// Copyright 2021 Google LLC // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. // You may obtain a copy of the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. syntax = "proto3"; package google.cloud.securitycenter.v1p1beta1; import "google/api/field_behavior.proto"; import "google/api/resource.proto"; import "google/cloud/securitycenter/v1p1beta1/security_marks.proto"; import "google/protobuf/struct.proto"; import "google/protobuf/timestamp.proto"; option csharp_namespace = "Google.Cloud.SecurityCenter.V1P1Beta1"; option go_package = "google.golang.org/genproto/googleapis/cloud/securitycenter/v1p1beta1;securitycenter"; option java_multiple_files = true; option java_package = "com.google.cloud.securitycenter.v1p1beta1"; option php_namespace = "Google\\Cloud\\SecurityCenter\\V1p1beta1"; option ruby_package = "Google::Cloud::SecurityCenter::V1p1beta1"; // Security Command Center finding. // // A finding is a record of assessment data (security, risk, health or privacy) // ingested into Security Command Center for presentation, notification, // analysis, policy testing, and enforcement. For example, an XSS vulnerability // in an App Engine application is a finding. message Finding { option (google.api.resource) = { type: "securitycenter.googleapis.com/Finding" pattern: "organizations/{organization}/sources/{source}/findings/{finding}" pattern: "folders/{folder}/sources/{source}/findings/{finding}" pattern: "projects/{project}/sources/{source}/findings/{finding}" }; // The state of the finding. enum State { // Unspecified state. STATE_UNSPECIFIED = 0; // The finding requires attention and has not been addressed yet. ACTIVE = 1; // The finding has been fixed, triaged as a non-issue or otherwise addressed // and is no longer active. INACTIVE = 2; } // The severity of the finding. This field is managed by the source that // writes the finding. enum Severity { // No severity specified. The default value. SEVERITY_UNSPECIFIED = 0; // Critical severity. CRITICAL = 1; // High severity. HIGH = 2; // Medium severity. MEDIUM = 3; // Low severity. LOW = 4; } // The relative resource name of this finding. See: // https://cloud.google.com/apis/design/resource_names#relative_resource_name // Example: // "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}" string name = 1; // The relative resource name of the source the finding belongs to. See: // https://cloud.google.com/apis/design/resource_names#relative_resource_name // This field is immutable after creation time. // For example: // "organizations/{organization_id}/sources/{source_id}" string parent = 2; // For findings on Google Cloud resources, the full resource // name of the Google Cloud resource this finding is for. See: // https://cloud.google.com/apis/design/resource_names#full_resource_name // When the finding is for a non-Google Cloud resource, the resourceName can // be a customer or partner defined string. This field is immutable after // creation time. string resource_name = 3; // The state of the finding. State state = 4; // The additional taxonomy group within findings from a given source. // This field is immutable after creation time. // Example: "XSS_FLASH_INJECTION" string category = 5; // The URI that, if available, points to a web page outside of Security // Command Center where additional information about the finding can be found. // This field is guaranteed to be either empty or a well formed URL. string external_uri = 6; // Source specific properties. These properties are managed by the source // that writes the finding. The key names in the source_properties map must be // between 1 and 255 characters, and must start with a letter and contain // alphanumeric characters or underscores only. map source_properties = 7; // Output only. User specified security marks. These marks are entirely // managed by the user and come from the SecurityMarks resource that belongs // to the finding. SecurityMarks security_marks = 8 [(google.api.field_behavior) = OUTPUT_ONLY]; // The time at which the event took place, or when an update to the finding // occurred. For example, if the finding represents an open firewall it would // capture the time the detector believes the firewall became open. The // accuracy is determined by the detector. If the finding were to be resolved // afterward, this time would reflect when the finding was resolved. Must not // be set to a value greater than the current timestamp. google.protobuf.Timestamp event_time = 9; // The time at which the finding was created in Security Command Center. google.protobuf.Timestamp create_time = 10; // The severity of the finding. This field is managed by the source that // writes the finding. Severity severity = 13; // The canonical name of the finding. It's either // "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}", // "folders/{folder_id}/sources/{source_id}/findings/{finding_id}" or // "projects/{project_number}/sources/{source_id}/findings/{finding_id}", // depending on the closest CRM ancestor of the resource associated with the // finding. string canonical_name = 14; }