@@ -56,6 +56,65 @@ message Finding {
5656 INACTIVE = 2 ;
5757 }
5858
59+ // The severity of the finding.
60+ enum Severity {
61+ // This value is used for findings when a source doesn't write a severity
62+ // value.
63+ SEVERITY_UNSPECIFIED = 0 ;
64+
65+ // Vulnerability:
66+ // A critical vulnerability is easily discoverable by an external actor,
67+ // exploitable, and results in the direct ability to execute arbitrary code,
68+ // exfiltrate data, and otherwise gain additional access and privileges to
69+ // cloud resources and workloads. Examples include publicly accessible
70+ // unprotected user data, public SSH access with weak or no passwords, etc.
71+ //
72+ // Threat:
73+ // Indicates a threat that is able to access, modify, or delete data or
74+ // execute unauthorized code within existing resources.
75+ CRITICAL = 1 ;
76+
77+ // Vulnerability:
78+ // A high risk vulnerability can be easily discovered and exploited in
79+ // combination with other vulnerabilities in order to gain direct access and
80+ // the ability to execute arbitrary code, exfiltrate data, and otherwise
81+ // gain additional access and privileges to cloud resources and workloads.
82+ // An example is a database with weak or no passwords that is only
83+ // accessible internally. This database could easily be compromised by an
84+ // actor that had access to the internal network.
85+ //
86+ // Threat:
87+ // Indicates a threat that is able to create new computational resources in
88+ // an environment but not able to access data or execute code in existing
89+ // resources.
90+ HIGH = 2 ;
91+
92+ // Vulnerability:
93+ // A medium risk vulnerability could be used by an actor to gain access to
94+ // resources or privileges that enable them to eventually (through multiple
95+ // steps or a complex exploit) gain access and the ability to execute
96+ // arbitrary code or exfiltrate data. An example is a service account with
97+ // access to more projects than it should have. If an actor gains access to
98+ // the service account, they could potentially use that access to manipulate
99+ // a project the service account was not intended to.
100+ //
101+ // Threat:
102+ // Indicates a threat that is able to cause operational impact but may not
103+ // access data or execute unauthorized code.
104+ MEDIUM = 3 ;
105+
106+ // Vulnerability:
107+ // A low risk vulnerability hampers a security organization’s ability to
108+ // detect vulnerabilities or active threats in their deployment, or prevents
109+ // the root cause investigation of security issues. An example is monitoring
110+ // and logs being disabled for resource configurations and access.
111+ //
112+ // Threat:
113+ // Indicates a threat that has obtained minimal access to an environment but
114+ // is not able to access data, execute code, or create resources.
115+ LOW = 4 ;
116+ }
117+
59118 // The relative resource name of this finding. See:
60119 // https://cloud.google.com/apis/design/resource_names#relative_resource_name
61120 // Example:
@@ -110,4 +169,8 @@ message Finding {
110169
111170 // The time at which the finding was created in Security Command Center.
112171 google.protobuf.Timestamp create_time = 10 ;
172+
173+ // The severity of the finding. This field is managed by the source that
174+ // writes the finding.
175+ Severity severity = 12 ;
113176}
0 commit comments