• Home
• com.google.api.grpc
• proto-google-cloud-securitycenter-v2
• 2.51.0
• source code
• indicator.proto

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

google.cloud.securitycenter.v2.indicator.proto Maven / Gradle / Ivy

// Copyright 2023 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//     http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

syntax = "proto3";

package google.cloud.securitycenter.v2;

option csharp_namespace = "Google.Cloud.SecurityCenter.V2";
option go_package = "cloud.google.com/go/securitycenter/apiv2/securitycenterpb;securitycenterpb";
option java_multiple_files = true;
option java_outer_classname = "IndicatorProto";
option java_package = "com.google.cloud.securitycenter.v2";
option php_namespace = "Google\\Cloud\\SecurityCenter\\V2";
option ruby_package = "Google::Cloud::SecurityCenter::V2";

// Represents what's commonly known as an _indicator of compromise_ (IoC) in
// computer forensics. This is an artifact observed on a network or in an
// operating system that, with high confidence, indicates a computer intrusion.
// For more information, see [Indicator of
// compromise](https://en.wikipedia.org/wiki/Indicator_of_compromise).
message Indicator {
  // Indicates what signature matched this process.
  message ProcessSignature {
    // A signature corresponding to memory page hashes.
    message MemoryHashSignature {
      // Memory hash detection contributing to the binary family match.
      message Detection {
        // The name of the binary associated with the memory hash
        // signature detection.
        string binary = 2;

        // The percentage of memory page hashes in the signature
        // that were matched.
        double percent_pages_matched = 3;
      }

      // The binary family.
      string binary_family = 1;

      // The list of memory hash detections contributing to the binary family
      // match.
      repeated Detection detections = 4;
    }

    // A signature corresponding to a YARA rule.
    message YaraRuleSignature {
      // The name of the YARA rule.
      string yara_rule = 5;
    }

    // Possible resource types to be associated with a signature.
    enum SignatureType {
      // The default signature type.
      SIGNATURE_TYPE_UNSPECIFIED = 0;

      // Used for signatures concerning processes.
      SIGNATURE_TYPE_PROCESS = 1;

      // Used for signatures concerning disks.
      SIGNATURE_TYPE_FILE = 2;
    }

    oneof signature {
      // Signature indicating that a binary family was matched.
      MemoryHashSignature memory_hash_signature = 6;

      // Signature indicating that a YARA rule was matched.
      YaraRuleSignature yara_rule_signature = 7;
    }

    // Describes the type of resource associated with the signature.
    SignatureType signature_type = 8;
  }

  // The list of IP addresses that are associated with the finding.
  repeated string ip_addresses = 1;

  // List of domains associated to the Finding.
  repeated string domains = 2;

  // The list of matched signatures indicating that the given
  // process is present in the environment.
  repeated ProcessSignature signatures = 3;

  // The list of URIs associated to the Findings.
  repeated string uris = 4;
}