// Copyright 2019 Google LLC.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//     http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//

syntax = "proto3";

package google.cloud.securitycenter.v1;

import "google/api/annotations.proto";
import "google/cloud/securitycenter/v1/security_marks.proto";
import "google/protobuf/struct.proto";
import "google/protobuf/timestamp.proto";

option csharp_namespace = "Google.Cloud.SecurityCenter.V1";
option go_package = "google.golang.org/genproto/googleapis/cloud/securitycenter/v1;securitycenter";
option java_multiple_files = true;
option java_package = "com.google.cloud.securitycenter.v1";
option php_namespace = "Google\\Cloud\\SecurityCenter\\V1";
option ruby_package = "Google::Cloud::SecurityCenter::V1";

// Cloud Security Command Center (Cloud SCC) finding.
//
// A finding is a record of assessment data (security, risk, health or privacy)
// ingested into Cloud SCC for presentation, notification, analysis,
// policy testing, and enforcement. For example, an XSS vulnerability in an
// App Engine application is a finding.
message Finding {
  // The state of the finding.
  enum State {
    // Unspecified state.
    STATE_UNSPECIFIED = 0;

    // The finding requires attention and has not been addressed yet.
    ACTIVE = 1;

    // The finding has been fixed, triaged as a non-issue or otherwise addressed
    // and is no longer active.
    INACTIVE = 2;
  }

  // The relative resource name of this finding. See:
  // https://cloud.google.com/apis/design/resource_names#relative_resource_name
  // Example:
  // "organizations/123/sources/456/findings/789"
  string name = 1;

  // The relative resource name of the source the finding belongs to. See:
  // https://cloud.google.com/apis/design/resource_names#relative_resource_name
  // This field is immutable after creation time.
  // For example:
  // "organizations/123/sources/456"
  string parent = 2;

  // The full resource name of the Google Cloud Platform (GCP) resource this
  // finding is for. See:
  // https://cloud.google.com/apis/design/resource_names#full_resource_name
  // This field is immutable after creation time.
  string resource_name = 3;

  // The state of the finding.
  State state = 4;

  // The additional taxonomy group within findings from a given source.
  // This field is immutable after creation time.
  // Example: "XSS_FLASH_INJECTION"
  string category = 5;

  // The URI that, if available, points to a web page outside of Cloud SCC
  // where additional information about the finding can be found. This field is
  // guaranteed to be either empty or a well formed URL.
  string external_uri = 6;

  // Source specific properties. These properties are managed by the source
  // that writes the finding. The key names in the source_properties map must be
  // between 1 and 255 characters, and must start with a letter and contain
  // alphanumeric characters or underscores only.
  map<string, google.protobuf.Value> source_properties = 7;

  // Output only. User specified security marks. These marks are entirely
  // managed by the user and come from the SecurityMarks resource that belongs
  // to the finding.
  SecurityMarks security_marks = 8;

  // The time at which the event took place. For example, if the finding
  // represents an open firewall it would capture the time the open firewall was
  // detected.
  google.protobuf.Timestamp event_time = 9;

  // The time at which the finding was created in Cloud SCC.
  google.protobuf.Timestamp create_time = 10;
}