SECURITYCENTER

securitycenter.folders.assets.group

valid {
    input.Body.compareDuration == STRING
    input.Body.filter == STRING
    input.Body.groupBy == STRING
    input.Body.pageSize == INTEGER
    input.Body.pageToken == STRING
    input.Body.readTime == STRING
    input.ReqMap.parent == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.folders.assets.list

valid {
    input.ReqMap.parent == STRING
    input.Qs.compareDuration == STRING
    input.Qs.fieldMask == STRING
    input.Qs.filter == STRING
    input.Qs.orderBy == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.Qs.readTime == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.folders.assets.updateSecurityMarks

valid {
    input.Body.canonicalName == STRING
    input.Body.marks.STRING == STRING
    input.Body.name == STRING
    input.ReqMap.name == STRING
    input.Qs.startTime == STRING
    input.Qs.updateMask == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.folders.bigQueryExports.create

valid {
    input.Body.dataset == STRING
    input.Body.description == STRING
    input.Body.filter == STRING
    input.Body.name == STRING
    input.ReqMap.parent == STRING
    input.Qs.bigQueryExportId == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.folders.bigQueryExports.delete

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.folders.bigQueryExports.get

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.folders.bigQueryExports.list

valid {
    input.ReqMap.parent == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.folders.bigQueryExports.patch

valid {
    input.Body.dataset == STRING
    input.Body.description == STRING
    input.Body.filter == STRING
    input.Body.name == STRING
    input.ReqMap.name == STRING
    input.Qs.updateMask == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.folders.containerThreatDetectionSettings.calculate

valid {
    input.ReqMap.name == STRING
    input.Qs.showEligibleModulesOnly == BOOLEAN
    input.ProviderMetadata.Region == STRING
}

securitycenter.folders.eventThreatDetectionSettings.calculate

valid {
    input.ReqMap.name == STRING
    input.Qs.showEligibleModulesOnly == BOOLEAN
    input.ProviderMetadata.Region == STRING
}

securitycenter.folders.eventThreatDetectionSettings.customModules.create

enum_EventThreatDetectionCustomModuleCloudProvider := [ "CLOUD_PROVIDER_UNSPECIFIED", "GOOGLE_CLOUD_PLATFORM", "AMAZON_WEB_SERVICES", "MICROSOFT_AZURE" ]
enum_EventThreatDetectionCustomModuleEnablementState := [ "ENABLEMENT_STATE_UNSPECIFIED", "ENABLED", "DISABLED", "INHERITED" ]

valid {
    input.Body.cloudProvider == enum_EventThreatDetectionCustomModuleCloudProvider[_]
    input.Body.config.STRING == ANY
    input.Body.description == STRING
    input.Body.displayName == STRING
    input.Body.enablementState == enum_EventThreatDetectionCustomModuleEnablementState[_]
    input.Body.name == STRING
    input.Body.type == STRING
    input.ReqMap.parent == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.folders.eventThreatDetectionSettings.customModules.delete

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.folders.eventThreatDetectionSettings.customModules.get

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.folders.eventThreatDetectionSettings.customModules.list

valid {
    input.ReqMap.parent == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.folders.eventThreatDetectionSettings.customModules.listDescendant

valid {
    input.ReqMap.parent == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.folders.eventThreatDetectionSettings.customModules.patch

enum_EventThreatDetectionCustomModuleCloudProvider := [ "CLOUD_PROVIDER_UNSPECIFIED", "GOOGLE_CLOUD_PLATFORM", "AMAZON_WEB_SERVICES", "MICROSOFT_AZURE" ]
enum_EventThreatDetectionCustomModuleEnablementState := [ "ENABLEMENT_STATE_UNSPECIFIED", "ENABLED", "DISABLED", "INHERITED" ]

valid {
    input.Body.cloudProvider == enum_EventThreatDetectionCustomModuleCloudProvider[_]
    input.Body.config.STRING == ANY
    input.Body.description == STRING
    input.Body.displayName == STRING
    input.Body.enablementState == enum_EventThreatDetectionCustomModuleEnablementState[_]
    input.Body.name == STRING
    input.Body.type == STRING
    input.ReqMap.name == STRING
    input.Qs.updateMask == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.folders.eventThreatDetectionSettings.effectiveCustomModules.get

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.folders.eventThreatDetectionSettings.effectiveCustomModules.list

valid {
    input.ReqMap.parent == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.folders.eventThreatDetectionSettings.validateCustomModule

valid {
    input.Body.rawText == STRING
    input.Body.type == STRING
    input.ReqMap.parent == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.folders.findings.bulkMute

enum_BulkMuteFindingsRequestMuteState := [ "MUTE_STATE_UNSPECIFIED", "MUTED", "UNDEFINED" ]

valid {
    input.Body.filter == STRING
    input.Body.muteAnnotation == STRING
    input.Body.muteState == enum_BulkMuteFindingsRequestMuteState[_]
    input.ReqMap.parent == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.folders.getContainerThreatDetectionSettings

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.folders.getEventThreatDetectionSettings

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.folders.getRapidVulnerabilityDetectionSettings

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.folders.getSecurityCenterSettings

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.folders.getSecurityHealthAnalyticsSettings

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.folders.getVirtualMachineThreatDetectionSettings

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.folders.getWebSecurityScannerSettings

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.folders.locations.muteConfigs.delete

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.folders.locations.muteConfigs.get

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.folders.locations.muteConfigs.patch

enum_GoogleCloudSecuritycenterV1MuteConfigType := [ "MUTE_CONFIG_TYPE_UNSPECIFIED", "STATIC", "DYNAMIC" ]

valid {
    input.Body.description == STRING
    input.Body.displayName == STRING
    input.Body.expiryTime == STRING
    input.Body.filter == STRING
    input.Body.name == STRING
    input.Body.type == enum_GoogleCloudSecuritycenterV1MuteConfigType[_]
    input.ReqMap.name == STRING
    input.Qs.updateMask == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.folders.muteConfigs.create

enum_GoogleCloudSecuritycenterV1MuteConfigType := [ "MUTE_CONFIG_TYPE_UNSPECIFIED", "STATIC", "DYNAMIC" ]

valid {
    input.Body.description == STRING
    input.Body.displayName == STRING
    input.Body.expiryTime == STRING
    input.Body.filter == STRING
    input.Body.name == STRING
    input.Body.type == enum_GoogleCloudSecuritycenterV1MuteConfigType[_]
    input.ReqMap.parent == STRING
    input.Qs.muteConfigId == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.folders.muteConfigs.delete

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.folders.muteConfigs.get

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.folders.muteConfigs.list

valid {
    input.ReqMap.parent == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.folders.muteConfigs.patch

enum_GoogleCloudSecuritycenterV1MuteConfigType := [ "MUTE_CONFIG_TYPE_UNSPECIFIED", "STATIC", "DYNAMIC" ]

valid {
    input.Body.description == STRING
    input.Body.displayName == STRING
    input.Body.expiryTime == STRING
    input.Body.filter == STRING
    input.Body.name == STRING
    input.Body.type == enum_GoogleCloudSecuritycenterV1MuteConfigType[_]
    input.ReqMap.name == STRING
    input.Qs.updateMask == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.folders.notificationConfigs.create

valid {
    input.Body.description == STRING
    input.Body.name == STRING
    input.Body.pubsubTopic == STRING
    input.Body.streamingConfig.filter == STRING
    input.ReqMap.parent == STRING
    input.Qs.configId == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.folders.notificationConfigs.delete

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.folders.notificationConfigs.get

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.folders.notificationConfigs.list

valid {
    input.ReqMap.parent == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.folders.notificationConfigs.patch

valid {
    input.Body.description == STRING
    input.Body.name == STRING
    input.Body.pubsubTopic == STRING
    input.Body.streamingConfig.filter == STRING
    input.ReqMap.name == STRING
    input.Qs.updateMask == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.folders.rapidVulnerabilityDetectionSettings.calculate

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.folders.securityHealthAnalyticsSettings.calculate

valid {
    input.ReqMap.name == STRING
    input.Qs.showEligibleModulesOnly == BOOLEAN
    input.ProviderMetadata.Region == STRING
}

securitycenter.folders.securityHealthAnalyticsSettings.customModules.create

enum_GoogleCloudSecuritycenterV1CustomConfigSeverity := [ "SEVERITY_UNSPECIFIED", "CRITICAL", "HIGH", "MEDIUM", "LOW" ]
enum_GoogleCloudSecuritycenterV1SecurityHealthAnalyticsCustomModuleCloudProvider := [ "CLOUD_PROVIDER_UNSPECIFIED", "GOOGLE_CLOUD_PLATFORM", "AMAZON_WEB_SERVICES", "MICROSOFT_AZURE" ]
enum_GoogleCloudSecuritycenterV1SecurityHealthAnalyticsCustomModuleEnablementState := [ "ENABLEMENT_STATE_UNSPECIFIED", "ENABLED", "DISABLED", "INHERITED" ]

valid {
    input.Body.cloudProvider == enum_GoogleCloudSecuritycenterV1SecurityHealthAnalyticsCustomModuleCloudProvider[_]
    input.Body.customConfig.customOutput.properties[_].name == STRING
    input.Body.customConfig.customOutput.properties[_].valueExpression.description == STRING
    input.Body.customConfig.customOutput.properties[_].valueExpression.expression == STRING
    input.Body.customConfig.customOutput.properties[_].valueExpression.location == STRING
    input.Body.customConfig.customOutput.properties[_].valueExpression.title == STRING
    input.Body.customConfig.description == STRING
    input.Body.customConfig.predicate.description == STRING
    input.Body.customConfig.predicate.expression == STRING
    input.Body.customConfig.predicate.location == STRING
    input.Body.customConfig.predicate.title == STRING
    input.Body.customConfig.recommendation == STRING
    input.Body.customConfig.resourceSelector.resourceTypes[_] == STRING
    input.Body.customConfig.severity == enum_GoogleCloudSecuritycenterV1CustomConfigSeverity[_]
    input.Body.displayName == STRING
    input.Body.enablementState == enum_GoogleCloudSecuritycenterV1SecurityHealthAnalyticsCustomModuleEnablementState[_]
    input.Body.name == STRING
    input.ReqMap.parent == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.folders.securityHealthAnalyticsSettings.customModules.delete

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.folders.securityHealthAnalyticsSettings.customModules.get

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.folders.securityHealthAnalyticsSettings.customModules.list

valid {
    input.ReqMap.parent == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.folders.securityHealthAnalyticsSettings.customModules.listDescendant

valid {
    input.ReqMap.parent == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.folders.securityHealthAnalyticsSettings.customModules.patch

enum_GoogleCloudSecuritycenterV1CustomConfigSeverity := [ "SEVERITY_UNSPECIFIED", "CRITICAL", "HIGH", "MEDIUM", "LOW" ]
enum_GoogleCloudSecuritycenterV1SecurityHealthAnalyticsCustomModuleCloudProvider := [ "CLOUD_PROVIDER_UNSPECIFIED", "GOOGLE_CLOUD_PLATFORM", "AMAZON_WEB_SERVICES", "MICROSOFT_AZURE" ]
enum_GoogleCloudSecuritycenterV1SecurityHealthAnalyticsCustomModuleEnablementState := [ "ENABLEMENT_STATE_UNSPECIFIED", "ENABLED", "DISABLED", "INHERITED" ]

valid {
    input.Body.cloudProvider == enum_GoogleCloudSecuritycenterV1SecurityHealthAnalyticsCustomModuleCloudProvider[_]
    input.Body.customConfig.customOutput.properties[_].name == STRING
    input.Body.customConfig.customOutput.properties[_].valueExpression.description == STRING
    input.Body.customConfig.customOutput.properties[_].valueExpression.expression == STRING
    input.Body.customConfig.customOutput.properties[_].valueExpression.location == STRING
    input.Body.customConfig.customOutput.properties[_].valueExpression.title == STRING
    input.Body.customConfig.description == STRING
    input.Body.customConfig.predicate.description == STRING
    input.Body.customConfig.predicate.expression == STRING
    input.Body.customConfig.predicate.location == STRING
    input.Body.customConfig.predicate.title == STRING
    input.Body.customConfig.recommendation == STRING
    input.Body.customConfig.resourceSelector.resourceTypes[_] == STRING
    input.Body.customConfig.severity == enum_GoogleCloudSecuritycenterV1CustomConfigSeverity[_]
    input.Body.displayName == STRING
    input.Body.enablementState == enum_GoogleCloudSecuritycenterV1SecurityHealthAnalyticsCustomModuleEnablementState[_]
    input.Body.name == STRING
    input.ReqMap.name == STRING
    input.Qs.updateMask == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.folders.securityHealthAnalyticsSettings.customModules.simulate

enum_AuditLogConfigLogType := [ "LOG_TYPE_UNSPECIFIED", "ADMIN_READ", "DATA_WRITE", "DATA_READ" ]
enum_GoogleCloudSecuritycenterV1CustomConfigSeverity := [ "SEVERITY_UNSPECIFIED", "CRITICAL", "HIGH", "MEDIUM", "LOW" ]

valid {
    input.Body.customConfig.customOutput.properties[_].name == STRING
    input.Body.customConfig.customOutput.properties[_].valueExpression.description == STRING
    input.Body.customConfig.customOutput.properties[_].valueExpression.expression == STRING
    input.Body.customConfig.customOutput.properties[_].valueExpression.location == STRING
    input.Body.customConfig.customOutput.properties[_].valueExpression.title == STRING
    input.Body.customConfig.description == STRING
    input.Body.customConfig.predicate.description == STRING
    input.Body.customConfig.predicate.expression == STRING
    input.Body.customConfig.predicate.location == STRING
    input.Body.customConfig.predicate.title == STRING
    input.Body.customConfig.recommendation == STRING
    input.Body.customConfig.resourceSelector.resourceTypes[_] == STRING
    input.Body.customConfig.severity == enum_GoogleCloudSecuritycenterV1CustomConfigSeverity[_]
    input.Body.resource.iamPolicyData.auditConfigs[_].auditLogConfigs[_].exemptedMembers[_] == STRING
    input.Body.resource.iamPolicyData.auditConfigs[_].auditLogConfigs[_].logType == enum_AuditLogConfigLogType[_]
    input.Body.resource.iamPolicyData.auditConfigs[_].service == STRING
    input.Body.resource.iamPolicyData.bindings[_].condition.description == STRING
    input.Body.resource.iamPolicyData.bindings[_].condition.expression == STRING
    input.Body.resource.iamPolicyData.bindings[_].condition.location == STRING
    input.Body.resource.iamPolicyData.bindings[_].condition.title == STRING
    input.Body.resource.iamPolicyData.bindings[_].members[_] == STRING
    input.Body.resource.iamPolicyData.bindings[_].role == STRING
    input.Body.resource.iamPolicyData.etag == STRING
    input.Body.resource.iamPolicyData.version == INTEGER
    input.Body.resource.resourceData.STRING == ANY
    input.Body.resource.resourceType == STRING
    input.ReqMap.parent == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.folders.securityHealthAnalyticsSettings.effectiveCustomModules.get

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.folders.securityHealthAnalyticsSettings.effectiveCustomModules.list

valid {
    input.ReqMap.parent == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.folders.sources.findings.externalSystems.patch

valid {
    input.Body.assignees[_] == STRING
    input.Body.caseCloseTime == STRING
    input.Body.caseCreateTime == STRING
    input.Body.casePriority == STRING
    input.Body.caseSla == STRING
    input.Body.caseUri == STRING
    input.Body.externalSystemUpdateTime == STRING
    input.Body.externalUid == STRING
    input.Body.name == STRING
    input.Body.status == STRING
    input.Body.ticketInfo.assignee == STRING
    input.Body.ticketInfo.description == STRING
    input.Body.ticketInfo.id == STRING
    input.Body.ticketInfo.status == STRING
    input.Body.ticketInfo.updateTime == STRING
    input.Body.ticketInfo.uri == STRING
    input.ReqMap.name == STRING
    input.Qs.updateMask == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.folders.sources.findings.group

valid {
    input.Body.compareDuration == STRING
    input.Body.filter == STRING
    input.Body.groupBy == STRING
    input.Body.pageSize == INTEGER
    input.Body.pageToken == STRING
    input.Body.readTime == STRING
    input.ReqMap.parent == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.folders.sources.findings.list

valid {
    input.ReqMap.parent == STRING
    input.Qs.compareDuration == STRING
    input.Qs.fieldMask == STRING
    input.Qs.filter == STRING
    input.Qs.orderBy == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.Qs.readTime == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.folders.sources.findings.patch

enum_AttackExposureState := [ "STATE_UNSPECIFIED", "CALCULATED", "NOT_CALCULATED" ]
enum_CloudDlpDataProfileParentType := [ "PARENT_TYPE_UNSPECIFIED", "ORGANIZATION", "PROJECT" ]
enum_ConnectionProtocol := [ "PROTOCOL_UNSPECIFIED", "ICMP", "TCP", "UDP", "GRE", "ESP" ]
enum_CveExploitationActivity := [ "EXPLOITATION_ACTIVITY_UNSPECIFIED", "WIDE", "CONFIRMED", "AVAILABLE", "ANTICIPATED", "NO_KNOWN" ]
enum_CveImpact := [ "RISK_RATING_UNSPECIFIED", "LOW", "MEDIUM", "HIGH", "CRITICAL" ]
enum_Cvssv3AttackComplexity := [ "ATTACK_COMPLEXITY_UNSPECIFIED", "ATTACK_COMPLEXITY_LOW", "ATTACK_COMPLEXITY_HIGH" ]
enum_Cvssv3AttackVector := [ "ATTACK_VECTOR_UNSPECIFIED", "ATTACK_VECTOR_NETWORK", "ATTACK_VECTOR_ADJACENT", "ATTACK_VECTOR_LOCAL", "ATTACK_VECTOR_PHYSICAL" ]
enum_Cvssv3AvailabilityImpact := [ "IMPACT_UNSPECIFIED", "IMPACT_HIGH", "IMPACT_LOW", "IMPACT_NONE" ]
enum_Cvssv3ConfidentialityImpact := [ "IMPACT_UNSPECIFIED", "IMPACT_HIGH", "IMPACT_LOW", "IMPACT_NONE" ]
enum_Cvssv3IntegrityImpact := [ "IMPACT_UNSPECIFIED", "IMPACT_HIGH", "IMPACT_LOW", "IMPACT_NONE" ]
enum_Cvssv3PrivilegesRequired := [ "PRIVILEGES_REQUIRED_UNSPECIFIED", "PRIVILEGES_REQUIRED_NONE", "PRIVILEGES_REQUIRED_LOW", "PRIVILEGES_REQUIRED_HIGH" ]
enum_Cvssv3Scope := [ "SCOPE_UNSPECIFIED", "SCOPE_UNCHANGED", "SCOPE_CHANGED" ]
enum_Cvssv3UserInteraction := [ "USER_INTERACTION_UNSPECIFIED", "USER_INTERACTION_NONE", "USER_INTERACTION_REQUIRED" ]
enum_DataAccessEventOperation := [ "OPERATION_UNSPECIFIED", "READ", "MOVE", "COPY" ]
enum_DataFlowEventOperation := [ "OPERATION_UNSPECIFIED", "READ", "MOVE", "COPY" ]
enum_DataRetentionDeletionEventEventType := [ "EVENT_TYPE_UNSPECIFIED", "EVENT_TYPE_MAX_TTL_EXCEEDED" ]
enum_FindingFindingClass := [ "FINDING_CLASS_UNSPECIFIED", "THREAT", "VULNERABILITY", "MISCONFIGURATION", "OBSERVATION", "SCC_ERROR", "POSTURE_VIOLATION", "TOXIC_COMBINATION", "SENSITIVE_DATA_RISK" ]
enum_FindingMute := [ "MUTE_UNSPECIFIED", "MUTED", "UNMUTED", "UNDEFINED" ]
enum_FindingSeverity := [ "SEVERITY_UNSPECIFIED", "CRITICAL", "HIGH", "MEDIUM", "LOW" ]
enum_FindingState := [ "STATE_UNSPECIFIED", "ACTIVE", "INACTIVE" ]
enum_GroupMembershipGroupType := [ "GROUP_TYPE_UNSPECIFIED", "GROUP_TYPE_TOXIC_COMBINATION" ]
enum_IamBindingAction := [ "ACTION_UNSPECIFIED", "ADD", "REMOVE" ]
enum_MitreAttackAdditionalTactics := [ "TACTIC_UNSPECIFIED", "RECONNAISSANCE", "RESOURCE_DEVELOPMENT", "INITIAL_ACCESS", "EXECUTION", "PERSISTENCE", "PRIVILEGE_ESCALATION", "DEFENSE_EVASION", "CREDENTIAL_ACCESS", "DISCOVERY", "LATERAL_MOVEMENT", "COLLECTION", "COMMAND_AND_CONTROL", "EXFILTRATION", "IMPACT" ]
enum_MitreAttackAdditionalTechniques := [ "TECHNIQUE_UNSPECIFIED", "MASQUERADING", "MATCH_LEGITIMATE_NAME_OR_LOCATION", "BOOT_OR_LOGON_INITIALIZATION_SCRIPTS", "STARTUP_ITEMS", "NETWORK_SERVICE_DISCOVERY", "PROCESS_DISCOVERY", "COMMAND_AND_SCRIPTING_INTERPRETER", "UNIX_SHELL", "PYTHON", "EXPLOITATION_FOR_PRIVILEGE_ESCALATION", "PERMISSION_GROUPS_DISCOVERY", "CLOUD_GROUPS", "INDICATOR_REMOVAL_FILE_DELETION", "APPLICATION_LAYER_PROTOCOL", "DNS", "SOFTWARE_DEPLOYMENT_TOOLS", "VALID_ACCOUNTS", "DEFAULT_ACCOUNTS", "LOCAL_ACCOUNTS", "CLOUD_ACCOUNTS", "PROXY", "EXTERNAL_PROXY", "MULTI_HOP_PROXY", "ACCOUNT_MANIPULATION", "ADDITIONAL_CLOUD_CREDENTIALS", "SSH_AUTHORIZED_KEYS", "ADDITIONAL_CONTAINER_CLUSTER_ROLES", "INGRESS_TOOL_TRANSFER", "NATIVE_API", "BRUTE_FORCE", "SHARED_MODULES", "ACCESS_TOKEN_MANIPULATION", "TOKEN_IMPERSONATION_OR_THEFT", "EXPLOIT_PUBLIC_FACING_APPLICATION", "DOMAIN_POLICY_MODIFICATION", "DATA_DESTRUCTION", "SERVICE_STOP", "INHIBIT_SYSTEM_RECOVERY", "RESOURCE_HIJACKING", "NETWORK_DENIAL_OF_SERVICE", "CLOUD_SERVICE_DISCOVERY", "STEAL_APPLICATION_ACCESS_TOKEN", "ACCOUNT_ACCESS_REMOVAL", "STEAL_WEB_SESSION_COOKIE", "CREATE_OR_MODIFY_SYSTEM_PROCESS", "EVENT_TRIGGERED_EXECUTION", "ABUSE_ELEVATION_CONTROL_MECHANISM", "UNSECURED_CREDENTIALS", "MODIFY_AUTHENTICATION_PROCESS", "IMPAIR_DEFENSES", "DISABLE_OR_MODIFY_TOOLS", "EXFILTRATION_OVER_WEB_SERVICE", "EXFILTRATION_TO_CLOUD_STORAGE", "DYNAMIC_RESOLUTION", "LATERAL_TOOL_TRANSFER", "MODIFY_CLOUD_COMPUTE_INFRASTRUCTURE", "CREATE_SNAPSHOT", "CLOUD_INFRASTRUCTURE_DISCOVERY", "OBTAIN_CAPABILITIES", "ACTIVE_SCANNING", "SCANNING_IP_BLOCKS", "CONTAINER_ADMINISTRATION_COMMAND", "DEPLOY_CONTAINER", "ESCAPE_TO_HOST", "CONTAINER_AND_RESOURCE_DISCOVERY", "STEAL_OR_FORGE_AUTHENTICATION_CERTIFICATES" ]
enum_MitreAttackPrimaryTactic := [ "TACTIC_UNSPECIFIED", "RECONNAISSANCE", "RESOURCE_DEVELOPMENT", "INITIAL_ACCESS", "EXECUTION", "PERSISTENCE", "PRIVILEGE_ESCALATION", "DEFENSE_EVASION", "CREDENTIAL_ACCESS", "DISCOVERY", "LATERAL_MOVEMENT", "COLLECTION", "COMMAND_AND_CONTROL", "EXFILTRATION", "IMPACT" ]
enum_MitreAttackPrimaryTechniques := [ "TECHNIQUE_UNSPECIFIED", "MASQUERADING", "MATCH_LEGITIMATE_NAME_OR_LOCATION", "BOOT_OR_LOGON_INITIALIZATION_SCRIPTS", "STARTUP_ITEMS", "NETWORK_SERVICE_DISCOVERY", "PROCESS_DISCOVERY", "COMMAND_AND_SCRIPTING_INTERPRETER", "UNIX_SHELL", "PYTHON", "EXPLOITATION_FOR_PRIVILEGE_ESCALATION", "PERMISSION_GROUPS_DISCOVERY", "CLOUD_GROUPS", "INDICATOR_REMOVAL_FILE_DELETION", "APPLICATION_LAYER_PROTOCOL", "DNS", "SOFTWARE_DEPLOYMENT_TOOLS", "VALID_ACCOUNTS", "DEFAULT_ACCOUNTS", "LOCAL_ACCOUNTS", "CLOUD_ACCOUNTS", "PROXY", "EXTERNAL_PROXY", "MULTI_HOP_PROXY", "ACCOUNT_MANIPULATION", "ADDITIONAL_CLOUD_CREDENTIALS", "SSH_AUTHORIZED_KEYS", "ADDITIONAL_CONTAINER_CLUSTER_ROLES", "INGRESS_TOOL_TRANSFER", "NATIVE_API", "BRUTE_FORCE", "SHARED_MODULES", "ACCESS_TOKEN_MANIPULATION", "TOKEN_IMPERSONATION_OR_THEFT", "EXPLOIT_PUBLIC_FACING_APPLICATION", "DOMAIN_POLICY_MODIFICATION", "DATA_DESTRUCTION", "SERVICE_STOP", "INHIBIT_SYSTEM_RECOVERY", "RESOURCE_HIJACKING", "NETWORK_DENIAL_OF_SERVICE", "CLOUD_SERVICE_DISCOVERY", "STEAL_APPLICATION_ACCESS_TOKEN", "ACCOUNT_ACCESS_REMOVAL", "STEAL_WEB_SESSION_COOKIE", "CREATE_OR_MODIFY_SYSTEM_PROCESS", "EVENT_TRIGGERED_EXECUTION", "ABUSE_ELEVATION_CONTROL_MECHANISM", "UNSECURED_CREDENTIALS", "MODIFY_AUTHENTICATION_PROCESS", "IMPAIR_DEFENSES", "DISABLE_OR_MODIFY_TOOLS", "EXFILTRATION_OVER_WEB_SERVICE", "EXFILTRATION_TO_CLOUD_STORAGE", "DYNAMIC_RESOLUTION", "LATERAL_TOOL_TRANSFER", "MODIFY_CLOUD_COMPUTE_INFRASTRUCTURE", "CREATE_SNAPSHOT", "CLOUD_INFRASTRUCTURE_DISCOVERY", "OBTAIN_CAPABILITIES", "ACTIVE_SCANNING", "SCANNING_IP_BLOCKS", "CONTAINER_ADMINISTRATION_COMMAND", "DEPLOY_CONTAINER", "ESCAPE_TO_HOST", "CONTAINER_AND_RESOURCE_DISCOVERY", "STEAL_OR_FORGE_AUTHENTICATION_CERTIFICATES" ]
enum_ProcessSignatureSignatureType := [ "SIGNATURE_TYPE_UNSPECIFIED", "SIGNATURE_TYPE_PROCESS", "SIGNATURE_TYPE_FILE" ]
enum_RoleKind := [ "KIND_UNSPECIFIED", "ROLE", "CLUSTER_ROLE" ]
enum_SubjectKind := [ "AUTH_TYPE_UNSPECIFIED", "USER", "SERVICEACCOUNT", "GROUP" ]

valid {
    input.Body.access.callerIp == STRING
    input.Body.access.callerIpGeo.regionCode == STRING
    input.Body.access.methodName == STRING
    input.Body.access.principalEmail == STRING
    input.Body.access.principalSubject == STRING
    input.Body.access.serviceAccountDelegationInfo[_].principalEmail == STRING
    input.Body.access.serviceAccountDelegationInfo[_].principalSubject == STRING
    input.Body.access.serviceAccountKeyName == STRING
    input.Body.access.serviceName == STRING
    input.Body.access.userAgent == STRING
    input.Body.access.userAgentFamily == STRING
    input.Body.access.userName == STRING
    input.Body.application.baseUri == STRING
    input.Body.application.fullUri == STRING
    input.Body.attackExposure.attackExposureResult == STRING
    input.Body.attackExposure.exposedHighValueResourcesCount == INTEGER
    input.Body.attackExposure.exposedLowValueResourcesCount == INTEGER
    input.Body.attackExposure.exposedMediumValueResourcesCount == INTEGER
    input.Body.attackExposure.latestCalculationTime == STRING
    input.Body.attackExposure.score == NUMBER
    input.Body.attackExposure.state == enum_AttackExposureState[_]
    input.Body.backupDisasterRecovery.appliance == STRING
    input.Body.backupDisasterRecovery.applications[_] == STRING
    input.Body.backupDisasterRecovery.backupCreateTime == STRING
    input.Body.backupDisasterRecovery.backupTemplate == STRING
    input.Body.backupDisasterRecovery.backupType == STRING
    input.Body.backupDisasterRecovery.host == STRING
    input.Body.backupDisasterRecovery.policies[_] == STRING
    input.Body.backupDisasterRecovery.policyOptions[_] == STRING
    input.Body.backupDisasterRecovery.profile == STRING
    input.Body.backupDisasterRecovery.storagePool == STRING
    input.Body.canonicalName == STRING
    input.Body.category == STRING
    input.Body.cloudArmor.adaptiveProtection.confidence == NUMBER
    input.Body.cloudArmor.attack.classification == STRING
    input.Body.cloudArmor.attack.volumeBps == INTEGER
    input.Body.cloudArmor.attack.volumePps == INTEGER
    input.Body.cloudArmor.duration == STRING
    input.Body.cloudArmor.requests.longTermAllowed == INTEGER
    input.Body.cloudArmor.requests.longTermDenied == INTEGER
    input.Body.cloudArmor.requests.ratio == NUMBER
    input.Body.cloudArmor.requests.shortTermAllowed == INTEGER
    input.Body.cloudArmor.securityPolicy.name == STRING
    input.Body.cloudArmor.securityPolicy.preview == BOOLEAN
    input.Body.cloudArmor.securityPolicy.type == STRING
    input.Body.cloudArmor.threatVector == STRING
    input.Body.cloudDlpDataProfile.dataProfile == STRING
    input.Body.cloudDlpDataProfile.parentType == enum_CloudDlpDataProfileParentType[_]
    input.Body.cloudDlpInspection.fullScan == BOOLEAN
    input.Body.cloudDlpInspection.infoType == STRING
    input.Body.cloudDlpInspection.infoTypeCount == STRING
    input.Body.cloudDlpInspection.inspectJob == STRING
    input.Body.compliances[_].ids[_] == STRING
    input.Body.compliances[_].standard == STRING
    input.Body.compliances[_].version == STRING
    input.Body.connections[_].destinationIp == STRING
    input.Body.connections[_].destinationPort == INTEGER
    input.Body.connections[_].protocol == enum_ConnectionProtocol[_]
    input.Body.connections[_].sourceIp == STRING
    input.Body.connections[_].sourcePort == INTEGER
    input.Body.containers[_].createTime == STRING
    input.Body.containers[_].imageId == STRING
    input.Body.containers[_].labels[_].name == STRING
    input.Body.containers[_].labels[_].value == STRING
    input.Body.containers[_].name == STRING
    input.Body.containers[_].uri == STRING
    input.Body.createTime == STRING
    input.Body.dataAccessEvents[_].eventId == STRING
    input.Body.dataAccessEvents[_].eventTime == STRING
    input.Body.dataAccessEvents[_].operation == enum_DataAccessEventOperation[_]
    input.Body.dataAccessEvents[_].principalEmail == STRING
    input.Body.dataFlowEvents[_].eventId == STRING
    input.Body.dataFlowEvents[_].eventTime == STRING
    input.Body.dataFlowEvents[_].operation == enum_DataFlowEventOperation[_]
    input.Body.dataFlowEvents[_].principalEmail == STRING
    input.Body.dataFlowEvents[_].violatedLocation == STRING
    input.Body.dataRetentionDeletionEvents[_].dataObjectCount == STRING
    input.Body.dataRetentionDeletionEvents[_].eventDetectionTime == STRING
    input.Body.dataRetentionDeletionEvents[_].eventType == enum_DataRetentionDeletionEventEventType[_]
    input.Body.dataRetentionDeletionEvents[_].maxRetentionAllowed == STRING
    input.Body.database.displayName == STRING
    input.Body.database.grantees[_] == STRING
    input.Body.database.name == STRING
    input.Body.database.query == STRING
    input.Body.database.userName == STRING
    input.Body.database.version == STRING
    input.Body.description == STRING
    input.Body.disk.name == STRING
    input.Body.eventTime == STRING
    input.Body.exfiltration.sources[_].components[_] == STRING
    input.Body.exfiltration.sources[_].name == STRING
    input.Body.exfiltration.targets[_].components[_] == STRING
    input.Body.exfiltration.targets[_].name == STRING
    input.Body.exfiltration.totalExfiltratedBytes == STRING
    input.Body.externalUri == STRING
    input.Body.files[_].contents == STRING
    input.Body.files[_].diskPath.partitionUuid == STRING
    input.Body.files[_].diskPath.relativePath == STRING
    input.Body.files[_].hashedSize == STRING
    input.Body.files[_].partiallyHashed == BOOLEAN
    input.Body.files[_].path == STRING
    input.Body.files[_].sha256 == STRING
    input.Body.files[_].size == STRING
    input.Body.findingClass == enum_FindingFindingClass[_]
    input.Body.groupMemberships[_].groupId == STRING
    input.Body.groupMemberships[_].groupType == enum_GroupMembershipGroupType[_]
    input.Body.iamBindings[_].action == enum_IamBindingAction[_]
    input.Body.iamBindings[_].member == STRING
    input.Body.iamBindings[_].role == STRING
    input.Body.indicator.domains[_] == STRING
    input.Body.indicator.ipAddresses[_] == STRING
    input.Body.indicator.signatures[_].memoryHashSignature.binaryFamily == STRING
    input.Body.indicator.signatures[_].memoryHashSignature.detections[_].binary == STRING
    input.Body.indicator.signatures[_].memoryHashSignature.detections[_].percentPagesMatched == NUMBER
    input.Body.indicator.signatures[_].signatureType == enum_ProcessSignatureSignatureType[_]
    input.Body.indicator.signatures[_].yaraRuleSignature.yaraRule == STRING
    input.Body.indicator.uris[_] == STRING
    input.Body.kernelRootkit.name == STRING
    input.Body.kernelRootkit.unexpectedCodeModification == BOOLEAN
    input.Body.kernelRootkit.unexpectedFtraceHandler == BOOLEAN
    input.Body.kernelRootkit.unexpectedInterruptHandler == BOOLEAN
    input.Body.kernelRootkit.unexpectedKernelCodePages == BOOLEAN
    input.Body.kernelRootkit.unexpectedKprobeHandler == BOOLEAN
    input.Body.kernelRootkit.unexpectedProcessesInRunqueue == BOOLEAN
    input.Body.kernelRootkit.unexpectedReadOnlyDataModification == BOOLEAN
    input.Body.kernelRootkit.unexpectedSystemCallHandler == BOOLEAN
    input.Body.kubernetes.accessReviews[_].group == STRING
    input.Body.kubernetes.accessReviews[_].name == STRING
    input.Body.kubernetes.accessReviews[_].ns == STRING
    input.Body.kubernetes.accessReviews[_].resource == STRING
    input.Body.kubernetes.accessReviews[_].subresource == STRING
    input.Body.kubernetes.accessReviews[_].verb == STRING
    input.Body.kubernetes.accessReviews[_].version == STRING
    input.Body.kubernetes.bindings[_].name == STRING
    input.Body.kubernetes.bindings[_].ns == STRING
    input.Body.kubernetes.bindings[_].role.kind == enum_RoleKind[_]
    input.Body.kubernetes.bindings[_].role.name == STRING
    input.Body.kubernetes.bindings[_].role.ns == STRING
    input.Body.kubernetes.bindings[_].subjects[_].kind == enum_SubjectKind[_]
    input.Body.kubernetes.bindings[_].subjects[_].name == STRING
    input.Body.kubernetes.bindings[_].subjects[_].ns == STRING
    input.Body.kubernetes.nodePools[_].name == STRING
    input.Body.kubernetes.nodePools[_].nodes[_].name == STRING
    input.Body.kubernetes.nodes[_].name == STRING
    input.Body.kubernetes.objects[_].containers[_].createTime == STRING
    input.Body.kubernetes.objects[_].containers[_].imageId == STRING
    input.Body.kubernetes.objects[_].containers[_].labels[_].name == STRING
    input.Body.kubernetes.objects[_].containers[_].labels[_].value == STRING
    input.Body.kubernetes.objects[_].containers[_].name == STRING
    input.Body.kubernetes.objects[_].containers[_].uri == STRING
    input.Body.kubernetes.objects[_].group == STRING
    input.Body.kubernetes.objects[_].kind == STRING
    input.Body.kubernetes.objects[_].name == STRING
    input.Body.kubernetes.objects[_].ns == STRING
    input.Body.kubernetes.pods[_].containers[_].createTime == STRING
    input.Body.kubernetes.pods[_].containers[_].imageId == STRING
    input.Body.kubernetes.pods[_].containers[_].labels[_].name == STRING
    input.Body.kubernetes.pods[_].containers[_].labels[_].value == STRING
    input.Body.kubernetes.pods[_].containers[_].name == STRING
    input.Body.kubernetes.pods[_].containers[_].uri == STRING
    input.Body.kubernetes.pods[_].labels[_].name == STRING
    input.Body.kubernetes.pods[_].labels[_].value == STRING
    input.Body.kubernetes.pods[_].name == STRING
    input.Body.kubernetes.pods[_].ns == STRING
    input.Body.kubernetes.roles[_].kind == enum_RoleKind[_]
    input.Body.kubernetes.roles[_].name == STRING
    input.Body.kubernetes.roles[_].ns == STRING
    input.Body.loadBalancers[_].name == STRING
    input.Body.logEntries[_].cloudLoggingEntry.insertId == STRING
    input.Body.logEntries[_].cloudLoggingEntry.logId == STRING
    input.Body.logEntries[_].cloudLoggingEntry.resourceContainer == STRING
    input.Body.logEntries[_].cloudLoggingEntry.timestamp == STRING
    input.Body.mitreAttack.additionalTactics[_] == enum_MitreAttackAdditionalTactics[_]
    input.Body.mitreAttack.additionalTechniques[_] == enum_MitreAttackAdditionalTechniques[_]
    input.Body.mitreAttack.primaryTactic == enum_MitreAttackPrimaryTactic[_]
    input.Body.mitreAttack.primaryTechniques[_] == enum_MitreAttackPrimaryTechniques[_]
    input.Body.mitreAttack.version == STRING
    input.Body.moduleName == STRING
    input.Body.mute == enum_FindingMute[_]
    input.Body.muteInitiator == STRING
    input.Body.name == STRING
    input.Body.nextSteps == STRING
    input.Body.notebook.lastAuthor == STRING
    input.Body.notebook.name == STRING
    input.Body.notebook.notebookUpdateTime == STRING
    input.Body.notebook.service == STRING
    input.Body.orgPolicies[_].name == STRING
    input.Body.parent == STRING
    input.Body.processes[_].args[_] == STRING
    input.Body.processes[_].argumentsTruncated == BOOLEAN
    input.Body.processes[_].binary.contents == STRING
    input.Body.processes[_].binary.diskPath.partitionUuid == STRING
    input.Body.processes[_].binary.diskPath.relativePath == STRING
    input.Body.processes[_].binary.hashedSize == STRING
    input.Body.processes[_].binary.partiallyHashed == BOOLEAN
    input.Body.processes[_].binary.path == STRING
    input.Body.processes[_].binary.sha256 == STRING
    input.Body.processes[_].binary.size == STRING
    input.Body.processes[_].envVariables[_].name == STRING
    input.Body.processes[_].envVariables[_].val == STRING
    input.Body.processes[_].envVariablesTruncated == BOOLEAN
    input.Body.processes[_].libraries[_].contents == STRING
    input.Body.processes[_].libraries[_].diskPath.partitionUuid == STRING
    input.Body.processes[_].libraries[_].diskPath.relativePath == STRING
    input.Body.processes[_].libraries[_].hashedSize == STRING
    input.Body.processes[_].libraries[_].partiallyHashed == BOOLEAN
    input.Body.processes[_].libraries[_].path == STRING
    input.Body.processes[_].libraries[_].sha256 == STRING
    input.Body.processes[_].libraries[_].size == STRING
    input.Body.processes[_].name == STRING
    input.Body.processes[_].parentPid == STRING
    input.Body.processes[_].pid == STRING
    input.Body.processes[_].script.contents == STRING
    input.Body.processes[_].script.diskPath.partitionUuid == STRING
    input.Body.processes[_].script.diskPath.relativePath == STRING
    input.Body.processes[_].script.hashedSize == STRING
    input.Body.processes[_].script.partiallyHashed == BOOLEAN
    input.Body.processes[_].script.path == STRING
    input.Body.processes[_].script.sha256 == STRING
    input.Body.processes[_].script.size == STRING
    input.Body.resourceName == STRING
    input.Body.securityPosture.changedPolicy == STRING
    input.Body.securityPosture.name == STRING
    input.Body.securityPosture.policy == STRING
    input.Body.securityPosture.policyDriftDetails[_].detectedValue == STRING
    input.Body.securityPosture.policyDriftDetails[_].expectedValue == STRING
    input.Body.securityPosture.policyDriftDetails[_].field == STRING
    input.Body.securityPosture.policySet == STRING
    input.Body.securityPosture.postureDeployment == STRING
    input.Body.securityPosture.postureDeploymentResource == STRING
    input.Body.securityPosture.revisionId == STRING
    input.Body.severity == enum_FindingSeverity[_]
    input.Body.sourceProperties.STRING == ANY
    input.Body.state == enum_FindingState[_]
    input.Body.toxicCombination.attackExposureScore == NUMBER
    input.Body.toxicCombination.relatedFindings[_] == STRING
    input.Body.vulnerability.cve.cvssv3.attackComplexity == enum_Cvssv3AttackComplexity[_]
    input.Body.vulnerability.cve.cvssv3.attackVector == enum_Cvssv3AttackVector[_]
    input.Body.vulnerability.cve.cvssv3.availabilityImpact == enum_Cvssv3AvailabilityImpact[_]
    input.Body.vulnerability.cve.cvssv3.baseScore == NUMBER
    input.Body.vulnerability.cve.cvssv3.confidentialityImpact == enum_Cvssv3ConfidentialityImpact[_]
    input.Body.vulnerability.cve.cvssv3.integrityImpact == enum_Cvssv3IntegrityImpact[_]
    input.Body.vulnerability.cve.cvssv3.privilegesRequired == enum_Cvssv3PrivilegesRequired[_]
    input.Body.vulnerability.cve.cvssv3.scope == enum_Cvssv3Scope[_]
    input.Body.vulnerability.cve.cvssv3.userInteraction == enum_Cvssv3UserInteraction[_]
    input.Body.vulnerability.cve.exploitReleaseDate == STRING
    input.Body.vulnerability.cve.exploitationActivity == enum_CveExploitationActivity[_]
    input.Body.vulnerability.cve.firstExploitationDate == STRING
    input.Body.vulnerability.cve.id == STRING
    input.Body.vulnerability.cve.impact == enum_CveImpact[_]
    input.Body.vulnerability.cve.observedInTheWild == BOOLEAN
    input.Body.vulnerability.cve.references[_].source == STRING
    input.Body.vulnerability.cve.references[_].uri == STRING
    input.Body.vulnerability.cve.upstreamFixAvailable == BOOLEAN
    input.Body.vulnerability.cve.zeroDay == BOOLEAN
    input.Body.vulnerability.fixedPackage.cpeUri == STRING
    input.Body.vulnerability.fixedPackage.packageName == STRING
    input.Body.vulnerability.fixedPackage.packageType == STRING
    input.Body.vulnerability.fixedPackage.packageVersion == STRING
    input.Body.vulnerability.offendingPackage.cpeUri == STRING
    input.Body.vulnerability.offendingPackage.packageName == STRING
    input.Body.vulnerability.offendingPackage.packageType == STRING
    input.Body.vulnerability.offendingPackage.packageVersion == STRING
    input.Body.vulnerability.securityBulletin.bulletinId == STRING
    input.Body.vulnerability.securityBulletin.submissionTime == STRING
    input.Body.vulnerability.securityBulletin.suggestedUpgradeVersion == STRING
    input.ReqMap.name == STRING
    input.Qs.updateMask == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.folders.sources.findings.setMute

enum_SetMuteRequestMute := [ "MUTE_UNSPECIFIED", "MUTED", "UNMUTED", "UNDEFINED" ]

valid {
    input.Body.mute == enum_SetMuteRequestMute[_]
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.folders.sources.findings.setState

enum_SetFindingStateRequestState := [ "STATE_UNSPECIFIED", "ACTIVE", "INACTIVE" ]

valid {
    input.Body.startTime == STRING
    input.Body.state == enum_SetFindingStateRequestState[_]
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.folders.sources.findings.updateSecurityMarks

valid {
    input.Body.canonicalName == STRING
    input.Body.marks.STRING == STRING
    input.Body.name == STRING
    input.ReqMap.name == STRING
    input.Qs.startTime == STRING
    input.Qs.updateMask == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.folders.sources.list

valid {
    input.ReqMap.parent == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.folders.updateContainerThreatDetectionSettings

enum_ConfigModuleEnablementState := [ "ENABLEMENT_STATE_UNSPECIFIED", "INHERITED", "ENABLED", "DISABLED" ]
enum_ContainerThreatDetectionSettingsServiceEnablementState := [ "ENABLEMENT_STATE_UNSPECIFIED", "INHERITED", "ENABLED", "DISABLED" ]

valid {
    input.Body.modules.STRING.moduleEnablementState == enum_ConfigModuleEnablementState[_]
    input.Body.modules.STRING.value.STRING == ANY
    input.Body.name == STRING
    input.Body.serviceEnablementState == enum_ContainerThreatDetectionSettingsServiceEnablementState[_]
    input.ReqMap.name == STRING
    input.Qs.updateMask == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.folders.updateEventThreatDetectionSettings

enum_ConfigModuleEnablementState := [ "ENABLEMENT_STATE_UNSPECIFIED", "INHERITED", "ENABLED", "DISABLED" ]
enum_EventThreatDetectionSettingsServiceEnablementState := [ "ENABLEMENT_STATE_UNSPECIFIED", "INHERITED", "ENABLED", "DISABLED" ]

valid {
    input.Body.modules.STRING.moduleEnablementState == enum_ConfigModuleEnablementState[_]
    input.Body.modules.STRING.value.STRING == ANY
    input.Body.name == STRING
    input.Body.serviceEnablementState == enum_EventThreatDetectionSettingsServiceEnablementState[_]
    input.ReqMap.name == STRING
    input.Qs.updateMask == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.folders.updateRapidVulnerabilityDetectionSettings

enum_ConfigModuleEnablementState := [ "ENABLEMENT_STATE_UNSPECIFIED", "INHERITED", "ENABLED", "DISABLED" ]
enum_RapidVulnerabilityDetectionSettingsServiceEnablementState := [ "ENABLEMENT_STATE_UNSPECIFIED", "INHERITED", "ENABLED", "DISABLED" ]

valid {
    input.Body.modules.STRING.moduleEnablementState == enum_ConfigModuleEnablementState[_]
    input.Body.modules.STRING.value.STRING == ANY
    input.Body.name == STRING
    input.Body.serviceEnablementState == enum_RapidVulnerabilityDetectionSettingsServiceEnablementState[_]
    input.ReqMap.name == STRING
    input.Qs.updateMask == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.folders.updateSecurityHealthAnalyticsSettings

enum_ConfigModuleEnablementState := [ "ENABLEMENT_STATE_UNSPECIFIED", "INHERITED", "ENABLED", "DISABLED" ]
enum_SecurityHealthAnalyticsSettingsServiceEnablementState := [ "ENABLEMENT_STATE_UNSPECIFIED", "INHERITED", "ENABLED", "DISABLED" ]

valid {
    input.Body.modules.STRING.moduleEnablementState == enum_ConfigModuleEnablementState[_]
    input.Body.modules.STRING.value.STRING == ANY
    input.Body.name == STRING
    input.Body.serviceEnablementState == enum_SecurityHealthAnalyticsSettingsServiceEnablementState[_]
    input.ReqMap.name == STRING
    input.Qs.updateMask == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.folders.updateVirtualMachineThreatDetectionSettings

enum_ConfigModuleEnablementState := [ "ENABLEMENT_STATE_UNSPECIFIED", "INHERITED", "ENABLED", "DISABLED" ]
enum_VirtualMachineThreatDetectionSettingsServiceEnablementState := [ "ENABLEMENT_STATE_UNSPECIFIED", "INHERITED", "ENABLED", "DISABLED" ]

valid {
    input.Body.modules.STRING.moduleEnablementState == enum_ConfigModuleEnablementState[_]
    input.Body.modules.STRING.value.STRING == ANY
    input.Body.name == STRING
    input.Body.serviceEnablementState == enum_VirtualMachineThreatDetectionSettingsServiceEnablementState[_]
    input.ReqMap.name == STRING
    input.Qs.updateMask == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.folders.updateWebSecurityScannerSettings

enum_ConfigModuleEnablementState := [ "ENABLEMENT_STATE_UNSPECIFIED", "INHERITED", "ENABLED", "DISABLED" ]
enum_WebSecurityScannerSettingsServiceEnablementState := [ "ENABLEMENT_STATE_UNSPECIFIED", "INHERITED", "ENABLED", "DISABLED" ]

valid {
    input.Body.modules.STRING.moduleEnablementState == enum_ConfigModuleEnablementState[_]
    input.Body.modules.STRING.value.STRING == ANY
    input.Body.name == STRING
    input.Body.serviceEnablementState == enum_WebSecurityScannerSettingsServiceEnablementState[_]
    input.ReqMap.name == STRING
    input.Qs.updateMask == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.folders.virtualMachineThreatDetectionSettings.calculate

valid {
    input.ReqMap.name == STRING
    input.Qs.showEligibleModulesOnly == BOOLEAN
    input.ProviderMetadata.Region == STRING
}

securitycenter.folders.webSecurityScannerSettings.calculate

valid {
    input.ReqMap.name == STRING
    input.Qs.showEligibleModulesOnly == BOOLEAN
    input.ProviderMetadata.Region == STRING
}

securitycenter.organizations.assets.group

valid {
    input.Body.compareDuration == STRING
    input.Body.filter == STRING
    input.Body.groupBy == STRING
    input.Body.pageSize == INTEGER
    input.Body.pageToken == STRING
    input.Body.readTime == STRING
    input.ReqMap.parent == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.organizations.assets.list

valid {
    input.ReqMap.parent == STRING
    input.Qs.compareDuration == STRING
    input.Qs.fieldMask == STRING
    input.Qs.filter == STRING
    input.Qs.orderBy == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.Qs.readTime == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.organizations.assets.runDiscovery

valid {
    input.Body.STRING == STRING
    input.ReqMap.parent == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.organizations.assets.updateSecurityMarks

valid {
    input.Body.canonicalName == STRING
    input.Body.marks.STRING == STRING
    input.Body.name == STRING
    input.ReqMap.name == STRING
    input.Qs.startTime == STRING
    input.Qs.updateMask == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.organizations.attackPaths.list

valid {
    input.ReqMap.parent == STRING
    input.Qs.filter == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.organizations.bigQueryExports.create

valid {
    input.Body.dataset == STRING
    input.Body.description == STRING
    input.Body.filter == STRING
    input.Body.name == STRING
    input.ReqMap.parent == STRING
    input.Qs.bigQueryExportId == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.organizations.bigQueryExports.delete

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.organizations.bigQueryExports.get

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.organizations.bigQueryExports.list

valid {
    input.ReqMap.parent == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.organizations.bigQueryExports.patch

valid {
    input.Body.dataset == STRING
    input.Body.description == STRING
    input.Body.filter == STRING
    input.Body.name == STRING
    input.ReqMap.name == STRING
    input.Qs.updateMask == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.organizations.containerThreatDetectionSettings.calculate

valid {
    input.ReqMap.name == STRING
    input.Qs.showEligibleModulesOnly == BOOLEAN
    input.ProviderMetadata.Region == STRING
}

securitycenter.organizations.eventThreatDetectionSettings.calculate

valid {
    input.ReqMap.name == STRING
    input.Qs.showEligibleModulesOnly == BOOLEAN
    input.ProviderMetadata.Region == STRING
}

securitycenter.organizations.eventThreatDetectionSettings.customModules.create

enum_EventThreatDetectionCustomModuleCloudProvider := [ "CLOUD_PROVIDER_UNSPECIFIED", "GOOGLE_CLOUD_PLATFORM", "AMAZON_WEB_SERVICES", "MICROSOFT_AZURE" ]
enum_EventThreatDetectionCustomModuleEnablementState := [ "ENABLEMENT_STATE_UNSPECIFIED", "ENABLED", "DISABLED", "INHERITED" ]

valid {
    input.Body.cloudProvider == enum_EventThreatDetectionCustomModuleCloudProvider[_]
    input.Body.config.STRING == ANY
    input.Body.description == STRING
    input.Body.displayName == STRING
    input.Body.enablementState == enum_EventThreatDetectionCustomModuleEnablementState[_]
    input.Body.name == STRING
    input.Body.type == STRING
    input.ReqMap.parent == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.organizations.eventThreatDetectionSettings.customModules.delete

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.organizations.eventThreatDetectionSettings.customModules.get

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.organizations.eventThreatDetectionSettings.customModules.list

valid {
    input.ReqMap.parent == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.organizations.eventThreatDetectionSettings.customModules.listDescendant

valid {
    input.ReqMap.parent == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.organizations.eventThreatDetectionSettings.customModules.patch

enum_EventThreatDetectionCustomModuleCloudProvider := [ "CLOUD_PROVIDER_UNSPECIFIED", "GOOGLE_CLOUD_PLATFORM", "AMAZON_WEB_SERVICES", "MICROSOFT_AZURE" ]
enum_EventThreatDetectionCustomModuleEnablementState := [ "ENABLEMENT_STATE_UNSPECIFIED", "ENABLED", "DISABLED", "INHERITED" ]

valid {
    input.Body.cloudProvider == enum_EventThreatDetectionCustomModuleCloudProvider[_]
    input.Body.config.STRING == ANY
    input.Body.description == STRING
    input.Body.displayName == STRING
    input.Body.enablementState == enum_EventThreatDetectionCustomModuleEnablementState[_]
    input.Body.name == STRING
    input.Body.type == STRING
    input.ReqMap.name == STRING
    input.Qs.updateMask == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.organizations.eventThreatDetectionSettings.effectiveCustomModules.get

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.organizations.eventThreatDetectionSettings.effectiveCustomModules.list

valid {
    input.ReqMap.parent == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.organizations.eventThreatDetectionSettings.validateCustomModule

valid {
    input.Body.rawText == STRING
    input.Body.type == STRING
    input.ReqMap.parent == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.organizations.findings.bulkMute

enum_BulkMuteFindingsRequestMuteState := [ "MUTE_STATE_UNSPECIFIED", "MUTED", "UNDEFINED" ]

valid {
    input.Body.filter == STRING
    input.Body.muteAnnotation == STRING
    input.Body.muteState == enum_BulkMuteFindingsRequestMuteState[_]
    input.ReqMap.parent == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.organizations.getContainerThreatDetectionSettings

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.organizations.getEventThreatDetectionSettings

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.organizations.getOrganizationSettings

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.organizations.getRapidVulnerabilityDetectionSettings

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.organizations.getSecurityCenterSettings

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.organizations.getSecurityHealthAnalyticsSettings

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.organizations.getSubscription

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.organizations.getVirtualMachineThreatDetectionSettings

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.organizations.getWebSecurityScannerSettings

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.organizations.locations.muteConfigs.delete

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.organizations.locations.muteConfigs.get

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.organizations.locations.muteConfigs.patch

enum_GoogleCloudSecuritycenterV1MuteConfigType := [ "MUTE_CONFIG_TYPE_UNSPECIFIED", "STATIC", "DYNAMIC" ]

valid {
    input.Body.description == STRING
    input.Body.displayName == STRING
    input.Body.expiryTime == STRING
    input.Body.filter == STRING
    input.Body.name == STRING
    input.Body.type == enum_GoogleCloudSecuritycenterV1MuteConfigType[_]
    input.ReqMap.name == STRING
    input.Qs.updateMask == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.organizations.muteConfigs.create

enum_GoogleCloudSecuritycenterV1MuteConfigType := [ "MUTE_CONFIG_TYPE_UNSPECIFIED", "STATIC", "DYNAMIC" ]

valid {
    input.Body.description == STRING
    input.Body.displayName == STRING
    input.Body.expiryTime == STRING
    input.Body.filter == STRING
    input.Body.name == STRING
    input.Body.type == enum_GoogleCloudSecuritycenterV1MuteConfigType[_]
    input.ReqMap.parent == STRING
    input.Qs.muteConfigId == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.organizations.muteConfigs.delete

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.organizations.muteConfigs.get

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.organizations.muteConfigs.list

valid {
    input.ReqMap.parent == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.organizations.muteConfigs.patch

enum_GoogleCloudSecuritycenterV1MuteConfigType := [ "MUTE_CONFIG_TYPE_UNSPECIFIED", "STATIC", "DYNAMIC" ]

valid {
    input.Body.description == STRING
    input.Body.displayName == STRING
    input.Body.expiryTime == STRING
    input.Body.filter == STRING
    input.Body.name == STRING
    input.Body.type == enum_GoogleCloudSecuritycenterV1MuteConfigType[_]
    input.ReqMap.name == STRING
    input.Qs.updateMask == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.organizations.notificationConfigs.create

valid {
    input.Body.description == STRING
    input.Body.name == STRING
    input.Body.pubsubTopic == STRING
    input.Body.streamingConfig.filter == STRING
    input.ReqMap.parent == STRING
    input.Qs.configId == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.organizations.notificationConfigs.delete

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.organizations.notificationConfigs.get

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.organizations.notificationConfigs.list

valid {
    input.ReqMap.parent == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.organizations.notificationConfigs.patch

valid {
    input.Body.description == STRING
    input.Body.name == STRING
    input.Body.pubsubTopic == STRING
    input.Body.streamingConfig.filter == STRING
    input.ReqMap.name == STRING
    input.Qs.updateMask == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.organizations.operations.cancel

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.organizations.operations.delete

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.organizations.operations.get

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.organizations.operations.list

valid {
    input.ReqMap.name == STRING
    input.Qs.filter == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.organizations.rapidVulnerabilityDetectionSettings.calculate

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.organizations.resourceValueConfigs.batchCreate

enum_GoogleCloudSecuritycenterV1ResourceValueConfigCloudProvider := [ "CLOUD_PROVIDER_UNSPECIFIED", "GOOGLE_CLOUD_PLATFORM", "AMAZON_WEB_SERVICES", "MICROSOFT_AZURE" ]
enum_GoogleCloudSecuritycenterV1ResourceValueConfigResourceValue := [ "RESOURCE_VALUE_UNSPECIFIED", "HIGH", "MEDIUM", "LOW", "NONE" ]
enum_GoogleCloudSecuritycenterV1SensitiveDataProtectionMappingHighSensitivityMapping := [ "RESOURCE_VALUE_UNSPECIFIED", "HIGH", "MEDIUM", "LOW", "NONE" ]
enum_GoogleCloudSecuritycenterV1SensitiveDataProtectionMappingMediumSensitivityMapping := [ "RESOURCE_VALUE_UNSPECIFIED", "HIGH", "MEDIUM", "LOW", "NONE" ]

valid {
    input.Body.requests[_].parent == STRING
    input.Body.requests[_].resourceValueConfig.cloudProvider == enum_GoogleCloudSecuritycenterV1ResourceValueConfigCloudProvider[_]
    input.Body.requests[_].resourceValueConfig.description == STRING
    input.Body.requests[_].resourceValueConfig.name == STRING
    input.Body.requests[_].resourceValueConfig.resourceLabelsSelector.STRING == STRING
    input.Body.requests[_].resourceValueConfig.resourceType == STRING
    input.Body.requests[_].resourceValueConfig.resourceValue == enum_GoogleCloudSecuritycenterV1ResourceValueConfigResourceValue[_]
    input.Body.requests[_].resourceValueConfig.scope == STRING
    input.Body.requests[_].resourceValueConfig.sensitiveDataProtectionMapping.highSensitivityMapping == enum_GoogleCloudSecuritycenterV1SensitiveDataProtectionMappingHighSensitivityMapping[_]
    input.Body.requests[_].resourceValueConfig.sensitiveDataProtectionMapping.mediumSensitivityMapping == enum_GoogleCloudSecuritycenterV1SensitiveDataProtectionMappingMediumSensitivityMapping[_]
    input.Body.requests[_].resourceValueConfig.tagValues[_] == STRING
    input.ReqMap.parent == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.organizations.resourceValueConfigs.delete

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.organizations.resourceValueConfigs.get

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.organizations.resourceValueConfigs.list

valid {
    input.ReqMap.parent == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.organizations.resourceValueConfigs.patch

enum_GoogleCloudSecuritycenterV1ResourceValueConfigCloudProvider := [ "CLOUD_PROVIDER_UNSPECIFIED", "GOOGLE_CLOUD_PLATFORM", "AMAZON_WEB_SERVICES", "MICROSOFT_AZURE" ]
enum_GoogleCloudSecuritycenterV1ResourceValueConfigResourceValue := [ "RESOURCE_VALUE_UNSPECIFIED", "HIGH", "MEDIUM", "LOW", "NONE" ]
enum_GoogleCloudSecuritycenterV1SensitiveDataProtectionMappingHighSensitivityMapping := [ "RESOURCE_VALUE_UNSPECIFIED", "HIGH", "MEDIUM", "LOW", "NONE" ]
enum_GoogleCloudSecuritycenterV1SensitiveDataProtectionMappingMediumSensitivityMapping := [ "RESOURCE_VALUE_UNSPECIFIED", "HIGH", "MEDIUM", "LOW", "NONE" ]

valid {
    input.Body.cloudProvider == enum_GoogleCloudSecuritycenterV1ResourceValueConfigCloudProvider[_]
    input.Body.description == STRING
    input.Body.name == STRING
    input.Body.resourceLabelsSelector.STRING == STRING
    input.Body.resourceType == STRING
    input.Body.resourceValue == enum_GoogleCloudSecuritycenterV1ResourceValueConfigResourceValue[_]
    input.Body.scope == STRING
    input.Body.sensitiveDataProtectionMapping.highSensitivityMapping == enum_GoogleCloudSecuritycenterV1SensitiveDataProtectionMappingHighSensitivityMapping[_]
    input.Body.sensitiveDataProtectionMapping.mediumSensitivityMapping == enum_GoogleCloudSecuritycenterV1SensitiveDataProtectionMappingMediumSensitivityMapping[_]
    input.Body.tagValues[_] == STRING
    input.ReqMap.name == STRING
    input.Qs.updateMask == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.organizations.securityHealthAnalyticsSettings.calculate

valid {
    input.ReqMap.name == STRING
    input.Qs.showEligibleModulesOnly == BOOLEAN
    input.ProviderMetadata.Region == STRING
}

securitycenter.organizations.securityHealthAnalyticsSettings.customModules.create

enum_GoogleCloudSecuritycenterV1CustomConfigSeverity := [ "SEVERITY_UNSPECIFIED", "CRITICAL", "HIGH", "MEDIUM", "LOW" ]
enum_GoogleCloudSecuritycenterV1SecurityHealthAnalyticsCustomModuleCloudProvider := [ "CLOUD_PROVIDER_UNSPECIFIED", "GOOGLE_CLOUD_PLATFORM", "AMAZON_WEB_SERVICES", "MICROSOFT_AZURE" ]
enum_GoogleCloudSecuritycenterV1SecurityHealthAnalyticsCustomModuleEnablementState := [ "ENABLEMENT_STATE_UNSPECIFIED", "ENABLED", "DISABLED", "INHERITED" ]

valid {
    input.Body.cloudProvider == enum_GoogleCloudSecuritycenterV1SecurityHealthAnalyticsCustomModuleCloudProvider[_]
    input.Body.customConfig.customOutput.properties[_].name == STRING
    input.Body.customConfig.customOutput.properties[_].valueExpression.description == STRING
    input.Body.customConfig.customOutput.properties[_].valueExpression.expression == STRING
    input.Body.customConfig.customOutput.properties[_].valueExpression.location == STRING
    input.Body.customConfig.customOutput.properties[_].valueExpression.title == STRING
    input.Body.customConfig.description == STRING
    input.Body.customConfig.predicate.description == STRING
    input.Body.customConfig.predicate.expression == STRING
    input.Body.customConfig.predicate.location == STRING
    input.Body.customConfig.predicate.title == STRING
    input.Body.customConfig.recommendation == STRING
    input.Body.customConfig.resourceSelector.resourceTypes[_] == STRING
    input.Body.customConfig.severity == enum_GoogleCloudSecuritycenterV1CustomConfigSeverity[_]
    input.Body.displayName == STRING
    input.Body.enablementState == enum_GoogleCloudSecuritycenterV1SecurityHealthAnalyticsCustomModuleEnablementState[_]
    input.Body.name == STRING
    input.ReqMap.parent == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.organizations.securityHealthAnalyticsSettings.customModules.delete

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.organizations.securityHealthAnalyticsSettings.customModules.get

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.organizations.securityHealthAnalyticsSettings.customModules.list

valid {
    input.ReqMap.parent == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.organizations.securityHealthAnalyticsSettings.customModules.listDescendant

valid {
    input.ReqMap.parent == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.organizations.securityHealthAnalyticsSettings.customModules.patch

enum_GoogleCloudSecuritycenterV1CustomConfigSeverity := [ "SEVERITY_UNSPECIFIED", "CRITICAL", "HIGH", "MEDIUM", "LOW" ]
enum_GoogleCloudSecuritycenterV1SecurityHealthAnalyticsCustomModuleCloudProvider := [ "CLOUD_PROVIDER_UNSPECIFIED", "GOOGLE_CLOUD_PLATFORM", "AMAZON_WEB_SERVICES", "MICROSOFT_AZURE" ]
enum_GoogleCloudSecuritycenterV1SecurityHealthAnalyticsCustomModuleEnablementState := [ "ENABLEMENT_STATE_UNSPECIFIED", "ENABLED", "DISABLED", "INHERITED" ]

valid {
    input.Body.cloudProvider == enum_GoogleCloudSecuritycenterV1SecurityHealthAnalyticsCustomModuleCloudProvider[_]
    input.Body.customConfig.customOutput.properties[_].name == STRING
    input.Body.customConfig.customOutput.properties[_].valueExpression.description == STRING
    input.Body.customConfig.customOutput.properties[_].valueExpression.expression == STRING
    input.Body.customConfig.customOutput.properties[_].valueExpression.location == STRING
    input.Body.customConfig.customOutput.properties[_].valueExpression.title == STRING
    input.Body.customConfig.description == STRING
    input.Body.customConfig.predicate.description == STRING
    input.Body.customConfig.predicate.expression == STRING
    input.Body.customConfig.predicate.location == STRING
    input.Body.customConfig.predicate.title == STRING
    input.Body.customConfig.recommendation == STRING
    input.Body.customConfig.resourceSelector.resourceTypes[_] == STRING
    input.Body.customConfig.severity == enum_GoogleCloudSecuritycenterV1CustomConfigSeverity[_]
    input.Body.displayName == STRING
    input.Body.enablementState == enum_GoogleCloudSecuritycenterV1SecurityHealthAnalyticsCustomModuleEnablementState[_]
    input.Body.name == STRING
    input.ReqMap.name == STRING
    input.Qs.updateMask == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.organizations.securityHealthAnalyticsSettings.customModules.simulate

enum_AuditLogConfigLogType := [ "LOG_TYPE_UNSPECIFIED", "ADMIN_READ", "DATA_WRITE", "DATA_READ" ]
enum_GoogleCloudSecuritycenterV1CustomConfigSeverity := [ "SEVERITY_UNSPECIFIED", "CRITICAL", "HIGH", "MEDIUM", "LOW" ]

valid {
    input.Body.customConfig.customOutput.properties[_].name == STRING
    input.Body.customConfig.customOutput.properties[_].valueExpression.description == STRING
    input.Body.customConfig.customOutput.properties[_].valueExpression.expression == STRING
    input.Body.customConfig.customOutput.properties[_].valueExpression.location == STRING
    input.Body.customConfig.customOutput.properties[_].valueExpression.title == STRING
    input.Body.customConfig.description == STRING
    input.Body.customConfig.predicate.description == STRING
    input.Body.customConfig.predicate.expression == STRING
    input.Body.customConfig.predicate.location == STRING
    input.Body.customConfig.predicate.title == STRING
    input.Body.customConfig.recommendation == STRING
    input.Body.customConfig.resourceSelector.resourceTypes[_] == STRING
    input.Body.customConfig.severity == enum_GoogleCloudSecuritycenterV1CustomConfigSeverity[_]
    input.Body.resource.iamPolicyData.auditConfigs[_].auditLogConfigs[_].exemptedMembers[_] == STRING
    input.Body.resource.iamPolicyData.auditConfigs[_].auditLogConfigs[_].logType == enum_AuditLogConfigLogType[_]
    input.Body.resource.iamPolicyData.auditConfigs[_].service == STRING
    input.Body.resource.iamPolicyData.bindings[_].condition.description == STRING
    input.Body.resource.iamPolicyData.bindings[_].condition.expression == STRING
    input.Body.resource.iamPolicyData.bindings[_].condition.location == STRING
    input.Body.resource.iamPolicyData.bindings[_].condition.title == STRING
    input.Body.resource.iamPolicyData.bindings[_].members[_] == STRING
    input.Body.resource.iamPolicyData.bindings[_].role == STRING
    input.Body.resource.iamPolicyData.etag == STRING
    input.Body.resource.iamPolicyData.version == INTEGER
    input.Body.resource.resourceData.STRING == ANY
    input.Body.resource.resourceType == STRING
    input.ReqMap.parent == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.organizations.securityHealthAnalyticsSettings.effectiveCustomModules.get

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.organizations.securityHealthAnalyticsSettings.effectiveCustomModules.list

valid {
    input.ReqMap.parent == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.organizations.simulations.attackExposureResults.attackPaths.list

valid {
    input.ReqMap.parent == STRING
    input.Qs.filter == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.organizations.simulations.attackExposureResults.valuedResources.list

valid {
    input.ReqMap.parent == STRING
    input.Qs.filter == STRING
    input.Qs.orderBy == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.organizations.simulations.attackPaths.list

valid {
    input.ReqMap.parent == STRING
    input.Qs.filter == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.organizations.simulations.get

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.organizations.simulations.valuedResources.attackPaths.list

valid {
    input.ReqMap.parent == STRING
    input.Qs.filter == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.organizations.simulations.valuedResources.get

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.organizations.simulations.valuedResources.list

valid {
    input.ReqMap.parent == STRING
    input.Qs.filter == STRING
    input.Qs.orderBy == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.organizations.sources.create

valid {
    input.Body.canonicalName == STRING
    input.Body.description == STRING
    input.Body.displayName == STRING
    input.Body.name == STRING
    input.ReqMap.parent == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.organizations.sources.findings.create

enum_AttackExposureState := [ "STATE_UNSPECIFIED", "CALCULATED", "NOT_CALCULATED" ]
enum_CloudDlpDataProfileParentType := [ "PARENT_TYPE_UNSPECIFIED", "ORGANIZATION", "PROJECT" ]
enum_ConnectionProtocol := [ "PROTOCOL_UNSPECIFIED", "ICMP", "TCP", "UDP", "GRE", "ESP" ]
enum_CveExploitationActivity := [ "EXPLOITATION_ACTIVITY_UNSPECIFIED", "WIDE", "CONFIRMED", "AVAILABLE", "ANTICIPATED", "NO_KNOWN" ]
enum_CveImpact := [ "RISK_RATING_UNSPECIFIED", "LOW", "MEDIUM", "HIGH", "CRITICAL" ]
enum_Cvssv3AttackComplexity := [ "ATTACK_COMPLEXITY_UNSPECIFIED", "ATTACK_COMPLEXITY_LOW", "ATTACK_COMPLEXITY_HIGH" ]
enum_Cvssv3AttackVector := [ "ATTACK_VECTOR_UNSPECIFIED", "ATTACK_VECTOR_NETWORK", "ATTACK_VECTOR_ADJACENT", "ATTACK_VECTOR_LOCAL", "ATTACK_VECTOR_PHYSICAL" ]
enum_Cvssv3AvailabilityImpact := [ "IMPACT_UNSPECIFIED", "IMPACT_HIGH", "IMPACT_LOW", "IMPACT_NONE" ]
enum_Cvssv3ConfidentialityImpact := [ "IMPACT_UNSPECIFIED", "IMPACT_HIGH", "IMPACT_LOW", "IMPACT_NONE" ]
enum_Cvssv3IntegrityImpact := [ "IMPACT_UNSPECIFIED", "IMPACT_HIGH", "IMPACT_LOW", "IMPACT_NONE" ]
enum_Cvssv3PrivilegesRequired := [ "PRIVILEGES_REQUIRED_UNSPECIFIED", "PRIVILEGES_REQUIRED_NONE", "PRIVILEGES_REQUIRED_LOW", "PRIVILEGES_REQUIRED_HIGH" ]
enum_Cvssv3Scope := [ "SCOPE_UNSPECIFIED", "SCOPE_UNCHANGED", "SCOPE_CHANGED" ]
enum_Cvssv3UserInteraction := [ "USER_INTERACTION_UNSPECIFIED", "USER_INTERACTION_NONE", "USER_INTERACTION_REQUIRED" ]
enum_DataAccessEventOperation := [ "OPERATION_UNSPECIFIED", "READ", "MOVE", "COPY" ]
enum_DataFlowEventOperation := [ "OPERATION_UNSPECIFIED", "READ", "MOVE", "COPY" ]
enum_DataRetentionDeletionEventEventType := [ "EVENT_TYPE_UNSPECIFIED", "EVENT_TYPE_MAX_TTL_EXCEEDED" ]
enum_FindingFindingClass := [ "FINDING_CLASS_UNSPECIFIED", "THREAT", "VULNERABILITY", "MISCONFIGURATION", "OBSERVATION", "SCC_ERROR", "POSTURE_VIOLATION", "TOXIC_COMBINATION", "SENSITIVE_DATA_RISK" ]
enum_FindingMute := [ "MUTE_UNSPECIFIED", "MUTED", "UNMUTED", "UNDEFINED" ]
enum_FindingSeverity := [ "SEVERITY_UNSPECIFIED", "CRITICAL", "HIGH", "MEDIUM", "LOW" ]
enum_FindingState := [ "STATE_UNSPECIFIED", "ACTIVE", "INACTIVE" ]
enum_GroupMembershipGroupType := [ "GROUP_TYPE_UNSPECIFIED", "GROUP_TYPE_TOXIC_COMBINATION" ]
enum_IamBindingAction := [ "ACTION_UNSPECIFIED", "ADD", "REMOVE" ]
enum_MitreAttackAdditionalTactics := [ "TACTIC_UNSPECIFIED", "RECONNAISSANCE", "RESOURCE_DEVELOPMENT", "INITIAL_ACCESS", "EXECUTION", "PERSISTENCE", "PRIVILEGE_ESCALATION", "DEFENSE_EVASION", "CREDENTIAL_ACCESS", "DISCOVERY", "LATERAL_MOVEMENT", "COLLECTION", "COMMAND_AND_CONTROL", "EXFILTRATION", "IMPACT" ]
enum_MitreAttackAdditionalTechniques := [ "TECHNIQUE_UNSPECIFIED", "MASQUERADING", "MATCH_LEGITIMATE_NAME_OR_LOCATION", "BOOT_OR_LOGON_INITIALIZATION_SCRIPTS", "STARTUP_ITEMS", "NETWORK_SERVICE_DISCOVERY", "PROCESS_DISCOVERY", "COMMAND_AND_SCRIPTING_INTERPRETER", "UNIX_SHELL", "PYTHON", "EXPLOITATION_FOR_PRIVILEGE_ESCALATION", "PERMISSION_GROUPS_DISCOVERY", "CLOUD_GROUPS", "INDICATOR_REMOVAL_FILE_DELETION", "APPLICATION_LAYER_PROTOCOL", "DNS", "SOFTWARE_DEPLOYMENT_TOOLS", "VALID_ACCOUNTS", "DEFAULT_ACCOUNTS", "LOCAL_ACCOUNTS", "CLOUD_ACCOUNTS", "PROXY", "EXTERNAL_PROXY", "MULTI_HOP_PROXY", "ACCOUNT_MANIPULATION", "ADDITIONAL_CLOUD_CREDENTIALS", "SSH_AUTHORIZED_KEYS", "ADDITIONAL_CONTAINER_CLUSTER_ROLES", "INGRESS_TOOL_TRANSFER", "NATIVE_API", "BRUTE_FORCE", "SHARED_MODULES", "ACCESS_TOKEN_MANIPULATION", "TOKEN_IMPERSONATION_OR_THEFT", "EXPLOIT_PUBLIC_FACING_APPLICATION", "DOMAIN_POLICY_MODIFICATION", "DATA_DESTRUCTION", "SERVICE_STOP", "INHIBIT_SYSTEM_RECOVERY", "RESOURCE_HIJACKING", "NETWORK_DENIAL_OF_SERVICE", "CLOUD_SERVICE_DISCOVERY", "STEAL_APPLICATION_ACCESS_TOKEN", "ACCOUNT_ACCESS_REMOVAL", "STEAL_WEB_SESSION_COOKIE", "CREATE_OR_MODIFY_SYSTEM_PROCESS", "EVENT_TRIGGERED_EXECUTION", "ABUSE_ELEVATION_CONTROL_MECHANISM", "UNSECURED_CREDENTIALS", "MODIFY_AUTHENTICATION_PROCESS", "IMPAIR_DEFENSES", "DISABLE_OR_MODIFY_TOOLS", "EXFILTRATION_OVER_WEB_SERVICE", "EXFILTRATION_TO_CLOUD_STORAGE", "DYNAMIC_RESOLUTION", "LATERAL_TOOL_TRANSFER", "MODIFY_CLOUD_COMPUTE_INFRASTRUCTURE", "CREATE_SNAPSHOT", "CLOUD_INFRASTRUCTURE_DISCOVERY", "OBTAIN_CAPABILITIES", "ACTIVE_SCANNING", "SCANNING_IP_BLOCKS", "CONTAINER_ADMINISTRATION_COMMAND", "DEPLOY_CONTAINER", "ESCAPE_TO_HOST", "CONTAINER_AND_RESOURCE_DISCOVERY", "STEAL_OR_FORGE_AUTHENTICATION_CERTIFICATES" ]
enum_MitreAttackPrimaryTactic := [ "TACTIC_UNSPECIFIED", "RECONNAISSANCE", "RESOURCE_DEVELOPMENT", "INITIAL_ACCESS", "EXECUTION", "PERSISTENCE", "PRIVILEGE_ESCALATION", "DEFENSE_EVASION", "CREDENTIAL_ACCESS", "DISCOVERY", "LATERAL_MOVEMENT", "COLLECTION", "COMMAND_AND_CONTROL", "EXFILTRATION", "IMPACT" ]
enum_MitreAttackPrimaryTechniques := [ "TECHNIQUE_UNSPECIFIED", "MASQUERADING", "MATCH_LEGITIMATE_NAME_OR_LOCATION", "BOOT_OR_LOGON_INITIALIZATION_SCRIPTS", "STARTUP_ITEMS", "NETWORK_SERVICE_DISCOVERY", "PROCESS_DISCOVERY", "COMMAND_AND_SCRIPTING_INTERPRETER", "UNIX_SHELL", "PYTHON", "EXPLOITATION_FOR_PRIVILEGE_ESCALATION", "PERMISSION_GROUPS_DISCOVERY", "CLOUD_GROUPS", "INDICATOR_REMOVAL_FILE_DELETION", "APPLICATION_LAYER_PROTOCOL", "DNS", "SOFTWARE_DEPLOYMENT_TOOLS", "VALID_ACCOUNTS", "DEFAULT_ACCOUNTS", "LOCAL_ACCOUNTS", "CLOUD_ACCOUNTS", "PROXY", "EXTERNAL_PROXY", "MULTI_HOP_PROXY", "ACCOUNT_MANIPULATION", "ADDITIONAL_CLOUD_CREDENTIALS", "SSH_AUTHORIZED_KEYS", "ADDITIONAL_CONTAINER_CLUSTER_ROLES", "INGRESS_TOOL_TRANSFER", "NATIVE_API", "BRUTE_FORCE", "SHARED_MODULES", "ACCESS_TOKEN_MANIPULATION", "TOKEN_IMPERSONATION_OR_THEFT", "EXPLOIT_PUBLIC_FACING_APPLICATION", "DOMAIN_POLICY_MODIFICATION", "DATA_DESTRUCTION", "SERVICE_STOP", "INHIBIT_SYSTEM_RECOVERY", "RESOURCE_HIJACKING", "NETWORK_DENIAL_OF_SERVICE", "CLOUD_SERVICE_DISCOVERY", "STEAL_APPLICATION_ACCESS_TOKEN", "ACCOUNT_ACCESS_REMOVAL", "STEAL_WEB_SESSION_COOKIE", "CREATE_OR_MODIFY_SYSTEM_PROCESS", "EVENT_TRIGGERED_EXECUTION", "ABUSE_ELEVATION_CONTROL_MECHANISM", "UNSECURED_CREDENTIALS", "MODIFY_AUTHENTICATION_PROCESS", "IMPAIR_DEFENSES", "DISABLE_OR_MODIFY_TOOLS", "EXFILTRATION_OVER_WEB_SERVICE", "EXFILTRATION_TO_CLOUD_STORAGE", "DYNAMIC_RESOLUTION", "LATERAL_TOOL_TRANSFER", "MODIFY_CLOUD_COMPUTE_INFRASTRUCTURE", "CREATE_SNAPSHOT", "CLOUD_INFRASTRUCTURE_DISCOVERY", "OBTAIN_CAPABILITIES", "ACTIVE_SCANNING", "SCANNING_IP_BLOCKS", "CONTAINER_ADMINISTRATION_COMMAND", "DEPLOY_CONTAINER", "ESCAPE_TO_HOST", "CONTAINER_AND_RESOURCE_DISCOVERY", "STEAL_OR_FORGE_AUTHENTICATION_CERTIFICATES" ]
enum_ProcessSignatureSignatureType := [ "SIGNATURE_TYPE_UNSPECIFIED", "SIGNATURE_TYPE_PROCESS", "SIGNATURE_TYPE_FILE" ]
enum_RoleKind := [ "KIND_UNSPECIFIED", "ROLE", "CLUSTER_ROLE" ]
enum_SubjectKind := [ "AUTH_TYPE_UNSPECIFIED", "USER", "SERVICEACCOUNT", "GROUP" ]

valid {
    input.Body.access.callerIp == STRING
    input.Body.access.callerIpGeo.regionCode == STRING
    input.Body.access.methodName == STRING
    input.Body.access.principalEmail == STRING
    input.Body.access.principalSubject == STRING
    input.Body.access.serviceAccountDelegationInfo[_].principalEmail == STRING
    input.Body.access.serviceAccountDelegationInfo[_].principalSubject == STRING
    input.Body.access.serviceAccountKeyName == STRING
    input.Body.access.serviceName == STRING
    input.Body.access.userAgent == STRING
    input.Body.access.userAgentFamily == STRING
    input.Body.access.userName == STRING
    input.Body.application.baseUri == STRING
    input.Body.application.fullUri == STRING
    input.Body.attackExposure.attackExposureResult == STRING
    input.Body.attackExposure.exposedHighValueResourcesCount == INTEGER
    input.Body.attackExposure.exposedLowValueResourcesCount == INTEGER
    input.Body.attackExposure.exposedMediumValueResourcesCount == INTEGER
    input.Body.attackExposure.latestCalculationTime == STRING
    input.Body.attackExposure.score == NUMBER
    input.Body.attackExposure.state == enum_AttackExposureState[_]
    input.Body.backupDisasterRecovery.appliance == STRING
    input.Body.backupDisasterRecovery.applications[_] == STRING
    input.Body.backupDisasterRecovery.backupCreateTime == STRING
    input.Body.backupDisasterRecovery.backupTemplate == STRING
    input.Body.backupDisasterRecovery.backupType == STRING
    input.Body.backupDisasterRecovery.host == STRING
    input.Body.backupDisasterRecovery.policies[_] == STRING
    input.Body.backupDisasterRecovery.policyOptions[_] == STRING
    input.Body.backupDisasterRecovery.profile == STRING
    input.Body.backupDisasterRecovery.storagePool == STRING
    input.Body.canonicalName == STRING
    input.Body.category == STRING
    input.Body.cloudArmor.adaptiveProtection.confidence == NUMBER
    input.Body.cloudArmor.attack.classification == STRING
    input.Body.cloudArmor.attack.volumeBps == INTEGER
    input.Body.cloudArmor.attack.volumePps == INTEGER
    input.Body.cloudArmor.duration == STRING
    input.Body.cloudArmor.requests.longTermAllowed == INTEGER
    input.Body.cloudArmor.requests.longTermDenied == INTEGER
    input.Body.cloudArmor.requests.ratio == NUMBER
    input.Body.cloudArmor.requests.shortTermAllowed == INTEGER
    input.Body.cloudArmor.securityPolicy.name == STRING
    input.Body.cloudArmor.securityPolicy.preview == BOOLEAN
    input.Body.cloudArmor.securityPolicy.type == STRING
    input.Body.cloudArmor.threatVector == STRING
    input.Body.cloudDlpDataProfile.dataProfile == STRING
    input.Body.cloudDlpDataProfile.parentType == enum_CloudDlpDataProfileParentType[_]
    input.Body.cloudDlpInspection.fullScan == BOOLEAN
    input.Body.cloudDlpInspection.infoType == STRING
    input.Body.cloudDlpInspection.infoTypeCount == STRING
    input.Body.cloudDlpInspection.inspectJob == STRING
    input.Body.compliances[_].ids[_] == STRING
    input.Body.compliances[_].standard == STRING
    input.Body.compliances[_].version == STRING
    input.Body.connections[_].destinationIp == STRING
    input.Body.connections[_].destinationPort == INTEGER
    input.Body.connections[_].protocol == enum_ConnectionProtocol[_]
    input.Body.connections[_].sourceIp == STRING
    input.Body.connections[_].sourcePort == INTEGER
    input.Body.containers[_].createTime == STRING
    input.Body.containers[_].imageId == STRING
    input.Body.containers[_].labels[_].name == STRING
    input.Body.containers[_].labels[_].value == STRING
    input.Body.containers[_].name == STRING
    input.Body.containers[_].uri == STRING
    input.Body.createTime == STRING
    input.Body.dataAccessEvents[_].eventId == STRING
    input.Body.dataAccessEvents[_].eventTime == STRING
    input.Body.dataAccessEvents[_].operation == enum_DataAccessEventOperation[_]
    input.Body.dataAccessEvents[_].principalEmail == STRING
    input.Body.dataFlowEvents[_].eventId == STRING
    input.Body.dataFlowEvents[_].eventTime == STRING
    input.Body.dataFlowEvents[_].operation == enum_DataFlowEventOperation[_]
    input.Body.dataFlowEvents[_].principalEmail == STRING
    input.Body.dataFlowEvents[_].violatedLocation == STRING
    input.Body.dataRetentionDeletionEvents[_].dataObjectCount == STRING
    input.Body.dataRetentionDeletionEvents[_].eventDetectionTime == STRING
    input.Body.dataRetentionDeletionEvents[_].eventType == enum_DataRetentionDeletionEventEventType[_]
    input.Body.dataRetentionDeletionEvents[_].maxRetentionAllowed == STRING
    input.Body.database.displayName == STRING
    input.Body.database.grantees[_] == STRING
    input.Body.database.name == STRING
    input.Body.database.query == STRING
    input.Body.database.userName == STRING
    input.Body.database.version == STRING
    input.Body.description == STRING
    input.Body.disk.name == STRING
    input.Body.eventTime == STRING
    input.Body.exfiltration.sources[_].components[_] == STRING
    input.Body.exfiltration.sources[_].name == STRING
    input.Body.exfiltration.targets[_].components[_] == STRING
    input.Body.exfiltration.targets[_].name == STRING
    input.Body.exfiltration.totalExfiltratedBytes == STRING
    input.Body.externalUri == STRING
    input.Body.files[_].contents == STRING
    input.Body.files[_].diskPath.partitionUuid == STRING
    input.Body.files[_].diskPath.relativePath == STRING
    input.Body.files[_].hashedSize == STRING
    input.Body.files[_].partiallyHashed == BOOLEAN
    input.Body.files[_].path == STRING
    input.Body.files[_].sha256 == STRING
    input.Body.files[_].size == STRING
    input.Body.findingClass == enum_FindingFindingClass[_]
    input.Body.groupMemberships[_].groupId == STRING
    input.Body.groupMemberships[_].groupType == enum_GroupMembershipGroupType[_]
    input.Body.iamBindings[_].action == enum_IamBindingAction[_]
    input.Body.iamBindings[_].member == STRING
    input.Body.iamBindings[_].role == STRING
    input.Body.indicator.domains[_] == STRING
    input.Body.indicator.ipAddresses[_] == STRING
    input.Body.indicator.signatures[_].memoryHashSignature.binaryFamily == STRING
    input.Body.indicator.signatures[_].memoryHashSignature.detections[_].binary == STRING
    input.Body.indicator.signatures[_].memoryHashSignature.detections[_].percentPagesMatched == NUMBER
    input.Body.indicator.signatures[_].signatureType == enum_ProcessSignatureSignatureType[_]
    input.Body.indicator.signatures[_].yaraRuleSignature.yaraRule == STRING
    input.Body.indicator.uris[_] == STRING
    input.Body.kernelRootkit.name == STRING
    input.Body.kernelRootkit.unexpectedCodeModification == BOOLEAN
    input.Body.kernelRootkit.unexpectedFtraceHandler == BOOLEAN
    input.Body.kernelRootkit.unexpectedInterruptHandler == BOOLEAN
    input.Body.kernelRootkit.unexpectedKernelCodePages == BOOLEAN
    input.Body.kernelRootkit.unexpectedKprobeHandler == BOOLEAN
    input.Body.kernelRootkit.unexpectedProcessesInRunqueue == BOOLEAN
    input.Body.kernelRootkit.unexpectedReadOnlyDataModification == BOOLEAN
    input.Body.kernelRootkit.unexpectedSystemCallHandler == BOOLEAN
    input.Body.kubernetes.accessReviews[_].group == STRING
    input.Body.kubernetes.accessReviews[_].name == STRING
    input.Body.kubernetes.accessReviews[_].ns == STRING
    input.Body.kubernetes.accessReviews[_].resource == STRING
    input.Body.kubernetes.accessReviews[_].subresource == STRING
    input.Body.kubernetes.accessReviews[_].verb == STRING
    input.Body.kubernetes.accessReviews[_].version == STRING
    input.Body.kubernetes.bindings[_].name == STRING
    input.Body.kubernetes.bindings[_].ns == STRING
    input.Body.kubernetes.bindings[_].role.kind == enum_RoleKind[_]
    input.Body.kubernetes.bindings[_].role.name == STRING
    input.Body.kubernetes.bindings[_].role.ns == STRING
    input.Body.kubernetes.bindings[_].subjects[_].kind == enum_SubjectKind[_]
    input.Body.kubernetes.bindings[_].subjects[_].name == STRING
    input.Body.kubernetes.bindings[_].subjects[_].ns == STRING
    input.Body.kubernetes.nodePools[_].name == STRING
    input.Body.kubernetes.nodePools[_].nodes[_].name == STRING
    input.Body.kubernetes.nodes[_].name == STRING
    input.Body.kubernetes.objects[_].containers[_].createTime == STRING
    input.Body.kubernetes.objects[_].containers[_].imageId == STRING
    input.Body.kubernetes.objects[_].containers[_].labels[_].name == STRING
    input.Body.kubernetes.objects[_].containers[_].labels[_].value == STRING
    input.Body.kubernetes.objects[_].containers[_].name == STRING
    input.Body.kubernetes.objects[_].containers[_].uri == STRING
    input.Body.kubernetes.objects[_].group == STRING
    input.Body.kubernetes.objects[_].kind == STRING
    input.Body.kubernetes.objects[_].name == STRING
    input.Body.kubernetes.objects[_].ns == STRING
    input.Body.kubernetes.pods[_].containers[_].createTime == STRING
    input.Body.kubernetes.pods[_].containers[_].imageId == STRING
    input.Body.kubernetes.pods[_].containers[_].labels[_].name == STRING
    input.Body.kubernetes.pods[_].containers[_].labels[_].value == STRING
    input.Body.kubernetes.pods[_].containers[_].name == STRING
    input.Body.kubernetes.pods[_].containers[_].uri == STRING
    input.Body.kubernetes.pods[_].labels[_].name == STRING
    input.Body.kubernetes.pods[_].labels[_].value == STRING
    input.Body.kubernetes.pods[_].name == STRING
    input.Body.kubernetes.pods[_].ns == STRING
    input.Body.kubernetes.roles[_].kind == enum_RoleKind[_]
    input.Body.kubernetes.roles[_].name == STRING
    input.Body.kubernetes.roles[_].ns == STRING
    input.Body.loadBalancers[_].name == STRING
    input.Body.logEntries[_].cloudLoggingEntry.insertId == STRING
    input.Body.logEntries[_].cloudLoggingEntry.logId == STRING
    input.Body.logEntries[_].cloudLoggingEntry.resourceContainer == STRING
    input.Body.logEntries[_].cloudLoggingEntry.timestamp == STRING
    input.Body.mitreAttack.additionalTactics[_] == enum_MitreAttackAdditionalTactics[_]
    input.Body.mitreAttack.additionalTechniques[_] == enum_MitreAttackAdditionalTechniques[_]
    input.Body.mitreAttack.primaryTactic == enum_MitreAttackPrimaryTactic[_]
    input.Body.mitreAttack.primaryTechniques[_] == enum_MitreAttackPrimaryTechniques[_]
    input.Body.mitreAttack.version == STRING
    input.Body.moduleName == STRING
    input.Body.mute == enum_FindingMute[_]
    input.Body.muteInitiator == STRING
    input.Body.name == STRING
    input.Body.nextSteps == STRING
    input.Body.notebook.lastAuthor == STRING
    input.Body.notebook.name == STRING
    input.Body.notebook.notebookUpdateTime == STRING
    input.Body.notebook.service == STRING
    input.Body.orgPolicies[_].name == STRING
    input.Body.parent == STRING
    input.Body.processes[_].args[_] == STRING
    input.Body.processes[_].argumentsTruncated == BOOLEAN
    input.Body.processes[_].binary.contents == STRING
    input.Body.processes[_].binary.diskPath.partitionUuid == STRING
    input.Body.processes[_].binary.diskPath.relativePath == STRING
    input.Body.processes[_].binary.hashedSize == STRING
    input.Body.processes[_].binary.partiallyHashed == BOOLEAN
    input.Body.processes[_].binary.path == STRING
    input.Body.processes[_].binary.sha256 == STRING
    input.Body.processes[_].binary.size == STRING
    input.Body.processes[_].envVariables[_].name == STRING
    input.Body.processes[_].envVariables[_].val == STRING
    input.Body.processes[_].envVariablesTruncated == BOOLEAN
    input.Body.processes[_].libraries[_].contents == STRING
    input.Body.processes[_].libraries[_].diskPath.partitionUuid == STRING
    input.Body.processes[_].libraries[_].diskPath.relativePath == STRING
    input.Body.processes[_].libraries[_].hashedSize == STRING
    input.Body.processes[_].libraries[_].partiallyHashed == BOOLEAN
    input.Body.processes[_].libraries[_].path == STRING
    input.Body.processes[_].libraries[_].sha256 == STRING
    input.Body.processes[_].libraries[_].size == STRING
    input.Body.processes[_].name == STRING
    input.Body.processes[_].parentPid == STRING
    input.Body.processes[_].pid == STRING
    input.Body.processes[_].script.contents == STRING
    input.Body.processes[_].script.diskPath.partitionUuid == STRING
    input.Body.processes[_].script.diskPath.relativePath == STRING
    input.Body.processes[_].script.hashedSize == STRING
    input.Body.processes[_].script.partiallyHashed == BOOLEAN
    input.Body.processes[_].script.path == STRING
    input.Body.processes[_].script.sha256 == STRING
    input.Body.processes[_].script.size == STRING
    input.Body.resourceName == STRING
    input.Body.securityPosture.changedPolicy == STRING
    input.Body.securityPosture.name == STRING
    input.Body.securityPosture.policy == STRING
    input.Body.securityPosture.policyDriftDetails[_].detectedValue == STRING
    input.Body.securityPosture.policyDriftDetails[_].expectedValue == STRING
    input.Body.securityPosture.policyDriftDetails[_].field == STRING
    input.Body.securityPosture.policySet == STRING
    input.Body.securityPosture.postureDeployment == STRING
    input.Body.securityPosture.postureDeploymentResource == STRING
    input.Body.securityPosture.revisionId == STRING
    input.Body.severity == enum_FindingSeverity[_]
    input.Body.sourceProperties.STRING == ANY
    input.Body.state == enum_FindingState[_]
    input.Body.toxicCombination.attackExposureScore == NUMBER
    input.Body.toxicCombination.relatedFindings[_] == STRING
    input.Body.vulnerability.cve.cvssv3.attackComplexity == enum_Cvssv3AttackComplexity[_]
    input.Body.vulnerability.cve.cvssv3.attackVector == enum_Cvssv3AttackVector[_]
    input.Body.vulnerability.cve.cvssv3.availabilityImpact == enum_Cvssv3AvailabilityImpact[_]
    input.Body.vulnerability.cve.cvssv3.baseScore == NUMBER
    input.Body.vulnerability.cve.cvssv3.confidentialityImpact == enum_Cvssv3ConfidentialityImpact[_]
    input.Body.vulnerability.cve.cvssv3.integrityImpact == enum_Cvssv3IntegrityImpact[_]
    input.Body.vulnerability.cve.cvssv3.privilegesRequired == enum_Cvssv3PrivilegesRequired[_]
    input.Body.vulnerability.cve.cvssv3.scope == enum_Cvssv3Scope[_]
    input.Body.vulnerability.cve.cvssv3.userInteraction == enum_Cvssv3UserInteraction[_]
    input.Body.vulnerability.cve.exploitReleaseDate == STRING
    input.Body.vulnerability.cve.exploitationActivity == enum_CveExploitationActivity[_]
    input.Body.vulnerability.cve.firstExploitationDate == STRING
    input.Body.vulnerability.cve.id == STRING
    input.Body.vulnerability.cve.impact == enum_CveImpact[_]
    input.Body.vulnerability.cve.observedInTheWild == BOOLEAN
    input.Body.vulnerability.cve.references[_].source == STRING
    input.Body.vulnerability.cve.references[_].uri == STRING
    input.Body.vulnerability.cve.upstreamFixAvailable == BOOLEAN
    input.Body.vulnerability.cve.zeroDay == BOOLEAN
    input.Body.vulnerability.fixedPackage.cpeUri == STRING
    input.Body.vulnerability.fixedPackage.packageName == STRING
    input.Body.vulnerability.fixedPackage.packageType == STRING
    input.Body.vulnerability.fixedPackage.packageVersion == STRING
    input.Body.vulnerability.offendingPackage.cpeUri == STRING
    input.Body.vulnerability.offendingPackage.packageName == STRING
    input.Body.vulnerability.offendingPackage.packageType == STRING
    input.Body.vulnerability.offendingPackage.packageVersion == STRING
    input.Body.vulnerability.securityBulletin.bulletinId == STRING
    input.Body.vulnerability.securityBulletin.submissionTime == STRING
    input.Body.vulnerability.securityBulletin.suggestedUpgradeVersion == STRING
    input.ReqMap.parent == STRING
    input.Qs.findingId == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.organizations.sources.findings.externalSystems.patch

valid {
    input.Body.assignees[_] == STRING
    input.Body.caseCloseTime == STRING
    input.Body.caseCreateTime == STRING
    input.Body.casePriority == STRING
    input.Body.caseSla == STRING
    input.Body.caseUri == STRING
    input.Body.externalSystemUpdateTime == STRING
    input.Body.externalUid == STRING
    input.Body.name == STRING
    input.Body.status == STRING
    input.Body.ticketInfo.assignee == STRING
    input.Body.ticketInfo.description == STRING
    input.Body.ticketInfo.id == STRING
    input.Body.ticketInfo.status == STRING
    input.Body.ticketInfo.updateTime == STRING
    input.Body.ticketInfo.uri == STRING
    input.ReqMap.name == STRING
    input.Qs.updateMask == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.organizations.sources.findings.group

valid {
    input.Body.compareDuration == STRING
    input.Body.filter == STRING
    input.Body.groupBy == STRING
    input.Body.pageSize == INTEGER
    input.Body.pageToken == STRING
    input.Body.readTime == STRING
    input.ReqMap.parent == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.organizations.sources.findings.list

valid {
    input.ReqMap.parent == STRING
    input.Qs.compareDuration == STRING
    input.Qs.fieldMask == STRING
    input.Qs.filter == STRING
    input.Qs.orderBy == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.Qs.readTime == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.organizations.sources.findings.patch

enum_AttackExposureState := [ "STATE_UNSPECIFIED", "CALCULATED", "NOT_CALCULATED" ]
enum_CloudDlpDataProfileParentType := [ "PARENT_TYPE_UNSPECIFIED", "ORGANIZATION", "PROJECT" ]
enum_ConnectionProtocol := [ "PROTOCOL_UNSPECIFIED", "ICMP", "TCP", "UDP", "GRE", "ESP" ]
enum_CveExploitationActivity := [ "EXPLOITATION_ACTIVITY_UNSPECIFIED", "WIDE", "CONFIRMED", "AVAILABLE", "ANTICIPATED", "NO_KNOWN" ]
enum_CveImpact := [ "RISK_RATING_UNSPECIFIED", "LOW", "MEDIUM", "HIGH", "CRITICAL" ]
enum_Cvssv3AttackComplexity := [ "ATTACK_COMPLEXITY_UNSPECIFIED", "ATTACK_COMPLEXITY_LOW", "ATTACK_COMPLEXITY_HIGH" ]
enum_Cvssv3AttackVector := [ "ATTACK_VECTOR_UNSPECIFIED", "ATTACK_VECTOR_NETWORK", "ATTACK_VECTOR_ADJACENT", "ATTACK_VECTOR_LOCAL", "ATTACK_VECTOR_PHYSICAL" ]
enum_Cvssv3AvailabilityImpact := [ "IMPACT_UNSPECIFIED", "IMPACT_HIGH", "IMPACT_LOW", "IMPACT_NONE" ]
enum_Cvssv3ConfidentialityImpact := [ "IMPACT_UNSPECIFIED", "IMPACT_HIGH", "IMPACT_LOW", "IMPACT_NONE" ]
enum_Cvssv3IntegrityImpact := [ "IMPACT_UNSPECIFIED", "IMPACT_HIGH", "IMPACT_LOW", "IMPACT_NONE" ]
enum_Cvssv3PrivilegesRequired := [ "PRIVILEGES_REQUIRED_UNSPECIFIED", "PRIVILEGES_REQUIRED_NONE", "PRIVILEGES_REQUIRED_LOW", "PRIVILEGES_REQUIRED_HIGH" ]
enum_Cvssv3Scope := [ "SCOPE_UNSPECIFIED", "SCOPE_UNCHANGED", "SCOPE_CHANGED" ]
enum_Cvssv3UserInteraction := [ "USER_INTERACTION_UNSPECIFIED", "USER_INTERACTION_NONE", "USER_INTERACTION_REQUIRED" ]
enum_DataAccessEventOperation := [ "OPERATION_UNSPECIFIED", "READ", "MOVE", "COPY" ]
enum_DataFlowEventOperation := [ "OPERATION_UNSPECIFIED", "READ", "MOVE", "COPY" ]
enum_DataRetentionDeletionEventEventType := [ "EVENT_TYPE_UNSPECIFIED", "EVENT_TYPE_MAX_TTL_EXCEEDED" ]
enum_FindingFindingClass := [ "FINDING_CLASS_UNSPECIFIED", "THREAT", "VULNERABILITY", "MISCONFIGURATION", "OBSERVATION", "SCC_ERROR", "POSTURE_VIOLATION", "TOXIC_COMBINATION", "SENSITIVE_DATA_RISK" ]
enum_FindingMute := [ "MUTE_UNSPECIFIED", "MUTED", "UNMUTED", "UNDEFINED" ]
enum_FindingSeverity := [ "SEVERITY_UNSPECIFIED", "CRITICAL", "HIGH", "MEDIUM", "LOW" ]
enum_FindingState := [ "STATE_UNSPECIFIED", "ACTIVE", "INACTIVE" ]
enum_GroupMembershipGroupType := [ "GROUP_TYPE_UNSPECIFIED", "GROUP_TYPE_TOXIC_COMBINATION" ]
enum_IamBindingAction := [ "ACTION_UNSPECIFIED", "ADD", "REMOVE" ]
enum_MitreAttackAdditionalTactics := [ "TACTIC_UNSPECIFIED", "RECONNAISSANCE", "RESOURCE_DEVELOPMENT", "INITIAL_ACCESS", "EXECUTION", "PERSISTENCE", "PRIVILEGE_ESCALATION", "DEFENSE_EVASION", "CREDENTIAL_ACCESS", "DISCOVERY", "LATERAL_MOVEMENT", "COLLECTION", "COMMAND_AND_CONTROL", "EXFILTRATION", "IMPACT" ]
enum_MitreAttackAdditionalTechniques := [ "TECHNIQUE_UNSPECIFIED", "MASQUERADING", "MATCH_LEGITIMATE_NAME_OR_LOCATION", "BOOT_OR_LOGON_INITIALIZATION_SCRIPTS", "STARTUP_ITEMS", "NETWORK_SERVICE_DISCOVERY", "PROCESS_DISCOVERY", "COMMAND_AND_SCRIPTING_INTERPRETER", "UNIX_SHELL", "PYTHON", "EXPLOITATION_FOR_PRIVILEGE_ESCALATION", "PERMISSION_GROUPS_DISCOVERY", "CLOUD_GROUPS", "INDICATOR_REMOVAL_FILE_DELETION", "APPLICATION_LAYER_PROTOCOL", "DNS", "SOFTWARE_DEPLOYMENT_TOOLS", "VALID_ACCOUNTS", "DEFAULT_ACCOUNTS", "LOCAL_ACCOUNTS", "CLOUD_ACCOUNTS", "PROXY", "EXTERNAL_PROXY", "MULTI_HOP_PROXY", "ACCOUNT_MANIPULATION", "ADDITIONAL_CLOUD_CREDENTIALS", "SSH_AUTHORIZED_KEYS", "ADDITIONAL_CONTAINER_CLUSTER_ROLES", "INGRESS_TOOL_TRANSFER", "NATIVE_API", "BRUTE_FORCE", "SHARED_MODULES", "ACCESS_TOKEN_MANIPULATION", "TOKEN_IMPERSONATION_OR_THEFT", "EXPLOIT_PUBLIC_FACING_APPLICATION", "DOMAIN_POLICY_MODIFICATION", "DATA_DESTRUCTION", "SERVICE_STOP", "INHIBIT_SYSTEM_RECOVERY", "RESOURCE_HIJACKING", "NETWORK_DENIAL_OF_SERVICE", "CLOUD_SERVICE_DISCOVERY", "STEAL_APPLICATION_ACCESS_TOKEN", "ACCOUNT_ACCESS_REMOVAL", "STEAL_WEB_SESSION_COOKIE", "CREATE_OR_MODIFY_SYSTEM_PROCESS", "EVENT_TRIGGERED_EXECUTION", "ABUSE_ELEVATION_CONTROL_MECHANISM", "UNSECURED_CREDENTIALS", "MODIFY_AUTHENTICATION_PROCESS", "IMPAIR_DEFENSES", "DISABLE_OR_MODIFY_TOOLS", "EXFILTRATION_OVER_WEB_SERVICE", "EXFILTRATION_TO_CLOUD_STORAGE", "DYNAMIC_RESOLUTION", "LATERAL_TOOL_TRANSFER", "MODIFY_CLOUD_COMPUTE_INFRASTRUCTURE", "CREATE_SNAPSHOT", "CLOUD_INFRASTRUCTURE_DISCOVERY", "OBTAIN_CAPABILITIES", "ACTIVE_SCANNING", "SCANNING_IP_BLOCKS", "CONTAINER_ADMINISTRATION_COMMAND", "DEPLOY_CONTAINER", "ESCAPE_TO_HOST", "CONTAINER_AND_RESOURCE_DISCOVERY", "STEAL_OR_FORGE_AUTHENTICATION_CERTIFICATES" ]
enum_MitreAttackPrimaryTactic := [ "TACTIC_UNSPECIFIED", "RECONNAISSANCE", "RESOURCE_DEVELOPMENT", "INITIAL_ACCESS", "EXECUTION", "PERSISTENCE", "PRIVILEGE_ESCALATION", "DEFENSE_EVASION", "CREDENTIAL_ACCESS", "DISCOVERY", "LATERAL_MOVEMENT", "COLLECTION", "COMMAND_AND_CONTROL", "EXFILTRATION", "IMPACT" ]
enum_MitreAttackPrimaryTechniques := [ "TECHNIQUE_UNSPECIFIED", "MASQUERADING", "MATCH_LEGITIMATE_NAME_OR_LOCATION", "BOOT_OR_LOGON_INITIALIZATION_SCRIPTS", "STARTUP_ITEMS", "NETWORK_SERVICE_DISCOVERY", "PROCESS_DISCOVERY", "COMMAND_AND_SCRIPTING_INTERPRETER", "UNIX_SHELL", "PYTHON", "EXPLOITATION_FOR_PRIVILEGE_ESCALATION", "PERMISSION_GROUPS_DISCOVERY", "CLOUD_GROUPS", "INDICATOR_REMOVAL_FILE_DELETION", "APPLICATION_LAYER_PROTOCOL", "DNS", "SOFTWARE_DEPLOYMENT_TOOLS", "VALID_ACCOUNTS", "DEFAULT_ACCOUNTS", "LOCAL_ACCOUNTS", "CLOUD_ACCOUNTS", "PROXY", "EXTERNAL_PROXY", "MULTI_HOP_PROXY", "ACCOUNT_MANIPULATION", "ADDITIONAL_CLOUD_CREDENTIALS", "SSH_AUTHORIZED_KEYS", "ADDITIONAL_CONTAINER_CLUSTER_ROLES", "INGRESS_TOOL_TRANSFER", "NATIVE_API", "BRUTE_FORCE", "SHARED_MODULES", "ACCESS_TOKEN_MANIPULATION", "TOKEN_IMPERSONATION_OR_THEFT", "EXPLOIT_PUBLIC_FACING_APPLICATION", "DOMAIN_POLICY_MODIFICATION", "DATA_DESTRUCTION", "SERVICE_STOP", "INHIBIT_SYSTEM_RECOVERY", "RESOURCE_HIJACKING", "NETWORK_DENIAL_OF_SERVICE", "CLOUD_SERVICE_DISCOVERY", "STEAL_APPLICATION_ACCESS_TOKEN", "ACCOUNT_ACCESS_REMOVAL", "STEAL_WEB_SESSION_COOKIE", "CREATE_OR_MODIFY_SYSTEM_PROCESS", "EVENT_TRIGGERED_EXECUTION", "ABUSE_ELEVATION_CONTROL_MECHANISM", "UNSECURED_CREDENTIALS", "MODIFY_AUTHENTICATION_PROCESS", "IMPAIR_DEFENSES", "DISABLE_OR_MODIFY_TOOLS", "EXFILTRATION_OVER_WEB_SERVICE", "EXFILTRATION_TO_CLOUD_STORAGE", "DYNAMIC_RESOLUTION", "LATERAL_TOOL_TRANSFER", "MODIFY_CLOUD_COMPUTE_INFRASTRUCTURE", "CREATE_SNAPSHOT", "CLOUD_INFRASTRUCTURE_DISCOVERY", "OBTAIN_CAPABILITIES", "ACTIVE_SCANNING", "SCANNING_IP_BLOCKS", "CONTAINER_ADMINISTRATION_COMMAND", "DEPLOY_CONTAINER", "ESCAPE_TO_HOST", "CONTAINER_AND_RESOURCE_DISCOVERY", "STEAL_OR_FORGE_AUTHENTICATION_CERTIFICATES" ]
enum_ProcessSignatureSignatureType := [ "SIGNATURE_TYPE_UNSPECIFIED", "SIGNATURE_TYPE_PROCESS", "SIGNATURE_TYPE_FILE" ]
enum_RoleKind := [ "KIND_UNSPECIFIED", "ROLE", "CLUSTER_ROLE" ]
enum_SubjectKind := [ "AUTH_TYPE_UNSPECIFIED", "USER", "SERVICEACCOUNT", "GROUP" ]

valid {
    input.Body.access.callerIp == STRING
    input.Body.access.callerIpGeo.regionCode == STRING
    input.Body.access.methodName == STRING
    input.Body.access.principalEmail == STRING
    input.Body.access.principalSubject == STRING
    input.Body.access.serviceAccountDelegationInfo[_].principalEmail == STRING
    input.Body.access.serviceAccountDelegationInfo[_].principalSubject == STRING
    input.Body.access.serviceAccountKeyName == STRING
    input.Body.access.serviceName == STRING
    input.Body.access.userAgent == STRING
    input.Body.access.userAgentFamily == STRING
    input.Body.access.userName == STRING
    input.Body.application.baseUri == STRING
    input.Body.application.fullUri == STRING
    input.Body.attackExposure.attackExposureResult == STRING
    input.Body.attackExposure.exposedHighValueResourcesCount == INTEGER
    input.Body.attackExposure.exposedLowValueResourcesCount == INTEGER
    input.Body.attackExposure.exposedMediumValueResourcesCount == INTEGER
    input.Body.attackExposure.latestCalculationTime == STRING
    input.Body.attackExposure.score == NUMBER
    input.Body.attackExposure.state == enum_AttackExposureState[_]
    input.Body.backupDisasterRecovery.appliance == STRING
    input.Body.backupDisasterRecovery.applications[_] == STRING
    input.Body.backupDisasterRecovery.backupCreateTime == STRING
    input.Body.backupDisasterRecovery.backupTemplate == STRING
    input.Body.backupDisasterRecovery.backupType == STRING
    input.Body.backupDisasterRecovery.host == STRING
    input.Body.backupDisasterRecovery.policies[_] == STRING
    input.Body.backupDisasterRecovery.policyOptions[_] == STRING
    input.Body.backupDisasterRecovery.profile == STRING
    input.Body.backupDisasterRecovery.storagePool == STRING
    input.Body.canonicalName == STRING
    input.Body.category == STRING
    input.Body.cloudArmor.adaptiveProtection.confidence == NUMBER
    input.Body.cloudArmor.attack.classification == STRING
    input.Body.cloudArmor.attack.volumeBps == INTEGER
    input.Body.cloudArmor.attack.volumePps == INTEGER
    input.Body.cloudArmor.duration == STRING
    input.Body.cloudArmor.requests.longTermAllowed == INTEGER
    input.Body.cloudArmor.requests.longTermDenied == INTEGER
    input.Body.cloudArmor.requests.ratio == NUMBER
    input.Body.cloudArmor.requests.shortTermAllowed == INTEGER
    input.Body.cloudArmor.securityPolicy.name == STRING
    input.Body.cloudArmor.securityPolicy.preview == BOOLEAN
    input.Body.cloudArmor.securityPolicy.type == STRING
    input.Body.cloudArmor.threatVector == STRING
    input.Body.cloudDlpDataProfile.dataProfile == STRING
    input.Body.cloudDlpDataProfile.parentType == enum_CloudDlpDataProfileParentType[_]
    input.Body.cloudDlpInspection.fullScan == BOOLEAN
    input.Body.cloudDlpInspection.infoType == STRING
    input.Body.cloudDlpInspection.infoTypeCount == STRING
    input.Body.cloudDlpInspection.inspectJob == STRING
    input.Body.compliances[_].ids[_] == STRING
    input.Body.compliances[_].standard == STRING
    input.Body.compliances[_].version == STRING
    input.Body.connections[_].destinationIp == STRING
    input.Body.connections[_].destinationPort == INTEGER
    input.Body.connections[_].protocol == enum_ConnectionProtocol[_]
    input.Body.connections[_].sourceIp == STRING
    input.Body.connections[_].sourcePort == INTEGER
    input.Body.containers[_].createTime == STRING
    input.Body.containers[_].imageId == STRING
    input.Body.containers[_].labels[_].name == STRING
    input.Body.containers[_].labels[_].value == STRING
    input.Body.containers[_].name == STRING
    input.Body.containers[_].uri == STRING
    input.Body.createTime == STRING
    input.Body.dataAccessEvents[_].eventId == STRING
    input.Body.dataAccessEvents[_].eventTime == STRING
    input.Body.dataAccessEvents[_].operation == enum_DataAccessEventOperation[_]
    input.Body.dataAccessEvents[_].principalEmail == STRING
    input.Body.dataFlowEvents[_].eventId == STRING
    input.Body.dataFlowEvents[_].eventTime == STRING
    input.Body.dataFlowEvents[_].operation == enum_DataFlowEventOperation[_]
    input.Body.dataFlowEvents[_].principalEmail == STRING
    input.Body.dataFlowEvents[_].violatedLocation == STRING
    input.Body.dataRetentionDeletionEvents[_].dataObjectCount == STRING
    input.Body.dataRetentionDeletionEvents[_].eventDetectionTime == STRING
    input.Body.dataRetentionDeletionEvents[_].eventType == enum_DataRetentionDeletionEventEventType[_]
    input.Body.dataRetentionDeletionEvents[_].maxRetentionAllowed == STRING
    input.Body.database.displayName == STRING
    input.Body.database.grantees[_] == STRING
    input.Body.database.name == STRING
    input.Body.database.query == STRING
    input.Body.database.userName == STRING
    input.Body.database.version == STRING
    input.Body.description == STRING
    input.Body.disk.name == STRING
    input.Body.eventTime == STRING
    input.Body.exfiltration.sources[_].components[_] == STRING
    input.Body.exfiltration.sources[_].name == STRING
    input.Body.exfiltration.targets[_].components[_] == STRING
    input.Body.exfiltration.targets[_].name == STRING
    input.Body.exfiltration.totalExfiltratedBytes == STRING
    input.Body.externalUri == STRING
    input.Body.files[_].contents == STRING
    input.Body.files[_].diskPath.partitionUuid == STRING
    input.Body.files[_].diskPath.relativePath == STRING
    input.Body.files[_].hashedSize == STRING
    input.Body.files[_].partiallyHashed == BOOLEAN
    input.Body.files[_].path == STRING
    input.Body.files[_].sha256 == STRING
    input.Body.files[_].size == STRING
    input.Body.findingClass == enum_FindingFindingClass[_]
    input.Body.groupMemberships[_].groupId == STRING
    input.Body.groupMemberships[_].groupType == enum_GroupMembershipGroupType[_]
    input.Body.iamBindings[_].action == enum_IamBindingAction[_]
    input.Body.iamBindings[_].member == STRING
    input.Body.iamBindings[_].role == STRING
    input.Body.indicator.domains[_] == STRING
    input.Body.indicator.ipAddresses[_] == STRING
    input.Body.indicator.signatures[_].memoryHashSignature.binaryFamily == STRING
    input.Body.indicator.signatures[_].memoryHashSignature.detections[_].binary == STRING
    input.Body.indicator.signatures[_].memoryHashSignature.detections[_].percentPagesMatched == NUMBER
    input.Body.indicator.signatures[_].signatureType == enum_ProcessSignatureSignatureType[_]
    input.Body.indicator.signatures[_].yaraRuleSignature.yaraRule == STRING
    input.Body.indicator.uris[_] == STRING
    input.Body.kernelRootkit.name == STRING
    input.Body.kernelRootkit.unexpectedCodeModification == BOOLEAN
    input.Body.kernelRootkit.unexpectedFtraceHandler == BOOLEAN
    input.Body.kernelRootkit.unexpectedInterruptHandler == BOOLEAN
    input.Body.kernelRootkit.unexpectedKernelCodePages == BOOLEAN
    input.Body.kernelRootkit.unexpectedKprobeHandler == BOOLEAN
    input.Body.kernelRootkit.unexpectedProcessesInRunqueue == BOOLEAN
    input.Body.kernelRootkit.unexpectedReadOnlyDataModification == BOOLEAN
    input.Body.kernelRootkit.unexpectedSystemCallHandler == BOOLEAN
    input.Body.kubernetes.accessReviews[_].group == STRING
    input.Body.kubernetes.accessReviews[_].name == STRING
    input.Body.kubernetes.accessReviews[_].ns == STRING
    input.Body.kubernetes.accessReviews[_].resource == STRING
    input.Body.kubernetes.accessReviews[_].subresource == STRING
    input.Body.kubernetes.accessReviews[_].verb == STRING
    input.Body.kubernetes.accessReviews[_].version == STRING
    input.Body.kubernetes.bindings[_].name == STRING
    input.Body.kubernetes.bindings[_].ns == STRING
    input.Body.kubernetes.bindings[_].role.kind == enum_RoleKind[_]
    input.Body.kubernetes.bindings[_].role.name == STRING
    input.Body.kubernetes.bindings[_].role.ns == STRING
    input.Body.kubernetes.bindings[_].subjects[_].kind == enum_SubjectKind[_]
    input.Body.kubernetes.bindings[_].subjects[_].name == STRING
    input.Body.kubernetes.bindings[_].subjects[_].ns == STRING
    input.Body.kubernetes.nodePools[_].name == STRING
    input.Body.kubernetes.nodePools[_].nodes[_].name == STRING
    input.Body.kubernetes.nodes[_].name == STRING
    input.Body.kubernetes.objects[_].containers[_].createTime == STRING
    input.Body.kubernetes.objects[_].containers[_].imageId == STRING
    input.Body.kubernetes.objects[_].containers[_].labels[_].name == STRING
    input.Body.kubernetes.objects[_].containers[_].labels[_].value == STRING
    input.Body.kubernetes.objects[_].containers[_].name == STRING
    input.Body.kubernetes.objects[_].containers[_].uri == STRING
    input.Body.kubernetes.objects[_].group == STRING
    input.Body.kubernetes.objects[_].kind == STRING
    input.Body.kubernetes.objects[_].name == STRING
    input.Body.kubernetes.objects[_].ns == STRING
    input.Body.kubernetes.pods[_].containers[_].createTime == STRING
    input.Body.kubernetes.pods[_].containers[_].imageId == STRING
    input.Body.kubernetes.pods[_].containers[_].labels[_].name == STRING
    input.Body.kubernetes.pods[_].containers[_].labels[_].value == STRING
    input.Body.kubernetes.pods[_].containers[_].name == STRING
    input.Body.kubernetes.pods[_].containers[_].uri == STRING
    input.Body.kubernetes.pods[_].labels[_].name == STRING
    input.Body.kubernetes.pods[_].labels[_].value == STRING
    input.Body.kubernetes.pods[_].name == STRING
    input.Body.kubernetes.pods[_].ns == STRING
    input.Body.kubernetes.roles[_].kind == enum_RoleKind[_]
    input.Body.kubernetes.roles[_].name == STRING
    input.Body.kubernetes.roles[_].ns == STRING
    input.Body.loadBalancers[_].name == STRING
    input.Body.logEntries[_].cloudLoggingEntry.insertId == STRING
    input.Body.logEntries[_].cloudLoggingEntry.logId == STRING
    input.Body.logEntries[_].cloudLoggingEntry.resourceContainer == STRING
    input.Body.logEntries[_].cloudLoggingEntry.timestamp == STRING
    input.Body.mitreAttack.additionalTactics[_] == enum_MitreAttackAdditionalTactics[_]
    input.Body.mitreAttack.additionalTechniques[_] == enum_MitreAttackAdditionalTechniques[_]
    input.Body.mitreAttack.primaryTactic == enum_MitreAttackPrimaryTactic[_]
    input.Body.mitreAttack.primaryTechniques[_] == enum_MitreAttackPrimaryTechniques[_]
    input.Body.mitreAttack.version == STRING
    input.Body.moduleName == STRING
    input.Body.mute == enum_FindingMute[_]
    input.Body.muteInitiator == STRING
    input.Body.name == STRING
    input.Body.nextSteps == STRING
    input.Body.notebook.lastAuthor == STRING
    input.Body.notebook.name == STRING
    input.Body.notebook.notebookUpdateTime == STRING
    input.Body.notebook.service == STRING
    input.Body.orgPolicies[_].name == STRING
    input.Body.parent == STRING
    input.Body.processes[_].args[_] == STRING
    input.Body.processes[_].argumentsTruncated == BOOLEAN
    input.Body.processes[_].binary.contents == STRING
    input.Body.processes[_].binary.diskPath.partitionUuid == STRING
    input.Body.processes[_].binary.diskPath.relativePath == STRING
    input.Body.processes[_].binary.hashedSize == STRING
    input.Body.processes[_].binary.partiallyHashed == BOOLEAN
    input.Body.processes[_].binary.path == STRING
    input.Body.processes[_].binary.sha256 == STRING
    input.Body.processes[_].binary.size == STRING
    input.Body.processes[_].envVariables[_].name == STRING
    input.Body.processes[_].envVariables[_].val == STRING
    input.Body.processes[_].envVariablesTruncated == BOOLEAN
    input.Body.processes[_].libraries[_].contents == STRING
    input.Body.processes[_].libraries[_].diskPath.partitionUuid == STRING
    input.Body.processes[_].libraries[_].diskPath.relativePath == STRING
    input.Body.processes[_].libraries[_].hashedSize == STRING
    input.Body.processes[_].libraries[_].partiallyHashed == BOOLEAN
    input.Body.processes[_].libraries[_].path == STRING
    input.Body.processes[_].libraries[_].sha256 == STRING
    input.Body.processes[_].libraries[_].size == STRING
    input.Body.processes[_].name == STRING
    input.Body.processes[_].parentPid == STRING
    input.Body.processes[_].pid == STRING
    input.Body.processes[_].script.contents == STRING
    input.Body.processes[_].script.diskPath.partitionUuid == STRING
    input.Body.processes[_].script.diskPath.relativePath == STRING
    input.Body.processes[_].script.hashedSize == STRING
    input.Body.processes[_].script.partiallyHashed == BOOLEAN
    input.Body.processes[_].script.path == STRING
    input.Body.processes[_].script.sha256 == STRING
    input.Body.processes[_].script.size == STRING
    input.Body.resourceName == STRING
    input.Body.securityPosture.changedPolicy == STRING
    input.Body.securityPosture.name == STRING
    input.Body.securityPosture.policy == STRING
    input.Body.securityPosture.policyDriftDetails[_].detectedValue == STRING
    input.Body.securityPosture.policyDriftDetails[_].expectedValue == STRING
    input.Body.securityPosture.policyDriftDetails[_].field == STRING
    input.Body.securityPosture.policySet == STRING
    input.Body.securityPosture.postureDeployment == STRING
    input.Body.securityPosture.postureDeploymentResource == STRING
    input.Body.securityPosture.revisionId == STRING
    input.Body.severity == enum_FindingSeverity[_]
    input.Body.sourceProperties.STRING == ANY
    input.Body.state == enum_FindingState[_]
    input.Body.toxicCombination.attackExposureScore == NUMBER
    input.Body.toxicCombination.relatedFindings[_] == STRING
    input.Body.vulnerability.cve.cvssv3.attackComplexity == enum_Cvssv3AttackComplexity[_]
    input.Body.vulnerability.cve.cvssv3.attackVector == enum_Cvssv3AttackVector[_]
    input.Body.vulnerability.cve.cvssv3.availabilityImpact == enum_Cvssv3AvailabilityImpact[_]
    input.Body.vulnerability.cve.cvssv3.baseScore == NUMBER
    input.Body.vulnerability.cve.cvssv3.confidentialityImpact == enum_Cvssv3ConfidentialityImpact[_]
    input.Body.vulnerability.cve.cvssv3.integrityImpact == enum_Cvssv3IntegrityImpact[_]
    input.Body.vulnerability.cve.cvssv3.privilegesRequired == enum_Cvssv3PrivilegesRequired[_]
    input.Body.vulnerability.cve.cvssv3.scope == enum_Cvssv3Scope[_]
    input.Body.vulnerability.cve.cvssv3.userInteraction == enum_Cvssv3UserInteraction[_]
    input.Body.vulnerability.cve.exploitReleaseDate == STRING
    input.Body.vulnerability.cve.exploitationActivity == enum_CveExploitationActivity[_]
    input.Body.vulnerability.cve.firstExploitationDate == STRING
    input.Body.vulnerability.cve.id == STRING
    input.Body.vulnerability.cve.impact == enum_CveImpact[_]
    input.Body.vulnerability.cve.observedInTheWild == BOOLEAN
    input.Body.vulnerability.cve.references[_].source == STRING
    input.Body.vulnerability.cve.references[_].uri == STRING
    input.Body.vulnerability.cve.upstreamFixAvailable == BOOLEAN
    input.Body.vulnerability.cve.zeroDay == BOOLEAN
    input.Body.vulnerability.fixedPackage.cpeUri == STRING
    input.Body.vulnerability.fixedPackage.packageName == STRING
    input.Body.vulnerability.fixedPackage.packageType == STRING
    input.Body.vulnerability.fixedPackage.packageVersion == STRING
    input.Body.vulnerability.offendingPackage.cpeUri == STRING
    input.Body.vulnerability.offendingPackage.packageName == STRING
    input.Body.vulnerability.offendingPackage.packageType == STRING
    input.Body.vulnerability.offendingPackage.packageVersion == STRING
    input.Body.vulnerability.securityBulletin.bulletinId == STRING
    input.Body.vulnerability.securityBulletin.submissionTime == STRING
    input.Body.vulnerability.securityBulletin.suggestedUpgradeVersion == STRING
    input.ReqMap.name == STRING
    input.Qs.updateMask == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.organizations.sources.findings.setMute

enum_SetMuteRequestMute := [ "MUTE_UNSPECIFIED", "MUTED", "UNMUTED", "UNDEFINED" ]

valid {
    input.Body.mute == enum_SetMuteRequestMute[_]
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.organizations.sources.findings.setState

enum_SetFindingStateRequestState := [ "STATE_UNSPECIFIED", "ACTIVE", "INACTIVE" ]

valid {
    input.Body.startTime == STRING
    input.Body.state == enum_SetFindingStateRequestState[_]
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.organizations.sources.findings.updateSecurityMarks

valid {
    input.Body.canonicalName == STRING
    input.Body.marks.STRING == STRING
    input.Body.name == STRING
    input.ReqMap.name == STRING
    input.Qs.startTime == STRING
    input.Qs.updateMask == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.organizations.sources.get

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.organizations.sources.getIamPolicy

valid {
    input.Body.options.requestedPolicyVersion == INTEGER
    input.ReqMap.resource == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.organizations.sources.list

valid {
    input.ReqMap.parent == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.organizations.sources.patch

valid {
    input.Body.canonicalName == STRING
    input.Body.description == STRING
    input.Body.displayName == STRING
    input.Body.name == STRING
    input.ReqMap.name == STRING
    input.Qs.updateMask == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.organizations.sources.setIamPolicy

enum_AuditLogConfigLogType := [ "LOG_TYPE_UNSPECIFIED", "ADMIN_READ", "DATA_WRITE", "DATA_READ" ]

valid {
    input.Body.policy.auditConfigs[_].auditLogConfigs[_].exemptedMembers[_] == STRING
    input.Body.policy.auditConfigs[_].auditLogConfigs[_].logType == enum_AuditLogConfigLogType[_]
    input.Body.policy.auditConfigs[_].service == STRING
    input.Body.policy.bindings[_].condition.description == STRING
    input.Body.policy.bindings[_].condition.expression == STRING
    input.Body.policy.bindings[_].condition.location == STRING
    input.Body.policy.bindings[_].condition.title == STRING
    input.Body.policy.bindings[_].members[_] == STRING
    input.Body.policy.bindings[_].role == STRING
    input.Body.policy.etag == STRING
    input.Body.policy.version == INTEGER
    input.Body.updateMask == STRING
    input.ReqMap.resource == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.organizations.sources.testIamPermissions

valid {
    input.Body.permissions[_] == STRING
    input.ReqMap.resource == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.organizations.updateContainerThreatDetectionSettings

enum_ConfigModuleEnablementState := [ "ENABLEMENT_STATE_UNSPECIFIED", "INHERITED", "ENABLED", "DISABLED" ]
enum_ContainerThreatDetectionSettingsServiceEnablementState := [ "ENABLEMENT_STATE_UNSPECIFIED", "INHERITED", "ENABLED", "DISABLED" ]

valid {
    input.Body.modules.STRING.moduleEnablementState == enum_ConfigModuleEnablementState[_]
    input.Body.modules.STRING.value.STRING == ANY
    input.Body.name == STRING
    input.Body.serviceEnablementState == enum_ContainerThreatDetectionSettingsServiceEnablementState[_]
    input.ReqMap.name == STRING
    input.Qs.updateMask == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.organizations.updateEventThreatDetectionSettings

enum_ConfigModuleEnablementState := [ "ENABLEMENT_STATE_UNSPECIFIED", "INHERITED", "ENABLED", "DISABLED" ]
enum_EventThreatDetectionSettingsServiceEnablementState := [ "ENABLEMENT_STATE_UNSPECIFIED", "INHERITED", "ENABLED", "DISABLED" ]

valid {
    input.Body.modules.STRING.moduleEnablementState == enum_ConfigModuleEnablementState[_]
    input.Body.modules.STRING.value.STRING == ANY
    input.Body.name == STRING
    input.Body.serviceEnablementState == enum_EventThreatDetectionSettingsServiceEnablementState[_]
    input.ReqMap.name == STRING
    input.Qs.updateMask == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.organizations.updateOrganizationSettings

enum_AssetDiscoveryConfigInclusionMode := [ "INCLUSION_MODE_UNSPECIFIED", "INCLUDE_ONLY", "EXCLUDE" ]

valid {
    input.Body.assetDiscoveryConfig.folderIds[_] == STRING
    input.Body.assetDiscoveryConfig.inclusionMode == enum_AssetDiscoveryConfigInclusionMode[_]
    input.Body.assetDiscoveryConfig.projectIds[_] == STRING
    input.Body.enableAssetDiscovery == BOOLEAN
    input.Body.name == STRING
    input.ReqMap.name == STRING
    input.Qs.updateMask == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.organizations.updateRapidVulnerabilityDetectionSettings

enum_ConfigModuleEnablementState := [ "ENABLEMENT_STATE_UNSPECIFIED", "INHERITED", "ENABLED", "DISABLED" ]
enum_RapidVulnerabilityDetectionSettingsServiceEnablementState := [ "ENABLEMENT_STATE_UNSPECIFIED", "INHERITED", "ENABLED", "DISABLED" ]

valid {
    input.Body.modules.STRING.moduleEnablementState == enum_ConfigModuleEnablementState[_]
    input.Body.modules.STRING.value.STRING == ANY
    input.Body.name == STRING
    input.Body.serviceEnablementState == enum_RapidVulnerabilityDetectionSettingsServiceEnablementState[_]
    input.ReqMap.name == STRING
    input.Qs.updateMask == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.organizations.updateSecurityHealthAnalyticsSettings

enum_ConfigModuleEnablementState := [ "ENABLEMENT_STATE_UNSPECIFIED", "INHERITED", "ENABLED", "DISABLED" ]
enum_SecurityHealthAnalyticsSettingsServiceEnablementState := [ "ENABLEMENT_STATE_UNSPECIFIED", "INHERITED", "ENABLED", "DISABLED" ]

valid {
    input.Body.modules.STRING.moduleEnablementState == enum_ConfigModuleEnablementState[_]
    input.Body.modules.STRING.value.STRING == ANY
    input.Body.name == STRING
    input.Body.serviceEnablementState == enum_SecurityHealthAnalyticsSettingsServiceEnablementState[_]
    input.ReqMap.name == STRING
    input.Qs.updateMask == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.organizations.updateVirtualMachineThreatDetectionSettings

enum_ConfigModuleEnablementState := [ "ENABLEMENT_STATE_UNSPECIFIED", "INHERITED", "ENABLED", "DISABLED" ]
enum_VirtualMachineThreatDetectionSettingsServiceEnablementState := [ "ENABLEMENT_STATE_UNSPECIFIED", "INHERITED", "ENABLED", "DISABLED" ]

valid {
    input.Body.modules.STRING.moduleEnablementState == enum_ConfigModuleEnablementState[_]
    input.Body.modules.STRING.value.STRING == ANY
    input.Body.name == STRING
    input.Body.serviceEnablementState == enum_VirtualMachineThreatDetectionSettingsServiceEnablementState[_]
    input.ReqMap.name == STRING
    input.Qs.updateMask == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.organizations.updateWebSecurityScannerSettings

enum_ConfigModuleEnablementState := [ "ENABLEMENT_STATE_UNSPECIFIED", "INHERITED", "ENABLED", "DISABLED" ]
enum_WebSecurityScannerSettingsServiceEnablementState := [ "ENABLEMENT_STATE_UNSPECIFIED", "INHERITED", "ENABLED", "DISABLED" ]

valid {
    input.Body.modules.STRING.moduleEnablementState == enum_ConfigModuleEnablementState[_]
    input.Body.modules.STRING.value.STRING == ANY
    input.Body.name == STRING
    input.Body.serviceEnablementState == enum_WebSecurityScannerSettingsServiceEnablementState[_]
    input.ReqMap.name == STRING
    input.Qs.updateMask == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.organizations.valuedResources.list

valid {
    input.ReqMap.parent == STRING
    input.Qs.filter == STRING
    input.Qs.orderBy == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.organizations.virtualMachineThreatDetectionSettings.calculate

valid {
    input.ReqMap.name == STRING
    input.Qs.showEligibleModulesOnly == BOOLEAN
    input.ProviderMetadata.Region == STRING
}

securitycenter.organizations.webSecurityScannerSettings.calculate

valid {
    input.ReqMap.name == STRING
    input.Qs.showEligibleModulesOnly == BOOLEAN
    input.ProviderMetadata.Region == STRING
}

securitycenter.projects.assets.group

valid {
    input.Body.compareDuration == STRING
    input.Body.filter == STRING
    input.Body.groupBy == STRING
    input.Body.pageSize == INTEGER
    input.Body.pageToken == STRING
    input.Body.readTime == STRING
    input.ReqMap.parent == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.projects.assets.list

valid {
    input.ReqMap.parent == STRING
    input.Qs.compareDuration == STRING
    input.Qs.fieldMask == STRING
    input.Qs.filter == STRING
    input.Qs.orderBy == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.Qs.readTime == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.projects.assets.updateSecurityMarks

valid {
    input.Body.canonicalName == STRING
    input.Body.marks.STRING == STRING
    input.Body.name == STRING
    input.ReqMap.name == STRING
    input.Qs.startTime == STRING
    input.Qs.updateMask == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.projects.bigQueryExports.create

valid {
    input.Body.dataset == STRING
    input.Body.description == STRING
    input.Body.filter == STRING
    input.Body.name == STRING
    input.ReqMap.parent == STRING
    input.Qs.bigQueryExportId == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.projects.bigQueryExports.delete

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.projects.bigQueryExports.get

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.projects.bigQueryExports.list

valid {
    input.ReqMap.parent == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.projects.bigQueryExports.patch

valid {
    input.Body.dataset == STRING
    input.Body.description == STRING
    input.Body.filter == STRING
    input.Body.name == STRING
    input.ReqMap.name == STRING
    input.Qs.updateMask == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.projects.containerThreatDetectionSettings.calculate

valid {
    input.ReqMap.name == STRING
    input.Qs.showEligibleModulesOnly == BOOLEAN
    input.ProviderMetadata.Region == STRING
}

securitycenter.projects.eventThreatDetectionSettings.calculate

valid {
    input.ReqMap.name == STRING
    input.Qs.showEligibleModulesOnly == BOOLEAN
    input.ProviderMetadata.Region == STRING
}

securitycenter.projects.eventThreatDetectionSettings.customModules.create

enum_EventThreatDetectionCustomModuleCloudProvider := [ "CLOUD_PROVIDER_UNSPECIFIED", "GOOGLE_CLOUD_PLATFORM", "AMAZON_WEB_SERVICES", "MICROSOFT_AZURE" ]
enum_EventThreatDetectionCustomModuleEnablementState := [ "ENABLEMENT_STATE_UNSPECIFIED", "ENABLED", "DISABLED", "INHERITED" ]

valid {
    input.Body.cloudProvider == enum_EventThreatDetectionCustomModuleCloudProvider[_]
    input.Body.config.STRING == ANY
    input.Body.description == STRING
    input.Body.displayName == STRING
    input.Body.enablementState == enum_EventThreatDetectionCustomModuleEnablementState[_]
    input.Body.name == STRING
    input.Body.type == STRING
    input.ReqMap.parent == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.projects.eventThreatDetectionSettings.customModules.delete

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.projects.eventThreatDetectionSettings.customModules.get

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.projects.eventThreatDetectionSettings.customModules.list

valid {
    input.ReqMap.parent == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.projects.eventThreatDetectionSettings.customModules.listDescendant

valid {
    input.ReqMap.parent == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.projects.eventThreatDetectionSettings.customModules.patch

enum_EventThreatDetectionCustomModuleCloudProvider := [ "CLOUD_PROVIDER_UNSPECIFIED", "GOOGLE_CLOUD_PLATFORM", "AMAZON_WEB_SERVICES", "MICROSOFT_AZURE" ]
enum_EventThreatDetectionCustomModuleEnablementState := [ "ENABLEMENT_STATE_UNSPECIFIED", "ENABLED", "DISABLED", "INHERITED" ]

valid {
    input.Body.cloudProvider == enum_EventThreatDetectionCustomModuleCloudProvider[_]
    input.Body.config.STRING == ANY
    input.Body.description == STRING
    input.Body.displayName == STRING
    input.Body.enablementState == enum_EventThreatDetectionCustomModuleEnablementState[_]
    input.Body.name == STRING
    input.Body.type == STRING
    input.ReqMap.name == STRING
    input.Qs.updateMask == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.projects.eventThreatDetectionSettings.effectiveCustomModules.get

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.projects.eventThreatDetectionSettings.effectiveCustomModules.list

valid {
    input.ReqMap.parent == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.projects.eventThreatDetectionSettings.validateCustomModule

valid {
    input.Body.rawText == STRING
    input.Body.type == STRING
    input.ReqMap.parent == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.projects.findings.bulkMute

enum_BulkMuteFindingsRequestMuteState := [ "MUTE_STATE_UNSPECIFIED", "MUTED", "UNDEFINED" ]

valid {
    input.Body.filter == STRING
    input.Body.muteAnnotation == STRING
    input.Body.muteState == enum_BulkMuteFindingsRequestMuteState[_]
    input.ReqMap.parent == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.projects.getContainerThreatDetectionSettings

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.projects.getEventThreatDetectionSettings

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.projects.getRapidVulnerabilityDetectionSettings

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.projects.getSecurityCenterSettings

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.projects.getSecurityHealthAnalyticsSettings

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.projects.getVirtualMachineThreatDetectionSettings

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.projects.getWebSecurityScannerSettings

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.projects.locations.clusters.containerThreatDetectionSettings.calculate

valid {
    input.ReqMap.name == STRING
    input.Qs.showEligibleModulesOnly == BOOLEAN
    input.ProviderMetadata.Region == STRING
}

securitycenter.projects.locations.clusters.getContainerThreatDetectionSettings

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.projects.locations.clusters.updateContainerThreatDetectionSettings

enum_ConfigModuleEnablementState := [ "ENABLEMENT_STATE_UNSPECIFIED", "INHERITED", "ENABLED", "DISABLED" ]
enum_ContainerThreatDetectionSettingsServiceEnablementState := [ "ENABLEMENT_STATE_UNSPECIFIED", "INHERITED", "ENABLED", "DISABLED" ]

valid {
    input.Body.modules.STRING.moduleEnablementState == enum_ConfigModuleEnablementState[_]
    input.Body.modules.STRING.value.STRING == ANY
    input.Body.name == STRING
    input.Body.serviceEnablementState == enum_ContainerThreatDetectionSettingsServiceEnablementState[_]
    input.ReqMap.name == STRING
    input.Qs.updateMask == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.projects.locations.muteConfigs.delete

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.projects.locations.muteConfigs.get

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.projects.locations.muteConfigs.patch

enum_GoogleCloudSecuritycenterV1MuteConfigType := [ "MUTE_CONFIG_TYPE_UNSPECIFIED", "STATIC", "DYNAMIC" ]

valid {
    input.Body.description == STRING
    input.Body.displayName == STRING
    input.Body.expiryTime == STRING
    input.Body.filter == STRING
    input.Body.name == STRING
    input.Body.type == enum_GoogleCloudSecuritycenterV1MuteConfigType[_]
    input.ReqMap.name == STRING
    input.Qs.updateMask == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.projects.muteConfigs.create

enum_GoogleCloudSecuritycenterV1MuteConfigType := [ "MUTE_CONFIG_TYPE_UNSPECIFIED", "STATIC", "DYNAMIC" ]

valid {
    input.Body.description == STRING
    input.Body.displayName == STRING
    input.Body.expiryTime == STRING
    input.Body.filter == STRING
    input.Body.name == STRING
    input.Body.type == enum_GoogleCloudSecuritycenterV1MuteConfigType[_]
    input.ReqMap.parent == STRING
    input.Qs.muteConfigId == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.projects.muteConfigs.delete

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.projects.muteConfigs.get

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.projects.muteConfigs.list

valid {
    input.ReqMap.parent == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.projects.muteConfigs.patch

enum_GoogleCloudSecuritycenterV1MuteConfigType := [ "MUTE_CONFIG_TYPE_UNSPECIFIED", "STATIC", "DYNAMIC" ]

valid {
    input.Body.description == STRING
    input.Body.displayName == STRING
    input.Body.expiryTime == STRING
    input.Body.filter == STRING
    input.Body.name == STRING
    input.Body.type == enum_GoogleCloudSecuritycenterV1MuteConfigType[_]
    input.ReqMap.name == STRING
    input.Qs.updateMask == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.projects.notificationConfigs.create

valid {
    input.Body.description == STRING
    input.Body.name == STRING
    input.Body.pubsubTopic == STRING
    input.Body.streamingConfig.filter == STRING
    input.ReqMap.parent == STRING
    input.Qs.configId == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.projects.notificationConfigs.delete

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.projects.notificationConfigs.get

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.projects.notificationConfigs.list

valid {
    input.ReqMap.parent == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.projects.notificationConfigs.patch

valid {
    input.Body.description == STRING
    input.Body.name == STRING
    input.Body.pubsubTopic == STRING
    input.Body.streamingConfig.filter == STRING
    input.ReqMap.name == STRING
    input.Qs.updateMask == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.projects.rapidVulnerabilityDetectionSettings.calculate

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.projects.securityHealthAnalyticsSettings.calculate

valid {
    input.ReqMap.name == STRING
    input.Qs.showEligibleModulesOnly == BOOLEAN
    input.ProviderMetadata.Region == STRING
}

securitycenter.projects.securityHealthAnalyticsSettings.customModules.create

enum_GoogleCloudSecuritycenterV1CustomConfigSeverity := [ "SEVERITY_UNSPECIFIED", "CRITICAL", "HIGH", "MEDIUM", "LOW" ]
enum_GoogleCloudSecuritycenterV1SecurityHealthAnalyticsCustomModuleCloudProvider := [ "CLOUD_PROVIDER_UNSPECIFIED", "GOOGLE_CLOUD_PLATFORM", "AMAZON_WEB_SERVICES", "MICROSOFT_AZURE" ]
enum_GoogleCloudSecuritycenterV1SecurityHealthAnalyticsCustomModuleEnablementState := [ "ENABLEMENT_STATE_UNSPECIFIED", "ENABLED", "DISABLED", "INHERITED" ]

valid {
    input.Body.cloudProvider == enum_GoogleCloudSecuritycenterV1SecurityHealthAnalyticsCustomModuleCloudProvider[_]
    input.Body.customConfig.customOutput.properties[_].name == STRING
    input.Body.customConfig.customOutput.properties[_].valueExpression.description == STRING
    input.Body.customConfig.customOutput.properties[_].valueExpression.expression == STRING
    input.Body.customConfig.customOutput.properties[_].valueExpression.location == STRING
    input.Body.customConfig.customOutput.properties[_].valueExpression.title == STRING
    input.Body.customConfig.description == STRING
    input.Body.customConfig.predicate.description == STRING
    input.Body.customConfig.predicate.expression == STRING
    input.Body.customConfig.predicate.location == STRING
    input.Body.customConfig.predicate.title == STRING
    input.Body.customConfig.recommendation == STRING
    input.Body.customConfig.resourceSelector.resourceTypes[_] == STRING
    input.Body.customConfig.severity == enum_GoogleCloudSecuritycenterV1CustomConfigSeverity[_]
    input.Body.displayName == STRING
    input.Body.enablementState == enum_GoogleCloudSecuritycenterV1SecurityHealthAnalyticsCustomModuleEnablementState[_]
    input.Body.name == STRING
    input.ReqMap.parent == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.projects.securityHealthAnalyticsSettings.customModules.delete

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.projects.securityHealthAnalyticsSettings.customModules.get

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.projects.securityHealthAnalyticsSettings.customModules.list

valid {
    input.ReqMap.parent == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.projects.securityHealthAnalyticsSettings.customModules.listDescendant

valid {
    input.ReqMap.parent == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.projects.securityHealthAnalyticsSettings.customModules.patch

enum_GoogleCloudSecuritycenterV1CustomConfigSeverity := [ "SEVERITY_UNSPECIFIED", "CRITICAL", "HIGH", "MEDIUM", "LOW" ]
enum_GoogleCloudSecuritycenterV1SecurityHealthAnalyticsCustomModuleCloudProvider := [ "CLOUD_PROVIDER_UNSPECIFIED", "GOOGLE_CLOUD_PLATFORM", "AMAZON_WEB_SERVICES", "MICROSOFT_AZURE" ]
enum_GoogleCloudSecuritycenterV1SecurityHealthAnalyticsCustomModuleEnablementState := [ "ENABLEMENT_STATE_UNSPECIFIED", "ENABLED", "DISABLED", "INHERITED" ]

valid {
    input.Body.cloudProvider == enum_GoogleCloudSecuritycenterV1SecurityHealthAnalyticsCustomModuleCloudProvider[_]
    input.Body.customConfig.customOutput.properties[_].name == STRING
    input.Body.customConfig.customOutput.properties[_].valueExpression.description == STRING
    input.Body.customConfig.customOutput.properties[_].valueExpression.expression == STRING
    input.Body.customConfig.customOutput.properties[_].valueExpression.location == STRING
    input.Body.customConfig.customOutput.properties[_].valueExpression.title == STRING
    input.Body.customConfig.description == STRING
    input.Body.customConfig.predicate.description == STRING
    input.Body.customConfig.predicate.expression == STRING
    input.Body.customConfig.predicate.location == STRING
    input.Body.customConfig.predicate.title == STRING
    input.Body.customConfig.recommendation == STRING
    input.Body.customConfig.resourceSelector.resourceTypes[_] == STRING
    input.Body.customConfig.severity == enum_GoogleCloudSecuritycenterV1CustomConfigSeverity[_]
    input.Body.displayName == STRING
    input.Body.enablementState == enum_GoogleCloudSecuritycenterV1SecurityHealthAnalyticsCustomModuleEnablementState[_]
    input.Body.name == STRING
    input.ReqMap.name == STRING
    input.Qs.updateMask == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.projects.securityHealthAnalyticsSettings.customModules.simulate

enum_AuditLogConfigLogType := [ "LOG_TYPE_UNSPECIFIED", "ADMIN_READ", "DATA_WRITE", "DATA_READ" ]
enum_GoogleCloudSecuritycenterV1CustomConfigSeverity := [ "SEVERITY_UNSPECIFIED", "CRITICAL", "HIGH", "MEDIUM", "LOW" ]

valid {
    input.Body.customConfig.customOutput.properties[_].name == STRING
    input.Body.customConfig.customOutput.properties[_].valueExpression.description == STRING
    input.Body.customConfig.customOutput.properties[_].valueExpression.expression == STRING
    input.Body.customConfig.customOutput.properties[_].valueExpression.location == STRING
    input.Body.customConfig.customOutput.properties[_].valueExpression.title == STRING
    input.Body.customConfig.description == STRING
    input.Body.customConfig.predicate.description == STRING
    input.Body.customConfig.predicate.expression == STRING
    input.Body.customConfig.predicate.location == STRING
    input.Body.customConfig.predicate.title == STRING
    input.Body.customConfig.recommendation == STRING
    input.Body.customConfig.resourceSelector.resourceTypes[_] == STRING
    input.Body.customConfig.severity == enum_GoogleCloudSecuritycenterV1CustomConfigSeverity[_]
    input.Body.resource.iamPolicyData.auditConfigs[_].auditLogConfigs[_].exemptedMembers[_] == STRING
    input.Body.resource.iamPolicyData.auditConfigs[_].auditLogConfigs[_].logType == enum_AuditLogConfigLogType[_]
    input.Body.resource.iamPolicyData.auditConfigs[_].service == STRING
    input.Body.resource.iamPolicyData.bindings[_].condition.description == STRING
    input.Body.resource.iamPolicyData.bindings[_].condition.expression == STRING
    input.Body.resource.iamPolicyData.bindings[_].condition.location == STRING
    input.Body.resource.iamPolicyData.bindings[_].condition.title == STRING
    input.Body.resource.iamPolicyData.bindings[_].members[_] == STRING
    input.Body.resource.iamPolicyData.bindings[_].role == STRING
    input.Body.resource.iamPolicyData.etag == STRING
    input.Body.resource.iamPolicyData.version == INTEGER
    input.Body.resource.resourceData.STRING == ANY
    input.Body.resource.resourceType == STRING
    input.ReqMap.parent == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.projects.securityHealthAnalyticsSettings.effectiveCustomModules.get

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.projects.securityHealthAnalyticsSettings.effectiveCustomModules.list

valid {
    input.ReqMap.parent == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.projects.sources.findings.externalSystems.patch

valid {
    input.Body.assignees[_] == STRING
    input.Body.caseCloseTime == STRING
    input.Body.caseCreateTime == STRING
    input.Body.casePriority == STRING
    input.Body.caseSla == STRING
    input.Body.caseUri == STRING
    input.Body.externalSystemUpdateTime == STRING
    input.Body.externalUid == STRING
    input.Body.name == STRING
    input.Body.status == STRING
    input.Body.ticketInfo.assignee == STRING
    input.Body.ticketInfo.description == STRING
    input.Body.ticketInfo.id == STRING
    input.Body.ticketInfo.status == STRING
    input.Body.ticketInfo.updateTime == STRING
    input.Body.ticketInfo.uri == STRING
    input.ReqMap.name == STRING
    input.Qs.updateMask == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.projects.sources.findings.group

valid {
    input.Body.compareDuration == STRING
    input.Body.filter == STRING
    input.Body.groupBy == STRING
    input.Body.pageSize == INTEGER
    input.Body.pageToken == STRING
    input.Body.readTime == STRING
    input.ReqMap.parent == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.projects.sources.findings.list

valid {
    input.ReqMap.parent == STRING
    input.Qs.compareDuration == STRING
    input.Qs.fieldMask == STRING
    input.Qs.filter == STRING
    input.Qs.orderBy == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.Qs.readTime == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.projects.sources.findings.patch

enum_AttackExposureState := [ "STATE_UNSPECIFIED", "CALCULATED", "NOT_CALCULATED" ]
enum_CloudDlpDataProfileParentType := [ "PARENT_TYPE_UNSPECIFIED", "ORGANIZATION", "PROJECT" ]
enum_ConnectionProtocol := [ "PROTOCOL_UNSPECIFIED", "ICMP", "TCP", "UDP", "GRE", "ESP" ]
enum_CveExploitationActivity := [ "EXPLOITATION_ACTIVITY_UNSPECIFIED", "WIDE", "CONFIRMED", "AVAILABLE", "ANTICIPATED", "NO_KNOWN" ]
enum_CveImpact := [ "RISK_RATING_UNSPECIFIED", "LOW", "MEDIUM", "HIGH", "CRITICAL" ]
enum_Cvssv3AttackComplexity := [ "ATTACK_COMPLEXITY_UNSPECIFIED", "ATTACK_COMPLEXITY_LOW", "ATTACK_COMPLEXITY_HIGH" ]
enum_Cvssv3AttackVector := [ "ATTACK_VECTOR_UNSPECIFIED", "ATTACK_VECTOR_NETWORK", "ATTACK_VECTOR_ADJACENT", "ATTACK_VECTOR_LOCAL", "ATTACK_VECTOR_PHYSICAL" ]
enum_Cvssv3AvailabilityImpact := [ "IMPACT_UNSPECIFIED", "IMPACT_HIGH", "IMPACT_LOW", "IMPACT_NONE" ]
enum_Cvssv3ConfidentialityImpact := [ "IMPACT_UNSPECIFIED", "IMPACT_HIGH", "IMPACT_LOW", "IMPACT_NONE" ]
enum_Cvssv3IntegrityImpact := [ "IMPACT_UNSPECIFIED", "IMPACT_HIGH", "IMPACT_LOW", "IMPACT_NONE" ]
enum_Cvssv3PrivilegesRequired := [ "PRIVILEGES_REQUIRED_UNSPECIFIED", "PRIVILEGES_REQUIRED_NONE", "PRIVILEGES_REQUIRED_LOW", "PRIVILEGES_REQUIRED_HIGH" ]
enum_Cvssv3Scope := [ "SCOPE_UNSPECIFIED", "SCOPE_UNCHANGED", "SCOPE_CHANGED" ]
enum_Cvssv3UserInteraction := [ "USER_INTERACTION_UNSPECIFIED", "USER_INTERACTION_NONE", "USER_INTERACTION_REQUIRED" ]
enum_DataAccessEventOperation := [ "OPERATION_UNSPECIFIED", "READ", "MOVE", "COPY" ]
enum_DataFlowEventOperation := [ "OPERATION_UNSPECIFIED", "READ", "MOVE", "COPY" ]
enum_DataRetentionDeletionEventEventType := [ "EVENT_TYPE_UNSPECIFIED", "EVENT_TYPE_MAX_TTL_EXCEEDED" ]
enum_FindingFindingClass := [ "FINDING_CLASS_UNSPECIFIED", "THREAT", "VULNERABILITY", "MISCONFIGURATION", "OBSERVATION", "SCC_ERROR", "POSTURE_VIOLATION", "TOXIC_COMBINATION", "SENSITIVE_DATA_RISK" ]
enum_FindingMute := [ "MUTE_UNSPECIFIED", "MUTED", "UNMUTED", "UNDEFINED" ]
enum_FindingSeverity := [ "SEVERITY_UNSPECIFIED", "CRITICAL", "HIGH", "MEDIUM", "LOW" ]
enum_FindingState := [ "STATE_UNSPECIFIED", "ACTIVE", "INACTIVE" ]
enum_GroupMembershipGroupType := [ "GROUP_TYPE_UNSPECIFIED", "GROUP_TYPE_TOXIC_COMBINATION" ]
enum_IamBindingAction := [ "ACTION_UNSPECIFIED", "ADD", "REMOVE" ]
enum_MitreAttackAdditionalTactics := [ "TACTIC_UNSPECIFIED", "RECONNAISSANCE", "RESOURCE_DEVELOPMENT", "INITIAL_ACCESS", "EXECUTION", "PERSISTENCE", "PRIVILEGE_ESCALATION", "DEFENSE_EVASION", "CREDENTIAL_ACCESS", "DISCOVERY", "LATERAL_MOVEMENT", "COLLECTION", "COMMAND_AND_CONTROL", "EXFILTRATION", "IMPACT" ]
enum_MitreAttackAdditionalTechniques := [ "TECHNIQUE_UNSPECIFIED", "MASQUERADING", "MATCH_LEGITIMATE_NAME_OR_LOCATION", "BOOT_OR_LOGON_INITIALIZATION_SCRIPTS", "STARTUP_ITEMS", "NETWORK_SERVICE_DISCOVERY", "PROCESS_DISCOVERY", "COMMAND_AND_SCRIPTING_INTERPRETER", "UNIX_SHELL", "PYTHON", "EXPLOITATION_FOR_PRIVILEGE_ESCALATION", "PERMISSION_GROUPS_DISCOVERY", "CLOUD_GROUPS", "INDICATOR_REMOVAL_FILE_DELETION", "APPLICATION_LAYER_PROTOCOL", "DNS", "SOFTWARE_DEPLOYMENT_TOOLS", "VALID_ACCOUNTS", "DEFAULT_ACCOUNTS", "LOCAL_ACCOUNTS", "CLOUD_ACCOUNTS", "PROXY", "EXTERNAL_PROXY", "MULTI_HOP_PROXY", "ACCOUNT_MANIPULATION", "ADDITIONAL_CLOUD_CREDENTIALS", "SSH_AUTHORIZED_KEYS", "ADDITIONAL_CONTAINER_CLUSTER_ROLES", "INGRESS_TOOL_TRANSFER", "NATIVE_API", "BRUTE_FORCE", "SHARED_MODULES", "ACCESS_TOKEN_MANIPULATION", "TOKEN_IMPERSONATION_OR_THEFT", "EXPLOIT_PUBLIC_FACING_APPLICATION", "DOMAIN_POLICY_MODIFICATION", "DATA_DESTRUCTION", "SERVICE_STOP", "INHIBIT_SYSTEM_RECOVERY", "RESOURCE_HIJACKING", "NETWORK_DENIAL_OF_SERVICE", "CLOUD_SERVICE_DISCOVERY", "STEAL_APPLICATION_ACCESS_TOKEN", "ACCOUNT_ACCESS_REMOVAL", "STEAL_WEB_SESSION_COOKIE", "CREATE_OR_MODIFY_SYSTEM_PROCESS", "EVENT_TRIGGERED_EXECUTION", "ABUSE_ELEVATION_CONTROL_MECHANISM", "UNSECURED_CREDENTIALS", "MODIFY_AUTHENTICATION_PROCESS", "IMPAIR_DEFENSES", "DISABLE_OR_MODIFY_TOOLS", "EXFILTRATION_OVER_WEB_SERVICE", "EXFILTRATION_TO_CLOUD_STORAGE", "DYNAMIC_RESOLUTION", "LATERAL_TOOL_TRANSFER", "MODIFY_CLOUD_COMPUTE_INFRASTRUCTURE", "CREATE_SNAPSHOT", "CLOUD_INFRASTRUCTURE_DISCOVERY", "OBTAIN_CAPABILITIES", "ACTIVE_SCANNING", "SCANNING_IP_BLOCKS", "CONTAINER_ADMINISTRATION_COMMAND", "DEPLOY_CONTAINER", "ESCAPE_TO_HOST", "CONTAINER_AND_RESOURCE_DISCOVERY", "STEAL_OR_FORGE_AUTHENTICATION_CERTIFICATES" ]
enum_MitreAttackPrimaryTactic := [ "TACTIC_UNSPECIFIED", "RECONNAISSANCE", "RESOURCE_DEVELOPMENT", "INITIAL_ACCESS", "EXECUTION", "PERSISTENCE", "PRIVILEGE_ESCALATION", "DEFENSE_EVASION", "CREDENTIAL_ACCESS", "DISCOVERY", "LATERAL_MOVEMENT", "COLLECTION", "COMMAND_AND_CONTROL", "EXFILTRATION", "IMPACT" ]
enum_MitreAttackPrimaryTechniques := [ "TECHNIQUE_UNSPECIFIED", "MASQUERADING", "MATCH_LEGITIMATE_NAME_OR_LOCATION", "BOOT_OR_LOGON_INITIALIZATION_SCRIPTS", "STARTUP_ITEMS", "NETWORK_SERVICE_DISCOVERY", "PROCESS_DISCOVERY", "COMMAND_AND_SCRIPTING_INTERPRETER", "UNIX_SHELL", "PYTHON", "EXPLOITATION_FOR_PRIVILEGE_ESCALATION", "PERMISSION_GROUPS_DISCOVERY", "CLOUD_GROUPS", "INDICATOR_REMOVAL_FILE_DELETION", "APPLICATION_LAYER_PROTOCOL", "DNS", "SOFTWARE_DEPLOYMENT_TOOLS", "VALID_ACCOUNTS", "DEFAULT_ACCOUNTS", "LOCAL_ACCOUNTS", "CLOUD_ACCOUNTS", "PROXY", "EXTERNAL_PROXY", "MULTI_HOP_PROXY", "ACCOUNT_MANIPULATION", "ADDITIONAL_CLOUD_CREDENTIALS", "SSH_AUTHORIZED_KEYS", "ADDITIONAL_CONTAINER_CLUSTER_ROLES", "INGRESS_TOOL_TRANSFER", "NATIVE_API", "BRUTE_FORCE", "SHARED_MODULES", "ACCESS_TOKEN_MANIPULATION", "TOKEN_IMPERSONATION_OR_THEFT", "EXPLOIT_PUBLIC_FACING_APPLICATION", "DOMAIN_POLICY_MODIFICATION", "DATA_DESTRUCTION", "SERVICE_STOP", "INHIBIT_SYSTEM_RECOVERY", "RESOURCE_HIJACKING", "NETWORK_DENIAL_OF_SERVICE", "CLOUD_SERVICE_DISCOVERY", "STEAL_APPLICATION_ACCESS_TOKEN", "ACCOUNT_ACCESS_REMOVAL", "STEAL_WEB_SESSION_COOKIE", "CREATE_OR_MODIFY_SYSTEM_PROCESS", "EVENT_TRIGGERED_EXECUTION", "ABUSE_ELEVATION_CONTROL_MECHANISM", "UNSECURED_CREDENTIALS", "MODIFY_AUTHENTICATION_PROCESS", "IMPAIR_DEFENSES", "DISABLE_OR_MODIFY_TOOLS", "EXFILTRATION_OVER_WEB_SERVICE", "EXFILTRATION_TO_CLOUD_STORAGE", "DYNAMIC_RESOLUTION", "LATERAL_TOOL_TRANSFER", "MODIFY_CLOUD_COMPUTE_INFRASTRUCTURE", "CREATE_SNAPSHOT", "CLOUD_INFRASTRUCTURE_DISCOVERY", "OBTAIN_CAPABILITIES", "ACTIVE_SCANNING", "SCANNING_IP_BLOCKS", "CONTAINER_ADMINISTRATION_COMMAND", "DEPLOY_CONTAINER", "ESCAPE_TO_HOST", "CONTAINER_AND_RESOURCE_DISCOVERY", "STEAL_OR_FORGE_AUTHENTICATION_CERTIFICATES" ]
enum_ProcessSignatureSignatureType := [ "SIGNATURE_TYPE_UNSPECIFIED", "SIGNATURE_TYPE_PROCESS", "SIGNATURE_TYPE_FILE" ]
enum_RoleKind := [ "KIND_UNSPECIFIED", "ROLE", "CLUSTER_ROLE" ]
enum_SubjectKind := [ "AUTH_TYPE_UNSPECIFIED", "USER", "SERVICEACCOUNT", "GROUP" ]

valid {
    input.Body.access.callerIp == STRING
    input.Body.access.callerIpGeo.regionCode == STRING
    input.Body.access.methodName == STRING
    input.Body.access.principalEmail == STRING
    input.Body.access.principalSubject == STRING
    input.Body.access.serviceAccountDelegationInfo[_].principalEmail == STRING
    input.Body.access.serviceAccountDelegationInfo[_].principalSubject == STRING
    input.Body.access.serviceAccountKeyName == STRING
    input.Body.access.serviceName == STRING
    input.Body.access.userAgent == STRING
    input.Body.access.userAgentFamily == STRING
    input.Body.access.userName == STRING
    input.Body.application.baseUri == STRING
    input.Body.application.fullUri == STRING
    input.Body.attackExposure.attackExposureResult == STRING
    input.Body.attackExposure.exposedHighValueResourcesCount == INTEGER
    input.Body.attackExposure.exposedLowValueResourcesCount == INTEGER
    input.Body.attackExposure.exposedMediumValueResourcesCount == INTEGER
    input.Body.attackExposure.latestCalculationTime == STRING
    input.Body.attackExposure.score == NUMBER
    input.Body.attackExposure.state == enum_AttackExposureState[_]
    input.Body.backupDisasterRecovery.appliance == STRING
    input.Body.backupDisasterRecovery.applications[_] == STRING
    input.Body.backupDisasterRecovery.backupCreateTime == STRING
    input.Body.backupDisasterRecovery.backupTemplate == STRING
    input.Body.backupDisasterRecovery.backupType == STRING
    input.Body.backupDisasterRecovery.host == STRING
    input.Body.backupDisasterRecovery.policies[_] == STRING
    input.Body.backupDisasterRecovery.policyOptions[_] == STRING
    input.Body.backupDisasterRecovery.profile == STRING
    input.Body.backupDisasterRecovery.storagePool == STRING
    input.Body.canonicalName == STRING
    input.Body.category == STRING
    input.Body.cloudArmor.adaptiveProtection.confidence == NUMBER
    input.Body.cloudArmor.attack.classification == STRING
    input.Body.cloudArmor.attack.volumeBps == INTEGER
    input.Body.cloudArmor.attack.volumePps == INTEGER
    input.Body.cloudArmor.duration == STRING
    input.Body.cloudArmor.requests.longTermAllowed == INTEGER
    input.Body.cloudArmor.requests.longTermDenied == INTEGER
    input.Body.cloudArmor.requests.ratio == NUMBER
    input.Body.cloudArmor.requests.shortTermAllowed == INTEGER
    input.Body.cloudArmor.securityPolicy.name == STRING
    input.Body.cloudArmor.securityPolicy.preview == BOOLEAN
    input.Body.cloudArmor.securityPolicy.type == STRING
    input.Body.cloudArmor.threatVector == STRING
    input.Body.cloudDlpDataProfile.dataProfile == STRING
    input.Body.cloudDlpDataProfile.parentType == enum_CloudDlpDataProfileParentType[_]
    input.Body.cloudDlpInspection.fullScan == BOOLEAN
    input.Body.cloudDlpInspection.infoType == STRING
    input.Body.cloudDlpInspection.infoTypeCount == STRING
    input.Body.cloudDlpInspection.inspectJob == STRING
    input.Body.compliances[_].ids[_] == STRING
    input.Body.compliances[_].standard == STRING
    input.Body.compliances[_].version == STRING
    input.Body.connections[_].destinationIp == STRING
    input.Body.connections[_].destinationPort == INTEGER
    input.Body.connections[_].protocol == enum_ConnectionProtocol[_]
    input.Body.connections[_].sourceIp == STRING
    input.Body.connections[_].sourcePort == INTEGER
    input.Body.containers[_].createTime == STRING
    input.Body.containers[_].imageId == STRING
    input.Body.containers[_].labels[_].name == STRING
    input.Body.containers[_].labels[_].value == STRING
    input.Body.containers[_].name == STRING
    input.Body.containers[_].uri == STRING
    input.Body.createTime == STRING
    input.Body.dataAccessEvents[_].eventId == STRING
    input.Body.dataAccessEvents[_].eventTime == STRING
    input.Body.dataAccessEvents[_].operation == enum_DataAccessEventOperation[_]
    input.Body.dataAccessEvents[_].principalEmail == STRING
    input.Body.dataFlowEvents[_].eventId == STRING
    input.Body.dataFlowEvents[_].eventTime == STRING
    input.Body.dataFlowEvents[_].operation == enum_DataFlowEventOperation[_]
    input.Body.dataFlowEvents[_].principalEmail == STRING
    input.Body.dataFlowEvents[_].violatedLocation == STRING
    input.Body.dataRetentionDeletionEvents[_].dataObjectCount == STRING
    input.Body.dataRetentionDeletionEvents[_].eventDetectionTime == STRING
    input.Body.dataRetentionDeletionEvents[_].eventType == enum_DataRetentionDeletionEventEventType[_]
    input.Body.dataRetentionDeletionEvents[_].maxRetentionAllowed == STRING
    input.Body.database.displayName == STRING
    input.Body.database.grantees[_] == STRING
    input.Body.database.name == STRING
    input.Body.database.query == STRING
    input.Body.database.userName == STRING
    input.Body.database.version == STRING
    input.Body.description == STRING
    input.Body.disk.name == STRING
    input.Body.eventTime == STRING
    input.Body.exfiltration.sources[_].components[_] == STRING
    input.Body.exfiltration.sources[_].name == STRING
    input.Body.exfiltration.targets[_].components[_] == STRING
    input.Body.exfiltration.targets[_].name == STRING
    input.Body.exfiltration.totalExfiltratedBytes == STRING
    input.Body.externalUri == STRING
    input.Body.files[_].contents == STRING
    input.Body.files[_].diskPath.partitionUuid == STRING
    input.Body.files[_].diskPath.relativePath == STRING
    input.Body.files[_].hashedSize == STRING
    input.Body.files[_].partiallyHashed == BOOLEAN
    input.Body.files[_].path == STRING
    input.Body.files[_].sha256 == STRING
    input.Body.files[_].size == STRING
    input.Body.findingClass == enum_FindingFindingClass[_]
    input.Body.groupMemberships[_].groupId == STRING
    input.Body.groupMemberships[_].groupType == enum_GroupMembershipGroupType[_]
    input.Body.iamBindings[_].action == enum_IamBindingAction[_]
    input.Body.iamBindings[_].member == STRING
    input.Body.iamBindings[_].role == STRING
    input.Body.indicator.domains[_] == STRING
    input.Body.indicator.ipAddresses[_] == STRING
    input.Body.indicator.signatures[_].memoryHashSignature.binaryFamily == STRING
    input.Body.indicator.signatures[_].memoryHashSignature.detections[_].binary == STRING
    input.Body.indicator.signatures[_].memoryHashSignature.detections[_].percentPagesMatched == NUMBER
    input.Body.indicator.signatures[_].signatureType == enum_ProcessSignatureSignatureType[_]
    input.Body.indicator.signatures[_].yaraRuleSignature.yaraRule == STRING
    input.Body.indicator.uris[_] == STRING
    input.Body.kernelRootkit.name == STRING
    input.Body.kernelRootkit.unexpectedCodeModification == BOOLEAN
    input.Body.kernelRootkit.unexpectedFtraceHandler == BOOLEAN
    input.Body.kernelRootkit.unexpectedInterruptHandler == BOOLEAN
    input.Body.kernelRootkit.unexpectedKernelCodePages == BOOLEAN
    input.Body.kernelRootkit.unexpectedKprobeHandler == BOOLEAN
    input.Body.kernelRootkit.unexpectedProcessesInRunqueue == BOOLEAN
    input.Body.kernelRootkit.unexpectedReadOnlyDataModification == BOOLEAN
    input.Body.kernelRootkit.unexpectedSystemCallHandler == BOOLEAN
    input.Body.kubernetes.accessReviews[_].group == STRING
    input.Body.kubernetes.accessReviews[_].name == STRING
    input.Body.kubernetes.accessReviews[_].ns == STRING
    input.Body.kubernetes.accessReviews[_].resource == STRING
    input.Body.kubernetes.accessReviews[_].subresource == STRING
    input.Body.kubernetes.accessReviews[_].verb == STRING
    input.Body.kubernetes.accessReviews[_].version == STRING
    input.Body.kubernetes.bindings[_].name == STRING
    input.Body.kubernetes.bindings[_].ns == STRING
    input.Body.kubernetes.bindings[_].role.kind == enum_RoleKind[_]
    input.Body.kubernetes.bindings[_].role.name == STRING
    input.Body.kubernetes.bindings[_].role.ns == STRING
    input.Body.kubernetes.bindings[_].subjects[_].kind == enum_SubjectKind[_]
    input.Body.kubernetes.bindings[_].subjects[_].name == STRING
    input.Body.kubernetes.bindings[_].subjects[_].ns == STRING
    input.Body.kubernetes.nodePools[_].name == STRING
    input.Body.kubernetes.nodePools[_].nodes[_].name == STRING
    input.Body.kubernetes.nodes[_].name == STRING
    input.Body.kubernetes.objects[_].containers[_].createTime == STRING
    input.Body.kubernetes.objects[_].containers[_].imageId == STRING
    input.Body.kubernetes.objects[_].containers[_].labels[_].name == STRING
    input.Body.kubernetes.objects[_].containers[_].labels[_].value == STRING
    input.Body.kubernetes.objects[_].containers[_].name == STRING
    input.Body.kubernetes.objects[_].containers[_].uri == STRING
    input.Body.kubernetes.objects[_].group == STRING
    input.Body.kubernetes.objects[_].kind == STRING
    input.Body.kubernetes.objects[_].name == STRING
    input.Body.kubernetes.objects[_].ns == STRING
    input.Body.kubernetes.pods[_].containers[_].createTime == STRING
    input.Body.kubernetes.pods[_].containers[_].imageId == STRING
    input.Body.kubernetes.pods[_].containers[_].labels[_].name == STRING
    input.Body.kubernetes.pods[_].containers[_].labels[_].value == STRING
    input.Body.kubernetes.pods[_].containers[_].name == STRING
    input.Body.kubernetes.pods[_].containers[_].uri == STRING
    input.Body.kubernetes.pods[_].labels[_].name == STRING
    input.Body.kubernetes.pods[_].labels[_].value == STRING
    input.Body.kubernetes.pods[_].name == STRING
    input.Body.kubernetes.pods[_].ns == STRING
    input.Body.kubernetes.roles[_].kind == enum_RoleKind[_]
    input.Body.kubernetes.roles[_].name == STRING
    input.Body.kubernetes.roles[_].ns == STRING
    input.Body.loadBalancers[_].name == STRING
    input.Body.logEntries[_].cloudLoggingEntry.insertId == STRING
    input.Body.logEntries[_].cloudLoggingEntry.logId == STRING
    input.Body.logEntries[_].cloudLoggingEntry.resourceContainer == STRING
    input.Body.logEntries[_].cloudLoggingEntry.timestamp == STRING
    input.Body.mitreAttack.additionalTactics[_] == enum_MitreAttackAdditionalTactics[_]
    input.Body.mitreAttack.additionalTechniques[_] == enum_MitreAttackAdditionalTechniques[_]
    input.Body.mitreAttack.primaryTactic == enum_MitreAttackPrimaryTactic[_]
    input.Body.mitreAttack.primaryTechniques[_] == enum_MitreAttackPrimaryTechniques[_]
    input.Body.mitreAttack.version == STRING
    input.Body.moduleName == STRING
    input.Body.mute == enum_FindingMute[_]
    input.Body.muteInitiator == STRING
    input.Body.name == STRING
    input.Body.nextSteps == STRING
    input.Body.notebook.lastAuthor == STRING
    input.Body.notebook.name == STRING
    input.Body.notebook.notebookUpdateTime == STRING
    input.Body.notebook.service == STRING
    input.Body.orgPolicies[_].name == STRING
    input.Body.parent == STRING
    input.Body.processes[_].args[_] == STRING
    input.Body.processes[_].argumentsTruncated == BOOLEAN
    input.Body.processes[_].binary.contents == STRING
    input.Body.processes[_].binary.diskPath.partitionUuid == STRING
    input.Body.processes[_].binary.diskPath.relativePath == STRING
    input.Body.processes[_].binary.hashedSize == STRING
    input.Body.processes[_].binary.partiallyHashed == BOOLEAN
    input.Body.processes[_].binary.path == STRING
    input.Body.processes[_].binary.sha256 == STRING
    input.Body.processes[_].binary.size == STRING
    input.Body.processes[_].envVariables[_].name == STRING
    input.Body.processes[_].envVariables[_].val == STRING
    input.Body.processes[_].envVariablesTruncated == BOOLEAN
    input.Body.processes[_].libraries[_].contents == STRING
    input.Body.processes[_].libraries[_].diskPath.partitionUuid == STRING
    input.Body.processes[_].libraries[_].diskPath.relativePath == STRING
    input.Body.processes[_].libraries[_].hashedSize == STRING
    input.Body.processes[_].libraries[_].partiallyHashed == BOOLEAN
    input.Body.processes[_].libraries[_].path == STRING
    input.Body.processes[_].libraries[_].sha256 == STRING
    input.Body.processes[_].libraries[_].size == STRING
    input.Body.processes[_].name == STRING
    input.Body.processes[_].parentPid == STRING
    input.Body.processes[_].pid == STRING
    input.Body.processes[_].script.contents == STRING
    input.Body.processes[_].script.diskPath.partitionUuid == STRING
    input.Body.processes[_].script.diskPath.relativePath == STRING
    input.Body.processes[_].script.hashedSize == STRING
    input.Body.processes[_].script.partiallyHashed == BOOLEAN
    input.Body.processes[_].script.path == STRING
    input.Body.processes[_].script.sha256 == STRING
    input.Body.processes[_].script.size == STRING
    input.Body.resourceName == STRING
    input.Body.securityPosture.changedPolicy == STRING
    input.Body.securityPosture.name == STRING
    input.Body.securityPosture.policy == STRING
    input.Body.securityPosture.policyDriftDetails[_].detectedValue == STRING
    input.Body.securityPosture.policyDriftDetails[_].expectedValue == STRING
    input.Body.securityPosture.policyDriftDetails[_].field == STRING
    input.Body.securityPosture.policySet == STRING
    input.Body.securityPosture.postureDeployment == STRING
    input.Body.securityPosture.postureDeploymentResource == STRING
    input.Body.securityPosture.revisionId == STRING
    input.Body.severity == enum_FindingSeverity[_]
    input.Body.sourceProperties.STRING == ANY
    input.Body.state == enum_FindingState[_]
    input.Body.toxicCombination.attackExposureScore == NUMBER
    input.Body.toxicCombination.relatedFindings[_] == STRING
    input.Body.vulnerability.cve.cvssv3.attackComplexity == enum_Cvssv3AttackComplexity[_]
    input.Body.vulnerability.cve.cvssv3.attackVector == enum_Cvssv3AttackVector[_]
    input.Body.vulnerability.cve.cvssv3.availabilityImpact == enum_Cvssv3AvailabilityImpact[_]
    input.Body.vulnerability.cve.cvssv3.baseScore == NUMBER
    input.Body.vulnerability.cve.cvssv3.confidentialityImpact == enum_Cvssv3ConfidentialityImpact[_]
    input.Body.vulnerability.cve.cvssv3.integrityImpact == enum_Cvssv3IntegrityImpact[_]
    input.Body.vulnerability.cve.cvssv3.privilegesRequired == enum_Cvssv3PrivilegesRequired[_]
    input.Body.vulnerability.cve.cvssv3.scope == enum_Cvssv3Scope[_]
    input.Body.vulnerability.cve.cvssv3.userInteraction == enum_Cvssv3UserInteraction[_]
    input.Body.vulnerability.cve.exploitReleaseDate == STRING
    input.Body.vulnerability.cve.exploitationActivity == enum_CveExploitationActivity[_]
    input.Body.vulnerability.cve.firstExploitationDate == STRING
    input.Body.vulnerability.cve.id == STRING
    input.Body.vulnerability.cve.impact == enum_CveImpact[_]
    input.Body.vulnerability.cve.observedInTheWild == BOOLEAN
    input.Body.vulnerability.cve.references[_].source == STRING
    input.Body.vulnerability.cve.references[_].uri == STRING
    input.Body.vulnerability.cve.upstreamFixAvailable == BOOLEAN
    input.Body.vulnerability.cve.zeroDay == BOOLEAN
    input.Body.vulnerability.fixedPackage.cpeUri == STRING
    input.Body.vulnerability.fixedPackage.packageName == STRING
    input.Body.vulnerability.fixedPackage.packageType == STRING
    input.Body.vulnerability.fixedPackage.packageVersion == STRING
    input.Body.vulnerability.offendingPackage.cpeUri == STRING
    input.Body.vulnerability.offendingPackage.packageName == STRING
    input.Body.vulnerability.offendingPackage.packageType == STRING
    input.Body.vulnerability.offendingPackage.packageVersion == STRING
    input.Body.vulnerability.securityBulletin.bulletinId == STRING
    input.Body.vulnerability.securityBulletin.submissionTime == STRING
    input.Body.vulnerability.securityBulletin.suggestedUpgradeVersion == STRING
    input.ReqMap.name == STRING
    input.Qs.updateMask == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.projects.sources.findings.setMute

enum_SetMuteRequestMute := [ "MUTE_UNSPECIFIED", "MUTED", "UNMUTED", "UNDEFINED" ]

valid {
    input.Body.mute == enum_SetMuteRequestMute[_]
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.projects.sources.findings.setState

enum_SetFindingStateRequestState := [ "STATE_UNSPECIFIED", "ACTIVE", "INACTIVE" ]

valid {
    input.Body.startTime == STRING
    input.Body.state == enum_SetFindingStateRequestState[_]
    input.ReqMap.name == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.projects.sources.findings.updateSecurityMarks

valid {
    input.Body.canonicalName == STRING
    input.Body.marks.STRING == STRING
    input.Body.name == STRING
    input.ReqMap.name == STRING
    input.Qs.startTime == STRING
    input.Qs.updateMask == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.projects.sources.list

valid {
    input.ReqMap.parent == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.pageToken == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.projects.updateContainerThreatDetectionSettings

enum_ConfigModuleEnablementState := [ "ENABLEMENT_STATE_UNSPECIFIED", "INHERITED", "ENABLED", "DISABLED" ]
enum_ContainerThreatDetectionSettingsServiceEnablementState := [ "ENABLEMENT_STATE_UNSPECIFIED", "INHERITED", "ENABLED", "DISABLED" ]

valid {
    input.Body.modules.STRING.moduleEnablementState == enum_ConfigModuleEnablementState[_]
    input.Body.modules.STRING.value.STRING == ANY
    input.Body.name == STRING
    input.Body.serviceEnablementState == enum_ContainerThreatDetectionSettingsServiceEnablementState[_]
    input.ReqMap.name == STRING
    input.Qs.updateMask == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.projects.updateEventThreatDetectionSettings

enum_ConfigModuleEnablementState := [ "ENABLEMENT_STATE_UNSPECIFIED", "INHERITED", "ENABLED", "DISABLED" ]
enum_EventThreatDetectionSettingsServiceEnablementState := [ "ENABLEMENT_STATE_UNSPECIFIED", "INHERITED", "ENABLED", "DISABLED" ]

valid {
    input.Body.modules.STRING.moduleEnablementState == enum_ConfigModuleEnablementState[_]
    input.Body.modules.STRING.value.STRING == ANY
    input.Body.name == STRING
    input.Body.serviceEnablementState == enum_EventThreatDetectionSettingsServiceEnablementState[_]
    input.ReqMap.name == STRING
    input.Qs.updateMask == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.projects.updateRapidVulnerabilityDetectionSettings

enum_ConfigModuleEnablementState := [ "ENABLEMENT_STATE_UNSPECIFIED", "INHERITED", "ENABLED", "DISABLED" ]
enum_RapidVulnerabilityDetectionSettingsServiceEnablementState := [ "ENABLEMENT_STATE_UNSPECIFIED", "INHERITED", "ENABLED", "DISABLED" ]

valid {
    input.Body.modules.STRING.moduleEnablementState == enum_ConfigModuleEnablementState[_]
    input.Body.modules.STRING.value.STRING == ANY
    input.Body.name == STRING
    input.Body.serviceEnablementState == enum_RapidVulnerabilityDetectionSettingsServiceEnablementState[_]
    input.ReqMap.name == STRING
    input.Qs.updateMask == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.projects.updateSecurityHealthAnalyticsSettings

enum_ConfigModuleEnablementState := [ "ENABLEMENT_STATE_UNSPECIFIED", "INHERITED", "ENABLED", "DISABLED" ]
enum_SecurityHealthAnalyticsSettingsServiceEnablementState := [ "ENABLEMENT_STATE_UNSPECIFIED", "INHERITED", "ENABLED", "DISABLED" ]

valid {
    input.Body.modules.STRING.moduleEnablementState == enum_ConfigModuleEnablementState[_]
    input.Body.modules.STRING.value.STRING == ANY
    input.Body.name == STRING
    input.Body.serviceEnablementState == enum_SecurityHealthAnalyticsSettingsServiceEnablementState[_]
    input.ReqMap.name == STRING
    input.Qs.updateMask == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.projects.updateVirtualMachineThreatDetectionSettings

enum_ConfigModuleEnablementState := [ "ENABLEMENT_STATE_UNSPECIFIED", "INHERITED", "ENABLED", "DISABLED" ]
enum_VirtualMachineThreatDetectionSettingsServiceEnablementState := [ "ENABLEMENT_STATE_UNSPECIFIED", "INHERITED", "ENABLED", "DISABLED" ]

valid {
    input.Body.modules.STRING.moduleEnablementState == enum_ConfigModuleEnablementState[_]
    input.Body.modules.STRING.value.STRING == ANY
    input.Body.name == STRING
    input.Body.serviceEnablementState == enum_VirtualMachineThreatDetectionSettingsServiceEnablementState[_]
    input.ReqMap.name == STRING
    input.Qs.updateMask == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.projects.updateWebSecurityScannerSettings

enum_ConfigModuleEnablementState := [ "ENABLEMENT_STATE_UNSPECIFIED", "INHERITED", "ENABLED", "DISABLED" ]
enum_WebSecurityScannerSettingsServiceEnablementState := [ "ENABLEMENT_STATE_UNSPECIFIED", "INHERITED", "ENABLED", "DISABLED" ]

valid {
    input.Body.modules.STRING.moduleEnablementState == enum_ConfigModuleEnablementState[_]
    input.Body.modules.STRING.value.STRING == ANY
    input.Body.name == STRING
    input.Body.serviceEnablementState == enum_WebSecurityScannerSettingsServiceEnablementState[_]
    input.ReqMap.name == STRING
    input.Qs.updateMask == STRING
    input.ProviderMetadata.Region == STRING
}

securitycenter.projects.virtualMachineThreatDetectionSettings.calculate

valid {
    input.ReqMap.name == STRING
    input.Qs.showEligibleModulesOnly == BOOLEAN
    input.ProviderMetadata.Region == STRING
}

securitycenter.projects.webSecurityScannerSettings.calculate

valid {
    input.ReqMap.name == STRING
    input.Qs.showEligibleModulesOnly == BOOLEAN
    input.ProviderMetadata.Region == STRING
}