googleapis

import { OAuth2Client, JWT, Compute, UserRefreshClient, BaseExternalAccountClient, GaxiosResponseWithHTTP2, GoogleConfigurable, MethodOptions, StreamMethodOptions, GlobalOptions, GoogleAuth, BodyResponseCallback, APIRequestContext } from 'googleapis-common'; import { Readable } from 'stream'; export declare namespace securitycenter_v1beta2 { export interface Options extends GlobalOptions { version: 'v1beta2'; } interface StandardParameters { /** * Auth client or API Key for the request */ auth?: string | OAuth2Client | JWT | Compute | UserRefreshClient | BaseExternalAccountClient | GoogleAuth; /** * V1 error format. */ '$.xgafv'?: string; /** * OAuth access token. */ access_token?: string; /** * Data format for response. */ alt?: string; /** * JSONP */ callback?: string; /** * Selector specifying which fields to include in a partial response. */ fields?: string; /** * API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. */ key?: string; /** * OAuth 2.0 token for the current user. */ oauth_token?: string; /** * Returns response with indentations and line breaks. */ prettyPrint?: boolean; /** * Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. */ quotaUser?: string; /** * Legacy upload protocol for media (e.g. "media", "multipart"). */ uploadType?: string; /** * Upload protocol for media (e.g. "raw", "multipart"). */ upload_protocol?: string; } /** * Security Command Center API * * Security Command Center API provides access to temporal views of assets and findings within an organization. * * @example * ```js * const {google} = require('googleapis'); * const securitycenter = google.securitycenter('v1beta2'); * ``` */ export class Securitycenter { context: APIRequestContext; folders: Resource$Folders; organizations: Resource$Organizations; projects: Resource$Projects; constructor(options: GlobalOptions, google?: GoogleConfigurable); } /** * Represents an access event. */ export interface Schema$Access { /** * Caller's IP address, such as "1.1.1.1". */ callerIp?: string | null; /** * The caller IP's geolocation, which identifies where the call came from. */ callerIpGeo?: Schema$Geolocation; /** * The method that the service account called, e.g. "SetIamPolicy". */ methodName?: string | null; /** * Associated email, such as "foo@google.com". The email address of the authenticated user or a service account acting on behalf of a third party principal making the request. For third party identity callers, the `principal_subject` field is populated instead of this field. For privacy reasons, the principal email address is sometimes redacted. For more information, see [Caller identities in audit logs](https://cloud.google.com/logging/docs/audit#user-id). */ principalEmail?: string | null; /** * A string that represents the principal_subject that is associated with the identity. Unlike `principal_email`, `principal_subject` supports principals that aren't associated with email addresses, such as third party principals. For most identities, the format is `principal://iam.googleapis.com/{identity pool name\}/subject/{subject\}`. Some GKE identities, such as GKE_WORKLOAD, FREEFORM, and GKE_HUB_WORKLOAD, still use the legacy format `serviceAccount:{identity pool name\}[{subject\}]`. */ principalSubject?: string | null; /** * The identity delegation history of an authenticated service account that made the request. The `serviceAccountDelegationInfo[]` object contains information about the real authorities that try to access Google Cloud resources by delegating on a service account. When multiple authorities are present, they are guaranteed to be sorted based on the original ordering of the identity delegation events. */ serviceAccountDelegationInfo?: Schema$ServiceAccountDelegationInfo[]; /** * The name of the service account key that was used to create or exchange credentials when authenticating the service account that made the request. This is a scheme-less URI full resource name. For example: "//iam.googleapis.com/projects/{PROJECT_ID\}/serviceAccounts/{ACCOUNT\}/keys/{key\}". */ serviceAccountKeyName?: string | null; /** * This is the API service that the service account made a call to, e.g. "iam.googleapis.com" */ serviceName?: string | null; /** * The caller's user agent string associated with the finding. */ userAgent?: string | null; /** * Type of user agent associated with the finding. For example, an operating system shell or an embedded or standalone application. */ userAgentFamily?: string | null; /** * A string that represents a username. The username provided depends on the type of the finding and is likely not an IAM principal. For example, this can be a system username if the finding is related to a virtual machine, or it can be an application login username. */ userName?: string | null; } /** * Conveys information about a Kubernetes access review (such as one returned by a [`kubectl auth can-i`](https://kubernetes.io/docs/reference/access-authn-authz/authorization/#checking-api-access) command) that was involved in a finding. */ export interface Schema$AccessReview { /** * The API group of the resource. "*" means all. */ group?: string | null; /** * The name of the resource being requested. Empty means all. */ name?: string | null; /** * Namespace of the action being requested. Currently, there is no distinction between no namespace and all namespaces. Both are represented by "" (empty). */ ns?: string | null; /** * The optional resource type requested. "*" means all. */ resource?: string | null; /** * The optional subresource type. */ subresource?: string | null; /** * A Kubernetes resource API verb, like get, list, watch, create, update, delete, proxy. "*" means all. */ verb?: string | null; /** * The API version of the resource. "*" means all. */ version?: string | null; } /** * Information about [Google Cloud Armor Adaptive Protection](https://cloud.google.com/armor/docs/cloud-armor-overview#google-cloud-armor-adaptive-protection). */ export interface Schema$AdaptiveProtection { /** * A score of 0 means that there is low confidence that the detected event is an actual attack. A score of 1 means that there is high confidence that the detected event is an attack. See the [Adaptive Protection documentation](https://cloud.google.com/armor/docs/adaptive-protection-overview#configure-alert-tuning) for further explanation. */ confidence?: number | null; } /** * Represents an ADC application associated with the finding. */ export interface Schema$AdcApplication { /** * Consumer provided attributes for the AppHub application. */ attributes?: Schema$GoogleCloudSecuritycenterV1ResourceApplicationAttributes; /** * The resource name of an ADC Application. Format: projects/{project\}/locations/{location\}/spaces/{space\}/applications/{application\} */ name?: string | null; } /** * Represents an ADC template associated with the finding. */ export interface Schema$AdcApplicationTemplateRevision { /** * The resource name of an ADC Application Template Revision. Format: projects/{project\}/locations/{location\}/spaces/{space\}/applicationTemplates/{application_template\}/revisions/{revision\} */ name?: string | null; } /** * Represents an ADC shared template associated with the finding. */ export interface Schema$AdcSharedTemplateRevision { /** * The resource name of an ADC Shared Template Revision. Format: projects/{project\}/locations/{location\}/spaces/{space\}/applicationTemplates/{application_template\}/revisions/{revision\} */ name?: string | null; } /** * Details about resources affected by this finding. */ export interface Schema$AffectedResources { /** * The count of resources affected by the finding. */ count?: string | null; } /** * Contains information about the AI model associated with the finding. */ export interface Schema$AiModel { /** * The platform on which the model is deployed. */ deploymentPlatform?: string | null; /** * The user defined display name of model. Ex. baseline-classification-model */ displayName?: string | null; /** * The domain of the model, for example, “image-classification”. */ domain?: string | null; /** * The name of the model library, for example, “transformers”. */ library?: string | null; /** * The region in which the model is used, for example, “us-central1”. */ location?: string | null; /** * The name of the AI model, for example, "gemini:1.0.0". */ name?: string | null; /** * The publisher of the model, for example, “google” or “nvidia”. */ publisher?: string | null; /** * The purpose of the model, for example, "Inteference" or "Training". */ usageCategory?: string | null; } /** * Allowed IP rule. */ export interface Schema$Allowed { /** * Optional. Optional list of allowed IP rules. */ ipRules?: Schema$IpRule[]; } /** * Represents an application associated with a finding. */ export interface Schema$Application { /** * The base URI that identifies the network location of the application in which the vulnerability was detected. For example, `http://example.com`. */ baseUri?: string | null; /** * The full URI with payload that can be used to reproduce the vulnerability. For example, `http://example.com?p=aMmYgI6H`. */ fullUri?: string | null; } /** * Represents the result of evaluating artifact guard policies. */ export interface Schema$ArtifactGuardPolicies { /** * A list of failing policies. */ failingPolicies?: Schema$ArtifactGuardPolicy[]; /** * The ID of the resource that has policies configured for it. */ resourceId?: string | null; } /** * Represents an artifact guard policy. */ export interface Schema$ArtifactGuardPolicy { /** * The reason for the policy failure, for example, "severity=HIGH AND max_vuln_count=2". */ failureReason?: string | null; /** * The ID of the failing policy, for example, "organizations/3392779/locations/global/policies/prod-policy". */ policyId?: string | null; /** * The type of the policy evaluation. */ type?: string | null; } /** * Information about DDoS attack volume and classification. */ export interface Schema$Attack { /** * Type of attack, for example, 'SYN-flood', 'NTP-udp', or 'CHARGEN-udp'. */ classification?: string | null; /** * Total BPS (bytes per second) volume of attack. Deprecated - refer to volume_bps_long instead. */ volumeBps?: number | null; /** * Total BPS (bytes per second) volume of attack. */ volumeBpsLong?: string | null; /** * Total PPS (packets per second) volume of attack. Deprecated - refer to volume_pps_long instead. */ volumePps?: number | null; /** * Total PPS (packets per second) volume of attack. */ volumePpsLong?: string | null; } /** * An attack exposure contains the results of an attack path simulation run. */ export interface Schema$AttackExposure { /** * The resource name of the attack path simulation result that contains the details regarding this attack exposure score. Example: `organizations/123/simulations/456/attackExposureResults/789` */ attackExposureResult?: string | null; /** * The number of high value resources that are exposed as a result of this finding. */ exposedHighValueResourcesCount?: number | null; /** * The number of high value resources that are exposed as a result of this finding. */ exposedLowValueResourcesCount?: number | null; /** * The number of medium value resources that are exposed as a result of this finding. */ exposedMediumValueResourcesCount?: number | null; /** * The most recent time the attack exposure was updated on this finding. */ latestCalculationTime?: string | null; /** * A number between 0 (inclusive) and infinity that represents how important this finding is to remediate. The higher the score, the more important it is to remediate. */ score?: number | null; /** * What state this AttackExposure is in. This captures whether or not an attack exposure has been calculated or not. */ state?: string | null; } /** * An AWS account that is a member of an organization. */ export interface Schema$AwsAccount { /** * The unique identifier (ID) of the account, containing exactly 12 digits. */ id?: string | null; /** * The friendly name of this account. */ name?: string | null; } /** * AWS metadata associated with the resource, only applicable if the finding's cloud provider is Amazon Web Services. */ export interface Schema$AwsMetadata { /** * The AWS account associated with the resource. */ account?: Schema$AwsAccount; /** * The AWS organization associated with the resource. */ organization?: Schema$AwsOrganization; /** * A list of AWS organizational units associated with the resource, ordered from lowest level (closest to the account) to highest level. */ organizationalUnits?: Schema$AwsOrganizationalUnit[]; } /** * An organization is a collection of accounts that are centrally managed together using consolidated billing, organized hierarchically with organizational units (OUs), and controlled with policies. */ export interface Schema$AwsOrganization { /** * The unique identifier (ID) for the organization. The regex pattern for an organization ID string requires "o-" followed by from 10 to 32 lowercase letters or digits. */ id?: string | null; } /** * An Organizational Unit (OU) is a container of AWS accounts within a root of an organization. Policies that are attached to an OU apply to all accounts contained in that OU and in any child OUs. */ export interface Schema$AwsOrganizationalUnit { /** * The unique identifier (ID) associated with this OU. The regex pattern for an organizational unit ID string requires "ou-" followed by from 4 to 32 lowercase letters or digits (the ID of the root that contains the OU). This string is followed by a second "-" dash and from 8 to 32 additional lowercase letters or digits. For example, "ou-ab12-cd34ef56". */ id?: string | null; /** * The friendly name of the OU. */ name?: string | null; } /** * Represents an Azure management group. */ export interface Schema$AzureManagementGroup { /** * The display name of the Azure management group. */ displayName?: string | null; /** * The UUID of the Azure management group, for example, `20000000-0001-0000-0000-000000000000`. */ id?: string | null; } /** * Azure metadata associated with the resource, only applicable if the finding's cloud provider is Microsoft Azure. */ export interface Schema$AzureMetadata { /** * A list of Azure management groups associated with the resource, ordered from lowest level (closest to the subscription) to highest level. */ managementGroups?: Schema$AzureManagementGroup[]; /** * The Azure resource group associated with the resource. */ resourceGroup?: Schema$AzureResourceGroup; /** * The Azure subscription associated with the resource. */ subscription?: Schema$AzureSubscription; /** * The Azure Entra tenant associated with the resource. */ tenant?: Schema$AzureTenant; } /** * Represents an Azure resource group. */ export interface Schema$AzureResourceGroup { /** * The ID of the Azure resource group. */ id?: string | null; /** * The name of the Azure resource group. This is not a UUID. */ name?: string | null; } /** * Represents an Azure subscription. */ export interface Schema$AzureSubscription { /** * The display name of the Azure subscription. */ displayName?: string | null; /** * The UUID of the Azure subscription, for example, `291bba3f-e0a5-47bc-a099-3bdcb2a50a05`. */ id?: string | null; } /** * Represents a Microsoft Entra tenant. */ export interface Schema$AzureTenant { /** * The display name of the Azure tenant. */ displayName?: string | null; /** * The ID of the Microsoft Entra tenant, for example, "a11aaa11-aa11-1aa1-11aa-1aaa11a". */ id?: string | null; } /** * Information related to Google Cloud Backup and DR Service findings. */ export interface Schema$BackupDisasterRecovery { /** * The name of the Backup and DR appliance that captures, moves, and manages the lifecycle of backup data. For example, `backup-server-57137`. */ appliance?: string | null; /** * The names of Backup and DR applications. An application is a VM, database, or file system on a managed host monitored by a backup and recovery appliance. For example, `centos7-01-vol00`, `centos7-01-vol01`, `centos7-01-vol02`. */ applications?: string[] | null; /** * The timestamp at which the Backup and DR backup was created. */ backupCreateTime?: string | null; /** * The name of a Backup and DR template which comprises one or more backup policies. See the [Backup and DR documentation](https://cloud.google.com/backup-disaster-recovery/docs/concepts/backup-plan#temp) for more information. For example, `snap-ov`. */ backupTemplate?: string | null; /** * The backup type of the Backup and DR image. For example, `Snapshot`, `Remote Snapshot`, `OnVault`. */ backupType?: string | null; /** * The name of a Backup and DR host, which is managed by the backup and recovery appliance and known to the management console. The host can be of type Generic (for example, Compute Engine, SQL Server, Oracle DB, SMB file system, etc.), vCenter, or an ESX server. See the [Backup and DR documentation on hosts](https://cloud.google.com/backup-disaster-recovery/docs/configuration/manage-hosts-and-their-applications) for more information. For example, `centos7-01`. */ host?: string | null; /** * The names of Backup and DR policies that are associated with a template and that define when to run a backup, how frequently to run a backup, and how long to retain the backup image. For example, `onvaults`. */ policies?: string[] | null; /** * The names of Backup and DR advanced policy options of a policy applying to an application. See the [Backup and DR documentation on policy options](https://cloud.google.com/backup-disaster-recovery/docs/create-plan/policy-settings). For example, `skipofflineappsincongrp, nounmap`. */ policyOptions?: string[] | null; /** * The name of the Backup and DR resource profile that specifies the storage media for backups of application and VM data. See the [Backup and DR documentation on profiles](https://cloud.google.com/backup-disaster-recovery/docs/concepts/backup-plan#profile). For example, `GCP`. */ profile?: string | null; /** * The name of the Backup and DR storage pool that the backup and recovery appliance is storing data in. The storage pool could be of type Cloud, Primary, Snapshot, or OnVault. See the [Backup and DR documentation on storage pools](https://cloud.google.com/backup-disaster-recovery/docs/concepts/storage-pools). For example, `DiskPoolOne`. */ storagePool?: string | null; } /** * The destination BigQuery dataset to export findings to. */ export interface Schema$BigQueryDestination { /** * Required. The relative resource name of the destination dataset, in the form projects/{projectId\}/datasets/{datasetId\}. */ dataset?: string | null; } /** * Contains details about a chokepoint, which is a resource or resource group where high-risk attack paths converge, based on [attack path simulations] (https://cloud.google.com/security-command-center/docs/attack-exposure-learn#attack_path_simulations). */ export interface Schema$Chokepoint { /** * List of resource names of findings associated with this chokepoint. For example, organizations/123/sources/456/findings/789. This list will have at most 100 findings. */ relatedFindings?: string[] | null; } /** * Fields related to Google Cloud Armor findings. */ export interface Schema$CloudArmor { /** * Information about potential Layer 7 DDoS attacks identified by [Google Cloud Armor Adaptive Protection](https://cloud.google.com/armor/docs/adaptive-protection-overview). */ adaptiveProtection?: Schema$AdaptiveProtection; /** * Information about DDoS attack volume and classification. */ attack?: Schema$Attack; /** * Duration of attack from the start until the current moment (updated every 5 minutes). */ duration?: string | null; /** * Information about incoming requests evaluated by [Google Cloud Armor security policies](https://cloud.google.com/armor/docs/security-policy-overview). */ requests?: Schema$Requests; /** * Information about the [Google Cloud Armor security policy](https://cloud.google.com/armor/docs/security-policy-overview) relevant to the finding. */ securityPolicy?: Schema$SecurityPolicy; /** * Distinguish between volumetric & protocol DDoS attack and application layer attacks. For example, "L3_4" for Layer 3 and Layer 4 DDoS attacks, or "L_7" for Layer 7 DDoS attacks. */ threatVector?: string | null; } /** * CloudControl associated with the finding. */ export interface Schema$CloudControl { /** * Name of the CloudControl associated with the finding. */ cloudControlName?: string | null; /** * Policy type of the CloudControl */ policyType?: string | null; /** * Type of cloud control. */ type?: string | null; /** * Version of the Cloud Control */ version?: number | null; } /** * The [data profile](https://cloud.google.com/dlp/docs/data-profiles) associated with the finding. */ export interface Schema$CloudDlpDataProfile { /** * Name of the data profile, for example, `projects/123/locations/europe/tableProfiles/8383929`. */ dataProfile?: string | null; /** * Type of information detected by SDP. Info type includes name, version and sensitivity of the detected information type. */ infoTypes?: Schema$InfoType[]; /** * The resource hierarchy level at which the data profile was generated. */ parentType?: string | null; } /** * Details about the Cloud Data Loss Prevention (Cloud DLP) [inspection job](https://cloud.google.com/dlp/docs/concepts-job-triggers) that produced the finding. */ export interface Schema$CloudDlpInspection { /** * Whether Cloud DLP scanned the complete resource or a sampled subset. */ fullScan?: boolean | null; /** * The type of information (or *[infoType](https://cloud.google.com/dlp/docs/infotypes-reference)*) found, for example, `EMAIL_ADDRESS` or `STREET_ADDRESS`. */ infoType?: string | null; /** * The number of times Cloud DLP found this infoType within this job and resource. */ infoTypeCount?: string | null; /** * Name of the inspection job, for example, `projects/123/locations/europe/dlpJobs/i-8383929`. */ inspectJob?: string | null; } /** * Metadata taken from a [Cloud Logging LogEntry](https://cloud.google.com/logging/docs/reference/v2/rest/v2/LogEntry) */ export interface Schema$CloudLoggingEntry { /** * A unique identifier for the log entry. */ insertId?: string | null; /** * The type of the log (part of `log_name`. `log_name` is the resource name of the log to which this log entry belongs). For example: `cloudresourcemanager.googleapis.com/activity`. Note that this field is not URL-encoded, unlike the `LOG_ID` field in `LogEntry`. */ logId?: string | null; /** * The organization, folder, or project of the monitored resource that produced this log entry. */ resourceContainer?: string | null; /** * The time the event described by the log entry occurred. */ timestamp?: string | null; } /** * Contains compliance information about a security standard indicating unmet recommendations. */ export interface Schema$Compliance { /** * Policies within the standard or benchmark, for example, A.12.4.1 */ ids?: string[] | null; /** * Industry-wide compliance standards or benchmarks, such as CIS, PCI, and OWASP. */ standard?: string | null; /** * Version of the standard or benchmark, for example, 1.1 */ version?: string | null; } /** * Compliance Details associated with the finding. */ export interface Schema$ComplianceDetails { /** * CloudControl associated with the finding */ cloudControl?: Schema$CloudControl; /** * Cloud Control Deployments associated with the finding. For example, organizations/123/locations/global/cloudControlDeployments/deploymentIdentifier */ cloudControlDeploymentNames?: string[] | null; /** * Details of Frameworks associated with the finding */ frameworks?: Schema$Framework[]; } /** * Configuration of a module. */ export interface Schema$Config { /** * The state of enablement for the module at its level of the resource hierarchy. */ moduleEnablementState?: string | null; /** * The configuration value for the module. The absence of this field implies its inheritance from the parent. */ value?: { [key: string]: any; } | null; } /** * Contains information about the IP connection associated with the finding. */ export interface Schema$Connection { /** * Destination IP address. Not present for sockets that are listening and not connected. */ destinationIp?: string | null; /** * Destination port. Not present for sockets that are listening and not connected. */ destinationPort?: number | null; /** * IANA Internet Protocol Number such as TCP(6) and UDP(17). */ protocol?: string | null; /** * Source IP address. */ sourceIp?: string | null; /** * Source port. */ sourcePort?: number | null; } /** * The email address of a contact. */ export interface Schema$Contact { /** * An email address. For example, "`person123@company.com`". */ email?: string | null; } /** * Details about specific contacts */ export interface Schema$ContactDetails { /** * A list of contacts */ contacts?: Schema$Contact[]; } /** * Container associated with the finding. */ export interface Schema$Container { /** * The time that the container was created. */ createTime?: string | null; /** * Optional container image ID, if provided by the container runtime. Uniquely identifies the container image launched using a container image digest. */ imageId?: string | null; /** * Container labels, as provided by the container runtime. */ labels?: Schema$Label[]; /** * Name of the container. */ name?: string | null; /** * Container image URI provided when configuring a pod or container. This string can identify a container image version using mutable tags. */ uri?: string | null; } /** * Resource capturing the settings for the Container Threat Detection service. */ export interface Schema$ContainerThreatDetectionSettings { /** * The configurations including the state of enablement for the service's different modules. The absence of a module in the map implies its configuration is inherited from its parent's configuration. */ modules?: { [key: string]: Schema$Config; } | null; /** * Identifier. The resource name of the ContainerThreatDetectionSettings. Formats: * organizations/{organization\}/containerThreatDetectionSettings * folders/{folder\}/containerThreatDetectionSettings * projects/{project\}/containerThreatDetectionSettings * projects/{project\}/locations/{location\}/clusters/{cluster\}/containerThreatDetectionSettings */ name?: string | null; /** * Output only. The service account used by Container Threat Detection for scanning. Service accounts are scoped at the project level meaning this field will be empty at any level above a project. */ serviceAccount?: string | null; /** * The state of enablement for the service at its level of the resource hierarchy. A DISABLED state will override all module enablement_states to DISABLED. */ serviceEnablementState?: string | null; /** * Output only. The time the settings were last updated. */ updateTime?: string | null; } /** * Compliance control associated with the finding. */ export interface Schema$Control { /** * Name of the Control */ controlName?: string | null; /** * Display name of the control. For example, AU-02. */ displayName?: string | null; } /** * CVE stands for Common Vulnerabilities and Exposures. Information from the [CVE record](https://www.cve.org/ResourcesSupport/Glossary) that describes this vulnerability. */ export interface Schema$Cve { /** * Describe Common Vulnerability Scoring System specified at https://www.first.org/cvss/v3.1/specification-document */ cvssv3?: Schema$Cvssv3; /** * The exploitation activity of the vulnerability in the wild. */ exploitationActivity?: string | null; /** * Date the first publicly available exploit or PoC was released. */ exploitReleaseDate?: string | null; /** * Date of the earliest known exploitation. */ firstExploitationDate?: string | null; /** * The unique identifier for the vulnerability. e.g. CVE-2021-34527 */ id?: string | null; /** * The potential impact of the vulnerability if it was to be exploited. */ impact?: string | null; /** * Whether or not the vulnerability has been observed in the wild. */ observedInTheWild?: boolean | null; /** * Additional information about the CVE. e.g. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34527 */ references?: Schema$Reference[]; /** * Whether upstream fix is available for the CVE. */ upstreamFixAvailable?: boolean | null; /** * Whether or not the vulnerability was zero day when the finding was published. */ zeroDay?: boolean | null; } /** * Common Vulnerability Scoring System version 3. */ export interface Schema$Cvssv3 { /** * This metric describes the conditions beyond the attacker's control that must exist in order to exploit the vulnerability. */ attackComplexity?: string | null; /** * Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments. This metric reflects the context by which vulnerability exploitation is possible. */ attackVector?: string | null; /** * This metric measures the impact to the availability of the impacted component resulting from a successfully exploited vulnerability. */ availabilityImpact?: string | null; /** * The base score is a function of the base metric scores. */ baseScore?: number | null; /** * This metric measures the impact to the confidentiality of the information resources managed by a software component due to a successfully exploited vulnerability. */ confidentialityImpact?: string | null; /** * This metric measures the impact to integrity of a successfully exploited vulnerability. */ integrityImpact?: string | null; /** * This metric describes the level of privileges an attacker must possess before successfully exploiting the vulnerability. */ privilegesRequired?: string | null; /** * The Scope metric captures whether a vulnerability in one vulnerable component impacts resources in components beyond its security scope. */ scope?: string | null; /** * This metric captures the requirement for a human user, other than the attacker, to participate in the successful compromise of the vulnerable component. */ userInteraction?: string | null; } /** * CWE stands for Common Weakness Enumeration. Information about this weakness, as described by [CWE](https://cwe.mitre.org/). */ export interface Schema$Cwe { /** * The CWE identifier, e.g. CWE-94 */ id?: string | null; /** * Any reference to the details on the CWE, for example, https://cwe.mitre.org/data/definitions/94.html */ references?: Schema$Reference[]; } /** * Details about a data access attempt made by a principal not authorized under applicable data security policy. */ export interface Schema$DataAccessEvent { /** * Unique identifier for data access event. */ eventId?: string | null; /** * Timestamp of data access event. */ eventTime?: string | null; /** * The operation performed by the principal to access the data. */ operation?: string | null; /** * The email address of the principal that accessed the data. The principal could be a user account, service account, Google group, or other. */ principalEmail?: string | null; } /** * Represents database access information, such as queries. A database may be a sub-resource of an instance (as in the case of Cloud SQL instances or Cloud Spanner instances), or the database instance itself. Some database resources might not have the [full resource name](https://google.aip.dev/122#full-resource-names) populated because these resource types, such as Cloud SQL databases, are not yet supported by Cloud Asset Inventory. In these cases only the display name is provided. */ export interface Schema$Database { /** * The human-readable name of the database that the user connected to. */ displayName?: string | null; /** * The target usernames, roles, or groups of an SQL privilege grant, which is not an IAM policy change. */ grantees?: string[] | null; /** * Some database resources may not have the [full resource name](https://google.aip.dev/122#full-resource-names) populated because these resource types are not yet supported by Cloud Asset Inventory (e.g. Cloud SQL databases). In these cases only the display name will be provided. The [full resource name](https://google.aip.dev/122#full-resource-names) of the database that the user connected to, if it is supported by Cloud Asset Inventory. */ name?: string | null; /** * The SQL statement that is associated with the database access. */ query?: string | null; /** * The username used to connect to the database. The username might not be an IAM principal and does not have a set format. */ userName?: string | null; /** * The version of the database, for example, POSTGRES_14. See [the complete list](https://cloud.google.com/sql/docs/mysql/admin-api/rest/v1/SqlDatabaseVersion). */ version?: string | null; } /** * Details about a data flow event, in which either the data is moved to or is accessed from a non-compliant geo-location, as defined in the applicable data security policy. */ export interface Schema$DataFlowEvent { /** * Unique identifier for data flow event. */ eventId?: string | null; /** * Timestamp of data flow event. */ eventTime?: string | null; /** * The operation performed by the principal for the data flow event. */ operation?: string | null; /** * The email address of the principal that initiated the data flow event. The principal could be a user account, service account, Google group, or other. */ principalEmail?: string | null; /** * Non-compliant location of the principal or the data destination. */ violatedLocation?: string | null; } /** * Details about data retention deletion violations, in which the data is non-compliant based on their retention or deletion time, as defined in the applicable data security policy. The Data Retention Deletion (DRD) control is a control of the DSPM (Data Security Posture Management) suite that enables organizations to manage data retention and deletion policies in compliance with regulations, such as GDPR and CRPA. DRD supports two primary policy types: maximum storage length (max TTL) and minimum storage length (min TTL). Both are aimed at helping organizations meet regulatory and data management commitments. */ export interface Schema$DataRetentionDeletionEvent { /** * Number of objects that violated the policy for this resource. If the number is less than 1,000, then the value of this field is the exact number. If the number of objects that violated the policy is greater than or equal to 1,000, then the value of this field is 1000. */ dataObjectCount?: string | null; /** * Timestamp indicating when the event was detected. */ eventDetectionTime?: string | null; /** * Type of the DRD event. */ eventType?: string | null; /** * Maximum duration of retention allowed from the DRD control. This comes from the DRD control where users set a max TTL for their data. For example, suppose that a user sets the max TTL for a Cloud Storage bucket to 90 days. However, an object in that bucket is 100 days old. In this case, a DataRetentionDeletionEvent will be generated for that Cloud Storage bucket, and the max_retention_allowed is 90 days. */ maxRetentionAllowed?: string | null; } /** * Vertex AI dataset associated with the finding. */ export interface Schema$Dataset { /** * The user defined display name of dataset, e.g. plants-dataset */ displayName?: string | null; /** * Resource name of the dataset, e.g. projects/{project\}/locations/{location\}/datasets/2094040236064505856 */ name?: string | null; /** * Data source, such as BigQuery source URI, e.g. bq://scc-nexus-test.AIPPtest.gsod */ source?: string | null; } /** * Denied IP rule. */ export interface Schema$Denied { /** * Optional. Optional list of denied IP rules. */ ipRules?: Schema$IpRule[]; } /** * Details of a subscription. */ export interface Schema$Details { /** * The time the subscription has or will end. */ endTime?: string | null; /** * The time the subscription has or will start. */ startTime?: string | null; /** * The type of subscription */ type?: string | null; } /** * Memory hash detection contributing to the binary family match. */ export interface Schema$Detection { /** * The name of the binary associated with the memory hash signature detection. */ binary?: string | null; /** * The percentage of memory page hashes in the signature that were matched. */ percentPagesMatched?: number | null; } /** * Contains information about the disk associated with the finding. */ export interface Schema$Disk { /** * The name of the disk, for example, "https://www.googleapis.com/compute/v1/projects/{project-id\}/zones/{zone-id\}/disks/{disk-id\}". */ name?: string | null; } /** * Path of the file in terms of underlying disk/partition identifiers. */ export interface Schema$DiskPath { /** * UUID of the partition (format https://wiki.archlinux.org/title/persistent_block_device_naming#by-uuid) */ partitionUuid?: string | null; /** * Relative path of the file in the partition as a JSON encoded string. Example: /home/user1/executable_file.sh */ relativePath?: string | null; } /** * The record of a dynamic mute rule that matches the finding. */ export interface Schema$DynamicMuteRecord { /** * When the dynamic mute rule first matched the finding. */ matchTime?: string | null; /** * The relative resource name of the mute rule, represented by a mute config, that created this record, for example `organizations/123/muteConfigs/mymuteconfig` or `organizations/123/locations/global/muteConfigs/mymuteconfig`. */ muteConfig?: string | null; } /** * A name-value pair representing an environment variable used in an operating system process. */ export interface Schema$EnvironmentVariable { /** * Environment variable name as a JSON encoded string. */ name?: string | null; /** * Environment variable value as a JSON encoded string. */ val?: string | null; } /** * Resource capturing the settings for the Event Threat Detection service. */ export interface Schema$EventThreatDetectionSettings { /** * The configurations including the state of enablement for the service's different modules. The absence of a module in the map implies its configuration is inherited from its parent's configuration. */ modules?: { [key: string]: Schema$Config; } | null; /** * Identifier. The resource name of the EventThreatDetectionSettings. Formats: * organizations/{organization\}/eventThreatDetectionSettings * folders/{folder\}/eventThreatDetectionSettings * projects/{project\}/eventThreatDetectionSettings */ name?: string | null; /** * The state of enablement for the service at its level of the resource hierarchy. A DISABLED state will override all module enablement_states to DISABLED. */ serviceEnablementState?: string | null; /** * Output only. The time the settings were last updated. */ updateTime?: string | null; } /** * Resource where data was exfiltrated from or exfiltrated to. */ export interface Schema$ExfilResource { /** * Subcomponents of the asset that was exfiltrated, like URIs used during exfiltration, table names, databases, and filenames. For example, multiple tables might have been exfiltrated from the same Cloud SQL instance, or multiple files might have been exfiltrated from the same Cloud Storage bucket. */ components?: string[] | null; /** * The resource's [full resource name](https://cloud.google.com/apis/design/resource_names#full_resource_name). */ name?: string | null; } /** * Exfiltration represents a data exfiltration attempt from one or more sources to one or more targets. The `sources` attribute lists the sources of the exfiltrated data. The `targets` attribute lists the destinations the data was copied to. */ export interface Schema$Exfiltration { /** * If there are multiple sources, then the data is considered "joined" between them. For instance, BigQuery can join multiple tables, and each table would be considered a source. */ sources?: Schema$ExfilResource[]; /** * If there are multiple targets, each target would get a complete copy of the "joined" source data. */ targets?: Schema$ExfilResource[]; /** * Total exfiltrated bytes processed for the entire job. */ totalExfiltratedBytes?: string | null; } /** * The LRO metadata for a ExportFindings request. */ export interface Schema$ExportFindingsMetadata { /** * Required. The destination BigQuery dataset to export findings to. */ bigQueryDestination?: Schema$BigQueryDestination; /** * Optional. Timestamp at which export was started */ exportStartTime?: string | null; } /** * The response to a ExportFindings request. Contains the LRO information. */ export interface Schema$ExportFindingsResponse { } /** * Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" express