feat: Add security_posture, external_system.case_uri, external_system…

….case_priority, external_system.case_sla, external_system.case_create_time, external_system.case_close_time, and external_system.ticket_info to finding's list of attributes PiperOrigin-RevId: 614027711
googleapis · Mar 8, 2024 · e0791ad · e0791ad
1 parent 87e7c58
commit e0791ad
Show file tree

Hide file tree

Showing 4 changed files with 133 additions and 5 deletions.
diff --git a/google/cloud/securitycenter/v1/BUILD.bazel b/google/cloud/securitycenter/v1/BUILD.bazel
@@ -58,6 +58,7 @@ proto_library(
         "security_health_analytics_custom_config.proto",
         "security_health_analytics_custom_module.proto",
         "security_marks.proto",
+        "security_posture.proto",
         "securitycenter_service.proto",
         "source.proto",
         "vulnerability.proto",

diff --git a/google/cloud/securitycenter/v1/external_system.proto b/google/cloud/securitycenter/v1/external_system.proto
@@ -36,6 +36,29 @@ message ExternalSystem {
     pattern: "projects/{project}/sources/{source}/findings/{finding}/externalSystems/{externalsystem}"
   };
 
+  // Information about the ticket, if any, that is being used to track the
+  // resolution of the issue that is identified by this finding.
+  message TicketInfo {
+    // The identifier of the ticket in the ticket system.
+    string id = 1;
+
+    // The assignee of the ticket in the ticket system.
+    string assignee = 2;
+
+    // The description of the ticket in the ticket system.
+    string description = 3;
+
+    // The link to the ticket in the ticket system.
+    string uri = 4;
+
+    // The latest status of the ticket, as reported by the ticket system.
+    string status = 5;
+
+    // The time when the ticket was last updated, as reported by the ticket
+    // system.
+    google.protobuf.Timestamp update_time = 6;
+  }
+
   // Full resource name of the external system, for example:
   // "organizations/1234/sources/5678/findings/123456/externalSystems/jira",
   // "folders/1234/sources/5678/findings/123456/externalSystems/jira",
@@ -45,14 +68,34 @@ message ExternalSystem {
   // References primary/secondary etc assignees in the external system.
   repeated string assignees = 2;
 
-  // Identifier that's used to track the given finding in the external system.
+  // The identifier that's used to track the finding's corresponding case in the
+  // external system.
   string external_uid = 3;
 
-  // Most recent status of the corresponding finding's ticket/tracker in the
-  // external system.
+  // The most recent status of the finding's corresponding case, as reported by
+  // the external system.
   string status = 4;
 
-  // The most recent time when the corresponding finding's ticket/tracker was
-  // updated in the external system.
+  // The time when the case was last updated, as reported by the external
+  // system.
   google.protobuf.Timestamp external_system_update_time = 5;
+
+  // The link to the finding's corresponding case in the external system.
+  string case_uri = 6;
+
+  // The priority of the finding's corresponding case in the external system.
+  string case_priority = 7;
+
+  // The SLA of the finding's corresponding case in the external system.
+  google.protobuf.Timestamp case_sla = 9;
+
+  // The time when the case was created, as reported by the external system.
+  google.protobuf.Timestamp case_create_time = 10;
+
+  // The time when the case was closed, as reported by the external system.
+  google.protobuf.Timestamp case_close_time = 11;
+
+  // Information about the ticket, if any, that is being used to track the
+  // resolution of the issue that is identified by this finding.
+  TicketInfo ticket_info = 8;
 }
diff --git a/google/cloud/securitycenter/v1/finding.proto b/google/cloud/securitycenter/v1/finding.proto
@@ -41,6 +41,7 @@ import "google/cloud/securitycenter/v1/mitre_attack.proto";
 import "google/cloud/securitycenter/v1/org_policy.proto";
 import "google/cloud/securitycenter/v1/process.proto";
 import "google/cloud/securitycenter/v1/security_marks.proto";
+import "google/cloud/securitycenter/v1/security_posture.proto";
 import "google/cloud/securitycenter/v1/vulnerability.proto";
 import "google/protobuf/struct.proto";
 import "google/protobuf/timestamp.proto";
@@ -176,6 +177,10 @@ message Finding {
 
     // Describes an error that prevents some SCC functionality.
     SCC_ERROR = 5;
+
+    // Describes a potential security risk due to a change in the security
+    // posture.
+    POSTURE_VIOLATION = 6;
   }
 
   // The [relative resource
@@ -374,6 +379,9 @@ message Finding {
   // Fields related to Backup and DR findings.
   BackupDisasterRecovery backup_disaster_recovery = 55;
 
+  // The security posture associated with the finding.
+  SecurityPosture security_posture = 56;
+
   // Log entries that are relevant to the finding.
   repeated LogEntry log_entries = 57;
 

diff --git a/google/cloud/securitycenter/v1/security_posture.proto b/google/cloud/securitycenter/v1/security_posture.proto
@@ -0,0 +1,76 @@
+// Copyright 2024 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+syntax = "proto3";
+
+package google.cloud.securitycenter.v1;
+
+option csharp_namespace = "Google.Cloud.SecurityCenter.V1";
+option go_package = "cloud.google.com/go/securitycenter/apiv1/securitycenterpb;securitycenterpb";
+option java_multiple_files = true;
+option java_outer_classname = "SecurityPostureProto";
+option java_package = "com.google.cloud.securitycenter.v1";
+option php_namespace = "Google\\Cloud\\SecurityCenter\\V1";
+option ruby_package = "Google::Cloud::SecurityCenter::V1";
+
+// Represents a posture that is deployed on Google Cloud by the
+// Security Command Center Posture Management service.
+// A posture contains one or more policy sets. A policy set is a
+// group of policies that enforce a set of security rules on Google
+// Cloud.
+message SecurityPosture {
+  // The policy field that violates the deployed posture and its expected and
+  // detected values.
+  message PolicyDriftDetails {
+    // The name of the updated field, for example
+    // constraint.implementation.policy_rules[0].enforce
+    string field = 1;
+
+    // The value of this field that was configured in a posture, for example,
+    // `true` or `allowed_values={"projects/29831892"}`.
+    string expected_value = 2;
+
+    // The detected value that violates the deployed posture, for example,
+    // `false` or `allowed_values={"projects/22831892"}`.
+    string detected_value = 3;
+  }
+
+  // Name of the posture, for example, `CIS-Posture`.
+  string name = 1;
+
+  // The version of the posture, for example, `c7cfa2a8`.
+  string revision_id = 2;
+
+  // The project, folder, or organization on which the posture is deployed,
+  // for example, `projects/{project_number}`.
+  string posture_deployment_resource = 3;
+
+  // The name of the posture deployment, for example,
+  // `organizations/{org_id}/posturedeployments/{posture_deployment_id}`.
+  string posture_deployment = 4;
+
+  // The name of the updated policy, for example,
+  // `projects/{project_id}/policies/{constraint_name}`.
+  string changed_policy = 5;
+
+  // The name of the updated policyset, for example, `cis-policyset`.
+  string policy_set = 6;
+
+  // The ID of the updated policy, for example, `compute-policy-1`.
+  string policy = 7;
+
+  // The details about a change in an updated policy that violates the deployed
+  // posture.
+  repeated PolicyDriftDetails policy_drift_details = 8;
+}