googleapis

import { OAuth2Client, JWT, Compute, UserRefreshClient, BaseExternalAccountClient, GaxiosResponseWithHTTP2, GoogleConfigurable, MethodOptions, StreamMethodOptions, GlobalOptions, GoogleAuth, BodyResponseCallback, APIRequestContext } from 'googleapis-common'; import { Readable } from 'stream'; export declare namespace securitycenter_v1beta1 { export interface Options extends GlobalOptions { version: 'v1beta1'; } interface StandardParameters { /** * Auth client or API Key for the request */ auth?: string | OAuth2Client | JWT | Compute | UserRefreshClient | BaseExternalAccountClient | GoogleAuth; /** * V1 error format. */ '$.xgafv'?: string; /** * OAuth access token. */ access_token?: string; /** * Data format for response. */ alt?: string; /** * JSONP */ callback?: string; /** * Selector specifying which fields to include in a partial response. */ fields?: string; /** * API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. */ key?: string; /** * OAuth 2.0 token for the current user. */ oauth_token?: string; /** * Returns response with indentations and line breaks. */ prettyPrint?: boolean; /** * Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. */ quotaUser?: string; /** * Legacy upload protocol for media (e.g. "media", "multipart"). */ uploadType?: string; /** * Upload protocol for media (e.g. "raw", "multipart"). */ upload_protocol?: string; } /** * Security Command Center API * * Security Command Center API provides access to temporal views of assets and findings within an organization. * * @example * ```js * const {google} = require('googleapis'); * const securitycenter = google.securitycenter('v1beta1'); * ``` */ export class Securitycenter { context: APIRequestContext; organizations: Resource$Organizations; constructor(options: GlobalOptions, google?: GoogleConfigurable); } /** * Represents an access event. */ export interface Schema$Access { /** * Caller's IP address, such as "1.1.1.1". */ callerIp?: string | null; /** * The caller IP's geolocation, which identifies where the call came from. */ callerIpGeo?: Schema$Geolocation; /** * The method that the service account called, e.g. "SetIamPolicy". */ methodName?: string | null; /** * Associated email, such as "foo@google.com". The email address of the authenticated user or a service account acting on behalf of a third party principal making the request. For third party identity callers, the `principal_subject` field is populated instead of this field. For privacy reasons, the principal email address is sometimes redacted. For more information, see [Caller identities in audit logs](https://cloud.google.com/logging/docs/audit#user-id). */ principalEmail?: string | null; /** * A string that represents the principal_subject that is associated with the identity. Unlike `principal_email`, `principal_subject` supports principals that aren't associated with email addresses, such as third party principals. For most identities, the format is `principal://iam.googleapis.com/{identity pool name\}/subject/{subject\}`. Some GKE identities, such as GKE_WORKLOAD, FREEFORM, and GKE_HUB_WORKLOAD, still use the legacy format `serviceAccount:{identity pool name\}[{subject\}]`. */ principalSubject?: string | null; /** * The identity delegation history of an authenticated service account that made the request. The `serviceAccountDelegationInfo[]` object contains information about the real authorities that try to access Google Cloud resources by delegating on a service account. When multiple authorities are present, they are guaranteed to be sorted based on the original ordering of the identity delegation events. */ serviceAccountDelegationInfo?: Schema$ServiceAccountDelegationInfo[]; /** * The name of the service account key that was used to create or exchange credentials when authenticating the service account that made the request. This is a scheme-less URI full resource name. For example: "//iam.googleapis.com/projects/{PROJECT_ID\}/serviceAccounts/{ACCOUNT\}/keys/{key\}". */ serviceAccountKeyName?: string | null; /** * This is the API service that the service account made a call to, e.g. "iam.googleapis.com" */ serviceName?: string | null; /** * The caller's user agent string associated with the finding. */ userAgent?: string | null; /** * Type of user agent associated with the finding. For example, an operating system shell or an embedded or standalone application. */ userAgentFamily?: string | null; /** * A string that represents a username. The username provided depends on the type of the finding and is likely not an IAM principal. For example, this can be a system username if the finding is related to a virtual machine, or it can be an application login username. */ userName?: string | null; } /** * Conveys information about a Kubernetes access review (such as one returned by a [`kubectl auth can-i`](https://kubernetes.io/docs/reference/access-authn-authz/authorization/#checking-api-access) command) that was involved in a finding. */ export interface Schema$AccessReview { /** * The API group of the resource. "*" means all. */ group?: string | null; /** * The name of the resource being requested. Empty means all. */ name?: string | null; /** * Namespace of the action being requested. Currently, there is no distinction between no namespace and all namespaces. Both are represented by "" (empty). */ ns?: string | null; /** * The optional resource type requested. "*" means all. */ resource?: string | null; /** * The optional subresource type. */ subresource?: string | null; /** * A Kubernetes resource API verb, like get, list, watch, create, update, delete, proxy. "*" means all. */ verb?: string | null; /** * The API version of the resource. "*" means all. */ version?: string | null; } /** * Information about [Google Cloud Armor Adaptive Protection](https://cloud.google.com/armor/docs/cloud-armor-overview#google-cloud-armor-adaptive-protection). */ export interface Schema$AdaptiveProtection { /** * A score of 0 means that there is low confidence that the detected event is an actual attack. A score of 1 means that there is high confidence that the detected event is an attack. See the [Adaptive Protection documentation](https://cloud.google.com/armor/docs/adaptive-protection-overview#configure-alert-tuning) for further explanation. */ confidence?: number | null; } /** * Represents an ADC application associated with the finding. */ export interface Schema$AdcApplication { /** * Consumer provided attributes for the AppHub application. */ attributes?: Schema$GoogleCloudSecuritycenterV1ResourceApplicationAttributes; /** * The resource name of an ADC Application. Format: projects/{project\}/locations/{location\}/spaces/{space\}/applications/{application\} */ name?: string | null; } /** * Represents an ADC template associated with the finding. */ export interface Schema$AdcApplicationTemplateRevision { /** * The resource name of an ADC Application Template Revision. Format: projects/{project\}/locations/{location\}/spaces/{space\}/applicationTemplates/{application_template\}/revisions/{revision\} */ name?: string | null; } /** * Represents an ADC shared template associated with the finding. */ export interface Schema$AdcSharedTemplateRevision { /** * The resource name of an ADC Shared Template Revision. Format: projects/{project\}/locations/{location\}/spaces/{space\}/applicationTemplates/{application_template\}/revisions/{revision\} */ name?: string | null; } /** * Details about resources affected by this finding. */ export interface Schema$AffectedResources { /** * The count of resources affected by the finding. */ count?: string | null; } /** * Contains information about the AI model associated with the finding. */ export interface Schema$AiModel { /** * The platform on which the model is deployed. */ deploymentPlatform?: string | null; /** * The user defined display name of model. Ex. baseline-classification-model */ displayName?: string | null; /** * The domain of the model, for example, “image-classification”. */ domain?: string | null; /** * The name of the model library, for example, “transformers”. */ library?: string | null; /** * The region in which the model is used, for example, “us-central1”. */ location?: string | null; /** * The name of the AI model, for example, "gemini:1.0.0". */ name?: string | null; /** * The publisher of the model, for example, “google” or “nvidia”. */ publisher?: string | null; /** * The purpose of the model, for example, "Inteference" or "Training". */ usageCategory?: string | null; } /** * Allowed IP rule. */ export interface Schema$Allowed { /** * Optional. Optional list of allowed IP rules. */ ipRules?: Schema$IpRule[]; } /** * Represents an application associated with a finding. */ export interface Schema$Application { /** * The base URI that identifies the network location of the application in which the vulnerability was detected. For example, `http://example.com`. */ baseUri?: string | null; /** * The full URI with payload that can be used to reproduce the vulnerability. For example, `http://example.com?p=aMmYgI6H`. */ fullUri?: string | null; } /** * Represents the result of evaluating artifact guard policies. */ export interface Schema$ArtifactGuardPolicies { /** * A list of failing policies. */ failingPolicies?: Schema$ArtifactGuardPolicy[]; /** * The ID of the resource that has policies configured for it. */ resourceId?: string | null; } /** * Represents an artifact guard policy. */ export interface Schema$ArtifactGuardPolicy { /** * The reason for the policy failure, for example, "severity=HIGH AND max_vuln_count=2". */ failureReason?: string | null; /** * The ID of the failing policy, for example, "organizations/3392779/locations/global/policies/prod-policy". */ policyId?: string | null; /** * The type of the policy evaluation. */ type?: string | null; } /** * Security Command Center representation of a Google Cloud resource. The Asset is a Security Command Center resource that captures information about a single Google Cloud resource. All modifications to an Asset are only within the context of Security Command Center and don't affect the referenced Google Cloud resource. */ export interface Schema$Asset { /** * The time at which the asset was created in Security Command Center. */ createTime?: string | null; /** * The relative resource name of this asset. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name Example: "organizations/{organization_id\}/assets/{asset_id\}". */ name?: string | null; /** * Resource managed properties. These properties are managed and defined by the Google Cloud resource and cannot be modified by the user. */ resourceProperties?: { [key: string]: any; } | null; /** * Security Command Center managed properties. These properties are managed by Security Command Center and cannot be modified by the user. */ securityCenterProperties?: Schema$SecurityCenterProperties; /** * User specified security marks. These marks are entirely managed by the user and come from the SecurityMarks resource that belongs to the asset. */ securityMarks?: Schema$GoogleCloudSecuritycenterV1beta1SecurityMarks; /** * The time at which the asset was last updated, added, or deleted in Security Command Center. */ updateTime?: string | null; } /** * The configuration used for Asset Discovery runs. */ export interface Schema$AssetDiscoveryConfig { /** * The mode to use for filtering asset discovery. */ inclusionMode?: string | null; /** * The project ids to use for filtering asset discovery. */ projectIds?: string[] | null; } /** * Information about DDoS attack volume and classification. */ export interface Schema$Attack { /** * Type of attack, for example, 'SYN-flood', 'NTP-udp', or 'CHARGEN-udp'. */ classification?: string | null; /** * Total BPS (bytes per second) volume of attack. Deprecated - refer to volume_bps_long instead. */ volumeBps?: number | null; /** * Total BPS (bytes per second) volume of attack. */ volumeBpsLong?: string | null; /** * Total PPS (packets per second) volume of attack. Deprecated - refer to volume_pps_long instead. */ volumePps?: number | null; /** * Total PPS (packets per second) volume of attack. */ volumePpsLong?: string | null; } /** * An attack exposure contains the results of an attack path simulation run. */ export interface Schema$AttackExposure { /** * The resource name of the attack path simulation result that contains the details regarding this attack exposure score. Example: `organizations/123/simulations/456/attackExposureResults/789` */ attackExposureResult?: string | null; /** * The number of high value resources that are exposed as a result of this finding. */ exposedHighValueResourcesCount?: number | null; /** * The number of high value resources that are exposed as a result of this finding. */ exposedLowValueResourcesCount?: number | null; /** * The number of medium value resources that are exposed as a result of this finding. */ exposedMediumValueResourcesCount?: number | null; /** * The most recent time the attack exposure was updated on this finding. */ latestCalculationTime?: string | null; /** * A number between 0 (inclusive) and infinity that represents how important this finding is to remediate. The higher the score, the more important it is to remediate. */ score?: number | null; /** * What state this AttackExposure is in. This captures whether or not an attack exposure has been calculated or not. */ state?: string | null; } /** * Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both `allServices` and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { "audit_configs": [ { "service": "allServices", "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] \}, { "log_type": "DATA_WRITE" \}, { "log_type": "ADMIN_READ" \} ] \}, { "service": "sampleservice.googleapis.com", "audit_log_configs": [ { "log_type": "DATA_READ" \}, { "log_type": "DATA_WRITE", "exempted_members": [ "user:aliya@example.com" ] \} ] \} ] \} For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts `jose@example.com` from DATA_READ logging, and `aliya@example.com` from DATA_WRITE logging. */ export interface Schema$AuditConfig { /** * The configuration for logging of each type of permission. */ auditLogConfigs?: Schema$AuditLogConfig[]; /** * Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services. */ service?: string | null; } /** * Provides the configuration for logging a type of permissions. Example: { "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] \}, { "log_type": "DATA_WRITE" \} ] \} This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting jose@example.com from DATA_READ logging. */ export interface Schema$AuditLogConfig { /** * Specifies the identities that do not cause logging for this type of permission. Follows the same format of Binding.members. */ exemptedMembers?: string[] | null; /** * The log type that this config enables. */ logType?: string | null; } /** * An AWS account that is a member of an organization. */ export interface Schema$AwsAccount { /** * The unique identifier (ID) of the account, containing exactly 12 digits. */ id?: string | null; /** * The friendly name of this account. */ name?: string | null; } /** * AWS metadata associated with the resource, only applicable if the finding's cloud provider is Amazon Web Services. */ export interface Schema$AwsMetadata { /** * The AWS account associated with the resource. */ account?: Schema$AwsAccount; /** * The AWS organization associated with the resource. */ organization?: Schema$AwsOrganization; /** * A list of AWS organizational units associated with the resource, ordered from lowest level (closest to the account) to highest level. */ organizationalUnits?: Schema$AwsOrganizationalUnit[]; } /** * An organization is a collection of accounts that are centrally managed together using consolidated billing, organized hierarchically with organizational units (OUs), and controlled with policies. */ export interface Schema$AwsOrganization { /** * The unique identifier (ID) for the organization. The regex pattern for an organization ID string requires "o-" followed by from 10 to 32 lowercase letters or digits. */ id?: string | null; } /** * An Organizational Unit (OU) is a container of AWS accounts within a root of an organization. Policies that are attached to an OU apply to all accounts contained in that OU and in any child OUs. */ export interface Schema$AwsOrganizationalUnit { /** * The unique identifier (ID) associated with this OU. The regex pattern for an organizational unit ID string requires "ou-" followed by from 4 to 32 lowercase letters or digits (the ID of the root that contains the OU). This string is followed by a second "-" dash and from 8 to 32 additional lowercase letters or digits. For example, "ou-ab12-cd34ef56". */ id?: string | null; /** * The friendly name of the OU. */ name?: string | null; } /** * Represents an Azure management group. */ export interface Schema$AzureManagementGroup { /** * The display name of the Azure management group. */ displayName?: string | null; /** * The UUID of the Azure management group, for example, `20000000-0001-0000-0000-000000000000`. */ id?: string | null; } /** * Azure metadata associated with the resource, only applicable if the finding's cloud provider is Microsoft Azure. */ export interface Schema$AzureMetadata { /** * A list of Azure management groups associated with the resource, ordered from lowest level (closest to the subscription) to highest level. */ managementGroups?: Schema$AzureManagementGroup[]; /** * The Azure resource group associated with the resource. */ resourceGroup?: Schema$AzureResourceGroup; /** * The Azure subscription associated with the resource. */ subscription?: Schema$AzureSubscription; /** * The Azure Entra tenant associated with the resource. */ tenant?: Schema$AzureTenant; } /** * Represents an Azure resource group. */ export interface Schema$AzureResourceGroup { /** * The ID of the Azure resource group. */ id?: string | null; /** * The name of the Azure resource group. This is not a UUID. */ name?: string | null; } /** * Represents an Azure subscription. */ export interface Schema$AzureSubscription { /** * The display name of the Azure subscription. */ displayName?: string | null; /** * The UUID of the Azure subscription, for example, `291bba3f-e0a5-47bc-a099-3bdcb2a50a05`. */ id?: string | null; } /** * Represents a Microsoft Entra tenant. */ export interface Schema$AzureTenant { /** * The display name of the Azure tenant. */ displayName?: string | null; /** * The ID of the Microsoft Entra tenant, for example, "a11aaa11-aa11-1aa1-11aa-1aaa11a". */ id?: string | null; } /** * Information related to Google Cloud Backup and DR Service findings. */ export interface Schema$BackupDisasterRecovery { /** * The name of the Backup and DR appliance that captures, moves, and manages the lifecycle of backup data. For example, `backup-server-57137`. */ appliance?: string | null; /** * The names of Backup and DR applications. An application is a VM, database, or file system on a managed host monitored by a backup and recovery appliance. For example, `centos7-01-vol00`, `centos7-01-vol01`, `centos7-01-vol02`. */ applications?: string[] | null; /** * The timestamp at which the Backup and DR backup was created. */ backupCreateTime?: string | null; /** * The name of a Backup and DR template which comprises one or more backup policies. See the [Backup and DR documentation](https://cloud.google.com/backup-disaster-recovery/docs/concepts/backup-plan#temp) for more information. For example, `snap-ov`. */ backupTemplate?: string | null; /** * The backup type of the Backup and DR image. For example, `Snapshot`, `Remote Snapshot`, `OnVault`. */ backupType?: string | null; /** * The name of a Backup and DR host, which is managed by the backup and recovery appliance and known to the management console. The host can be of type Generic (for example, Compute Engine, SQL Server, Oracle DB, SMB file system, etc.), vCenter, or an ESX server. See the [Backup and DR documentation on hosts](https://cloud.google.com/backup-disaster-recovery/docs/configuration/manage-hosts-and-their-applications) for more information. For example, `centos7-01`. */ host?: string | null; /** * The names of Backup and DR policies that are associated with a template and that define when to run a backup, how frequently to run a backup, and how long to retain the backup image. For example, `onvaults`. */ policies?: string[] | null; /** * The names of Backup and DR advanced policy options of a policy applying to an application. See the [Backup and DR documentation on policy options](https://cloud.google.com/backup-disaster-recovery/docs/create-plan/policy-settings). For example, `skipofflineappsincongrp, nounmap`. */ policyOptions?: string[] | null; /** * The name of the Backup and DR resource profile that specifies the storage media for backups of application and VM data. See the [Backup and DR documentation on profiles](https://cloud.google.com/backup-disaster-recovery/docs/concepts/backup-plan#profile). For example, `GCP`. */ profile?: string | null; /** * The name of the Backup and DR storage pool that the backup and recovery appliance is storing data in. The storage pool could be of type Cloud, Primary, Snapshot, or OnVault. See the [Backup and DR documentation on storage pools](https://cloud.google.com/backup-disaster-recovery/docs/concepts/storage-pools). For example, `DiskPoolOne`. */ storagePool?: string | null; } /** * The destination BigQuery dataset to export findings to. */ export interface Schema$BigQueryDestination { /** * Required. The relative resource name of the destination dataset, in the form projects/{projectId\}/datasets/{datasetId\}. */ dataset?: string | null; } /** * Associates `members`, or principals, with a `role`. */ export interface Schema$Binding { /** * The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). */ condition?: Schema$Expr; /** * Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid\}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid\}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid\}.svc.id.goog[{namespace\}/{kubernetes-sa\}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid\}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain\}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `principal://iam.googleapis.com/locations/global/workforcePools/{pool_id\}/subject/{subject_attribute_value\}`: A single identity in a workforce identity pool. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id\}/group/{group_id\}`: All workforce identities in a group. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id\}/attribute.{attribute_name\}/{attribute_value\}`: All workforce identities with a specific attribute value. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id\}/x`: All identities in a workforce identity pool. * `principal://iam.googleapis.com/projects/{project_number\}/locations/global/workloadIdentityPools/{pool_id\}/subject/{subject_attribute_value\}`: A single identity in a workload identity pool. * `principalSet://iam.googleapis.com/projects/{project_number\}/locations/global/workloadIdentityPools/{pool_id\}/group/{group_id\}`: A workload identity pool group. * `principalSet://iam.googleapis.com/projects/{project_number\}/locations/global/workloadIdentityPools/{pool_id\}/attribute.{attribute_name\}/{attribute_value\}`: All identities in a workload identity pool with a certain attribute. * `principalSet://iam.googleapis.com/projects/{project_number\}/locations/global/workloadIdentityPools/{pool_id\}/x`: All identities in a workload identity pool. * `deleted:user:{emailid\}?uid={uniqueid\}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid\}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid\}?uid={uniqueid\}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid\}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid\}?uid={uniqueid\}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid\}` and the recovered group retains the role in the binding. * `deleted:principal://iam.googleapis.com/locations/global/workforcePools/{pool_id\}/subject/{subject_attribute_value\}`: Deleted single identity in a workforce identity pool. For example, `deleted:principal://iam.googleapis.com/locations/global/workforcePools/my-pool-id/subject/my-subject-attribute-value`. */ members?: string[] | null; /** * Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`. For an overview of the IAM roles and permissions, see the [IAM documentation](https://cloud.google.com/iam/docs/roles-overview). For a list of the available pre-defined roles, see [here](https://cloud.google.com/iam/docs/understanding-roles). */ role?: string | null; } /** * The request message for Operations.CancelOperation. */ export interface Schema$CancelOperationRequest { } /** * Contains details about a chokepoint, which is a resource or resource group where high-risk attack paths converge, based on [attack path simulations] (https://cloud.google.com/security-command-center/docs/attack-exposure-learn#attack_path_simulations). */ export interface Schema$Chokepoint { /** * List of resource names of findings associated with this chokepoint. For example, organizations/123/sources/456/findings/789. This list will have at most 100 findings. */ relatedFindings?: string[] | null; } /** * Fields related to Google Cloud Armor findings. */ export interface Schema$CloudArmor { /** * Information about potential Layer 7 DDoS attacks identified by [Google Cloud Armor Adaptive Protection](https://cloud.google.com/armor/docs/adaptive-protection-overview). */ adaptiveProtection?: Schema$AdaptiveProtection; /** * Information about DDoS attack volume and classification. */ attack?: Schema$Attack; /** * Duration of attack from the start until the current moment (updated every 5 minutes). */ duration?: string | null; /** * Information about incoming requests evaluated by [Google Cloud Armor security policies](https://cloud.google.com/armor/docs/security-policy-overview). */ requests?: Schema$Requests; /** * Information about the [Google Cloud Armor security policy](https://cloud.google.com/armor/docs/security-policy-overview) relevant to the finding. */ securityPolicy?: Schema$SecurityPolicy; /** * Distinguish between volumetric & protocol DDoS attack and application layer attacks. For example, "L3_4" for Layer 3 and Layer 4 DDoS attacks, or "L_7" for Layer 7 DDoS attacks. */ threatVector?: string | null; } /** * CloudControl associated with the finding. */ export interface Schema$CloudControl { /** * Name of the CloudControl associated with the finding. */ cloudControlName?: string | null; /** * Policy type of the CloudControl */ policyType?: string | null; /** * Type of cloud control. */ type?: string | null; /** * Version of the Cloud Control */ version?: number | null; } /** * The [data profile](https://cloud.google.com/dlp/docs/data-profiles) associated with the finding. */ export interface Schema$CloudDlpDataProfile { /** * Name of the data profile, for example, `projects/123/locations/europe/tableProfiles/8383929`. */ dataProfile?: string | null; /** * Type of information detected by SDP. Info type includes name, version and sensitivity of the detected information type. */ infoTypes?: Schema$InfoType[]; /** * The resource hierarchy level at which the data profile was generated. */ parentType?: string | null; } /** * Details about the Cloud Data Loss Prevention (Cloud DLP) [inspection job](https://cloud.google.com/dlp/docs/concepts-job-triggers) that produced the finding. */ export interface Schema$CloudDlpInspection { /** * Whether Cloud DLP scanned the complete resource or a sampled subset. */ fullScan?: boolean | null; /** * The type of information (or *[infoType](https://cloud.google.com/dlp/docs/infotypes-reference)*) found, for example, `EMAIL_ADDRESS` or `STREET_ADDRESS`. */ infoType?: string | null; /** * The number of times Cloud DLP found this infoType within this job and resource. */ infoTypeCount?: string | null; /** * Name of the inspection job, for example, `projects/123/locations/europe/dlpJobs/i-8383929`. */ inspectJob?: string | null; } /** * Metadata taken from a [Cloud Logging LogEntry](https://cloud.google.com/logging/docs/reference/v2/rest/v2/LogEntry) */ export interface Schema$CloudLoggingEntry { /** * A unique identifier for the log entry. */ insertId?: string | null; /** * The type of the log (part of `log_name`. `log_name` is the resource name of the log to which this log entry belongs). For example: `cloudresourcemanager.googleapis.com/activity`. Note that this field is not URL-encoded, unlike the `LOG_ID` field in `LogEntry`. */ logId?: string | null; /** * The organization, folder, or project of the monitored resource that produced this log entry. */ resourceContainer?: string | null; /** * The time the event described by the log entry occurred. */ timestamp?: string | null; } /** * Contains compliance information about a security standard indicating unmet recommendations. */ export interface Schema$Compliance { /** * Policies within the standard or benchmark, for example, A.12.4.1 */ ids?: string[] | null; /** * Industry-wide compliance standards or benchmarks, such as CIS, PCI, and OWASP. */ standard?: string | null; /** * Version of the standard or benchmark, for example, 1.1 */ version?: string | null; } /** * Compliance Details associated with the finding. */ export interface Schema$ComplianceDetails { /** * CloudControl associated with the finding */ cloudControl?: Schema$CloudControl; /** * Cloud Control Deployments associated with the finding. For example, organizations/123/locations/global/cloudControlDeployments/deploymentIdentifier */ cloudControlDeploymentNames?: string[] | null; /** * Details of Frameworks associated with the finding */ frameworks?: Schema$Framework[]; } /** * Contains information about the IP connection associated with the finding. */ export interface Schema$Connection { /** * Destination IP address. Not present for sockets that are listening and not connected. */ destinationIp?: string | null; /** * Destination port. Not present for sockets that are listening and not connected. */ destinationPort?: number | null; /** * IANA Internet Protocol Number such as TCP(6) and UDP(17). */ protocol?: string | null; /** * Source IP address. */ sourceIp?: string | null; /** * Source port. */ sourcePort?: number | null; } /** * The email address of a contact. */ export interface Schema$Contact { /** * An email address. For example, "`person123@company.com`". */ email?: string | null; } /** * Details about specific contacts */ export interface Schema$ContactDetails { /** * A list of contacts */ contacts?: Schema$Contact[]; } /** * Container associated with the finding. */ export interface Schema$Container { /** * The time that the container was created. */ createTime?: string | null; /** * Optional container image ID, if provided by the container runtime. Uniquely identifies the container image launched using a container image digest. */ imageId?: string | null; /** * Container labels, as provided by the container runtime. */ labels?: Schema$Label[]; /** * Name of the container. */ name?: string | null; /** * Container image URI provided when configuring a pod or container. This string can identify a container image version using mutable tags. */ uri?: string | null; } /** * Compliance control associated with the finding. */ export interface Schema$Control { /** * Name of the Control */ controlName?: string | null; /** * Display name of the control. For example, AU-02. */ displayName?: string | null; } /** * CVE stands for Common Vulnerabilities and Exposures. Information from the [CVE record](https://www.cve.org/ResourcesSupport/Glossary) that describes this vulnerability. */ export interface Schema$Cve { /** * Describe Common Vulnerability Scoring System specified at https://www.first.org/cvss/v3.1/specification-document */ cvssv3?: Schema$Cvssv3; /** * The exploitation activity of the vulnerability in the wild. */ exploitationActivity?: string | null; /** * Date the first publicly available exploit or PoC was released. */ exploitReleaseDate?: string | null; /** * Date of the earliest known exploitation. */ firstExploitationDate?: string | null; /** * The unique identifier for the vulnerability. e.g. CVE-2021-34527 */ id?: string | null; /** * The potential impact of the vulnerability if it was to be exploited. */ impact?: string | null; /** * Whether or not the vulnerability has been observed in the wild. */ observedInTheWild?: boolean | null; /** * Additional information about the CVE. e.g. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34527 */ references?: Schema$Reference[]; /** * Whether upstream fix is available for the CVE. */ upstreamFixAvailable?: boolean | null; /** * Whether or not the vulnerability was zero day when the finding was published. */ zeroDay?: boolean | null; } /** * Common Vulnerability Scoring System version 3. */ export interface Schema$Cvssv3 { /** * This metric describes the conditions beyond the attacker's control that must exist in order to exploit the vulnerability. */ attackComplexity?: string | null; /** * Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments. This metric reflects the context by which vulnerability exploitation is possible. */ attackVector?: string | null; /** * This metric measures the impact to the availability of the impacted component resulting from a successfully exploited vulnerability. */ availabilityImpact?: string | null; /** * The base score is a function of the base metric scores. */ baseScore?: number | null; /** * This metric measures the impact to the confidentiality of the information resources managed by a software component due to a successfully exploited vulnerability. */ confidentialityImpact?: string | null; /** * This metric measures the impact to integrity of a successfully exploited vulnerability. */ integrityImpact?: string | null; /** * This metric describes the level of privileges an attacker must possess before successfully exploiting the vulnerability. */ privilegesRequired?: string | null; /** * The Scope metric captures whether a vulnerability in one vulnerable component impacts resources in components beyond its security scope. */ scope?: string | null; /** * This metric captures the requirement for a human user, other than the attacker, to participate in the successful compromise of the vulnerable component. */ userInteraction?: string | null; } /** * CWE stands for Common Weakness Enumeration. Information about this weakness, as described by [CWE](https://cwe.mitre.org/). */ export interface Schema$Cwe { /** * The CWE identifier, e.g. CWE-94 */ id?: string | null; /** * Any reference to the details on the CWE, for example, https://cwe.mitre.org/data/definitions/94.html */ references?: Schema$Reference[]; } /** * Details about a data access attempt made by a principal not authorized under applicable data security policy. */ export interface Schema$DataAccessEvent { /** * Unique identifier for data access event. */ eventId?: string | null; /** * Timestamp of data access event. */ eventTime?: string | null; /** * The operation performed by the principal to access the data. */ operation?: string | null; /** * The email address of the principal that accessed the data. The principal could be a user account, service account, Google group, or other. */ principalEmail?: string | null; } /** * Represents database access information, such as queries. A database may be a sub-resource of an instance (as in the case of Cloud SQL instances or Cloud Spanner instances), or the database instance itself. Some database resources might not have the [full resource name](https://google.aip.dev/122#full-resource-names) populated because these resource types, such as Cloud SQL databases, are not yet supported by Cloud Asset Inventory. In these cases only the display name is provided. */ export interface Schema$Database { /** * The human-readable name of the database that the user connected to. */ displayName?: string | null; /** * The target usernames, roles, or groups of an SQL privilege grant, which is not an IAM policy change. */ grantees?: string[] | null; /** * Some database resources may not have the [full resource name](https://google.aip.dev/122#full-resource-names) populated because these resource types are not yet supported by Cloud Asset Inventory (e.g. Cloud SQL databases). In these cases only the display name will be provided. The [full resource name](https://google.aip.dev/122#full-resource-names) of the database that the user connected to, if it is supported by Cloud Asset Inventory. */ name?: string | null; /** * The SQL statement that is associated with the database access. */ query?: string | null; /** * The username used to connect to the database. The username might not be an IAM principal and does not have a set format. */ userName?: string | null; /** * The version of the database, for example, POSTGRES_14. See [the complete list](https://cloud.google.com/sql/docs/mysql/admin-api/rest/v1/SqlDatabaseVersion). */ version?: string | null; } /** * Details about a data flow event, in which either the data is moved to or is accessed from a non-compliant geo-location, as defined in the applicable data security policy. */ export interface Schema$DataFlowEvent { /** * Unique identifier for data flow event. */ eventId?: string | null; /** * Timestamp of data flow event. */ eventTime?: string | null; /** * The operation performed by the principal for the data flow event. */ operation?: string | null; /** * The email address of the principal that initiated the data flow event. The principal could be a user account, service account, Google group, or other. */ principalEmail?: string | null; /** * Non-compliant location of the principal or the data destination. */ violatedLocation?: string | null; } /** * Details about data retention deletion violations, in which the data is non-compliant based on their retention or deletion time, as defined in the applicable data security policy. The Data Retention Deletion (DRD) control is a control of the DSPM (Data Security Posture Management) suite that enables organizations to manage data retention and deletion policies in compliance with regulations, such as GDPR and CRPA. DRD supports two primary policy types: maximum storage length (max TTL) and minimum storage length (min TTL). Both are aimed at helping organizations meet regulatory and data management commitments. */ export interface Schema$DataRetentionDeletionEvent { /** * Number of objects that violated the policy for this resource. If the number is less than 1,000, then the value of this field is the exact number. If the number of objects that violated the policy is greater than or equal to 1,000, then the value of this field is 1000. */ dataObjectCount?: string | null; /** * Timestamp indicating when the event was detected. */ eventDetectionTime?: string | null; /** * Type of the DRD event. */ eventType?: string | null; /** * Maximum duration of retention allowed from the DRD control. This comes from the DRD control where users set a max TTL for their data. For example, suppose that a