Method: organizations.sources.findings.group

Filters an organization or source's findings and groups them by their specified properties in a ___location. If no ___location is specified, findings are assumed to be in global

To group across all sources provide a - as the source id. The following list shows some examples:

  • /v2/organizations/{organizationId}/sources/-/findings + /v2/organizations/{organizationId}/sources/-/locations/{locationId}/findings
  • /v2/folders/{folder_id}/sources/-/findings
  • /v2/folders/{folder_id}/sources/-/locations/{locationId}/findings
  • /v2/projects/{projectId}/sources/-/findings
  • /v2/projects/{projectId}/sources/-/locations/{locationId}/findings

HTTP request


The URLs use gRPC Transcoding syntax.

Path parameters

Parameters
parent

string

Required. Name of the source to groupBy. If no ___location is specified, finding is assumed to be in global. The following list shows some examples:

  • organizations/[organizationId]/sources/[source_id] + organizations/[organizationId]/sources/[source_id]/locations/[locationId]
  • folders/[folder_id]/sources/[source_id]
  • folders/[folder_id]/sources/[source_id]/locations/[locationId]
  • projects/[projectId]/sources/[source_id]
  • projects/[projectId]/sources/[source_id]/locations/[locationId]

To groupBy across all sources provide a source_id of -. The following list shows some examples:

  • organizations/{organizationId}/sources/-
  • organizations/{organizationId}/sources/-/locations/[locationId]
  • folders/{folder_id}/sources/-
  • folders/{folder_id}/sources/-/locations/[locationId]
  • projects/{projectId}/sources/-
  • projects/{projectId}/sources/-/locations/[locationId]

Request body

The request body contains data with the following structure:

JSON representation 
{
  "filter": string,
  "groupBy": string,
  "pageToken": string,
  "pageSize": integer
}
Fields
filter

string

Expression that defines the filter to apply across findings. The expression is a list of one or more restrictions combined via logical operators AND and OR. Parentheses are supported, and OR has higher precedence than AND.

Restrictions have the form <field> <operator> <value> and may have a - character in front of them to indicate negation. Examples include:

  • name
  • securityMarks.marks.marka

The supported operators are:

  • = for all value types.
  • >, <, >=, <= for integer values.
  • :, meaning substring matching, for strings.

The supported value types are:

  • string literals in quotes.
  • integer literals without quotes.
  • boolean literals true and false without quotes.

The following field and operator combinations are supported:

  • name: =
  • parent: =, :
  • resourceName: =, :
  • state: =, :
  • category: =, :
  • externalUri: =, :
  • eventTime: =, >, <, >=, <=

Usage: This should be milliseconds since epoch or an RFC3339 string. Examples: eventTime = "2019-06-10T16:07:18-07:00" eventTime = 1560208038000

  • severity: =, :
  • securityMarks.marks: =, :
  • resource:
  • resource.name: =, :
  • resource.parent_name: =, :
  • resource.parent_display_name: =, :
  • resource.project_name: =, :
  • resource.project_display_name: =, :
  • resource.type: =, :
groupBy

string

Required. Expression that defines what assets fields to use for grouping. The string value should follow SQL syntax: comma separated list of fields. For example: "parent,resourceName".
pageToken

string

The value returned by the last GroupFindingsResponse; indicates that this is a continuation of a prior findings.group call, and that the system should return the next page of data.
pageSize

integer

The maximum number of results to return in a single response. Default is 10, minimum is 1, maximum is 1000.

Response body

If successful, the response body contains an instance of GroupFindingsResponse.

Authorization scopes

Requires the following OAuth scope:

  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.