suguo
/
googleapis
0
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

feat: added field severity to findings in v1 API 

Clients will now see a new field, severity, on findings. They will also be able to filter and group by severity on ListFinding and GroupFinding API calls.

PiperOrigin-RevId: 347410691
This commit is contained in:
Google APIs 2020-12-14 10:08:23 -08:00 committed by Copybara-Service
parent 0509f4bc8c
commit e9135d3cb8
3 changed files with 125 additions and 79 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

63
google/cloud/securitycenter/v1/finding.proto
View File

@ -56,6 +56,65 @@ message Finding {
INACTIVE = 2;
}
// The severity of the finding.
enum Severity {
// This value is used for findings when a source doesn't write a severity
// value.
SEVERITY_UNSPECIFIED = 0;
// Vulnerability:
// A critical vulnerability is easily discoverable by an external actor,
// exploitable, and results in the direct ability to execute arbitrary code,
// exfiltrate data, and otherwise gain additional access and privileges to
// cloud resources and workloads. Examples include publicly accessible
// unprotected user data, public SSH access with weak or no passwords, etc.
//
// Threat:
// Indicates a threat that is able to access, modify, or delete data or
// execute unauthorized code within existing resources.
CRITICAL = 1;
// Vulnerability:
// A high risk vulnerability can be easily discovered and exploited in
// combination with other vulnerabilities in order to gain direct access and
// the ability to execute arbitrary code, exfiltrate data, and otherwise
// gain additional access and privileges to cloud resources and workloads.
// An example is a database with weak or no passwords that is only
// accessible internally. This database could easily be compromised by an
// actor that had access to the internal network.
//
// Threat:
// Indicates a threat that is able to create new computational resources in
// an environment but not able to access data or execute code in existing
// resources.
HIGH = 2;
// Vulnerability:
// A medium risk vulnerability could be used by an actor to gain access to
// resources or privileges that enable them to eventually (through multiple
// steps or a complex exploit) gain access and the ability to execute
// arbitrary code or exfiltrate data. An example is a service account with
// access to more projects than it should have. If an actor gains access to
// the service account, they could potentially use that access to manipulate
// a project the service account was not intended to.
//
// Threat:
// Indicates a threat that is able to cause operational impact but may not
// access data or execute unauthorized code.
MEDIUM = 3;
// Vulnerability:
// A low risk vulnerability hampers a security organizations ability to
// detect vulnerabilities or active threats in their deployment, or prevents
// the root cause investigation of security issues. An example is monitoring
// and logs being disabled for resource configurations and access.
//
// Threat:
// Indicates a threat that has obtained minimal access to an environment but
// is not able to access data, execute code, or create resources.
LOW = 4;
}
// The relative resource name of this finding. See:
// https://cloud.google.com/apis/design/resource_names#relative_resource_name
// Example:
@ -110,4 +169,8 @@ message Finding {
// The time at which the finding was created in Security Command Center.
google.protobuf.Timestamp create_time = 10;
// The severity of the finding. This field is managed by the source that
// writes the finding.
Severity severity = 12;
}

10
google/cloud/securitycenter/v1/notification_config.proto
View File

@ -78,14 +78,14 @@ message NotificationConfig {
// The description of the notification config (max of 1024 characters).
string description = 2;
// The PubSub topic to send notifications to. Its format is
// The Pub/Sub topic to send notifications to. Its format is
// "projects/[project_id]/topics/[topic]".
string pubsub_topic = 3 [
(google.api.resource_reference) = { type: "pubsub.googleapis.com/Topic" }
];
string pubsub_topic = 3 [(google.api.resource_reference) = {
type: "pubsub.googleapis.com/Topic"
}];
// Output only. The service account that needs "pubsub.topics.publish"
// permission to publish to the PubSub topic.
// permission to publish to the Pub/Sub topic.
string service_account = 4 [(google.api.field_behavior) = OUTPUT_ONLY];
// The config for triggering notifications.

131
google/cloud/securitycenter/v1/securitycenter_service.proto
View File

@ -17,7 +17,6 @@ syntax = "proto3";
package google.cloud.securitycenter.v1;
import public "google/cloud/securitycenter/v1/run_asset_discovery_response.proto";
import "google/api/annotations.proto";
import "google/api/client.proto";
import "google/api/field_behavior.proto";
@ -47,8 +46,7 @@ option ruby_package = "Google::Cloud::SecurityCenter::V1";
// V1 APIs for Security Center service.
service SecurityCenter {
option (google.api.default_host) = "securitycenter.googleapis.com";
option (google.api.oauth_scopes) =
"https://www.googleapis.com/auth/cloud-platform";
option (google.api.oauth_scopes) = "https://www.googleapis.com/auth/cloud-platform";
// Creates a source.
rpc CreateSource(CreateSourceRequest) returns (Source) {
@ -70,20 +68,17 @@ service SecurityCenter {
}
// Creates a notification config.
rpc CreateNotificationConfig(CreateNotificationConfigRequest)
returns (NotificationConfig) {
rpc CreateNotificationConfig(CreateNotificationConfigRequest) returns (NotificationConfig) {
option (google.api.http) = {
post: "/v1/{parent=organizations/*}/notificationConfigs"
body: "notification_config"
};
option (google.api.method_signature) =
"parent,config_id,notification_config";
option (google.api.method_signature) = "parent,config_id,notification_config";
option (google.api.method_signature) = "parent,notification_config";
}
// Deletes a notification config.
rpc DeleteNotificationConfig(DeleteNotificationConfigRequest)
returns (google.protobuf.Empty) {
rpc DeleteNotificationConfig(DeleteNotificationConfigRequest) returns (google.protobuf.Empty) {
option (google.api.http) = {
delete: "/v1/{name=organizations/*/notificationConfigs/*}"
};
@ -91,8 +86,7 @@ service SecurityCenter {
}
// Gets the access control policy on the specified Source.
rpc GetIamPolicy(google.iam.v1.GetIamPolicyRequest)
returns (google.iam.v1.Policy) {
rpc GetIamPolicy(google.iam.v1.GetIamPolicyRequest) returns (google.iam.v1.Policy) {
option (google.api.http) = {
post: "/v1/{resource=organizations/*/sources/*}:getIamPolicy"
body: "*"
@ -101,8 +95,7 @@ service SecurityCenter {
}
// Gets a notification config.
rpc GetNotificationConfig(GetNotificationConfigRequest)
returns (NotificationConfig) {
rpc GetNotificationConfig(GetNotificationConfigRequest) returns (NotificationConfig) {
option (google.api.http) = {
get: "/v1/{name=organizations/*/notificationConfigs/*}"
};
@ -110,8 +103,7 @@ service SecurityCenter {
}
// Gets the settings for an organization.
rpc GetOrganizationSettings(GetOrganizationSettingsRequest)
returns (OrganizationSettings) {
rpc GetOrganizationSettings(GetOrganizationSettingsRequest) returns (OrganizationSettings) {
option (google.api.http) = {
get: "/v1/{name=organizations/*/organizationSettings}"
};
@ -166,8 +158,7 @@ service SecurityCenter {
}
// Lists notification configs.
rpc ListNotificationConfigs(ListNotificationConfigsRequest)
returns (ListNotificationConfigsResponse) {
rpc ListNotificationConfigs(ListNotificationConfigsRequest) returns (ListNotificationConfigsResponse) {
option (google.api.http) = {
get: "/v1/{parent=organizations/*}/notificationConfigs"
};
@ -188,8 +179,7 @@ service SecurityCenter {
// This API can only be called with limited frequency for an organization. If
// it is called too frequently the caller will receive a TOO_MANY_REQUESTS
// error.
rpc RunAssetDiscovery(RunAssetDiscoveryRequest)
returns (google.longrunning.Operation) {
rpc RunAssetDiscovery(RunAssetDiscoveryRequest) returns (google.longrunning.Operation) {
option (google.api.http) = {
post: "/v1/{parent=organizations/*}/assets:runDiscovery"
body: "*"
@ -211,8 +201,7 @@ service SecurityCenter {
}
// Sets the access control policy on the specified Source.
rpc SetIamPolicy(google.iam.v1.SetIamPolicyRequest)
returns (google.iam.v1.Policy) {
rpc SetIamPolicy(google.iam.v1.SetIamPolicyRequest) returns (google.iam.v1.Policy) {
option (google.api.http) = {
post: "/v1/{resource=organizations/*/sources/*}:setIamPolicy"
body: "*"
@ -221,8 +210,7 @@ service SecurityCenter {
}
// Returns the permissions that a caller has on the specified source.
rpc TestIamPermissions(google.iam.v1.TestIamPermissionsRequest)
returns (google.iam.v1.TestIamPermissionsResponse) {
rpc TestIamPermissions(google.iam.v1.TestIamPermissionsRequest) returns (google.iam.v1.TestIamPermissionsResponse) {
option (google.api.http) = {
post: "/v1/{resource=organizations/*/sources/*}:testIamPermissions"
body: "*"
@ -242,8 +230,7 @@ service SecurityCenter {
// Updates a notification config. The following update
// fields are allowed: description, pubsub_topic, streaming_config.filter
rpc UpdateNotificationConfig(UpdateNotificationConfigRequest)
returns (NotificationConfig) {
rpc UpdateNotificationConfig(UpdateNotificationConfigRequest) returns (NotificationConfig) {
option (google.api.http) = {
patch: "/v1/{notification_config.name=organizations/*/notificationConfigs/*}"
body: "notification_config"
@ -253,8 +240,7 @@ service SecurityCenter {
}
// Updates an organization's settings.
rpc UpdateOrganizationSettings(UpdateOrganizationSettingsRequest)
returns (OrganizationSettings) {
rpc UpdateOrganizationSettings(UpdateOrganizationSettingsRequest) returns (OrganizationSettings) {
option (google.api.http) = {
patch: "/v1/{organization_settings.name=organizations/*/organizationSettings}"
body: "organization_settings"
@ -301,15 +287,15 @@ message CreateFindingRequest {
// greater than 0 characters in length.
string finding_id = 2 [(google.api.field_behavior) = REQUIRED];
// Required. The Finding being created. The name and security_marks will be
// ignored as they are both output only fields on this resource.
// Required. The Finding being created. The name and security_marks will be ignored as
// they are both output only fields on this resource.
Finding finding = 3 [(google.api.field_behavior) = REQUIRED];
}
// Request message for creating a notification config.
message CreateNotificationConfigRequest {
// Required. Resource name of the new notification config's parent. Its format
// is "organizations/[organization_id]".
// Required. Resource name of the new notification config's parent. Its format is
// "organizations/[organization_id]".
string parent = 1 [
(google.api.field_behavior) = REQUIRED,
(google.api.resource_reference) = {
@ -323,11 +309,9 @@ message CreateNotificationConfigRequest {
// characters, underscores or hyphens only.
string config_id = 2 [(google.api.field_behavior) = REQUIRED];
// Required. The notification config being created. The name and the service
// account will be ignored as they are both output only fields on this
// resource.
NotificationConfig notification_config = 3
[(google.api.field_behavior) = REQUIRED];
// Required. The notification config being created. The name and the service account
// will be ignored as they are both output only fields on this resource.
NotificationConfig notification_config = 3 [(google.api.field_behavior) = REQUIRED];
}
// Request message for creating a source.
@ -341,8 +325,8 @@ message CreateSourceRequest {
}
];
// Required. The Source being created, only the display_name and description
// will be used. All other fields will be ignored.
// Required. The Source being created, only the display_name and description will be
// used. All other fields will be ignored.
Source source = 2 [(google.api.field_behavior) = REQUIRED];
}
@ -372,8 +356,8 @@ message GetNotificationConfigRequest {
// Request message for getting organization settings.
message GetOrganizationSettingsRequest {
// Required. Name of the organization to get organization settings for. Its
// format is "organizations/[organization_id]/organizationSettings".
// Required. Name of the organization to get organization settings for. Its format is
// "organizations/[organization_id]/organizationSettings".
string name = 1 [
(google.api.field_behavior) = REQUIRED,
(google.api.resource_reference) = {
@ -463,15 +447,15 @@ message GroupAssetsRequest {
// For example, `resource_properties.size = 100` is a valid filter string.
//
// Use a partial match on the empty string to filter based on a property
// existing:`resource_properties.my_property : ""`
// existing: `resource_properties.my_property : ""`
//
// Use a negated partial match on the empty string to filter based on a
// property not existing: `-resource_properties.my_property : ""`
string filter = 2;
// Required. Expression that defines what assets fields to use for grouping.
// The string value should follow SQL syntax: comma separated list of fields.
// For example:
// Required. Expression that defines what assets fields to use for grouping. The string
// value should follow SQL syntax: comma separated list of fields. For
// example:
// "security_center_properties.resource_project,security_center_properties.project".
//
// The following fields are supported when compare_duration is not set:
@ -598,6 +582,7 @@ message GroupFindingsRequest {
// * category: `=`, `:`
// * external_uri: `=`, `:`
// * event_time: `=`, `>`, `<`, `>=`, `<=`
// * severity: `=`, `:`
//
// Usage: This should be milliseconds since epoch or an RFC3339 string.
// Examples:
@ -616,9 +601,9 @@ message GroupFindingsRequest {
// property not existing: `-source_properties.my_property : ""`
string filter = 2;
// Required. Expression that defines what assets fields to use for grouping
// (including `state_change`). The string value should follow SQL syntax:
// comma separated list of fields. For example: "parent,resource_name".
// Required. Expression that defines what assets fields to use for grouping (including
// `state_change`). The string value should follow SQL syntax: comma separated
// list of fields. For example: "parent,resource_name".
//
// The following fields are supported:
//
@ -626,6 +611,7 @@ message GroupFindingsRequest {
// * category
// * state
// * parent
// * severity
//
// The following fields are supported when compare_duration is set:
//
@ -901,10 +887,10 @@ message ListAssetsRequest {
// read_time.
google.protobuf.Duration compare_duration = 5;
// Optional. A field mask to specify the ListAssetsResult fields to be listed
// in the response. An empty field mask will list all fields.
google.protobuf.FieldMask field_mask = 7
[(google.api.field_behavior) = OPTIONAL];
// A field mask to specify the ListAssetsResult fields to be listed in the
// response.
// An empty field mask will list all fields.
google.protobuf.FieldMask field_mask = 7;
// The value returned by the last `ListAssetsResponse`; indicates
// that this is a continuation of a prior `ListAssets` call, and
@ -1000,13 +986,14 @@ message ListFindingsRequest {
//
// The following field and operator combinations are supported:
//
// name: `=`
// parent: `=`, `:`
// resource_name: `=`, `:`
// state: `=`, `:`
// category: `=`, `:`
// external_uri: `=`, `:`
// event_time: `=`, `>`, `<`, `>=`, `<=`
// * name: `=`
// * parent: `=`, `:`
// * resource_name: `=`, `:`
// * state: `=`, `:`
// * category: `=`, `:`
// * external_uri: `=`, `:`
// * event_time: `=`, `>`, `<`, `>=`, `<=`
// * severity: `=`, `:`
//
// Usage: This should be milliseconds since epoch or an RFC3339 string.
// Examples:
@ -1083,10 +1070,9 @@ message ListFindingsRequest {
// read_time.
google.protobuf.Duration compare_duration = 5;
// Optional. A field mask to specify the Finding fields to be listed in the
// response. An empty field mask will list all fields.
google.protobuf.FieldMask field_mask = 7
[(google.api.field_behavior) = OPTIONAL];
// A field mask to specify the Finding fields to be listed in the response.
// An empty field mask will list all fields.
google.protobuf.FieldMask field_mask = 7;
// The value returned by the last `ListFindingsResponse`; indicates
// that this is a continuation of a prior `ListFindings` call, and
@ -1157,7 +1143,7 @@ message ListFindingsResponse {
StateChange state_change = 2;
// Output only. Resource that is associated with this finding.
Resource resource = 3;
Resource resource = 3 [(google.api.field_behavior) = OUTPUT_ONLY];
}
// Findings matching the list request.
@ -1191,14 +1177,13 @@ message SetFindingStateRequest {
Finding.State state = 2 [(google.api.field_behavior) = REQUIRED];
// Required. The time at which the updated state takes effect.
google.protobuf.Timestamp start_time = 3
[(google.api.field_behavior) = REQUIRED];
google.protobuf.Timestamp start_time = 3 [(google.api.field_behavior) = REQUIRED];
}
// Request message for running asset discovery for an organization.
message RunAssetDiscoveryRequest {
// Required. Name of the organization to run asset discovery for. Its format
// is "organizations/[organization_id]".
// Required. Name of the organization to run asset discovery for. Its format is
// "organizations/[organization_id]".
string parent = 1 [
(google.api.field_behavior) = REQUIRED,
(google.api.resource_reference) = {
@ -1209,8 +1194,8 @@ message RunAssetDiscoveryRequest {
// Request message for updating or creating a finding.
message UpdateFindingRequest {
// Required. The finding resource to update or create if it does not already
// exist. parent, security_marks, and update_time will be ignored.
// Required. The finding resource to update or create if it does not already exist.
// parent, security_marks, and update_time will be ignored.
//
// In the case of creation, the finding id portion of the name must be
// alphanumeric and less than or equal to 32 characters and greater than 0
@ -1230,8 +1215,7 @@ message UpdateFindingRequest {
// Request message for updating a notification config.
message UpdateNotificationConfigRequest {
// Required. The notification config to update.
NotificationConfig notification_config = 1
[(google.api.field_behavior) = REQUIRED];
NotificationConfig notification_config = 1 [(google.api.field_behavior) = REQUIRED];
// The FieldMask to use when updating the notification config.
//
@ -1242,12 +1226,11 @@ message UpdateNotificationConfigRequest {
// Request message for updating an organization's settings.
message UpdateOrganizationSettingsRequest {
// Required. The organization settings resource to update.
OrganizationSettings organization_settings = 1
[(google.api.field_behavior) = REQUIRED];
OrganizationSettings organization_settings = 1 [(google.api.field_behavior) = REQUIRED];
// The FieldMask to use when updating the settings resource.
//
// If empty all mutable fields will be updated.
// If empty all mutable fields will be updated.
google.protobuf.FieldMask update_mask = 2;
}