feat: add cloud_dlp_inspection and cloud_dlp_data_profile fields to finding's list of attributes

Google APIs · copybara-github · commit 36a885f998c5 · 2023-04-20T11:14:32.000-07:00
docs: miscellaneous style improvements

PiperOrigin-RevId: 525798516
diff --git a/google/cloud/securitycenter/v1/BUILD.bazel b/google/cloud/securitycenter/v1/BUILD.bazel
@@ -24,6 +24,8 @@ proto_library(
         "access.proto",
         "asset.proto",
         "bigquery_export.proto",
+        "cloud_dlp_data_profile.proto",
+        "cloud_dlp_inspection.proto",
         "compliance.proto",
         "connection.proto",
         "contact_details.proto",
diff --git a/google/cloud/securitycenter/v1/access.proto b/google/cloud/securitycenter/v1/access.proto
@@ -28,11 +28,11 @@ option ruby_package = "Google::Cloud::SecurityCenter::V1";
 message Access {
   // Associated email, such as "foo@google.com".
   //
-  // The email address of the authenticated user (or service account on behalf
-  // of third party principal) making the request. For third party identity
-  // callers, the `principal_subject` field is populated instead of this field.
-  // For privacy reasons, the principal email address is sometimes redacted.
-  // For more information, see [Caller identities in audit
+  // The email address of the authenticated user or a service account acting on
+  // behalf of a third party principal making the request. For third party
+  // identity callers, the `principal_subject` field is populated instead of
+  // this field. For privacy reasons, the principal email address is sometimes
+  // redacted. For more information, see [Caller identities in audit
   // logs](https://cloud.google.com/logging/docs/audit#user-id).
   string principal_email = 1;
 
@@ -42,8 +42,8 @@ message Access {
   // The caller IP's geolocation, which identifies where the call came from.
   Geolocation caller_ip_geo = 3;
 
-  // What kind of user agent is associated, for example operating system shells,
-  // embedded or stand-alone applications, etc.
+  // Type of user agent associated with the finding. For example, an operating
+  // system shell or an embedded or standalone application.
   string user_agent_family = 4;
 
   // This is the API service that the service account made a call to, e.g.
@@ -53,37 +53,36 @@ message Access {
   // The method that the service account called, e.g. "SetIamPolicy".
   string method_name = 6;
 
-  // A string representing the principal_subject associated with the identity.
-  // As compared to `principal_email`, supports principals that aren't
-  // associated with email addresses, such as third party principals. For most
-  // identities, the format will be `principal://iam.googleapis.com/{identity
-  // pool name}/subjects/{subject}` except for some GKE identities
-  // (GKE_WORKLOAD, FREEFORM, GKE_HUB_WORKLOAD) that are still in the legacy
-  // format `serviceAccount:{identity pool name}[{subject}]`
+  // A string that represents the principal_subject that is associated with the
+  // identity. Unlike `principal_email`, `principal_subject` supports principals
+  // that aren't associated with email addresses, such as third party
+  // principals. For most identities, the format is
+  // `principal://iam.googleapis.com/{identity pool name}/subject/{subject}`.
+  // Some GKE identities, such as GKE_WORKLOAD, FREEFORM, and GKE_HUB_WORKLOAD,
+  // still use the legacy format `serviceAccount:{identity pool
+  // name}[{subject}]`.
   string principal_subject = 7;
 
-  // The name of the service account key used to create or exchange
-  // credentials for authenticating the service account making the request.
+  // The name of the service account key that was used to create or exchange
+  // credentials when authenticating the service account that made the request.
   // This is a scheme-less URI full resource name. For example:
   //
-  // "//iam.googleapis.com/projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}"
+  // "//iam.googleapis.com/projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}".
   //
   string service_account_key_name = 8;
 
-  // Identity delegation history of an authenticated service account that makes
-  // the request. It contains information on the real authorities that try to
-  // access GCP resources by delegating on a service account. When multiple
-  // authorities are present, they are guaranteed to be sorted based on the
-  // original ordering of the identity delegation events.
+  // The identity delegation history of an authenticated service account that
+  // made the request. The `serviceAccountDelegationInfo[]` object contains
+  // information about the real authorities that try to access Google Cloud
+  // resources by delegating on a service account. When multiple authorities are
+  // present, they are guaranteed to be sorted based on the original ordering of
+  // the identity delegation events.
   repeated ServiceAccountDelegationInfo service_account_delegation_info = 9;
 
-  // A string that represents the username of a user, user account, or other
-  // entity involved in the access event. What the entity is and what its role
-  // in the access event is depends on the finding that this field appears in.
-  // The entity is likely not an IAM principal, but could be a user that is
-  // logged into an operating system, if the finding is VM-related, or a user
-  // that is logged into some type of application that is involved in the
-  // access event.
+  // A string that represents a username. The username provided depends on the
+  // type of the finding and is likely not an IAM principal. For example, this
+  // can be a system username if the finding is related to a virtual machine, or
+  // it can be an application login username.
   string user_name = 11;
 }
 
diff --git a/google/cloud/securitycenter/v1/cloud_dlp_data_profile.proto b/google/cloud/securitycenter/v1/cloud_dlp_data_profile.proto
@@ -0,0 +1,42 @@
+// Copyright 2023 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+syntax = "proto3";
+
+package google.cloud.securitycenter.v1;
+
+import "google/api/resource.proto";
+
+option csharp_namespace = "Google.Cloud.SecurityCenter.V1";
+option go_package = "cloud.google.com/go/securitycenter/apiv1/securitycenterpb;securitycenterpb";
+option java_multiple_files = true;
+option java_outer_classname = "CloudDlpDataProfileProto";
+option java_package = "com.google.cloud.securitycenter.v1";
+option php_namespace = "Google\\Cloud\\SecurityCenter\\V1";
+option ruby_package = "Google::Cloud::SecurityCenter::V1";
+option (google.api.resource_definition) = {
+  type: "dlp.googleapis.com/TableDataProfile"
+  pattern: "projects/{project}/tableProfiles/{table_profile}"
+  pattern: "projects/{project}/locations/{location}/tableProfiles/{table_profile}"
+};
+
+// The [data profile](https://cloud.google.com/dlp/docs/data-profiles)
+// associated with the finding.
+message CloudDlpDataProfile {
+  // Name of the data profile, for example,
+  // `projects/123/locations/europe/tableProfiles/8383929`.
+  string data_profile = 1 [(google.api.resource_reference) = {
+    type: "dlp.googleapis.com/TableDataProfile"
+  }];
+}
diff --git a/google/cloud/securitycenter/v1/cloud_dlp_inspection.proto b/google/cloud/securitycenter/v1/cloud_dlp_inspection.proto
@@ -0,0 +1,54 @@
+// Copyright 2023 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+syntax = "proto3";
+
+package google.cloud.securitycenter.v1;
+
+import "google/api/resource.proto";
+
+option csharp_namespace = "Google.Cloud.SecurityCenter.V1";
+option go_package = "cloud.google.com/go/securitycenter/apiv1/securitycenterpb;securitycenterpb";
+option java_multiple_files = true;
+option java_outer_classname = "CloudDlpInspectionProto";
+option java_package = "com.google.cloud.securitycenter.v1";
+option php_namespace = "Google\\Cloud\\SecurityCenter\\V1";
+option ruby_package = "Google::Cloud::SecurityCenter::V1";
+option (google.api.resource_definition) = {
+  type: "dlp.googleapis.com/DlpJob"
+  pattern: "projects/{project}/dlpJobs/{dlp_job}"
+  pattern: "projects/{project}/locations/{location}/dlpJobs/{dlp_job}"
+};
+
+// Details about the Cloud Data Loss Prevention (Cloud DLP) [inspection
+// job](https://cloud.google.com/dlp/docs/concepts-job-triggers) that produced
+// the finding.
+message CloudDlpInspection {
+  // Name of the inspection job, for example,
+  // `projects/123/locations/europe/dlpJobs/i-8383929`.
+  string inspect_job = 1
+      [(google.api.resource_reference) = { type: "dlp.googleapis.com/DlpJob" }];
+
+  // The [type of
+  // information](https://cloud.google.com/dlp/docs/infotypes-reference) found,
+  // for example, `EMAIL_ADDRESS` or `STREET_ADDRESS`.
+  string info_type = 2;
+
+  // The number of times Cloud DLP found this infoType within this job
+  // and resource.
+  int64 info_type_count = 3;
+
+  // Whether Cloud DLP scanned the complete resource or a sampled subset.
+  bool full_scan = 4;
+}
diff --git a/google/cloud/securitycenter/v1/finding.proto b/google/cloud/securitycenter/v1/finding.proto
@@ -19,6 +19,8 @@ package google.cloud.securitycenter.v1;
 import "google/api/field_behavior.proto";
 import "google/api/resource.proto";
 import "google/cloud/securitycenter/v1/access.proto";
+import "google/cloud/securitycenter/v1/cloud_dlp_data_profile.proto";
+import "google/cloud/securitycenter/v1/cloud_dlp_inspection.proto";
 import "google/cloud/securitycenter/v1/compliance.proto";
 import "google/cloud/securitycenter/v1/connection.proto";
 import "google/cloud/securitycenter/v1/contact_details.proto";
@@ -84,7 +86,8 @@ message Finding {
     // exploitable, and results in the direct ability to execute arbitrary code,
     // exfiltrate data, and otherwise gain additional access and privileges to
     // cloud resources and workloads. Examples include publicly accessible
-    // unprotected user data, public SSH access with weak or no passwords, etc.
+    // unprotected user data and public SSH access with weak or no
+    // passwords.
     //
     // Threat:
     // Indicates a threat that is able to access, modify, or delete data or
@@ -170,10 +173,12 @@ message Finding {
     SCC_ERROR = 5;
   }
 
-  // The relative resource name of this finding. See:
-  // https://cloud.google.com/apis/design/resource_names#relative_resource_name
-  // Example:
-  // "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}"
+  // The [relative resource
+  // name](https://cloud.google.com/apis/design/resource_names#relative_resource_name)
+  // of the finding. Example:
+  // "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}",
+  // "folders/{folder_id}/sources/{source_id}/findings/{finding_id}",
+  // "projects/{project_id}/sources/{source_id}/findings/{finding_id}".
   string name = 1;
 
   // The relative resource name of the source the finding belongs to. See:
@@ -247,11 +252,11 @@ message Finding {
   // The class of the finding.
   FindingClass finding_class = 17;
 
-  // Represents what's commonly known as an Indicator of compromise (IoC) in
+  // Represents what's commonly known as an *indicator of compromise* (IoC) in
   // computer forensics. This is an artifact observed on a network or in an
   // operating system that, with high confidence, indicates a computer
-  // intrusion.
-  // Reference: https://en.wikipedia.org/wiki/Indicator_of_compromise
+  // intrusion. For more information, see [Indicator of
+  // compromise](https://en.wikipedia.org/wiki/Indicator_of_compromise).
   Indicator indicator = 18;
 
   // Represents vulnerability-specific fields like CVE and CVSS scores.
@@ -272,17 +277,16 @@ message Finding {
   // See: https://attack.mitre.org
   MitreAttack mitre_attack = 25;
 
-  // Access details associated to the Finding, such as more information on the
-  // caller, which method was accessed, from where, etc.
+  // Access details associated with the finding, such as more information on the
+  // caller, which method was accessed, and from where.
   Access access = 26;
 
   // Contains information about the IP connection associated with the finding.
   repeated Connection connections = 31;
 
-  // First known as mute_annotation. Records additional information about the
-  // mute operation e.g. mute config that muted the finding, user who muted the
-  // finding, etc. Unlike other attributes of a finding, a finding provider
-  // shouldn't set the value of mute.
+  // Records additional information about the mute operation, for example, the
+  // [mute configuration](/security-command-center/docs/how-to-mute-findings)
+  // that muted the finding and the user who muted the finding.
   string mute_initiator = 28;
 
   // Represents operating system processes associated with the Finding.
@@ -316,25 +320,25 @@ message Finding {
   // "Event Threat Detection" or "Security Health Analytics".
   string parent_display_name = 36 [(google.api.field_behavior) = OUTPUT_ONLY];
 
-  // Contains more detail about the finding.
+  // Contains more details about the finding.
   string description = 37;
 
-  // Represents exfiltration associated with the Finding.
+  // Represents exfiltrations associated with the finding.
   Exfiltration exfiltration = 38;
 
-  // Represents IAM bindings associated with the Finding.
+  // Represents IAM bindings associated with the finding.
   repeated IamBinding iam_bindings = 39;
 
-  // Next steps associate to the finding.
+  // Steps to address the finding.
   string next_steps = 40;
 
   // Unique identifier of the module which generated the finding.
   // Example:
   // folders/598186756061/securityHealthAnalyticsSettings/customModules/56799441161885
   string module_name = 41;
 
-  // Containers associated with the finding. containers provides information
-  // for both Kubernetes and non-Kubernetes containers.
+  // Containers associated with the finding. This field provides information for
+  // both Kubernetes and non-Kubernetes containers.
   repeated Container containers = 42;
 
   // Kubernetes resources associated with the finding.
@@ -346,6 +350,13 @@ message Finding {
   // File associated with the finding.
   repeated File files = 46;
 
-  // Kernel Rootkit signature.
+  // Cloud Data Loss Prevention (Cloud DLP) inspection results that are
+  // associated with the finding.
+  CloudDlpInspection cloud_dlp_inspection = 48;
+
+  // Cloud DLP data profile that is associated with the finding.
+  CloudDlpDataProfile cloud_dlp_data_profile = 49;
+
+  // Signature of the kernel rootkit.
   KernelRootkit kernel_rootkit = 50;
 }
diff --git a/google/cloud/securitycenter/v1/securitycenter_service.proto b/google/cloud/securitycenter/v1/securitycenter_service.proto
