You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
description: All AWS assets stored in Asset Inventory that didn't match other AWS discovery configs.
129
148
- name: 'inspectTemplates'
130
149
type: Array
131
150
description: Detection logic for profile generation
@@ -291,11 +310,11 @@ properties:
291
310
- name: 'otherTables'
292
311
type: NestedObject
293
312
description: Catch-all. This should always be the last filter in the list because anything above it will apply first.
294
-
# The fields below are necessary to include the "otherTables" filter in the payload
313
+
# The fields below are necessary to include the "otherTables" filter in the payload
295
314
send_empty_value: true
296
315
allow_empty_object: true
297
316
properties:
298
-
# Meant to be an empty object with no properties - see here : https://cloud.google.com/sensitive-data-protection/docs/reference/rest/v2/organizations.locations.discoveryConfigs#allotherbigquerytables
317
+
# Meant to be an empty object with no properties - see here : https://cloud.google.com/sensitive-data-protection/docs/reference/rest/v2/organizations.locations.discoveryConfigs#allotherbigquerytables
299
318
[]
300
319
- name: 'tableReference'
301
320
type: NestedObject
@@ -408,11 +427,11 @@ properties:
408
427
- name: 'disabled'
409
428
type: NestedObject
410
429
description: 'Tables that match this filter will not have profiles created.'
411
-
# The fields below are necessary to include the "disabled" filter in the payload
430
+
# The fields below are necessary to include the "disabled" filter in the payload
412
431
send_empty_value: true
413
432
allow_empty_object: true
414
433
properties:
415
-
# Meant to be an empty object with no properties - see here : https://cloud.google.com/sensitive-data-protection/docs/reference/rest/v2/organizations.locations.discoveryConfigs#disabled
434
+
# Meant to be an empty object with no properties - see here : https://cloud.google.com/sensitive-data-protection/docs/reference/rest/v2/organizations.locations.discoveryConfigs#disabled
416
435
[]
417
436
- name: 'cloudSqlTarget'
418
437
type: NestedObject
@@ -455,7 +474,7 @@ properties:
455
474
send_empty_value: true
456
475
allow_empty_object: true
457
476
properties:
458
-
# Meant to be an empty object with no properties. The fields below are necessary to include the "others" filter in the payload
477
+
# Meant to be an empty object with no properties. The fields below are necessary to include the "others" filter in the payload
459
478
[]
460
479
- name: 'databaseResourceReference'
461
480
type: NestedObject
@@ -559,11 +578,11 @@ properties:
559
578
- name: 'secretsTarget'
560
579
type: NestedObject
561
580
description: Discovery target that looks for credentials and secrets stored in cloud resource metadata and reports them as vulnerabilities to Security Command Center. Only one target of this type is allowed.
562
-
# The fields below are necessary to include the "secretsDiscoveryTarget" target in the payload
581
+
# The fields below are necessary to include the "secretsDiscoveryTarget" target in the payload
563
582
send_empty_value: true
564
583
allow_empty_object: true
565
584
properties:
566
-
# Meant to be an empty object with no properties - see here : https://cloud.google.com/sensitive-data-protection/docs/reference/rest/v2/organizations.locations.discoveryConfigs#DiscoveryConfig.SecretsDiscoveryTarget
585
+
# Meant to be an empty object with no properties - see here : https://cloud.google.com/sensitive-data-protection/docs/reference/rest/v2/organizations.locations.discoveryConfigs#DiscoveryConfig.SecretsDiscoveryTarget
567
586
[]
568
587
- name: 'cloudStorageTarget'
569
588
type: NestedObject
@@ -614,7 +633,7 @@ properties:
614
633
send_empty_value: true
615
634
allow_empty_object: true
616
635
properties:
617
-
# Meant to be an empty object with no properties. The fields below are necessary to include the "others" filter in the payload
636
+
# Meant to be an empty object with no properties. The fields below are necessary to include the "others" filter in the payload
618
637
[]
619
638
- name: 'conditions'
620
639
type: NestedObject
@@ -688,6 +707,144 @@ properties:
688
707
allow_empty_object: true
689
708
properties:
690
709
[]
710
+
- name: 'otherCloudTarget'
711
+
type: NestedObject
712
+
description: Other clouds target for discovery. The first target to match a resource will be the one applied.
713
+
properties:
714
+
- name: 'dataSourceType'
715
+
type: NestedObject
716
+
description: 'Required. The type of data profiles generated by this discovery target. Supported values are: aws/s3/bucket'
717
+
properties:
718
+
- name: 'dataSource'
719
+
type: String
720
+
- name: 'filter'
721
+
type: NestedObject
722
+
description: 'Required. The resources that the discovery cadence applies to. The
723
+
first target with a matching filter will be the one to apply to a resource.'
724
+
required: true
725
+
properties:
726
+
- name: 'collection'
727
+
type: NestedObject
728
+
description: A collection of resources for this filter to apply to.
729
+
properties:
730
+
- name: 'includeRegexes'
731
+
type: NestedObject
732
+
description: A collection of regular expressions to match a resource against.
733
+
properties:
734
+
- name: 'patterns'
735
+
type: Array
736
+
description: The group of regular expression patterns to match against one or more resources. Maximum of 100 entries. The sum of all lengths of regular expressions can't exceed 10 KiB.
737
+
item_type:
738
+
type: NestedObject
739
+
properties:
740
+
- name: 'amazonS3BucketRegex'
741
+
type: NestedObject
742
+
description: Regex for Cloud Storage.
743
+
properties:
744
+
- name: 'awsAccountRegex'
745
+
type: NestedObject
746
+
description: 'The AWS account regex'
747
+
properties:
748
+
- name: 'accountIdRegex'
749
+
type: String
750
+
description: 'Regex to test the AWS account ID against.
description: 'Regex to test the bucket name against. If empty, all buckets match.'
756
+
- name: 'singleResource'
757
+
type: NestedObject
758
+
description: The resource to scan. Configs using this filter can only have one target (the target with this single resource reference).
759
+
properties:
760
+
- name: 'amazonS3Bucket'
761
+
type: NestedObject
762
+
description: Amazon S3 bucket.
763
+
properties:
764
+
- name: 'awsAccount'
765
+
type: NestedObject
766
+
description: The AWS account.
767
+
properties:
768
+
- name: 'accountId'
769
+
type: String
770
+
description: AWS account ID.
771
+
- name: 'bucketName'
772
+
type: String
773
+
description: The bucket name.
774
+
- name: 'others'
775
+
type: NestedObject
776
+
description: Match discovery resources not covered by any other filter.
777
+
send_empty_value: true
778
+
allow_empty_object: true
779
+
properties:
780
+
# Meant to be an empty object with no properties. The fields below are necessary to include the "others" filter in the payload
781
+
[]
782
+
- name: 'conditions'
783
+
type: NestedObject
784
+
description: In addition to matching the filter, these conditions must be true before a profile is generated.
785
+
properties:
786
+
- name: 'minAge'
787
+
type: String
788
+
description: Duration format. Minimum age a resource must be before a profile can be generated. Value must be 1 hour or greater. Minimum age is not supported for Azure Blob Storage containers.
789
+
- name: 'amazonS3BucketConditions'
790
+
type: NestedObject
791
+
description: Amazon S3 bucket conditions.
792
+
properties:
793
+
- name: 'bucketTypes'
794
+
type: Array
795
+
description: Bucket types that should be profiled. Optional. Defaults to TYPE_ALL_SUPPORTED if unspecified.
796
+
item_type:
797
+
type: Enum
798
+
description: |
799
+
This field only has a name and description because of MM
800
+
limitations. It should not appear in downstreams.
801
+
enum_values:
802
+
- 'TYPE_ALL_SUPPORTED'
803
+
- 'TYPE_GENERAL_PURPOSE'
804
+
- name: 'objectStorageClasses'
805
+
type: Array
806
+
description: Object classes that should be profiled. Optional. Defaults to ALL_SUPPORTED_CLASSES if unspecified.
807
+
item_type:
808
+
type: Enum
809
+
description: |
810
+
This field only has a name and description because of MM
811
+
limitations. It should not appear in downstreams.
812
+
enum_values:
813
+
- 'ALL_SUPPORTED_CLASSES'
814
+
- 'STANDARD'
815
+
- 'STANDARD_INFREQUENT_ACCESS'
816
+
- 'GLACIER_INSTANT_RETRIEVAL'
817
+
- 'INTELLIGENT_TIERING'
818
+
- name: 'generationCadence'
819
+
type: NestedObject
820
+
description: How often and when to update profiles. New resources that match both the filter and conditions are scanned as quickly as possible depending on system capacity.
821
+
properties:
822
+
- name: 'refreshFrequency'
823
+
type: Enum
824
+
description: Frequency to update profiles regardless of whether the underlying resource has changes. Defaults to never.
825
+
enum_values:
826
+
- 'UPDATE_FREQUENCY_NEVER'
827
+
- 'UPDATE_FREQUENCY_DAILY'
828
+
- 'UPDATE_FREQUENCY_MONTHLY'
829
+
- name: 'inspectTemplateModifiedCadence'
830
+
type: NestedObject
831
+
description: Governs when to update data profiles when the inspection rules defined by the `InspectTemplate` change. If not set, changing the template will not cause a data profile to update.
832
+
properties:
833
+
- name: 'frequency'
834
+
type: Enum
835
+
description: How frequently data profiles can be updated when the template is modified. Defaults to never.
836
+
enum_values:
837
+
- 'UPDATE_FREQUENCY_NEVER'
838
+
- 'UPDATE_FREQUENCY_DAILY'
839
+
- 'UPDATE_FREQUENCY_MONTHLY'
840
+
- name: 'disabled'
841
+
type: NestedObject
842
+
description: Disable profiling for resources that match this filter.
843
+
send_empty_value: true
844
+
allow_empty_object: true
845
+
properties:
846
+
[]
847
+
691
848
- name: 'errors'
692
849
type: Array
693
850
description: Output only. A stream of errors encountered when the config was activated. Repeated errors may result in the config automatically being paused. Output only field. Will return the last 100 errors. Whenever the config is modified this list will be cleared.
0 commit comments