From a69016d8aecf698bded11647b3ba50fcc1c73860 Mon Sep 17 00:00:00 2001 From: "gcf-owl-bot[bot]" <78513119+gcf-owl-bot[bot]@users.noreply.github.com> Date: Fri, 30 Jul 2021 11:46:15 -0500 Subject: [PATCH] feat: add finding_class and indicator fields in Finding (#409) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * feat: add finding_class and indicator fields in Finding finding_class field is added in order to help our customer to quickly identify and categorize the different findings (threat, vulnerability, misconfiguration, ...). And indicator field is generated to indicate the domain and IP addresses that is causing the threat. PiperOrigin-RevId: 386975549 Source-Link: https://github.com/googleapis/googleapis/commit/5bf36f20f8e49c18620bf20a45645310f5bf6950 Source-Link: https://github.com/googleapis/googleapis-gen/commit/b9ab677eb147fbf3eb3b1d501f90b9d3f8078872 * 🦉 Updates from OwlBot See https://github.com/googleapis/repo-automation-bots/blob/master/packages/owl-bot/README.md Co-authored-by: Owl Bot --- .../cloud/securitycenter/v1/finding.proto | 31 ++ .../cloud/securitycenter/v1/indicator.proto | 40 +++ .../v1/securitycenter_service.proto | 121 +++---- .../protos/protos.d.ts | 117 ++++++ .../protos/protos.js | 339 ++++++++++++++++++ .../protos/protos.json | 31 ++ .../src/v1/security_center_client.ts | 77 ++-- .../src/v1/security_center_proto_list.json | 1 + 8 files changed, 654 insertions(+), 103 deletions(-) create mode 100644 packages/google-cloud-securitycenter/protos/google/cloud/securitycenter/v1/indicator.proto diff --git a/packages/google-cloud-securitycenter/protos/google/cloud/securitycenter/v1/finding.proto b/packages/google-cloud-securitycenter/protos/google/cloud/securitycenter/v1/finding.proto index 84abc862b0b..ee4026dad2a 100644 --- a/packages/google-cloud-securitycenter/protos/google/cloud/securitycenter/v1/finding.proto +++ b/packages/google-cloud-securitycenter/protos/google/cloud/securitycenter/v1/finding.proto @@ -18,6 +18,7 @@ package google.cloud.securitycenter.v1; import "google/api/field_behavior.proto"; import "google/api/resource.proto"; +import "google/cloud/securitycenter/v1/indicator.proto"; import "google/cloud/securitycenter/v1/security_marks.proto"; import "google/protobuf/struct.proto"; import "google/protobuf/timestamp.proto"; @@ -117,6 +118,26 @@ message Finding { LOW = 4; } + // Represents what kind of Finding it is. + enum FindingClass { + // Unspecified finding class. + FINDING_CLASS_UNSPECIFIED = 0; + + // Describes unwanted or malicious activity. + THREAT = 1; + + // Describes a potential weakness in software that increases risk to + // Confidentiality & Integrity & Availability. + VULNERABILITY = 2; + + // Describes a potential weakness in cloud resource/asset configuration that + // increases risk. + MISCONFIGURATION = 3; + + // Describes a security observation that is for informational purposes. + OBSERVATION = 4; + } + // The relative resource name of this finding. See: // https://cloud.google.com/apis/design/resource_names#relative_resource_name // Example: @@ -184,4 +205,14 @@ message Finding { // depending on the closest CRM ancestor of the resource associated with the // finding. string canonical_name = 14; + + // The class of the finding. + FindingClass finding_class = 17; + + // Represents what's commonly known as an Indicator of compromise (IoC) in + // computer forensics. This is an artifact observed on a network or in an + // operating system that, with high confidence, indicates a computer + // intrusion. + // Reference: https://en.wikipedia.org/wiki/Indicator_of_compromise + Indicator indicator = 18; } diff --git a/packages/google-cloud-securitycenter/protos/google/cloud/securitycenter/v1/indicator.proto b/packages/google-cloud-securitycenter/protos/google/cloud/securitycenter/v1/indicator.proto new file mode 100644 index 00000000000..f785156ffce --- /dev/null +++ b/packages/google-cloud-securitycenter/protos/google/cloud/securitycenter/v1/indicator.proto @@ -0,0 +1,40 @@ +// Copyright 2021 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +syntax = "proto3"; + +package google.cloud.securitycenter.v1; + +import "google/api/annotations.proto"; + +option go_package = "google.golang.org/genproto/googleapis/cloud/securitycenter/v1;securitycenter"; +option java_multiple_files = true; +option java_outer_classname = "IndicatorProto"; +option java_package = "com.google.cloud.securitycenter.v1"; +option csharp_namespace = "Google.Cloud.SecurityCenter.V1"; +option php_namespace = "Google\\Cloud\\SecurityCenter\\V1"; +option ruby_package = "Google::Cloud::SecurityCenter::V1"; + + +// Represents what's commonly known as an Indicator of compromise (IoC) in +// computer forensics. This is an artifact observed on a network or in an +// operating system that, with high confidence, indicates a computer intrusion. +// Reference: https://en.wikipedia.org/wiki/Indicator_of_compromise +message Indicator { + // List of ip addresses associated to the Finding. + repeated string ip_addresses = 1; + + // List of domains associated to the Finding. + repeated string domains = 2; +} diff --git a/packages/google-cloud-securitycenter/protos/google/cloud/securitycenter/v1/securitycenter_service.proto b/packages/google-cloud-securitycenter/protos/google/cloud/securitycenter/v1/securitycenter_service.proto index af4b5fd31f2..0392de5ce3c 100644 --- a/packages/google-cloud-securitycenter/protos/google/cloud/securitycenter/v1/securitycenter_service.proto +++ b/packages/google-cloud-securitycenter/protos/google/cloud/securitycenter/v1/securitycenter_service.proto @@ -17,7 +17,6 @@ syntax = "proto3"; package google.cloud.securitycenter.v1; import public "google/cloud/securitycenter/v1/run_asset_discovery_response.proto"; - import "google/api/annotations.proto"; import "google/api/client.proto"; import "google/api/field_behavior.proto"; @@ -48,8 +47,7 @@ option ruby_package = "Google::Cloud::SecurityCenter::V1"; // V1 APIs for Security Center service. service SecurityCenter { option (google.api.default_host) = "securitycenter.googleapis.com"; - option (google.api.oauth_scopes) = - "https://www.googleapis.com/auth/cloud-platform"; + option (google.api.oauth_scopes) = "https://www.googleapis.com/auth/cloud-platform"; // Creates a source. rpc CreateSource(CreateSourceRequest) returns (Source) { @@ -71,20 +69,17 @@ service SecurityCenter { } // Creates a notification config. - rpc CreateNotificationConfig(CreateNotificationConfigRequest) - returns (NotificationConfig) { + rpc CreateNotificationConfig(CreateNotificationConfigRequest) returns (NotificationConfig) { option (google.api.http) = { post: "/v1/{parent=organizations/*}/notificationConfigs" body: "notification_config" }; - option (google.api.method_signature) = - "parent,config_id,notification_config"; + option (google.api.method_signature) = "parent,config_id,notification_config"; option (google.api.method_signature) = "parent,notification_config"; } // Deletes a notification config. - rpc DeleteNotificationConfig(DeleteNotificationConfigRequest) - returns (google.protobuf.Empty) { + rpc DeleteNotificationConfig(DeleteNotificationConfigRequest) returns (google.protobuf.Empty) { option (google.api.http) = { delete: "/v1/{name=organizations/*/notificationConfigs/*}" }; @@ -92,8 +87,7 @@ service SecurityCenter { } // Gets the access control policy on the specified Source. - rpc GetIamPolicy(google.iam.v1.GetIamPolicyRequest) - returns (google.iam.v1.Policy) { + rpc GetIamPolicy(google.iam.v1.GetIamPolicyRequest) returns (google.iam.v1.Policy) { option (google.api.http) = { post: "/v1/{resource=organizations/*/sources/*}:getIamPolicy" body: "*" @@ -102,8 +96,7 @@ service SecurityCenter { } // Gets a notification config. - rpc GetNotificationConfig(GetNotificationConfigRequest) - returns (NotificationConfig) { + rpc GetNotificationConfig(GetNotificationConfigRequest) returns (NotificationConfig) { option (google.api.http) = { get: "/v1/{name=organizations/*/notificationConfigs/*}" }; @@ -111,8 +104,7 @@ service SecurityCenter { } // Gets the settings for an organization. - rpc GetOrganizationSettings(GetOrganizationSettingsRequest) - returns (OrganizationSettings) { + rpc GetOrganizationSettings(GetOrganizationSettingsRequest) returns (OrganizationSettings) { option (google.api.http) = { get: "/v1/{name=organizations/*/organizationSettings}" }; @@ -171,8 +163,12 @@ service SecurityCenter { rpc ListAssets(ListAssetsRequest) returns (ListAssetsResponse) { option (google.api.http) = { get: "/v1/{parent=organizations/*}/assets" - additional_bindings { get: "/v1/{parent=folders/*}/assets" } - additional_bindings { get: "/v1/{parent=projects/*}/assets" } + additional_bindings { + get: "/v1/{parent=folders/*}/assets" + } + additional_bindings { + get: "/v1/{parent=projects/*}/assets" + } }; } @@ -183,14 +179,17 @@ service SecurityCenter { rpc ListFindings(ListFindingsRequest) returns (ListFindingsResponse) { option (google.api.http) = { get: "/v1/{parent=organizations/*/sources/*}/findings" - additional_bindings { get: "/v1/{parent=folders/*/sources/*}/findings" } - additional_bindings { get: "/v1/{parent=projects/*/sources/*}/findings" } + additional_bindings { + get: "/v1/{parent=folders/*/sources/*}/findings" + } + additional_bindings { + get: "/v1/{parent=projects/*/sources/*}/findings" + } }; } // Lists notification configs. - rpc ListNotificationConfigs(ListNotificationConfigsRequest) - returns (ListNotificationConfigsResponse) { + rpc ListNotificationConfigs(ListNotificationConfigsRequest) returns (ListNotificationConfigsResponse) { option (google.api.http) = { get: "/v1/{parent=organizations/*}/notificationConfigs" }; @@ -201,8 +200,12 @@ service SecurityCenter { rpc ListSources(ListSourcesRequest) returns (ListSourcesResponse) { option (google.api.http) = { get: "/v1/{parent=organizations/*}/sources" - additional_bindings { get: "/v1/{parent=folders/*}/sources" } - additional_bindings { get: "/v1/{parent=projects/*}/sources" } + additional_bindings { + get: "/v1/{parent=folders/*}/sources" + } + additional_bindings { + get: "/v1/{parent=projects/*}/sources" + } }; option (google.api.method_signature) = "parent"; } @@ -213,8 +216,7 @@ service SecurityCenter { // This API can only be called with limited frequency for an organization. If // it is called too frequently the caller will receive a TOO_MANY_REQUESTS // error. - rpc RunAssetDiscovery(RunAssetDiscoveryRequest) - returns (google.longrunning.Operation) { + rpc RunAssetDiscovery(RunAssetDiscoveryRequest) returns (google.longrunning.Operation) { option (google.api.http) = { post: "/v1/{parent=organizations/*}/assets:runDiscovery" body: "*" @@ -244,8 +246,7 @@ service SecurityCenter { } // Sets the access control policy on the specified Source. - rpc SetIamPolicy(google.iam.v1.SetIamPolicyRequest) - returns (google.iam.v1.Policy) { + rpc SetIamPolicy(google.iam.v1.SetIamPolicyRequest) returns (google.iam.v1.Policy) { option (google.api.http) = { post: "/v1/{resource=organizations/*/sources/*}:setIamPolicy" body: "*" @@ -254,8 +255,7 @@ service SecurityCenter { } // Returns the permissions that a caller has on the specified source. - rpc TestIamPermissions(google.iam.v1.TestIamPermissionsRequest) - returns (google.iam.v1.TestIamPermissionsResponse) { + rpc TestIamPermissions(google.iam.v1.TestIamPermissionsRequest) returns (google.iam.v1.TestIamPermissionsResponse) { option (google.api.http) = { post: "/v1/{resource=organizations/*/sources/*}:testIamPermissions" body: "*" @@ -284,8 +284,7 @@ service SecurityCenter { // // Updates a notification config. The following update // fields are allowed: description, pubsub_topic, streaming_config.filter - rpc UpdateNotificationConfig(UpdateNotificationConfigRequest) - returns (NotificationConfig) { + rpc UpdateNotificationConfig(UpdateNotificationConfigRequest) returns (NotificationConfig) { option (google.api.http) = { patch: "/v1/{notification_config.name=organizations/*/notificationConfigs/*}" body: "notification_config" @@ -295,8 +294,7 @@ service SecurityCenter { } // Updates an organization's settings. - rpc UpdateOrganizationSettings(UpdateOrganizationSettingsRequest) - returns (OrganizationSettings) { + rpc UpdateOrganizationSettings(UpdateOrganizationSettingsRequest) returns (OrganizationSettings) { option (google.api.http) = { patch: "/v1/{organization_settings.name=organizations/*/organizationSettings}" body: "organization_settings" @@ -359,15 +357,15 @@ message CreateFindingRequest { // greater than 0 characters in length. string finding_id = 2 [(google.api.field_behavior) = REQUIRED]; - // Required. The Finding being created. The name and security_marks will be - // ignored as they are both output only fields on this resource. + // Required. The Finding being created. The name and security_marks will be ignored as + // they are both output only fields on this resource. Finding finding = 3 [(google.api.field_behavior) = REQUIRED]; } // Request message for creating a notification config. message CreateNotificationConfigRequest { - // Required. Resource name of the new notification config's parent. Its format - // is "organizations/[organization_id]". + // Required. Resource name of the new notification config's parent. Its format is + // "organizations/[organization_id]". string parent = 1 [ (google.api.field_behavior) = REQUIRED, (google.api.resource_reference) = { @@ -381,11 +379,9 @@ message CreateNotificationConfigRequest { // characters, underscores or hyphens only. string config_id = 2 [(google.api.field_behavior) = REQUIRED]; - // Required. The notification config being created. The name and the service - // account will be ignored as they are both output only fields on this - // resource. - NotificationConfig notification_config = 3 - [(google.api.field_behavior) = REQUIRED]; + // Required. The notification config being created. The name and the service account + // will be ignored as they are both output only fields on this resource. + NotificationConfig notification_config = 3 [(google.api.field_behavior) = REQUIRED]; } // Request message for creating a source. @@ -399,8 +395,8 @@ message CreateSourceRequest { } ]; - // Required. The Source being created, only the display_name and description - // will be used. All other fields will be ignored. + // Required. The Source being created, only the display_name and description will be + // used. All other fields will be ignored. Source source = 2 [(google.api.field_behavior) = REQUIRED]; } @@ -430,8 +426,8 @@ message GetNotificationConfigRequest { // Request message for getting organization settings. message GetOrganizationSettingsRequest { - // Required. Name of the organization to get organization settings for. Its - // format is "organizations/[organization_id]/organizationSettings". + // Required. Name of the organization to get organization settings for. Its format is + // "organizations/[organization_id]/organizationSettings". string name = 1 [ (google.api.field_behavior) = REQUIRED, (google.api.resource_reference) = { @@ -528,9 +524,9 @@ message GroupAssetsRequest { // property not existing: `-resource_properties.my_property : ""` string filter = 2; - // Required. Expression that defines what assets fields to use for grouping. - // The string value should follow SQL syntax: comma separated list of fields. - // For example: + // Required. Expression that defines what assets fields to use for grouping. The string + // value should follow SQL syntax: comma separated list of fields. For + // example: // "security_center_properties.resource_project,security_center_properties.project". // // The following fields are supported when compare_duration is not set: @@ -688,9 +684,9 @@ message GroupFindingsRequest { // * resource.type: `=`, `:` string filter = 2; - // Required. Expression that defines what assets fields to use for grouping - // (including `state_change`). The string value should follow SQL syntax: - // comma separated list of fields. For example: "parent,resource_name". + // Required. Expression that defines what assets fields to use for grouping (including + // `state_change`). The string value should follow SQL syntax: comma separated + // list of fields. For example: "parent,resource_name". // // The following fields are supported: // @@ -815,8 +811,8 @@ message ListNotificationConfigsResponse { // Request message for listing sources. message ListSourcesRequest { - // Required. Resource name of the parent of sources to list. Its format should - // be "organizations/[organization_id], folders/[folder_id], or + // Required. Resource name of the parent of sources to list. Its format should be + // "organizations/[organization_id], folders/[folder_id], or // projects/[project_id]". string parent = 1 [ (google.api.field_behavior) = REQUIRED, @@ -1284,14 +1280,13 @@ message SetFindingStateRequest { Finding.State state = 2 [(google.api.field_behavior) = REQUIRED]; // Required. The time at which the updated state takes effect. - google.protobuf.Timestamp start_time = 3 - [(google.api.field_behavior) = REQUIRED]; + google.protobuf.Timestamp start_time = 3 [(google.api.field_behavior) = REQUIRED]; } // Request message for running asset discovery for an organization. message RunAssetDiscoveryRequest { - // Required. Name of the organization to run asset discovery for. Its format - // is "organizations/[organization_id]". + // Required. Name of the organization to run asset discovery for. Its format is + // "organizations/[organization_id]". string parent = 1 [ (google.api.field_behavior) = REQUIRED, (google.api.resource_reference) = { @@ -1302,8 +1297,8 @@ message RunAssetDiscoveryRequest { // Request message for updating or creating a finding. message UpdateFindingRequest { - // Required. The finding resource to update or create if it does not already - // exist. parent, security_marks, and update_time will be ignored. + // Required. The finding resource to update or create if it does not already exist. + // parent, security_marks, and update_time will be ignored. // // In the case of creation, the finding id portion of the name must be // alphanumeric and less than or equal to 32 characters and greater than 0 @@ -1323,8 +1318,7 @@ message UpdateFindingRequest { // Request message for updating a notification config. message UpdateNotificationConfigRequest { // Required. The notification config to update. - NotificationConfig notification_config = 1 - [(google.api.field_behavior) = REQUIRED]; + NotificationConfig notification_config = 1 [(google.api.field_behavior) = REQUIRED]; // The FieldMask to use when updating the notification config. // @@ -1335,8 +1329,7 @@ message UpdateNotificationConfigRequest { // Request message for updating an organization's settings. message UpdateOrganizationSettingsRequest { // Required. The organization settings resource to update. - OrganizationSettings organization_settings = 1 - [(google.api.field_behavior) = REQUIRED]; + OrganizationSettings organization_settings = 1 [(google.api.field_behavior) = REQUIRED]; // The FieldMask to use when updating the settings resource. // diff --git a/packages/google-cloud-securitycenter/protos/protos.d.ts b/packages/google-cloud-securitycenter/protos/protos.d.ts index 1c66aa3f09c..5a946d11475 100644 --- a/packages/google-cloud-securitycenter/protos/protos.d.ts +++ b/packages/google-cloud-securitycenter/protos/protos.d.ts @@ -625,6 +625,12 @@ export namespace google { /** Finding canonicalName */ canonicalName?: (string|null); + + /** Finding findingClass */ + findingClass?: (google.cloud.securitycenter.v1.Finding.FindingClass|keyof typeof google.cloud.securitycenter.v1.Finding.FindingClass|null); + + /** Finding indicator */ + indicator?: (google.cloud.securitycenter.v1.IIndicator|null); } /** Represents a Finding. */ @@ -672,6 +678,12 @@ export namespace google { /** Finding canonicalName. */ public canonicalName: string; + /** Finding findingClass. */ + public findingClass: (google.cloud.securitycenter.v1.Finding.FindingClass|keyof typeof google.cloud.securitycenter.v1.Finding.FindingClass); + + /** Finding indicator. */ + public indicator?: (google.cloud.securitycenter.v1.IIndicator|null); + /** * Creates a new Finding instance using the specified properties. * @param [properties] Properties to set @@ -760,6 +772,111 @@ export namespace google { MEDIUM = 3, LOW = 4 } + + /** FindingClass enum. */ + enum FindingClass { + FINDING_CLASS_UNSPECIFIED = 0, + THREAT = 1, + VULNERABILITY = 2, + MISCONFIGURATION = 3, + OBSERVATION = 4 + } + } + + /** Properties of an Indicator. */ + interface IIndicator { + + /** Indicator ipAddresses */ + ipAddresses?: (string[]|null); + + /** Indicator domains */ + domains?: (string[]|null); + } + + /** Represents an Indicator. */ + class Indicator implements IIndicator { + + /** + * Constructs a new Indicator. + * @param [properties] Properties to set + */ + constructor(properties?: google.cloud.securitycenter.v1.IIndicator); + + /** Indicator ipAddresses. */ + public ipAddresses: string[]; + + /** Indicator domains. */ + public domains: string[]; + + /** + * Creates a new Indicator instance using the specified properties. + * @param [properties] Properties to set + * @returns Indicator instance + */ + public static create(properties?: google.cloud.securitycenter.v1.IIndicator): google.cloud.securitycenter.v1.Indicator; + + /** + * Encodes the specified Indicator message. Does not implicitly {@link google.cloud.securitycenter.v1.Indicator.verify|verify} messages. + * @param message Indicator message or plain object to encode + * @param [writer] Writer to encode to + * @returns Writer + */ + public static encode(message: google.cloud.securitycenter.v1.IIndicator, writer?: $protobuf.Writer): $protobuf.Writer; + + /** + * Encodes the specified Indicator message, length delimited. Does not implicitly {@link google.cloud.securitycenter.v1.Indicator.verify|verify} messages. + * @param message Indicator message or plain object to encode + * @param [writer] Writer to encode to + * @returns Writer + */ + public static encodeDelimited(message: google.cloud.securitycenter.v1.IIndicator, writer?: $protobuf.Writer): $protobuf.Writer; + + /** + * Decodes an Indicator message from the specified reader or buffer. + * @param reader Reader or buffer to decode from + * @param [length] Message length if known beforehand + * @returns Indicator + * @throws {Error} If the payload is not a reader or valid buffer + * @throws {$protobuf.util.ProtocolError} If required fields are missing + */ + public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.cloud.securitycenter.v1.Indicator; + + /** + * Decodes an Indicator message from the specified reader or buffer, length delimited. + * @param reader Reader or buffer to decode from + * @returns Indicator + * @throws {Error} If the payload is not a reader or valid buffer + * @throws {$protobuf.util.ProtocolError} If required fields are missing + */ + public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.cloud.securitycenter.v1.Indicator; + + /** + * Verifies an Indicator message. + * @param message Plain object to verify + * @returns `null` if valid, otherwise the reason why it is not + */ + public static verify(message: { [k: string]: any }): (string|null); + + /** + * Creates an Indicator message from a plain object. Also converts values to their respective internal types. + * @param object Plain object + * @returns Indicator + */ + public static fromObject(object: { [k: string]: any }): google.cloud.securitycenter.v1.Indicator; + + /** + * Creates a plain object from an Indicator message. Also converts values to other types if specified. + * @param message Indicator + * @param [options] Conversion options + * @returns Plain object + */ + public static toObject(message: google.cloud.securitycenter.v1.Indicator, options?: $protobuf.IConversionOptions): { [k: string]: any }; + + /** + * Converts this Indicator to JSON. + * @returns JSON object + */ + public toJSON(): { [k: string]: any }; } /** Properties of a NotificationConfig. */ diff --git a/packages/google-cloud-securitycenter/protos/protos.js b/packages/google-cloud-securitycenter/protos/protos.js index 89c16f0ef81..c5580746de3 100644 --- a/packages/google-cloud-securitycenter/protos/protos.js +++ b/packages/google-cloud-securitycenter/protos/protos.js @@ -1562,6 +1562,8 @@ * @property {google.protobuf.ITimestamp|null} [createTime] Finding createTime * @property {google.cloud.securitycenter.v1.Finding.Severity|null} [severity] Finding severity * @property {string|null} [canonicalName] Finding canonicalName + * @property {google.cloud.securitycenter.v1.Finding.FindingClass|null} [findingClass] Finding findingClass + * @property {google.cloud.securitycenter.v1.IIndicator|null} [indicator] Finding indicator */ /** @@ -1676,6 +1678,22 @@ */ Finding.prototype.canonicalName = ""; + /** + * Finding findingClass. + * @member {google.cloud.securitycenter.v1.Finding.FindingClass} findingClass + * @memberof google.cloud.securitycenter.v1.Finding + * @instance + */ + Finding.prototype.findingClass = 0; + + /** + * Finding indicator. + * @member {google.cloud.securitycenter.v1.IIndicator|null|undefined} indicator + * @memberof google.cloud.securitycenter.v1.Finding + * @instance + */ + Finding.prototype.indicator = null; + /** * Creates a new Finding instance using the specified properties. * @function create @@ -1727,6 +1745,10 @@ writer.uint32(/* id 12, wireType 0 =*/96).int32(message.severity); if (message.canonicalName != null && Object.hasOwnProperty.call(message, "canonicalName")) writer.uint32(/* id 14, wireType 2 =*/114).string(message.canonicalName); + if (message.findingClass != null && Object.hasOwnProperty.call(message, "findingClass")) + writer.uint32(/* id 17, wireType 0 =*/136).int32(message.findingClass); + if (message.indicator != null && Object.hasOwnProperty.call(message, "indicator")) + $root.google.cloud.securitycenter.v1.Indicator.encode(message.indicator, writer.uint32(/* id 18, wireType 2 =*/146).fork()).ldelim(); return writer; }; @@ -1816,6 +1838,12 @@ case 14: message.canonicalName = reader.string(); break; + case 17: + message.findingClass = reader.int32(); + break; + case 18: + message.indicator = $root.google.cloud.securitycenter.v1.Indicator.decode(reader, reader.uint32()); + break; default: reader.skipType(tag & 7); break; @@ -1914,6 +1942,22 @@ if (message.canonicalName != null && message.hasOwnProperty("canonicalName")) if (!$util.isString(message.canonicalName)) return "canonicalName: string expected"; + if (message.findingClass != null && message.hasOwnProperty("findingClass")) + switch (message.findingClass) { + default: + return "findingClass: enum value expected"; + case 0: + case 1: + case 2: + case 3: + case 4: + break; + } + if (message.indicator != null && message.hasOwnProperty("indicator")) { + var error = $root.google.cloud.securitycenter.v1.Indicator.verify(message.indicator); + if (error) + return "indicator." + error; + } return null; }; @@ -2002,6 +2046,33 @@ } if (object.canonicalName != null) message.canonicalName = String(object.canonicalName); + switch (object.findingClass) { + case "FINDING_CLASS_UNSPECIFIED": + case 0: + message.findingClass = 0; + break; + case "THREAT": + case 1: + message.findingClass = 1; + break; + case "VULNERABILITY": + case 2: + message.findingClass = 2; + break; + case "MISCONFIGURATION": + case 3: + message.findingClass = 3; + break; + case "OBSERVATION": + case 4: + message.findingClass = 4; + break; + } + if (object.indicator != null) { + if (typeof object.indicator !== "object") + throw TypeError(".google.cloud.securitycenter.v1.Finding.indicator: object expected"); + message.indicator = $root.google.cloud.securitycenter.v1.Indicator.fromObject(object.indicator); + } return message; }; @@ -2032,6 +2103,8 @@ object.createTime = null; object.severity = options.enums === String ? "SEVERITY_UNSPECIFIED" : 0; object.canonicalName = ""; + object.findingClass = options.enums === String ? "FINDING_CLASS_UNSPECIFIED" : 0; + object.indicator = null; } if (message.name != null && message.hasOwnProperty("name")) object.name = message.name; @@ -2061,6 +2134,10 @@ object.severity = options.enums === String ? $root.google.cloud.securitycenter.v1.Finding.Severity[message.severity] : message.severity; if (message.canonicalName != null && message.hasOwnProperty("canonicalName")) object.canonicalName = message.canonicalName; + if (message.findingClass != null && message.hasOwnProperty("findingClass")) + object.findingClass = options.enums === String ? $root.google.cloud.securitycenter.v1.Finding.FindingClass[message.findingClass] : message.findingClass; + if (message.indicator != null && message.hasOwnProperty("indicator")) + object.indicator = $root.google.cloud.securitycenter.v1.Indicator.toObject(message.indicator, options); return object; }; @@ -2111,9 +2188,271 @@ return values; })(); + /** + * FindingClass enum. + * @name google.cloud.securitycenter.v1.Finding.FindingClass + * @enum {number} + * @property {number} FINDING_CLASS_UNSPECIFIED=0 FINDING_CLASS_UNSPECIFIED value + * @property {number} THREAT=1 THREAT value + * @property {number} VULNERABILITY=2 VULNERABILITY value + * @property {number} MISCONFIGURATION=3 MISCONFIGURATION value + * @property {number} OBSERVATION=4 OBSERVATION value + */ + Finding.FindingClass = (function() { + var valuesById = {}, values = Object.create(valuesById); + values[valuesById[0] = "FINDING_CLASS_UNSPECIFIED"] = 0; + values[valuesById[1] = "THREAT"] = 1; + values[valuesById[2] = "VULNERABILITY"] = 2; + values[valuesById[3] = "MISCONFIGURATION"] = 3; + values[valuesById[4] = "OBSERVATION"] = 4; + return values; + })(); + return Finding; })(); + v1.Indicator = (function() { + + /** + * Properties of an Indicator. + * @memberof google.cloud.securitycenter.v1 + * @interface IIndicator + * @property {Array.|null} [ipAddresses] Indicator ipAddresses + * @property {Array.|null} [domains] Indicator domains + */ + + /** + * Constructs a new Indicator. + * @memberof google.cloud.securitycenter.v1 + * @classdesc Represents an Indicator. + * @implements IIndicator + * @constructor + * @param {google.cloud.securitycenter.v1.IIndicator=} [properties] Properties to set + */ + function Indicator(properties) { + this.ipAddresses = []; + this.domains = []; + if (properties) + for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i) + if (properties[keys[i]] != null) + this[keys[i]] = properties[keys[i]]; + } + + /** + * Indicator ipAddresses. + * @member {Array.} ipAddresses + * @memberof google.cloud.securitycenter.v1.Indicator + * @instance + */ + Indicator.prototype.ipAddresses = $util.emptyArray; + + /** + * Indicator domains. + * @member {Array.} domains + * @memberof google.cloud.securitycenter.v1.Indicator + * @instance + */ + Indicator.prototype.domains = $util.emptyArray; + + /** + * Creates a new Indicator instance using the specified properties. + * @function create + * @memberof google.cloud.securitycenter.v1.Indicator + * @static + * @param {google.cloud.securitycenter.v1.IIndicator=} [properties] Properties to set + * @returns {google.cloud.securitycenter.v1.Indicator} Indicator instance + */ + Indicator.create = function create(properties) { + return new Indicator(properties); + }; + + /** + * Encodes the specified Indicator message. Does not implicitly {@link google.cloud.securitycenter.v1.Indicator.verify|verify} messages. + * @function encode + * @memberof google.cloud.securitycenter.v1.Indicator + * @static + * @param {google.cloud.securitycenter.v1.IIndicator} message Indicator message or plain object to encode + * @param {$protobuf.Writer} [writer] Writer to encode to + * @returns {$protobuf.Writer} Writer + */ + Indicator.encode = function encode(message, writer) { + if (!writer) + writer = $Writer.create(); + if (message.ipAddresses != null && message.ipAddresses.length) + for (var i = 0; i < message.ipAddresses.length; ++i) + writer.uint32(/* id 1, wireType 2 =*/10).string(message.ipAddresses[i]); + if (message.domains != null && message.domains.length) + for (var i = 0; i < message.domains.length; ++i) + writer.uint32(/* id 2, wireType 2 =*/18).string(message.domains[i]); + return writer; + }; + + /** + * Encodes the specified Indicator message, length delimited. Does not implicitly {@link google.cloud.securitycenter.v1.Indicator.verify|verify} messages. + * @function encodeDelimited + * @memberof google.cloud.securitycenter.v1.Indicator + * @static + * @param {google.cloud.securitycenter.v1.IIndicator} message Indicator message or plain object to encode + * @param {$protobuf.Writer} [writer] Writer to encode to + * @returns {$protobuf.Writer} Writer + */ + Indicator.encodeDelimited = function encodeDelimited(message, writer) { + return this.encode(message, writer).ldelim(); + }; + + /** + * Decodes an Indicator message from the specified reader or buffer. + * @function decode + * @memberof google.cloud.securitycenter.v1.Indicator + * @static + * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from + * @param {number} [length] Message length if known beforehand + * @returns {google.cloud.securitycenter.v1.Indicator} Indicator + * @throws {Error} If the payload is not a reader or valid buffer + * @throws {$protobuf.util.ProtocolError} If required fields are missing + */ + Indicator.decode = function decode(reader, length) { + if (!(reader instanceof $Reader)) + reader = $Reader.create(reader); + var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.cloud.securitycenter.v1.Indicator(); + while (reader.pos < end) { + var tag = reader.uint32(); + switch (tag >>> 3) { + case 1: + if (!(message.ipAddresses && message.ipAddresses.length)) + message.ipAddresses = []; + message.ipAddresses.push(reader.string()); + break; + case 2: + if (!(message.domains && message.domains.length)) + message.domains = []; + message.domains.push(reader.string()); + break; + default: + reader.skipType(tag & 7); + break; + } + } + return message; + }; + + /** + * Decodes an Indicator message from the specified reader or buffer, length delimited. + * @function decodeDelimited + * @memberof google.cloud.securitycenter.v1.Indicator + * @static + * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from + * @returns {google.cloud.securitycenter.v1.Indicator} Indicator + * @throws {Error} If the payload is not a reader or valid buffer + * @throws {$protobuf.util.ProtocolError} If required fields are missing + */ + Indicator.decodeDelimited = function decodeDelimited(reader) { + if (!(reader instanceof $Reader)) + reader = new $Reader(reader); + return this.decode(reader, reader.uint32()); + }; + + /** + * Verifies an Indicator message. + * @function verify + * @memberof google.cloud.securitycenter.v1.Indicator + * @static + * @param {Object.} message Plain object to verify + * @returns {string|null} `null` if valid, otherwise the reason why it is not + */ + Indicator.verify = function verify(message) { + if (typeof message !== "object" || message === null) + return "object expected"; + if (message.ipAddresses != null && message.hasOwnProperty("ipAddresses")) { + if (!Array.isArray(message.ipAddresses)) + return "ipAddresses: array expected"; + for (var i = 0; i < message.ipAddresses.length; ++i) + if (!$util.isString(message.ipAddresses[i])) + return "ipAddresses: string[] expected"; + } + if (message.domains != null && message.hasOwnProperty("domains")) { + if (!Array.isArray(message.domains)) + return "domains: array expected"; + for (var i = 0; i < message.domains.length; ++i) + if (!$util.isString(message.domains[i])) + return "domains: string[] expected"; + } + return null; + }; + + /** + * Creates an Indicator message from a plain object. Also converts values to their respective internal types. + * @function fromObject + * @memberof google.cloud.securitycenter.v1.Indicator + * @static + * @param {Object.} object Plain object + * @returns {google.cloud.securitycenter.v1.Indicator} Indicator + */ + Indicator.fromObject = function fromObject(object) { + if (object instanceof $root.google.cloud.securitycenter.v1.Indicator) + return object; + var message = new $root.google.cloud.securitycenter.v1.Indicator(); + if (object.ipAddresses) { + if (!Array.isArray(object.ipAddresses)) + throw TypeError(".google.cloud.securitycenter.v1.Indicator.ipAddresses: array expected"); + message.ipAddresses = []; + for (var i = 0; i < object.ipAddresses.length; ++i) + message.ipAddresses[i] = String(object.ipAddresses[i]); + } + if (object.domains) { + if (!Array.isArray(object.domains)) + throw TypeError(".google.cloud.securitycenter.v1.Indicator.domains: array expected"); + message.domains = []; + for (var i = 0; i < object.domains.length; ++i) + message.domains[i] = String(object.domains[i]); + } + return message; + }; + + /** + * Creates a plain object from an Indicator message. Also converts values to other types if specified. + * @function toObject + * @memberof google.cloud.securitycenter.v1.Indicator + * @static + * @param {google.cloud.securitycenter.v1.Indicator} message Indicator + * @param {$protobuf.IConversionOptions} [options] Conversion options + * @returns {Object.} Plain object + */ + Indicator.toObject = function toObject(message, options) { + if (!options) + options = {}; + var object = {}; + if (options.arrays || options.defaults) { + object.ipAddresses = []; + object.domains = []; + } + if (message.ipAddresses && message.ipAddresses.length) { + object.ipAddresses = []; + for (var j = 0; j < message.ipAddresses.length; ++j) + object.ipAddresses[j] = message.ipAddresses[j]; + } + if (message.domains && message.domains.length) { + object.domains = []; + for (var j = 0; j < message.domains.length; ++j) + object.domains[j] = message.domains[j]; + } + return object; + }; + + /** + * Converts this Indicator to JSON. + * @function toJSON + * @memberof google.cloud.securitycenter.v1.Indicator + * @instance + * @returns {Object.} JSON object + */ + Indicator.prototype.toJSON = function toJSON() { + return this.constructor.toObject(this, $protobuf.util.toJSONOptions); + }; + + return Indicator; + })(); + v1.NotificationConfig = (function() { /** diff --git a/packages/google-cloud-securitycenter/protos/protos.json b/packages/google-cloud-securitycenter/protos/protos.json index a667990855a..0ced60e408b 100644 --- a/packages/google-cloud-securitycenter/protos/protos.json +++ b/packages/google-cloud-securitycenter/protos/protos.json @@ -202,6 +202,14 @@ "canonicalName": { "type": "string", "id": 14 + }, + "findingClass": { + "type": "FindingClass", + "id": 17 + }, + "indicator": { + "type": "Indicator", + "id": 18 } }, "nested": { @@ -220,6 +228,29 @@ "MEDIUM": 3, "LOW": 4 } + }, + "FindingClass": { + "values": { + "FINDING_CLASS_UNSPECIFIED": 0, + "THREAT": 1, + "VULNERABILITY": 2, + "MISCONFIGURATION": 3, + "OBSERVATION": 4 + } + } + } + }, + "Indicator": { + "fields": { + "ipAddresses": { + "rule": "repeated", + "type": "string", + "id": 1 + }, + "domains": { + "rule": "repeated", + "type": "string", + "id": 2 } } }, diff --git a/packages/google-cloud-securitycenter/src/v1/security_center_client.ts b/packages/google-cloud-securitycenter/src/v1/security_center_client.ts index 90cbe719ddc..c7809e94b59 100644 --- a/packages/google-cloud-securitycenter/src/v1/security_center_client.ts +++ b/packages/google-cloud-securitycenter/src/v1/security_center_client.ts @@ -481,8 +481,8 @@ export class SecurityCenterClient { * Required. Resource name of the new source's parent. Its format should be * "organizations/[organization_id]". * @param {google.cloud.securitycenter.v1.Source} request.source - * Required. The Source being created, only the display_name and description - * will be used. All other fields will be ignored. + * Required. The Source being created, only the display_name and description will be + * used. All other fields will be ignored. * @param {object} [options] * Call options. See {@link https://googleapis.dev/nodejs/google-gax/latest/interfaces/CallOptions.html|CallOptions} for more details. * @returns {Promise} - The promise which resolves to an array. @@ -581,8 +581,8 @@ export class SecurityCenterClient { * It must be alphanumeric and less than or equal to 32 characters and * greater than 0 characters in length. * @param {google.cloud.securitycenter.v1.Finding} request.finding - * Required. The Finding being created. The name and security_marks will be - * ignored as they are both output only fields on this resource. + * Required. The Finding being created. The name and security_marks will be ignored as + * they are both output only fields on this resource. * @param {object} [options] * Call options. See {@link https://googleapis.dev/nodejs/google-gax/latest/interfaces/CallOptions.html|CallOptions} for more details. * @returns {Promise} - The promise which resolves to an array. @@ -676,17 +676,16 @@ export class SecurityCenterClient { * @param {Object} request * The request object that will be sent. * @param {string} request.parent - * Required. Resource name of the new notification config's parent. Its format - * is "organizations/[organization_id]". + * Required. Resource name of the new notification config's parent. Its format is + * "organizations/[organization_id]". * @param {string} request.configId * Required. * Unique identifier provided by the client within the parent scope. * It must be between 1 and 128 characters, and contains alphanumeric * characters, underscores or hyphens only. * @param {google.cloud.securitycenter.v1.NotificationConfig} request.notificationConfig - * Required. The notification config being created. The name and the service - * account will be ignored as they are both output only fields on this - * resource. + * Required. The notification config being created. The name and the service account + * will be ignored as they are both output only fields on this resource. * @param {object} [options] * Call options. See {@link https://googleapis.dev/nodejs/google-gax/latest/interfaces/CallOptions.html|CallOptions} for more details. * @returns {Promise} - The promise which resolves to an array. @@ -1074,8 +1073,8 @@ export class SecurityCenterClient { * @param {Object} request * The request object that will be sent. * @param {string} request.name - * Required. Name of the organization to get organization settings for. Its - * format is "organizations/[organization_id]/organizationSettings". + * Required. Name of the organization to get organization settings for. Its format is + * "organizations/[organization_id]/organizationSettings". * @param {object} [options] * Call options. See {@link https://googleapis.dev/nodejs/google-gax/latest/interfaces/CallOptions.html|CallOptions} for more details. * @returns {Promise} - The promise which resolves to an array. @@ -1542,8 +1541,8 @@ export class SecurityCenterClient { * @param {Object} request * The request object that will be sent. * @param {google.cloud.securitycenter.v1.Finding} request.finding - * Required. The finding resource to update or create if it does not already - * exist. parent, security_marks, and update_time will be ignored. + * Required. The finding resource to update or create if it does not already exist. + * parent, security_marks, and update_time will be ignored. * * In the case of creation, the finding id portion of the name must be * alphanumeric and less than or equal to 32 characters and greater than 0 @@ -2071,8 +2070,8 @@ export class SecurityCenterClient { * @param {Object} request * The request object that will be sent. * @param {string} request.parent - * Required. Name of the organization to run asset discovery for. Its format - * is "organizations/[organization_id]". + * Required. Name of the organization to run asset discovery for. Its format is + * "organizations/[organization_id]". * @param {object} [options] * Call options. See {@link https://googleapis.dev/nodejs/google-gax/latest/interfaces/CallOptions.html|CallOptions} for more details. * @returns {Promise} - The promise which resolves to an array. @@ -2276,9 +2275,9 @@ export class SecurityCenterClient { * Use a negated partial match on the empty string to filter based on a * property not existing: `-resource_properties.my_property : ""` * @param {string} request.groupBy - * Required. Expression that defines what assets fields to use for grouping. - * The string value should follow SQL syntax: comma separated list of fields. - * For example: + * Required. Expression that defines what assets fields to use for grouping. The string + * value should follow SQL syntax: comma separated list of fields. For + * example: * "security_center_properties.resource_project,security_center_properties.project". * * The following fields are supported when compare_duration is not set: @@ -2463,9 +2462,9 @@ export class SecurityCenterClient { * Use a negated partial match on the empty string to filter based on a * property not existing: `-resource_properties.my_property : ""` * @param {string} request.groupBy - * Required. Expression that defines what assets fields to use for grouping. - * The string value should follow SQL syntax: comma separated list of fields. - * For example: + * Required. Expression that defines what assets fields to use for grouping. The string + * value should follow SQL syntax: comma separated list of fields. For + * example: * "security_center_properties.resource_project,security_center_properties.project". * * The following fields are supported when compare_duration is not set: @@ -2628,9 +2627,9 @@ export class SecurityCenterClient { * Use a negated partial match on the empty string to filter based on a * property not existing: `-resource_properties.my_property : ""` * @param {string} request.groupBy - * Required. Expression that defines what assets fields to use for grouping. - * The string value should follow SQL syntax: comma separated list of fields. - * For example: + * Required. Expression that defines what assets fields to use for grouping. The string + * value should follow SQL syntax: comma separated list of fields. For + * example: * "security_center_properties.resource_project,security_center_properties.project". * * The following fields are supported when compare_duration is not set: @@ -2834,9 +2833,9 @@ export class SecurityCenterClient { * * resource.project_display_name: `=`, `:` * * resource.type: `=`, `:` * @param {string} request.groupBy - * Required. Expression that defines what assets fields to use for grouping - * (including `state_change`). The string value should follow SQL syntax: - * comma separated list of fields. For example: "parent,resource_name". + * Required. Expression that defines what assets fields to use for grouping (including + * `state_change`). The string value should follow SQL syntax: comma separated + * list of fields. For example: "parent,resource_name". * * The following fields are supported: * @@ -3024,9 +3023,9 @@ export class SecurityCenterClient { * * resource.project_display_name: `=`, `:` * * resource.type: `=`, `:` * @param {string} request.groupBy - * Required. Expression that defines what assets fields to use for grouping - * (including `state_change`). The string value should follow SQL syntax: - * comma separated list of fields. For example: "parent,resource_name". + * Required. Expression that defines what assets fields to use for grouping (including + * `state_change`). The string value should follow SQL syntax: comma separated + * list of fields. For example: "parent,resource_name". * * The following fields are supported: * @@ -3192,9 +3191,9 @@ export class SecurityCenterClient { * * resource.project_display_name: `=`, `:` * * resource.type: `=`, `:` * @param {string} request.groupBy - * Required. Expression that defines what assets fields to use for grouping - * (including `state_change`). The string value should follow SQL syntax: - * comma separated list of fields. For example: "parent,resource_name". + * Required. Expression that defines what assets fields to use for grouping (including + * `state_change`). The string value should follow SQL syntax: comma separated + * list of fields. For example: "parent,resource_name". * * The following fields are supported: * @@ -4674,8 +4673,8 @@ export class SecurityCenterClient { * @param {Object} request * The request object that will be sent. * @param {string} request.parent - * Required. Resource name of the parent of sources to list. Its format should - * be "organizations/[organization_id], folders/[folder_id], or + * Required. Resource name of the parent of sources to list. Its format should be + * "organizations/[organization_id], folders/[folder_id], or * projects/[project_id]". * @param {string} request.pageToken * The value returned by the last `ListSourcesResponse`; indicates @@ -4746,8 +4745,8 @@ export class SecurityCenterClient { * @param {Object} request * The request object that will be sent. * @param {string} request.parent - * Required. Resource name of the parent of sources to list. Its format should - * be "organizations/[organization_id], folders/[folder_id], or + * Required. Resource name of the parent of sources to list. Its format should be + * "organizations/[organization_id], folders/[folder_id], or * projects/[project_id]". * @param {string} request.pageToken * The value returned by the last `ListSourcesResponse`; indicates @@ -4796,8 +4795,8 @@ export class SecurityCenterClient { * @param {Object} request * The request object that will be sent. * @param {string} request.parent - * Required. Resource name of the parent of sources to list. Its format should - * be "organizations/[organization_id], folders/[folder_id], or + * Required. Resource name of the parent of sources to list. Its format should be + * "organizations/[organization_id], folders/[folder_id], or * projects/[project_id]". * @param {string} request.pageToken * The value returned by the last `ListSourcesResponse`; indicates diff --git a/packages/google-cloud-securitycenter/src/v1/security_center_proto_list.json b/packages/google-cloud-securitycenter/src/v1/security_center_proto_list.json index dcf14772dfb..e437464605b 100644 --- a/packages/google-cloud-securitycenter/src/v1/security_center_proto_list.json +++ b/packages/google-cloud-securitycenter/src/v1/security_center_proto_list.json @@ -2,6 +2,7 @@ "../../protos/google/cloud/securitycenter/v1/asset.proto", "../../protos/google/cloud/securitycenter/v1/finding.proto", "../../protos/google/cloud/securitycenter/v1/folder.proto", + "../../protos/google/cloud/securitycenter/v1/indicator.proto", "../../protos/google/cloud/securitycenter/v1/notification_config.proto", "../../protos/google/cloud/securitycenter/v1/notification_message.proto", "../../protos/google/cloud/securitycenter/v1/organization_settings.proto",