Skip to content

Commit 6aff678

Browse files
Google APIscopybara-github
authored andcommitted
feat: add kernel_rootkit field to finding's list of attributes
docs: miscellaneous style improvements PiperOrigin-RevId: 493119809
1 parent 758f0d1 commit 6aff678

6 files changed

Lines changed: 109 additions & 35 deletions

File tree

google/cloud/securitycenter/v1/BUILD.bazel

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -67,6 +67,7 @@ proto_library(
6767
"folder.proto",
6868
"iam_binding.proto",
6969
"indicator.proto",
70+
"kernel_rootkit.proto",
7071
"kubernetes.proto",
7172
"label.proto",
7273
"mitre_attack.proto",

google/cloud/securitycenter/v1/external_system.proto

Lines changed: 4 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -36,11 +36,10 @@ message ExternalSystem {
3636
pattern: "projects/{project}/sources/{source}/findings/{finding}/externalSystems/{externalsystem}"
3737
};
3838

39-
// External System Name e.g. jira, demisto, etc.
40-
// e.g.:
41-
// `organizations/1234/sources/5678/findings/123456/externalSystems/jira`
42-
// `folders/1234/sources/5678/findings/123456/externalSystems/jira`
43-
// `projects/1234/sources/5678/findings/123456/externalSystems/jira`
39+
// Full resource name of the external system, for example:
40+
// "organizations/1234/sources/5678/findings/123456/externalSystems/jira",
41+
// "folders/1234/sources/5678/findings/123456/externalSystems/jira",
42+
// "projects/1234/sources/5678/findings/123456/externalSystems/jira"
4443
string name = 1;
4544

4645
// References primary/secondary etc assignees in the external system.

google/cloud/securitycenter/v1/finding.proto

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -29,6 +29,7 @@ import "google/cloud/securitycenter/v1/external_system.proto";
2929
import "google/cloud/securitycenter/v1/file.proto";
3030
import "google/cloud/securitycenter/v1/iam_binding.proto";
3131
import "google/cloud/securitycenter/v1/indicator.proto";
32+
import "google/cloud/securitycenter/v1/kernel_rootkit.proto";
3233
import "google/cloud/securitycenter/v1/kubernetes.proto";
3334
import "google/cloud/securitycenter/v1/mitre_attack.proto";
3435
import "google/cloud/securitycenter/v1/process.proto";
@@ -253,7 +254,7 @@ message Finding {
253254
// Reference: https://en.wikipedia.org/wiki/Indicator_of_compromise
254255
Indicator indicator = 18;
255256

256-
// Represents vulnerability specific fields like cve, cvss scores etc.
257+
// Represents vulnerability-specific fields like CVE and CVS scores.
257258
// CVE stands for Common Vulnerabilities and Exposures
258259
// (https://cve.mitre.org/about/)
259260
Vulnerability vulnerability = 20;
@@ -336,4 +337,7 @@ message Finding {
336337

337338
// File associated with the finding.
338339
repeated File files = 46;
340+
341+
// Kernel Rootkit signature.
342+
KernelRootkit kernel_rootkit = 50;
339343
}
Lines changed: 62 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,62 @@
1+
// Copyright 2022 Google LLC
2+
//
3+
// Licensed under the Apache License, Version 2.0 (the "License");
4+
// you may not use this file except in compliance with the License.
5+
// You may obtain a copy of the License at
6+
//
7+
// http://www.apache.org/licenses/LICENSE-2.0
8+
//
9+
// Unless required by applicable law or agreed to in writing, software
10+
// distributed under the License is distributed on an "AS IS" BASIS,
11+
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12+
// See the License for the specific language governing permissions and
13+
// limitations under the License.
14+
15+
syntax = "proto3";
16+
17+
package google.cloud.securitycenter.v1;
18+
19+
option csharp_namespace = "Google.Cloud.SecurityCenter.V1";
20+
option go_package = "google.golang.org/genproto/googleapis/cloud/securitycenter/v1;securitycenter";
21+
option java_multiple_files = true;
22+
option java_outer_classname = "KernelRootkitProto";
23+
option java_package = "com.google.cloud.securitycenter.v1";
24+
option php_namespace = "Google\\Cloud\\SecurityCenter\\V1";
25+
option ruby_package = "Google::Cloud::SecurityCenter::V1";
26+
27+
// Kernel mode rootkit signatures.
28+
message KernelRootkit {
29+
// Rootkit name when available.
30+
string name = 1;
31+
32+
// True if unexpected modifications of kernel code memory are present.
33+
bool unexpected_code_modification = 2;
34+
35+
// True if unexpected modifications of kernel read-only data memory are
36+
// present.
37+
bool unexpected_read_only_data_modification = 3;
38+
39+
// True if `ftrace` points are present with callbacks pointing to regions
40+
// that are not in the expected kernel or module code range.
41+
bool unexpected_ftrace_handler = 4;
42+
43+
// True if `kprobe` points are present with callbacks pointing to regions
44+
// that are not in the expected kernel or module code range.
45+
bool unexpected_kprobe_handler = 5;
46+
47+
// True if kernel code pages that are not in the expected kernel or module
48+
// code regions are present.
49+
bool unexpected_kernel_code_pages = 6;
50+
51+
// True if system call handlers that are are not in the expected kernel or
52+
// module code regions are present.
53+
bool unexpected_system_call_handler = 7;
54+
55+
// True if interrupt handlers that are are not in the expected kernel or
56+
// module code regions are present.
57+
bool unexpected_interrupt_handler = 8;
58+
59+
// True if unexpected processes in the scheduler run queue are present. Such
60+
// processes are in the run queue, but not in the process task list.
61+
bool unexpected_processes_in_runqueue = 9;
62+
}

google/cloud/securitycenter/v1/notification_config.proto

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -73,7 +73,9 @@ message NotificationConfig {
7373
// The relative resource name of this notification config. See:
7474
// https://cloud.google.com/apis/design/resource_names#relative_resource_name
7575
// Example:
76-
// "organizations/{organization_id}/notificationConfigs/notify_public_bucket".
76+
// "organizations/{organization_id}/notificationConfigs/notify_public_bucket",
77+
// "folders/{folder_id}/notificationConfigs/notify_public_bucket",
78+
// or "projects/{project_id}/notificationConfigs/notify_public_bucket".
7779
string name = 1;
7880

7981
// The description of the notification config (max of 1024 characters).

google/cloud/securitycenter/v1/securitycenter_service.proto

Lines changed: 34 additions & 28 deletions
Original file line numberDiff line numberDiff line change
@@ -161,7 +161,7 @@ service SecurityCenter {
161161
option (google.api.method_signature) = "name";
162162
}
163163

164-
// Gets a big query export.
164+
// Gets a BigQuery export.
165165
rpc GetBigQueryExport(GetBigQueryExportRequest) returns (BigQueryExport) {
166166
option (google.api.http) = {
167167
get: "/v1/{name=organizations/*/bigQueryExports/*}"
@@ -507,7 +507,7 @@ service SecurityCenter {
507507
option (google.api.method_signature) = "security_marks";
508508
}
509509

510-
// Creates a big query export.
510+
// Creates a BigQuery export.
511511
rpc CreateBigQueryExport(CreateBigQueryExportRequest)
512512
returns (BigQueryExport) {
513513
option (google.api.http) = {
@@ -526,7 +526,7 @@ service SecurityCenter {
526526
"parent,big_query_export,big_query_export_id";
527527
}
528528

529-
// Deletes an existing big query export.
529+
// Deletes an existing BigQuery export.
530530
rpc DeleteBigQueryExport(DeleteBigQueryExportRequest)
531531
returns (google.protobuf.Empty) {
532532
option (google.api.http) = {
@@ -673,8 +673,8 @@ message CreateNotificationConfigRequest {
673673

674674
// Required.
675675
// Unique identifier provided by the client within the parent scope.
676-
// It must be between 1 and 128 characters, and contains alphanumeric
677-
// characters, underscores or hyphens only.
676+
// It must be between 1 and 128 characters and contain alphanumeric
677+
// characters, underscores, or hyphens only.
678678
string config_id = 2 [(google.api.field_behavior) = REQUIRED];
679679

680680
// Required. The notification config being created. The name and the service
@@ -717,7 +717,9 @@ message DeleteMuteConfigRequest {
717717
// Request message for deleting a notification config.
718718
message DeleteNotificationConfigRequest {
719719
// Required. Name of the notification config to delete. Its format is
720-
// "organizations/[organization_id]/notificationConfigs/[config_id]".
720+
// "organizations/[organization_id]/notificationConfigs/[config_id]",
721+
// "folders/[folder_id]/notificationConfigs/[config_id]",
722+
// or "projects/[project_id]/notificationConfigs/[config_id]".
721723
string name = 1 [
722724
(google.api.field_behavior) = REQUIRED,
723725
(google.api.resource_reference) = {
@@ -726,9 +728,9 @@ message DeleteNotificationConfigRequest {
726728
];
727729
}
728730

729-
// Request message for retrieving a big query export.
731+
// Request message for retrieving a BigQuery export.
730732
message GetBigQueryExportRequest {
731-
// Required. Name of the big query export to retrieve. Its format is
733+
// Required. Name of the BigQuery export to retrieve. Its format is
732734
// organizations/{organization}/bigQueryExports/{export_id},
733735
// folders/{folder}/bigQueryExports/{export_id}, or
734736
// projects/{project}/bigQueryExports/{export_id}
@@ -757,7 +759,9 @@ message GetMuteConfigRequest {
757759
// Request message for getting a notification config.
758760
message GetNotificationConfigRequest {
759761
// Required. Name of the notification config to get. Its format is
760-
// "organizations/[organization_id]/notificationConfigs/[config_id]".
762+
// "organizations/[organization_id]/notificationConfigs/[config_id]",
763+
// "folders/[folder_id]/notificationConfigs/[config_id]",
764+
// or "projects/[project_id]/notificationConfigs/[config_id]".
761765
string name = 1 [
762766
(google.api.field_behavior) = REQUIRED,
763767
(google.api.resource_reference) = {
@@ -792,7 +796,7 @@ message GetSourceRequest {
792796

793797
// Request message for grouping by assets.
794798
message GroupAssetsRequest {
795-
// Required. Name of the organization to groupBy. Its format is
799+
// Required. The name of the parent to group the assets by. Its format is
796800
// "organizations/[organization_id], folders/[folder_id], or
797801
// projects/[project_id]".
798802
string parent = 1 [
@@ -1159,9 +1163,9 @@ message ListMuteConfigsResponse {
11591163

11601164
// Request message for listing notification configs.
11611165
message ListNotificationConfigsRequest {
1162-
// Required. Name of the organization to list notification configs. Its format
1163-
// is "organizations/[organization_id]", "folders/[folder_id]", or
1164-
// "projects/[project_id]".
1166+
// Required. The name of the parent in which to list the notification
1167+
// configurations. Its format is "organizations/[organization_id]",
1168+
// "folders/[folder_id]", or "projects/[project_id]".
11651169
string parent = 1 [
11661170
(google.api.field_behavior) = REQUIRED,
11671171
(google.api.resource_reference) = {
@@ -1223,8 +1227,8 @@ message ListSourcesResponse {
12231227

12241228
// Request message for listing assets.
12251229
message ListAssetsRequest {
1226-
// Required. Name of the organization assets should belong to. Its format is
1227-
// "organizations/[organization_id], folders/[folder_id], or
1230+
// Required. The name of the parent that the listed assets belong to. Its
1231+
// format is "organizations/[organization_id], folders/[folder_id], or
12281232
// projects/[project_id]".
12291233
string parent = 1 [
12301234
(google.api.field_behavior) = REQUIRED,
@@ -1652,10 +1656,12 @@ message ListFindingsResponse {
16521656

16531657
// Request message for updating a finding's state.
16541658
message SetFindingStateRequest {
1655-
// Required. The relative resource name of the finding. See:
1656-
// https://cloud.google.com/apis/design/resource_names#relative_resource_name
1657-
// Example:
1658-
// "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}".
1659+
// Required. The [relative resource
1660+
// name](https://cloud.google.com/apis/design/resource_names#relative_resource_name)
1661+
// of the finding. Example:
1662+
// "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}",
1663+
// "folders/{folder_id}/sources/{source_id}/findings/{finding_id}",
1664+
// "projects/{project_id}/sources/{source_id}/findings/{finding_id}".
16591665
string name = 1 [
16601666
(google.api.field_behavior) = REQUIRED,
16611667
(google.api.resource_reference) = {
@@ -1673,9 +1679,9 @@ message SetFindingStateRequest {
16731679

16741680
// Request message for updating a finding's mute status.
16751681
message SetMuteRequest {
1676-
// Required. The relative resource name of the finding. See:
1677-
// https://cloud.google.com/apis/design/resource_names#relative_resource_name
1678-
// Example:
1682+
// Required. The [relative resource
1683+
// name](https://cloud.google.com/apis/design/resource_names#relative_resource_name)
1684+
// of the finding. Example:
16791685
// "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}",
16801686
// "folders/{folder_id}/sources/{source_id}/findings/{finding_id}",
16811687
// "projects/{project_id}/sources/{source_id}/findings/{finding_id}".
@@ -1797,10 +1803,10 @@ message UpdateSecurityMarksRequest {
17971803
google.protobuf.Timestamp start_time = 3;
17981804
}
17991805

1800-
// Request message for creating a big query export.
1806+
// Request message for creating a BigQuery export.
18011807
message CreateBigQueryExportRequest {
1802-
// Required. Resource name of the new big query export's parent. Its format is
1803-
// "organizations/[organization_id]", "folders/[folder_id]", or
1808+
// Required. The name of the parent resource of the new BigQuery export. Its
1809+
// format is "organizations/[organization_id]", "folders/[folder_id]", or
18041810
// "projects/[project_id]".
18051811
string parent = 1 [
18061812
(google.api.field_behavior) = REQUIRED,
@@ -1809,7 +1815,7 @@ message CreateBigQueryExportRequest {
18091815
}
18101816
];
18111817

1812-
// Required. The big query export being created.
1818+
// Required. The BigQuery export being created.
18131819
BigQueryExport big_query_export = 2 [(google.api.field_behavior) = REQUIRED];
18141820

18151821
// Required. Unique identifier provided by the client within the parent scope.
@@ -1865,9 +1871,9 @@ message ListBigQueryExportsResponse {
18651871
string next_page_token = 2;
18661872
}
18671873

1868-
// Request message for deleting a big query export.
1874+
// Request message for deleting a BigQuery export.
18691875
message DeleteBigQueryExportRequest {
1870-
// Required. Name of the big query export to delete. Its format is
1876+
// Required. The name of the BigQuery export to delete. Its format is
18711877
// organizations/{organization}/bigQueryExports/{export_id},
18721878
// folders/{folder}/bigQueryExports/{export_id}, or
18731879
// projects/{project}/bigQueryExports/{export_id}

0 commit comments

Comments
 (0)