google.cloud.securitycenter.v1.security_health_analytics_custom_config.proto Maven / Gradle / Ivy

Go to download
Show more of this group Show more artifacts with this name
Show all versions of proto-google-cloud-securitycenter-v1 Show documentation
PROTO library for proto-google-cloud-securitycenter-v1
The newest version!
// Copyright 2024 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//     http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

syntax = "proto3";

package google.cloud.securitycenter.v1;

import "google/type/expr.proto";

option csharp_namespace = "Google.Cloud.SecurityCenter.V1";
option go_package = "cloud.google.com/go/securitycenter/apiv1/securitycenterpb;securitycenterpb";
option java_multiple_files = true;
option java_outer_classname = "SecurityHealthAnalyticsCustomConfigProto";
option java_package = "com.google.cloud.securitycenter.v1";
option php_namespace = "Google\\Cloud\\SecurityCenter\\V1";
option ruby_package = "Google::Cloud::SecurityCenter::V1";

// Defines the properties in a custom module configuration for Security
// Health Analytics. Use the custom module configuration to create custom
// detectors that generate custom findings for resources that you specify.
message CustomConfig {
  // A set of optional name-value pairs that define custom source properties to
  // return with each finding that is generated by the custom module. The custom
  // source properties that are defined here are included in the finding JSON
  // under `sourceProperties`.
  message CustomOutputSpec {
    // An individual name-value pair that defines a custom source property.
    message Property {
      // Name of the property for the custom output.
      string name = 1;

      // The CEL expression for the custom output. A resource property can be
      // specified to return the value of the property or a text string enclosed
      // in quotation marks.
      google.type.Expr value_expression = 2;
    }

    // A list of custom output properties to add to the finding.
    repeated Property properties = 1;
  }

  // Resource for selecting resource type.
  message ResourceSelector {
    // The resource types to run the detector on.
    repeated string resource_types = 1;
  }

  // Defines the valid value options for the severity of a finding.
  enum Severity {
    // Unspecified severity.
    SEVERITY_UNSPECIFIED = 0;

    // Critical severity.
    CRITICAL = 1;

    // High severity.
    HIGH = 2;

    // Medium severity.
    MEDIUM = 3;

    // Low severity.
    LOW = 4;
  }

  // The CEL expression to evaluate to produce findings. When the expression
  // evaluates to true against a resource, a finding is generated.
  google.type.Expr predicate = 1;

  // Custom output properties.
  CustomOutputSpec custom_output = 2;

  // The resource types that the custom module operates on. Each custom module
  // can specify up to 5 resource types.
  ResourceSelector resource_selector = 3;

  // The severity to assign to findings generated by the module.
  Severity severity = 4;

  // Text that describes the vulnerability or misconfiguration that the custom
  // module detects. This explanation is returned with each finding instance to
  // help investigators understand the detected issue. The text must be enclosed
  // in quotation marks.
  string description = 5;

  // An explanation of the recommended steps that security teams can take to
  // resolve the detected issue. This explanation is returned with each finding
  // generated by this module in the `nextSteps` property of the finding JSON.
  string recommendation = 6;
}