lSrSSKJr SSKJr SSKJr SSKJr Sr "SS\R5r "S S \R5r "S S \R5r "S S\R5r"SS\R5r"SS\R5r"SS\R5r"SS\R5r"SS\R5r"SS\R5r"SS\R5r"SS\R5r"SS \R5r"S!S"\R5r"S#S$\R5r"S%S&\R5r"S'S(\R5r"S)S*\R5r"S+S,\R5r"S-S.\R5r"S/S0\R5r"S1S2\R5r "S3S4\R5r!"S5S6\R5r""S7S8\R5r#"S9S:\R5r$"S;S<\R5r%"S=S>\R5r&"S?S@\R5r'"SASB\R5r("SCSD\R5r)"SESF\R5r*"SGSH\R5r+"SISJ\R5r,"SKSL\R5r-"SMSN\R5r."SOSP\R5r/"SQSR\R5r0"SSST\R5r1"SUSV\R5r2"SWSX\R5r3"SYSZ\R5r4"S[S\\R5r5"S]S^\R5r6"S_S`\R5r7"SaSb\R5r8"ScSd\R5r9"SeSf\R5r:"SgSh\R5r;"SiSj\R5r<"SkSl\R5r="SmSn\R5r>"SoSp\R5r?"SqSr\R5r@"SsSt\R5rA"SuSv\R5rB"SwSx\R5rC"SySz\R5rD"S{S|\R5rE"S}S~\R5rF"SS\R5rG"SS\R5rH"SS\R5rI"SS\R5rJ"SS\R5rK"SS\R5rL"SS\R5rM"SS\R5rN"SS\R5rO"SS\R5rP"SS\R5rQ"SS\R5rR"SS\R5rS"SS\R5rT"SS\R5rU"SS\R5rV"SS\R5rW"SS\R5rX"SS\R5rY"SS\R5rZ"SS\R5r["SS\R5r\"SS\R5r]"SS\R5r^"SS\R5r_"SS\R5r`"SS\R5ra"SS\R5rb"SS\R5rc"SS\R5rd"SS\R5re"SS\R5rf"SS\R5rg"SS\R5rh"SS\R5ri"SS\R5rj"SS\R5rk"SS\R5rl"SS\R5rm"SS\R5rn"SS\R5ro"SS\R5rp"SS\R5rq"SS\R5rr"SS\R5rs"SS\R5rt"SS\R5ru"SS\R5rv"SS\R5rw"SS\R5rx"SS\R5ry"SS\R5rz"SS\R5r{"SS\R5r|"SS\R5r}"SS\R5r~\R"\{SS5 \GR"\{GRSS5 \GR"\{GRSS5 g)aGenerated message classes for securitycentermanagement version v1. Management API for Security Command Center, a built-in security and risk management solution for Google Cloud. Use this API to programmatically update the settings and configuration of Security Command Center. )absolute_import)messages)encoding) extra_typessecuritycentermanagementc`\rSrSrSr\R "SSSS9r\R"S5r Sr g ) AuditConfigawSpecifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both `allServices` and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { "audit_configs": [ { "service": "allServices", "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" }, { "log_type": "ADMIN_READ" } ] }, { "service": "sampleservice.googleapis.com", "audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type": "DATA_WRITE", "exempted_members": [ "user:aliya@example.com" ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts `jose@example.com` from DATA_READ logging, and `aliya@example.com` from DATA_WRITE logging. Fields: auditLogConfigs: The configuration for logging of each type of permission. service: Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services. AuditLogConfigTrepeatedN) __name__ __module__ __qualname____firstlineno____doc__ _messages MessageFieldauditLogConfigs StringFieldservice__static_attributes__rmlib/googlecloudsdk/generated_clients/apis/securitycentermanagement/v1/securitycentermanagement_v1_messages.pyr r s.0**+;QN/  ! !! $'rr c\rSrSrSr"SS\R 5r\R"SSS9r \R"SS5r S r g ) r 0aRProvides the configuration for logging a type of permissions. Example: { "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" } ] } This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting jose@example.com from DATA_READ logging. Enums: LogTypeValueValuesEnum: The log type that this config enables. Fields: exemptedMembers: Specifies the identities that do not cause logging for this type of permission. Follows the same format of Binding.members. logType: The log type that this config enables. c(\rSrSrSrSrSrSrSrSr g) %AuditLogConfig.LogTypeValueValuesEnum@aThe log type that this config enables. Values: LOG_TYPE_UNSPECIFIED: Default case. Should never be this. ADMIN_READ: Admin reads. Example: CloudIAM getIamPolicy DATA_WRITE: Data writes. Example: CloudSQL Users create DATA_READ: Data reads. Example: CloudSQL Users list rr rrN) rrrrrLOG_TYPE_UNSPECIFIED ADMIN_READ DATA_WRITE DATA_READrrrrLogTypeValueValuesEnumr!@sJJIrr(r Tr rrN) rrrrrrEnumr(rexemptedMembers EnumFieldlogTyperrrrr r 0s>  y~~ ))!d;/    8! <'rr c\rSrSrSr"SS\R 5r\R"SS5r \R"S5r Sr g) BillingMetadataRaResponse message for SecurityCenterManagement.GetBillingMetadata. Enums: BillingTierValueValuesEnum: The billing tier of the resource. Fields: billingTier: The billing tier of the resource. name: Identifier. The full resource name of the billingMetadata, in one of the following formats: * `organizations/{organization}/locations/{location}/billingMetadata` * `projects/{project}/locations/{location}/billingMetadata` c(\rSrSrSrSrSrSrSrSr g) *BillingMetadata.BillingTierValueValuesEnum`zThe billing tier of the resource. Values: BILLING_TIER_UNSPECIFIED: Default value. This value is unused. STANDARD: Standard free tier. PREMIUM: Security Command Center Premium. ENTERPRISE: Security Command Center Enterprise. rr rr#rN) rrrrrBILLING_TIER_UNSPECIFIEDSTANDARDPREMIUM ENTERPRISErrrrBillingTierValueValuesEnumr1`s !HGJrr7r rrN) rrrrrrr)r7r+ billingTierrnamerrrrr.r.Rs<  9>> ##$@!D+   q !$rr.c\rSrSrSrSrg)CancelOperationRequestrz3The request message for Operations.CancelOperation.rNrrrrrrrrrr;r;rs instance.status == 'RUNNING' && 'public' in instance.tags.items - name: firewall resource_type: compute.googleapis.com/Firewall filter: > firewall.direction == 'INGRESS' && !firewall.disabled && firewall.allowed.exists(rule, rule.IPProtocol.upperAscii() in ['TCP', 'ALL'] && rule.ports.exists(port, network.portsInRange(port, '11-256'))) rule: match: - predicate: > instance.networkInterfaces.exists(net, firewall.network == net.network) output: > {'message': 'Compute instance with publicly accessible ports', 'instance': instance.name} Users are able to join resource types together using the exact format as Kubernetes Validating Admission policies. Fields: spec: Optional. The CEL policy to evaluate to produce findings. A finding is generated when the policy validation evaluates to false. r rN) rrrrrrrspecrrrrr?r?vs,   q !$rr?cH\rSrSrSr"SS\R 5r\R"SS5r \R"SS5r \R"S 5r \R"S S 5r \R"S 5r\R"S S5r\R "SS5rSrg) CustomConfigaDefines the properties in a custom module configuration for Security Health Analytics. Use the custom module configuration to create custom detectors that generate custom findings for resources that you specify. Enums: SeverityValueValuesEnum: Optional. The severity to assign to findings generated by the module. Fields: celPolicy: Optional. The CEL policy spec attached to the custom module. customOutput: Optional. Custom output properties. description: Optional. Text that describes the vulnerability or misconfiguration that the custom module detects. This explanation is returned with each finding instance to help investigators understand the detected issue. The text must be enclosed in quotation marks. predicate: Optional. The Common Expression Language (CEL) expression to evaluate to produce findings. When the expression evaluates to `true` against a resource, a finding is generated. recommendation: Optional. An explanation of the recommended steps that security teams can take to resolve the detected issue. This explanation is returned with each finding generated by this module. resourceSelector: Optional. The Cloud Asset Inventory resource types that the custom module operates on. For information about resource types, see [Supported asset types](https://cloud.google.com/asset- inventory/docs/supported-asset-types). Each custom module can specify up to 5 resource types. severity: Optional. The severity to assign to findings generated by the module. c,\rSrSrSrSrSrSrSrSr Sr g ) $CustomConfig.SeverityValueValuesEnumzOptional. The severity to assign to findings generated by the module. Values: SEVERITY_UNSPECIFIED: Default value. This value is unused. CRITICAL: Critical severity. HIGH: High severity. MEDIUM: Medium severity. LOW: Low severity. rr rr#rN rrrrrSEVERITY_UNSPECIFIEDCRITICALHIGHMEDIUMLOWrrrrSeverityValueValuesEnumrFs#H D F CrrOr?r CustomOutputSpecrr#ExprrHResourceSelectorrN)rrrrrrr)rOr celPolicy customOutputr description predicaterecommendationresourceSelectorr+severityrrrrrCrCs<  $$_a8)''(:A>,%%a(+$$VQ/)((+.++,>B  !:A >(rrCc\rSrSrSr\R "S5r\R"SS5r \R "S5r \R"SS5r Sr g ) CustomModuleValidationErroraAn error encountered while validating the uploaded configuration of an Event Threat Detection custom module. Fields: description: A human-readable description of the error. end: The end position of the error in the uploaded text version of the module. Omitted if no specific position applies, or if the position could not be computed. fieldPath: The path, in [RFC 6901: JSON Pointer](https://datatracker.ietf.org/doc/html/rfc6901) format, to the field that failed validation. Omitted if no specific field is affected. start: The initial position of the error in the uploaded text version of the module. Omitted if no specific position applies, or if the position could not be computed. r Positionrr#rHrN) rrrrrrrrXrend fieldPathstartrrrrr^r^sM %%a(+z1-###A&)  Q /%rr^c<\rSrSrSr\R "SSSS9rSrg) rPa;A set of optional name-value pairs that define custom source properties to return with each finding that is generated by the custom module. The custom source properties that are defined here are included in the finding. Fields: properties: Optional. A list of custom output properties to add to the finding. Propertyr Tr rN) rrrrrrr propertiesrrrrrPrPs%%j!dC*rrPcr\rSrSrSr"SS\R 5r\R"S5"SS\R55r \R"SS5r \R"S 5r\R"S 5r\R""SS 5r\R"S 5r\R"S 5rSrg))EffectiveEventThreatDetectionCustomModuleaThe representation of an EventThreatDetectionCustomModule at a given level, taking hierarchy into account and resolving various fields accordingly. For example, if the module is enabled at the ancestor level, then effective modules at all descendant levels will have their enablement state set to `ENABLED`. Similarly, if `module.inherited` is set, then the effective module's configuration will reflect the ancestor's configuration. Enums: EnablementStateValueValuesEnum: Output only. The effective state of enablement for the module at the given level of the hierarchy. Messages: ConfigValue: Output only. Configuration for the effective module. Fields: config: Output only. Configuration for the effective module. description: Output only. A description of the module. displayName: Output only. The human-readable name of the module. enablementState: Output only. The effective state of enablement for the module at the given level of the hierarchy. name: Identifier. The resource name of the Event Threat Detection custom module, in one of the following formats: * `organizations/{organization} /locations/{location}/effectiveEventThreatDetectionCustomModules/{custom _module}` * `folders/{folder}/locations/{location}/effectiveEventThreatD etectionCustomModules/{custom_module}` * `projects/{project}/locations/{ location}/effectiveEventThreatDetectionCustomModules/{custom_module}` type: Output only. Type for the module (for example, `CONFIGURABLE_BAD_IP`). c$\rSrSrSrSrSrSrSrg)HEffectiveEventThreatDetectionCustomModule.EnablementStateValueValuesEnumi aOutput only. The effective state of enablement for the module at the given level of the hierarchy. Values: ENABLEMENT_STATE_UNSPECIFIED: Default value. This value is unused. ENABLED: The module is enabled at the given level. DISABLED: The module is disabled at the given level. rr rrN rrrrrENABLEMENT_STATE_UNSPECIFIEDENABLEDDISABLEDrrrrEnablementStateValueValuesEnumrl $% GHrrqadditionalPropertiescf\rSrSrSr"SS\R 5r\R"SSSS9r Sr g ) 5EffectiveEventThreatDetectionCustomModule.ConfigValueizOutput only. Configuration for the effective module. Messages: AdditionalProperty: An additional property for a ConfigValue object. Fields: additionalProperties: Properties of the object. cb\rSrSrSr\R "S5r\R"SS5r Sr g)HEffectiveEventThreatDetectionCustomModule.ConfigValue.AdditionalPropertyi#An additional property for a ConfigValue object. Fields: key: Name of the additional property. value: A extra_types.JsonValue attribute. r extra_types.JsonValuerrN rrrrrrrkeyrvaluerrrrAdditionalPropertyrw#,   ! !! $c$$%Response message for SecurityCenterManagement.ListDescendantSecurityHealthAnalyticsCustomModules. Fields: nextPageToken: A pagination token. To retrieve the next page of results, call the method again with this token. securityHealthAnalyticsCustomModules: The list of SecurityHealthAnalyticsCustomModules r #SecurityHealthAnalyticsCustomModulerTr rN rrrrrrrrr$securityHealthAnalyticsCustomModulesrrrrrr1''*-)2)?)?@eghsw)x&rrc`\rSrSrSr\R "SSSS9r\R"S5r Sr g ) 6ListEffectiveEventThreatDetectionCustomModulesResponseiaLResponse message for SecurityCenterManagement.ListEffectiveEventThreatDetectionCustomModules. Fields: effectiveEventThreatDetectionCustomModules: The list of effective Event Threat Detection custom modules. nextPageToken: A pagination token. To retrieve the next page of results, call the method again with this token. rir Tr rrN) rrrrrrr*effectiveEventThreatDetectionCustomModulesrrrrrrrrs809/E/EFqst@D0E,''*-rrc`\rSrSrSr\R "SSSS9r\R"S5r Sr g ) 9ListEffectiveSecurityHealthAnalyticsCustomModulesResponseiaUResponse message for SecurityCenterManagement.ListEffectiveSecurityHealthAnalyticsCustomModules. Fields: effectiveSecurityHealthAnalyticsCustomModules: The list of effective Security Health Analytics custom modules. nextPageToken: A pagination token. To retrieve the next page of results, call the method again with this token. rr Tr rrN) rrrrrrr-effectiveSecurityHealthAnalyticsCustomModulesrrrrrrrrs83<2H2HIwyzFJ3K/''*-rrc`\rSrSrSr\R "SSSS9r\R"S5r Sr g ) -ListEventThreatDetectionCustomModulesResponseiaResponse message for SecurityCenterManagement.ListEventThreatDetectionCustomModules. Fields: eventThreatDetectionCustomModules: The list of custom modules. nextPageToken: A pagination token. To retrieve the next page of results, call the method again with this token. rr Tr rrNrrrrrrrrrc`\rSrSrSr\R "SSSS9r\R"S5r Sr g ) ListLocationsResponseizThe response message for Locations.ListLocations. Fields: locations: A list of locations that matches the specified filter in the request. nextPageToken: The standard List next-page token. rr Tr rrN) rrrrrrr locationsrrrrrrrrs/$$%BAPTU)''*-rrc\rSrSrSr\R "S5r\R"SSSS9r \R "SSS9r S r g ) ListOperationsResponseiaThe response message for Operations.ListOperations. Fields: nextPageToken: The standard List next-page token. operations: A list of operations that matches the specified filter in the request. unreachable: Unordered list. Unreachable resources. Populated when the request sets `ListOperationsRequest.return_partial_success` and reads across collections e.g. when attempting to list all resources across all supported locations. r OperationrTr r#rN) rrrrrrrrr operations unreachablerrrrrrs? ''*-%%k1tD*%%a$7+rrc`\rSrSrSr\R "S5r\R"SSSS9r Sr g ) "ListSecurityCenterServicesResponseizResponse message for SecurityCenterManagement.ListSecurityCenterServices. Fields: nextPageToken: A pagination token. To retrieve the next page of results, call the method again with this token. securityCenterServices: The list of services. r SecurityCenterServicerTr rN) rrrrrrrrrsecurityCenterServicesrrrrrrs0''*-$112I1W[\rrc`\rSrSrSr\R "S5r\R"SSSS9r Sr g ) 0ListSecurityHealthAnalyticsCustomModulesResponseia9Response message for SecurityCenterManagement.ListSecurityHealthAnalyticsCustomModules. Fields: nextPageToken: A pagination token. To retrieve the next page of results, call the method again with this token. securityHealthAnalyticsCustomModules: The list of Security Health Analytics custom modules. r rrTr rNrrrrrrrrrc\rSrSrSr"SS\R 5r"SS\R 5r\R"SS5r \R"SS5r S r g ) ModuleSettingsia@The settings for individual modules. Enums: EffectiveEnablementStateValueValuesEnum: Output only. The effective enablement state for the module at its level of the resource hierarchy. If the intended state is set to `INHERITED`, the effective state will be inherited from the enablement state of an ancestor. This state may differ from the intended enablement state due to billing eligibility or onboarding status. IntendedEnablementStateValueValuesEnum: Optional. The intended enablement state for the module at its level of the resource hierarchy. Fields: effectiveEnablementState: Output only. The effective enablement state for the module at its level of the resource hierarchy. If the intended state is set to `INHERITED`, the effective state will be inherited from the enablement state of an ancestor. This state may differ from the intended enablement state due to billing eligibility or onboarding status. intendedEnablementState: Optional. The intended enablement state for the module at its level of the resource hierarchy. c,\rSrSrSrSrSrSrSrSr Sr g ) 6ModuleSettings.EffectiveEnablementStateValueValuesEnumi6aQOutput only. The effective enablement state for the module at its level of the resource hierarchy. If the intended state is set to `INHERITED`, the effective state will be inherited from the enablement state of an ancestor. This state may differ from the intended enablement state due to billing eligibility or onboarding status. Values: ENABLEMENT_STATE_UNSPECIFIED: Default value. This value is unused. INHERITED: State is inherited from the parent resource. Valid as an intended enablement state, but not as an effective enablement state. ENABLED: State is enabled. DISABLED: State is disabled. INGEST_ONLY: Security Command Center is configured to ingest findings from this service, but not to enable this service. This state indicates that Security Command Center is misconfigured. You can't set this state yourself. rr rr#rHrN rrrrrrnrrorp INGEST_ONLYrrrr'EffectiveEnablementStateValueValuesEnumr6#"$% IGHKrrc,\rSrSrSrSrSrSrSrSr Sr g ) 5ModuleSettings.IntendedEnablementStateValueValuesEnumiNafOptional. The intended enablement state for the module at its level of the resource hierarchy. Values: ENABLEMENT_STATE_UNSPECIFIED: Default value. This value is unused. INHERITED: State is inherited from the parent resource. Valid as an intended enablement state, but not as an effective enablement state. ENABLED: State is enabled. DISABLED: State is disabled. INGEST_ONLY: Security Command Center is configured to ingest findings from this service, but not to enable this service. This state indicates that Security Command Center is misconfigured. You can't set this state yourself. rr rr#rHrNrrrr&IntendedEnablementStateValueValuesEnumrNs# $% IGHKrrr rrN) rrrrrrr)rrr+effectiveEnablementStateintendedEnablementStaterrrrrrsS, 0y~~*'001Z\]^%//0XZ[\rrcz\rSrSrSr\R "S5"SS\R55r \R "S5"SS\R55r \R"S5r \R"S S 5r\R"SS 5r\R "S 5r\R"SS 5rSrg)rigaThis resource represents a long-running operation that is the result of a network API call. Messages: MetadataValue: Service-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any. ResponseValue: The normal, successful response of the operation. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`. Fields: done: If the value is `false`, it means the operation is still in progress. If `true`, the operation is completed, and either `error` or `response` is available. error: The error result of the operation in case of failure or cancellation. metadata: Service-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any. name: The server-assigned name, which is only unique within the same service that originally returns it. If you use the default HTTP mapping, the `name` should be a resource name ending with `operations/{unique_id}`. response: The normal, successful response of the operation. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`. rscf\rSrSrSr"SS\R 5r\R"SSSS9r Sr g ) Operation.MetadataValueiaService-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any. Messages: AdditionalProperty: An additional property for a MetadataValue object. Fields: additionalProperties: Properties of the object. Contains field @type with type URL. cb\rSrSrSr\R "S5r\R"SS5r Sr g)*Operation.MetadataValue.AdditionalPropertyirr ryrrNrzrrrr}rr~rr}r Tr rNrrrrrrs4  AY.. A%112FTXYrrcf\rSrSrSr"SS\R 5r\R"SSSS9r Sr g ) Operation.ResponseValueiaThe normal, successful response of the operation. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`. Messages: AdditionalProperty: An additional property for a ResponseValue object. Fields: additionalProperties: Properties of the object. Contains field @type with type URL. cb\rSrSrSr\R "S5r\R"SS5r Sr g)*Operation.ResponseValue.AdditionalPropertyizAn additional property for a ResponseValue object. Fields: key: Name of the additional property. value: A extra_types.JsonValue attribute. r ryrrNrzrrrr}rr~rr}r Tr rNrrrr ResponseValuers4 AY.. A%112FTXYrrr Statusrr#rHrRrN)rrrrrrrrrrr BooleanFielddonererrorrrr9responserrrrrrgs'R !!"89Zi''Z:Z6 !!"89Zi''Z:Z<    "$  1 -%  # #OQ 7(   q !$  # #OQ 7(rrc\rSrSrSr\R "SSSS9r\R "SSSS9r\R"S 5r \R"S \RRS 9rS rg )PolicyiawAn Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource- policies). **JSON example:** ``` { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } ``` **YAML example:** ``` bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 ``` For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/). Fields: auditConfigs: Specifies cloud audit logging configuration for this policy. bindings: Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`. etag: `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read- modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. version: Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource- policies). r r Tr rrr#rHvariantrN)rrrrrrr auditConfigsbindings BytesFieldetag IntegerFieldVariantINT32versionrrrrrrsbEN'' q4H,  # #$8!d K(   a $  " "1i.?.?.E.E F'rrc\rSrSrSr\R "S\RRS9r \R "S\RRS9r Sr g)r`i!zA position in the uploaded text version of a module. Fields: columnNumber: The column position in the line. lineNumber: The line position in the text. r rrrN) rrrrrrrrr columnNumber lineNumberrrrrr`r`!sE''93D3D3J3JK,%%a1B1B1H1HI*rr`cb\rSrSrSr\R "S5r\R"SS5r Sr g)rfi-aRAn individual name-value pair that defines a custom source property. Fields: name: Optional. Name of the property for the custom output. valueExpression: Optional. The CEL expression for the custom output. A resource property can be specified to return the value of the property or a text string enclosed in quotation marks. r rQrrN) rrrrrrrr9rvalueExpressionrrrrrfrf-s+   q !$**615/rrfc:\rSrSrSr\R "SSS9rSrg)rSi;zuResource for selecting resource type. Fields: resourceTypes: Optional. The resource types to run the detector on. r Tr rN) rrrrrrr resourceTypesrrrrrSrS;s ''D9-rrSc\rSrSrSr"SS\R 5r"SS\R 5r\ R"S5"SS \R55r \ R"S5"S S \R55r \R"SS 5r\R"SS 5r\R""S S5r\R&"S5r\R""S S5r\R&"S5rSrg)riEa Represents a particular Security Command Center service. This includes settings information such as top-level enablement in addition to individual module settings. Service settings can be configured at the organization, folder, or project level. Service settings at the organization or folder level are inherited by those in descendant folders and projects. Enums: EffectiveEnablementStateValueValuesEnum: Output only. The effective enablement state for the service at its level of the resource hierarchy. If the intended state is set to `INHERITED`, the effective state will be inherited from the enablement state of an ancestor. This state may differ from the intended enablement state due to billing eligibility or onboarding status. IntendedEnablementStateValueValuesEnum: Optional. The intended enablement state for the service at its level of the resource hierarchy. A `DISABLED` state will override all module enablement states to `DISABLED`. Messages: ModulesValue: Optional. The module configurations, including the enablement state for the service's modules. The absence of a module in the map implies that its configuration is inherited from its parents. ServiceConfigValue: Optional. Additional service-specific configuration. Not all services will utilize this field. Fields: effectiveEnablementState: Output only. The effective enablement state for the service at its level of the resource hierarchy. If the intended state is set to `INHERITED`, the effective state will be inherited from the enablement state of an ancestor. This state may differ from the intended enablement state due to billing eligibility or onboarding status. intendedEnablementState: Optional. The intended enablement state for the service at its level of the resource hierarchy. A `DISABLED` state will override all module enablement states to `DISABLED`. modules: Optional. The module configurations, including the enablement state for the service's modules. The absence of a module in the map implies that its configuration is inherited from its parents. name: Identifier. The name of the service, in one of the following formats: * `organizations/{organization}/locations/{location}/securityCe nterServices/{service}` * `folders/{folder}/locations/{location}/securityCenterServices/{service}` * `projects/{project}/locations/{location}/securityCenterServices/{servi ce}` The following values are valid for `{service}`: * `container- threat-detection` * `event-threat-detection` * `security-health- analytics` * `vm-threat-detection` * `web-security-scanner` * `vm- threat-detection-aws` * `cloud-run-threat-detection` * `vm-manager` * `ec2-vulnerability-assessment` * `gce-vulnerability-assessment` * `azure-vulnerability-assessment` * `notebook-security-scanner` * `artifact-analysis` serviceConfig: Optional. Additional service-specific configuration. Not all services will utilize this field. updateTime: Output only. The time the service was last updated. This could be due to an explicit user update or due to a side effect of another system change, such as billing subscription expiry. c,\rSrSrSrSrSrSrSrSr Sr g ) =SecurityCenterService.EffectiveEnablementStateValueValuesEnumiaROutput only. The effective enablement state for the service at its level of the resource hierarchy. If the intended state is set to `INHERITED`, the effective state will be inherited from the enablement state of an ancestor. This state may differ from the intended enablement state due to billing eligibility or onboarding status. Values: ENABLEMENT_STATE_UNSPECIFIED: Default value. This value is unused. INHERITED: State is inherited from the parent resource. Valid as an intended enablement state, but not as an effective enablement state. ENABLED: State is enabled. DISABLED: State is disabled. INGEST_ONLY: Security Command Center is configured to ingest findings from this service, but not to enable this service. This state indicates that Security Command Center is misconfigured. You can't set this state yourself. rr rr#rHrNrrrrrr rrrc,\rSrSrSrSrSrSrSrSr Sr g ) 1 5'   q !$(()=qA-$$Q'*rrcB\rSrSrSr"SS\R 5r\R"S5r \R"SS5r \R"S5r \R"SS 5r\R"S 5r\R"S 5r\R"S 5rS rg)riaRepresents an instance of a Security Health Analytics custom module, including its full module name, display name, enablement state, and last updated time. You can create a custom module at the organization, folder, or project level. Custom modules that you create at the organization or folder level are inherited by the descendant folders and projects. Enums: EnablementStateValueValuesEnum: Optional. The enablement state of the custom module. Fields: ancestorModule: Output only. Specifies the organization or folder from which the custom module is inherited. If empty, indicates that the custom module was created in the organization, folder, or project in which you are viewing the custom module. customConfig: Optional. The user-specified custom configuration for the module. displayName: Optional. The display name of the Security Health Analytics custom module. This display name becomes the finding category for all findings that are returned by this custom module. The display name must be between 1 and 128 characters, start with a lowercase letter, and contain alphanumeric characters or underscores only. enablementState: Optional. The enablement state of the custom module. lastEditor: Output only. The editor that last updated the custom module. name: Identifier. The full resource name of the custom module, in one of the following formats: * `organizations/{organization}/locations/{locati on}/securityHealthAnalyticsCustomModules/{custom_module}` * `folders/{fo lder}/locations/{location}/securityHealthAnalyticsCustomModules/{custom_ module}` * `projects/{project}/locations/{location}/securityHealthAnalyt icsCustomModules/{custom_module}` updateTime: Output only. The time at which the custom module was last updated. c(\rSrSrSrSrSrSrSrSr g) BSecurityHealthAnalyticsCustomModule.EnablementStateValueValuesEnumi aOptional. The enablement state of the custom module. Values: ENABLEMENT_STATE_UNSPECIFIED: Default value. This value is unused. ENABLED: The module is enabled at the given organization, folder, or project. DISABLED: The module is disabled at the given organization, folder, or project. INHERITED: State is inherited from an ancestor module. The module will either be effectively `ENABLED` or `DISABLED` based on its closest non-inherited ancestor module in the resource hierarchy. If you try to set a top-level module (a module with no parent) to the `INHERITED` state, you receive an `INVALID_ARGUMENT` error. rr rr#rNrrrrrqr s $% GHIrrqr rCrr#rHrRrTrUrN)rrrrrrr)rqrrrrrr+rrr9rrrrrrrs Dy~~(((+.'':,%%a(+''(H!L/$$Q'*   q !$$$Q'*rrc:\rSrSrSr\R "SSS9rSrg)\SecuritycentermanagementFoldersLocationsEffectiveEventThreatDetectionCustomModulesGetRequesti)a8A SecuritycentermanagementFoldersLocationsEffectiveEventThreatDetectionC ustomModulesGetRequest object. Fields: name: Required. The resource name of the Event Threat Detection custom module, in one of the following formats: * `organizations/{organization} /locations/{location}/effectiveEventThreatDetectionCustomModules/{custom _module}` * `folders/{folder}/locations/{location}/effectiveEventThreatD etectionCustomModules/{custom_module}` * `projects/{project}/locations/{ location}/effectiveEventThreatDetectionCustomModules/{custom_module}` r TrequiredrN rrrrrrrr9rrrrrr)    q4 0$rrc\rSrSrSr\R "S\RRS9r \R"S5r \R"SSS9r S r g ) ]SecuritycentermanagementFoldersLocationsEffectiveEventThreatDetectionCustomModulesListRequesti9aA SecuritycentermanagementFoldersLocationsEffectiveEventThreatDetectionC ustomModulesListRequest object. Fields: pageSize: Optional. The maximum number of results to return in a single response. Default is 10, minimum is 1, maximum is 1000. pageToken: Optional. A pagination token returned from a previous request. Provide this token to retrieve the next page of results. When paginating, the rest of the request must match the request that generated the page token. parent: Required. Name of parent to list effective custom modules, in one of the following formats: * `organizations/{organization}/locations/{location}` * `folders/{folder}/locations/{location}` * `projects/{project}/locations/{location}` r rrr#TrrNrrrrrrrrrpageSizer pageTokenparentrrrrr#r#9I" # #Ay/@/@/F/F G(##A&)  T 2&rr#c:\rSrSrSr\R "SSS9rSrg)_SecuritycentermanagementFoldersLocationsEffectiveSecurityHealthAnalyticsCustomModulesGetRequestiPaA SecuritycentermanagementFoldersLocationsEffectiveSecurityHealthAnalyti csCustomModulesGetRequest object. Fields: name: Required. The full resource name of the custom module, specified in one of the following formats: * `organizations/organization/{location}/e ffectiveSecurityHealthAnalyticsCustomModules/{custom_module}` * `folders /folder/{location}/effectiveSecurityHealthAnalyticsCustomModules/{custom _module}` * `projects/project/{location}/effectiveSecurityHealthAnalytic sCustomModules/{custom_module}` r TrrNr rrrr*r*Pr!rr*c\rSrSrSr\R "S\RRS9r \R"S5r \R"SSS9r S r g ) `SecuritycentermanagementFoldersLocationsEffectiveSecurityHealthAnalyticsCustomModulesListRequesti`aA SecuritycentermanagementFoldersLocationsEffectiveSecurityHealthAnalyti csCustomModulesListRequest object. Fields: pageSize: Optional. The maximum number of results to return in a single response. Default is 10, minimum is 1, maximum is 1000. pageToken: Optional. A pagination token returned from a previous request. Provide this token to retrieve the next page of results. When paginating, the rest of the request must match the request that generated the page token. parent: Required. Name of parent to list effective custom modules, in one of the following formats: * `organizations/{organization}/locations/{location}` * `folders/{folder}/locations/{location}` * `projects/{project}/locations/{location}` r rrr#TrrNr$rrrr,r,`r(rr,c\rSrSrSr\R "SS5r\R"SSS9r \R"S5r S r g ) VSecuritycentermanagementFoldersLocationsEventThreatDetectionCustomModulesCreateRequestiwaA SecuritycentermanagementFoldersLocationsEventThreatDetectionCustomModu lesCreateRequest object. Fields: eventThreatDetectionCustomModule: A EventThreatDetectionCustomModule resource to be passed as the request body. parent: Required. Name of parent for the module, in one of the following formats: * `organizations/{organization}/locations/{location}` * `folders/{folder}/locations/{location}` * `projects/{project}/locations/{location}` validateOnly: Optional. When set to `true`, the request will be validated (including IAM checks), but no module will be created. An `OK` response indicates that the request is valid, while an error response indicates that the request is invalid. If the request is valid, a subsequent request to create the module could still fail for one of the following reasons: * The state of your cloud resources changed; for example, you lost a required IAM permission * An error occurred during creation of the module Defaults to `false`. rr rTrr#rN rrrrrrr eventThreatDetectionCustomModulerr'r validateOnlyrrrrr.r.w@(&/%;%;<^`a%b"  T 2&''*,rr.c^\rSrSrSr\R "SSS9r\R"S5r Sr g) VSecuritycentermanagementFoldersLocationsEventThreatDetectionCustomModulesDeleteRequestiaDA SecuritycentermanagementFoldersLocationsEventThreatDetectionCustomModu lesDeleteRequest object. Fields: name: Required. The resource name of the Event Threat Detection custom module, in one of the following formats: * `organizations/{organization} /locations/{location}/eventThreatDetectionCustomModules/{custom_module}` * `folders/{folder}/locations/{location}/eventThreatDetectionCustomModul es/{custom_module}` * `projects/{project}/locations/{location}/eventThre atDetectionCustomModules/{custom_module}` validateOnly: Optional. When set to `true`, the request will be validated (including IAM checks), but no module will be deleted. An `OK` response indicates that the request is valid, while an error response indicates that the request is invalid. If the request is valid, a subsequent request to delete the module could still fail for one of the following reasons: * The state of your cloud resources changed; for example, you lost a required IAM permission * An error occurred during creation of the module Defaults to `false`. r TrrrN rrrrrrrr9rr1rrrrr4r4+(   q4 0$''*,rr4c:\rSrSrSr\R "SSS9rSrg)SSecuritycentermanagementFoldersLocationsEventThreatDetectionCustomModulesGetRequestiaA SecuritycentermanagementFoldersLocationsEventThreatDetectionCustomModu lesGetRequest object. Fields: name: Required. The resource name of the Event Threat Detection custom module, in one of the following formats: * `organizations/{organization} /locations/{location}/eventThreatDetectionCustomModules/{custom_module}` * `folders/{folder}/locations/{location}/eventThreatDetectionCustomModul es/{custom_module}` * `projects/{project}/locations/{location}/eventThre atDetectionCustomModules/{custom_module}` r TrrNr rrrr8r8r!rr8c\rSrSrSr\R "S\RRS9r \R"S5r \R"SSS9r S r g ) ^SecuritycentermanagementFoldersLocationsEventThreatDetectionCustomModulesListDescendantRequestiaKA SecuritycentermanagementFoldersLocationsEventThreatDetectionCustomModu lesListDescendantRequest object. Fields: pageSize: Optional. The maximum number of modules to return. The service may return fewer than this value. If unspecified, at most 10 configs will be returned. The maximum value is 1000; values above 1000 will be coerced to 1000. pageToken: Optional. A pagination token returned from a previous request. Provide this token to retrieve the next page of results. When paginating, the rest of the request must match the request that generated the page token. parent: Required. Name of parent to list custom modules, in one of the following formats: * `organizations/{organization}/locations/{location}` * `folders/{folder}/locations/{location}` * `projects/{project}/locations/{location}` r rrr#TrrNr$rrrr:r:I$ # #Ay/@/@/F/F G(##A&)  T 2&rr:c\rSrSrSr\R "S\RRS9r \R"S5r \R"SSS9r S r g ) TSecuritycentermanagementFoldersLocationsEventThreatDetectionCustomModulesListRequestiaAA SecuritycentermanagementFoldersLocationsEventThreatDetectionCustomModu lesListRequest object. Fields: pageSize: Optional. The maximum number of modules to return. The service may return fewer than this value. If unspecified, at most 10 modules will be returned. The maximum value is 1000; values above 1000 will be coerced to 1000. pageToken: Optional. A pagination token returned from a previous request. Provide this token to retrieve the next page of results. When paginating, the rest of the request must match the request that generated the page token. parent: Required. Name of parent to list custom modules, in one of the following formats: * `organizations/{organization}/locations/{location}` * `folders/{folder}/locations/{location}` * `projects/{project}/locations/{location}` r rrr#TrrNr$rrrr=r=r;rr=c\rSrSrSr\R "SS5r\R"SSS9r \R"S5r \R"S 5r S r g ) USecuritycentermanagementFoldersLocationsEventThreatDetectionCustomModulesPatchRequestiaA SecuritycentermanagementFoldersLocationsEventThreatDetectionCustomModu lesPatchRequest object. Fields: eventThreatDetectionCustomModule: A EventThreatDetectionCustomModule resource to be passed as the request body. name: Identifier. The resource name of the Event Threat Detection custom module, in one of the following formats: * `organizations/{organization} /locations/{location}/eventThreatDetectionCustomModules/{custom_module}` * `folders/{folder}/locations/{location}/eventThreatDetectionCustomModul es/{custom_module}` * `projects/{project}/locations/{location}/eventThre atDetectionCustomModules/{custom_module}` updateMask: Required. The fields to update. If omitted, then all fields are updated. validateOnly: Optional. When set to `true`, the request will be validated (including IAM checks), but no module will be updated. An `OK` response indicates that the request is valid, while an error response indicates that the request is invalid. If the request is valid, a subsequent request to update the module could still fail for one of the following reasons: * The state of your cloud resources changed; for example, you lost a required IAM permission * An error occurred during creation of the module Defaults to `false`. rr rTrr#rHrNrrrrrrrr0rr9 updateMaskrr1rrrrr?r?P0&/%;%;<^`a%b"   q4 0$$$Q'*''*,rr?c`\rSrSrSr\R "SSS9r\R"SS5r Sr g ) XSecuritycentermanagementFoldersLocationsEventThreatDetectionCustomModulesValidateRequesti aA SecuritycentermanagementFoldersLocationsEventThreatDetectionCustomModu lesValidateRequest object. Fields: parent: Required. Resource name of the parent to validate the custom modules under, in one of the following formats: * `organizations/{organization}/locations/{location}` validateEventThreatDetectionCustomModuleRequest: A ValidateEventThreatDetectionCustomModuleRequest resource to be passed as the request body. r Tr/ValidateEventThreatDetectionCustomModuleRequestrrN rrrrrrrr'r/validateEventThreatDetectionCustomModuleRequestrrrrrDrD 3   T 2&4=4J4JK|~5A1rrDc^\rSrSrSr\R "SSS9r\R"S5r Sr g) HSecuritycentermanagementFoldersLocationsSecurityCenterServicesGetRequestiaA SecuritycentermanagementFoldersLocationsSecurityCenterServicesGetRequest object. Fields: name: Required. The Security Command Center service to retrieve, in one of the following formats: * organizations/{organization}/locations/{locatio n}/securityCenterServices/{service} * folders/{folder}/locations/{location}/securityCenterServices/{service} * projects/{project}/locations/{location}/securityCenterServices/{service} The following values are valid for `{service}`: * `container-threat- detection` * `event-threat-detection` * `security-health-analytics` * `vm-threat-detection` * `web-security-scanner` * `vm-threat-detection- aws` * `cloud-run-threat-detection` * `vm-manager` * `ec2-vulnerability- assessment` * `gce-vulnerability-assessment` * `azure-vulnerability- assessment` * `notebook-security-scanner` * `artifact-analysis` showEligibleModulesOnly: Optional. Set to `true` to show only modules that are in scope. By default, all modules are shown. r TrrrN rrrrrrrr9rshowEligibleModulesOnlyrrrrrJrJ,(   q4 0$%2215rrJc\rSrSrSr\R "S\RRS9r \R"S5r \R"SSS9r \R"S 5rS rg ) ISecuritycentermanagementFoldersLocationsSecurityCenterServicesListRequesti3aA SecuritycentermanagementFoldersLocationsSecurityCenterServicesListRequest object. Fields: pageSize: Optional. The maximum number of results to return in a single response. Default is 10, minimum is 1, maximum is 1000. pageToken: Optional. A pagination token returned from a previous request. Provide this token to retrieve the next page of results. When paginating, the rest of the request must match the request that generated the page token. parent: Required. The name of the parent to list Security Command Center services, in one of the following formats: * `organizations/{organization}/locations/{location}` * `folders/{folder}/locations/{location}` * `projects/{project}/locations/{location}` showEligibleModulesOnly: Flag that, when set, is used to filter the module settings that are shown. The default setting is that all modules are shown. r rrr#TrrHrNrrrrrrrrrr%rr&r'rrLrrrrrOrO3Z* # #Ay/@/@/F/F G(##A&)  T 2&%2215rrOc\rSrSrSr\R "SSS9r\R"SS5r \R "S5r \R"S 5r S r g ) JSecuritycentermanagementFoldersLocationsSecurityCenterServicesPatchRequestiOaA SecuritycentermanagementFoldersLocationsSecurityCenterServicesPatchRequest object. Fields: name: Identifier. The name of the service, in one of the following formats: * `organizations/{organization}/locations/{location}/securityCe nterServices/{service}` * `folders/{folder}/locations/{location}/securityCenterServices/{service}` * `projects/{project}/locations/{location}/securityCenterServices/{servi ce}` The following values are valid for `{service}`: * `container- threat-detection` * `event-threat-detection` * `security-health- analytics` * `vm-threat-detection` * `web-security-scanner` * `vm- threat-detection-aws` * `cloud-run-threat-detection` * `vm-manager` * `ec2-vulnerability-assessment` * `gce-vulnerability-assessment` * `azure-vulnerability-assessment` * `notebook-security-scanner` * `artifact-analysis` securityCenterService: A SecurityCenterService resource to be passed as the request body. updateMask: Optional. Required. The fields to update. Accepts the following values: * `intended_enablement_state` * `modules` If omitted, then all eligible fields are updated. validateOnly: Optional. When set to `true`, the request will be validated (including IAM checks), but no service will be updated. An `OK` response indicates that the request is valid, while an error response indicates that the request is invalid. If the request is valid, a subsequent request to update the service could still fail for one of the following reasons: * The state of your cloud resources changed; for example, you lost a required IAM permission * An error occurred during update of the service Defaults to `false`. r Trrrr#rHrNrrrrrrrr9rsecurityCenterServicerArr1rrrrrSrSOP@   q4 0$#001H!L$$Q'*''*,rrSc\rSrSrSr\R "SSS9r\R"SS5r \R"S5r S r g ) YSecuritycentermanagementFoldersLocationsSecurityHealthAnalyticsCustomModulesCreateRequestiva,A SecuritycentermanagementFoldersLocationsSecurityHealthAnalyticsCustomM odulesCreateRequest object. Fields: parent: Required. Name of the parent organization, folder, or project of the module, in one of the following formats: * `organizations/{organization}/locations/{location}` * `folders/{folder}/locations/{location}` * `projects/{project}/locations/{location}` securityHealthAnalyticsCustomModule: A SecurityHealthAnalyticsCustomModule resource to be passed as the request body. validateOnly: Optional. When set to `true`, the request will be validated (including IAM checks), but no module will be created. An `OK` response indicates that the request is valid, while an error response indicates that the request is invalid. If the request is valid, a subsequent request to create the module could still fail for one of the following reasons: * The state of your cloud resources changed; for example, you lost a required IAM permission * An error occurred during creation of the module Defaults to `false`. r Trrrr#rN rrrrrrrr'r#securityHealthAnalyticsCustomModulerr1rrrrrXrXv@*  T 2&(1(>(>?dfg(h%''*,rrXc^\rSrSrSr\R "SSS9r\R"S5r Sr g) YSecuritycentermanagementFoldersLocationsSecurityHealthAnalyticsCustomModulesDeleteRequestia>A SecuritycentermanagementFoldersLocationsSecurityHealthAnalyticsCustomM odulesDeleteRequest object. Fields: name: Required. The resource name of the SHA custom module, in one of the following formats: * `organizations/{organization}/locations/{location}/ securityHealthAnalyticsCustomModules/{custom_module}` * `folders/{folder }/locations/{location}/securityHealthAnalyticsCustomModules/{custom_modu le}` * `projects/{project}/locations/{location}/securityHealthAnalyticsC ustomModules/{custom_module}` validateOnly: Optional. When set to `true`, the request will be validated (including IAM checks), but no module will be deleted. An `OK` response indicates that the request is valid, while an error response indicates that the request is invalid. If the request is valid, a subsequent request to delete the module could still fail for one of the following reasons: * The state of your cloud resources changed; for example, you lost a required IAM permission * An error occurred during deletion of the module Defaults to `false`. r TrrrNr5rrrr]r]r6rr]c:\rSrSrSr\R "SSS9rSrg)VSecuritycentermanagementFoldersLocationsSecurityHealthAnalyticsCustomModulesGetRequestia A SecuritycentermanagementFoldersLocationsSecurityHealthAnalyticsCustomM odulesGetRequest object. Fields: name: Required. Name of the resource, in the format `projects/{project}/lo cations/{location}/securityHealthAnalyticsCustomModules/{custom_module}` . r TrrNr rrrr_r_   q4 0$rr_c\rSrSrSr\R "S\RRS9r \R"S5r \R"SSS9r S r g ) aSecuritycentermanagementFoldersLocationsSecurityHealthAnalyticsCustomModulesListDescendantRequestiaA SecuritycentermanagementFoldersLocationsSecurityHealthAnalyticsCustomM odulesListDescendantRequest object. Fields: pageSize: Optional. The maximum number of results to return in a single response. Default is 10, minimum is 1, maximum is 1000. pageToken: Optional. A pagination token returned from a previous request. Provide this token to retrieve the next page of results. When paginating, the rest of the request must match the request that generated the page token. parent: Required. Name of the parent organization, folder, or project in which to list custom modules, in one of the following formats: * `organizations/{organization}/locations/{location}` * `folders/{folder}/locations/{location}` * `projects/{project}/locations/{location}` r rrr#TrrNr$rrrrbrbr(rrbc\rSrSrSr\R "S\RRS9r \R"S5r \R"SSS9r S r g ) WSecuritycentermanagementFoldersLocationsSecurityHealthAnalyticsCustomModulesListRequestiaA SecuritycentermanagementFoldersLocationsSecurityHealthAnalyticsCustomM odulesListRequest object. Fields: pageSize: Optional. The maximum number of results to return in a single response. Default is 10, minimum is 1, maximum is 1000. pageToken: Optional. A pagination token returned from a previous request. Provide this token to retrieve the next page of results. When paginating, the rest of the request must match the request that generated the page token. parent: Required. Name of the parent organization, folder, or project in which to list custom modules, in one of the following formats: * `organizations/{organization}/locations/{location}` * `folders/{folder}/locations/{location}` * `projects/{project}/locations/{location}` r rrr#TrrNr$rrrrdrdr(rrdc\rSrSrSr\R "SSS9r\R"SS5r \R "S5r \R"S 5r S r g ) XSecuritycentermanagementFoldersLocationsSecurityHealthAnalyticsCustomModulesPatchRequestiaA SecuritycentermanagementFoldersLocationsSecurityHealthAnalyticsCustomM odulesPatchRequest object. Fields: name: Identifier. The full resource name of the custom module, in one of the following formats: * `organizations/{organization}/locations/{locati on}/securityHealthAnalyticsCustomModules/{custom_module}` * `folders/{fo lder}/locations/{location}/securityHealthAnalyticsCustomModules/{custom_ module}` * `projects/{project}/locations/{location}/securityHealthAnalyt icsCustomModules/{custom_module}` securityHealthAnalyticsCustomModule: A SecurityHealthAnalyticsCustomModule resource to be passed as the request body. updateMask: Optional. Required. The fields to update. The following values are valid: * `custom_config` * `enablement_state` If you omit this field or set it to the wildcard value `*`, then all eligible fields are updated. validateOnly: Optional. When set to `true`, the request will be validated (including IAM checks), but no module will be updated. An `OK` response indicates that the request is valid, while an error response indicates that the request is invalid. If the request is valid, a subsequent request to update the module could still fail for one of the following reasons: * The state of your cloud resources changed; for example, you lost a required IAM permission * An error occurred during creation of the module Defaults to `false`. r Trrrr#rHrNrrrrrrrr9rrZrArr1rrrrrfrfP4   q4 0$(1(>(>?dfg(h%$$Q'*''*,rrfc`\rSrSrSr\R "SSS9r\R"SS5r Sr g ) [SecuritycentermanagementFoldersLocationsSecurityHealthAnalyticsCustomModulesSimulateRequestia A SecuritycentermanagementFoldersLocationsSecurityHealthAnalyticsCustomM odulesSimulateRequest object. Fields: parent: Required. The relative resource name of the organization, project, or folder. For more information about relative resource names, see [AIP-122: Resource names](https://google.aip.dev/122). Example: `organizations/{organization_id}`. simulateSecurityHealthAnalyticsCustomModuleRequest: A SimulateSecurityHealthAnalyticsCustomModuleRequest resource to be passed as the request body. r Tr2SimulateSecurityHealthAnalyticsCustomModuleRequestrrN rrrrrrrr'r2simulateSecurityHealthAnalyticsCustomModuleRequestrrrrrjrj;   T 2&7@7M7MOCEF8G4rrjc:\rSrSrSr\R "SSS9rSrg)bSecuritycentermanagementOrganizationsLocationsEffectiveEventThreatDetectionCustomModulesGetRequestia>A SecuritycentermanagementOrganizationsLocationsEffectiveEventThreatDete ctionCustomModulesGetRequest object. Fields: name: Required. The resource name of the Event Threat Detection custom module, in one of the following formats: * `organizations/{organization} /locations/{location}/effectiveEventThreatDetectionCustomModules/{custom _module}` * `folders/{folder}/locations/{location}/effectiveEventThreatD etectionCustomModules/{custom_module}` * `projects/{project}/locations/{ location}/effectiveEventThreatDetectionCustomModules/{custom_module}` r TrrNr rrrrprpr!rrpc\rSrSrSr\R "S\RRS9r \R"S5r \R"SSS9r S r g ) cSecuritycentermanagementOrganizationsLocationsEffectiveEventThreatDetectionCustomModulesListRequesti(aA SecuritycentermanagementOrganizationsLocationsEffectiveEventThreatDete ctionCustomModulesListRequest object. Fields: pageSize: Optional. The maximum number of results to return in a single response. Default is 10, minimum is 1, maximum is 1000. pageToken: Optional. A pagination token returned from a previous request. Provide this token to retrieve the next page of results. When paginating, the rest of the request must match the request that generated the page token. parent: Required. Name of parent to list effective custom modules, in one of the following formats: * `organizations/{organization}/locations/{location}` * `folders/{folder}/locations/{location}` * `projects/{project}/locations/{location}` r rrr#TrrNr$rrrrrrr(r(rrrc:\rSrSrSr\R "SSS9rSrg)eSecuritycentermanagementOrganizationsLocationsEffectiveSecurityHealthAnalyticsCustomModulesGetRequesti?aA SecuritycentermanagementOrganizationsLocationsEffectiveSecurityHealthA nalyticsCustomModulesGetRequest object. Fields: name: Required. The full resource name of the custom module, specified in one of the following formats: * `organizations/organization/{location}/e ffectiveSecurityHealthAnalyticsCustomModules/{custom_module}` * `folders /folder/{location}/effectiveSecurityHealthAnalyticsCustomModules/{custom _module}` * `projects/project/{location}/effectiveSecurityHealthAnalytic sCustomModules/{custom_module}` r TrrNr rrrrtrt?r!rrtc\rSrSrSr\R "S\RRS9r \R"S5r \R"SSS9r S r g ) fSecuritycentermanagementOrganizationsLocationsEffectiveSecurityHealthAnalyticsCustomModulesListRequestiOaA SecuritycentermanagementOrganizationsLocationsEffectiveSecurityHealthA nalyticsCustomModulesListRequest object. Fields: pageSize: Optional. The maximum number of results to return in a single response. Default is 10, minimum is 1, maximum is 1000. pageToken: Optional. A pagination token returned from a previous request. Provide this token to retrieve the next page of results. When paginating, the rest of the request must match the request that generated the page token. parent: Required. Name of parent to list effective custom modules, in one of the following formats: * `organizations/{organization}/locations/{location}` * `folders/{folder}/locations/{location}` * `projects/{project}/locations/{location}` r rrr#TrrNr$rrrrvrvOr(rrvc\rSrSrSr\R "SS5r\R"SSS9r \R"S5r S r g ) \SecuritycentermanagementOrganizationsLocationsEventThreatDetectionCustomModulesCreateRequestifaA SecuritycentermanagementOrganizationsLocationsEventThreatDetectionCust omModulesCreateRequest object. Fields: eventThreatDetectionCustomModule: A EventThreatDetectionCustomModule resource to be passed as the request body. parent: Required. Name of parent for the module, in one of the following formats: * `organizations/{organization}/locations/{location}` * `folders/{folder}/locations/{location}` * `projects/{project}/locations/{location}` validateOnly: Optional. When set to `true`, the request will be validated (including IAM checks), but no module will be created. An `OK` response indicates that the request is valid, while an error response indicates that the request is invalid. If the request is valid, a subsequent request to create the module could still fail for one of the following reasons: * The state of your cloud resources changed; for example, you lost a required IAM permission * An error occurred during creation of the module Defaults to `false`. rr rTrr#rNr/rrrrxrxfr2rrxc^\rSrSrSr\R "SSS9r\R"S5r Sr g) \SecuritycentermanagementOrganizationsLocationsEventThreatDetectionCustomModulesDeleteRequestiaJA SecuritycentermanagementOrganizationsLocationsEventThreatDetectionCust omModulesDeleteRequest object. Fields: name: Required. The resource name of the Event Threat Detection custom module, in one of the following formats: * `organizations/{organization} /locations/{location}/eventThreatDetectionCustomModules/{custom_module}` * `folders/{folder}/locations/{location}/eventThreatDetectionCustomModul es/{custom_module}` * `projects/{project}/locations/{location}/eventThre atDetectionCustomModules/{custom_module}` validateOnly: Optional. When set to `true`, the request will be validated (including IAM checks), but no module will be deleted. An `OK` response indicates that the request is valid, while an error response indicates that the request is invalid. If the request is valid, a subsequent request to delete the module could still fail for one of the following reasons: * The state of your cloud resources changed; for example, you lost a required IAM permission * An error occurred during creation of the module Defaults to `false`. r TrrrNr5rrrrzrzr6rrzc:\rSrSrSr\R "SSS9rSrg)YSecuritycentermanagementOrganizationsLocationsEventThreatDetectionCustomModulesGetRequestiaA SecuritycentermanagementOrganizationsLocationsEventThreatDetectionCust omModulesGetRequest object. Fields: name: Required. The resource name of the Event Threat Detection custom module, in one of the following formats: * `organizations/{organization} /locations/{location}/eventThreatDetectionCustomModules/{custom_module}` * `folders/{folder}/locations/{location}/eventThreatDetectionCustomModul es/{custom_module}` * `projects/{project}/locations/{location}/eventThre atDetectionCustomModules/{custom_module}` r TrrNr rrrr|r|r!rr|c\rSrSrSr\R "S\RRS9r \R"S5r \R"SSS9r S r g ) dSecuritycentermanagementOrganizationsLocationsEventThreatDetectionCustomModulesListDescendantRequestiaQA SecuritycentermanagementOrganizationsLocationsEventThreatDetectionCust omModulesListDescendantRequest object. Fields: pageSize: Optional. The maximum number of modules to return. The service may return fewer than this value. If unspecified, at most 10 configs will be returned. The maximum value is 1000; values above 1000 will be coerced to 1000. pageToken: Optional. A pagination token returned from a previous request. Provide this token to retrieve the next page of results. When paginating, the rest of the request must match the request that generated the page token. parent: Required. Name of parent to list custom modules, in one of the following formats: * `organizations/{organization}/locations/{location}` * `folders/{folder}/locations/{location}` * `projects/{project}/locations/{location}` r rrr#TrrNr$rrrr~r~r;rr~c\rSrSrSr\R "S\RRS9r \R"S5r \R"SSS9r S r g ) ZSecuritycentermanagementOrganizationsLocationsEventThreatDetectionCustomModulesListRequestiaGA SecuritycentermanagementOrganizationsLocationsEventThreatDetectionCust omModulesListRequest object. Fields: pageSize: Optional. The maximum number of modules to return. The service may return fewer than this value. If unspecified, at most 10 modules will be returned. The maximum value is 1000; values above 1000 will be coerced to 1000. pageToken: Optional. A pagination token returned from a previous request. Provide this token to retrieve the next page of results. When paginating, the rest of the request must match the request that generated the page token. parent: Required. Name of parent to list custom modules, in one of the following formats: * `organizations/{organization}/locations/{location}` * `folders/{folder}/locations/{location}` * `projects/{project}/locations/{location}` r rrr#TrrNr$rrrrrr;rrc\rSrSrSr\R "SS5r\R"SSS9r \R"S5r \R"S 5r S r g ) [SecuritycentermanagementOrganizationsLocationsEventThreatDetectionCustomModulesPatchRequestiaA SecuritycentermanagementOrganizationsLocationsEventThreatDetectionCust omModulesPatchRequest object. Fields: eventThreatDetectionCustomModule: A EventThreatDetectionCustomModule resource to be passed as the request body. name: Identifier. The resource name of the Event Threat Detection custom module, in one of the following formats: * `organizations/{organization} /locations/{location}/eventThreatDetectionCustomModules/{custom_module}` * `folders/{folder}/locations/{location}/eventThreatDetectionCustomModul es/{custom_module}` * `projects/{project}/locations/{location}/eventThre atDetectionCustomModules/{custom_module}` updateMask: Required. The fields to update. If omitted, then all fields are updated. validateOnly: Optional. When set to `true`, the request will be validated (including IAM checks), but no module will be updated. An `OK` response indicates that the request is valid, while an error response indicates that the request is invalid. If the request is valid, a subsequent request to update the module could still fail for one of the following reasons: * The state of your cloud resources changed; for example, you lost a required IAM permission * An error occurred during creation of the module Defaults to `false`. rr rTrr#rHrNr@rrrrrrBrrc`\rSrSrSr\R "SSS9r\R"SS5r Sr g ) ^SecuritycentermanagementOrganizationsLocationsEventThreatDetectionCustomModulesValidateRequestiaA SecuritycentermanagementOrganizationsLocationsEventThreatDetectionCust omModulesValidateRequest object. Fields: parent: Required. Resource name of the parent to validate the custom modules under, in one of the following formats: * `organizations/{organization}/locations/{location}` validateEventThreatDetectionCustomModuleRequest: A ValidateEventThreatDetectionCustomModuleRequest resource to be passed as the request body. r TrrErrNrFrrrrrrHrrc:\rSrSrSr\R "SSS9rSrg)GSecuritycentermanagementOrganizationsLocationsGetBillingMetadataRequesti a7A SecuritycentermanagementOrganizationsLocationsGetBillingMetadataRequest object. Fields: name: Required. The resource to look up the billing tier for, in the format `organizations/{organization}/locations/{location}/billingMetadata` or `projects/{project}/locations/{location}/billingMetadata`. r TrrNr rrrrr s    q4 0$rrc`\rSrSrSr\R "SS5r\R"SSS9r Sr g ) ESecuritycentermanagementOrganizationsLocationsOperationsCancelRequestizA SecuritycentermanagementOrganizationsLocationsOperationsCancelRequest object. Fields: cancelOperationRequest: A CancelOperationRequest resource to be passed as the request body. name: The name of the operation resource to be cancelled. r;r rTrrN rrrrrrrcancelOperationRequestrr9rrrrrr/%112JAN   q4 0$rrc:\rSrSrSr\R "SSS9rSrg)ESecuritycentermanagementOrganizationsLocationsOperationsDeleteRequesti&zA SecuritycentermanagementOrganizationsLocationsOperationsDeleteRequest object. Fields: name: The name of the operation resource to be deleted. r TrrNr rrrrr&   q4 0$rrc:\rSrSrSr\R "SSS9rSrg)BSecuritycentermanagementOrganizationsLocationsOperationsGetRequesti1zA SecuritycentermanagementOrganizationsLocationsOperationsGetRequest object. Fields: name: The name of the operation resource. r TrrNr rrrrr1rrrc\rSrSrSr\R "S5r\R "SSS9r\R"S\RRS9r \R "S 5r \R"S 5rS rg ) CSecuritycentermanagementOrganizationsLocationsOperationsListRequesti<aA SecuritycentermanagementOrganizationsLocationsOperationsListRequest object. Fields: filter: The standard list filter. name: The name of the operation's parent resource. pageSize: The standard list page size. pageToken: The standard list page token. returnPartialSuccess: When set to `true`, operations that are reachable are returned as normal, and those that are unreachable are returned in the [ListOperationsResponse.unreachable] field. This can only be `true` when reading across collections e.g. when `parent` is set to `"projects/example/locations/-"`. This field is not by default supported and will result in an `UNIMPLEMENTED` error if set unless explicitly documented otherwise in service or product specific documentation. r rTrr#rrHrRrNrrrrrrrfilterr9rrrr%r&rreturnPartialSuccessrrrrrr<sj"   #&   q4 0$  # #Ay/@/@/F/F G(##A&)"//2rrc^\rSrSrSr\R "SSS9r\R"S5r Sr g) NSecuritycentermanagementOrganizationsLocationsSecurityCenterServicesGetRequestiUaA SecuritycentermanagementOrganizationsLocationsSecurityCenterServicesGe tRequest object. Fields: name: Required. The Security Command Center service to retrieve, in one of the following formats: * organizations/{organization}/locations/{locatio n}/securityCenterServices/{service} * folders/{folder}/locations/{location}/securityCenterServices/{service} * projects/{project}/locations/{location}/securityCenterServices/{service} The following values are valid for `{service}`: * `container-threat- detection` * `event-threat-detection` * `security-health-analytics` * `vm-threat-detection` * `web-security-scanner` * `vm-threat-detection- aws` * `cloud-run-threat-detection` * `vm-manager` * `ec2-vulnerability- assessment` * `gce-vulnerability-assessment` * `azure-vulnerability- assessment` * `notebook-security-scanner` * `artifact-analysis` showEligibleModulesOnly: Optional. Set to `true` to show only modules that are in scope. By default, all modules are shown. r TrrrNrKrrrrrUs,&   q4 0$%2215rrc\rSrSrSr\R "S\RRS9r \R"S5r \R"SSS9r \R"S 5rS rg ) OSecuritycentermanagementOrganizationsLocationsSecurityCenterServicesListRequestimaA SecuritycentermanagementOrganizationsLocationsSecurityCenterServicesLi stRequest object. Fields: pageSize: Optional. The maximum number of results to return in a single response. Default is 10, minimum is 1, maximum is 1000. pageToken: Optional. A pagination token returned from a previous request. Provide this token to retrieve the next page of results. When paginating, the rest of the request must match the request that generated the page token. parent: Required. The name of the parent to list Security Command Center services, in one of the following formats: * `organizations/{organization}/locations/{location}` * `folders/{folder}/locations/{location}` * `projects/{project}/locations/{location}` showEligibleModulesOnly: Flag that, when set, is used to filter the module settings that are shown. The default setting is that all modules are shown. r rrr#TrrHrNrPrrrrrmsZ( # #Ay/@/@/F/F G(##A&)  T 2&%2215rrc\rSrSrSr\R "SSS9r\R"SS5r \R "S5r \R"S 5r S r g ) PSecuritycentermanagementOrganizationsLocationsSecurityCenterServicesPatchRequestiaA SecuritycentermanagementOrganizationsLocationsSecurityCenterServicesPa tchRequest object. Fields: name: Identifier. The name of the service, in one of the following formats: * `organizations/{organization}/locations/{location}/securityCe nterServices/{service}` * `folders/{folder}/locations/{location}/securityCenterServices/{service}` * `projects/{project}/locations/{location}/securityCenterServices/{servi ce}` The following values are valid for `{service}`: * `container- threat-detection` * `event-threat-detection` * `security-health- analytics` * `vm-threat-detection` * `web-security-scanner` * `vm- threat-detection-aws` * `cloud-run-threat-detection` * `vm-manager` * `ec2-vulnerability-assessment` * `gce-vulnerability-assessment` * `azure-vulnerability-assessment` * `notebook-security-scanner` * `artifact-analysis` securityCenterService: A SecurityCenterService resource to be passed as the request body. updateMask: Optional. Required. The fields to update. Accepts the following values: * `intended_enablement_state` * `modules` If omitted, then all eligible fields are updated. validateOnly: Optional. When set to `true`, the request will be validated (including IAM checks), but no service will be updated. An `OK` response indicates that the request is valid, while an error response indicates that the request is invalid. If the request is valid, a subsequent request to update the service could still fail for one of the following reasons: * The state of your cloud resources changed; for example, you lost a required IAM permission * An error occurred during update of the service Defaults to `false`. r Trrrr#rHrNrTrrrrrsO>   q4 0$#001H!L$$Q'*''*,rrc\rSrSrSr\R "SSS9r\R"SS5r \R"S5r S r g ) _SecuritycentermanagementOrganizationsLocationsSecurityHealthAnalyticsCustomModulesCreateRequestia2A SecuritycentermanagementOrganizationsLocationsSecurityHealthAnalyticsC ustomModulesCreateRequest object. Fields: parent: Required. Name of the parent organization, folder, or project of the module, in one of the following formats: * `organizations/{organization}/locations/{location}` * `folders/{folder}/locations/{location}` * `projects/{project}/locations/{location}` securityHealthAnalyticsCustomModule: A SecurityHealthAnalyticsCustomModule resource to be passed as the request body. validateOnly: Optional. When set to `true`, the request will be validated (including IAM checks), but no module will be created. An `OK` response indicates that the request is valid, while an error response indicates that the request is invalid. If the request is valid, a subsequent request to create the module could still fail for one of the following reasons: * The state of your cloud resources changed; for example, you lost a required IAM permission * An error occurred during creation of the module Defaults to `false`. r Trrrr#rNrYrrrrrr[rrc^\rSrSrSr\R "SSS9r\R"S5r Sr g) _SecuritycentermanagementOrganizationsLocationsSecurityHealthAnalyticsCustomModulesDeleteRequestiaDA SecuritycentermanagementOrganizationsLocationsSecurityHealthAnalyticsC ustomModulesDeleteRequest object. Fields: name: Required. The resource name of the SHA custom module, in one of the following formats: * `organizations/{organization}/locations/{location}/ securityHealthAnalyticsCustomModules/{custom_module}` * `folders/{folder }/locations/{location}/securityHealthAnalyticsCustomModules/{custom_modu le}` * `projects/{project}/locations/{location}/securityHealthAnalyticsC ustomModules/{custom_module}` validateOnly: Optional. When set to `true`, the request will be validated (including IAM checks), but no module will be deleted. An `OK` response indicates that the request is valid, while an error response indicates that the request is invalid. If the request is valid, a subsequent request to delete the module could still fail for one of the following reasons: * The state of your cloud resources changed; for example, you lost a required IAM permission * An error occurred during deletion of the module Defaults to `false`. r TrrrNr5rrrrrr6rrc:\rSrSrSr\R "SSS9rSrg)\SecuritycentermanagementOrganizationsLocationsSecurityHealthAnalyticsCustomModulesGetRequestiaA SecuritycentermanagementOrganizationsLocationsSecurityHealthAnalyticsC ustomModulesGetRequest object. Fields: name: Required. Name of the resource, in the format `projects/{project}/lo cations/{location}/securityHealthAnalyticsCustomModules/{custom_module}` . r TrrNr rrrrrr`rrc\rSrSrSr\R "S\RRS9r \R"S5r \R"SSS9r S r g ) gSecuritycentermanagementOrganizationsLocationsSecurityHealthAnalyticsCustomModulesListDescendantRequestiaA SecuritycentermanagementOrganizationsLocationsSecurityHealthAnalyticsC ustomModulesListDescendantRequest object. Fields: pageSize: Optional. The maximum number of results to return in a single response. Default is 10, minimum is 1, maximum is 1000. pageToken: Optional. A pagination token returned from a previous request. Provide this token to retrieve the next page of results. When paginating, the rest of the request must match the request that generated the page token. parent: Required. Name of the parent organization, folder, or project in which to list custom modules, in one of the following formats: * `organizations/{organization}/locations/{location}` * `folders/{folder}/locations/{location}` * `projects/{project}/locations/{location}` r rrr#TrrNr$rrrrrr(rrc\rSrSrSr\R "S\RRS9r \R"S5r \R"SSS9r S r g ) ]SecuritycentermanagementOrganizationsLocationsSecurityHealthAnalyticsCustomModulesListRequesti aA SecuritycentermanagementOrganizationsLocationsSecurityHealthAnalyticsC ustomModulesListRequest object. Fields: pageSize: Optional. The maximum number of results to return in a single response. Default is 10, minimum is 1, maximum is 1000. pageToken: Optional. A pagination token returned from a previous request. Provide this token to retrieve the next page of results. When paginating, the rest of the request must match the request that generated the page token. parent: Required. Name of the parent organization, folder, or project in which to list custom modules, in one of the following formats: * `organizations/{organization}/locations/{location}` * `folders/{folder}/locations/{location}` * `projects/{project}/locations/{location}` r rrr#TrrNr$rrrrr r(rrc\rSrSrSr\R "SSS9r\R"SS5r \R "S5r \R"S 5r S r g ) ^SecuritycentermanagementOrganizationsLocationsSecurityHealthAnalyticsCustomModulesPatchRequesti aA SecuritycentermanagementOrganizationsLocationsSecurityHealthAnalyticsC ustomModulesPatchRequest object. Fields: name: Identifier. The full resource name of the custom module, in one of the following formats: * `organizations/{organization}/locations/{locati on}/securityHealthAnalyticsCustomModules/{custom_module}` * `folders/{fo lder}/locations/{location}/securityHealthAnalyticsCustomModules/{custom_ module}` * `projects/{project}/locations/{location}/securityHealthAnalyt icsCustomModules/{custom_module}` securityHealthAnalyticsCustomModule: A SecurityHealthAnalyticsCustomModule resource to be passed as the request body. updateMask: Optional. Required. The fields to update. The following values are valid: * `custom_config` * `enablement_state` If you omit this field or set it to the wildcard value `*`, then all eligible fields are updated. validateOnly: Optional. When set to `true`, the request will be validated (including IAM checks), but no module will be updated. An `OK` response indicates that the request is valid, while an error response indicates that the request is invalid. If the request is valid, a subsequent request to update the module could still fail for one of the following reasons: * The state of your cloud resources changed; for example, you lost a required IAM permission * An error occurred during creation of the module Defaults to `false`. r Trrrr#rHrNrgrrrrr rhrrc`\rSrSrSr\R "SSS9r\R"SS5r Sr g ) aSecuritycentermanagementOrganizationsLocationsSecurityHealthAnalyticsCustomModulesSimulateRequesti> aA SecuritycentermanagementOrganizationsLocationsSecurityHealthAnalyticsC ustomModulesSimulateRequest object. Fields: parent: Required. The relative resource name of the organization, project, or folder. For more information about relative resource names, see [AIP-122: Resource names](https://google.aip.dev/122). Example: `organizations/{organization_id}`. simulateSecurityHealthAnalyticsCustomModuleRequest: A SimulateSecurityHealthAnalyticsCustomModuleRequest resource to be passed as the request body. r TrrkrrNrlrrrrr> rnrrc:\rSrSrSr\R "SSS9rSrg)]SecuritycentermanagementProjectsLocationsEffectiveEventThreatDetectionCustomModulesGetRequestiP a9A SecuritycentermanagementProjectsLocationsEffectiveEventThreatDetection CustomModulesGetRequest object. Fields: name: Required. The resource name of the Event Threat Detection custom module, in one of the following formats: * `organizations/{organization} /locations/{location}/effectiveEventThreatDetectionCustomModules/{custom _module}` * `folders/{folder}/locations/{location}/effectiveEventThreatD etectionCustomModules/{custom_module}` * `projects/{project}/locations/{ location}/effectiveEventThreatDetectionCustomModules/{custom_module}` r TrrNr rrrrrP r!rrc\rSrSrSr\R "S\RRS9r \R"S5r \R"SSS9r S r g ) ^SecuritycentermanagementProjectsLocationsEffectiveEventThreatDetectionCustomModulesListRequesti` aA SecuritycentermanagementProjectsLocationsEffectiveEventThreatDetection CustomModulesListRequest object. Fields: pageSize: Optional. The maximum number of results to return in a single response. Default is 10, minimum is 1, maximum is 1000. pageToken: Optional. A pagination token returned from a previous request. Provide this token to retrieve the next page of results. When paginating, the rest of the request must match the request that generated the page token. parent: Required. Name of parent to list effective custom modules, in one of the following formats: * `organizations/{organization}/locations/{location}` * `folders/{folder}/locations/{location}` * `projects/{project}/locations/{location}` r rrr#TrrNr$rrrrr` r(rrc:\rSrSrSr\R "SSS9rSrg)`SecuritycentermanagementProjectsLocationsEffectiveSecurityHealthAnalyticsCustomModulesGetRequestiw aA SecuritycentermanagementProjectsLocationsEffectiveSecurityHealthAnalyt icsCustomModulesGetRequest object. Fields: name: Required. The full resource name of the custom module, specified in one of the following formats: * `organizations/organization/{location}/e ffectiveSecurityHealthAnalyticsCustomModules/{custom_module}` * `folders /folder/{location}/effectiveSecurityHealthAnalyticsCustomModules/{custom _module}` * `projects/project/{location}/effectiveSecurityHealthAnalytic sCustomModules/{custom_module}` r TrrNr rrrrrw r!rrc\rSrSrSr\R "S\RRS9r \R"S5r \R"SSS9r S r g ) aSecuritycentermanagementProjectsLocationsEffectiveSecurityHealthAnalyticsCustomModulesListRequesti aA SecuritycentermanagementProjectsLocationsEffectiveSecurityHealthAnalyt icsCustomModulesListRequest object. Fields: pageSize: Optional. The maximum number of results to return in a single response. Default is 10, minimum is 1, maximum is 1000. pageToken: Optional. A pagination token returned from a previous request. Provide this token to retrieve the next page of results. When paginating, the rest of the request must match the request that generated the page token. parent: Required. Name of parent to list effective custom modules, in one of the following formats: * `organizations/{organization}/locations/{location}` * `folders/{folder}/locations/{location}` * `projects/{project}/locations/{location}` r rrr#TrrNr$rrrrr r(rrc\rSrSrSr\R "SS5r\R"SSS9r \R"S5r S r g ) WSecuritycentermanagementProjectsLocationsEventThreatDetectionCustomModulesCreateRequesti aA SecuritycentermanagementProjectsLocationsEventThreatDetectionCustomMod ulesCreateRequest object. Fields: eventThreatDetectionCustomModule: A EventThreatDetectionCustomModule resource to be passed as the request body. parent: Required. Name of parent for the module, in one of the following formats: * `organizations/{organization}/locations/{location}` * `folders/{folder}/locations/{location}` * `projects/{project}/locations/{location}` validateOnly: Optional. When set to `true`, the request will be validated (including IAM checks), but no module will be created. An `OK` response indicates that the request is valid, while an error response indicates that the request is invalid. If the request is valid, a subsequent request to create the module could still fail for one of the following reasons: * The state of your cloud resources changed; for example, you lost a required IAM permission * An error occurred during creation of the module Defaults to `false`. rr rTrr#rNr/rrrrr r2rrc^\rSrSrSr\R "SSS9r\R"S5r Sr g) WSecuritycentermanagementProjectsLocationsEventThreatDetectionCustomModulesDeleteRequesti aEA SecuritycentermanagementProjectsLocationsEventThreatDetectionCustomMod ulesDeleteRequest object. Fields: name: Required. The resource name of the Event Threat Detection custom module, in one of the following formats: * `organizations/{organization} /locations/{location}/eventThreatDetectionCustomModules/{custom_module}` * `folders/{folder}/locations/{location}/eventThreatDetectionCustomModul es/{custom_module}` * `projects/{project}/locations/{location}/eventThre atDetectionCustomModules/{custom_module}` validateOnly: Optional. When set to `true`, the request will be validated (including IAM checks), but no module will be deleted. An `OK` response indicates that the request is valid, while an error response indicates that the request is invalid. If the request is valid, a subsequent request to delete the module could still fail for one of the following reasons: * The state of your cloud resources changed; for example, you lost a required IAM permission * An error occurred during creation of the module Defaults to `false`. r TrrrNr5rrrrr r6rrc:\rSrSrSr\R "SSS9rSrg)TSecuritycentermanagementProjectsLocationsEventThreatDetectionCustomModulesGetRequesti aA SecuritycentermanagementProjectsLocationsEventThreatDetectionCustomMod ulesGetRequest object. Fields: name: Required. The resource name of the Event Threat Detection custom module, in one of the following formats: * `organizations/{organization} /locations/{location}/eventThreatDetectionCustomModules/{custom_module}` * `folders/{folder}/locations/{location}/eventThreatDetectionCustomModul es/{custom_module}` * `projects/{project}/locations/{location}/eventThre atDetectionCustomModules/{custom_module}` r TrrNr rrrrr r!rrc\rSrSrSr\R "S\RRS9r \R"S5r \R"SSS9r S r g ) _SecuritycentermanagementProjectsLocationsEventThreatDetectionCustomModulesListDescendantRequesti aLA SecuritycentermanagementProjectsLocationsEventThreatDetectionCustomMod ulesListDescendantRequest object. Fields: pageSize: Optional. The maximum number of modules to return. The service may return fewer than this value. If unspecified, at most 10 configs will be returned. The maximum value is 1000; values above 1000 will be coerced to 1000. pageToken: Optional. A pagination token returned from a previous request. Provide this token to retrieve the next page of results. When paginating, the rest of the request must match the request that generated the page token. parent: Required. Name of parent to list custom modules, in one of the following formats: * `organizations/{organization}/locations/{location}` * `folders/{folder}/locations/{location}` * `projects/{project}/locations/{location}` r rrr#TrrNr$rrrrr r;rrc\rSrSrSr\R "S\RRS9r \R"S5r \R"SSS9r S r g ) USecuritycentermanagementProjectsLocationsEventThreatDetectionCustomModulesListRequesti aBA SecuritycentermanagementProjectsLocationsEventThreatDetectionCustomMod ulesListRequest object. Fields: pageSize: Optional. The maximum number of modules to return. The service may return fewer than this value. If unspecified, at most 10 modules will be returned. The maximum value is 1000; values above 1000 will be coerced to 1000. pageToken: Optional. A pagination token returned from a previous request. Provide this token to retrieve the next page of results. When paginating, the rest of the request must match the request that generated the page token. parent: Required. Name of parent to list custom modules, in one of the following formats: * `organizations/{organization}/locations/{location}` * `folders/{folder}/locations/{location}` * `projects/{project}/locations/{location}` r rrr#TrrNr$rrrrr r;rrc\rSrSrSr\R "SS5r\R"SSS9r \R"S5r \R"S 5r S r g ) VSecuritycentermanagementProjectsLocationsEventThreatDetectionCustomModulesPatchRequesti aA SecuritycentermanagementProjectsLocationsEventThreatDetectionCustomMod ulesPatchRequest object. Fields: eventThreatDetectionCustomModule: A EventThreatDetectionCustomModule resource to be passed as the request body. name: Identifier. The resource name of the Event Threat Detection custom module, in one of the following formats: * `organizations/{organization} /locations/{location}/eventThreatDetectionCustomModules/{custom_module}` * `folders/{folder}/locations/{location}/eventThreatDetectionCustomModul es/{custom_module}` * `projects/{project}/locations/{location}/eventThre atDetectionCustomModules/{custom_module}` updateMask: Required. The fields to update. If omitted, then all fields are updated. validateOnly: Optional. When set to `true`, the request will be validated (including IAM checks), but no module will be updated. An `OK` response indicates that the request is valid, while an error response indicates that the request is invalid. If the request is valid, a subsequent request to update the module could still fail for one of the following reasons: * The state of your cloud resources changed; for example, you lost a required IAM permission * An error occurred during creation of the module Defaults to `false`. rr rTrr#rHrNr@rrrrr rBrrc`\rSrSrSr\R "SSS9r\R"SS5r Sr g ) YSecuritycentermanagementProjectsLocationsEventThreatDetectionCustomModulesValidateRequesti0 aA SecuritycentermanagementProjectsLocationsEventThreatDetectionCustomMod ulesValidateRequest object. Fields: parent: Required. Resource name of the parent to validate the custom modules under, in one of the following formats: * `organizations/{organization}/locations/{location}` validateEventThreatDetectionCustomModuleRequest: A ValidateEventThreatDetectionCustomModuleRequest resource to be passed as the request body. r TrrErrNrFrrrrr0 rHrrc:\rSrSrSr\R "SSS9rSrg)BSecuritycentermanagementProjectsLocationsGetBillingMetadataRequestiA a2A SecuritycentermanagementProjectsLocationsGetBillingMetadataRequest object. Fields: name: Required. The resource to look up the billing tier for, in the format `organizations/{organization}/locations/{location}/billingMetadata` or `projects/{project}/locations/{location}/billingMetadata`. r TrrNr rrrrrA s   q4 0$rrc:\rSrSrSr\R "SSS9rSrg)3SecuritycentermanagementProjectsLocationsGetRequestiO zoA SecuritycentermanagementProjectsLocationsGetRequest object. Fields: name: Resource name for the location. r TrrNr rrrrrO    q4 0$rrc\rSrSrSr\R "SSS9r\R "S5r\R "SSS9r \R"S \RRS 9r \R "S 5rS rg )4SecuritycentermanagementProjectsLocationsListRequestiY aA SecuritycentermanagementProjectsLocationsListRequest object. Fields: extraLocationTypes: Optional. Do not use this field. It is unsupported and is ignored unless explicitly documented otherwise. This is primarily for internal usage. filter: A filter to narrow down results to a preferred subset. The filtering language accepts strings like `"displayName=tokyo"`, and is documented in more detail in [AIP-160](https://google.aip.dev/160). name: The resource that owns the locations collection, if applicable. pageSize: The maximum number of results to return. If not set, the service selects a default. pageToken: A page token received from the `next_page_token` field in the response. Send that page token to receive the subsequent page. r Tr rr#rrHrrRrN)rrrrrrrextraLocationTypesrr9rrrr%r&rrrrrrY sl !,,Q>   #&   q4 0$  # #Ay/@/@/F/F G(##A&)rrc`\rSrSrSr\R "SS5r\R"SSS9r Sr g ) @SecuritycentermanagementProjectsLocationsOperationsCancelRequestiq zA SecuritycentermanagementProjectsLocationsOperationsCancelRequest object. Fields: cancelOperationRequest: A CancelOperationRequest resource to be passed as the request body. name: The name of the operation resource to be cancelled. r;r rTrrNrrrrrrq rrrc:\rSrSrSr\R "SSS9rSrg)@SecuritycentermanagementProjectsLocationsOperationsDeleteRequesti zA SecuritycentermanagementProjectsLocationsOperationsDeleteRequest object. Fields: name: The name of the operation resource to be deleted. r TrrNr rrrrr rrrc:\rSrSrSr\R "SSS9rSrg)=SecuritycentermanagementProjectsLocationsOperationsGetRequesti z}A SecuritycentermanagementProjectsLocationsOperationsGetRequest object. Fields: name: The name of the operation resource. r TrrNr rrrrr rrrc\rSrSrSr\R "S5r\R "SSS9r\R"S\RRS9r \R "S 5r \R"S 5rS rg ) >SecuritycentermanagementProjectsLocationsOperationsListRequesti aA SecuritycentermanagementProjectsLocationsOperationsListRequest object. Fields: filter: The standard list filter. name: The name of the operation's parent resource. pageSize: The standard list page size. pageToken: The standard list page token. returnPartialSuccess: When set to `true`, operations that are reachable are returned as normal, and those that are unreachable are returned in the [ListOperationsResponse.unreachable] field. This can only be `true` when reading across collections e.g. when `parent` is set to `"projects/example/locations/-"`. This field is not by default supported and will result in an `UNIMPLEMENTED` error if set unless explicitly documented otherwise in service or product specific documentation. r rTrr#rrHrRrNrrrrrr sj   #&   q4 0$  # #Ay/@/@/F/F G(##A&)"//2rrc^\rSrSrSr\R "SSS9r\R"S5r Sr g) ISecuritycentermanagementProjectsLocationsSecurityCenterServicesGetRequesti aA SecuritycentermanagementProjectsLocationsSecurityCenterServicesGetRequest object. Fields: name: Required. The Security Command Center service to retrieve, in one of the following formats: * organizations/{organization}/locations/{locatio n}/securityCenterServices/{service} * folders/{folder}/locations/{location}/securityCenterServices/{service} * projects/{project}/locations/{location}/securityCenterServices/{service} The following values are valid for `{service}`: * `container-threat- detection` * `event-threat-detection` * `security-health-analytics` * `vm-threat-detection` * `web-security-scanner` * `vm-threat-detection- aws` * `cloud-run-threat-detection` * `vm-manager` * `ec2-vulnerability- assessment` * `gce-vulnerability-assessment` * `azure-vulnerability- assessment` * `notebook-security-scanner` * `artifact-analysis` showEligibleModulesOnly: Optional. Set to `true` to show only modules that are in scope. By default, all modules are shown. r TrrrNrKrrrrr rMrrc\rSrSrSr\R "S\RRS9r \R"S5r \R"SSS9r \R"S 5rS rg ) JSecuritycentermanagementProjectsLocationsSecurityCenterServicesListRequesti aA SecuritycentermanagementProjectsLocationsSecurityCenterServicesListRequest object. Fields: pageSize: Optional. The maximum number of results to return in a single response. Default is 10, minimum is 1, maximum is 1000. pageToken: Optional. A pagination token returned from a previous request. Provide this token to retrieve the next page of results. When paginating, the rest of the request must match the request that generated the page token. parent: Required. The name of the parent to list Security Command Center services, in one of the following formats: * `organizations/{organization}/locations/{location}` * `folders/{folder}/locations/{location}` * `projects/{project}/locations/{location}` showEligibleModulesOnly: Flag that, when set, is used to filter the module settings that are shown. The default setting is that all modules are shown. r rrr#TrrHrNrPrrrrr rQrrc\rSrSrSr\R "SSS9r\R"SS5r \R "S5r \R"S 5r S r g ) KSecuritycentermanagementProjectsLocationsSecurityCenterServicesPatchRequesti aA SecuritycentermanagementProjectsLocationsSecurityCenterServicesPatchRequest object. Fields: name: Identifier. The name of the service, in one of the following formats: * `organizations/{organization}/locations/{location}/securityCe nterServices/{service}` * `folders/{folder}/locations/{location}/securityCenterServices/{service}` * `projects/{project}/locations/{location}/securityCenterServices/{servi ce}` The following values are valid for `{service}`: * `container- threat-detection` * `event-threat-detection` * `security-health- analytics` * `vm-threat-detection` * `web-security-scanner` * `vm- threat-detection-aws` * `cloud-run-threat-detection` * `vm-manager` * `ec2-vulnerability-assessment` * `gce-vulnerability-assessment` * `azure-vulnerability-assessment` * `notebook-security-scanner` * `artifact-analysis` securityCenterService: A SecurityCenterService resource to be passed as the request body. updateMask: Optional. Required. The fields to update. Accepts the following values: * `intended_enablement_state` * `modules` If omitted, then all eligible fields are updated. validateOnly: Optional. When set to `true`, the request will be validated (including IAM checks), but no service will be updated. An `OK` response indicates that the request is valid, while an error response indicates that the request is invalid. If the request is valid, a subsequent request to update the service could still fail for one of the following reasons: * The state of your cloud resources changed; for example, you lost a required IAM permission * An error occurred during update of the service Defaults to `false`. r Trrrr#rHrNrTrrrrr rVrrc\rSrSrSr\R "SSS9r\R"SS5r \R"S5r S r g ) ZSecuritycentermanagementProjectsLocationsSecurityHealthAnalyticsCustomModulesCreateRequesti a-A SecuritycentermanagementProjectsLocationsSecurityHealthAnalyticsCustom ModulesCreateRequest object. Fields: parent: Required. Name of the parent organization, folder, or project of the module, in one of the following formats: * `organizations/{organization}/locations/{location}` * `folders/{folder}/locations/{location}` * `projects/{project}/locations/{location}` securityHealthAnalyticsCustomModule: A SecurityHealthAnalyticsCustomModule resource to be passed as the request body. validateOnly: Optional. When set to `true`, the request will be validated (including IAM checks), but no module will be created. An `OK` response indicates that the request is valid, while an error response indicates that the request is invalid. If the request is valid, a subsequent request to create the module could still fail for one of the following reasons: * The state of your cloud resources changed; for example, you lost a required IAM permission * An error occurred during creation of the module Defaults to `false`. r Trrrr#rNrYrrrrr r[rrc^\rSrSrSr\R "SSS9r\R"S5r Sr g) ZSecuritycentermanagementProjectsLocationsSecurityHealthAnalyticsCustomModulesDeleteRequesti# a?A SecuritycentermanagementProjectsLocationsSecurityHealthAnalyticsCustom ModulesDeleteRequest object. Fields: name: Required. The resource name of the SHA custom module, in one of the following formats: * `organizations/{organization}/locations/{location}/ securityHealthAnalyticsCustomModules/{custom_module}` * `folders/{folder }/locations/{location}/securityHealthAnalyticsCustomModules/{custom_modu le}` * `projects/{project}/locations/{location}/securityHealthAnalyticsC ustomModules/{custom_module}` validateOnly: Optional. When set to `true`, the request will be validated (including IAM checks), but no module will be deleted. An `OK` response indicates that the request is valid, while an error response indicates that the request is invalid. If the request is valid, a subsequent request to delete the module could still fail for one of the following reasons: * The state of your cloud resources changed; for example, you lost a required IAM permission * An error occurred during deletion of the module Defaults to `false`. r TrrrNr5rrrrr# r6rrc:\rSrSrSr\R "SSS9rSrg)WSecuritycentermanagementProjectsLocationsSecurityHealthAnalyticsCustomModulesGetRequesti< a A SecuritycentermanagementProjectsLocationsSecurityHealthAnalyticsCustom ModulesGetRequest object. Fields: name: Required. Name of the resource, in the format `projects/{project}/lo cations/{location}/securityHealthAnalyticsCustomModules/{custom_module}` . r TrrNr rrrrr< r`rrc\rSrSrSr\R "S\RRS9r \R"S5r \R"SSS9r S r g ) bSecuritycentermanagementProjectsLocationsSecurityHealthAnalyticsCustomModulesListDescendantRequestiI aA SecuritycentermanagementProjectsLocationsSecurityHealthAnalyticsCustom ModulesListDescendantRequest object. Fields: pageSize: Optional. The maximum number of results to return in a single response. Default is 10, minimum is 1, maximum is 1000. pageToken: Optional. A pagination token returned from a previous request. Provide this token to retrieve the next page of results. When paginating, the rest of the request must match the request that generated the page token. parent: Required. Name of the parent organization, folder, or project in which to list custom modules, in one of the following formats: * `organizations/{organization}/locations/{location}` * `folders/{folder}/locations/{location}` * `projects/{project}/locations/{location}` r rrr#TrrNr$rrrrrI r(rrc\rSrSrSr\R "S\RRS9r \R"S5r \R"SSS9r S r g ) XSecuritycentermanagementProjectsLocationsSecurityHealthAnalyticsCustomModulesListRequesti` a A SecuritycentermanagementProjectsLocationsSecurityHealthAnalyticsCustom ModulesListRequest object. Fields: pageSize: Optional. The maximum number of results to return in a single response. Default is 10, minimum is 1, maximum is 1000. pageToken: Optional. A pagination token returned from a previous request. Provide this token to retrieve the next page of results. When paginating, the rest of the request must match the request that generated the page token. parent: Required. Name of the parent organization, folder, or project in which to list custom modules, in one of the following formats: * `organizations/{organization}/locations/{location}` * `folders/{folder}/locations/{location}` * `projects/{project}/locations/{location}` r rrr#TrrNr$rrrrr` r(rrc\rSrSrSr\R "SSS9r\R"SS5r \R "S5r \R"S 5r S r g ) YSecuritycentermanagementProjectsLocationsSecurityHealthAnalyticsCustomModulesPatchRequestiw aA SecuritycentermanagementProjectsLocationsSecurityHealthAnalyticsCustom ModulesPatchRequest object. Fields: name: Identifier. The full resource name of the custom module, in one of the following formats: * `organizations/{organization}/locations/{locati on}/securityHealthAnalyticsCustomModules/{custom_module}` * `folders/{fo lder}/locations/{location}/securityHealthAnalyticsCustomModules/{custom_ module}` * `projects/{project}/locations/{location}/securityHealthAnalyt icsCustomModules/{custom_module}` securityHealthAnalyticsCustomModule: A SecurityHealthAnalyticsCustomModule resource to be passed as the request body. updateMask: Optional. Required. The fields to update. The following values are valid: * `custom_config` * `enablement_state` If you omit this field or set it to the wildcard value `*`, then all eligible fields are updated. validateOnly: Optional. When set to `true`, the request will be validated (including IAM checks), but no module will be updated. An `OK` response indicates that the request is valid, while an error response indicates that the request is invalid. If the request is valid, a subsequent request to update the module could still fail for one of the following reasons: * The state of your cloud resources changed; for example, you lost a required IAM permission * An error occurred during creation of the module Defaults to `false`. r Trrrr#rHrNrgrrrrrw rhrrc`\rSrSrSr\R "SSS9r\R"SS5r Sr g ) \SecuritycentermanagementProjectsLocationsSecurityHealthAnalyticsCustomModulesSimulateRequesti aA SecuritycentermanagementProjectsLocationsSecurityHealthAnalyticsCustom ModulesSimulateRequest object. Fields: parent: Required. The relative resource name of the organization, project, or folder. For more information about relative resource names, see [AIP-122: Resource names](https://google.aip.dev/122). Example: `organizations/{organization_id}`. simulateSecurityHealthAnalyticsCustomModuleRequest: A SimulateSecurityHealthAnalyticsCustomModuleRequest resource to be passed as the request body. r TrrkrrNrlrrrrr rnrrcd\rSrSrSr\R "SS5r\R "SS5rSr g) rki aRequest message for SecurityCenterManagement.SimulateSecurityHealthAnalyticsCustomModule. The maximum size of the request is 4 MiB. Fields: customConfig: Required. The custom configuration that you need to test. resource: Required. Resource data to simulate custom module against. rCr SimulatedResourcerrN) rrrrrrrrresourcerrrrrkrk s.'':,  # #$7 ;(rrkc>\rSrSrSr\R "SS5rSrg)3SimulateSecurityHealthAnalyticsCustomModuleResponsei zResponse message for SecurityCenterManagement.SimulateSecurityHealthAnalyticsCustomModule. Fields: result: Result for test case in the corresponding request. SimulatedResultr rN) rrrrrrrresultrrrrrr s  ! !"3Q 7&rrc6\rSrSrSr"SS\R 5r"SS\R 5r"SS\R 5r \ R"S 5"S S \R55r \R"S 5r\R"S 5r\R""SS5r\R"S5r\R"S5r\R"S5r\R""SS5r\R."S S5r\R""SS5rSrg)SimulatedFindingi a The minimum set of fields needed to represent a simulated finding from a Security Health Analytics custom module. Enums: FindingClassValueValuesEnum: The class of the finding. SeverityValueValuesEnum: The severity of the finding. This field is managed by the source that writes the finding. StateValueValuesEnum: Output only. The state of the finding. Messages: SourcePropertiesValue: Source-specific properties. These properties are managed by the source that writes the finding. The key names must be between 1 and 255 characters; they must start with a letter and contain alphanumeric characters or underscores only. Fields: category: The additional taxonomy group within findings from a given source. For example, `XSS_FLASH_INJECTION`. This field is immutable after creation time. eventTime: The time the finding was first detected. If an existing finding is updated, then this is the time the update occurred. If the finding is later resolved, then this time reflects when the finding was resolved. For example, if the finding represents an open firewall, this property captures the time the detector believes the firewall became open. The accuracy is determined by the detector. The event time must not be set to a value greater than the current timestamp. findingClass: The class of the finding. name: Identifier. The [relative resource name](https://google.aip.dev/122) of the finding, in one of the following formats: * `organizations/{organ ization_id}/sources/{source_id}/findings/{finding_id}` * `folders/{folder_id}/sources/{source_id}/findings/{finding_id}` * `projects/{project_id}/sources/{source_id}/findings/{finding_id}` parent: The [relative resource name](https://google.aip.dev/122) of the source the finding belongs to. For example, `organizations/{organization_id}/sources/{source_id}`. This field is immutable after creation time. resourceName: For findings on Google Cloud resources, the [full resource name](https://google.aip.dev/122#full-resource-names) of the Google Cloud resource this finding is for. When the finding is for a non-Google Cloud resource, the value can be a customer or partner defined string. This field is immutable after creation time. severity: The severity of the finding. This field is managed by the source that writes the finding. sourceProperties: Source-specific properties. These properties are managed by the source that writes the finding. The key names must be between 1 and 255 characters; they must start with a letter and contain alphanumeric characters or underscores only. state: Output only. The state of the finding. c<\rSrSrSrSrSrSrSrSr Sr S r S r S r S rg ),SimulatedFinding.FindingClassValueValuesEnumi aThe class of the finding. Values: FINDING_CLASS_UNSPECIFIED: Default value. This value is unused. THREAT: Describes unwanted or malicious activity. VULNERABILITY: Describes a potential weakness in software that increases risk to confidentiality, integrity, and availability. MISCONFIGURATION: Describes a potential weakness in cloud resource or asset configuration that increases risk. OBSERVATION: Describes a security observation that is for informational purposes. SCC_ERROR: Describes an error that prevents Security Command Center from working correctly. POSTURE_VIOLATION: Describes a potential security risk due to a change in the security posture. TOXIC_COMBINATION: Describes a combination of security issues that represent a more severe security problem when taken together. CHOKEPOINT: Describes a resource or resource group where high risk attack paths converge, based on attack path simulations (APS). rr rr#rHrRrTrUrrN)rrrrrFINDING_CLASS_UNSPECIFIEDTHREAT VULNERABILITYMISCONFIGURATION OBSERVATION SCC_ERRORPOSTURE_VIOLATIONTOXIC_COMBINATION CHOKEPOINTrrrrFindingClassValueValuesEnumr s:(!" FMKIJrrc,\rSrSrSrSrSrSrSrSr Sr g ) (SimulatedFinding.SeverityValueValuesEnumi a The severity of the finding. This field is managed by the source that writes the finding. Values: SEVERITY_UNSPECIFIED: Default value. This value is unused. CRITICAL: For vulnerabilities: A critical vulnerability is easily discoverable by an external actor, exploitable, and results in the direct ability to execute arbitrary code, exfiltrate data, and otherwise gain additional access and privileges to cloud resources and workloads. Examples include publicly accessible unprotected user data and public SSH access with weak or no passwords. For threats: Indicates a threat that is able to access, modify, or delete data or execute unauthorized code within existing resources. HIGH: For vulnerabilities: A high-risk vulnerability can be easily discovered and exploited in combination with other vulnerabilities in order to gain direct access and the ability to execute arbitrary code, exfiltrate data, and otherwise gain additional access and privileges to cloud resources and workloads. An example is a database with weak or no passwords that is only accessible internally. This database could easily be compromised by an actor that had access to the internal network. For threats: Indicates a threat that is able to create new computational resources in an environment but not able to access data or execute code in existing resources. MEDIUM: For vulnerabilities: A medium-risk vulnerability could be used by an actor to gain access to resources or privileges that enable them to eventually (through multiple steps or a complex exploit) gain access and the ability to execute arbitrary code or exfiltrate data. An example is a service account with access to more projects than it should have. If an actor gains access to the service account, they could potentially use that access to manipulate a project the service account was not intended to. For threats: Indicates a threat that is able to cause operational impact but may not access data or execute unauthorized code. LOW: For vulnerabilities: A low-risk vulnerability hampers a security organization's ability to detect vulnerabilities or active threats in their deployment, or prevents the root cause investigation of security issues. An example is monitoring and logs being disabled for resource configurations and access. For threats: Indicates a threat that has obtained minimal access to an environment but is not able to access data, execute code, or create resources. rr rr#rHrNrIrrrrOr s$(RH D F CrrOc$\rSrSrSrSrSrSrSrg)%SimulatedFinding.StateValueValuesEnumiE a'Output only. The state of the finding. Values: STATE_UNSPECIFIED: Default value. This value is unused. ACTIVE: The finding requires attention and has not been addressed yet. INACTIVE: The finding has been fixed, triaged as a non-issue, or otherwise addressed and is no longer active. rr rrN) rrrrrSTATE_UNSPECIFIEDACTIVEINACTIVErrrrStateValueValuesEnumrE s FHrrrscf\rSrSrSr"SS\R 5r\R"SSSS9r Sr g ) &SimulatedFinding.SourcePropertiesValueiR aSource-specific properties. These properties are managed by the source that writes the finding. The key names must be between 1 and 255 characters; they must start with a letter and contain alphanumeric characters or underscores only. Messages: AdditionalProperty: An additional property for a SourcePropertiesValue object. Fields: additionalProperties: Additional properties of type SourcePropertiesValue cb\rSrSrSr\R "S5r\R"SS5r Sr g)9SimulatedFinding.SourcePropertiesValue.AdditionalPropertyib zAn additional property for a SourcePropertiesValue object. Fields: key: Name of the additional property. value: A extra_types.JsonValue attribute. r ryrrNrzrrrr}rb r~rr}r Tr rNrrrrSourcePropertiesValuerR s4  AY.. A%112FTXYrrr rr#rHrRrTrUrrrN)rrrrrrr)rrOrrrrrrcategory eventTimer+ findingClassr9r' resourceNamer\rsourcePropertiesstaterrrrrr s0dINN>. . ` Y^^  !!"89Zi//Z:Z8 " "1 %(##A&)$$%BAF,   q !$   #&&&q),  !:A >(++,CQG   4a 8%rrc\rSrSrSr\R "S5"SS\R55r \R"SS5r \R"SS5r \R"S 5rS rg ) riz aManually constructed information about a resource. Messages: ResourceDataValue: Optional. A representation of the Google Cloud resource. Should match the Google Cloud resource JSON format. If the custom module evaluates only the IAM allow policy, then you can omit this field. Fields: iamPolicyData: Optional. A representation of the IAM allow policy. If the custom module evaluates only the resource data, then you can omit this field. resourceData: Optional. A representation of the Google Cloud resource. Should match the Google Cloud resource JSON format. If the custom module evaluates only the IAM allow policy, then you can omit this field. resourceType: Required. The type of the resource. For example, `compute.googleapis.com/Disk`. rscf\rSrSrSr"SS\R 5r\R"SSSS9r Sr g ) #SimulatedResource.ResourceDataValuei a\Optional. A representation of the Google Cloud resource. Should match the Google Cloud resource JSON format. If the custom module evaluates only the IAM allow policy, then you can omit this field. Messages: AdditionalProperty: An additional property for a ResourceDataValue object. Fields: additionalProperties: Properties of the object. cb\rSrSrSr\R "S5r\R"SS5r Sr g)6SimulatedResource.ResourceDataValue.AdditionalPropertyi zAn additional property for a ResourceDataValue object. Fields: key: Name of the additional property. value: A extra_types.JsonValue attribute. r ryrrNrzrrrr}r r~rr}r Tr rNrrrrResourceDataValuer s4  AY.. A%112FTXYrrrr rr#rN)rrrrrrrrrrr iamPolicyData resourceDatar resourceTyperrrrrrz sn& !!"89Z)++Z:Z4((15-''(;Q?,&&q),rrc\rSrSrSr\R "SS5r\R "SS5r\R "SS5r S r g ) ri zPossible test result. Fields: error: Error encountered during the test. finding: Finding that would be published for the test case if a violation is detected. noViolation: Indicates that the test case does not trigger any violation. rr rrrr#rN) rrrrrrrrfinding noViolationrrrrrr s@  1 -%  " "#5q 9'&&w2+rrc\rSrSrSr"SS\R 5r"SS\R 5r\R"SS5r \R"S5r \R"SS S S 9r \R"S 5r\R"S 5r\R"S5r\R"S5r\R$"SSS 9r\R"S5r\R"S5r\R"S5r\R"S5rSrg)StandardQueryParametersi aQuery parameters accepted by all methods. Enums: FXgafvValueValuesEnum: V1 error format. AltValueValuesEnum: Data format for response. Fields: f__xgafv: V1 error format. access_token: OAuth access token. alt: Data format for response. callback: JSONP fields: Selector specifying which fields to include in a partial response. key: API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. oauth_token: OAuth 2.0 token for the current user. prettyPrint: Returns response with indentations and line breaks. quotaUser: Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. trace: A tracing token of the form "token:" to include in api requests. uploadType: Legacy upload protocol for media (e.g. "media", "multipart"). upload_protocol: Upload protocol for media (e.g. "raw", "multipart"). c$\rSrSrSrSrSrSrSrg)*StandardQueryParameters.AltValueValuesEnumi zData format for response. Values: json: Responses with Content-Type of application/json media: Media download with context-dependent Content-Type proto: Responses with Content-Type of application/x-protobuf rr rrN) rrrrrjsonmediaprotorrrrAltValueValuesEnumr s D E Errc \rSrSrSrSrSrSrg)-StandardQueryParameters.FXgafvValueValuesEnumi zFV1 error format. Values: _1: v1 error format _2: v2 error format rr rN)rrrrr_1_2rrrrFXgafvValueValuesEnumr! s B Brr$r rr#r)defaultrHrRrTrUrTr rN)rrrrrrr)rr$r+f__xgafvr access_tokenaltcallbackfieldsr{ oauth_tokenr prettyPrint quotaUsertrace uploadTypeupload_protocolrrrrrr s4 9>>  inn  !8! <(&&q),0!VD#  " "1 %(   #&a #%%a(+&&q$7+##A&)    #%$$R(*))"-/rrc\rSrSrSr\R "S5"SS\R55r \R"S\RRS9r \R"SSS S 9r\R "S 5rS rg )ri aThe `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). Messages: DetailsValueListEntry: A DetailsValueListEntry object. Fields: code: The status code, which should be an enum value of google.rpc.Code. details: A list of messages that carry the error details. There is a common set of message types for APIs to use. message: A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client. rscf\rSrSrSr"SS\R 5r\R"SSSS9r Sr g ) Status.DetailsValueListEntryi zA DetailsValueListEntry object. Messages: AdditionalProperty: An additional property for a DetailsValueListEntry object. Fields: additionalProperties: Properties of the object. Contains field @type with type URL. cb\rSrSrSr\R "S5r\R"SS5r Sr g)/Status.DetailsValueListEntry.AdditionalPropertyi zAn additional property for a DetailsValueListEntry object. Fields: key: Name of the additional property. value: A extra_types.JsonValue attribute. r ryrrNrzrrrr}r8 r~rr}r Tr rNrrrrDetailsValueListEntryr6 rrr9r rrTr r#rN)rrrrrrrrrr9rrrcoderdetailsrmessagerrrrrr s|& !!"89Zi//Z:Z2   9+<+<+B+B C$  " "#:A M'  ! !! $'rrc`\rSrSrSr\R "S5r\R "S5rSr g)rEi/ aRequest message for SecurityCenterManagement.ValidateEventThreatDetectionCustomModule. Fields: rawText: Required. The raw text of the module's contents. Used to generate error messages. type: Required. The type of the module. For example, `CONFIGURABLE_BAD_IP`. r rrN) rrrrrrrrawTextrrrrrrErE/ s)  ! !! $'   q !$rrEc<\rSrSrSr\R "SSSS9rSrg) 0ValidateEventThreatDetectionCustomModuleResponsei> zResponse message for SecurityCenterManagement.ValidateEventThreatDetectionCustomModule. Fields: errors: A list of errors returned by the validator. If the list is empty, there were no errors. r^r Tr rN) rrrrrrrerrorsrrrrr@r@> s  ! !"?T R&rr@r)z$.xgafvr"1r#2N)r __future__rapitools.base.protorpcliterrapitools.base.pyrrpackagerr r r.r;r?rCr^rPrirrrrQrrrrrrrrrrrrrrr`rfrSrrrr#r*r,r.r4r8r:r=r?rDrJrOrSrXr]r_rbrdrfrjrprrrtrvrxrzr|r~rrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrkrrrrrrrEr@AddCustomJsonFieldMappingAddCustomJsonEnumMappingr$rrrrJs '<%( %%)##%:=Y&&=D"i''"@=Y..="I%%"45?9$$5?p0)"3"30. Dy(( DI" 0A0AI"X-"93D3D-"`I  [(y'8'8[(|!#9  !#HM")"3"3M"`T"**T"n +i>O>O + yARAR y +Y=N=N + + @Q@Q + +I4E4E + +I-- +8Y..8$ ]):): ] yy7H7H yE]Y&&E]Pi8 !!i8XKGY  KG\ Jy  J 6y  6:y((:a(I--a(H=()*;*;=(@ 1clctct 1 3dmdudu3. 1fofwfw 1 3gpgxgx3.+]f]n]n+4+]f]n]n+2 1ZcZkZk 1 3enevev303[d[l[l30+\e\m\m+>A_h_p_pA"6yO`O`626PYPaPa68$+QZQbQb$+N+`i`q`q+6+`i`q`q+2 1]f]n]n 13hqhyhy3.3^g^o^o3.+_h_p_p+BGbkbsbsG$ 1iriziz 1 3jsj{j{3. 1lul}l} 1 3mvm~m~3.+clctct+4+clctct+2 1`i`q`q 1 3ktk|k|303ajarar30+bkbsbs+>AenevevA" 1iN_N_ 1 1IL]L] 11IL]L]11IZIZ13)J[J[326U^UfUf606V_VgVg66#+W`WhWh#+L+fofwfw+6+fofwfw+2 1clctct 13nwnn3.3dmdudu3.+enevev+BGhqhyhyG$ 1dmdudu 1 3enevev3. 1gpgxgx 1 3hqhyhy3.+^g^o^o+4+^g^o^o+2 1[d[l[l 1 3fofwfw303\e\m\m30+]f]n]n+>A`i`q`qA" 1IZIZ 11):K:K1'9;L;L'0 1yGXGX 11yGXGX11IDUDU13YEVEV306PYPaPa626QZQbQb68$+R[RcRc$+N+ajarar+6+ajarar+2 1^g^o^o 13iriziz3.3_h_p_p3.+`i`q`q+BGclctctG$ <9J9J <8):K:K8t9y((t9n1* ))1*h 3i'' 3<.i//<.~0%Y  0%f "i6G6G " Sy7H7H S ""Z4!!114>!!114>r