googleapis
diff --git a/‎google/cloud/securitycenter/v2/BUILD.bazel‎
Lines changed: 10 additions & 6 deletions b/‎google/cloud/securitycenter/v2/BUILD.bazel‎
Lines changed: 10 additions & 6 deletions
diff --git a/‎google/cloud/securitycenter/v2/attack_path.proto‎
Lines changed: 1 addition & 0 deletions b/‎google/cloud/securitycenter/v2/attack_path.proto‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎google/cloud/securitycenter/v2/cloud_armor.proto‎
Lines changed: 114 additions & 0 deletions b/‎google/cloud/securitycenter/v2/cloud_armor.proto‎
Lines changed: 114 additions & 0 deletions
diff --git a/‎google/cloud/securitycenter/v2/finding.proto‎
Lines changed: 8 additions & 0 deletions b/‎google/cloud/securitycenter/v2/finding.proto‎
Lines changed: 8 additions & 0 deletions
diff --git a/‎google/cloud/securitycenter/v2/folder.proto‎
Lines changed: 36 additions & 0 deletions b/‎google/cloud/securitycenter/v2/folder.proto‎
Lines changed: 36 additions & 0 deletions
diff --git a/‎google/cloud/securitycenter/v2/mitre_attack.proto‎
Lines changed: 13 additions & 1 deletion b/‎google/cloud/securitycenter/v2/mitre_attack.proto‎
Lines changed: 13 additions & 1 deletion
diff --git a/‎google/cloud/securitycenter/v2/notebook.proto‎
Lines changed: 44 additions & 0 deletions b/‎google/cloud/securitycenter/v2/notebook.proto‎
Lines changed: 44 additions & 0 deletions
@@ -30,6 +30,7 @@ proto_library(
         "attack_path.proto",
         "backup_disaster_recovery.proto",
         "bigquery_export.proto",
+        "cloud_armor.proto",
         "cloud_dlp_data_profile.proto",
         "cloud_dlp_inspection.proto",
         "compliance.proto",
@@ -41,6 +42,7 @@ proto_library(
         "external_system.proto",
         "file.proto",
         "finding.proto",
+        "folder.proto",
         "group_membership.proto",
         "iam_binding.proto",
         "indicator.proto",
@@ -51,6 +53,7 @@ proto_library(
         "log_entry.proto",
         "mitre_attack.proto",
         "mute_config.proto",
+        "notebook.proto",
         "notification_config.proto",
         "notification_message.proto",
         "org_policy.proto",
@@ -75,6 +78,7 @@ proto_library(
         "//google/iam/v1:iam_policy_proto",
         "//google/iam/v1:policy_proto",
         "//google/longrunning:operations_proto",
+        "@com_google_protobuf//:duration_proto",
         "@com_google_protobuf//:empty_proto",
         "@com_google_protobuf//:field_mask_proto",
         "@com_google_protobuf//:struct_proto",
@@ -122,8 +126,8 @@ java_gapic_library(
     rest_numeric_enums = True,
     service_yaml = "securitycenter_v2.yaml",
     test_deps = [
-        "//google/iam/v1:iam_java_grpc",
         ":securitycenter_java_grpc",
+        "//google/iam/v1:iam_java_grpc",
     ],
     transport = "grpc+rest",
     deps = [
@@ -145,14 +149,14 @@ java_gapic_test(
 # Open Source Packages
 java_gapic_assembly_gradle_pkg(
     name = "google-cloud-securitycenter-v2-java",
+    include_samples = True,
     transport = "grpc+rest",
     deps = [
         ":securitycenter_java_gapic",
         ":securitycenter_java_grpc",
         ":securitycenter_java_proto",
         ":securitycenter_proto",
     ],
-    include_samples = True,
 )
 
 ##############################################################################
@@ -194,6 +198,7 @@ go_gapic_library(
         "//google/longrunning:longrunning_go_proto",
         "@com_google_cloud_go_longrunning//:go_default_library",
         "@com_google_cloud_go_longrunning//autogen:go_default_library",
+        "@io_bazel_rules_go//proto/wkt:duration_go_proto",
         "@io_bazel_rules_go//proto/wkt:struct_go_proto",
     ],
 )
@@ -203,9 +208,9 @@ go_gapic_assembly_pkg(
     name = "gapi-cloud-securitycenter-v2-go",
     deps = [
         ":securitycenter_go_gapic",
-        ":securitycenter_go_gapic_srcjar-test.srcjar",
         ":securitycenter_go_gapic_srcjar-metadata.srcjar",
         ":securitycenter_go_gapic_srcjar-snippets.srcjar",
+        ":securitycenter_go_gapic_srcjar-test.srcjar",
         ":securitycenter_go_proto",
     ],
 )
@@ -271,8 +276,8 @@ php_gapic_library(
     name = "securitycenter_php_gapic",
     srcs = [":securitycenter_proto_with_info"],
     grpc_service_config = None,
-    rest_numeric_enums = True,
     migration_mode = "NEW_SURFACE_ONLY",
+    rest_numeric_enums = True,
     service_yaml = "securitycenter_v2.yaml",
     transport = "grpc+rest",
     deps = [
@@ -326,8 +331,8 @@ nodejs_gapic_assembly_pkg(
 # buildifier: disable=same-origin-load
 load(
     "@com_google_googleapis_imports//:imports.bzl",
-    "ruby_gapic_assembly_pkg",
     "ruby_cloud_gapic_library",
+    "ruby_gapic_assembly_pkg",
     "ruby_grpc_library",
     "ruby_proto_library",
 )
@@ -387,7 +392,6 @@ load(
 
 csharp_proto_library(
     name = "securitycenter_csharp_proto",
-    extra_opts = [],
     deps = [":securitycenter_proto"],
 )
 
 
@@ -31,6 +31,7 @@ message AttackPath {
   option (google.api.resource) = {
     type: "securitycenter.googleapis.com/AttackPath"
     pattern: "organizations/{organization}/simulations/{simulation}/valuedResources/{valued_resource}/attackPaths/{attack_path}"
+    pattern: "organizations/{organization}/locations/{location}/simulations/{simulation}/valuedResources/{valued_resource}/attackPaths/{attack_path}"
     plural: "attackPaths"
     singular: "attackPath"
   };
 
@@ -0,0 +1,114 @@
+// Copyright 2024 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+syntax = "proto3";
+
+package google.cloud.securitycenter.v2;
+
+import "google/protobuf/duration.proto";
+
+option csharp_namespace = "Google.Cloud.SecurityCenter.V2";
+option go_package = "cloud.google.com/go/securitycenter/apiv2/securitycenterpb;securitycenterpb";
+option java_multiple_files = true;
+option java_outer_classname = "CloudArmorProto";
+option java_package = "com.google.cloud.securitycenter.v2";
+option php_namespace = "Google\\Cloud\\SecurityCenter\\V2";
+option ruby_package = "Google::Cloud::SecurityCenter::V2";
+
+// Fields related to Google Cloud Armor findings.
+message CloudArmor {
+  // Information about the [Google Cloud Armor security
+  // policy](https://cloud.google.com/armor/docs/security-policy-overview)
+  // relevant to the finding.
+  SecurityPolicy security_policy = 1;
+
+  // Information about incoming requests evaluated by [Google Cloud Armor
+  // security
+  // policies](https://cloud.google.com/armor/docs/security-policy-overview).
+  Requests requests = 2;
+
+  // Information about potential Layer 7 DDoS attacks identified by [Google
+  // Cloud Armor Adaptive
+  // Protection](https://cloud.google.com/armor/docs/adaptive-protection-overview).
+  AdaptiveProtection adaptive_protection = 3;
+
+  // Information about DDoS attack volume and classification.
+  Attack attack = 4;
+
+  // Distinguish between volumetric & protocol DDoS attack and
+  // application layer attacks. For example, "L3_4" for Layer 3 and Layer 4 DDoS
+  // attacks, or "L_7" for Layer 7 DDoS attacks.
+  string threat_vector = 5;
+
+  // Duration of attack from the start until the current moment (updated every 5
+  // minutes).
+  google.protobuf.Duration duration = 6;
+}
+
+// Information about the [Google Cloud Armor security
+// policy](https://cloud.google.com/armor/docs/security-policy-overview)
+// relevant to the finding.
+message SecurityPolicy {
+  // The name of the Google Cloud Armor security policy, for example,
+  // "my-security-policy".
+  string name = 1;
+
+  // The type of Google Cloud Armor security policy for example, 'backend
+  // security policy', 'edge security policy', 'network edge security policy',
+  // or 'always-on DDoS protection'.
+  string type = 2;
+
+  // Whether or not the associated rule or policy is in preview mode.
+  bool preview = 3;
+}
+
+// Information about the requests relevant to the finding.
+message Requests {
+  // For 'Increasing deny ratio', the ratio is the denied traffic divided by the
+  // allowed traffic. For 'Allowed traffic spike', the ratio is the allowed
+  // traffic in the short term divided by allowed traffic in the long term.
+  double ratio = 1;
+
+  // Allowed RPS (requests per second) in the short term.
+  int32 short_term_allowed = 2;
+
+  // Allowed RPS (requests per second) over the long term.
+  int32 long_term_allowed = 3;
+
+  // Denied RPS (requests per second) over the long term.
+  int32 long_term_denied = 4;
+}
+
+// Information about [Google Cloud Armor Adaptive
+// Protection](https://cloud.google.com/armor/docs/cloud-armor-overview#google-cloud-armor-adaptive-protection).
+message AdaptiveProtection {
+  // A score of 0 means that there is low confidence that the detected event is
+  // an actual attack. A score of 1 means that there is high confidence that the
+  // detected event is an attack. See the [Adaptive Protection
+  // documentation](https://cloud.google.com/armor/docs/adaptive-protection-overview#configure-alert-tuning)
+  // for further explanation.
+  double confidence = 1;
+}
+
+// Information about DDoS attack volume and classification.
+message Attack {
+  // Total PPS (packets per second) volume of attack.
+  int32 volume_pps = 1;
+
+  // Total BPS (bytes per second) volume of attack.
+  int32 volume_bps = 2;
+
+  // Type of attack, for example, 'SYN-flood', 'NTP-udp', or 'CHARGEN-udp'.
+  string classification = 3;
+}
@@ -22,6 +22,7 @@ import "google/cloud/securitycenter/v2/access.proto";
 import "google/cloud/securitycenter/v2/application.proto";
 import "google/cloud/securitycenter/v2/attack_exposure.proto";
 import "google/cloud/securitycenter/v2/backup_disaster_recovery.proto";
+import "google/cloud/securitycenter/v2/cloud_armor.proto";
 import "google/cloud/securitycenter/v2/cloud_dlp_data_profile.proto";
 import "google/cloud/securitycenter/v2/cloud_dlp_inspection.proto";
 import "google/cloud/securitycenter/v2/compliance.proto";
@@ -40,6 +41,7 @@ import "google/cloud/securitycenter/v2/kubernetes.proto";
 import "google/cloud/securitycenter/v2/load_balancer.proto";
 import "google/cloud/securitycenter/v2/log_entry.proto";
 import "google/cloud/securitycenter/v2/mitre_attack.proto";
+import "google/cloud/securitycenter/v2/notebook.proto";
 import "google/cloud/securitycenter/v2/org_policy.proto";
 import "google/cloud/securitycenter/v2/process.proto";
 import "google/cloud/securitycenter/v2/security_marks.proto";
@@ -431,6 +433,12 @@ message Finding {
   // The load balancers associated with the finding.
   repeated LoadBalancer load_balancers = 50;
 
+  // Fields related to Cloud Armor findings.
+  CloudArmor cloud_armor = 51;
+
+  // Notebook associated with the finding.
+  Notebook notebook = 55;
+
   // Contains details about a group of security issues that, when the issues
   // occur together, represent a greater risk than when the issues occur
   // independently. A group of such issues is referred to as a toxic
 
@@ -0,0 +1,36 @@
+// Copyright 2024 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+syntax = "proto3";
+
+package google.cloud.securitycenter.v2;
+
+option csharp_namespace = "Google.Cloud.SecurityCenter.V2";
+option go_package = "cloud.google.com/go/securitycenter/apiv2/securitycenterpb;securitycenterpb";
+option java_multiple_files = true;
+option java_outer_classname = "FolderProto";
+option java_package = "com.google.cloud.securitycenter.v2";
+option php_namespace = "Google\\Cloud\\SecurityCenter\\V2";
+option ruby_package = "Google::Cloud::SecurityCenter::V2";
+
+// Message that contains the resource name and display name of a folder
+// resource.
+message Folder {
+  // Full resource name of this folder. See:
+  // https://cloud.google.com/apis/design/resource_names#full_resource_name
+  string resource_folder = 1;
+
+  // The user defined display name for this folder.
+  string resource_folder_display_name = 2;
+}
@@ -78,7 +78,7 @@ message MitreAttack {
 
   // MITRE ATT&CK techniques that can be referenced by SCC findings.
   // See: https://attack.mitre.org/techniques/enterprise/
-  // Next ID: 59
+  // Next ID: 63
   enum Technique {
     // Unspecified value.
     TECHNIQUE_UNSPECIFIED = 0;
@@ -107,6 +107,9 @@ message MitreAttack {
     // T1059.004
     UNIX_SHELL = 7;
 
+    // T1059.006
+    PYTHON = 59;
+
     // T1069
     PERMISSION_GROUPS_DISCOVERY = 18;
 
@@ -254,8 +257,17 @@ message MitreAttack {
     // T1595.001
     SCANNING_IP_BLOCKS = 2;
 
+    // T1613
+    CONTAINER_ADMINISTRATION_COMMAND = 60;
+
+    // T1611
+    ESCAPE_TO_HOST = 61;
+
     // T1613
     CONTAINER_AND_RESOURCE_DISCOVERY = 57;
+
+    // T1649
+    STEAL_OR_FORGE_AUTHENTICATION_CERTIFICATES = 62;
   }
 
   // The MITRE ATT&CK tactic most closely represented by this finding, if any.
 
@@ -0,0 +1,44 @@
+// Copyright 2024 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+syntax = "proto3";
+
+package google.cloud.securitycenter.v2;
+
+import "google/protobuf/timestamp.proto";
+
+option csharp_namespace = "Google.Cloud.SecurityCenter.V2";
+option go_package = "cloud.google.com/go/securitycenter/apiv2/securitycenterpb;securitycenterpb";
+option java_multiple_files = true;
+option java_outer_classname = "NotebookProto";
+option java_package = "com.google.cloud.securitycenter.v2";
+option php_namespace = "Google\\Cloud\\SecurityCenter\\V2";
+option ruby_package = "Google::Cloud::SecurityCenter::V2";
+
+// Represents a Jupyter notebook IPYNB file, such as a [Colab Enterprise
+// notebook](https://cloud.google.com/colab/docs/introduction) file, that is
+// associated with a finding.
+message Notebook {
+  // The name of the notebook.
+  string name = 1;
+
+  // The source notebook service, for example, "Colab Enterprise".
+  string service = 2;
+
+  // The user ID of the latest author to modify the notebook.
+  string last_author = 3;
+
+  // The most recent time the notebook was updated.
+  google.protobuf.Timestamp notebook_update_time = 4;
+}