1<html><body> 2<style> 3 4body, h1, h2, h3, div, span, p, pre, a { 5 margin: 0; 6 padding: 0; 7 border: 0; 8 font-weight: inherit; 9 font-style: inherit; 10 font-size: 100%; 11 font-family: inherit; 12 vertical-align: baseline; 13} 14 15body { 16 font-size: 13px; 17 padding: 1em; 18} 19 20h1 { 21 font-size: 26px; 22 margin-bottom: 1em; 23} 24 25h2 { 26 font-size: 24px; 27 margin-bottom: 1em; 28} 29 30h3 { 31 font-size: 20px; 32 margin-bottom: 1em; 33 margin-top: 1em; 34} 35 36pre, code { 37 line-height: 1.5; 38 font-family: Monaco, 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Lucida Console', monospace; 39} 40 41pre { 42 margin-top: 0.5em; 43} 44 45h1, h2, h3, p { 46 font-family: Arial, sans serif; 47} 48 49h1, h2, h3 { 50 border-bottom: solid #CCC 1px; 51} 52 53.toc_element { 54 margin-top: 0.5em; 55} 56 57.firstline { 58 margin-left: 2 em; 59} 60 61.method { 62 margin-top: 1em; 63 border: solid 1px #CCC; 64 padding: 1em; 65 background: #EEE; 66} 67 68.details { 69 font-weight: bold; 70 font-size: 14px; 71} 72 73</style> 74 75<h1><a href="securitycenter_v1.html">Cloud Security Command Center API</a> . <a href="securitycenter_v1.organizations.html">organizations</a> . <a href="securitycenter_v1.organizations.assets.html">assets</a></h1> 76<h2>Instance Methods</h2> 77<p class="toc_element"> 78 <code><a href="#group">group(parent, body, x__xgafv=None)</a></code></p> 79<p class="firstline">Filters an organization's assets and groups them by their specified</p> 80<p class="toc_element"> 81 <code><a href="#group_next">group_next(previous_request, previous_response)</a></code></p> 82<p class="firstline">Retrieves the next page of results.</p> 83<p class="toc_element"> 84 <code><a href="#list">list(parent, orderBy=None, pageSize=None, x__xgafv=None, compareDuration=None, pageToken=None, fieldMask=None, readTime=None, filter=None)</a></code></p> 85<p class="firstline">Lists an organization's assets.</p> 86<p class="toc_element"> 87 <code><a href="#list_next">list_next(previous_request, previous_response)</a></code></p> 88<p class="firstline">Retrieves the next page of results.</p> 89<p class="toc_element"> 90 <code><a href="#runDiscovery">runDiscovery(parent, body=None, x__xgafv=None)</a></code></p> 91<p class="firstline">Runs asset discovery. The discovery is tracked with a long-running</p> 92<p class="toc_element"> 93 <code><a href="#updateSecurityMarks">updateSecurityMarks(name, body, startTime=None, updateMask=None, x__xgafv=None)</a></code></p> 94<p class="firstline">Updates security marks.</p> 95<h3>Method Details</h3> 96<div class="method"> 97 <code class="details" id="group">group(parent, body, x__xgafv=None)</code> 98 <pre>Filters an organization's assets and groups them by their specified 99properties. 100 101Args: 102 parent: string, Name of the organization to groupBy. Its format is 103"organizations/[organization_id]". (required) 104 body: object, The request body. (required) 105 The object takes the form of: 106 107{ # Request message for grouping by assets. 108 "compareDuration": "A String", # When compare_duration is set, the GroupResult's "state_change" property is 109 # updated to indicate whether the asset was added, removed, or remained 110 # present during the compare_duration period of time that precedes the 111 # read_time. This is the time between (read_time - compare_duration) and 112 # read_time. 113 # 114 # The state change value is derived based on the presence of the asset at the 115 # two points in time. Intermediate state changes between the two times don't 116 # affect the result. For example, the results aren't affected if the asset is 117 # removed and re-created again. 118 # 119 # Possible "state_change" values when compare_duration is specified: 120 # 121 # * "ADDED": indicates that the asset was not present at the start of 122 # compare_duration, but present at reference_time. 123 # * "REMOVED": indicates that the asset was present at the start of 124 # compare_duration, but not present at reference_time. 125 # * "ACTIVE": indicates that the asset was present at both the 126 # start and the end of the time period defined by 127 # compare_duration and reference_time. 128 # 129 # If compare_duration is not specified, then the only possible state_change 130 # is "UNUSED", which will be the state_change set for all assets present at 131 # read_time. 132 # 133 # If this field is set then `state_change` must be a specified field in 134 # `group_by`. 135 "pageSize": 42, # The maximum number of results to return in a single response. Default is 136 # 10, minimum is 1, maximum is 1000. 137 "filter": "A String", # Expression that defines the filter to apply across assets. 138 # The expression is a list of zero or more restrictions combined via logical 139 # operators `AND` and `OR`. 140 # Parentheses are supported, and `OR` has higher precedence than `AND`. 141 # 142 # Restrictions have the form `<field> <operator> <value>` and may have a `-` 143 # character in front of them to indicate negation. The fields map to those 144 # defined in the Asset resource. Examples include: 145 # 146 # * name 147 # * security_center_properties.resource_name 148 # * resource_properties.a_property 149 # * security_marks.marks.marka 150 # 151 # The supported operators are: 152 # 153 # * `=` for all value types. 154 # * `>`, `<`, `>=`, `<=` for integer values. 155 # * `:`, meaning substring matching, for strings. 156 # 157 # The supported value types are: 158 # 159 # * string literals in quotes. 160 # * integer literals without quotes. 161 # * boolean literals `true` and `false` without quotes. 162 # 163 # The following field and operator combinations are supported: 164 # 165 # * name: `=` 166 # * update_time: `>`, `<`, `>=`, `<=`, `=` 167 # * create_time: `>`, `<`, `>=`, `<=`, `=` 168 # * iam_policy.policy_blob: `=`, `:` 169 # * resource_properties: `=`, `:`, `>`, `<`, `>=`, `<=` 170 # * security_marks: `=`, `:` 171 # * security_center_properties.resource_name: `=`, `:` 172 # * security_center_properties.resource_type: `=`, `:` 173 # * security_center_properties.resource_parent: `=`, `:` 174 # * security_center_properties.resource_project: `=`, `:` 175 # * security_center_properties.resource_owners: `=`, `:` 176 # 177 # For example, `resource_properties.size = 100` is a valid filter string. 178 "pageToken": "A String", # The value returned by the last `GroupAssetsResponse`; indicates 179 # that this is a continuation of a prior `GroupAssets` call, and that the 180 # system should return the next page of data. 181 "groupBy": "A String", # Expression that defines what assets fields to use for grouping. The string 182 # value should follow SQL syntax: comma separated list of fields. For 183 # example: 184 # "security_center_properties.resource_project,security_center_properties.project". 185 # 186 # The following fields are supported when compare_duration is not set: 187 # 188 # * security_center_properties.resource_project 189 # * security_center_properties.resource_type 190 # * security_center_properties.resource_parent 191 # 192 # The following fields are supported when compare_duration is set: 193 # 194 # * security_center_properties.resource_type 195 "readTime": "A String", # Time used as a reference point when filtering assets. The filter is limited 196 # to assets existing at the supplied time and their values are those at that 197 # specific time. Absence of this field will default to the API's version of 198 # NOW. 199 } 200 201 x__xgafv: string, V1 error format. 202 Allowed values 203 1 - v1 error format 204 2 - v2 error format 205 206Returns: 207 An object of the form: 208 209 { # Response message for grouping by assets. 210 "nextPageToken": "A String", # Token to retrieve the next page of results, or empty if there are no more 211 # results. 212 "totalSize": 42, # The total number of results matching the query. 213 "groupByResults": [ # Group results. There exists an element for each existing unique 214 # combination of property/values. The element contains a count for the number 215 # of times those specific property/values appear. 216 { # Result containing the properties and count of a groupBy request. 217 "count": "A String", # Total count of resources for the given properties. 218 "properties": { # Properties matching the groupBy fields in the request. 219 "a_key": "", 220 }, 221 }, 222 ], 223 "readTime": "A String", # Time used for executing the groupBy request. 224 }</pre> 225</div> 226 227<div class="method"> 228 <code class="details" id="group_next">group_next(previous_request, previous_response)</code> 229 <pre>Retrieves the next page of results. 230 231Args: 232 previous_request: The request for the previous page. (required) 233 previous_response: The response from the request for the previous page. (required) 234 235Returns: 236 A request object that you can call 'execute()' on to request the next 237 page. Returns None if there are no more items in the collection. 238 </pre> 239</div> 240 241<div class="method"> 242 <code class="details" id="list">list(parent, orderBy=None, pageSize=None, x__xgafv=None, compareDuration=None, pageToken=None, fieldMask=None, readTime=None, filter=None)</code> 243 <pre>Lists an organization's assets. 244 245Args: 246 parent: string, Name of the organization assets should belong to. Its format is 247"organizations/[organization_id]". (required) 248 orderBy: string, Expression that defines what fields and order to use for sorting. The 249string value should follow SQL syntax: comma separated list of fields. For 250example: "name,resource_properties.a_property". The default sorting order 251is ascending. To specify descending order for a field, a suffix " desc" 252should be appended to the field name. For example: "name 253desc,resource_properties.a_property". Redundant space characters in the 254syntax are insignificant. "name desc,resource_properties.a_property" and " 255name desc , resource_properties.a_property " are equivalent. 256 257The following fields are supported: 258name 259update_time 260resource_properties 261security_marks 262security_center_properties.resource_name 263security_center_properties.resource_parent 264security_center_properties.resource_project 265security_center_properties.resource_type 266 pageSize: integer, The maximum number of results to return in a single response. Default is 26710, minimum is 1, maximum is 1000. 268 x__xgafv: string, V1 error format. 269 Allowed values 270 1 - v1 error format 271 2 - v2 error format 272 compareDuration: string, When compare_duration is set, the ListAssetsResult's "state_change" 273attribute is updated to indicate whether the asset was added, removed, or 274remained present during the compare_duration period of time that precedes 275the read_time. This is the time between (read_time - compare_duration) and 276read_time. 277 278The state_change value is derived based on the presence of the asset at the 279two points in time. Intermediate state changes between the two times don't 280affect the result. For example, the results aren't affected if the asset is 281removed and re-created again. 282 283Possible "state_change" values when compare_duration is specified: 284 285* "ADDED": indicates that the asset was not present at the start of 286 compare_duration, but present at read_time. 287* "REMOVED": indicates that the asset was present at the start of 288 compare_duration, but not present at read_time. 289* "ACTIVE": indicates that the asset was present at both the 290 start and the end of the time period defined by 291 compare_duration and read_time. 292 293If compare_duration is not specified, then the only possible state_change 294is "UNUSED", which will be the state_change set for all assets present at 295read_time. 296 pageToken: string, The value returned by the last `ListAssetsResponse`; indicates 297that this is a continuation of a prior `ListAssets` call, and 298that the system should return the next page of data. 299 fieldMask: string, Optional. 300 301A field mask to specify the ListAssetsResult fields to be listed in the 302response. 303An empty field mask will list all fields. 304 readTime: string, Time used as a reference point when filtering assets. The filter is limited 305to assets existing at the supplied time and their values are those at that 306specific time. Absence of this field will default to the API's version of 307NOW. 308 filter: string, Expression that defines the filter to apply across assets. 309The expression is a list of zero or more restrictions combined via logical 310operators `AND` and `OR`. 311Parentheses are supported, and `OR` has higher precedence than `AND`. 312 313Restrictions have the form `<field> <operator> <value>` and may have a `-` 314character in front of them to indicate negation. The fields map to those 315defined in the Asset resource. Examples include: 316 317* name 318* security_center_properties.resource_name 319* resource_properties.a_property 320* security_marks.marks.marka 321 322The supported operators are: 323 324* `=` for all value types. 325* `>`, `<`, `>=`, `<=` for integer values. 326* `:`, meaning substring matching, for strings. 327 328The supported value types are: 329 330* string literals in quotes. 331* integer literals without quotes. 332* boolean literals `true` and `false` without quotes. 333 334The following are the allowed field and operator combinations: 335 336* name: `=` 337* update_time: `>`, `<`, `>=`, `<=` 338* iam_policy.policy_blob: `=`, `:` 339* resource_properties: `=`, `:`, `>`, `<`, `>=`, `<=` 340* security_marks: `=`, `:` 341* security_center_properties.resource_name: `=`, `:` 342* security_center_properties.resource_type: `=`, `:` 343* security_center_properties.resource_parent: `=`, `:` 344* security_center_properties.resource_project: `=`, `:` 345* security_center_properties.resource_owners: `=`, `:` 346 347For example, `resource_properties.size = 100` is a valid filter string. 348 349Returns: 350 An object of the form: 351 352 { # Response message for listing assets. 353 "nextPageToken": "A String", # Token to retrieve the next page of results, or empty if there are no more 354 # results. 355 "totalSize": 42, # The total number of assets matching the query. 356 "listAssetsResults": [ # Assets matching the list request. 357 { # Result containing the Asset and its State. 358 "stateChange": "A String", # State change of the asset between the points in time. 359 "asset": { # Cloud Security Command Center's (Cloud SCC) representation of a Google Cloud # Asset matching the search request. 360 # Platform (GCP) resource. 361 # 362 # The Asset is a Cloud SCC resource that captures information about a single 363 # GCP resource. All modifications to an Asset are only within the context of 364 # Cloud SCC and don't affect the referenced GCP resource. 365 "updateTime": "A String", # The time at which the asset was last updated, added, or deleted in Cloud 366 # SCC. 367 "name": "A String", # The relative resource name of this asset. See: 368 # https://cloud.google.com/apis/design/resource_names#relative_resource_name 369 # Example: 370 # "organizations/123/assets/456". 371 "securityCenterProperties": { # Cloud SCC managed properties. These properties are managed by Cloud SCC and # Cloud SCC managed properties. These properties are managed by 372 # Cloud SCC and cannot be modified by the user. 373 # cannot be modified by the user. 374 "resourceType": "A String", # The type of the GCP resource. Examples include: APPLICATION, 375 # PROJECT, and ORGANIZATION. This is a case insensitive field defined by 376 # Cloud SCC and/or the producer of the resource and is immutable 377 # after create time. 378 "resourceName": "A String", # The full resource name of the GCP resource this asset 379 # represents. This field is immutable after create time. See: 380 # https://cloud.google.com/apis/design/resource_names#full_resource_name 381 "resourceParent": "A String", # The full resource name of the immediate parent of the resource. See: 382 # https://cloud.google.com/apis/design/resource_names#full_resource_name 383 "resourceProject": "A String", # The full resource name of the project the resource belongs to. See: 384 # https://cloud.google.com/apis/design/resource_names#full_resource_name 385 "resourceOwners": [ # Owners of the Google Cloud resource. 386 "A String", 387 ], 388 }, 389 "resourceProperties": { # Resource managed properties. These properties are managed and defined by 390 # the GCP resource and cannot be modified by the user. 391 "a_key": "", 392 }, 393 "iamPolicy": { # IAM Policy information associated with the GCP resource described by the # IAM Policy information associated with the GCP resource described by the 394 # Cloud SCC asset. This information is managed and defined by the GCP 395 # resource and cannot be modified by the user. 396 # Cloud SCC asset. This information is managed and defined by the GCP 397 # resource and cannot be modified by the user. 398 "policyBlob": "A String", # The JSON representation of the Policy associated with the asset. 399 # See https://cloud.google.com/iam/reference/rest/v1/Policy for format 400 # details. 401 }, 402 "securityMarks": { # User specified security marks that are attached to the parent Cloud Security # User specified security marks. These marks are entirely managed by the user 403 # and come from the SecurityMarks resource that belongs to the asset. 404 # Command Center (Cloud SCC) resource. Security marks are scoped within a Cloud 405 # SCC organization -- they can be modified and viewed by all users who have 406 # proper permissions on the organization. 407 "name": "A String", # The relative resource name of the SecurityMarks. See: 408 # https://cloud.google.com/apis/design/resource_names#relative_resource_name 409 # Examples: 410 # "organizations/123/assets/456/securityMarks" 411 # "organizations/123/sources/456/findings/789/securityMarks". 412 "marks": { # Mutable user specified security marks belonging to the parent resource. 413 # Constraints are as follows: 414 # - Keys and values are treated as case insensitive 415 # - Keys must be between 1 - 256 characters (inclusive) 416 # - Keys must be letters, numbers, underscores, or dashes 417 # - Values have leading and trailing whitespace trimmed, remaining 418 # characters must be between 1 - 4096 characters (inclusive) 419 "a_key": "A String", 420 }, 421 }, 422 "createTime": "A String", # The time at which the asset was created in Cloud SCC. 423 }, 424 }, 425 ], 426 "readTime": "A String", # Time used for executing the list request. 427 }</pre> 428</div> 429 430<div class="method"> 431 <code class="details" id="list_next">list_next(previous_request, previous_response)</code> 432 <pre>Retrieves the next page of results. 433 434Args: 435 previous_request: The request for the previous page. (required) 436 previous_response: The response from the request for the previous page. (required) 437 438Returns: 439 A request object that you can call 'execute()' on to request the next 440 page. Returns None if there are no more items in the collection. 441 </pre> 442</div> 443 444<div class="method"> 445 <code class="details" id="runDiscovery">runDiscovery(parent, body=None, x__xgafv=None)</code> 446 <pre>Runs asset discovery. The discovery is tracked with a long-running 447operation. 448 449This API can only be called with limited frequency for an organization. If 450it is called too frequently the caller will receive a TOO_MANY_REQUESTS 451error. 452 453Args: 454 parent: string, Name of the organization to run asset discovery for. Its format is 455"organizations/[organization_id]". (required) 456 body: object, The request body. 457 The object takes the form of: 458 459{ # Request message for running asset discovery for an organization. 460 } 461 462 x__xgafv: string, V1 error format. 463 Allowed values 464 1 - v1 error format 465 2 - v2 error format 466 467Returns: 468 An object of the form: 469 470 { # This resource represents a long-running operation that is the result of a 471 # network API call. 472 "metadata": { # Service-specific metadata associated with the operation. It typically 473 # contains progress information and common metadata such as create time. 474 # Some services might not provide such metadata. Any method that returns a 475 # long-running operation should document the metadata type, if any. 476 "a_key": "", # Properties of the object. Contains field @type with type URL. 477 }, 478 "error": { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation. 479 # different programming environments, including REST APIs and RPC APIs. It is 480 # used by [gRPC](https://github.com/grpc). Each `Status` message contains 481 # three pieces of data: error code, error message, and error details. 482 # 483 # You can find out more about this error model and how to work with it in the 484 # [API Design Guide](https://cloud.google.com/apis/design/errors). 485 "message": "A String", # A developer-facing error message, which should be in English. Any 486 # user-facing error message should be localized and sent in the 487 # google.rpc.Status.details field, or localized by the client. 488 "code": 42, # The status code, which should be an enum value of google.rpc.Code. 489 "details": [ # A list of messages that carry the error details. There is a common set of 490 # message types for APIs to use. 491 { 492 "a_key": "", # Properties of the object. Contains field @type with type URL. 493 }, 494 ], 495 }, 496 "done": True or False, # If the value is `false`, it means the operation is still in progress. 497 # If `true`, the operation is completed, and either `error` or `response` is 498 # available. 499 "response": { # The normal response of the operation in case of success. If the original 500 # method returns no data on success, such as `Delete`, the response is 501 # `google.protobuf.Empty`. If the original method is standard 502 # `Get`/`Create`/`Update`, the response should be the resource. For other 503 # methods, the response should have the type `XxxResponse`, where `Xxx` 504 # is the original method name. For example, if the original method name 505 # is `TakeSnapshot()`, the inferred response type is 506 # `TakeSnapshotResponse`. 507 "a_key": "", # Properties of the object. Contains field @type with type URL. 508 }, 509 "name": "A String", # The server-assigned name, which is only unique within the same service that 510 # originally returns it. If you use the default HTTP mapping, the 511 # `name` should be a resource name ending with `operations/{unique_id}`. 512 }</pre> 513</div> 514 515<div class="method"> 516 <code class="details" id="updateSecurityMarks">updateSecurityMarks(name, body, startTime=None, updateMask=None, x__xgafv=None)</code> 517 <pre>Updates security marks. 518 519Args: 520 name: string, The relative resource name of the SecurityMarks. See: 521https://cloud.google.com/apis/design/resource_names#relative_resource_name 522Examples: 523"organizations/123/assets/456/securityMarks" 524"organizations/123/sources/456/findings/789/securityMarks". (required) 525 body: object, The request body. (required) 526 The object takes the form of: 527 528{ # User specified security marks that are attached to the parent Cloud Security 529 # Command Center (Cloud SCC) resource. Security marks are scoped within a Cloud 530 # SCC organization -- they can be modified and viewed by all users who have 531 # proper permissions on the organization. 532 "name": "A String", # The relative resource name of the SecurityMarks. See: 533 # https://cloud.google.com/apis/design/resource_names#relative_resource_name 534 # Examples: 535 # "organizations/123/assets/456/securityMarks" 536 # "organizations/123/sources/456/findings/789/securityMarks". 537 "marks": { # Mutable user specified security marks belonging to the parent resource. 538 # Constraints are as follows: 539 # - Keys and values are treated as case insensitive 540 # - Keys must be between 1 - 256 characters (inclusive) 541 # - Keys must be letters, numbers, underscores, or dashes 542 # - Values have leading and trailing whitespace trimmed, remaining 543 # characters must be between 1 - 4096 characters (inclusive) 544 "a_key": "A String", 545 }, 546} 547 548 startTime: string, The time at which the updated SecurityMarks take effect. 549If not set uses current server time. Updates will be applied to the 550SecurityMarks that are active immediately preceding this time. 551 updateMask: string, The FieldMask to use when updating the security marks resource. 552 553The field mask must not contain duplicate fields. 554If empty or set to "marks", all marks will be replaced. Individual 555marks can be updated using "marks.<mark_key>". 556 x__xgafv: string, V1 error format. 557 Allowed values 558 1 - v1 error format 559 2 - v2 error format 560 561Returns: 562 An object of the form: 563 564 { # User specified security marks that are attached to the parent Cloud Security 565 # Command Center (Cloud SCC) resource. Security marks are scoped within a Cloud 566 # SCC organization -- they can be modified and viewed by all users who have 567 # proper permissions on the organization. 568 "name": "A String", # The relative resource name of the SecurityMarks. See: 569 # https://cloud.google.com/apis/design/resource_names#relative_resource_name 570 # Examples: 571 # "organizations/123/assets/456/securityMarks" 572 # "organizations/123/sources/456/findings/789/securityMarks". 573 "marks": { # Mutable user specified security marks belonging to the parent resource. 574 # Constraints are as follows: 575 # - Keys and values are treated as case insensitive 576 # - Keys must be between 1 - 256 characters (inclusive) 577 # - Keys must be letters, numbers, underscores, or dashes 578 # - Values have leading and trailing whitespace trimmed, remaining 579 # characters must be between 1 - 4096 characters (inclusive) 580 "a_key": "A String", 581 }, 582 }</pre> 583</div> 584 585</body></html>