googleapis

import { OAuth2Client, JWT, Compute, UserRefreshClient, BaseExternalAccountClient, GaxiosResponseWithHTTP2, GoogleConfigurable, MethodOptions, StreamMethodOptions, GlobalOptions, GoogleAuth, BodyResponseCallback, APIRequestContext } from 'googleapis-common'; import { Readable } from 'stream'; export declare namespace securitycenter_v1 { export interface Options extends GlobalOptions { version: 'v1'; } interface StandardParameters { /** * Auth client or API Key for the request */ auth?: string | OAuth2Client | JWT | Compute | UserRefreshClient | BaseExternalAccountClient | GoogleAuth; /** * V1 error format. */ '$.xgafv'?: string; /** * OAuth access token. */ access_token?: string; /** * Data format for response. */ alt?: string; /** * JSONP */ callback?: string; /** * Selector specifying which fields to include in a partial response. */ fields?: string; /** * API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. */ key?: string; /** * OAuth 2.0 token for the current user. */ oauth_token?: string; /** * Returns response with indentations and line breaks. */ prettyPrint?: boolean; /** * Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. */ quotaUser?: string; /** * Legacy upload protocol for media (e.g. "media", "multipart"). */ uploadType?: string; /** * Upload protocol for media (e.g. "raw", "multipart"). */ upload_protocol?: string; } /** * Security Command Center API * * Security Command Center API provides access to temporal views of assets and findings within an organization. * * @example * ```js * const {google} = require('googleapis'); * const securitycenter = google.securitycenter('v1'); * ``` */ export class Securitycenter { context: APIRequestContext; folders: Resource$Folders; organizations: Resource$Organizations; projects: Resource$Projects; constructor(options: GlobalOptions, google?: GoogleConfigurable); } /** * Represents an access event. */ export interface Schema$Access { /** * Caller's IP address, such as "1.1.1.1". */ callerIp?: string | null; /** * The caller IP's geolocation, which identifies where the call came from. */ callerIpGeo?: Schema$Geolocation; /** * The method that the service account called, e.g. "SetIamPolicy". */ methodName?: string | null; /** * Associated email, such as "foo@google.com". The email address of the authenticated user or a service account acting on behalf of a third party principal making the request. For third party identity callers, the `principal_subject` field is populated instead of this field. For privacy reasons, the principal email address is sometimes redacted. For more information, see [Caller identities in audit logs](https://cloud.google.com/logging/docs/audit#user-id). */ principalEmail?: string | null; /** * A string that represents the principal_subject that is associated with the identity. Unlike `principal_email`, `principal_subject` supports principals that aren't associated with email addresses, such as third party principals. For most identities, the format is `principal://iam.googleapis.com/{identity pool name\}/subject/{subject\}`. Some GKE identities, such as GKE_WORKLOAD, FREEFORM, and GKE_HUB_WORKLOAD, still use the legacy format `serviceAccount:{identity pool name\}[{subject\}]`. */ principalSubject?: string | null; /** * The identity delegation history of an authenticated service account that made the request. The `serviceAccountDelegationInfo[]` object contains information about the real authorities that try to access Google Cloud resources by delegating on a service account. When multiple authorities are present, they are guaranteed to be sorted based on the original ordering of the identity delegation events. */ serviceAccountDelegationInfo?: Schema$ServiceAccountDelegationInfo[]; /** * The name of the service account key that was used to create or exchange credentials when authenticating the service account that made the request. This is a scheme-less URI full resource name. For example: "//iam.googleapis.com/projects/{PROJECT_ID\}/serviceAccounts/{ACCOUNT\}/keys/{key\}". */ serviceAccountKeyName?: string | null; /** * This is the API service that the service account made a call to, e.g. "iam.googleapis.com" */ serviceName?: string | null; /** * The caller's user agent string associated with the finding. */ userAgent?: string | null; /** * Type of user agent associated with the finding. For example, an operating system shell or an embedded or standalone application. */ userAgentFamily?: string | null; /** * A string that represents a username. The username provided depends on the type of the finding and is likely not an IAM principal. For example, this can be a system username if the finding is related to a virtual machine, or it can be an application login username. */ userName?: string | null; } /** * Conveys information about a Kubernetes access review (such as one returned by a [`kubectl auth can-i`](https://kubernetes.io/docs/reference/access-authn-authz/authorization/#checking-api-access) command) that was involved in a finding. */ export interface Schema$AccessReview { /** * The API group of the resource. "*" means all. */ group?: string | null; /** * The name of the resource being requested. Empty means all. */ name?: string | null; /** * Namespace of the action being requested. Currently, there is no distinction between no namespace and all namespaces. Both are represented by "" (empty). */ ns?: string | null; /** * The optional resource type requested. "*" means all. */ resource?: string | null; /** * The optional subresource type. */ subresource?: string | null; /** * A Kubernetes resource API verb, like get, list, watch, create, update, delete, proxy. "*" means all. */ verb?: string | null; /** * The API version of the resource. "*" means all. */ version?: string | null; } /** * Information about [Google Cloud Armor Adaptive Protection](https://cloud.google.com/armor/docs/cloud-armor-overview#google-cloud-armor-adaptive-protection). */ export interface Schema$AdaptiveProtection { /** * A score of 0 means that there is low confidence that the detected event is an actual attack. A score of 1 means that there is high confidence that the detected event is an attack. See the [Adaptive Protection documentation](https://cloud.google.com/armor/docs/adaptive-protection-overview#configure-alert-tuning) for further explanation. */ confidence?: number | null; } /** * Represents an ADC application associated with the finding. */ export interface Schema$AdcApplication { /** * Consumer provided attributes for the AppHub application. */ attributes?: Schema$GoogleCloudSecuritycenterV1ResourceApplicationAttributes; /** * The resource name of an ADC Application. Format: projects/{project\}/locations/{location\}/spaces/{space\}/applications/{application\} */ name?: string | null; } /** * Represents an ADC template associated with the finding. */ export interface Schema$AdcApplicationTemplateRevision { /** * The resource name of an ADC Application Template Revision. Format: projects/{project\}/locations/{location\}/spaces/{space\}/applicationTemplates/{application_template\}/revisions/{revision\} */ name?: string | null; } /** * Represents an ADC shared template associated with the finding. */ export interface Schema$AdcSharedTemplateRevision { /** * The resource name of an ADC Shared Template Revision. Format: projects/{project\}/locations/{location\}/spaces/{space\}/applicationTemplates/{application_template\}/revisions/{revision\} */ name?: string | null; } /** * Details about resources affected by this finding. */ export interface Schema$AffectedResources { /** * The count of resources affected by the finding. */ count?: string | null; } /** * Contains information about the AI model associated with the finding. */ export interface Schema$AiModel { /** * The platform on which the model is deployed. */ deploymentPlatform?: string | null; /** * The user defined display name of model. Ex. baseline-classification-model */ displayName?: string | null; /** * The domain of the model, for example, “image-classification”. */ domain?: string | null; /** * The name of the model library, for example, “transformers”. */ library?: string | null; /** * The region in which the model is used, for example, “us-central1”. */ location?: string | null; /** * The name of the AI model, for example, "gemini:1.0.0". */ name?: string | null; /** * The publisher of the model, for example, “google” or “nvidia”. */ publisher?: string | null; /** * The purpose of the model, for example, "Inteference" or "Training". */ usageCategory?: string | null; } /** * Allowed IP rule. */ export interface Schema$Allowed { /** * Optional. Optional list of allowed IP rules. */ ipRules?: Schema$IpRule[]; } /** * Represents an application associated with a finding. */ export interface Schema$Application { /** * The base URI that identifies the network location of the application in which the vulnerability was detected. For example, `http://example.com`. */ baseUri?: string | null; /** * The full URI with payload that can be used to reproduce the vulnerability. For example, `http://example.com?p=aMmYgI6H`. */ fullUri?: string | null; } /** * Represents the result of evaluating artifact guard policies. */ export interface Schema$ArtifactGuardPolicies { /** * A list of failing policies. */ failingPolicies?: Schema$ArtifactGuardPolicy[]; /** * The ID of the resource that has policies configured for it. */ resourceId?: string | null; } /** * Represents an artifact guard policy. */ export interface Schema$ArtifactGuardPolicy { /** * The reason for the policy failure, for example, "severity=HIGH AND max_vuln_count=2". */ failureReason?: string | null; /** * The ID of the failing policy, for example, "organizations/3392779/locations/global/policies/prod-policy". */ policyId?: string | null; /** * The type of the policy evaluation. */ type?: string | null; } /** * Security Command Center representation of a Google Cloud resource. The Asset is a Security Command Center resource that captures information about a single Google Cloud resource. All modifications to an Asset are only within the context of Security Command Center and don't affect the referenced Google Cloud resource. */ export interface Schema$Asset { /** * The canonical name of the resource. It's either "organizations/{organization_id\}/assets/{asset_id\}", "folders/{folder_id\}/assets/{asset_id\}" or "projects/{project_number\}/assets/{asset_id\}", depending on the closest CRM ancestor of the resource. */ canonicalName?: string | null; /** * The time at which the asset was created in Security Command Center. */ createTime?: string | null; /** * Cloud IAM Policy information associated with the Google Cloud resource described by the Security Command Center asset. This information is managed and defined by the Google Cloud resource and cannot be modified by the user. */ iamPolicy?: Schema$IamPolicy; /** * The relative resource name of this asset. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name Example: "organizations/{organization_id\}/assets/{asset_id\}". */ name?: string | null; /** * Resource managed properties. These properties are managed and defined by the Google Cloud resource and cannot be modified by the user. */ resourceProperties?: { [key: string]: any; } | null; /** * Security Command Center managed properties. These properties are managed by Security Command Center and cannot be modified by the user. */ securityCenterProperties?: Schema$SecurityCenterProperties; /** * User specified security marks. These marks are entirely managed by the user and come from the SecurityMarks resource that belongs to the asset. */ securityMarks?: Schema$SecurityMarks; /** * The time at which the asset was last updated or added in Cloud SCC. */ updateTime?: string | null; } /** * The configuration used for Asset Discovery runs. */ export interface Schema$AssetDiscoveryConfig { /** * The folder ids to use for filtering asset discovery. It consists of only digits, e.g., 756619654966. */ folderIds?: string[] | null; /** * The mode to use for filtering asset discovery. */ inclusionMode?: string | null; /** * The project ids to use for filtering asset discovery. */ projectIds?: string[] | null; } /** * Information about DDoS attack volume and classification. */ export interface Schema$Attack { /** * Type of attack, for example, 'SYN-flood', 'NTP-udp', or 'CHARGEN-udp'. */ classification?: string | null; /** * Total BPS (bytes per second) volume of attack. Deprecated - refer to volume_bps_long instead. */ volumeBps?: number | null; /** * Total BPS (bytes per second) volume of attack. */ volumeBpsLong?: string | null; /** * Total PPS (packets per second) volume of attack. Deprecated - refer to volume_pps_long instead. */ volumePps?: number | null; /** * Total PPS (packets per second) volume of attack. */ volumePpsLong?: string | null; } /** * An attack exposure contains the results of an attack path simulation run. */ export interface Schema$AttackExposure { /** * The resource name of the attack path simulation result that contains the details regarding this attack exposure score. Example: `organizations/123/simulations/456/attackExposureResults/789` */ attackExposureResult?: string | null; /** * The number of high value resources that are exposed as a result of this finding. */ exposedHighValueResourcesCount?: number | null; /** * The number of high value resources that are exposed as a result of this finding. */ exposedLowValueResourcesCount?: number | null; /** * The number of medium value resources that are exposed as a result of this finding. */ exposedMediumValueResourcesCount?: number | null; /** * The most recent time the attack exposure was updated on this finding. */ latestCalculationTime?: string | null; /** * A number between 0 (inclusive) and infinity that represents how important this finding is to remediate. The higher the score, the more important it is to remediate. */ score?: number | null; /** * What state this AttackExposure is in. This captures whether or not an attack exposure has been calculated or not. */ state?: string | null; } /** * A path that an attacker could take to reach an exposed resource. */ export interface Schema$AttackPath { /** * A list of the edges between nodes in this attack path. */ edges?: Schema$AttackPathEdge[]; /** * The attack path name, for example, `organizations/12/simulation/34/valuedResources/56/attackPaths/78` */ name?: string | null; /** * A list of nodes that exist in this attack path. */ pathNodes?: Schema$AttackPathNode[]; } /** * Represents a connection between a source node and a destination node in this attack path. */ export interface Schema$AttackPathEdge { /** * The attack node uuid of the destination node. */ destination?: string | null; /** * The attack node uuid of the source node. */ source?: string | null; } /** * Represents one point that an attacker passes through in this attack path. */ export interface Schema$AttackPathNode { /** * The findings associated with this node in the attack path. */ associatedFindings?: Schema$PathNodeAssociatedFinding[]; /** * A list of attack step nodes that exist in this attack path node. */ attackSteps?: Schema$AttackStepNode[]; /** * Human-readable name of this resource. */ displayName?: string | null; /** * The name of the resource at this point in the attack path. The format of the name follows the Cloud Asset Inventory [resource name format](https://cloud.google.com/asset-inventory/docs/resource-name-format) */ resource?: string | null; /** * The [supported resource type](https://cloud.google.com/asset-inventory/docs/supported-asset-types) */ resourceType?: string | null; /** * Unique id of the attack path node. */ uuid?: string | null; } /** * Detailed steps the attack can take between path nodes. */ export interface Schema$AttackStepNode { /** * Attack step description */ description?: string | null; /** * User friendly name of the attack step */ displayName?: string | null; /** * Attack step labels for metadata */ labels?: { [key: string]: string; } | null; /** * Attack step type. Can be either AND, OR or DEFENSE */ type?: string | null; /** * Unique ID for one Node */ uuid?: string | null; } /** * Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both `allServices` and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { "audit_configs": [ { "service": "allServices", "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] \}, { "log_type": "DATA_WRITE" \}, { "log_type": "ADMIN_READ" \} ] \}, { "service": "sampleservice.googleapis.com", "audit_log_configs": [ { "log_type": "DATA_READ" \}, { "log_type": "DATA_WRITE", "exempted_members": [ "user:aliya@example.com" ] \} ] \} ] \} For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts `jose@example.com` from DATA_READ logging, and `aliya@example.com` from DATA_WRITE logging. */ export interface Schema$AuditConfig { /** * The configuration for logging of each type of permission. */ auditLogConfigs?: Schema$AuditLogConfig[]; /** * Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services. */ service?: string | null; } /** * Provides the configuration for logging a type of permissions. Example: { "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] \}, { "log_type": "DATA_WRITE" \} ] \} This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting jose@example.com from DATA_READ logging. */ export interface Schema$AuditLogConfig { /** * Specifies the identities that do not cause logging for this type of permission. Follows the same format of Binding.members. */ exemptedMembers?: string[] | null; /** * The log type that this config enables. */ logType?: string | null; } /** * An AWS account that is a member of an organization. */ export interface Schema$AwsAccount { /** * The unique identifier (ID) of the account, containing exactly 12 digits. */ id?: string | null; /** * The friendly name of this account. */ name?: string | null; } /** * AWS metadata associated with the resource, only applicable if the finding's cloud provider is Amazon Web Services. */ export interface Schema$AwsMetadata { /** * The AWS account associated with the resource. */ account?: Schema$AwsAccount; /** * The AWS organization associated with the resource. */ organization?: Schema$AwsOrganization; /** * A list of AWS organizational units associated with the resource, ordered from lowest level (closest to the account) to highest level. */ organizationalUnits?: Schema$AwsOrganizationalUnit[]; } /** * An organization is a collection of accounts that are centrally managed together using consolidated billing, organized hierarchically with organizational units (OUs), and controlled with policies. */ export interface Schema$AwsOrganization { /** * The unique identifier (ID) for the organization. The regex pattern for an organization ID string requires "o-" followed by from 10 to 32 lowercase letters or digits. */ id?: string | null; } /** * An Organizational Unit (OU) is a container of AWS accounts within a root of an organization. Policies that are attached to an OU apply to all accounts contained in that OU and in any child OUs. */ export interface Schema$AwsOrganizationalUnit { /** * The unique identifier (ID) associated with this OU. The regex pattern for an organizational unit ID string requires "ou-" followed by from 4 to 32 lowercase letters or digits (the ID of the root that contains the OU). This string is followed by a second "-" dash and from 8 to 32 additional lowercase letters or digits. For example, "ou-ab12-cd34ef56". */ id?: string | null; /** * The friendly name of the OU. */ name?: string | null; } /** * Represents an Azure management group. */ export interface Schema$AzureManagementGroup { /** * The display name of the Azure management group. */ displayName?: string | null; /** * The UUID of the Azure management group, for example, `20000000-0001-0000-0000-000000000000`. */ id?: string | null; } /** * Azure metadata associated with the resource, only applicable if the finding's cloud provider is Microsoft Azure. */ export interface Schema$AzureMetadata { /** * A list of Azure management groups associated with the resource, ordered from lowest level (closest to the subscription) to highest level. */ managementGroups?: Schema$AzureManagementGroup[]; /** * The Azure resource group associated with the resource. */ resourceGroup?: Schema$AzureResourceGroup; /** * The Azure subscription associated with the resource. */ subscription?: Schema$AzureSubscription; /** * The Azure Entra tenant associated with the resource. */ tenant?: Schema$AzureTenant; } /** * Represents an Azure resource group. */ export interface Schema$AzureResourceGroup { /** * The ID of the Azure resource group. */ id?: string | null; /** * The name of the Azure resource group. This is not a UUID. */ name?: string | null; } /** * Represents an Azure subscription. */ export interface Schema$AzureSubscription { /** * The display name of the Azure subscription. */ displayName?: string | null; /** * The UUID of the Azure subscription, for example, `291bba3f-e0a5-47bc-a099-3bdcb2a50a05`. */ id?: string | null; } /** * Represents a Microsoft Entra tenant. */ export interface Schema$AzureTenant { /** * The display name of the Azure tenant. */ displayName?: string | null; /** * The ID of the Microsoft Entra tenant, for example, "a11aaa11-aa11-1aa1-11aa-1aaa11a". */ id?: string | null; } /** * Information related to Google Cloud Backup and DR Service findings. */ export interface Schema$BackupDisasterRecovery { /** * The name of the Backup and DR appliance that captures, moves, and manages the lifecycle of backup data. For example, `backup-server-57137`. */ appliance?: string | null; /** * The names of Backup and DR applications. An application is a VM, database, or file system on a managed host monitored by a backup and recovery appliance. For example, `centos7-01-vol00`, `centos7-01-vol01`, `centos7-01-vol02`. */ applications?: string[] | null; /** * The timestamp at which the Backup and DR backup was created. */ backupCreateTime?: string | null; /** * The name of a Backup and DR template which comprises one or more backup policies. See the [Backup and DR documentation](https://cloud.google.com/backup-disaster-recovery/docs/concepts/backup-plan#temp) for more information. For example, `snap-ov`. */ backupTemplate?: string | null; /** * The backup type of the Backup and DR image. For example, `Snapshot`, `Remote Snapshot`, `OnVault`. */ backupType?: string | null; /** * The name of a Backup and DR host, which is managed by the backup and recovery appliance and known to the management console. The host can be of type Generic (for example, Compute Engine, SQL Server, Oracle DB, SMB file system, etc.), vCenter, or an ESX server. See the [Backup and DR documentation on hosts](https://cloud.google.com/backup-disaster-recovery/docs/configuration/manage-hosts-and-their-applications) for more information. For example, `centos7-01`. */ host?: string | null; /** * The names of Backup and DR policies that are associated with a template and that define when to run a backup, how frequently to run a backup, and how long to retain the backup image. For example, `onvaults`. */ policies?: string[] | null; /** * The names of Backup and DR advanced policy options of a policy applying to an application. See the [Backup and DR documentation on policy options](https://cloud.google.com/backup-disaster-recovery/docs/create-plan/policy-settings). For example, `skipofflineappsincongrp, nounmap`. */ policyOptions?: string[] | null; /** * The name of the Backup and DR resource profile that specifies the storage media for backups of application and VM data. See the [Backup and DR documentation on profiles](https://cloud.google.com/backup-disaster-recovery/docs/concepts/backup-plan#profile). For example, `GCP`. */ profile?: string | null; /** * The name of the Backup and DR storage pool that the backup and recovery appliance is storing data in. The storage pool could be of type Cloud, Primary, Snapshot, or OnVault. See the [Backup and DR documentation on storage pools](https://cloud.google.com/backup-disaster-recovery/docs/concepts/storage-pools). For example, `DiskPoolOne`. */ storagePool?: string | null; } /** * Request message to create multiple resource value configs */ export interface Schema$BatchCreateResourceValueConfigsRequest { /** * Required. The resource value configs to be created. */ requests?: Schema$CreateResourceValueConfigRequest[]; } /** * Response message for BatchCreateResourceValueConfigs */ export interface Schema$BatchCreateResourceValueConfigsResponse { /** * The resource value configs created */ resourceValueConfigs?: Schema$GoogleCloudSecuritycenterV1ResourceValueConfig[]; } /** * The destination BigQuery dataset to export findings to. */ export interface Schema$BigQueryDestination { /** * Required. The relative resource name of the destination dataset, in the form projects/{projectId\}/datasets/{datasetId\}. */ dataset?: string | null; } /** * Associates `members`, or principals, with a `role`. */ export interface Schema$Binding { /** * The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). */ condition?: Schema$Expr; /** * Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid\}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid\}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid\}.svc.id.goog[{namespace\}/{kubernetes-sa\}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid\}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain\}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `principal://iam.googleapis.com/locations/global/workforcePools/{pool_id\}/subject/{subject_attribute_value\}`: A single identity in a workforce identity pool. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id\}/group/{group_id\}`: All workforce identities in a group. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id\}/attribute.{attribute_name\}/{attribute_value\}`: All workforce identities with a specific attribute value. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id\}/x`: All identities in a workforce identity pool. * `principal://iam.googleapis.com/projects/{project_number\}/locations/global/workloadIdentityPools/{pool_id\}/subject/{subject_attribute_value\}`: A single identity in a workload identity pool. * `principalSet://iam.googleapis.com/projects/{project_number\}/locations/global/workloadIdentityPools/{pool_id\}/group/{group_id\}`: A workload identity pool group. * `principalSet://iam.googleapis.com/projects/{project_number\}/locations/global/workloadIdentityPools/{pool_id\}/attribute.{attribute_name\}/{attribute_value\}`: All identities in a workload identity pool with a certain attribute. * `principalSet://iam.googleapis.com/projects/{project_number\}/locations/global/workloadIdentityPools/{pool_id\}/x`: All identities in a workload identity pool. * `deleted:user:{emailid\}?uid={uniqueid\}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid\}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid\}?uid={uniqueid\}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid\}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid\}?uid={uniqueid\}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid\}` and the recovered group retains the role in the binding. * `deleted:principal://iam.googleapis.com/locations/global/workforcePools/{pool_id\}/subject/{subject_attribute_value\}`: Deleted single identity in a workforce identity pool. For example, `deleted:principal://iam.googleapis.com/locations/global/workforcePools/my-pool-id/subject/my-subject-attribute-value`. */ members?: string[] | null; /** * Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`. For an overview of the IAM roles and permissions, see the [IAM documentation](https://cloud.google.com/iam/docs/roles-overview). For a list of the available pre-defined roles, see [here](https://cloud.google.com/iam/docs/understanding-roles). */ role?: string | null; } /** * Request message for bulk findings update. Note: 1. If multiple bulk update requests match the same resource, the order in which they get executed is not defined. 2. Once a bulk operation is started, there is no way to stop it. */ export interface Schema$BulkMuteFindingsRequest { /** * Expression that identifies findings that should be updated. The expression is a list of zero or more restrictions combined via logical operators `AND` and `OR`. Parentheses are supported, and `OR` has higher precedence than `AND`. Restrictions have the form ` ` and may have a `-` character in front of them to indicate negation. The fields map to those defined in the corresponding resource. The supported operators are: * `=` for all value types. * `\>`, `<`, `\>=`, `<=` for integer values. * `:`, meaning substring matching, for strings. The supported value types are: * string literals in quotes. * integer literals without quotes. * boolean literals `true` and `false` without quotes. */ filter?: string | null; /** * This can be a mute configuration name or any identifier for mute/unmute of findings based on the filter. */ muteAnnotation?: string | null; /** * Optional. All findings matching the given filter will have their mute state set to this value. The default value is `MUTED`. Setting this to `UNDEFINED` will clear the mute state on all matching findings. */ muteState?: string | null; } /** * Contains details about a chokepoint, which is a resource or resource group where high-risk attack paths converge, based on [attack path simulations] (https://cloud.google.com/security-command-center/docs/attack-exposure-learn#attack_path_simulations). */ export interface Schema$Chokepoint { /** * List of resource names of findings associated with this chokepoint. For example, organizations/123/sources/456/findings/789. This list will have at most 100 findings. */ relatedFindings?: string[] | null; } /** * Fields related to Google Cloud Armor findings. */ export interface Schema$CloudArmor { /** * Information about potential Layer 7 DDoS attacks identified by [Google Cloud Armor Adaptive Protection](https://cloud.google.com/armor/docs/adaptive-protection-overview). */ adaptiveProtection?: Schema$AdaptiveProtection; /** * Information about DDoS attack volume and classification. */ attack?: Schema$Attack; /** * Duration of attack from the start until the current moment (updated every 5 minutes). */ duration?: string | null; /** * Information about incoming requests evaluated by [Google Cloud Armor security policies](https://cloud.google.com/armor/docs/security-policy-overview). */ requests?: Schema$Requests; /** * Information about the [Google Cloud Armor security policy](https://cloud.google.com/armor/docs/security-policy-overview) relevant to the finding. */ securityPolicy?: Schema$SecurityPolicy; /** * Distinguish between volumetric & protocol DDoS attack and application layer attacks. For example, "L3_4" for Layer 3 and Layer 4 DDoS attacks, or "L_7" for Layer 7 DDoS attacks. */ threatVector?: string | null; } /** * CloudControl associated with the finding. */ export interface Schema$CloudControl { /** * Name of the CloudControl associated with the finding. */ cloudControlName?: string | null; /** * Policy type of the CloudControl */ policyType?: string | null; /** * Type of cloud control. */ type?: string | null; /** * Version of the Cloud Control */ version?: number | null; } /** * The [data profile](https://cloud.google.com/dlp/docs/data-profiles) associated with the finding. */ export interface Schema$CloudDlpDataProfile { /** * Name of the data profile, for example, `projects/123/locations/europe/tableProfiles/8383929`. */ dataProfile?: string | null; /** * Type of information detected by SDP. Info type includes name, version and sensitivity of the detected information type. */ infoTypes?: Schema$InfoType[]; /** * The resource hierarchy level at which the data profile was generated. */ parentType?: string | null; } /** * Details about the Cloud Data Loss Prevention (Cloud DLP) [inspection job](https://cloud.google.com/dlp/docs/concepts-job-triggers) that produced the finding. */ export interface Schema$CloudDlpInspection { /** * Whether Cloud DLP scanned the complete resource or a sampled subset. */ fullScan?: boolean | null; /** * The type of information (or *[infoType](https://cloud.google.com/dlp/docs/infotypes-reference)*) found, for example, `EMAIL_ADDRESS` or `STREET_ADDRESS`. */ infoType?: string | null; /** * The number of times Cloud DLP found this infoType within this job and resource. */ infoTypeCount?: string | null; /** * Name of the inspection job, for example, `projects/123/locations/europe/dlpJobs/i-8383929`. */ inspectJob?: string | null; } /** * Metadata taken from a [Cloud Logging LogEntry](https://cloud.google.com/logging/docs/reference/v2/rest/v2/LogEntry) */ export interface Schema$CloudLoggingEntry { /** * A unique identifier for the log entry. */ insertId?: string | null; /** * The type of the log (part of `log_name`. `log_name` is the resource name of the log to which this log entry belongs). For example: `cloudresourcemanager.googleapis.com/activity`. Note that this field is not URL-encoded, unlike the `LOG_ID` field in `LogEntry`. */ logId?: string | null; /** * The organization, folder, or project of the monitored resource that produced this log entry. */ resourceContainer?: string | null; /** * The time the event described by the log entry occurred. */ timestamp?: string | null; } /** * Contains compliance information about a security standard indicating unmet recommendations. */ export interface Schema$Compliance { /** * Policies within the standard or benchmark, for example, A.12.4.1 */ ids?: string[] | null; /** * Industry-wide compliance standards or benchmarks, such as CIS, PCI, and OWASP. */ standard?: string | null; /** * Version of the standard or benchmark, for example, 1.1 */ version?: string | null; } /** * Compliance Details associated with the finding. */ export interface Schema$ComplianceDetails { /** * CloudControl associated with the finding */ cloudControl?: Schema$CloudControl; /** * Cloud Control Deployments associated with the finding. For example, organizations/123/locations/global/cloudControlDeployments/deploymentIdentifier */ cloudControlDeploymentNames?: string[] | null; /** * Details of Frameworks associated with the finding */ frameworks?: Schema$Framework[]; } /** * Contains information about the IP connection associated with the finding. */ export interface Schema$Connection { /** * Destination IP address. Not present for sockets that are listening and not connected. */ destinationIp?: string | null; /** * Destination port. Not present for sockets that are listening and not connected. */ destinationPort?: number | null; /** * IANA Internet Protocol Number such as TCP(6) and UDP(17). */ protocol?: string | null; /** * Source IP address. */ sourceIp?: string | null; /** * Source port. */ sourcePort?: number | null; } /** * The email address of a contact. */ export interface Schema$Contact { /** * An email address. For example, "`person123@company.com`". */ email?: string | null; } /** * Details about specific contacts */ export interface Schema$ContactDetails { /** * A list of contacts */ contacts?: Schema$Contact[]; } /** * Container associated with the finding. */ export interface Schema$Container { /** * The time that the container was created. */ createTime?: string | null; /** * Optional container image ID, if provided by the container runtime. Uniquely identifies the container image launched using a container image digest. */ imageId?: string | null; /** * Container labels, as provided by the container runtime. */ labels?: Schema$Label[]; /** * Name of the container. */ name?: string | null; /** * Container image URI provided when configuring a pod or container. This string can identify a container image version using mutable tags. */ uri?: string | null; } /** * Compliance control associated with the finding. */ export interface Schema$Control { /** * Name of the Control */ controlName?: string | null; /** * Display name of the control. For example, AU-02. */ displayName?: string | null; } /** * Request message to create single resource value config */ export interface Schema$CreateResourceValueConfigRequest { /** * Required. Resource name of the new ResourceValueConfig's parent. */ parent?: string | null; /** * Required. The resource value config being created. */ resourceValueConfig?: Schema$GoogleCloudSecuritycenterV1ResourceValueConfig; } /** * An error encountered while validating the uploaded configuration of an Event Threat Detection Custom Module. */ export interface Schema$CustomModuleValidationError { /** * A description of the error, suitable for human consumption. Required. */ description?: string | null; /** * The end position of the error in the uploaded text version of the module. This field may be omitted if no specific position applies, or if one could not be computed. */ end?: Schema$Position; /** * The path, in RFC 8901 JSON Pointer format, to the field that failed validation. This may be left empty if no specific field is affected. */ fieldPath?: string | null; /** * The initial position of the error in the uploaded text version of the module. This field may be omitted if no specific position applies, or if one could not be computed. */ start?: Schema$Position; } /** * A list of zero or more errors encountered while validating the uploaded configuration of an Event Threat Detection Custom Module. */ export interface Schema$CustomModuleValidationErrors { /** * The list of errors. */ errors?: Schema$CustomModuleValidationError[]; } /** * CVE stands for Common Vulnerabilities and Exposures. Information from the [CVE record](https://www.cve.org/ResourcesSupport/Glossary) that describes this vulnerability. */ export interface Schema$Cve { /** * Describe Common Vulnerability Scoring System specified at https://www.first.org/cvss/v3.1/specification-document */ cvssv3?: Schema$Cvssv3; /** * The exploitation activity of the vulnerability in the wild. */ exploitationActivity?: string | null; /** * Date the first publicly available exploit or PoC was released. */ exploitReleaseDate?: string | null; /** * Date of the earliest known exploitation. */ firstExploitationDate?: string | null; /** * The unique identifier for the vulnerability. e.g. CVE-2021-34527 */ id?: string | null; /** * The potential impact of the vulnerability if it was to be exploited. */ impact?: string | null; /** * Whether or not the vulnerability has been observed in the wild. */ observedInTheWild?: boolean | null; /** * Additional information about the CVE. e.g. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34527 */ references?: Schema$Reference[]; /** * Whether upstream fix is available for the CVE. */ upstreamFixAvailable?: boolean | null; /** * Whether or not the vulnerability was zero day when the finding was published. */ zeroDay?: boolean | null; } /** * Common Vulnerability Scoring System version 3. */ export interface Schema$Cvssv3 { /** * This metric describes the cond