feat: Added a new API method UpdateExternalSystem, which enables updating a finding w/ external system metadata. External systems are a child resource under finding, and are housed on the finding itself, and can also be filtered on in Notifications, the ListFindings and GroupFindings API

Google APIs · copybara-github · commit be8f9889c766 · 2021-11-19T10:35:06.000-08:00
PiperOrigin-RevId: 411093163
diff --git a/google/cloud/securitycenter/v1/BUILD.bazel b/google/cloud/securitycenter/v1/BUILD.bazel
@@ -22,6 +22,7 @@ proto_library(
     name = "securitycenter_proto",
     srcs = [
         "asset.proto",
+        "external_system.proto",
         "finding.proto",
         "folder.proto",
         "indicator.proto",
diff --git a/google/cloud/securitycenter/v1/external_system.proto b/google/cloud/securitycenter/v1/external_system.proto
@@ -0,0 +1,59 @@
+// Copyright 2021 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+syntax = "proto3";
+
+package google.cloud.securitycenter.v1;
+
+import "google/api/resource.proto";
+import "google/protobuf/timestamp.proto";
+import "google/api/annotations.proto";
+
+option csharp_namespace = "Google.Cloud.SecurityCenter.V1";
+option go_package = "google.golang.org/genproto/googleapis/cloud/securitycenter/v1;securitycenter";
+option java_multiple_files = true;
+option java_outer_classname = "ExternalSystemProto";
+option java_package = "com.google.cloud.securitycenter.v1";
+option php_namespace = "Google\\Cloud\\SecurityCenter\\V1";
+option ruby_package = "Google::Cloud::SecurityCenter::V1";
+
+// Representation of third party SIEM/SOAR fields within SCC.
+message ExternalSystem {
+  option (google.api.resource) = {
+    type: "securitycenter.googleapis.com/ExternalSystem"
+    pattern: "organizations/{organization}/sources/{source}/findings/{finding}/externalSystems/{externalsystem}"
+    pattern: "folders/{folder}/sources/{source}/findings/{finding}/externalSystems/{externalsystem}"
+    pattern: "projects/{project}/sources/{source}/findings/{finding}/externalSystems/{externalsystem}"
+  };
+
+  // External System Name e.g. jira, demisto, etc.
+  //  e.g.: `organizations/1234/sources/5678/findings/123456/externalSystems/jira`
+  // `folders/1234/sources/5678/findings/123456/externalSystems/jira`
+  // `projects/1234/sources/5678/findings/123456/externalSystems/jira`
+  string name = 1;
+
+  // References primary/secondary etc assignees in the external system.
+  repeated string assignees = 2;
+
+  // Identifier that's used to track the given finding in the external system.
+  string external_uid = 3;
+
+  // Most recent status of the corresponding finding's ticket/tracker in the
+  // external system.
+  string status = 4;
+
+  // The most recent time when the corresponding finding's ticket/tracker was
+  // updated in the external system.
+  google.protobuf.Timestamp external_system_update_time = 5;
+}
diff --git a/google/cloud/securitycenter/v1/finding.proto b/google/cloud/securitycenter/v1/finding.proto
@@ -18,6 +18,7 @@ package google.cloud.securitycenter.v1;
 
 import "google/api/field_behavior.proto";
 import "google/api/resource.proto";
+import "google/cloud/securitycenter/v1/external_system.proto";
 import "google/cloud/securitycenter/v1/indicator.proto";
 import "google/cloud/securitycenter/v1/security_marks.proto";
 import "google/cloud/securitycenter/v1/vulnerability.proto";
@@ -244,6 +245,10 @@ message Finding {
   // Output only. The most recent time this finding was muted or unmuted.
   google.protobuf.Timestamp mute_update_time = 21 [(google.api.field_behavior) = OUTPUT_ONLY];
 
+  // Output only. Third party SIEM/SOAR fields within SCC, contains external system
+  // information and external system finding fields.
+  map<string, ExternalSystem> external_systems = 22 [(google.api.field_behavior) = OUTPUT_ONLY];
+
   // First known as mute_annotation. Records additional information about the
   // mute operation e.g. mute config that muted the finding, user who muted the
   // finding, etc.
diff --git a/google/cloud/securitycenter/v1/securitycenter_service.proto b/google/cloud/securitycenter/v1/securitycenter_service.proto
@@ -22,6 +22,7 @@ import "google/api/client.proto";
 import "google/api/field_behavior.proto";
 import "google/api/resource.proto";
 import "google/cloud/securitycenter/v1/asset.proto";
+import "google/cloud/securitycenter/v1/external_system.proto";
 import "google/cloud/securitycenter/v1/finding.proto";
 import "google/cloud/securitycenter/v1/folder.proto";
 import "google/cloud/securitycenter/v1/mute_config.proto";
@@ -364,6 +365,23 @@ service SecurityCenter {
     option (google.api.method_signature) = "resource,permissions";
   }
 
+  // Updates external system. This is for a given finding.
+  rpc UpdateExternalSystem(UpdateExternalSystemRequest) returns (ExternalSystem) {
+    option (google.api.http) = {
+      patch: "/v1/{external_system.name=organizations/*/sources/*/findings/*/externalSystems/*}"
+      body: "external_system"
+      additional_bindings {
+        patch: "/v1/{external_system.name=folders/*/sources/*/findings/*/externalSystems/*}"
+        body: "external_system"
+      }
+      additional_bindings {
+        patch: "/v1/{external_system.name=projects/*/sources/*/findings/*/externalSystems/*}"
+        body: "external_system"
+      }
+    };
+    option (google.api.method_signature) = "external_system,update_mask";
+  }
+
   // Creates or updates a finding. The corresponding source must exist for a
   // finding creation to succeed.
   rpc UpdateFinding(UpdateFindingRequest) returns (Finding) {
@@ -1575,6 +1593,17 @@ message RunAssetDiscoveryRequest {
   ];
 }
 
+// Request message for updating a ExternalSystem resource.
+message UpdateExternalSystemRequest {
+  // Required. The external system resource to update.
+  ExternalSystem external_system = 1 [(google.api.field_behavior) = REQUIRED];
+
+  // The FieldMask to use when updating the external system resource.
+  //
+  // If empty all mutable fields will be updated.
+  google.protobuf.FieldMask update_mask = 2;
+}
+
 // Request message for updating or creating a finding.
 message UpdateFindingRequest {
   // Required. The finding resource to update or create if it does not already exist.
diff --git a/google/cloud/securitycenter/v1/securitycenter_v1.yaml b/google/cloud/securitycenter/v1/securitycenter_v1.yaml
@@ -8,6 +8,7 @@ apis:
 
 types:
 - name: google.cloud.securitycenter.v1.BulkMuteFindingsResponse
+- name: google.cloud.securitycenter.v1.ExternalSystem
 - name: google.cloud.securitycenter.v1.MuteConfig
 - name: google.cloud.securitycenter.v1.NotificationMessage
 - name: google.cloud.securitycenter.v1.Resource
