feat: [securitycenter] Added security center api V2 client library (#…

…5073)

* feat: Add load balancer, log entry, org policy, database.version, exfiltration.total_exfiltrated_bytes, file.disk_path, indicator.signature_type, and kubernetes.objects to finding's list of attributes

PiperOrigin-RevId: 609614842

Source-Link: googleapis/googleapis@d2c86cf

Source-Link: googleapis/googleapis-gen@612923b
Copy-Tag: eyJwIjoicGFja2FnZXMvZ29vZ2xlLWNsb3VkLXNlY3VyaXR5Y2VudGVyLy5Pd2xCb3QueWFtbCIsImgiOiI2MTI5MjNiYWM0YWJlYTg1ZTFkNzU2MTI0YWNlZjk5MTIzMzNkNzUwIn0=

* 🦉 Updates from OwlBot post-processor

See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md

* fix: Add client library version to headers
fix: Allow bundlers to bundle JSON files correctly for ESM
deps: Update dependency google-gax to ^4.3.1
fix: Export types from protos in ESM

PiperOrigin-RevId: 609821360

Source-Link: googleapis/googleapis@5c5ecf0

Source-Link: googleapis/googleapis-gen@b875fcd
Copy-Tag: eyJwIjoicGFja2FnZXMvZ29vZ2xlLWNsb3VkLXNlY3VyaXR5Y2VudGVyLy5Pd2xCb3QueWFtbCIsImgiOiJiODc1ZmNkZDE0YjRkZWY2NTIxODI5MzAwM2Q5YmVjNGI4NDJlY2E3In0=

* 🦉 Updates from OwlBot post-processor

See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md

* Update .OwlBot.lock.yaml

* 🦉 Updates from OwlBot post-processor

See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md

* feat: Add container.create_time, vulnerability.offending_package, vulnerability.fixed_package, vulnerability.security_bulletin, vulnerability.cve.impact, vulnerability.cve.exploitation_activity, vulnerability.cve.observed_in_the_wild, vulnerability.cve.zero_day to finding's list of attributes

PiperOrigin-RevId: 611114785

Source-Link: googleapis/googleapis@4bde689

Source-Link: googleapis/googleapis-gen@b1cd799
Copy-Tag: eyJwIjoicGFja2FnZXMvZ29vZ2xlLWNsb3VkLXNlY3VyaXR5Y2VudGVyLy5Pd2xCb3QueWFtbCIsImgiOiJiMWNkNzk5YzRlMTI0N2Y3MDQ3MWZjMzcwOTYzZDE0YWJmYjAyNTdjIn0=

* 🦉 Updates from OwlBot post-processor

See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md

* Update owlbot.py

* Update owlbot.py

* feat: Added security center api V2 client library

PiperOrigin-RevId: 611571259

Source-Link: googleapis/googleapis@e42dca2

Source-Link: googleapis/googleapis-gen@c7150bf
Copy-Tag: eyJwIjoicGFja2FnZXMvZ29vZ2xlLWNsb3VkLXNlY3VyaXR5Y2VudGVyLy5Pd2xCb3QueWFtbCIsImgiOiJjNzE1MGJmNTM1NDcyYTM0YjUyZDk4MzZhZjk3MjY2NDAyZTQ5YTA4In0=

* 🦉 Updates from OwlBot post-processor

See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md

* Update owlbot.py

* Update owlbot.py

* Update owlbot.py

* 🦉 Updates from OwlBot post-processor

See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md

---------

Co-authored-by: Owl Bot <gcf-owl-bot[bot]@users.noreply.github.com>
Co-authored-by: Daniel Bankhead <[email protected]>
Co-authored-by: sofisl <[email protected]>

packages/google-cloud-securitycenter/owlbot.py

@@ -13,8 +13,12 @@
 # limitations under the License.
 
 import synthtool.languages.node_mono_repo as node
+import synthtool as s
 
 node.owlbot_main(relative_dir="packages/google-cloud-securitycenter",
     staging_excludes=['package.json', 'README.md'],
     templates_excludes=['.kokoro/samples-test.sh', '.kokoro/samples-test.sh']
 )
+
+s.replace("packages/google-cloud-securitycenter/protos/protos.d.ts", r"Kubernetes\.object", "Kubernetes.Object")
+s.replace("packages/google-cloud-securitycenter/build/protos/protos.d.ts", r"Kubernetes\.object", "Kubernetes.Object")

packages/google-cloud-securitycenter/protos/google/cloud/securitycenter/v1/container.proto

@@ -17,6 +17,7 @@ syntax = "proto3";
 package google.cloud.securitycenter.v1;
 
 import "google/cloud/securitycenter/v1/label.proto";
+import "google/protobuf/timestamp.proto";
 
 option csharp_namespace = "Google.Cloud.SecurityCenter.V1";
 option go_package = "cloud.google.com/go/securitycenter/apiv1/securitycenterpb;securitycenterpb";
@@ -41,4 +42,7 @@ message Container {
 
   // Container labels, as provided by the container runtime.
   repeated Label labels = 4;
+
+  // The time that the container was created.
+  google.protobuf.Timestamp create_time = 5;
 }

packages/google-cloud-securitycenter/protos/google/cloud/securitycenter/v1/database.proto

@@ -31,12 +31,12 @@ option ruby_package = "Google::Cloud::SecurityCenter::V1";
 // name](https://google.aip.dev/122#full-resource-names) populated because these
 // resource types, such as Cloud SQL databases, are not yet supported by Cloud
 // Asset Inventory. In these cases only the display name is provided.
-// Some database resources may not have the [full resource
-// name](https://google.aip.dev/122#full-resource-names) populated because
-// these resource types are not yet supported by Cloud Asset Inventory (e.g.
-// Cloud SQL databases). In these cases only the display name will be
-// provided.
 message Database {
+  // Some database resources may not have the [full resource
+  // name](https://google.aip.dev/122#full-resource-names) populated because
+  // these resource types are not yet supported by Cloud Asset Inventory (e.g.
+  // Cloud SQL databases). In these cases only the display name will be
+  // provided.
   // The [full resource name](https://google.aip.dev/122#full-resource-names) of
   // the database that the user connected to, if it is supported by Cloud Asset
   // Inventory.
@@ -55,4 +55,9 @@ message Database {
   // The target usernames, roles, or groups of an SQL privilege grant, which is
   // not an IAM policy change.
   repeated string grantees = 5;
+
+  // The version of the database, for example, POSTGRES_14.
+  // See [the complete
+  // list](https://cloud.google.com/sql/docs/mysql/admin-api/rest/v1/SqlDatabaseVersion).
+  string version = 6;
 }

packages/google-cloud-securitycenter/protos/google/cloud/securitycenter/v1/exfiltration.proto

@@ -37,6 +37,9 @@ message Exfiltration {
   // If there are multiple targets, each target would get a complete copy of the
   // "joined" source data.
   repeated ExfilResource targets = 2;
+
+  // Total exfiltrated bytes processed for the entire job.
+  int64 total_exfiltrated_bytes = 3;
 }
 
 // Resource where data was exfiltrated from or exfiltrated to.

packages/google-cloud-securitycenter/protos/google/cloud/securitycenter/v1/file.proto

@@ -27,6 +27,17 @@ option ruby_package = "Google::Cloud::SecurityCenter::V1";
 // File information about the related binary/library used by an executable, or
 // the script used by a script interpreter
 message File {
+  // Path of the file in terms of underlying disk/partition identifiers.
+  message DiskPath {
+    // UUID of the partition (format
+    // https://wiki.archlinux.org/title/persistent_block_device_naming#by-uuid)
+    string partition_uuid = 1;
+
+    // Relative path of the file in the partition as a JSON encoded string.
+    // Example: /home/user1/executable_file.sh
+    string relative_path = 2;
+  }
+
   // Absolute path of the file as a JSON encoded string.
   string path = 1;
 
@@ -48,4 +59,7 @@ message File {
 
   // Prefix of the file contents as a JSON-encoded string.
   string contents = 6;
+
+  // Path of the file in terms of underlying disk/partition identifiers.
+  DiskPath disk_path = 7;
 }

packages/google-cloud-securitycenter/protos/google/cloud/securitycenter/v1/finding.proto

@@ -35,7 +35,10 @@ import "google/cloud/securitycenter/v1/iam_binding.proto";
 import "google/cloud/securitycenter/v1/indicator.proto";
 import "google/cloud/securitycenter/v1/kernel_rootkit.proto";
 import "google/cloud/securitycenter/v1/kubernetes.proto";
+import "google/cloud/securitycenter/v1/load_balancer.proto";
+import "google/cloud/securitycenter/v1/log_entry.proto";
 import "google/cloud/securitycenter/v1/mitre_attack.proto";
+import "google/cloud/securitycenter/v1/org_policy.proto";
 import "google/cloud/securitycenter/v1/process.proto";
 import "google/cloud/securitycenter/v1/security_marks.proto";
 import "google/cloud/securitycenter/v1/vulnerability.proto";
@@ -362,9 +365,18 @@ message Finding {
   // Signature of the kernel rootkit.
   KernelRootkit kernel_rootkit = 50;
 
+  // Contains information about the org policies associated with the finding.
+  repeated OrgPolicy org_policies = 51;
+
   // Represents an application associated with the finding.
   Application application = 53;
 
   // Fields related to Backup and DR findings.
   BackupDisasterRecovery backup_disaster_recovery = 55;
+
+  // Log entries that are relevant to the finding.
+  repeated LogEntry log_entries = 57;
+
+  // The load balancers associated with the finding.
+  repeated LoadBalancer load_balancers = 58;
 }

packages/google-cloud-securitycenter/protos/google/cloud/securitycenter/v1/indicator.proto

@@ -59,13 +59,28 @@ message Indicator {
       string yara_rule = 5;
     }
 
+    // Possible resource types to be associated with a signature.
+    enum SignatureType {
+      // The default signature type.
+      SIGNATURE_TYPE_UNSPECIFIED = 0;
+
+      // Used for signatures concerning processes.
+      SIGNATURE_TYPE_PROCESS = 1;
+
+      // Used for signatures concerning disks.
+      SIGNATURE_TYPE_FILE = 2;
+    }
+
     oneof signature {
       // Signature indicating that a binary family was matched.
       MemoryHashSignature memory_hash_signature = 6;
 
       // Signature indicating that a YARA rule was matched.
       YaraRuleSignature yara_rule_signature = 7;
     }
+
+    // Describes the type of resource associated with the signature.
+    SignatureType signature_type = 8;
   }
 
   // The list of IP addresses that are associated with the finding.

packages/google-cloud-securitycenter/protos/google/cloud/securitycenter/v1/kubernetes.proto

@@ -158,6 +158,29 @@ message Kubernetes {
     string version = 7;
   }
 
+  // Kubernetes object related to the finding, uniquely identified by GKNN.
+  // Used if the object Kind is not one of Pod, Node, NodePool, Binding, or
+  // AccessReview.
+  message Object {
+    // Kubernetes object group, such as "policy.k8s.io/v1".
+    string group = 1;
+
+    // Kubernetes object kind, such as "Namespace".
+    string kind = 2;
+
+    // Kubernetes object namespace. Must be a valid DNS label. Named
+    // "ns" to avoid collision with C++ namespace keyword. For details see
+    // https://kubernetes.io/docs/tasks/administer-cluster/namespaces/.
+    string ns = 3;
+
+    // Kubernetes object name. For details see
+    // https://kubernetes.io/docs/concepts/overview/working-with-objects/names/.
+    string name = 4;
+
+    // Pod containers associated with this finding, if any.
+    repeated Container containers = 5;
+  }
+
   // Kubernetes
   // [Pods](https://cloud.google.com/kubernetes-engine/docs/concepts/pod)
   // associated with the finding. This field contains Pod records for each
@@ -187,4 +210,7 @@ message Kubernetes {
   // Provides information on any Kubernetes access reviews (privilege checks)
   // relevant to the finding.
   repeated AccessReview access_reviews = 6;
+
+  // Kubernetes objects related to the finding.
+  repeated Object objects = 7;
 }

packages/google-cloud-securitycenter/protos/google/cloud/securitycenter/v1/load_balancer.proto

@@ -0,0 +1,32 @@
+// Copyright 2024 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+syntax = "proto3";
+
+package google.cloud.securitycenter.v1;
+
+option csharp_namespace = "Google.Cloud.SecurityCenter.V1";
+option go_package = "cloud.google.com/go/securitycenter/apiv1/securitycenterpb;securitycenterpb";
+option java_multiple_files = true;
+option java_outer_classname = "LoadBalancerProto";
+option java_package = "com.google.cloud.securitycenter.v1";
+option php_namespace = "Google\\Cloud\\SecurityCenter\\V1";
+option ruby_package = "Google::Cloud::SecurityCenter::V1";
+
+// Contains information related to the load balancer associated with the
+// finding.
+message LoadBalancer {
+  // The name of the load balancer associated with the finding.
+  string name = 1;
+}

packages/google-cloud-securitycenter/protos/google/cloud/securitycenter/v1/log_entry.proto

@@ -0,0 +1,55 @@
+// Copyright 2024 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+syntax = "proto3";
+
+package google.cloud.securitycenter.v1;
+
+import "google/protobuf/timestamp.proto";
+
+option csharp_namespace = "Google.Cloud.SecurityCenter.V1";
+option go_package = "cloud.google.com/go/securitycenter/apiv1/securitycenterpb;securitycenterpb";
+option java_multiple_files = true;
+option java_outer_classname = "LogEntryProto";
+option java_package = "com.google.cloud.securitycenter.v1";
+option php_namespace = "Google\\Cloud\\SecurityCenter\\V1";
+option ruby_package = "Google::Cloud::SecurityCenter::V1";
+
+// An individual entry in a log.
+message LogEntry {
+  oneof log_entry {
+    // An individual entry in a log stored in Cloud Logging.
+    CloudLoggingEntry cloud_logging_entry = 1;
+  }
+}
+
+// Metadata taken from a [Cloud Logging
+// LogEntry](https://cloud.google.com/logging/docs/reference/v2/rest/v2/LogEntry)
+message CloudLoggingEntry {
+  // A unique identifier for the log entry.
+  string insert_id = 1;
+
+  // The type of the log (part of `log_name`. `log_name` is the resource name of
+  // the log to which this log entry belongs). For example:
+  // `cloudresourcemanager.googleapis.com/activity`. Note that this field is not
+  // URL-encoded, unlike the `LOG_ID` field in `LogEntry`.
+  string log_id = 2;
+
+  // The organization, folder, or project of the monitored resource that
+  // produced this log entry.
+  string resource_container = 3;
+
+  // The time the event described by the log entry occurred.
+  google.protobuf.Timestamp timestamp = 4;
+}