{ "components": { "parameters": { "_.xgafv": { "description": "V1 error format.", "in": "query", "name": "$.xgafv", "schema": { "enum": [ "1", "2" ], "type": "string", "x-google-enum-descriptions": [ "v1 error format", "v2 error format" ] } }, "callback": { "name": "$callback", "schema": { "type": "string" }, "description": "JSONP", "in": "query" }, "alt": { "description": "Data format for response.", "in": "query", "name": "$alt", "schema": { "enum": [ "json", "media", "proto" ], "type": "string", "default": "json", "x-google-enum-descriptions": [ "Responses with Content-Type of application/json", "Media download with context-dependent Content-Type", "Responses with Content-Type of application/x-protobuf" ] } }, "prettyPrint": { "description": "Returns response with indentations and line breaks.", "in": "query", "name": "$prettyPrint", "schema": { "default": "true", "type": "boolean" } } }, "schemas": { "CustomerProfilePerson": { "type": "object", "required": [ "name" ], "description": "Person information for the customer profile.", "properties": { "name": { "description": "Required. The name of the person.", "type": "string" }, "citationIds": { "type": "array", "items": { "type": "string" }, "description": "Optional. The citation ids for the person." }, "title": { "description": "Optional. The title of the person.", "type": "string" } } }, "AlertDocument": { "type": "object", "description": "A document that is associated with an alert.", "properties": { "ingestTime": { "description": "Output only. Time when GTI received the intel.", "type": "string", "format": "date-time", "readOnly": true }, "content": { "readOnly": true, "type": "string", "description": "Output only. The content of the document." }, "source": { "type": "string", "readOnly": true, "description": "Output only. Source of the intel item, e.g. DarkMarket." }, "collectionTime": { "type": "string", "format": "date-time", "readOnly": true, "description": "Output only. Time when the origin source collected the intel." }, "title": { "description": "Output only. The title of the document, if available.", "readOnly": true, "type": "string" }, "name": { "x-google-identifier": true, "description": "Identifier. Server generated name for the alert document.\nformat is projects/{project}/alerts/{alert}/documents/{document}", "type": "string" }, "translation": { "description": "Output only. The translation of the document, if available.", "allOf": [ { "$ref": "#/components/schemas/AlertDocumentTranslation" } ], "readOnly": true }, "languageCode": { "readOnly": true, "type": "string", "description": "Output only. The language code of the document." }, "author": { "description": "Output only. The author of the document.", "readOnly": true, "type": "string" }, "aiSummary": { "description": "Output only. AI summary of the finding.", "readOnly": true, "type": "string" }, "sourceUpdateTime": { "description": "Output only. Time when the intel was last updated by the source.", "readOnly": true, "type": "string", "format": "date-time" }, "sourceUri": { "description": "Output only. URI of the intel item from the source.", "readOnly": true, "type": "string" }, "createTime": { "type": "string", "format": "date-time", "readOnly": true, "description": "Output only. The timestamp of the original external publication of the document." } } }, "AlertDocumentTranslation": { "description": "The translation of an alert document.", "properties": { "translatedTitle": { "description": "Output only. The translated title of the document.", "readOnly": true, "type": "string" }, "translatedContent": { "type": "string", "readOnly": true, "description": "Output only. The translated content of the document." } }, "type": "object" }, "UpsertConfigurationResponse": { "type": "object", "description": "Response message for UpsertConfiguration.", "properties": { "configuration": { "readOnly": true, "type": "string", "description": "Output only. Created configuration ID with server assigned id." } } }, "CustomerProfileCitation": { "type": "object", "required": [ "citationId", "source", "document" ], "description": "Citation information for the customer profile.", "properties": { "citationId": { "type": "string", "description": "Required. The citation id for the citation. Should be unique within the profile." }, "retrievalTime": { "description": "The time the citation was retrieved.", "type": "string", "format": "date-time" }, "source": { "description": "Required. The source of the citation.", "type": "string" }, "document": { "type": "string", "description": "Required. The name of the document the citation is from." }, "uri": { "description": "Optional. The url of the citation.", "type": "string" } } }, "BaseOperation": { "type": "object", "description": "This resource represents a long-running operation that is the result of a\nnetwork API call.", "properties": { "name": { "type": "string", "description": "The server-assigned name, which is only unique within the same service that\noriginally returns it. If you use the default HTTP mapping, the\n`name` should be a resource name ending with `operations/{unique_id}`." }, "done": { "type": "boolean", "description": "If the value is `false`, it means the operation is still in progress.\nIf `true`, the operation is completed, and either `error` or `response` is\navailable." }, "error": { "allOf": [ { "$ref": "#/components/schemas/Status" } ], "description": "The error result of the operation in case of failure or cancellation." } } }, "PriorityAnalysis": { "type": "object", "description": "Structured priority analysis for a threat.", "properties": { "confidence": { "allOf": [ { "$ref": "#/components/schemas/ConfidenceLevel" } ], "description": "The level of confidence in the given verdict." }, "priorityLevel": { "allOf": [ { "$ref": "#/components/schemas/PriorityLevel" } ], "description": "The level of Priority." }, "reasoning": { "type": "string", "description": "Human-readable explanation from the model, detailing why a particular\nresult is considered to have a certain priority." } } }, "MarkAlertAsFalsePositiveRequest": { "type": "object", "description": "Request message for MarkAlertAsFalsePositive." }, "MarkAlertAsTrackedExternallyRequest": { "description": "Request message for MarkAlertAsTrackedExternally.", "type": "object" }, "MarkAlertAsResolvedRequest": { "type": "object", "description": "Request message for MarkAlertAsResolved." }, "CustomerProfileSecurityConsiderations": { "description": "Security considerations for the customer profile.", "properties": { "note": { "description": "Optional. A note about the security considerations.", "type": "string" }, "considerations": { "description": "Optional. A series of considerations for the security of the organization,\nsuch as \"high risk of compromise\" or \"vulnerable to cyberbullying\".", "type": "array", "items": { "type": "string" } } }, "type": "object" }, "ListFindingsResponse": { "type": "object", "description": "Response message for ListFindings.", "properties": { "findings": { "type": "array", "items": { "$ref": "#/components/schemas/Finding" }, "description": "List of findings." }, "nextPageToken": { "type": "string", "description": "Page token." } } }, "Status": { "description": "The `Status` type defines a logical error model that is suitable for\ndifferent programming environments, including REST APIs and RPC APIs. It is\nused by [gRPC](https://github.com/grpc). Each `Status` message contains\nthree pieces of data: error code, error message, and error details.\n\nYou can find out more about this error model and how to work with it in the\n[API Design Guide](https://cloud.google.com/apis/design/errors).", "properties": { "message": { "description": "A developer-facing error message, which should be in English. Any\nuser-facing error message should be localized and sent in the\ngoogle.rpc.Status.details field, or localized by the client.", "type": "string" }, "details": { "type": "array", "items": { "type": "object", "additionalProperties": { "description": "Properties of the object. Contains field @type with type URL." } }, "description": "A list of messages that carry the error details. There is a common set of\nmessage types for APIs to use." }, "code": { "description": "The status code, which should be an enum value of google.rpc.Code.", "type": "integer", "format": "int32" } }, "type": "object" }, "CustomerProfileIndustry": { "type": "object", "required": [ "industry" ], "description": "Industry information for the customer profile.", "properties": { "industry": { "type": "string", "description": "Required. The name of the industry." }, "citationIds": { "type": "array", "items": { "type": "string" }, "description": "Optional. The citation ids for the industry." } } }, "OperationMetadata": { "description": "Metadata for the long-running operation.", "properties": { "createTime": { "type": "string", "format": "date-time", "description": "The time the operation was created." }, "updateTime": { "description": "The time the operation was last updated.", "type": "string", "format": "date-time" } }, "type": "object" }, "CustomerProfileConfig": { "description": "CustomerProfileConfig is the configuration for the customer profile.", "properties": { "webPresences": { "description": "Optional. Web presence of the organization.", "type": "array", "items": { "$ref": "#/components/schemas/CustomerProfileWebPresence" } }, "locations": { "description": "Optional. Locations the organization is present or conducts business in.", "type": "array", "items": { "$ref": "#/components/schemas/CustomerProfileLocation" } }, "technologyPresence": { "description": "Optional. Technology presence of the organization.", "type": "string" }, "contactInfo": { "type": "array", "items": { "$ref": "#/components/schemas/CustomerProfileContactInfo" }, "description": "Optional. Contact information for the organization." }, "parentCompanies": { "description": "Optional. The parent companies of the organization.", "type": "array", "items": { "$ref": "#/components/schemas/CustomerProfileCompany" } }, "summary": { "description": "Optional. A summarized version of the customer profile.", "allOf": [ { "$ref": "#/components/schemas/CustomerProfileSummary" } ] }, "orgSummary": { "description": "Optional. A summary of the organization.", "type": "string" }, "securityConsiderations": { "description": "Optional. Security considerations for the organization.", "allOf": [ { "$ref": "#/components/schemas/CustomerProfileSecurityConsiderations" } ] }, "executives": { "description": "Optional. Executives of the organization.", "type": "array", "items": { "$ref": "#/components/schemas/CustomerProfilePerson" } }, "industries": { "type": "array", "items": { "$ref": "#/components/schemas/CustomerProfileIndustry" }, "description": "Optional. The industries the organization is involved in." }, "org": { "type": "string", "description": "Required. The name of the organization." }, "products": { "description": "Optional. Product information for the organization.", "type": "array", "items": { "$ref": "#/components/schemas/CustomerProfileProduct" } }, "citations": { "description": "Optional. Citations for the organization profile.", "type": "array", "items": { "$ref": "#/components/schemas/CustomerProfileCitation" } } }, "type": "object", "required": [ "org" ] }, "InitialAccessBrokerAlertDetail": { "description": "Captures the specific details of InitialAccessBroker (IAB) alert.", "properties": { "severity": { "description": "Required. The severity of the Initial Access Broker (IAB) alert.\nAllowed values are:\n* `LOW`\n* `MEDIUM`\n* `HIGH`\n* `CRITICAL`", "type": "string" }, "discoveryDocumentIds": { "description": "Required. Array of ids to accommodate multiple discovery documents", "type": "array", "items": { "type": "string" } } }, "type": "object", "required": [ "severity", "discoveryDocumentIds" ] }, "MarkAlertAsDuplicateRequest": { "type": "object", "description": "Request message for MarkAlertAsDuplicate.", "properties": { "duplicateOf": { "description": "Optional. Name of the alert to mark as a duplicate of.\nFormat: projects/{project}/alerts/{alert}", "type": "string" } } }, "EnumerateAlertFacetsResponse": { "type": "object", "description": "Response message for EnumerateAlertFacets.", "properties": { "facets": { "type": "array", "items": { "$ref": "#/components/schemas/Facet" }, "description": "List of facets and the counts." } } }, "DataLeakAlertDetail": { "description": "Captures the specific details of Data Leak alert.", "properties": { "severity": { "description": "Required. The severity of the Data Leak alert.\nAllowed values are:\n* `LOW`\n* `MEDIUM`\n* `HIGH`\n* `CRITICAL`", "type": "string" }, "discoveryDocumentIds": { "description": "Required. Array of ids to accommodate multiple discovery documents", "type": "array", "items": { "type": "string" } } }, "type": "object", "required": [ "severity", "discoveryDocumentIds" ] }, "MarkAlertAsEscalatedRequest": { "type": "object", "description": "Request message for MarkAlertAsEscalated." }, "RelevanceLevel": { "x-google-enum-descriptions": [ "Default value, should never be set.", "Low Relevance.", "Medium Relevance.", "High Relevance." ], "type": "string", "enum": [ "RELEVANCE_LEVEL_UNSPECIFIED", "RELEVANCE_LEVEL_LOW", "RELEVANCE_LEVEL_MEDIUM", "RELEVANCE_LEVEL_HIGH" ] }, "ListConfigurationsResponse": { "description": "Response message for ListConfigurations.", "properties": { "configurations": { "description": "List of configurations.", "type": "array", "items": { "$ref": "#/components/schemas/Configuration" } }, "nextPageToken": { "type": "string", "description": "Page token." } }, "type": "object" }, "CustomerProfileCompany": { "type": "object", "required": [ "company" ], "description": "Company information for the customer profile.", "properties": { "company": { "type": "string", "description": "Required. The name of the company." }, "citationIds": { "description": "Optional. The citation ids for the company.", "type": "array", "items": { "type": "string" } } } }, "Operation": { "type": "object", "allOf": [ { "$ref": "#/components/schemas/BaseOperation" }, { "properties": { "metadata": { "type": "object", "description": "Service-specific metadata associated with the operation. It typically\ncontains progress information and common metadata such as create time.\nSome services might not provide such metadata. Any method that returns a\nlong-running operation should document the metadata type, if any.", "additionalProperties": { "description": "Properties of the object. Contains field @type with type URL." } }, "response": { "type": "object", "description": "The normal, successful response of the operation. If the original\nmethod returns no data on success, such as `Delete`, the response is\n`google.protobuf.Empty`. If the original method is standard\n`Get`/`Create`/`Update`, the response should be the resource. For other\nmethods, the response should have the type `XxxResponse`, where `Xxx`\nis the original method name. For example, if the original method name\nis `TakeSnapshot()`, the inferred response type is\n`TakeSnapshotResponse`.", "additionalProperties": { "description": "Properties of the object. Contains field @type with type URL." } } }, "type": "object" } ], "description": "This resource represents a long-running operation that is the result of a\nnetwork API call." }, "ConfigurationDetail": { "type": "object", "description": "Wrapper class that contains the union struct for all the various\nconfiguration detail specific classes.", "properties": { "customerProfile": { "allOf": [ { "$ref": "#/components/schemas/CustomerProfileConfig" } ], "description": "Customer Profile detail config." }, "detailType": { "readOnly": true, "type": "string", "description": "Output only. Name of the detail type. Will be set by the server during creation to the\nname of the field that is set in the detail union." } } }, "MarkAlertAsReadRequest": { "description": "Request message for MarkAlertAsRead.", "type": "object" }, "ListAlertsResponse": { "type": "object", "description": "Response message for ListAlerts.", "properties": { "nextPageToken": { "type": "string", "description": "Page token." }, "alerts": { "description": "List of alerts.", "type": "array", "items": { "$ref": "#/components/schemas/Alert" } } } }, "CustomerProfileSummary": { "description": "A summarized version of the customer profile.\nGenerated by the backend.", "properties": { "servicesSummary": { "description": "Optional. A narrative summary of services.", "allOf": [ { "$ref": "#/components/schemas/CustomerProfileCitedString" } ] }, "brands": { "description": "Optional. A narrative summary of brands.", "allOf": [ { "$ref": "#/components/schemas/CustomerProfileCitedString" } ] }, "primaryWebsite": { "allOf": [ { "$ref": "#/components/schemas/CustomerProfileCitedString" } ], "description": "Optional. The primary website of the customer." }, "keyPeopleSummary": { "description": "Optional. A narrative summary of key people.", "allOf": [ { "$ref": "#/components/schemas/CustomerProfileCitedString" } ] }, "parentCompany": { "allOf": [ { "$ref": "#/components/schemas/CustomerProfileCitedString" } ], "description": "Optional. The parent company of the customer." }, "title": { "description": "Optional. The official name of the customer.", "allOf": [ { "$ref": "#/components/schemas/CustomerProfileCitedString" } ] }, "productsSummary": { "allOf": [ { "$ref": "#/components/schemas/CustomerProfileCitedString" } ], "description": "Optional. A narrative summary of products." }, "founded": { "allOf": [ { "$ref": "#/components/schemas/CustomerProfileCitedString" } ], "description": "Optional. The date the customer was founded." }, "areaServed": { "allOf": [ { "$ref": "#/components/schemas/CustomerProfileCitedString" } ], "description": "Optional. The area the customer serves." }, "headquarters": { "allOf": [ { "$ref": "#/components/schemas/CustomerProfileCitedString" } ], "description": "Optional. The headquarters of the customer." }, "entityType": { "description": "Optional. The entity type of the customer.", "allOf": [ { "$ref": "#/components/schemas/CustomerProfileCitedString" } ] }, "industry": { "allOf": [ { "$ref": "#/components/schemas/CustomerProfileCitedString" } ], "description": "Optional. The industry the customer is in." } }, "type": "object" }, "Audit": { "description": "Tracks basic CRUD facts.", "properties": { "creator": { "description": "Output only. Agent that created or updated the record, could be a UserId or a JobId.", "type": "string", "readOnly": true }, "updateTime": { "readOnly": true, "type": "string", "format": "date-time", "description": "Output only. Time of creation or last update." }, "updater": { "readOnly": true, "type": "string", "description": "Output only. Agent that last updated the record, could be a UserId or a JobId." }, "createTime": { "description": "Output only. Time of creation.", "type": "string", "format": "date-time", "readOnly": true } }, "type": "object" }, "PriorityLevel": { "type": "string", "enum": [ "PRIORITY_LEVEL_UNSPECIFIED", "PRIORITY_LEVEL_LOW", "PRIORITY_LEVEL_MEDIUM", "PRIORITY_LEVEL_HIGH", "PRIORITY_LEVEL_CRITICAL" ], "x-google-enum-descriptions": [ "Default value, should never be set.", "Low Priority.", "Medium Priority.", "High Priority.", "Critical Priority." ] }, "MarkAlertAsNotActionableRequest": { "description": "Request message for MarkAlertAsNotActionable.", "type": "object" }, "InsiderThreatFindingDetail": { "type": "object", "required": [ "matchScore", "severity", "documentId" ], "description": "A detail object for a InsiderThreat finding.", "properties": { "matchScore": { "type": "number", "format": "float", "description": "Required. Reference to the match score of the InsiderThreat finding. This is a float\nvalue greater than 0 and less than or equal to 1 calculated by the matching\nengine based on the similarity of the document and the user provided\nconfigurations." }, "severity": { "type": "string", "enum": [ "SEVERITY_UNSPECIFIED", "LOW", "MEDIUM", "HIGH", "CRITICAL" ], "description": "Required. The severity of the InsiderThreat finding. This indicates the potential\nimpact of the threat.", "x-google-enum-descriptions": [ "Default value, should never be set.", "Low severity.", "Medium severity.", "High severity.", "Critical severity." ] }, "documentId": { "type": "string", "description": "Required. The unique identifier of the document that triggered the InsiderThreat\nfinding. This ID can be used to retrieve the content of the document for\nfurther analysis." } } }, "SeverityAnalysis": { "description": "Structured severity analysis for a threat.", "properties": { "confidence": { "allOf": [ { "$ref": "#/components/schemas/ConfidenceLevel" } ], "description": "The level of confidence in the given verdict." }, "reasoning": { "type": "string", "description": "Human-readable explanation from the model, detailing why a particular\nresult is considered to have a certain severity." }, "severityLevel": { "description": "The level of severity.", "allOf": [ { "$ref": "#/components/schemas/SeverityLevel" } ] } }, "type": "object" }, "AlertDetail": { "description": "Container for different types of alert details.", "properties": { "initialAccessBroker": { "allOf": [ { "$ref": "#/components/schemas/InitialAccessBrokerAlertDetail" } ], "description": "Initial Access Broker alert detail type." }, "insiderThreat": { "description": "Insider Threat alert detail type.", "allOf": [ { "$ref": "#/components/schemas/InsiderThreatAlertDetail" } ] }, "detailType": { "description": "Output only. Name of the detail type. Will be set by the server during creation to the\nname of the field that is set in the detail union.", "readOnly": true, "type": "string" }, "dataLeak": { "description": "Data Leak alert detail type.", "allOf": [ { "$ref": "#/components/schemas/DataLeakAlertDetail" } ] } }, "type": "object" }, "GenerateOrgProfileConfigurationRequest": { "description": "Request message for GenerateOrgProfileConfiguration.", "properties": { "domain": { "description": "Required. The domain of the organization to generate the profile for.", "type": "string" }, "displayName": { "description": "Required. The display name of the organization to generate the profile for.", "type": "string" } }, "type": "object", "required": [ "domain", "displayName" ] }, "InsiderThreatAlertDetail": { "type": "object", "required": [ "severity", "discoveryDocumentIds" ], "description": "Captures the specific details of InsiderThreat alert.", "properties": { "severity": { "type": "string", "description": "Required. The severity of the Insider Threat alert.\nAllowed values are:\n* `LOW`\n* `MEDIUM`\n* `HIGH`\n* `CRITICAL`" }, "discoveryDocumentIds": { "description": "Required. Array of ids to accommodate multiple discovery documents", "type": "array", "items": { "type": "string" } } } }, "GenerateOrgProfileConfigurationOperation": { "description": "This resource represents a long-running operation where metadata and response fields are strongly typed.", "type": "object", "allOf": [ { "$ref": "#/components/schemas/BaseOperation" }, { "type": "object", "properties": { "metadata": { "$ref": "#/components/schemas/OperationMetadata" }, "response": { "$ref": "#/components/schemas/Configuration" } } } ] }, "Facet": { "type": "object", "description": "Facet represents a sub element of a resource for filtering.\nThe results from this method are used to populate the filterable facets in\nthe UI.", "properties": { "facetType": { "description": "The type of the facet. Options include \"string\", \"int\", \"float\", \"bool\",\n\"enum\", \"timestamp\", \"user\" and are useful to show the right sort of\nUI controls when building a AIP-160 style filtering string.", "type": "string" }, "totalCount": { "type": "string", "format": "int64", "description": "Total number of records that contain this facet with ANY value." }, "minValue": { "type": "string", "description": "Min value of the facet stringified based on type. This is only populated\nfor facets that have a clear ordering, for types like enum it will be\nleft empty.\nTimestamps will be formatted using RFC3339." }, "facet": { "type": "string", "description": "Name of the facet. This is also the string that needs to be used in the\nfiltering expression." }, "maxValue": { "description": "Max value of the facet stringified based on type. Will be populated and\nformatted the same as min_value.", "type": "string" }, "facetCounts": { "type": "array", "items": { "$ref": "#/components/schemas/FacetCount" }, "description": "List of counts for the facet (if categorical)." } } }, "CustomerProfileContactInfo": { "type": "object", "description": "Contact information for the customer profile.", "properties": { "email": { "type": "string", "description": "The email address of the contact." }, "label": { "type": "string", "description": "Optional. The name of the contact." }, "other": { "type": "string", "description": "The other contact information." }, "citationIds": { "type": "array", "items": { "type": "string" }, "description": "Optional. The citation ids for the contact information." }, "phone": { "description": "The phone number of the contact.", "type": "string" }, "address": { "description": "The address of the contact.", "type": "string" } } }, "ConfigurationRevision": { "description": "A ConfigurationRevision is a snapshot of a Configuration at a point in time.\nIt is immutable.", "properties": { "snapshot": { "description": "The snapshot of the configuration", "allOf": [ { "$ref": "#/components/schemas/Configuration" } ] }, "createTime": { "readOnly": true, "type": "string", "format": "date-time", "description": "Output only. The time the Revision was created" }, "name": { "type": "string", "description": "Identifier. The name of the ConfigurationRevision\nFormat: projects//configurations//revisions/", "x-google-identifier": true } }, "type": "object" }, "Configuration": { "type": "object", "required": [ "provider", "detail" ], "description": "A configuration represents a behavior an engine should follow when producing\nnew findings.", "properties": { "provider": { "type": "string", "description": "Required. Name of the service that provides the configuration." }, "version": { "type": "string", "description": "Optional. A user-manipulatable version. Does not adhere to a specific format" }, "description": { "type": "string", "description": "Optional. A description of the configuration." }, "state": { "description": "Optional. State of the configuration.", "x-google-enum-descriptions": [ "Configuration state is unspecified. This is not expected to occur.", "Configuration is enabled for the customer.", "Configuration is disabled for the customer.", "Configuration is deprecated, no new configs are allowed to be created." ], "type": "string", "enum": [ "STATE_UNSPECIFIED", "ENABLED", "DISABLED", "DEPRECATED" ] }, "name": { "description": "Identifier. Server generated name for the configuration.\nformat is projects/{project}/configurations/{configuration}", "x-google-identifier": true, "type": "string" }, "displayName": { "description": "Output only. Human readable name for the configuration.", "readOnly": true, "type": "string" }, "audit": { "description": "Output only. Audit information for the configuration.", "allOf": [ { "$ref": "#/components/schemas/Audit" } ], "readOnly": true }, "detail": { "allOf": [ { "$ref": "#/components/schemas/ConfigurationDetail" } ], "description": "Required. Domain specific details for the configuration." } } }, "SeverityLevel": { "x-google-enum-descriptions": [ "Default value, should never be set.", "Low Severity.", "Medium Severity.", "High Severity." ], "type": "string", "enum": [ "SEVERITY_LEVEL_UNSPECIFIED", "SEVERITY_LEVEL_LOW", "SEVERITY_LEVEL_MEDIUM", "SEVERITY_LEVEL_HIGH" ] }, "FacetCount": { "type": "object", "description": "FacetCount represents a count of records with each facet value.", "properties": { "value": { "description": "Value of the facet stringified.\nTimestamps will be formatted using RFC3339.", "type": "string" }, "count": { "description": "Count of records with the value.", "type": "integer", "format": "int32" } } }, "MarkAlertAsBenignRequest": { "description": "Request message for MarkAlertAsBenign.", "type": "object" }, "CustomerProfileWebPresence": { "description": "Web presence information for the customer profile.", "properties": { "domain": { "type": "string", "description": "Required. The domain name of the web presence." }, "citationIds": { "description": "Optional. The citation ids for the web presence.", "type": "array", "items": { "type": "string" } } }, "type": "object", "required": [ "domain" ] }, "DataLeakFindingDetail": { "type": "object", "required": [ "matchScore", "severity", "documentId" ], "description": "A detail object for a Data Leak finding.", "properties": { "severity": { "type": "string", "enum": [ "SEVERITY_UNSPECIFIED", "LOW", "MEDIUM", "HIGH", "CRITICAL" ], "description": "Required. The severity of the Data Leak finding. This indicates the potential\nimpact of the threat.", "x-google-enum-descriptions": [ "Default value, should never be set.", "Low severity.", "Medium severity.", "High severity.", "Critical severity." ] }, "documentId": { "description": "Required. The unique identifier of the document that triggered the Data Leak finding.\nThis ID can be used to retrieve the content of the document for further\nanalysis.", "type": "string" }, "matchScore": { "description": "Required. Reference to the match score of the Data Leak finding. This is a float\nvalue greater than 0 and less than or equal to 1 calculated by the matching\nengine based on the similarity of the document and the user provided\nconfigurations.", "type": "number", "format": "float" } } }, "Evidence": { "type": "object", "description": "Details the evidence used to determine the relevance verdict.", "properties": { "distinctThemes": { "description": "A list of semantic themes or descriptions unique to one source or\nsemantically distant.", "type": "array", "items": { "type": "string" } }, "commonThemes": { "description": "A list of semantic themes or concepts found to be common, related, or\naligned between the sources, supporting the verdict.", "type": "array", "items": { "type": "string" } } } }, "CustomerProfileProduct": { "type": "object", "required": [ "product", "brand" ], "description": "Product information for the customer profile.", "properties": { "product": { "type": "string", "description": "Required. The name of the product." }, "brand": { "type": "string", "description": "Required. The brand of the product." }, "citationIds": { "description": "Optional. The citation ids for the product.", "type": "array", "items": { "type": "string" } } } }, "FindingDetail": { "type": "object", "description": "Wrapper class that contains the union struct for all the various findings\ndetail specific classes.", "properties": { "dataLeak": { "description": "Data Leak finding detail type.", "allOf": [ { "$ref": "#/components/schemas/DataLeakFindingDetail" } ] }, "initialAccessBroker": { "allOf": [ { "$ref": "#/components/schemas/InitialAccessBrokerFindingDetail" } ], "description": "Initial Access Broker finding detail type." }, "insiderThreat": { "description": "Insider Threat finding detail type.", "allOf": [ { "$ref": "#/components/schemas/InsiderThreatFindingDetail" } ] }, "detailType": { "description": "Output only. Name of the detail type. Will be set by the server during creation to the\nname of the field that is set in the detail union.", "readOnly": true, "type": "string" } } }, "RelevanceAnalysis": { "description": "Structured relevance analysis for a threat.", "properties": { "reasoning": { "type": "string", "description": "Human-readable explanation from the matcher, detailing why a particular\nresult is considered relevant or not relevant." }, "relevanceLevel": { "allOf": [ { "$ref": "#/components/schemas/RelevanceLevel" } ], "description": "The level of relevance." }, "evidence": { "description": "Evidence supporting the verdict, including matched and unmatched items.", "allOf": [ { "$ref": "#/components/schemas/Evidence" } ] }, "relevant": { "type": "boolean", "description": "Indicates whether the threat is considered relevant." }, "confidence": { "description": "The level of confidence in the given verdict.", "allOf": [ { "$ref": "#/components/schemas/ConfidenceLevel" } ] } }, "type": "object" }, "ConfidenceLevel": { "type": "string", "enum": [ "CONFIDENCE_LEVEL_UNSPECIFIED", "CONFIDENCE_LEVEL_LOW", "CONFIDENCE_LEVEL_MEDIUM", "CONFIDENCE_LEVEL_HIGH" ], "x-google-enum-descriptions": [ "Default value. Confidence level is not specified.", "Low confidence in the verdict.", "Medium confidence in the verdict.", "High confidence in the verdict." ] }, "Finding": { "description": "A ‘stateless’ and a point in time event that a check produced a result\nof interest.", "properties": { "severityAnalysis": { "description": "Output only. High-Precision Severity Analysis verdict for the finding.", "readOnly": true, "allOf": [ { "$ref": "#/components/schemas/SeverityAnalysis" } ] }, "alert": { "description": "Optional. Name of the alert that this finding is bound to.", "type": "string" }, "configurations": { "description": "Optional. Configuration names that are bound to this finding.", "type": "array", "items": { "type": "string" } }, "relevanceAnalysis": { "description": "Output only. High-Precision Relevance Analysis verdict for the finding.", "allOf": [ { "$ref": "#/components/schemas/RelevanceAnalysis" } ], "readOnly": true }, "name": { "description": "Identifier. Server generated name for the finding (leave clear during creation).\nFormat: projects/{project}/findings/{finding}", "x-google-identifier": true, "type": "string" }, "audit": { "readOnly": true, "allOf": [ { "$ref": "#/components/schemas/Audit" } ], "description": "Output only. Audit data about the finding." }, "provider": { "type": "string", "description": "Required. Logical source of this finding (name of the sub-engine)." }, "reoccurrenceTimes": { "description": "Output only. When identical finding (same labels and same details) has re-occurred.", "type": "array", "items": { "type": "string", "format": "date-time" }, "readOnly": true }, "severity": { "deprecated": true, "type": "number", "format": "float", "description": "Optional. Deprecated: Use the `severity_analysis` field instead.\nBase severity score from the finding source." }, "aiSummary": { "type": "string", "description": "Optional. AI summary of the finding." }, "displayName": { "type": "string", "description": "Required. A short descriptive title for the finding \u003c= 250 chars.\nEX: \"Actor 'baddy' offering $1000 for credentials of 'goodguy'\"." }, "detail": { "allOf": [ { "$ref": "#/components/schemas/FindingDetail" } ], "description": "Required. Holder of the domain specific details of the finding." } }, "type": "object", "required": [ "provider", "displayName", "detail" ] }, "CustomerProfileCitedString": { "description": "A string with citation ids.", "properties": { "value": { "type": "string", "description": "Required. The value of the string." }, "citationIds": { "type": "array", "items": { "type": "string" }, "description": "Optional. The citation ids for the string." } }, "type": "object", "required": [ "value" ] }, "InitialAccessBrokerFindingDetail": { "description": "A detail object for an Initial Access Broker (IAB) finding.", "properties": { "matchScore": { "description": "Required. Reference to the match score of the IAB finding. This is a float value\nbetween 0 and 1 calculated by the matching engine based on the similarity\nof the document and the user provided configurations.", "type": "number", "format": "float" }, "severity": { "description": "Required. The severity of the IAB finding. This indicates the potential\nimpact of the threat.", "x-google-enum-descriptions": [ "", "", "", "", "" ], "type": "string", "enum": [ "SEVERITY_UNSPECIFIED", "LOW", "MEDIUM", "HIGH", "CRITICAL" ] }, "documentId": { "type": "string", "description": "Required. The unique identifier of the document that triggered the IAB finding.\nThis ID can be used to retrieve the content of the document for further\nanalysis." } }, "type": "object", "required": [ "matchScore", "severity", "documentId" ] }, "SearchFindingsResponse": { "description": "Response message for SearchFindings.", "properties": { "findings": { "description": "List of findings.", "type": "array", "items": { "$ref": "#/components/schemas/Finding" } }, "nextPageToken": { "description": "Page token.", "type": "string" } }, "type": "object" }, "MarkAlertAsTriagedRequest": { "type": "object", "description": "Request message for MarkAlertAsTriaged." }, "CustomerProfileLocation": { "description": "Location information for the customer profile.", "properties": { "citationIds": { "type": "array", "items": { "type": "string" }, "description": "Optional. The citation ids for the location." }, "facilityType": { "description": "Optional. The type of location.", "type": "string" }, "brand": { "description": "Required. The brand of the location.", "type": "string" }, "address": { "description": "Required. The address of the location.", "type": "string" } }, "type": "object", "required": [ "brand", "address" ] }, "Alert": { "description": "Stateful object representing a group of Findings. Key feature to an Alert\nis that it expresses the user's intent towards the findings of that group,\neven those that haven't occurred yet.", "properties": { "displayName": { "description": "Output only. A short title for the alert.", "type": "string", "readOnly": true }, "detail": { "allOf": [ { "$ref": "#/components/schemas/AlertDetail" } ], "readOnly": true, "description": "Output only. Details object for the alert, not all alerts will have a details object." }, "findingCount": { "description": "Output only. The number of findings associated with this alert.", "type": "string", "format": "int64", "readOnly": true }, "aiSummary": { "type": "string", "description": "Optional. AI summary of the finding." }, "externalId": { "description": "Output only. External ID for the alert. This is used internally to provide protection\nagainst out of order updates.", "type": "string", "readOnly": true }, "severityAnalysis": { "description": "Output only. High-Precision Severity Analysis for the alert.", "readOnly": true, "allOf": [ { "$ref": "#/components/schemas/SeverityAnalysis" } ] }, "relevanceAnalysis": { "description": "Output only. High-Precision Relevance Analysis verdict for the alert.", "allOf": [ { "$ref": "#/components/schemas/RelevanceAnalysis" } ], "readOnly": true }, "name": { "description": "Identifier. Server generated name for the alert.\nformat is projects/{project}/alerts/{alert}", "x-google-identifier": true, "type": "string" }, "audit": { "description": "Output only. Audit information for the alert.", "allOf": [ { "$ref": "#/components/schemas/Audit" } ], "readOnly": true }, "priorityAnalysis": { "description": "Output only. High-Precision Priority Analysis for the alert.", "readOnly": true, "allOf": [ { "$ref": "#/components/schemas/PriorityAnalysis" } ] }, "duplicateOf": { "description": "Output only. alert name of the alert this alert is a duplicate of.\nFormat: projects/{project}/alerts/{alert}", "type": "string", "readOnly": true }, "duplicatedBy": { "type": "array", "items": { "type": "string" }, "readOnly": true, "description": "Output only. alert names of the alerts that are duplicates of this alert.\nFormat: projects/{project}/alerts/{alert}" }, "configurations": { "description": "Output only. The resource names of the Configurations bound to this alert.\nFormat: projects/{project}/configurations/{configuration}", "type": "array", "items": { "type": "string" }, "readOnly": true }, "etag": { "type": "string", "description": "Optional. If included when updating an alert, this should be set to the current etag\nof the alert. If the etags do not match, the update will be rejected and\nan ABORTED error will be returned." }, "state": { "readOnly": true, "type": "string", "enum": [ "STATE_UNSPECIFIED", "NEW", "READ", "TRIAGED", "ESCALATED", "RESOLVED", "DUPLICATE", "FALSE_POSITIVE", "NOT_ACTIONABLE", "BENIGN", "TRACKED_EXTERNALLY" ], "description": "Output only. State of the alert.", "x-google-enum-descriptions": [ "Default value, should never be set.", "alert is new.", "alert was read by a human.", "alert has been triaged.", "alert has been escalated.", "alert has been resolved.", "alert is a duplicate of another alert.", "alert is a false positive and should be ignored.", "alert is not actionable.", "alert is benign.", "alert is tracked externally." ] }, "findings": { "description": "Output only. Findings that are covered by this alert.", "readOnly": true, "type": "array", "items": { "type": "string" } } }, "type": "object" }, "ListConfigurationRevisionsResponse": { "description": "Response message for ListConfigurationRevisions.", "properties": { "nextPageToken": { "description": "A token, which can be sent as `page_token` to retrieve the next page.\nIf this field is omitted, there are no subsequent pages.", "type": "string" }, "revisions": { "type": "array", "items": { "$ref": "#/components/schemas/ConfigurationRevision" }, "description": "The Configuration Revisions associated with the specified Configuration" } }, "type": "object" } }, "securitySchemes": { "google_oauth_implicit": { "type": "oauth2", "flows": { "implicit": { "authorizationUrl": "https://accounts.google.com/o/oauth2/v2/auth", "scopes": { "https://www.googleapis.com/auth/cloud-platform": "See, edit, configure, and delete your Google Cloud data and see the email address for your Google Account." } } }, "description": "Google Oauth 2.0 implicit authentication flow." }, "bearer_auth": { "description": "Http bearer authentication.", "type": "http", "scheme": "bearer" }, "google_oauth_code": { "description": "Google Oauth 2.0 authorizationCode authentication flow.", "type": "oauth2", "flows": { "authorizationCode": { "authorizationUrl": "https://accounts.google.com/o/oauth2/v2/auth", "tokenUrl": "https://oauth2.googleapis.com/token", "refreshUrl": "https://oauth2.googleapis.com/token", "scopes": { "https://www.googleapis.com/auth/cloud-platform": "See, edit, configure, and delete your Google Cloud data and see the email address for your Google Account." } } } } } }, "paths": { "/v1beta/projects/{project}/alerts/{alert}/documents/{document}": { "parameters": [ { "$ref": "#/components/parameters/alt" }, { "$ref": "#/components/parameters/callback" }, { "$ref": "#/components/parameters/prettyPrint" }, { "$ref": "#/components/parameters/_.xgafv" } ], "get": { "description": "Gets a specific document associated with an alert.", "security": [ { "google_oauth_implicit": [ "https://www.googleapis.com/auth/cloud-platform" ] }, { "google_oauth_code": [ "https://www.googleapis.com/auth/cloud-platform" ] }, { "bearer_auth": [] } ], "parameters": [ { "schema": { "type": "string" }, "description": "Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122.", "required": true, "name": "project", "in": "path" }, { "schema": { "type": "string" }, "description": "Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122.", "required": true, "name": "alert", "in": "path" }, { "schema": { "type": "string" }, "description": "Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122.", "name": "document", "in": "path", "required": true } ], "responses": { "default": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AlertDocument" } } } } }, "operationId": "GetAlertDocument", "tags": [ "threatintelligence" ] } }, "/v1beta/projects/{project}/alerts/{alert}:trackExternally": { "parameters": [ { "$ref": "#/components/parameters/alt" }, { "$ref": "#/components/parameters/callback" }, { "$ref": "#/components/parameters/prettyPrint" }, { "$ref": "#/components/parameters/_.xgafv" } ], "post": { "operationId": "MarkAlertAsTrackedExternally", "description": "Marks an alert as tracked externally - TRACKED_EXTERNALLY.", "security": [ { "google_oauth_implicit": [ "https://www.googleapis.com/auth/cloud-platform" ] }, { "google_oauth_code": [ "https://www.googleapis.com/auth/cloud-platform" ] }, { "bearer_auth": [] } ], "parameters": [ { "required": true, "name": "project", "in": "path", "schema": { "type": "string" }, "description": "Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122." }, { "description": "Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122.", "schema": { "type": "string" }, "in": "path", "name": "alert", "required": true } ], "responses": { "default": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Alert" } } } } }, "requestBody": { "description": "The request body.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/MarkAlertAsTrackedExternallyRequest" } } } }, "tags": [ "threatintelligence" ] } }, "/v1beta/projects/{project}/configurations/{configuration}": { "parameters": [ { "$ref": "#/components/parameters/alt" }, { "$ref": "#/components/parameters/callback" }, { "$ref": "#/components/parameters/prettyPrint" }, { "$ref": "#/components/parameters/_.xgafv" } ], "get": { "description": "Get a configuration by name.", "security": [ { "google_oauth_implicit": [ "https://www.googleapis.com/auth/cloud-platform" ] }, { "google_oauth_code": [ "https://www.googleapis.com/auth/cloud-platform" ] }, { "bearer_auth": [] } ], "parameters": [ { "required": true, "name": "project", "in": "path", "schema": { "type": "string" }, "description": "Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122." }, { "required": true, "in": "path", "name": "configuration", "description": "Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122.", "schema": { "type": "string" } } ], "responses": { "default": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Configuration" } } } } }, "operationId": "GetConfiguration", "tags": [ "threatintelligence" ] } }, "/v1beta/projects/{project}/alerts/{alert}:duplicate": { "parameters": [ { "$ref": "#/components/parameters/alt" }, { "$ref": "#/components/parameters/callback" }, { "$ref": "#/components/parameters/prettyPrint" }, { "$ref": "#/components/parameters/_.xgafv" } ], "post": { "description": "Marks an alert as a duplicate of another alert. - DUPLICATE.", "security": [ { "google_oauth_implicit": [ "https://www.googleapis.com/auth/cloud-platform" ] }, { "google_oauth_code": [ "https://www.googleapis.com/auth/cloud-platform" ] }, { "bearer_auth": [] } ], "parameters": [ { "schema": { "type": "string" }, "description": "Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122.", "name": "project", "in": "path", "required": true }, { "in": "path", "name": "alert", "required": true, "description": "Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122.", "schema": { "type": "string" } } ], "responses": { "default": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Alert" } } } } }, "operationId": "MarkAlertAsDuplicate", "tags": [ "threatintelligence" ], "requestBody": { "description": "The request body.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/MarkAlertAsDuplicateRequest" } } } } } }, "/v1beta/projects/{project}/findings": { "parameters": [ { "$ref": "#/components/parameters/alt" }, { "$ref": "#/components/parameters/callback" }, { "$ref": "#/components/parameters/prettyPrint" }, { "$ref": "#/components/parameters/_.xgafv" } ], "get": { "tags": [ "threatintelligence" ], "operationId": "ListFindings", "description": "Get a list of findings that meet the filter criteria.\nThe `parent` field in ListFindingsRequest should have the format:\nprojects/{project}", "security": [ { "google_oauth_implicit": [ "https://www.googleapis.com/auth/cloud-platform" ] }, { "google_oauth_code": [ "https://www.googleapis.com/auth/cloud-platform" ] }, { "bearer_auth": [] } ], "parameters": [ { "name": "project", "in": "path", "required": true, "schema": { "type": "string" }, "description": "Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122." }, { "name": "filter", "schema": { "type": "string" }, "description": "Optional. Filter criteria.", "in": "query" }, { "description": "Optional. Order by criteria in the csv format: \"field1,field2 desc\" or\n\"field1,field2\" or \"field1 asc, field2\".", "in": "query", "name": "orderBy", "schema": { "type": "string" } }, { "name": "pageToken", "schema": { "type": "string" }, "description": "Optional. Page token.", "in": "query" }, { "name": "pageSize", "schema": { "type": "integer", "format": "int32" }, "description": "Optional. Page size.", "in": "query" } ], "responses": { "default": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ListFindingsResponse" } } } } } } }, "/v1beta/projects/{project}/alerts": { "parameters": [ { "$ref": "#/components/parameters/alt" }, { "$ref": "#/components/parameters/callback" }, { "$ref": "#/components/parameters/prettyPrint" }, { "$ref": "#/components/parameters/_.xgafv" } ], "get": { "tags": [ "threatintelligence" ], "operationId": "ListAlerts", "description": "Get a list of alerts that meet the filter criteria.", "security": [ { "google_oauth_implicit": [ "https://www.googleapis.com/auth/cloud-platform" ] }, { "google_oauth_code": [ "https://www.googleapis.com/auth/cloud-platform" ] }, { "bearer_auth": [] } ], "parameters": [ { "description": "Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122.", "schema": { "type": "string" }, "in": "path", "name": "project", "required": true }, { "name": "filter", "schema": { "type": "string" }, "description": "Optional. Filter criteria.\n\nSupported fields for filtering include:\n\n* `audit.create_time`\n* `audit.creator`\n* `audit.update_time`\n* `audit.updater`\n* `detail.data_leak.discovery_document_ids`\n* `detail.data_leak.severity`\n* `detail.detail_type`\n* `detail.initial_access_broker.discovery_document_ids`\n* `detail.initial_access_broker.severity`\n* `detail.insider_threat.discovery_document_ids`\n* `detail.insider_threat.severity`\n* `finding_count`\n* `priority_analysis.priority_level`\n* `relevance_analysis.confidence`\n* `relevance_analysis.relevance_level`\n* `relevance_analysis.relevant`\n* `severity_analysis.severity_level`\n* `state`\n\nExamples:\n\n* `detail.detail_type = \"initial_access_broker\"`\n* `detail.detail_type != \"data_leak\"`\n* `detail.insider_threat.severity = \"HIGH\"`\n* `audit.create_time \u003e= \"2026-04-03T00:00:00Z\" AND audit.create_time \u003c\n\"2026-04-06T00:00:00Z\"`\n* `state = \"NEW\" OR state = \"TRIAGED\"`\n* `severity_analysis.severity_level = \"SEVERITY_LEVEL_CRITICAL\"`", "in": "query" }, { "description": "Optional. Order by criteria in the csv format: \"field1, field2 desc\" or\n\"field1, field2\" or \"field1 asc, field2\". If a field is specified without\n`asc` or `desc`, ascending order is used by default. Supported fields for\nordering are identical to those supported for filtering.\n\nExamples:\n\n* `audit.create_time desc`\n* `audit.update_time asc`\n* `audit.create_time desc, severity_analysis.severity_level desc`", "in": "query", "name": "orderBy", "schema": { "type": "string" } }, { "name": "pageToken", "schema": { "type": "string" }, "description": "Optional. Page token to retrieve the next page of results.", "in": "query" }, { "description": "Optional. Page size. Default to 100 alerts per page. Maximum is 1000 alerts per page.", "in": "query", "name": "pageSize", "schema": { "type": "integer", "format": "int32" } } ], "responses": { "default": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ListAlertsResponse" } } } } } } }, "/v1beta/projects/{project}/alerts/{alert}:notActionable": { "parameters": [ { "$ref": "#/components/parameters/alt" }, { "$ref": "#/components/parameters/callback" }, { "$ref": "#/components/parameters/prettyPrint" }, { "$ref": "#/components/parameters/_.xgafv" } ], "post": { "description": "Marks an alert as not actionable - NOT_ACTIONABLE.", "security": [ { "google_oauth_implicit": [ "https://www.googleapis.com/auth/cloud-platform" ] }, { "google_oauth_code": [ "https://www.googleapis.com/auth/cloud-platform" ] }, { "bearer_auth": [] } ], "parameters": [ { "in": "path", "name": "project", "required": true, "description": "Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122.", "schema": { "type": "string" } }, { "schema": { "type": "string" }, "description": "Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122.", "name": "alert", "in": "path", "required": true } ], "responses": { "default": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Alert" } } } } }, "operationId": "MarkAlertAsNotActionable", "tags": [ "threatintelligence" ], "requestBody": { "description": "The request body.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/MarkAlertAsNotActionableRequest" } } } } } }, "/v1beta/projects/{project}/alerts/{alert}:benign": { "parameters": [ { "$ref": "#/components/parameters/alt" }, { "$ref": "#/components/parameters/callback" }, { "$ref": "#/components/parameters/prettyPrint" }, { "$ref": "#/components/parameters/_.xgafv" } ], "post": { "description": "Marks an alert as benign - BENIGN.", "security": [ { "google_oauth_implicit": [ "https://www.googleapis.com/auth/cloud-platform" ] }, { "google_oauth_code": [ "https://www.googleapis.com/auth/cloud-platform" ] }, { "bearer_auth": [] } ], "parameters": [ { "schema": { "type": "string" }, "description": "Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122.", "required": true, "name": "project", "in": "path" }, { "required": true, "name": "alert", "in": "path", "schema": { "type": "string" }, "description": "Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122." } ], "responses": { "default": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Alert" } } } } }, "operationId": "MarkAlertAsBenign", "tags": [ "threatintelligence" ], "requestBody": { "description": "The request body.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/MarkAlertAsBenignRequest" } } } } } }, "/v1beta/projects/{project}/configurations": { "get": { "operationId": "ListConfigurations", "description": "Get a list of configurations that meet the filter criteria.", "security": [ { "google_oauth_implicit": [ "https://www.googleapis.com/auth/cloud-platform" ] }, { "google_oauth_code": [ "https://www.googleapis.com/auth/cloud-platform" ] }, { "bearer_auth": [] } ], "parameters": [ { "required": true, "in": "path", "name": "project", "description": "Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122.", "schema": { "type": "string" } }, { "description": "Optional. Filter criteria.", "in": "query", "name": "filter", "schema": { "type": "string" } }, { "description": "Optional. Order by criteria in the csv format: \"field1,field2 desc\" or\n\"field1,field2\" or \"field1 asc, field2\".", "in": "query", "name": "orderBy", "schema": { "type": "string" } }, { "description": "Optional. Page token.", "in": "query", "name": "pageToken", "schema": { "type": "string" } }, { "description": "Optional. Page size.", "in": "query", "name": "pageSize", "schema": { "type": "integer", "format": "int32" } } ], "responses": { "default": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ListConfigurationsResponse" } } } } }, "tags": [ "threatintelligence" ] }, "parameters": [ { "$ref": "#/components/parameters/alt" }, { "$ref": "#/components/parameters/callback" }, { "$ref": "#/components/parameters/prettyPrint" }, { "$ref": "#/components/parameters/_.xgafv" } ] }, "/v1beta/projects/{project}/alerts/{alert}:escalate": { "parameters": [ { "$ref": "#/components/parameters/alt" }, { "$ref": "#/components/parameters/callback" }, { "$ref": "#/components/parameters/prettyPrint" }, { "$ref": "#/components/parameters/_.xgafv" } ], "post": { "requestBody": { "description": "The request body.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/MarkAlertAsEscalatedRequest" } } } }, "tags": [ "threatintelligence" ], "operationId": "MarkAlertAsEscalated", "description": "Marks an alert as escalated - ESCALATED.", "security": [ { "google_oauth_implicit": [ "https://www.googleapis.com/auth/cloud-platform" ] }, { "google_oauth_code": [ "https://www.googleapis.com/auth/cloud-platform" ] }, { "bearer_auth": [] } ], "parameters": [ { "required": true, "name": "project", "in": "path", "schema": { "type": "string" }, "description": "Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122." }, { "schema": { "type": "string" }, "description": "Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122.", "name": "alert", "in": "path", "required": true } ], "responses": { "default": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Alert" } } } } } } }, "/v1beta/projects/{project}/alerts/{alert}:falsePositive": { "parameters": [ { "$ref": "#/components/parameters/alt" }, { "$ref": "#/components/parameters/callback" }, { "$ref": "#/components/parameters/prettyPrint" }, { "$ref": "#/components/parameters/_.xgafv" } ], "post": { "tags": [ "threatintelligence" ], "requestBody": { "description": "The request body.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/MarkAlertAsFalsePositiveRequest" } } } }, "description": "Marks an alert as a false positive - FALSE_POSITIVE.", "security": [ { "google_oauth_implicit": [ "https://www.googleapis.com/auth/cloud-platform" ] }, { "google_oauth_code": [ "https://www.googleapis.com/auth/cloud-platform" ] }, { "bearer_auth": [] } ], "parameters": [ { "schema": { "type": "string" }, "description": "Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122.", "name": "project", "in": "path", "required": true }, { "name": "alert", "in": "path", "required": true, "schema": { "type": "string" }, "description": "Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122." } ], "responses": { "default": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Alert" } } } } }, "operationId": "MarkAlertAsFalsePositive" } }, "/v1beta/projects/{project}/configurations:upsert": { "parameters": [ { "$ref": "#/components/parameters/alt" }, { "$ref": "#/components/parameters/callback" }, { "$ref": "#/components/parameters/prettyPrint" }, { "$ref": "#/components/parameters/_.xgafv" } ], "post": { "description": "Creates or updates a configuration.", "security": [ { "google_oauth_implicit": [ "https://www.googleapis.com/auth/cloud-platform" ] }, { "google_oauth_code": [ "https://www.googleapis.com/auth/cloud-platform" ] }, { "bearer_auth": [] } ], "parameters": [ { "in": "path", "name": "project", "required": true, "description": "Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122.", "schema": { "type": "string" } }, { "description": "Optional. Time that the configuration should be considered to have been published.\nThis is an advanced feature used when onboarding and bulk loading data from\nother systems. Do not set this field without consulting with the API team.", "in": "query", "name": "publishTime", "schema": { "type": "string", "format": "date-time" } } ], "responses": { "default": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/UpsertConfigurationResponse" } } } } }, "operationId": "UpsertConfiguration", "tags": [ "threatintelligence" ], "requestBody": { "description": "Required. Configuration we are creating or updating.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Configuration" } } } } } }, "/v1beta/projects/{project}/alerts/{alert}": { "parameters": [ { "$ref": "#/components/parameters/alt" }, { "$ref": "#/components/parameters/callback" }, { "$ref": "#/components/parameters/prettyPrint" }, { "$ref": "#/components/parameters/_.xgafv" } ], "get": { "tags": [ "threatintelligence" ], "description": "Get an alert by name.", "security": [ { "google_oauth_implicit": [ "https://www.googleapis.com/auth/cloud-platform" ] }, { "google_oauth_code": [ "https://www.googleapis.com/auth/cloud-platform" ] }, { "bearer_auth": [] } ], "parameters": [ { "description": "Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122.", "schema": { "type": "string" }, "in": "path", "name": "project", "required": true }, { "required": true, "in": "path", "name": "alert", "description": "Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122.", "schema": { "type": "string" } } ], "responses": { "default": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Alert" } } } } }, "operationId": "GetAlert" } }, "/v1beta/projects/{project}/alerts/{alert}:read": { "parameters": [ { "$ref": "#/components/parameters/alt" }, { "$ref": "#/components/parameters/callback" }, { "$ref": "#/components/parameters/prettyPrint" }, { "$ref": "#/components/parameters/_.xgafv" } ], "post": { "description": "Marks an alert as read - READ.", "security": [ { "google_oauth_implicit": [ "https://www.googleapis.com/auth/cloud-platform" ] }, { "google_oauth_code": [ "https://www.googleapis.com/auth/cloud-platform" ] }, { "bearer_auth": [] } ], "parameters": [ { "name": "project", "in": "path", "required": true, "schema": { "type": "string" }, "description": "Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122." }, { "description": "Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122.", "schema": { "type": "string" }, "required": true, "in": "path", "name": "alert" } ], "responses": { "default": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Alert" } } } } }, "operationId": "MarkAlertAsRead", "tags": [ "threatintelligence" ], "requestBody": { "description": "The request body.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/MarkAlertAsReadRequest" } } } } } }, "/v1beta/projects/{project}/alerts/{alert}:triage": { "parameters": [ { "$ref": "#/components/parameters/alt" }, { "$ref": "#/components/parameters/callback" }, { "$ref": "#/components/parameters/prettyPrint" }, { "$ref": "#/components/parameters/_.xgafv" } ], "post": { "tags": [ "threatintelligence" ], "requestBody": { "description": "The request body.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/MarkAlertAsTriagedRequest" } } } }, "description": "Marks an alert as triaged - TRIAGED.", "security": [ { "google_oauth_implicit": [ "https://www.googleapis.com/auth/cloud-platform" ] }, { "google_oauth_code": [ "https://www.googleapis.com/auth/cloud-platform" ] }, { "bearer_auth": [] } ], "parameters": [ { "required": true, "in": "path", "name": "project", "description": "Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122.", "schema": { "type": "string" } }, { "required": true, "in": "path", "name": "alert", "description": "Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122.", "schema": { "type": "string" } } ], "responses": { "default": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Alert" } } } } }, "operationId": "MarkAlertAsTriaged" } }, "/v1beta/projects/{project}/alerts/{alert}:resolve": { "parameters": [ { "$ref": "#/components/parameters/alt" }, { "$ref": "#/components/parameters/callback" }, { "$ref": "#/components/parameters/prettyPrint" }, { "$ref": "#/components/parameters/_.xgafv" } ], "post": { "operationId": "MarkAlertAsResolved", "description": "Marks an alert to closed state - RESOLVED.", "security": [ { "google_oauth_implicit": [ "https://www.googleapis.com/auth/cloud-platform" ] }, { "google_oauth_code": [ "https://www.googleapis.com/auth/cloud-platform" ] }, { "bearer_auth": [] } ], "parameters": [ { "description": "Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122.", "schema": { "type": "string" }, "in": "path", "name": "project", "required": true }, { "description": "Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122.", "schema": { "type": "string" }, "required": true, "in": "path", "name": "alert" } ], "responses": { "default": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Alert" } } } } }, "requestBody": { "description": "The request body.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/MarkAlertAsResolvedRequest" } } } }, "tags": [ "threatintelligence" ] } }, "/v1beta/projects/{project}/findings:search": { "parameters": [ { "$ref": "#/components/parameters/alt" }, { "$ref": "#/components/parameters/callback" }, { "$ref": "#/components/parameters/prettyPrint" }, { "$ref": "#/components/parameters/_.xgafv" } ], "get": { "tags": [ "threatintelligence" ], "operationId": "SearchFindings", "description": "SearchFindings is a more powerful version of ListFindings that\nsupports complex queries like \"findings for alerts\" using functions such as\n`has_alert` in the query string.\nThe `parent` field in SearchFindingsRequest should have the format:\nprojects/{project}\nExample to search for findings for a specific issue:\n`has_alert(\"name=\\\"projects/gti-12345/alerts/alert-12345\\\"\")`", "security": [ { "google_oauth_implicit": [ "https://www.googleapis.com/auth/cloud-platform" ] }, { "google_oauth_code": [ "https://www.googleapis.com/auth/cloud-platform" ] }, { "bearer_auth": [] } ], "parameters": [ { "schema": { "type": "string" }, "description": "Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122.", "required": true, "name": "project", "in": "path" }, { "name": "query", "schema": { "type": "string" }, "description": "Optional. Query on what findings will be returned. This supports the same filter\ncriteria as FindingService.ListFindings as well as the following\nrelationship query `has_alert`.\nExample:\n - `has_alert(\"name=\\\"projects/gti-12345/alerts/alert-12345\\\"\")`", "in": "query" }, { "name": "orderBy", "schema": { "type": "string" }, "description": "Optional. Order by criteria in the csv format: \"field1,field2 desc\" or\n\"field1,field2\" or \"field1 asc, field2\".", "in": "query" }, { "description": "Optional. Page token.", "in": "query", "name": "pageToken", "schema": { "type": "string" } }, { "name": "pageSize", "schema": { "type": "integer", "format": "int32" }, "description": "Optional. Page size.", "in": "query" } ], "responses": { "default": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/SearchFindingsResponse" } } } } } } }, "/v1beta/projects/{project}/findings/{finding}": { "get": { "operationId": "GetFinding", "description": "Get a finding by name.\nThe `name` field should have the format:\n`projects/{project}/findings/{finding}`", "security": [ { "google_oauth_implicit": [ "https://www.googleapis.com/auth/cloud-platform" ] }, { "google_oauth_code": [ "https://www.googleapis.com/auth/cloud-platform" ] }, { "bearer_auth": [] } ], "parameters": [ { "schema": { "type": "string" }, "description": "Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122.", "required": true, "name": "project", "in": "path" }, { "description": "Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122.", "schema": { "type": "string" }, "required": true, "in": "path", "name": "finding" } ], "responses": { "default": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Finding" } } } } }, "tags": [ "threatintelligence" ] }, "parameters": [ { "$ref": "#/components/parameters/alt" }, { "$ref": "#/components/parameters/callback" }, { "$ref": "#/components/parameters/prettyPrint" }, { "$ref": "#/components/parameters/_.xgafv" } ] }, "/v1beta/projects/{project}/configurations/{configuration}/revisions": { "parameters": [ { "$ref": "#/components/parameters/alt" }, { "$ref": "#/components/parameters/callback" }, { "$ref": "#/components/parameters/prettyPrint" }, { "$ref": "#/components/parameters/_.xgafv" } ], "get": { "tags": [ "threatintelligence" ], "description": "List configuration revisions that meet the filter criteria.", "security": [ { "google_oauth_implicit": [ "https://www.googleapis.com/auth/cloud-platform" ] }, { "google_oauth_code": [ "https://www.googleapis.com/auth/cloud-platform" ] }, { "bearer_auth": [] } ], "parameters": [ { "description": "Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122.", "schema": { "type": "string" }, "in": "path", "name": "project", "required": true }, { "name": "configuration", "in": "path", "required": true, "schema": { "type": "string" }, "description": "Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122." }, { "name": "filter", "schema": { "type": "string" }, "description": "Optional. An AIP-160 filter string", "in": "query" }, { "name": "orderBy", "schema": { "type": "string" }, "description": "Optional. Specify ordering of response", "in": "query" }, { "name": "pageSize", "schema": { "type": "integer", "format": "int32" }, "description": "Optional. Page Size", "in": "query" }, { "description": "Optional. A page token provided by the API", "in": "query", "name": "pageToken", "schema": { "type": "string" } } ], "responses": { "default": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ListConfigurationRevisionsResponse" } } } } }, "operationId": "ListConfigurationRevisions" } }, "/v1beta/projects/{project}:generateOrgProfile": { "parameters": [ { "$ref": "#/components/parameters/alt" }, { "$ref": "#/components/parameters/callback" }, { "$ref": "#/components/parameters/prettyPrint" }, { "$ref": "#/components/parameters/_.xgafv" } ], "post": { "tags": [ "threatintelligence" ], "x-google-lro": "true", "requestBody": { "description": "The request body.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/GenerateOrgProfileConfigurationRequest" } } } }, "description": "Triggers the generation of a Customer Profile for a project.", "security": [ { "google_oauth_implicit": [ "https://www.googleapis.com/auth/cloud-platform" ] }, { "google_oauth_code": [ "https://www.googleapis.com/auth/cloud-platform" ] }, { "bearer_auth": [] } ], "parameters": [ { "in": "path", "name": "project", "required": true, "description": "Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122.", "schema": { "type": "string" } } ], "responses": { "default": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/GenerateOrgProfileConfigurationOperation" } } } } }, "operationId": "GenerateOrgProfileConfiguration" } }, "/v1beta/projects/{project}/alerts:enumerateFacets": { "parameters": [ { "$ref": "#/components/parameters/alt" }, { "$ref": "#/components/parameters/callback" }, { "$ref": "#/components/parameters/prettyPrint" }, { "$ref": "#/components/parameters/_.xgafv" } ], "get": { "operationId": "EnumerateAlertFacets", "description": "EnumerateAlertFacets returns the facets and the number of alerts that meet\nthe filter criteria and have that value for each facet.", "security": [ { "google_oauth_implicit": [ "https://www.googleapis.com/auth/cloud-platform" ] }, { "google_oauth_code": [ "https://www.googleapis.com/auth/cloud-platform" ] }, { "bearer_auth": [] } ], "parameters": [ { "schema": { "type": "string" }, "description": "Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122.", "required": true, "name": "project", "in": "path" }, { "description": "Optional. Filter on what alerts will be enumerated.", "in": "query", "name": "filter", "schema": { "type": "string" } } ], "responses": { "default": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/EnumerateAlertFacetsResponse" } } } } }, "tags": [ "threatintelligence" ] } } }, "servers": [ { "url": "https://threatintelligence.googleapis.com", "description": "Global Endpoint" }, { "description": "Regional Endpoint", "url": "https://threatintelligence.us-central1.rep.googleapis.com/", "x-google-endpoint-location": "us-central1" } ], "info": { "description": "threatintelligence.googleapis.com API.", "version": "v1beta", "title": "Threat Intelligence API", "x-google-revision": "20260503" }, "openapi": "3.0.3", "externalDocs": { "description": "Find more info here.", "url": "https://docs.cloud.google.com/threatintelligence/" } }