1 // Copyright 2018 Google LLC.
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
7 // http://www.apache.org/licenses/LICENSE-2.0
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
18 package google.cloud.securitycenter.v1beta1;
20 import "google/api/annotations.proto";
21 import "google/cloud/securitycenter/v1beta1/asset.proto";
22 import "google/cloud/securitycenter/v1beta1/finding.proto";
23 import "google/cloud/securitycenter/v1beta1/organization_settings.proto";
24 import "google/cloud/securitycenter/v1beta1/security_marks.proto";
25 import "google/cloud/securitycenter/v1beta1/source.proto";
26 import "google/iam/v1/iam_policy.proto";
27 import "google/iam/v1/policy.proto";
28 import "google/longrunning/operations.proto";
29 import "google/protobuf/duration.proto";
30 import "google/protobuf/empty.proto";
31 import "google/protobuf/field_mask.proto";
32 import "google/protobuf/struct.proto";
33 import "google/protobuf/timestamp.proto";
35 option go_package = "google.golang.org/genproto/googleapis/cloud/securitycenter/v1beta1;securitycenter";
36 option java_multiple_files = true;
37 option java_package = "com.google.cloud.securitycenter.v1beta1";
39 // V1 Beta APIs for Security Center service.
40 service SecurityCenter {
42 rpc CreateSource(CreateSourceRequest) returns (Source) {
43 option (google.api.http) = {
44 post: "/v1beta1/{parent=organizations/*}/sources"
49 // Creates a finding. The corresponding source must exist for finding creation
51 rpc CreateFinding(CreateFindingRequest) returns (Finding) {
52 option (google.api.http) = {
53 post: "/v1beta1/{parent=organizations/*/sources/*}/findings"
58 // Gets the access control policy on the specified Source.
59 rpc GetIamPolicy(google.iam.v1.GetIamPolicyRequest)
60 returns (google.iam.v1.Policy) {
61 option (google.api.http) = {
62 post: "/v1beta1/{resource=organizations/*/sources/*}:getIamPolicy"
67 // Gets the settings for an organization.
68 rpc GetOrganizationSettings(GetOrganizationSettingsRequest)
69 returns (OrganizationSettings) {
70 option (google.api.http) = {
71 get: "/v1beta1/{name=organizations/*/organizationSettings}"
76 rpc GetSource(GetSourceRequest) returns (Source) {
77 option (google.api.http) = {
78 get: "/v1beta1/{name=organizations/*/sources/*}"
82 // Filters an organization's assets and groups them by their specified
84 rpc GroupAssets(GroupAssetsRequest) returns (GroupAssetsResponse) {
85 option (google.api.http) = {
86 post: "/v1beta1/{parent=organizations/*}/assets:group"
91 // Filters an organization or source's findings and groups them by their
92 // specified properties.
94 // To group across all sources provide a `-` as the source id.
95 // Example: /v1beta1/organizations/123/sources/-/findings
96 rpc GroupFindings(GroupFindingsRequest) returns (GroupFindingsResponse) {
97 option (google.api.http) = {
98 post: "/v1beta1/{parent=organizations/*/sources/*}/findings:group"
103 // Lists an organization's assets.
104 rpc ListAssets(ListAssetsRequest) returns (ListAssetsResponse) {
105 option (google.api.http) = {
106 get: "/v1beta1/{parent=organizations/*}/assets"
110 // Lists an organization or source's findings.
112 // To list across all sources provide a `-` as the source id.
113 // Example: /v1beta1/organizations/123/sources/-/findings
114 rpc ListFindings(ListFindingsRequest) returns (ListFindingsResponse) {
115 option (google.api.http) = {
116 get: "/v1beta1/{parent=organizations/*/sources/*}/findings"
120 // Lists all sources belonging to an organization.
121 rpc ListSources(ListSourcesRequest) returns (ListSourcesResponse) {
122 option (google.api.http) = {
123 get: "/v1beta1/{parent=organizations/*}/sources"
127 // Runs asset discovery. The discovery is tracked with a long-running
130 // This API can only be called with limited frequency for an organization. If
131 // it is called too frequently the caller will receive a TOO_MANY_REQUESTS
133 rpc RunAssetDiscovery(RunAssetDiscoveryRequest)
134 returns (google.longrunning.Operation) {
135 option (google.api.http) = {
136 post: "/v1beta1/{parent=organizations/*}/assets:runDiscovery"
141 // Updates the state of a finding.
142 rpc SetFindingState(SetFindingStateRequest) returns (Finding) {
143 option (google.api.http) = {
144 post: "/v1beta1/{name=organizations/*/sources/*/findings/*}:setState"
149 // Sets the access control policy on the specified Source.
150 rpc SetIamPolicy(google.iam.v1.SetIamPolicyRequest)
151 returns (google.iam.v1.Policy) {
152 option (google.api.http) = {
153 post: "/v1beta1/{resource=organizations/*/sources/*}:setIamPolicy"
158 // Returns the permissions that a caller has on the specified source.
159 rpc TestIamPermissions(google.iam.v1.TestIamPermissionsRequest)
160 returns (google.iam.v1.TestIamPermissionsResponse) {
161 option (google.api.http) = {
162 post: "/v1beta1/{resource=organizations/*/sources/*}:testIamPermissions"
167 // Creates or updates a finding. The corresponding source must exist for a
168 // finding creation to succeed.
169 rpc UpdateFinding(UpdateFindingRequest) returns (Finding) {
170 option (google.api.http) = {
171 patch: "/v1beta1/{finding.name=organizations/*/sources/*/findings/*}"
176 // Updates an organization's settings.
177 rpc UpdateOrganizationSettings(UpdateOrganizationSettingsRequest)
178 returns (OrganizationSettings) {
179 option (google.api.http) = {
180 patch: "/v1beta1/{organization_settings.name=organizations/*/organizationSettings}"
181 body: "organization_settings"
186 rpc UpdateSource(UpdateSourceRequest) returns (Source) {
187 option (google.api.http) = {
188 patch: "/v1beta1/{source.name=organizations/*/sources/*}"
193 // Updates security marks.
194 rpc UpdateSecurityMarks(UpdateSecurityMarksRequest) returns (SecurityMarks) {
195 option (google.api.http) = {
196 patch: "/v1beta1/{security_marks.name=organizations/*/assets/*/securityMarks}"
197 body: "security_marks"
198 additional_bindings {
199 patch: "/v1beta1/{security_marks.name=organizations/*/sources/*/findings/*/securityMarks}"
200 body: "security_marks"
206 // Request message for creating a finding.
207 message CreateFindingRequest {
208 // Resource name of the new finding's parent. Its format should be
209 // "organizations/[organization_id]/sources/[source_id]".
212 // Unique identifier provided by the client within the parent scope.
213 // It must be alphanumeric and less than or equal to 32 characters and
214 // greater than 0 characters in length.
215 string finding_id = 2;
217 // The Finding being created. The name and security_marks will be ignored as
218 // they are both output only fields on this resource.
222 // Request message for creating a source.
223 message CreateSourceRequest {
224 // Resource name of the new source's parent. Its format should be
225 // "organizations/[organization_id]".
228 // The Source being created, only the display_name and description will be
229 // used. All other fields will be ignored.
233 // Request message for getting organization settings.
234 message GetOrganizationSettingsRequest {
235 // Name of the organization to get organization settings for. Its format is
236 // "organizations/[organization_id]/organizationSettings".
240 // Request message for getting a source.
241 message GetSourceRequest {
242 // Relative resource name of the source. Its format is
243 // "organizations/[organization_id]/source/[source_id]".
247 // Request message for grouping by assets.
248 message GroupAssetsRequest {
249 // Name of the organization to groupBy. Its format is
250 // "organizations/[organization_id]".
253 // Expression that defines the filter to apply across assets.
254 // The expression is a list of zero or more restrictions combined via logical
255 // operators `AND` and `OR`.
256 // Parentheses are not supported, and `OR` has higher precedence than `AND`.
258 // Restrictions have the form `<field> <operator> <value>` and may have a `-`
259 // character in front of them to indicate negation. The fields map to those
260 // defined in the Asset resource. Examples include:
263 // * security_center_properties.resource_name
264 // * resource_properties.a_property
265 // * security_marks.marks.marka
267 // The supported operators are:
269 // * `=` for all value types.
270 // * `>`, `<`, `>=`, `<=` for integer values.
271 // * `:`, meaning substring matching, for strings.
273 // The supported value types are:
275 // * string literals in quotes.
276 // * integer literals without quotes.
277 // * boolean literals `true` and `false` without quotes.
279 // For example, `resource_properties.size = 100` is a valid filter string.
282 // Expression that defines what assets fields to use for grouping. The string
283 // value should follow SQL syntax: comma separated list of fields. For
285 // "security_center_properties.resource_project,security_center_properties.project".
287 // The following fields are supported when compare_duration is not set:
289 // * security_center_properties.resource_project
290 // * security_center_properties.resource_type
291 // * security_center_properties.resource_parent
293 // The following fields are supported when compare_duration is set:
295 // * security_center_properties.resource_type
298 // When compare_duration is set, the Asset's "state" property is updated to
299 // indicate whether the asset was added, removed, or remained present during
300 // the compare_duration period of time that precedes the read_time. This is
301 // the time between (read_time - compare_duration) and read_time.
303 // The state value is derived based on the presence of the asset at the two
304 // points in time. Intermediate state changes between the two times don't
305 // affect the result. For example, the results aren't affected if the asset is
306 // removed and re-created again.
308 // Possible "state" values when compare_duration is specified:
310 // * "ADDED": indicates that the asset was not present before
311 // compare_duration, but present at reference_time.
312 // * "REMOVED": indicates that the asset was present at the start of
313 // compare_duration, but not present at reference_time.
314 // * "ACTIVE": indicates that the asset was present at both the
315 // start and the end of the time period defined by
316 // compare_duration and reference_time.
318 // This field is ignored if `state` is not a field in `group_by`.
319 google.protobuf.Duration compare_duration = 4;
321 // Time used as a reference point when filtering assets. The filter is limited
322 // to assets existing at the supplied time and their values are those at that
323 // specific time. Absence of this field will default to the API's version of
325 google.protobuf.Timestamp read_time = 5;
327 // The value returned by the last `GroupAssetsResponse`; indicates
328 // that this is a continuation of a prior `GroupAssets` call, and that the
329 // system should return the next page of data.
330 string page_token = 7;
332 // The maximum number of results to return in a single response. Default is
333 // 10, minimum is 1, maximum is 1000.
337 // Response message for grouping by assets.
338 message GroupAssetsResponse {
339 // Group results. There exists an element for each existing unique
340 // combination of property/values. The element contains a count for the number
341 // of times those specific property/values appear.
342 repeated GroupResult group_by_results = 1;
344 // Time used for executing the groupBy request.
345 google.protobuf.Timestamp read_time = 2;
347 // Token to retrieve the next page of results, or empty if there are no more
349 string next_page_token = 3;
352 // Request message for grouping by findings.
353 message GroupFindingsRequest {
354 // Name of the source to groupBy. Its format is
355 // "organizations/[organization_id]/sources/[source_id]". To groupBy across
356 // all sources provide a source_id of `-`. For example:
357 // organizations/123/sources/-
360 // Expression that defines the filter to apply across findings.
361 // The expression is a list of one or more restrictions combined via logical
362 // operators `AND` and `OR`.
363 // Parentheses are not supported, and `OR` has higher precedence than `AND`.
365 // Restrictions have the form `<field> <operator> <value>` and may have a `-`
366 // character in front of them to indicate negation. Examples include:
369 // * source_properties.a_property
370 // * security_marks.marks.marka
372 // The supported operators are:
374 // * `=` for all value types.
375 // * `>`, `<`, `>=`, `<=` for integer values.
376 // * `:`, meaning substring matching, for strings.
378 // The supported value types are:
380 // * string literals in quotes.
381 // * integer literals without quotes.
382 // * boolean literals `true` and `false` without quotes.
384 // For example, `source_properties.size = 100` is a valid filter string.
387 // Expression that defines what assets fields to use for grouping (including
388 // `state`). The string value should follow SQL syntax: comma separated list
389 // of fields. For example:
390 // "parent,resource_name".
392 // The following fields are supported:
400 // Time used as a reference point when filtering findings. The filter is
401 // limited to findings existing at the supplied time and their values are
402 // those at that specific time. Absence of this field will default to the
403 // API's version of NOW.
404 google.protobuf.Timestamp read_time = 4;
406 // The value returned by the last `GroupFindingsResponse`; indicates
407 // that this is a continuation of a prior `GroupFindings` call, and
408 // that the system should return the next page of data.
409 string page_token = 5;
411 // The maximum number of results to return in a single response. Default is
412 // 10, minimum is 1, maximum is 1000.
416 // Response message for group by findings.
417 message GroupFindingsResponse {
418 // Group results. There exists an element for each existing unique
419 // combination of property/values. The element contains a count for the number
420 // of times those specific property/values appear.
421 repeated GroupResult group_by_results = 1;
423 // Time used for executing the groupBy request.
424 google.protobuf.Timestamp read_time = 2;
426 // Token to retrieve the next page of results, or empty if there are no more
428 string next_page_token = 3;
431 // Result containing the properties and count of a groupBy request.
432 message GroupResult {
433 // Properties matching the groupBy fields in the request.
434 map<string, google.protobuf.Value> properties = 1;
436 // Total count of resources for the given properties.
440 // Request message for listing sources.
441 message ListSourcesRequest {
442 // Resource name of the parent of sources to list. Its format should be
443 // "organizations/[organization_id]".
446 // The value returned by the last `ListSourcesResponse`; indicates
447 // that this is a continuation of a prior `ListSources` call, and
448 // that the system should return the next page of data.
449 string page_token = 2;
451 // The maximum number of results to return in a single response. Default is
452 // 10, minimum is 1, maximum is 1000.
456 // Response message for listing sources.
457 message ListSourcesResponse {
458 // Sources belonging to the requested parent.
459 repeated Source sources = 1;
461 // Token to retrieve the next page of results, or empty if there are no more
463 string next_page_token = 2;
466 // Request message for listing assets.
467 message ListAssetsRequest {
468 // Name of the organization assets should belong to. Its format is
469 // "organizations/[organization_id]".
472 // Expression that defines the filter to apply across assets.
473 // The expression is a list of zero or more restrictions combined via logical
474 // operators `AND` and `OR`.
475 // Parentheses are not supported, and `OR` has higher precedence than `AND`.
477 // Restrictions have the form `<field> <operator> <value>` and may have a `-`
478 // character in front of them to indicate negation. The fields map to those
479 // defined in the Asset resource. Examples include:
482 // * security_center_properties.resource_name
483 // * resource_properties.a_property
484 // * security_marks.marks.marka
486 // The supported operators are:
488 // * `=` for all value types.
489 // * `>`, `<`, `>=`, `<=` for integer values.
490 // * `:`, meaning substring matching, for strings.
492 // The supported value types are:
494 // * string literals in quotes.
495 // * integer literals without quotes.
496 // * boolean literals `true` and `false` without quotes.
498 // For example, `resource_properties.size = 100` is a valid filter string.
501 // Expression that defines what fields and order to use for sorting. The
502 // string value should follow SQL syntax: comma separated list of fields. For
503 // example: "name,resource_properties.a_property". The default sorting order
504 // is ascending. To specify descending order for a field, a suffix " desc"
505 // should be appended to the field name. For example: "name
506 // desc,resource_properties.a_property". Redundant space characters in the
507 // syntax are insignificant. "name desc,resource_properties.a_property" and "
508 // name desc , resource_properties.a_property " are equivalent.
511 // Time used as a reference point when filtering assets. The filter is limited
512 // to assets existing at the supplied time and their values are those at that
513 // specific time. Absence of this field will default to the API's version of
515 google.protobuf.Timestamp read_time = 4;
517 // When compare_duration is set, the ListAssetResult's "state" attribute is
518 // updated to indicate whether the asset was added, removed, or remained
519 // present during the compare_duration period of time that precedes the
520 // read_time. This is the time between (read_time -
521 // compare_duration) and read_time.
523 // The state value is derived based on the presence of the asset at the two
524 // points in time. Intermediate state changes between the two times don't
525 // affect the result. For example, the results aren't affected if the asset is
526 // removed and re-created again.
528 // Possible "state" values when compare_duration is specified:
530 // * "ADDED": indicates that the asset was not present before
531 // compare_duration, but present at read_time.
532 // * "REMOVED": indicates that the asset was present at the start of
533 // compare_duration, but not present at read_time.
534 // * "ACTIVE": indicates that the asset was present at both the
535 // start and the end of the time period defined by
536 // compare_duration and read_time.
538 // If compare_duration is not specified, then the only possible state is
539 // "UNUSED", which indicates that the asset is present at read_time.
540 google.protobuf.Duration compare_duration = 5;
544 // A field mask to specify the ListAssetsResult fields to be listed in the
546 // An empty field mask will list all fields.
547 google.protobuf.FieldMask field_mask = 7;
549 // The value returned by the last `ListAssetsResponse`; indicates
550 // that this is a continuation of a prior `ListAssets` call, and
551 // that the system should return the next page of data.
552 string page_token = 8;
554 // The maximum number of results to return in a single response. Default is
555 // 10, minimum is 1, maximum is 1000.
559 // Response message for listing assets.
560 message ListAssetsResponse {
561 // Result containing the Asset and its State.
562 message ListAssetsResult {
563 // State of the asset.
565 // When querying across two points in time this describes
566 // the change between the two points: ADDED, REMOVED, or ACTIVE.
567 // If there was no compare_duration supplied in the request the state should
570 // Unspecified state.
571 STATE_UNSPECIFIED = 0;
573 // Request did not specify use of this field in the result.
576 // Asset was added between the points in time.
579 // Asset was removed between the points in time.
582 // Asset was active at both point(s) in time.
586 // Asset matching the search request.
589 // State of the asset.
593 // Assets matching the list request.
594 repeated ListAssetsResult list_assets_results = 1;
596 // Time used for executing the list request.
597 google.protobuf.Timestamp read_time = 2;
599 // Token to retrieve the next page of results, or empty if there are no more
601 string next_page_token = 3;
603 // The total number of assets matching the query.
604 int32 total_size = 4;
607 // Request message for listing findings.
608 message ListFindingsRequest {
609 // Name of the source the findings belong to. Its format is
610 // "organizations/[organization_id]/sources/[source_id]". To list across all
611 // sources provide a source_id of `-`. For example:
612 // organizations/123/sources/-
615 // Expression that defines the filter to apply across findings.
616 // The expression is a list of one or more restrictions combined via logical
617 // operators `AND` and `OR`.
618 // Parentheses are not supported, and `OR` has higher precedence than `AND`.
620 // Restrictions have the form `<field> <operator> <value>` and may have a `-`
621 // character in front of them to indicate negation. Examples include:
624 // * source_properties.a_property
625 // * security_marks.marks.marka
627 // The supported operators are:
629 // * `=` for all value types.
630 // * `>`, `<`, `>=`, `<=` for integer values.
631 // * `:`, meaning substring matching, for strings.
633 // The supported value types are:
635 // * string literals in quotes.
636 // * integer literals without quotes.
637 // * boolean literals `true` and `false` without quotes.
639 // For example, `source_properties.size = 100` is a valid filter string.
642 // Expression that defines what fields and order to use for sorting. The
643 // string value should follow SQL syntax: comma separated list of fields. For
644 // example: "name,resource_properties.a_property". The default sorting order
645 // is ascending. To specify descending order for a field, a suffix " desc"
646 // should be appended to the field name. For example: "name
647 // desc,source_properties.a_property". Redundant space characters in the
648 // syntax are insignificant. "name desc,source_properties.a_property" and "
649 // name desc , source_properties.a_property " are equivalent.
652 // Time used as a reference point when filtering findings. The filter is
653 // limited to findings existing at the supplied time and their values are
654 // those at that specific time. Absence of this field will default to the
655 // API's version of NOW.
656 google.protobuf.Timestamp read_time = 4;
660 // A field mask to specify the Finding fields to be listed in the response.
661 // An empty field mask will list all fields.
662 google.protobuf.FieldMask field_mask = 5;
664 // The value returned by the last `ListFindingsResponse`; indicates
665 // that this is a continuation of a prior `ListFindings` call, and
666 // that the system should return the next page of data.
667 string page_token = 6;
669 // The maximum number of results to return in a single response. Default is
670 // 10, minimum is 1, maximum is 1000.
674 // Response message for listing findings.
675 message ListFindingsResponse {
676 // Findings matching the list request.
677 repeated Finding findings = 1;
679 // Time used for executing the list request.
680 google.protobuf.Timestamp read_time = 2;
682 // Token to retrieve the next page of results, or empty if there are no more
684 string next_page_token = 3;
686 // The total number of findings matching the query.
687 int32 total_size = 4;
690 // Request message for updating a finding's state.
691 message SetFindingStateRequest {
692 // The relative resource name of the finding. See:
693 // https://cloud.google.com/apis/design/resource_names#relative_resource_name
695 // "organizations/123/sources/456/finding/789".
698 // The desired State of the finding.
699 Finding.State state = 2;
701 // The time at which the updated state takes effect.
702 google.protobuf.Timestamp start_time = 3;
705 // Request message for running asset discovery for an organization.
706 message RunAssetDiscoveryRequest {
707 // Name of the organization to run asset discovery for. Its format is
708 // "organizations/[organization_id]".
712 // Request message for updating or creating a finding.
713 message UpdateFindingRequest {
714 // The finding resource to update or create if it does not already exist.
715 // parent, security_marks, and update_time will be ignored.
717 // In the case of creation, the finding id portion of the name must
718 // alphanumeric and less than or equal to 32 characters and greater than 0
719 // characters in length.
722 // The FieldMask to use when updating the finding resource. This field should
723 // not be specified when creating a finding.
724 google.protobuf.FieldMask update_mask = 2;
727 // Request message for updating an organization's settings.
728 message UpdateOrganizationSettingsRequest {
729 // The organization settings resource to update.
730 OrganizationSettings organization_settings = 1;
732 // The FieldMask to use when updating the settings resource.
733 google.protobuf.FieldMask update_mask = 2;
736 // Request message for updating a source.
737 message UpdateSourceRequest {
738 // The source resource to update.
741 // The FieldMask to use when updating the source resource.
742 google.protobuf.FieldMask update_mask = 2;
745 // Request message for updating a SecurityMarks resource.
746 message UpdateSecurityMarksRequest {
747 // The security marks resource to update.
748 SecurityMarks security_marks = 1;
750 // The FieldMask to use when updating the security marks resource.
751 google.protobuf.FieldMask update_mask = 2;
753 // The time at which the updated SecurityMarks take effect.
754 google.protobuf.Timestamp start_time = 3;