feat: add finding_class and indicator fields in Finding

finding_class field is added in order to help our customer to quickly identify and categorize the different findings (threat, vulnerability, misconfiguration, ...). And indicator field is generated to indicate the domain and IP addresses that is causing the threat. PiperOrigin-RevId: 386975549
googleapis · Jul 26, 2021 · 5bf36f2 · 5bf36f2
1 parent 9cd96ae
commit 5bf36f2
Show file tree

Hide file tree

Showing 4 changed files with 148 additions and 67 deletions.
diff --git a/google/cloud/securitycenter/v1/BUILD.bazel b/google/cloud/securitycenter/v1/BUILD.bazel
@@ -1,4 +1,13 @@
 # This file was automatically generated by BuildFileGenerator
+# https://github.com/googleapis/rules_gapic/tree/master/bazel
+
+# Most of the manual changes to this file will be overwritten.
+# It's **only** allowed to change the following rule attribute values:
+# - names of *_gapic_assembly_* rules
+# - certain parameters of *_gapic_library rules, including but not limited to:
+#    * extra_protoc_parameters
+#    * extra_protoc_file_parameters
+# The complete list of preserved parameters can be found in the source code.
 
 # This is an API workspace, having public visibility by default makes perfect sense.
 package(default_visibility = ["//visibility:public"])
@@ -15,6 +24,7 @@ proto_library(
         "asset.proto",
         "finding.proto",
         "folder.proto",
+        "indicator.proto",
         "notification_config.proto",
         "notification_message.proto",
         "organization_settings.proto",
@@ -132,6 +142,7 @@ go_gapic_library(
     srcs = [":securitycenter_proto_with_info"],
     grpc_service_config = "securitycenter_grpc_service_config.json",
     importpath = "cloud.google.com/go/securitycenter/apiv1;securitycenter",
+    metadata = True,
     service_yaml = "securitycenter_v1.yaml",
     deps = [
         ":securitycenter_go_proto",
@@ -156,6 +167,7 @@ go_gapic_assembly_pkg(
     name = "gapi-cloud-securitycenter-v1-go",
     deps = [
         ":securitycenter_go_gapic",
+        ":securitycenter_go_gapic_srcjar-metadata.srcjar",
         ":securitycenter_go_gapic_srcjar-test.srcjar",
         ":securitycenter_go_proto",
     ],
@@ -281,11 +293,11 @@ ruby_cloud_gapic_library(
     name = "securitycenter_ruby_gapic",
     srcs = [":securitycenter_proto_with_info"],
     extra_protoc_parameters = [
-        "ruby-cloud-gem-name=google-cloud-security_center-v1",
-        "ruby-cloud-env-prefix=SECURITY_CENTER",
-        "ruby-cloud-product-url=https://cloud.google.com/security-command-center",
         "ruby-cloud-api-id=securitycenter.googleapis.com",
         "ruby-cloud-api-shortname=securitycenter",
+        "ruby-cloud-env-prefix=SECURITY_CENTER",
+        "ruby-cloud-gem-name=google-cloud-security_center-v1",
+        "ruby-cloud-product-url=https://cloud.google.com/security-command-center",
     ],
     grpc_service_config = "securitycenter_grpc_service_config.json",
     ruby_cloud_description = "Security Command Center API provides access to temporal views of assets and findings within an organization.",
@@ -348,3 +360,8 @@ csharp_gapic_assembly_pkg(
         ":securitycenter_csharp_proto",
     ],
 )
+
+##############################################################################
+# C++
+##############################################################################
+# Put your C++ rules here
diff --git a/google/cloud/securitycenter/v1/finding.proto b/google/cloud/securitycenter/v1/finding.proto
@@ -18,6 +18,7 @@ package google.cloud.securitycenter.v1;
 
 import "google/api/field_behavior.proto";
 import "google/api/resource.proto";
+import "google/cloud/securitycenter/v1/indicator.proto";
 import "google/cloud/securitycenter/v1/security_marks.proto";
 import "google/protobuf/struct.proto";
 import "google/protobuf/timestamp.proto";
@@ -117,6 +118,26 @@ message Finding {
     LOW = 4;
   }
 
+  // Represents what kind of Finding it is.
+  enum FindingClass {
+    // Unspecified finding class.
+    FINDING_CLASS_UNSPECIFIED = 0;
+
+    // Describes unwanted or malicious activity.
+    THREAT = 1;
+
+    // Describes a potential weakness in software that increases risk to
+    // Confidentiality & Integrity & Availability.
+    VULNERABILITY = 2;
+
+    // Describes a potential weakness in cloud resource/asset configuration that
+    // increases risk.
+    MISCONFIGURATION = 3;
+
+    // Describes a security observation that is for informational purposes.
+    OBSERVATION = 4;
+  }
+
   // The relative resource name of this finding. See:
   // https://cloud.google.com/apis/design/resource_names#relative_resource_name
   // Example:
@@ -184,4 +205,14 @@ message Finding {
   // depending on the closest CRM ancestor of the resource associated with the
   // finding.
   string canonical_name = 14;
+
+  // The class of the finding.
+  FindingClass finding_class = 17;
+
+  // Represents what's commonly known as an Indicator of compromise (IoC) in
+  // computer forensics. This is an artifact observed on a network or in an
+  // operating system that, with high confidence, indicates a computer
+  // intrusion.
+  // Reference: https://en.wikipedia.org/wiki/Indicator_of_compromise
+  Indicator indicator = 18;
 }
diff --git a/google/cloud/securitycenter/v1/indicator.proto b/google/cloud/securitycenter/v1/indicator.proto
@@ -0,0 +1,40 @@
+// Copyright 2021 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+syntax = "proto3";
+
+package google.cloud.securitycenter.v1;
+
+import "google/api/annotations.proto";
+
+option go_package = "google.golang.org/genproto/googleapis/cloud/securitycenter/v1;securitycenter";
+option java_multiple_files = true;
+option java_outer_classname = "IndicatorProto";
+option java_package = "com.google.cloud.securitycenter.v1";
+option csharp_namespace = "Google.Cloud.SecurityCenter.V1";
+option php_namespace = "Google\\Cloud\\SecurityCenter\\V1";
+option ruby_package = "Google::Cloud::SecurityCenter::V1";
+
+
+// Represents what's commonly known as an Indicator of compromise (IoC) in
+// computer forensics. This is an artifact observed on a network or in an
+// operating system that, with high confidence, indicates a computer intrusion.
+// Reference: https://en.wikipedia.org/wiki/Indicator_of_compromise
+message Indicator {
+  // List of ip addresses associated to the Finding.
+  repeated string ip_addresses = 1;
+
+  // List of domains associated to the Finding.
+  repeated string domains = 2;
+}