feat: Add BigQuery export APIs that help you enable writing new/updated findings from Security Command Center to a BigQuery table in near-real time. You can then integrate the data into existing workflows and create custom analyses. You can enable this feature at the organization, folder, and project levels to export findings based on your requirements

PiperOrigin-RevId: 431905699

google/cloud/securitycenter/v1/BUILD.bazel

@@ -9,24 +9,56 @@
 #    * extra_protoc_file_parameters
 # The complete list of preserved parameters can be found in the source code.
 
-# This is an API workspace, having public visibility by default makes perfect sense.
-package(default_visibility = ["//visibility:public"])
-
 ##############################################################################
 # Common
 ##############################################################################
 load("@rules_proto//proto:defs.bzl", "proto_library")
-load("@com_google_googleapis_imports//:imports.bzl", "proto_library_with_info")
+load(
+    "@com_google_googleapis_imports//:imports.bzl",
+    "cc_grpc_library",
+    "cc_proto_library",
+    "csharp_gapic_assembly_pkg",
+    "csharp_gapic_library",
+    "csharp_grpc_library",
+    "csharp_proto_library",
+    "go_gapic_assembly_pkg",
+    "go_gapic_library",
+    "go_proto_library",
+    "go_test",
+    "java_gapic_assembly_gradle_pkg",
+    "java_gapic_library",
+    "java_gapic_test",
+    "java_grpc_library",
+    "java_proto_library",
+    "nodejs_gapic_assembly_pkg",
+    "nodejs_gapic_library",
+    "php_gapic_assembly_pkg",
+    "php_gapic_library",
+    "php_grpc_library",
+    "php_proto_library",
+    "proto_library_with_info",
+    "py_gapic_assembly_pkg",
+    "py_gapic_library",
+    "ruby_cloud_gapic_library",
+    "ruby_gapic_assembly_pkg",
+    "ruby_grpc_library",
+    "ruby_proto_library",
+)
+
+# This is an API workspace, having public visibility by default makes perfect sense.
+package(default_visibility = ["//visibility:public"])
 
 proto_library(
     name = "securitycenter_proto",
     srcs = [
         "access.proto",
         "asset.proto",
+        "bigquery_export.proto",
         "external_system.proto",
         "finding.proto",
         "folder.proto",
         "indicator.proto",
+        "mitre_attack.proto",
         "mute_config.proto",
         "notification_config.proto",
         "notification_message.proto",
@@ -62,18 +94,6 @@ proto_library_with_info(
     ],
 )
 
-##############################################################################
-# Java
-##############################################################################
-load(
-    "@com_google_googleapis_imports//:imports.bzl",
-    "java_gapic_assembly_gradle_pkg",
-    "java_gapic_library",
-    "java_gapic_test",
-    "java_grpc_library",
-    "java_proto_library",
-)
-
 java_proto_library(
     name = "securitycenter_java_proto",
     deps = [":securitycenter_proto"],
@@ -121,17 +141,6 @@ java_gapic_assembly_gradle_pkg(
     ],
 )
 
-##############################################################################
-# Go
-##############################################################################
-load(
-    "@com_google_googleapis_imports//:imports.bzl",
-    "go_gapic_assembly_pkg",
-    "go_gapic_library",
-    "go_proto_library",
-    "go_test",
-)
-
 go_proto_library(
     name = "securitycenter_go_proto",
     compilers = ["@io_bazel_rules_go//proto:go_grpc"],
@@ -180,15 +189,6 @@ go_gapic_assembly_pkg(
     ],
 )
 
-##############################################################################
-# Python
-##############################################################################
-load(
-    "@com_google_googleapis_imports//:imports.bzl",
-    "py_gapic_assembly_pkg",
-    "py_gapic_library",
-)
-
 py_gapic_library(
     name = "securitycenter_py_gapic",
     srcs = [":securitycenter_proto"],
@@ -203,17 +203,6 @@ py_gapic_assembly_pkg(
     ],
 )
 
-##############################################################################
-# PHP
-##############################################################################
-load(
-    "@com_google_googleapis_imports//:imports.bzl",
-    "php_gapic_assembly_pkg",
-    "php_gapic_library",
-    "php_grpc_library",
-    "php_proto_library",
-)
-
 php_proto_library(
     name = "securitycenter_php_proto",
     deps = [":securitycenter_proto"],
@@ -246,15 +235,6 @@ php_gapic_assembly_pkg(
     ],
 )
 
-##############################################################################
-# Node.js
-##############################################################################
-load(
-    "@com_google_googleapis_imports//:imports.bzl",
-    "nodejs_gapic_assembly_pkg",
-    "nodejs_gapic_library",
-)
-
 nodejs_gapic_library(
     name = "securitycenter_nodejs_gapic",
     package_name = "@google-cloud/security-center",
@@ -274,17 +254,6 @@ nodejs_gapic_assembly_pkg(
     ],
 )
 
-##############################################################################
-# Ruby
-##############################################################################
-load(
-    "@com_google_googleapis_imports//:imports.bzl",
-    "ruby_cloud_gapic_library",
-    "ruby_gapic_assembly_pkg",
-    "ruby_grpc_library",
-    "ruby_proto_library",
-)
-
 ruby_proto_library(
     name = "securitycenter_ruby_proto",
     deps = [":securitycenter_proto"],
@@ -325,17 +294,6 @@ ruby_gapic_assembly_pkg(
     ],
 )
 
-##############################################################################
-# C#
-##############################################################################
-load(
-    "@com_google_googleapis_imports//:imports.bzl",
-    "csharp_gapic_assembly_pkg",
-    "csharp_gapic_library",
-    "csharp_grpc_library",
-    "csharp_proto_library",
-)
-
 csharp_proto_library(
     name = "securitycenter_csharp_proto",
     deps = [":securitycenter_proto"],
@@ -369,15 +327,6 @@ csharp_gapic_assembly_pkg(
     ],
 )
 
-##############################################################################
-# C++
-##############################################################################
-load(
-    "@com_google_googleapis_imports//:imports.bzl",
-    "cc_grpc_library",
-    "cc_proto_library",
-)
-
 cc_proto_library(
     name = "securitycenter_cc_proto",
     deps = [":securitycenter_proto"],

google/cloud/securitycenter/v1/access.proto

@@ -16,8 +16,6 @@ syntax = "proto3";
 
 package google.cloud.securitycenter.v1;
 
-import "google/api/annotations.proto";
-
 option go_package = "google.golang.org/genproto/googleapis/cloud/securitycenter/v1;securitycenter";
 option java_multiple_files = true;
 option java_outer_classname = "AccessProto";

google/cloud/securitycenter/v1/bigquery_export.proto

@@ -0,0 +1,101 @@
+// Copyright 2022 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+syntax = "proto3";
+
+package google.cloud.securitycenter.v1;
+
+import "google/api/field_behavior.proto";
+import "google/api/resource.proto";
+import "google/protobuf/timestamp.proto";
+
+option csharp_namespace = "Google.Cloud.SecurityCenter.V1";
+option go_package = "google.golang.org/genproto/googleapis/cloud/securitycenter/v1;securitycenter";
+option java_multiple_files = true;
+option java_outer_classname = "BigQueryExportProto";
+option java_package = "com.google.cloud.securitycenter.v1";
+option php_namespace = "Google\\Cloud\\SecurityCenter\\V1";
+option ruby_package = "Google::Cloud::SecurityCenter::V1";
+
+// Configures how to deliver Findings to BigQuery Instance.
+message BigQueryExport {
+  option (google.api.resource) = {
+    type: "securitycenter.googleapis.com/BigQueryExport"
+    pattern: "organizations/{organization}/bigQueryExports/{export}"
+    pattern: "folders/{folder}/bigQueryExports/{export}"
+    pattern: "projects/{project}/bigQueryExports/{export}"
+  };
+
+  // The relative resource name of this export. See:
+  // https://cloud.google.com/apis/design/resource_names#relative_resource_name.
+  // Example format:
+  // "organizations/{organization_id}/bigQueryExports/{export_id}" Example
+  // format: "folders/{folder_id}/bigQueryExports/{export_id}" Example format:
+  // "projects/{project_id}/bigQueryExports/{export_id}"
+  // This field is provided in responses, and is ignored when provided in create
+  // requests.
+  string name = 1;
+
+  // The description of the export (max of 1024 characters).
+  string description = 2;
+
+  // Expression that defines the filter to apply across create/update events
+  // of findings. The expression is a list of zero or more restrictions combined
+  // via logical operators `AND` and `OR`. Parentheses are supported, and `OR`
+  // has higher precedence than `AND`.
+  //
+  // Restrictions have the form `<field> <operator> <value>` and may have a
+  // `-` character in front of them to indicate negation. The fields map to
+  // those defined in the corresponding resource.
+  //
+  // The supported operators are:
+  //
+  // * `=` for all value types.
+  // * `>`, `<`, `>=`, `<=` for integer values.
+  // * `:`, meaning substring matching, for strings.
+  //
+  // The supported value types are:
+  //
+  // * string literals in quotes.
+  // * integer literals without quotes.
+  // * boolean literals `true` and `false` without quotes.
+  string filter = 3;
+
+  // The dataset to write findings' updates to. Its format is
+  // "projects/[project_id]/datasets/[bigquery_dataset_id]".
+  // BigQuery Dataset unique ID  must contain only letters (a-z, A-Z), numbers
+  // (0-9), or underscores (_).
+  string dataset = 4;
+
+  // Output only. The time at which the big query export was created.
+  // This field is set by the server and will be ignored if provided on export
+  // on creation.
+  google.protobuf.Timestamp create_time = 5
+      [(google.api.field_behavior) = OUTPUT_ONLY];
+
+  // Output only. The most recent time at which the big export was updated.
+  // This field is set by the server and will be ignored if provided on export
+  // creation or update.
+  google.protobuf.Timestamp update_time = 6
+      [(google.api.field_behavior) = OUTPUT_ONLY];
+
+  // Output only. Email address of the user who last edited the big query
+  // export. This field is set by the server and will be ignored if provided on
+  // export creation or update.
+  string most_recent_editor = 7 [(google.api.field_behavior) = OUTPUT_ONLY];
+
+  // Output only. The service account that needs permission to create table,
+  // upload data to the big query dataset.
+  string principal = 8 [(google.api.field_behavior) = OUTPUT_ONLY];
+}

google/cloud/securitycenter/v1/finding.proto

@@ -21,6 +21,7 @@ import "google/api/resource.proto";
 import "google/cloud/securitycenter/v1/access.proto";
 import "google/cloud/securitycenter/v1/external_system.proto";
 import "google/cloud/securitycenter/v1/indicator.proto";
+import "google/cloud/securitycenter/v1/mitre_attack.proto";
 import "google/cloud/securitycenter/v1/security_marks.proto";
 import "google/cloud/securitycenter/v1/vulnerability.proto";
 import "google/protobuf/struct.proto";
@@ -153,6 +154,9 @@ message Finding {
 
     // Describes a security observation that is for informational purposes.
     OBSERVATION = 4;
+
+    // Describes an error that prevents some SCC functionality.
+    SCC_ERROR = 5;
   }
 
   // The relative resource name of this finding. See:
@@ -245,11 +249,17 @@ message Finding {
   Vulnerability vulnerability = 20;
 
   // Output only. The most recent time this finding was muted or unmuted.
-  google.protobuf.Timestamp mute_update_time = 21 [(google.api.field_behavior) = OUTPUT_ONLY];
+  google.protobuf.Timestamp mute_update_time = 21
+      [(google.api.field_behavior) = OUTPUT_ONLY];
+
+  // Output only. Third party SIEM/SOAR fields within SCC, contains external
+  // system information and external system finding fields.
+  map<string, ExternalSystem> external_systems = 22
+      [(google.api.field_behavior) = OUTPUT_ONLY];
 
-  // Output only. Third party SIEM/SOAR fields within SCC, contains external system
-  // information and external system finding fields.
-  map<string, ExternalSystem> external_systems = 22 [(google.api.field_behavior) = OUTPUT_ONLY];
+  // MITRE ATT&CK tactics and techniques related to this finding.
+  // See: https://attack.mitre.org
+  MitreAttack mitre_attack = 25;
 
   // Access details associated to the Finding, such as more information on the
   // caller, which method was accessed, from where, etc.

google/cloud/securitycenter/v1/mitre_attack.proto

@@ -0,0 +1,190 @@
+// Copyright 2022 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+syntax = "proto3";
+
+package google.cloud.securitycenter.v1;
+
+option csharp_namespace = "Google.Cloud.SecurityCenter.V1";
+option go_package = "google.golang.org/genproto/googleapis/cloud/securitycenter/v1;securitycenter";
+option java_multiple_files = true;
+option java_outer_classname = "MitreAttackProto";
+option java_package = "com.google.cloud.securitycenter.v1";
+option php_namespace = "Google\\Cloud\\SecurityCenter\\V1";
+option ruby_package = "Google::Cloud::SecurityCenter::V1";
+
+// MITRE ATT&CK tactics and techniques related to this finding.
+// See: https://attack.mitre.org
+message MitreAttack {
+  // MITRE ATT&CK tactics that can be referenced by SCC findings.
+  // See: https://attack.mitre.org/tactics/enterprise/
+  enum Tactic {
+    // Unspecified value.
+    TACTIC_UNSPECIFIED = 0;
+
+    // TA0043
+    RECONNAISSANCE = 1;
+
+    // TA0042
+    RESOURCE_DEVELOPMENT = 2;
+
+    // TA0001
+    INITIAL_ACCESS = 5;
+
+    // TA0002
+    EXECUTION = 3;
+
+    // TA0003
+    PERSISTENCE = 6;
+
+    // TA0004
+    PRIVILEGE_ESCALATION = 8;
+
+    // TA0005
+    DEFENSE_EVASION = 7;
+
+    // TA0006
+    CREDENTIAL_ACCESS = 9;
+
+    // TA0007
+    DISCOVERY = 10;
+
+    // TA0008
+    LATERAL_MOVEMENT = 11;
+
+    // TA0009
+    COLLECTION = 12;
+
+    // TA0011
+    COMMAND_AND_CONTROL = 4;
+
+    // TA0010
+    EXFILTRATION = 13;
+
+    // TA0040
+    IMPACT = 14;
+  }
+
+  // MITRE ATT&CK techniques that can be referenced by SCC findings.
+  // See: https://attack.mitre.org/techniques/enterprise/
+  enum Technique {
+    // Unspecified value.
+    TECHNIQUE_UNSPECIFIED = 0;
+
+    // T1595
+    ACTIVE_SCANNING = 1;
+
+    // T1595.001
+    SCANNING_IP_BLOCKS = 2;
+
+    // T1105
+    INGRESS_TOOL_TRANSFER = 3;
+
+    // T1106
+    NATIVE_API = 4;
+
+    // T1129
+    SHARED_MODULES = 5;
+
+    // T1059
+    COMMAND_AND_SCRIPTING_INTERPRETER = 6;
+
+    // T1059.004
+    UNIX_SHELL = 7;
+
+    // T1496
+    RESOURCE_HIJACKING = 8;
+
+    // T1090
+    PROXY = 9;
+
+    // T1090.002
+    EXTERNAL_PROXY = 10;
+
+    // T1090.003
+    MULTI_HOP_PROXY = 11;
+
+    // T1568
+    DYNAMIC_RESOLUTION = 12;
+
+    // T1552
+    UNSECURED_CREDENTIALS = 13;
+
+    // T1078
+    VALID_ACCOUNTS = 14;
+
+    // T1078.003
+    LOCAL_ACCOUNTS = 15;
+
+    // T1078.004
+    CLOUD_ACCOUNTS = 16;
+
+    // T1498
+    NETWORK_DENIAL_OF_SERVICE = 17;
+
+    // T1069
+    PERMISSION_GROUPS_DISCOVERY = 18;
+
+    // T1069.003
+    CLOUD_GROUPS = 19;
+
+    // T1567
+    EXFILTRATION_OVER_WEB_SERVICE = 20;
+
+    // T1567.002
+    EXFILTRATION_TO_CLOUD_STORAGE = 21;
+
+    // T1098
+    ACCOUNT_MANIPULATION = 22;
+
+    // T1098.004
+    SSH_AUTHORIZED_KEYS = 23;
+
+    // T1543
+    CREATE_OR_MODIFY_SYSTEM_PROCESS = 24;
+
+    // T1539
+    STEAL_WEB_SESSION_COOKIE = 25;
+
+    // T1578
+    MODIFY_CLOUD_COMPUTE_INFRASTRUCTURE = 26;
+
+    // T1190
+    EXPLOIT_PUBLIC_FACING_APPLICATION = 27;
+
+    // T1556
+    MODIFY_AUTHENTICATION_PROCESS = 28;
+  }
+
+  // The MITRE ATT&CK tactic most closely represented by this finding, if any.
+  Tactic primary_tactic = 1;
+
+  // The MITRE ATT&CK technique most closely represented by this finding, if
+  // any. primary_techniques is a repeated field because there are multiple
+  // levels of MITRE ATT&CK techniques.  If the technique most closely
+  // represented by this finding is a sub-technique (e.g. `SCANNING_IP_BLOCKS`),
+  // both the sub-technique and its parent technique(s) will be listed (e.g.
+  // `SCANNING_IP_BLOCKS`, `ACTIVE_SCANNING`).
+  repeated Technique primary_techniques = 2;
+
+  // Additional MITRE ATT&CK tactics related to this finding, if any.
+  repeated Tactic additional_tactics = 3;
+
+  // Additional MITRE ATT&CK techniques related to this finding, if any, along
+  // with any of their respective parent techniques.
+  repeated Technique additional_techniques = 4;
+
+  // The MITRE ATT&CK version referenced by the above fields. E.g. "8".
+  string version = 5;
+}

google/cloud/securitycenter/v1/securitycenter_service.proto

@@ -16,18 +16,20 @@ syntax = "proto3";
 
 package google.cloud.securitycenter.v1;
 
+import public "google/cloud/securitycenter/v1/run_asset_discovery_response.proto";
+
 import "google/api/annotations.proto";
 import "google/api/client.proto";
 import "google/api/field_behavior.proto";
 import "google/api/resource.proto";
 import "google/cloud/securitycenter/v1/asset.proto";
+import "google/cloud/securitycenter/v1/bigquery_export.proto";
 import "google/cloud/securitycenter/v1/external_system.proto";
 import "google/cloud/securitycenter/v1/finding.proto";
 import "google/cloud/securitycenter/v1/folder.proto";
 import "google/cloud/securitycenter/v1/mute_config.proto";
 import "google/cloud/securitycenter/v1/notification_config.proto";
 import "google/cloud/securitycenter/v1/organization_settings.proto";
-import public "google/cloud/securitycenter/v1/run_asset_discovery_response.proto";
 import "google/cloud/securitycenter/v1/security_marks.proto";
 import "google/cloud/securitycenter/v1/source.proto";
 import "google/iam/v1/iam_policy.proto";
@@ -49,12 +51,14 @@ option ruby_package = "Google::Cloud::SecurityCenter::V1";
 // V1 APIs for Security Center service.
 service SecurityCenter {
   option (google.api.default_host) = "securitycenter.googleapis.com";
-  option (google.api.oauth_scopes) = "https://www.googleapis.com/auth/cloud-platform";
+  option (google.api.oauth_scopes) =
+      "https://www.googleapis.com/auth/cloud-platform";
 
   // Kicks off an LRO to bulk mute findings for a parent based on a filter. The
   // parent can be either an organization, folder or project. The findings
   // matched by the filter will be muted after the LRO is done.
-  rpc BulkMuteFindings(BulkMuteFindingsRequest) returns (google.longrunning.Operation) {
+  rpc BulkMuteFindings(BulkMuteFindingsRequest)
+      returns (google.longrunning.Operation) {
     option (google.api.http) = {
       post: "/v1/{parent=organizations/*}/findings:bulkMute"
       body: "*"
@@ -112,39 +116,50 @@ service SecurityCenter {
   }
 
   // Creates a notification config.
-  rpc CreateNotificationConfig(CreateNotificationConfigRequest) returns (NotificationConfig) {
+  rpc CreateNotificationConfig(CreateNotificationConfigRequest)
+      returns (NotificationConfig) {
     option (google.api.http) = {
       post: "/v1/{parent=organizations/*}/notificationConfigs"
       body: "notification_config"
     };
-    option (google.api.method_signature) = "parent,config_id,notification_config";
+    option (google.api.method_signature) =
+        "parent,config_id,notification_config";
     option (google.api.method_signature) = "parent,notification_config";
   }
 
   // Deletes an existing mute config.
-  rpc DeleteMuteConfig(DeleteMuteConfigRequest) returns (google.protobuf.Empty) {
+  rpc DeleteMuteConfig(DeleteMuteConfigRequest)
+      returns (google.protobuf.Empty) {
     option (google.api.http) = {
       delete: "/v1/{name=organizations/*/muteConfigs/*}"
-      additional_bindings {
-        delete: "/v1/{name=folders/*/muteConfigs/*}"
-      }
-      additional_bindings {
-        delete: "/v1/{name=projects/*/muteConfigs/*}"
-      }
+      additional_bindings { delete: "/v1/{name=folders/*/muteConfigs/*}" }
+      additional_bindings { delete: "/v1/{name=projects/*/muteConfigs/*}" }
     };
     option (google.api.method_signature) = "name";
   }
 
   // Deletes a notification config.
-  rpc DeleteNotificationConfig(DeleteNotificationConfigRequest) returns (google.protobuf.Empty) {
+  rpc DeleteNotificationConfig(DeleteNotificationConfigRequest)
+      returns (google.protobuf.Empty) {
     option (google.api.http) = {
       delete: "/v1/{name=organizations/*/notificationConfigs/*}"
     };
     option (google.api.method_signature) = "name";
   }
 
+  // Gets a big query export.
+  rpc GetBigQueryExport(GetBigQueryExportRequest) returns (BigQueryExport) {
+    option (google.api.http) = {
+      get: "/v1/{name=organizations/*/bigQueryExports/*}"
+      additional_bindings { get: "/v1/{name=folders/*/bigQueryExports/*}" }
+      additional_bindings { get: "/v1/{name=projects/*/bigQueryExports/*}" }
+    };
+    option (google.api.method_signature) = "name";
+  }
+
   // Gets the access control policy on the specified Source.
-  rpc GetIamPolicy(google.iam.v1.GetIamPolicyRequest) returns (google.iam.v1.Policy) {
+  rpc GetIamPolicy(google.iam.v1.GetIamPolicyRequest)
+      returns (google.iam.v1.Policy) {
     option (google.api.http) = {
       post: "/v1/{resource=organizations/*/sources/*}:getIamPolicy"
       body: "*"
@@ -156,18 +171,15 @@ service SecurityCenter {
   rpc GetMuteConfig(GetMuteConfigRequest) returns (MuteConfig) {
     option (google.api.http) = {
       get: "/v1/{name=organizations/*/muteConfigs/*}"
-      additional_bindings {
-        get: "/v1/{name=folders/*/muteConfigs/*}"
-      }
-      additional_bindings {
-        get: "/v1/{name=projects/*/muteConfigs/*}"
-      }
+      additional_bindings { get: "/v1/{name=folders/*/muteConfigs/*}" }
+      additional_bindings { get: "/v1/{name=projects/*/muteConfigs/*}" }
     };
     option (google.api.method_signature) = "name";
   }
 
   // Gets a notification config.
-  rpc GetNotificationConfig(GetNotificationConfigRequest) returns (NotificationConfig) {
+  rpc GetNotificationConfig(GetNotificationConfigRequest)
+      returns (NotificationConfig) {
     option (google.api.http) = {
       get: "/v1/{name=organizations/*/notificationConfigs/*}"
     };
@@ -175,7 +187,8 @@ service SecurityCenter {
   }
 
   // Gets the settings for an organization.
-  rpc GetOrganizationSettings(GetOrganizationSettingsRequest) returns (OrganizationSettings) {
+  rpc GetOrganizationSettings(GetOrganizationSettingsRequest)
+      returns (OrganizationSettings) {
     option (google.api.http) = {
       get: "/v1/{name=organizations/*/organizationSettings}"
     };
@@ -234,12 +247,8 @@ service SecurityCenter {
   rpc ListAssets(ListAssetsRequest) returns (ListAssetsResponse) {
     option (google.api.http) = {
       get: "/v1/{parent=organizations/*}/assets"
-      additional_bindings {
-        get: "/v1/{parent=folders/*}/assets"
-      }
-      additional_bindings {
-        get: "/v1/{parent=projects/*}/assets"
-      }
+      additional_bindings { get: "/v1/{parent=folders/*}/assets" }
+      additional_bindings { get: "/v1/{parent=projects/*}/assets" }
     };
   }
 
@@ -250,31 +259,25 @@ service SecurityCenter {
   rpc ListFindings(ListFindingsRequest) returns (ListFindingsResponse) {
     option (google.api.http) = {
       get: "/v1/{parent=organizations/*/sources/*}/findings"
-      additional_bindings {
-        get: "/v1/{parent=folders/*/sources/*}/findings"
-      }
-      additional_bindings {
-        get: "/v1/{parent=projects/*/sources/*}/findings"
-      }
+      additional_bindings { get: "/v1/{parent=folders/*/sources/*}/findings" }
+      additional_bindings { get: "/v1/{parent=projects/*/sources/*}/findings" }
     };
   }
 
   // Lists mute configs.
-  rpc ListMuteConfigs(ListMuteConfigsRequest) returns (ListMuteConfigsResponse) {
+  rpc ListMuteConfigs(ListMuteConfigsRequest)
+      returns (ListMuteConfigsResponse) {
     option (google.api.http) = {
       get: "/v1/{parent=organizations/*}/muteConfigs"
-      additional_bindings {
-        get: "/v1/{parent=folders/*}/muteConfigs"
-      }
-      additional_bindings {
-        get: "/v1/{parent=projects/*}/muteConfigs"
-      }
+      additional_bindings { get: "/v1/{parent=folders/*}/muteConfigs" }
+      additional_bindings { get: "/v1/{parent=projects/*}/muteConfigs" }
     };
     option (google.api.method_signature) = "parent";
   }
 
   // Lists notification configs.
-  rpc ListNotificationConfigs(ListNotificationConfigsRequest) returns (ListNotificationConfigsResponse) {
+  rpc ListNotificationConfigs(ListNotificationConfigsRequest)
+      returns (ListNotificationConfigsResponse) {
     option (google.api.http) = {
       get: "/v1/{parent=organizations/*}/notificationConfigs"
     };
@@ -285,12 +288,8 @@ service SecurityCenter {
   rpc ListSources(ListSourcesRequest) returns (ListSourcesResponse) {
     option (google.api.http) = {
       get: "/v1/{parent=organizations/*}/sources"
-      additional_bindings {
-        get: "/v1/{parent=folders/*}/sources"
-      }
-      additional_bindings {
-        get: "/v1/{parent=projects/*}/sources"
-      }
+      additional_bindings { get: "/v1/{parent=folders/*}/sources" }
+      additional_bindings { get: "/v1/{parent=projects/*}/sources" }
     };
     option (google.api.method_signature) = "parent";
   }
@@ -301,7 +300,8 @@ service SecurityCenter {
   // This API can only be called with limited frequency for an organization. If
   // it is called too frequently the caller will receive a TOO_MANY_REQUESTS
   // error.
-  rpc RunAssetDiscovery(RunAssetDiscoveryRequest) returns (google.longrunning.Operation) {
+  rpc RunAssetDiscovery(RunAssetDiscoveryRequest)
+      returns (google.longrunning.Operation) {
     option (google.api.http) = {
       post: "/v1/{parent=organizations/*}/assets:runDiscovery"
       body: "*"
@@ -348,7 +348,8 @@ service SecurityCenter {
   }
 
   // Sets the access control policy on the specified Source.
-  rpc SetIamPolicy(google.iam.v1.SetIamPolicyRequest) returns (google.iam.v1.Policy) {
+  rpc SetIamPolicy(google.iam.v1.SetIamPolicyRequest)
+      returns (google.iam.v1.Policy) {
     option (google.api.http) = {
       post: "/v1/{resource=organizations/*/sources/*}:setIamPolicy"
       body: "*"
@@ -357,7 +358,8 @@ service SecurityCenter {
   }
 
   // Returns the permissions that a caller has on the specified source.
-  rpc TestIamPermissions(google.iam.v1.TestIamPermissionsRequest) returns (google.iam.v1.TestIamPermissionsResponse) {
+  rpc TestIamPermissions(google.iam.v1.TestIamPermissionsRequest)
+      returns (google.iam.v1.TestIamPermissionsResponse) {
     option (google.api.http) = {
       post: "/v1/{resource=organizations/*/sources/*}:testIamPermissions"
       body: "*"
@@ -366,7 +368,8 @@ service SecurityCenter {
   }
 
   // Updates external system. This is for a given finding.
-  rpc UpdateExternalSystem(UpdateExternalSystemRequest) returns (ExternalSystem) {
+  rpc UpdateExternalSystem(UpdateExternalSystemRequest)
+      returns (ExternalSystem) {
     option (google.api.http) = {
       patch: "/v1/{external_system.name=organizations/*/sources/*/findings/*/externalSystems/*}"
       body: "external_system"
@@ -420,7 +423,8 @@ service SecurityCenter {
   //
   // Updates a notification config. The following update
   // fields are allowed: description, pubsub_topic, streaming_config.filter
-  rpc UpdateNotificationConfig(UpdateNotificationConfigRequest) returns (NotificationConfig) {
+  rpc UpdateNotificationConfig(UpdateNotificationConfigRequest)
+      returns (NotificationConfig) {
     option (google.api.http) = {
       patch: "/v1/{notification_config.name=organizations/*/notificationConfigs/*}"
       body: "notification_config"
@@ -430,7 +434,8 @@ service SecurityCenter {
   }
 
   // Updates an organization's settings.
-  rpc UpdateOrganizationSettings(UpdateOrganizationSettingsRequest) returns (OrganizationSettings) {
+  rpc UpdateOrganizationSettings(UpdateOrganizationSettingsRequest)
+      returns (OrganizationSettings) {
     option (google.api.http) = {
       patch: "/v1/{organization_settings.name=organizations/*/organizationSettings}"
       body: "organization_settings"
@@ -475,6 +480,69 @@ service SecurityCenter {
     };
     option (google.api.method_signature) = "security_marks";
   }
+
+  // Creates a big query export.
+  rpc CreateBigQueryExport(CreateBigQueryExportRequest)
+      returns (BigQueryExport) {
+    option (google.api.http) = {
+      post: "/v1/{parent=organizations/*}/bigQueryExports"
+      body: "big_query_export"
+      additional_bindings {
+        post: "/v1/{parent=folders/*}/bigQueryExports"
+        body: "big_query_export"
+      }
+      additional_bindings {
+        post: "/v1/{parent=projects/*}/bigQueryExports"
+        body: "big_query_export"
+      }
+    };
+    option (google.api.method_signature) =
+        "parent,big_query_export,big_query_export_id";
+  }
+
+  // Deletes an existing big query export.
+  rpc DeleteBigQueryExport(DeleteBigQueryExportRequest)
+      returns (google.protobuf.Empty) {
+    option (google.api.http) = {
+      delete: "/v1/{name=organizations/*/bigQueryExports/*}"
+      additional_bindings { delete: "/v1/{name=folders/*/bigQueryExports/*}" }
+      additional_bindings { delete: "/v1/{name=projects/*/bigQueryExports/*}" }
+    };
+    option (google.api.method_signature) = "name";
+  }
+
+  // Updates a BigQuery export.
+  rpc UpdateBigQueryExport(UpdateBigQueryExportRequest)
+      returns (BigQueryExport) {
+    option (google.api.http) = {
+      patch: "/v1/{big_query_export.name=organizations/*/bigQueryExports/*}"
+      body: "big_query_export"
+      additional_bindings {
+        patch: "/v1/{big_query_export.name=folders/*/bigQueryExports/*}"
+        body: "big_query_export"
+      }
+      additional_bindings {
+        patch: "/v1/{big_query_export.name=projects/*/bigQueryExports/*}"
+        body: "big_query_export"
+      }
+    };
+    option (google.api.method_signature) = "big_query_export,update_mask";
+  }
+
+  // Lists BigQuery exports. Note that when requesting BigQuery exports at a
+  // given level all exports under that level are also returned e.g. if
+  // requesting BigQuery exports under a folder, then all BigQuery exports
+  // immediately under the folder plus the ones created under the projects
+  // within the folder are returned.
+  rpc ListBigQueryExports(ListBigQueryExportsRequest)
+      returns (ListBigQueryExportsResponse) {
+    option (google.api.http) = {
+      get: "/v1/{parent=organizations/*}/bigQueryExports"
+      additional_bindings { get: "/v1/{parent=folders/*}/bigQueryExports" }
+      additional_bindings { get: "/v1/{parent=projects/*}/bigQueryExports" }
+    };
+    option (google.api.method_signature) = "parent";
+  }
 }
 
 // Request message for bulk findings update.
@@ -484,14 +552,12 @@ service SecurityCenter {
 // which they get executed is not defined.
 // 2. Once a bulk operation is started, there is no way to stop it.
 message BulkMuteFindingsRequest {
-  // Required. The parent, at which bulk action needs to be applied. Its format is
-  // "organizations/[organization_id]", "folders/[folder_id]",
+  // Required. The parent, at which bulk action needs to be applied. Its format
+  // is "organizations/[organization_id]", "folders/[folder_id]",
   // "projects/[project_id]".
   string parent = 1 [
     (google.api.field_behavior) = REQUIRED,
-    (google.api.resource_reference) = {
-      type: "*"
-    }
+    (google.api.resource_reference) = { type: "*" }
   ];
 
   // Expression that identifies findings that should be updated.
@@ -522,9 +588,7 @@ message BulkMuteFindingsRequest {
 }
 
 // The response to a BulkMute request. Contains the LRO information.
-message BulkMuteFindingsResponse {
-
-}
+message BulkMuteFindingsResponse {}
 
 // Request message for creating a finding.
 message CreateFindingRequest {
@@ -542,8 +606,8 @@ message CreateFindingRequest {
   // greater than 0 characters in length.
   string finding_id = 2 [(google.api.field_behavior) = REQUIRED];
 
-  // Required. The Finding being created. The name and security_marks will be ignored as
-  // they are both output only fields on this resource.
+  // Required. The Finding being created. The name and security_marks will be
+  // ignored as they are both output only fields on this resource.
   Finding finding = 3 [(google.api.field_behavior) = REQUIRED];
 }
 
@@ -571,8 +635,8 @@ message CreateMuteConfigRequest {
 
 // Request message for creating a notification config.
 message CreateNotificationConfigRequest {
-  // Required. Resource name of the new notification config's parent. Its format is
-  // "organizations/[organization_id]".
+  // Required. Resource name of the new notification config's parent. Its format
+  // is "organizations/[organization_id]".
   string parent = 1 [
     (google.api.field_behavior) = REQUIRED,
     (google.api.resource_reference) = {
@@ -586,9 +650,11 @@ message CreateNotificationConfigRequest {
   // characters, underscores or hyphens only.
   string config_id = 2 [(google.api.field_behavior) = REQUIRED];
 
-  // Required. The notification config being created. The name and the service account
-  // will be ignored as they are both output only fields on this resource.
-  NotificationConfig notification_config = 3 [(google.api.field_behavior) = REQUIRED];
+  // Required. The notification config being created. The name and the service
+  // account will be ignored as they are both output only fields on this
+  // resource.
+  NotificationConfig notification_config = 3
+      [(google.api.field_behavior) = REQUIRED];
 }
 
 // Request message for creating a source.
@@ -602,8 +668,8 @@ message CreateSourceRequest {
     }
   ];
 
-  // Required. The Source being created, only the display_name and description will be
-  // used. All other fields will be ignored.
+  // Required. The Source being created, only the display_name and description
+  // will be used. All other fields will be ignored.
   Source source = 2 [(google.api.field_behavior) = REQUIRED];
 }
 
@@ -633,6 +699,20 @@ message DeleteNotificationConfigRequest {
   ];
 }
 
+// Request message for retrieving a big query export.
+message GetBigQueryExportRequest {
+  // Required. Name of the big query export to retrieve. Its format is
+  // organizations/{organization}/bigQueryExports/{export_id},
+  // folders/{folder}/bigQueryExports/{export_id}, or
+  // projects/{project}/bigQueryExports/{export_id}
+  string name = 1 [
+    (google.api.field_behavior) = REQUIRED,
+    (google.api.resource_reference) = {
+      type: "securitycenter.googleapis.com/BigQueryExport"
+    }
+  ];
+}
+
 // Request message for retrieving a mute config.
 message GetMuteConfigRequest {
   // Required. Name of the mute config to retrieve. Its format is
@@ -661,8 +741,8 @@ message GetNotificationConfigRequest {
 
 // Request message for getting organization settings.
 message GetOrganizationSettingsRequest {
-  // Required. Name of the organization to get organization settings for. Its format is
-  // "organizations/[organization_id]/organizationSettings".
+  // Required. Name of the organization to get organization settings for. Its
+  // format is "organizations/[organization_id]/organizationSettings".
   string name = 1 [
     (google.api.field_behavior) = REQUIRED,
     (google.api.resource_reference) = {
@@ -759,9 +839,9 @@ message GroupAssetsRequest {
   // property not existing: `-resource_properties.my_property : ""`
   string filter = 2;
 
-  // Required. Expression that defines what assets fields to use for grouping. The string
-  // value should follow SQL syntax: comma separated list of fields. For
-  // example:
+  // Required. Expression that defines what assets fields to use for grouping.
+  // The string value should follow SQL syntax: comma separated list of fields.
+  // For example:
   // "security_center_properties.resource_project,security_center_properties.project".
   //
   // The following fields are supported when compare_duration is not set:
@@ -919,9 +999,9 @@ message GroupFindingsRequest {
   //   * resource.type: `=`, `:`
   string filter = 2;
 
-  // Required. Expression that defines what assets fields to use for grouping (including
-  // `state_change`). The string value should follow SQL syntax: comma separated
-  // list of fields. For example: "parent,resource_name".
+  // Required. Expression that defines what assets fields to use for grouping
+  // (including `state_change`). The string value should follow SQL syntax:
+  // comma separated list of fields. For example: "parent,resource_name".
   //
   // The following fields are supported:
   //
@@ -1016,8 +1096,8 @@ message GroupResult {
 // Request message for listing  mute configs at a given scope e.g. organization,
 // folder or project.
 message ListMuteConfigsRequest {
-  // Required. The parent, which owns the collection of mute configs. Its format is
-  // "organizations/[organization_id]", "folders/[folder_id]",
+  // Required. The parent, which owns the collection of mute configs. Its format
+  // is "organizations/[organization_id]", "folders/[folder_id]",
   // "projects/[project_id]".
   string parent = 1 [
     (google.api.field_behavior) = REQUIRED,
@@ -1083,8 +1163,8 @@ message ListNotificationConfigsResponse {
 
 // Request message for listing sources.
 message ListSourcesRequest {
-  // Required. Resource name of the parent of sources to list. Its format should be
-  // "organizations/[organization_id], folders/[folder_id], or
+  // Required. Resource name of the parent of sources to list. Its format should
+  // be "organizations/[organization_id], folders/[folder_id], or
   // projects/[project_id]".
   string parent = 1 [
     (google.api.field_behavior) = REQUIRED,
@@ -1559,7 +1639,8 @@ message SetFindingStateRequest {
   Finding.State state = 2 [(google.api.field_behavior) = REQUIRED];
 
   // Required. The time at which the updated state takes effect.
-  google.protobuf.Timestamp start_time = 3 [(google.api.field_behavior) = REQUIRED];
+  google.protobuf.Timestamp start_time = 3
+      [(google.api.field_behavior) = REQUIRED];
 }
 
 // Request message for updating a finding's mute status.
@@ -1583,8 +1664,8 @@ message SetMuteRequest {
 
 // Request message for running asset discovery for an organization.
 message RunAssetDiscoveryRequest {
-  // Required. Name of the organization to run asset discovery for. Its format is
-  // "organizations/[organization_id]".
+  // Required. Name of the organization to run asset discovery for. Its format
+  // is "organizations/[organization_id]".
   string parent = 1 [
     (google.api.field_behavior) = REQUIRED,
     (google.api.resource_reference) = {
@@ -1606,8 +1687,8 @@ message UpdateExternalSystemRequest {
 
 // Request message for updating or creating a finding.
 message UpdateFindingRequest {
-  // Required. The finding resource to update or create if it does not already exist.
-  // parent, security_marks, and update_time will be ignored.
+  // Required. The finding resource to update or create if it does not already
+  // exist. parent, security_marks, and update_time will be ignored.
   //
   // In the case of creation, the finding id portion of the name must be
   // alphanumeric and less than or equal to 32 characters and greater than 0
@@ -1637,7 +1718,8 @@ message UpdateMuteConfigRequest {
 // Request message for updating a notification config.
 message UpdateNotificationConfigRequest {
   // Required. The notification config to update.
-  NotificationConfig notification_config = 1 [(google.api.field_behavior) = REQUIRED];
+  NotificationConfig notification_config = 1
+      [(google.api.field_behavior) = REQUIRED];
 
   // The FieldMask to use when updating the notification config.
   //
@@ -1648,7 +1730,8 @@ message UpdateNotificationConfigRequest {
 // Request message for updating an organization's settings.
 message UpdateOrganizationSettingsRequest {
   // Required. The organization settings resource to update.
-  OrganizationSettings organization_settings = 1 [(google.api.field_behavior) = REQUIRED];
+  OrganizationSettings organization_settings = 1
+      [(google.api.field_behavior) = REQUIRED];
 
   // The FieldMask to use when updating the settings resource.
   //
@@ -1685,3 +1768,85 @@ message UpdateSecurityMarksRequest {
   // smaller or equal to the server time.
   google.protobuf.Timestamp start_time = 3;
 }
+
+// Request message for creating a big query export.
+message CreateBigQueryExportRequest {
+  // Required. Resource name of the new big query export's parent. Its format is
+  // "organizations/[organization_id]", "folders/[folder_id]", or
+  // "projects/[project_id]".
+  string parent = 1 [
+    (google.api.field_behavior) = REQUIRED,
+    (google.api.resource_reference) = {
+      child_type: "securitycenter.googleapis.com/BigQueryExport"
+    }
+  ];
+
+  // Required. The big query export being created.
+  BigQueryExport big_query_export = 2 [(google.api.field_behavior) = REQUIRED];
+
+  // Required. Unique identifier provided by the client within the parent scope.
+  // It must consist of lower case letters, numbers, and hyphen, with the first
+  // character a letter, the last a letter or a number, and a 63 character
+  // maximum.
+  string big_query_export_id = 3 [(google.api.field_behavior) = REQUIRED];
+}
+
+// Request message for updating a BigQuery export.
+message UpdateBigQueryExportRequest {
+  // Required. The BigQuery export being updated.
+  BigQueryExport big_query_export = 1 [(google.api.field_behavior) = REQUIRED];
+
+  // The list of fields to be updated.
+  // If empty all mutable fields will be updated.
+  google.protobuf.FieldMask update_mask = 2;
+}
+
+// Request message for listing  BigQuery exports at a given scope e.g.
+// organization, folder or project.
+message ListBigQueryExportsRequest {
+  // Required. The parent, which owns the collection of BigQuery exports. Its
+  // format is "organizations/[organization_id]", "folders/[folder_id]",
+  // "projects/[project_id]".
+  string parent = 1 [
+    (google.api.field_behavior) = REQUIRED,
+    (google.api.resource_reference) = {
+      child_type: "securitycenter.googleapis.com/BigQueryExport"
+    }
+  ];
+
+  // The maximum number of configs to return. The service may return fewer than
+  // this value.
+  // If unspecified, at most 10 configs will be returned.
+  // The maximum value is 1000; values above 1000 will be coerced to 1000.
+  int32 page_size = 2;
+
+  // A page token, received from a previous `ListBigQueryExports` call.
+  // Provide this to retrieve the subsequent page.
+  // When paginating, all other parameters provided to `ListBigQueryExports`
+  // must match the call that provided the page token.
+  string page_token = 3;
+}
+
+// Response message for listing BigQuery exports.
+message ListBigQueryExportsResponse {
+  // The BigQuery exports from the specified parent.
+  repeated BigQueryExport big_query_exports = 1;
+
+  // A token, which can be sent as `page_token` to retrieve the next page.
+  // If this field is omitted, there are no subsequent pages.
+  string next_page_token = 2;
+}
+
+// Request message for deleting a big query export.
+message DeleteBigQueryExportRequest {
+  // Required. Name of the big query export to delete. Its format is
+  // organizations/{organization}/bigQueryExports/{export_id},
+  // folders/{folder}/bigQueryExports/{export_id}, or
+  // projects/{project}/bigQueryExports/{export_id}
+  string name = 1 [
+    (google.api.field_behavior) = REQUIRED,
+    (google.api.resource_reference) = {
+      type: "securitycenter.googleapis.com/BigQueryExport"
+    }
+  ];
+}

google/cloud/securitycenter/v1/securitycenter_v1.yaml

@@ -7,6 +7,7 @@ apis:
 - name: google.cloud.securitycenter.v1.SecurityCenter
 
 types:
+- name: google.cloud.securitycenter.v1.BigQueryExport
 - name: google.cloud.securitycenter.v1.BulkMuteFindingsResponse
 - name: google.cloud.securitycenter.v1.ExternalSystem
 - name: google.cloud.securitycenter.v1.MuteConfig
@@ -30,7 +31,6 @@ http:
   rules:
   - selector: google.longrunning.Operations.CancelOperation
     post: '/v1/{name=organizations/*/operations/*}:cancel'
-    body: '*'
   - selector: google.longrunning.Operations.DeleteOperation
     delete: '/v1/{name=organizations/*/operations/*}'
   - selector: google.longrunning.Operations.GetOperation

google/cloud/securitycenter/v1/vulnerability.proto

@@ -44,6 +44,9 @@ message Cve {
   // Describe Common Vulnerability Scoring System specified at
   // https://www.first.org/cvss/v3.1/specification-document
   Cvssv3 cvssv3 = 3;
+
+  // Whether upstream fix is available for the CVE.
+  bool upstream_fix_available = 4;
 }
 
 // Additional Links