Security Command Center finding.
A finding is a record of assessment data like security, risk, health, or privacy, that is ingested into Security Command Center for presentation, notification, analysis, policy testing, and enforcement. For example, a cross-site scripting (XSS) vulnerability in an App Engine application is a finding.
Inherits
- Object
Extended By
- Google::Protobuf::MessageExts::ClassMethods
Includes
- Google::Protobuf::MessageExts
Methods
#access
def access() -> ::Google::Cloud::SecurityCenter::V1::Access Returns
- (::Google::Cloud::SecurityCenter::V1::Access) — Access details associated to the Finding, such as more information on the caller, which method was accessed, from where, etc.
#access=
def access=(value) -> ::Google::Cloud::SecurityCenter::V1::Access Parameter
- value (::Google::Cloud::SecurityCenter::V1::Access) — Access details associated to the Finding, such as more information on the caller, which method was accessed, from where, etc.
Returns
- (::Google::Cloud::SecurityCenter::V1::Access) — Access details associated to the Finding, such as more information on the caller, which method was accessed, from where, etc.
#canonical_name
def canonical_name() -> ::String Returns
- (::String) — The canonical name of the finding. It's either "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}", "folders/{folder_id}/sources/{source_id}/findings/{finding_id}" or "projects/{project_number}/sources/{source_id}/findings/{finding_id}", depending on the closest CRM ancestor of the resource associated with the finding.
#canonical_name=
def canonical_name=(value) -> ::String Parameter
- value (::String) — The canonical name of the finding. It's either "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}", "folders/{folder_id}/sources/{source_id}/findings/{finding_id}" or "projects/{project_number}/sources/{source_id}/findings/{finding_id}", depending on the closest CRM ancestor of the resource associated with the finding.
Returns
- (::String) — The canonical name of the finding. It's either "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}", "folders/{folder_id}/sources/{source_id}/findings/{finding_id}" or "projects/{project_number}/sources/{source_id}/findings/{finding_id}", depending on the closest CRM ancestor of the resource associated with the finding.
#category
def category() -> ::String Returns
- (::String) — The additional taxonomy group within findings from a given source. This field is immutable after creation time. Example: "XSS_FLASH_INJECTION"
#category=
def category=(value) -> ::String Parameter
- value (::String) — The additional taxonomy group within findings from a given source. This field is immutable after creation time. Example: "XSS_FLASH_INJECTION"
Returns
- (::String) — The additional taxonomy group within findings from a given source. This field is immutable after creation time. Example: "XSS_FLASH_INJECTION"
#create_time
def create_time() -> ::Google::Protobuf::Timestamp Returns
- (::Google::Protobuf::Timestamp) — The time at which the finding was created in Security Command Center.
#create_time=
def create_time=(value) -> ::Google::Protobuf::Timestamp Parameter
- value (::Google::Protobuf::Timestamp) — The time at which the finding was created in Security Command Center.
Returns
- (::Google::Protobuf::Timestamp) — The time at which the finding was created in Security Command Center.
#event_time
def event_time() -> ::Google::Protobuf::Timestamp Returns
- (::Google::Protobuf::Timestamp) — The time the finding was first detected. If an existing finding is updated, then this is the time the update occurred. For example, if the finding represents an open firewall, this property captures the time the detector believes the firewall became open. The accuracy is determined by the detector. If the finding is later resolved, then this time reflects when the finding was resolved. This must not be set to a value greater than the current timestamp.
#event_time=
def event_time=(value) -> ::Google::Protobuf::Timestamp Parameter
- value (::Google::Protobuf::Timestamp) — The time the finding was first detected. If an existing finding is updated, then this is the time the update occurred. For example, if the finding represents an open firewall, this property captures the time the detector believes the firewall became open. The accuracy is determined by the detector. If the finding is later resolved, then this time reflects when the finding was resolved. This must not be set to a value greater than the current timestamp.
Returns
- (::Google::Protobuf::Timestamp) — The time the finding was first detected. If an existing finding is updated, then this is the time the update occurred. For example, if the finding represents an open firewall, this property captures the time the detector believes the firewall became open. The accuracy is determined by the detector. If the finding is later resolved, then this time reflects when the finding was resolved. This must not be set to a value greater than the current timestamp.
#external_systems
def external_systems() -> ::Google::Protobuf::Map{::String => ::Google::Cloud::SecurityCenter::V1::ExternalSystem} Returns
- (::Google::Protobuf::Map{::String => ::Google::Cloud::SecurityCenter::V1::ExternalSystem}) — Output only. Third party SIEM/SOAR fields within SCC, contains external system information and external system finding fields.
#external_uri
def external_uri() -> ::String Returns
- (::String) — The URI that, if available, points to a web page outside of Security Command Center where additional information about the finding can be found. This field is guaranteed to be either empty or a well formed URL.
#external_uri=
def external_uri=(value) -> ::String Parameter
- value (::String) — The URI that, if available, points to a web page outside of Security Command Center where additional information about the finding can be found. This field is guaranteed to be either empty or a well formed URL.
Returns
- (::String) — The URI that, if available, points to a web page outside of Security Command Center where additional information about the finding can be found. This field is guaranteed to be either empty or a well formed URL.
#finding_class
def finding_class() -> ::Google::Cloud::SecurityCenter::V1::Finding::FindingClass Returns
- (::Google::Cloud::SecurityCenter::V1::Finding::FindingClass) — The class of the finding.
#finding_class=
def finding_class=(value) -> ::Google::Cloud::SecurityCenter::V1::Finding::FindingClass Parameter
- value (::Google::Cloud::SecurityCenter::V1::Finding::FindingClass) — The class of the finding.
Returns
- (::Google::Cloud::SecurityCenter::V1::Finding::FindingClass) — The class of the finding.
#indicator
def indicator() -> ::Google::Cloud::SecurityCenter::V1::Indicator Returns
- (::Google::Cloud::SecurityCenter::V1::Indicator) — Represents what's commonly known as an Indicator of compromise (IoC) in computer forensics. This is an artifact observed on a network or in an operating system that, with high confidence, indicates a computer intrusion. Reference: https://en.wikipedia.org/wiki/Indicator_of_compromise
#indicator=
def indicator=(value) -> ::Google::Cloud::SecurityCenter::V1::Indicator Parameter
- value (::Google::Cloud::SecurityCenter::V1::Indicator) — Represents what's commonly known as an Indicator of compromise (IoC) in computer forensics. This is an artifact observed on a network or in an operating system that, with high confidence, indicates a computer intrusion. Reference: https://en.wikipedia.org/wiki/Indicator_of_compromise
Returns
- (::Google::Cloud::SecurityCenter::V1::Indicator) — Represents what's commonly known as an Indicator of compromise (IoC) in computer forensics. This is an artifact observed on a network or in an operating system that, with high confidence, indicates a computer intrusion. Reference: https://en.wikipedia.org/wiki/Indicator_of_compromise
#mitre_attack
def mitre_attack() -> ::Google::Cloud::SecurityCenter::V1::MitreAttack Returns
- (::Google::Cloud::SecurityCenter::V1::MitreAttack) — MITRE ATT&CK tactics and techniques related to this finding. See: https://attack.mitre.org
#mitre_attack=
def mitre_attack=(value) -> ::Google::Cloud::SecurityCenter::V1::MitreAttack Parameter
- value (::Google::Cloud::SecurityCenter::V1::MitreAttack) — MITRE ATT&CK tactics and techniques related to this finding. See: https://attack.mitre.org
Returns
- (::Google::Cloud::SecurityCenter::V1::MitreAttack) — MITRE ATT&CK tactics and techniques related to this finding. See: https://attack.mitre.org
#mute
def mute() -> ::Google::Cloud::SecurityCenter::V1::Finding::Mute Returns
- (::Google::Cloud::SecurityCenter::V1::Finding::Mute) — Indicates the mute state of a finding (either unspecified, muted, unmuted or undefined). Unlike other attributes of a finding, a finding provider shouldn't set the value of mute.
#mute=
def mute=(value) -> ::Google::Cloud::SecurityCenter::V1::Finding::Mute Parameter
- value (::Google::Cloud::SecurityCenter::V1::Finding::Mute) — Indicates the mute state of a finding (either unspecified, muted, unmuted or undefined). Unlike other attributes of a finding, a finding provider shouldn't set the value of mute.
Returns
- (::Google::Cloud::SecurityCenter::V1::Finding::Mute) — Indicates the mute state of a finding (either unspecified, muted, unmuted or undefined). Unlike other attributes of a finding, a finding provider shouldn't set the value of mute.
#mute_initiator
def mute_initiator() -> ::String Returns
- (::String) — First known as mute_annotation. Records additional information about the mute operation e.g. mute config that muted the finding, user who muted the finding, etc. Unlike other attributes of a finding, a finding provider shouldn't set the value of mute.
#mute_initiator=
def mute_initiator=(value) -> ::String Parameter
- value (::String) — First known as mute_annotation. Records additional information about the mute operation e.g. mute config that muted the finding, user who muted the finding, etc. Unlike other attributes of a finding, a finding provider shouldn't set the value of mute.
Returns
- (::String) — First known as mute_annotation. Records additional information about the mute operation e.g. mute config that muted the finding, user who muted the finding, etc. Unlike other attributes of a finding, a finding provider shouldn't set the value of mute.
#mute_update_time
def mute_update_time() -> ::Google::Protobuf::Timestamp Returns
- (::Google::Protobuf::Timestamp) — Output only. The most recent time this finding was muted or unmuted.
#name
def name() -> ::String Returns
- (::String) — The relative resource name of this finding. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name Example: "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}"
#name=
def name=(value) -> ::String Parameter
- value (::String) — The relative resource name of this finding. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name Example: "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}"
Returns
- (::String) — The relative resource name of this finding. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name Example: "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}"
#parent
def parent() -> ::String Returns
- (::String) — The relative resource name of the source the finding belongs to. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name This field is immutable after creation time. For example: "organizations/{organization_id}/sources/{source_id}"
#parent=
def parent=(value) -> ::String Parameter
- value (::String) — The relative resource name of the source the finding belongs to. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name This field is immutable after creation time. For example: "organizations/{organization_id}/sources/{source_id}"
Returns
- (::String) — The relative resource name of the source the finding belongs to. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name This field is immutable after creation time. For example: "organizations/{organization_id}/sources/{source_id}"
#resource_name
def resource_name() -> ::String Returns
- (::String) — For findings on Google Cloud resources, the full resource name of the Google Cloud resource this finding is for. See: https://cloud.google.com/apis/design/resource_names#full_resource_name When the finding is for a non-Google Cloud resource, the resourceName can be a customer or partner defined string. This field is immutable after creation time.
#resource_name=
def resource_name=(value) -> ::String Parameter
- value (::String) — For findings on Google Cloud resources, the full resource name of the Google Cloud resource this finding is for. See: https://cloud.google.com/apis/design/resource_names#full_resource_name When the finding is for a non-Google Cloud resource, the resourceName can be a customer or partner defined string. This field is immutable after creation time.
Returns
- (::String) — For findings on Google Cloud resources, the full resource name of the Google Cloud resource this finding is for. See: https://cloud.google.com/apis/design/resource_names#full_resource_name When the finding is for a non-Google Cloud resource, the resourceName can be a customer or partner defined string. This field is immutable after creation time.
#security_marks
def security_marks() -> ::Google::Cloud::SecurityCenter::V1::SecurityMarks Returns
- (::Google::Cloud::SecurityCenter::V1::SecurityMarks) — Output only. User specified security marks. These marks are entirely managed by the user and come from the SecurityMarks resource that belongs to the finding.
#severity
def severity() -> ::Google::Cloud::SecurityCenter::V1::Finding::Severity Returns
- (::Google::Cloud::SecurityCenter::V1::Finding::Severity) — The severity of the finding. This field is managed by the source that writes the finding.
#severity=
def severity=(value) -> ::Google::Cloud::SecurityCenter::V1::Finding::Severity Parameter
- value (::Google::Cloud::SecurityCenter::V1::Finding::Severity) — The severity of the finding. This field is managed by the source that writes the finding.
Returns
- (::Google::Cloud::SecurityCenter::V1::Finding::Severity) — The severity of the finding. This field is managed by the source that writes the finding.
#source_properties
def source_properties() -> ::Google::Protobuf::Map{::String => ::Google::Protobuf::Value} Returns
- (::Google::Protobuf::Map{::String => ::Google::Protobuf::Value}) — Source specific properties. These properties are managed by the source that writes the finding. The key names in the source_properties map must be between 1 and 255 characters, and must start with a letter and contain alphanumeric characters or underscores only.
#source_properties=
def source_properties=(value) -> ::Google::Protobuf::Map{::String => ::Google::Protobuf::Value} Parameter
- value (::Google::Protobuf::Map{::String => ::Google::Protobuf::Value}) — Source specific properties. These properties are managed by the source that writes the finding. The key names in the source_properties map must be between 1 and 255 characters, and must start with a letter and contain alphanumeric characters or underscores only.
Returns
- (::Google::Protobuf::Map{::String => ::Google::Protobuf::Value}) — Source specific properties. These properties are managed by the source that writes the finding. The key names in the source_properties map must be between 1 and 255 characters, and must start with a letter and contain alphanumeric characters or underscores only.
#state
def state() -> ::Google::Cloud::SecurityCenter::V1::Finding::State Returns
- (::Google::Cloud::SecurityCenter::V1::Finding::State) — The state of the finding.
#state=
def state=(value) -> ::Google::Cloud::SecurityCenter::V1::Finding::State Parameter
- value (::Google::Cloud::SecurityCenter::V1::Finding::State) — The state of the finding.
Returns
- (::Google::Cloud::SecurityCenter::V1::Finding::State) — The state of the finding.
#vulnerability
def vulnerability() -> ::Google::Cloud::SecurityCenter::V1::Vulnerability Returns
- (::Google::Cloud::SecurityCenter::V1::Vulnerability) — Represents vulnerability specific fields like cve, cvss scores etc. CVE stands for Common Vulnerabilities and Exposures (https://cve.mitre.org/about/)
#vulnerability=
def vulnerability=(value) -> ::Google::Cloud::SecurityCenter::V1::Vulnerability Parameter
- value (::Google::Cloud::SecurityCenter::V1::Vulnerability) — Represents vulnerability specific fields like cve, cvss scores etc. CVE stands for Common Vulnerabilities and Exposures (https://cve.mitre.org/about/)
Returns
- (::Google::Cloud::SecurityCenter::V1::Vulnerability) — Represents vulnerability specific fields like cve, cvss scores etc. CVE stands for Common Vulnerabilities and Exposures (https://cve.mitre.org/about/)