRequest.MuteStateValueValuesEnumiaoOptional. All findings matching the given filter will have their mute state set to this value. The default value is `MUTED`. Setting this to `UNDEFINED` will clear the mute state on all matching findings. Values: MUTE_STATE_UNSPECIFIED: Unused. MUTED: Matching findings will be muted (default). UNDEFINED: Matching findings will have their mute state cleared. rr rrN) rrrr r!MUTE_STATE_UNSPECIFIEDMUTED UNDEFINEDr0rr1r2MuteStateValueValuesEnumr%s EIr1r)r rrN) rrrr r!r"rar)r#filterrb muteStater0rr1r2r#r#s<8     #&!!" instance.status == 'RUNNING' && 'public' in instance.tags.items - name: firewall resource_type: compute.googleapis.com/Firewall filter: > firewall.direction == 'INGRESS' && !firewall.disabled && firewall.allowed.exists(rule, rule.IPProtocol.upperAscii() in ['TCP', 'ALL'] && rule.ports.exists(port, network.portsInRange(port, '11-256'))) rule: match: - predicate: > instance.networkInterfaces.exists(net, firewall.network == net.network) output: > {'message': 'Compute instance with publicly accessible ports', 'instance': instance.name} Users are able to join resource types together using the exact format as Kubernetes Validating Admission policies. Fields: spec: The CEL policy to evaluate to produce findings. A finding is generated when the policy validation evaluates to false. r rN) rrrr r!r"r#specr0rr1r2r-r-.s,   q !$r1r-c:\rSrSrSr\R "SSS9rSrg) ChokepointiHContains details about a chokepoint, which is a resource or resource group where high-risk attack paths converge, based on [attack path simulations] (https://cloud.google.com/security-command-center/docs/attack- exposure-learn#attack_path_simulations). Fields: relatedFindings: List of resource names of findings associated with this chokepoint. For example, organizations/123/sources/456/findings/789. This list will have at most 100 findings. r TrrN rrrr r!r"r#relatedFindingsr0rr1r2r0r0H ))!d;/r1r0c\rSrSrSr\R "SS5r\R "SS5r\R"S5r \R "SS 5r \R "S S 5r \R"S 5r S rg) CloudArmoriWFields related to Google Cloud Armor findings. Fields: adaptiveProtection: Information about potential Layer 7 DDoS attacks identified by [Google Cloud Armor Adaptive Protection](https://cloud.google.com/armor/docs/adaptive-protection- overview). attack: Information about DDoS attack volume and classification. duration: Duration of attack from the start until the current moment (updated every 5 minutes). requests: Information about incoming requests evaluated by [Google Cloud Armor security policies](https://cloud.google.com/armor/docs/security- policy-overview). securityPolicy: Information about the [Google Cloud Armor security policy](https://cloud.google.com/armor/docs/security-policy-overview) relevant to the finding. threatVector: Distinguish between volumetric & protocol DDoS attack and application layer attacks. For example, "L3_4" for Layer 3 and Layer 4 DDoS attacks, or "L_7" for Layer 7 DDoS attacks. rAr rzrrRequestsrSecurityPolicyrrrNrrrr r!r"r%adaptiveProtectionattackr#durationrsecurityPolicy threatVectorr0rr1r2r6r6Wst*!--.BAF  ! !(A .&  " "1 %(  # #J 2())*:A>.&&q),r1r6c\rSrSrSr"SS\R 5r\R"S5r \R"S5r \R"SS5r \R"S\RRS 9rS rg ) CloudControliu(CloudControl associated with the finding. Enums: TypeValueValuesEnum: Type of cloud control. Fields: cloudControlName: Name of the CloudControl associated with the finding. policyType: Policy type of the CloudControl type: Type of cloud control. version: Version of the Cloud Control c$\rSrSrSrSrSrSrSrg) CloudControl.TypeValueValuesEnumiType of cloud control. Values: CLOUD_CONTROL_TYPE_UNSPECIFIED: Unspecified. BUILT_IN: Built in Cloud Control. CUSTOM: Custom Cloud Control. rr rrN rrrr r!CLOUD_CONTROL_TYPE_UNSPECIFIEDBUILT_INCUSTOMr0rr1r2rrD&'"H Fr1rr rrrr}rNrrrr r!r"rarr#cloudControlName policyTyperbrrMrrr>r0rr1r2rArAuk  INN **1-$$Q'*   2A 6$  " "1i.?.?.E.E F'r1rAc\rSrSrSr"SS\R 5r\R"S5r \R"SSSS 9r \R"SS 5r S rg ) CloudDlpDataProfilei+The [data profile](https://cloud.google.com/dlp/docs/data-profiles) associated with the finding. Enums: ParentTypeValueValuesEnum: The resource hierarchy level at which the data profile was generated. Fields: dataProfile: Name of the data profile, for example, `projects/123/locations/europe/tableProfiles/8383929`. infoTypes: Type of information detected by SDP. Info type includes name, version and sensitivity of the detected information type. parentType: The resource hierarchy level at which the data profile was generated. c$\rSrSrSrSrSrSrSrg)-CloudDlpDataProfile.ParentTypeValueValuesEnumiThe resource hierarchy level at which the data profile was generated. Values: PARENT_TYPE_UNSPECIFIED: Unspecified parent type. ORGANIZATION: Organization-level configurations. PROJECT: Project-level configurations. rr rrN rrrr r!PARENT_TYPE_UNSPECIFIED ORGANIZATIONPROJECTr0rr1r2ParentTypeValueValuesEnumrS LGr1rYr InfoTyperTrrrNrrrr r!r"rarYr# dataProfiler% infoTypesrb parentTyper0rr1r2rPrPsP ).. %%a(+$$ZTB)""#>B*r1rPc\rSrSrSr\R "S5r\R"S5r \R"S5r \R"S5r Sr g) CloudDlpInspectioni}Details about the Cloud Data Loss Prevention (Cloud DLP) [inspection job](https://cloud.google.com/dlp/docs/concepts-job-triggers) that produced the finding. Fields: fullScan: Whether Cloud DLP scanned the complete resource or a sampled subset. infoType: The type of information (or *[infoType](https://cloud.google.com/dlp/docs/infotypes-reference)*) found, for example, `EMAIL_ADDRESS` or `STREET_ADDRESS`. infoTypeCount: The number of times Cloud DLP found this infoType within this job and resource. inspectJob: Name of the inspection job, for example, `projects/123/locations/europe/dlpJobs/i-8383929`. r rrrrNrrrr r!r" BooleanFieldfullScanr#infoTyperM infoTypeCount inspectJobr0rr1r2raraI  # #A &(  " "1 %(((+-$$Q'*r1rac\rSrSrSr\R "S5r\R "S5r\R "S5r \R "S5r Sr g) CloudLoggingEntryiaMetadata taken from a [Cloud Logging LogEntry](https://cloud.google.com/ logging/docs/reference/v2/rest/v2/LogEntry) Fields: insertId: A unique identifier for the log entry. logId: The type of the log (part of `log_name`. `log_name` is the resource name of the log to which this log entry belongs). For example: `cloudresourcemanager.googleapis.com/activity`. Note that this field is not URL-encoded, unlike the `LOG_ID` field in `LogEntry`. resourceContainer: The organization, folder, or project of the monitored resource that produced this log entry. timestamp: The time the event described by the log entry occurred. r rrrrN rrrr r!r"r#insertIdlogIdresourceContainer timestampr0rr1r2rkrkJ  " "1 %(    "%++A.##A&)r1rkc\rSrSrSr\R "SSS9r\R "S5r\R "S5r Sr g ) ComplianceiNContains compliance information about a security standard indicating unmet recommendations. Fields: ids: Policies within the standard or benchmark, for example, A.12.4.1 standard: Industry-wide compliance standards or benchmarks, such as CIS, PCI, and OWASP. version: Version of the standard or benchmark, for example, 1.1 r TrrrrN rrrr r!r"r#idsstandardr>r0rr1r2rsrs; a$/#  " "1 %(  ! !! $'r1rsc\rSrSrSr\R "SS5r\R"SSS9r \R "SS SS9r S r g ) ComplianceDetailsinCompliance Details associated with the finding. Fields: cloudControl: CloudControl associated with the finding cloudControlDeploymentNames: Cloud Control Deployments associated with the finding. For example, organizations/123/locations/global/cloudControlDep loyments/deploymentIdentifier frameworks: Details of Frameworks associated with the finding rAr rTr FrameworkrrN rrrr r!r"r% cloudControlr#cloudControlDeploymentNames frameworksr0rr1r2rzrzsB'':, ) 5 5a$ G%%k1tD*r1rzcD\rSrSrSr"SS\R 5r\R"S5r \R"S\RRS9r \R"SS5r\R"S 5r\R"S \RRS9rS rg ) ConnectioniContains information about the IP connection associated with the finding. Enums: ProtocolValueValuesEnum: IANA Internet Protocol Number such as TCP(6) and UDP(17). Fields: destinationIp: Destination IP address. Not present for sockets that are listening and not connected. destinationPort: Destination port. Not present for sockets that are listening and not connected. protocol: IANA Internet Protocol Number such as TCP(6) and UDP(17). sourceIp: Source IP address. sourcePort: Source port. c0\rSrSrSrSrSrSrSrSr Sr S r g ) "Connection.ProtocolValueValuesEnumi3IANA Internet Protocol Number such as TCP(6) and UDP(17). Values: PROTOCOL_UNSPECIFIED: Unspecified protocol (not HOPOPT). ICMP: Internet Control Message Protocol. TCP: Transmission Control Protocol. UDP: User Datagram Protocol. GRE: Generic Routing Encapsulation. ESP: Encap Security Payload. rr rrrrrN rrrr r!PROTOCOL_UNSPECIFIEDICMPTCPUDPGREESPr0rr1r2ProtocolValueValuesEnumr(  D C C C Cr1rr rr}rrrrNrrrr r!r"rarr# destinationIprMrrdestinationPortrbprotocolsourceIp sourcePortr0rr1r2rr"  $''*-**1i6G6G6M6MN/  !:A >(  " "1 %(%%a1B1B1H1HI*r1rc<\rSrSrSr\R "S5rSrg)Contacti-lThe email address of a contact. Fields: email: An email address. For example, "`person123@company.com`". r rN rrrr r!r"r#emailr0rr1r2rr-    "%r1rc<\rSrSrSr\R "SSSS9rSrg) ContactDetailsi7HDetails about specific contacts Fields: contacts: A list of contacts rr TrrN rrrr r!r"r%contactsr0rr1r2rr7s  # #Iq4 @(r1rc\rSrSrSr\R "S5r\R "S5r\R"SSSS9r \R "S 5r \R "S 5r S r g ) ContaineriAContainer associated with the finding. Fields: createTime: The time that the container was created. imageId: Optional container image ID, if provided by the container runtime. Uniquely identifies the container image launched using a container image digest. labels: Container labels, as provided by the container runtime. name: Name of the container. uri: Container image URI provided when configuring a pod or container. This string can identify a container image version using mutable tags. r rLabelrTrrrrNrrrr r!r"r# createTimeimageIdr%rr9urir0rr1r2rrAs] $$Q'*  ! !! $'  ! !'1t <&   q !$a #r1rc`\rSrSrSr\R "S5r\R "S5rSr g)ControliVCompliance control associated with the finding. Fields: controlName: Name of the Control displayName: Display name of the control. For example, AU-02. r rrN rrrr r!r"r# controlNamerdr0rr1r2rrV)%%a(+%%a(+r1rcb\rSrSrSr\R "S5r\R"SS5r Sr g)ribzRequest message to create single resource value config Fields: parent: Required. Resource name of the new ResourceValueConfig's parent. resourceValueConfig: Required. The resource value config being created. r rrrN) rrrr r!r"r#parentr%resourceValueConfigr0rr1r2rrbs.   #&!../_abcr1rc\rSrSrSr"SS\R 5r"SS\R 5r\R"SS5r \R"S 5r \R"SS 5r\R"S 5r\R"S 5r\R"SS 5r\R$"S5r\R"SSSS9r\R$"S5r\R$"S5rSrg)CveinCVE stands for Common Vulnerabilities and Exposures. Information from the [CVE record](https://www.cve.org/ResourcesSupport/Glossary) that describes this vulnerability. Enums: ExploitationActivityValueValuesEnum: The exploitation activity of the vulnerability in the wild. ImpactValueValuesEnum: The potential impact of the vulnerability if it was to be exploited. Fields: cvssv3: Describe Common Vulnerability Scoring System specified at https://www.first.org/cvss/v3.1/specification-document exploitReleaseDate: Date the first publicly available exploit or PoC was released. exploitationActivity: The exploitation activity of the vulnerability in the wild. firstExploitationDate: Date of the earliest known exploitation. id: The unique identifier for the vulnerability. e.g. CVE-2021-34527 impact: The potential impact of the vulnerability if it was to be exploited. observedInTheWild: Whether or not the vulnerability has been observed in the wild. references: Additional information about the CVE. e.g. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34527 upstreamFixAvailable: Whether upstream fix is available for the CVE. zeroDay: Whether or not the vulnerability was zero day when the finding was published. c0\rSrSrSrSrSrSrSrSr Sr S r g ) 'Cve.ExploitationActivityValueValuesEnumiThe exploitation activity of the vulnerability in the wild. Values: EXPLOITATION_ACTIVITY_UNSPECIFIED: Invalid or empty value. WIDE: Exploitation has been reported or confirmed to widely occur. CONFIRMED: Limited reported or confirmed exploitation activities. AVAILABLE: Exploit is publicly available. ANTICIPATED: No known exploitation activity, but has a high potential for exploitation. NO_KNOWN: No known exploitation activity. rr rrrrrN rrrr r!!EXPLOITATION_ACTIVITY_UNSPECIFIEDWIDE CONFIRMED AVAILABLE ANTICIPATEDNO_KNOWNr0rr1r2#ExploitationActivityValueValuesEnumr( )*% DIIKHr1rc,\rSrSrSrSrSrSrSrSr Sr g ) Cve.ImpactValueValuesEnumiThe potential impact of the vulnerability if it was to be exploited. Values: RISK_RATING_UNSPECIFIED: Invalid or empty value. LOW: Exploitation would have little to no security impact. MEDIUM: Exploitation would enable attackers to perform activities, or could allow attackers to have a direct impact, but would require additional steps. HIGH: Exploitation would enable attackers to have a notable direct impact without needing to overcome any major mitigating factors. CRITICAL: Exploitation would fundamentally undermine the security of affected systems, enable actors to perform significant attacks with minimal effort, with little to no mitigating factors to overcome. rr rrrrN rrrr r!RISK_RATING_UNSPECIFIEDLOWMEDIUMHIGHCRITICALr0rr1r2ImpactValueValuesEnumr#   C F DHr1rCvssv3r rrrrrr ReferencerTrrrrNrrrr r!r"rarrr%cvssv3r#exploitReleaseDaterbexploitationActivityfirstExploitationDaterimpactrdobservedInTheWild referencesupstreamFixAvailablezeroDayr0rr1r2rrns<INN&inn*  ! !(A .& ,,Q/",,-RTUV#//2Q"   6 :&,,Q/%%k1tD*"//2  " "2 &'r1rc\rSrSrSr"SS\R 5r"SS\R 5r"SS\R 5r "S S \R 5r "S S \R 5r "S S\R 5r "SS\R 5r "SS\R 5r\R"SS5r\R"SS5r\R"SS5r\R&"S5r\R"S S5r\R"S S5r\R"SS5r\R"SS5r\R"SS5rSrg)riy Common Vulnerability Scoring System version 3. Enums: AttackComplexityValueValuesEnum: This metric describes the conditions beyond the attacker's control that must exist in order to exploit the vulnerability. AttackVectorValueValuesEnum: Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments. This metric reflects the context by which vulnerability exploitation is possible. AvailabilityImpactValueValuesEnum: This metric measures the impact to the availability of the impacted component resulting from a successfully exploited vulnerability. ConfidentialityImpactValueValuesEnum: This metric measures the impact to the confidentiality of the information resources managed by a software component due to a successfully exploited vulnerability. IntegrityImpactValueValuesEnum: This metric measures the impact to integrity of a successfully exploited vulnerability. PrivilegesRequiredValueValuesEnum: This metric describes the level of privileges an attacker must possess before successfully exploiting the vulnerability. ScopeValueValuesEnum: The Scope metric captures whether a vulnerability in one vulnerable component impacts resources in components beyond its security scope. UserInteractionValueValuesEnum: This metric captures the requirement for a human user, other than the attacker, to participate in the successful compromise of the vulnerable component. Fields: attackComplexity: This metric describes the conditions beyond the attacker's control that must exist in order to exploit the vulnerability. attackVector: Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments. This metric reflects the context by which vulnerability exploitation is possible. availabilityImpact: This metric measures the impact to the availability of the impacted component resulting from a successfully exploited vulnerability. baseScore: The base score is a function of the base metric scores. confidentialityImpact: This metric measures the impact to the confidentiality of the information resources managed by a software component due to a successfully exploited vulnerability. integrityImpact: This metric measures the impact to integrity of a successfully exploited vulnerability. privilegesRequired: This metric describes the level of privileges an attacker must possess before successfully exploiting the vulnerability. scope: The Scope metric captures whether a vulnerability in one vulnerable component impacts resources in components beyond its security scope. userInteraction: This metric captures the requirement for a human user, other than the attacker, to participate in the successful compromise of the vulnerable component. c$\rSrSrSrSrSrSrSrg)&Cvssv3.AttackComplexityValueValuesEnumiThis metric describes the conditions beyond the attacker's control that must exist in order to exploit the vulnerability. Values: ATTACK_COMPLEXITY_UNSPECIFIED: Invalid value. ATTACK_COMPLEXITY_LOW: Specialized access conditions or extenuating circumstances do not exist. An attacker can expect repeatable success when attacking the vulnerable component. ATTACK_COMPLEXITY_HIGH: A successful attack depends on conditions beyond the attacker's control. That is, a successful attack cannot be accomplished at will, but requires the attacker to invest in some measurable amount of effort in preparation or execution against the vulnerable component before a successful attack can be expected. rr rrN rrrr r!ATTACK_COMPLEXITY_UNSPECIFIEDATTACK_COMPLEXITY_LOWATTACK_COMPLEXITY_HIGHr0rr1r2AttackComplexityValueValuesEnumr %&!r1rc,\rSrSrSrSrSrSrSrSr Sr g ) "Cvssv3.AttackVectorValueValuesEnumi Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments. This metric reflects the context by which vulnerability exploitation is possible. Values: ATTACK_VECTOR_UNSPECIFIED: Invalid value. ATTACK_VECTOR_NETWORK: The vulnerable component is bound to the network stack and the set of possible attackers extends beyond the other options listed below, up to and including the entire Internet. ATTACK_VECTOR_ADJACENT: The vulnerable component is bound to the network stack, but the attack is limited at the protocol level to a logically adjacent topology. ATTACK_VECTOR_LOCAL: The vulnerable component is not bound to the network stack and the attacker's path is via read/write/execute capabilities. ATTACK_VECTOR_PHYSICAL: The attack requires the attacker to physically touch or manipulate the vulnerable component. rr rrrrN rrrr r!ATTACK_VECTOR_UNSPECIFIEDATTACK_VECTOR_NETWORKATTACK_VECTOR_ADJACENTATTACK_VECTOR_LOCALATTACK_VECTOR_PHYSICALr0rr1r2AttackVectorValueValuesEnumr '&!"r1rc(\rSrSrSrSrSrSrSrSr g) (Cvssv3.AvailabilityImpactValueValuesEnumi%This metric measures the impact to the availability of the impacted component resulting from a successfully exploited vulnerability. Values: IMPACT_UNSPECIFIED: Invalid value. IMPACT_HIGH: High impact. IMPACT_LOW: Low impact. IMPACT_NONE: No impact. rr rrrN rrrr r!IMPACT_UNSPECIFIED IMPACT_HIGH IMPACT_LOW IMPACT_NONEr0rr1r2!AvailabilityImpactValueValuesEnumr%KJKr1rc(\rSrSrSrSrSrSrSrSr g) +Cvssv3.ConfidentialityImpactValueValuesEnumi4!This metric measures the impact to the confidentiality of the information resources managed by a software component due to a successfully exploited vulnerability. Values: IMPACT_UNSPECIFIED: Invalid value. IMPACT_HIGH: High impact. IMPACT_LOW: Low impact. IMPACT_NONE: No impact. rr rrrNrrr1r2$ConfidentialityImpactValueValuesEnumr4 KJKr1rc(\rSrSrSrSrSrSrSrSr g) %Cvssv3.IntegrityImpactValueValuesEnumiDThis metric measures the impact to integrity of a successfully exploited vulnerability. Values: IMPACT_UNSPECIFIED: Invalid value. IMPACT_HIGH: High impact. IMPACT_LOW: Low impact. IMPACT_NONE: No impact. rr rrrNrrr1r2IntegrityImpactValueValuesEnumrDrr1rc(\rSrSrSrSrSrSrSrSr g) (Cvssv3.PrivilegesRequiredValueValuesEnumiS_This metric describes the level of privileges an attacker must possess before successfully exploiting the vulnerability. Values: PRIVILEGES_REQUIRED_UNSPECIFIED: Invalid value. PRIVILEGES_REQUIRED_NONE: The attacker is unauthorized prior to attack, and therefore does not require any access to settings or files of the vulnerable system to carry out an attack. PRIVILEGES_REQUIRED_LOW: The attacker requires privileges that provide basic user capabilities that could normally affect only settings and files owned by a user. Alternatively, an attacker with Low privileges has the ability to access only non-sensitive resources. PRIVILEGES_REQUIRED_HIGH: The attacker requires privileges that provide significant (e.g., administrative) control over the vulnerable component allowing access to component-wide settings and files. rr rrrN rrrr r!PRIVILEGES_REQUIRED_UNSPECIFIEDPRIVILEGES_REQUIRED_NONEPRIVILEGES_REQUIRED_LOWPRIVILEGES_REQUIRED_HIGHr0rr1r2!PrivilegesRequiredValueValuesEnumrS! '(#  r1r c$\rSrSrSrSrSrSrSrg)Cvssv3.ScopeValueValuesEnumiiThe Scope metric captures whether a vulnerability in one vulnerable component impacts resources in components beyond its security scope. Values: SCOPE_UNSPECIFIED: Invalid value. SCOPE_UNCHANGED: An exploited vulnerability can only affect resources managed by the same security authority. SCOPE_CHANGED: An exploited vulnerability can affect resources beyond the security scope managed by the security authority of the vulnerable component. rr rrN rrrr r!SCOPE_UNSPECIFIEDSCOPE_UNCHANGED SCOPE_CHANGEDr0rr1r2ScopeValueValuesEnumr i OMr1rc$\rSrSrSrSrSrSrSrg)%Cvssv3.UserInteractionValueValuesEnumiyThis metric captures the requirement for a human user, other than the attacker, to participate in the successful compromise of the vulnerable component. Values: USER_INTERACTION_UNSPECIFIED: Invalid value. USER_INTERACTION_NONE: The vulnerable system can be exploited without interaction from any user. USER_INTERACTION_REQUIRED: Successful exploitation of this vulnerability requires a user to take some action before the vulnerability can be exploited. rr rrN rrrr r!USER_INTERACTION_UNSPECIFIEDUSER_INTERACTION_NONEUSER_INTERACTION_REQUIREDr0rr1r2UserInteractionValueValuesEnumry $%  !r1rr rrrrrrrrrNrrrr r!r"rarrrrrr rrrbattackComplexity attackVectoravailabilityImpactrE baseScoreconfidentialityImpactintegrityImpactprivilegesRequiredscopeuserInteractionr0rr1r2rr94l &INN4 ).. Y^^ y~~ !)..!,Y^^ "y~~""(()JAN$$%BAF, **+NPQR""1%)#--.TVWX''(H!L/ **+NPQR   4a 8%''(H!L/r1rc`\rSrSrSr\R "S5r\R"SSSS9r Sr g ) Cwei"CWE stands for Common Weakness Enumeration. Information about this weakness, as described by [CWE](https://cwe.mitre.org/). Fields: id: The CWE identifier, e.g. CWE-94 references: Any reference to the details on the CWE, for example, https://cwe.mitre.org/data/definitions/94.html r rrTrrN rrrr r!r"r#rr%rr0rr1r2r*r*s-Q"%%k1tD*r1r*c\rSrSrSr"SS\R 5r\R"S5r \R"S5r \R"SS5r \R"S5r S rg ) DataAccessEventi,Details about a data access attempt made by a principal not authorized under applicable data security policy. Enums: OperationValueValuesEnum: The operation performed by the principal to access the data. Fields: eventId: Unique identifier for data access event. eventTime: Timestamp of data access event. operation: The operation performed by the principal to access the data. principalEmail: The email address of the principal that accessed the data. The principal could be a user account, service account, Google group, or other. c(\rSrSrSrSrSrSrSrSr g) (DataAccessEvent.OperationValueValuesEnumiThe operation performed by the principal to access the data. Values: OPERATION_UNSPECIFIED: The operation is unspecified. READ: Represents a read operation. MOVE: Represents a move operation. COPY: Represents a copy operation. rr rrrN rrrr r!OPERATION_UNSPECIFIEDREADMOVECOPYr0rr1r2OperationValueValuesEnumr1 D D Dr1r8r rrrrNrrrr r!r"rar8r#eventId eventTimerb operationr(r0rr1r2r.r.\      ! !! $'##A&)!!"r0rr1r2r\r\'k8%%a(+  " "1t 4(   q !$    "%  " "1 %(  ! !! $'r1r\c\rSrSrSr\R "S5r\R "S5r\R "S5r Sr g)DatasetiLaYVertex AI dataset associated with the finding. Fields: displayName: The user defined display name of dataset, e.g. plants-dataset name: Resource name of the dataset, e.g. projects/{project}/locations/{location}/datasets/2094040236064505856 source: Data source, such as BigQuery source URI, e.g. bq://scc-nexus- test.AIPPtest.gsod r rrrN rrrr r!r"r#rdr9rr0rr1r2rcrcL9%%a(+   q !$   #&r1rcc<\rSrSrSr\R "SSSS9rSrg) Deniedi\PDenied IP rule. Fields: ipRules: Optional. Optional list of denied IP rules. rnr TrrNrorr1r2rgrg\rqr1rgc`\rSrSrSr\R "S5r\R"S5r Sr g) DetectionifMemory hash detection contributing to the binary family match. Fields: binary: The name of the binary associated with the memory hash signature detection. percentPagesMatched: The percentage of memory page hashes in the signature that were matched. r rrN rrrr r!r"r#binaryrEpercentPagesMatchedr0rr1r2rjrjf*   #&!,,Q/r1rjc<\rSrSrSr\R "S5rSrg)DiskitContains information about the disk associated with the finding. Fields: name: The name of the disk, for example, "https://www.googleapis.com/compute/v1/projects/{project- id}/zones/{zone-id}/disks/{disk-id}". r rN rrrr r!r"r#r9r0rr1r2rqrqt   q !$r1rqc`\rSrSrSr\R "S5r\R "S5rSr g)DiskPathiJPath of the file in terms of underlying disk/partition identifiers. Fields: partitionUuid: UUID of the partition (format https://wiki.archlinux.org/title/persistent_block_device_naming#by-uuid) relativePath: Relative path of the file in the partition as a JSON encoded string. Example: /home/user1/executable_file.sh r rrN rrrr r!r"r# partitionUuid relativePathr0rr1r2rvrv)''*-&&q),r1rvc`\rSrSrSr\R "S5r\R "S5rSr g)DynamicMuteRecordiThe record of a dynamic mute rule that matches the finding. Fields: matchTime: When the dynamic mute rule first matched the finding. muteConfig: The relative resource name of the mute rule, represented by a mute config, that created this record, for example `organizations/123/muteConfigs/mymuteconfig` or `organizations/123/locations/global/muteConfigs/mymuteconfig`. r rrN rrrr r!r"r# matchTime muteConfigr0rr1r2r}r})##A&)$$Q'*r1r}c\rSrSrSrSrg)EmptyiaA generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs. A typical example is to use it as the request or the response type of an API method. For instance: service Foo { rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); } rNrrrr r!r0rr1r2rrsr1rc`\rSrSrSr\R "S5r\R "S5rSr g)EnvironmentVariableiA name-value pair representing an environment variable used in an operating system process. Fields: name: Environment variable name as a JSON encoded string. val: Environment variable value as a JSON encoded string. r rrN rrrr r!r"r#r9valr0rr1r2rr)   q !$a #r1rc^\rSrSrSr\R "SSS9r\R "S5rSr g) ExfilResourceiResource where data was exfiltrated from or exfiltrated to. Fields: components: Subcomponents of the asset that was exfiltrated, like URIs used during exfiltration, table names, databases, and filenames. For example, multiple tables might have been exfiltrated from the same Cloud SQL instance, or multiple files might have been exfiltrated from the same Cloud Storage bucket. name: The resource's [full resource name](https://cloud.google.com/apis/de sign/resource_names#full_resource_name). r TrrrN rrrr r!r"r# componentsr9r0rr1r2rr+ $$Q6*   q !$r1rc\rSrSrSr\R "SSSS9r\R "SSSS9r\R"S5r S r g ) ExfiltrationiExfiltration represents a data exfiltration attempt from one or more sources to one or more targets. The `sources` attribute lists the sources of the exfiltrated data. The `targets` attribute lists the destinations the data was copied to. Fields: sources: If there are multiple sources, then the data is considered "joined" between them. For instance, BigQuery can join multiple tables, and each table would be considered a source. targets: If there are multiple targets, each target would get a complete copy of the "joined" source data. totalExfiltratedBytes: Total exfiltrated bytes processed for the entire job. rr TrrrrN rrrr r!r"r%sourcestargetsrMtotalExfiltratedBytesr0rr1r2rrsB   " "?A E'  " "?A E'#003r1rcb\rSrSrSr\R "SS5r\R"S5r Sr g)ExportFindingsMetadataizThe LRO metadata for a ExportFindings request. Fields: bigQueryDestination: Required. The destination BigQuery dataset to export findings to. exportStartTime: Optional. Timestamp at which export was started rr rrN) rrrr r!r"r%bigQueryDestinationr#exportStartTimer0rr1r2rrs-"../DaH))!,/r1rc>\rSrSrSr\R "SS5rSrg)ExportFindingsRequestizRequest message for exporting findings to external BigQuery. Fields: bigQueryDestination: Required. The destination BigQuery dataset to export findings to. rr rN) rrrr r!r"r%rr0rr1r2rrs"../DaHr1rc\rSrSrSrSrg)ExportFindingsResponseizJThe response to a ExportFindings request. Contains the LRO information. rNrrr1r2rrsr1rc\rSrSrSr\R "S5r\R "S5r\R "S5r \R "S5r Sr g) riaqRepresents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. Fields: description: Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI. expression: Textual representation of an expression in Common Expression Language syntax. location: Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file. title: Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression. r rrrrN) rrrr r!r"r#r expressionrgtitler0rr1r2rrsI:%%a(+$$Q'*  " "1 %(    "%r1rc:\rSrSrSr\R "S5r\R"SS5r \R"S5r \R"SSS S 9r \R"S 5r\R "S 5r\R "S 5r\R"S5rSrg)Filei+File information about the related binary/library used by an executable, or the script used by a script interpreter Fields: contents: Prefix of the file contents as a JSON-encoded string. diskPath: Path of the file in terms of underlying disk/partition identifiers. hashedSize: The length in bytes of the file prefix that was hashed. If hashed_size == size, any hashes reported represent the entire file. operations: Operation(s) performed on a file. partiallyHashed: True when the hash covers only a prefix of the file. path: Absolute path of the file as a JSON encoded string. sha256: SHA256 hash of the first hashed_size bytes of the file encoded as a hex string. If hashed_size == size, sha256 represents the SHA256 hash of the entire file. size: Size of the file in bytes. r rvrr FileOperationrTrrrrrrNrrrr r!r"r#contentsr%diskPathrM hashedSize operationsrdpartiallyHashedpathsha256sizer0rr1r2rrs$ " "1 %(  # #J 2(%%a(*%%oq4H***1-/   q !$   #&    "$r1rch\rSrSrSr"SS\R 5r\R"SS5r Sr g)ri8Operation(s) performed on a file. Enums: TypeValueValuesEnum: The type of the operation Fields: type: The type of the operation c0\rSrSrSrSrSrSrSrSr Sr S r g ) !FileOperation.TypeValueValuesEnumiB&The type of the operation Values: OPERATION_TYPE_UNSPECIFIED: The operation is unspecified. OPEN: Represents an open operation. READ: Represents a read operation. RENAME: Represents a rename operation. WRITE: Represents a write operation. EXECUTE: Represents an execute operation. rr rrrrrN rrrr r!OPERATION_TYPE_UNSPECIFIEDOPENr5RENAMEWRITEEXECUTEr0rr1r2rrB( "# D D F EGr1rr rN rrrr r!r"rarrbrr0rr1r2rr8,INN$   2A 6$r1rc \rSrSrSr"SS\R 5r"SS\R 5r"SS\R 5r "S S \R 5r \ R"S 5"S S \R55r\ R"S 5"SS\R55r\ R"S 5"SS\R55r\R""SS5r\R""SS5r\R""SS5r\R""SS5r\R""SS5r\R""SS5r\R0"S5r\R0"S5r\R""S S!5r\R""S"S#5r\R""S$S%5r\R""S&S'5r\R""S(S)5r\R""S*S+S,S-9r \R""S.S/S,S-9r!\R""S S05r"\R""S1S2S,S-9r#\R0"S35r$\R""S4S5S,S-9r%\R""S6S7S,S-9r&\R""S8S9S,S-9r'\R""S:S;5r(\R0"S<5r)\R""S=S>5r*\R0"S?5r+\R""S@SA5r,\R""SSB5r-\R0"SC5r.\R""SDSES,S-9r/\R`"SSF5r1\R""SGSHS,S-9r2\R""SISJS,S-9r3\R""SKSL5r4\R""SMSN5r5\R""SOSP5r6\R""SQSR5r7\R""SSST5r8\R""SUSVS,S-9r9\R""SWSXS,S-9r:\R""SYSZ5r;\R0"S[5r<\R`"SS\5r=\R0"S]5r>\R""S^S_5r?\R0"S`5r@\R0"Sa5rA\R0"Sb5rB\R""ScSdS,S-9rC\R0"Se5rD\R""SfSg5rE\R""ShSiS,S-9rF\R0"Sj5rG\R0"Sk5rH\R""SlSmS,S-9rI\R0"Sn5rJ\R""SoSp5rK\R""SqSr5rL\R`"SSs5rM\R""SSt5rN\R`"S Su5rO\R""SvSw5rP\R""SxSy5rQ\R""SzS{5rRS|rSg})~FindingiWaW)Security Command Center finding. A finding is a record of assessment data like security, risk, health, or privacy, that is ingested into Security Command Center for presentation, notification, analysis, policy testing, and enforcement. For example, a cross-site scripting (XSS) vulnerability in an App Engine application is a finding. Enums: FindingClassValueValuesEnum: The class of the finding. MuteValueValuesEnum: Indicates the mute state of a finding (either muted, unmuted or undefined). Unlike other attributes of a finding, a finding provider shouldn't set the value of mute. SeverityValueValuesEnum: The severity of the finding. This field is managed by the source that writes the finding. StateValueValuesEnum: The state of the finding. Messages: ContactsValue: Output only. Map containing the points of contact for the given finding. The key represents the type of contact, while the value contains a list of all the contacts that pertain. Please refer to: https://cloud.google.com/resource-manager/docs/managing-notification- contacts#notification-categories { "security": { "contacts": [ { "email": "person1@company.com" }, { "email": "person2@company.com" } ] } } ExternalSystemsValue: Output only. Third party SIEM/SOAR fields within SCC, contains external system information and external system finding fields. SourcePropertiesValue: Source specific properties. These properties are managed by the source that writes the finding. The key names in the source_properties map must be between 1 and 255 characters, and must start with a letter and contain alphanumeric characters or underscores only. Fields: access: Access details associated with the finding, such as more information on the caller, which method was accessed, and from where. affectedResources: AffectedResources associated with the finding. aiModel: The AI model associated with the finding. application: Represents an application associated with the finding. attackExposure: The results of an attack path simulation relevant to this finding. backupDisasterRecovery: Fields related to Backup and DR findings. canonicalName: The canonical name of the finding. It's either "organizatio ns/{organization_id}/sources/{source_id}/findings/{finding_id}", "folders/{folder_id}/sources/{source_id}/findings/{finding_id}" or "projects/{project_number}/sources/{source_id}/findings/{finding_id}", depending on the closest CRM ancestor of the resource associated with the finding. category: The additional taxonomy group within findings from a given source. This field is immutable after creation time. Example: "XSS_FLASH_INJECTION" chokepoint: Contains details about a chokepoint, which is a resource or resource group where high-risk attack paths converge, based on [attack path simulations] (https://cloud.google.com/security-command- center/docs/attack-exposure-learn#attack_path_simulations). This field cannot be updated. Its value is ignored in all update requests. cloudArmor: Fields related to Cloud Armor findings. cloudDlpDataProfile: Cloud DLP data profile that is associated with the finding. cloudDlpInspection: Cloud Data Loss Prevention (Cloud DLP) inspection results that are associated with the finding. complianceDetails: Details about the compliance implications of the finding. compliances: Contains compliance information for security standards associated to the finding. connections: Contains information about the IP connection associated with the finding. contacts: Output only. Map containing the points of contact for the given finding. The key represents the type of contact, while the value contains a list of all the contacts that pertain. Please refer to: https://cloud.google.com/resource-manager/docs/managing-notification- contacts#notification-categories { "security": { "contacts": [ { "email": "person1@company.com" }, { "email": "person2@company.com" } ] } } containers: Containers associated with the finding. This field provides information for both Kubernetes and non-Kubernetes containers. createTime: The time at which the finding was created in Security Command Center. dataAccessEvents: Data access events associated with the finding. dataFlowEvents: Data flow events associated with the finding. dataRetentionDeletionEvents: Data retention deletion events associated with the finding. database: Database associated with the finding. description: Contains more details about the finding. disk: Disk associated with the finding. eventTime: The time the finding was first detected. If an existing finding is updated, then this is the time the update occurred. For example, if the finding represents an open firewall, this property captures the time the detector believes the firewall became open. The accuracy is determined by the detector. If the finding is later resolved, then this time reflects when the finding was resolved. This must not be set to a value greater than the current timestamp. exfiltration: Represents exfiltrations associated with the finding. externalSystems: Output only. Third party SIEM/SOAR fields within SCC, contains external system information and external system finding fields. externalUri: The URI that, if available, points to a web page outside of Security Command Center where additional information about the finding can be found. This field is guaranteed to be either empty or a well formed URL. files: File associated with the finding. findingClass: The class of the finding. groupMemberships: Contains details about groups of which this finding is a member. A group is a collection of findings that are related in some way. This field cannot be updated. Its value is ignored in all update requests. iamBindings: Represents IAM bindings associated with the finding. indicator: Represents what's commonly known as an *indicator of compromise* (IoC) in computer forensics. This is an artifact observed on a network or in an operating system that, with high confidence, indicates a computer intrusion. For more information, see [Indicator of compromise](https://en.wikipedia.org/wiki/Indicator_of_compromise). ipRules: IP rules associated with the finding. job: Job associated with the finding. kernelRootkit: Signature of the kernel rootkit. kubernetes: Kubernetes resources associated with the finding. loadBalancers: The load balancers associated with the finding. logEntries: Log entries that are relevant to the finding. mitreAttack: MITRE ATT&CK tactics and techniques related to this finding. See: https://attack.mitre.org moduleName: Unique identifier of the module which generated the finding. Example: folders/598186756061/securityHealthAnalyticsSettings/customModu les/56799441161885 mute: Indicates the mute state of a finding (either muted, unmuted or undefined). Unlike other attributes of a finding, a finding provider shouldn't set the value of mute. muteAnnotation: Records additional information about the mute operation e.g. mute config that muted the finding etc. Unlike other attributes of a finding, a finding provider shouldn't set the value of mute_annotation. muteInfo: Output only. The mute information regarding this finding. muteInitiator: Records additional information about the mute operation, for example, the [mute configuration](/security-command-center/docs/how- to-mute-findings) that muted the finding and the user who muted the finding. muteUpdateTime: Output only. The most recent time this finding was muted or unmuted. name: The [relative resource name](https://cloud.google.com/apis/design/re source_names#relative_resource_name) of the finding. Example: "organizat ions/{organization_id}/sources/{source_id}/findings/{finding_id}", "folders/{folder_id}/sources/{source_id}/findings/{finding_id}", "projects/{project_id}/sources/{source_id}/findings/{finding_id}". networks: Represents the VPC networks that the resource is attached to. nextSteps: Steps to address the finding. notebook: Notebook associated with the finding. orgPolicies: Contains information about the org policies associated with the finding. parent: The relative resource name of the source the finding belongs to. See: https://cloud.google.com/apis/design/resource_names#relative_resour ce_name This field is immutable after creation time. For example: "organizations/{organization_id}/sources/{source_id}" parentDisplayName: Output only. The human readable display name of the finding source such as "Event Threat Detection" or "Security Health Analytics". processes: Represents operating system processes associated with the Finding. resourceName: For findings on Google Cloud resources, the full resource name of the Google Cloud resource this finding is for. See: https://cloud.google.com/apis/design/resource_names#full_resource_name When the finding is for a non-Google Cloud resource, the resourceName can be a customer or partner defined string. This field is immutable after creation time. securityMarks: Output only. User specified security marks. These marks are entirely managed by the user and come from the SecurityMarks resource that belongs to the finding. securityPosture: The security posture associated with the finding. severity: The severity of the finding. This field is managed by the source that writes the finding. sourceProperties: Source specific properties. These properties are managed by the source that writes the finding. The key names in the source_properties map must be between 1 and 255 characters, and must start with a letter and contain alphanumeric characters or underscores only. state: The state of the finding. toxicCombination: Contains details about a group of security issues that, when the issues occur together, represent a greater risk than when the issues occur independently. A group of such issues is referred to as a toxic combination. This field cannot be updated. Its value is ignored in all update requests. vertexAi: VertexAi associated with the finding. vulnerability: Represents vulnerability-specific fields like CVE and CVSS scores. CVE stands for Common Vulnerabilities and Exposures (https://cve.mitre.org/about/) c@\rSrSrSrSrSrSrSrSr Sr S r S r S r S rS rg)#Finding.FindingClassValueValuesEnumiahThe class of the finding. Values: FINDING_CLASS_UNSPECIFIED: Unspecified finding class. THREAT: Describes unwanted or malicious activity. VULNERABILITY: Describes a potential weakness in software that increases risk to Confidentiality & Integrity & Availability. MISCONFIGURATION: Describes a potential weakness in cloud resource/asset configuration that increases risk. OBSERVATION: Describes a security observation that is for informational purposes. SCC_ERROR: Describes an error that prevents some SCC functionality. POSTURE_VIOLATION: Describes a potential security risk due to a change in the security posture. TOXIC_COMBINATION: Describes a group of security issues that, when the issues occur together, represent a greater risk than when the issues occur independently. A group of such issues is referred to as a toxic combination. SENSITIVE_DATA_RISK: Describes a potential security risk to data assets that contain sensitive data. CHOKEPOINT: Describes a resource or resource group where high risk attack paths converge, based on attack path simulations (APS). rr rrrrrrrrrNrrrr r!FINDING_CLASS_UNSPECIFIEDTHREAT VULNERABILITYMISCONFIGURATION OBSERVATION SCC_ERRORPOSTURE_VIOLATIONTOXIC_COMBINATIONSENSITIVE_DATA_RISK CHOKEPOINTr0rr1r2FindingClassValueValuesEnumrs@.!" FMKIJr1rc(\rSrSrSrSrSrSrSrSr g) Finding.MuteValueValuesEnumi2IIndicates the mute state of a finding (either muted, unmuted or undefined). Unlike other attributes of a finding, a finding provider shouldn't set the value of mute. Values: MUTE_UNSPECIFIED: Unspecified. MUTED: Finding has been muted. UNMUTED: Finding has been unmuted. UNDEFINED: Finding has never been muted/unmuted. rr rrrN rrrr r!MUTE_UNSPECIFIEDr'UNMUTEDr(r0rr1r2MuteValueValuesEnumr2  EGIr1rc,\rSrSrSrSrSrSrSrSr Sr g ) Finding.SeverityValueValuesEnumiB The severity of the finding. This field is managed by the source that writes the finding. Values: SEVERITY_UNSPECIFIED: This value is used for findings when a source doesn't write a severity value. CRITICAL: Vulnerability: A critical vulnerability is easily discoverable by an external actor, exploitable, and results in the direct ability to execute arbitrary code, exfiltrate data, and otherwise gain additional access and privileges to cloud resources and workloads. Examples include publicly accessible unprotected user data and public SSH access with weak or no passwords. Threat: Indicates a threat that is able to access, modify, or delete data or execute unauthorized code within existing resources. HIGH: Vulnerability: A high risk vulnerability can be easily discovered and exploited in combination with other vulnerabilities in order to gain direct access and the ability to execute arbitrary code, exfiltrate data, and otherwise gain additional access and privileges to cloud resources and workloads. An example is a database with weak or no passwords that is only accessible internally. This database could easily be compromised by an actor that had access to the internal network. Threat: Indicates a threat that is able to create new computational resources in an environment but not able to access data or execute code in existing resources. MEDIUM: Vulnerability: A medium risk vulnerability could be used by an actor to gain access to resources or privileges that enable them to eventually (through multiple steps or a complex exploit) gain access and the ability to execute arbitrary code or exfiltrate data. An example is a service account with access to more projects than it should have. If an actor gains access to the service account, they could potentially use that access to manipulate a project the service account was not intended to. Threat: Indicates a threat that is able to cause operational impact but may not access data or execute unauthorized code. LOW: Vulnerability: A low risk vulnerability hampers a security organization's ability to detect vulnerabilities or active threats in their deployment, or prevents the root cause investigation of security issues. An example is monitoring and logs being disabled for resource configurations and access. Threat: Indicates a threat that has obtained minimal access to an environment but is not able to access data, execute code, or create resources. rr rrrrN rrrr r!SEVERITY_UNSPECIFIEDrrrrr0rr1r2SeverityValueValuesEnumrB$)TH D F Cr1rc$\rSrSrSrSrSrSrSrg)Finding.StateValueValuesEnumisThe state of the finding. Values: STATE_UNSPECIFIED: Unspecified state. ACTIVE: The finding requires attention and has not been addressed yet. INACTIVE: The finding has been fixed, triaged as a non-issue or otherwise addressed and is no longer active. rr rrN rrrr r!rACTIVEINACTIVEr0rr1r2rrs FHr1rrcf\rSrSrSr"SS\R 5r\R"SSSS9r Sr g ) Finding.ContactsValuei7Output only. Map containing the points of contact for the given finding. The key represents the type of contact, while the value contains a list of all the contacts that pertain. Please refer to: https://cloud.google.com/resource-manager/docs/managing-notification- contacts#notification-categories { "security": { "contacts": [ { "email": "person1@company.com" }, { "email": "person2@company.com" } ] } } Messages: AdditionalProperty: An additional property for a ContactsValue object. Fields: additionalProperties: Additional properties of type ContactsValue cb\rSrSrSr\R "S5r\R"SS5r Sr g)(Finding.ContactsValue.AdditionalPropertyizAn additional property for a ContactsValue object. Fields: key: Name of the additional property. value: A ContactDetails attribute. r rrrN rrrr r!r"r#rr%rr0rr1r2rrs,   ! !! $c$$%5q9er1rr TrrNrrr1r2 ContactsValuers2  :Y.. :%112FTXYr1rcf\rSrSrSr"SS\R 5r\R"SSSS9r Sr g ) Finding.ExternalSystemsValuei2Output only. Third party SIEM/SOAR fields within SCC, contains external system information and external system finding fields. Messages: AdditionalProperty: An additional property for a ExternalSystemsValue object. Fields: additionalProperties: Additional properties of type ExternalSystemsValue cb\rSrSrSr\R "S5r\R"SS5r Sr g)/Finding.ExternalSystemsValue.AdditionalPropertyizAn additional property for a ExternalSystemsValue object. Fields: key: Name of the additional property. value: A GoogleCloudSecuritycenterV1ExternalSystem attribute. r )GoogleCloudSecuritycenterV1ExternalSystemrrNrrr1r2rr-   ! !! $c$$%PRSTer1rr TrrNrrr1r2ExternalSystemsValuer4  UY.. U%112FTXYr1rcf\rSrSrSr"SS\R 5r\R"SSSS9r Sr g ) Finding.SourcePropertiesValueiSource specific properties. These properties are managed by the source that writes the finding. The key names in the source_properties map must be between 1 and 255 characters, and must start with a letter and contain alphanumeric characters or underscores only. Messages: AdditionalProperty: An additional property for a SourcePropertiesValue object. Fields: additionalProperties: Additional properties of type SourcePropertiesValue cb\rSrSrSr\R "S5r\R"SS5r Sr g)0Finding.SourcePropertiesValue.AdditionalPropertyiAn additional property for a SourcePropertiesValue object. Fields: key: Name of the additional property. value: A extra_types.JsonValue attribute. r extra_types.JsonValuerrNrrr1r2rr,   ! !! $c$$% Vulnerability?rN)Trrrr r!r"rarrrrrrrrrrr%accessaffectedResourcesaiModel applicationattackExposurebackupDisasterRecoveryr# canonicalNamecategory chokepoint cloudArmorcloudDlpDataProfilecloudDlpInspectioncomplianceDetails compliances connectionsr containersrdataAccessEventsdataFlowEventsdataRetentionDeletionEventsdatabaserdiskr< exfiltrationexternalSystems externalUrifilesrb findingClassgroupMemberships iamBindings indicatorrpjob kernelRootkit kubernetes loadBalancers logEntries mitreAttack moduleNamemutemuteAnnotationmuteInfo muteInitiatormuteUpdateTimer9networks nextStepsnotebook orgPoliciesrparentDisplayName processes resourceName securityMarkssecurityPostureseveritysourcePropertiesrtoxicCombinationvertexAi vulnerabilityr0rr1r2rrWsgun!INN!FINN / / b Y^^  !!"89Zi''Z:Z8 !!"89ZY..Z:Z2 !!"89Zi//Z:Z8  ! !(A .&,,-@!D  " "9a 0'&&}a8+))*:A>.$112JAN''*-  " "1 %(%%lA6*%%lB7*!../DbI --.BBG,,-@"E&&|R$G+&&|R$G+  # #OR 8(%%k2E*$$R(*++,=rDQ))/2M. ) 6 67SUWbf g  # #J 3(%%b)+    +$##B')'';,**+A2F/%%b)+  d ;%$$%BBG,++,=rDQ&&|R$G+$$["5)  " "9b 1'ub)#(("=-%%lB7*((dK-%%j"tD*&&}b9+$$R(*   2B 7$((,.  # #J 3(''+-((,.   r "$  # #IrD A(##B')  # #J 3(&&{BF+   $&++B/$$YTB)&&r*,(("=-**+C  # #J 3((("=-r1rc`\rSrSrSr\R "S5r\R "S5rSr g)Folderi )Message that contains the resource name and display name of a folder resource. Fields: resourceFolder: Full resource name of this folder. See: https://cloud.google.com/apis/design/resource_names#full_resource_name resourceFolderDisplayName: The user defined display name for this folder. r rrN rrrr r!r"r#resourceFolderresourceFolderDisplayNamer0rr1r2r~r~ *((+.'33A6r1r~c"\rSrSrSr"SS\R 5r"SS\R 5r\R"SSSS 9r \R"S S SS 9r \R"S 5r\R"S 5r\R"SS5rSrg)r|i# Compliance framework associated with the finding. Enums: CategoryValueListEntryValuesEnum: TypeValueValuesEnum: Type of the framework associated with the finding, to specify whether the framework is built-in (pre-defined and immutable) or a custom framework defined by the customer (equivalent to security posture) Fields: category: Category of the framework associated with the finding. E.g. Security Benchmark, or Assured Workloads controls: The controls associated with the framework. displayName: Display name of the framework. For a standard framework, this will look like e.g. PCI DSS 3.2.1, whereas for a custom framework it can be a user defined string like MyFramework name: Name of the framework associated with the finding type: Type of the framework associated with the finding, to specify whether the framework is built-in (pre-defined and immutable) or a custom framework defined by the customer (equivalent to security posture) c,\rSrSrSrSrSrSrSrSr Sr g ) *Framework.CategoryValueListEntryValuesEnumi; DCategoryValueListEntryValuesEnum enum type. Values: FRAMEWORK_CATEGORY_UNSPECIFIED: Default value. This value is unused. SECURITY_BENCHMARKS: Security Benchmarks framework ASSURED_WORKLOADS: Assured Workloads framework DATA_SECURITY: Data Security framework GOOGLE_BEST_PRACTICES: Google Best Practices framework rr rrrrN rrrr r!FRAMEWORK_CATEGORY_UNSPECIFIEDSECURITY_BENCHMARKSASSURED_WORKLOADS DATA_SECURITYGOOGLE_BEST_PRACTICESr0rr1r2 CategoryValueListEntryValuesEnumr; &&'"Mr1rc$\rSrSrSrSrSrSrSrg)Framework.TypeValueValuesEnumiK Type of the framework associated with the finding, to specify whether the framework is built-in (pre-defined and immutable) or a custom framework defined by the customer (equivalent to security posture) Values: FRAMEWORK_TYPE_UNSPECIFIED: Default value. This value is unused. FRAMEWORK_TYPE_BUILT_IN: The framework is a built-in framework if it is created and managed by GCP. FRAMEWORK_TYPE_CUSTOM: The framework is a custom framework if it is created and managed by the user. rr rrN rrrr r!FRAMEWORK_TYPE_UNSPECIFIEDFRAMEWORK_TYPE_BUILT_INFRAMEWORK_TYPE_CUSTOMr0rr1r2rrK  "#r1rr TrrrrrrrNrrrr r!r"rarrrbrMr%controlsr#rdr9rr0rr1r2r|r|# s. INN  !CQQU V(  # #Iq4 @(%%a(+   q !$   2A 6$r1r|c\rSrSrSr\R "SSSS9r\R"S5r \R"S5r \R"S 5r \R"S 5r \R"S 5r S rg ) GcpMetadataib aGoogle Cloud metadata associated with the resource. Only applicable if the finding's cloud provider is Google Cloud. Fields: folders: Output only. Contains a Folder message for each folder in the assets ancestry. The first folder is the deepest nested folder, and the last folder is the folder directly under the Organization. organization: The name of the organization that the resource belongs to. parent: The full resource name of resource's parent. parentDisplayName: The human readable name of resource's parent. project: The full resource name of project that the resource belongs to. projectDisplayName: The project ID that the resource belongs to. !GoogleCloudSecuritycenterV2Folderr TrrrrrrrN)rrrr r!r"r%foldersr#rrrsprojectprojectDisplayNamer0rr1r2rrb sq   " "#FTX Y'&&q),   #&++A.  ! !! $' ,,Q/r1rc<\rSrSrSr\R "S5rSrg)r iy VRepresents a geographical location for a given access. Fields: regionCode: A CLDR. r rN rrrr r!r"r# regionCoder0rr1r2r r y  $$Q'*r1r c>\rSrSrSr\R "SS5rSrg)GetIamPolicyRequesti zRequest message for `GetIamPolicy` method. Fields: options: OPTIONAL: A `GetPolicyOptions` object for specifying options to `GetIamPolicy`. GetPolicyOptionsr rN) rrrr r!r"r%optionsr0rr1r2rr s  " "#5q 9'r1rcb\rSrSrSr\R "S\RRS9r Sr g)ri a]Encapsulates settings provided to GetIamPolicy. Fields: requestedPolicyVersion: Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource- policies). r r}rN) rrrr r!r"rMrrrequestedPolicyVersionr0rr1r2rr s("%11!Y=N=N=T=TUr1rc8\rSrSrSr\R "S5r\R "S5r\R "S5r \R "S5r \R "S5r \R "S5r \R "S 5r \R "S 5rS rg ) )GoogleCloudSecuritycenterV1BigQueryExporti aConfigures how to deliver Findings to BigQuery Instance. Fields: createTime: Output only. The time at which the BigQuery export was created. This field is set by the server and will be ignored if provided on export on creation. dataset: The dataset to write findings' updates to. Its format is "projects/[project_id]/datasets/[bigquery_dataset_id]". BigQuery Dataset unique ID must contain only letters (a-z, A-Z), numbers (0-9), or underscores (_). description: The description of the export (max of 1024 characters). filter: Expression that defines the filter to apply across create/update events of findings. The expression is a list of zero or more restrictions combined via logical operators `AND` and `OR`. Parentheses are supported, and `OR` has higher precedence than `AND`. Restrictions have the form ` ` and may have a `-` character in front of them to indicate negation. The fields map to those defined in the corresponding resource. The supported operators are: * `=` for all value types. * `>`, `<`, `>=`, `<=` for integer values. * `:`, meaning substring matching, for strings. The supported value types are: * string literals in quotes. * integer literals without quotes. * boolean literals `true` and `false` without quotes. mostRecentEditor: Output only. Email address of the user who last edited the BigQuery export. This field is set by the server and will be ignored if provided on export creation or update. name: The relative resource name of this export. See: https://cloud.google .com/apis/design/resource_names#relative_resource_name. Example format: "organizations/{organization_id}/bigQueryExports/{export_id}" Example format: "folders/{folder_id}/bigQueryExports/{export_id}" Example format: "projects/{project_id}/bigQueryExports/{export_id}" This field is provided in responses, and is ignored when provided in create requests. principal: Output only. The service account that needs permission to create table and upload data to the BigQuery dataset. updateTime: Output only. The most recent time at which the BigQuery export was updated. This field is set by the server and will be ignored if provided on export creation or update. r rrrrrrrrN)rrrr r!r"r#rrrr*mostRecentEditorr9 principal updateTimer0rr1r2rr s%N$$Q'*  ! !! $'%%a(+   #&**1-   q !$##A&)$$Q'*r1rc\rSrSrSr\R "S5r\R "S5r\R"SS5r \R"SSS S 9r S r g ) "GoogleCloudSecuritycenterV1Bindingi 3Represents a Kubernetes RoleBinding or ClusterRoleBinding. Fields: name: Name for the binding. ns: Namespace for the binding. role: The Role or ClusterRole referenced by the binding. subjects: Represents one or more subjects that are bound to the role. Not always available for PATCH requests. r rRolerSubjectrTrrN rrrr r!r"r#r9r:r%r!subjectsr0rr1r2rr sO   q !$Q"    *$  # #Iq4 @(r1rc\rSrSrSrSrg)3GoogleCloudSecuritycenterV1BulkMuteFindingsResponsei AThe response to a BulkMute request. Contains the LRO information.rNrrr1r2rr Jr1rcH\rSrSrSr"SS\R 5r\R"SS5r \R"SS5r \R"S 5r \R"S S 5r \R"S 5r\R"S S5r\R "SS5rSrg)'GoogleCloudSecuritycenterV1CustomConfigi aDefines the properties in a custom module configuration for Security Health Analytics. Use the custom module configuration to create custom detectors that generate custom findings for resources that you specify. Enums: SeverityValueValuesEnum: The severity to assign to findings generated by the module. Fields: celPolicy: The CEL policy spec attached to the custom module. customOutput: Custom output properties. description: Text that describes the vulnerability or misconfiguration that the custom module detects. This explanation is returned with each finding instance to help investigators understand the detected issue. The text must be enclosed in quotation marks. predicate: The CEL expression to evaluate to produce findings. When the expression evaluates to true against a resource, a finding is generated. recommendation: An explanation of the recommended steps that security teams can take to resolve the detected issue. This explanation is returned with each finding generated by this module in the `nextSteps` property of the finding JSON. resourceSelector: The resource types that the custom module operates on. Each custom module can specify up to 5 resource types. severity: The severity to assign to findings generated by the module. c,\rSrSrSrSrSrSrSrSr Sr g ) ?GoogleCloudSecuritycenterV1CustomConfig.SeverityValueValuesEnumi zThe severity to assign to findings generated by the module. Values: SEVERITY_UNSPECIFIED: Unspecified severity. CRITICAL: Critical severity. HIGH: High severity. MEDIUM: Medium severity. LOW: Low severity. rr rrrrNrrr1r2rr #H D F Cr1rr-r +GoogleCloudSecuritycenterV1CustomOutputSpecrrrrr+GoogleCloudSecuritycenterV1ResourceSelectorrrrN)rrrr r!r"rarr% celPolicy customOutputr#r predicaterecommendationresourceSelectorrbrxr0rr1r2rr s4  $$_a8)''(UWXY,%%a(+$$VQ/)((+.++,Y[\]  !:A >(r1rc<\rSrSrSr\R "SSSS9rSrg) ri aKA set of optional name-value pairs that define custom source properties to return with each finding that is generated by the custom module. The custom source properties that are defined here are included in the finding JSON under `sourceProperties`. Fields: properties: A list of custom output properties to add to the finding. #GoogleCloudSecuritycenterV1Propertyr TrrN) rrrr r!r"r% propertiesr0rr1r2rr s%%&KQY]^*r1rc&\rSrSrSr"SS\R 5r"SS\R 5r\R"SS5r \R"SS 5r \R"S 5r\R"SS 5r\R"S 5rS rg)GGoogleCloudSecuritycenterV1EffectiveSecurityHealthAnalyticsCustomModulei+ aAn EffectiveSecurityHealthAnalyticsCustomModule is the representation of a Security Health Analytics custom module at a specified level of the resource hierarchy: organization, folder, or project. If a custom module is inherited from a parent organization or folder, the value of the `enablementState` property in EffectiveSecurityHealthAnalyticsCustomModule is set to the value that is effective in the parent, instead of `INHERITED`. For example, if the module is enabled in a parent organization or folder, the effective enablement_state for the module in all child folders or projects is also `enabled`. EffectiveSecurityHealthAnalyticsCustomModule is read-only. Enums: CloudProviderValueValuesEnum: The cloud provider of the custom module. EnablementStateValueValuesEnum: Output only. The effective state of enablement for the module at the given level of the hierarchy. Fields: cloudProvider: The cloud provider of the custom module. customConfig: Output only. The user-specified configuration for the module. displayName: Output only. The display name for the custom module. The name must be between 1 and 128 characters, start with a lowercase letter, and contain alphanumeric characters or underscores only. enablementState: Output only. The effective state of enablement for the module at the given level of the hierarchy. name: Output only. The resource name of the custom module. Its format is " organizations/{organization}/securityHealthAnalyticsSettings/effectiveCu stomModules/{customModule}", or "folders/{folder}/securityHealthAnalytic sSettings/effectiveCustomModules/{customModule}", or "projects/{project} /securityHealthAnalyticsSettings/effectiveCustomModules/{customModule}" c(\rSrSrSrSrSrSrSrSr g) dGoogleCloudSecuritycenterV1EffectiveSecurityHealthAnalyticsCustomModule.CloudProviderValueValuesEnumiL zThe cloud provider of the custom module. Values: CLOUD_PROVIDER_UNSPECIFIED: Unspecified cloud provider. GOOGLE_CLOUD_PLATFORM: Google Cloud. AMAZON_WEB_SERVICES: Amazon Web Services. MICROSOFT_AZURE: Microsoft Azure. rr rrrN rrrr r!CLOUD_PROVIDER_UNSPECIFIEDGOOGLE_CLOUD_PLATFORMAMAZON_WEB_SERVICESMICROSOFT_AZUREr0rr1r2CloudProviderValueValuesEnumrL "#Or1rc$\rSrSrSrSrSrSrSrg)fGoogleCloudSecuritycenterV1EffectiveSecurityHealthAnalyticsCustomModule.EnablementStateValueValuesEnumiZ aOutput only. The effective state of enablement for the module at the given level of the hierarchy. Values: ENABLEMENT_STATE_UNSPECIFIED: Unspecified enablement state. ENABLED: The module is enabled at the given level. DISABLED: The module is disabled at the given level. rr rrN) rrrr r!ENABLEMENT_STATE_UNSPECIFIEDENABLEDDISABLEDr0rr1r2EnablementStateValueValuesEnumrZ s$% GHr1rr rrrrrrN)rrrr r!r"rarrrb cloudProviderr% customConfigr#rdenablementStater9r0rr1r2rr+ s@ Y^^  y~~ %%&DaH-''(QSTU,%%a(+''(H!L/   q !$r1rc\rSrSrSr\R "SSS9r\R "S5r\R "S5r \R "S5r \R "S 5r \R "S 5r \R "S 5r \R "S 5r\R "S 5r\R "S5r\R""SS5rSrg)rin aMRepresentation of third party SIEM/SOAR fields within SCC. Fields: assignees: References primary/secondary etc assignees in the external system. caseCloseTime: The time when the case was closed, as reported by the external system. caseCreateTime: The time when the case was created, as reported by the external system. casePriority: The priority of the finding's corresponding case in the external system. caseSla: The SLA of the finding's corresponding case in the external system. caseUri: The link to the finding's corresponding case in the external system. externalSystemUpdateTime: The time when the case was last updated, as reported by the external system. externalUid: The identifier that's used to track the finding's corresponding case in the external system. name: Full resource name of the external system, for example: "organizations/1234/sources/5678/findings/123456/externalSystems/jira", "folders/1234/sources/5678/findings/123456/externalSystems/jira", "projects/1234/sources/5678/findings/123456/externalSystems/jira" status: The most recent status of the finding's corresponding case, as reported by the external system. ticketInfo: Information about the ticket, if any, that is being used to track the resolution of the issue that is identified by this finding. r Trrrrrrrrrr TicketInforrNrrrr r!r"r# assignees caseCloseTimecaseCreateTime casePrioritycaseSlacaseUriexternalSystemUpdateTime externalUidr9statusr% ticketInfor0rr1r2rrn s:##A5)''*-((+.&&q),  ! !! $'  ! !! $'&2215%%a(+   q !$   $&%%lB7*r1rc\rSrSrSr"SS\R 5r\R"S5r \R"S5r \R"S5r \R"S5r \R"S 5r \R"S 5r\R"S 5r\R "SS 5r\R"S 5rSrg)%GoogleCloudSecuritycenterV1MuteConfigi a A mute config is a Cloud SCC resource that contains the configuration to mute create/update events of findings. Enums: TypeValueValuesEnum: Optional. The type of the mute config, which determines what type of mute state the config affects. The static mute state takes precedence over the dynamic mute state. Immutable after creation. STATIC by default if not set during creation. Fields: createTime: Output only. The time at which the mute config was created. This field is set by the server and will be ignored if provided on config creation. description: A description of the mute config. displayName: The human readable name to be displayed for the mute config. expiryTime: Optional. The expiry of the mute config. Only applicable for dynamic configs. If the expiry is set, when the config expires, it is removed from all findings. filter: Required. An expression that defines the filter to apply across create/update events of findings. While creating a filter string, be mindful of the scope in which the mute configuration is being created. E.g., If a filter contains project = X but is created under the project = Y scope, it might not match any findings. The following field and operator combinations are supported: * severity: `=`, `:` * category: `=`, `:` * resource.name: `=`, `:` * resource.project_name: `=`, `:` * resource.project_display_name: `=`, `:` * resource.folders.resource_folder: `=`, `:` * resource.parent_name: `=`, `:` * resource.parent_display_name: `=`, `:` * resource.type: `=`, `:` * finding_class: `=`, `:` * indicator.ip_addresses: `=`, `:` * indicator.domains: `=`, `:` mostRecentEditor: Output only. Email address of the user who last edited the mute config. This field is set by the server and will be ignored if provided on config creation or update. name: This field will be ignored if provided on config creation. Format `organizations/{organization}/muteConfigs/{mute_config}` `folders/{folder}/muteConfigs/{mute_config}` `projects/{project}/muteConfigs/{mute_config}` `organizations/{organizat ion}/locations/global/muteConfigs/{mute_config}` `folders/{folder}/locations/global/muteConfigs/{mute_config}` `projects/{project}/locations/global/muteConfigs/{mute_config}` type: Optional. The type of the mute config, which determines what type of mute state the config affects. The static mute state takes precedence over the dynamic mute state. Immutable after creation. STATIC by default if not set during creation. updateTime: Output only. The most recent time at which the mute config was updated. This field is set by the server and will be ignored if provided on config creation or update. c$\rSrSrSrSrSrSrSrg)9GoogleCloudSecuritycenterV1MuteConfig.TypeValueValuesEnumi aOptional. The type of the mute config, which determines what type of mute state the config affects. The static mute state takes precedence over the dynamic mute state. Immutable after creation. STATIC by default if not set during creation. Values: MUTE_CONFIG_TYPE_UNSPECIFIED: Unused. STATIC: A static mute config, which sets the static mute state of future matching findings to muted. Once the static mute state has been set, finding or config modifications will not affect the state. DYNAMIC: A dynamic mute config, which is applied to existing and future matching findings, setting their dynamic mute state to "muted". If the config is updated or deleted, or a matching finding is updated, such that the finding doesn't match the config, the config will be removed from the finding, and the finding's dynamic mute state may become "unmuted" (unless other configs still match). rr rrN rrrr r!MUTE_CONFIG_TYPE_UNSPECIFIEDSTATICDYNAMICr0rr1r2rr s"$% FGr1rr rrrrrrrrrN)rrrr r!r"rarr#rrrd expiryTimer*rr9rbrrr0rr1r2rr s/bINN,$$Q'*%%a(+%%a(+$$Q'*   #&**1-   q !$   2A 6$$$Q'*r1rc\rSrSrSr\R "SS5r\R"S5r \R "SS5r Sr g ) .GoogleCloudSecuritycenterV1NotificationMessagei #Cloud SCC's Notification Fields: finding: If it's a Finding based notification config, this field will be populated. notificationConfigName: Name of the notification config that generated current notification. resource: The Cloud resource tied to this notification's Finding. rr r#GoogleCloudSecuritycenterV1ResourcerrN rrrr r!r"r%findingr#notificationConfigNamer;r0rr1r2rr s?  " "9a 0'$003  # #$I1 M(r1rcb\rSrSrSr\R "S5r\R"SS5r Sr g)ri a>An individual name-value pair that defines a custom source property. Fields: name: Name of the property for the custom output. valueExpression: The CEL expression for the custom output. A resource property can be specified to return the value of the property or a text string enclosed in quotation marks. r rrrN) rrrr r!r"r#r9r%valueExpressionr0rr1r2rr s+   q !$**615/r1rc\rSrSrSr"SS\R 5r\R"SS5r \R"SS5r \R"SS 5r \R"S 5r\R"S S S S9r\R"S5r\R"S5r\R"S5r\R"S5r\R"S5r\R"S5r\R"S5r\R"SS5r\R"S5r\R"S5r\R"S5rSrg)ri a)Information related to the Google Cloud resource. Enums: CloudProviderValueValuesEnum: Indicates which cloud provider the resource resides in. Fields: awsMetadata: The AWS metadata associated with the finding. azureMetadata: The Azure metadata associated with the finding. cloudProvider: Indicates which cloud provider the resource resides in. displayName: The human readable name of the resource. folders: Output only. Contains a Folder message for each folder in the assets ancestry. The first folder is the deepest nested folder, and the last folder is the folder directly under the Organization. location: The region or location of the service (if applicable). name: The full resource name of the resource. See: https://cloud.google.com/apis/design/resource_names#full_resource_name organization: Indicates which organization or tenant in the cloud provider the finding applies to. parent: The full resource name of resource's parent. parentDisplayName: The human readable name of resource's parent. project: The full resource name of project that the resource belongs to. projectDisplayName: The project ID that the resource belongs to. resourcePath: Provides the path to the resource within the resource hierarchy. resourcePathString: A string representation of the resource path. For Google Cloud, it has the format of `organizations/{organization_id}/fold ers/{folder_id}/folders/{folder_id}/projects/{project_id}` where there can be any number of folders. For AWS, it has the format of `org/{organi zation_id}/ou/{organizational_unit_id}/ou/{organizational_unit_id}/accou nt/{account_id}` where there can be any number of organizational units. For Azure, it has the format of `mg/{management_group_id}/mg/{management _group_id}/subscription/{subscription_id}/rg/{resource_group_name}` where there can be any number of management groups. service: The parent service or product from which the resource is provided, for example, GKE or SNS. type: The full resource type of the resource. c(\rSrSrSrSrSrSrSrSr g) @GoogleCloudSecuritycenterV1Resource.CloudProviderValueValuesEnumi2 a;Indicates which cloud provider the resource resides in. Values: CLOUD_PROVIDER_UNSPECIFIED: The cloud provider is unspecified. GOOGLE_CLOUD_PLATFORM: The cloud provider is Google Cloud. AMAZON_WEB_SERVICES: The cloud provider is Amazon Web Services. MICROSOFT_AZURE: The cloud provider is Microsoft Azure. rr rrrNrrr1r2rr2 rr1rrr rrrrr~rTrrrrrrrr ResourcePathrrrrrN)rrrr r!r"rarr% awsMetadata azureMetadatarbrr#rdrrgr9rrrsrr resourcePathresourcePathStringrrr0rr1r2rr s*%N Y^^ &&}a8+((!<-%%&DaH-%%a(+  " "8Q >'  " "1 %(   q !$&&q),   #&++B/  ! !" %' ,,R0'';, ,,R0  ! !" %'   r "$r1rc:\rSrSrSr\R "SSS9rSrg)riR zkResource for selecting resource type. Fields: resourceTypes: The resource types to run the detector on. r TrrN) rrrr r!r"r# resourceTypesr0rr1r2rrR s ''D9-r1rcR\rSrSrSr"SS\R 5r"SS\R 5r\ R"S5"SS \R55r \R"SS 5r\R"S 5r\R"S 5r\R"S 5r\R&"S S5r\R"S5r\R"SS5r\R"S5r\R&"SS5r\R"SSS9r\R"S5rSrg).GoogleCloudSecuritycenterV1ResourceValueConfigi\ a A resource value configuration (RVC) is a mapping configuration of user's resources to resource values. Used in Attack path simulations. Enums: CloudProviderValueValuesEnum: Cloud provider this configuration applies to ResourceValueValueValuesEnum: Required. Resource value level this expression represents Messages: ResourceLabelsSelectorValue: List of resource labels to search for, evaluated with `AND`. For example, `"resource_labels_selector": {"key": "value", "env": "prod"}` will match resources with labels "key": "value" `AND` "env": "prod" https://cloud.google.com/resource- manager/docs/creating-managing-labels Fields: cloudProvider: Cloud provider this configuration applies to createTime: Output only. Timestamp this resource value configuration was created. description: Description of the resource value configuration. name: Name for the resource value configuration resourceLabelsSelector: List of resource labels to search for, evaluated with `AND`. For example, `"resource_labels_selector": {"key": "value", "env": "prod"}` will match resources with labels "key": "value" `AND` "env": "prod" https://cloud.google.com/resource-manager/docs/creating- managing-labels resourceType: Apply resource_value only to resources that match resource_type. resource_type will be checked with `AND` of other resources. For example, "storage.googleapis.com/Bucket" with resource_value "HIGH" will apply "HIGH" value only to "storage.googleapis.com/Bucket" resources. resourceValue: Required. Resource value level this expression represents scope: Project or folder to scope this configuration to. For example, "project/456" would apply this configuration only to resources in "project/456" scope will be checked with `AND` of other resources. sensitiveDataProtectionMapping: A mapping of the sensitivity on Sensitive Data Protection finding to resource values. This mapping can only be used in combination with a resource_type that is related to BigQuery, e.g. "bigquery.googleapis.com/Dataset". tagValues: Required. Tag values combined with `AND` to check against. For Google Cloud resources, they are tag value IDs in the form of "tagValues/123". Example: `[ "tagValues/123", "tagValues/456", "tagValues/789" ]` https://cloud.google.com/resource- manager/docs/tags/tags-creating-and-managing updateTime: Output only. Timestamp this resource value configuration was last updated. c(\rSrSrSrSrSrSrSrSr g) KGoogleCloudSecuritycenterV1ResourceValueConfig.CloudProviderValueValuesEnumi 0Cloud provider this configuration applies to Values: CLOUD_PROVIDER_UNSPECIFIED: The cloud provider is unspecified. GOOGLE_CLOUD_PLATFORM: The cloud provider is Google Cloud. AMAZON_WEB_SERVICES: The cloud provider is Amazon Web Services. MICROSOFT_AZURE: The cloud provider is Microsoft Azure. rr rrrNrrr1r2rr  rr1rc,\rSrSrSrSrSrSrSrSr Sr g ) KGoogleCloudSecuritycenterV1ResourceValueConfig.ResourceValueValueValuesEnumi zRequired. Resource value level this expression represents Values: RESOURCE_VALUE_UNSPECIFIED: Unspecific value HIGH: High resource value MEDIUM: Medium resource value LOW: Low resource value NONE: No resource value, e.g. ignore these resources rr rrrrN rrrr r!RESOURCE_VALUE_UNSPECIFIEDrrrNONEr0rr1r2ResourceValueValueValuesEnumr s#"# D F C Dr1rrcf\rSrSrSr"SS\R 5r\R"SSSS9r Sr g ) JGoogleCloudSecuritycenterV1ResourceValueConfig.ResourceLabelsSelectorValuei aList of resource labels to search for, evaluated with `AND`. For example, `"resource_labels_selector": {"key": "value", "env": "prod"}` will match resources with labels "key": "value" `AND` "env": "prod" https://cloud.google.com/resource-manager/docs/creating-managing-labels Messages: AdditionalProperty: An additional property for a ResourceLabelsSelectorValue object. Fields: additionalProperties: Additional properties of type ResourceLabelsSelectorValue c`\rSrSrSr\R "S5r\R "S5rSr g)]GoogleCloudSecuritycenterV1ResourceValueConfig.ResourceLabelsSelectorValue.AdditionalPropertyi An additional property for a ResourceLabelsSelectorValue object. Fields: key: Name of the additional property. value: A string attribute. r rrNrrr1r2rr rr1rr TrrNrrr1r2ResourceLabelsSelectorValuer 2  'Y.. '%112FTXYr1rr rrrrrrr9GoogleCloudSecuritycenterV1SensitiveDataProtectionMappingrrTrrrNrrrr r!r"rarrrrrrrbrr#rrr9r%resourceLabelsSelectorr resourceValuer&sensitiveDataProtectionMapping tagValuesrr0rr1r2r r \ s.` Y^^  Y^^  !!"89ZI$5$5Z:Z8%%&DaH-$$Q'*%%a(+   q !$$112OQRS&&q),%%&DaH-    "%#,#9#9:uwx#y ##B6)$$R(*r1r c\rSrSrSr"SS\R 5r\R"S5r \R"SS5r Sr g) 4GoogleCloudSecuritycenterV1RunAssetDiscoveryResponsei Response of asset discovery run Enums: StateValueValuesEnum: The state of an asset discovery run. Fields: duration: The duration between asset discovery run start and end state: The state of an asset discovery run. c(\rSrSrSrSrSrSrSrSr g) IGoogleCloudSecuritycenterV1RunAssetDiscoveryResponse.StateValueValuesEnumi The state of an asset discovery run. Values: STATE_UNSPECIFIED: Asset discovery run state was unspecified. COMPLETED: Asset discovery run completed successfully. SUPERSEDED: Asset discovery run was cancelled with tasks still pending, as another run for the same organization was started with a higher priority. TERMINATED: Asset discovery run was killed and terminated. rr rrrN rrrr r!r COMPLETED SUPERSEDED TERMINATEDr0rr1r2rr$  IJJr1rr rrN rrrr r!r"rarr#r=rbrr0rr1r2r!r! <Y^^  " "1 %(   4a 8%r1r!c\rSrSrSr"SS\R 5r"SS\R 5r\R"S5r \R"SS5r \R"S S 5r\R"S 5r\R"SS 5r\R"S 5r\R"S5r\R"S5rSrg)>GoogleCloudSecuritycenterV1SecurityHealthAnalyticsCustomModulei aRepresents an instance of a Security Health Analytics custom module, including its full module name, display name, enablement state, and last updated time. You can create a custom module at the organization, folder, or project level. Custom modules that you create at the organization or folder level are inherited by the child folders and projects. Enums: CloudProviderValueValuesEnum: The cloud provider of the custom module. EnablementStateValueValuesEnum: The enablement state of the custom module. Fields: ancestorModule: Output only. If empty, indicates that the custom module was created in the organization, folder, or project in which you are viewing the custom module. Otherwise, `ancestor_module` specifies the organization or folder from which the custom module is inherited. cloudProvider: The cloud provider of the custom module. customConfig: The user specified custom configuration for the module. displayName: The display name of the Security Health Analytics custom module. This display name becomes the finding category for all findings that are returned by this custom module. The display name must be between 1 and 128 characters, start with a lowercase letter, and contain alphanumeric characters or underscores only. enablementState: The enablement state of the custom module. lastEditor: Output only. The editor that last updated the custom module. name: Immutable. The resource name of the custom module. Its format is "or ganizations/{organization}/securityHealthAnalyticsSettings/customModules /{customModule}", or "folders/{folder}/securityHealthAnalyticsSettings/c ustomModules/{customModule}", or "projects/{project}/securityHealthAnaly ticsSettings/customModules/{customModule}" The id {customModule} is server-generated and is not user settable. It will be a numeric id containing 1-20 digits. updateTime: Output only. The time at which the custom module was last updated. c(\rSrSrSrSrSrSrSrSr g) [GoogleCloudSecuritycenterV1SecurityHealthAnalyticsCustomModule.CloudProviderValueValuesEnumi zThe cloud provider of the custom module. Values: CLOUD_PROVIDER_UNSPECIFIED: Unspecified cloud provider. GOOGLE_CLOUD_PLATFORM: Google Cloud. AMAZON_WEB_SERVICES: Amazon Web Services (AWS). MICROSOFT_AZURE: Microsoft Azure. rr rrrNrrr1r2rr0 rr1rc(\rSrSrSrSrSrSrSrSr g) ]GoogleCloudSecuritycenterV1SecurityHealthAnalyticsCustomModule.EnablementStateValueValuesEnumi& aThe enablement state of the custom module. Values: ENABLEMENT_STATE_UNSPECIFIED: Unspecified enablement state. ENABLED: The module is enabled at the given CRM resource. DISABLED: The module is disabled at the given CRM resource. INHERITED: State is inherited from an ancestor module. The module will either be effectively ENABLED or DISABLED based on its closest non- inherited ancestor module in the CRM hierarchy. rr rrrN) rrrr r!rrr INHERITEDr0rr1r2rr2& s $% GHIr1rr rrrrrrrrrN)rrrr r!r"rarrr#ancestorModulerbrr%rrdr lastEditorr9rr0rr1r2r.r. s!F Y^^ y~~ ((+.%%&DaH-''(QSTU,%%a(+''(H!L/$$Q'*   q !$$$Q'*r1r.c\rSrSrSr"SS\R 5r"SS\R 5r\R"SS5r \R"SS5r S r g ) ri@ aResource value mapping for Sensitive Data Protection findings. If any of these mappings have a resource value that is not unspecified, the resource_value field will be ignored when reading this configuration. Enums: HighSensitivityMappingValueValuesEnum: Resource value mapping for high- sensitivity Sensitive Data Protection findings MediumSensitivityMappingValueValuesEnum: Resource value mapping for medium-sensitivity Sensitive Data Protection findings Fields: highSensitivityMapping: Resource value mapping for high-sensitivity Sensitive Data Protection findings mediumSensitivityMapping: Resource value mapping for medium-sensitivity Sensitive Data Protection findings c,\rSrSrSrSrSrSrSrSr Sr g ) _GoogleCloudSecuritycenterV1SensitiveDataProtectionMapping.HighSensitivityMappingValueValuesEnumiR Resource value mapping for high-sensitivity Sensitive Data Protection findings Values: RESOURCE_VALUE_UNSPECIFIED: Unspecific value HIGH: High resource value MEDIUM: Medium resource value LOW: Low resource value NONE: No resource value, e.g. ignore these resources rr rrrrNrrr1r2%HighSensitivityMappingValueValuesEnumr8R # "# D F C Dr1r:c,\rSrSrSrSrSrSrSrSr Sr g ) aGoogleCloudSecuritycenterV1SensitiveDataProtectionMapping.MediumSensitivityMappingValueValuesEnumic Resource value mapping for medium-sensitivity Sensitive Data Protection findings Values: RESOURCE_VALUE_UNSPECIFIED: Unspecific value HIGH: High resource value MEDIUM: Medium resource value LOW: Low resource value NONE: No resource value, e.g. ignore these resources rr rrrrNrrr1r2'MediumSensitivityMappingValueValuesEnumr=c r;r1r?r rrN rrrr r!r"rar:r?rbhighSensitivityMappingmediumSensitivityMappingr0rr1r2rr@ S" inn "  "%../VXYZ&001Z\]^r1rc\rSrSrSr"SS\R 5r\R"S5r \R"SS5r Sr g) 9GoogleCloudSecuritycenterV1beta1RunAssetDiscoveryResponseix r"c(\rSrSrSrSrSrSrSrSr g) NGoogleCloudSecuritycenterV1beta1RunAssetDiscoveryResponse.StateValueValuesEnumi r%rr rrrNr&rr1r2rrG r*r1rr rrNr+rr1r2rErEx r,r1rEcx\rSrSrSr"SS\R 5r"SS\R 5r\ R"S5"SS \R55r \R"S 5r\R"S 5r\R"S 5r\R"S 5r\R"S5r\R"S5r\R"S5r\R"S5r\R,"SS5r\R0"SS5r\R,"S S5r\R0"SS5rSrg))GoogleCloudSecuritycenterV1p1beta1Findingi aESecurity Command Center finding. A finding is a record of assessment data (security, risk, health or privacy) ingested into Security Command Center for presentation, notification, analysis, policy testing, and enforcement. For example, an XSS vulnerability in an App Engine application is a finding. Enums: SeverityValueValuesEnum: The severity of the finding. This field is managed by the source that writes the finding. StateValueValuesEnum: The state of the finding. Messages: SourcePropertiesValue: Source specific properties. These properties are managed by the source that writes the finding. The key names in the source_properties map must be between 1 and 255 characters, and must start with a letter and contain alphanumeric characters or underscores only. Fields: canonicalName: The canonical name of the finding. It's either "organizatio ns/{organization_id}/sources/{source_id}/findings/{finding_id}", "folders/{folder_id}/sources/{source_id}/findings/{finding_id}" or "projects/{project_number}/sources/{source_id}/findings/{finding_id}", depending on the closest CRM ancestor of the resource associated with the finding. category: The additional taxonomy group within findings from a given source. This field is immutable after creation time. Example: "XSS_FLASH_INJECTION" createTime: The time at which the finding was created in Security Command Center. eventTime: The time at which the event took place, or when an update to the finding occurred. For example, if the finding represents an open firewall it would capture the time the detector believes the firewall became open. The accuracy is determined by the detector. If the finding were to be resolved afterward, this time would reflect when the finding was resolved. Must not be set to a value greater than the current timestamp. externalUri: The URI that, if available, points to a web page outside of Security Command Center where additional information about the finding can be found. This field is guaranteed to be either empty or a well formed URL. name: The relative resource name of this finding. See: https://cloud.google.com/apis/design/resource_names#relative_resource_na me Example: "organizations/{organization_id}/sources/{source_id}/finding s/{finding_id}" parent: The relative resource name of the source the finding belongs to. See: https://cloud.google.com/apis/design/resource_names#relative_resour ce_name This field is immutable after creation time. For example: "organizations/{organization_id}/sources/{source_id}" resourceName: For findings on Google Cloud resources, the full resource name of the Google Cloud resource this finding is for. See: https://cloud.google.com/apis/design/resource_names#full_resource_name When the finding is for a non-Google Cloud resource, the resourceName can be a customer or partner defined string. This field is immutable after creation time. securityMarks: Output only. User specified security marks. These marks are entirely managed by the user and come from the SecurityMarks resource that belongs to the finding. severity: The severity of the finding. This field is managed by the source that writes the finding. sourceProperties: Source specific properties. These properties are managed by the source that writes the finding. The key names in the source_properties map must be between 1 and 255 characters, and must start with a letter and contain alphanumeric characters or underscores only. state: The state of the finding. c,\rSrSrSrSrSrSrSrSr Sr g ) AGoogleCloudSecuritycenterV1p1beta1Finding.SeverityValueValuesEnumi a The severity of the finding. This field is managed by the source that writes the finding. Values: SEVERITY_UNSPECIFIED: No severity specified. The default value. CRITICAL: Critical severity. HIGH: High severity. MEDIUM: Medium severity. LOW: Low severity. rr rrrrNrrr1r2rrK s# H D F Cr1rc$\rSrSrSrSrSrSrSrg)>GoogleCloudSecuritycenterV1p1beta1Finding.StateValueValuesEnumi rrr rrNrrr1r2rrM rr1rrcf\rSrSrSr"SS\R 5r\R"SSSS9r Sr g ) ?GoogleCloudSecuritycenterV1p1beta1Finding.SourcePropertiesValuei rcb\rSrSrSr\R "S5r\R"SS5r Sr g)RGoogleCloudSecuritycenterV1p1beta1Finding.SourcePropertiesValue.AdditionalPropertyi rr rrrNrrr1r2rrQ rr1rr TrrNrrr1r2rrO rr1rr rrrrrrr/GoogleCloudSecuritycenterV1p1beta1SecurityMarksrrrrrN)rrrr r!r"rarrrrrrr#rLrMrr<r]r9rrur%rvrbrxryrr0rr1r2rIrI s)BH  " Y^^  !!"89Zi//Z:Z8''*-  " "1 %($$Q'*##A&)%%a(+   q !$   #&&&q),(()Z\]^-  !:B ?(++,CRH   4b 9%r1rIc`\rSrSrSr\R "S5r\R "S5rSr g)(GoogleCloudSecuritycenterV1p1beta1Folderi% rr rrNrrr1r2rTrT% rr1rTc\rSrSrSr\R "SS5r\R"S5r \R "SS5r Sr g ) 5GoogleCloudSecuritycenterV1p1beta1NotificationMessagei3 a&Security Command Center's Notification Fields: finding: If it's a Finding based notification config, this field will be populated. notificationConfigName: Name of the notification config that generated current notification. resource: The Cloud resource tied to the notification. rIr r*GoogleCloudSecuritycenterV1p1beta1ResourcerrNrrr1r2rVrV3 sB  " "#NPQ R'$003  # #$PRS T(r1rVc\rSrSrSr\R "SSSS9r\R"S5r \R"S5r \R"S 5r \R"S 5r \R"S 5r S rg )rWiC aInformation related to the Google Cloud resource. Fields: folders: Output only. Contains a Folder message for each folder in the assets ancestry. The first folder is the deepest nested folder, and the last folder is the folder directly under the Organization. name: The full resource name of the resource. See: https://cloud.google.com/apis/design/resource_names#full_resource_name parent: The full resource name of resource's parent. parentDisplayName: The human readable name of resource's parent. project: The full resource name of project that the resource belongs to. projectDisplayName: The project id that the resource belongs to. rTr TrrrrrrrN)rrrr r!r"r%rr#r9rrsrrr0rr1r2rWrWC sq   " "#Mq[_ `'   q !$   #&++A.  ! !! $' ,,Q/r1rWc\rSrSrSr"SS\R 5r\R"S5r \R"SS5r Sr g) ;GoogleCloudSecuritycenterV1p1beta1RunAssetDiscoveryResponseiZ r"c(\rSrSrSrSrSrSrSrSr g) PGoogleCloudSecuritycenterV1p1beta1RunAssetDiscoveryResponse.StateValueValuesEnumie r%rr rrrNr&rr1r2rr\e r*r1rr rrNr+rr1r2rZrZZ r,r1rZc\rSrSrSr\R "S5"SS\R55r \R"S5r \R"SS5r \R"S5rS rg ) rRiy User specified security marks that are attached to the parent Security Command Center resource. Security marks are scoped within a Security Command Center organization -- they can be modified and viewed by all users who have proper permissions on the organization. Messages: MarksValue: Mutable user specified security marks belonging to the parent resource. Constraints are as follows: * Keys and values are treated as case insensitive * Keys must be between 1 - 256 characters (inclusive) * Keys must be letters, numbers, underscores, or dashes * Values have leading and trailing whitespace trimmed, remaining characters must be between 1 - 4096 characters (inclusive) Fields: canonicalName: The canonical name of the marks. Examples: "organizations/{organization_id}/assets/{asset_id}/securityMarks" "folders/{folder_id}/assets/{asset_id}/securityMarks" "projects/{project_number}/assets/{asset_id}/securityMarks" "organizatio ns/{organization_id}/sources/{source_id}/findings/{finding_id}/securityM arks" "folders/{folder_id}/sources/{source_id}/findings/{finding_id}/sec urityMarks" "projects/{project_number}/sources/{source_id}/findings/{fin ding_id}/securityMarks" marks: Mutable user specified security marks belonging to the parent resource. Constraints are as follows: * Keys and values are treated as case insensitive * Keys must be between 1 - 256 characters (inclusive) * Keys must be letters, numbers, underscores, or dashes * Values have leading and trailing whitespace trimmed, remaining characters must be between 1 - 4096 characters (inclusive) name: The relative resource name of the SecurityMarks. See: https://cloud.google.com/apis/design/resource_names#relative_resource_na me Examples: "organizations/{organization_id}/assets/{asset_id}/securityMarks" "organ izations/{organization_id}/sources/{source_id}/findings/{finding_id}/sec urityMarks". rcf\rSrSrSr"SS\R 5r\R"SSSS9r Sr g ) :GoogleCloudSecuritycenterV1p1beta1SecurityMarks.MarksValuei Mutable user specified security marks belonging to the parent resource. Constraints are as follows: * Keys and values are treated as case insensitive * Keys must be between 1 - 256 characters (inclusive) * Keys must be letters, numbers, underscores, or dashes * Values have leading and trailing whitespace trimmed, remaining characters must be between 1 - 4096 characters (inclusive) Messages: AdditionalProperty: An additional property for a MarksValue object. Fields: additionalProperties: Additional properties of type MarksValue c`\rSrSrSr\R "S5r\R "S5rSr g)MGoogleCloudSecuritycenterV1p1beta1SecurityMarks.MarksValue.AdditionalPropertyi ~An additional property for a MarksValue object. Fields: key: Name of the additional property. value: A string attribute. r rrNrrr1r2rrc rr1rr TrrNrrr1r2 MarksValuer` rr1rer rrrNrrrr r!rrr"rrer#rLr%marksr9r0rr1r2rRrRy l"H !!"89Z9$$Z:Z8''*-  q 1%   q !$r1rRc\rSrSrSr\R "S5r\R"SS5r \R "S5r \R "S5r \R "S5r \R"S S S S 9r \R "S 5r\R "S5r\R "S5r\R "S5r\R "S5rSrg)!GoogleCloudSecuritycenterV2Accessi r r &GoogleCloudSecuritycenterV2Geolocationrrrr7GoogleCloudSecuritycenterV2ServiceAccountDelegationInforTrrrrrrrNrrr1r2rjrj s-^ " "1 %(&&'OQRS+$$Q'*((+.**1-!*!7!78qst@D"E#//2%%a(+##A&)))"-/  " "2 &(r1rjc\rSrSrSr\R "S5r\R "S5r\R "S5r \R "S5r \R "S5r \R "S5r \R "S 5r S rg ) 'GoogleCloudSecuritycenterV2AccessReviewi r6r rrrrrrrNr7rr1r2rnrn r?r1rnc<\rSrSrSr\R "S5rSrg)-GoogleCloudSecuritycenterV2AdaptiveProtectionirCr rNrDrr1r2rprprGr1rpc<\rSrSrSr\R "S5rSrg),GoogleCloudSecuritycenterV2AffectedResourcesi*rKr rNrLrr1r2rrrr*rOr1rrc@\rSrSrSr"SS\R 5r\R"SS5r \R"S5r \R"S5r \R"S5r \R"S 5r\R"S 5r\R"S 5rS rg )"GoogleCloudSecuritycenterV2AiModeli4rSc,\rSrSrSrSrSrSrSrSr Sr g ) DGoogleCloudSecuritycenterV2AiModel.DeploymentPlatformValueValuesEnumiGrWrr rrrrNrXrr1r2r^rvGr_r1r^r rrrrrrrNr`rr1r2rtrt4rir1rtc<\rSrSrSr\R "SSSS9rSrg) "GoogleCloudSecuritycenterV2Allowedi`rm!GoogleCloudSecuritycenterV2IpRuler TrrNrorr1r2rxrx`  " "#FTX Y'r1rxc`\rSrSrSr\R "S5r\R "S5rSr g)&GoogleCloudSecuritycenterV2ApplicationijalRepresents an application associated with a finding. Fields: baseUri: The base URI that identifies the network location of the application in which the vulnerability was detected. For example, `http://example.com`. fullUri: The full URI with payload that could be used to reproduce the vulnerability. For example, `http://example.com?p=aMmYgI6H`. r rrNrurr1r2r|r|jrxr1r|c\rSrSrSr\R "S5r\R"S\RRS9r \R"S5r \R"S\RRS9r \R"S5rS rg ) !GoogleCloudSecuritycenterV2Attackiyr|r rr}rrrrNrrr1r2r~r~yrr1r~c\rSrSrSr"SS\R 5r\R"S5r \R"S\RRS9r \R"S\RRS9r\R"S \RRS9r\R"S 5r\R""S 5r\R&"SS 5rS rg))GoogleCloudSecuritycenterV2AttackExposureiaAn attack exposure contains the results of an attack path simulation run. Enums: StateValueValuesEnum: Output only. What state this AttackExposure is in. This captures whether or not an attack exposure has been calculated or not. Fields: attackExposureResult: The resource name of the attack path simulation result that contains the details regarding this attack exposure score. Example: `organizations/123/simulations/456/attackExposureResults/789` exposedHighValueResourcesCount: The number of high value resources that are exposed as a result of this finding. exposedLowValueResourcesCount: The number of high value resources that are exposed as a result of this finding. exposedMediumValueResourcesCount: The number of medium value resources that are exposed as a result of this finding. latestCalculationTime: The most recent time the attack exposure was updated on this finding. score: A number between 0 (inclusive) and infinity that represents how important this finding is to remediate. The higher the score, the more important it is to remediate. state: Output only. What state this AttackExposure is in. This captures whether or not an attack exposure has been calculated or not. c$\rSrSrSrSrSrSrSrg)>GoogleCloudSecuritycenterV2AttackExposure.StateValueValuesEnumia/Output only. What state this AttackExposure is in. This captures whether or not an attack exposure has been calculated or not. Values: STATE_UNSPECIFIED: The state is not specified. CALCULATED: The attack exposure has been calculated. NOT_CALCULATED: The attack exposure has not been calculated. rr rrNrrr1r2rrrr1rr rr}rrrrrrNrrr1r2rrs6 Y^^ #..q1#,#9#9!YEVEVE\E\#] "+"8"8IDUDUD[D["\%.%;%;AyGXGXG^G^%_"#//2   q !%   4a 8%r1rc`\rSrSrSr\R "S5r\R "S5rSr g)%GoogleCloudSecuritycenterV2AwsAccountirr rrNrrr1r2rrrr1rc\rSrSrSr\R "SS5r\R "SS5r\R "SSS S 9r S r g ) &GoogleCloudSecuritycenterV2AwsMetadatairrr *GoogleCloudSecuritycenterV2AwsOrganizationr0GoogleCloudSecuritycenterV2AwsOrganizationalUnitrTrrNrrr1r2rrsH   " "#JA N'''(TVWX,!../acdostr1rc<\rSrSrSr\R "S5rSrg)rirr rNrrr1r2rrrr1rc`\rSrSrSr\R "S5r\R "S5rSr g)rirr rrNrrr1r2rrrr1rc`\rSrSrSr\R "S5r\R "S5rSr g)/GoogleCloudSecuritycenterV2AzureManagementGroupirr rrNrrr1r2rrrr1rc\rSrSrSr\R "SSSS9r\R "SS5r\R "S S 5r \R "S S 5r S r g)(GoogleCloudSecuritycenterV2AzureMetadatai rrr Tr-GoogleCloudSecuritycenterV2AzureResourceGroupr,GoogleCloudSecuritycenterV2AzureSubscriptionr&GoogleCloudSecuritycenterV2AzureTenantrrNrrr1r2rr s\ ++,]_`kop(()XZ[\-''(VXYZ,  ! !"JA N&r1rc`\rSrSrSr\R "S5r\R "S5rSr g)rirr rrNrrr1r2rrrr1rc`\rSrSrSr\R "S5r\R "S5rSr g)ri*rr rrNrrr1r2rr*rr1rc`\rSrSrSr\R "S5r\R "S5rSr g)ri7rr rrNrrr1r2rr7rr1rcz\rSrSrSr\R "S5r\R "SSS9r\R "S5r \R "S5r \R "S 5r \R "S 5r \R "S SS9r \R "S SS9r\R "S 5r\R "S5rSrg)1GoogleCloudSecuritycenterV2BackupDisasterRecoveryiDrr rTrrrrrrrrrrNrrr1r2rrDrr1rc\\rSrSrSr\R "S5r\R "S5r\R "S5r \R "S5r \R "S5r \R "S5r \R "S 5r \R "S 5r\R "S 5rS rg ))GoogleCloudSecuritycenterV2BigQueryExportia Configures how to deliver Findings to BigQuery Instance. Fields: createTime: Output only. The time at which the BigQuery export was created. This field is set by the server and will be ignored if provided on export on creation. cryptoKeyName: Output only. The resource name of the Cloud KMS `CryptoKey` used to protect this configuration's data, if configured during Security Command Center activation. dataset: The dataset to write findings' updates to. Its format is "projects/[project_id]/datasets/[bigquery_dataset_id]". BigQuery dataset unique ID must contain only letters (a-z, A-Z), numbers (0-9), or underscores (_). description: The description of the export (max of 1024 characters). filter: Expression that defines the filter to apply across create/update events of findings. The expression is a list of zero or more restrictions combined via logical operators `AND` and `OR`. Parentheses are supported, and `OR` has higher precedence than `AND`. Restrictions have the form ` ` and may have a `-` character in front of them to indicate negation. The fields map to those defined in the corresponding resource. The supported operators are: * `=` for all value types. * `>`, `<`, `>=`, `<=` for integer values. * `:`, meaning substring matching, for strings. The supported value types are: * string literals in quotes. * integer literals without quotes. * boolean literals `true` and `false` without quotes. mostRecentEditor: Output only. Email address of the user who last edited the BigQuery export. This field is set by the server and will be ignored if provided on export creation or update. name: Identifier. The relative resource name of this export. See: https:// cloud.google.com/apis/design/resource_names#relative_resource_name. The following list shows some examples: + `organizations/{organization_id}/l ocations/{location_id}/bigQueryExports/{export_id}` + `folders/{folder_i d}/locations/{location_id}/bigQueryExports/{export_id}` + `projects/{pro ject_id}/locations/{location_id}/bigQueryExports/{export_id}` This field is provided in responses, and is ignored when provided in create requests. principal: Output only. The service account that needs permission to create table and upload data to the BigQuery dataset. updateTime: Output only. The most recent time at which the BigQuery export was updated. This field is set by the server and will be ignored if provided on export creation or update. r rrrrrrrrrN)rrrr r!r"r#r cryptoKeyNamerrr*rr9rrr0rr1r2rrs)V$$Q'*''*-  ! !! $'%%a(+   #&**1-   q !$##A&)$$Q'*r1rc\rSrSrSr\R "S5r\R "S5r\R"SS5r \R"SSS S 9r S r g ) "GoogleCloudSecuritycenterV2Bindingirr rGoogleCloudSecuritycenterV2Roler"GoogleCloudSecuritycenterV2SubjectrTrrNrrr1r2rrsR   q !$Q"    A1 E$  # #$H!VZ [(r1rc\rSrSrSrSrg)3GoogleCloudSecuritycenterV2BulkMuteFindingsResponseirrNrrr1r2rrrr1rc:\rSrSrSr\R "SSS9rSrg)%GoogleCloudSecuritycenterV2Chokepointir1r TrrNr2rr1r2rrr4r1rc\rSrSrSr\R "SS5r\R "SS5r\R"S5r \R "SS 5r \R "S S 5r \R"S 5r S rg)%GoogleCloudSecuritycenterV2CloudArmorir7rpr r~rr#GoogleCloudSecuritycenterV2Requestsr)GoogleCloudSecuritycenterV2SecurityPolicyrrrNr:rr1r2rrsx*!--.]_`a  ! !"Eq I&  " "1 %(  # #$I1 M())*UWXY.&&q),r1rc\rSrSrSr"SS\R 5r\R"S5r \R"S5r \R"SS5r \R"S\RRS 9rS rg ) 'GoogleCloudSecuritycenterV2CloudControlirBc$\rSrSrSrSrSrSrSrg);GoogleCloudSecuritycenterV2CloudControl.TypeValueValuesEnumirErr rrNrFrr1r2rrrJr1rr rrrr}rNrKrr1r2rrrNr1rc\rSrSrSr"SS\R 5r\R"S5r \R"SSSS 9r \R"SS 5r S rg ) .GoogleCloudSecuritycenterV2CloudDlpDataProfileirQc$\rSrSrSrSrSrSrSrg)HGoogleCloudSecuritycenterV2CloudDlpDataProfile.ParentTypeValueValuesEnumi*rTrr rrNrUrr1r2rYr*rZr1rYr #GoogleCloudSecuritycenterV2InfoTyperTrrrNr\rr1r2rrsR ).. %%a(+$$%JAX\])""#>B*r1rc\rSrSrSr\R "S5r\R"S5r \R"S5r \R"S5r Sr g) -GoogleCloudSecuritycenterV2CloudDlpInspectioni;rbr rrrrNrcrr1r2rr;rir1rc\rSrSrSr\R "S5r\R "S5r\R "S5r \R "S5r Sr g) ,GoogleCloudSecuritycenterV2CloudLoggingEntryiRarMetadata taken from a [Cloud Logging LogEntry](https://cloud.google.com/ logging/docs/reference/v2/rest/v2/LogEntry) Fields: insertId: A unique identifier for the log entry. logId: The type of the log (part of `log_name`. `log_name` is the resource name of the log to which this log entry belongs). For example: `cloudresourcemanager.googleapis.com/activity` Note that this field is not URL-encoded, unlike in `LogEntry`. resourceContainer: The organization, folder, or project of the monitored resource that produced this log entry. timestamp: The time the event described by the log entry occurred. r rrrrNrlrr1r2rrRrqr1rc\rSrSrSr\R "SSS9r\R "S5r\R "S5r Sr g ) %GoogleCloudSecuritycenterV2Complianceigrtr TrrrrNrurr1r2rrgrxr1rc\rSrSrSr\R "SS5r\R"SSS9r \R "SS SS9r S r g ) ,GoogleCloudSecuritycenterV2ComplianceDetailsiwr{rr rTr$GoogleCloudSecuritycenterV2FrameworkrrNr}rr1r2rrwsF''(QSTU, ) 5 5a$ G%%&LaZ^_*r1rcD\rSrSrSr"SS\R 5r\R"S5r \R"S\RRS9r \R"SS5r\R"S 5r\R"S \RRS9rS rg ) %GoogleCloudSecuritycenterV2Connectionirc0\rSrSrSrSrSrSrSrSr Sr S r g ) =GoogleCloudSecuritycenterV2Connection.ProtocolValueValuesEnumirrr rrrrrNrrr1r2rrrr1rr rr}rrrrNrrr1r2rrrr1rc<\rSrSrSr\R "S5rSrg)"GoogleCloudSecuritycenterV2Contactirr rNrrr1r2rrrr1rc<\rSrSrSr\R "SSSS9rSrg) )GoogleCloudSecuritycenterV2ContactDetailsirrr TrrNrrr1r2rrs  # #$H!VZ [(r1rc\rSrSrSr\R "S5r\R "S5r\R"SSSS9r \R "S 5r \R "S 5r S r g ) $GoogleCloudSecuritycenterV2Containerirr r GoogleCloudSecuritycenterV2LabelrTrrrrNrrr1r2rrs_ $$Q'*  ! !! $'  ! !"DaRV W&   q !$a #r1rc`\rSrSrSr\R "S5r\R "S5rSr g)"GoogleCloudSecuritycenterV2Controlirr rrNrrr1r2rrrr1rc\rSrSrSr"SS\R 5r"SS\R 5r\R"SS5r \R"S 5r \R"SS 5r\R"S 5r\R"S 5r\R"SS 5r\R$"S5r\R"SSSS9r\R$"S5r\R$"S5rSrg)GoogleCloudSecuritycenterV2Cveirc0\rSrSrSrSrSrSrSrSr Sr S r g ) BGoogleCloudSecuritycenterV2Cve.ExploitationActivityValueValuesEnumirrr rrrrrNrrr1r2rrrr1rc,\rSrSrSrSrSrSrSrSr Sr g ) 4GoogleCloudSecuritycenterV2Cve.ImpactValueValuesEnumirrr rrrrNrrr1r2rrrr1r!GoogleCloudSecuritycenterV2Cvssv3r rrrrrr$GoogleCloudSecuritycenterV2ReferencerTrrrrNrrr1r2rrs<INN&inn*  ! !"Eq I& ,,Q/",,-RTUV#//2Q"   6 :&,,Q/%%&LaZ^_*"//2  " "2 &'r1rc\rSrSrSr"SS\R 5r"SS\R 5r"SS\R 5r "S S \R 5r "S S \R 5r "S S\R 5r "SS\R 5r "SS\R 5r\R"SS5r\R"SS5r\R"SS5r\R&"S5r\R"S S5r\R"S S5r\R"SS5r\R"SS5r\R"SS5rSrg)ri:rc$\rSrSrSrSrSrSrSrg)AGoogleCloudSecuritycenterV2Cvssv3.AttackComplexityValueValuesEnumiqrrr rrNrrr1r2rrqrr1rc,\rSrSrSrSrSrSrSrSr Sr g ) =GoogleCloudSecuritycenterV2Cvssv3.AttackVectorValueValuesEnumirrr rrrrNrrr1r2rrrr1rc(\rSrSrSrSrSrSrSrSr g) CGoogleCloudSecuritycenterV2Cvssv3.AvailabilityImpactValueValuesEnumirrr rrrNrrr1r2rrrr1rc(\rSrSrSrSrSrSrSrSr g) FGoogleCloudSecuritycenterV2Cvssv3.ConfidentialityImpactValueValuesEnumirrr rrrNrrr1r2rrrr1rc(\rSrSrSrSrSrSrSrSr g) @GoogleCloudSecuritycenterV2Cvssv3.IntegrityImpactValueValuesEnumirrr rrrNrrr1r2rrrr1rc(\rSrSrSrSrSrSrSrSr g) CGoogleCloudSecuritycenterV2Cvssv3.PrivilegesRequiredValueValuesEnumirrr rrrNrrr1r2r rr r1r c$\rSrSrSrSrSrSrSrg)6GoogleCloudSecuritycenterV2Cvssv3.ScopeValueValuesEnumirrr rrNrrr1r2rrrr1rc$\rSrSrSrSrSrSrSrg)@GoogleCloudSecuritycenterV2Cvssv3.UserInteractionValueValuesEnumirrr rrNrrr1r2rrrr1rr rrrrrrrrrNrrr1r2rr:r(r1rc`\rSrSrSr\R "S5r\R"SSSS9r Sr g ) GoogleCloudSecuritycenterV2Cweir+r rrTrrNr,rr1r2rrs/Q"%%&LaZ^_*r1rc\rSrSrSr"SS\R 5r\R"S5r \R"S5r \R"SS5r \R"S5r S rg ) *GoogleCloudSecuritycenterV2DataAccessEventir/c(\rSrSrSrSrSrSrSrSr g) CGoogleCloudSecuritycenterV2DataAccessEvent.OperationValueValuesEnumi-r2rr rrrNr3rr1r2r8r-r9r1r8r rrrrNr:rr1r2rrr>r1rc\rSrSrSr"SS\R 5r\R"S5r \R"S5r \R"SS5r \R"S5r \R"S 5rS rg ) (GoogleCloudSecuritycenterV2DataFlowEventiArAc(\rSrSrSrSrSrSrSrSr g) AGoogleCloudSecuritycenterV2DataFlowEvent.OperationValueValuesEnumiVrDrr rrrNr3rr1r2r8rVr9r1r8r rrrrrNrErr1r2rrArGr1rc\rSrSrSr"SS\R 5r\R"S5r \R"S5r \R"SS5r \R"S5rS rg ) 5GoogleCloudSecuritycenterV2DataRetentionDeletionEventikrJc(\rSrSrSrSrSrSrSrSr g) NGoogleCloudSecuritycenterV2DataRetentionDeletionEvent.EventTypeValueValuesEnumirMrr rrrNrNrr1r2rSrrTr1rSr rrrrNrUrr1r2rrkrZr1rc\rSrSrSr\R "S5r\R "SSS9r\R "S5r \R "S5r \R "S 5r \R "S 5r S r g ) #GoogleCloudSecuritycenterV2Databaseir]r rTrrrrrrNr^rr1r2rrrar1rc\rSrSrSr\R "S5r\R "S5r\R "S5r Sr g)"GoogleCloudSecuritycenterV2Datasetia[Vertex AI dataset associated with the finding. Fields: displayName: The user defined display name of dataset, e.g. plants-dataset name: Resource name of the dataset, e.g. projects/{project}/locations/{location}/datasets/2094040236064505856 source: Data source, such as a BigQuery source URI, e.g. bq://scc-nexus- test.AIPPtest.gsod r rrrNrdrr1r2rrrer1rc<\rSrSrSr\R "SSSS9rSrg) !GoogleCloudSecuritycenterV2Deniedirhryr TrrNrorr1r2rrrzr1rc`\rSrSrSr\R "S5r\R"S5r Sr g)$GoogleCloudSecuritycenterV2Detectionirkr rrNrlrr1r2rrror1rc<\rSrSrSr\R "S5rSrg)GoogleCloudSecuritycenterV2Diskirrr rNrsrr1r2rrrtr1rc`\rSrSrSr\R "S5r\R "S5rSr g)#GoogleCloudSecuritycenterV2DiskPathirwr rrNrxrr1r2rrr{r1rc`\rSrSrSr\R "S5r\R "S5rSr g),GoogleCloudSecuritycenterV2DynamicMuteRecordir~r rrNrrr1r2rrrr1rc`\rSrSrSr\R "S5r\R "S5rSr g).GoogleCloudSecuritycenterV2EnvironmentVariableirr rrNrrr1r2rrrr1rc^\rSrSrSr\R "SSS9r\R "S5rSr g) (GoogleCloudSecuritycenterV2ExfilResourcei#rr TrrrNrrr1r2rr#rr1rc\rSrSrSr\R "SSSS9r\R "SSSS9r\R"S5r S r g ) 'GoogleCloudSecuritycenterV2Exfiltrationi4rrr TrrrrNrrr1r2rr4sF   " "#Mq[_ `'  " "#Mq[_ `'#003r1rc\rSrSrSr\R "SSS9r\R "S5r\R "S5r \R "S5r \R "S 5r \R "S 5r \R "S 5r \R "S 5r\R "S 5r\R "S5r\R""SS5rSrg))GoogleCloudSecuritycenterV2ExternalSystemiIaRepresentation of third party SIEM/SOAR fields within SCC. Fields: assignees: References primary/secondary etc assignees in the external system. caseCloseTime: The time when the case was closed, as reported by the external system. caseCreateTime: The time when the case was created, as reported by the external system. casePriority: The priority of the finding's corresponding case in the external system. caseSla: The SLA of the finding's corresponding case in the external system. caseUri: The link to the finding's corresponding case in the external system. externalSystemUpdateTime: The time when the case was last updated, as reported by the external system. externalUid: The identifier that's used to track the finding's corresponding case in the external system. name: Full resource name of the external system. The following list shows some examples: + `organizations/1234/sources/5678/findings/123456/externalSystems/jira` + `organizations/1234/sources/5678/locations/us/findings/123456/externalSy stems/jira` + `folders/1234/sources/5678/findings/123456/externalSystems/jira` + `fold ers/1234/sources/5678/locations/us/findings/123456/externalSystems/jira` + `projects/1234/sources/5678/findings/123456/externalSystems/jira` + `p rojects/1234/sources/5678/locations/us/findings/123456/externalSystems/j ira` status: The most recent status of the finding's corresponding case, as reported by the external system. ticketInfo: Information about the ticket, if any, that is being used to track the resolution of the issue that is identified by this finding. r Trrrrrrrrrr%GoogleCloudSecuritycenterV2TicketInforrNrrr1r2rrIs!F##A5)''*-((+.&&q),  ! !! $'  ! !! $'&2215%%a(+   q !$   $&%%&MrR*r1rc:\rSrSrSr\R "S5r\R"SS5r \R"S5r \R"SSS S 9r \R"S 5r\R "S 5r\R "S 5r\R"S5rSrg)GoogleCloudSecuritycenterV2Fileizrr rrr(GoogleCloudSecuritycenterV2FileOperationrTrrrrrrNrrr1r2rrzs$ " "1 %(  # #$I1 M(%%a(*%%&PRS^bc***1-/   q !$   #&    "$r1rch\rSrSrSr"SS\R 5r\R"SS5r Sr g)rirc0\rSrSrSrSrSrSrSrSr Sr S r g ) S?5r+\R0"S@5r,\R""SASB5r-\R""SSC5r.\R0"SD5r/\R""SESFS,S-9r0\Rb"SSG5r2\R""SHSIS,S-9r3\R""SJSKS,S-9r4\R""SLSM5r5\R""SNSO5r6\R""SPSQ5r7\R""SRSS5r8\R""STSU5r9\R""SVSWS,S-9r:\R""SXSYS,S-9r;\R""SZS[5r<\R0"S\5r=\Rb"SS]5r>\R""S^S_5r?\R0"S`5r@\R0"Sa5rA\R0"Sb5rB\R""ScSdS,S-9rC\R0"Se5rD\R""SfSg5rE\R""ShSiS,S-9rF\R0"Sj5rG\R0"Sk5rH\R""SlSmS,S-9rI\R0"Sn5rJ\R""SoSp5rK\R""SqSr5rL\Rb"SSs5rM\R""SSt5rN\Rb"S Su5rO\R""SvSw5rP\R""SxSy5rQ\R""SzS{5rRS|rSg})~"GoogleCloudSecuritycenterV2Findingia ,Security Command Center finding. A finding is a record of assessment data like security, risk, health, or privacy, that is ingested into Security Command Center for presentation, notification, analysis, policy testing, and enforcement. For example, a cross-site scripting (XSS) vulnerability in an App Engine application is a finding. Enums: FindingClassValueValuesEnum: The class of the finding. MuteValueValuesEnum: Indicates the mute state of a finding (either muted, unmuted or undefined). Unlike other attributes of a finding, a finding provider shouldn't set the value of mute. SeverityValueValuesEnum: The severity of the finding. This field is managed by the source that writes the finding. StateValueValuesEnum: Output only. The state of the finding. Messages: ContactsValue: Output only. Map containing the points of contact for the given finding. The key represents the type of contact, while the value contains a list of all the contacts that pertain. Please refer to: https://cloud.google.com/resource-manager/docs/managing-notification- contacts#notification-categories { "security": { "contacts": [ { "email": "person1@company.com" }, { "email": "person2@company.com" } ] } } ExternalSystemsValue: Output only. Third party SIEM/SOAR fields within SCC, contains external system information and external system finding fields. SourcePropertiesValue: Source specific properties. These properties are managed by the source that writes the finding. The key names in the source_properties map must be between 1 and 255 characters, and must start with a letter and contain alphanumeric characters or underscores only. Fields: access: Access details associated with the finding, such as more information on the caller, which method was accessed, and from where. affectedResources: AffectedResources associated with the finding. aiModel: The AI model associated with the finding. application: Represents an application associated with the finding. attackExposure: The results of an attack path simulation relevant to this finding. backupDisasterRecovery: Fields related to Backup and DR findings. canonicalName: Output only. The canonical name of the finding. The following list shows some examples: + `organizations/{organization_id}/s ources/{source_id}/locations/{location_id}/findings/{finding_id}` + `fol ders/{folder_id}/sources/{source_id}/locations/{location_id}/findings/{f inding_id}` + `projects/{project_id}/sources/{source_id}/locations/{loca tion_id}/findings/{finding_id}` The prefix is the closest CRM ancestor of the resource associated with the finding. category: Immutable. The additional taxonomy group within findings from a given source. Example: "XSS_FLASH_INJECTION" chokepoint: Contains details about a chokepoint, which is a resource or resource group where high-risk attack paths converge, based on [attack path simulations] (https://cloud.google.com/security-command- center/docs/attack-exposure-learn#attack_path_simulations). This field cannot be updated. Its value is ignored in all update requests. cloudArmor: Fields related to Cloud Armor findings. cloudDlpDataProfile: Cloud DLP data profile that is associated with the finding. cloudDlpInspection: Cloud Data Loss Prevention (Cloud DLP) inspection results that are associated with the finding. complianceDetails: Details about the compliance implications of the finding. compliances: Contains compliance information for security standards associated to the finding. connections: Contains information about the IP connection associated with the finding. contacts: Output only. Map containing the points of contact for the given finding. The key represents the type of contact, while the value contains a list of all the contacts that pertain. Please refer to: https://cloud.google.com/resource-manager/docs/managing-notification- contacts#notification-categories { "security": { "contacts": [ { "email": "person1@company.com" }, { "email": "person2@company.com" } ] } } containers: Containers associated with the finding. This field provides information for both Kubernetes and non-Kubernetes containers. createTime: Output only. The time at which the finding was created in Security Command Center. cryptoKeyName: Output only. The name of the Cloud KMS key used to encrypt this finding, if any. dataAccessEvents: Data access events associated with the finding. dataFlowEvents: Data flow events associated with the finding. dataRetentionDeletionEvents: Data retention deletion events associated with the finding. database: Database associated with the finding. description: Contains more details about the finding. disk: Disk associated with the finding. eventTime: The time the finding was first detected. If an existing finding is updated, then this is the time the update occurred. For example, if the finding represents an open firewall, this property captures the time the detector believes the firewall became open. The accuracy is determined by the detector. If the finding is later resolved, then this time reflects when the finding was resolved. This must not be set to a value greater than the current timestamp. exfiltration: Represents exfiltrations associated with the finding. externalSystems: Output only. Third party SIEM/SOAR fields within SCC, contains external system information and external system finding fields. externalUri: The URI that, if available, points to a web page outside of Security Command Center where additional information about the finding can be found. This field is guaranteed to be either empty or a well formed URL. files: File associated with the finding. findingClass: The class of the finding. groupMemberships: Contains details about groups of which this finding is a member. A group is a collection of findings that are related in some way. This field cannot be updated. Its value is ignored in all update requests. iamBindings: Represents IAM bindings associated with the finding. indicator: Represents what's commonly known as an *indicator of compromise* (IoC) in computer forensics. This is an artifact observed on a network or in an operating system that, with high confidence, indicates a computer intrusion. For more information, see [Indicator of compromise](https://en.wikipedia.org/wiki/Indicator_of_compromise). ipRules: IP rules associated with the finding. job: Job associated with the finding. kernelRootkit: Signature of the kernel rootkit. kubernetes: Kubernetes resources associated with the finding. loadBalancers: The load balancers associated with the finding. logEntries: Log entries that are relevant to the finding. mitreAttack: MITRE ATT&CK tactics and techniques related to this finding. See: https://attack.mitre.org moduleName: Unique identifier of the module which generated the finding. Example: folders/598186756061/securityHealthAnalyticsSettings/customModu les/56799441161885 mute: Indicates the mute state of a finding (either muted, unmuted or undefined). Unlike other attributes of a finding, a finding provider shouldn't set the value of mute. muteInfo: Output only. The mute information regarding this finding. muteInitiator: Records additional information about the mute operation, for example, the [mute configuration](https://cloud.google.com/security- command-center/docs/how-to-mute-findings) that muted the finding and the user who muted the finding. muteUpdateTime: Output only. The most recent time this finding was muted or unmuted. name: Identifier. The [relative resource name](https://cloud.google.com/ap is/design/resource_names#relative_resource_name) of the finding. The following list shows some examples: + `organizations/{organization_id}/s ources/{source_id}/findings/{finding_id}` + `organizations/{organization _id}/sources/{source_id}/locations/{location_id}/findings/{finding_id}` + `folders/{folder_id}/sources/{source_id}/findings/{finding_id}` + `fol ders/{folder_id}/sources/{source_id}/locations/{location_id}/findings/{f inding_id}` + `projects/{project_id}/sources/{source_id}/findings/{finding_id}` + `pro jects/{project_id}/sources/{source_id}/locations/{location_id}/findings/ {finding_id}` networks: Represents the VPC networks that the resource is attached to. nextSteps: Steps to address the finding. notebook: Notebook associated with the finding. orgPolicies: Contains information about the org policies associated with the finding. parent: The relative resource name of the source and location the finding belongs to. See: https://cloud.google.com/apis/design/resource_names#rel ative_resource_name This field is immutable after creation time. The following list shows some examples: + `organizations/{organization_id}/sources/{source_id}` + `folders/{folders_id}/sources/{source_id}` + `projects/{projects_id}/sources/{source_id}` + `organizations/{organizat ion_id}/sources/{source_id}/locations/{location_id}` + `folders/{folders_id}/sources/{source_id}/locations/{location_id}` + `projects/{projects_id}/sources/{source_id}/locations/{location_id}` parentDisplayName: Output only. The human readable display name of the finding source such as "Event Threat Detection" or "Security Health Analytics". processes: Represents operating system processes associated with the Finding. resourceName: Immutable. For findings on Google Cloud resources, the full resource name of the Google Cloud resource this finding is for. See: https://cloud.google.com/apis/design/resource_names#full_resource_name When the finding is for a non-Google Cloud resource, the resourceName can be a customer or partner defined string. securityMarks: Output only. User specified security marks. These marks are entirely managed by the user and come from the SecurityMarks resource that belongs to the finding. securityPosture: The security posture associated with the finding. severity: The severity of the finding. This field is managed by the source that writes the finding. sourceProperties: Source specific properties. These properties are managed by the source that writes the finding. The key names in the source_properties map must be between 1 and 255 characters, and must start with a letter and contain alphanumeric characters or underscores only. state: Output only. The state of the finding. toxicCombination: Contains details about a group of security issues that, when the issues occur together, represent a greater risk than when the issues occur independently. A group of such issues is referred to as a toxic combination. This field cannot be updated. Its value is ignored in all update requests. vertexAi: VertexAi associated with the finding. vulnerability: Represents vulnerability-specific fields like CVE and CVSS scores. CVE stands for Common Vulnerabilities and Exposures (https://cve.mitre.org/about/) c@\rSrSrSrSrSrSrSrSr Sr S r S r S r S rS rg)>GoogleCloudSecuritycenterV2Finding.FindingClassValueValuesEnumiwaThe class of the finding. Values: FINDING_CLASS_UNSPECIFIED: Unspecified finding class. THREAT: Describes unwanted or malicious activity. VULNERABILITY: Describes a potential weakness in software that increases risk to Confidentiality & Integrity & Availability. MISCONFIGURATION: Describes a potential weakness in cloud resource/asset configuration that increases risk. OBSERVATION: Describes a security observation that is for informational purposes. SCC_ERROR: Describes an error that prevents some SCC functionality. POSTURE_VIOLATION: Describes a potential security risk due to a change in the security posture. TOXIC_COMBINATION: Describes a combination of security issues that represent a more severe security problem when taken together. SENSITIVE_DATA_RISK: Describes a potential security risk to data assets that contain sensitive data. CHOKEPOINT: Describes a resource or resource group where high risk attack paths converge, based on attack path simulations (APS). rr rrrrrrrrrNrrr1r2rr ws@*!" FMKIJr1rc(\rSrSrSrSrSrSrSrSr g) 6GoogleCloudSecuritycenterV2Finding.MuteValueValuesEnumirrr rrrNrrr1r2rrrr1rc,\rSrSrSrSrSrSrSrSr Sr g ) :GoogleCloudSecuritycenterV2Finding.SeverityValueValuesEnumirrr rrrrNrrr1r2rrrr1rc$\rSrSrSrSrSrSrSrg)7GoogleCloudSecuritycenterV2Finding.StateValueValuesEnumiaOutput only. The state of the finding. Values: STATE_UNSPECIFIED: Unspecified state. ACTIVE: The finding requires attention and has not been addressed yet. INACTIVE: The finding has been fixed, triaged as a non-issue or otherwise addressed and is no longer active. rr rrNrrr1r2rrrr1rrcf\rSrSrSr"SS\R 5r\R"SSSS9r Sr g ) 0GoogleCloudSecuritycenterV2Finding.ContactsValueircb\rSrSrSr\R "S5r\R"SS5r Sr g)CGoogleCloudSecuritycenterV2Finding.ContactsValue.AdditionalPropertyizAn additional property for a ContactsValue object. Fields: key: Name of the additional property. value: A GoogleCloudSecuritycenterV2ContactDetails attribute. r rrrNrrr1r2rrrr1rr TrrNrrr1r2rrs4  UY.. U%112FTXYr1rcf\rSrSrSr"SS\R 5r\R"SSSS9r Sr g ) 7GoogleCloudSecuritycenterV2Finding.ExternalSystemsValueircb\rSrSrSr\R "S5r\R"SS5r Sr g)JGoogleCloudSecuritycenterV2Finding.ExternalSystemsValue.AdditionalPropertyizAn additional property for a ExternalSystemsValue object. Fields: key: Name of the additional property. value: A GoogleCloudSecuritycenterV2ExternalSystem attribute. r rrrNrrr1r2rrrr1rr TrrNrrr1r2rrrr1rcf\rSrSrSr"SS\R 5r\R"SSSS9r Sr g ) 8GoogleCloudSecuritycenterV2Finding.SourcePropertiesValueircb\rSrSrSr\R "S5r\R"SS5r Sr g)KGoogleCloudSecuritycenterV2Finding.SourcePropertiesValue.AdditionalPropertyi-rr rrrNrrr1r2rr-rr1rr TrrNrrr1r2rrrr1rrjr rrrrtrr|rrrrrrrrrrrrrrrrrrrTrrrrrrr rrrrrrrrr r rr r rr rrrrr*GoogleCloudSecuritycenterV2GroupMembershipr%GoogleCloudSecuritycenterV2IamBindingr$GoogleCloudSecuritycenterV2Indicatorr"GoogleCloudSecuritycenterV2IpRulesrGoogleCloudSecuritycenterV2Jobr(GoogleCloudSecuritycenterV2KernelRootkitr%GoogleCloudSecuritycenterV2Kubernetesr 'GoogleCloudSecuritycenterV2LoadBalancerr"#GoogleCloudSecuritycenterV2LogEntryr$&GoogleCloudSecuritycenterV2MitreAttackr%r&r'#GoogleCloudSecuritycenterV2MuteInfor)r*r+r,"GoogleCloudSecuritycenterV2Networkr.r/#GoogleCloudSecuritycenterV2Notebookr1$GoogleCloudSecuritycenterV2OrgPolicyr3r4r5"GoogleCloudSecuritycenterV2Processr7r8(GoogleCloudSecuritycenterV2SecurityMarksr:*GoogleCloudSecuritycenterV2SecurityPosturer<r=r>r?+GoogleCloudSecuritycenterV2ToxicCombinationrA#GoogleCloudSecuritycenterV2VertexAirC(GoogleCloudSecuritycenterV2VulnerabilityrErN)Trrrr r!r"rarrrrrrrrrrr%rFrGrHrIrJrKr#rLrMrNrOrPrQrRrSrTrrUrrrVrWrXrYrrZr<r[r\r]r^rbr_r`rarbrprcrdrerfrgrhrirjrlrmrnr9rorprqrrrrsrtrurvrwrxryrrzr{r|r0rr1r2r r s~@INNBINN / / b Y^^  !!"89Zi''Z:Z8 !!"89ZY..Z:Z2 !!"89Zi//Z:Z8  ! !"Eq I&,,-[]^_  " "#G K'&&'OQRS+))*UWXY.$112eghi''*-  " "1 %(%%&MqQ*%%&MrR*!../_acd --.]_ab,,-[]_`&&'NPR]ab+&&'NPR]ab+  # #OR 8(%%&Lb[_`*$$R(*''+-++,XZ\gkl))*TVXcgh. ) 6 67npr~B!C  # #$I2 N(%%b)+    A2 F$##B')''(QSUV,**+A2F/%%b)+  !BBQU V%$$%BBG,++,XZ\gkl&&'NPR]ab+$$%KRP)  " "#G L'?D#(()SUWX-%%&MrR*(()RTVaef-%%&KRZ^_*&&'OQST+$$R(*   2B 7$  # #$I2 N(''+-((,.   r "$  # #$H"W[ \(##B')  # #$I2 N(&&'Mr\`a+   $&++B/$$%I2X\])&&r*,(()SUWX-**+WY[\/  !:B ?(++,CRH   4b 9%++,Y[]^  # #$I2 N((()SUWX-r1r c`\rSrSrSr\R "S5r\R "S5rSr g)ri{rr rrNrrr1r2rr{rr1rc"\rSrSrSr"SS\R 5r"SS\R 5r\R"SSSS 9r \R"S S SS 9r \R"S 5r\R"S 5r\R"SS5rSrg)rirc,\rSrSrSrSrSrSrSrSr Sr g ) EGoogleCloudSecuritycenterV2Framework.CategoryValueListEntryValuesEnumirrr rrrrNrrr1r2rr6rr1rc$\rSrSrSrSrSrSrSrg)8GoogleCloudSecuritycenterV2Framework.TypeValueValuesEnumirrr rrNrrr1r2rr8rr1rr TrrrrrrrNrrr1r2rrs. INN  !CQQU V(  # #$H!VZ [(%%a(+   q !$   2A 6$r1rc<\rSrSrSr\R "S5rSrg)rkirr rNrrr1r2rkrkrr1rkc\rSrSrSr"SS\R 5r\R"S5r \R"SS5r Sr g) riContains details about groups of which this finding is a member. A group is a collection of findings that are related in some way. Enums: GroupTypeValueValuesEnum: Type of group. Fields: groupId: ID of the group. groupType: Type of group. c$\rSrSrSrSrSrSrSrg)CGoogleCloudSecuritycenterV2GroupMembership.GroupTypeValueValuesEnumiType of group. Values: GROUP_TYPE_UNSPECIFIED: Default value. GROUP_TYPE_TOXIC_COMBINATION: Group represents a toxic combination. GROUP_TYPE_CHOKEPOINT: Group represents a chokepoint. rr rrN rrrr r!GROUP_TYPE_UNSPECIFIEDGROUP_TYPE_TOXIC_COMBINATIONGROUP_TYPE_CHOKEPOINTr0rr1r2GroupTypeValueValuesEnumr=#$ r1rCr rrN rrrr r!r"rarCr#groupIdrb groupTyper0rr1r2rr<     ! !! $'!!"r0rr1r2rr$s>    q !$++,Y[\]  ! !! $'r1rc`\rSrSrSr\R "SSSS9r\R"S5r Sr g ) ryi8IP rule information. Fields: portRanges: Optional. An optional list of ports to which this rule applies. This field is only applicable for the UDP or (S)TCP protocols. Each entry must be either an integer or a range including a min and max port number. protocol: The IP protocol this rule applies to. This value can either be one of the following well known protocol strings (TCP, UDP, ICMP, ESP, AH, IPIP, SCTP) or a string representation of the integer value. $GoogleCloudSecuritycenterV2PortRanger TrrrN rrrr r!r"r% portRangesr#rr0rr1r2ryry8s/ %%&LaZ^_*  " "1 %(r1ryc\rSrSrSr"SS\R 5r\R"SS5r \R"SS5r \R"S S S 9r \R"SS 5r\R"S S S 9r\R"SS S 9rSrg)r"iIIP rules associated with the finding. Enums: DirectionValueValuesEnum: The direction that the rule is applicable to, one of ingress or egress. Fields: allowed: Tuple with allowed rules. denied: Tuple with denied rules. destinationIpRanges: If destination IP ranges are specified, the firewall rule applies only to traffic that has a destination IP address in these ranges. These ranges must be expressed in CIDR format. Only supports IPv4. direction: The direction that the rule is applicable to, one of ingress or egress. exposedServices: Name of the network protocol service, such as FTP, that is exposed by the open port. Follows the naming convention available at: https://www.iana.org/assignments/service-names-port-numbers/service- names-port-numbers.xhtml. sourceIpRanges: If source IP ranges are specified, the firewall rule applies only to traffic that has a source IP address in these ranges. These ranges must be expressed in CIDR format. Only supports IPv4. c$\rSrSrSrSrSrSrSrg);GoogleCloudSecuritycenterV2IpRules.DirectionValueValuesEnumibThe direction that the rule is applicable to, one of ingress or egress. Values: DIRECTION_UNSPECIFIED: Unspecified direction value. INGRESS: Ingress direction value. EGRESS: Egress direction value. rr rrN rrrr r!DIRECTION_UNSPECIFIEDINGRESSEGRESSr0rr1r2DirectionValueValuesEnumrmbG Fr1rsrxr rrrTrrrrrNrrrr r!r"rarsr%alloweddeniedr#destinationIpRangesrb directionexposedServicessourceIpRangesr0rr1r2r"r"Is0    " "#G K'  ! !"Eq I&!--a$?!!"\rSrSrSr\R "SS5rSrg)rizThe AWS metadata of a resource associated with an issue. Fields: account: The AWS account of the resource associated with the issue. =GoogleCloudSecuritycenterV2IssueResourceAwsMetadataAwsAccountr rN) rrrr r!r"r%rr0rr1r2rrs  " "#bde f'r1rc`\rSrSrSr\R "S5r\R "S5rSr g)rizThe AWS account of the resource associated with the issue. Fields: id: The AWS account ID of the resource associated with the issue. name: The AWS account name of the resource associated with the issue. r rrNrrr1r2rrrr1rc>\rSrSrSr\R "SS5rSrg)rizThe Azure metadata of a resource associated with an issue. Fields: subscription: The Azure subscription of the resource associated with the issue. FGoogleCloudSecuritycenterV2IssueResourceAzureMetadataAzureSubscriptionr rN) rrrr r!r"r%rr0rr1r2rrs''(prst,r1rc`\rSrSrSr\R "S5r\R "S5rSr g)rizThe Azure subscription of the resource associated with the issue. Fields: displayName: The Azure subscription display name of the resource associated with the issue. id: The Azure subscription ID of the resource associated with the issue. r rrNrrr1r2rrrr1rc<\rSrSrSr\R "S5rSrg)rizGoogle Cloud metadata of a resource associated with an issue. Fields: projectId: The project ID that the resource associated with the issue belongs to. r rN) rrrr r!r"r# projectIdr0rr1r2rrs##A&)r1rcd\rSrSrSr\R "SS5r\R "SS5rSr g) rizSecurity context associated with an issue. Fields: aggregatedCount: The aggregated count of the security context. context: The context of the security context. >GoogleCloudSecuritycenterV2IssueSecurityContextAggregatedCountr 6GoogleCloudSecuritycenterV2IssueSecurityContextContextrrN) rrrr r!r"r%aggregatedCountcontextr0rr1r2rrs1**+kmno/  " "#[]^ _'r1rc\rSrSrSr\R "S5r\R"S\RRS9r Sr g)rizeAggregated count of a security context. Fields: key: Aggregation key. value: Aggregation value. r rr}rN) rrrr r!r"r#rrMrrrr0rr1r2rrs7 a #  I,=,=,C,C D%r1rc^\rSrSrSr\R "S5r\R "SSS9rSr g) rizXContext of a security context. Fields: type: Context type. values: Context values. r rTrrN) rrrr r!r"r#rvaluesr0rr1r2rrs+   q !$  T 2&r1rc\rSrSrSr"SS\R 5r\R"S\RRS9r \R"S5r \R"S5r\R"SS 5rS rg ) r#i'Describes a job Enums: StateValueValuesEnum: Output only. State of the job, such as `RUNNING` or `PENDING`. Fields: errorCode: Optional. If the job did not complete successfully, this field describes why. location: Optional. Gives the location where the job ran, such as `US` or `europe-west1` name: The fully-qualified name for a job. e.g. `projects//jobs/` state: Output only. State of the job, such as `RUNNING` or `PENDING`. c,\rSrSrSrSrSrSrSrSr Sr g ) 3GoogleCloudSecuritycenterV2Job.StateValueValuesEnumi7IOutput only. State of the job, such as `RUNNING` or `PENDING`. Values: JOB_STATE_UNSPECIFIED: Unspecified represents an unknown state and should not be used. PENDING: Job is scheduled and pending for run RUNNING: Job in progress SUCCEEDED: Job has completed with success FAILED: Job has completed but with failure rr rrrrN rrrr r!JOB_STATE_UNSPECIFIEDPENDINGRUNNING SUCCEEDEDFAILEDr0rr1r2rr7# GGI Fr1rr r}rrrrNrrrr r!r"rarrMrr errorCoder#rgr9rbrr0rr1r2r#r#'j Y^^"$$Q 0A0A0G0GH)  " "1 %(   q !$   4a 8%r1r#c\\rSrSrSr\R "S5r\R"S5r \R"S5r \R"S5r \R"S5r \R"S5r \R"S 5r\R"S 5r\R"S 5rS rg )r$iNKernel mode rootkit signatures. Fields: name: Rootkit name, when available. unexpectedCodeModification: True if unexpected modifications of kernel code memory are present. unexpectedFtraceHandler: True if `ftrace` points are present with callbacks pointing to regions that are not in the expected kernel or module code range. unexpectedInterruptHandler: True if interrupt handlers that are are not in the expected kernel or module code regions are present. unexpectedKernelCodePages: True if kernel code pages that are not in the expected kernel or module code regions are present. unexpectedKprobeHandler: True if `kprobe` points are present with callbacks pointing to regions that are not in the expected kernel or module code range. unexpectedProcessesInRunqueue: True if unexpected processes in the scheduler run queue are present. Such processes are in the run queue, but not in the process task list. unexpectedReadOnlyDataModification: True if unexpected modifications of kernel read-only data memory are present. unexpectedSystemCallHandler: True if system call handlers that are are not in the expected kernel or module code regions are present. r rrrrrrrrrNrrrr r!r"r#r9rdunexpectedCodeModificationunexpectedFtraceHandlerunexpectedInterruptHandlerunexpectedKernelCodePagesunexpectedKprobeHandlerunexpectedProcessesInRunqueue"unexpectedReadOnlyDataModificationunexpectedSystemCallHandlerr0rr1r2r$r$N2   q !$(55a8%2215(55a8'44Q7%2215"+"8"8";'0'='=a'@$ ) 6 6q 9r1r$c\rSrSrSr\R "SSSS9r\R "SSSS9r\R "S S SS9r \R "S S SS9r \R "S SSS9r \R "SSSS9r \R "SSSS9r Srg)r%isKubernetes-related attributes. Fields: accessReviews: Provides information on any Kubernetes access reviews (privilege checks) relevant to the finding. bindings: Provides Kubernetes role binding information for findings that involve [RoleBindings or ClusterRoleBindings](https://cloud.google.com/kubernetes- engine/docs/how-to/role-based-access-control). nodePools: GKE [node pools](https://cloud.google.com/kubernetes- engine/docs/concepts/node-pools) associated with the finding. This field contains node pool information for each node, when it is available. nodes: Provides Kubernetes [node](https://cloud.google.com/kubernetes- engine/docs/concepts/cluster-architecture#nodes) information. objects: Kubernetes objects related to the finding. pods: Kubernetes [Pods](https://cloud.google.com/kubernetes- engine/docs/concepts/pod) associated with the finding. This field contains Pod records for each container that is owned by a Pod. roles: Provides Kubernetes role information for findings that involve [Roles or ClusterRoles](https://cloud.google.com/kubernetes- engine/docs/how-to/role-based-access-control). rnr Trrr#GoogleCloudSecuritycenterV2NodePoolrGoogleCloudSecuritycenterV2Noder!GoogleCloudSecuritycenterV2ObjectrGoogleCloudSecuritycenterV2PodrrrrNrrrr r!r"r% accessReviewsbindings nodePoolsnodesobjectspodsrolesr0rr1r2r%r%ss.(()RTU`de-  # #$H!VZ [($$%JAX\])  !BAPT U%  " "#FTX Y'    @!d S$  !BAPT U%r1r%c`\rSrSrSr\R "S5r\R "S5rSr g)riRepresents a generic name-value label. A label has separate name and value fields to support filtering with the `contains()` function. For more information, see [Filtering on array-type fields](https://cloud.google.com/security-command-center/docs/how-to-api- list-findings#array-contains-filtering). Fields: name: Name of the label. value: Value that corresponds to the label's name. r rrN rrrr r!r"r#r9rr0rr1r2rr)    q !$    "%r1rc<\rSrSrSr\R "S5rSrg)r&iContains information related to the load balancer associated with the finding. Fields: name: The name of the load balancer associated with the finding. r rNrsrr1r2r&r&   q !$r1r&c>\rSrSrSr\R "SS5rSrg)r'irAn individual entry in a log. Fields: cloudLoggingEntry: An individual entry in a log stored in Cloud Logging. rr rN rrrr r!r"r%cloudLoggingEntryr0rr1r2r'r's  ,,-[]^_r1r'c`\rSrSrSr\R "S5r\R"SSSS9r Sr g ) .GoogleCloudSecuritycenterV2MemoryHashSignatureiA signature corresponding to memory page hashes. Fields: binaryFamily: The binary family. detections: The list of memory hash detections contributing to the binary family match. r rrTrrN rrrr r!r"r# binaryFamilyr% detectionsr0rr1r2rrs/&&q),%%&LaZ^_*r1rcv\rSrSrSr"SS\R 5r"SS\R 5r"SS\R 5r "S S \R 5r \R"SS S S 9r \R"SSS S 9r \R"SS5r\R"S SS S 9r\R "S5rSrg)r(iMITRE ATT&CK tactics and techniques related to this finding. See: https://attack.mitre.org Enums: AdditionalTacticsValueListEntryValuesEnum: AdditionalTechniquesValueListEntryValuesEnum: PrimaryTacticValueValuesEnum: The MITRE ATT&CK tactic most closely represented by this finding, if any. PrimaryTechniquesValueListEntryValuesEnum: Fields: additionalTactics: Additional MITRE ATT&CK tactics related to this finding, if any. additionalTechniques: Additional MITRE ATT&CK techniques related to this finding, if any, along with any of their respective parent techniques. primaryTactic: The MITRE ATT&CK tactic most closely represented by this finding, if any. primaryTechniques: The MITRE ATT&CK technique most closely represented by this finding, if any. primary_techniques is a repeated field because there are multiple levels of MITRE ATT&CK techniques. If the technique most closely represented by this finding is a sub-technique (e.g. `SCANNING_IP_BLOCKS`), both the sub-technique and its parent technique(s) will be listed (e.g. `SCANNING_IP_BLOCKS`, `ACTIVE_SCANNING`). version: The MITRE ATT&CK version referenced by the above fields. E.g. "8". cT\rSrSrSrSrSrSrSrSr Sr S r S r S r S rS rSrSrSrSrSrg)PGoogleCloudSecuritycenterV2MitreAttack.AdditionalTacticsValueListEntryValuesEnumiAdditionalTacticsValueListEntryValuesEnum enum type. Values: TACTIC_UNSPECIFIED: Unspecified value. RECONNAISSANCE: TA0043 RESOURCE_DEVELOPMENT: TA0042 INITIAL_ACCESS: TA0001 EXECUTION: TA0002 PERSISTENCE: TA0003 PRIVILEGE_ESCALATION: TA0004 DEFENSE_EVASION: TA0005 CREDENTIAL_ACCESS: TA0006 DISCOVERY: TA0007 LATERAL_MOVEMENT: TA0008 COLLECTION: TA0009 COMMAND_AND_CONTROL: TA0011 EXFILTRATION: TA0010 IMPACT: TA0040 rr rrrrrrrrrrrrrrNrrrr r!TACTIC_UNSPECIFIEDRECONNAISSANCERESOURCE_DEVELOPMENTINITIAL_ACCESS EXECUTION PERSISTENCEPRIVILEGE_ESCALATIONDEFENSE_EVASIONCREDENTIAL_ACCESS DISCOVERYLATERAL_MOVEMENT COLLECTIONCOMMAND_AND_CONTROL EXFILTRATIONIMPACTr0rr1r2)AdditionalTacticsValueListEntryValuesEnumrZ&NNIKOIJL Fr1r.cD\rSrSrSrSrSrSrSrSr Sr S r S r S r S rS rSrSrSrSrSrSrSrSrSrSrSrSrSrSrSrSrSr Sr!S r"S!r#S"r$S#r%S$r&S%r'S&r(S'r)S(r*S)r+S*r,S+r-S,r.S-r/S.r0S/r1S0r2S1r3S2r4S3r5S4r6S5r7S6r8S7r9S8r:S9r;S:rS=r?S>r@S?rAS@rBSArCSBrDSCrESDrFSErGSFrHSGrISHrJSIrKSJrLSKrMSLrNSMrOSNrPSOrQSPrRSQrSSRrTSSrUSTrVSUrWSVrXSWrYSXrZSYr[SZr\S[r]S\r^S]r_S^r`S_raS`rbSarcSbrdScreSdrfSergSfrhSgriShrjSirkSjrlSkrmSlrnSmroSnrpSorqSprrSqrsSrrtSsruStrvSurwSvrxSwrySxrzSyr{Szr|S{r}S|r~S}rS~rSrSrSrSrSrSrSrSrSrSrSrSrSrSrSrSrg)SGoogleCloudSecuritycenterV2MitreAttack.AdditionalTechniquesValueListEntryValuesEnumiAdditionalTechniquesValueListEntryValuesEnum enum type. Values: TECHNIQUE_UNSPECIFIED: Unspecified value. DATA_OBFUSCATION: T1001 DATA_OBFUSCATION_STEGANOGRAPHY: T1001.002 OS_CREDENTIAL_DUMPING: T1003 OS_CREDENTIAL_DUMPING_PROC_FILESYSTEM: T1003.007 OS_CREDENTIAL_DUMPING_ETC_PASSWORD_AND_ETC_SHADOW: T1003.008 DATA_FROM_LOCAL_SYSTEM: T1005 AUTOMATED_EXFILTRATION: T1020 OBFUSCATED_FILES_OR_INFO: T1027 STEGANOGRAPHY: T1027.003 COMPILE_AFTER_DELIVERY: T1027.004 COMMAND_OBFUSCATION: T1027.010 SCHEDULED_TRANSFER: T1029 SYSTEM_OWNER_USER_DISCOVERY: T1033 MASQUERADING: T1036 MATCH_LEGITIMATE_NAME_OR_LOCATION: T1036.005 BOOT_OR_LOGON_INITIALIZATION_SCRIPTS: T1037 STARTUP_ITEMS: T1037.005 NETWORK_SERVICE_DISCOVERY: T1046 SCHEDULED_TASK_JOB: T1053 SCHEDULED_TASK_JOB_CRON: T1053.003 CONTAINER_ORCHESTRATION_JOB: T1053.007 PROCESS_INJECTION: T1055 INPUT_CAPTURE: T1056 INPUT_CAPTURE_KEYLOGGING: T1056.001 PROCESS_DISCOVERY: T1057 COMMAND_AND_SCRIPTING_INTERPRETER: T1059 UNIX_SHELL: T1059.004 PYTHON: T1059.006 EXPLOITATION_FOR_PRIVILEGE_ESCALATION: T1068 PERMISSION_GROUPS_DISCOVERY: T1069 CLOUD_GROUPS: T1069.003 INDICATOR_REMOVAL: T1070 INDICATOR_REMOVAL_CLEAR_LINUX_OR_MAC_SYSTEM_LOGS: T1070.002 INDICATOR_REMOVAL_CLEAR_COMMAND_HISTORY: T1070.003 INDICATOR_REMOVAL_FILE_DELETION: T1070.004 INDICATOR_REMOVAL_TIMESTOMP: T1070.006 INDICATOR_REMOVAL_CLEAR_MAILBOX_DATA: T1070.008 APPLICATION_LAYER_PROTOCOL: T1071 DNS: T1071.004 SOFTWARE_DEPLOYMENT_TOOLS: T1072 VALID_ACCOUNTS: T1078 DEFAULT_ACCOUNTS: T1078.001 LOCAL_ACCOUNTS: T1078.003 CLOUD_ACCOUNTS: T1078.004 FILE_AND_DIRECTORY_DISCOVERY: T1083 ACCOUNT_DISCOVERY_LOCAL_ACCOUNT: T1087.001 PROXY: T1090 EXTERNAL_PROXY: T1090.002 MULTI_HOP_PROXY: T1090.003 ACCOUNT_MANIPULATION: T1098 ADDITIONAL_CLOUD_CREDENTIALS: T1098.001 ADDITIONAL_CLOUD_ROLES: T1098.003 SSH_AUTHORIZED_KEYS: T1098.004 ADDITIONAL_CONTAINER_CLUSTER_ROLES: T1098.006 MULTI_STAGE_CHANNELS: T1104 INGRESS_TOOL_TRANSFER: T1105 NATIVE_API: T1106 BRUTE_FORCE: T1110 AUTOMATED_COLLECTION: T1119 SHARED_MODULES: T1129 DATA_ENCODING: T1132 STANDARD_ENCODING: T1132.001 ACCESS_TOKEN_MANIPULATION: T1134 TOKEN_IMPERSONATION_OR_THEFT: T1134.001 CREATE_ACCOUNT: T1136 LOCAL_ACCOUNT: T1136.001 DEOBFUSCATE_DECODE_FILES_OR_INFO: T1140 EXPLOIT_PUBLIC_FACING_APPLICATION: T1190 SUPPLY_CHAIN_COMPROMISE: T1195 COMPROMISE_SOFTWARE_DEPENDENCIES_AND_DEVELOPMENT_TOOLS: T1195.001 EXPLOITATION_FOR_CLIENT_EXECUTION: T1203 USER_EXECUTION: T1204 EXPLOITATION_FOR_CREDENTIAL_ACCESS: T1212 LINUX_AND_MAC_FILE_AND_DIRECTORY_PERMISSIONS_MODIFICATION: T1222.002 DOMAIN_POLICY_MODIFICATION: T1484 DATA_DESTRUCTION: T1485 DATA_ENCRYPTED_FOR_IMPACT: T1486 SERVICE_STOP: T1489 INHIBIT_SYSTEM_RECOVERY: T1490 FIRMWARE_CORRUPTION: T1495 RESOURCE_HIJACKING: T1496 NETWORK_DENIAL_OF_SERVICE: T1498 CLOUD_SERVICE_DISCOVERY: T1526 STEAL_APPLICATION_ACCESS_TOKEN: T1528 ACCOUNT_ACCESS_REMOVAL: T1531 TRANSFER_DATA_TO_CLOUD_ACCOUNT: T1537 STEAL_WEB_SESSION_COOKIE: T1539 CREATE_OR_MODIFY_SYSTEM_PROCESS: T1543 EVENT_TRIGGERED_EXECUTION: T1546 BOOT_OR_LOGON_AUTOSTART_EXECUTION: T1547 KERNEL_MODULES_AND_EXTENSIONS: T1547.006 SHORTCUT_MODIFICATION: T1547.009 ABUSE_ELEVATION_CONTROL_MECHANISM: T1548 ABUSE_ELEVATION_CONTROL_MECHANISM_SETUID_AND_SETGID: T1548.001 ABUSE_ELEVATION_CONTROL_MECHANISM_SUDO_AND_SUDO_CACHING: T1548.003 UNSECURED_CREDENTIALS: T1552 CREDENTIALS_IN_FILES: T1552.001 BASH_HISTORY: T1552.003 PRIVATE_KEYS: T1552.004 SUBVERT_TRUST_CONTROL: T1553 INSTALL_ROOT_CERTIFICATE: T1553.004 COMPROMISE_HOST_SOFTWARE_BINARY: T1554 CREDENTIALS_FROM_PASSWORD_STORES: T1555 MODIFY_AUTHENTICATION_PROCESS: T1556 PLUGGABLE_AUTHENTICATION_MODULES: T1556.003 MULTI_FACTOR_AUTHENTICATION: T1556.006 IMPAIR_DEFENSES: T1562 DISABLE_OR_MODIFY_TOOLS: T1562.001 INDICATOR_BLOCKING: T1562.006 DISABLE_OR_MODIFY_LINUX_AUDIT_SYSTEM: T1562.012 HIDE_ARTIFACTS: T1564 HIDDEN_FILES_AND_DIRECTORIES: T1564.001 HIDDEN_USERS: T1564.002 EXFILTRATION_OVER_WEB_SERVICE: T1567 EXFILTRATION_TO_CLOUD_STORAGE: T1567.002 DYNAMIC_RESOLUTION: T1568 LATERAL_TOOL_TRANSFER: T1570 HIJACK_EXECUTION_FLOW: T1574 HIJACK_EXECUTION_FLOW_DYNAMIC_LINKER_HIJACKING: T1574.006 MODIFY_CLOUD_COMPUTE_INFRASTRUCTURE: T1578 CREATE_SNAPSHOT: T1578.001 CLOUD_INFRASTRUCTURE_DISCOVERY: T1580 DEVELOP_CAPABILITIES: T1587 DEVELOP_CAPABILITIES_MALWARE: T1587.001 OBTAIN_CAPABILITIES: T1588 OBTAIN_CAPABILITIES_MALWARE: T1588.001 OBTAIN_CAPABILITIES_VULNERABILITIES: T1588.006 ACTIVE_SCANNING: T1595 SCANNING_IP_BLOCKS: T1595.001 STAGE_CAPABILITIES: T1608 UPLOAD_MALWARE: T1608.001 CONTAINER_ADMINISTRATION_COMMAND: T1609 DEPLOY_CONTAINER: T1610 ESCAPE_TO_HOST: T1611 CONTAINER_AND_RESOURCE_DISCOVERY: T1613 REFLECTIVE_CODE_LOADING: T1620 STEAL_OR_FORGE_AUTHENTICATION_CERTIFICATES: T1649 FINANCIAL_THEFT: T1657 rr rrrrrrrrrrrrrrrrr rrrrr r r r r rrrrrrrrrrr r"r$r%r&r'r)r*r+r,r.r/r1r3r4r5r7r8r:r<r=r>r?rArCrE@ABCDEFGHIJKLMNr5PQRSTUVWXYZ[\]^_`abcdefghijkrBmnopqrstuvwxyz{rJ}~rRrNrrrr r!TECHNIQUE_UNSPECIFIEDDATA_OBFUSCATIONDATA_OBFUSCATION_STEGANOGRAPHYOS_CREDENTIAL_DUMPING%OS_CREDENTIAL_DUMPING_PROC_FILESYSTEM1OS_CREDENTIAL_DUMPING_ETC_PASSWORD_AND_ETC_SHADOWDATA_FROM_LOCAL_SYSTEMAUTOMATED_EXFILTRATIONOBFUSCATED_FILES_OR_INFO STEGANOGRAPHYCOMPILE_AFTER_DELIVERYCOMMAND_OBFUSCATIONSCHEDULED_TRANSFERSYSTEM_OWNER_USER_DISCOVERY MASQUERADING!MATCH_LEGITIMATE_NAME_OR_LOCATION$BOOT_OR_LOGON_INITIALIZATION_SCRIPTS STARTUP_ITEMSNETWORK_SERVICE_DISCOVERYSCHEDULED_TASK_JOBSCHEDULED_TASK_JOB_CRONCONTAINER_ORCHESTRATION_JOBPROCESS_INJECTION INPUT_CAPTUREINPUT_CAPTURE_KEYLOGGINGPROCESS_DISCOVERY!COMMAND_AND_SCRIPTING_INTERPRETER UNIX_SHELLPYTHON%EXPLOITATION_FOR_PRIVILEGE_ESCALATIONPERMISSION_GROUPS_DISCOVERY CLOUD_GROUPSINDICATOR_REMOVAL0INDICATOR_REMOVAL_CLEAR_LINUX_OR_MAC_SYSTEM_LOGS'INDICATOR_REMOVAL_CLEAR_COMMAND_HISTORYINDICATOR_REMOVAL_FILE_DELETIONINDICATOR_REMOVAL_TIMESTOMP$INDICATOR_REMOVAL_CLEAR_MAILBOX_DATAAPPLICATION_LAYER_PROTOCOLDNSSOFTWARE_DEPLOYMENT_TOOLSVALID_ACCOUNTSDEFAULT_ACCOUNTSLOCAL_ACCOUNTSCLOUD_ACCOUNTSFILE_AND_DIRECTORY_DISCOVERYACCOUNT_DISCOVERY_LOCAL_ACCOUNTPROXYEXTERNAL_PROXYMULTI_HOP_PROXYACCOUNT_MANIPULATIONADDITIONAL_CLOUD_CREDENTIALSADDITIONAL_CLOUD_ROLESSSH_AUTHORIZED_KEYS"ADDITIONAL_CONTAINER_CLUSTER_ROLESMULTI_STAGE_CHANNELSINGRESS_TOOL_TRANSFER NATIVE_API BRUTE_FORCEAUTOMATED_COLLECTIONSHARED_MODULES DATA_ENCODINGSTANDARD_ENCODINGACCESS_TOKEN_MANIPULATIONTOKEN_IMPERSONATION_OR_THEFTCREATE_ACCOUNT LOCAL_ACCOUNT DEOBFUSCATE_DECODE_FILES_OR_INFO!EXPLOIT_PUBLIC_FACING_APPLICATIONSUPPLY_CHAIN_COMPROMISE6COMPROMISE_SOFTWARE_DEPENDENCIES_AND_DEVELOPMENT_TOOLS!EXPLOITATION_FOR_CLIENT_EXECUTIONUSER_EXECUTION"EXPLOITATION_FOR_CREDENTIAL_ACCESS9LINUX_AND_MAC_FILE_AND_DIRECTORY_PERMISSIONS_MODIFICATIONDOMAIN_POLICY_MODIFICATIONDATA_DESTRUCTIONDATA_ENCRYPTED_FOR_IMPACT SERVICE_STOPINHIBIT_SYSTEM_RECOVERYFIRMWARE_CORRUPTIONRESOURCE_HIJACKINGNETWORK_DENIAL_OF_SERVICECLOUD_SERVICE_DISCOVERYSTEAL_APPLICATION_ACCESS_TOKENACCOUNT_ACCESS_REMOVALTRANSFER_DATA_TO_CLOUD_ACCOUNTSTEAL_WEB_SESSION_COOKIECREATE_OR_MODIFY_SYSTEM_PROCESSEVENT_TRIGGERED_EXECUTION!BOOT_OR_LOGON_AUTOSTART_EXECUTIONKERNEL_MODULES_AND_EXTENSIONSSHORTCUT_MODIFICATION!ABUSE_ELEVATION_CONTROL_MECHANISM3ABUSE_ELEVATION_CONTROL_MECHANISM_SETUID_AND_SETGID7ABUSE_ELEVATION_CONTROL_MECHANISM_SUDO_AND_SUDO_CACHINGUNSECURED_CREDENTIALSCREDENTIALS_IN_FILES BASH_HISTORY PRIVATE_KEYSSUBVERT_TRUST_CONTROLINSTALL_ROOT_CERTIFICATECOMPROMISE_HOST_SOFTWARE_BINARY CREDENTIALS_FROM_PASSWORD_STORESMODIFY_AUTHENTICATION_PROCESS PLUGGABLE_AUTHENTICATION_MODULESMULTI_FACTOR_AUTHENTICATIONIMPAIR_DEFENSESDISABLE_OR_MODIFY_TOOLSINDICATOR_BLOCKING$DISABLE_OR_MODIFY_LINUX_AUDIT_SYSTEMHIDE_ARTIFACTSHIDDEN_FILES_AND_DIRECTORIES HIDDEN_USERSEXFILTRATION_OVER_WEB_SERVICEEXFILTRATION_TO_CLOUD_STORAGEDYNAMIC_RESOLUTIONLATERAL_TOOL_TRANSFERHIJACK_EXECUTION_FLOW.HIJACK_EXECUTION_FLOW_DYNAMIC_LINKER_HIJACKING#MODIFY_CLOUD_COMPUTE_INFRASTRUCTURECREATE_SNAPSHOTCLOUD_INFRASTRUCTURE_DISCOVERYDEVELOP_CAPABILITIESDEVELOP_CAPABILITIES_MALWAREOBTAIN_CAPABILITIESOBTAIN_CAPABILITIES_MALWARE#OBTAIN_CAPABILITIES_VULNERABILITIESACTIVE_SCANNINGSCANNING_IP_BLOCKSSTAGE_CAPABILITIESUPLOAD_MALWARE CONTAINER_ADMINISTRATION_COMMANDDEPLOY_CONTAINERESCAPE_TO_HOST CONTAINER_AND_RESOURCE_DISCOVERYREFLECTIVE_CODE_LOADING*STEAL_OR_FORGE_AUTHENTICATION_CERTIFICATESFINANCIAL_THEFTr0rr1r2,AdditionalTechniquesValueListEntryValuesEnumr1-N^%&",-)895 M"$L(*%+-(M " "$M!(*%J F,.)"$L794.0+&(#"$+-(!# C "NNN#% &(# ENO#% )+&JKNM "#% NM')$(*% =?:(*%N)+&@B=!# "L  " %'"%'"!&(# "(*%$&!(*%:<7>@;LL"&)#'*$$'!'*$"%O!+.(N#& L$'!$'!582*-'O%("#& "%*-'ON'*$N'*$!14.Or1rcT\rSrSrSrSrSrSrSrSr Sr S r S r S r S rS rSrSrSrSrSrg)CGoogleCloudSecuritycenterV2MitreAttack.PrimaryTacticValueValuesEnumi#The MITRE ATT&CK tactic most closely represented by this finding, if any. Values: TACTIC_UNSPECIFIED: Unspecified value. RECONNAISSANCE: TA0043 RESOURCE_DEVELOPMENT: TA0042 INITIAL_ACCESS: TA0001 EXECUTION: TA0002 PERSISTENCE: TA0003 PRIVILEGE_ESCALATION: TA0004 DEFENSE_EVASION: TA0005 CREDENTIAL_ACCESS: TA0006 DISCOVERY: TA0007 LATERAL_MOVEMENT: TA0008 COLLECTION: TA0009 COMMAND_AND_CONTROL: TA0011 EXFILTRATION: TA0010 IMPACT: TA0040 rr rrrrrrrrrrrrrrNrrr1r2PrimaryTacticValueValuesEnumr #Z(NNIKOIJL Fr1r cD\rSrSrSrSrSrSrSrSr Sr S r S r S r S rS rSrSrSrSrSrSrSrSrSrSrSrSrSrSrSrSrSr Sr!S r"S!r#S"r$S#r%S$r&S%r'S&r(S'r)S(r*S)r+S*r,S+r-S,r.S-r/S.r0S/r1S0r2S1r3S2r4S3r5S4r6S5r7S6r8S7r9S8r:S9r;S:rS=r?S>r@S?rAS@rBSArCSBrDSCrESDrFSErGSFrHSGrISHrJSIrKSJrLSKrMSLrNSMrOSNrPSOrQSPrRSQrSSRrTSSrUSTrVSUrWSVrXSWrYSXrZSYr[SZr\S[r]S\r^S]r_S^r`S_raS`rbSarcSbrdScreSdrfSergSfrhSgriShrjSirkSjrlSkrmSlrnSmroSnrpSorqSprrSqrsSrrtSsruStrvSurwSvrxSwrySxrzSyr{Szr|S{r}S|r~S}rS~rSrSrSrSrSrSrSrSrSrSrSrSrSrSrSrSrg)PGoogleCloudSecuritycenterV2MitreAttack.PrimaryTechniquesValueListEntryValuesEnumiHPrimaryTechniquesValueListEntryValuesEnum enum type. Values: TECHNIQUE_UNSPECIFIED: Unspecified value. DATA_OBFUSCATION: T1001 DATA_OBFUSCATION_STEGANOGRAPHY: T1001.002 OS_CREDENTIAL_DUMPING: T1003 OS_CREDENTIAL_DUMPING_PROC_FILESYSTEM: T1003.007 OS_CREDENTIAL_DUMPING_ETC_PASSWORD_AND_ETC_SHADOW: T1003.008 DATA_FROM_LOCAL_SYSTEM: T1005 AUTOMATED_EXFILTRATION: T1020 OBFUSCATED_FILES_OR_INFO: T1027 STEGANOGRAPHY: T1027.003 COMPILE_AFTER_DELIVERY: T1027.004 COMMAND_OBFUSCATION: T1027.010 SCHEDULED_TRANSFER: T1029 SYSTEM_OWNER_USER_DISCOVERY: T1033 MASQUERADING: T1036 MATCH_LEGITIMATE_NAME_OR_LOCATION: T1036.005 BOOT_OR_LOGON_INITIALIZATION_SCRIPTS: T1037 STARTUP_ITEMS: T1037.005 NETWORK_SERVICE_DISCOVERY: T1046 SCHEDULED_TASK_JOB: T1053 SCHEDULED_TASK_JOB_CRON: T1053.003 CONTAINER_ORCHESTRATION_JOB: T1053.007 PROCESS_INJECTION: T1055 INPUT_CAPTURE: T1056 INPUT_CAPTURE_KEYLOGGING: T1056.001 PROCESS_DISCOVERY: T1057 COMMAND_AND_SCRIPTING_INTERPRETER: T1059 UNIX_SHELL: T1059.004 PYTHON: T1059.006 EXPLOITATION_FOR_PRIVILEGE_ESCALATION: T1068 PERMISSION_GROUPS_DISCOVERY: T1069 CLOUD_GROUPS: T1069.003 INDICATOR_REMOVAL: T1070 INDICATOR_REMOVAL_CLEAR_LINUX_OR_MAC_SYSTEM_LOGS: T1070.002 INDICATOR_REMOVAL_CLEAR_COMMAND_HISTORY: T1070.003 INDICATOR_REMOVAL_FILE_DELETION: T1070.004 INDICATOR_REMOVAL_TIMESTOMP: T1070.006 INDICATOR_REMOVAL_CLEAR_MAILBOX_DATA: T1070.008 APPLICATION_LAYER_PROTOCOL: T1071 DNS: T1071.004 SOFTWARE_DEPLOYMENT_TOOLS: T1072 VALID_ACCOUNTS: T1078 DEFAULT_ACCOUNTS: T1078.001 LOCAL_ACCOUNTS: T1078.003 CLOUD_ACCOUNTS: T1078.004 FILE_AND_DIRECTORY_DISCOVERY: T1083 ACCOUNT_DISCOVERY_LOCAL_ACCOUNT: T1087.001 PROXY: T1090 EXTERNAL_PROXY: T1090.002 MULTI_HOP_PROXY: T1090.003 ACCOUNT_MANIPULATION: T1098 ADDITIONAL_CLOUD_CREDENTIALS: T1098.001 ADDITIONAL_CLOUD_ROLES: T1098.003 SSH_AUTHORIZED_KEYS: T1098.004 ADDITIONAL_CONTAINER_CLUSTER_ROLES: T1098.006 MULTI_STAGE_CHANNELS: T1104 INGRESS_TOOL_TRANSFER: T1105 NATIVE_API: T1106 BRUTE_FORCE: T1110 AUTOMATED_COLLECTION: T1119 SHARED_MODULES: T1129 DATA_ENCODING: T1132 STANDARD_ENCODING: T1132.001 ACCESS_TOKEN_MANIPULATION: T1134 TOKEN_IMPERSONATION_OR_THEFT: T1134.001 CREATE_ACCOUNT: T1136 LOCAL_ACCOUNT: T1136.001 DEOBFUSCATE_DECODE_FILES_OR_INFO: T1140 EXPLOIT_PUBLIC_FACING_APPLICATION: T1190 SUPPLY_CHAIN_COMPROMISE: T1195 COMPROMISE_SOFTWARE_DEPENDENCIES_AND_DEVELOPMENT_TOOLS: T1195.001 EXPLOITATION_FOR_CLIENT_EXECUTION: T1203 USER_EXECUTION: T1204 EXPLOITATION_FOR_CREDENTIAL_ACCESS: T1212 LINUX_AND_MAC_FILE_AND_DIRECTORY_PERMISSIONS_MODIFICATION: T1222.002 DOMAIN_POLICY_MODIFICATION: T1484 DATA_DESTRUCTION: T1485 DATA_ENCRYPTED_FOR_IMPACT: T1486 SERVICE_STOP: T1489 INHIBIT_SYSTEM_RECOVERY: T1490 FIRMWARE_CORRUPTION: T1495 RESOURCE_HIJACKING: T1496 NETWORK_DENIAL_OF_SERVICE: T1498 CLOUD_SERVICE_DISCOVERY: T1526 STEAL_APPLICATION_ACCESS_TOKEN: T1528 ACCOUNT_ACCESS_REMOVAL: T1531 TRANSFER_DATA_TO_CLOUD_ACCOUNT: T1537 STEAL_WEB_SESSION_COOKIE: T1539 CREATE_OR_MODIFY_SYSTEM_PROCESS: T1543 EVENT_TRIGGERED_EXECUTION: T1546 BOOT_OR_LOGON_AUTOSTART_EXECUTION: T1547 KERNEL_MODULES_AND_EXTENSIONS: T1547.006 SHORTCUT_MODIFICATION: T1547.009 ABUSE_ELEVATION_CONTROL_MECHANISM: T1548 ABUSE_ELEVATION_CONTROL_MECHANISM_SETUID_AND_SETGID: T1548.001 ABUSE_ELEVATION_CONTROL_MECHANISM_SUDO_AND_SUDO_CACHING: T1548.003 UNSECURED_CREDENTIALS: T1552 CREDENTIALS_IN_FILES: T1552.001 BASH_HISTORY: T1552.003 PRIVATE_KEYS: T1552.004 SUBVERT_TRUST_CONTROL: T1553 INSTALL_ROOT_CERTIFICATE: T1553.004 COMPROMISE_HOST_SOFTWARE_BINARY: T1554 CREDENTIALS_FROM_PASSWORD_STORES: T1555 MODIFY_AUTHENTICATION_PROCESS: T1556 PLUGGABLE_AUTHENTICATION_MODULES: T1556.003 MULTI_FACTOR_AUTHENTICATION: T1556.006 IMPAIR_DEFENSES: T1562 DISABLE_OR_MODIFY_TOOLS: T1562.001 INDICATOR_BLOCKING: T1562.006 DISABLE_OR_MODIFY_LINUX_AUDIT_SYSTEM: T1562.012 HIDE_ARTIFACTS: T1564 HIDDEN_FILES_AND_DIRECTORIES: T1564.001 HIDDEN_USERS: T1564.002 EXFILTRATION_OVER_WEB_SERVICE: T1567 EXFILTRATION_TO_CLOUD_STORAGE: T1567.002 DYNAMIC_RESOLUTION: T1568 LATERAL_TOOL_TRANSFER: T1570 HIJACK_EXECUTION_FLOW: T1574 HIJACK_EXECUTION_FLOW_DYNAMIC_LINKER_HIJACKING: T1574.006 MODIFY_CLOUD_COMPUTE_INFRASTRUCTURE: T1578 CREATE_SNAPSHOT: T1578.001 CLOUD_INFRASTRUCTURE_DISCOVERY: T1580 DEVELOP_CAPABILITIES: T1587 DEVELOP_CAPABILITIES_MALWARE: T1587.001 OBTAIN_CAPABILITIES: T1588 OBTAIN_CAPABILITIES_MALWARE: T1588.001 OBTAIN_CAPABILITIES_VULNERABILITIES: T1588.006 ACTIVE_SCANNING: T1595 SCANNING_IP_BLOCKS: T1595.001 STAGE_CAPABILITIES: T1608 UPLOAD_MALWARE: T1608.001 CONTAINER_ADMINISTRATION_COMMAND: T1609 DEPLOY_CONTAINER: T1610 ESCAPE_TO_HOST: T1611 CONTAINER_AND_RESOURCE_DISCOVERY: T1613 REFLECTIVE_CODE_LOADING: T1620 STEAL_OR_FORGE_AUTHENTICATION_CERTIFICATES: T1649 FINANCIAL_THEFT: T1657 rr rrrrrrrrrrrrrrrrr rrrrr r r r r rrrrrrrrrrr r"r$r%r&r'r)r*r+r,r.r/r1r3r4r5r7r8r:r<r=r>r?rArCrEr3r4r5r6r7r8r9r:r;r<r=r>r?r@rAr5rBrCrDrErFrGrHrIrJrKrLrMrNrOrPrQrRrSrTrUrVrWrXrYrZr[r\r]rBr^r_r`rarbrcrdrerfrgrhrirjrkrlrJrmrnrorprqrrrsrtrurRrvrwrxryrNrzrr1r2)PrimaryTechniquesValueListEntryValuesEnumrHrr1rr TrrrrrrNrrrr r!r"rar.rr rrbadditionalTacticsadditionalTechniques primaryTacticprimaryTechniquesr#r>r0rr1r2r(r(8").."HZY^^Zx#Y^^#JZ)..Zx ))*UWXcgh",,-[]^imn%%&DaH-))*UWXcgh  ! !! $'r1r(c\rSrSrSr"SS\R 5r\R"S5r \R"S5r \R"S5r \R"S5r \R"S 5r \R"S 5r\R"S 5r\R "SS 5r\R"S 5rSrg)%GoogleCloudSecuritycenterV2MuteConfigika A mute config is a Cloud SCC resource that contains the configuration to mute create/update events of findings. Enums: TypeValueValuesEnum: Required. The type of the mute config, which determines what type of mute state the config affects. Immutable after creation. Fields: createTime: Output only. The time at which the mute config was created. This field is set by the server and will be ignored if provided on config creation. cryptoKeyName: Output only. The resource name of the Cloud KMS `CryptoKey` used to encrypt this configuration data, if CMEK was enabled during Security Command Center activation. description: A description of the mute config. expiryTime: Optional. The expiry of the mute config. Only applicable for dynamic configs. If the expiry is set, when the config expires, it is removed from all findings. filter: Required. An expression that defines the filter to apply across create/update events of findings. While creating a filter string, be mindful of the scope in which the mute configuration is being created. E.g., If a filter contains project = X but is created under the project = Y scope, it might not match any findings. The following field and operator combinations are supported: * severity: `=`, `:` * category: `=`, `:` * resource.name: `=`, `:` * resource.project_name: `=`, `:` * resource.project_display_name: `=`, `:` * resource.folders.resource_folder: `=`, `:` * resource.parent_name: `=`, `:` * resource.parent_display_name: `=`, `:` * resource.type: `=`, `:` * finding_class: `=`, `:` * indicator.ip_addresses: `=`, `:` * indicator.domains: `=`, `:` mostRecentEditor: Output only. Email address of the user who last edited the mute config. This field is set by the server and will be ignored if provided on config creation or update. name: Identifier. This field will be ignored if provided on config creation. The following list shows some examples of the format: + `organizations/{organization}/muteConfigs/{mute_config}` + `organization s/{organization}locations/{location}//muteConfigs/{mute_config}` + `folders/{folder}/muteConfigs/{mute_config}` + `folders/{folder}/locations/{location}/muteConfigs/{mute_config}` + `projects/{project}/muteConfigs/{mute_config}` + `projects/{project}/locations/{location}/muteConfigs/{mute_config}` type: Required. The type of the mute config, which determines what type of mute state the config affects. Immutable after creation. updateTime: Output only. The most recent time at which the mute config was updated. This field is set by the server and will be ignored if provided on config creation or update. c$\rSrSrSrSrSrSrSrg)9GoogleCloudSecuritycenterV2MuteConfig.TypeValueValuesEnumia"Required. The type of the mute config, which determines what type of mute state the config affects. Immutable after creation. Values: MUTE_CONFIG_TYPE_UNSPECIFIED: Unused. STATIC: A static mute config, which sets the static mute state of future matching findings to muted. Once the static mute state has been set, finding or config modifications will not affect the state. DYNAMIC: A dynamic mute config, which is applied to existing and future matching findings, setting their dynamic mute state to "muted". If the config is updated or deleted, or a matching finding is updated, such that the finding doesn't match the config, the config will be removed from the finding, and the finding's dynamic mute state may become "unmuted" (unless other configs still match). rr rrNrrr1r2rrs$% FGr1rr rrrrrrrrrN)rrrr r!r"rarr#rrrrr*rr9rbrrr0rr1r2rrks/bINN($$Q'*''*-%%a(+$$Q'*   #&**1-   q !$   2A 6$$$Q'*r1rcb\rSrSrSr\R "SSSS9r\R "SS5rS r g ) r)igMute information about the finding, including whether the finding has a static mute or any matching dynamic mute rules. Fields: dynamicMuteRecords: The list of dynamic mute rules that currently match the finding. staticMute: If set, the static mute applied to this finding. Static mutes override dynamic mutes. If unset, there is no static mute. rr Tr%GoogleCloudSecuritycenterV2StaticMuterrN rrrr r!r"r%dynamicMuteRecords staticMuter0rr1r2r)r)s4!--.\^_jno%%&MqQ*r1r)c<\rSrSrSr\R "S5rSrg)r*iContains information about a VPC network associated with the finding. Fields: name: The name of the VPC network resource, for example, `//compute.googleapis.com/projects/my-project/global/networks/my- network`. r rNrsrr1r2r*r*rtr1r*c<\rSrSrSr\R "S5rSrg)riKubernetes nodes associated with the finding. Fields: name: [Full resource name](https://google.aip.dev/122#full-resource-names) of the Compute Engine VM running the cluster node. r rNrsrr1r2rrrr1rc`\rSrSrSr\R "S5r\R"SSSS9r Sr g ) ri|Provides GKE node pool information. Fields: name: Kubernetes node pool name. nodes: Nodes associated with the finding. r rrTrrN rrrr r!r"r#r9r%rr0rr1r2rrs/   q !$  !BAPT U%r1rc\rSrSrSr\R "S5r\R "S5r\R "S5r \R "S5r Sr g) r+iRepresents a Jupyter notebook IPYNB file, such as a [Colab Enterprise notebook](https://cloud.google.com/colab/docs/introduction) file, that is associated with a finding. Fields: lastAuthor: The user ID of the latest author to modify the notebook. name: The name of the notebook. notebookUpdateTime: The most recent time the notebook was updated. service: The source notebook service, for example, "Colab Enterprise". r rrrrN rrrr r!r"r# lastAuthorr9notebookUpdateTimerr0rr1r2r+r+J $$Q'*   q !$ ,,Q/  ! !! $'r1r+c\rSrSrSr\R "SS5r\R"S5r \R "SS5r Sr g ) .GoogleCloudSecuritycenterV2NotificationMessageirr r r#GoogleCloudSecuritycenterV2ResourcerrNrrr1r2r/r/s@  " "#G K'$003  # #$I1 M(r1r/c\rSrSrSr\R "SSSS9r\R"S5r \R"S5r \R"S 5r \R"S 5r S r g ) riKubernetes object related to the finding, uniquely identified by GKNN. Used if the object Kind is not one of Pod, Node, NodePool, Binding, or AccessReview. Fields: containers: Pod containers associated with this finding, if any. group: Kubernetes object group, such as "policy.k8s.io/v1". kind: Kubernetes object kind, such as "Namespace". name: Kubernetes object name. For details see https://kubernetes.io/docs/concepts/overview/working-with- objects/names/. ns: Kubernetes object namespace. Must be a valid DNS label. Named "ns" to avoid collision with C++ namespace keyword. For details see https://kubernetes.io/docs/tasks/administer-cluster/namespaces/. rr TrrrrrrNrrrr r!r"r%rUr#r8kindr9r:r0rr1r2rrs_ %%&LaZ^_*    "%   q !$   q !$Q"r1rc<\rSrSrSr\R "S5rSrg)r,i(zContains information about the org policies associated with the finding. Fields: name: Identifier. The resource name of the org policy. Example: "organizations/{organization_id}/policies/{constraint_name}" r rNrsrr1r2r,r,(rr1r,c\rSrSrSr\R "S5r\R "S5r\R "S5r \R "S5r Sr g) "GoogleCloudSecuritycenterV2Packagei3-Package is a generic definition of a package. Fields: cpeUri: The CPE URI where the vulnerability was detected. packageName: The name of the package where the vulnerability was detected. packageType: Type of package, for example, os, maven, or go. packageVersion: The version of the package. r rrrrN rrrr r!r"r#cpeUri packageName packageTypepackageVersionr0rr1r2r7r73I   #&%%a(+%%a(+((+.r1r7c`\rSrSrSr\R "S5r\R "S5rSr g)#GoogleCloudSecuritycenterV2PipelineiCaVertex AI training pipeline associated with the finding. Fields: displayName: The user-defined display name of pipeline, e.g. plants- classification name: Resource name of the pipeline, e.g. projects/{project}/locations/{lo cation}/trainingPipelines/5253428229225578496 r rrN rrrr r!r"r#rdr9r0rr1r2r@r@C)%%a(+   q !$r1r@c\rSrSrSr\R "SSSS9r\R "SSSS9r\R"S 5r \R"S 5r S r g ) riQA Kubernetes Pod. Fields: containers: Pod containers associated with this finding, if any. labels: Pod labels. For Kubernetes containers, these are applied to the container. name: Kubernetes Pod name. ns: Kubernetes Pod namespace. rr TrrrrrrN rrrr r!r"r%rUrr#r9r:r0rr1r2rrQsU%%&LaZ^_*  ! !"DaRV W&   q !$Q"r1rc\rSrSrSr\R "S5r\R "S5r\R "S5r Sr g)-GoogleCloudSecuritycenterV2PolicyDriftDetailsibThe policy field that violates the deployed posture and its expected and detected values. Fields: detectedValue: The detected value that violates the deployed posture, for example, `false` or `allowed_values={"projects/22831892"}`. expectedValue: The value of this field that was configured in a posture, for example, `true` or `allowed_values={"projects/29831892"}`. field: The name of the updated field, for example constraint.implementation.policy_rules[0].enforce r rrrN rrrr r!r"r# detectedValue expectedValuefieldr0rr1r2rGrGb9 ''*-''*-    "%r1rGc`\rSrSrSr\R "S5r\R "S5rSr g)rgitA port range which is inclusive of the min and max values. Values are between 0 and 2^16-1. The max can be equal / must be not smaller than the min value. If min and max are equal this indicates that it is a single port. Fields: max: Maximum port value. min: Minimum port value. r rrN rrrr r!r"rMmaxminr0rr1r2rgrgt) q!#q!#r1rgc\rSrSrSr\R "SSS9r\R"S5r \R"SS5r \R"S S SS9r \R"S 5r \R"SS SS9r\R "S 5r\R "S5r\R "S5r\R"SS5r\R "S5rSrg)r-iRepresents an operating system process. Fields: args: Process arguments as JSON encoded strings. argumentsTruncated: True if `args` is incomplete. binary: File information for the process executable. envVariables: Process environment variables. envVariablesTruncated: True if `env_variables` is incomplete. libraries: File information for libraries loaded by the process. name: The process name, as displayed in utilities like `top` and `ps`. This name can be accessed through `/proc/[pid]/comm` and changed with `prctl(PR_SET_NAME)`. parentPid: The parent process ID. pid: The process ID. script: When the process represents the invocation of a script, `binary` provides information about the interpreter, while `script` provides information about the script file provided to the interpreter. userId: The ID of the user that executed the process. E.g. If this is the root user this will always be 0. r TrrrrrrrrrrrrrrNrrrr r!r"r#argsrdargumentsTruncatedr%rm envVariablesenvVariablesTruncated librariesr9rM parentPidpidscriptuserIdr0rr1r2r-r-s*   q4 0$ --a0  ! !"CQ G&''(XZ[fjk,#003$$%FTXY)   q !$$$Q')q!#  ! !"CR H&  ! !" %&r1r-c\rSrSrSr"SS\R 5r\R"SS5r \R"SS5r \R"SS 5r S r g ) rZiIndicates what signature matched this process. Enums: SignatureTypeValueValuesEnum: Describes the type of resource associated with the signature. Fields: memoryHashSignature: Signature indicating that a binary family was matched. signatureType: Describes the type of resource associated with the signature. yaraRuleSignature: Signature indicating that a YARA rule was matched. c$\rSrSrSrSrSrSrSrg)HGoogleCloudSecuritycenterV2ProcessSignature.SignatureTypeValueValuesEnumiDescribes the type of resource associated with the signature. Values: SIGNATURE_TYPE_UNSPECIFIED: The default signature type. SIGNATURE_TYPE_PROCESS: Used for signatures concerning processes. SIGNATURE_TYPE_FILE: Used for signatures concerning disks. rr rrN rrrr r!SIGNATURE_TYPE_UNSPECIFIEDSIGNATURE_TYPE_PROCESSSIGNATURE_TYPE_FILEr0rr1r2SignatureTypeValueValuesEnumrc"#r1rirr r,GoogleCloudSecuritycenterV2YaraRuleSignaturerrNrrrr r!r"rarir%memoryHashSignaturerb signatureTypeyaraRuleSignaturer0rr1r2rZrZsV  Y^^ "../_abc%%&DaH-,,-[]^_r1rZc`\rSrSrSr\R "S5r\R "S5rSr g)riAdditional Links Fields: source: Source of the reference e.g. NVD uri: Uri for the mentioned source e.g. https://cve.mitre.org/cgi- bin/cvename.cgi?name=CVE-2021-34527. r rrN rrrr r!r"r#rrr0rr1r2rr)   #&a #r1rc\rSrSrSr\R "S\RRS9r \R "S\RRS9r \R"S5r \R "S\RRS9r Srg ) ri Information about the requests relevant to the finding. Fields: longTermAllowed: Allowed RPS (requests per second) over the long term. longTermDenied: Denied RPS (requests per second) over the long term. ratio: For 'Increasing deny ratio', the ratio is the denied traffic divided by the allowed traffic. For 'Allowed traffic spike', the ratio is the allowed traffic in the short term divided by allowed traffic in the long term. shortTermAllowed: Allowed RPS (requests per second) in the short term. r r}rrrrNrrrr r!r"rMrrlongTermAllowedlongTermDeniedrEratioshortTermAllowedr0rr1r2rrt **1i6G6G6M6MN/))!Y5F5F5L5LM.   q !%++Ay7H7H7N7NOr1rc\rSrSrSr"SS\R 5r\R"SS5r \R"SS5r \R"SS 5r \R"S 5r\R"S S 5r\R"S 5r\R"S5r\R"SS5r\R"S5r\R"S5r\R"S5rSrg)r0iaInformation related to the Google Cloud resource. Enums: CloudProviderValueValuesEnum: Indicates which cloud provider the finding is from. Fields: awsMetadata: The AWS metadata associated with the finding. azureMetadata: The Azure metadata associated with the finding. cloudProvider: Indicates which cloud provider the finding is from. displayName: The human readable name of the resource. gcpMetadata: The Google Cloud metadata associated with the finding. location: The region or location of the service (if applicable). name: The full resource name of the resource. See: https://cloud.google.com/apis/design/resource_names#full_resource_name resourcePath: Provides the path to the resource within the resource hierarchy. resourcePathString: A string representation of the resource path. For Google Cloud, it has the format of `organizations/{organization_id}/fold ers/{folder_id}/folders/{folder_id}/projects/{project_id}` where there can be any number of folders. For AWS, it has the format of `org/{organi zation_id}/ou/{organizational_unit_id}/ou/{organizational_unit_id}/accou nt/{account_id}` where there can be any number of organizational units. For Azure, it has the format of `mg/{management_group_id}/mg/{management _group_id}/subscription/{subscription_id}/rg/{resource_group_name}` where there can be any number of management groups. service: The service or resource provider associated with the resource. type: The full resource type of the resource. c(\rSrSrSrSrSrSrSrSr g) @GoogleCloudSecuritycenterV2Resource.CloudProviderValueValuesEnumi7Indicates which cloud provider the finding is from. Values: CLOUD_PROVIDER_UNSPECIFIED: The cloud provider is unspecified. GOOGLE_CLOUD_PLATFORM: The cloud provider is Google Cloud. AMAZON_WEB_SERVICES: The cloud provider is Amazon Web Services. MICROSOFT_AZURE: The cloud provider is Microsoft Azure. rr rrrNrrr1r2rr~rr1rrr rrrrrrrr'GoogleCloudSecuritycenterV2ResourcePathrrrrrNrrrr r!r"rarr%rrrbrr#rd gcpMetadatargr9rrrrr0rr1r2r0r0s< Y^^ &&'OQRS+(()SUVW-%%&DaH-%%a(+&&}a8+  " "1 %(   q !$''(QSTU, ,,Q/  ! !" %'   r "$r1r0c<\rSrSrSr\R "SSSS9rSrg) riRepresents the path of resources leading up to the resource this finding is about. Fields: nodes: The list of nodes that make the up resource path, ordered from lowest level to highest level. +GoogleCloudSecuritycenterV2ResourcePathNoder TrrN rrrr r!r"r%rr0rr1r2rrs   !NPQ\` a%r1rc\rSrSrSr"SS\R 5r\R"S5r \R"S5r \R"SS5r Sr g ) ri+gA node within the resource path. Each node represents a resource within the resource hierarchy. Enums: NodeTypeValueValuesEnum: The type of resource this node represents. Fields: displayName: The display name of the resource this node represents. id: The ID of the resource this node represents. nodeType: The type of resource this node represents. c@\rSrSrSrSrSrSrSrSr Sr S r S r S r S rS rg)CGoogleCloudSecuritycenterV2ResourcePathNode.NodeTypeValueValuesEnumi8The type of resource this node represents. Values: RESOURCE_PATH_NODE_TYPE_UNSPECIFIED: Node type is unspecified. GCP_ORGANIZATION: The node represents a Google Cloud organization. GCP_FOLDER: The node represents a Google Cloud folder. GCP_PROJECT: The node represents a Google Cloud project. AWS_ORGANIZATION: The node represents an AWS organization. AWS_ORGANIZATIONAL_UNIT: The node represents an AWS organizational unit. AWS_ACCOUNT: The node represents an AWS account. AZURE_MANAGEMENT_GROUP: The node represents an Azure management group. AZURE_SUBSCRIPTION: The node represents an Azure subscription. AZURE_RESOURCE_GROUP: The node represents an Azure resource group. rr rrrrrrrrrNrrrr r!#RESOURCE_PATH_NODE_TYPE_UNSPECIFIEDGCP_ORGANIZATION GCP_FOLDER GCP_PROJECTAWS_ORGANIZATIONAWS_ORGANIZATIONAL_UNIT AWS_ACCOUNTAZURE_MANAGEMENT_GROUPAZURE_SUBSCRIPTIONAZURE_RESOURCE_GROUPr0rr1r2NodeTypeValueValuesEnumr8B +,'JKKr1rr rrrNrrrr r!r"rarr#rdrrbnodeTyper0rr1r2rr+L  4%%a(+Q"  !:A >(r1rcR\rSrSrSr"SS\R 5r"SS\R 5r\ R"S5"SS \R55r \R"SS 5r\R"S 5r\R"S 5r\R"S 5r\R&"S S5r\R"S5r\R"SS5r\R"S5r\R&"SS5r\R"SSS9r\R"S5rSrg)riWaj A resource value configuration (RVC) is a mapping configuration of user's resources to resource values. Used in Attack path simulations. Enums: CloudProviderValueValuesEnum: Cloud provider this configuration applies to ResourceValueValueValuesEnum: Resource value level this expression represents Only required when there is no Sensitive Data Protection mapping in the request Messages: ResourceLabelsSelectorValue: List of resource labels to search for, evaluated with `AND`. For example, "resource_labels_selector": {"key": "value", "env": "prod"} will match resources with labels "key": "value" `AND` "env": "prod" https://cloud.google.com/resource- manager/docs/creating-managing-labels Fields: cloudProvider: Cloud provider this configuration applies to createTime: Output only. Timestamp this resource value configuration was created. description: Description of the resource value configuration. name: Identifier. Name for the resource value configuration resourceLabelsSelector: List of resource labels to search for, evaluated with `AND`. For example, "resource_labels_selector": {"key": "value", "env": "prod"} will match resources with labels "key": "value" `AND` "env": "prod" https://cloud.google.com/resource-manager/docs/creating- managing-labels resourceType: Apply resource_value only to resources that match resource_type. resource_type will be checked with `AND` of other resources. For example, "storage.googleapis.com/Bucket" with resource_value "HIGH" will apply "HIGH" value only to "storage.googleapis.com/Bucket" resources. resourceValue: Resource value level this expression represents Only required when there is no Sensitive Data Protection mapping in the request scope: Project or folder to scope this configuration to. For example, "project/456" would apply this configuration only to resources in "project/456" scope and will be checked with `AND` of other resources. sensitiveDataProtectionMapping: A mapping of the sensitivity on Sensitive Data Protection finding to resource values. This mapping can only be used in combination with a resource_type that is related to BigQuery, e.g. "bigquery.googleapis.com/Dataset". tagValues: Tag values combined with `AND` to check against. For Google Cloud resources, they are tag value IDs in the form of "tagValues/123". Example: `[ "tagValues/123", "tagValues/456", "tagValues/789" ]` https://cloud.google.com/resource-manager/docs/tags/tags-creating-and- managing updateTime: Output only. Timestamp this resource value configuration was last updated. c(\rSrSrSrSrSrSrSrSr g) KGoogleCloudSecuritycenterV2ResourceValueConfig.CloudProviderValueValuesEnumir rr rrrNrrr1r2rrrr1rc,\rSrSrSrSrSrSrSrSr Sr g ) KGoogleCloudSecuritycenterV2ResourceValueConfig.ResourceValueValueValuesEnumiaEResource value level this expression represents Only required when there is no Sensitive Data Protection mapping in the request Values: RESOURCE_VALUE_UNSPECIFIED: Unspecific value HIGH: High resource value MEDIUM: Medium resource value LOW: Low resource value NONE: No resource value, e.g. ignore these resources rr rrrrNrrr1r2rrr;r1rrcf\rSrSrSr"SS\R 5r\R"SSSS9r Sr g ) JGoogleCloudSecuritycenterV2ResourceValueConfig.ResourceLabelsSelectorValueiaList of resource labels to search for, evaluated with `AND`. For example, "resource_labels_selector": {"key": "value", "env": "prod"} will match resources with labels "key": "value" `AND` "env": "prod" https://cloud.google.com/resource-manager/docs/creating-managing-labels Messages: AdditionalProperty: An additional property for a ResourceLabelsSelectorValue object. Fields: additionalProperties: Additional properties of type ResourceLabelsSelectorValue c`\rSrSrSr\R "S5r\R "S5rSr g)]GoogleCloudSecuritycenterV2ResourceValueConfig.ResourceLabelsSelectorValue.AdditionalPropertyirr rrNrrr1r2rrrr1rr TrrNrrr1r2rrrr1rr rrrrrrr9GoogleCloudSecuritycenterV2SensitiveDataProtectionMappingrrTrrrNrrr1r2rrWs1f Y^^  Y^^ " !!"89ZI$5$5Z:Z8%%&DaH-$$Q'*%%a(+   q !$$112OQRS&&q),%%&DaH-    "%#,#9#9:uwx#y ##B6)$$R(*r1rc\rSrSrSr"SS\R 5r\R"SS5r \R"S5r \R"S5r Sr g ) riKubernetes Role or ClusterRole. Enums: KindValueValuesEnum: Role type. Fields: kind: Role type. name: Role name. ns: Role namespace. c$\rSrSrSrSrSrSrSrg)3GoogleCloudSecuritycenterV2Role.KindValueValuesEnumiRole type. Values: KIND_UNSPECIFIED: Role type is not specified. ROLE: Kubernetes Role. CLUSTER_ROLE: Kubernetes ClusterRole. rr rrN rrrr r!KIND_UNSPECIFIEDROLE CLUSTER_ROLEr0rr1r2KindValueValuesEnumr DLr1rr rrrNrrrr r!r"rarrbr4r#r9r:r0rr1r2rrL  INN    2A 6$   q !$Q"r1rc\rSrSrSr\R "S5r\R "S5r\R "S5r Sr g)+GoogleCloudSecuritycenterV2SecurityBulletiniSecurityBulletin are notifications of vulnerabilities of Google products. Fields: bulletinId: ID of the bulletin corresponding to the vulnerability. submissionTime: Submission time of this Security Bulletin. suggestedUpgradeVersion: This represents a version that the cluster receiving this notification should be upgraded to, based on its current version. For example, 1.15.0 r rrrN rrrr r!r"r# bulletinIdsubmissionTimesuggestedUpgradeVersionr0rr1r2rr: $$Q'*((+.%11!4r1rc\rSrSrSr\R "S5"SS\R55r \R"S5r \R"SS5r \R"S5rS rg ) r.ia User specified security marks that are attached to the parent Security Command Center resource. Security marks are scoped within a Security Command Center organization -- they can be modified and viewed by all users who have proper permissions on the organization. Messages: MarksValue: Mutable user specified security marks belonging to the parent resource. Constraints are as follows: * Keys and values are treated as case insensitive * Keys must be between 1 - 256 characters (inclusive) * Keys must be letters, numbers, underscores, or dashes * Values have leading and trailing whitespace trimmed, remaining characters must be between 1 - 4096 characters (inclusive) Fields: canonicalName: The canonical name of the marks. The following list shows some examples: + `organizations/{organization_id}/assets/{asset_id}/securityMarks` + `org anizations/{organization_id}/sources/{source_id}/findings/{finding_id}/s ecurityMarks` + `organizations/{organization_id}/sources/{source_id}/loc ations/{location}/findings/{finding_id}/securityMarks` + `folders/{folder_id}/assets/{asset_id}/securityMarks` + `folders/{folder _id}/sources/{source_id}/findings/{finding_id}/securityMarks` + `folders /{folder_id}/sources/{source_id}/locations/{location}/findings/{finding_ id}/securityMarks` + `projects/{project_number}/assets/{asset_id}/securityMarks` + `projects/ {project_number}/sources/{source_id}/findings/{finding_id}/securityMarks ` + `projects/{project_number}/sources/{source_id}/locations/{location}/ findings/{finding_id}/securityMarks` marks: Mutable user specified security marks belonging to the parent resource. Constraints are as follows: * Keys and values are treated as case insensitive * Keys must be between 1 - 256 characters (inclusive) * Keys must be letters, numbers, underscores, or dashes * Values have leading and trailing whitespace trimmed, remaining characters must be between 1 - 4096 characters (inclusive) name: The relative resource name of the SecurityMarks. See: https://cloud.google.com/apis/design/resource_names#relative_resource_na me The following list shows some examples: + `organizations/{organization_id}/assets/{asset_id}/securityMarks` + `org anizations/{organization_id}/sources/{source_id}/findings/{finding_id}/s ecurityMarks` + `organizations/{organization_id}/sources/{source_id}/loc ations/{location}/findings/{finding_id}/securityMarks` rcf\rSrSrSr"SS\R 5r\R"SSSS9r Sr g ) 3GoogleCloudSecuritycenterV2SecurityMarks.MarksValuei.rac`\rSrSrSr\R "S5r\R "S5rSr g)FGoogleCloudSecuritycenterV2SecurityMarks.MarksValue.AdditionalPropertyi>rdr rrNrrr1r2rr>rr1rr TrrNrrr1r2rer.rr1rer rrrNrfrr1r2r.r.sl)V !!"89Z9$$Z:Z8''*-  q 1%   q !$r1r.c\rSrSrSr\R "S5r\R"S5r \R "S5r Sr g)riP Information about the [Google Cloud Armor security policy](https://cloud.google.com/armor/docs/security-policy-overview) relevant to the finding. Fields: name: The name of the Google Cloud Armor security policy, for example, "my-security-policy". preview: Whether or not the associated rule or policy is in preview mode. type: The type of Google Cloud Armor security policy for example, 'backend security policy', 'edge security policy', 'network edge security policy', or 'always-on DDoS protection'. r rrrN rrrr r!r"r#r9rdpreviewrr0rr1r2rrP9    q !$  " "1 %'   q !$r1rc8\rSrSrSr\R "S5r\R "S5r\R "S5r \R"SSSS 9r \R "S 5r \R "S 5r \R "S 5r\R "S 5rSrg)r/icaRepresents a posture that is deployed on Google Cloud by the Security Command Center Posture Management service. A posture contains one or more policy sets. A policy set is a group of policies that enforce a set of security rules on Google Cloud. Fields: changedPolicy: The name of the updated policy, for example, `projects/{project_id}/policies/{constraint_name}`. name: Name of the posture, for example, `CIS-Posture`. policy: The ID of the updated policy, for example, `compute-policy-1`. policyDriftDetails: The details about a change in an updated policy that violates the deployed posture. policySet: The name of the updated policy set, for example, `cis- policyset`. postureDeployment: The name of the posture deployment, for example, `organizations/{org_id}/posturedeployments/{posture_deployment_id}`. postureDeploymentResource: The project, folder, or organization on which the posture is deployed, for example, `projects/{project_number}`. revisionId: The version of the posture, for example, `c7cfa2a8`. r rrrGrTrrrrrrNrrrr r!r"r# changedPolicyr9policyr%policyDriftDetails policySetpostureDeploymentpostureDeploymentResource revisionIdr0rr1r2r/r/cs*''*-   q !$   #& --.]_`kop##A&)++A.'33A6$$Q'*r1r/c\rSrSrSr"SS\R 5r"SS\R 5r\R"SS5r \R"SS5r S r g ) riaResource value mapping for Sensitive Data Protection findings If any of these mappings have a resource value that is not unspecified, the resource_value field will be ignored when reading this configuration. Enums: HighSensitivityMappingValueValuesEnum: Resource value mapping for high- sensitivity Sensitive Data Protection findings MediumSensitivityMappingValueValuesEnum: Resource value mapping for medium-sensitivity Sensitive Data Protection findings Fields: highSensitivityMapping: Resource value mapping for high-sensitivity Sensitive Data Protection findings mediumSensitivityMapping: Resource value mapping for medium-sensitivity Sensitive Data Protection findings c,\rSrSrSrSrSrSrSrSr Sr g ) _GoogleCloudSecuritycenterV2SensitiveDataProtectionMapping.HighSensitivityMappingValueValuesEnumir9rr rrrrNrrr1r2r:rr;r1r:c,\rSrSrSrSrSrSrSrSr Sr g ) aGoogleCloudSecuritycenterV2SensitiveDataProtectionMapping.MediumSensitivityMappingValueValuesEnumir>rr rrrrNrrr1r2r?rr;r1r?r rrNr@rr1r2rrrCr1rch\rSrSrSr"SS\R 5r\R"SS5r Sr g)rbiScore is calculated from of all elements in the data profile. A higher level means the data is more sensitive. Enums: ScoreValueValuesEnum: The sensitivity score applied to the resource. Fields: score: The sensitivity score applied to the resource. c,\rSrSrSrSrSrSrSrSr Sr g ) @GoogleCloudSecuritycenterV2SensitivityScore.ScoreValueValuesEnumiThe sensitivity score applied to the resource. Values: SENSITIVITY_SCORE_LEVEL_UNSPECIFIED: Unused. SENSITIVITY_LOW: No sensitive information detected. The resource isn't publicly accessible. SENSITIVITY_UNKNOWN: Unable to determine sensitivity. SENSITIVITY_MODERATE: Medium risk. Contains personally identifiable information (PII), potentially sensitive data, or fields with free- text data that are at a higher risk of having intermittent sensitive data. Consider limiting access. SENSITIVITY_HIGH: High risk. Sensitive personally identifiable information (SPII) can be present. Exfiltration of data can lead to user data loss. Re-identification of users might be possible. Consider limiting usage and or removing SPII. rr rrrrN rrrr r!#SENSITIVITY_SCORE_LEVEL_UNSPECIFIEDSENSITIVITY_LOWSENSITIVITY_UNKNOWNSENSITIVITY_MODERATESENSITIVITY_HIGHr0rr1r2ScoreValueValuesEnumr& +,'Or1rr rN rrrr r!r"rarrbrr0rr1r2rbrb,Y^^.   4a 8%r1rbc`\rSrSrSr\R "S5r\R "S5rSr g)rliIdentity delegation history of an authenticated service account. Fields: principalEmail: The email address of a Google account. principalSubject: A string representing the principal_subject associated with the identity. As compared to `principal_email`, supports principals that aren't associated with email addresses, such as third party principals. For most identities, the format will be `principal://iam.googleapis.com/{identity pool name}/subjects/{subject}` except for some GKE identities (GKE_WORKLOAD, FREEFORM, GKE_HUB_WORKLOAD) that are still in the legacy format `serviceAccount:{identity pool name}[{subject}]` r rrN rrrr r!r"r#r(r)r0rr1r2rlrl* ((+.**1-r1rlc\rSrSrSr"SS\R 5r\R"S5r \R"SS5r Sr g) ri;Information about the static mute state. A static mute state overrides any dynamic mute rules that apply to this finding. The static mute state can be set by a static mute rule or by muting the finding directly. Enums: StateValueValuesEnum: The static mute state. If the value is `MUTED` or `UNMUTED`, then the finding's overall mute state will have the same value. Fields: applyTime: When the static mute was applied. state: The static mute state. If the value is `MUTED` or `UNMUTED`, then the finding's overall mute state will have the same value. c(\rSrSrSrSrSrSrSrSr g) :GoogleCloudSecuritycenterV2StaticMute.StateValueValuesEnumi The static mute state. If the value is `MUTED` or `UNMUTED`, then the finding's overall mute state will have the same value. Values: MUTE_UNSPECIFIED: Unspecified. MUTED: Finding has been muted. UNMUTED: Finding has been unmuted. UNDEFINED: Finding has never been muted/unmuted. rr rrrNrrr1r2rr EGIr1rr rrN rrrr r!r"rarr# applyTimerbrr0rr1r2rr<  Y^^ ##A&)   4a 8%r1rc\rSrSrSr"SS\R 5r\R"SS5r \R"S5r \R"S5r Sr g ) riRepresents a Kubernetes subject. Enums: KindValueValuesEnum: Authentication type for the subject. Fields: kind: Authentication type for the subject. name: Name for the subject. ns: Namespace for the subject. c(\rSrSrSrSrSrSrSrSr g) 6GoogleCloudSecuritycenterV2Subject.KindValueValuesEnumi"Authentication type for the subject. Values: AUTH_TYPE_UNSPECIFIED: Authentication is not specified. USER: User with valid certificate. SERVICEACCOUNT: Users managed by Kubernetes API with credentials stored as secrets. GROUP: Collection of users. rr rrrN rrrr r!AUTH_TYPE_UNSPECIFIEDUSERSERVICEACCOUNTGROUPr0rr1r2rr" DN Er1rr rrrNrrr1r2rrL  INN    2A 6$   q !$Q"r1rc\rSrSrSr\R "S5r\R "S5r\R "S5r \R "S5r \R "S5r \R "S5r S r g ) ri6$Information about the ticket, if any, that is being used to track the resolution of the issue that is identified by this finding. Fields: assignee: The assignee of the ticket in the ticket system. description: The description of the ticket in the ticket system. id: The identifier of the ticket in the ticket system. status: The latest status of the ticket, as reported by the ticket system. updateTime: The time when the ticket was last updated, as reported by the ticket system. uri: The link to the ticket in the ticket system. r rrrrrrNrrrr r!r"r#assigneerrrrrr0rr1r2rr6i  " "1 %(%%a(+Q"   #&$$Q'*a #r1rc^\rSrSrSr\R "S5r\R"SSS9r Sr g) r0iLContains details about a group of security issues that, when the issues occur together, represent a greater risk than when the issues occur independently. A group of such issues is referred to as a toxic combination. Fields: attackExposureScore: The [Attack exposure score](https://cloud.google.com/security-command-center/docs/attack- exposure-learn#attack_exposure_scores) of this toxic combination. The score is a measure of how much this toxic combination exposes one or more high-value resources to potential attack. relatedFindings: List of resource names of findings associated with this toxic combination. For example, `organizations/123/sources/456/findings/789`. r rTrrN rrrr r!r"rEattackExposureScorer#r3r0rr1r2r0r0L, ",,Q/))!d;/r1r0c`\rSrSrSr\R "SSSS9r\R "SSSS9rS r g ) r1i`Vertex AI-related information associated with the finding. Fields: datasets: Datasets associated with the finding. pipelines: Pipelines associated with the finding. rr Trr@rrN rrrr r!r"r%datasets pipelinesr0rr1r2r1r1`s5 # #$H!VZ [($$%JAX\])r1r1c\rSrSrSr\R "SS5r\R "SSSS9r\R "S S 5r \R "S S 5r \R"S 5r \R"S 5r\R "SS5rSrg)r2ilRefers to common vulnerability fields e.g. cve, cvss, cwe etc. Fields: cve: CVE stands for Common Vulnerabilities and Exposures (https://cve.mitre.org/about/) cwes: Represents one or more Common Weakness Enumeration (CWE) information on this vulnerability. fixedPackage: The fixed package is relevant to the finding. offendingPackage: The offending package is relevant to the finding. providerRiskScore: Provider provided risk_score based on multiple factors. The higher the risk score, the more risky the vulnerability is. reachable: Represents whether the vulnerability is reachable (detected via static analysis) securityBulletin: The security bulletin is relevant to this finding. rr rrTrr7rrrrrrrNrrrr r!r"r%rcwes fixedPackageoffendingPackagerMproviderRiskScorerd reachablerr0rr1r2r2r2ls ?C#    @!d S$''(LaP,++,PRST,,Q/$$Q')++,Y[\]r1r2c<\rSrSrSr\R "S5rSrg)rkiZA signature corresponding to a YARA rule. Fields: yaraRule: The name of the YARA rule. r rN rrrr r!r"r#yaraRuler0rr1r2rkrk  " "1 %(r1rkc\rSrSrSr\R "S5r\R "S5r\R"S\RRS9r \R "S5r Srg ) GroupFindingsRequestiaRequest message for grouping by findings. Fields: filter: Expression that defines the filter to apply across findings. The expression is a list of one or more restrictions combined via logical operators `AND` and `OR`. Parentheses are supported, and `OR` has higher precedence than `AND`. Restrictions have the form ` ` and may have a `-` character in front of them to indicate negation. Examples include: * name * security_marks.marks.marka The supported operators are: * `=` for all value types. * `>`, `<`, `>=`, `<=` for integer values. * `:`, meaning substring matching, for strings. The supported value types are: * string literals in quotes. * integer literals without quotes. * boolean literals `true` and `false` without quotes. The following field and operator combinations are supported: * name: `=` * parent: `=`, `:` * resource_name: `=`, `:` * state: `=`, `:` * category: `=`, `:` * external_uri: `=`, `:` * event_time: `=`, `>`, `<`, `>=`, `<=` Usage: This should be milliseconds since epoch or an RFC3339 string. Examples: `event_time = "2019-06-10T16:07:18-07:00"` `event_time = 1560208038000` * severity: `=`, `:` * security_marks.marks: `=`, `:` * resource: * resource.name: `=`, `:` * resource.parent_name: `=`, `:` * resource.parent_display_name: `=`, `:` * resource.project_name: `=`, `:` * resource.project_display_name: `=`, `:` * resource.type: `=`, `:` groupBy: Required. Expression that defines what assets fields to use for grouping. The string value should follow SQL syntax: comma separated list of fields. For example: "parent,resource_name". pageSize: The maximum number of results to return in a single response. Default is 10, minimum is 1, maximum is 1000. pageToken: The value returned by the last `GroupFindingsResponse`; indicates that this is a continuation of a prior `GroupFindings` call, and that the system should return the next page of data. r rrr}rrN)rrrr r!r"r#r*groupByrMrrpageSize pageTokenr0rr1r2rrsX@   #&  ! !! $'  # #Ay/@/@/F/F G(##A&)r1rc\rSrSrSr\R "SSSS9r\R"S5r \R"S\RRS 9r S rg ) GroupFindingsResponseiaResponse message for group by findings. Fields: groupByResults: Group results. There exists an element for each existing unique combination of property/values. The element contains a count for the number of times those specific property/values appear. nextPageToken: Token to retrieve the next page of results, or empty if there are no more results. totalSize: The total number of results matching the query. GroupResultr Trrrr}rN)rrrr r!r"r%groupByResultsr# nextPageTokenrMrr totalSizer0rr1r2rrsK ))-TJ.''*-$$Q 0A0A0G0GH)r1rc\rSrSrSr"SS\R 5r\R"S5r \R"SS5r Sr g) rir;c$\rSrSrSrSrSrSrSrg)(GroupMembership.GroupTypeValueValuesEnumir>rr rrNr?rr1r2rCr$rDr1rCr rrNrErr1r2rrrHr1rc\rSrSrSr\R "S5"SS\R55r \R"S5r \R"SS5r Srg ) ria Result containing the properties and count of a groupBy request. Messages: PropertiesValue: Properties matching the groupBy fields in the request. Fields: count: Total count of resources for the given properties. properties: Properties matching the groupBy fields in the request. rcf\rSrSrSr"SS\R 5r\R"SSSS9r Sr g ) GroupResult.PropertiesValueizProperties matching the groupBy fields in the request. Messages: AdditionalProperty: An additional property for a PropertiesValue object. Fields: additionalProperties: Additional properties of type PropertiesValue cb\rSrSrSr\R "S5r\R"SS5r Sr g).GroupResult.PropertiesValue.AdditionalPropertyizAn additional property for a PropertiesValue object. Fields: key: Name of the additional property. value: A extra_types.JsonValue attribute. r rrrNrrr1r2rr)rr1rr TrrNrrr1r2PropertiesValuer's4 AY.. A%112FTXYr1r*r rrN)rrrr r!rrr"rr*rMrNr%rr0rr1r2rrs\ !!"89Z ))Z:Z.   #%%%&7;*r1rc\rSrSrSr"SS\R 5r\R"SS5r \R"S5r \R"S5r Sr g ) ri rJc$\rSrSrSrSrSrSrSrg) IamBinding.ActionValueValuesEnumi rMrr rrNrNrr1r2rRr- rSr1rRr rrrNrTrr1r2rr rWr1rc\rSrSrSr\R "SSS9r\R "SSS9r\R"SSSS9r \R "S SS9r S r g ) ri+ rYr TrrProcessSignaturerrrNr[rr1r2rr+ sT   ! !!d 3'%%a$7+%%&8!dK*   q4 0$r1rc\rSrSrSr\R "S5r\R"SS5r \R "S5r Sr g) r[iA rar SensitivityScorerrrNrcrr1r2r[r[A s=    q !$++,>B  ! !! $'r1r[c`\rSrSrSr\R "SSSS9r\R"S5r Sr g ) rniU rf PortRanger TrrrNrhrr1r2rnrnU s- %%k1tD*  " "1 %(r1rnc\rSrSrSr"SS\R 5r\R"SS5r \R"SS5r \R"S S S 9r \R"SS 5r\R"S S S 9r\R"SS S 9rSrg)rif rkc$\rSrSrSrSrSrSrSrg) IpRules.DirectionValueValuesEnumi rnrr rrNrorr1r2rsr6 rtr1rsrkr rgrrTrrrrrNrurr1r2rrf s0    " "9a 0'  ! !(A .&!--a$?!!"'   q4 8$  T :%r1rc`\rSrSrSr\R "S5r\R "S5rSr g)ri!r r rrNr rr1r2rr!r r1rc`\rSrSrSr\R "SSSS9r\R"S5r Sr g ) ListAttackPathsResponsei!aResponse message for listing the attack paths for a given simulation or valued resource. Fields: attackPaths: The attack paths that the attack path simulation identified. nextPageToken: Token to retrieve the next page of results, or empty if there are no more results. rr TrrrN) rrrr r!r"r% attackPathsr#r r0rr1r2rBrB!s-&&|QF+''*-r1rBc`\rSrSrSr\R "SSSS9r\R"S5r Sr g ) ListBigQueryExportsResponsei!aResponse message for listing BigQuery exports. Fields: bigQueryExports: The BigQuery exports from the specified parent. nextPageToken: A token, which can be sent as `page_token` to retrieve the next page. If this field is omitted, there are no subsequent pages. rr TrrrN) rrrr r!r"r%bigQueryExportsr#r r0rr1r2rErE!s0**+VXYdhi/''*-r1rEc\rSrSrSr\R "SSSS9r\R"S5r \R"S\RRS 9r S rg ) ListFindingsResponsei,!aResponse message for listing findings. Fields: listFindingsResults: Findings matching the list request. nextPageToken: Token to retrieve the next page of results, or empty if there are no more results. totalSize: The total number of findings matching the query. ListFindingsResultr Trrrr}rN)rrrr r!r"r%listFindingsResultsr#r rMrrr!r0rr1r2rHrH,!sN"../CQQUV''*-$$Q 0A0A0G0GH)r1rHcd\rSrSrSr\R "SS5r\R "SS5rSr g) rIi;!zResult containing the Finding. Fields: finding: Finding matching the search request. resource: Output only. Resource that is associated with this finding. r r ResourcerrN) rrrr r!r"r%rr;r0rr1r2rIrI;!s.  " "#G K'  # #J 2(r1rIc`\rSrSrSr\R "SSSS9r\R"S5r Sr g ) ListMuteConfigsResponseiG!aResponse message for listing mute configs. Fields: muteConfigs: The mute configs from the specified parent. nextPageToken: A token, which can be sent as `page_token` to retrieve the next page. If this field is omitted, there are no subsequent pages. rr TrrrN) rrrr r!r"r% muteConfigsr#r r0rr1r2rNrNG!s0&&'NPQ\`a+''*-r1rNc`\rSrSrSr\R "S5r\R"SSSS9r Sr g ) ListNotificationConfigsResponseiT!zResponse message for listing notification configs. Fields: nextPageToken: Token to retrieve the next page of results, or empty if there are no more results. notificationConfigs: Notification configs belonging to the requested parent. r NotificationConfigrTrrN) rrrr r!r"r#r r%notificationConfigsr0rr1r2rQrQT!s0''*-!../CQQUVr1rQc\rSrSrSr\R "S5r\R"SSSS9r \R "SSS9r S r g ) ListOperationsResponseib!aThe response message for Operations.ListOperations. Fields: nextPageToken: The standard List next-page token. operations: A list of operations that matches the specified filter in the request. unreachable: Unordered list. Unreachable resources. Populated when the request sets `ListOperationsRequest.return_partial_success` and reads across collections e.g. when attempting to list all resources across all supported locations. r OperationrTrrrN) rrrr r!r"r#r r%r unreachabler0rr1r2rUrUb!s? ''*-%%k1tD*%%a$7+r1rUc`\rSrSrSr\R "S5r\R"SSSS9r Sr g ) ListResourceValueConfigsResponseit!aResponse message to list resource value configs Fields: nextPageToken: A token, which can be sent as `page_token` to retrieve the next page. If this field is empty, there are no subsequent pages. resourceValueConfigs: The resource value configs from the specified parent. r rrTrrN) rrrr r!r"r#r r%rr0rr1r2rYrYt!s1''*-"//0`bcnrsr1rYc`\rSrSrSr\R "S5r\R"SSSS9r Sr g ) ListSourcesResponsei!zResponse message for listing sources. Fields: nextPageToken: Token to retrieve the next page of results, or empty if there are no more results. sources: Sources belonging to the requested parent. r SourcerTrrN) rrrr r!r"r#r r%rr0rr1r2r[r[!s-''*-  " "8Q >'r1r[c\rSrSrSr\R "S5r\R"S\RRS9r \R"SSSS 9r S rg ) ListValuedResourcesResponsei!aZResponse message for listing the valued resources for a given simulation. Fields: nextPageToken: Token to retrieve the next page of results, or empty if there are no more results. totalSize: The estimated total number of results matching the query. valuedResources: The valued resources that the attack path simulation identified. r rr}ValuedResourcerTrrN)rrrr r!r"r#r rMrrr!r%valuedResourcesr0rr1r2r^r^!sL ''*-$$Q 0A0A0G0GH)**+;QN/r1r^c<\rSrSrSr\R "S5rSrg)ri!r r rNrsrr1r2rr!rr1rc>\rSrSrSr\R "SS5rSrg)r!i!rrkr rNrrr1r2r!r!!s  ,,-@!Dr1r!c`\rSrSrSr\R "S5r\R"SSSS9r Sr g ) MemoryHashSignaturei!rr rjrTrrNrrr1r2rdrd!s-&&q),%%k1tD*r1rdcv\rSrSrSr"SS\R 5r"SS\R 5r"SS\R 5r "S S \R 5r \R"SS S S 9r \R"SSS S 9r \R"SS5r\R"S SS S 9r\R "S5rSrg)r#i!rcT\rSrSrSrSrSrSrSrSr Sr S r S r S r S rS rSrSrSrSrSrg)5MitreAttack.AdditionalTacticsValueListEntryValuesEnumi!rrr rrrrrrrrrrrrrrNrrr1r2r.rg!r/r1r.cD\rSrSrSrSrSrSrSrSr Sr S r S r S r S rS rSrSrSrSrSrSrSrSrSrSrSrSrSrSrSrSrSr Sr!S r"S!r#S"r$S#r%S$r&S%r'S&r(S'r)S(r*S)r+S*r,S+r-S,r.S-r/S.r0S/r1S0r2S1r3S2r4S3r5S4r6S5r7S6r8S7r9S8r:S9r;S:rS=r?S>r@S?rAS@rBSArCSBrDSCrESDrFSErGSFrHSGrISHrJSIrKSJrLSKrMSLrNSMrOSNrPSOrQSPrRSQrSSRrTSSrUSTrVSUrWSVrXSWrYSXrZSYr[SZr\S[r]S\r^S]r_S^r`S_raS`rbSarcSbrdScreSdrfSergSfrhSgriShrjSirkSjrlSkrmSlrnSmroSnrpSorqSprrSqrsSrrtSsruStrvSurwSvrxSwrySxrzSyr{Szr|S{r}S|r~S}rS~rSrSrSrSrSrSrSrSrSrSrSrSrSrSrSrSrg)8MitreAttack.AdditionalTechniquesValueListEntryValuesEnumi"r2rr rrrrrrrrrrrrrrrrr rrrrr r r r r rrrrrrrrrrr r"r$r%r&r'r)r*r+r,r.r/r1r3r4r5r7r8r:r<r=r>r?rArCrEr3r4r5r6r7r8r9r:r;r<r=r>r?r@rAr5rBrCrDrErFrGrHrIrJrKrLrMrNrOrPrQrRrSrTrUrVrWrXrYrZr[r\r]rBr^r_r`rarbrcrdrerfrgrhrirjrkrlrJrmrnrorprqrrrsrtrurRrvrwrxryrNrzrr1r2rri"rr1rcT\rSrSrSrSrSrSrSrSr Sr S r S r S r S rS rSrSrSrSrSrg)(MitreAttack.PrimaryTacticValueValuesEnumi#r rr rrrrrrrrrrrrrrNrrr1r2r rk#r r1r cD\rSrSrSrSrSrSrSrSr Sr S r S r S r S rS rSrSrSrSrSrSrSrSrSrSrSrSrSrSrSrSrSr Sr!S r"S!r#S"r$S#r%S$r&S%r'S&r(S'r)S(r*S)r+S*r,S+r-S,r.S-r/S.r0S/r1S0r2S1r3S2r4S3r5S4r6S5r7S6r8S7r9S8r:S9r;S:rS=r?S>r@S?rAS@rBSArCSBrDSCrESDrFSErGSFrHSGrISHrJSIrKSJrLSKrMSLrNSMrOSNrPSOrQSPrRSQrSSRrTSSrUSTrVSUrWSVrXSWrYSXrZSYr[SZr\S[r]S\r^S]r_S^r`S_raS`rbSarcSbrdScreSdrfSergSfrhSgriShrjSirkSjrlSkrmSlrnSmroSnrpSorqSprrSqrsSrrtSsruStrvSurwSvrxSwrySxrzSyr{Szr|S{r}S|r~S}rS~rSrSrSrSrSrSrSrSrSrSrSrSrSrSrSrSrg)5MitreAttack.PrimaryTechniquesValueListEntryValuesEnumiD#rrr rrrrrrrrrrrrrrrrr rrrrr r r r r rrrrrrrrrrr r"r$r%r&r'r)r*r+r,r.r/r1r3r4r5r7r8r:r<r=r>r?rArCrEr3r4r5r6r7r8r9r:r;r<r=r>r?r@rAr5rBrCrDrErFrGrHrIrJrKrLrMrNrOrPrQrRrSrTrUrVrWrXrYrZr[r\r]rBr^r_r`rarbrcrdrerfrgrhrirjrkrlrJrmrnrorprqrrrsrtrurRrvrwrxryrNrzrr1r2rrmD#rr1rr TrrrrrrNrrr1r2r#r#!rr1r#cb\rSrSrSr\R "SSSS9r\R "SS5rS r g ) r(ig$rr}r Tr StaticMuterrNrrr1r2r(r(g$s1!--.A1tT%%lA6*r1r(c<\rSrSrSr\R "S5rSrg)r-iv$r"r rNrsrr1r2r-r-v$rtr1r-c<\rSrSrSr\R "S5rSrg)r=i$r$r rNrsrr1r2r=r=$rr1r=c`\rSrSrSr\R "S5r\R"SSSS9r Sr g ) r<i$r&r r=rTrrNr'rr1r2r<r<$s-   q !$  T :%r1r<c\rSrSrSr\R "S5r\R "S5r\R "S5r \R "S5r Sr g) r0i$r)r rrrrNr*rr1r2r0r0$r-r1r0c\rSrSrSr\R "S5r\R "S5r\R "S5r \R "S5r \R "S5r \R"SS 5r \R "S 5rS rg ) rRi$aCloud Security Command Center (Cloud SCC) notification configs. A notification config is a Cloud SCC resource that contains the configuration to send notifications for create/update events of findings, assets and etc. Fields: cryptoKeyName: Output only. The resource name of the Cloud KMS `CryptoKey` used to protect this configuration's data, if configured during Security Command Center activation. description: The description of the notification config (max of 1024 characters). name: Identifier. The relative resource name of this notification config. See: https://cloud.google.com/apis/design/resource_names#relative_resour ce_name The following list shows some examples: + `organizations/{organi zation_id}/locations/{location_id}/notificationConfigs/notify_public_buc ket` + `folders/{folder_id}/locations/{location_id}/notificationConfigs/ notify_public_bucket` + `projects/{project_id}/locations/{location_id}/n otificationConfigs/notify_public_bucket` pubsubTopic: The Pub/Sub topic to send notifications to. Its format is "projects/[project_id]/topics/[topic]". serviceAccount: Output only. The service account that needs "pubsub.topics.publish" permission to publish to the Pub/Sub topic. streamingConfig: The config for triggering streaming-based notifications. updateTime: Output only. The timestamp of when the notification config was last updated. r rrrrStreamingConfigrrrN)rrrr r!r"r#rrr9 pubsubTopicserviceAccountr%streamingConfigrr0rr1r2rRrR$s|4''*-%%a(+   q !$%%a(+((+.**+i$r2rr TrrrrrrNr3rr1r2r>r>$s] %%k1tD*    "%   q !$   q !$Q"r1r>cz\rSrSrSr\R "S5"SS\R55r \R "S5"SS\R55r \R"S5r \R"S S 5r\R"SS 5r\R "S 5r\R"SS 5rSrg)rVi$aThis resource represents a long-running operation that is the result of a network API call. Messages: MetadataValue: Service-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any. ResponseValue: The normal, successful response of the operation. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`. Fields: done: If the value is `false`, it means the operation is still in progress. If `true`, the operation is completed, and either `error` or `response` is available. error: The error result of the operation in case of failure or cancellation. metadata: Service-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any. name: The server-assigned name, which is only unique within the same service that originally returns it. If you use the default HTTP mapping, the `name` should be a resource name ending with `operations/{unique_id}`. response: The normal, successful response of the operation. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`. rcf\rSrSrSr"SS\R 5r\R"SSSS9r Sr g ) Operation.MetadataValuei%aService-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any. Messages: AdditionalProperty: An additional property for a MetadataValue object. Fields: additionalProperties: Properties of the object. Contains field @type with type URL. cb\rSrSrSr\R "S5r\R"SS5r Sr g)*Operation.MetadataValue.AdditionalPropertyi %zAn additional property for a MetadataValue object. Fields: key: Name of the additional property. value: A extra_types.JsonValue attribute. r rrrNrrr1r2rr~ %rr1rr TrrNrrr1r2 MetadataValuer|%s4  AY.. A%112FTXYr1rcf\rSrSrSr"SS\R 5r\R"SSSS9r Sr g ) Operation.ResponseValuei-%aThe normal, successful response of the operation. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`. Messages: AdditionalProperty: An additional property for a ResponseValue object. Fields: additionalProperties: Properties of the object. Contains field @type with type URL. cb\rSrSrSr\R "S5r\R"SS5r Sr g)*Operation.ResponseValue.AdditionalPropertyi?%zAn additional property for a ResponseValue object. Fields: key: Name of the additional property. value: A extra_types.JsonValue attribute. r rrrNrrr1r2rr?%rr1rr TrrNrrr1r2 ResponseValuer-%s4 AY.. A%112FTXYr1rr StatusrrrrrN)rrrr r!rrr"rrrrddoner%errormetadatar#r9responser0rr1r2rVrV$s'R !!"89Zi''Z:Z6 !!"89Zi''Z:Z<    "$  1 -%  # #OQ 7(   q !$  # #OQ 7(r1rVc<\rSrSrSr\R "S5rSrg)r2iS%zContains information about the org policies associated with the finding. Fields: name: The resource name of the org policy. Example: "organizations/{organization_id}/policies/{constraint_name}" r rNrsrr1r2r2r2S%rr1r2c\rSrSrSr\R "S5r\R "S5r\R "S5r \R "S5r Sr g) Packagei^%r8r rrrrNr9rr1r2rr^%r>r1rc\rSrSrSr\R "S5r\R "S5r\R "S5r Sr g)rin%aGA finding that is associated with this node in the attack path. Fields: canonicalFinding: Canonical name of the associated findings. Example: `organizations/123/sources/456/findings/789` findingCategory: The additional taxonomy group within findings from a given source. name: Full resource name of the finding. r rrrN) rrrr r!r"r#canonicalFindingfindingCategoryr9r0rr1r2rrn%s:**1-))!,/   q !$r1rc`\rSrSrSr\R "S5r\R "S5rSr g)Pipelinei~%aVertex AI training pipeline associated with the finding. Fields: displayName: The user defined display name of pipeline, e.g. plants- classification name: Resource name of the pipeline, e.g. projects/{project}/locations/{lo cation}/trainingPipelines/5253428229225578496 r rrNrArr1r2rr~%rBr1rc\rSrSrSr\R "SSSS9r\R "SSSS9r\R"S 5r \R"S 5r S r g ) r?i%rDrr TrrrrrrNrErr1r2r?r?%sQ%%k1tD*  ! !'1t <&   q !$Q"r1r?c\rSrSrSr\R "SSSS9r\R "SSSS9r\R"S 5r \R"S \RRS 9rS rg )Policyi%awAn Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource- policies). **JSON example:** ``` { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } ``` **YAML example:** ``` bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 ``` For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/). Fields: auditConfigs: Specifies cloud audit logging configuration for this policy. bindings: Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`. etag: `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read- modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. version: Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource- policies). rr Trrrrrr}rN)rrrr r!r"r% auditConfigsr BytesFieldetagrMrrr>r0rr1r2rr%saEN'' q4H,  # #Iq4 @(   a $  " "1i.?.?.E.E F'r1rc\rSrSrSr\R "S5r\R "S5r\R "S5r Sr g)PolicyDriftDetailsi%rHr rrrNrIrr1r2rr%rMr1rc`\rSrSrSr\R "S5r\R "S5rSr g)r3i%rOr rrNrPrr1r2r3r3%rSr1r3c\rSrSrSr\R "SSS9r\R"S5r \R"SS5r \R"S S SS9r \R"S 5r \R"SS SS9r\R "S 5r\R "S5r\R "S5r\R"SS5r\R "S5rSrg)r6i &rUr TrrrrrrrrrrrrrrNrVrr1r2r6r6 &s*   q4 0$ --a0  ! !&! ,&''(=q4P,#003$$VQ>)   q !$$$Q')q!#  ! !&" -&  ! !" %&r1r6c\rSrSrSr"SS\R 5r\R"SS5r \R"SS5r \R"SS 5r S r g ) r/i.&rac$\rSrSrSrSrSrSrSrg)-ProcessSignature.SignatureTypeValueValuesEnumi=&rdrr rrNrerr1r2rir=&rjr1rirdr rYaraRuleSignaturerrNrlrr1r2r/r/.&sT  Y^^ "../DaH%%&DaH-,,-@!Dr1r/c`\rSrSrSr\R "S5r\R "S5rSr g)riN&rqr rrNrrrr1r2rrN&rsr1rc\rSrSrSr\R "S\RRS9r \R "S\RRS9r \R"S5r \R "S\RRS9r Srg ) r8i[&rur r}rrrrNrvrr1r2r8r8[&r{r1r8c\rSrSrSr"SS\R 5r\R"SS5r \R"SS5r \R"SS 5r \R"S 5r\R"S S 5r\R"S 5r\R"S5r\R"SS5r\R"S5r\R"S5r\R"S5rSrg)rLin&a&Information related to the Google Cloud resource that is associated with this finding. Enums: CloudProviderValueValuesEnum: Indicates which cloud provider the finding is from. Fields: awsMetadata: The AWS metadata associated with the finding. azureMetadata: The Azure metadata associated with the finding. cloudProvider: Indicates which cloud provider the finding is from. displayName: The human readable name of the resource. gcpMetadata: The Google Cloud metadata associated with the finding. location: The region or location of the service (if applicable). name: The full resource name of the resource. See: https://cloud.google.com/apis/design/resource_names#full_resource_name resourcePath: Provides the path to the resource within the resource hierarchy. resourcePathString: A string representation of the resource path. For Google Cloud, it has the format of `organizations/{organization_id}/fold ers/{folder_id}/folders/{folder_id}/projects/{project_id}` where there can be any number of folders. For AWS, it has the format of `org/{organi zation_id}/ou/{organizational_unit_id}/ou/{organizational_unit_id}/accou nt/{account_id}` where there can be any number of organizational units. For Azure, it has the format of `mg/{management_group_id}/mg/{management _group_id}/subscription/{subscription_id}/rg/{resource_group_name}` where there can be any number of management groups. service: The service or resource provider associated with the resource. type: The full resource type of the resource. c(\rSrSrSrSrSrSrSrSr g) %Resource.CloudProviderValueValuesEnumi&rrr rrrNrrr1r2rr&rr1rrr rrrrrrrrrrrrrrNrrr1r2rLrLn&s> Y^^ &&'OQRS+(()SUVW-%%&DaH-%%a(+&&}a8+  " "1 %(   q !$''(QSTU, ,,Q/  ! !" %'   r "$r1rLc<\rSrSrSr\R "SSSS9rSrg) ri&rResourcePathNoder TrrNrrr1r2rr&s  !3Q F%r1rc\rSrSrSr"SS\R 5r\R"S5r \R"S5r \R"SS5r Sr g ) ri&rc@\rSrSrSrSrSrSrSrSr Sr S r S r S r S rS rg)(ResourcePathNode.NodeTypeValueValuesEnumi&rrr rrrrrrrrrNrrr1r2rr&rr1rr rrrNrrr1r2rr&rr1rc<\rSrSrSr\R "S5rSrg)ResourceValueConfigMetadatai&zlMetadata about a ResourceValueConfig. For example, id and name. Fields: name: Resource value config name r rNrsrr1r2rr&rr1rc\rSrSrSr"SS\R 5r\R"SS5r \R"S5r \R"S5r Sr g ) ri&rc$\rSrSrSrSrSrSrSrg)Role.KindValueValuesEnumi&rrr rrNrrr1r2rr&rr1rr rrrNrrr1r2rr&rr1rc\rSrSrSr\R "S5r\R "S5r\R "S5r Sr g)SecurityBulletini'rr rrrNrrr1r2rr'rr1rc\rSrSrSr\R "S5"SS\R55r \R"S5r \R"SS5r \R"S5rS rg ) r9i'r^rcf\rSrSrSr"SS\R 5r\R"SSSS9r Sr g ) SecurityMarks.MarksValuei>'rac`\rSrSrSr\R "S5r\R "S5rSr g)+SecurityMarks.MarksValue.AdditionalPropertyiN'rdr rrNrrr1r2rrN'rr1rr TrrNrrr1r2rer>'rr1rer rrrNrfrr1r2r9r9'rhr1r9c\rSrSrSr\R "S5r\R"S5r \R "S5r Sr g)r9i`'rr rrrNrrr1r2r9r9`'rr1r9c8\rSrSrSr\R "S5r\R "S5r\R "S5r \R"SSSS 9r \R "S 5r \R "S 5r \R "S 5r\R "S 5rSrg)r;is'aRepresents a posture that is deployed on Google Cloud by the Security Command Center Posture Management service. A posture contains one or more policy sets. A policy set is a group of policies that enforce a set of security rules on Google Cloud. Fields: changedPolicy: The name of the updated policy, for example, `projects/{project_id}/policies/{constraint_name}`. name: Name of the posture, for example, `CIS-Posture`. policy: The ID of the updated policy, for example, `compute-policy-1`. policyDriftDetails: The details about a change in an updated policy that violates the deployed posture. policySet: The name of the updated policyset, for example, `cis- policyset`. postureDeployment: The name of the posture deployment, for example, `organizations/{org_id}/posturedeployments/{posture_deployment_id}`. postureDeploymentResource: The project, folder, or organization on which the posture is deployed, for example, `projects/{project_number}`. revisionId: The version of the posture, for example, `c7cfa2a8`. r rrrrTrrrrrrNrrr1r2r;r;s's*''*-   q !$   #& --.BAPTU##A&)++A.'33A6$$Q'*r1r;c\rSrSrSr\R "SS5r\R"SSS9r \R"S5r S r g ) 5SecuritycenterFoldersAssetsUpdateSecurityMarksRequesti'aA SecuritycenterFoldersAssetsUpdateSecurityMarksRequest object. Fields: googleCloudSecuritycenterV2SecurityMarks: A GoogleCloudSecuritycenterV2SecurityMarks resource to be passed as the request body. name: The relative resource name of the SecurityMarks. See: https://cloud.google.com/apis/design/resource_names#relative_resource_na me The following list shows some examples: + `organizations/{organization_id}/assets/{asset_id}/securityMarks` + `org anizations/{organization_id}/sources/{source_id}/findings/{finding_id}/s ecurityMarks` + `organizations/{organization_id}/sources/{source_id}/loc ations/{location}/findings/{finding_id}/securityMarks` updateMask: The FieldMask to use when updating the security marks resource. The field mask must not contain duplicate fields. If empty or set to "marks", all marks will be replaced. Individual marks can be updated using "marks.". r.r rTrequiredrrN rrrr r!r"r%(googleCloudSecuritycenterV2SecurityMarksr#r9 updateMaskr0rr1r2rr'@&.7-C-CDnpq-r*   q4 0$$$Q'*r1rc`\rSrSrSr\R "SS5r\R"SSS9r Sr g ) ,SecuritycenterFoldersFindingsBulkMuteRequesti'a_A SecuritycenterFoldersFindingsBulkMuteRequest object. Fields: bulkMuteFindingsRequest: A BulkMuteFindingsRequest resource to be passed as the request body. parent: Required. The parent, at which bulk action needs to be applied. If no location is specified, findings are updated in global. The following list shows some examples: + `organizations/[organization_id]` + `organizations/[organization_id]/locations/[location_id]` + `folders/[folder_id]` + `folders/[folder_id]/locations/[location_id]` + `projects/[project_id]` + `projects/[project_id]/locations/[location_id]` r#r rTrrN rrrr r!r"r%bulkMuteFindingsRequestr#rr0rr1r2rr'/ &223LaP  T 2&r1rc\rSrSrSr\R "S5r\R"SS5r \R "SSS9r S r g ) :SecuritycenterFoldersLocationsBigQueryExportsCreateRequesti'aA SecuritycenterFoldersLocationsBigQueryExportsCreateRequest object. Fields: bigQueryExportId: Required. Unique identifier provided by the client within the parent scope. It must consist of only lowercase letters, numbers, and hyphens, must start with a letter, must end with either a letter or a number, and must be 63 characters or less. googleCloudSecuritycenterV2BigQueryExport: A GoogleCloudSecuritycenterV2BigQueryExport resource to be passed as the request body. parent: Required. The name of the parent resource of the new BigQuery export. Its format is `organizations/[organization_id]/locations/[location_id]`, `folders/[folder_id]/locations/[location_id]`, or `projects/[project_id]/locations/[location_id]`. r rrrTrrN rrrr r!r"r#bigQueryExportIdr%)googleCloudSecuritycenterV2BigQueryExportrr0rr1r2rr'A"**1-.7.D.DEprs.t+  T 2&r1rc:\rSrSrSr\R "SSS9rSrg):SecuritycenterFoldersLocationsBigQueryExportsDeleteRequesti'aA SecuritycenterFoldersLocationsBigQueryExportsDeleteRequest object. Fields: name: Required. The name of the BigQuery export to delete. The following list shows some examples of the format: + `organizations/{organization}/ locations/{location}/bigQueryExports/{export_id}` + `folders/{folder}/locations/{location}/bigQueryExports/{export_id}` + `projects/{project}/locations/{location}/bigQueryExports/{export_id}` r TrrNrsrr1r2rr'   q4 0$r1rc:\rSrSrSr\R "SSS9rSrg)7SecuritycenterFoldersLocationsBigQueryExportsGetRequesti'aA SecuritycenterFoldersLocationsBigQueryExportsGetRequest object. Fields: name: Required. Name of the BigQuery export to retrieve. The following list shows some examples of the format: + `organizations/{organization}/ locations/{location}/bigQueryExports/{export_id}` + `folders/{folder}/locations/{location}/bigQueryExports/{export_id}` + `projects/{project}locations/{location}//bigQueryExports/{export_id}` r TrrNrsrr1r2rr'rr1rc\rSrSrSr\R "S\RRS9r \R"S5r \R"SSS9r S r g ) 8SecuritycenterFoldersLocationsBigQueryExportsListRequesti'aEA SecuritycenterFoldersLocationsBigQueryExportsListRequest object. Fields: pageSize: The maximum number of configs to return. The service may return fewer than this value. If unspecified, at most 10 configs will be returned. The maximum value is 1000; values above 1000 will be coerced to 1000. pageToken: A page token, received from a previous `ListBigQueryExports` call. Provide this to retrieve the subsequent page. When paginating, all other parameters provided to `ListBigQueryExports` must match the call that provided the page token. parent: Required. The parent, which owns the collection of BigQuery exports. Its format is `organizations/[organization_id]/locations/[location_id]`, `folders/[folder_id]/locations/[location_id]`, or `projects/[project_id]/locations/[location_id]`. r r}rrTrrNrrrr r!r"rMrrrr#rrr0rr1r2rr'I$ # #Ay/@/@/F/F G(##A&)  T 2&r1rc\rSrSrSr\R "SS5r\R"SSS9r \R"S5r S r g ) 9SecuritycenterFoldersLocationsBigQueryExportsPatchRequesti (aZA SecuritycenterFoldersLocationsBigQueryExportsPatchRequest object. Fields: googleCloudSecuritycenterV2BigQueryExport: A GoogleCloudSecuritycenterV2BigQueryExport resource to be passed as the request body. name: Identifier. The relative resource name of this export. See: https:// cloud.google.com/apis/design/resource_names#relative_resource_name. The following list shows some examples: + `organizations/{organization_id}/l ocations/{location_id}/bigQueryExports/{export_id}` + `folders/{folder_i d}/locations/{location_id}/bigQueryExports/{export_id}` + `projects/{pro ject_id}/locations/{location_id}/bigQueryExports/{export_id}` This field is provided in responses, and is ignored when provided in create requests. updateMask: The list of fields to be updated. If empty all mutable fields will be updated. rr rTrrrN rrrr r!r"r%rr#r9rr0rr1r2rr (@$/8.D.DEprs.t+   q4 0$$$Q'*r1rc`\rSrSrSr\R "SS5r\R"SSS9r Sr g ) 5SecuritycenterFoldersLocationsFindingsBulkMuteRequesti"(ahA SecuritycenterFoldersLocationsFindingsBulkMuteRequest object. Fields: bulkMuteFindingsRequest: A BulkMuteFindingsRequest resource to be passed as the request body. parent: Required. The parent, at which bulk action needs to be applied. If no location is specified, findings are updated in global. The following list shows some examples: + `organizations/[organization_id]` + `organizations/[organization_id]/locations/[location_id]` + `folders/[folder_id]` + `folders/[folder_id]/locations/[location_id]` + `projects/[project_id]` + `projects/[project_id]/locations/[location_id]` r#r rTrrNrrr1r2rr"(rr1rc\rSrSrSr\R "SS5r\R"S5r \R"SSS9r S r g ) 6SecuritycenterFoldersLocationsMuteConfigsCreateRequesti5(aA SecuritycenterFoldersLocationsMuteConfigsCreateRequest object. Fields: googleCloudSecuritycenterV2MuteConfig: A GoogleCloudSecuritycenterV2MuteConfig resource to be passed as the request body. muteConfigId: Required. Unique identifier provided by the client within the parent scope. It must consist of only lowercase letters, numbers, and hyphens, must start with a letter, must end with either a letter or a number, and must be 63 characters or less. parent: Required. Resource name of the new mute configs's parent. Its format is `organizations/[organization_id]/locations/[location_id]`, `folders/[folder_id]/locations/[location_id]`, or `projects/[project_id]/locations/[location_id]`. rr rrTrrN rrrr r!r"r%%googleCloudSecuritycenterV2MuteConfigr# muteConfigIdrr0rr1r2rr5(@ +4*@*@Ahjk*l'&&q),  T 2&r1rc:\rSrSrSr\R "SSS9rSrg)6SecuritycenterFoldersLocationsMuteConfigsDeleteRequestiK(a;A SecuritycenterFoldersLocationsMuteConfigsDeleteRequest object. Fields: name: Required. Name of the mute config to delete. The following list shows some examples of the format: + `organizations/{organization}/muteConfigs/{config_id}` + `organizations/ {organization}/locations/{location}/muteConfigs/{config_id}` + `folders/{folder}/muteConfigs/{config_id}` + `folders/{folder}/locations/{location}/muteConfigs/{config_id}` + `projects/{project}/muteConfigs/{config_id}` + `projects/{project}/locations/{location}/muteConfigs/{config_id}` r TrrNrsrr1r2rrK(    q4 0$r1rc:\rSrSrSr\R "SSS9rSrg)3SecuritycenterFoldersLocationsMuteConfigsGetRequesti\(a:A SecuritycenterFoldersLocationsMuteConfigsGetRequest object. Fields: name: Required. Name of the mute config to retrieve. The following list shows some examples of the format: + `organizations/{organization}/muteConfigs/{config_id}` + `organizations/ {organization}/locations/{location}/muteConfigs/{config_id}` + `folders/{folder}/muteConfigs/{config_id}` + `folders/{folder}/locations/{location}/muteConfigs/{config_id}` + `projects/{project}/muteConfigs/{config_id}` + `projects/{project}/locations/{location}/muteConfigs/{config_id}` r TrrNrsrr1r2rr\(rr1rc\rSrSrSr\R "S\RRS9r \R"S5r \R"SSS9r S r g ) 4SecuritycenterFoldersLocationsMuteConfigsListRequestim(aA SecuritycenterFoldersLocationsMuteConfigsListRequest object. Fields: pageSize: The maximum number of configs to return. The service may return fewer than this value. If unspecified, at most 10 configs will be returned. The maximum value is 1000; values above 1000 will be coerced to 1000. pageToken: A page token, received from a previous `ListMuteConfigs` call. Provide this to retrieve the subsequent page. When paginating, all other parameters provided to `ListMuteConfigs` must match the call that provided the page token. parent: Required. The parent, which owns the collection of mute configs. Its format is `organizations/[organization_id]", "folders/[folder_id]`, `projects/[project_id]`, `organizations/[organization_id]/locations/[location_id]`, `folders/[folder_id]/locations/[location_id]`, `projects/[project_id]/locations/[location_id]`. r r}rrTrrNrrr1r2rrm(I& # #Ay/@/@/F/F G(##A&)  T 2&r1rc\rSrSrSr\R "SS5r\R"SSS9r \R"S5r S r g ) 5SecuritycenterFoldersLocationsMuteConfigsPatchRequesti(aEA SecuritycenterFoldersLocationsMuteConfigsPatchRequest object. Fields: googleCloudSecuritycenterV2MuteConfig: A GoogleCloudSecuritycenterV2MuteConfig resource to be passed as the request body. name: Identifier. This field will be ignored if provided on config creation. The following list shows some examples of the format: + `organizations/{organization}/muteConfigs/{mute_config}` + `organization s/{organization}locations/{location}//muteConfigs/{mute_config}` + `folders/{folder}/muteConfigs/{mute_config}` + `folders/{folder}/locations/{location}/muteConfigs/{mute_config}` + `projects/{project}/muteConfigs/{mute_config}` + `projects/{project}/locations/{location}/muteConfigs/{mute_config}` updateMask: The list of fields to be updated. If empty all mutable fields will be updated. rr rTrrrN rrrr r!r"r%rr#r9rr0rr1r2rr(@$+4*@*@Ahjk*l'   q4 0$$$Q'*r1rc\rSrSrSr\R "S5r\R"SS5r \R "SSS9r S r g ) >SecuritycenterFoldersLocationsNotificationConfigsCreateRequesti(azA SecuritycenterFoldersLocationsNotificationConfigsCreateRequest object. Fields: configId: Required. Unique identifier provided by the client within the parent scope. It must be between 1 and 128 characters and contain alphanumeric characters, underscores, or hyphens only. notificationConfig: A NotificationConfig resource to be passed as the request body. parent: Required. Resource name of the new notification config's parent. Its format is `organizations/[organization_id]/locations/[location_id]`, `folders/[folder_id]/locations/[location_id]`, or `projects/[project_id]/locations/[location_id]`. r rRrrTrrN rrrr r!r"r#configIdr%notificationConfigrr0rr1r2rr(s?  " "1 %( --.BAF  T 2&r1rc:\rSrSrSr\R "SSS9rSrg)>SecuritycenterFoldersLocationsNotificationConfigsDeleteRequesti(aA SecuritycenterFoldersLocationsNotificationConfigsDeleteRequest object. Fields: name: Required. Name of the notification config to delete. The following list shows some examples of the format: + `organizations/[organization_i d]/locations/[location_id]/notificationConfigs/[config_id]` + `folders/[ folder_id]/locations/[location_id]notificationConfigs/[config_id]` + `pr ojects/[project_id]/locations/[location_id]notificationConfigs/[config_i d]` r TrrNrsrr1r2rr(    q4 0$r1rc:\rSrSrSr\R "SSS9rSrg);SecuritycenterFoldersLocationsNotificationConfigsGetRequesti(aA SecuritycenterFoldersLocationsNotificationConfigsGetRequest object. Fields: name: Required. Name of the notification config to get. The following list shows some examples of the format: + `organizations/[organization_id]/lo cations/[location_id]/notificationConfigs/[config_id]` + `folders/[folde r_id]/locations/[location_id]/notificationConfigs/[config_id]` + `projec ts/[project_id]/locations/[location_id]/notificationConfigs/[config_id]` r TrrNrsrr1r2rr(rr1rc\rSrSrSr\R "S\RRS9r \R"S5r \R"SSS9r S r g ) `, `<`, `>=`, `<=` for integer values. * `:`, meaning substring matching, for strings. The supported value types are: * string literals in quotes. * integer literals without quotes. * boolean literals `true` and `false` without quotes. The following field and operator combinations are supported: * name: `=` * parent: `=`, `:` * resource_name: `=`, `:` * state: `=`, `:` * category: `=`, `:` * external_uri: `=`, `:` * event_time: `=`, `>`, `<`, `>=`, `<=` Usage: This should be milliseconds since epoch or an RFC3339 string. Examples: `event_time = "2019-06-10T16:07:18-07:00"` `event_time = 1560208038000` * severity: `=`, `:` * security_marks.marks: `=`, `:` * resource: * resource.name: `=`, `:` * resource.parent_name: `=`, `:` * resource.parent_display_name: `=`, `:` * resource.project_name: `=`, `:` * resource.project_display_name: `=`, `:` * resource.type: `=`, `:` * resource.folders.resource_folder: `=`, `:` * resource.display_name: `=`, `:` orderBy: Expression that defines what fields and order to use for sorting. The string value should follow SQL syntax: comma separated list of fields. For example: "name,parent". The default sorting order is ascending. To specify descending order for a field, a suffix " desc" should be appended to the field name. For example: "name desc,parent". Redundant space characters in the syntax are insignificant. "name desc,parent" and " name desc , parent " are equivalent. The following fields are supported: name parent state category resource_name event_time security_marks.marks pageSize: The maximum number of results to return in a single response. Default is 10, minimum is 1, maximum is 1000. pageToken: The value returned by the last `ListFindingsResponse`; indicates that this is a continuation of a prior `ListFindings` call, and that the system should return the next page of data. parent: Required. Name of the source the findings belong to. If no location is specified, the default is global. The following list shows some examples: + `organizations/[organization_id]/sources/[source_id]` + `organizations/[organization_id]/sources/[source_id]/locations/[location _id]` + `folders/[folder_id]/sources/[source_id]` + `folders/[folder_id]/sources/[source_id]/locations/[location_id]` + `projects/[project_id]/sources/[source_id]` + `projects/[project_id]/sources/[source_id]/locations/[location_id]` To list across all sources provide a source_id of `-`. The following list shows some examples: + `organizations/{organization_id}/sources/-` + `organizations/{organization_id}/sources/-/locations/{location_id}` + `folders/{folder_id}/sources/-` + `folders/{folder_id}/sources/-locations/{location_id}` + `projects/{projects_id}/sources/-` + `projects/{projects_id}/sources/-/locations/{location_id}` r rrrr}rrTrrNrrrr r!r"r# fieldMaskr*orderByrMrrrrrr0rr1r2r r )z7r##A&)   #&  ! !! $'  # #Ay/@/@/F/F G(##A&)  T 2&r1r c\rSrSrSr\R "SS5r\R"SSS9r \R"S5r S r g ) 0SecuritycenterFoldersSourcesFindingsPatchRequesti)aA SecuritycenterFoldersSourcesFindingsPatchRequest object. Fields: googleCloudSecuritycenterV2Finding: A GoogleCloudSecuritycenterV2Finding resource to be passed as the request body. name: Identifier. The [relative resource name](https://cloud.google.com/ap is/design/resource_names#relative_resource_name) of the finding. The following list shows some examples: + `organizations/{organization_id}/s ources/{source_id}/findings/{finding_id}` + `organizations/{organization _id}/sources/{source_id}/locations/{location_id}/findings/{finding_id}` + `folders/{folder_id}/sources/{source_id}/findings/{finding_id}` + `fol ders/{folder_id}/sources/{source_id}/locations/{location_id}/findings/{f inding_id}` + `projects/{project_id}/sources/{source_id}/findings/{finding_id}` + `pro jects/{project_id}/sources/{source_id}/locations/{location_id}/findings/ {finding_id}` updateMask: The FieldMask to use when updating the finding resource. This field should not be specified when creating a finding. When updating a finding, an empty mask is treated as updating all mutable fields and replacing source_properties. Individual source_properties can be added/updated by using "source_properties." in the field mask. r r rTrrrN rrrr r!r"r%"googleCloudSecuritycenterV2Findingr#r9rr0rr1r2r r )@.(1'='=>bde'f$   q4 0$$$Q'*r1r c`\rSrSrSr\R "SSS9r\R"SS5r Sr g ) 2SecuritycenterFoldersSourcesFindingsSetMuteRequesti)aA SecuritycenterFoldersSourcesFindingsSetMuteRequest object. Fields: name: Required. The [relative resource name](https://cloud.google.com/apis /design/resource_names#relative_resource_name) of the finding. If no location is specified, finding is assumed to be in global. The following list shows some examples: + `organizations/{organization_id}/sources/{so urce_id}/findings/{finding_id}` + `organizations/{organization_id}/sourc es/{source_id}/locations/{location_id}/findings/{finding_id}` + `folders/{folder_id}/sources/{source_id}/findings/{finding_id}` + `folde rs/{folder_id}/sources/{source_id}/locations/{location_id}/findings/{fin ding_id}` + `projects/{project_id}/sources/{source_id}/findings/{finding_id}` + `pro jects/{project_id}/sources/{source_id}/locations/{location_id}/findings/ {finding_id}` setMuteRequest: A SetMuteRequest resource to be passed as the request body. r TrSetMuteRequestrrN rrrr r!r"r#r9r%setMuteRequestr0rr1r2r r ).&   q4 0$))*:A>.r1r c`\rSrSrSr\R "SSS9r\R"SS5r Sr g ) 3SecuritycenterFoldersSourcesFindingsSetStateRequesti*aA SecuritycenterFoldersSourcesFindingsSetStateRequest object. Fields: name: Required. The [relative resource name](https://cloud.google.com/apis /design/resource_names#relative_resource_name) of the finding. If no location is specified, finding is assumed to be in global. The following list shows some examples: + `organizations/{organization_id}/sources/{so urce_id}/findings/{finding_id}` + `organizations/{organization_id}/sourc es/{source_id}/locations/{location_id}/findings/{finding_id}` + `folders/{folder_id}/sources/{source_id}/findings/{finding_id}` + `folde rs/{folder_id}/sources/{source_id}/locations/{location_id}/findings/{fin ding_id}` + `projects/{project_id}/sources/{source_id}/findings/{finding_id}` + `pro jects/{project_id}/sources/{source_id}/locations/{location_id}/findings/ {finding_id}` setFindingStateRequest: A SetFindingStateRequest resource to be passed as the request body. r TrSetFindingStateRequestrrN rrrr r!r"r#r9r%setFindingStateRequestr0rr1r2r# r# */&   q4 0$$112JANr1r# c\rSrSrSr\R "SS5r\R"SSS9r \R"S5r S r g ) >SecuritycenterFoldersSourcesFindingsUpdateSecurityMarksRequesti)*aA SecuritycenterFoldersSourcesFindingsUpdateSecurityMarksRequest object. Fields: googleCloudSecuritycenterV2SecurityMarks: A GoogleCloudSecuritycenterV2SecurityMarks resource to be passed as the request body. name: The relative resource name of the SecurityMarks. See: https://cloud.google.com/apis/design/resource_names#relative_resource_na me The following list shows some examples: + `organizations/{organization_id}/assets/{asset_id}/securityMarks` + `org anizations/{organization_id}/sources/{source_id}/findings/{finding_id}/s ecurityMarks` + `organizations/{organization_id}/sources/{source_id}/loc ations/{location}/findings/{finding_id}/securityMarks` updateMask: The FieldMask to use when updating the security marks resource. The field mask must not contain duplicate fields. If empty or set to "marks", all marks will be replaced. Individual marks can be updated using "marks.". r.r rTrrrNrrr1r2r) r) )*rr1r) c\rSrSrSr\R "S\RRS9r \R"S5r \R"SSS9r S r g ) 'SecuritycenterFoldersSourcesListRequestiB*a7A SecuritycenterFoldersSourcesListRequest object. Fields: pageSize: The maximum number of results to return in a single response. Default is 10, minimum is 1, maximum is 1000. pageToken: The value returned by the last `ListSourcesResponse`; indicates that this is a continuation of a prior `ListSources` call, and that the system should return the next page of data. parent: Required. Resource name of the parent of sources to list. Its format should be `organizations/[organization_id]`, `folders/[folder_id]`, or `projects/[project_id]`. r r}rrTrrNrrr1r2r+ r+ B*I  # #Ay/@/@/F/F G(##A&)  T 2&r1r+ c`\rSrSrSr\R "SS5r\R"SSS9r Sr g ) :SecuritycenterFoldersSourcesLocationsFindingsExportRequestiU*a:A SecuritycenterFoldersSourcesLocationsFindingsExportRequest object. Fields: exportFindingsRequest: A ExportFindingsRequest resource to be passed as the request body. parent: Required. The relative name of the export scope. Example formats: organizations/{organization}/sources/-/locations/{location} rr rTrrN rrrr r!r"r%exportFindingsRequestr#rr0rr1r2r. r. U*/$001H!L  T 2&r1r. c\rSrSrSr\R "SS5r\R"SSS9r \R"S5r S r g ) HSecuritycenterFoldersSourcesLocationsFindingsExternalSystemsPatchRequestic*aA SecuritycenterFoldersSourcesLocationsFindingsExternalSystemsPatchRequest object. Fields: googleCloudSecuritycenterV2ExternalSystem: A GoogleCloudSecuritycenterV2ExternalSystem resource to be passed as the request body. name: Full resource name of the external system. The following list shows some examples: + `organizations/1234/sources/5678/findings/123456/externalSystems/jira` + `organizations/1234/sources/5678/locations/us/findings/123456/externalSy stems/jira` + `folders/1234/sources/5678/findings/123456/externalSystems/jira` + `fold ers/1234/sources/5678/locations/us/findings/123456/externalSystems/jira` + `projects/1234/sources/5678/findings/123456/externalSystems/jira` + `p rojects/1234/sources/5678/locations/us/findings/123456/externalSystems/j ira` updateMask: The FieldMask to use when updating the external system resource. If empty all mutable fields will be updated. rr rTrrrNr rr1r2r3 r3 c*@,/8.D.DEprs.t+   q4 0$$$Q'*r1r3 c`\rSrSrSr\R "SS5r\R"SSS9r Sr g ) 9SecuritycenterFoldersSourcesLocationsFindingsGroupRequesti*a~A SecuritycenterFoldersSourcesLocationsFindingsGroupRequest object. Fields: groupFindingsRequest: A GroupFindingsRequest resource to be passed as the request body. parent: Required. Name of the source to groupBy. If no location is specified, finding is assumed to be in global. The following list shows some examples: + `organizations/[organization_id]/sources/[source_id]` + `organizations/[organization_id]/sources/[source_id]/locations/[location _id]` + `folders/[folder_id]/sources/[source_id]` + `folders/[folder_id]/sources/[source_id]/locations/[location_id]` + `projects/[project_id]/sources/[source_id]` + `projects/[project_id]/sources/[source_id]/locations/[location_id]` To groupBy across all sources provide a source_id of `-`. The following list shows some examples: + `organizations/{organization_id}/sources/-` + `organizations/{organization_id}/sources/-/locations/[location_id]` + `folders/{folder_id}/sources/-` + `folders/{folder_id}/sources/-/locations/[location_id]` + `projects/{project_id}/sources/-` + `projects/{project_id}/sources/-/locations/[location_id]` rr rTrrNr rr1r2r6 r6 *r r1r6 c\rSrSrSr\R "S5r\R "S5r\R "S5r \R"S\RRS9r \R "S5r\R "S S S 9rS rg )8SecuritycenterFoldersSourcesLocationsFindingsListRequesti*aA SecuritycenterFoldersSourcesLocationsFindingsListRequest object. Fields: fieldMask: A field mask to specify the Finding fields to be listed in the response. An empty field mask will list all fields. filter: Expression that defines the filter to apply across findings. The expression is a list of one or more restrictions combined via logical operators `AND` and `OR`. Parentheses are supported, and `OR` has higher precedence than `AND`. Restrictions have the form ` ` and may have a `-` character in front of them to indicate negation. Examples include: * name * security_marks.marks.marka The supported operators are: * `=` for all value types. * `>`, `<`, `>=`, `<=` for integer values. * `:`, meaning substring matching, for strings. The supported value types are: * string literals in quotes. * integer literals without quotes. * boolean literals `true` and `false` without quotes. The following field and operator combinations are supported: * name: `=` * parent: `=`, `:` * resource_name: `=`, `:` * state: `=`, `:` * category: `=`, `:` * external_uri: `=`, `:` * event_time: `=`, `>`, `<`, `>=`, `<=` Usage: This should be milliseconds since epoch or an RFC3339 string. Examples: `event_time = "2019-06-10T16:07:18-07:00"` `event_time = 1560208038000` * severity: `=`, `:` * security_marks.marks: `=`, `:` * resource: * resource.name: `=`, `:` * resource.parent_name: `=`, `:` * resource.parent_display_name: `=`, `:` * resource.project_name: `=`, `:` * resource.project_display_name: `=`, `:` * resource.type: `=`, `:` * resource.folders.resource_folder: `=`, `:` * resource.display_name: `=`, `:` orderBy: Expression that defines what fields and order to use for sorting. The string value should follow SQL syntax: comma separated list of fields. For example: "name,parent". The default sorting order is ascending. To specify descending order for a field, a suffix " desc" should be appended to the field name. For example: "name desc,parent". Redundant space characters in the syntax are insignificant. "name desc,parent" and " name desc , parent " are equivalent. The following fields are supported: name parent state category resource_name event_time security_marks.marks pageSize: The maximum number of results to return in a single response. Default is 10, minimum is 1, maximum is 1000. pageToken: The value returned by the last `ListFindingsResponse`; indicates that this is a continuation of a prior `ListFindings` call, and that the system should return the next page of data. parent: Required. Name of the source the findings belong to. If no location is specified, the default is global. The following list shows some examples: + `organizations/[organization_id]/sources/[source_id]` + `organizations/[organization_id]/sources/[source_id]/locations/[location _id]` + `folders/[folder_id]/sources/[source_id]` + `folders/[folder_id]/sources/[source_id]/locations/[location_id]` + `projects/[project_id]/sources/[source_id]` + `projects/[project_id]/sources/[source_id]/locations/[location_id]` To list across all sources provide a source_id of `-`. The following list shows some examples: + `organizations/{organization_id}/sources/-` + `organizations/{organization_id}/sources/-/locations/{location_id}` + `folders/{folder_id}/sources/-` + `folders/{folder_id}/sources/-locations/{location_id}` + `projects/{projects_id}/sources/-` + `projects/{projects_id}/sources/-/locations/{location_id}` r rrrr}rrTrrNr rr1r2r8 r8 *r r1r8 c\rSrSrSr\R "SS5r\R"SSS9r \R"S5r S r g ) 9SecuritycenterFoldersSourcesLocationsFindingsPatchRequesti*aA SecuritycenterFoldersSourcesLocationsFindingsPatchRequest object. Fields: googleCloudSecuritycenterV2Finding: A GoogleCloudSecuritycenterV2Finding resource to be passed as the request body. name: Identifier. The [relative resource name](https://cloud.google.com/ap is/design/resource_names#relative_resource_name) of the finding. The following list shows some examples: + `organizations/{organization_id}/s ources/{source_id}/findings/{finding_id}` + `organizations/{organization _id}/sources/{source_id}/locations/{location_id}/findings/{finding_id}` + `folders/{folder_id}/sources/{source_id}/findings/{finding_id}` + `fol ders/{folder_id}/sources/{source_id}/locations/{location_id}/findings/{f inding_id}` + `projects/{project_id}/sources/{source_id}/findings/{finding_id}` + `pro jects/{project_id}/sources/{source_id}/locations/{location_id}/findings/ {finding_id}` updateMask: The FieldMask to use when updating the finding resource. This field should not be specified when creating a finding. When updating a finding, an empty mask is treated as updating all mutable fields and replacing source_properties. Individual source_properties can be added/updated by using "source_properties." in the field mask. r r rTrrrNr rr1r2r: r: *r r1r: c`\rSrSrSr\R "SSS9r\R"SS5r Sr g ) ;SecuritycenterFoldersSourcesLocationsFindingsSetMuteRequesti*aA SecuritycenterFoldersSourcesLocationsFindingsSetMuteRequest object. Fields: name: Required. The [relative resource name](https://cloud.google.com/apis /design/resource_names#relative_resource_name) of the finding. If no location is specified, finding is assumed to be in global. The following list shows some examples: + `organizations/{organization_id}/sources/{so urce_id}/findings/{finding_id}` + `organizations/{organization_id}/sourc es/{source_id}/locations/{location_id}/findings/{finding_id}` + `folders/{folder_id}/sources/{source_id}/findings/{finding_id}` + `folde rs/{folder_id}/sources/{source_id}/locations/{location_id}/findings/{fin ding_id}` + `projects/{project_id}/sources/{source_id}/findings/{finding_id}` + `pro jects/{project_id}/sources/{source_id}/locations/{location_id}/findings/ {finding_id}` setMuteRequest: A SetMuteRequest resource to be passed as the request body. r Trr rrNr rr1r2r< r< *r! r1r< c`\rSrSrSr\R "SSS9r\R"SS5r Sr g ) r> +r' r1r> c\rSrSrSr\R "SS5r\R"SSS9r \R"S5r S r g ) GSecuritycenterFoldersSourcesLocationsFindingsUpdateSecurityMarksRequesti)+aA SecuritycenterFoldersSourcesLocationsFindingsUpdateSecurityMarksRequest object. Fields: googleCloudSecuritycenterV2SecurityMarks: A GoogleCloudSecuritycenterV2SecurityMarks resource to be passed as the request body. name: The relative resource name of the SecurityMarks. See: https://cloud.google.com/apis/design/resource_names#relative_resource_na me The following list shows some examples: + `organizations/{organization_id}/assets/{asset_id}/securityMarks` + `org anizations/{organization_id}/sources/{source_id}/findings/{finding_id}/s ecurityMarks` + `organizations/{organization_id}/sources/{source_id}/loc ations/{location}/findings/{finding_id}/securityMarks` updateMask: The FieldMask to use when updating the security marks resource. The field mask must not contain duplicate fields. If empty or set to "marks", all marks will be replaced. Individual marks can be updated using "marks.". r.r rTrrrNrrr1r2r@ r@ )+@*.7-C-CDnpq-r*   q4 0$$$Q'*r1r@ c\rSrSrSr\R "SS5r\R"SSS9r \R"S5r S r g ) ;SecuritycenterOrganizationsAssetsUpdateSecurityMarksRequestiD+aA SecuritycenterOrganizationsAssetsUpdateSecurityMarksRequest object. Fields: googleCloudSecuritycenterV2SecurityMarks: A GoogleCloudSecuritycenterV2SecurityMarks resource to be passed as the request body. name: The relative resource name of the SecurityMarks. See: https://cloud.google.com/apis/design/resource_names#relative_resource_na me The following list shows some examples: + `organizations/{organization_id}/assets/{asset_id}/securityMarks` + `org anizations/{organization_id}/sources/{source_id}/findings/{finding_id}/s ecurityMarks` + `organizations/{organization_id}/sources/{source_id}/loc ations/{location}/findings/{finding_id}/securityMarks` updateMask: The FieldMask to use when updating the security marks resource. The field mask must not contain duplicate fields. If empty or set to "marks", all marks will be replaced. Individual marks can be updated using "marks.". r.r rTrrrNrrr1r2rC rC D+rr1rC c\rSrSrSr\R "S5r\R"S\RRS9r \R "S5r \R "SSS 9r S rg ) 1SecuritycenterOrganizationsAttackPathsListRequesti]+aA SecuritycenterOrganizationsAttackPathsListRequest object. Fields: filter: The filter expression that filters the attack path in the response. Supported fields: * `valued_resources` supports = pageSize: The maximum number of results to return in a single response. Default is 10, minimum is 1, maximum is 1000. pageToken: The value returned by the last `ListAttackPathsResponse`; indicates that this is a continuation of a prior `ListAttackPaths` call, and that the system should return the next page of data. parent: Required. Name of parent to list attack paths. Valid formats: `organizations/{organization}`, `organizations/{organization}/simulations/{simulation}` `organizations/{ organization}/simulations/{simulation}/attackExposureResults/{attack_exp osure_result_v2}` `organizations/{organization}/simulations/{simulation} /valuedResources/{valued_resource}` r rr}rrTrrNrrrr r!r"r#r*rMrrrrrr0rr1r2rE rE ]+Y$   #&  # #Ay/@/@/F/F G(##A&)  T 2&r1rE c`\rSrSrSr\R "SS5r\R"SSS9r Sr g ) 2SecuritycenterOrganizationsFindingsBulkMuteRequestiv+aeA SecuritycenterOrganizationsFindingsBulkMuteRequest object. Fields: bulkMuteFindingsRequest: A BulkMuteFindingsRequest resource to be passed as the request body. parent: Required. The parent, at which bulk action needs to be applied. If no location is specified, findings are updated in global. The following list shows some examples: + `organizations/[organization_id]` + `organizations/[organization_id]/locations/[location_id]` + `folders/[folder_id]` + `folders/[folder_id]/locations/[location_id]` + `projects/[project_id]` + `projects/[project_id]/locations/[location_id]` r#r rTrrNrrr1r2rI rI v+rr1rI c\rSrSrSr\R "S5r\R"SS5r \R "SSS9r S r g ) @SecuritycenterOrganizationsLocationsBigQueryExportsCreateRequesti+aA SecuritycenterOrganizationsLocationsBigQueryExportsCreateRequest object. Fields: bigQueryExportId: Required. Unique identifier provided by the client within the parent scope. It must consist of only lowercase letters, numbers, and hyphens, must start with a letter, must end with either a letter or a number, and must be 63 characters or less. googleCloudSecuritycenterV2BigQueryExport: A GoogleCloudSecuritycenterV2BigQueryExport resource to be passed as the request body. parent: Required. The name of the parent resource of the new BigQuery export. Its format is `organizations/[organization_id]/locations/[location_id]`, `folders/[folder_id]/locations/[location_id]`, or `projects/[project_id]/locations/[location_id]`. r rrrTrrNrrr1r2rK rK +sA$**1-.7.D.DEprs.t+  T 2&r1rK c:\rSrSrSr\R "SSS9rSrg)@SecuritycenterOrganizationsLocationsBigQueryExportsDeleteRequesti+aA SecuritycenterOrganizationsLocationsBigQueryExportsDeleteRequest object. Fields: name: Required. The name of the BigQuery export to delete. The following list shows some examples of the format: + `organizations/{organization}/ locations/{location}/bigQueryExports/{export_id}` + `folders/{folder}/locations/{location}/bigQueryExports/{export_id}` + `projects/{project}/locations/{location}/bigQueryExports/{export_id}` r TrrNrsrr1r2rM rM +rr1rM c:\rSrSrSr\R "SSS9rSrg)=SecuritycenterOrganizationsLocationsBigQueryExportsGetRequesti+aA SecuritycenterOrganizationsLocationsBigQueryExportsGetRequest object. Fields: name: Required. Name of the BigQuery export to retrieve. The following list shows some examples of the format: + `organizations/{organization}/ locations/{location}/bigQueryExports/{export_id}` + `folders/{folder}/locations/{location}/bigQueryExports/{export_id}` + `projects/{project}locations/{location}//bigQueryExports/{export_id}` r TrrNrsrr1r2rO rO +rr1rO c\rSrSrSr\R "S\RRS9r \R"S5r \R"SSS9r S r g ) >SecuritycenterOrganizationsLocationsBigQueryExportsListRequesti+aKA SecuritycenterOrganizationsLocationsBigQueryExportsListRequest object. Fields: pageSize: The maximum number of configs to return. The service may return fewer than this value. If unspecified, at most 10 configs will be returned. The maximum value is 1000; values above 1000 will be coerced to 1000. pageToken: A page token, received from a previous `ListBigQueryExports` call. Provide this to retrieve the subsequent page. When paginating, all other parameters provided to `ListBigQueryExports` must match the call that provided the page token. parent: Required. The parent, which owns the collection of BigQuery exports. Its format is `organizations/[organization_id]/locations/[location_id]`, `folders/[folder_id]/locations/[location_id]`, or `projects/[project_id]/locations/[location_id]`. r r}rrTrrNrrr1r2rQ rQ +rr1rQ c\rSrSrSr\R "SS5r\R"SSS9r \R"S5r S r g ) ?SecuritycenterOrganizationsLocationsBigQueryExportsPatchRequesti+a`A SecuritycenterOrganizationsLocationsBigQueryExportsPatchRequest object. Fields: googleCloudSecuritycenterV2BigQueryExport: A GoogleCloudSecuritycenterV2BigQueryExport resource to be passed as the request body. name: Identifier. The relative resource name of this export. See: https:// cloud.google.com/apis/design/resource_names#relative_resource_name. The following list shows some examples: + `organizations/{organization_id}/l ocations/{location_id}/bigQueryExports/{export_id}` + `folders/{folder_i d}/locations/{location_id}/bigQueryExports/{export_id}` + `projects/{pro ject_id}/locations/{location_id}/bigQueryExports/{export_id}` This field is provided in responses, and is ignored when provided in create requests. updateMask: The list of fields to be updated. If empty all mutable fields will be updated. rr rTrrrNrrr1r2rS rS +s@&/8.D.DEprs.t+   q4 0$$$Q'*r1rS c`\rSrSrSr\R "SS5r\R"SSS9r Sr g ) ;SecuritycenterOrganizationsLocationsFindingsBulkMuteRequesti+anA SecuritycenterOrganizationsLocationsFindingsBulkMuteRequest object. Fields: bulkMuteFindingsRequest: A BulkMuteFindingsRequest resource to be passed as the request body. parent: Required. The parent, at which bulk action needs to be applied. If no location is specified, findings are updated in global. The following list shows some examples: + `organizations/[organization_id]` + `organizations/[organization_id]/locations/[location_id]` + `folders/[folder_id]` + `folders/[folder_id]/locations/[location_id]` + `projects/[project_id]` + `projects/[project_id]/locations/[location_id]` r#r rTrrNrrr1r2rU rU +rr1rU c\rSrSrSr\R "SS5r\R"S5r \R"SSS9r S r g ) `, `<`, `>=`, `<=` for integer values. * `:`, meaning substring matching, for strings. The supported value types are: * string literals in quotes. * integer literals without quotes. * boolean literals `true` and `false` without quotes. The following field and operator combinations are supported: * name: `=` * parent: `=`, `:` * resource_name: `=`, `:` * state: `=`, `:` * category: `=`, `:` * external_uri: `=`, `:` * event_time: `=`, `>`, `<`, `>=`, `<=` Usage: This should be milliseconds since epoch or an RFC3339 string. Examples: `event_time = "2019-06-10T16:07:18-07:00"` `event_time = 1560208038000` * severity: `=`, `:` * security_marks.marks: `=`, `:` * resource: * resource.name: `=`, `:` * resource.parent_name: `=`, `:` * resource.parent_display_name: `=`, `:` * resource.project_name: `=`, `:` * resource.project_display_name: `=`, `:` * resource.type: `=`, `:` * resource.folders.resource_folder: `=`, `:` * resource.display_name: `=`, `:` orderBy: Expression that defines what fields and order to use for sorting. The string value should follow SQL syntax: comma separated list of fields. For example: "name,parent". The default sorting order is ascending. To specify descending order for a field, a suffix " desc" should be appended to the field name. For example: "name desc,parent". Redundant space characters in the syntax are insignificant. "name desc,parent" and " name desc , parent " are equivalent. The following fields are supported: name parent state category resource_name event_time security_marks.marks pageSize: The maximum number of results to return in a single response. Default is 10, minimum is 1, maximum is 1000. pageToken: The value returned by the last `ListFindingsResponse`; indicates that this is a continuation of a prior `ListFindings` call, and that the system should return the next page of data. parent: Required. Name of the source the findings belong to. If no location is specified, the default is global. The following list shows some examples: + `organizations/[organization_id]/sources/[source_id]` + `organizations/[organization_id]/sources/[source_id]/locations/[location _id]` + `folders/[folder_id]/sources/[source_id]` + `folders/[folder_id]/sources/[source_id]/locations/[location_id]` + `projects/[project_id]/sources/[source_id]` + `projects/[project_id]/sources/[source_id]/locations/[location_id]` To list across all sources provide a source_id of `-`. The following list shows some examples: + `organizations/{organization_id}/sources/-` + `organizations/{organization_id}/sources/-/locations/{location_id}` + `folders/{folder_id}/sources/-` + `folders/{folder_id}/sources/-locations/{location_id}` + `projects/{projects_id}/sources/-` + `projects/{projects_id}/sources/-/locations/{location_id}` r rrrr}rrTrrNr rr1r2r r a/r r1r c\rSrSrSr\R "SS5r\R"SSS9r \R"S5r S r g ) 6SecuritycenterOrganizationsSourcesFindingsPatchRequesti/aA SecuritycenterOrganizationsSourcesFindingsPatchRequest object. Fields: googleCloudSecuritycenterV2Finding: A GoogleCloudSecuritycenterV2Finding resource to be passed as the request body. name: Identifier. The [relative resource name](https://cloud.google.com/ap is/design/resource_names#relative_resource_name) of the finding. The following list shows some examples: + `organizations/{organization_id}/s ources/{source_id}/findings/{finding_id}` + `organizations/{organization _id}/sources/{source_id}/locations/{location_id}/findings/{finding_id}` + `folders/{folder_id}/sources/{source_id}/findings/{finding_id}` + `fol ders/{folder_id}/sources/{source_id}/locations/{location_id}/findings/{f inding_id}` + `projects/{project_id}/sources/{source_id}/findings/{finding_id}` + `pro jects/{project_id}/sources/{source_id}/locations/{location_id}/findings/ {finding_id}` updateMask: The FieldMask to use when updating the finding resource. This field should not be specified when creating a finding. When updating a finding, an empty mask is treated as updating all mutable fields and replacing source_properties. Individual source_properties can be added/updated by using "source_properties." in the field mask. r r rTrrrNr rr1r2r r /r r1r c`\rSrSrSr\R "SSS9r\R"SS5r Sr g ) 8SecuritycenterOrganizationsSourcesFindingsSetMuteRequesti/aA SecuritycenterOrganizationsSourcesFindingsSetMuteRequest object. Fields: name: Required. The [relative resource name](https://cloud.google.com/apis /design/resource_names#relative_resource_name) of the finding. If no location is specified, finding is assumed to be in global. The following list shows some examples: + `organizations/{organization_id}/sources/{so urce_id}/findings/{finding_id}` + `organizations/{organization_id}/sourc es/{source_id}/locations/{location_id}/findings/{finding_id}` + `folders/{folder_id}/sources/{source_id}/findings/{finding_id}` + `folde rs/{folder_id}/sources/{source_id}/locations/{location_id}/findings/{fin ding_id}` + `projects/{project_id}/sources/{source_id}/findings/{finding_id}` + `pro jects/{project_id}/sources/{source_id}/locations/{location_id}/findings/ {finding_id}` setMuteRequest: A SetMuteRequest resource to be passed as the request body. r Trr rrNr rr1r2r r /r! r1r c`\rSrSrSr\R "SSS9r\R"SS5r Sr g ) 9SecuritycenterOrganizationsSourcesFindingsSetStateRequesti/aA SecuritycenterOrganizationsSourcesFindingsSetStateRequest object. Fields: name: Required. The [relative resource name](https://cloud.google.com/apis /design/resource_names#relative_resource_name) of the finding. If no location is specified, finding is assumed to be in global. The following list shows some examples: + `organizations/{organization_id}/sources/{so urce_id}/findings/{finding_id}` + `organizations/{organization_id}/sourc es/{source_id}/locations/{location_id}/findings/{finding_id}` + `folders/{folder_id}/sources/{source_id}/findings/{finding_id}` + `folde rs/{folder_id}/sources/{source_id}/locations/{location_id}/findings/{fin ding_id}` + `projects/{project_id}/sources/{source_id}/findings/{finding_id}` + `pro jects/{project_id}/sources/{source_id}/locations/{location_id}/findings/ {finding_id}` setFindingStateRequest: A SetFindingStateRequest resource to be passed as the request body. r Trr$ rrNr% rr1r2r r /r' r1r c\rSrSrSr\R "SS5r\R"SSS9r \R"S5r S r g ) DSecuritycenterOrganizationsSourcesFindingsUpdateSecurityMarksRequesti/aA SecuritycenterOrganizationsSourcesFindingsUpdateSecurityMarksRequest object. Fields: googleCloudSecuritycenterV2SecurityMarks: A GoogleCloudSecuritycenterV2SecurityMarks resource to be passed as the request body. name: The relative resource name of the SecurityMarks. See: https://cloud.google.com/apis/design/resource_names#relative_resource_na me The following list shows some examples: + `organizations/{organization_id}/assets/{asset_id}/securityMarks` + `org anizations/{organization_id}/sources/{source_id}/findings/{finding_id}/s ecurityMarks` + `organizations/{organization_id}/sources/{source_id}/loc ations/{location}/findings/{finding_id}/securityMarks` updateMask: The FieldMask to use when updating the security marks resource. The field mask must not contain duplicate fields. If empty or set to "marks", all marks will be replaced. Individual marks can be updated using "marks.". r.r rTrrrNrrr1r2r r /@(.7-C-CDnpq-r*   q4 0$$$Q'*r1r c`\rSrSrSr\R "SS5r\R"SSS9r Sr g ) 5SecuritycenterOrganizationsSourcesGetIamPolicyRequesti 0aqA SecuritycenterOrganizationsSourcesGetIamPolicyRequest object. Fields: getIamPolicyRequest: A GetIamPolicyRequest resource to be passed as the request body. resource: REQUIRED: The resource for which the policy is being requested. See [Resource names](https://cloud.google.com/apis/design/resource_names) for the appropriate value for this field. rr rTrrN) rrrr r!r"r%getIamPolicyRequestr#r;r0rr1r2r r 0s/ "../DaH  " "1t 4(r1r c:\rSrSrSr\R "SSS9rSrg),SecuritycenterOrganizationsSourcesGetRequesti0zA SecuritycenterOrganizationsSourcesGetRequest object. Fields: name: Required. Relative resource name of the source. Its format is `organizations/[organization_id]/source/[source_id]`. r TrrNrsrr1r2r r 0rs r1r c\rSrSrSr\R "S\RRS9r \R"S5r \R"SSS9r S r g ) -SecuritycenterOrganizationsSourcesListRequesti%0a=A SecuritycenterOrganizationsSourcesListRequest object. Fields: pageSize: The maximum number of results to return in a single response. Default is 10, minimum is 1, maximum is 1000. pageToken: The value returned by the last `ListSourcesResponse`; indicates that this is a continuation of a prior `ListSources` call, and that the system should return the next page of data. parent: Required. Resource name of the parent of sources to list. Its format should be `organizations/[organization_id]`, `folders/[folder_id]`, or `projects/[project_id]`. r r}rrTrrNrrr1r2r r %0r, r1r c\rSrSrSr\R "S5r\R"SS5r \R "SSS9r S r g ) @SecuritycenterOrganizationsSourcesLocationsFindingsCreateRequesti80aA SecuritycenterOrganizationsSourcesLocationsFindingsCreateRequest object. Fields: findingId: Required. Unique identifier provided by the client within the parent scope. It must be alphanumeric and less than or equal to 32 characters and greater than 0 characters in length. googleCloudSecuritycenterV2Finding: A GoogleCloudSecuritycenterV2Finding resource to be passed as the request body. parent: Required. Resource name of the new finding's parent. The following list shows some examples of the format: + `organizations/[organization_id]/sources/[source_id]` + `organizations/[ organization_id]/sources/[source_id]/locations/[location_id]` r r rrTrrNr rr1r2r r 80s@ ##A&)'0'='=>bde'f$  T 2&r1r c`\rSrSrSr\R "SS5r\R"SSS9r Sr g ) @SecuritycenterOrganizationsSourcesLocationsFindingsExportRequestiM0a@A SecuritycenterOrganizationsSourcesLocationsFindingsExportRequest object. Fields: exportFindingsRequest: A ExportFindingsRequest resource to be passed as the request body. parent: Required. The relative name of the export scope. Example formats: organizations/{organization}/sources/-/locations/{location} rr rTrrNr/ rr1r2r r M0s/$001H!L  T 2&r1r c\rSrSrSr\R "SS5r\R"SSS9r \R"S5r S r g ) NSecuritycenterOrganizationsSourcesLocationsFindingsExternalSystemsPatchRequesti\0aA SecuritycenterOrganizationsSourcesLocationsFindingsExternalSystemsPatc hRequest object. Fields: googleCloudSecuritycenterV2ExternalSystem: A GoogleCloudSecuritycenterV2ExternalSystem resource to be passed as the request body. name: Full resource name of the external system. The following list shows some examples: + `organizations/1234/sources/5678/findings/123456/externalSystems/jira` + `organizations/1234/sources/5678/locations/us/findings/123456/externalSy stems/jira` + `folders/1234/sources/5678/findings/123456/externalSystems/jira` + `fold ers/1234/sources/5678/locations/us/findings/123456/externalSystems/jira` + `projects/1234/sources/5678/findings/123456/externalSystems/jira` + `p rojects/1234/sources/5678/locations/us/findings/123456/externalSystems/j ira` updateMask: The FieldMask to use when updating the external system resource. If empty all mutable fields will be updated. rr rTrrrNr rr1r2r r \0r r1r c`\rSrSrSr\R "SS5r\R"SSS9r Sr g ) ?SecuritycenterOrganizationsSourcesLocationsFindingsGroupRequestiw0aA SecuritycenterOrganizationsSourcesLocationsFindingsGroupRequest object. Fields: groupFindingsRequest: A GroupFindingsRequest resource to be passed as the request body. parent: Required. Name of the source to groupBy. If no location is specified, finding is assumed to be in global. The following list shows some examples: + `organizations/[organization_id]/sources/[source_id]` + `organizations/[organization_id]/sources/[source_id]/locations/[location _id]` + `folders/[folder_id]/sources/[source_id]` + `folders/[folder_id]/sources/[source_id]/locations/[location_id]` + `projects/[project_id]/sources/[source_id]` + `projects/[project_id]/sources/[source_id]/locations/[location_id]` To groupBy across all sources provide a source_id of `-`. The following list shows some examples: + `organizations/{organization_id}/sources/-` + `organizations/{organization_id}/sources/-/locations/[location_id]` + `folders/{folder_id}/sources/-` + `folders/{folder_id}/sources/-/locations/[location_id]` + `projects/{project_id}/sources/-` + `projects/{project_id}/sources/-/locations/[location_id]` rr rTrrNr rr1r2r r w0s/.#//0FJ  T 2&r1r c\rSrSrSr\R "S5r\R "S5r\R "S5r \R"S\RRS9r \R "S5r\R "S S S 9rS rg )>SecuritycenterOrganizationsSourcesLocationsFindingsListRequesti0a#A SecuritycenterOrganizationsSourcesLocationsFindingsListRequest object. Fields: fieldMask: A field mask to specify the Finding fields to be listed in the response. An empty field mask will list all fields. filter: Expression that defines the filter to apply across findings. The expression is a list of one or more restrictions combined via logical operators `AND` and `OR`. Parentheses are supported, and `OR` has higher precedence than `AND`. Restrictions have the form ` ` and may have a `-` character in front of them to indicate negation. Examples include: * name * security_marks.marks.marka The supported operators are: * `=` for all value types. * `>`, `<`, `>=`, `<=` for integer values. * `:`, meaning substring matching, for strings. The supported value types are: * string literals in quotes. * integer literals without quotes. * boolean literals `true` and `false` without quotes. The following field and operator combinations are supported: * name: `=` * parent: `=`, `:` * resource_name: `=`, `:` * state: `=`, `:` * category: `=`, `:` * external_uri: `=`, `:` * event_time: `=`, `>`, `<`, `>=`, `<=` Usage: This should be milliseconds since epoch or an RFC3339 string. Examples: `event_time = "2019-06-10T16:07:18-07:00"` `event_time = 1560208038000` * severity: `=`, `:` * security_marks.marks: `=`, `:` * resource: * resource.name: `=`, `:` * resource.parent_name: `=`, `:` * resource.parent_display_name: `=`, `:` * resource.project_name: `=`, `:` * resource.project_display_name: `=`, `:` * resource.type: `=`, `:` * resource.folders.resource_folder: `=`, `:` * resource.display_name: `=`, `:` orderBy: Expression that defines what fields and order to use for sorting. The string value should follow SQL syntax: comma separated list of fields. For example: "name,parent". The default sorting order is ascending. To specify descending order for a field, a suffix " desc" should be appended to the field name. For example: "name desc,parent". Redundant space characters in the syntax are insignificant. "name desc,parent" and " name desc , parent " are equivalent. The following fields are supported: name parent state category resource_name event_time security_marks.marks pageSize: The maximum number of results to return in a single response. Default is 10, minimum is 1, maximum is 1000. pageToken: The value returned by the last `ListFindingsResponse`; indicates that this is a continuation of a prior `ListFindings` call, and that the system should return the next page of data. parent: Required. Name of the source the findings belong to. If no location is specified, the default is global. The following list shows some examples: + `organizations/[organization_id]/sources/[source_id]` + `organizations/[organization_id]/sources/[source_id]/locations/[location _id]` + `folders/[folder_id]/sources/[source_id]` + `folders/[folder_id]/sources/[source_id]/locations/[location_id]` + `projects/[project_id]/sources/[source_id]` + `projects/[project_id]/sources/[source_id]/locations/[location_id]` To list across all sources provide a source_id of `-`. The following list shows some examples: + `organizations/{organization_id}/sources/-` + `organizations/{organization_id}/sources/-/locations/{location_id}` + `folders/{folder_id}/sources/-` + `folders/{folder_id}/sources/-locations/{location_id}` + `projects/{projects_id}/sources/-` + `projects/{projects_id}/sources/-/locations/{location_id}` r rrrr}rrTrrNr rr1r2r r 0r r1r c\rSrSrSr\R "SS5r\R"SSS9r \R"S5r S r g ) ?SecuritycenterOrganizationsSourcesLocationsFindingsPatchRequesti0a A SecuritycenterOrganizationsSourcesLocationsFindingsPatchRequest object. Fields: googleCloudSecuritycenterV2Finding: A GoogleCloudSecuritycenterV2Finding resource to be passed as the request body. name: Identifier. The [relative resource name](https://cloud.google.com/ap is/design/resource_names#relative_resource_name) of the finding. The following list shows some examples: + `organizations/{organization_id}/s ources/{source_id}/findings/{finding_id}` + `organizations/{organization _id}/sources/{source_id}/locations/{location_id}/findings/{finding_id}` + `folders/{folder_id}/sources/{source_id}/findings/{finding_id}` + `fol ders/{folder_id}/sources/{source_id}/locations/{location_id}/findings/{f inding_id}` + `projects/{project_id}/sources/{source_id}/findings/{finding_id}` + `pro jects/{project_id}/sources/{source_id}/locations/{location_id}/findings/ {finding_id}` updateMask: The FieldMask to use when updating the finding resource. This field should not be specified when creating a finding. When updating a finding, an empty mask is treated as updating all mutable fields and replacing source_properties. Individual source_properties can be added/updated by using "source_properties." in the field mask. r r rTrrrNr rr1r2r r 0s@0(1'='=>bde'f$   q4 0$$$Q'*r1r c`\rSrSrSr\R "SSS9r\R"SS5r Sr g ) ASecuritycenterOrganizationsSourcesLocationsFindingsSetMuteRequesti0aA SecuritycenterOrganizationsSourcesLocationsFindingsSetMuteRequest object. Fields: name: Required. The [relative resource name](https://cloud.google.com/apis /design/resource_names#relative_resource_name) of the finding. If no location is specified, finding is assumed to be in global. The following list shows some examples: + `organizations/{organization_id}/sources/{so urce_id}/findings/{finding_id}` + `organizations/{organization_id}/sourc es/{source_id}/locations/{location_id}/findings/{finding_id}` + `folders/{folder_id}/sources/{source_id}/findings/{finding_id}` + `folde rs/{folder_id}/sources/{source_id}/locations/{location_id}/findings/{fin ding_id}` + `projects/{project_id}/sources/{source_id}/findings/{finding_id}` + `pro jects/{project_id}/sources/{source_id}/locations/{location_id}/findings/ {finding_id}` setMuteRequest: A SetMuteRequest resource to be passed as the request body. r Trr rrNr rr1r2r r 0s.(   q4 0$))*:A>.r1r c`\rSrSrSr\R "SSS9r\R"SS5r Sr g ) BSecuritycenterOrganizationsSourcesLocationsFindingsSetStateRequesti 1aA SecuritycenterOrganizationsSourcesLocationsFindingsSetStateRequest object. Fields: name: Required. The [relative resource name](https://cloud.google.com/apis /design/resource_names#relative_resource_name) of the finding. If no location is specified, finding is assumed to be in global. The following list shows some examples: + `organizations/{organization_id}/sources/{so urce_id}/findings/{finding_id}` + `organizations/{organization_id}/sourc es/{source_id}/locations/{location_id}/findings/{finding_id}` + `folders/{folder_id}/sources/{source_id}/findings/{finding_id}` + `folde rs/{folder_id}/sources/{source_id}/locations/{location_id}/findings/{fin ding_id}` + `projects/{project_id}/sources/{source_id}/findings/{finding_id}` + `pro jects/{project_id}/sources/{source_id}/locations/{location_id}/findings/ {finding_id}` setFindingStateRequest: A SetFindingStateRequest resource to be passed as the request body. r Trr$ rrNr% rr1r2r r 1s/(   q4 0$$112JANr1r c\rSrSrSr\R "SS5r\R"SSS9r \R"S5r S r g ) MSecuritycenterOrganizationsSourcesLocationsFindingsUpdateSecurityMarksRequesti%1aA SecuritycenterOrganizationsSourcesLocationsFindingsUpdateSecurityMarks Request object. Fields: googleCloudSecuritycenterV2SecurityMarks: A GoogleCloudSecuritycenterV2SecurityMarks resource to be passed as the request body. name: The relative resource name of the SecurityMarks. See: https://cloud.google.com/apis/design/resource_names#relative_resource_na me The following list shows some examples: + `organizations/{organization_id}/assets/{asset_id}/securityMarks` + `org anizations/{organization_id}/sources/{source_id}/findings/{finding_id}/s ecurityMarks` + `organizations/{organization_id}/sources/{source_id}/loc ations/{location}/findings/{finding_id}/securityMarks` updateMask: The FieldMask to use when updating the security marks resource. The field mask must not contain duplicate fields. If empty or set to "marks", all marks will be replaced. Individual marks can be updated using "marks.". r.r rTrrrNrrr1r2r r %1r r1r c\rSrSrSr\R "SSS9r\R"SS5r \R "S5r S r g ) .SecuritycenterOrganizationsSourcesPatchRequesti?1aA SecuritycenterOrganizationsSourcesPatchRequest object. Fields: name: The relative resource name of this source. See: https://cloud.google.com/apis/design/resource_names#relative_resource_na me Example: "organizations/{organization_id}/sources/{source_id}" source: A Source resource to be passed as the request body. updateMask: The FieldMask to use when updating the source resource. If empty all mutable fields will be updated. r Trr\rrrN) rrrr r!r"r#r9r%rrr0rr1r2r r ?1s=    q4 0$  ! !(A .&$$Q'*r1r c`\rSrSrSr\R "SSS9r\R"SS5r Sr g ) 5SecuritycenterOrganizationsSourcesSetIamPolicyRequestiP1aqA SecuritycenterOrganizationsSourcesSetIamPolicyRequest object. Fields: resource: REQUIRED: The resource for which the policy is being specified. See [Resource names](https://cloud.google.com/apis/design/resource_names) for the appropriate value for this field. setIamPolicyRequest: A SetIamPolicyRequest resource to be passed as the request body. r TrSetIamPolicyRequestrrN) rrrr r!r"r#r;r%setIamPolicyRequestr0rr1r2r r P1s/  " "1t 4(!../DaHr1r c`\rSrSrSr\R "SSS9r\R"SS5r Sr g ) ;SecuritycenterOrganizationsSourcesTestIamPermissionsRequesti`1aA SecuritycenterOrganizationsSourcesTestIamPermissionsRequest object. Fields: resource: REQUIRED: The resource for which the policy detail is being requested. See [Resource names](https://cloud.google.com/apis/design/resource_names) for the appropriate value for this field. testIamPermissionsRequest: A TestIamPermissionsRequest resource to be passed as the request body. r TrTestIamPermissionsRequestrrN) rrrr r!r"r#r;r%testIamPermissionsRequestr0rr1r2r r `1s0  " "1t 4('445PRSTr1r c\rSrSrSr\R "S5r\R "S5r\R"S\RRS9r \R "S5r \R "SS S 9rS rg ) 5SecuritycenterOrganizationsValuedResourcesListRequestip1a.A SecuritycenterOrganizationsValuedResourcesListRequest object. Fields: filter: The filter expression that filters the valued resources in the response. Supported fields: * `resource_value` supports = * `resource_type` supports = orderBy: Optional. The fields by which to order the valued resources response. Supported fields: * `exposed_score` * `resource_value` * `resource_type` Values should be a comma separated list of fields. For example: `exposed_score,resource_value`. The default sorting order is descending. To specify ascending or descending order for a field, append a " ASC" or a " DESC" suffix, respectively; for example: `exposed_score DESC`. pageSize: The maximum number of results to return in a single response. Default is 10, minimum is 1, maximum is 1000. pageToken: The value returned by the last `ListValuedResourcesResponse`; indicates that this is a continuation of a prior `ListValuedResources` call, and that the system should return the next page of data. parent: Required. Name of parent to list exposed resources. Valid formats: `organizations/{organization}`, `organizations/{organization}/simulations/{simulation}` `organizations/{ organization}/simulations/{simulation}/attackExposureResults/{attack_exp osure_result_v2}` r rrr}rrTrrNr rr1r2r r p1si2   #&  ! !! $'  # #Ay/@/@/F/F G(##A&)  T 2&r1r c\rSrSrSr\R "SS5r\R"SSS9r \R"S5r S r g ) 6SecuritycenterProjectsAssetsUpdateSecurityMarksRequesti1aA SecuritycenterProjectsAssetsUpdateSecurityMarksRequest object. Fields: googleCloudSecuritycenterV2SecurityMarks: A GoogleCloudSecuritycenterV2SecurityMarks resource to be passed as the request body. name: The relative resource name of the SecurityMarks. See: https://cloud.google.com/apis/design/resource_names#relative_resource_na me The following list shows some examples: + `organizations/{organization_id}/assets/{asset_id}/securityMarks` + `org anizations/{organization_id}/sources/{source_id}/findings/{finding_id}/s ecurityMarks` + `organizations/{organization_id}/sources/{source_id}/loc ations/{location}/findings/{finding_id}/securityMarks` updateMask: The FieldMask to use when updating the security marks resource. The field mask must not contain duplicate fields. If empty or set to "marks", all marks will be replaced. Individual marks can be updated using "marks.". r.r rTrrrNrrr1r2r r 1rr1r c`\rSrSrSr\R "SS5r\R"SSS9r Sr g ) -SecuritycenterProjectsFindingsBulkMuteRequesti1a`A SecuritycenterProjectsFindingsBulkMuteRequest object. Fields: bulkMuteFindingsRequest: A BulkMuteFindingsRequest resource to be passed as the request body. parent: Required. The parent, at which bulk action needs to be applied. If no location is specified, findings are updated in global. The following list shows some examples: + `organizations/[organization_id]` + `organizations/[organization_id]/locations/[location_id]` + `folders/[folder_id]` + `folders/[folder_id]/locations/[location_id]` + `projects/[project_id]` + `projects/[project_id]/locations/[location_id]` r#r rTrrNrrr1r2r r 1rr1r c\rSrSrSr\R "S5r\R"SS5r \R "SSS9r S r g ) ;SecuritycenterProjectsLocationsBigQueryExportsCreateRequesti1aA SecuritycenterProjectsLocationsBigQueryExportsCreateRequest object. Fields: bigQueryExportId: Required. Unique identifier provided by the client within the parent scope. It must consist of only lowercase letters, numbers, and hyphens, must start with a letter, must end with either a letter or a number, and must be 63 characters or less. googleCloudSecuritycenterV2BigQueryExport: A GoogleCloudSecuritycenterV2BigQueryExport resource to be passed as the request body. parent: Required. The name of the parent resource of the new BigQuery export. Its format is `organizations/[organization_id]/locations/[location_id]`, `folders/[folder_id]/locations/[location_id]`, or `projects/[project_id]/locations/[location_id]`. r rrrTrrNrrr1r2r r 1rr1r c:\rSrSrSr\R "SSS9rSrg);SecuritycenterProjectsLocationsBigQueryExportsDeleteRequesti1aA SecuritycenterProjectsLocationsBigQueryExportsDeleteRequest object. Fields: name: Required. The name of the BigQuery export to delete. The following list shows some examples of the format: + `organizations/{organization}/ locations/{location}/bigQueryExports/{export_id}` + `folders/{folder}/locations/{location}/bigQueryExports/{export_id}` + `projects/{project}/locations/{location}/bigQueryExports/{export_id}` r TrrNrsrr1r2r r 1rr1r c:\rSrSrSr\R "SSS9rSrg)8SecuritycenterProjectsLocationsBigQueryExportsGetRequesti1aA SecuritycenterProjectsLocationsBigQueryExportsGetRequest object. Fields: name: Required. Name of the BigQuery export to retrieve. The following list shows some examples of the format: + `organizations/{organization}/ locations/{location}/bigQueryExports/{export_id}` + `folders/{folder}/locations/{location}/bigQueryExports/{export_id}` + `projects/{project}locations/{location}//bigQueryExports/{export_id}` r TrrNrsrr1r2r r 1rr1r c\rSrSrSr\R "S\RRS9r \R"S5r \R"SSS9r S r g ) 9SecuritycenterProjectsLocationsBigQueryExportsListRequesti1aFA SecuritycenterProjectsLocationsBigQueryExportsListRequest object. Fields: pageSize: The maximum number of configs to return. The service may return fewer than this value. If unspecified, at most 10 configs will be returned. The maximum value is 1000; values above 1000 will be coerced to 1000. pageToken: A page token, received from a previous `ListBigQueryExports` call. Provide this to retrieve the subsequent page. When paginating, all other parameters provided to `ListBigQueryExports` must match the call that provided the page token. parent: Required. The parent, which owns the collection of BigQuery exports. Its format is `organizations/[organization_id]/locations/[location_id]`, `folders/[folder_id]/locations/[location_id]`, or `projects/[project_id]/locations/[location_id]`. r r}rrTrrNrrr1r2r r 1rr1r c\rSrSrSr\R "SS5r\R"SSS9r \R"S5r S r g ) :SecuritycenterProjectsLocationsBigQueryExportsPatchRequesti2a[A SecuritycenterProjectsLocationsBigQueryExportsPatchRequest object. Fields: googleCloudSecuritycenterV2BigQueryExport: A GoogleCloudSecuritycenterV2BigQueryExport resource to be passed as the request body. name: Identifier. The relative resource name of this export. See: https:// cloud.google.com/apis/design/resource_names#relative_resource_name. The following list shows some examples: + `organizations/{organization_id}/l ocations/{location_id}/bigQueryExports/{export_id}` + `folders/{folder_i d}/locations/{location_id}/bigQueryExports/{export_id}` + `projects/{pro ject_id}/locations/{location_id}/bigQueryExports/{export_id}` This field is provided in responses, and is ignored when provided in create requests. updateMask: The list of fields to be updated. If empty all mutable fields will be updated. rr rTrrrNrrr1r2r r 2rr1r c`\rSrSrSr\R "SS5r\R"SSS9r Sr g ) 6SecuritycenterProjectsLocationsFindingsBulkMuteRequesti 2aiA SecuritycenterProjectsLocationsFindingsBulkMuteRequest object. Fields: bulkMuteFindingsRequest: A BulkMuteFindingsRequest resource to be passed as the request body. parent: Required. The parent, at which bulk action needs to be applied. If no location is specified, findings are updated in global. The following list shows some examples: + `organizations/[organization_id]` + `organizations/[organization_id]/locations/[location_id]` + `folders/[folder_id]` + `folders/[folder_id]/locations/[location_id]` + `projects/[project_id]` + `projects/[project_id]/locations/[location_id]` r#r rTrrNrrr1r2r r 2rr1r c\rSrSrSr\R "SS5r\R"S5r \R"SSS9r S r g ) 7SecuritycenterProjectsLocationsMuteConfigsCreateRequesti32aA SecuritycenterProjectsLocationsMuteConfigsCreateRequest object. Fields: googleCloudSecuritycenterV2MuteConfig: A GoogleCloudSecuritycenterV2MuteConfig resource to be passed as the request body. muteConfigId: Required. Unique identifier provided by the client within the parent scope. It must consist of only lowercase letters, numbers, and hyphens, must start with a letter, must end with either a letter or a number, and must be 63 characters or less. parent: Required. Resource name of the new mute configs's parent. Its format is `organizations/[organization_id]/locations/[location_id]`, `folders/[folder_id]/locations/[location_id]`, or `projects/[project_id]/locations/[location_id]`. rr rrTrrNrrr1r2r r 32rr1r c:\rSrSrSr\R "SSS9rSrg)7SecuritycenterProjectsLocationsMuteConfigsDeleteRequestiI2a<A SecuritycenterProjectsLocationsMuteConfigsDeleteRequest object. Fields: name: Required. Name of the mute config to delete. The following list shows some examples of the format: + `organizations/{organization}/muteConfigs/{config_id}` + `organizations/ {organization}/locations/{location}/muteConfigs/{config_id}` + `folders/{folder}/muteConfigs/{config_id}` + `folders/{folder}/locations/{location}/muteConfigs/{config_id}` + `projects/{project}/muteConfigs/{config_id}` + `projects/{project}/locations/{location}/muteConfigs/{config_id}` r TrrNrsrr1r2r r I2rr1r c:\rSrSrSr\R "SSS9rSrg)4SecuritycenterProjectsLocationsMuteConfigsGetRequestiZ2a;A SecuritycenterProjectsLocationsMuteConfigsGetRequest object. Fields: name: Required. Name of the mute config to retrieve. The following list shows some examples of the format: + `organizations/{organization}/muteConfigs/{config_id}` + `organizations/ {organization}/locations/{location}/muteConfigs/{config_id}` + `folders/{folder}/muteConfigs/{config_id}` + `folders/{folder}/locations/{location}/muteConfigs/{config_id}` + `projects/{project}/muteConfigs/{config_id}` + `projects/{project}/locations/{location}/muteConfigs/{config_id}` r TrrNrsrr1r2r r Z2rr1r c\rSrSrSr\R "S\RRS9r \R"S5r \R"SSS9r S r g ) 5SecuritycenterProjectsLocationsMuteConfigsListRequestik2aA SecuritycenterProjectsLocationsMuteConfigsListRequest object. Fields: pageSize: The maximum number of configs to return. The service may return fewer than this value. If unspecified, at most 10 configs will be returned. The maximum value is 1000; values above 1000 will be coerced to 1000. pageToken: A page token, received from a previous `ListMuteConfigs` call. Provide this to retrieve the subsequent page. When paginating, all other parameters provided to `ListMuteConfigs` must match the call that provided the page token. parent: Required. The parent, which owns the collection of mute configs. Its format is `organizations/[organization_id]", "folders/[folder_id]`, `projects/[project_id]`, `organizations/[organization_id]/locations/[location_id]`, `folders/[folder_id]/locations/[location_id]`, `projects/[project_id]/locations/[location_id]`. r r}rrTrrNrrr1r2r r k2rr1r c\rSrSrSr\R "SS5r\R"SSS9r \R"S5r S r g ) 6SecuritycenterProjectsLocationsMuteConfigsPatchRequesti2aFA SecuritycenterProjectsLocationsMuteConfigsPatchRequest object. Fields: googleCloudSecuritycenterV2MuteConfig: A GoogleCloudSecuritycenterV2MuteConfig resource to be passed as the request body. name: Identifier. This field will be ignored if provided on config creation. The following list shows some examples of the format: + `organizations/{organization}/muteConfigs/{mute_config}` + `organization s/{organization}locations/{location}//muteConfigs/{mute_config}` + `folders/{folder}/muteConfigs/{mute_config}` + `folders/{folder}/locations/{location}/muteConfigs/{mute_config}` + `projects/{project}/muteConfigs/{mute_config}` + `projects/{project}/locations/{location}/muteConfigs/{mute_config}` updateMask: The list of fields to be updated. If empty all mutable fields will be updated. rr rTrrrNrrr1r2r r 2rr1r c\rSrSrSr\R "S5r\R"SS5r \R "SSS9r S r g ) ?SecuritycenterProjectsLocationsNotificationConfigsCreateRequesti2a{A SecuritycenterProjectsLocationsNotificationConfigsCreateRequest object. Fields: configId: Required. Unique identifier provided by the client within the parent scope. It must be between 1 and 128 characters and contain alphanumeric characters, underscores, or hyphens only. notificationConfig: A NotificationConfig resource to be passed as the request body. parent: Required. Resource name of the new notification config's parent. Its format is `organizations/[organization_id]/locations/[location_id]`, `folders/[folder_id]/locations/[location_id]`, or `projects/[project_id]/locations/[location_id]`. r rRrrTrrNrrr1r2r r 2rb r1r c:\rSrSrSr\R "SSS9rSrg)?SecuritycenterProjectsLocationsNotificationConfigsDeleteRequesti2aA SecuritycenterProjectsLocationsNotificationConfigsDeleteRequest object. Fields: name: Required. Name of the notification config to delete. The following list shows some examples of the format: + `organizations/[organization_i d]/locations/[location_id]/notificationConfigs/[config_id]` + `folders/[ folder_id]/locations/[location_id]notificationConfigs/[config_id]` + `pr ojects/[project_id]/locations/[location_id]notificationConfigs/[config_i d]` r TrrNrsrr1r2r r 2re r1r c:\rSrSrSr\R "SSS9rSrg)SecuritycenterProjectsLocationsNotificationConfigsPatchRequesti2a!A SecuritycenterProjectsLocationsNotificationConfigsPatchRequest object. Fields: name: Identifier. The relative resource name of this notification config. See: https://cloud.google.com/apis/design/resource_names#relative_resour ce_name The following list shows some examples: + `organizations/{organi zation_id}/locations/{location_id}/notificationConfigs/notify_public_buc ket` + `folders/{folder_id}/locations/{location_id}/notificationConfigs/ notify_public_bucket` + `projects/{project_id}/locations/{location_id}/n otificationConfigs/notify_public_bucket` notificationConfig: A NotificationConfig resource to be passed as the request body. updateMask: The FieldMask to use when updating the notification config. If empty all mutable fields will be updated. r TrrRrrrNrrr1r2r r 2rr1r c\rSrSrSr\R "SS5r\R"S5r \R"SSS9r S r g ) .SecuritycenterProjectsMuteConfigsCreateRequesti2aA SecuritycenterProjectsMuteConfigsCreateRequest object. Fields: googleCloudSecuritycenterV2MuteConfig: A GoogleCloudSecuritycenterV2MuteConfig resource to be passed as the request body. muteConfigId: Required. Unique identifier provided by the client within the parent scope. It must consist of only lowercase letters, numbers, and hyphens, must start with a letter, must end with either a letter or a number, and must be 63 characters or less. parent: Required. Resource name of the new mute configs's parent. Its format is `organizations/[organization_id]/locations/[location_id]`, `folders/[folder_id]/locations/[location_id]`, or `projects/[project_id]/locations/[location_id]`. rr rrTrrNrrr1r2r r 2rr1r c:\rSrSrSr\R "SSS9rSrg).SecuritycenterProjectsMuteConfigsDeleteRequesti3a3A SecuritycenterProjectsMuteConfigsDeleteRequest object. Fields: name: Required. Name of the mute config to delete. The following list shows some examples of the format: + `organizations/{organization}/muteConfigs/{config_id}` + `organizations/ {organization}/locations/{location}/muteConfigs/{config_id}` + `folders/{folder}/muteConfigs/{config_id}` + `folders/{folder}/locations/{location}/muteConfigs/{config_id}` + `projects/{project}/muteConfigs/{config_id}` + `projects/{project}/locations/{location}/muteConfigs/{config_id}` r TrrNrsrr1r2r r 3rr1r c:\rSrSrSr\R "SSS9rSrg)+SecuritycenterProjectsMuteConfigsGetRequesti"3a2A SecuritycenterProjectsMuteConfigsGetRequest object. Fields: name: Required. Name of the mute config to retrieve. The following list shows some examples of the format: + `organizations/{organization}/muteConfigs/{config_id}` + `organizations/ {organization}/locations/{location}/muteConfigs/{config_id}` + `folders/{folder}/muteConfigs/{config_id}` + `folders/{folder}/locations/{location}/muteConfigs/{config_id}` + `projects/{project}/muteConfigs/{config_id}` + `projects/{project}/locations/{location}/muteConfigs/{config_id}` r TrrNrsrr1r2r r "3rr1r c\rSrSrSr\R "S\RRS9r \R"S5r \R"SSS9r S r g ) ,SecuritycenterProjectsMuteConfigsListRequesti33aA SecuritycenterProjectsMuteConfigsListRequest object. Fields: pageSize: The maximum number of configs to return. The service may return fewer than this value. If unspecified, at most 10 configs will be returned. The maximum value is 1000; values above 1000 will be coerced to 1000. pageToken: A page token, received from a previous `ListMuteConfigs` call. Provide this to retrieve the subsequent page. When paginating, all other parameters provided to `ListMuteConfigs` must match the call that provided the page token. parent: Required. The parent, which owns the collection of mute configs. Its format is `organizations/[organization_id]", "folders/[folder_id]`, `projects/[project_id]`, `organizations/[organization_id]/locations/[location_id]`, `folders/[folder_id]/locations/[location_id]`, `projects/[project_id]/locations/[location_id]`. r r}rrTrrNrrr1r2r r 33rr1r c\rSrSrSr\R "SS5r\R"SSS9r \R"S5r S r g ) -SecuritycenterProjectsMuteConfigsPatchRequestiL3a=A SecuritycenterProjectsMuteConfigsPatchRequest object. Fields: googleCloudSecuritycenterV2MuteConfig: A GoogleCloudSecuritycenterV2MuteConfig resource to be passed as the request body. name: Identifier. This field will be ignored if provided on config creation. The following list shows some examples of the format: + `organizations/{organization}/muteConfigs/{mute_config}` + `organization s/{organization}locations/{location}//muteConfigs/{mute_config}` + `folders/{folder}/muteConfigs/{mute_config}` + `folders/{folder}/locations/{location}/muteConfigs/{mute_config}` + `projects/{project}/muteConfigs/{mute_config}` + `projects/{project}/locations/{location}/muteConfigs/{mute_config}` updateMask: The list of fields to be updated. If empty all mutable fields will be updated. rr rTrrrNrrr1r2r r L3rr1r c\rSrSrSr\R "SS5r\R"SSS9r \R"S5r S r g ) @SecuritycenterProjectsSourcesFindingsExternalSystemsPatchRequestid3aA SecuritycenterProjectsSourcesFindingsExternalSystemsPatchRequest object. Fields: googleCloudSecuritycenterV2ExternalSystem: A GoogleCloudSecuritycenterV2ExternalSystem resource to be passed as the request body. name: Full resource name of the external system. The following list shows some examples: + `organizations/1234/sources/5678/findings/123456/externalSystems/jira` + `organizations/1234/sources/5678/locations/us/findings/123456/externalSy stems/jira` + `folders/1234/sources/5678/findings/123456/externalSystems/jira` + `fold ers/1234/sources/5678/locations/us/findings/123456/externalSystems/jira` + `projects/1234/sources/5678/findings/123456/externalSystems/jira` + `p rojects/1234/sources/5678/locations/us/findings/123456/externalSystems/j ira` updateMask: The FieldMask to use when updating the external system resource. If empty all mutable fields will be updated. rr rTrrrNr rr1r2r r d3r r1r c`\rSrSrSr\R "SS5r\R"SSS9r Sr g ) 1SecuritycenterProjectsSourcesFindingsGroupRequesti3avA SecuritycenterProjectsSourcesFindingsGroupRequest object. Fields: groupFindingsRequest: A GroupFindingsRequest resource to be passed as the request body. parent: Required. Name of the source to groupBy. If no location is specified, finding is assumed to be in global. The following list shows some examples: + `organizations/[organization_id]/sources/[source_id]` + `organizations/[organization_id]/sources/[source_id]/locations/[location _id]` + `folders/[folder_id]/sources/[source_id]` + `folders/[folder_id]/sources/[source_id]/locations/[location_id]` + `projects/[project_id]/sources/[source_id]` + `projects/[project_id]/sources/[source_id]/locations/[location_id]` To groupBy across all sources provide a source_id of `-`. The following list shows some examples: + `organizations/{organization_id}/sources/-` + `organizations/{organization_id}/sources/-/locations/[location_id]` + `folders/{folder_id}/sources/-` + `folders/{folder_id}/sources/-/locations/[location_id]` + `projects/{project_id}/sources/-` + `projects/{project_id}/sources/-/locations/[location_id]` rr rTrrNr rr1r2r r 3r r1r c\rSrSrSr\R "S5r\R "S5r\R "S5r \R"S\RRS9r \R "S5r\R "S S S 9rS rg )0SecuritycenterProjectsSourcesFindingsListRequesti3aA SecuritycenterProjectsSourcesFindingsListRequest object. Fields: fieldMask: A field mask to specify the Finding fields to be listed in the response. An empty field mask will list all fields. filter: Expression that defines the filter to apply across findings. The expression is a list of one or more restrictions combined via logical operators `AND` and `OR`. Parentheses are supported, and `OR` has higher precedence than `AND`. Restrictions have the form ` ` and may have a `-` character in front of them to indicate negation. Examples include: * name * security_marks.marks.marka The supported operators are: * `=` for all value types. * `>`, `<`, `>=`, `<=` for integer values. * `:`, meaning substring matching, for strings. The supported value types are: * string literals in quotes. * integer literals without quotes. * boolean literals `true` and `false` without quotes. The following field and operator combinations are supported: * name: `=` * parent: `=`, `:` * resource_name: `=`, `:` * state: `=`, `:` * category: `=`, `:` * external_uri: `=`, `:` * event_time: `=`, `>`, `<`, `>=`, `<=` Usage: This should be milliseconds since epoch or an RFC3339 string. Examples: `event_time = "2019-06-10T16:07:18-07:00"` `event_time = 1560208038000` * severity: `=`, `:` * security_marks.marks: `=`, `:` * resource: * resource.name: `=`, `:` * resource.parent_name: `=`, `:` * resource.parent_display_name: `=`, `:` * resource.project_name: `=`, `:` * resource.project_display_name: `=`, `:` * resource.type: `=`, `:` * resource.folders.resource_folder: `=`, `:` * resource.display_name: `=`, `:` orderBy: Expression that defines what fields and order to use for sorting. The string value should follow SQL syntax: comma separated list of fields. For example: "name,parent". The default sorting order is ascending. To specify descending order for a field, a suffix " desc" should be appended to the field name. For example: "name desc,parent". Redundant space characters in the syntax are insignificant. "name desc,parent" and " name desc , parent " are equivalent. The following fields are supported: name parent state category resource_name event_time security_marks.marks pageSize: The maximum number of results to return in a single response. Default is 10, minimum is 1, maximum is 1000. pageToken: The value returned by the last `ListFindingsResponse`; indicates that this is a continuation of a prior `ListFindings` call, and that the system should return the next page of data. parent: Required. Name of the source the findings belong to. If no location is specified, the default is global. The following list shows some examples: + `organizations/[organization_id]/sources/[source_id]` + `organizations/[organization_id]/sources/[source_id]/locations/[location _id]` + `folders/[folder_id]/sources/[source_id]` + `folders/[folder_id]/sources/[source_id]/locations/[location_id]` + `projects/[project_id]/sources/[source_id]` + `projects/[project_id]/sources/[source_id]/locations/[location_id]` To list across all sources provide a source_id of `-`. The following list shows some examples: + `organizations/{organization_id}/sources/-` + `organizations/{organization_id}/sources/-/locations/{location_id}` + `folders/{folder_id}/sources/-` + `folders/{folder_id}/sources/-locations/{location_id}` + `projects/{projects_id}/sources/-` + `projects/{projects_id}/sources/-/locations/{location_id}` r rrrr}rrTrrNr rr1r2r! r! 3r r1r! c\rSrSrSr\R "SS5r\R"SSS9r \R"S5r S r g ) 1SecuritycenterProjectsSourcesFindingsPatchRequesti3aA SecuritycenterProjectsSourcesFindingsPatchRequest object. Fields: googleCloudSecuritycenterV2Finding: A GoogleCloudSecuritycenterV2Finding resource to be passed as the request body. name: Identifier. The [relative resource name](https://cloud.google.com/ap is/design/resource_names#relative_resource_name) of the finding. The following list shows some examples: + `organizations/{organization_id}/s ources/{source_id}/findings/{finding_id}` + `organizations/{organization _id}/sources/{source_id}/locations/{location_id}/findings/{finding_id}` + `folders/{folder_id}/sources/{source_id}/findings/{finding_id}` + `fol ders/{folder_id}/sources/{source_id}/locations/{location_id}/findings/{f inding_id}` + `projects/{project_id}/sources/{source_id}/findings/{finding_id}` + `pro jects/{project_id}/sources/{source_id}/locations/{location_id}/findings/ {finding_id}` updateMask: The FieldMask to use when updating the finding resource. This field should not be specified when creating a finding. When updating a finding, an empty mask is treated as updating all mutable fields and replacing source_properties. Individual source_properties can be added/updated by using "source_properties." in the field mask. r r rTrrrNr rr1r2r# r# 3r r1r# c`\rSrSrSr\R "SSS9r\R"SS5r Sr g ) 3SecuritycenterProjectsSourcesFindingsSetMuteRequesti3aA SecuritycenterProjectsSourcesFindingsSetMuteRequest object. Fields: name: Required. The [relative resource name](https://cloud.google.com/apis /design/resource_names#relative_resource_name) of the finding. If no location is specified, finding is assumed to be in global. The following list shows some examples: + `organizations/{organization_id}/sources/{so urce_id}/findings/{finding_id}` + `organizations/{organization_id}/sourc es/{source_id}/locations/{location_id}/findings/{finding_id}` + `folders/{folder_id}/sources/{source_id}/findings/{finding_id}` + `folde rs/{folder_id}/sources/{source_id}/locations/{location_id}/findings/{fin ding_id}` + `projects/{project_id}/sources/{source_id}/findings/{finding_id}` + `pro jects/{project_id}/sources/{source_id}/locations/{location_id}/findings/ {finding_id}` setMuteRequest: A SetMuteRequest resource to be passed as the request body. r Trr rrNr rr1r2r% r% 3r! r1r% c`\rSrSrSr\R "SSS9r\R"SS5r Sr g ) 4SecuritycenterProjectsSourcesFindingsSetStateRequesti4aA SecuritycenterProjectsSourcesFindingsSetStateRequest object. Fields: name: Required. The [relative resource name](https://cloud.google.com/apis /design/resource_names#relative_resource_name) of the finding. If no location is specified, finding is assumed to be in global. The following list shows some examples: + `organizations/{organization_id}/sources/{so urce_id}/findings/{finding_id}` + `organizations/{organization_id}/sourc es/{source_id}/locations/{location_id}/findings/{finding_id}` + `folders/{folder_id}/sources/{source_id}/findings/{finding_id}` + `folde rs/{folder_id}/sources/{source_id}/locations/{location_id}/findings/{fin ding_id}` + `projects/{project_id}/sources/{source_id}/findings/{finding_id}` + `pro jects/{project_id}/sources/{source_id}/locations/{location_id}/findings/ {finding_id}` setFindingStateRequest: A SetFindingStateRequest resource to be passed as the request body. r Trr$ rrNr% rr1r2r' r' 4r' r1r' c\rSrSrSr\R "SS5r\R"SSS9r \R"S5r S r g ) ?SecuritycenterProjectsSourcesFindingsUpdateSecurityMarksRequesti)4aA SecuritycenterProjectsSourcesFindingsUpdateSecurityMarksRequest object. Fields: googleCloudSecuritycenterV2SecurityMarks: A GoogleCloudSecuritycenterV2SecurityMarks resource to be passed as the request body. name: The relative resource name of the SecurityMarks. See: https://cloud.google.com/apis/design/resource_names#relative_resource_na me The following list shows some examples: + `organizations/{organization_id}/assets/{asset_id}/securityMarks` + `org anizations/{organization_id}/sources/{source_id}/findings/{finding_id}/s ecurityMarks` + `organizations/{organization_id}/sources/{source_id}/loc ations/{location}/findings/{finding_id}/securityMarks` updateMask: The FieldMask to use when updating the security marks resource. The field mask must not contain duplicate fields. If empty or set to "marks", all marks will be replaced. Individual marks can be updated using "marks.". r.r rTrrrNrrr1r2r) r) )4r r1r) c\rSrSrSr\R "S\RRS9r \R"S5r \R"SSS9r S r g ) (SecuritycenterProjectsSourcesListRequestiC4a8A SecuritycenterProjectsSourcesListRequest object. Fields: pageSize: The maximum number of results to return in a single response. Default is 10, minimum is 1, maximum is 1000. pageToken: The value returned by the last `ListSourcesResponse`; indicates that this is a continuation of a prior `ListSources` call, and that the system should return the next page of data. parent: Required. Resource name of the parent of sources to list. Its format should be `organizations/[organization_id]`, `folders/[folder_id]`, or `projects/[project_id]`. r r}rrTrrNrrr1r2r+ r+ C4r, r1r+ c`\rSrSrSr\R "SS5r\R"SSS9r Sr g ) ;SecuritycenterProjectsSourcesLocationsFindingsExportRequestiV4a;A SecuritycenterProjectsSourcesLocationsFindingsExportRequest object. Fields: exportFindingsRequest: A ExportFindingsRequest resource to be passed as the request body. parent: Required. The relative name of the export scope. Example formats: organizations/{organization}/sources/-/locations/{location} rr rTrrNr/ rr1r2r- r- V4r1 r1r- c\rSrSrSr\R "SS5r\R"SSS9r \R"S5r S r g ) ISecuritycenterProjectsSourcesLocationsFindingsExternalSystemsPatchRequestid4aA SecuritycenterProjectsSourcesLocationsFindingsExternalSystemsPatchRequest object. Fields: googleCloudSecuritycenterV2ExternalSystem: A GoogleCloudSecuritycenterV2ExternalSystem resource to be passed as the request body. name: Full resource name of the external system. The following list shows some examples: + `organizations/1234/sources/5678/findings/123456/externalSystems/jira` + `organizations/1234/sources/5678/locations/us/findings/123456/externalSy stems/jira` + `folders/1234/sources/5678/findings/123456/externalSystems/jira` + `fold ers/1234/sources/5678/locations/us/findings/123456/externalSystems/jira` + `projects/1234/sources/5678/findings/123456/externalSystems/jira` + `p rojects/1234/sources/5678/locations/us/findings/123456/externalSystems/j ira` updateMask: The FieldMask to use when updating the external system resource. If empty all mutable fields will be updated. rr rTrrrNr rr1r2r/ r/ d4r4 r1r/ c`\rSrSrSr\R "SS5r\R"SSS9r Sr g ) :SecuritycenterProjectsSourcesLocationsFindingsGroupRequesti4aA SecuritycenterProjectsSourcesLocationsFindingsGroupRequest object. Fields: groupFindingsRequest: A GroupFindingsRequest resource to be passed as the request body. parent: Required. Name of the source to groupBy. If no location is specified, finding is assumed to be in global. The following list shows some examples: + `organizations/[organization_id]/sources/[source_id]` + `organizations/[organization_id]/sources/[source_id]/locations/[location _id]` + `folders/[folder_id]/sources/[source_id]` + `folders/[folder_id]/sources/[source_id]/locations/[location_id]` + `projects/[project_id]/sources/[source_id]` + `projects/[project_id]/sources/[source_id]/locations/[location_id]` To groupBy across all sources provide a source_id of `-`. The following list shows some examples: + `organizations/{organization_id}/sources/-` + `organizations/{organization_id}/sources/-/locations/[location_id]` + `folders/{folder_id}/sources/-` + `folders/{folder_id}/sources/-/locations/[location_id]` + `projects/{project_id}/sources/-` + `projects/{project_id}/sources/-/locations/[location_id]` rr rTrrNr rr1r2r1 r1 4r r1r1 c\rSrSrSr\R "S5r\R "S5r\R "S5r \R"S\RRS9r \R "S5r\R "S S S 9rS rg )9SecuritycenterProjectsSourcesLocationsFindingsListRequesti4aA SecuritycenterProjectsSourcesLocationsFindingsListRequest object. Fields: fieldMask: A field mask to specify the Finding fields to be listed in the response. An empty field mask will list all fields. filter: Expression that defines the filter to apply across findings. The expression is a list of one or more restrictions combined via logical operators `AND` and `OR`. Parentheses are supported, and `OR` has higher precedence than `AND`. Restrictions have the form ` ` and may have a `-` character in front of them to indicate negation. Examples include: * name * security_marks.marks.marka The supported operators are: * `=` for all value types. * `>`, `<`, `>=`, `<=` for integer values. * `:`, meaning substring matching, for strings. The supported value types are: * string literals in quotes. * integer literals without quotes. * boolean literals `true` and `false` without quotes. The following field and operator combinations are supported: * name: `=` * parent: `=`, `:` * resource_name: `=`, `:` * state: `=`, `:` * category: `=`, `:` * external_uri: `=`, `:` * event_time: `=`, `>`, `<`, `>=`, `<=` Usage: This should be milliseconds since epoch or an RFC3339 string. Examples: `event_time = "2019-06-10T16:07:18-07:00"` `event_time = 1560208038000` * severity: `=`, `:` * security_marks.marks: `=`, `:` * resource: * resource.name: `=`, `:` * resource.parent_name: `=`, `:` * resource.parent_display_name: `=`, `:` * resource.project_name: `=`, `:` * resource.project_display_name: `=`, `:` * resource.type: `=`, `:` * resource.folders.resource_folder: `=`, `:` * resource.display_name: `=`, `:` orderBy: Expression that defines what fields and order to use for sorting. The string value should follow SQL syntax: comma separated list of fields. For example: "name,parent". The default sorting order is ascending. To specify descending order for a field, a suffix " desc" should be appended to the field name. For example: "name desc,parent". Redundant space characters in the syntax are insignificant. "name desc,parent" and " name desc , parent " are equivalent. The following fields are supported: name parent state category resource_name event_time security_marks.marks pageSize: The maximum number of results to return in a single response. Default is 10, minimum is 1, maximum is 1000. pageToken: The value returned by the last `ListFindingsResponse`; indicates that this is a continuation of a prior `ListFindings` call, and that the system should return the next page of data. parent: Required. Name of the source the findings belong to. If no location is specified, the default is global. The following list shows some examples: + `organizations/[organization_id]/sources/[source_id]` + `organizations/[organization_id]/sources/[source_id]/locations/[location _id]` + `folders/[folder_id]/sources/[source_id]` + `folders/[folder_id]/sources/[source_id]/locations/[location_id]` + `projects/[project_id]/sources/[source_id]` + `projects/[project_id]/sources/[source_id]/locations/[location_id]` To list across all sources provide a source_id of `-`. The following list shows some examples: + `organizations/{organization_id}/sources/-` + `organizations/{organization_id}/sources/-/locations/{location_id}` + `folders/{folder_id}/sources/-` + `folders/{folder_id}/sources/-locations/{location_id}` + `projects/{projects_id}/sources/-` + `projects/{projects_id}/sources/-/locations/{location_id}` r rrrr}rrTrrNr rr1r2r3 r3 4r r1r3 c\rSrSrSr\R "SS5r\R"SSS9r \R"S5r S r g ) :SecuritycenterProjectsSourcesLocationsFindingsPatchRequesti4aA SecuritycenterProjectsSourcesLocationsFindingsPatchRequest object. Fields: googleCloudSecuritycenterV2Finding: A GoogleCloudSecuritycenterV2Finding resource to be passed as the request body. name: Identifier. The [relative resource name](https://cloud.google.com/ap is/design/resource_names#relative_resource_name) of the finding. The following list shows some examples: + `organizations/{organization_id}/s ources/{source_id}/findings/{finding_id}` + `organizations/{organization _id}/sources/{source_id}/locations/{location_id}/findings/{finding_id}` + `folders/{folder_id}/sources/{source_id}/findings/{finding_id}` + `fol ders/{folder_id}/sources/{source_id}/locations/{location_id}/findings/{f inding_id}` + `projects/{project_id}/sources/{source_id}/findings/{finding_id}` + `pro jects/{project_id}/sources/{source_id}/locations/{location_id}/findings/ {finding_id}` updateMask: The FieldMask to use when updating the finding resource. This field should not be specified when creating a finding. When updating a finding, an empty mask is treated as updating all mutable fields and replacing source_properties. Individual source_properties can be added/updated by using "source_properties." in the field mask. r r rTrrrNr rr1r2r5 r5 4r r1r5 c`\rSrSrSr\R "SSS9r\R"SS5r Sr g ) P5rr1rr rNrrr1r2r1r1E5rr1r1c`\rSrSrSr\R "S5r\R "S5rSr g)rij5rr rrNrrr1r2rrj5rr1rch\rSrSrSr"SS\R 5r\R"SS5r Sr g)r$ i}5zRequest message for updating a finding's state. Enums: StateValueValuesEnum: Required. The desired State of the finding. Fields: state: Required. The desired State of the finding. c$\rSrSrSrSrSrSrSrg)+SetFindingStateRequest.StateValueValuesEnumi5aRequired. The desired State of the finding. Values: STATE_UNSPECIFIED: Unspecified state. ACTIVE: The finding requires attention and has not been addressed yet. INACTIVE: The finding has been fixed, triaged as a non-issue or otherwise addressed and is no longer active. rr rrNrrr1r2rrB 5rr1rr rN) rrrr r!r"rarrbrr0rr1r2r$ r$ }5s, Y^^    4a 8%r1r$ cb\rSrSrSr\R "SS5r\R"S5r Sr g)r i5a Request message for `SetIamPolicy` method. Fields: policy: REQUIRED: The complete policy to be applied to the `resource`. The size of the policy is limited to a few 10s of KB. An empty policy is a valid policy but certain Google Cloud services (such as Projects) might reject them. updateMask: OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only the fields in the mask will be modified. If no mask is provided, the following default mask is used: `paths: "bindings, etag"` rr rrN) rrrr r!r"r%rr#rr0rr1r2r r 5s+   ! !(A .&$$Q'*r1r ch\rSrSrSr"SS\R 5r\R"SS5r Sr g)r i5zRequest message for updating a finding's mute status. Enums: MuteValueValuesEnum: Required. The desired state of the Mute. Fields: mute: Required. The desired state of the Mute. c(\rSrSrSrSrSrSrSrSr g) "SetMuteRequest.MuteValueValuesEnumi5zRequired. The desired state of the Mute. Values: MUTE_UNSPECIFIED: Unspecified. MUTED: Finding has been muted. UNMUTED: Finding has been unmuted. UNDEFINED: Finding has never been muted/unmuted. rr rrrNrrr1r2rrF 5s EGIr1rr rN) rrrr r!r"rarrbrjr0rr1r2r r 5s, INN    2A 6$r1r c\rSrSrSr"SS\R 5r\R"SS5r \R"S5r \R"S5r \R"SS S S 9rS rg ) Simulationi5aAttack path simulation Enums: CloudProviderValueValuesEnum: Indicates which cloud provider was used in this simulation. Fields: cloudProvider: Indicates which cloud provider was used in this simulation. createTime: Output only. Time simulation was created name: Full resource name of the Simulation: `organizations/123/simulations/456` resourceValueConfigsMetadata: Resource value configurations' metadata used in this simulation. Maximum of 100. c(\rSrSrSrSrSrSrSrSr g) 'Simulation.CloudProviderValueValuesEnumi5a?Indicates which cloud provider was used in this simulation. Values: CLOUD_PROVIDER_UNSPECIFIED: The cloud provider is unspecified. GOOGLE_CLOUD_PLATFORM: The cloud provider is Google Cloud. AMAZON_WEB_SERVICES: The cloud provider is Amazon Web Services. MICROSOFT_AZURE: The cloud provider is Microsoft Azure. rr rrrNrrr1r2rrJ 5rr1rr rrrrTrrN)rrrr r!r"rarrbrr#rr9r%resourceValueConfigsMetadatar0rr1r2rH rH 5sd  Y^^ %%&DaH-$$Q'*   q !$!*!7!78UWXcg!hr1rH c\rSrSrSr\R "S5r\R "S5r\R "S5r \R "S5r Sr g) r\i5aSecurity Command Center finding source. A finding source is an entity or a mechanism that can produce a finding. A source is like a container of findings that come from the same scanner, logger, monitor, and other tools. Fields: canonicalName: The canonical name of the finding source. It's either "organizations/{organization_id}/sources/{source_id}", "folders/{folder_id}/sources/{source_id}", or "projects/{project_number}/sources/{source_id}", depending on the closest CRM ancestor of the resource associated with the finding. description: The description of the source (max of 1024 characters). Example: "Web Security Scanner is a web security scanner for common vulnerabilities in App Engine applications. It can automatically scan and detect four common vulnerabilities, including cross-site-scripting (XSS), Flash injection, mixed content (HTTP in HTTPS), and outdated or insecure libraries." displayName: The source's display name. A source's display name must be unique amongst its siblings, for example, two sources with the same parent can't share the same display name. The display name must have a length between 1 and 64 characters (inclusive). name: The relative resource name of this source. See: https://cloud.google.com/apis/design/resource_names#relative_resource_na me Example: "organizations/{organization_id}/sources/{source_id}" r rrrrN) rrrr r!r"r#rLrrdr9r0rr1r2r\r\5sI2''*-%%a(+%%a(+   q !$r1r\c\rSrSrSr"SS\R 5r"SS\R 5r\R"SS5r \R"S5r \R"SS S S 9r \R"S 5r\R"S 5r\R"S5r\R"S5r\R$"SSS 9r\R"S5r\R"S5r\R"S5r\R"S5rSrg)StandardQueryParametersi6aQuery parameters accepted by all methods. Enums: FXgafvValueValuesEnum: V1 error format. AltValueValuesEnum: Data format for response. Fields: f__xgafv: V1 error format. access_token: OAuth access token. alt: Data format for response. callback: JSONP fields: Selector specifying which fields to include in a partial response. key: API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. oauth_token: OAuth 2.0 token for the current user. prettyPrint: Returns response with indentations and line breaks. quotaUser: Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. trace: A tracing token of the form "token:" to include in api requests. uploadType: Legacy upload protocol for media (e.g. "media", "multipart"). upload_protocol: Upload protocol for media (e.g. "raw", "multipart"). c$\rSrSrSrSrSrSrSrg)*StandardQueryParameters.AltValueValuesEnumi"6zData format for response. Values: json: Responses with Content-Type of application/json media: Media download with context-dependent Content-Type proto: Responses with Content-Type of application/x-protobuf rr rrN) rrrr r!jsonmediaprotor0rr1r2AltValueValuesEnumrP "6s D E Er1rT c \rSrSrSrSrSrSrg)-StandardQueryParameters.FXgafvValueValuesEnumi.6zFV1 error format. Values: _1: v1 error format _2: v2 error format rr rN)rrrr r!_1_2r0rr1r2FXgafvValueValuesEnumrV .6s B Br1rY r rrrQ )defaultrrrrrTrrrrrN)rrrr r!r"rarT rY rbf__xgafvr# access_tokenaltcallbackfieldsr oauth_tokenrd prettyPrint quotaUsertrace uploadTypeupload_protocolr0rr1r2rN rN 6s4 9>>  inn  !8! <(&&q),0!VD#  " "1 %(   #&a #%%a(+&&q$7+##A&)    #%$$R(*))"-/r1rN c\rSrSrSr"SS\R 5r\R"S5r \R"SS5r Sr g) roiF6rc(\rSrSrSrSrSrSrSrSr g) StaticMute.StateValueValuesEnumiV6rrr rrrNrrr1r2rrh V6rr1rr rrNrrr1r2roroF6rr1roc\rSrSrSr\R "S5"SS\R55r \R"S\RRS9r \R"SSS S 9r\R "S 5rS rg )rii6aThe `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). Messages: DetailsValueListEntry: A DetailsValueListEntry object. Fields: code: The status code, which should be an enum value of google.rpc.Code. details: A list of messages that carry the error details. There is a common set of message types for APIs to use. message: A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client. rcf\rSrSrSr"SS\R 5r\R"SSSS9r Sr g ) Status.DetailsValueListEntryi}6zA DetailsValueListEntry object. Messages: AdditionalProperty: An additional property for a DetailsValueListEntry object. Fields: additionalProperties: Properties of the object. Contains field @type with type URL. cb\rSrSrSr\R "S5r\R"SS5r Sr g)/Status.DetailsValueListEntry.AdditionalPropertyi6zAn additional property for a DetailsValueListEntry object. Fields: key: Name of the additional property. value: A extra_types.JsonValue attribute. r rrrNrrr1r2rrm 6rr1rr TrrNrrr1r2DetailsValueListEntryrk }6s4  AY.. A%112FTXYr1rn r r}rTrrrN)rrrr r!rrr"rrn rMrrcoder%detailsr#messager0rr1r2rri6s|& !!"89Zi//Z:Z2   9+<+<+B+B C$  " "#:A M'  ! !! $'r1rc<\rSrSrSr\R "S5rSrg)rui6aThe config for streaming-based notifications, which send each event as soon as it is detected. Fields: filter: Expression that defines the filter to apply across create/update events of assets or findings as specified by the event type. The expression is a list of zero or more restrictions combined via logical operators `AND` and `OR`. Parentheses are supported, and `OR` has higher precedence than `AND`. Restrictions have the form ` ` and may have a `-` character in front of them to indicate negation. The fields map to those defined in the corresponding resource. The supported operators are: * `=` for all value types. * `>`, `<`, `>=`, `<=` for integer values. * `:`, meaning substring matching, for strings. The supported value types are: * string literals in quotes. * integer literals without quotes. * boolean literals `true` and `false` without quotes. r rN) rrrr r!r"r#r*r0rr1r2ruru6s"   #&r1ruc\rSrSrSr"SS\R 5r\R"SS5r \R"S5r \R"S5r Sr g ) ri6rc(\rSrSrSrSrSrSrSrSr g) Subject.KindValueValuesEnumi6rrr rrrNrrr1r2rru 6rr1rr rrrNrrr1r2rr6rr1rc:\rSrSrSr\R "SSS9rSrg)r i6a3Request message for `TestIamPermissions` method. Fields: permissions: The set of permissions to check for the `resource`. Permissions with wildcards (such as `*` or `storage.*`) are not allowed. For more information see [IAM Overview](https://cloud.google.com/iam/docs/overview#permissions). r TrrN rrrr r!r"r# permissionsr0rr1r2r r 6s%%a$7+r1r c:\rSrSrSr\R "SSS9rSrg)TestIamPermissionsResponsei6zResponse message for `TestIamPermissions` method. Fields: permissions: A subset of `TestPermissionsRequest.permissions` that the caller is allowed. r TrrNrw rr1r2rz rz 6s%%a$7+r1rz c\rSrSrSr\R "S5r\R "S5r\R "S5r \R "S5r \R "S5r \R "S5r S r g ) ri6rr rrrrrrNrrr1r2rr6rr1rc^\rSrSrSr\R "S5r\R"SSS9r Sr g) r@i6rr rTrrNrrr1r2r@r@6rr1r@c@\rSrSrSr"SS\R 5r\R"S5r \R"S5r \R"S5r \R"S5r \R"S 5r\R"SS 5r\R""S S S S9rSrg)r_i7awA resource that is determined to have value to a user's system Enums: ResourceValueValueValuesEnum: How valuable this resource is. Fields: displayName: Human-readable name of the valued resource. exposedScore: Exposed score for this valued resource. A value of 0 means no exposure was detected exposure. name: Valued resource name, for example, e.g.: `organizations/123/simulations/456/valuedResources/789` resource: The [full resource name](https://cloud.google.com/apis/design/re source_names#full_resource_name) of the valued resource. resourceType: The [resource type](https://cloud.google.com/asset- inventory/docs/supported-asset-types) of the valued resource. resourceValue: How valuable this resource is. resourceValueConfigsUsed: List of resource value configurations' metadata used to determine the value of this resource. Maximum of 100. c(\rSrSrSrSrSrSrSrSr g) +ValuedResource.ResourceValueValueValuesEnumi(7aHow valuable this resource is. Values: RESOURCE_VALUE_UNSPECIFIED: The resource value isn't specified. RESOURCE_VALUE_LOW: This is a low-value resource. RESOURCE_VALUE_MEDIUM: This is a medium-value resource. RESOURCE_VALUE_HIGH: This is a high-value resource. rr rrrN) rrrr r!rRESOURCE_VALUE_LOWRESOURCE_VALUE_MEDIUMRESOURCE_VALUE_HIGHr0rr1r2rr (7s!"#r1rr rrrrrrrTrrN)rrrr r!r"rarr#rdrE exposedScorer9r;rrbrr%resourceValueConfigsUsedr0rr1r2r_r_7s( Y^^ %%a(+%%a(,   q !$  " "1 %(&&q),%%&DaH-&334QST_cdr1r_c`\rSrSrSr\R "SSSS9r\R "SSSS9rS r g ) rBi?7rrcr TrrrrNrrr1r2rBrB?7s1 # #Iq4 @($$ZTB)r1rBc\rSrSrSr\R "SS5r\R "SSSS9r\R "S S 5r \R "S S 5r \R"S 5r \R"S 5r\R "SS5rSrg)rDiK7r rr r*rTrrrrrrrrrNr rr1r2rDrDK7s ua(#   q4 8$'' 15,++Iq9,,Q/$$Q')++,>Br1rDc\rSrSrSr\R "S5"SS\R55r \R"SS5r Sr g) VulnerabilityCountBySeverityie7zVulnerability count by severity. Messages: SeverityToFindingCountValue: Key is the Severity enum. Fields: severityToFindingCount: Key is the Severity enum. rcf\rSrSrSr"SS\R 5r\R"SSSS9r Sr g ) 8VulnerabilityCountBySeverity.SeverityToFindingCountValueio7zKey is the Severity enum. Messages: AdditionalProperty: An additional property for a SeverityToFindingCountValue object. Fields: additionalProperties: Additional properties of type SeverityToFindingCountValue c`\rSrSrSr\R "S5r\R"S5r Sr g)KVulnerabilityCountBySeverity.SeverityToFindingCountValue.AdditionalPropertyi|7zAn additional property for a SeverityToFindingCountValue object. Fields: key: Name of the additional property. value: A string attribute. r rrN) rrrr r!r"r#rrMrr0rr1r2rr |7s)   ! !! $c$$Q'er1rr TrrNrrr1r2SeverityToFindingCountValuer o7s2  (Y.. (%112FTXYr1r r rN) rrrr r!rrr"rr r%severityToFindingCountr0rr1r2r r e7sN !!"89ZI$5$5Z:Z2%112OQRSr1r c\rSrSrSr"SS\R 5r\R"SS5r \R"SS5r \R"S5r \R"S 5rS rg ) VulnerabilitySnapshoti7aResult containing the properties and count of a VulnerabilitySnapshot request. Enums: CloudProviderValueValuesEnum: The cloud provider for the vulnerability snapshot. Fields: cloudProvider: The cloud provider for the vulnerability snapshot. findingCount: The vulnerability count by severity. name: Identifier. The vulnerability snapshot name. Format: //locations//vulnerabilitySnapshots/ snapshotTime: The time that the snapshot was taken. c(\rSrSrSrSrSrSrSrSr g) 2VulnerabilitySnapshot.CloudProviderValueValuesEnumi7a6The cloud provider for the vulnerability snapshot. Values: CLOUD_PROVIDER_UNSPECIFIED: The cloud provider is unspecified. GOOGLE_CLOUD_PLATFORM: The cloud provider is Google Cloud. AMAZON_WEB_SERVICES: The cloud provider is Amazon Web Services. MICROSOFT_AZURE: The cloud provider is Microsoft Azure. rr rrrNrrr1r2rr 7rr1rr r rrrrN)rrrr r!r"rarrbrr% findingCountr#r9 snapshotTimer0rr1r2r r 7s_  Y^^ %%&DaH-''(FJ,   q !$&&q),r1r c<\rSrSrSr\R "S5rSrg)ri7rr rNrrr1r2rr7rr1rr[ z$.xgafvrW 1rX 2N(r! __future__rapitools.base.protorpcliterr"apitools.base.pyrrpackagerr r4rArIrQrkrsrzrrrrrrrrrrrrrrrrrrrrrr#r-r0r6rArPrarkrsrzrrrrrrrrr*r.r@rIr\rcrgrjrqrvr}rrrrrrrrrrrr~r|rr rrrrrrrrrrrrrrr r!r.rrErIrTrVrWrZrRrjrnrprrrtrxr|r~rrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr rrrkrr r!rryr"r}rrrrrrrrrrrrrrrrrrrr#r$r%rr&r'rr(rr)r*rrr+r/rr,r7r@rrGrgr-rZrrr0rrrrrr.rr/rrbrlrrrr0r1r2rkrrrrrrr[rnrrrrrrBrErHrIrNrQrUrYr[r^rr!rdr#r(r-r=r<r0rRr>rVr2rrrr?rrr3r6r/rr8rLrrrrrr9r9r;rrrrrrrrrrrrrrrrrrrr r r r r r r r r r# r) r+ r. r3 r6 r8 r: r< r> r@ rC rE rI rK rM rO rQ rS rU rW rY r[ r] r_ ra rd rg ri rl rn rr ru rw ry r} r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r! r# r% r' r) r+ r- r/ r1 r3 r5 r7 r9 r; r1rr$ r r rH r\rN rorrurr rz rr@r_rBrDr r rAddCustomJsonFieldMappingAddCustomJsonEnumMappingrY rr1r2r s!'<%( :'Y  :'z%9$$%: '** ' $ ))$)'i)'X?i? %)## %,Y  ,*.9Y&&.9b I"" I $Y&& $"Y&&"8="Y&&="@%)##%:=Y&&=D """ "Z)##Z"  i''  "I--"$  9,,  4I%%4& "** "  ))    )##  :*Y..:*zZY->->Zti.?.?t%)++%T"iT"n,Ai//,A^"I%%"4 <"" <*""*<G9$$G>C)++CD(**(.' ))'* %"" % E )) E (J""(JV#i#AY&&A! !!!* )i ) dy'8'8 dP')  P'fQMY  QMh E)   E",i''",J'.I%%'.T21!2!221j"%y  "%J $i $ ?Y  ? 0 !! 0 "9   " *y  * ( )) (I   !)++ !"I%%""49$$4* -Y.. -II--IY.. !#9  !#H#9  #:7I%%7>{>i{>| 7Y   7<7 !!<7~0)##0.()##(:)++:Vy((V*/( 0A0A/(dA):):A"K):K:KK1?i.?.?1?h _)2C2C _@"iN_N_@"F(8 0A0A(8VP(I,=,=P(f NY5F5F N 6)*;*; 6E#)*;*;E#P:)2C2C:v)Y5F5Fv)r99;L;L9>I(YEVEVI(X5_ @Q@Q5_p9 @Q@Q9>K: 0A0AK:\ 7y/@/@ 7 UID"i6G6GD"N:' (9(9:'z%i.?.?%: 'I4E4E ' $93D3D$)'):):)'XZ):):Z %Y->-> %, (9(9,*/9 0A0A/9d "I,=,= "uY->->u"  1B1B  "y7H7H"$  i6G6G  Oy/@/@O& "I4E4E "  93D3D    Y->->  :* 8I8I:*z4( 0A0A4(n\):):\"K):K:KK CY5F5FCD(I4E4E(.'93D3D'* %I,=,= % `93D3D ` (JI,=,=(JV#):):#\ 0A0A\!9+<+<!* )):): )P'Y%6%6P'fQM (9(9QMh `Y%6%6 `",1B1B",J'.y/@/@'.T21IBY):):BYJ 7 (9(9 7<79+<+<<7~(Y->->(A1B1BA8"I,=,="@19+<+<1,%)*;*;%(& (9(9&"+;):):+;\W)y'8'8W)t KY->-> KF ji.?.? j"1B1B""i>O>O",9+<+<,@-"y/@/@-"` "):K:K "HIDUDUH&#yO`O`#7yO`O`7:7yO`O`7:g):K:Kg "IDUDU "uI->b %JN(I,=,=N(b R)*;*; R "):): ""i&7&7" V)*;*; V%)*;*;%$ NY5F5F N  (9(9 0"9+<+<" ,):): , ")*;*; " Y%6%6 "#I4E4E#$ "9+<+< " &):): &F`)2C2C`@ !9+<+< !P)*;*;P&7#)*;*;7#t bi.?.? b)?)2C2C)?Xz)Y5F5Fz)z i&7&7 :5)2C2C5"K"y/@/@K"\" 0A0A"&(1B1B(@5_ @Q@Q5_p"9)2C2C"9J.i>O>O.& 9I,=,= 9F ):): @!I,=,=!,<)2C2C<( ^)*;*; ^^y/@/@^4&93D3D&$'9,,$'NII--I"Ai''A8$<)##$O>O 13y?P?P30( @Q@Q(03IO>O3((IL]L](63Y=N=N36?3IO>O3,1i>O>O1"19;L;L1"3I!!114>r1