diff --git a/google/cloud/securitycenter/v1p1beta1/BUILD.bazel b/google/cloud/securitycenter/v1p1beta1/BUILD.bazel index 84a00a3d..3c65c6ac 100644 --- a/google/cloud/securitycenter/v1p1beta1/BUILD.bazel +++ b/google/cloud/securitycenter/v1p1beta1/BUILD.bazel @@ -17,6 +17,7 @@ proto_library( "notification_config.proto", "notification_message.proto", "organization_settings.proto", + "resource.proto", "run_asset_discovery_response.proto", "security_marks.proto", "securitycenter_service.proto", @@ -136,8 +137,8 @@ go_gapic_library( deps = [ ":securitycenter_go_proto", "//google/iam/v1:iam_go_proto", - "//google/longrunning:longrunning_go_gapic", "//google/longrunning:longrunning_go_proto", + "@com_google_cloud_go//longrunning/autogen:go_default_library", "@com_google_cloud_go//longrunning:go_default_library", "@io_bazel_rules_go//proto/wkt:duration_go_proto", "@io_bazel_rules_go//proto/wkt:struct_go_proto", diff --git a/google/cloud/securitycenter/v1p1beta1/asset.proto b/google/cloud/securitycenter/v1p1beta1/asset.proto index aaa18bcb..bfcae368 100644 --- a/google/cloud/securitycenter/v1p1beta1/asset.proto +++ b/google/cloud/securitycenter/v1p1beta1/asset.proto @@ -1,4 +1,4 @@ -// Copyright 2019 Google LLC. +// Copyright 2020 Google LLC // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -11,7 +11,6 @@ // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. -// syntax = "proto3"; @@ -30,30 +29,31 @@ option java_package = "com.google.cloud.securitycenter.v1p1beta1"; option php_namespace = "Google\\Cloud\\SecurityCenter\\V1p1beta1"; option ruby_package = "Google::Cloud::SecurityCenter::V1p1beta1"; -// Cloud Security Command Center's (Cloud SCC) representation of a Google Cloud -// Platform (GCP) resource. +// Security Command Center representation of a Google Cloud +// resource. // -// The Asset is a Cloud SCC resource that captures information about a single -// GCP resource. All modifications to an Asset are only within the context of -// Cloud SCC and don't affect the referenced GCP resource. +// The Asset is a Security Command Center resource that captures information +// about a single Google Cloud resource. All modifications to an Asset are only +// within the context of Security Command Center and don't affect the referenced +// Google Cloud resource. message Asset { option (google.api.resource) = { type: "securitycenter.googleapis.com/Asset" pattern: "organizations/{organization}/assets/{asset}" }; - // Cloud SCC managed properties. These properties are managed by Cloud SCC and - // cannot be modified by the user. + // Security Command Center managed properties. These properties are managed by + // Security Command Center and cannot be modified by the user. message SecurityCenterProperties { - // The full resource name of the GCP resource this asset + // The full resource name of the Google Cloud resource this asset // represents. This field is immutable after create time. See: // https://cloud.google.com/apis/design/resource_names#full_resource_name string resource_name = 1; - // The type of the GCP resource. Examples include: APPLICATION, + // The type of the Google Cloud resource. Examples include: APPLICATION, // PROJECT, and ORGANIZATION. This is a case insensitive field defined by - // Cloud SCC and/or the producer of the resource and is immutable - // after create time. + // Security Command Center and/or the producer of the resource and is + // immutable after create time. string resource_type = 2; // The full resource name of the immediate parent of the resource. See: @@ -77,12 +77,13 @@ message Asset { string resource_project_display_name = 8; } - // IAM Policy information associated with the GCP resource described by the - // Cloud SCC asset. This information is managed and defined by the GCP - // resource and cannot be modified by the user. + // Cloud IAM Policy information associated with the Google Cloud resource + // described by the Security Command Center asset. This information is managed + // and defined by the Google Cloud resource and cannot be modified by the + // user. message IamPolicy { // The JSON representation of the Policy associated with the asset. - // See https://cloud.google.com/iam/reference/rest/v1/Policy for + // See https://cloud.google.com/iam/docs/reference/rest/v1/Policy for // format details. string policy_blob = 1; } @@ -93,27 +94,28 @@ message Asset { // "organizations/{organization_id}/assets/{asset_id}". string name = 1; - // Cloud SCC managed properties. These properties are managed by - // Cloud SCC and cannot be modified by the user. + // Security Command Center managed properties. These properties are managed by + // Security Command Center and cannot be modified by the user. SecurityCenterProperties security_center_properties = 2; // Resource managed properties. These properties are managed and defined by - // the GCP resource and cannot be modified by the user. + // the Google Cloud resource and cannot be modified by the user. map resource_properties = 7; // User specified security marks. These marks are entirely managed by the user // and come from the SecurityMarks resource that belongs to the asset. SecurityMarks security_marks = 8; - // The time at which the asset was created in Cloud SCC. + // The time at which the asset was created in Security Command Center. google.protobuf.Timestamp create_time = 9; // The time at which the asset was last updated, added, or deleted in Cloud // SCC. google.protobuf.Timestamp update_time = 10; - // IAM Policy information associated with the GCP resource described by the - // Cloud SCC asset. This information is managed and defined by the GCP - // resource and cannot be modified by the user. + // Cloud IAM Policy information associated with the Google Cloud resource + // described by the Security Command Center asset. This information is managed + // and defined by the Google Cloud resource and cannot be modified by the + // user. IamPolicy iam_policy = 11; } diff --git a/google/cloud/securitycenter/v1p1beta1/finding.proto b/google/cloud/securitycenter/v1p1beta1/finding.proto index 6428027d..21b65536 100644 --- a/google/cloud/securitycenter/v1p1beta1/finding.proto +++ b/google/cloud/securitycenter/v1p1beta1/finding.proto @@ -1,4 +1,4 @@ -// Copyright 2019 Google LLC. +// Copyright 2020 Google LLC // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -11,7 +11,6 @@ // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. -// syntax = "proto3"; @@ -31,12 +30,12 @@ option java_package = "com.google.cloud.securitycenter.v1p1beta1"; option php_namespace = "Google\\Cloud\\SecurityCenter\\V1p1beta1"; option ruby_package = "Google::Cloud::SecurityCenter::V1p1beta1"; -// Cloud Security Command Center (Cloud SCC) finding. +// Security Command Center finding. // // A finding is a record of assessment data (security, risk, health or privacy) -// ingested into Cloud SCC for presentation, notification, analysis, -// policy testing, and enforcement. For example, an XSS vulnerability in an -// App Engine application is a finding. +// ingested into Security Command Center for presentation, notification, +// analysis, policy testing, and enforcement. For example, an XSS vulnerability +// in an App Engine application is a finding. message Finding { option (google.api.resource) = { type: "securitycenter.googleapis.com/Finding" @@ -69,12 +68,12 @@ message Finding { // "organizations/{organization_id}/sources/{source_id}" string parent = 2; - // For findings on Google Cloud Platform (GCP) resources, the full resource - // name of the GCP resource this finding is for. See: + // For findings on Google Cloud resources, the full resource + // name of the Google Cloud resource this finding is for. See: // https://cloud.google.com/apis/design/resource_names#full_resource_name - // When the finding is for a non-GCP resource, the resourceName can be a - // customer or partner defined string. - // This field is immutable after creation time. + // When the finding is for a non-Google Cloud resource, the resourceName can + // be a customer or partner defined string. This field is immutable after + // creation time. string resource_name = 3; // The state of the finding. @@ -85,9 +84,9 @@ message Finding { // Example: "XSS_FLASH_INJECTION" string category = 5; - // The URI that, if available, points to a web page outside of Cloud SCC - // where additional information about the finding can be found. This field is - // guaranteed to be either empty or a well formed URL. + // The URI that, if available, points to a web page outside of Security + // Command Center where additional information about the finding can be found. + // This field is guaranteed to be either empty or a well formed URL. string external_uri = 6; // Source specific properties. These properties are managed by the source @@ -106,6 +105,6 @@ message Finding { // the firewall became open. The accuracy is determined by the detector. google.protobuf.Timestamp event_time = 9; - // The time at which the finding was created in Cloud SCC. + // The time at which the finding was created in Security Command Center. google.protobuf.Timestamp create_time = 10; } diff --git a/google/cloud/securitycenter/v1p1beta1/notification_config.proto b/google/cloud/securitycenter/v1p1beta1/notification_config.proto index 7cbb87b2..6f9e5966 100644 --- a/google/cloud/securitycenter/v1p1beta1/notification_config.proto +++ b/google/cloud/securitycenter/v1p1beta1/notification_config.proto @@ -1,4 +1,4 @@ -// Copyright 2019 Google LLC. +// Copyright 2020 Google LLC // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -11,7 +11,6 @@ // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. -// syntax = "proto3"; @@ -27,19 +26,16 @@ option java_multiple_files = true; option java_package = "com.google.cloud.securitycenter.v1p1beta1"; option php_namespace = "Google\\Cloud\\SecurityCenter\\V1p1beta1"; option ruby_package = "Google::Cloud::SecurityCenter::V1p1beta1"; - -// The Pub/Sub Topic resource definition is in google/cloud/pubsub/v1/, -// but we do not import that proto directly; therefore, we redefine the -// pattern here. option (google.api.resource_definition) = { type: "pubsub.googleapis.com/Topic" pattern: "projects/{project}/topics/{topic}" }; -// Cloud Security Command Center (Cloud SCC) notification configs. +// Security Command Center notification configs. // -// A notification config is a Cloud SCC resource that contains the configuration -// to send notifications for create/update events of findings, assets and etc. +// A notification config is a Security Command Center resource that contains the +// configuration to send notifications for create/update events of findings, +// assets and etc. message NotificationConfig { option (google.api.resource) = { type: "securitycenter.googleapis.com/NotificationConfig" @@ -94,14 +90,14 @@ message NotificationConfig { // The type of events the config is for, e.g. FINDING. EventType event_type = 3; - // The PubSub topic to send notifications to. Its format is + // The Pub/Sub topic to send notifications to. Its format is // "projects/[project_id]/topics/[topic]". string pubsub_topic = 4 [ (google.api.resource_reference) = { type: "pubsub.googleapis.com/Topic" } ]; // Output only. The service account that needs "pubsub.topics.publish" - // permission to publish to the PubSub topic. + // permission to publish to the Pub/Sub topic. string service_account = 5 [(google.api.field_behavior) = OUTPUT_ONLY]; // The config for triggering notifications. diff --git a/google/cloud/securitycenter/v1p1beta1/notification_message.proto b/google/cloud/securitycenter/v1p1beta1/notification_message.proto index 3abbcef3..fd3c23b6 100644 --- a/google/cloud/securitycenter/v1p1beta1/notification_message.proto +++ b/google/cloud/securitycenter/v1p1beta1/notification_message.proto @@ -1,4 +1,4 @@ -// Copyright 2019 Google LLC. +// Copyright 2020 Google LLC // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -11,7 +11,6 @@ // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. -// syntax = "proto3"; @@ -20,6 +19,7 @@ package google.cloud.securitycenter.v1p1beta1; import "google/api/annotations.proto"; import "google/cloud/securitycenter/v1p1beta1/asset.proto"; import "google/cloud/securitycenter/v1p1beta1/finding.proto"; +import "google/cloud/securitycenter/v1p1beta1/resource.proto"; option csharp_namespace = "Google.Cloud.SecurityCenter.V1P1Beta1"; option go_package = "google.golang.org/genproto/googleapis/cloud/securitycenter/v1p1beta1;securitycenter"; @@ -28,7 +28,7 @@ option java_package = "com.google.cloud.securitycenter.v1p1beta1"; option php_namespace = "Google\\Cloud\\SecurityCenter\\V1p1beta1"; option ruby_package = "Google::Cloud::SecurityCenter::V1p1beta1"; -// Cloud SCC's Notification +// Security Command Center's Notification message NotificationMessage { // Name of the notification config that generated current notification. string notification_config_name = 1; @@ -39,4 +39,7 @@ message NotificationMessage { // populated. Finding finding = 2; } + + // The Cloud resource tied to the notification. + Resource resource = 3; } diff --git a/google/cloud/securitycenter/v1p1beta1/organization_settings.proto b/google/cloud/securitycenter/v1p1beta1/organization_settings.proto index 9c38b87b..1be72dd7 100644 --- a/google/cloud/securitycenter/v1p1beta1/organization_settings.proto +++ b/google/cloud/securitycenter/v1p1beta1/organization_settings.proto @@ -1,4 +1,4 @@ -// Copyright 2019 Google LLC. +// Copyright 2020 Google LLC // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -11,7 +11,6 @@ // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. -// syntax = "proto3"; @@ -27,8 +26,8 @@ option java_package = "com.google.cloud.securitycenter.v1p1beta1"; option php_namespace = "Google\\Cloud\\SecurityCenter\\V1p1beta1"; option ruby_package = "Google::Cloud::SecurityCenter::V1p1beta1"; -// User specified settings that are attached to the Cloud Security Command -// Center (Cloud SCC) organization. +// User specified settings that are attached to the Security Command +// Center organization. message OrganizationSettings { option (google.api.resource) = { type: "securitycenter.googleapis.com/OrganizationSettings" diff --git a/google/cloud/securitycenter/v1p1beta1/resource.proto b/google/cloud/securitycenter/v1p1beta1/resource.proto new file mode 100644 index 00000000..00bb74d8 --- /dev/null +++ b/google/cloud/securitycenter/v1p1beta1/resource.proto @@ -0,0 +1,46 @@ +// Copyright 2020 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +syntax = "proto3"; + +package google.cloud.securitycenter.v1p1beta1; + +import "google/api/annotations.proto"; + +option csharp_namespace = "Google.Cloud.SecurityCenter.V1p1Beta1"; +option go_package = "google.golang.org/genproto/googleapis/cloud/securitycenter/v1p1beta1;securitycenter"; +option java_multiple_files = true; +option java_outer_classname = "ResourceProto"; +option java_package = "com.google.cloud.securitycenter.v1p1beta1"; +option php_namespace = "Google\\Cloud\\SecurityCenter\\V1p1beta1"; +option ruby_package = "Google::Cloud::SecurityCenter::V1p1beta1"; + +// Information related to the Google Cloud resource. +message Resource { + // The full resource name of the resource. See: + // https://cloud.google.com/apis/design/resource_names#full_resource_name + string name = 1; + + // The full resource name of project that the resource belongs to. + string project = 2; + + // The human readable name of project that the resource belongs to. + string project_display_name = 3; + + // The full resource name of resource's parent. + string parent = 4; + + // The human readable name of resource's parent. + string parent_display_name = 5; +} diff --git a/google/cloud/securitycenter/v1p1beta1/run_asset_discovery_response.proto b/google/cloud/securitycenter/v1p1beta1/run_asset_discovery_response.proto index b8b9ea48..720ffc4f 100644 --- a/google/cloud/securitycenter/v1p1beta1/run_asset_discovery_response.proto +++ b/google/cloud/securitycenter/v1p1beta1/run_asset_discovery_response.proto @@ -1,4 +1,4 @@ -// Copyright 2019 Google LLC. +// Copyright 2020 Google LLC // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -11,7 +11,6 @@ // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. -// syntax = "proto3"; diff --git a/google/cloud/securitycenter/v1p1beta1/security_marks.proto b/google/cloud/securitycenter/v1p1beta1/security_marks.proto index ac54bc19..11a1dd85 100644 --- a/google/cloud/securitycenter/v1p1beta1/security_marks.proto +++ b/google/cloud/securitycenter/v1p1beta1/security_marks.proto @@ -1,4 +1,4 @@ -// Copyright 2019 Google LLC. +// Copyright 2020 Google LLC // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -11,7 +11,6 @@ // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. -// syntax = "proto3"; @@ -27,9 +26,9 @@ option java_package = "com.google.cloud.securitycenter.v1p1beta1"; option php_namespace = "Google\\Cloud\\SecurityCenter\\V1p1beta1"; option ruby_package = "Google::Cloud::SecurityCenter::V1p1beta1"; -// User specified security marks that are attached to the parent Cloud Security -// Command Center (Cloud SCC) resource. Security marks are scoped within a Cloud -// SCC organization -- they can be modified and viewed by all users who have +// User specified security marks that are attached to the parent Security +// Command Center resource. Security marks are scoped within a Security Command +// Center organization -- they can be modified and viewed by all users who have // proper permissions on the organization. message SecurityMarks { option (google.api.resource) = { diff --git a/google/cloud/securitycenter/v1p1beta1/securitycenter_grpc_service_config.json b/google/cloud/securitycenter/v1p1beta1/securitycenter_grpc_service_config.json index 1e1d6a1b..f3b89d22 100755 --- a/google/cloud/securitycenter/v1p1beta1/securitycenter_grpc_service_config.json +++ b/google/cloud/securitycenter/v1p1beta1/securitycenter_grpc_service_config.json @@ -51,7 +51,7 @@ "method": "UpdateSecurityMarks" } ], - "timeout": "60s" + "timeout": "600s" }, { "name": [ @@ -100,9 +100,8 @@ "method": "TestIamPermissions" } ], - "timeout": "60s", + "timeout": "600s", "retryPolicy": { - "maxAttempts": 5, "initialBackoff": "0.100s", "maxBackoff": "60s", "backoffMultiplier": 1.3, diff --git a/google/cloud/securitycenter/v1p1beta1/securitycenter_service.proto b/google/cloud/securitycenter/v1p1beta1/securitycenter_service.proto index dcd9af68..7431515b 100644 --- a/google/cloud/securitycenter/v1p1beta1/securitycenter_service.proto +++ b/google/cloud/securitycenter/v1p1beta1/securitycenter_service.proto @@ -1,4 +1,4 @@ -// Copyright 2019 Google LLC. +// Copyright 2020 Google LLC // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -11,7 +11,6 @@ // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. -// syntax = "proto3"; @@ -236,7 +235,6 @@ service SecurityCenter { option (google.api.method_signature) = "resource,permissions"; } - // // Creates or updates a finding. The corresponding source must exist for a // finding creation to succeed. rpc UpdateFinding(UpdateFindingRequest) returns (Finding) { @@ -447,15 +445,15 @@ message GroupAssetsRequest { // // Usage: This should be milliseconds since epoch or an RFC3339 string. // Examples: - // "update_time = \"2019-06-10T16:07:18-07:00\"" - // "update_time = 1560208038000" + // `update_time = "2019-06-10T16:07:18-07:00"` + // `update_time = 1560208038000` // // * create_time: `=`, `>`, `<`, `>=`, `<=` // // Usage: This should be milliseconds since epoch or an RFC3339 string. // Examples: - // "create_time = \"2019-06-10T16:07:18-07:00\"" - // "create_time = 1560208038000" + // `create_time = "2019-06-10T16:07:18-07:00"` + // `create_time = 1560208038000` // // * iam_policy.policy_blob: `=`, `:` // * resource_properties: `=`, `:`, `>`, `<`, `>=`, `<=` @@ -470,6 +468,12 @@ message GroupAssetsRequest { // * security_center_properties.resource_owners: `=`, `:` // // For example, `resource_properties.size = 100` is a valid filter string. + // + // Use a partial match on the empty string to filter based on a property + // existing: `resource_properties.my_property : ""` + // + // Use a negated partial match on the empty string to filter based on a + // property not existing: `-resource_properties.my_property : ""` string filter = 2; // Required. Expression that defines what assets fields to use for grouping. @@ -527,11 +531,6 @@ message GroupAssetsRequest { // NOW. google.protobuf.Timestamp read_time = 5; - // Filter that specifies what fields to further filter on *after* the query - // filter has been executed. Currently only `state_change` is supported and - // requires compare_duration to be specified. - string having = 6; - // The value returned by the last `GroupAssetsResponse`; indicates // that this is a continuation of a prior `GroupAssets` call, and that the // system should return the next page of data. @@ -609,13 +608,19 @@ message GroupFindingsRequest { // // Usage: This should be milliseconds since epoch or an RFC3339 string. // Examples: - // "event_time = \"2019-06-10T16:07:18-07:00\"" - // "event_time = 1560208038000" + // `event_time = "2019-06-10T16:07:18-07:00"` + // `event_time = 1560208038000` // // * security_marks.marks: `=`, `:` // * source_properties: `=`, `:`, `>`, `<`, `>=`, `<=` // // For example, `source_properties.size = 100` is a valid filter string. + // + // Use a partial match on the empty string to filter based on a property + // existing: `source_properties.my_property : ""` + // + // Use a negated partial match on the empty string to filter based on a + // property not existing: `-source_properties.my_property : ""` string filter = 2; // Required. Expression that defines what assets fields to use for grouping @@ -653,12 +658,18 @@ message GroupFindingsRequest { // // Possible "state_change" values when compare_duration is specified: // - // * "CHANGED": indicates that the finding was present at the start of - // compare_duration, but changed its state at read_time. - // * "UNCHANGED": indicates that the finding was present at the start of - // compare_duration and did not change state at read_time. - // * "ADDED": indicates that the finding was not present at the start - // of compare_duration, but was present at read_time. + // * "CHANGED": indicates that the finding was present and matched the given + // filter at the start of compare_duration, but changed its + // state at read_time. + // * "UNCHANGED": indicates that the finding was present and matched the given + // filter at the start of compare_duration and did not change + // state at read_time. + // * "ADDED": indicates that the finding did not match the given filter or + // was not present at the start of compare_duration, but was + // present at read_time. + // * "REMOVED": indicates that the finding was present and matched the + // filter at the start of compare_duration, but did not match + // the filter at read_time. // // If compare_duration is not specified, then the only possible state_change // is "UNUSED", which will be the state_change set for all findings present @@ -668,11 +679,6 @@ message GroupFindingsRequest { // `group_by`. google.protobuf.Duration compare_duration = 5; - // Filter that specifies what fields to further filter on *after* the query - // filter has been executed. Currently only `finding.state` and `state_change` - // are supported and requires compare_duration to be specified. - string having = 6; - // The value returned by the last `GroupFindingsResponse`; indicates // that this is a continuation of a prior `GroupFindings` call, and // that the system should return the next page of data. @@ -816,15 +822,15 @@ message ListAssetsRequest { // // Usage: This should be milliseconds since epoch or an RFC3339 string. // Examples: - // "update_time = \"2019-06-10T16:07:18-07:00\"" - // "update_time = 1560208038000" + // `update_time = "2019-06-10T16:07:18-07:00"` + // `update_time = 1560208038000` // // * create_time: `=`, `>`, `<`, `>=`, `<=` // // Usage: This should be milliseconds since epoch or an RFC3339 string. // Examples: - // "create_time = \"2019-06-10T16:07:18-07:00\"" - // "create_time = 1560208038000" + // `create_time = "2019-06-10T16:07:18-07:00"` + // `create_time = 1560208038000` // // * iam_policy.policy_blob: `=`, `:` // * resource_properties: `=`, `:`, `>`, `<`, `>=`, `<=` @@ -839,6 +845,12 @@ message ListAssetsRequest { // * security_center_properties.resource_owners: `=`, `:` // // For example, `resource_properties.size = 100` is a valid filter string. + // + // Use a partial match on the empty string to filter based on a property + // existing: `resource_properties.my_property : ""` + // + // Use a negated partial match on the empty string to filter based on a + // property not existing: `-resource_properties.my_property : ""` string filter = 2; // Expression that defines what fields and order to use for sorting. The @@ -896,11 +908,6 @@ message ListAssetsRequest { // read_time. google.protobuf.Duration compare_duration = 5; - // Filter that specifies what fields to further filter on *after* the query - // filter has been executed. Currently only `state_change` is supported and - // requires compare_duration to be specified. - string having = 6; - // Optional. // A field mask to specify the ListAssetsResult fields to be listed in the // response. @@ -1012,13 +1019,19 @@ message ListFindingsRequest { // // Usage: This should be milliseconds since epoch or an RFC3339 string. // Examples: - // "event_time = \"2019-06-10T16:07:18-07:00\"" - // "event_time = 1560208038000" + // `event_time = "2019-06-10T16:07:18-07:00"` + // `event_time = 1560208038000` // // security_marks.marks: `=`, `:` // source_properties: `=`, `:`, `>`, `<`, `>=`, `<=` // // For example, `source_properties.size = 100` is a valid filter string. + // + // Use a partial match on the empty string to filter based on a property + // existing: `source_properties.my_property : ""` + // + // Use a negated partial match on the empty string to filter based on a + // property not existing: `-source_properties.my_property : ""` string filter = 2; // Expression that defines what fields and order to use for sorting. The @@ -1061,23 +1074,24 @@ message ListFindingsRequest { // // Possible "state_change" values when compare_duration is specified: // - // * "CHANGED": indicates that the finding was present at the start of - // compare_duration, but changed its state at read_time. - // * "UNCHANGED": indicates that the finding was present at the start of - // compare_duration and did not change state at read_time. - // * "ADDED": indicates that the finding was not present at the start - // of compare_duration, but was present at read_time. + // * "CHANGED": indicates that the finding was present and matched the given + // filter at the start of compare_duration, but changed its + // state at read_time. + // * "UNCHANGED": indicates that the finding was present and matched the given + // filter at the start of compare_duration and did not change + // state at read_time. + // * "ADDED": indicates that the finding did not match the given filter or + // was not present at the start of compare_duration, but was + // present at read_time. + // * "REMOVED": indicates that the finding was present and matched the + // filter at the start of compare_duration, but did not match + // the filter at read_time. // // If compare_duration is not specified, then the only possible state_change // is "UNUSED", which will be the state_change set for all findings present at // read_time. google.protobuf.Duration compare_duration = 5; - // Filter that specifies what fields to further filter on *after* the query - // filter has been executed. Currently only `finding.state` and `state_change` - // are supported and requires compare_duration to be specified. - string having = 6; - // Optional. // A field mask to specify the Finding fields to be listed in the response. // An empty field mask will list all fields. @@ -1098,7 +1112,7 @@ message ListFindingsRequest { message ListFindingsResponse { // Result containing the Finding and its StateChange. message ListFindingsResult { - // Information related to the Google Cloud Platform (GCP) resource that is + // Information related to the Google Cloud resource that is // associated with this finding. message Resource { // The full resource name of the resource. See: diff --git a/google/cloud/securitycenter/v1p1beta1/securitycenter_v1p1beta1.yaml b/google/cloud/securitycenter/v1p1beta1/securitycenter_v1p1beta1.yaml index 3c731958..cfc61ada 100644 --- a/google/cloud/securitycenter/v1p1beta1/securitycenter_v1p1beta1.yaml +++ b/google/cloud/securitycenter/v1p1beta1/securitycenter_v1p1beta1.yaml @@ -1,19 +1,20 @@ type: google.api.Service config_version: 3 name: securitycenter.googleapis.com -title: Cloud Security Command Center API +title: Security Command Center API apis: - name: google.cloud.securitycenter.v1p1beta1.SecurityCenter types: - name: google.cloud.securitycenter.v1p1beta1.NotificationMessage +- name: google.cloud.securitycenter.v1p1beta1.Resource - name: google.cloud.securitycenter.v1p1beta1.RunAssetDiscoveryResponse documentation: summary: |- - Cloud Security Command Center API provides access to temporal views of - assets and findings within an organization. + Security Command Center API provides access to temporal views of assets and + findings within an organization. backend: rules: diff --git a/google/cloud/securitycenter/v1p1beta1/source.proto b/google/cloud/securitycenter/v1p1beta1/source.proto index d591a05c..0e940df6 100644 --- a/google/cloud/securitycenter/v1p1beta1/source.proto +++ b/google/cloud/securitycenter/v1p1beta1/source.proto @@ -1,4 +1,4 @@ -// Copyright 2019 Google LLC. +// Copyright 2020 Google LLC // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -11,7 +11,6 @@ // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. -// syntax = "proto3"; @@ -27,7 +26,7 @@ option java_package = "com.google.cloud.securitycenter.v1p1beta1"; option php_namespace = "Google\\Cloud\\SecurityCenter\\V1p1beta1"; option ruby_package = "Google::Cloud::SecurityCenter::V1p1beta1"; -// Cloud Security Command Center's (Cloud SCC) finding source. A finding source +// Security Command Center finding source. A finding source // is an entity or a mechanism that can produce a finding. A source is like a // container of findings that come from the same scanner, logger, monitor, etc. message Source { @@ -51,7 +50,7 @@ message Source { // The description of the source (max of 1024 characters). // Example: - // "Cloud Security Scanner is a web security scanner for common + // "Web Security Scanner is a web security scanner for common // vulnerabilities in App Engine applications. It can automatically // scan and detect four common vulnerabilities, including cross-site-scripting // (XSS), Flash injection, mixed content (HTTP in HTTPS), and