DiscoveryConfig

DiscoveryConfig in Google Cloud is a configuration resource used by Security Command Center to define how assets and resources are automatically discovered and updated. It controls the frequency and scope of asset discovery, helping maintain an up-to-date inventory of cloud resources for security monitoring and compliance.

gcp.dlp_discovery_config

Fields

TitleIDTypeData TypeDescription
_keycorestring
actionscorejsonActions to execute at the completion of scanning.
ancestorscorearray<string>
create_timecoretimestampOutput only. The creation timestamp of a DiscoveryConfig.
datadog_display_namecorestring
errorscorejsonOutput only. A stream of errors encountered when the config was activated. Repeated errors may result in the config automatically being paused. Output only field. Will return the last 100 errors. Whenever the config is modified this list will be cleared.
gcp_display_namecorestringDisplay name (max 100 chars)
gcp_statuscorestringRequired. A status for this configuration. Possible values: ['STATUS_UNSPECIFIED', 'RUNNING', 'PAUSED']. Values descriptions: ['Unused', 'The discovery config is currently active.', 'The discovery config is paused temporarily.']
inspect_templatescorearray<string>Detection logic for profile generation. Not all template features are used by Discovery. FindingLimits, include_quote and exclude_info_types have no impact on Discovery. Multiple templates may be provided if there is data in multiple regions. At most one template must be specified per-region (including "global"). Each region is scanned using the applicable template. If no region-specific template is specified, but a "global" template is specified, it will be copied to that region and used instead. If no global or region-specific template is provided for a region with data, that region's data will not be scanned. For more information, see https://cloud.google.com/sensitive-data-protection/docs/data-profiles#data-residency.
labelscorearray<string>
last_run_timecoretimestampOutput only. The timestamp of the last time this config was executed.
namecorestringUnique resource name for the DiscoveryConfig, assigned by the service when the DiscoveryConfig is created, for example `projects/dlp-test-project/locations/global/discoveryConfigs/53234423`.
org_configcorejsonOnly set when the parent is an org.
organization_idcorestring
other_cloud_starting_locationcorejsonMust be set only when scanning other clouds.
parentcorestring
processing_locationcorejsonOptional. Processing location configuration. Vertex AI dataset scanning will set processing_location.image_fallback_type to MultiRegionProcessing by default.
project_idcorestring
project_numbercorestring
region_idcorestring
resource_namecorestring
tagscorehstore_csv
targetscorejsonTarget to match against for determining what to scan and how frequently.
update_timecoretimestampOutput only. The last update timestamp of a DiscoveryConfig.
zone_idcorestring