1// Copyright 2023 Google LLC 2// 3// Licensed under the Apache License, Version 2.0 (the "License"); 4// you may not use this file except in compliance with the License. 5// You may obtain a copy of the License at 6// 7// http://www.apache.org/licenses/LICENSE-2.0 8// 9// Unless required by applicable law or agreed to in writing, software 10// distributed under the License is distributed on an "AS IS" BASIS, 11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12// See the License for the specific language governing permissions and 13// limitations under the License. 14 15syntax = "proto3"; 16 17package google.cloud.securitycenter.v1; 18 19import "google/type/expr.proto"; 20 21option csharp_namespace = "Google.Cloud.SecurityCenter.V1"; 22option go_package = "cloud.google.com/go/securitycenter/apiv1/securitycenterpb;securitycenterpb"; 23option java_multiple_files = true; 24option java_outer_classname = "SecurityHealthAnalyticsCustomConfigProto"; 25option java_package = "com.google.cloud.securitycenter.v1"; 26option php_namespace = "Google\\Cloud\\SecurityCenter\\V1"; 27option ruby_package = "Google::Cloud::SecurityCenter::V1"; 28 29// Defines the properties in a custom module configuration for Security 30// Health Analytics. Use the custom module configuration to create custom 31// detectors that generate custom findings for resources that you specify. 32message CustomConfig { 33 // A set of optional name-value pairs that define custom source properties to 34 // return with each finding that is generated by the custom module. The custom 35 // source properties that are defined here are included in the finding JSON 36 // under `sourceProperties`. 37 message CustomOutputSpec { 38 // An individual name-value pair that defines a custom source property. 39 message Property { 40 // Name of the property for the custom output. 41 string name = 1; 42 43 // The CEL expression for the custom output. A resource property can be 44 // specified to return the value of the property or a text string enclosed 45 // in quotation marks. 46 google.type.Expr value_expression = 2; 47 } 48 49 // A list of custom output properties to add to the finding. 50 repeated Property properties = 1; 51 } 52 53 // Resource for selecting resource type. 54 message ResourceSelector { 55 // The resource types to run the detector on. 56 repeated string resource_types = 1; 57 } 58 59 // Defines the valid value options for the severity of a finding. 60 enum Severity { 61 // Unspecified severity. 62 SEVERITY_UNSPECIFIED = 0; 63 64 // Critical severity. 65 CRITICAL = 1; 66 67 // High severity. 68 HIGH = 2; 69 70 // Medium severity. 71 MEDIUM = 3; 72 73 // Low severity. 74 LOW = 4; 75 } 76 77 // The CEL expression to evaluate to produce findings. When the expression 78 // evaluates to true against a resource, a finding is generated. 79 google.type.Expr predicate = 1; 80 81 // Custom output properties. 82 CustomOutputSpec custom_output = 2; 83 84 // The resource types that the custom module operates on. Each custom module 85 // can specify up to 5 resource types. 86 ResourceSelector resource_selector = 3; 87 88 // The severity to assign to findings generated by the module. 89 Severity severity = 4; 90 91 // Text that describes the vulnerability or misconfiguration that the custom 92 // module detects. This explanation is returned with each finding instance to 93 // help investigators understand the detected issue. The text must be enclosed 94 // in quotation marks. 95 string description = 5; 96 97 // An explanation of the recommended steps that security teams can take to 98 // resolve the detected issue. This explanation is returned with each finding 99 // generated by this module in the `nextSteps` property of the finding JSON. 100 string recommendation = 6; 101} 102