// Copyright 2023 Google LLC // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. // You may obtain a copy of the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. syntax = "proto3"; package google.cloud.securitycenter.v1; import "google/type/expr.proto"; option csharp_namespace = "Google.Cloud.SecurityCenter.V1"; option go_package = "cloud.google.com/go/securitycenter/apiv1/securitycenterpb;securitycenterpb"; option java_multiple_files = true; option java_outer_classname = "SecurityHealthAnalyticsCustomConfigProto"; option java_package = "com.google.cloud.securitycenter.v1"; option php_namespace = "Google\\Cloud\\SecurityCenter\\V1"; option ruby_package = "Google::Cloud::SecurityCenter::V1"; // Defines the properties in a custom module configuration for Security // Health Analytics. Use the custom module configuration to create custom // detectors that generate custom findings for resources that you specify. message CustomConfig { // A set of optional name-value pairs that define custom source properties to // return with each finding that is generated by the custom module. The custom // source properties that are defined here are included in the finding JSON // under `sourceProperties`. message CustomOutputSpec { // An individual name-value pair that defines a custom source property. message Property { // Name of the property for the custom output. string name = 1; // The CEL expression for the custom output. A resource property can be // specified to return the value of the property or a text string enclosed // in quotation marks. google.type.Expr value_expression = 2; } // A list of custom output properties to add to the finding. repeated Property properties = 1; } // Resource for selecting resource type. message ResourceSelector { // The resource types to run the detector on. repeated string resource_types = 1; } // Defines the valid value options for the severity of a finding. enum Severity { // Unspecified severity. SEVERITY_UNSPECIFIED = 0; // Critical severity. CRITICAL = 1; // High severity. HIGH = 2; // Medium severity. MEDIUM = 3; // Low severity. LOW = 4; } // The CEL expression to evaluate to produce findings. When the expression // evaluates to true against a resource, a finding is generated. google.type.Expr predicate = 1; // Custom output properties. CustomOutputSpec custom_output = 2; // The resource types that the custom module operates on. Each custom module // can specify up to 5 resource types. ResourceSelector resource_selector = 3; // The severity to assign to findings generated by the module. Severity severity = 4; // Text that describes the vulnerability or misconfiguration that the custom // module detects. This explanation is returned with each finding instance to // help investigators understand the detected issue. The text must be enclosed // in quotation marks. string description = 5; // An explanation of the recommended steps that security teams can take to // resolve the detected issue. This explanation is returned with each finding // generated by this module in the `nextSteps` property of the finding JSON. string recommendation = 6; }