Skip to content

Commit

Permalink
feat: [google-cloud-securitycenter] enable Dynamic Mute (#12977)
Browse files Browse the repository at this point in the history 
BEGIN_COMMIT_OVERRIDE
feat: enable Dynamic Mute
feat: New values `EXPLOITATION_FOR_PRIVILEGE_ESCALATION` corresponding
to T1068 and `INDICATOR_REMOVAL_FILE_DELETION` corresponding to
T1070.004 are added to enum `Technique`
docs: T1068 is added for value `EXPLOITATION_FOR_PRIVILEGE_ESCALATION`
and T1070.004 is added for value `INDICATOR_REMOVAL_FILE_DELETION` for
enum `Technique
feat: enable Dynamic Mute
feat: New values `EXPLOITATION_FOR_PRIVILEGE_ESCALATION` corresponding
to T1068 and `INDICATOR_REMOVAL_FILE_DELETION` corresponding to
T1070.004 are added to enum `Technique`
docs: T1068 is added for value `EXPLOITATION_FOR_PRIVILEGE_ESCALATION`
and T1070.004 is added for value `INDICATOR_REMOVAL_FILE_DELETION` for
enum `Technique
END_COMMIT_OVERRIDE

- [ ] Regenerate this pull request now.

feat: New values `EXPLOITATION_FOR_PRIVILEGE_ESCALATION` corresponding
to T1068 and `INDICATOR_REMOVAL_FILE_DELETION` corresponding to
T1070.004 are added to enum `Technique`
docs: T1068 is added for value `EXPLOITATION_FOR_PRIVILEGE_ESCALATION`
and T1070.004 is added for value `INDICATOR_REMOVAL_FILE_DELETION` for
enum `Technique

PiperOrigin-RevId: 659656285

Source-Link:
googleapis/googleapis@ae59394

Source-Link:
googleapis/googleapis-gen@1a6022a
Copy-Tag:
eyJwIjoicGFja2FnZXMvZ29vZ2xlLWNsb3VkLXNlY3VyaXR5Y2VudGVyLy5Pd2xCb3QueWFtbCIsImgiOiIxYTYwMjJhNTFiYzIxMDI3MmI0YTBhMmJhNzZlNWE0NGU4Y2Y4Y2M2In0=

BEGIN_NESTED_COMMIT
feat: [google-cloud-securitycenter] enable Dynamic Mute
feat: New values `EXPLOITATION_FOR_PRIVILEGE_ESCALATION` corresponding
to T1068 and `INDICATOR_REMOVAL_FILE_DELETION` corresponding to
T1070.004 are added to enum `Technique`
docs: T1068 is added for value `EXPLOITATION_FOR_PRIVILEGE_ESCALATION`
and T1070.004 is added for value `INDICATOR_REMOVAL_FILE_DELETION` for
enum `Technique

PiperOrigin-RevId: 658541020

Source-Link:
googleapis/googleapis@c37b7f0

Source-Link:
googleapis/googleapis-gen@2472a8c
Copy-Tag:
eyJwIjoicGFja2FnZXMvZ29vZ2xlLWNsb3VkLXNlY3VyaXR5Y2VudGVyLy5Pd2xCb3QueWFtbCIsImgiOiIyNDcyYThjMGNkMGEyZTk3NTlhZjhlMDQxMzRiZTA4YjZhM2E1ZWQ1In0=
END_NESTED_COMMIT

---------

Co-authored-by: Owl Bot <gcf-owl-bot[bot]@users.noreply.github.com>
Co-authored-by: ohmayr <omairnaveed@ymail.com>
  • Loading branch information
@gcf-owl-bot @ohmayr
3 people authored Aug 8, 2024
1 parent 2ac4597 commit 6f4d816
Show file tree
Hide file tree
Showing 42 changed files with 583 additions and 227 deletions.
2 changes: 1 addition & 1 deletion packages/google-cloud-securitycenter/google/cloud/securitycenter/gapic_version.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,4 +13,4 @@
# See the License for the specific language governing permissions and
# limitations under the License.
#
__version__ = "1.33.1" # {x-release-please-version}
__version__ = "0.0.0" # {x-release-please-version}
2 changes: 1 addition & 1 deletion packages/google-cloud-securitycenter/google/cloud/securitycenter_v1/gapic_version.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,4 +13,4 @@
# See the License for the specific language governing permissions and
# limitations under the License.
#
__version__ = "1.33.1" # {x-release-please-version}
__version__ = "0.0.0" # {x-release-please-version}
6 changes: 3 additions & 3 deletions ...ud-securitycenter/google/cloud/securitycenter_v1/services/security_center/async_client.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6517,9 +6517,9 @@ async def sample_delete_event_threat_detection_custom_module():
Its format is:
- "organizations/{organization}/eventThreatDetectionSettings/customModules/{module}".
- "folders/{folder}/eventThreatDetectionSettings/customModules/{module}".
- "projects/{project}/eventThreatDetectionSettings/customModules/{module}".
- ``organizations/{organization}/eventThreatDetectionSettings/customModules/{module}``.
- ``folders/{folder}/eventThreatDetectionSettings/customModules/{module}``.
- ``projects/{project}/eventThreatDetectionSettings/customModules/{module}``.
This corresponds to the ``name`` field
on the ``request`` instance; if ``request`` is provided, this
Expand Down
6 changes: 3 additions & 3 deletions ...le-cloud-securitycenter/google/cloud/securitycenter_v1/services/security_center/client.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7172,9 +7172,9 @@ def sample_delete_event_threat_detection_custom_module():
Its format is:
- "organizations/{organization}/eventThreatDetectionSettings/customModules/{module}".
- "folders/{folder}/eventThreatDetectionSettings/customModules/{module}".
- "projects/{project}/eventThreatDetectionSettings/customModules/{module}".
- ``organizations/{organization}/eventThreatDetectionSettings/customModules/{module}``.
- ``folders/{folder}/eventThreatDetectionSettings/customModules/{module}``.
- ``projects/{project}/eventThreatDetectionSettings/customModules/{module}``.
This corresponds to the ``name`` field
on the ``request`` instance; if ``request`` is provided, this
Expand Down
85 changes: 85 additions & 0 deletions packages/google-cloud-securitycenter/google/cloud/securitycenter_v1/types/finding.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -191,6 +191,9 @@ class Finding(proto.Message):
example, the `mute
configuration </security-command-center/docs/how-to-mute-findings>`__
that muted the finding and the user who muted the finding.
mute_info (google.cloud.securitycenter_v1.types.Finding.MuteInfo):
Output only. The mute information regarding
this finding.
processes (MutableSequence[google.cloud.securitycenter_v1.types.Process]):
Represents operating system processes
associated with the Finding.
Expand Down Expand Up @@ -461,6 +464,83 @@ class FindingClass(proto.Enum):
POSTURE_VIOLATION = 6
TOXIC_COMBINATION = 7

class MuteInfo(proto.Message):
r"""Mute information about the finding, including whether the
finding has a static mute or any matching dynamic mute rules.
Attributes:
static_mute (google.cloud.securitycenter_v1.types.Finding.MuteInfo.StaticMute):
If set, the static mute applied to this
finding. Static mutes override dynamic mutes. If
unset, there is no static mute.
dynamic_mute_records (MutableSequence[google.cloud.securitycenter_v1.types.Finding.MuteInfo.DynamicMuteRecord]):
The list of dynamic mute rules that currently
match the finding.
"""

class StaticMute(proto.Message):
r"""Information about the static mute state. A static mute state
overrides any dynamic mute rules that apply to this finding. The
static mute state can be set by a static mute rule or by muting
the finding directly.
Attributes:
state (google.cloud.securitycenter_v1.types.Finding.Mute):
The static mute state. If the value is ``MUTED`` or
``UNMUTED``, then the finding's overall mute state will have
the same value.
apply_time (google.protobuf.timestamp_pb2.Timestamp):
When the static mute was applied.
"""

state: "Finding.Mute" = proto.Field(
proto.ENUM,
number=1,
enum="Finding.Mute",
)
apply_time: timestamp_pb2.Timestamp = proto.Field(
proto.MESSAGE,
number=2,
message=timestamp_pb2.Timestamp,
)

class DynamicMuteRecord(proto.Message):
r"""The record of a dynamic mute rule that matches the finding.
Attributes:
mute_config (str):
The relative resource name of the mute rule, represented by
a mute config, that created this record, for example
``organizations/123/muteConfigs/mymuteconfig`` or
``organizations/123/locations/global/muteConfigs/mymuteconfig``.
match_time (google.protobuf.timestamp_pb2.Timestamp):
When the dynamic mute rule first matched the
finding.
"""

mute_config: str = proto.Field(
proto.STRING,
number=1,
)
match_time: timestamp_pb2.Timestamp = proto.Field(
proto.MESSAGE,
number=2,
message=timestamp_pb2.Timestamp,
)

static_mute: "Finding.MuteInfo.StaticMute" = proto.Field(
proto.MESSAGE,
number=1,
message="Finding.MuteInfo.StaticMute",
)
dynamic_mute_records: MutableSequence[
"Finding.MuteInfo.DynamicMuteRecord"
] = proto.RepeatedField(
proto.MESSAGE,
number=2,
message="Finding.MuteInfo.DynamicMuteRecord",
)

name: str = proto.Field(
proto.STRING,
number=1,
Expand Down Expand Up @@ -568,6 +648,11 @@ class FindingClass(proto.Enum):
proto.STRING,
number=28,
)
mute_info: MuteInfo = proto.Field(
proto.MESSAGE,
number=61,
message=MuteInfo,
)
processes: MutableSequence[process.Process] = proto.RepeatedField(
proto.MESSAGE,
number=30,
Expand Down
8 changes: 7 additions & 1 deletion packages/google-cloud-securitycenter/google/cloud/securitycenter_v1/types/mitre_attack.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -111,7 +111,7 @@ class Tactic(proto.Enum):
class Technique(proto.Enum):
r"""MITRE ATT&CK techniques that can be referenced by SCC
findings. See: https://attack.mitre.org/techniques/enterprise/
Next ID: 63
Next ID: 65
Values:
TECHNIQUE_UNSPECIFIED (0):
Expand All @@ -134,10 +134,14 @@ class Technique(proto.Enum):
T1059.004
PYTHON (59):
T1059.006
EXPLOITATION_FOR_PRIVILEGE_ESCALATION (63):
T1068
PERMISSION_GROUPS_DISCOVERY (18):
T1069
CLOUD_GROUPS (19):
T1069.003
INDICATOR_REMOVAL_FILE_DELETION (64):
T1070.004
APPLICATION_LAYER_PROTOCOL (45):
T1071
DNS (46):
Expand Down Expand Up @@ -251,8 +255,10 @@ class Technique(proto.Enum):
COMMAND_AND_SCRIPTING_INTERPRETER = 6
UNIX_SHELL = 7
PYTHON = 59
EXPLOITATION_FOR_PRIVILEGE_ESCALATION = 63
PERMISSION_GROUPS_DISCOVERY = 18
CLOUD_GROUPS = 19
INDICATOR_REMOVAL_FILE_DELETION = 64
APPLICATION_LAYER_PROTOCOL = 45
DNS = 46
SOFTWARE_DEPLOYMENT_TOOLS = 47
Expand Down
49 changes: 49 additions & 0 deletions packages/google-cloud-securitycenter/google/cloud/securitycenter_v1/types/mute_config.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -84,8 +84,47 @@ class MuteConfig(proto.Message):
last edited the mute config. This field is set
by the server and will be ignored if provided on
config creation or update.
type_ (google.cloud.securitycenter_v1.types.MuteConfig.MuteConfigType):
Optional. The type of the mute config, which
determines what type of mute state the config
affects. The static mute state takes precedence
over the dynamic mute state. Immutable after
creation. STATIC by default if not set during
creation.
expiry_time (google.protobuf.timestamp_pb2.Timestamp):
Optional. The expiry of the mute config. Only
applicable for dynamic configs. If the expiry is
set, when the config expires, it is removed from
all findings.
"""

class MuteConfigType(proto.Enum):
r"""The type of MuteConfig.
Values:
MUTE_CONFIG_TYPE_UNSPECIFIED (0):
Unused.
STATIC (1):
A static mute config, which sets the static
mute state of future matching findings to muted.
Once the static mute state has been set, finding
or config modifications will not affect the
state.
DYNAMIC (2):
A dynamic mute config, which is applied to
existing and future matching findings, setting
their dynamic mute state to "muted". If the
config is updated or deleted, or a matching
finding is updated, such that the finding
doesn't match the config, the config will be
removed from the finding, and the finding's
dynamic mute state may become "unmuted" (unless
other configs still match).
"""
MUTE_CONFIG_TYPE_UNSPECIFIED = 0
STATIC = 1
DYNAMIC = 2

name: str = proto.Field(
proto.STRING,
number=1,
Expand Down Expand Up @@ -116,6 +155,16 @@ class MuteConfig(proto.Message):
proto.STRING,
number=7,
)
type_: MuteConfigType = proto.Field(
proto.ENUM,
number=8,
enum=MuteConfigType,
)
expiry_time: timestamp_pb2.Timestamp = proto.Field(
proto.MESSAGE,
number=9,
message=timestamp_pb2.Timestamp,
)


__all__ = tuple(sorted(__protobuf__.manifest))
34 changes: 30 additions & 4 deletions ...oogle-cloud-securitycenter/google/cloud/securitycenter_v1/types/securitycenter_service.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -192,7 +192,28 @@ class BulkMuteFindingsRequest(proto.Message):
This can be a mute configuration name or any
identifier for mute/unmute of findings based on
the filter.
"""
mute_state (google.cloud.securitycenter_v1.types.BulkMuteFindingsRequest.MuteState):
Optional. All findings matching the given filter will have
their mute state set to this value. The default value is
``MUTED``. Setting this to ``UNDEFINED`` will clear the mute
state on all matching findings.
"""

class MuteState(proto.Enum):
r"""The mute state.
Values:
MUTE_STATE_UNSPECIFIED (0):
Unused.
MUTED (1):
Matching findings will be muted (default).
UNDEFINED (2):
Matching findings will have their mute state
cleared.
"""
MUTE_STATE_UNSPECIFIED = 0
MUTED = 1
UNDEFINED = 2

parent: str = proto.Field(
proto.STRING,
Expand All @@ -206,6 +227,11 @@ class BulkMuteFindingsRequest(proto.Message):
proto.STRING,
number=3,
)
mute_state: MuteState = proto.Field(
proto.ENUM,
number=4,
enum=MuteState,
)


class BulkMuteFindingsResponse(proto.Message):
Expand Down Expand Up @@ -3235,9 +3261,9 @@ class DeleteEventThreatDetectionCustomModuleRequest(proto.Message):
Its format is:
- "organizations/{organization}/eventThreatDetectionSettings/customModules/{module}".
- "folders/{folder}/eventThreatDetectionSettings/customModules/{module}".
- "projects/{project}/eventThreatDetectionSettings/customModules/{module}".
- ``organizations/{organization}/eventThreatDetectionSettings/customModules/{module}``.
- ``folders/{folder}/eventThreatDetectionSettings/customModules/{module}``.
- ``projects/{project}/eventThreatDetectionSettings/customModules/{module}``.
"""

name: str = proto.Field(
Expand Down
8 changes: 8 additions & 0 deletions packages/google-cloud-securitycenter/google/cloud/securitycenter_v1/types/vulnerability.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -106,6 +106,9 @@ class Cve(proto.Message):
zero_day (bool):
Whether or not the vulnerability was zero day
when the finding was published.
exploit_release_date (google.protobuf.timestamp_pb2.Timestamp):
Date the first publicly available exploit or
PoC was released.
"""

class RiskRating(proto.Enum):
Expand Down Expand Up @@ -204,6 +207,11 @@ class ExploitationActivity(proto.Enum):
proto.BOOL,
number=8,
)
exploit_release_date: timestamp_pb2.Timestamp = proto.Field(
proto.MESSAGE,
number=9,
message=timestamp_pb2.Timestamp,
)


class Reference(proto.Message):
Expand Down
2 changes: 1 addition & 1 deletion packages/google-cloud-securitycenter/google/cloud/securitycenter_v1beta1/gapic_version.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,4 +13,4 @@
# See the License for the specific language governing permissions and
# limitations under the License.
#
__version__ = "1.33.1" # {x-release-please-version}
__version__ = "0.0.0" # {x-release-please-version}
2 changes: 1 addition & 1 deletion packages/google-cloud-securitycenter/google/cloud/securitycenter_v1p1beta1/gapic_version.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,4 +13,4 @@
# See the License for the specific language governing permissions and
# limitations under the License.
#
__version__ = "1.33.1" # {x-release-please-version}
__version__ = "0.0.0" # {x-release-please-version}
2 changes: 1 addition & 1 deletion packages/google-cloud-securitycenter/google/cloud/securitycenter_v2/gapic_version.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,4 +13,4 @@
# See the License for the specific language governing permissions and
# limitations under the License.
#
__version__ = "1.33.1" # {x-release-please-version}
__version__ = "0.0.0" # {x-release-please-version}
Loading

0 comments on commit 6f4d816

Please sign in to comment.