// Copyright 2023 Google LLC // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. // You may obtain a copy of the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. syntax = "proto3"; package google.cloud.securitycenter.v1; option csharp_namespace = "Google.Cloud.SecurityCenter.V1"; option go_package = "cloud.google.com/go/securitycenter/apiv1/securitycenterpb;securitycenterpb"; option java_multiple_files = true; option java_outer_classname = "ExfiltrationProto"; option java_package = "com.google.cloud.securitycenter.v1"; option php_namespace = "Google\\Cloud\\SecurityCenter\\V1"; option ruby_package = "Google::Cloud::SecurityCenter::V1"; // Exfiltration represents a data exfiltration attempt of one or more // sources to one or more targets. Sources represent the source // of data that is exfiltrated, and Targets represents the destination the // data was copied to. message Exfiltration { // If there are multiple sources, then the data is considered "joined" between // them. For instance, BigQuery can join multiple tables, and each // table would be considered a source. repeated ExfilResource sources = 1; // If there are multiple targets, each target would get a complete copy of the // "joined" source data. repeated ExfilResource targets = 2; } // Resource that has been exfiltrated or exfiltrated_to. message ExfilResource { // Resource's URI (https://google.aip.dev/122#full-resource-names) string name = 1; // Subcomponents of the asset that is exfiltrated - these could be // URIs used during exfiltration, table names, databases, filenames, etc. // For example, multiple tables may be exfiltrated from the same CloudSQL // instance, or multiple files from the same Cloud Storage bucket. repeated string components = 2; }