Skip to content

Commit

Permalink
feat: added field severity to findings (#317)
Browse files Browse the repository at this point in the history
Clients will now see a new field, severity, on findings. They will also be able to filter and group by severity on ListFinding and GroupFinding API calls.

PiperOrigin-RevId: 326514554

Source-Author: Google APIs <noreply@google.com>
Source-Date: Thu Aug 13 13:43:22 2020 -0700
Source-Repo: googleapis/googleapis
Source-Sha: 5ad09e867a8f1faa19fbd674e51fa9c3f5fe2770
Source-Link: googleapis/googleapis@5ad09e8
  • Loading branch information
yoshi-automation authored Aug 14, 2020
1 parent 56c305b commit 99d461d
Show file tree
Hide file tree
Showing 7 changed files with 214 additions and 136 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,24 @@ message Finding {
INACTIVE = 2;
}

// The severity of the finding.
enum Severity {
// No severity specified. The default value.
SEVERITY_UNSPECIFIED = 0;

// Critical severity.
CRITICAL = 1;

// High severity.
HIGH = 2;

// Medium severity.
MEDIUM = 3;

// Low severity.
LOW = 4;
}

// The relative resource name of this finding. See:
// https://cloud.google.com/apis/design/resource_names#relative_resource_name
// Example:
Expand Down Expand Up @@ -107,4 +125,7 @@ message Finding {

// The time at which the finding was created in Security Command Center.
google.protobuf.Timestamp create_time = 10;

// The severity of the finding.
Severity severity = 13;
}
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,6 @@ syntax = "proto3";
package google.cloud.securitycenter.v1p1beta1;

import public "google/cloud/securitycenter/v1p1beta1/run_asset_discovery_response.proto";

import "google/api/annotations.proto";
import "google/api/client.proto";
import "google/api/field_behavior.proto";
Expand Down Expand Up @@ -47,8 +46,7 @@ option ruby_package = "Google::Cloud::SecurityCenter::V1p1beta1";
// V1p1Beta1 APIs for Security Center service.
service SecurityCenter {
option (google.api.default_host) = "securitycenter.googleapis.com";
option (google.api.oauth_scopes) =
"https://www.googleapis.com/auth/cloud-platform";
option (google.api.oauth_scopes) = "https://www.googleapis.com/auth/cloud-platform";

// Creates a source.
rpc CreateSource(CreateSourceRequest) returns (Source) {
Expand All @@ -59,7 +57,6 @@ service SecurityCenter {
option (google.api.method_signature) = "parent,source";
}

//
// Creates a finding. The corresponding source must exist for finding
// creation to succeed.
rpc CreateFinding(CreateFindingRequest) returns (Finding) {
Expand All @@ -72,29 +69,25 @@ service SecurityCenter {
}

// Creates a notification config.
rpc CreateNotificationConfig(CreateNotificationConfigRequest)
returns (NotificationConfig) {
rpc CreateNotificationConfig(CreateNotificationConfigRequest) returns (NotificationConfig) {
option (google.api.http) = {
post: "/v1p1beta1/{parent=organizations/*}/notificationConfigs"
body: "notification_config"
};
option (google.api.method_signature) =
"parent,config_id,notification_config";
option (google.api.method_signature) = "parent,config_id,notification_config";
option (google.api.method_signature) = "parent,notification_config";
}

// Deletes a notification config.
rpc DeleteNotificationConfig(DeleteNotificationConfigRequest)
returns (google.protobuf.Empty) {
rpc DeleteNotificationConfig(DeleteNotificationConfigRequest) returns (google.protobuf.Empty) {
option (google.api.http) = {
delete: "/v1p1beta1/{name=organizations/*/notificationConfigs/*}"
};
option (google.api.method_signature) = "name";
}

// Gets the access control policy on the specified Source.
rpc GetIamPolicy(google.iam.v1.GetIamPolicyRequest)
returns (google.iam.v1.Policy) {
rpc GetIamPolicy(google.iam.v1.GetIamPolicyRequest) returns (google.iam.v1.Policy) {
option (google.api.http) = {
post: "/v1p1beta1/{resource=organizations/*/sources/*}:getIamPolicy"
body: "*"
Expand All @@ -103,17 +96,15 @@ service SecurityCenter {
}

// Gets a notification config.
rpc GetNotificationConfig(GetNotificationConfigRequest)
returns (NotificationConfig) {
rpc GetNotificationConfig(GetNotificationConfigRequest) returns (NotificationConfig) {
option (google.api.http) = {
get: "/v1p1beta1/{name=organizations/*/notificationConfigs/*}"
};
option (google.api.method_signature) = "name";
}

// Gets the settings for an organization.
rpc GetOrganizationSettings(GetOrganizationSettingsRequest)
returns (OrganizationSettings) {
rpc GetOrganizationSettings(GetOrganizationSettingsRequest) returns (OrganizationSettings) {
option (google.api.http) = {
get: "/v1p1beta1/{name=organizations/*/organizationSettings}"
};
Expand Down Expand Up @@ -170,8 +161,7 @@ service SecurityCenter {
}

// Lists notification configs.
rpc ListNotificationConfigs(ListNotificationConfigsRequest)
returns (ListNotificationConfigsResponse) {
rpc ListNotificationConfigs(ListNotificationConfigsRequest) returns (ListNotificationConfigsResponse) {
option (google.api.http) = {
get: "/v1p1beta1/{parent=organizations/*}/notificationConfigs"
};
Expand All @@ -192,8 +182,7 @@ service SecurityCenter {
// This API can only be called with limited frequency for an organization. If
// it is called too frequently the caller will receive a TOO_MANY_REQUESTS
// error.
rpc RunAssetDiscovery(RunAssetDiscoveryRequest)
returns (google.longrunning.Operation) {
rpc RunAssetDiscovery(RunAssetDiscoveryRequest) returns (google.longrunning.Operation) {
option (google.api.http) = {
post: "/v1p1beta1/{parent=organizations/*}/assets:runDiscovery"
body: "*"
Expand All @@ -205,7 +194,6 @@ service SecurityCenter {
};
}

//
// Updates the state of a finding.
rpc SetFindingState(SetFindingStateRequest) returns (Finding) {
option (google.api.http) = {
Expand All @@ -216,8 +204,7 @@ service SecurityCenter {
}

// Sets the access control policy on the specified Source.
rpc SetIamPolicy(google.iam.v1.SetIamPolicyRequest)
returns (google.iam.v1.Policy) {
rpc SetIamPolicy(google.iam.v1.SetIamPolicyRequest) returns (google.iam.v1.Policy) {
option (google.api.http) = {
post: "/v1p1beta1/{resource=organizations/*/sources/*}:setIamPolicy"
body: "*"
Expand All @@ -226,8 +213,7 @@ service SecurityCenter {
}

// Returns the permissions that a caller has on the specified source.
rpc TestIamPermissions(google.iam.v1.TestIamPermissionsRequest)
returns (google.iam.v1.TestIamPermissionsResponse) {
rpc TestIamPermissions(google.iam.v1.TestIamPermissionsRequest) returns (google.iam.v1.TestIamPermissionsResponse) {
option (google.api.http) = {
post: "/v1p1beta1/{resource=organizations/*/sources/*}:testIamPermissions"
body: "*"
Expand All @@ -248,8 +234,7 @@ service SecurityCenter {

// Updates a notification config. The following update
// fields are allowed: description, pubsub_topic, streaming_config.filter
rpc UpdateNotificationConfig(UpdateNotificationConfigRequest)
returns (NotificationConfig) {
rpc UpdateNotificationConfig(UpdateNotificationConfigRequest) returns (NotificationConfig) {
option (google.api.http) = {
patch: "/v1p1beta1/{notification_config.name=organizations/*/notificationConfigs/*}"
body: "notification_config"
Expand All @@ -259,8 +244,7 @@ service SecurityCenter {
}

// Updates an organization's settings.
rpc UpdateOrganizationSettings(UpdateOrganizationSettingsRequest)
returns (OrganizationSettings) {
rpc UpdateOrganizationSettings(UpdateOrganizationSettingsRequest) returns (OrganizationSettings) {
option (google.api.http) = {
patch: "/v1p1beta1/{organization_settings.name=organizations/*/organizationSettings}"
body: "organization_settings"
Expand Down Expand Up @@ -305,19 +289,17 @@ message CreateFindingRequest {
];

// Required. Unique identifier provided by the client within the parent scope.
// It must be alphanumeric and less than or equal to 32 characters and
// greater than 0 characters in length.
string finding_id = 2 [(google.api.field_behavior) = REQUIRED];

// Required. The Finding being created. The name and security_marks will be
// ignored as they are both output only fields on this resource.
// Required. The Finding being created. The name and security_marks will be ignored as
// they are both output only fields on this resource.
Finding finding = 3 [(google.api.field_behavior) = REQUIRED];
}

// Request message for creating a notification config.
message CreateNotificationConfigRequest {
// Required. Resource name of the new notification config's parent. Its format
// is "organizations/[organization_id]".
// Required. Resource name of the new notification config's parent. Its format is
// "organizations/[organization_id]".
string parent = 1 [
(google.api.field_behavior) = REQUIRED,
(google.api.resource_reference) = {
Expand All @@ -331,11 +313,9 @@ message CreateNotificationConfigRequest {
// characters, underscores or hyphens only.
string config_id = 2 [(google.api.field_behavior) = REQUIRED];

// Required. The notification config being created. The name and the service
// account will be ignored as they are both output only fields on this
// resource.
NotificationConfig notification_config = 3
[(google.api.field_behavior) = REQUIRED];
// Required. The notification config being created. The name and the service account
// will be ignored as they are both output only fields on this resource.
NotificationConfig notification_config = 3 [(google.api.field_behavior) = REQUIRED];
}

// Request message for creating a source.
Expand All @@ -349,8 +329,8 @@ message CreateSourceRequest {
}
];

// Required. The Source being created, only the display_name and description
// will be used. All other fields will be ignored.
// Required. The Source being created, only the display_name and description will be
// used. All other fields will be ignored.
Source source = 2 [(google.api.field_behavior) = REQUIRED];
}

Expand Down Expand Up @@ -380,8 +360,8 @@ message GetNotificationConfigRequest {

// Request message for getting organization settings.
message GetOrganizationSettingsRequest {
// Required. Name of the organization to get organization settings for. Its
// format is "organizations/[organization_id]/organizationSettings".
// Required. Name of the organization to get organization settings for. Its format is
// "organizations/[organization_id]/organizationSettings".
string name = 1 [
(google.api.field_behavior) = REQUIRED,
(google.api.resource_reference) = {
Expand Down Expand Up @@ -477,9 +457,9 @@ message GroupAssetsRequest {
// property not existing: `-resource_properties.my_property : ""`
string filter = 2;

// Required. Expression that defines what assets fields to use for grouping.
// The string value should follow SQL syntax: comma separated list of fields.
// For example:
// Required. Expression that defines what assets fields to use for grouping. The string
// value should follow SQL syntax: comma separated list of fields. For
// example:
// "security_center_properties.resource_project,security_center_properties.project".
//
// The following fields are supported when compare_duration is not set:
Expand Down Expand Up @@ -624,9 +604,9 @@ message GroupFindingsRequest {
// property not existing: `-source_properties.my_property : ""`
string filter = 2;

// Required. Expression that defines what assets fields to use for grouping
// (including `state_change`). The string value should follow SQL syntax:
// comma separated list of fields. For example: "parent,resource_name".
// Required. Expression that defines what assets fields to use for grouping (including
// `state_change`). The string value should follow SQL syntax: comma separated
// list of fields. For example: "parent,resource_name".
//
// The following fields are supported:
//
Expand Down Expand Up @@ -750,8 +730,8 @@ message ListNotificationConfigsResponse {

// Request message for listing sources.
message ListSourcesRequest {
// Required. Resource name of the parent of sources to list. Its format should
// be "organizations/[organization_id]".
// Required. Resource name of the parent of sources to list. Its format should be
// "organizations/[organization_id]".
string parent = 1 [
(google.api.field_behavior) = REQUIRED,
(google.api.resource_reference) = {
Expand Down Expand Up @@ -909,12 +889,10 @@ message ListAssetsRequest {
// read_time.
google.protobuf.Duration compare_duration = 5;

// Optional.
// A field mask to specify the ListAssetsResult fields to be listed in the
// response.
// An empty field mask will list all fields.
google.protobuf.FieldMask field_mask = 7
[(google.api.field_behavior) = OPTIONAL];
google.protobuf.FieldMask field_mask = 7;

// The value returned by the last `ListAssetsResponse`; indicates
// that this is a continuation of a prior `ListAssets` call, and
Expand Down Expand Up @@ -1093,11 +1071,9 @@ message ListFindingsRequest {
// read_time.
google.protobuf.Duration compare_duration = 5;

// Optional.
// A field mask to specify the Finding fields to be listed in the response.
// An empty field mask will list all fields.
google.protobuf.FieldMask field_mask = 7
[(google.api.field_behavior) = OPTIONAL];
google.protobuf.FieldMask field_mask = 7;

// The value returned by the last `ListFindingsResponse`; indicates
// that this is a continuation of a prior `ListFindings` call, and
Expand Down Expand Up @@ -1168,7 +1144,7 @@ message ListFindingsResponse {
StateChange state_change = 2;

// Output only. Resource that is associated with this finding.
Resource resource = 3;
Resource resource = 3 [(google.api.field_behavior) = OUTPUT_ONLY];
}

// Findings matching the list request.
Expand Down Expand Up @@ -1202,14 +1178,13 @@ message SetFindingStateRequest {
Finding.State state = 2 [(google.api.field_behavior) = REQUIRED];

// Required. The time at which the updated state takes effect.
google.protobuf.Timestamp start_time = 3
[(google.api.field_behavior) = REQUIRED];
google.protobuf.Timestamp start_time = 3 [(google.api.field_behavior) = REQUIRED];
}

// Request message for running asset discovery for an organization.
message RunAssetDiscoveryRequest {
// Required. Name of the organization to run asset discovery for. Its format
// is "organizations/[organization_id]".
// Required. Name of the organization to run asset discovery for. Its format is
// "organizations/[organization_id]".
string parent = 1 [
(google.api.field_behavior) = REQUIRED,
(google.api.resource_reference) = {
Expand All @@ -1220,8 +1195,8 @@ message RunAssetDiscoveryRequest {

// Request message for updating or creating a finding.
message UpdateFindingRequest {
// Required. The finding resource to update or create if it does not already
// exist. parent, security_marks, and update_time will be ignored.
// Required. The finding resource to update or create if it does not already exist.
// parent, security_marks, and update_time will be ignored.
//
// In the case of creation, the finding id portion of the name must be
// alphanumeric and less than or equal to 32 characters and greater than 0
Expand All @@ -1241,8 +1216,7 @@ message UpdateFindingRequest {
// Request message for updating a notification config.
message UpdateNotificationConfigRequest {
// Required. The notification config to update.
NotificationConfig notification_config = 1
[(google.api.field_behavior) = REQUIRED];
NotificationConfig notification_config = 1 [(google.api.field_behavior) = REQUIRED];

// The FieldMask to use when updating the notification config.
//
Expand All @@ -1253,8 +1227,7 @@ message UpdateNotificationConfigRequest {
// Request message for updating an organization's settings.
message UpdateOrganizationSettingsRequest {
// Required. The organization settings resource to update.
OrganizationSettings organization_settings = 1
[(google.api.field_behavior) = REQUIRED];
OrganizationSettings organization_settings = 1 [(google.api.field_behavior) = REQUIRED];

// The FieldMask to use when updating the settings resource.
//
Expand Down
15 changes: 15 additions & 0 deletions packages/google-cloud-securitycenter/protos/protos.d.ts

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading

0 comments on commit 99d461d

Please sign in to comment.