feat: added field severity to findings in v1 API (#349)

Clients will now see a new field, severity, on findings. They will also be able to filter and group by severity on ListFinding and GroupFinding API calls. PiperOrigin-RevId: 347410691 Source-Author: Google APIs <noreply@google.com> Source-Date: Mon Dec 14 10:08:23 2020 -0800 Source-Repo: googleapis/googleapis Source-Sha: e9135d3cb8a99f77ee2ba3318ebc2c9b807581d0 Source-Link: googleapis/googleapis@e9135d3
googleapis · Dec 21, 2020 · 79f1433 · 79f1433
1 parent 5027240
commit 79f1433
Show file tree

Hide file tree

Showing 8 changed files with 319 additions and 167 deletions.
diff --git a/protos/google/cloud/securitycenter/v1/finding.proto b/protos/google/cloud/securitycenter/v1/finding.proto
@@ -56,6 +56,65 @@ message Finding {
     INACTIVE = 2;
   }
 
+  // The severity of the finding.
+  enum Severity {
+    // This value is used for findings when a source doesn't write a severity
+    // value.
+    SEVERITY_UNSPECIFIED = 0;
+
+    // Vulnerability:
+    // A critical vulnerability is easily discoverable by an external actor,
+    // exploitable, and results in the direct ability to execute arbitrary code,
+    // exfiltrate data, and otherwise gain additional access and privileges to
+    // cloud resources and workloads. Examples include publicly accessible
+    // unprotected user data, public SSH access with weak or no passwords, etc.
+    //
+    // Threat:
+    // Indicates a threat that is able to access, modify, or delete data or
+    // execute unauthorized code within existing resources.
+    CRITICAL = 1;
+
+    // Vulnerability:
+    // A high risk vulnerability can be easily discovered and exploited in
+    // combination with other vulnerabilities in order to gain direct access and
+    // the ability to execute arbitrary code, exfiltrate data, and otherwise
+    // gain additional access and privileges to cloud resources and workloads.
+    // An example is a database with weak or no passwords that is only
+    // accessible internally. This database could easily be compromised by an
+    // actor that had access to the internal network.
+    //
+    // Threat:
+    // Indicates a threat that is able to create new computational resources in
+    // an environment but not able to access data or execute code in existing
+    // resources.
+    HIGH = 2;
+
+    // Vulnerability:
+    // A medium risk vulnerability could be used by an actor to gain access to
+    // resources or privileges that enable them to eventually (through multiple
+    // steps or a complex exploit) gain access and the ability to execute
+    // arbitrary code or exfiltrate data. An example is a service account with
+    // access to more projects than it should have. If an actor gains access to
+    // the service account, they could potentially use that access to manipulate
+    // a project the service account was not intended to.
+    //
+    // Threat:
+    // Indicates a threat that is able to cause operational impact but may not
+    // access data or execute unauthorized code.
+    MEDIUM = 3;
+
+    // Vulnerability:
+    // A low risk vulnerability hampers a security organization’s ability to
+    // detect vulnerabilities or active threats in their deployment, or prevents
+    // the root cause investigation of security issues. An example is monitoring
+    // and logs being disabled for resource configurations and access.
+    //
+    // Threat:
+    // Indicates a threat that has obtained minimal access to an environment but
+    // is not able to access data, execute code, or create resources.
+    LOW = 4;
+  }
+
   // The relative resource name of this finding. See:
   // https://cloud.google.com/apis/design/resource_names#relative_resource_name
   // Example:
@@ -110,4 +169,8 @@ message Finding {
 
   // The time at which the finding was created in Security Command Center.
   google.protobuf.Timestamp create_time = 10;
+
+  // The severity of the finding. This field is managed by the source that
+  // writes the finding.
+  Severity severity = 12;
 }
diff --git a/protos/google/cloud/securitycenter/v1/notification_config.proto b/protos/google/cloud/securitycenter/v1/notification_config.proto
@@ -78,14 +78,14 @@ message NotificationConfig {
   // The description of the notification config (max of 1024 characters).
   string description = 2;
 
-  // The PubSub topic to send notifications to. Its format is
+  // The Pub/Sub topic to send notifications to. Its format is
   // "projects/[project_id]/topics/[topic]".
-  string pubsub_topic = 3 [
-    (google.api.resource_reference) = { type: "pubsub.googleapis.com/Topic" }
-  ];
+  string pubsub_topic = 3 [(google.api.resource_reference) = {
+                             type: "pubsub.googleapis.com/Topic"
+                           }];
 
   // Output only. The service account that needs "pubsub.topics.publish"
-  // permission to publish to the PubSub topic.
+  // permission to publish to the Pub/Sub topic.
   string service_account = 4 [(google.api.field_behavior) = OUTPUT_ONLY];
 
   // The config for triggering notifications.