SECURITYCENTER
securitycenter.folders.assets.group
valid {
input.Body.compareDuration == STRING
input.Body.filter == STRING
input.Body.groupBy == STRING
input.Body.pageSize == INTEGER
input.Body.pageToken == STRING
input.Body.readTime == STRING
input.ReqMap.parent == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.folders.assets.list
valid {
input.ReqMap.parent == STRING
input.Qs.compareDuration == STRING
input.Qs.fieldMask == STRING
input.Qs.filter == STRING
input.Qs.orderBy == STRING
input.Qs.pageSize == INTEGER
input.Qs.pageToken == STRING
input.Qs.readTime == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.folders.assets.updateSecurityMarks
valid {
input.Body.canonicalName == STRING
input.Body.marks.STRING == STRING
input.Body.name == STRING
input.ReqMap.name == STRING
input.Qs.startTime == STRING
input.Qs.updateMask == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.folders.bigQueryExports.create
valid {
input.Body.dataset == STRING
input.Body.description == STRING
input.Body.filter == STRING
input.Body.name == STRING
input.ReqMap.parent == STRING
input.Qs.bigQueryExportId == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.folders.bigQueryExports.delete
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.folders.bigQueryExports.get
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.folders.bigQueryExports.list
valid {
input.ReqMap.parent == STRING
input.Qs.pageSize == INTEGER
input.Qs.pageToken == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.folders.bigQueryExports.patch
valid {
input.Body.dataset == STRING
input.Body.description == STRING
input.Body.filter == STRING
input.Body.name == STRING
input.ReqMap.name == STRING
input.Qs.updateMask == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.folders.containerThreatDetectionSettings.calculate
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.folders.eventThreatDetectionSettings.calculate
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.folders.eventThreatDetectionSettings.customModules.create
enum_EventThreatDetectionCustomModuleEnablementState := [ "ENABLEMENT_STATE_UNSPECIFIED", "ENABLED", "DISABLED", "INHERITED" ]
valid {
input.Body.config.STRING == ANY
input.Body.description == STRING
input.Body.displayName == STRING
input.Body.enablementState == enum_EventThreatDetectionCustomModuleEnablementState[_]
input.Body.name == STRING
input.Body.type == STRING
input.ReqMap.parent == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.folders.eventThreatDetectionSettings.customModules.delete
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.folders.eventThreatDetectionSettings.customModules.get
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.folders.eventThreatDetectionSettings.customModules.list
valid {
input.ReqMap.parent == STRING
input.Qs.pageSize == INTEGER
input.Qs.pageToken == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.folders.eventThreatDetectionSettings.customModules.listDescendant
valid {
input.ReqMap.parent == STRING
input.Qs.pageSize == INTEGER
input.Qs.pageToken == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.folders.eventThreatDetectionSettings.customModules.patch
enum_EventThreatDetectionCustomModuleEnablementState := [ "ENABLEMENT_STATE_UNSPECIFIED", "ENABLED", "DISABLED", "INHERITED" ]
valid {
input.Body.config.STRING == ANY
input.Body.description == STRING
input.Body.displayName == STRING
input.Body.enablementState == enum_EventThreatDetectionCustomModuleEnablementState[_]
input.Body.name == STRING
input.Body.type == STRING
input.ReqMap.name == STRING
input.Qs.updateMask == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.folders.eventThreatDetectionSettings.effectiveCustomModules.get
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.folders.eventThreatDetectionSettings.effectiveCustomModules.list
valid {
input.ReqMap.parent == STRING
input.Qs.pageSize == INTEGER
input.Qs.pageToken == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.folders.eventThreatDetectionSettings.validateCustomModule
valid {
input.Body.rawText == STRING
input.Body.type == STRING
input.ReqMap.parent == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.folders.findings.bulkMute
valid {
input.Body.filter == STRING
input.Body.muteAnnotation == STRING
input.ReqMap.parent == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.folders.getContainerThreatDetectionSettings
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.folders.getEventThreatDetectionSettings
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.folders.getRapidVulnerabilityDetectionSettings
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.folders.getSecurityCenterSettings
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.folders.getSecurityHealthAnalyticsSettings
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.folders.getVirtualMachineThreatDetectionSettings
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.folders.getWebSecurityScannerSettings
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.folders.locations.muteConfigs.delete
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.folders.locations.muteConfigs.get
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.folders.locations.muteConfigs.patch
valid {
input.Body.description == STRING
input.Body.displayName == STRING
input.Body.filter == STRING
input.Body.name == STRING
input.ReqMap.name == STRING
input.Qs.updateMask == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.folders.muteConfigs.create
valid {
input.Body.description == STRING
input.Body.displayName == STRING
input.Body.filter == STRING
input.Body.name == STRING
input.ReqMap.parent == STRING
input.Qs.muteConfigId == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.folders.muteConfigs.delete
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.folders.muteConfigs.get
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.folders.muteConfigs.list
valid {
input.ReqMap.parent == STRING
input.Qs.pageSize == INTEGER
input.Qs.pageToken == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.folders.muteConfigs.patch
valid {
input.Body.description == STRING
input.Body.displayName == STRING
input.Body.filter == STRING
input.Body.name == STRING
input.ReqMap.name == STRING
input.Qs.updateMask == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.folders.notificationConfigs.create
valid {
input.Body.description == STRING
input.Body.name == STRING
input.Body.pubsubTopic == STRING
input.Body.streamingConfig.filter == STRING
input.ReqMap.parent == STRING
input.Qs.configId == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.folders.notificationConfigs.delete
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.folders.notificationConfigs.get
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.folders.notificationConfigs.list
valid {
input.ReqMap.parent == STRING
input.Qs.pageSize == INTEGER
input.Qs.pageToken == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.folders.notificationConfigs.patch
valid {
input.Body.description == STRING
input.Body.name == STRING
input.Body.pubsubTopic == STRING
input.Body.streamingConfig.filter == STRING
input.ReqMap.name == STRING
input.Qs.updateMask == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.folders.rapidVulnerabilityDetectionSettings.calculate
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.folders.securityHealthAnalyticsSettings.calculate
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.folders.securityHealthAnalyticsSettings.customModules.create
enum_GoogleCloudSecuritycenterV1CustomConfigSeverity := [ "SEVERITY_UNSPECIFIED", "CRITICAL", "HIGH", "MEDIUM", "LOW" ]
enum_GoogleCloudSecuritycenterV1SecurityHealthAnalyticsCustomModuleEnablementState := [ "ENABLEMENT_STATE_UNSPECIFIED", "ENABLED", "DISABLED", "INHERITED" ]
valid {
input.Body.customConfig.customOutput.properties[_].name == STRING
input.Body.customConfig.customOutput.properties[_].valueExpression.description == STRING
input.Body.customConfig.customOutput.properties[_].valueExpression.expression == STRING
input.Body.customConfig.customOutput.properties[_].valueExpression.location == STRING
input.Body.customConfig.customOutput.properties[_].valueExpression.title == STRING
input.Body.customConfig.description == STRING
input.Body.customConfig.predicate.description == STRING
input.Body.customConfig.predicate.expression == STRING
input.Body.customConfig.predicate.location == STRING
input.Body.customConfig.predicate.title == STRING
input.Body.customConfig.recommendation == STRING
input.Body.customConfig.resourceSelector.resourceTypes[_] == STRING
input.Body.customConfig.severity == enum_GoogleCloudSecuritycenterV1CustomConfigSeverity[_]
input.Body.displayName == STRING
input.Body.enablementState == enum_GoogleCloudSecuritycenterV1SecurityHealthAnalyticsCustomModuleEnablementState[_]
input.Body.name == STRING
input.ReqMap.parent == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.folders.securityHealthAnalyticsSettings.customModules.delete
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.folders.securityHealthAnalyticsSettings.customModules.get
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.folders.securityHealthAnalyticsSettings.customModules.list
valid {
input.ReqMap.parent == STRING
input.Qs.pageSize == INTEGER
input.Qs.pageToken == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.folders.securityHealthAnalyticsSettings.customModules.listDescendant
valid {
input.ReqMap.parent == STRING
input.Qs.pageSize == INTEGER
input.Qs.pageToken == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.folders.securityHealthAnalyticsSettings.customModules.patch
enum_GoogleCloudSecuritycenterV1CustomConfigSeverity := [ "SEVERITY_UNSPECIFIED", "CRITICAL", "HIGH", "MEDIUM", "LOW" ]
enum_GoogleCloudSecuritycenterV1SecurityHealthAnalyticsCustomModuleEnablementState := [ "ENABLEMENT_STATE_UNSPECIFIED", "ENABLED", "DISABLED", "INHERITED" ]
valid {
input.Body.customConfig.customOutput.properties[_].name == STRING
input.Body.customConfig.customOutput.properties[_].valueExpression.description == STRING
input.Body.customConfig.customOutput.properties[_].valueExpression.expression == STRING
input.Body.customConfig.customOutput.properties[_].valueExpression.location == STRING
input.Body.customConfig.customOutput.properties[_].valueExpression.title == STRING
input.Body.customConfig.description == STRING
input.Body.customConfig.predicate.description == STRING
input.Body.customConfig.predicate.expression == STRING
input.Body.customConfig.predicate.location == STRING
input.Body.customConfig.predicate.title == STRING
input.Body.customConfig.recommendation == STRING
input.Body.customConfig.resourceSelector.resourceTypes[_] == STRING
input.Body.customConfig.severity == enum_GoogleCloudSecuritycenterV1CustomConfigSeverity[_]
input.Body.displayName == STRING
input.Body.enablementState == enum_GoogleCloudSecuritycenterV1SecurityHealthAnalyticsCustomModuleEnablementState[_]
input.Body.name == STRING
input.ReqMap.name == STRING
input.Qs.updateMask == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.folders.securityHealthAnalyticsSettings.customModules.simulate
enum_AuditLogConfigLogType := [ "LOG_TYPE_UNSPECIFIED", "ADMIN_READ", "DATA_WRITE", "DATA_READ" ]
enum_GoogleCloudSecuritycenterV1CustomConfigSeverity := [ "SEVERITY_UNSPECIFIED", "CRITICAL", "HIGH", "MEDIUM", "LOW" ]
valid {
input.Body.customConfig.customOutput.properties[_].name == STRING
input.Body.customConfig.customOutput.properties[_].valueExpression.description == STRING
input.Body.customConfig.customOutput.properties[_].valueExpression.expression == STRING
input.Body.customConfig.customOutput.properties[_].valueExpression.location == STRING
input.Body.customConfig.customOutput.properties[_].valueExpression.title == STRING
input.Body.customConfig.description == STRING
input.Body.customConfig.predicate.description == STRING
input.Body.customConfig.predicate.expression == STRING
input.Body.customConfig.predicate.location == STRING
input.Body.customConfig.predicate.title == STRING
input.Body.customConfig.recommendation == STRING
input.Body.customConfig.resourceSelector.resourceTypes[_] == STRING
input.Body.customConfig.severity == enum_GoogleCloudSecuritycenterV1CustomConfigSeverity[_]
input.Body.resource.iamPolicyData.auditConfigs[_].auditLogConfigs[_].exemptedMembers[_] == STRING
input.Body.resource.iamPolicyData.auditConfigs[_].auditLogConfigs[_].logType == enum_AuditLogConfigLogType[_]
input.Body.resource.iamPolicyData.auditConfigs[_].service == STRING
input.Body.resource.iamPolicyData.bindings[_].condition.description == STRING
input.Body.resource.iamPolicyData.bindings[_].condition.expression == STRING
input.Body.resource.iamPolicyData.bindings[_].condition.location == STRING
input.Body.resource.iamPolicyData.bindings[_].condition.title == STRING
input.Body.resource.iamPolicyData.bindings[_].members[_] == STRING
input.Body.resource.iamPolicyData.bindings[_].role == STRING
input.Body.resource.iamPolicyData.etag == STRING
input.Body.resource.iamPolicyData.version == INTEGER
input.Body.resource.resourceData.STRING == ANY
input.Body.resource.resourceType == STRING
input.ReqMap.parent == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.folders.securityHealthAnalyticsSettings.effectiveCustomModules.get
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.folders.securityHealthAnalyticsSettings.effectiveCustomModules.list
valid {
input.ReqMap.parent == STRING
input.Qs.pageSize == INTEGER
input.Qs.pageToken == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.folders.sources.findings.externalSystems.patch
valid {
input.Body.assignees[_] == STRING
input.Body.caseCloseTime == STRING
input.Body.caseCreateTime == STRING
input.Body.casePriority == STRING
input.Body.caseSla == STRING
input.Body.caseUri == STRING
input.Body.externalSystemUpdateTime == STRING
input.Body.externalUid == STRING
input.Body.name == STRING
input.Body.status == STRING
input.Body.ticketInfo.assignee == STRING
input.Body.ticketInfo.description == STRING
input.Body.ticketInfo.id == STRING
input.Body.ticketInfo.status == STRING
input.Body.ticketInfo.updateTime == STRING
input.Body.ticketInfo.uri == STRING
input.ReqMap.name == STRING
input.Qs.updateMask == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.folders.sources.findings.group
valid {
input.Body.compareDuration == STRING
input.Body.filter == STRING
input.Body.groupBy == STRING
input.Body.pageSize == INTEGER
input.Body.pageToken == STRING
input.Body.readTime == STRING
input.ReqMap.parent == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.folders.sources.findings.list
valid {
input.ReqMap.parent == STRING
input.Qs.compareDuration == STRING
input.Qs.fieldMask == STRING
input.Qs.filter == STRING
input.Qs.orderBy == STRING
input.Qs.pageSize == INTEGER
input.Qs.pageToken == STRING
input.Qs.readTime == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.folders.sources.findings.patch
enum_AttackExposureState := [ "STATE_UNSPECIFIED", "CALCULATED", "NOT_CALCULATED" ]
enum_CloudDlpDataProfileParentType := [ "PARENT_TYPE_UNSPECIFIED", "ORGANIZATION", "PROJECT" ]
enum_ConnectionProtocol := [ "PROTOCOL_UNSPECIFIED", "ICMP", "TCP", "UDP", "GRE", "ESP" ]
enum_CveExploitationActivity := [ "EXPLOITATION_ACTIVITY_UNSPECIFIED", "WIDE", "CONFIRMED", "AVAILABLE", "ANTICIPATED", "NO_KNOWN" ]
enum_CveImpact := [ "RISK_RATING_UNSPECIFIED", "LOW", "MEDIUM", "HIGH", "CRITICAL" ]
enum_Cvssv3AttackComplexity := [ "ATTACK_COMPLEXITY_UNSPECIFIED", "ATTACK_COMPLEXITY_LOW", "ATTACK_COMPLEXITY_HIGH" ]
enum_Cvssv3AttackVector := [ "ATTACK_VECTOR_UNSPECIFIED", "ATTACK_VECTOR_NETWORK", "ATTACK_VECTOR_ADJACENT", "ATTACK_VECTOR_LOCAL", "ATTACK_VECTOR_PHYSICAL" ]
enum_Cvssv3AvailabilityImpact := [ "IMPACT_UNSPECIFIED", "IMPACT_HIGH", "IMPACT_LOW", "IMPACT_NONE" ]
enum_Cvssv3ConfidentialityImpact := [ "IMPACT_UNSPECIFIED", "IMPACT_HIGH", "IMPACT_LOW", "IMPACT_NONE" ]
enum_Cvssv3IntegrityImpact := [ "IMPACT_UNSPECIFIED", "IMPACT_HIGH", "IMPACT_LOW", "IMPACT_NONE" ]
enum_Cvssv3PrivilegesRequired := [ "PRIVILEGES_REQUIRED_UNSPECIFIED", "PRIVILEGES_REQUIRED_NONE", "PRIVILEGES_REQUIRED_LOW", "PRIVILEGES_REQUIRED_HIGH" ]
enum_Cvssv3Scope := [ "SCOPE_UNSPECIFIED", "SCOPE_UNCHANGED", "SCOPE_CHANGED" ]
enum_Cvssv3UserInteraction := [ "USER_INTERACTION_UNSPECIFIED", "USER_INTERACTION_NONE", "USER_INTERACTION_REQUIRED" ]
enum_FindingFindingClass := [ "FINDING_CLASS_UNSPECIFIED", "THREAT", "VULNERABILITY", "MISCONFIGURATION", "OBSERVATION", "SCC_ERROR", "POSTURE_VIOLATION" ]
enum_FindingMute := [ "MUTE_UNSPECIFIED", "MUTED", "UNMUTED", "UNDEFINED" ]
enum_FindingSeverity := [ "SEVERITY_UNSPECIFIED", "CRITICAL", "HIGH", "MEDIUM", "LOW" ]
enum_FindingState := [ "STATE_UNSPECIFIED", "ACTIVE", "INACTIVE" ]
enum_IamBindingAction := [ "ACTION_UNSPECIFIED", "ADD", "REMOVE" ]
enum_MitreAttackAdditionalTactics := [ "TACTIC_UNSPECIFIED", "RECONNAISSANCE", "RESOURCE_DEVELOPMENT", "INITIAL_ACCESS", "EXECUTION", "PERSISTENCE", "PRIVILEGE_ESCALATION", "DEFENSE_EVASION", "CREDENTIAL_ACCESS", "DISCOVERY", "LATERAL_MOVEMENT", "COLLECTION", "COMMAND_AND_CONTROL", "EXFILTRATION", "IMPACT" ]
enum_MitreAttackAdditionalTechniques := [ "TECHNIQUE_UNSPECIFIED", "MASQUERADING", "MATCH_LEGITIMATE_NAME_OR_LOCATION", "BOOT_OR_LOGON_INITIALIZATION_SCRIPTS", "STARTUP_ITEMS", "NETWORK_SERVICE_DISCOVERY", "PROCESS_DISCOVERY", "COMMAND_AND_SCRIPTING_INTERPRETER", "UNIX_SHELL", "PYTHON", "PERMISSION_GROUPS_DISCOVERY", "CLOUD_GROUPS", "APPLICATION_LAYER_PROTOCOL", "DNS", "SOFTWARE_DEPLOYMENT_TOOLS", "VALID_ACCOUNTS", "DEFAULT_ACCOUNTS", "LOCAL_ACCOUNTS", "CLOUD_ACCOUNTS", "PROXY", "EXTERNAL_PROXY", "MULTI_HOP_PROXY", "ACCOUNT_MANIPULATION", "ADDITIONAL_CLOUD_CREDENTIALS", "SSH_AUTHORIZED_KEYS", "ADDITIONAL_CONTAINER_CLUSTER_ROLES", "INGRESS_TOOL_TRANSFER", "NATIVE_API", "BRUTE_FORCE", "SHARED_MODULES", "ACCESS_TOKEN_MANIPULATION", "TOKEN_IMPERSONATION_OR_THEFT", "EXPLOIT_PUBLIC_FACING_APPLICATION", "DOMAIN_POLICY_MODIFICATION", "DATA_DESTRUCTION", "SERVICE_STOP", "INHIBIT_SYSTEM_RECOVERY", "RESOURCE_HIJACKING", "NETWORK_DENIAL_OF_SERVICE", "CLOUD_SERVICE_DISCOVERY", "STEAL_APPLICATION_ACCESS_TOKEN", "ACCOUNT_ACCESS_REMOVAL", "STEAL_WEB_SESSION_COOKIE", "CREATE_OR_MODIFY_SYSTEM_PROCESS", "ABUSE_ELEVATION_CONTROL_MECHANISM", "UNSECURED_CREDENTIALS", "MODIFY_AUTHENTICATION_PROCESS", "IMPAIR_DEFENSES", "DISABLE_OR_MODIFY_TOOLS", "EXFILTRATION_OVER_WEB_SERVICE", "EXFILTRATION_TO_CLOUD_STORAGE", "DYNAMIC_RESOLUTION", "LATERAL_TOOL_TRANSFER", "MODIFY_CLOUD_COMPUTE_INFRASTRUCTURE", "CREATE_SNAPSHOT", "CLOUD_INFRASTRUCTURE_DISCOVERY", "OBTAIN_CAPABILITIES", "ACTIVE_SCANNING", "SCANNING_IP_BLOCKS", "CONTAINER_AND_RESOURCE_DISCOVERY" ]
enum_MitreAttackPrimaryTactic := [ "TACTIC_UNSPECIFIED", "RECONNAISSANCE", "RESOURCE_DEVELOPMENT", "INITIAL_ACCESS", "EXECUTION", "PERSISTENCE", "PRIVILEGE_ESCALATION", "DEFENSE_EVASION", "CREDENTIAL_ACCESS", "DISCOVERY", "LATERAL_MOVEMENT", "COLLECTION", "COMMAND_AND_CONTROL", "EXFILTRATION", "IMPACT" ]
enum_MitreAttackPrimaryTechniques := [ "TECHNIQUE_UNSPECIFIED", "MASQUERADING", "MATCH_LEGITIMATE_NAME_OR_LOCATION", "BOOT_OR_LOGON_INITIALIZATION_SCRIPTS", "STARTUP_ITEMS", "NETWORK_SERVICE_DISCOVERY", "PROCESS_DISCOVERY", "COMMAND_AND_SCRIPTING_INTERPRETER", "UNIX_SHELL", "PYTHON", "PERMISSION_GROUPS_DISCOVERY", "CLOUD_GROUPS", "APPLICATION_LAYER_PROTOCOL", "DNS", "SOFTWARE_DEPLOYMENT_TOOLS", "VALID_ACCOUNTS", "DEFAULT_ACCOUNTS", "LOCAL_ACCOUNTS", "CLOUD_ACCOUNTS", "PROXY", "EXTERNAL_PROXY", "MULTI_HOP_PROXY", "ACCOUNT_MANIPULATION", "ADDITIONAL_CLOUD_CREDENTIALS", "SSH_AUTHORIZED_KEYS", "ADDITIONAL_CONTAINER_CLUSTER_ROLES", "INGRESS_TOOL_TRANSFER", "NATIVE_API", "BRUTE_FORCE", "SHARED_MODULES", "ACCESS_TOKEN_MANIPULATION", "TOKEN_IMPERSONATION_OR_THEFT", "EXPLOIT_PUBLIC_FACING_APPLICATION", "DOMAIN_POLICY_MODIFICATION", "DATA_DESTRUCTION", "SERVICE_STOP", "INHIBIT_SYSTEM_RECOVERY", "RESOURCE_HIJACKING", "NETWORK_DENIAL_OF_SERVICE", "CLOUD_SERVICE_DISCOVERY", "STEAL_APPLICATION_ACCESS_TOKEN", "ACCOUNT_ACCESS_REMOVAL", "STEAL_WEB_SESSION_COOKIE", "CREATE_OR_MODIFY_SYSTEM_PROCESS", "ABUSE_ELEVATION_CONTROL_MECHANISM", "UNSECURED_CREDENTIALS", "MODIFY_AUTHENTICATION_PROCESS", "IMPAIR_DEFENSES", "DISABLE_OR_MODIFY_TOOLS", "EXFILTRATION_OVER_WEB_SERVICE", "EXFILTRATION_TO_CLOUD_STORAGE", "DYNAMIC_RESOLUTION", "LATERAL_TOOL_TRANSFER", "MODIFY_CLOUD_COMPUTE_INFRASTRUCTURE", "CREATE_SNAPSHOT", "CLOUD_INFRASTRUCTURE_DISCOVERY", "OBTAIN_CAPABILITIES", "ACTIVE_SCANNING", "SCANNING_IP_BLOCKS", "CONTAINER_AND_RESOURCE_DISCOVERY" ]
enum_ProcessSignatureSignatureType := [ "SIGNATURE_TYPE_UNSPECIFIED", "SIGNATURE_TYPE_PROCESS", "SIGNATURE_TYPE_FILE" ]
enum_RoleKind := [ "KIND_UNSPECIFIED", "ROLE", "CLUSTER_ROLE" ]
enum_SubjectKind := [ "AUTH_TYPE_UNSPECIFIED", "USER", "SERVICEACCOUNT", "GROUP" ]
valid {
input.Body.access.callerIp == STRING
input.Body.access.callerIpGeo.regionCode == STRING
input.Body.access.methodName == STRING
input.Body.access.principalEmail == STRING
input.Body.access.principalSubject == STRING
input.Body.access.serviceAccountDelegationInfo[_].principalEmail == STRING
input.Body.access.serviceAccountDelegationInfo[_].principalSubject == STRING
input.Body.access.serviceAccountKeyName == STRING
input.Body.access.serviceName == STRING
input.Body.access.userAgent == STRING
input.Body.access.userAgentFamily == STRING
input.Body.access.userName == STRING
input.Body.application.baseUri == STRING
input.Body.application.fullUri == STRING
input.Body.attackExposure.attackExposureResult == STRING
input.Body.attackExposure.exposedHighValueResourcesCount == INTEGER
input.Body.attackExposure.exposedLowValueResourcesCount == INTEGER
input.Body.attackExposure.exposedMediumValueResourcesCount == INTEGER
input.Body.attackExposure.latestCalculationTime == STRING
input.Body.attackExposure.score == NUMBER
input.Body.attackExposure.state == enum_AttackExposureState[_]
input.Body.backupDisasterRecovery.appliance == STRING
input.Body.backupDisasterRecovery.applications[_] == STRING
input.Body.backupDisasterRecovery.backupCreateTime == STRING
input.Body.backupDisasterRecovery.backupTemplate == STRING
input.Body.backupDisasterRecovery.backupType == STRING
input.Body.backupDisasterRecovery.host == STRING
input.Body.backupDisasterRecovery.policies[_] == STRING
input.Body.backupDisasterRecovery.policyOptions[_] == STRING
input.Body.backupDisasterRecovery.profile == STRING
input.Body.backupDisasterRecovery.storagePool == STRING
input.Body.canonicalName == STRING
input.Body.category == STRING
input.Body.cloudArmor.adaptiveProtection.confidence == NUMBER
input.Body.cloudArmor.attack.classification == STRING
input.Body.cloudArmor.attack.volumeBps == INTEGER
input.Body.cloudArmor.attack.volumePps == INTEGER
input.Body.cloudArmor.duration == STRING
input.Body.cloudArmor.requests.longTermAllowed == INTEGER
input.Body.cloudArmor.requests.longTermDenied == INTEGER
input.Body.cloudArmor.requests.ratio == NUMBER
input.Body.cloudArmor.requests.shortTermAllowed == INTEGER
input.Body.cloudArmor.securityPolicy.name == STRING
input.Body.cloudArmor.securityPolicy.preview == BOOLEAN
input.Body.cloudArmor.securityPolicy.type == STRING
input.Body.cloudArmor.threatVector == STRING
input.Body.cloudDlpDataProfile.dataProfile == STRING
input.Body.cloudDlpDataProfile.parentType == enum_CloudDlpDataProfileParentType[_]
input.Body.cloudDlpInspection.fullScan == BOOLEAN
input.Body.cloudDlpInspection.infoType == STRING
input.Body.cloudDlpInspection.infoTypeCount == STRING
input.Body.cloudDlpInspection.inspectJob == STRING
input.Body.compliances[_].ids[_] == STRING
input.Body.compliances[_].standard == STRING
input.Body.compliances[_].version == STRING
input.Body.connections[_].destinationIp == STRING
input.Body.connections[_].destinationPort == INTEGER
input.Body.connections[_].protocol == enum_ConnectionProtocol[_]
input.Body.connections[_].sourceIp == STRING
input.Body.connections[_].sourcePort == INTEGER
input.Body.containers[_].createTime == STRING
input.Body.containers[_].imageId == STRING
input.Body.containers[_].labels[_].name == STRING
input.Body.containers[_].labels[_].value == STRING
input.Body.containers[_].name == STRING
input.Body.containers[_].uri == STRING
input.Body.createTime == STRING
input.Body.database.displayName == STRING
input.Body.database.grantees[_] == STRING
input.Body.database.name == STRING
input.Body.database.query == STRING
input.Body.database.userName == STRING
input.Body.database.version == STRING
input.Body.description == STRING
input.Body.eventTime == STRING
input.Body.exfiltration.sources[_].components[_] == STRING
input.Body.exfiltration.sources[_].name == STRING
input.Body.exfiltration.targets[_].components[_] == STRING
input.Body.exfiltration.targets[_].name == STRING
input.Body.exfiltration.totalExfiltratedBytes == STRING
input.Body.externalUri == STRING
input.Body.files[_].contents == STRING
input.Body.files[_].diskPath.partitionUuid == STRING
input.Body.files[_].diskPath.relativePath == STRING
input.Body.files[_].hashedSize == STRING
input.Body.files[_].partiallyHashed == BOOLEAN
input.Body.files[_].path == STRING
input.Body.files[_].sha256 == STRING
input.Body.files[_].size == STRING
input.Body.findingClass == enum_FindingFindingClass[_]
input.Body.iamBindings[_].action == enum_IamBindingAction[_]
input.Body.iamBindings[_].member == STRING
input.Body.iamBindings[_].role == STRING
input.Body.indicator.domains[_] == STRING
input.Body.indicator.ipAddresses[_] == STRING
input.Body.indicator.signatures[_].memoryHashSignature.binaryFamily == STRING
input.Body.indicator.signatures[_].memoryHashSignature.detections[_].binary == STRING
input.Body.indicator.signatures[_].memoryHashSignature.detections[_].percentPagesMatched == NUMBER
input.Body.indicator.signatures[_].signatureType == enum_ProcessSignatureSignatureType[_]
input.Body.indicator.signatures[_].yaraRuleSignature.yaraRule == STRING
input.Body.indicator.uris[_] == STRING
input.Body.kernelRootkit.name == STRING
input.Body.kernelRootkit.unexpectedCodeModification == BOOLEAN
input.Body.kernelRootkit.unexpectedFtraceHandler == BOOLEAN
input.Body.kernelRootkit.unexpectedInterruptHandler == BOOLEAN
input.Body.kernelRootkit.unexpectedKernelCodePages == BOOLEAN
input.Body.kernelRootkit.unexpectedKprobeHandler == BOOLEAN
input.Body.kernelRootkit.unexpectedProcessesInRunqueue == BOOLEAN
input.Body.kernelRootkit.unexpectedReadOnlyDataModification == BOOLEAN
input.Body.kernelRootkit.unexpectedSystemCallHandler == BOOLEAN
input.Body.kubernetes.accessReviews[_].group == STRING
input.Body.kubernetes.accessReviews[_].name == STRING
input.Body.kubernetes.accessReviews[_].ns == STRING
input.Body.kubernetes.accessReviews[_].resource == STRING
input.Body.kubernetes.accessReviews[_].subresource == STRING
input.Body.kubernetes.accessReviews[_].verb == STRING
input.Body.kubernetes.accessReviews[_].version == STRING
input.Body.kubernetes.bindings[_].name == STRING
input.Body.kubernetes.bindings[_].ns == STRING
input.Body.kubernetes.bindings[_].role.kind == enum_RoleKind[_]
input.Body.kubernetes.bindings[_].role.name == STRING
input.Body.kubernetes.bindings[_].role.ns == STRING
input.Body.kubernetes.bindings[_].subjects[_].kind == enum_SubjectKind[_]
input.Body.kubernetes.bindings[_].subjects[_].name == STRING
input.Body.kubernetes.bindings[_].subjects[_].ns == STRING
input.Body.kubernetes.nodePools[_].name == STRING
input.Body.kubernetes.nodePools[_].nodes[_].name == STRING
input.Body.kubernetes.nodes[_].name == STRING
input.Body.kubernetes.objects[_].containers[_].createTime == STRING
input.Body.kubernetes.objects[_].containers[_].imageId == STRING
input.Body.kubernetes.objects[_].containers[_].labels[_].name == STRING
input.Body.kubernetes.objects[_].containers[_].labels[_].value == STRING
input.Body.kubernetes.objects[_].containers[_].name == STRING
input.Body.kubernetes.objects[_].containers[_].uri == STRING
input.Body.kubernetes.objects[_].group == STRING
input.Body.kubernetes.objects[_].kind == STRING
input.Body.kubernetes.objects[_].name == STRING
input.Body.kubernetes.objects[_].ns == STRING
input.Body.kubernetes.pods[_].containers[_].createTime == STRING
input.Body.kubernetes.pods[_].containers[_].imageId == STRING
input.Body.kubernetes.pods[_].containers[_].labels[_].name == STRING
input.Body.kubernetes.pods[_].containers[_].labels[_].value == STRING
input.Body.kubernetes.pods[_].containers[_].name == STRING
input.Body.kubernetes.pods[_].containers[_].uri == STRING
input.Body.kubernetes.pods[_].labels[_].name == STRING
input.Body.kubernetes.pods[_].labels[_].value == STRING
input.Body.kubernetes.pods[_].name == STRING
input.Body.kubernetes.pods[_].ns == STRING
input.Body.kubernetes.roles[_].kind == enum_RoleKind[_]
input.Body.kubernetes.roles[_].name == STRING
input.Body.kubernetes.roles[_].ns == STRING
input.Body.loadBalancers[_].name == STRING
input.Body.logEntries[_].cloudLoggingEntry.insertId == STRING
input.Body.logEntries[_].cloudLoggingEntry.logId == STRING
input.Body.logEntries[_].cloudLoggingEntry.resourceContainer == STRING
input.Body.logEntries[_].cloudLoggingEntry.timestamp == STRING
input.Body.mitreAttack.additionalTactics[_] == enum_MitreAttackAdditionalTactics[_]
input.Body.mitreAttack.additionalTechniques[_] == enum_MitreAttackAdditionalTechniques[_]
input.Body.mitreAttack.primaryTactic == enum_MitreAttackPrimaryTactic[_]
input.Body.mitreAttack.primaryTechniques[_] == enum_MitreAttackPrimaryTechniques[_]
input.Body.mitreAttack.version == STRING
input.Body.moduleName == STRING
input.Body.mute == enum_FindingMute[_]
input.Body.muteInitiator == STRING
input.Body.name == STRING
input.Body.nextSteps == STRING
input.Body.notebook.lastAuthor == STRING
input.Body.notebook.name == STRING
input.Body.notebook.notebookUpdateTime == STRING
input.Body.notebook.service == STRING
input.Body.orgPolicies[_].name == STRING
input.Body.parent == STRING
input.Body.processes[_].args[_] == STRING
input.Body.processes[_].argumentsTruncated == BOOLEAN
input.Body.processes[_].binary.contents == STRING
input.Body.processes[_].binary.diskPath.partitionUuid == STRING
input.Body.processes[_].binary.diskPath.relativePath == STRING
input.Body.processes[_].binary.hashedSize == STRING
input.Body.processes[_].binary.partiallyHashed == BOOLEAN
input.Body.processes[_].binary.path == STRING
input.Body.processes[_].binary.sha256 == STRING
input.Body.processes[_].binary.size == STRING
input.Body.processes[_].envVariables[_].name == STRING
input.Body.processes[_].envVariables[_].val == STRING
input.Body.processes[_].envVariablesTruncated == BOOLEAN
input.Body.processes[_].libraries[_].contents == STRING
input.Body.processes[_].libraries[_].diskPath.partitionUuid == STRING
input.Body.processes[_].libraries[_].diskPath.relativePath == STRING
input.Body.processes[_].libraries[_].hashedSize == STRING
input.Body.processes[_].libraries[_].partiallyHashed == BOOLEAN
input.Body.processes[_].libraries[_].path == STRING
input.Body.processes[_].libraries[_].sha256 == STRING
input.Body.processes[_].libraries[_].size == STRING
input.Body.processes[_].name == STRING
input.Body.processes[_].parentPid == STRING
input.Body.processes[_].pid == STRING
input.Body.processes[_].script.contents == STRING
input.Body.processes[_].script.diskPath.partitionUuid == STRING
input.Body.processes[_].script.diskPath.relativePath == STRING
input.Body.processes[_].script.hashedSize == STRING
input.Body.processes[_].script.partiallyHashed == BOOLEAN
input.Body.processes[_].script.path == STRING
input.Body.processes[_].script.sha256 == STRING
input.Body.processes[_].script.size == STRING
input.Body.resourceName == STRING
input.Body.securityPosture.changedPolicy == STRING
input.Body.securityPosture.name == STRING
input.Body.securityPosture.policy == STRING
input.Body.securityPosture.policyDriftDetails[_].detectedValue == STRING
input.Body.securityPosture.policyDriftDetails[_].expectedValue == STRING
input.Body.securityPosture.policyDriftDetails[_].field == STRING
input.Body.securityPosture.policySet == STRING
input.Body.securityPosture.postureDeployment == STRING
input.Body.securityPosture.postureDeploymentResource == STRING
input.Body.securityPosture.revisionId == STRING
input.Body.severity == enum_FindingSeverity[_]
input.Body.sourceProperties.STRING == ANY
input.Body.state == enum_FindingState[_]
input.Body.vulnerability.cve.cvssv3.attackComplexity == enum_Cvssv3AttackComplexity[_]
input.Body.vulnerability.cve.cvssv3.attackVector == enum_Cvssv3AttackVector[_]
input.Body.vulnerability.cve.cvssv3.availabilityImpact == enum_Cvssv3AvailabilityImpact[_]
input.Body.vulnerability.cve.cvssv3.baseScore == NUMBER
input.Body.vulnerability.cve.cvssv3.confidentialityImpact == enum_Cvssv3ConfidentialityImpact[_]
input.Body.vulnerability.cve.cvssv3.integrityImpact == enum_Cvssv3IntegrityImpact[_]
input.Body.vulnerability.cve.cvssv3.privilegesRequired == enum_Cvssv3PrivilegesRequired[_]
input.Body.vulnerability.cve.cvssv3.scope == enum_Cvssv3Scope[_]
input.Body.vulnerability.cve.cvssv3.userInteraction == enum_Cvssv3UserInteraction[_]
input.Body.vulnerability.cve.exploitationActivity == enum_CveExploitationActivity[_]
input.Body.vulnerability.cve.id == STRING
input.Body.vulnerability.cve.impact == enum_CveImpact[_]
input.Body.vulnerability.cve.observedInTheWild == BOOLEAN
input.Body.vulnerability.cve.references[_].source == STRING
input.Body.vulnerability.cve.references[_].uri == STRING
input.Body.vulnerability.cve.upstreamFixAvailable == BOOLEAN
input.Body.vulnerability.cve.zeroDay == BOOLEAN
input.Body.vulnerability.fixedPackage.cpeUri == STRING
input.Body.vulnerability.fixedPackage.packageName == STRING
input.Body.vulnerability.fixedPackage.packageType == STRING
input.Body.vulnerability.fixedPackage.packageVersion == STRING
input.Body.vulnerability.offendingPackage.cpeUri == STRING
input.Body.vulnerability.offendingPackage.packageName == STRING
input.Body.vulnerability.offendingPackage.packageType == STRING
input.Body.vulnerability.offendingPackage.packageVersion == STRING
input.Body.vulnerability.securityBulletin.bulletinId == STRING
input.Body.vulnerability.securityBulletin.submissionTime == STRING
input.Body.vulnerability.securityBulletin.suggestedUpgradeVersion == STRING
input.ReqMap.name == STRING
input.Qs.updateMask == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.folders.sources.findings.setMute
enum_SetMuteRequestMute := [ "MUTE_UNSPECIFIED", "MUTED", "UNMUTED", "UNDEFINED" ]
valid {
input.Body.mute == enum_SetMuteRequestMute[_]
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.folders.sources.findings.setState
enum_SetFindingStateRequestState := [ "STATE_UNSPECIFIED", "ACTIVE", "INACTIVE" ]
valid {
input.Body.startTime == STRING
input.Body.state == enum_SetFindingStateRequestState[_]
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.folders.sources.findings.updateSecurityMarks
valid {
input.Body.canonicalName == STRING
input.Body.marks.STRING == STRING
input.Body.name == STRING
input.ReqMap.name == STRING
input.Qs.startTime == STRING
input.Qs.updateMask == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.folders.sources.list
valid {
input.ReqMap.parent == STRING
input.Qs.pageSize == INTEGER
input.Qs.pageToken == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.folders.updateContainerThreatDetectionSettings
enum_ConfigModuleEnablementState := [ "ENABLEMENT_STATE_UNSPECIFIED", "INHERITED", "ENABLED", "DISABLED" ]
enum_ContainerThreatDetectionSettingsServiceEnablementState := [ "ENABLEMENT_STATE_UNSPECIFIED", "INHERITED", "ENABLED", "DISABLED" ]
valid {
input.Body.modules.STRING.moduleEnablementState == enum_ConfigModuleEnablementState[_]
input.Body.modules.STRING.value.STRING == ANY
input.Body.name == STRING
input.Body.serviceEnablementState == enum_ContainerThreatDetectionSettingsServiceEnablementState[_]
input.ReqMap.name == STRING
input.Qs.updateMask == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.folders.updateEventThreatDetectionSettings
enum_ConfigModuleEnablementState := [ "ENABLEMENT_STATE_UNSPECIFIED", "INHERITED", "ENABLED", "DISABLED" ]
enum_EventThreatDetectionSettingsServiceEnablementState := [ "ENABLEMENT_STATE_UNSPECIFIED", "INHERITED", "ENABLED", "DISABLED" ]
valid {
input.Body.modules.STRING.moduleEnablementState == enum_ConfigModuleEnablementState[_]
input.Body.modules.STRING.value.STRING == ANY
input.Body.name == STRING
input.Body.serviceEnablementState == enum_EventThreatDetectionSettingsServiceEnablementState[_]
input.ReqMap.name == STRING
input.Qs.updateMask == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.folders.updateRapidVulnerabilityDetectionSettings
enum_ConfigModuleEnablementState := [ "ENABLEMENT_STATE_UNSPECIFIED", "INHERITED", "ENABLED", "DISABLED" ]
enum_RapidVulnerabilityDetectionSettingsServiceEnablementState := [ "ENABLEMENT_STATE_UNSPECIFIED", "INHERITED", "ENABLED", "DISABLED" ]
valid {
input.Body.modules.STRING.moduleEnablementState == enum_ConfigModuleEnablementState[_]
input.Body.modules.STRING.value.STRING == ANY
input.Body.name == STRING
input.Body.serviceEnablementState == enum_RapidVulnerabilityDetectionSettingsServiceEnablementState[_]
input.ReqMap.name == STRING
input.Qs.updateMask == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.folders.updateSecurityHealthAnalyticsSettings
enum_ConfigModuleEnablementState := [ "ENABLEMENT_STATE_UNSPECIFIED", "INHERITED", "ENABLED", "DISABLED" ]
enum_SecurityHealthAnalyticsSettingsServiceEnablementState := [ "ENABLEMENT_STATE_UNSPECIFIED", "INHERITED", "ENABLED", "DISABLED" ]
valid {
input.Body.modules.STRING.moduleEnablementState == enum_ConfigModuleEnablementState[_]
input.Body.modules.STRING.value.STRING == ANY
input.Body.name == STRING
input.Body.serviceEnablementState == enum_SecurityHealthAnalyticsSettingsServiceEnablementState[_]
input.ReqMap.name == STRING
input.Qs.updateMask == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.folders.updateVirtualMachineThreatDetectionSettings
enum_ConfigModuleEnablementState := [ "ENABLEMENT_STATE_UNSPECIFIED", "INHERITED", "ENABLED", "DISABLED" ]
enum_VirtualMachineThreatDetectionSettingsServiceEnablementState := [ "ENABLEMENT_STATE_UNSPECIFIED", "INHERITED", "ENABLED", "DISABLED" ]
valid {
input.Body.modules.STRING.moduleEnablementState == enum_ConfigModuleEnablementState[_]
input.Body.modules.STRING.value.STRING == ANY
input.Body.name == STRING
input.Body.serviceEnablementState == enum_VirtualMachineThreatDetectionSettingsServiceEnablementState[_]
input.ReqMap.name == STRING
input.Qs.updateMask == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.folders.updateWebSecurityScannerSettings
enum_ConfigModuleEnablementState := [ "ENABLEMENT_STATE_UNSPECIFIED", "INHERITED", "ENABLED", "DISABLED" ]
enum_WebSecurityScannerSettingsServiceEnablementState := [ "ENABLEMENT_STATE_UNSPECIFIED", "INHERITED", "ENABLED", "DISABLED" ]
valid {
input.Body.modules.STRING.moduleEnablementState == enum_ConfigModuleEnablementState[_]
input.Body.modules.STRING.value.STRING == ANY
input.Body.name == STRING
input.Body.serviceEnablementState == enum_WebSecurityScannerSettingsServiceEnablementState[_]
input.ReqMap.name == STRING
input.Qs.updateMask == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.folders.virtualMachineThreatDetectionSettings.calculate
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.folders.webSecurityScannerSettings.calculate
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.organizations.assets.group
valid {
input.Body.compareDuration == STRING
input.Body.filter == STRING
input.Body.groupBy == STRING
input.Body.pageSize == INTEGER
input.Body.pageToken == STRING
input.Body.readTime == STRING
input.ReqMap.parent == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.organizations.assets.list
valid {
input.ReqMap.parent == STRING
input.Qs.compareDuration == STRING
input.Qs.fieldMask == STRING
input.Qs.filter == STRING
input.Qs.orderBy == STRING
input.Qs.pageSize == INTEGER
input.Qs.pageToken == STRING
input.Qs.readTime == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.organizations.assets.runDiscovery
valid {
input.Body.STRING == STRING
input.ReqMap.parent == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.organizations.assets.updateSecurityMarks
valid {
input.Body.canonicalName == STRING
input.Body.marks.STRING == STRING
input.Body.name == STRING
input.ReqMap.name == STRING
input.Qs.startTime == STRING
input.Qs.updateMask == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.organizations.bigQueryExports.create
valid {
input.Body.dataset == STRING
input.Body.description == STRING
input.Body.filter == STRING
input.Body.name == STRING
input.ReqMap.parent == STRING
input.Qs.bigQueryExportId == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.organizations.bigQueryExports.delete
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.organizations.bigQueryExports.get
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.organizations.bigQueryExports.list
valid {
input.ReqMap.parent == STRING
input.Qs.pageSize == INTEGER
input.Qs.pageToken == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.organizations.bigQueryExports.patch
valid {
input.Body.dataset == STRING
input.Body.description == STRING
input.Body.filter == STRING
input.Body.name == STRING
input.ReqMap.name == STRING
input.Qs.updateMask == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.organizations.containerThreatDetectionSettings.calculate
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.organizations.eventThreatDetectionSettings.calculate
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.organizations.eventThreatDetectionSettings.customModules.create
enum_EventThreatDetectionCustomModuleEnablementState := [ "ENABLEMENT_STATE_UNSPECIFIED", "ENABLED", "DISABLED", "INHERITED" ]
valid {
input.Body.config.STRING == ANY
input.Body.description == STRING
input.Body.displayName == STRING
input.Body.enablementState == enum_EventThreatDetectionCustomModuleEnablementState[_]
input.Body.name == STRING
input.Body.type == STRING
input.ReqMap.parent == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.organizations.eventThreatDetectionSettings.customModules.delete
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.organizations.eventThreatDetectionSettings.customModules.get
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.organizations.eventThreatDetectionSettings.customModules.list
valid {
input.ReqMap.parent == STRING
input.Qs.pageSize == INTEGER
input.Qs.pageToken == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.organizations.eventThreatDetectionSettings.customModules.listDescendant
valid {
input.ReqMap.parent == STRING
input.Qs.pageSize == INTEGER
input.Qs.pageToken == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.organizations.eventThreatDetectionSettings.customModules.patch
enum_EventThreatDetectionCustomModuleEnablementState := [ "ENABLEMENT_STATE_UNSPECIFIED", "ENABLED", "DISABLED", "INHERITED" ]
valid {
input.Body.config.STRING == ANY
input.Body.description == STRING
input.Body.displayName == STRING
input.Body.enablementState == enum_EventThreatDetectionCustomModuleEnablementState[_]
input.Body.name == STRING
input.Body.type == STRING
input.ReqMap.name == STRING
input.Qs.updateMask == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.organizations.eventThreatDetectionSettings.effectiveCustomModules.get
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.organizations.eventThreatDetectionSettings.effectiveCustomModules.list
valid {
input.ReqMap.parent == STRING
input.Qs.pageSize == INTEGER
input.Qs.pageToken == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.organizations.eventThreatDetectionSettings.validateCustomModule
valid {
input.Body.rawText == STRING
input.Body.type == STRING
input.ReqMap.parent == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.organizations.findings.bulkMute
valid {
input.Body.filter == STRING
input.Body.muteAnnotation == STRING
input.ReqMap.parent == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.organizations.getContainerThreatDetectionSettings
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.organizations.getEventThreatDetectionSettings
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.organizations.getOrganizationSettings
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.organizations.getRapidVulnerabilityDetectionSettings
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.organizations.getSecurityCenterSettings
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.organizations.getSecurityHealthAnalyticsSettings
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.organizations.getSubscription
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.organizations.getVirtualMachineThreatDetectionSettings
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.organizations.getWebSecurityScannerSettings
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.organizations.locations.muteConfigs.delete
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.organizations.locations.muteConfigs.get
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.organizations.locations.muteConfigs.patch
valid {
input.Body.description == STRING
input.Body.displayName == STRING
input.Body.filter == STRING
input.Body.name == STRING
input.ReqMap.name == STRING
input.Qs.updateMask == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.organizations.muteConfigs.create
valid {
input.Body.description == STRING
input.Body.displayName == STRING
input.Body.filter == STRING
input.Body.name == STRING
input.ReqMap.parent == STRING
input.Qs.muteConfigId == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.organizations.muteConfigs.delete
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.organizations.muteConfigs.get
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.organizations.muteConfigs.list
valid {
input.ReqMap.parent == STRING
input.Qs.pageSize == INTEGER
input.Qs.pageToken == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.organizations.muteConfigs.patch
valid {
input.Body.description == STRING
input.Body.displayName == STRING
input.Body.filter == STRING
input.Body.name == STRING
input.ReqMap.name == STRING
input.Qs.updateMask == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.organizations.notificationConfigs.create
valid {
input.Body.description == STRING
input.Body.name == STRING
input.Body.pubsubTopic == STRING
input.Body.streamingConfig.filter == STRING
input.ReqMap.parent == STRING
input.Qs.configId == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.organizations.notificationConfigs.delete
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.organizations.notificationConfigs.get
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.organizations.notificationConfigs.list
valid {
input.ReqMap.parent == STRING
input.Qs.pageSize == INTEGER
input.Qs.pageToken == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.organizations.notificationConfigs.patch
valid {
input.Body.description == STRING
input.Body.name == STRING
input.Body.pubsubTopic == STRING
input.Body.streamingConfig.filter == STRING
input.ReqMap.name == STRING
input.Qs.updateMask == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.organizations.operations.cancel
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.organizations.operations.delete
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.organizations.operations.get
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.organizations.operations.list
valid {
input.ReqMap.name == STRING
input.Qs.filter == STRING
input.Qs.pageSize == INTEGER
input.Qs.pageToken == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.organizations.rapidVulnerabilityDetectionSettings.calculate
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.organizations.resourceValueConfigs.batchCreate
enum_GoogleCloudSecuritycenterV1ResourceValueConfigCloudProvider := [ "CLOUD_PROVIDER_UNSPECIFIED", "GOOGLE_CLOUD_PLATFORM", "AMAZON_WEB_SERVICES", "MICROSOFT_AZURE" ]
enum_GoogleCloudSecuritycenterV1ResourceValueConfigResourceValue := [ "RESOURCE_VALUE_UNSPECIFIED", "HIGH", "MEDIUM", "LOW", "NONE" ]
enum_GoogleCloudSecuritycenterV1SensitiveDataProtectionMappingHighSensitivityMapping := [ "RESOURCE_VALUE_UNSPECIFIED", "HIGH", "MEDIUM", "LOW", "NONE" ]
enum_GoogleCloudSecuritycenterV1SensitiveDataProtectionMappingMediumSensitivityMapping := [ "RESOURCE_VALUE_UNSPECIFIED", "HIGH", "MEDIUM", "LOW", "NONE" ]
valid {
input.Body.requests[_].parent == STRING
input.Body.requests[_].resourceValueConfig.cloudProvider == enum_GoogleCloudSecuritycenterV1ResourceValueConfigCloudProvider[_]
input.Body.requests[_].resourceValueConfig.description == STRING
input.Body.requests[_].resourceValueConfig.name == STRING
input.Body.requests[_].resourceValueConfig.resourceLabelsSelector.STRING == STRING
input.Body.requests[_].resourceValueConfig.resourceType == STRING
input.Body.requests[_].resourceValueConfig.resourceValue == enum_GoogleCloudSecuritycenterV1ResourceValueConfigResourceValue[_]
input.Body.requests[_].resourceValueConfig.scope == STRING
input.Body.requests[_].resourceValueConfig.sensitiveDataProtectionMapping.highSensitivityMapping == enum_GoogleCloudSecuritycenterV1SensitiveDataProtectionMappingHighSensitivityMapping[_]
input.Body.requests[_].resourceValueConfig.sensitiveDataProtectionMapping.mediumSensitivityMapping == enum_GoogleCloudSecuritycenterV1SensitiveDataProtectionMappingMediumSensitivityMapping[_]
input.Body.requests[_].resourceValueConfig.tagValues[_] == STRING
input.ReqMap.parent == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.organizations.resourceValueConfigs.delete
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.organizations.resourceValueConfigs.get
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.organizations.resourceValueConfigs.list
valid {
input.ReqMap.parent == STRING
input.Qs.pageSize == INTEGER
input.Qs.pageToken == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.organizations.resourceValueConfigs.patch
enum_GoogleCloudSecuritycenterV1ResourceValueConfigCloudProvider := [ "CLOUD_PROVIDER_UNSPECIFIED", "GOOGLE_CLOUD_PLATFORM", "AMAZON_WEB_SERVICES", "MICROSOFT_AZURE" ]
enum_GoogleCloudSecuritycenterV1ResourceValueConfigResourceValue := [ "RESOURCE_VALUE_UNSPECIFIED", "HIGH", "MEDIUM", "LOW", "NONE" ]
enum_GoogleCloudSecuritycenterV1SensitiveDataProtectionMappingHighSensitivityMapping := [ "RESOURCE_VALUE_UNSPECIFIED", "HIGH", "MEDIUM", "LOW", "NONE" ]
enum_GoogleCloudSecuritycenterV1SensitiveDataProtectionMappingMediumSensitivityMapping := [ "RESOURCE_VALUE_UNSPECIFIED", "HIGH", "MEDIUM", "LOW", "NONE" ]
valid {
input.Body.cloudProvider == enum_GoogleCloudSecuritycenterV1ResourceValueConfigCloudProvider[_]
input.Body.description == STRING
input.Body.name == STRING
input.Body.resourceLabelsSelector.STRING == STRING
input.Body.resourceType == STRING
input.Body.resourceValue == enum_GoogleCloudSecuritycenterV1ResourceValueConfigResourceValue[_]
input.Body.scope == STRING
input.Body.sensitiveDataProtectionMapping.highSensitivityMapping == enum_GoogleCloudSecuritycenterV1SensitiveDataProtectionMappingHighSensitivityMapping[_]
input.Body.sensitiveDataProtectionMapping.mediumSensitivityMapping == enum_GoogleCloudSecuritycenterV1SensitiveDataProtectionMappingMediumSensitivityMapping[_]
input.Body.tagValues[_] == STRING
input.ReqMap.name == STRING
input.Qs.updateMask == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.organizations.securityHealthAnalyticsSettings.calculate
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.organizations.securityHealthAnalyticsSettings.customModules.create
enum_GoogleCloudSecuritycenterV1CustomConfigSeverity := [ "SEVERITY_UNSPECIFIED", "CRITICAL", "HIGH", "MEDIUM", "LOW" ]
enum_GoogleCloudSecuritycenterV1SecurityHealthAnalyticsCustomModuleEnablementState := [ "ENABLEMENT_STATE_UNSPECIFIED", "ENABLED", "DISABLED", "INHERITED" ]
valid {
input.Body.customConfig.customOutput.properties[_].name == STRING
input.Body.customConfig.customOutput.properties[_].valueExpression.description == STRING
input.Body.customConfig.customOutput.properties[_].valueExpression.expression == STRING
input.Body.customConfig.customOutput.properties[_].valueExpression.location == STRING
input.Body.customConfig.customOutput.properties[_].valueExpression.title == STRING
input.Body.customConfig.description == STRING
input.Body.customConfig.predicate.description == STRING
input.Body.customConfig.predicate.expression == STRING
input.Body.customConfig.predicate.location == STRING
input.Body.customConfig.predicate.title == STRING
input.Body.customConfig.recommendation == STRING
input.Body.customConfig.resourceSelector.resourceTypes[_] == STRING
input.Body.customConfig.severity == enum_GoogleCloudSecuritycenterV1CustomConfigSeverity[_]
input.Body.displayName == STRING
input.Body.enablementState == enum_GoogleCloudSecuritycenterV1SecurityHealthAnalyticsCustomModuleEnablementState[_]
input.Body.name == STRING
input.ReqMap.parent == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.organizations.securityHealthAnalyticsSettings.customModules.delete
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.organizations.securityHealthAnalyticsSettings.customModules.get
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.organizations.securityHealthAnalyticsSettings.customModules.list
valid {
input.ReqMap.parent == STRING
input.Qs.pageSize == INTEGER
input.Qs.pageToken == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.organizations.securityHealthAnalyticsSettings.customModules.listDescendant
valid {
input.ReqMap.parent == STRING
input.Qs.pageSize == INTEGER
input.Qs.pageToken == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.organizations.securityHealthAnalyticsSettings.customModules.patch
enum_GoogleCloudSecuritycenterV1CustomConfigSeverity := [ "SEVERITY_UNSPECIFIED", "CRITICAL", "HIGH", "MEDIUM", "LOW" ]
enum_GoogleCloudSecuritycenterV1SecurityHealthAnalyticsCustomModuleEnablementState := [ "ENABLEMENT_STATE_UNSPECIFIED", "ENABLED", "DISABLED", "INHERITED" ]
valid {
input.Body.customConfig.customOutput.properties[_].name == STRING
input.Body.customConfig.customOutput.properties[_].valueExpression.description == STRING
input.Body.customConfig.customOutput.properties[_].valueExpression.expression == STRING
input.Body.customConfig.customOutput.properties[_].valueExpression.location == STRING
input.Body.customConfig.customOutput.properties[_].valueExpression.title == STRING
input.Body.customConfig.description == STRING
input.Body.customConfig.predicate.description == STRING
input.Body.customConfig.predicate.expression == STRING
input.Body.customConfig.predicate.location == STRING
input.Body.customConfig.predicate.title == STRING
input.Body.customConfig.recommendation == STRING
input.Body.customConfig.resourceSelector.resourceTypes[_] == STRING
input.Body.customConfig.severity == enum_GoogleCloudSecuritycenterV1CustomConfigSeverity[_]
input.Body.displayName == STRING
input.Body.enablementState == enum_GoogleCloudSecuritycenterV1SecurityHealthAnalyticsCustomModuleEnablementState[_]
input.Body.name == STRING
input.ReqMap.name == STRING
input.Qs.updateMask == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.organizations.securityHealthAnalyticsSettings.customModules.simulate
enum_AuditLogConfigLogType := [ "LOG_TYPE_UNSPECIFIED", "ADMIN_READ", "DATA_WRITE", "DATA_READ" ]
enum_GoogleCloudSecuritycenterV1CustomConfigSeverity := [ "SEVERITY_UNSPECIFIED", "CRITICAL", "HIGH", "MEDIUM", "LOW" ]
valid {
input.Body.customConfig.customOutput.properties[_].name == STRING
input.Body.customConfig.customOutput.properties[_].valueExpression.description == STRING
input.Body.customConfig.customOutput.properties[_].valueExpression.expression == STRING
input.Body.customConfig.customOutput.properties[_].valueExpression.location == STRING
input.Body.customConfig.customOutput.properties[_].valueExpression.title == STRING
input.Body.customConfig.description == STRING
input.Body.customConfig.predicate.description == STRING
input.Body.customConfig.predicate.expression == STRING
input.Body.customConfig.predicate.location == STRING
input.Body.customConfig.predicate.title == STRING
input.Body.customConfig.recommendation == STRING
input.Body.customConfig.resourceSelector.resourceTypes[_] == STRING
input.Body.customConfig.severity == enum_GoogleCloudSecuritycenterV1CustomConfigSeverity[_]
input.Body.resource.iamPolicyData.auditConfigs[_].auditLogConfigs[_].exemptedMembers[_] == STRING
input.Body.resource.iamPolicyData.auditConfigs[_].auditLogConfigs[_].logType == enum_AuditLogConfigLogType[_]
input.Body.resource.iamPolicyData.auditConfigs[_].service == STRING
input.Body.resource.iamPolicyData.bindings[_].condition.description == STRING
input.Body.resource.iamPolicyData.bindings[_].condition.expression == STRING
input.Body.resource.iamPolicyData.bindings[_].condition.location == STRING
input.Body.resource.iamPolicyData.bindings[_].condition.title == STRING
input.Body.resource.iamPolicyData.bindings[_].members[_] == STRING
input.Body.resource.iamPolicyData.bindings[_].role == STRING
input.Body.resource.iamPolicyData.etag == STRING
input.Body.resource.iamPolicyData.version == INTEGER
input.Body.resource.resourceData.STRING == ANY
input.Body.resource.resourceType == STRING
input.ReqMap.parent == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.organizations.securityHealthAnalyticsSettings.effectiveCustomModules.get
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.organizations.securityHealthAnalyticsSettings.effectiveCustomModules.list
valid {
input.ReqMap.parent == STRING
input.Qs.pageSize == INTEGER
input.Qs.pageToken == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.organizations.simulations.attackExposureResults.attackPaths.list
valid {
input.ReqMap.parent == STRING
input.Qs.filter == STRING
input.Qs.pageSize == INTEGER
input.Qs.pageToken == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.organizations.simulations.attackExposureResults.valuedResources.list
valid {
input.ReqMap.parent == STRING
input.Qs.filter == STRING
input.Qs.orderBy == STRING
input.Qs.pageSize == INTEGER
input.Qs.pageToken == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.organizations.simulations.attackPaths.list
valid {
input.ReqMap.parent == STRING
input.Qs.filter == STRING
input.Qs.pageSize == INTEGER
input.Qs.pageToken == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.organizations.simulations.get
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.organizations.simulations.valuedResources.attackPaths.list
valid {
input.ReqMap.parent == STRING
input.Qs.filter == STRING
input.Qs.pageSize == INTEGER
input.Qs.pageToken == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.organizations.simulations.valuedResources.get
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.organizations.simulations.valuedResources.list
valid {
input.ReqMap.parent == STRING
input.Qs.filter == STRING
input.Qs.orderBy == STRING
input.Qs.pageSize == INTEGER
input.Qs.pageToken == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.organizations.sources.create
valid {
input.Body.canonicalName == STRING
input.Body.description == STRING
input.Body.displayName == STRING
input.Body.name == STRING
input.ReqMap.parent == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.organizations.sources.findings.create
enum_AttackExposureState := [ "STATE_UNSPECIFIED", "CALCULATED", "NOT_CALCULATED" ]
enum_CloudDlpDataProfileParentType := [ "PARENT_TYPE_UNSPECIFIED", "ORGANIZATION", "PROJECT" ]
enum_ConnectionProtocol := [ "PROTOCOL_UNSPECIFIED", "ICMP", "TCP", "UDP", "GRE", "ESP" ]
enum_CveExploitationActivity := [ "EXPLOITATION_ACTIVITY_UNSPECIFIED", "WIDE", "CONFIRMED", "AVAILABLE", "ANTICIPATED", "NO_KNOWN" ]
enum_CveImpact := [ "RISK_RATING_UNSPECIFIED", "LOW", "MEDIUM", "HIGH", "CRITICAL" ]
enum_Cvssv3AttackComplexity := [ "ATTACK_COMPLEXITY_UNSPECIFIED", "ATTACK_COMPLEXITY_LOW", "ATTACK_COMPLEXITY_HIGH" ]
enum_Cvssv3AttackVector := [ "ATTACK_VECTOR_UNSPECIFIED", "ATTACK_VECTOR_NETWORK", "ATTACK_VECTOR_ADJACENT", "ATTACK_VECTOR_LOCAL", "ATTACK_VECTOR_PHYSICAL" ]
enum_Cvssv3AvailabilityImpact := [ "IMPACT_UNSPECIFIED", "IMPACT_HIGH", "IMPACT_LOW", "IMPACT_NONE" ]
enum_Cvssv3ConfidentialityImpact := [ "IMPACT_UNSPECIFIED", "IMPACT_HIGH", "IMPACT_LOW", "IMPACT_NONE" ]
enum_Cvssv3IntegrityImpact := [ "IMPACT_UNSPECIFIED", "IMPACT_HIGH", "IMPACT_LOW", "IMPACT_NONE" ]
enum_Cvssv3PrivilegesRequired := [ "PRIVILEGES_REQUIRED_UNSPECIFIED", "PRIVILEGES_REQUIRED_NONE", "PRIVILEGES_REQUIRED_LOW", "PRIVILEGES_REQUIRED_HIGH" ]
enum_Cvssv3Scope := [ "SCOPE_UNSPECIFIED", "SCOPE_UNCHANGED", "SCOPE_CHANGED" ]
enum_Cvssv3UserInteraction := [ "USER_INTERACTION_UNSPECIFIED", "USER_INTERACTION_NONE", "USER_INTERACTION_REQUIRED" ]
enum_FindingFindingClass := [ "FINDING_CLASS_UNSPECIFIED", "THREAT", "VULNERABILITY", "MISCONFIGURATION", "OBSERVATION", "SCC_ERROR", "POSTURE_VIOLATION" ]
enum_FindingMute := [ "MUTE_UNSPECIFIED", "MUTED", "UNMUTED", "UNDEFINED" ]
enum_FindingSeverity := [ "SEVERITY_UNSPECIFIED", "CRITICAL", "HIGH", "MEDIUM", "LOW" ]
enum_FindingState := [ "STATE_UNSPECIFIED", "ACTIVE", "INACTIVE" ]
enum_IamBindingAction := [ "ACTION_UNSPECIFIED", "ADD", "REMOVE" ]
enum_MitreAttackAdditionalTactics := [ "TACTIC_UNSPECIFIED", "RECONNAISSANCE", "RESOURCE_DEVELOPMENT", "INITIAL_ACCESS", "EXECUTION", "PERSISTENCE", "PRIVILEGE_ESCALATION", "DEFENSE_EVASION", "CREDENTIAL_ACCESS", "DISCOVERY", "LATERAL_MOVEMENT", "COLLECTION", "COMMAND_AND_CONTROL", "EXFILTRATION", "IMPACT" ]
enum_MitreAttackAdditionalTechniques := [ "TECHNIQUE_UNSPECIFIED", "MASQUERADING", "MATCH_LEGITIMATE_NAME_OR_LOCATION", "BOOT_OR_LOGON_INITIALIZATION_SCRIPTS", "STARTUP_ITEMS", "NETWORK_SERVICE_DISCOVERY", "PROCESS_DISCOVERY", "COMMAND_AND_SCRIPTING_INTERPRETER", "UNIX_SHELL", "PYTHON", "PERMISSION_GROUPS_DISCOVERY", "CLOUD_GROUPS", "APPLICATION_LAYER_PROTOCOL", "DNS", "SOFTWARE_DEPLOYMENT_TOOLS", "VALID_ACCOUNTS", "DEFAULT_ACCOUNTS", "LOCAL_ACCOUNTS", "CLOUD_ACCOUNTS", "PROXY", "EXTERNAL_PROXY", "MULTI_HOP_PROXY", "ACCOUNT_MANIPULATION", "ADDITIONAL_CLOUD_CREDENTIALS", "SSH_AUTHORIZED_KEYS", "ADDITIONAL_CONTAINER_CLUSTER_ROLES", "INGRESS_TOOL_TRANSFER", "NATIVE_API", "BRUTE_FORCE", "SHARED_MODULES", "ACCESS_TOKEN_MANIPULATION", "TOKEN_IMPERSONATION_OR_THEFT", "EXPLOIT_PUBLIC_FACING_APPLICATION", "DOMAIN_POLICY_MODIFICATION", "DATA_DESTRUCTION", "SERVICE_STOP", "INHIBIT_SYSTEM_RECOVERY", "RESOURCE_HIJACKING", "NETWORK_DENIAL_OF_SERVICE", "CLOUD_SERVICE_DISCOVERY", "STEAL_APPLICATION_ACCESS_TOKEN", "ACCOUNT_ACCESS_REMOVAL", "STEAL_WEB_SESSION_COOKIE", "CREATE_OR_MODIFY_SYSTEM_PROCESS", "ABUSE_ELEVATION_CONTROL_MECHANISM", "UNSECURED_CREDENTIALS", "MODIFY_AUTHENTICATION_PROCESS", "IMPAIR_DEFENSES", "DISABLE_OR_MODIFY_TOOLS", "EXFILTRATION_OVER_WEB_SERVICE", "EXFILTRATION_TO_CLOUD_STORAGE", "DYNAMIC_RESOLUTION", "LATERAL_TOOL_TRANSFER", "MODIFY_CLOUD_COMPUTE_INFRASTRUCTURE", "CREATE_SNAPSHOT", "CLOUD_INFRASTRUCTURE_DISCOVERY", "OBTAIN_CAPABILITIES", "ACTIVE_SCANNING", "SCANNING_IP_BLOCKS", "CONTAINER_AND_RESOURCE_DISCOVERY" ]
enum_MitreAttackPrimaryTactic := [ "TACTIC_UNSPECIFIED", "RECONNAISSANCE", "RESOURCE_DEVELOPMENT", "INITIAL_ACCESS", "EXECUTION", "PERSISTENCE", "PRIVILEGE_ESCALATION", "DEFENSE_EVASION", "CREDENTIAL_ACCESS", "DISCOVERY", "LATERAL_MOVEMENT", "COLLECTION", "COMMAND_AND_CONTROL", "EXFILTRATION", "IMPACT" ]
enum_MitreAttackPrimaryTechniques := [ "TECHNIQUE_UNSPECIFIED", "MASQUERADING", "MATCH_LEGITIMATE_NAME_OR_LOCATION", "BOOT_OR_LOGON_INITIALIZATION_SCRIPTS", "STARTUP_ITEMS", "NETWORK_SERVICE_DISCOVERY", "PROCESS_DISCOVERY", "COMMAND_AND_SCRIPTING_INTERPRETER", "UNIX_SHELL", "PYTHON", "PERMISSION_GROUPS_DISCOVERY", "CLOUD_GROUPS", "APPLICATION_LAYER_PROTOCOL", "DNS", "SOFTWARE_DEPLOYMENT_TOOLS", "VALID_ACCOUNTS", "DEFAULT_ACCOUNTS", "LOCAL_ACCOUNTS", "CLOUD_ACCOUNTS", "PROXY", "EXTERNAL_PROXY", "MULTI_HOP_PROXY", "ACCOUNT_MANIPULATION", "ADDITIONAL_CLOUD_CREDENTIALS", "SSH_AUTHORIZED_KEYS", "ADDITIONAL_CONTAINER_CLUSTER_ROLES", "INGRESS_TOOL_TRANSFER", "NATIVE_API", "BRUTE_FORCE", "SHARED_MODULES", "ACCESS_TOKEN_MANIPULATION", "TOKEN_IMPERSONATION_OR_THEFT", "EXPLOIT_PUBLIC_FACING_APPLICATION", "DOMAIN_POLICY_MODIFICATION", "DATA_DESTRUCTION", "SERVICE_STOP", "INHIBIT_SYSTEM_RECOVERY", "RESOURCE_HIJACKING", "NETWORK_DENIAL_OF_SERVICE", "CLOUD_SERVICE_DISCOVERY", "STEAL_APPLICATION_ACCESS_TOKEN", "ACCOUNT_ACCESS_REMOVAL", "STEAL_WEB_SESSION_COOKIE", "CREATE_OR_MODIFY_SYSTEM_PROCESS", "ABUSE_ELEVATION_CONTROL_MECHANISM", "UNSECURED_CREDENTIALS", "MODIFY_AUTHENTICATION_PROCESS", "IMPAIR_DEFENSES", "DISABLE_OR_MODIFY_TOOLS", "EXFILTRATION_OVER_WEB_SERVICE", "EXFILTRATION_TO_CLOUD_STORAGE", "DYNAMIC_RESOLUTION", "LATERAL_TOOL_TRANSFER", "MODIFY_CLOUD_COMPUTE_INFRASTRUCTURE", "CREATE_SNAPSHOT", "CLOUD_INFRASTRUCTURE_DISCOVERY", "OBTAIN_CAPABILITIES", "ACTIVE_SCANNING", "SCANNING_IP_BLOCKS", "CONTAINER_AND_RESOURCE_DISCOVERY" ]
enum_ProcessSignatureSignatureType := [ "SIGNATURE_TYPE_UNSPECIFIED", "SIGNATURE_TYPE_PROCESS", "SIGNATURE_TYPE_FILE" ]
enum_RoleKind := [ "KIND_UNSPECIFIED", "ROLE", "CLUSTER_ROLE" ]
enum_SubjectKind := [ "AUTH_TYPE_UNSPECIFIED", "USER", "SERVICEACCOUNT", "GROUP" ]
valid {
input.Body.access.callerIp == STRING
input.Body.access.callerIpGeo.regionCode == STRING
input.Body.access.methodName == STRING
input.Body.access.principalEmail == STRING
input.Body.access.principalSubject == STRING
input.Body.access.serviceAccountDelegationInfo[_].principalEmail == STRING
input.Body.access.serviceAccountDelegationInfo[_].principalSubject == STRING
input.Body.access.serviceAccountKeyName == STRING
input.Body.access.serviceName == STRING
input.Body.access.userAgent == STRING
input.Body.access.userAgentFamily == STRING
input.Body.access.userName == STRING
input.Body.application.baseUri == STRING
input.Body.application.fullUri == STRING
input.Body.attackExposure.attackExposureResult == STRING
input.Body.attackExposure.exposedHighValueResourcesCount == INTEGER
input.Body.attackExposure.exposedLowValueResourcesCount == INTEGER
input.Body.attackExposure.exposedMediumValueResourcesCount == INTEGER
input.Body.attackExposure.latestCalculationTime == STRING
input.Body.attackExposure.score == NUMBER
input.Body.attackExposure.state == enum_AttackExposureState[_]
input.Body.backupDisasterRecovery.appliance == STRING
input.Body.backupDisasterRecovery.applications[_] == STRING
input.Body.backupDisasterRecovery.backupCreateTime == STRING
input.Body.backupDisasterRecovery.backupTemplate == STRING
input.Body.backupDisasterRecovery.backupType == STRING
input.Body.backupDisasterRecovery.host == STRING
input.Body.backupDisasterRecovery.policies[_] == STRING
input.Body.backupDisasterRecovery.policyOptions[_] == STRING
input.Body.backupDisasterRecovery.profile == STRING
input.Body.backupDisasterRecovery.storagePool == STRING
input.Body.canonicalName == STRING
input.Body.category == STRING
input.Body.cloudArmor.adaptiveProtection.confidence == NUMBER
input.Body.cloudArmor.attack.classification == STRING
input.Body.cloudArmor.attack.volumeBps == INTEGER
input.Body.cloudArmor.attack.volumePps == INTEGER
input.Body.cloudArmor.duration == STRING
input.Body.cloudArmor.requests.longTermAllowed == INTEGER
input.Body.cloudArmor.requests.longTermDenied == INTEGER
input.Body.cloudArmor.requests.ratio == NUMBER
input.Body.cloudArmor.requests.shortTermAllowed == INTEGER
input.Body.cloudArmor.securityPolicy.name == STRING
input.Body.cloudArmor.securityPolicy.preview == BOOLEAN
input.Body.cloudArmor.securityPolicy.type == STRING
input.Body.cloudArmor.threatVector == STRING
input.Body.cloudDlpDataProfile.dataProfile == STRING
input.Body.cloudDlpDataProfile.parentType == enum_CloudDlpDataProfileParentType[_]
input.Body.cloudDlpInspection.fullScan == BOOLEAN
input.Body.cloudDlpInspection.infoType == STRING
input.Body.cloudDlpInspection.infoTypeCount == STRING
input.Body.cloudDlpInspection.inspectJob == STRING
input.Body.compliances[_].ids[_] == STRING
input.Body.compliances[_].standard == STRING
input.Body.compliances[_].version == STRING
input.Body.connections[_].destinationIp == STRING
input.Body.connections[_].destinationPort == INTEGER
input.Body.connections[_].protocol == enum_ConnectionProtocol[_]
input.Body.connections[_].sourceIp == STRING
input.Body.connections[_].sourcePort == INTEGER
input.Body.containers[_].createTime == STRING
input.Body.containers[_].imageId == STRING
input.Body.containers[_].labels[_].name == STRING
input.Body.containers[_].labels[_].value == STRING
input.Body.containers[_].name == STRING
input.Body.containers[_].uri == STRING
input.Body.createTime == STRING
input.Body.database.displayName == STRING
input.Body.database.grantees[_] == STRING
input.Body.database.name == STRING
input.Body.database.query == STRING
input.Body.database.userName == STRING
input.Body.database.version == STRING
input.Body.description == STRING
input.Body.eventTime == STRING
input.Body.exfiltration.sources[_].components[_] == STRING
input.Body.exfiltration.sources[_].name == STRING
input.Body.exfiltration.targets[_].components[_] == STRING
input.Body.exfiltration.targets[_].name == STRING
input.Body.exfiltration.totalExfiltratedBytes == STRING
input.Body.externalUri == STRING
input.Body.files[_].contents == STRING
input.Body.files[_].diskPath.partitionUuid == STRING
input.Body.files[_].diskPath.relativePath == STRING
input.Body.files[_].hashedSize == STRING
input.Body.files[_].partiallyHashed == BOOLEAN
input.Body.files[_].path == STRING
input.Body.files[_].sha256 == STRING
input.Body.files[_].size == STRING
input.Body.findingClass == enum_FindingFindingClass[_]
input.Body.iamBindings[_].action == enum_IamBindingAction[_]
input.Body.iamBindings[_].member == STRING
input.Body.iamBindings[_].role == STRING
input.Body.indicator.domains[_] == STRING
input.Body.indicator.ipAddresses[_] == STRING
input.Body.indicator.signatures[_].memoryHashSignature.binaryFamily == STRING
input.Body.indicator.signatures[_].memoryHashSignature.detections[_].binary == STRING
input.Body.indicator.signatures[_].memoryHashSignature.detections[_].percentPagesMatched == NUMBER
input.Body.indicator.signatures[_].signatureType == enum_ProcessSignatureSignatureType[_]
input.Body.indicator.signatures[_].yaraRuleSignature.yaraRule == STRING
input.Body.indicator.uris[_] == STRING
input.Body.kernelRootkit.name == STRING
input.Body.kernelRootkit.unexpectedCodeModification == BOOLEAN
input.Body.kernelRootkit.unexpectedFtraceHandler == BOOLEAN
input.Body.kernelRootkit.unexpectedInterruptHandler == BOOLEAN
input.Body.kernelRootkit.unexpectedKernelCodePages == BOOLEAN
input.Body.kernelRootkit.unexpectedKprobeHandler == BOOLEAN
input.Body.kernelRootkit.unexpectedProcessesInRunqueue == BOOLEAN
input.Body.kernelRootkit.unexpectedReadOnlyDataModification == BOOLEAN
input.Body.kernelRootkit.unexpectedSystemCallHandler == BOOLEAN
input.Body.kubernetes.accessReviews[_].group == STRING
input.Body.kubernetes.accessReviews[_].name == STRING
input.Body.kubernetes.accessReviews[_].ns == STRING
input.Body.kubernetes.accessReviews[_].resource == STRING
input.Body.kubernetes.accessReviews[_].subresource == STRING
input.Body.kubernetes.accessReviews[_].verb == STRING
input.Body.kubernetes.accessReviews[_].version == STRING
input.Body.kubernetes.bindings[_].name == STRING
input.Body.kubernetes.bindings[_].ns == STRING
input.Body.kubernetes.bindings[_].role.kind == enum_RoleKind[_]
input.Body.kubernetes.bindings[_].role.name == STRING
input.Body.kubernetes.bindings[_].role.ns == STRING
input.Body.kubernetes.bindings[_].subjects[_].kind == enum_SubjectKind[_]
input.Body.kubernetes.bindings[_].subjects[_].name == STRING
input.Body.kubernetes.bindings[_].subjects[_].ns == STRING
input.Body.kubernetes.nodePools[_].name == STRING
input.Body.kubernetes.nodePools[_].nodes[_].name == STRING
input.Body.kubernetes.nodes[_].name == STRING
input.Body.kubernetes.objects[_].containers[_].createTime == STRING
input.Body.kubernetes.objects[_].containers[_].imageId == STRING
input.Body.kubernetes.objects[_].containers[_].labels[_].name == STRING
input.Body.kubernetes.objects[_].containers[_].labels[_].value == STRING
input.Body.kubernetes.objects[_].containers[_].name == STRING
input.Body.kubernetes.objects[_].containers[_].uri == STRING
input.Body.kubernetes.objects[_].group == STRING
input.Body.kubernetes.objects[_].kind == STRING
input.Body.kubernetes.objects[_].name == STRING
input.Body.kubernetes.objects[_].ns == STRING
input.Body.kubernetes.pods[_].containers[_].createTime == STRING
input.Body.kubernetes.pods[_].containers[_].imageId == STRING
input.Body.kubernetes.pods[_].containers[_].labels[_].name == STRING
input.Body.kubernetes.pods[_].containers[_].labels[_].value == STRING
input.Body.kubernetes.pods[_].containers[_].name == STRING
input.Body.kubernetes.pods[_].containers[_].uri == STRING
input.Body.kubernetes.pods[_].labels[_].name == STRING
input.Body.kubernetes.pods[_].labels[_].value == STRING
input.Body.kubernetes.pods[_].name == STRING
input.Body.kubernetes.pods[_].ns == STRING
input.Body.kubernetes.roles[_].kind == enum_RoleKind[_]
input.Body.kubernetes.roles[_].name == STRING
input.Body.kubernetes.roles[_].ns == STRING
input.Body.loadBalancers[_].name == STRING
input.Body.logEntries[_].cloudLoggingEntry.insertId == STRING
input.Body.logEntries[_].cloudLoggingEntry.logId == STRING
input.Body.logEntries[_].cloudLoggingEntry.resourceContainer == STRING
input.Body.logEntries[_].cloudLoggingEntry.timestamp == STRING
input.Body.mitreAttack.additionalTactics[_] == enum_MitreAttackAdditionalTactics[_]
input.Body.mitreAttack.additionalTechniques[_] == enum_MitreAttackAdditionalTechniques[_]
input.Body.mitreAttack.primaryTactic == enum_MitreAttackPrimaryTactic[_]
input.Body.mitreAttack.primaryTechniques[_] == enum_MitreAttackPrimaryTechniques[_]
input.Body.mitreAttack.version == STRING
input.Body.moduleName == STRING
input.Body.mute == enum_FindingMute[_]
input.Body.muteInitiator == STRING
input.Body.name == STRING
input.Body.nextSteps == STRING
input.Body.notebook.lastAuthor == STRING
input.Body.notebook.name == STRING
input.Body.notebook.notebookUpdateTime == STRING
input.Body.notebook.service == STRING
input.Body.orgPolicies[_].name == STRING
input.Body.parent == STRING
input.Body.processes[_].args[_] == STRING
input.Body.processes[_].argumentsTruncated == BOOLEAN
input.Body.processes[_].binary.contents == STRING
input.Body.processes[_].binary.diskPath.partitionUuid == STRING
input.Body.processes[_].binary.diskPath.relativePath == STRING
input.Body.processes[_].binary.hashedSize == STRING
input.Body.processes[_].binary.partiallyHashed == BOOLEAN
input.Body.processes[_].binary.path == STRING
input.Body.processes[_].binary.sha256 == STRING
input.Body.processes[_].binary.size == STRING
input.Body.processes[_].envVariables[_].name == STRING
input.Body.processes[_].envVariables[_].val == STRING
input.Body.processes[_].envVariablesTruncated == BOOLEAN
input.Body.processes[_].libraries[_].contents == STRING
input.Body.processes[_].libraries[_].diskPath.partitionUuid == STRING
input.Body.processes[_].libraries[_].diskPath.relativePath == STRING
input.Body.processes[_].libraries[_].hashedSize == STRING
input.Body.processes[_].libraries[_].partiallyHashed == BOOLEAN
input.Body.processes[_].libraries[_].path == STRING
input.Body.processes[_].libraries[_].sha256 == STRING
input.Body.processes[_].libraries[_].size == STRING
input.Body.processes[_].name == STRING
input.Body.processes[_].parentPid == STRING
input.Body.processes[_].pid == STRING
input.Body.processes[_].script.contents == STRING
input.Body.processes[_].script.diskPath.partitionUuid == STRING
input.Body.processes[_].script.diskPath.relativePath == STRING
input.Body.processes[_].script.hashedSize == STRING
input.Body.processes[_].script.partiallyHashed == BOOLEAN
input.Body.processes[_].script.path == STRING
input.Body.processes[_].script.sha256 == STRING
input.Body.processes[_].script.size == STRING
input.Body.resourceName == STRING
input.Body.securityPosture.changedPolicy == STRING
input.Body.securityPosture.name == STRING
input.Body.securityPosture.policy == STRING
input.Body.securityPosture.policyDriftDetails[_].detectedValue == STRING
input.Body.securityPosture.policyDriftDetails[_].expectedValue == STRING
input.Body.securityPosture.policyDriftDetails[_].field == STRING
input.Body.securityPosture.policySet == STRING
input.Body.securityPosture.postureDeployment == STRING
input.Body.securityPosture.postureDeploymentResource == STRING
input.Body.securityPosture.revisionId == STRING
input.Body.severity == enum_FindingSeverity[_]
input.Body.sourceProperties.STRING == ANY
input.Body.state == enum_FindingState[_]
input.Body.vulnerability.cve.cvssv3.attackComplexity == enum_Cvssv3AttackComplexity[_]
input.Body.vulnerability.cve.cvssv3.attackVector == enum_Cvssv3AttackVector[_]
input.Body.vulnerability.cve.cvssv3.availabilityImpact == enum_Cvssv3AvailabilityImpact[_]
input.Body.vulnerability.cve.cvssv3.baseScore == NUMBER
input.Body.vulnerability.cve.cvssv3.confidentialityImpact == enum_Cvssv3ConfidentialityImpact[_]
input.Body.vulnerability.cve.cvssv3.integrityImpact == enum_Cvssv3IntegrityImpact[_]
input.Body.vulnerability.cve.cvssv3.privilegesRequired == enum_Cvssv3PrivilegesRequired[_]
input.Body.vulnerability.cve.cvssv3.scope == enum_Cvssv3Scope[_]
input.Body.vulnerability.cve.cvssv3.userInteraction == enum_Cvssv3UserInteraction[_]
input.Body.vulnerability.cve.exploitationActivity == enum_CveExploitationActivity[_]
input.Body.vulnerability.cve.id == STRING
input.Body.vulnerability.cve.impact == enum_CveImpact[_]
input.Body.vulnerability.cve.observedInTheWild == BOOLEAN
input.Body.vulnerability.cve.references[_].source == STRING
input.Body.vulnerability.cve.references[_].uri == STRING
input.Body.vulnerability.cve.upstreamFixAvailable == BOOLEAN
input.Body.vulnerability.cve.zeroDay == BOOLEAN
input.Body.vulnerability.fixedPackage.cpeUri == STRING
input.Body.vulnerability.fixedPackage.packageName == STRING
input.Body.vulnerability.fixedPackage.packageType == STRING
input.Body.vulnerability.fixedPackage.packageVersion == STRING
input.Body.vulnerability.offendingPackage.cpeUri == STRING
input.Body.vulnerability.offendingPackage.packageName == STRING
input.Body.vulnerability.offendingPackage.packageType == STRING
input.Body.vulnerability.offendingPackage.packageVersion == STRING
input.Body.vulnerability.securityBulletin.bulletinId == STRING
input.Body.vulnerability.securityBulletin.submissionTime == STRING
input.Body.vulnerability.securityBulletin.suggestedUpgradeVersion == STRING
input.ReqMap.parent == STRING
input.Qs.findingId == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.organizations.sources.findings.externalSystems.patch
valid {
input.Body.assignees[_] == STRING
input.Body.caseCloseTime == STRING
input.Body.caseCreateTime == STRING
input.Body.casePriority == STRING
input.Body.caseSla == STRING
input.Body.caseUri == STRING
input.Body.externalSystemUpdateTime == STRING
input.Body.externalUid == STRING
input.Body.name == STRING
input.Body.status == STRING
input.Body.ticketInfo.assignee == STRING
input.Body.ticketInfo.description == STRING
input.Body.ticketInfo.id == STRING
input.Body.ticketInfo.status == STRING
input.Body.ticketInfo.updateTime == STRING
input.Body.ticketInfo.uri == STRING
input.ReqMap.name == STRING
input.Qs.updateMask == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.organizations.sources.findings.group
valid {
input.Body.compareDuration == STRING
input.Body.filter == STRING
input.Body.groupBy == STRING
input.Body.pageSize == INTEGER
input.Body.pageToken == STRING
input.Body.readTime == STRING
input.ReqMap.parent == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.organizations.sources.findings.list
valid {
input.ReqMap.parent == STRING
input.Qs.compareDuration == STRING
input.Qs.fieldMask == STRING
input.Qs.filter == STRING
input.Qs.orderBy == STRING
input.Qs.pageSize == INTEGER
input.Qs.pageToken == STRING
input.Qs.readTime == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.organizations.sources.findings.patch
enum_AttackExposureState := [ "STATE_UNSPECIFIED", "CALCULATED", "NOT_CALCULATED" ]
enum_CloudDlpDataProfileParentType := [ "PARENT_TYPE_UNSPECIFIED", "ORGANIZATION", "PROJECT" ]
enum_ConnectionProtocol := [ "PROTOCOL_UNSPECIFIED", "ICMP", "TCP", "UDP", "GRE", "ESP" ]
enum_CveExploitationActivity := [ "EXPLOITATION_ACTIVITY_UNSPECIFIED", "WIDE", "CONFIRMED", "AVAILABLE", "ANTICIPATED", "NO_KNOWN" ]
enum_CveImpact := [ "RISK_RATING_UNSPECIFIED", "LOW", "MEDIUM", "HIGH", "CRITICAL" ]
enum_Cvssv3AttackComplexity := [ "ATTACK_COMPLEXITY_UNSPECIFIED", "ATTACK_COMPLEXITY_LOW", "ATTACK_COMPLEXITY_HIGH" ]
enum_Cvssv3AttackVector := [ "ATTACK_VECTOR_UNSPECIFIED", "ATTACK_VECTOR_NETWORK", "ATTACK_VECTOR_ADJACENT", "ATTACK_VECTOR_LOCAL", "ATTACK_VECTOR_PHYSICAL" ]
enum_Cvssv3AvailabilityImpact := [ "IMPACT_UNSPECIFIED", "IMPACT_HIGH", "IMPACT_LOW", "IMPACT_NONE" ]
enum_Cvssv3ConfidentialityImpact := [ "IMPACT_UNSPECIFIED", "IMPACT_HIGH", "IMPACT_LOW", "IMPACT_NONE" ]
enum_Cvssv3IntegrityImpact := [ "IMPACT_UNSPECIFIED", "IMPACT_HIGH", "IMPACT_LOW", "IMPACT_NONE" ]
enum_Cvssv3PrivilegesRequired := [ "PRIVILEGES_REQUIRED_UNSPECIFIED", "PRIVILEGES_REQUIRED_NONE", "PRIVILEGES_REQUIRED_LOW", "PRIVILEGES_REQUIRED_HIGH" ]
enum_Cvssv3Scope := [ "SCOPE_UNSPECIFIED", "SCOPE_UNCHANGED", "SCOPE_CHANGED" ]
enum_Cvssv3UserInteraction := [ "USER_INTERACTION_UNSPECIFIED", "USER_INTERACTION_NONE", "USER_INTERACTION_REQUIRED" ]
enum_FindingFindingClass := [ "FINDING_CLASS_UNSPECIFIED", "THREAT", "VULNERABILITY", "MISCONFIGURATION", "OBSERVATION", "SCC_ERROR", "POSTURE_VIOLATION" ]
enum_FindingMute := [ "MUTE_UNSPECIFIED", "MUTED", "UNMUTED", "UNDEFINED" ]
enum_FindingSeverity := [ "SEVERITY_UNSPECIFIED", "CRITICAL", "HIGH", "MEDIUM", "LOW" ]
enum_FindingState := [ "STATE_UNSPECIFIED", "ACTIVE", "INACTIVE" ]
enum_IamBindingAction := [ "ACTION_UNSPECIFIED", "ADD", "REMOVE" ]
enum_MitreAttackAdditionalTactics := [ "TACTIC_UNSPECIFIED", "RECONNAISSANCE", "RESOURCE_DEVELOPMENT", "INITIAL_ACCESS", "EXECUTION", "PERSISTENCE", "PRIVILEGE_ESCALATION", "DEFENSE_EVASION", "CREDENTIAL_ACCESS", "DISCOVERY", "LATERAL_MOVEMENT", "COLLECTION", "COMMAND_AND_CONTROL", "EXFILTRATION", "IMPACT" ]
enum_MitreAttackAdditionalTechniques := [ "TECHNIQUE_UNSPECIFIED", "MASQUERADING", "MATCH_LEGITIMATE_NAME_OR_LOCATION", "BOOT_OR_LOGON_INITIALIZATION_SCRIPTS", "STARTUP_ITEMS", "NETWORK_SERVICE_DISCOVERY", "PROCESS_DISCOVERY", "COMMAND_AND_SCRIPTING_INTERPRETER", "UNIX_SHELL", "PYTHON", "PERMISSION_GROUPS_DISCOVERY", "CLOUD_GROUPS", "APPLICATION_LAYER_PROTOCOL", "DNS", "SOFTWARE_DEPLOYMENT_TOOLS", "VALID_ACCOUNTS", "DEFAULT_ACCOUNTS", "LOCAL_ACCOUNTS", "CLOUD_ACCOUNTS", "PROXY", "EXTERNAL_PROXY", "MULTI_HOP_PROXY", "ACCOUNT_MANIPULATION", "ADDITIONAL_CLOUD_CREDENTIALS", "SSH_AUTHORIZED_KEYS", "ADDITIONAL_CONTAINER_CLUSTER_ROLES", "INGRESS_TOOL_TRANSFER", "NATIVE_API", "BRUTE_FORCE", "SHARED_MODULES", "ACCESS_TOKEN_MANIPULATION", "TOKEN_IMPERSONATION_OR_THEFT", "EXPLOIT_PUBLIC_FACING_APPLICATION", "DOMAIN_POLICY_MODIFICATION", "DATA_DESTRUCTION", "SERVICE_STOP", "INHIBIT_SYSTEM_RECOVERY", "RESOURCE_HIJACKING", "NETWORK_DENIAL_OF_SERVICE", "CLOUD_SERVICE_DISCOVERY", "STEAL_APPLICATION_ACCESS_TOKEN", "ACCOUNT_ACCESS_REMOVAL", "STEAL_WEB_SESSION_COOKIE", "CREATE_OR_MODIFY_SYSTEM_PROCESS", "ABUSE_ELEVATION_CONTROL_MECHANISM", "UNSECURED_CREDENTIALS", "MODIFY_AUTHENTICATION_PROCESS", "IMPAIR_DEFENSES", "DISABLE_OR_MODIFY_TOOLS", "EXFILTRATION_OVER_WEB_SERVICE", "EXFILTRATION_TO_CLOUD_STORAGE", "DYNAMIC_RESOLUTION", "LATERAL_TOOL_TRANSFER", "MODIFY_CLOUD_COMPUTE_INFRASTRUCTURE", "CREATE_SNAPSHOT", "CLOUD_INFRASTRUCTURE_DISCOVERY", "OBTAIN_CAPABILITIES", "ACTIVE_SCANNING", "SCANNING_IP_BLOCKS", "CONTAINER_AND_RESOURCE_DISCOVERY" ]
enum_MitreAttackPrimaryTactic := [ "TACTIC_UNSPECIFIED", "RECONNAISSANCE", "RESOURCE_DEVELOPMENT", "INITIAL_ACCESS", "EXECUTION", "PERSISTENCE", "PRIVILEGE_ESCALATION", "DEFENSE_EVASION", "CREDENTIAL_ACCESS", "DISCOVERY", "LATERAL_MOVEMENT", "COLLECTION", "COMMAND_AND_CONTROL", "EXFILTRATION", "IMPACT" ]
enum_MitreAttackPrimaryTechniques := [ "TECHNIQUE_UNSPECIFIED", "MASQUERADING", "MATCH_LEGITIMATE_NAME_OR_LOCATION", "BOOT_OR_LOGON_INITIALIZATION_SCRIPTS", "STARTUP_ITEMS", "NETWORK_SERVICE_DISCOVERY", "PROCESS_DISCOVERY", "COMMAND_AND_SCRIPTING_INTERPRETER", "UNIX_SHELL", "PYTHON", "PERMISSION_GROUPS_DISCOVERY", "CLOUD_GROUPS", "APPLICATION_LAYER_PROTOCOL", "DNS", "SOFTWARE_DEPLOYMENT_TOOLS", "VALID_ACCOUNTS", "DEFAULT_ACCOUNTS", "LOCAL_ACCOUNTS", "CLOUD_ACCOUNTS", "PROXY", "EXTERNAL_PROXY", "MULTI_HOP_PROXY", "ACCOUNT_MANIPULATION", "ADDITIONAL_CLOUD_CREDENTIALS", "SSH_AUTHORIZED_KEYS", "ADDITIONAL_CONTAINER_CLUSTER_ROLES", "INGRESS_TOOL_TRANSFER", "NATIVE_API", "BRUTE_FORCE", "SHARED_MODULES", "ACCESS_TOKEN_MANIPULATION", "TOKEN_IMPERSONATION_OR_THEFT", "EXPLOIT_PUBLIC_FACING_APPLICATION", "DOMAIN_POLICY_MODIFICATION", "DATA_DESTRUCTION", "SERVICE_STOP", "INHIBIT_SYSTEM_RECOVERY", "RESOURCE_HIJACKING", "NETWORK_DENIAL_OF_SERVICE", "CLOUD_SERVICE_DISCOVERY", "STEAL_APPLICATION_ACCESS_TOKEN", "ACCOUNT_ACCESS_REMOVAL", "STEAL_WEB_SESSION_COOKIE", "CREATE_OR_MODIFY_SYSTEM_PROCESS", "ABUSE_ELEVATION_CONTROL_MECHANISM", "UNSECURED_CREDENTIALS", "MODIFY_AUTHENTICATION_PROCESS", "IMPAIR_DEFENSES", "DISABLE_OR_MODIFY_TOOLS", "EXFILTRATION_OVER_WEB_SERVICE", "EXFILTRATION_TO_CLOUD_STORAGE", "DYNAMIC_RESOLUTION", "LATERAL_TOOL_TRANSFER", "MODIFY_CLOUD_COMPUTE_INFRASTRUCTURE", "CREATE_SNAPSHOT", "CLOUD_INFRASTRUCTURE_DISCOVERY", "OBTAIN_CAPABILITIES", "ACTIVE_SCANNING", "SCANNING_IP_BLOCKS", "CONTAINER_AND_RESOURCE_DISCOVERY" ]
enum_ProcessSignatureSignatureType := [ "SIGNATURE_TYPE_UNSPECIFIED", "SIGNATURE_TYPE_PROCESS", "SIGNATURE_TYPE_FILE" ]
enum_RoleKind := [ "KIND_UNSPECIFIED", "ROLE", "CLUSTER_ROLE" ]
enum_SubjectKind := [ "AUTH_TYPE_UNSPECIFIED", "USER", "SERVICEACCOUNT", "GROUP" ]
valid {
input.Body.access.callerIp == STRING
input.Body.access.callerIpGeo.regionCode == STRING
input.Body.access.methodName == STRING
input.Body.access.principalEmail == STRING
input.Body.access.principalSubject == STRING
input.Body.access.serviceAccountDelegationInfo[_].principalEmail == STRING
input.Body.access.serviceAccountDelegationInfo[_].principalSubject == STRING
input.Body.access.serviceAccountKeyName == STRING
input.Body.access.serviceName == STRING
input.Body.access.userAgent == STRING
input.Body.access.userAgentFamily == STRING
input.Body.access.userName == STRING
input.Body.application.baseUri == STRING
input.Body.application.fullUri == STRING
input.Body.attackExposure.attackExposureResult == STRING
input.Body.attackExposure.exposedHighValueResourcesCount == INTEGER
input.Body.attackExposure.exposedLowValueResourcesCount == INTEGER
input.Body.attackExposure.exposedMediumValueResourcesCount == INTEGER
input.Body.attackExposure.latestCalculationTime == STRING
input.Body.attackExposure.score == NUMBER
input.Body.attackExposure.state == enum_AttackExposureState[_]
input.Body.backupDisasterRecovery.appliance == STRING
input.Body.backupDisasterRecovery.applications[_] == STRING
input.Body.backupDisasterRecovery.backupCreateTime == STRING
input.Body.backupDisasterRecovery.backupTemplate == STRING
input.Body.backupDisasterRecovery.backupType == STRING
input.Body.backupDisasterRecovery.host == STRING
input.Body.backupDisasterRecovery.policies[_] == STRING
input.Body.backupDisasterRecovery.policyOptions[_] == STRING
input.Body.backupDisasterRecovery.profile == STRING
input.Body.backupDisasterRecovery.storagePool == STRING
input.Body.canonicalName == STRING
input.Body.category == STRING
input.Body.cloudArmor.adaptiveProtection.confidence == NUMBER
input.Body.cloudArmor.attack.classification == STRING
input.Body.cloudArmor.attack.volumeBps == INTEGER
input.Body.cloudArmor.attack.volumePps == INTEGER
input.Body.cloudArmor.duration == STRING
input.Body.cloudArmor.requests.longTermAllowed == INTEGER
input.Body.cloudArmor.requests.longTermDenied == INTEGER
input.Body.cloudArmor.requests.ratio == NUMBER
input.Body.cloudArmor.requests.shortTermAllowed == INTEGER
input.Body.cloudArmor.securityPolicy.name == STRING
input.Body.cloudArmor.securityPolicy.preview == BOOLEAN
input.Body.cloudArmor.securityPolicy.type == STRING
input.Body.cloudArmor.threatVector == STRING
input.Body.cloudDlpDataProfile.dataProfile == STRING
input.Body.cloudDlpDataProfile.parentType == enum_CloudDlpDataProfileParentType[_]
input.Body.cloudDlpInspection.fullScan == BOOLEAN
input.Body.cloudDlpInspection.infoType == STRING
input.Body.cloudDlpInspection.infoTypeCount == STRING
input.Body.cloudDlpInspection.inspectJob == STRING
input.Body.compliances[_].ids[_] == STRING
input.Body.compliances[_].standard == STRING
input.Body.compliances[_].version == STRING
input.Body.connections[_].destinationIp == STRING
input.Body.connections[_].destinationPort == INTEGER
input.Body.connections[_].protocol == enum_ConnectionProtocol[_]
input.Body.connections[_].sourceIp == STRING
input.Body.connections[_].sourcePort == INTEGER
input.Body.containers[_].createTime == STRING
input.Body.containers[_].imageId == STRING
input.Body.containers[_].labels[_].name == STRING
input.Body.containers[_].labels[_].value == STRING
input.Body.containers[_].name == STRING
input.Body.containers[_].uri == STRING
input.Body.createTime == STRING
input.Body.database.displayName == STRING
input.Body.database.grantees[_] == STRING
input.Body.database.name == STRING
input.Body.database.query == STRING
input.Body.database.userName == STRING
input.Body.database.version == STRING
input.Body.description == STRING
input.Body.eventTime == STRING
input.Body.exfiltration.sources[_].components[_] == STRING
input.Body.exfiltration.sources[_].name == STRING
input.Body.exfiltration.targets[_].components[_] == STRING
input.Body.exfiltration.targets[_].name == STRING
input.Body.exfiltration.totalExfiltratedBytes == STRING
input.Body.externalUri == STRING
input.Body.files[_].contents == STRING
input.Body.files[_].diskPath.partitionUuid == STRING
input.Body.files[_].diskPath.relativePath == STRING
input.Body.files[_].hashedSize == STRING
input.Body.files[_].partiallyHashed == BOOLEAN
input.Body.files[_].path == STRING
input.Body.files[_].sha256 == STRING
input.Body.files[_].size == STRING
input.Body.findingClass == enum_FindingFindingClass[_]
input.Body.iamBindings[_].action == enum_IamBindingAction[_]
input.Body.iamBindings[_].member == STRING
input.Body.iamBindings[_].role == STRING
input.Body.indicator.domains[_] == STRING
input.Body.indicator.ipAddresses[_] == STRING
input.Body.indicator.signatures[_].memoryHashSignature.binaryFamily == STRING
input.Body.indicator.signatures[_].memoryHashSignature.detections[_].binary == STRING
input.Body.indicator.signatures[_].memoryHashSignature.detections[_].percentPagesMatched == NUMBER
input.Body.indicator.signatures[_].signatureType == enum_ProcessSignatureSignatureType[_]
input.Body.indicator.signatures[_].yaraRuleSignature.yaraRule == STRING
input.Body.indicator.uris[_] == STRING
input.Body.kernelRootkit.name == STRING
input.Body.kernelRootkit.unexpectedCodeModification == BOOLEAN
input.Body.kernelRootkit.unexpectedFtraceHandler == BOOLEAN
input.Body.kernelRootkit.unexpectedInterruptHandler == BOOLEAN
input.Body.kernelRootkit.unexpectedKernelCodePages == BOOLEAN
input.Body.kernelRootkit.unexpectedKprobeHandler == BOOLEAN
input.Body.kernelRootkit.unexpectedProcessesInRunqueue == BOOLEAN
input.Body.kernelRootkit.unexpectedReadOnlyDataModification == BOOLEAN
input.Body.kernelRootkit.unexpectedSystemCallHandler == BOOLEAN
input.Body.kubernetes.accessReviews[_].group == STRING
input.Body.kubernetes.accessReviews[_].name == STRING
input.Body.kubernetes.accessReviews[_].ns == STRING
input.Body.kubernetes.accessReviews[_].resource == STRING
input.Body.kubernetes.accessReviews[_].subresource == STRING
input.Body.kubernetes.accessReviews[_].verb == STRING
input.Body.kubernetes.accessReviews[_].version == STRING
input.Body.kubernetes.bindings[_].name == STRING
input.Body.kubernetes.bindings[_].ns == STRING
input.Body.kubernetes.bindings[_].role.kind == enum_RoleKind[_]
input.Body.kubernetes.bindings[_].role.name == STRING
input.Body.kubernetes.bindings[_].role.ns == STRING
input.Body.kubernetes.bindings[_].subjects[_].kind == enum_SubjectKind[_]
input.Body.kubernetes.bindings[_].subjects[_].name == STRING
input.Body.kubernetes.bindings[_].subjects[_].ns == STRING
input.Body.kubernetes.nodePools[_].name == STRING
input.Body.kubernetes.nodePools[_].nodes[_].name == STRING
input.Body.kubernetes.nodes[_].name == STRING
input.Body.kubernetes.objects[_].containers[_].createTime == STRING
input.Body.kubernetes.objects[_].containers[_].imageId == STRING
input.Body.kubernetes.objects[_].containers[_].labels[_].name == STRING
input.Body.kubernetes.objects[_].containers[_].labels[_].value == STRING
input.Body.kubernetes.objects[_].containers[_].name == STRING
input.Body.kubernetes.objects[_].containers[_].uri == STRING
input.Body.kubernetes.objects[_].group == STRING
input.Body.kubernetes.objects[_].kind == STRING
input.Body.kubernetes.objects[_].name == STRING
input.Body.kubernetes.objects[_].ns == STRING
input.Body.kubernetes.pods[_].containers[_].createTime == STRING
input.Body.kubernetes.pods[_].containers[_].imageId == STRING
input.Body.kubernetes.pods[_].containers[_].labels[_].name == STRING
input.Body.kubernetes.pods[_].containers[_].labels[_].value == STRING
input.Body.kubernetes.pods[_].containers[_].name == STRING
input.Body.kubernetes.pods[_].containers[_].uri == STRING
input.Body.kubernetes.pods[_].labels[_].name == STRING
input.Body.kubernetes.pods[_].labels[_].value == STRING
input.Body.kubernetes.pods[_].name == STRING
input.Body.kubernetes.pods[_].ns == STRING
input.Body.kubernetes.roles[_].kind == enum_RoleKind[_]
input.Body.kubernetes.roles[_].name == STRING
input.Body.kubernetes.roles[_].ns == STRING
input.Body.loadBalancers[_].name == STRING
input.Body.logEntries[_].cloudLoggingEntry.insertId == STRING
input.Body.logEntries[_].cloudLoggingEntry.logId == STRING
input.Body.logEntries[_].cloudLoggingEntry.resourceContainer == STRING
input.Body.logEntries[_].cloudLoggingEntry.timestamp == STRING
input.Body.mitreAttack.additionalTactics[_] == enum_MitreAttackAdditionalTactics[_]
input.Body.mitreAttack.additionalTechniques[_] == enum_MitreAttackAdditionalTechniques[_]
input.Body.mitreAttack.primaryTactic == enum_MitreAttackPrimaryTactic[_]
input.Body.mitreAttack.primaryTechniques[_] == enum_MitreAttackPrimaryTechniques[_]
input.Body.mitreAttack.version == STRING
input.Body.moduleName == STRING
input.Body.mute == enum_FindingMute[_]
input.Body.muteInitiator == STRING
input.Body.name == STRING
input.Body.nextSteps == STRING
input.Body.notebook.lastAuthor == STRING
input.Body.notebook.name == STRING
input.Body.notebook.notebookUpdateTime == STRING
input.Body.notebook.service == STRING
input.Body.orgPolicies[_].name == STRING
input.Body.parent == STRING
input.Body.processes[_].args[_] == STRING
input.Body.processes[_].argumentsTruncated == BOOLEAN
input.Body.processes[_].binary.contents == STRING
input.Body.processes[_].binary.diskPath.partitionUuid == STRING
input.Body.processes[_].binary.diskPath.relativePath == STRING
input.Body.processes[_].binary.hashedSize == STRING
input.Body.processes[_].binary.partiallyHashed == BOOLEAN
input.Body.processes[_].binary.path == STRING
input.Body.processes[_].binary.sha256 == STRING
input.Body.processes[_].binary.size == STRING
input.Body.processes[_].envVariables[_].name == STRING
input.Body.processes[_].envVariables[_].val == STRING
input.Body.processes[_].envVariablesTruncated == BOOLEAN
input.Body.processes[_].libraries[_].contents == STRING
input.Body.processes[_].libraries[_].diskPath.partitionUuid == STRING
input.Body.processes[_].libraries[_].diskPath.relativePath == STRING
input.Body.processes[_].libraries[_].hashedSize == STRING
input.Body.processes[_].libraries[_].partiallyHashed == BOOLEAN
input.Body.processes[_].libraries[_].path == STRING
input.Body.processes[_].libraries[_].sha256 == STRING
input.Body.processes[_].libraries[_].size == STRING
input.Body.processes[_].name == STRING
input.Body.processes[_].parentPid == STRING
input.Body.processes[_].pid == STRING
input.Body.processes[_].script.contents == STRING
input.Body.processes[_].script.diskPath.partitionUuid == STRING
input.Body.processes[_].script.diskPath.relativePath == STRING
input.Body.processes[_].script.hashedSize == STRING
input.Body.processes[_].script.partiallyHashed == BOOLEAN
input.Body.processes[_].script.path == STRING
input.Body.processes[_].script.sha256 == STRING
input.Body.processes[_].script.size == STRING
input.Body.resourceName == STRING
input.Body.securityPosture.changedPolicy == STRING
input.Body.securityPosture.name == STRING
input.Body.securityPosture.policy == STRING
input.Body.securityPosture.policyDriftDetails[_].detectedValue == STRING
input.Body.securityPosture.policyDriftDetails[_].expectedValue == STRING
input.Body.securityPosture.policyDriftDetails[_].field == STRING
input.Body.securityPosture.policySet == STRING
input.Body.securityPosture.postureDeployment == STRING
input.Body.securityPosture.postureDeploymentResource == STRING
input.Body.securityPosture.revisionId == STRING
input.Body.severity == enum_FindingSeverity[_]
input.Body.sourceProperties.STRING == ANY
input.Body.state == enum_FindingState[_]
input.Body.vulnerability.cve.cvssv3.attackComplexity == enum_Cvssv3AttackComplexity[_]
input.Body.vulnerability.cve.cvssv3.attackVector == enum_Cvssv3AttackVector[_]
input.Body.vulnerability.cve.cvssv3.availabilityImpact == enum_Cvssv3AvailabilityImpact[_]
input.Body.vulnerability.cve.cvssv3.baseScore == NUMBER
input.Body.vulnerability.cve.cvssv3.confidentialityImpact == enum_Cvssv3ConfidentialityImpact[_]
input.Body.vulnerability.cve.cvssv3.integrityImpact == enum_Cvssv3IntegrityImpact[_]
input.Body.vulnerability.cve.cvssv3.privilegesRequired == enum_Cvssv3PrivilegesRequired[_]
input.Body.vulnerability.cve.cvssv3.scope == enum_Cvssv3Scope[_]
input.Body.vulnerability.cve.cvssv3.userInteraction == enum_Cvssv3UserInteraction[_]
input.Body.vulnerability.cve.exploitationActivity == enum_CveExploitationActivity[_]
input.Body.vulnerability.cve.id == STRING
input.Body.vulnerability.cve.impact == enum_CveImpact[_]
input.Body.vulnerability.cve.observedInTheWild == BOOLEAN
input.Body.vulnerability.cve.references[_].source == STRING
input.Body.vulnerability.cve.references[_].uri == STRING
input.Body.vulnerability.cve.upstreamFixAvailable == BOOLEAN
input.Body.vulnerability.cve.zeroDay == BOOLEAN
input.Body.vulnerability.fixedPackage.cpeUri == STRING
input.Body.vulnerability.fixedPackage.packageName == STRING
input.Body.vulnerability.fixedPackage.packageType == STRING
input.Body.vulnerability.fixedPackage.packageVersion == STRING
input.Body.vulnerability.offendingPackage.cpeUri == STRING
input.Body.vulnerability.offendingPackage.packageName == STRING
input.Body.vulnerability.offendingPackage.packageType == STRING
input.Body.vulnerability.offendingPackage.packageVersion == STRING
input.Body.vulnerability.securityBulletin.bulletinId == STRING
input.Body.vulnerability.securityBulletin.submissionTime == STRING
input.Body.vulnerability.securityBulletin.suggestedUpgradeVersion == STRING
input.ReqMap.name == STRING
input.Qs.updateMask == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.organizations.sources.findings.setMute
enum_SetMuteRequestMute := [ "MUTE_UNSPECIFIED", "MUTED", "UNMUTED", "UNDEFINED" ]
valid {
input.Body.mute == enum_SetMuteRequestMute[_]
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.organizations.sources.findings.setState
enum_SetFindingStateRequestState := [ "STATE_UNSPECIFIED", "ACTIVE", "INACTIVE" ]
valid {
input.Body.startTime == STRING
input.Body.state == enum_SetFindingStateRequestState[_]
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.organizations.sources.findings.updateSecurityMarks
valid {
input.Body.canonicalName == STRING
input.Body.marks.STRING == STRING
input.Body.name == STRING
input.ReqMap.name == STRING
input.Qs.startTime == STRING
input.Qs.updateMask == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.organizations.sources.get
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.organizations.sources.getIamPolicy
valid {
input.Body.options.requestedPolicyVersion == INTEGER
input.ReqMap.resource == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.organizations.sources.list
valid {
input.ReqMap.parent == STRING
input.Qs.pageSize == INTEGER
input.Qs.pageToken == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.organizations.sources.patch
valid {
input.Body.canonicalName == STRING
input.Body.description == STRING
input.Body.displayName == STRING
input.Body.name == STRING
input.ReqMap.name == STRING
input.Qs.updateMask == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.organizations.sources.setIamPolicy
enum_AuditLogConfigLogType := [ "LOG_TYPE_UNSPECIFIED", "ADMIN_READ", "DATA_WRITE", "DATA_READ" ]
valid {
input.Body.policy.auditConfigs[_].auditLogConfigs[_].exemptedMembers[_] == STRING
input.Body.policy.auditConfigs[_].auditLogConfigs[_].logType == enum_AuditLogConfigLogType[_]
input.Body.policy.auditConfigs[_].service == STRING
input.Body.policy.bindings[_].condition.description == STRING
input.Body.policy.bindings[_].condition.expression == STRING
input.Body.policy.bindings[_].condition.location == STRING
input.Body.policy.bindings[_].condition.title == STRING
input.Body.policy.bindings[_].members[_] == STRING
input.Body.policy.bindings[_].role == STRING
input.Body.policy.etag == STRING
input.Body.policy.version == INTEGER
input.Body.updateMask == STRING
input.ReqMap.resource == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.organizations.sources.testIamPermissions
valid {
input.Body.permissions[_] == STRING
input.ReqMap.resource == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.organizations.updateContainerThreatDetectionSettings
enum_ConfigModuleEnablementState := [ "ENABLEMENT_STATE_UNSPECIFIED", "INHERITED", "ENABLED", "DISABLED" ]
enum_ContainerThreatDetectionSettingsServiceEnablementState := [ "ENABLEMENT_STATE_UNSPECIFIED", "INHERITED", "ENABLED", "DISABLED" ]
valid {
input.Body.modules.STRING.moduleEnablementState == enum_ConfigModuleEnablementState[_]
input.Body.modules.STRING.value.STRING == ANY
input.Body.name == STRING
input.Body.serviceEnablementState == enum_ContainerThreatDetectionSettingsServiceEnablementState[_]
input.ReqMap.name == STRING
input.Qs.updateMask == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.organizations.updateEventThreatDetectionSettings
enum_ConfigModuleEnablementState := [ "ENABLEMENT_STATE_UNSPECIFIED", "INHERITED", "ENABLED", "DISABLED" ]
enum_EventThreatDetectionSettingsServiceEnablementState := [ "ENABLEMENT_STATE_UNSPECIFIED", "INHERITED", "ENABLED", "DISABLED" ]
valid {
input.Body.modules.STRING.moduleEnablementState == enum_ConfigModuleEnablementState[_]
input.Body.modules.STRING.value.STRING == ANY
input.Body.name == STRING
input.Body.serviceEnablementState == enum_EventThreatDetectionSettingsServiceEnablementState[_]
input.ReqMap.name == STRING
input.Qs.updateMask == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.organizations.updateOrganizationSettings
enum_AssetDiscoveryConfigInclusionMode := [ "INCLUSION_MODE_UNSPECIFIED", "INCLUDE_ONLY", "EXCLUDE" ]
valid {
input.Body.assetDiscoveryConfig.folderIds[_] == STRING
input.Body.assetDiscoveryConfig.inclusionMode == enum_AssetDiscoveryConfigInclusionMode[_]
input.Body.assetDiscoveryConfig.projectIds[_] == STRING
input.Body.enableAssetDiscovery == BOOLEAN
input.Body.name == STRING
input.ReqMap.name == STRING
input.Qs.updateMask == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.organizations.updateRapidVulnerabilityDetectionSettings
enum_ConfigModuleEnablementState := [ "ENABLEMENT_STATE_UNSPECIFIED", "INHERITED", "ENABLED", "DISABLED" ]
enum_RapidVulnerabilityDetectionSettingsServiceEnablementState := [ "ENABLEMENT_STATE_UNSPECIFIED", "INHERITED", "ENABLED", "DISABLED" ]
valid {
input.Body.modules.STRING.moduleEnablementState == enum_ConfigModuleEnablementState[_]
input.Body.modules.STRING.value.STRING == ANY
input.Body.name == STRING
input.Body.serviceEnablementState == enum_RapidVulnerabilityDetectionSettingsServiceEnablementState[_]
input.ReqMap.name == STRING
input.Qs.updateMask == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.organizations.updateSecurityHealthAnalyticsSettings
enum_ConfigModuleEnablementState := [ "ENABLEMENT_STATE_UNSPECIFIED", "INHERITED", "ENABLED", "DISABLED" ]
enum_SecurityHealthAnalyticsSettingsServiceEnablementState := [ "ENABLEMENT_STATE_UNSPECIFIED", "INHERITED", "ENABLED", "DISABLED" ]
valid {
input.Body.modules.STRING.moduleEnablementState == enum_ConfigModuleEnablementState[_]
input.Body.modules.STRING.value.STRING == ANY
input.Body.name == STRING
input.Body.serviceEnablementState == enum_SecurityHealthAnalyticsSettingsServiceEnablementState[_]
input.ReqMap.name == STRING
input.Qs.updateMask == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.organizations.updateVirtualMachineThreatDetectionSettings
enum_ConfigModuleEnablementState := [ "ENABLEMENT_STATE_UNSPECIFIED", "INHERITED", "ENABLED", "DISABLED" ]
enum_VirtualMachineThreatDetectionSettingsServiceEnablementState := [ "ENABLEMENT_STATE_UNSPECIFIED", "INHERITED", "ENABLED", "DISABLED" ]
valid {
input.Body.modules.STRING.moduleEnablementState == enum_ConfigModuleEnablementState[_]
input.Body.modules.STRING.value.STRING == ANY
input.Body.name == STRING
input.Body.serviceEnablementState == enum_VirtualMachineThreatDetectionSettingsServiceEnablementState[_]
input.ReqMap.name == STRING
input.Qs.updateMask == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.organizations.updateWebSecurityScannerSettings
enum_ConfigModuleEnablementState := [ "ENABLEMENT_STATE_UNSPECIFIED", "INHERITED", "ENABLED", "DISABLED" ]
enum_WebSecurityScannerSettingsServiceEnablementState := [ "ENABLEMENT_STATE_UNSPECIFIED", "INHERITED", "ENABLED", "DISABLED" ]
valid {
input.Body.modules.STRING.moduleEnablementState == enum_ConfigModuleEnablementState[_]
input.Body.modules.STRING.value.STRING == ANY
input.Body.name == STRING
input.Body.serviceEnablementState == enum_WebSecurityScannerSettingsServiceEnablementState[_]
input.ReqMap.name == STRING
input.Qs.updateMask == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.organizations.virtualMachineThreatDetectionSettings.calculate
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.organizations.webSecurityScannerSettings.calculate
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.projects.assets.group
valid {
input.Body.compareDuration == STRING
input.Body.filter == STRING
input.Body.groupBy == STRING
input.Body.pageSize == INTEGER
input.Body.pageToken == STRING
input.Body.readTime == STRING
input.ReqMap.parent == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.projects.assets.list
valid {
input.ReqMap.parent == STRING
input.Qs.compareDuration == STRING
input.Qs.fieldMask == STRING
input.Qs.filter == STRING
input.Qs.orderBy == STRING
input.Qs.pageSize == INTEGER
input.Qs.pageToken == STRING
input.Qs.readTime == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.projects.assets.updateSecurityMarks
valid {
input.Body.canonicalName == STRING
input.Body.marks.STRING == STRING
input.Body.name == STRING
input.ReqMap.name == STRING
input.Qs.startTime == STRING
input.Qs.updateMask == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.projects.bigQueryExports.create
valid {
input.Body.dataset == STRING
input.Body.description == STRING
input.Body.filter == STRING
input.Body.name == STRING
input.ReqMap.parent == STRING
input.Qs.bigQueryExportId == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.projects.bigQueryExports.delete
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.projects.bigQueryExports.get
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.projects.bigQueryExports.list
valid {
input.ReqMap.parent == STRING
input.Qs.pageSize == INTEGER
input.Qs.pageToken == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.projects.bigQueryExports.patch
valid {
input.Body.dataset == STRING
input.Body.description == STRING
input.Body.filter == STRING
input.Body.name == STRING
input.ReqMap.name == STRING
input.Qs.updateMask == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.projects.containerThreatDetectionSettings.calculate
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.projects.eventThreatDetectionSettings.calculate
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.projects.eventThreatDetectionSettings.customModules.create
enum_EventThreatDetectionCustomModuleEnablementState := [ "ENABLEMENT_STATE_UNSPECIFIED", "ENABLED", "DISABLED", "INHERITED" ]
valid {
input.Body.config.STRING == ANY
input.Body.description == STRING
input.Body.displayName == STRING
input.Body.enablementState == enum_EventThreatDetectionCustomModuleEnablementState[_]
input.Body.name == STRING
input.Body.type == STRING
input.ReqMap.parent == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.projects.eventThreatDetectionSettings.customModules.delete
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.projects.eventThreatDetectionSettings.customModules.get
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.projects.eventThreatDetectionSettings.customModules.list
valid {
input.ReqMap.parent == STRING
input.Qs.pageSize == INTEGER
input.Qs.pageToken == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.projects.eventThreatDetectionSettings.customModules.listDescendant
valid {
input.ReqMap.parent == STRING
input.Qs.pageSize == INTEGER
input.Qs.pageToken == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.projects.eventThreatDetectionSettings.customModules.patch
enum_EventThreatDetectionCustomModuleEnablementState := [ "ENABLEMENT_STATE_UNSPECIFIED", "ENABLED", "DISABLED", "INHERITED" ]
valid {
input.Body.config.STRING == ANY
input.Body.description == STRING
input.Body.displayName == STRING
input.Body.enablementState == enum_EventThreatDetectionCustomModuleEnablementState[_]
input.Body.name == STRING
input.Body.type == STRING
input.ReqMap.name == STRING
input.Qs.updateMask == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.projects.eventThreatDetectionSettings.effectiveCustomModules.get
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.projects.eventThreatDetectionSettings.effectiveCustomModules.list
valid {
input.ReqMap.parent == STRING
input.Qs.pageSize == INTEGER
input.Qs.pageToken == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.projects.eventThreatDetectionSettings.validateCustomModule
valid {
input.Body.rawText == STRING
input.Body.type == STRING
input.ReqMap.parent == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.projects.findings.bulkMute
valid {
input.Body.filter == STRING
input.Body.muteAnnotation == STRING
input.ReqMap.parent == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.projects.getContainerThreatDetectionSettings
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.projects.getEventThreatDetectionSettings
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.projects.getRapidVulnerabilityDetectionSettings
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.projects.getSecurityCenterSettings
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.projects.getSecurityHealthAnalyticsSettings
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.projects.getVirtualMachineThreatDetectionSettings
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.projects.getWebSecurityScannerSettings
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.projects.locations.clusters.containerThreatDetectionSettings.calculate
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.projects.locations.clusters.getContainerThreatDetectionSettings
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.projects.locations.clusters.updateContainerThreatDetectionSettings
enum_ConfigModuleEnablementState := [ "ENABLEMENT_STATE_UNSPECIFIED", "INHERITED", "ENABLED", "DISABLED" ]
enum_ContainerThreatDetectionSettingsServiceEnablementState := [ "ENABLEMENT_STATE_UNSPECIFIED", "INHERITED", "ENABLED", "DISABLED" ]
valid {
input.Body.modules.STRING.moduleEnablementState == enum_ConfigModuleEnablementState[_]
input.Body.modules.STRING.value.STRING == ANY
input.Body.name == STRING
input.Body.serviceEnablementState == enum_ContainerThreatDetectionSettingsServiceEnablementState[_]
input.ReqMap.name == STRING
input.Qs.updateMask == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.projects.locations.muteConfigs.delete
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.projects.locations.muteConfigs.get
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.projects.locations.muteConfigs.patch
valid {
input.Body.description == STRING
input.Body.displayName == STRING
input.Body.filter == STRING
input.Body.name == STRING
input.ReqMap.name == STRING
input.Qs.updateMask == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.projects.muteConfigs.create
valid {
input.Body.description == STRING
input.Body.displayName == STRING
input.Body.filter == STRING
input.Body.name == STRING
input.ReqMap.parent == STRING
input.Qs.muteConfigId == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.projects.muteConfigs.delete
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.projects.muteConfigs.get
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.projects.muteConfigs.list
valid {
input.ReqMap.parent == STRING
input.Qs.pageSize == INTEGER
input.Qs.pageToken == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.projects.muteConfigs.patch
valid {
input.Body.description == STRING
input.Body.displayName == STRING
input.Body.filter == STRING
input.Body.name == STRING
input.ReqMap.name == STRING
input.Qs.updateMask == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.projects.notificationConfigs.create
valid {
input.Body.description == STRING
input.Body.name == STRING
input.Body.pubsubTopic == STRING
input.Body.streamingConfig.filter == STRING
input.ReqMap.parent == STRING
input.Qs.configId == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.projects.notificationConfigs.delete
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.projects.notificationConfigs.get
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.projects.notificationConfigs.list
valid {
input.ReqMap.parent == STRING
input.Qs.pageSize == INTEGER
input.Qs.pageToken == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.projects.notificationConfigs.patch
valid {
input.Body.description == STRING
input.Body.name == STRING
input.Body.pubsubTopic == STRING
input.Body.streamingConfig.filter == STRING
input.ReqMap.name == STRING
input.Qs.updateMask == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.projects.rapidVulnerabilityDetectionSettings.calculate
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.projects.securityHealthAnalyticsSettings.calculate
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.projects.securityHealthAnalyticsSettings.customModules.create
enum_GoogleCloudSecuritycenterV1CustomConfigSeverity := [ "SEVERITY_UNSPECIFIED", "CRITICAL", "HIGH", "MEDIUM", "LOW" ]
enum_GoogleCloudSecuritycenterV1SecurityHealthAnalyticsCustomModuleEnablementState := [ "ENABLEMENT_STATE_UNSPECIFIED", "ENABLED", "DISABLED", "INHERITED" ]
valid {
input.Body.customConfig.customOutput.properties[_].name == STRING
input.Body.customConfig.customOutput.properties[_].valueExpression.description == STRING
input.Body.customConfig.customOutput.properties[_].valueExpression.expression == STRING
input.Body.customConfig.customOutput.properties[_].valueExpression.location == STRING
input.Body.customConfig.customOutput.properties[_].valueExpression.title == STRING
input.Body.customConfig.description == STRING
input.Body.customConfig.predicate.description == STRING
input.Body.customConfig.predicate.expression == STRING
input.Body.customConfig.predicate.location == STRING
input.Body.customConfig.predicate.title == STRING
input.Body.customConfig.recommendation == STRING
input.Body.customConfig.resourceSelector.resourceTypes[_] == STRING
input.Body.customConfig.severity == enum_GoogleCloudSecuritycenterV1CustomConfigSeverity[_]
input.Body.displayName == STRING
input.Body.enablementState == enum_GoogleCloudSecuritycenterV1SecurityHealthAnalyticsCustomModuleEnablementState[_]
input.Body.name == STRING
input.ReqMap.parent == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.projects.securityHealthAnalyticsSettings.customModules.delete
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.projects.securityHealthAnalyticsSettings.customModules.get
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.projects.securityHealthAnalyticsSettings.customModules.list
valid {
input.ReqMap.parent == STRING
input.Qs.pageSize == INTEGER
input.Qs.pageToken == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.projects.securityHealthAnalyticsSettings.customModules.listDescendant
valid {
input.ReqMap.parent == STRING
input.Qs.pageSize == INTEGER
input.Qs.pageToken == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.projects.securityHealthAnalyticsSettings.customModules.patch
enum_GoogleCloudSecuritycenterV1CustomConfigSeverity := [ "SEVERITY_UNSPECIFIED", "CRITICAL", "HIGH", "MEDIUM", "LOW" ]
enum_GoogleCloudSecuritycenterV1SecurityHealthAnalyticsCustomModuleEnablementState := [ "ENABLEMENT_STATE_UNSPECIFIED", "ENABLED", "DISABLED", "INHERITED" ]
valid {
input.Body.customConfig.customOutput.properties[_].name == STRING
input.Body.customConfig.customOutput.properties[_].valueExpression.description == STRING
input.Body.customConfig.customOutput.properties[_].valueExpression.expression == STRING
input.Body.customConfig.customOutput.properties[_].valueExpression.location == STRING
input.Body.customConfig.customOutput.properties[_].valueExpression.title == STRING
input.Body.customConfig.description == STRING
input.Body.customConfig.predicate.description == STRING
input.Body.customConfig.predicate.expression == STRING
input.Body.customConfig.predicate.location == STRING
input.Body.customConfig.predicate.title == STRING
input.Body.customConfig.recommendation == STRING
input.Body.customConfig.resourceSelector.resourceTypes[_] == STRING
input.Body.customConfig.severity == enum_GoogleCloudSecuritycenterV1CustomConfigSeverity[_]
input.Body.displayName == STRING
input.Body.enablementState == enum_GoogleCloudSecuritycenterV1SecurityHealthAnalyticsCustomModuleEnablementState[_]
input.Body.name == STRING
input.ReqMap.name == STRING
input.Qs.updateMask == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.projects.securityHealthAnalyticsSettings.customModules.simulate
enum_AuditLogConfigLogType := [ "LOG_TYPE_UNSPECIFIED", "ADMIN_READ", "DATA_WRITE", "DATA_READ" ]
enum_GoogleCloudSecuritycenterV1CustomConfigSeverity := [ "SEVERITY_UNSPECIFIED", "CRITICAL", "HIGH", "MEDIUM", "LOW" ]
valid {
input.Body.customConfig.customOutput.properties[_].name == STRING
input.Body.customConfig.customOutput.properties[_].valueExpression.description == STRING
input.Body.customConfig.customOutput.properties[_].valueExpression.expression == STRING
input.Body.customConfig.customOutput.properties[_].valueExpression.location == STRING
input.Body.customConfig.customOutput.properties[_].valueExpression.title == STRING
input.Body.customConfig.description == STRING
input.Body.customConfig.predicate.description == STRING
input.Body.customConfig.predicate.expression == STRING
input.Body.customConfig.predicate.location == STRING
input.Body.customConfig.predicate.title == STRING
input.Body.customConfig.recommendation == STRING
input.Body.customConfig.resourceSelector.resourceTypes[_] == STRING
input.Body.customConfig.severity == enum_GoogleCloudSecuritycenterV1CustomConfigSeverity[_]
input.Body.resource.iamPolicyData.auditConfigs[_].auditLogConfigs[_].exemptedMembers[_] == STRING
input.Body.resource.iamPolicyData.auditConfigs[_].auditLogConfigs[_].logType == enum_AuditLogConfigLogType[_]
input.Body.resource.iamPolicyData.auditConfigs[_].service == STRING
input.Body.resource.iamPolicyData.bindings[_].condition.description == STRING
input.Body.resource.iamPolicyData.bindings[_].condition.expression == STRING
input.Body.resource.iamPolicyData.bindings[_].condition.location == STRING
input.Body.resource.iamPolicyData.bindings[_].condition.title == STRING
input.Body.resource.iamPolicyData.bindings[_].members[_] == STRING
input.Body.resource.iamPolicyData.bindings[_].role == STRING
input.Body.resource.iamPolicyData.etag == STRING
input.Body.resource.iamPolicyData.version == INTEGER
input.Body.resource.resourceData.STRING == ANY
input.Body.resource.resourceType == STRING
input.ReqMap.parent == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.projects.securityHealthAnalyticsSettings.effectiveCustomModules.get
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.projects.securityHealthAnalyticsSettings.effectiveCustomModules.list
valid {
input.ReqMap.parent == STRING
input.Qs.pageSize == INTEGER
input.Qs.pageToken == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.projects.sources.findings.externalSystems.patch
valid {
input.Body.assignees[_] == STRING
input.Body.caseCloseTime == STRING
input.Body.caseCreateTime == STRING
input.Body.casePriority == STRING
input.Body.caseSla == STRING
input.Body.caseUri == STRING
input.Body.externalSystemUpdateTime == STRING
input.Body.externalUid == STRING
input.Body.name == STRING
input.Body.status == STRING
input.Body.ticketInfo.assignee == STRING
input.Body.ticketInfo.description == STRING
input.Body.ticketInfo.id == STRING
input.Body.ticketInfo.status == STRING
input.Body.ticketInfo.updateTime == STRING
input.Body.ticketInfo.uri == STRING
input.ReqMap.name == STRING
input.Qs.updateMask == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.projects.sources.findings.group
valid {
input.Body.compareDuration == STRING
input.Body.filter == STRING
input.Body.groupBy == STRING
input.Body.pageSize == INTEGER
input.Body.pageToken == STRING
input.Body.readTime == STRING
input.ReqMap.parent == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.projects.sources.findings.list
valid {
input.ReqMap.parent == STRING
input.Qs.compareDuration == STRING
input.Qs.fieldMask == STRING
input.Qs.filter == STRING
input.Qs.orderBy == STRING
input.Qs.pageSize == INTEGER
input.Qs.pageToken == STRING
input.Qs.readTime == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.projects.sources.findings.patch
enum_AttackExposureState := [ "STATE_UNSPECIFIED", "CALCULATED", "NOT_CALCULATED" ]
enum_CloudDlpDataProfileParentType := [ "PARENT_TYPE_UNSPECIFIED", "ORGANIZATION", "PROJECT" ]
enum_ConnectionProtocol := [ "PROTOCOL_UNSPECIFIED", "ICMP", "TCP", "UDP", "GRE", "ESP" ]
enum_CveExploitationActivity := [ "EXPLOITATION_ACTIVITY_UNSPECIFIED", "WIDE", "CONFIRMED", "AVAILABLE", "ANTICIPATED", "NO_KNOWN" ]
enum_CveImpact := [ "RISK_RATING_UNSPECIFIED", "LOW", "MEDIUM", "HIGH", "CRITICAL" ]
enum_Cvssv3AttackComplexity := [ "ATTACK_COMPLEXITY_UNSPECIFIED", "ATTACK_COMPLEXITY_LOW", "ATTACK_COMPLEXITY_HIGH" ]
enum_Cvssv3AttackVector := [ "ATTACK_VECTOR_UNSPECIFIED", "ATTACK_VECTOR_NETWORK", "ATTACK_VECTOR_ADJACENT", "ATTACK_VECTOR_LOCAL", "ATTACK_VECTOR_PHYSICAL" ]
enum_Cvssv3AvailabilityImpact := [ "IMPACT_UNSPECIFIED", "IMPACT_HIGH", "IMPACT_LOW", "IMPACT_NONE" ]
enum_Cvssv3ConfidentialityImpact := [ "IMPACT_UNSPECIFIED", "IMPACT_HIGH", "IMPACT_LOW", "IMPACT_NONE" ]
enum_Cvssv3IntegrityImpact := [ "IMPACT_UNSPECIFIED", "IMPACT_HIGH", "IMPACT_LOW", "IMPACT_NONE" ]
enum_Cvssv3PrivilegesRequired := [ "PRIVILEGES_REQUIRED_UNSPECIFIED", "PRIVILEGES_REQUIRED_NONE", "PRIVILEGES_REQUIRED_LOW", "PRIVILEGES_REQUIRED_HIGH" ]
enum_Cvssv3Scope := [ "SCOPE_UNSPECIFIED", "SCOPE_UNCHANGED", "SCOPE_CHANGED" ]
enum_Cvssv3UserInteraction := [ "USER_INTERACTION_UNSPECIFIED", "USER_INTERACTION_NONE", "USER_INTERACTION_REQUIRED" ]
enum_FindingFindingClass := [ "FINDING_CLASS_UNSPECIFIED", "THREAT", "VULNERABILITY", "MISCONFIGURATION", "OBSERVATION", "SCC_ERROR", "POSTURE_VIOLATION" ]
enum_FindingMute := [ "MUTE_UNSPECIFIED", "MUTED", "UNMUTED", "UNDEFINED" ]
enum_FindingSeverity := [ "SEVERITY_UNSPECIFIED", "CRITICAL", "HIGH", "MEDIUM", "LOW" ]
enum_FindingState := [ "STATE_UNSPECIFIED", "ACTIVE", "INACTIVE" ]
enum_IamBindingAction := [ "ACTION_UNSPECIFIED", "ADD", "REMOVE" ]
enum_MitreAttackAdditionalTactics := [ "TACTIC_UNSPECIFIED", "RECONNAISSANCE", "RESOURCE_DEVELOPMENT", "INITIAL_ACCESS", "EXECUTION", "PERSISTENCE", "PRIVILEGE_ESCALATION", "DEFENSE_EVASION", "CREDENTIAL_ACCESS", "DISCOVERY", "LATERAL_MOVEMENT", "COLLECTION", "COMMAND_AND_CONTROL", "EXFILTRATION", "IMPACT" ]
enum_MitreAttackAdditionalTechniques := [ "TECHNIQUE_UNSPECIFIED", "MASQUERADING", "MATCH_LEGITIMATE_NAME_OR_LOCATION", "BOOT_OR_LOGON_INITIALIZATION_SCRIPTS", "STARTUP_ITEMS", "NETWORK_SERVICE_DISCOVERY", "PROCESS_DISCOVERY", "COMMAND_AND_SCRIPTING_INTERPRETER", "UNIX_SHELL", "PYTHON", "PERMISSION_GROUPS_DISCOVERY", "CLOUD_GROUPS", "APPLICATION_LAYER_PROTOCOL", "DNS", "SOFTWARE_DEPLOYMENT_TOOLS", "VALID_ACCOUNTS", "DEFAULT_ACCOUNTS", "LOCAL_ACCOUNTS", "CLOUD_ACCOUNTS", "PROXY", "EXTERNAL_PROXY", "MULTI_HOP_PROXY", "ACCOUNT_MANIPULATION", "ADDITIONAL_CLOUD_CREDENTIALS", "SSH_AUTHORIZED_KEYS", "ADDITIONAL_CONTAINER_CLUSTER_ROLES", "INGRESS_TOOL_TRANSFER", "NATIVE_API", "BRUTE_FORCE", "SHARED_MODULES", "ACCESS_TOKEN_MANIPULATION", "TOKEN_IMPERSONATION_OR_THEFT", "EXPLOIT_PUBLIC_FACING_APPLICATION", "DOMAIN_POLICY_MODIFICATION", "DATA_DESTRUCTION", "SERVICE_STOP", "INHIBIT_SYSTEM_RECOVERY", "RESOURCE_HIJACKING", "NETWORK_DENIAL_OF_SERVICE", "CLOUD_SERVICE_DISCOVERY", "STEAL_APPLICATION_ACCESS_TOKEN", "ACCOUNT_ACCESS_REMOVAL", "STEAL_WEB_SESSION_COOKIE", "CREATE_OR_MODIFY_SYSTEM_PROCESS", "ABUSE_ELEVATION_CONTROL_MECHANISM", "UNSECURED_CREDENTIALS", "MODIFY_AUTHENTICATION_PROCESS", "IMPAIR_DEFENSES", "DISABLE_OR_MODIFY_TOOLS", "EXFILTRATION_OVER_WEB_SERVICE", "EXFILTRATION_TO_CLOUD_STORAGE", "DYNAMIC_RESOLUTION", "LATERAL_TOOL_TRANSFER", "MODIFY_CLOUD_COMPUTE_INFRASTRUCTURE", "CREATE_SNAPSHOT", "CLOUD_INFRASTRUCTURE_DISCOVERY", "OBTAIN_CAPABILITIES", "ACTIVE_SCANNING", "SCANNING_IP_BLOCKS", "CONTAINER_AND_RESOURCE_DISCOVERY" ]
enum_MitreAttackPrimaryTactic := [ "TACTIC_UNSPECIFIED", "RECONNAISSANCE", "RESOURCE_DEVELOPMENT", "INITIAL_ACCESS", "EXECUTION", "PERSISTENCE", "PRIVILEGE_ESCALATION", "DEFENSE_EVASION", "CREDENTIAL_ACCESS", "DISCOVERY", "LATERAL_MOVEMENT", "COLLECTION", "COMMAND_AND_CONTROL", "EXFILTRATION", "IMPACT" ]
enum_MitreAttackPrimaryTechniques := [ "TECHNIQUE_UNSPECIFIED", "MASQUERADING", "MATCH_LEGITIMATE_NAME_OR_LOCATION", "BOOT_OR_LOGON_INITIALIZATION_SCRIPTS", "STARTUP_ITEMS", "NETWORK_SERVICE_DISCOVERY", "PROCESS_DISCOVERY", "COMMAND_AND_SCRIPTING_INTERPRETER", "UNIX_SHELL", "PYTHON", "PERMISSION_GROUPS_DISCOVERY", "CLOUD_GROUPS", "APPLICATION_LAYER_PROTOCOL", "DNS", "SOFTWARE_DEPLOYMENT_TOOLS", "VALID_ACCOUNTS", "DEFAULT_ACCOUNTS", "LOCAL_ACCOUNTS", "CLOUD_ACCOUNTS", "PROXY", "EXTERNAL_PROXY", "MULTI_HOP_PROXY", "ACCOUNT_MANIPULATION", "ADDITIONAL_CLOUD_CREDENTIALS", "SSH_AUTHORIZED_KEYS", "ADDITIONAL_CONTAINER_CLUSTER_ROLES", "INGRESS_TOOL_TRANSFER", "NATIVE_API", "BRUTE_FORCE", "SHARED_MODULES", "ACCESS_TOKEN_MANIPULATION", "TOKEN_IMPERSONATION_OR_THEFT", "EXPLOIT_PUBLIC_FACING_APPLICATION", "DOMAIN_POLICY_MODIFICATION", "DATA_DESTRUCTION", "SERVICE_STOP", "INHIBIT_SYSTEM_RECOVERY", "RESOURCE_HIJACKING", "NETWORK_DENIAL_OF_SERVICE", "CLOUD_SERVICE_DISCOVERY", "STEAL_APPLICATION_ACCESS_TOKEN", "ACCOUNT_ACCESS_REMOVAL", "STEAL_WEB_SESSION_COOKIE", "CREATE_OR_MODIFY_SYSTEM_PROCESS", "ABUSE_ELEVATION_CONTROL_MECHANISM", "UNSECURED_CREDENTIALS", "MODIFY_AUTHENTICATION_PROCESS", "IMPAIR_DEFENSES", "DISABLE_OR_MODIFY_TOOLS", "EXFILTRATION_OVER_WEB_SERVICE", "EXFILTRATION_TO_CLOUD_STORAGE", "DYNAMIC_RESOLUTION", "LATERAL_TOOL_TRANSFER", "MODIFY_CLOUD_COMPUTE_INFRASTRUCTURE", "CREATE_SNAPSHOT", "CLOUD_INFRASTRUCTURE_DISCOVERY", "OBTAIN_CAPABILITIES", "ACTIVE_SCANNING", "SCANNING_IP_BLOCKS", "CONTAINER_AND_RESOURCE_DISCOVERY" ]
enum_ProcessSignatureSignatureType := [ "SIGNATURE_TYPE_UNSPECIFIED", "SIGNATURE_TYPE_PROCESS", "SIGNATURE_TYPE_FILE" ]
enum_RoleKind := [ "KIND_UNSPECIFIED", "ROLE", "CLUSTER_ROLE" ]
enum_SubjectKind := [ "AUTH_TYPE_UNSPECIFIED", "USER", "SERVICEACCOUNT", "GROUP" ]
valid {
input.Body.access.callerIp == STRING
input.Body.access.callerIpGeo.regionCode == STRING
input.Body.access.methodName == STRING
input.Body.access.principalEmail == STRING
input.Body.access.principalSubject == STRING
input.Body.access.serviceAccountDelegationInfo[_].principalEmail == STRING
input.Body.access.serviceAccountDelegationInfo[_].principalSubject == STRING
input.Body.access.serviceAccountKeyName == STRING
input.Body.access.serviceName == STRING
input.Body.access.userAgent == STRING
input.Body.access.userAgentFamily == STRING
input.Body.access.userName == STRING
input.Body.application.baseUri == STRING
input.Body.application.fullUri == STRING
input.Body.attackExposure.attackExposureResult == STRING
input.Body.attackExposure.exposedHighValueResourcesCount == INTEGER
input.Body.attackExposure.exposedLowValueResourcesCount == INTEGER
input.Body.attackExposure.exposedMediumValueResourcesCount == INTEGER
input.Body.attackExposure.latestCalculationTime == STRING
input.Body.attackExposure.score == NUMBER
input.Body.attackExposure.state == enum_AttackExposureState[_]
input.Body.backupDisasterRecovery.appliance == STRING
input.Body.backupDisasterRecovery.applications[_] == STRING
input.Body.backupDisasterRecovery.backupCreateTime == STRING
input.Body.backupDisasterRecovery.backupTemplate == STRING
input.Body.backupDisasterRecovery.backupType == STRING
input.Body.backupDisasterRecovery.host == STRING
input.Body.backupDisasterRecovery.policies[_] == STRING
input.Body.backupDisasterRecovery.policyOptions[_] == STRING
input.Body.backupDisasterRecovery.profile == STRING
input.Body.backupDisasterRecovery.storagePool == STRING
input.Body.canonicalName == STRING
input.Body.category == STRING
input.Body.cloudArmor.adaptiveProtection.confidence == NUMBER
input.Body.cloudArmor.attack.classification == STRING
input.Body.cloudArmor.attack.volumeBps == INTEGER
input.Body.cloudArmor.attack.volumePps == INTEGER
input.Body.cloudArmor.duration == STRING
input.Body.cloudArmor.requests.longTermAllowed == INTEGER
input.Body.cloudArmor.requests.longTermDenied == INTEGER
input.Body.cloudArmor.requests.ratio == NUMBER
input.Body.cloudArmor.requests.shortTermAllowed == INTEGER
input.Body.cloudArmor.securityPolicy.name == STRING
input.Body.cloudArmor.securityPolicy.preview == BOOLEAN
input.Body.cloudArmor.securityPolicy.type == STRING
input.Body.cloudArmor.threatVector == STRING
input.Body.cloudDlpDataProfile.dataProfile == STRING
input.Body.cloudDlpDataProfile.parentType == enum_CloudDlpDataProfileParentType[_]
input.Body.cloudDlpInspection.fullScan == BOOLEAN
input.Body.cloudDlpInspection.infoType == STRING
input.Body.cloudDlpInspection.infoTypeCount == STRING
input.Body.cloudDlpInspection.inspectJob == STRING
input.Body.compliances[_].ids[_] == STRING
input.Body.compliances[_].standard == STRING
input.Body.compliances[_].version == STRING
input.Body.connections[_].destinationIp == STRING
input.Body.connections[_].destinationPort == INTEGER
input.Body.connections[_].protocol == enum_ConnectionProtocol[_]
input.Body.connections[_].sourceIp == STRING
input.Body.connections[_].sourcePort == INTEGER
input.Body.containers[_].createTime == STRING
input.Body.containers[_].imageId == STRING
input.Body.containers[_].labels[_].name == STRING
input.Body.containers[_].labels[_].value == STRING
input.Body.containers[_].name == STRING
input.Body.containers[_].uri == STRING
input.Body.createTime == STRING
input.Body.database.displayName == STRING
input.Body.database.grantees[_] == STRING
input.Body.database.name == STRING
input.Body.database.query == STRING
input.Body.database.userName == STRING
input.Body.database.version == STRING
input.Body.description == STRING
input.Body.eventTime == STRING
input.Body.exfiltration.sources[_].components[_] == STRING
input.Body.exfiltration.sources[_].name == STRING
input.Body.exfiltration.targets[_].components[_] == STRING
input.Body.exfiltration.targets[_].name == STRING
input.Body.exfiltration.totalExfiltratedBytes == STRING
input.Body.externalUri == STRING
input.Body.files[_].contents == STRING
input.Body.files[_].diskPath.partitionUuid == STRING
input.Body.files[_].diskPath.relativePath == STRING
input.Body.files[_].hashedSize == STRING
input.Body.files[_].partiallyHashed == BOOLEAN
input.Body.files[_].path == STRING
input.Body.files[_].sha256 == STRING
input.Body.files[_].size == STRING
input.Body.findingClass == enum_FindingFindingClass[_]
input.Body.iamBindings[_].action == enum_IamBindingAction[_]
input.Body.iamBindings[_].member == STRING
input.Body.iamBindings[_].role == STRING
input.Body.indicator.domains[_] == STRING
input.Body.indicator.ipAddresses[_] == STRING
input.Body.indicator.signatures[_].memoryHashSignature.binaryFamily == STRING
input.Body.indicator.signatures[_].memoryHashSignature.detections[_].binary == STRING
input.Body.indicator.signatures[_].memoryHashSignature.detections[_].percentPagesMatched == NUMBER
input.Body.indicator.signatures[_].signatureType == enum_ProcessSignatureSignatureType[_]
input.Body.indicator.signatures[_].yaraRuleSignature.yaraRule == STRING
input.Body.indicator.uris[_] == STRING
input.Body.kernelRootkit.name == STRING
input.Body.kernelRootkit.unexpectedCodeModification == BOOLEAN
input.Body.kernelRootkit.unexpectedFtraceHandler == BOOLEAN
input.Body.kernelRootkit.unexpectedInterruptHandler == BOOLEAN
input.Body.kernelRootkit.unexpectedKernelCodePages == BOOLEAN
input.Body.kernelRootkit.unexpectedKprobeHandler == BOOLEAN
input.Body.kernelRootkit.unexpectedProcessesInRunqueue == BOOLEAN
input.Body.kernelRootkit.unexpectedReadOnlyDataModification == BOOLEAN
input.Body.kernelRootkit.unexpectedSystemCallHandler == BOOLEAN
input.Body.kubernetes.accessReviews[_].group == STRING
input.Body.kubernetes.accessReviews[_].name == STRING
input.Body.kubernetes.accessReviews[_].ns == STRING
input.Body.kubernetes.accessReviews[_].resource == STRING
input.Body.kubernetes.accessReviews[_].subresource == STRING
input.Body.kubernetes.accessReviews[_].verb == STRING
input.Body.kubernetes.accessReviews[_].version == STRING
input.Body.kubernetes.bindings[_].name == STRING
input.Body.kubernetes.bindings[_].ns == STRING
input.Body.kubernetes.bindings[_].role.kind == enum_RoleKind[_]
input.Body.kubernetes.bindings[_].role.name == STRING
input.Body.kubernetes.bindings[_].role.ns == STRING
input.Body.kubernetes.bindings[_].subjects[_].kind == enum_SubjectKind[_]
input.Body.kubernetes.bindings[_].subjects[_].name == STRING
input.Body.kubernetes.bindings[_].subjects[_].ns == STRING
input.Body.kubernetes.nodePools[_].name == STRING
input.Body.kubernetes.nodePools[_].nodes[_].name == STRING
input.Body.kubernetes.nodes[_].name == STRING
input.Body.kubernetes.objects[_].containers[_].createTime == STRING
input.Body.kubernetes.objects[_].containers[_].imageId == STRING
input.Body.kubernetes.objects[_].containers[_].labels[_].name == STRING
input.Body.kubernetes.objects[_].containers[_].labels[_].value == STRING
input.Body.kubernetes.objects[_].containers[_].name == STRING
input.Body.kubernetes.objects[_].containers[_].uri == STRING
input.Body.kubernetes.objects[_].group == STRING
input.Body.kubernetes.objects[_].kind == STRING
input.Body.kubernetes.objects[_].name == STRING
input.Body.kubernetes.objects[_].ns == STRING
input.Body.kubernetes.pods[_].containers[_].createTime == STRING
input.Body.kubernetes.pods[_].containers[_].imageId == STRING
input.Body.kubernetes.pods[_].containers[_].labels[_].name == STRING
input.Body.kubernetes.pods[_].containers[_].labels[_].value == STRING
input.Body.kubernetes.pods[_].containers[_].name == STRING
input.Body.kubernetes.pods[_].containers[_].uri == STRING
input.Body.kubernetes.pods[_].labels[_].name == STRING
input.Body.kubernetes.pods[_].labels[_].value == STRING
input.Body.kubernetes.pods[_].name == STRING
input.Body.kubernetes.pods[_].ns == STRING
input.Body.kubernetes.roles[_].kind == enum_RoleKind[_]
input.Body.kubernetes.roles[_].name == STRING
input.Body.kubernetes.roles[_].ns == STRING
input.Body.loadBalancers[_].name == STRING
input.Body.logEntries[_].cloudLoggingEntry.insertId == STRING
input.Body.logEntries[_].cloudLoggingEntry.logId == STRING
input.Body.logEntries[_].cloudLoggingEntry.resourceContainer == STRING
input.Body.logEntries[_].cloudLoggingEntry.timestamp == STRING
input.Body.mitreAttack.additionalTactics[_] == enum_MitreAttackAdditionalTactics[_]
input.Body.mitreAttack.additionalTechniques[_] == enum_MitreAttackAdditionalTechniques[_]
input.Body.mitreAttack.primaryTactic == enum_MitreAttackPrimaryTactic[_]
input.Body.mitreAttack.primaryTechniques[_] == enum_MitreAttackPrimaryTechniques[_]
input.Body.mitreAttack.version == STRING
input.Body.moduleName == STRING
input.Body.mute == enum_FindingMute[_]
input.Body.muteInitiator == STRING
input.Body.name == STRING
input.Body.nextSteps == STRING
input.Body.notebook.lastAuthor == STRING
input.Body.notebook.name == STRING
input.Body.notebook.notebookUpdateTime == STRING
input.Body.notebook.service == STRING
input.Body.orgPolicies[_].name == STRING
input.Body.parent == STRING
input.Body.processes[_].args[_] == STRING
input.Body.processes[_].argumentsTruncated == BOOLEAN
input.Body.processes[_].binary.contents == STRING
input.Body.processes[_].binary.diskPath.partitionUuid == STRING
input.Body.processes[_].binary.diskPath.relativePath == STRING
input.Body.processes[_].binary.hashedSize == STRING
input.Body.processes[_].binary.partiallyHashed == BOOLEAN
input.Body.processes[_].binary.path == STRING
input.Body.processes[_].binary.sha256 == STRING
input.Body.processes[_].binary.size == STRING
input.Body.processes[_].envVariables[_].name == STRING
input.Body.processes[_].envVariables[_].val == STRING
input.Body.processes[_].envVariablesTruncated == BOOLEAN
input.Body.processes[_].libraries[_].contents == STRING
input.Body.processes[_].libraries[_].diskPath.partitionUuid == STRING
input.Body.processes[_].libraries[_].diskPath.relativePath == STRING
input.Body.processes[_].libraries[_].hashedSize == STRING
input.Body.processes[_].libraries[_].partiallyHashed == BOOLEAN
input.Body.processes[_].libraries[_].path == STRING
input.Body.processes[_].libraries[_].sha256 == STRING
input.Body.processes[_].libraries[_].size == STRING
input.Body.processes[_].name == STRING
input.Body.processes[_].parentPid == STRING
input.Body.processes[_].pid == STRING
input.Body.processes[_].script.contents == STRING
input.Body.processes[_].script.diskPath.partitionUuid == STRING
input.Body.processes[_].script.diskPath.relativePath == STRING
input.Body.processes[_].script.hashedSize == STRING
input.Body.processes[_].script.partiallyHashed == BOOLEAN
input.Body.processes[_].script.path == STRING
input.Body.processes[_].script.sha256 == STRING
input.Body.processes[_].script.size == STRING
input.Body.resourceName == STRING
input.Body.securityPosture.changedPolicy == STRING
input.Body.securityPosture.name == STRING
input.Body.securityPosture.policy == STRING
input.Body.securityPosture.policyDriftDetails[_].detectedValue == STRING
input.Body.securityPosture.policyDriftDetails[_].expectedValue == STRING
input.Body.securityPosture.policyDriftDetails[_].field == STRING
input.Body.securityPosture.policySet == STRING
input.Body.securityPosture.postureDeployment == STRING
input.Body.securityPosture.postureDeploymentResource == STRING
input.Body.securityPosture.revisionId == STRING
input.Body.severity == enum_FindingSeverity[_]
input.Body.sourceProperties.STRING == ANY
input.Body.state == enum_FindingState[_]
input.Body.vulnerability.cve.cvssv3.attackComplexity == enum_Cvssv3AttackComplexity[_]
input.Body.vulnerability.cve.cvssv3.attackVector == enum_Cvssv3AttackVector[_]
input.Body.vulnerability.cve.cvssv3.availabilityImpact == enum_Cvssv3AvailabilityImpact[_]
input.Body.vulnerability.cve.cvssv3.baseScore == NUMBER
input.Body.vulnerability.cve.cvssv3.confidentialityImpact == enum_Cvssv3ConfidentialityImpact[_]
input.Body.vulnerability.cve.cvssv3.integrityImpact == enum_Cvssv3IntegrityImpact[_]
input.Body.vulnerability.cve.cvssv3.privilegesRequired == enum_Cvssv3PrivilegesRequired[_]
input.Body.vulnerability.cve.cvssv3.scope == enum_Cvssv3Scope[_]
input.Body.vulnerability.cve.cvssv3.userInteraction == enum_Cvssv3UserInteraction[_]
input.Body.vulnerability.cve.exploitationActivity == enum_CveExploitationActivity[_]
input.Body.vulnerability.cve.id == STRING
input.Body.vulnerability.cve.impact == enum_CveImpact[_]
input.Body.vulnerability.cve.observedInTheWild == BOOLEAN
input.Body.vulnerability.cve.references[_].source == STRING
input.Body.vulnerability.cve.references[_].uri == STRING
input.Body.vulnerability.cve.upstreamFixAvailable == BOOLEAN
input.Body.vulnerability.cve.zeroDay == BOOLEAN
input.Body.vulnerability.fixedPackage.cpeUri == STRING
input.Body.vulnerability.fixedPackage.packageName == STRING
input.Body.vulnerability.fixedPackage.packageType == STRING
input.Body.vulnerability.fixedPackage.packageVersion == STRING
input.Body.vulnerability.offendingPackage.cpeUri == STRING
input.Body.vulnerability.offendingPackage.packageName == STRING
input.Body.vulnerability.offendingPackage.packageType == STRING
input.Body.vulnerability.offendingPackage.packageVersion == STRING
input.Body.vulnerability.securityBulletin.bulletinId == STRING
input.Body.vulnerability.securityBulletin.submissionTime == STRING
input.Body.vulnerability.securityBulletin.suggestedUpgradeVersion == STRING
input.ReqMap.name == STRING
input.Qs.updateMask == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.projects.sources.findings.setMute
enum_SetMuteRequestMute := [ "MUTE_UNSPECIFIED", "MUTED", "UNMUTED", "UNDEFINED" ]
valid {
input.Body.mute == enum_SetMuteRequestMute[_]
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.projects.sources.findings.setState
enum_SetFindingStateRequestState := [ "STATE_UNSPECIFIED", "ACTIVE", "INACTIVE" ]
valid {
input.Body.startTime == STRING
input.Body.state == enum_SetFindingStateRequestState[_]
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.projects.sources.findings.updateSecurityMarks
valid {
input.Body.canonicalName == STRING
input.Body.marks.STRING == STRING
input.Body.name == STRING
input.ReqMap.name == STRING
input.Qs.startTime == STRING
input.Qs.updateMask == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.projects.sources.list
valid {
input.ReqMap.parent == STRING
input.Qs.pageSize == INTEGER
input.Qs.pageToken == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.projects.updateContainerThreatDetectionSettings
enum_ConfigModuleEnablementState := [ "ENABLEMENT_STATE_UNSPECIFIED", "INHERITED", "ENABLED", "DISABLED" ]
enum_ContainerThreatDetectionSettingsServiceEnablementState := [ "ENABLEMENT_STATE_UNSPECIFIED", "INHERITED", "ENABLED", "DISABLED" ]
valid {
input.Body.modules.STRING.moduleEnablementState == enum_ConfigModuleEnablementState[_]
input.Body.modules.STRING.value.STRING == ANY
input.Body.name == STRING
input.Body.serviceEnablementState == enum_ContainerThreatDetectionSettingsServiceEnablementState[_]
input.ReqMap.name == STRING
input.Qs.updateMask == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.projects.updateEventThreatDetectionSettings
enum_ConfigModuleEnablementState := [ "ENABLEMENT_STATE_UNSPECIFIED", "INHERITED", "ENABLED", "DISABLED" ]
enum_EventThreatDetectionSettingsServiceEnablementState := [ "ENABLEMENT_STATE_UNSPECIFIED", "INHERITED", "ENABLED", "DISABLED" ]
valid {
input.Body.modules.STRING.moduleEnablementState == enum_ConfigModuleEnablementState[_]
input.Body.modules.STRING.value.STRING == ANY
input.Body.name == STRING
input.Body.serviceEnablementState == enum_EventThreatDetectionSettingsServiceEnablementState[_]
input.ReqMap.name == STRING
input.Qs.updateMask == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.projects.updateRapidVulnerabilityDetectionSettings
enum_ConfigModuleEnablementState := [ "ENABLEMENT_STATE_UNSPECIFIED", "INHERITED", "ENABLED", "DISABLED" ]
enum_RapidVulnerabilityDetectionSettingsServiceEnablementState := [ "ENABLEMENT_STATE_UNSPECIFIED", "INHERITED", "ENABLED", "DISABLED" ]
valid {
input.Body.modules.STRING.moduleEnablementState == enum_ConfigModuleEnablementState[_]
input.Body.modules.STRING.value.STRING == ANY
input.Body.name == STRING
input.Body.serviceEnablementState == enum_RapidVulnerabilityDetectionSettingsServiceEnablementState[_]
input.ReqMap.name == STRING
input.Qs.updateMask == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.projects.updateSecurityHealthAnalyticsSettings
enum_ConfigModuleEnablementState := [ "ENABLEMENT_STATE_UNSPECIFIED", "INHERITED", "ENABLED", "DISABLED" ]
enum_SecurityHealthAnalyticsSettingsServiceEnablementState := [ "ENABLEMENT_STATE_UNSPECIFIED", "INHERITED", "ENABLED", "DISABLED" ]
valid {
input.Body.modules.STRING.moduleEnablementState == enum_ConfigModuleEnablementState[_]
input.Body.modules.STRING.value.STRING == ANY
input.Body.name == STRING
input.Body.serviceEnablementState == enum_SecurityHealthAnalyticsSettingsServiceEnablementState[_]
input.ReqMap.name == STRING
input.Qs.updateMask == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.projects.updateVirtualMachineThreatDetectionSettings
enum_ConfigModuleEnablementState := [ "ENABLEMENT_STATE_UNSPECIFIED", "INHERITED", "ENABLED", "DISABLED" ]
enum_VirtualMachineThreatDetectionSettingsServiceEnablementState := [ "ENABLEMENT_STATE_UNSPECIFIED", "INHERITED", "ENABLED", "DISABLED" ]
valid {
input.Body.modules.STRING.moduleEnablementState == enum_ConfigModuleEnablementState[_]
input.Body.modules.STRING.value.STRING == ANY
input.Body.name == STRING
input.Body.serviceEnablementState == enum_VirtualMachineThreatDetectionSettingsServiceEnablementState[_]
input.ReqMap.name == STRING
input.Qs.updateMask == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.projects.updateWebSecurityScannerSettings
enum_ConfigModuleEnablementState := [ "ENABLEMENT_STATE_UNSPECIFIED", "INHERITED", "ENABLED", "DISABLED" ]
enum_WebSecurityScannerSettingsServiceEnablementState := [ "ENABLEMENT_STATE_UNSPECIFIED", "INHERITED", "ENABLED", "DISABLED" ]
valid {
input.Body.modules.STRING.moduleEnablementState == enum_ConfigModuleEnablementState[_]
input.Body.modules.STRING.value.STRING == ANY
input.Body.name == STRING
input.Body.serviceEnablementState == enum_WebSecurityScannerSettingsServiceEnablementState[_]
input.ReqMap.name == STRING
input.Qs.updateMask == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.projects.virtualMachineThreatDetectionSettings.calculate
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
securitycenter.projects.webSecurityScannerSettings.calculate
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Region == STRING
}
Updated 3 days ago