{ "components": { "securitySchemes": { "google_oauth_implicit": { "flows": { "implicit": { "scopes": { "https://www.googleapis.com/auth/cloud-platform": "See, edit, configure, and delete your Google Cloud data and see the email address for your Google Account." }, "authorizationUrl": "https://accounts.google.com/o/oauth2/v2/auth" } }, "type": "oauth2", "description": "Google Oauth 2.0 implicit authentication flow." }, "google_oauth_code": { "flows": { "authorizationCode": { "authorizationUrl": "https://accounts.google.com/o/oauth2/v2/auth", "tokenUrl": "https://oauth2.googleapis.com/token", "refreshUrl": "https://oauth2.googleapis.com/token", "scopes": { "https://www.googleapis.com/auth/cloud-platform": "See, edit, configure, and delete your Google Cloud data and see the email address for your Google Account." } } }, "description": "Google Oauth 2.0 authorizationCode authentication flow.", "type": "oauth2" }, "bearer_auth": { "type": "http", "description": "Http bearer authentication.", "scheme": "bearer" } }, "schemas": { "ListConfigurationsResponse": { "description": "Response message for ListConfigurations.", "properties": { "configurations": { "items": { "$ref": "#/components/schemas/Configuration" }, "type": "array", "description": "List of configurations." }, "nextPageToken": { "type": "string", "description": "Page token." } }, "type": "object" }, "UpsertConfigurationResponse": { "type": "object", "description": "Response message for UpsertConfiguration.", "properties": { "configuration": { "description": "Output only. Created configuration ID with server assigned id.", "readOnly": true, "type": "string" } } }, "ListAlertsResponse": { "description": "Response message for ListAlerts.", "properties": { "alerts": { "items": { "$ref": "#/components/schemas/Alert" }, "description": "List of alerts.", "type": "array" }, "nextPageToken": { "type": "string", "description": "Page token." } }, "type": "object" }, "CustomerProfileProduct": { "required": [ "product", "brand" ], "type": "object", "description": "Product information for the customer profile.", "properties": { "brand": { "description": "Required. The brand of the product.", "type": "string" }, "citationIds": { "type": "array", "description": "Optional. The citation ids for the product.", "items": { "type": "string" } }, "product": { "description": "Required. The name of the product.", "type": "string" } } }, "CustomerProfileWebPresence": { "description": "Web presence information for the customer profile.", "properties": { "domain": { "description": "Required. The domain name of the web presence.", "type": "string" }, "citationIds": { "description": "Optional. The citation ids for the web presence.", "type": "array", "items": { "type": "string" } } }, "type": "object", "required": [ "domain" ] }, "TechnologyWatchListAlertThreshold": { "type": "object", "description": "TechnologyWatchListAlertThreshold contains the thresholds for alerting.", "properties": { "exploitationStates": { "description": "Optional. The exploitation states of the alert.", "type": "array", "items": { "$ref": "#/components/schemas/ExploitationState" } }, "epssScoreMinimum": { "description": "Optional. The minimum epss score for the alert. Ex: 0.8. Valid range is [0.0, 1.0].", "type": "number", "format": "float" }, "priorityMinimum": { "type": "string", "enum": [ "PRIORITY_UNSPECIFIED", "P0", "P1", "P2", "P3", "P4" ], "description": "Optional. The minimum priority for the alert.", "x-google-enum-descriptions": [ "Unspecified priority.", "Priority level 0.", "Priority level 1.", "Priority level 2.", "Priority level 3.", "Priority level 4." ] }, "riskRatingMinimum": { "type": "string", "enum": [ "RISK_RATING_UNSPECIFIED", "LOW", "MEDIUM", "HIGH", "CRITICAL", "UNRATED" ], "description": "Optional. The minimum risk rating for the alert.", "x-google-enum-descriptions": [ "Unspecified risk rating. This is the default value when the risk rating\nis not set.", "Low risk rating.", "Medium risk rating.", "High risk rating.", "Critical risk rating.", "The vulnerability has been assessed, but a specific risk rating could\nnot be determined or assigned." ] }, "cvssScoreMinimum": { "format": "float", "type": "number", "description": "Optional. The minimum CVSS score for the alert. Evaluates to CVSS v3 when available\nwith a fallback to v2 and v4. Ex: 7.0. Valid range is [0.0, 10.0]." } } }, "GenerateOrgProfileConfigurationRequest": { "type": "object", "description": "Request message for GenerateOrgProfileConfiguration.", "properties": { "domain": { "type": "string", "description": "Required. The domain of the organization to generate the profile for." }, "displayName": { "description": "Required. The display name of the organization to generate the profile for.", "type": "string" } }, "required": [ "domain", "displayName" ] }, "TechnologyWatchListConfig": { "description": "TechnologyWatchListConfig is the configuration for the technology watchlist.", "properties": { "technologies": { "type": "array", "description": "Optional. List of vendor, technology or cpe fingerprint.\nexample:\n Microsoft office 360\n Apache Server 3.5\n cpe:2.3:a:microsoft:outlook:*:*:*:*:*:*:*:*", "items": { "type": "string" } }, "alertThreshold": { "description": "Optional. Alert thresholds to effectively reduce noise.", "allOf": [ { "$ref": "#/components/schemas/TechnologyWatchListAlertThreshold" } ] } }, "type": "object" }, "SeverityAnalysis": { "description": "Structured severity analysis for a threat.", "properties": { "severityLevel": { "allOf": [ { "$ref": "#/components/schemas/SeverityLevel" } ], "description": "The level of severity." }, "reasoning": { "type": "string", "description": "Human-readable explanation from the model, detailing why a particular\nresult is considered to have a certain severity." }, "confidence": { "allOf": [ { "$ref": "#/components/schemas/ConfidenceLevel" } ], "description": "The level of confidence in the given verdict." } }, "type": "object" }, "ListConfigurationRevisionsResponse": { "description": "Response message for ListConfigurationRevisions.", "properties": { "revisions": { "items": { "$ref": "#/components/schemas/ConfigurationRevision" }, "type": "array", "description": "The Configuration Revisions associated with the specified Configuration" }, "nextPageToken": { "type": "string", "description": "A token, which can be sent as `page_token` to retrieve the next page.\nIf this field is omitted, there are no subsequent pages." } }, "type": "object" }, "PriorityLevel": { "x-google-enum-descriptions": [ "Default value, should never be set.", "Low Priority.", "Medium Priority.", "High Priority.", "Critical Priority." ], "type": "string", "enum": [ "PRIORITY_LEVEL_UNSPECIFIED", "PRIORITY_LEVEL_LOW", "PRIORITY_LEVEL_MEDIUM", "PRIORITY_LEVEL_HIGH", "PRIORITY_LEVEL_CRITICAL" ] }, "SearchFindingsResponse": { "type": "object", "description": "Response message for SearchFindings.", "properties": { "findings": { "items": { "$ref": "#/components/schemas/Finding" }, "description": "List of findings.", "type": "array" }, "nextPageToken": { "description": "Page token.", "type": "string" } } }, "PublicExploit": { "required": [ "exploitName" ], "type": "object", "description": "Contains details about a public exploit.", "properties": { "uri": { "description": "Optional. The URI of the exploit.", "type": "string" }, "exploitReliability": { "x-google-enum-descriptions": [ "Unspecified exploit reliability.", "Confirmed exploit reliability.", "Uncorroborated exploit reliability.", "Unconfirmed exploit reliability." ], "type": "string", "enum": [ "EXPLOIT_RELIABILITY_UNSPECIFIED", "UNREVIEWED", "REVIEWED", "TESTED" ], "description": "Optional. The reliability of the exploit. Ex: \"Unreviewed\"." }, "sizeBytes": { "format": "int64", "type": "string", "description": "Optional. The size of the exploit." }, "exploitName": { "description": "Required. The name of the exploit. Ex: \"Magentounauth.php.txt\".", "type": "string" }, "releaseTime": { "description": "Optional. The release time of the exploit.", "type": "string", "format": "date-time" }, "exploitGrade": { "type": "string", "enum": [ "EXPLOIT_GRADE_UNSPECIFIED", "UNEVALUATED", "PROOF_OF_CONCEPT", "NON_WEAPONIZED", "WEAPONIZED", "SCANNER", "FAKE" ], "description": "Optional. The grade of the exploit. Ex: \"non-weaponized\".", "x-google-enum-descriptions": [ "Unspecified exploit grade.", "Unevaluated exploit grade.", "Proof-of-concept exploit grade.", "Non-weaponized exploit grade.", "Weaponized exploit grade.", "Scanner exploit grade.", "Fake exploit grade." ] } } }, "AlertDetail": { "type": "object", "description": "Container for different types of alert details.", "properties": { "initialAccessBroker": { "description": "Initial Access Broker alert detail type.", "allOf": [ { "$ref": "#/components/schemas/InitialAccessBrokerAlertDetail" } ] }, "targetTechnology": { "allOf": [ { "$ref": "#/components/schemas/TargetTechnologyAlertDetail" } ], "description": "Technology Watchlist alert detail type." }, "dataLeak": { "description": "Data Leak alert detail type.", "allOf": [ { "$ref": "#/components/schemas/DataLeakAlertDetail" } ] }, "insiderThreat": { "description": "Insider Threat alert detail type.", "allOf": [ { "$ref": "#/components/schemas/InsiderThreatAlertDetail" } ] }, "detailType": { "type": "string", "description": "Output only. Name of the detail type. Will be set by the server during creation to the\nname of the field that is set in the detail union.", "readOnly": true } } }, "CustomerProfileIndustry": { "required": [ "industry" ], "type": "object", "description": "Industry information for the customer profile.", "properties": { "citationIds": { "description": "Optional. The citation ids for the industry.", "type": "array", "items": { "type": "string" } }, "industry": { "description": "Required. The name of the industry.", "type": "string" } } }, "MarkAlertAsBenignRequest": { "type": "object", "description": "Request message for MarkAlertAsBenign." }, "TargetTechnologyAlertDetail": { "description": "Contains details for a technology watchlist alert.", "properties": { "vulnerabilityMatch": { "allOf": [ { "$ref": "#/components/schemas/VulnerabilityMatch" } ], "description": "Optional. The vulnerability match details." } }, "type": "object" }, "Finding": { "type": "object", "description": "A ‘stateless’ and a point in time event that a check produced a result\nof interest.", "properties": { "provider": { "description": "Required. Logical source of this finding (name of the sub-engine).", "type": "string" }, "detail": { "allOf": [ { "$ref": "#/components/schemas/FindingDetail" } ], "description": "Required. Holder of the domain specific details of the finding." }, "reoccurrenceTimes": { "description": "Output only. When identical finding (same labels and same details) has re-occurred.", "readOnly": true, "type": "array", "items": { "type": "string", "format": "date-time" } }, "name": { "type": "string", "description": "Identifier. Server generated name for the finding (leave clear during creation).\nFormat: projects/{project}/findings/{finding}", "x-google-identifier": true }, "audit": { "description": "Output only. Audit data about the finding.", "readOnly": true, "allOf": [ { "$ref": "#/components/schemas/Audit" } ] }, "configurations": { "items": { "type": "string" }, "description": "Optional. Configuration names that are bound to this finding.", "type": "array" }, "alert": { "description": "Optional. Name of the alert that this finding is bound to.", "type": "string" }, "severity": { "deprecated": true, "format": "float", "description": "Optional. Deprecated: Use the `severity_analysis` field instead.\nBase severity score from the finding source.", "type": "number" }, "relevanceAnalysis": { "description": "Output only. High-Precision Relevance Analysis verdict for the finding.", "readOnly": true, "allOf": [ { "$ref": "#/components/schemas/RelevanceAnalysis" } ] }, "severityAnalysis": { "allOf": [ { "$ref": "#/components/schemas/SeverityAnalysis" } ], "description": "Output only. High-Precision Severity Analysis verdict for the finding.", "readOnly": true }, "displayName": { "description": "Required. A short descriptive title for the finding \u003c= 250 chars.\nEX: \"Actor 'baddy' offering $1000 for credentials of 'goodguy'\".", "type": "string" }, "aiSummary": { "description": "Optional. AI summary of the finding.", "type": "string" } }, "required": [ "provider", "displayName", "detail" ] }, "InsiderThreatFindingDetail": { "required": [ "matchScore", "severity", "documentId" ], "description": "A detail object for a InsiderThreat finding.", "properties": { "matchScore": { "format": "float", "description": "Required. Reference to the match score of the InsiderThreat finding. This is a float\nvalue greater than 0 and less than or equal to 1 calculated by the matching\nengine based on the similarity of the document and the user provided\nconfigurations.", "type": "number" }, "severity": { "description": "Required. The severity of the InsiderThreat finding. This indicates the potential\nimpact of the threat.", "type": "string", "enum": [ "SEVERITY_UNSPECIFIED", "LOW", "MEDIUM", "HIGH", "CRITICAL" ], "x-google-enum-descriptions": [ "Default value, should never be set.", "Low severity.", "Medium severity.", "High severity.", "Critical severity." ] }, "documentId": { "description": "Required. The unique identifier of the document that triggered the InsiderThreat\nfinding. This ID can be used to retrieve the content of the document for\nfurther analysis.", "type": "string" } }, "type": "object" }, "CustomerProfileCitation": { "required": [ "citationId", "source", "document" ], "type": "object", "description": "Citation information for the customer profile.", "properties": { "uri": { "type": "string", "description": "Optional. The url of the citation." }, "retrievalTime": { "format": "date-time", "description": "The time the citation was retrieved.", "type": "string" }, "citationId": { "type": "string", "description": "Required. The citation id for the citation. Should be unique within the profile." }, "source": { "type": "string", "description": "Required. The source of the citation." }, "document": { "description": "Required. The name of the document the citation is from.", "type": "string" } } }, "MarkAlertAsResolvedRequest": { "description": "Request message for MarkAlertAsResolved.", "type": "object" }, "OperationMetadata": { "description": "Metadata for the long-running operation.", "properties": { "createTime": { "format": "date-time", "type": "string", "description": "The time the operation was created." }, "updateTime": { "format": "date-time", "type": "string", "description": "The time the operation was last updated." } }, "type": "object" }, "AlertDocumentTranslation": { "description": "The translation of an alert document.", "properties": { "translatedTitle": { "type": "string", "description": "Output only. The translated title of the document.", "readOnly": true }, "translatedContent": { "description": "Output only. The translated content of the document.", "readOnly": true, "type": "string" } }, "type": "object" }, "InitialAccessBrokerFindingDetail": { "type": "object", "description": "A detail object for an Initial Access Broker (IAB) finding.", "properties": { "documentId": { "description": "Required. The unique identifier of the document that triggered the IAB finding.\nThis ID can be used to retrieve the content of the document for further\nanalysis.", "type": "string" }, "matchScore": { "format": "float", "type": "number", "description": "Required. Reference to the match score of the IAB finding. This is a float value\nbetween 0 and 1 calculated by the matching engine based on the similarity\nof the document and the user provided configurations." }, "severity": { "x-google-enum-descriptions": [ "", "", "", "", "" ], "description": "Required. The severity of the IAB finding. This indicates the potential\nimpact of the threat.", "type": "string", "enum": [ "SEVERITY_UNSPECIFIED", "LOW", "MEDIUM", "HIGH", "CRITICAL" ] } }, "required": [ "matchScore", "severity", "documentId" ] }, "InitialAccessBrokerAlertDetail": { "type": "object", "description": "Captures the specific details of InitialAccessBroker (IAB) alert.", "properties": { "severity": { "description": "Required. The severity of the Initial Access Broker (IAB) alert.\nAllowed values are:\n* `LOW`\n* `MEDIUM`\n* `HIGH`\n* `CRITICAL`", "type": "string" }, "discoveryDocumentIds": { "type": "array", "description": "Required. Array of ids to accommodate multiple discovery documents", "items": { "type": "string" } } }, "required": [ "severity", "discoveryDocumentIds" ] }, "ThreatIntelObjectType": { "x-google-enum-descriptions": [ "Unspecified object type.", "Threat actor object type.", "Malware object type.", "Report object type.", "Campaign object type.", "IoC Collection object type.", "Software and toolkits object type.", "Vulnerability object type." ], "type": "string", "enum": [ "THREAT_INTEL_OBJECT_TYPE_UNSPECIFIED", "THREAT_INTEL_OBJECT_TYPE_THREAT_ACTOR", "THREAT_INTEL_OBJECT_TYPE_MALWARE", "THREAT_INTEL_OBJECT_TYPE_REPORT", "THREAT_INTEL_OBJECT_TYPE_CAMPAIGN", "THREAT_INTEL_OBJECT_TYPE_IOC_COLLECTION", "THREAT_INTEL_OBJECT_TYPE_SOFTWARE_AND_TOOLKITS", "THREAT_INTEL_OBJECT_TYPE_VULNERABILITY" ] }, "ProductFix": { "required": [ "displayName", "sourceId" ], "description": "Contains details about a product fix.", "properties": { "publishTime": { "format": "date-time", "description": "Optional. The published time of the fix.", "type": "string" }, "uri": { "type": "string", "description": "Optional. The URI of the fix." }, "displayName": { "type": "string", "description": "Required. The name of the fix. Ex: \"Magento\"." }, "sourceId": { "description": "Required. The source ID of the fix. Ex: \"APPSEC-1420\".", "type": "string" } }, "type": "object" }, "ExploitationState": { "x-google-enum-descriptions": [ "Unspecified exploitation state.", "No known exploitation.", "Exploitation has been reported.", "Exploitation is suspected.", "Exploitation is confirmed.", "Widespread exploitation." ], "type": "string", "enum": [ "EXPLOITATION_STATE_UNSPECIFIED", "EXPLOITATION_STATE_NO_KNOWN", "EXPLOITATION_STATE_REPORTED", "EXPLOITATION_STATE_SUSPECTED", "EXPLOITATION_STATE_CONFIRMED", "EXPLOITATION_STATE_WIDESPREAD" ] }, "CustomerProfileConfig": { "description": "CustomerProfileConfig is the configuration for the customer profile.", "properties": { "securityConsiderations": { "allOf": [ { "$ref": "#/components/schemas/CustomerProfileSecurityConsiderations" } ], "description": "Optional. Security considerations for the organization." }, "technologyPresence": { "description": "Optional. Technology presence of the organization.", "type": "string" }, "webPresences": { "description": "Optional. Web presence of the organization.", "type": "array", "items": { "$ref": "#/components/schemas/CustomerProfileWebPresence" } }, "citations": { "items": { "$ref": "#/components/schemas/CustomerProfileCitation" }, "description": "Optional. Citations for the organization profile.", "type": "array" }, "summary": { "description": "Optional. A summarized version of the customer profile.", "allOf": [ { "$ref": "#/components/schemas/CustomerProfileSummary" } ] }, "parentCompanies": { "description": "Optional. The parent companies of the organization.", "type": "array", "items": { "$ref": "#/components/schemas/CustomerProfileCompany" } }, "products": { "items": { "$ref": "#/components/schemas/CustomerProfileProduct" }, "type": "array", "description": "Optional. Product information for the organization." }, "contactInfo": { "description": "Optional. Contact information for the organization.", "type": "array", "items": { "$ref": "#/components/schemas/CustomerProfileContactInfo" } }, "executives": { "items": { "$ref": "#/components/schemas/CustomerProfilePerson" }, "type": "array", "description": "Optional. Executives of the organization." }, "locations": { "description": "Optional. Locations the organization is present or conducts business in.", "type": "array", "items": { "$ref": "#/components/schemas/CustomerProfileLocation" } }, "org": { "type": "string", "description": "Required. The name of the organization." }, "orgSummary": { "description": "Optional. A summary of the organization.", "type": "string" }, "industries": { "type": "array", "description": "Optional. The industries the organization is involved in.", "items": { "$ref": "#/components/schemas/CustomerProfileIndustry" } } }, "type": "object", "required": [ "org" ] }, "Operation": { "description": "This resource represents a long-running operation that is the result of a\nnetwork API call.", "type": "object", "allOf": [ { "$ref": "#/components/schemas/BaseOperation" }, { "properties": { "metadata": { "type": "object", "description": "Service-specific metadata associated with the operation. It typically\ncontains progress information and common metadata such as create time.\nSome services might not provide such metadata. Any method that returns a\nlong-running operation should document the metadata type, if any.", "additionalProperties": { "description": "Properties of the object. Contains field @type with type URL." } }, "response": { "type": "object", "description": "The normal, successful response of the operation. If the original\nmethod returns no data on success, such as `Delete`, the response is\n`google.protobuf.Empty`. If the original method is standard\n`Get`/`Create`/`Update`, the response should be the resource. For other\nmethods, the response should have the type `XxxResponse`, where `Xxx`\nis the original method name. For example, if the original method name\nis `TakeSnapshot()`, the inferred response type is\n`TakeSnapshotResponse`.", "additionalProperties": { "description": "Properties of the object. Contains field @type with type URL." } } }, "type": "object" } ] }, "ListFindingsResponse": { "description": "Response message for ListFindings.", "properties": { "findings": { "type": "array", "description": "List of findings.", "items": { "$ref": "#/components/schemas/Finding" } }, "nextPageToken": { "type": "string", "description": "Page token." } }, "type": "object" }, "MarkAlertAsEscalatedRequest": { "description": "Request message for MarkAlertAsEscalated.", "type": "object" }, "BaseOperation": { "description": "This resource represents a long-running operation that is the result of a\nnetwork API call.", "properties": { "done": { "description": "If the value is `false`, it means the operation is still in progress.\nIf `true`, the operation is completed, and either `error` or `response` is\navailable.", "type": "boolean" }, "name": { "description": "The server-assigned name, which is only unique within the same service that\noriginally returns it. If you use the default HTTP mapping, the\n`name` should be a resource name ending with `operations/{unique_id}`.", "type": "string" }, "error": { "description": "The error result of the operation in case of failure or cancellation.", "allOf": [ { "$ref": "#/components/schemas/Status" } ] } }, "type": "object" }, "CustomerProfileSummary": { "type": "object", "description": "A summarized version of the customer profile.\nGenerated by the backend.", "properties": { "keyPeopleSummary": { "allOf": [ { "$ref": "#/components/schemas/CustomerProfileCitedString" } ], "description": "Optional. A narrative summary of key people." }, "primaryWebsite": { "description": "Optional. The primary website of the customer.", "allOf": [ { "$ref": "#/components/schemas/CustomerProfileCitedString" } ] }, "title": { "description": "Optional. The official name of the customer.", "allOf": [ { "$ref": "#/components/schemas/CustomerProfileCitedString" } ] }, "productsSummary": { "allOf": [ { "$ref": "#/components/schemas/CustomerProfileCitedString" } ], "description": "Optional. A narrative summary of products." }, "servicesSummary": { "allOf": [ { "$ref": "#/components/schemas/CustomerProfileCitedString" } ], "description": "Optional. A narrative summary of services." }, "headquarters": { "allOf": [ { "$ref": "#/components/schemas/CustomerProfileCitedString" } ], "description": "Optional. The headquarters of the customer." }, "founded": { "description": "Optional. The date the customer was founded.", "allOf": [ { "$ref": "#/components/schemas/CustomerProfileCitedString" } ] }, "entityType": { "allOf": [ { "$ref": "#/components/schemas/CustomerProfileCitedString" } ], "description": "Optional. The entity type of the customer." }, "brands": { "description": "Optional. A narrative summary of brands.", "allOf": [ { "$ref": "#/components/schemas/CustomerProfileCitedString" } ] }, "industry": { "allOf": [ { "$ref": "#/components/schemas/CustomerProfileCitedString" } ], "description": "Optional. The industry the customer is in." }, "areaServed": { "description": "Optional. The area the customer serves.", "allOf": [ { "$ref": "#/components/schemas/CustomerProfileCitedString" } ] }, "parentCompany": { "description": "Optional. The parent company of the customer.", "allOf": [ { "$ref": "#/components/schemas/CustomerProfileCitedString" } ] } } }, "Facet": { "description": "Facet represents a sub element of a resource for filtering.\nThe results from this method are used to populate the filterable facets in\nthe UI.", "properties": { "minValue": { "description": "Min value of the facet stringified based on type. This is only populated\nfor facets that have a clear ordering, for types like enum it will be\nleft empty.\nTimestamps will be formatted using RFC3339.", "type": "string" }, "facet": { "type": "string", "description": "Name of the facet. This is also the string that needs to be used in the\nfiltering expression." }, "facetCounts": { "items": { "$ref": "#/components/schemas/FacetCount" }, "description": "List of counts for the facet (if categorical).", "type": "array" }, "facetType": { "description": "The type of the facet. Options include \"string\", \"int\", \"float\", \"bool\",\n\"enum\", \"timestamp\", \"user\" and are useful to show the right sort of\nUI controls when building a AIP-160 style filtering string.", "type": "string" }, "maxValue": { "description": "Max value of the facet stringified based on type. Will be populated and\nformatted the same as min_value.", "type": "string" }, "totalCount": { "description": "Total number of records that contain this facet with ANY value.", "type": "string", "format": "int64" } }, "type": "object" }, "Audit": { "description": "Tracks basic CRUD facts.", "properties": { "createTime": { "description": "Output only. Time of creation.", "readOnly": true, "type": "string", "format": "date-time" }, "updateTime": { "format": "date-time", "type": "string", "description": "Output only. Time of creation or last update.", "readOnly": true }, "creator": { "type": "string", "description": "Output only. Agent that created or updated the record, could be a UserId or a JobId.", "readOnly": true }, "updater": { "type": "string", "description": "Output only. Agent that last updated the record, could be a UserId or a JobId.", "readOnly": true } }, "type": "object" }, "Configuration": { "description": "A configuration represents a behavior an engine should follow when producing\nnew findings.", "properties": { "version": { "type": "string", "description": "Optional. A user-manipulatable version. Does not adhere to a specific format" }, "name": { "x-google-identifier": true, "type": "string", "description": "Identifier. Server generated name for the configuration.\nformat is projects/{project}/configurations/{configuration}" }, "audit": { "allOf": [ { "$ref": "#/components/schemas/Audit" } ], "description": "Output only. Audit information for the configuration.", "readOnly": true }, "etag": { "type": "string", "description": "If included when updating a configuration, this should be set to the\ncurrent etag of the configuration. If the etags do not match, the update\nwill be rejected and an ABORTED error will be returned." }, "state": { "description": "Optional. State of the configuration.", "type": "string", "enum": [ "STATE_UNSPECIFIED", "ENABLED", "DISABLED", "DEPRECATED" ], "x-google-enum-descriptions": [ "Configuration state is unspecified. This is not expected to occur.", "Configuration is enabled for the customer.", "Configuration is disabled for the customer.", "Configuration is deprecated, no new configs are allowed to be created." ] }, "provider": { "description": "Required. Name of the service that provides the configuration.", "type": "string" }, "detail": { "allOf": [ { "$ref": "#/components/schemas/ConfigurationDetail" } ], "description": "Required. Domain specific details for the configuration." }, "description": { "type": "string", "description": "Optional. A description of the configuration." }, "displayName": { "description": "Output only. Human readable name for the configuration.", "readOnly": true, "type": "string" } }, "type": "object", "required": [ "provider", "detail" ] }, "RelevanceLevel": { "type": "string", "enum": [ "RELEVANCE_LEVEL_UNSPECIFIED", "RELEVANCE_LEVEL_LOW", "RELEVANCE_LEVEL_MEDIUM", "RELEVANCE_LEVEL_HIGH" ], "x-google-enum-descriptions": [ "Default value, should never be set.", "Low Relevance.", "Medium Relevance.", "High Relevance." ] }, "MarkAlertAsFalsePositiveRequest": { "description": "Request message for MarkAlertAsFalsePositive.", "type": "object" }, "Alert": { "description": "Stateful object representing a group of Findings. Key feature to an Alert\nis that it expresses the user's intent towards the findings of that group,\neven those that haven't occurred yet.", "properties": { "externalId": { "type": "string", "description": "Output only. External ID for the alert. This is used internally to provide protection\nagainst out of order updates.", "readOnly": true }, "duplicateOf": { "type": "string", "description": "Output only. alert name of the alert this alert is a duplicate of.\nFormat: projects/{project}/alerts/{alert}", "readOnly": true }, "relevanceAnalysis": { "allOf": [ { "$ref": "#/components/schemas/RelevanceAnalysis" } ], "description": "Output only. High-Precision Relevance Analysis verdict for the alert.", "readOnly": true }, "findingCount": { "format": "int64", "type": "string", "description": "Output only. The number of findings associated with this alert.", "readOnly": true }, "name": { "x-google-identifier": true, "type": "string", "description": "Identifier. Server generated name for the alert.\nformat is projects/{project}/alerts/{alert}" }, "audit": { "description": "Output only. Audit information for the alert.", "readOnly": true, "allOf": [ { "$ref": "#/components/schemas/Audit" } ] }, "duplicatedBy": { "items": { "type": "string" }, "description": "Output only. alert names of the alerts that are duplicates of this alert.\nFormat: projects/{project}/alerts/{alert}", "readOnly": true, "type": "array" }, "configurations": { "description": "Output only. The resource names of the Configurations bound to this alert.\nFormat: projects/{project}/configurations/{configuration}", "readOnly": true, "type": "array", "items": { "type": "string" } }, "state": { "type": "string", "enum": [ "STATE_UNSPECIFIED", "NEW", "READ", "TRIAGED", "ESCALATED", "RESOLVED", "DUPLICATE", "FALSE_POSITIVE", "NOT_ACTIONABLE", "BENIGN", "TRACKED_EXTERNALLY" ], "description": "Output only. State of the alert.", "readOnly": true, "x-google-enum-descriptions": [ "Default value, should never be set.", "alert is new.", "alert was read by a human.", "alert has been triaged.", "alert has been escalated.", "alert has been resolved.", "alert is a duplicate of another alert.", "alert is a false positive and should be ignored.", "alert is not actionable.", "alert is benign.", "alert is tracked externally." ] }, "findings": { "items": { "type": "string" }, "type": "array", "description": "Output only. Findings that are covered by this alert.", "readOnly": true }, "aiSummary": { "type": "string", "description": "Optional. AI summary of the alert." }, "severityAnalysis": { "allOf": [ { "$ref": "#/components/schemas/SeverityAnalysis" } ], "description": "Output only. High-Precision Severity Analysis for the alert.", "readOnly": true }, "priorityAnalysis": { "allOf": [ { "$ref": "#/components/schemas/PriorityAnalysis" } ], "description": "Output only. High-Precision Priority Analysis for the alert.", "readOnly": true }, "displayName": { "description": "Output only. A short title for the alert.", "readOnly": true, "type": "string" }, "etag": { "description": "Optional. If included when updating an alert, this should be set to the current etag\nof the alert. If the etags do not match, the update will be rejected and\nan ABORTED error will be returned.", "type": "string" }, "detail": { "allOf": [ { "$ref": "#/components/schemas/AlertDetail" } ], "description": "Output only. Details object for the alert, not all alerts will have a details object.", "readOnly": true } }, "type": "object" }, "CustomerProfileContactInfo": { "description": "Contact information for the customer profile.", "properties": { "phone": { "type": "string", "description": "The phone number of the contact." }, "citationIds": { "type": "array", "description": "Optional. The citation ids for the contact information.", "items": { "type": "string" } }, "address": { "type": "string", "description": "The address of the contact." }, "other": { "description": "The other contact information.", "type": "string" }, "email": { "description": "The email address of the contact.", "type": "string" }, "label": { "type": "string", "description": "Optional. The name of the contact." } }, "type": "object" }, "CustomerProfileSecurityConsiderations": { "type": "object", "description": "Security considerations for the customer profile.", "properties": { "considerations": { "items": { "type": "string" }, "type": "array", "description": "Optional. A series of considerations for the security of the organization,\nsuch as \"high risk of compromise\" or \"vulnerable to cyberbullying\"." }, "note": { "type": "string", "description": "Optional. A note about the security considerations." } } }, "DataLeakAlertDetail": { "required": [ "severity", "discoveryDocumentIds" ], "description": "Captures the specific details of Data Leak alert.", "properties": { "severity": { "type": "string", "description": "Required. The severity of the Data Leak alert.\nAllowed values are:\n* `LOW`\n* `MEDIUM`\n* `HIGH`\n* `CRITICAL`" }, "discoveryDocumentIds": { "description": "Required. Array of ids to accommodate multiple discovery documents", "type": "array", "items": { "type": "string" } } }, "type": "object" }, "InsiderThreatAlertDetail": { "required": [ "severity", "discoveryDocumentIds" ], "type": "object", "description": "Captures the specific details of InsiderThreat alert.", "properties": { "severity": { "description": "Required. The severity of the Insider Threat alert.\nAllowed values are:\n* `LOW`\n* `MEDIUM`\n* `HIGH`\n* `CRITICAL`", "type": "string" }, "discoveryDocumentIds": { "items": { "type": "string" }, "description": "Required. Array of ids to accommodate multiple discovery documents", "type": "array" } } }, "ConfidenceLevel": { "type": "string", "enum": [ "CONFIDENCE_LEVEL_UNSPECIFIED", "CONFIDENCE_LEVEL_LOW", "CONFIDENCE_LEVEL_MEDIUM", "CONFIDENCE_LEVEL_HIGH" ], "x-google-enum-descriptions": [ "Default value. Confidence level is not specified.", "Low confidence in the verdict.", "Medium confidence in the verdict.", "High confidence in the verdict." ] }, "ConfigurationRevision": { "type": "object", "description": "A ConfigurationRevision is a snapshot of a Configuration at a point in time.\nIt is immutable.", "properties": { "createTime": { "format": "date-time", "type": "string", "description": "Output only. The time the Revision was created", "readOnly": true }, "snapshot": { "description": "The snapshot of the configuration", "allOf": [ { "$ref": "#/components/schemas/Configuration" } ] }, "name": { "x-google-identifier": true, "description": "Identifier. The name of the ConfigurationRevision\nFormat: projects//configurations//revisions/", "type": "string" } } }, "CustomerProfileCompany": { "required": [ "company" ], "type": "object", "description": "Company information for the customer profile.", "properties": { "company": { "type": "string", "description": "Required. The name of the company." }, "citationIds": { "items": { "type": "string" }, "type": "array", "description": "Optional. The citation ids for the company." } } }, "CustomerProfileLocation": { "type": "object", "description": "Location information for the customer profile.", "properties": { "brand": { "description": "Required. The brand of the location.", "type": "string" }, "citationIds": { "description": "Optional. The citation ids for the location.", "type": "array", "items": { "type": "string" } }, "facilityType": { "type": "string", "description": "Optional. The type of location." }, "address": { "type": "string", "description": "Required. The address of the location." } }, "required": [ "brand", "address" ] }, "ConfigurationDetail": { "description": "Wrapper class that contains the union struct for all the various\nconfiguration detail specific classes.", "properties": { "detailType": { "type": "string", "description": "Output only. Name of the detail type. Will be set by the server during creation to the\nname of the field that is set in the detail union.", "readOnly": true }, "technologyWatchlist": { "allOf": [ { "$ref": "#/components/schemas/TechnologyWatchListConfig" } ], "description": "Technology Watchlist detail config." }, "customerProfile": { "description": "Customer Profile detail config.", "allOf": [ { "$ref": "#/components/schemas/CustomerProfileConfig" } ] } }, "type": "object" }, "MarkAlertAsReadRequest": { "type": "object", "description": "Request message for MarkAlertAsRead." }, "EnumerateAlertFacetsResponse": { "type": "object", "description": "Response message for EnumerateAlertFacets.", "properties": { "facets": { "description": "List of facets and the counts.", "type": "array", "items": { "$ref": "#/components/schemas/Facet" } } } }, "AlertDocument": { "description": "A document that is associated with an alert.", "properties": { "languageCode": { "description": "Output only. The language code of the document.", "readOnly": true, "type": "string" }, "name": { "type": "string", "description": "Identifier. Server generated name for the alert document.\nformat is projects/{project}/alerts/{alert}/documents/{document}", "x-google-identifier": true }, "source": { "description": "Output only. Source of the intel item, e.g. DarkMarket.", "readOnly": true, "type": "string" }, "translation": { "allOf": [ { "$ref": "#/components/schemas/AlertDocumentTranslation" } ], "description": "Output only. The translation of the document, if available.", "readOnly": true }, "title": { "type": "string", "description": "Output only. The title of the document, if available.", "readOnly": true }, "sourceUpdateTime": { "format": "date-time", "description": "Output only. Time when the intel was last updated by the source.", "readOnly": true, "type": "string" }, "aiSummary": { "description": "Output only. AI summary of the document.", "readOnly": true, "type": "string" }, "sourceUri": { "type": "string", "description": "Output only. URI of the intel item from the source.", "readOnly": true }, "content": { "description": "Output only. The content of the document.", "readOnly": true, "type": "string" }, "collectionTime": { "format": "date-time", "description": "Output only. Time when the origin source collected the intel.", "readOnly": true, "type": "string" }, "author": { "description": "Output only. The author of the document.", "readOnly": true, "type": "string" }, "ingestTime": { "description": "Output only. Time when GTI received the intel.", "readOnly": true, "type": "string", "format": "date-time" }, "createTime": { "type": "string", "description": "Output only. The timestamp of the original external publication of the document.", "readOnly": true, "format": "date-time" } }, "type": "object" }, "FindingDetail": { "type": "object", "description": "Wrapper class that contains the union struct for all the various findings\ndetail specific classes.", "properties": { "insiderThreat": { "allOf": [ { "$ref": "#/components/schemas/InsiderThreatFindingDetail" } ], "description": "Insider Threat finding detail type." }, "detailType": { "description": "Output only. Name of the detail type. Will be set by the server during creation to the\nname of the field that is set in the detail union.", "readOnly": true, "type": "string" }, "dataLeak": { "allOf": [ { "$ref": "#/components/schemas/DataLeakFindingDetail" } ], "description": "Data Leak finding detail type." }, "initialAccessBroker": { "allOf": [ { "$ref": "#/components/schemas/InitialAccessBrokerFindingDetail" } ], "description": "Initial Access Broker finding detail type." }, "targetTechnology": { "description": "Technology Watchlist finding detail type.", "allOf": [ { "$ref": "#/components/schemas/TargetTechnologyFindingDetail" } ] } } }, "SeverityLevel": { "x-google-enum-descriptions": [ "Default value, should never be set.", "Low Severity.", "Medium Severity.", "High Severity." ], "type": "string", "enum": [ "SEVERITY_LEVEL_UNSPECIFIED", "SEVERITY_LEVEL_LOW", "SEVERITY_LEVEL_MEDIUM", "SEVERITY_LEVEL_HIGH" ] }, "CustomerProfilePerson": { "required": [ "name" ], "description": "Person information for the customer profile.", "properties": { "title": { "type": "string", "description": "Optional. The title of the person." }, "citationIds": { "items": { "type": "string" }, "description": "Optional. The citation ids for the person.", "type": "array" }, "name": { "description": "Required. The name of the person.", "type": "string" } }, "type": "object" }, "FacetCount": { "type": "object", "description": "FacetCount represents a count of records with each facet value.", "properties": { "count": { "format": "int32", "type": "integer", "description": "Count of records with the value." }, "value": { "type": "string", "description": "Value of the facet stringified.\nTimestamps will be formatted using RFC3339." } } }, "TargetTechnologyFindingDetail": { "description": "Contains details for a technology watchlist finding.", "properties": { "vulnerabilityMatch": { "allOf": [ { "$ref": "#/components/schemas/VulnerabilityMatch" } ], "description": "Optional. The vulnerability match details." } }, "type": "object" }, "Evidence": { "type": "object", "description": "Details the evidence used to determine the relevance verdict.", "properties": { "distinctThemes": { "description": "A list of semantic themes or descriptions unique to one source or\nsemantically distant.", "type": "array", "items": { "type": "string" } }, "commonThemes": { "description": "A list of semantic themes or concepts found to be common, related, or\naligned between the sources, supporting the verdict.", "type": "array", "items": { "type": "string" } } } }, "MarkAlertAsNotActionableRequest": { "type": "object", "description": "Request message for MarkAlertAsNotActionable." }, "GenerateOrgProfileConfigurationOperation": { "description": "This resource represents a long-running operation where metadata and response fields are strongly typed.", "type": "object", "allOf": [ { "$ref": "#/components/schemas/BaseOperation" }, { "type": "object", "properties": { "metadata": { "$ref": "#/components/schemas/OperationMetadata" }, "response": { "$ref": "#/components/schemas/Configuration" } } } ] }, "PriorityAnalysis": { "type": "object", "description": "Structured priority analysis for a threat.", "properties": { "priorityLevel": { "allOf": [ { "$ref": "#/components/schemas/PriorityLevel" } ], "description": "The level of Priority." }, "reasoning": { "type": "string", "description": "Human-readable explanation from the model, detailing why a particular\nresult is considered to have a certain priority." }, "confidence": { "description": "The level of confidence in the given verdict.", "allOf": [ { "$ref": "#/components/schemas/ConfidenceLevel" } ] } } }, "Association": { "required": [ "id", "type" ], "description": "Represents an association with a vulnerability.", "properties": { "type": { "allOf": [ { "$ref": "#/components/schemas/ThreatIntelObjectType" } ], "description": "Required. The type of the association." }, "id": { "type": "string", "description": "Required. The ID of the association." } }, "type": "object" }, "DataLeakFindingDetail": { "required": [ "matchScore", "severity", "documentId" ], "description": "A detail object for a Data Leak finding.", "properties": { "matchScore": { "type": "number", "description": "Required. Reference to the match score of the Data Leak finding. This is a float\nvalue greater than 0 and less than or equal to 1 calculated by the matching\nengine based on the similarity of the document and the user provided\nconfigurations.", "format": "float" }, "severity": { "description": "Required. The severity of the Data Leak finding. This indicates the potential\nimpact of the threat.", "type": "string", "enum": [ "SEVERITY_UNSPECIFIED", "LOW", "MEDIUM", "HIGH", "CRITICAL" ], "x-google-enum-descriptions": [ "Default value, should never be set.", "Low severity.", "Medium severity.", "High severity.", "Critical severity." ] }, "documentId": { "description": "Required. The unique identifier of the document that triggered the Data Leak finding.\nThis ID can be used to retrieve the content of the document for further\nanalysis.", "type": "string" } }, "type": "object" }, "VulnerabilityMatch": { "required": [ "cveId", "collectionId", "description", "technologies", "cvss3Score", "riskRating", "exploitationState" ], "description": "Contains details about a vulnerability match.", "properties": { "associations": { "items": { "$ref": "#/components/schemas/Association" }, "description": "Optional. Associated threat actors, malware, etc. This is embedded as a snapshot\nbecause the details of the association at the time of the vulnerability\nmatch are important for context and reporting.", "type": "array" }, "priority": { "x-google-enum-descriptions": [ "Unspecified priority.", "Priority level 0.", "Priority level 1.", "Priority level 2.", "Priority level 3.", "Priority level 4." ], "description": "Optional. The priority level of the vulnerability data. Ex: \"P1\".", "type": "string", "enum": [ "PRIORITY_UNSPECIFIED", "P0", "P1", "P2", "P3", "P4" ] }, "cvss3Score": { "type": "number", "description": "Required. The CVSS score of the vulnerability. Evaluates to CVSS v3 when available\nwith a fallback to v2 and v4. Example: 6.4.", "format": "float" }, "publiclyAvailableExploit": { "description": "Output only. Whether a publicly available exploit exists.", "readOnly": true, "type": "boolean" }, "publicExploits": { "description": "Optional. List of public exploits.", "type": "array", "items": { "$ref": "#/components/schemas/PublicExploit" } }, "cveId": { "description": "Required. The CVE ID of the vulnerability. Ex: \"CVE-2025-9876\".\nSee https://www.cve.org/ for more information.", "type": "string" }, "riskRating": { "x-google-enum-descriptions": [ "Unspecified risk rating. This is the default value when the risk rating\nis not set.", "Low risk rating.", "Medium risk rating.", "High risk rating.", "Critical risk rating.", "The vulnerability has been assessed, but a specific risk rating could\nnot be determined or assigned." ], "type": "string", "enum": [ "RISK_RATING_UNSPECIFIED", "LOW", "MEDIUM", "HIGH", "CRITICAL", "UNRATED" ], "description": "Required. The risk rating of the vulnerability." }, "matchedTechnologies": { "type": "array", "description": "Optional. The specific technologies from the configured watchlist that triggered the\nmatch. Ex: \"Apache Struts\".", "items": { "type": "string" } }, "exploitationState": { "description": "Required. The exploitation state of the vulnerability.", "allOf": [ { "$ref": "#/components/schemas/ExploitationState" } ] }, "epssScore": { "format": "float", "type": "number", "description": "Optional. The EPSS score, representing the probability of exploitation. Example:\n0.87." }, "exploitationConsequences": { "type": "array", "description": "Optional. List of exploitation consequences for the vulnerability.", "items": { "type": "string", "enum": [ "EXPLOITATION_CONSEQUENCE_UNSPECIFIED", "CODE_EXECUTION", "COMMAND_EXECUTION", "DATA_LOSS", "DATA_MANIPULATION", "DENIAL_OF_SERVICE", "INFORMATION_DISCLOSURE", "UNAUTHORIZED_ACCESS", "PRIVILEGE_ESCALATION", "SANDBOX_ESCAPE", "SECURITY_BYPASS", "CONTAINER_ESCAPE", "SPOOFING" ], "x-google-enum-descriptions": [ "Unspecified exploitation consequence.", "Code execution consequence.", "Command execution consequence.", "Data loss consequence.", "Data manipulation consequence.", "Denial-of-Service consequence.", "Information disclosure consequence.", "Unauthorized access consequence.", "Privilege escalation consequence.", "Sandbox escape consequence.", "Security bypass consequence.", "Container escape consequence.", "Spoofing consequence." ] } }, "collectionId": { "type": "string", "description": "Required. The collection ID of the vulnerability.\nEx: \"vulnerability--cve-2025-9876\"." }, "technologies": { "description": "Required. All technologies affected by the vulnerability. Ex: \"Apache Struts\".", "type": "array", "items": { "type": "string" } }, "productFixes": { "items": { "$ref": "#/components/schemas/ProductFix" }, "description": "Optional. List of product fixes for the vulnerability.", "type": "array" }, "exploitationVectors": { "type": "array", "description": "Optional. List of exploitation vectors for the vulnerability.", "items": { "type": "string", "enum": [ "EXPLOITATION_VECTOR_UNSPECIFIED", "ADMINISTRATIVE_INTERFACE", "BLUETOOTH_ACCESS", "BROWSER", "COMPROMISED_COMMUNICATION_CHANNEL", "EMAIL", "EXPOSED_WEB_APPLICATION", "LOCAL_NETWORK_ACCESS", "MALICIOUS_APPLICATION", "MALICIOUS_FILE", "MALICIOUS_SERVER", "OPEN_PORT", "PHYSICAL_ACCESS", "SHORT_RANGE_RADIO", "UNSPECIFIED_LOCAL_VECTOR", "UNSPECIFIED_REMOTE_VECTOR", "VPN_ACCESS", "WIFI_ACCESS" ], "x-google-enum-descriptions": [ "Unspecified exploitation vector.", "Administrative interface vector.", "Bluetooth access vector.", "Browser vector.", "Compromised communication channel vector.", "Email vector.", "Exposed web application vector.", "Local network access vector.", "Malicious application vector.", "Malicious file vector.", "Malicious server vector.", "Open port vector.", "Physical access vector.", "Short range radio vector.", "Unspecified local vector.", "Unspecified remote vector.", "VPN access vector.", "WiFi access vector." ] } }, "disclosureTime": { "type": "string", "description": "Optional. The disclosure time of the vulnerability.", "format": "date-time" }, "description": { "description": "Required. A description of the vulnerability.", "type": "string" } }, "type": "object" }, "MarkAlertAsTriagedRequest": { "description": "Request message for MarkAlertAsTriaged.", "type": "object" }, "MarkAlertAsTrackedExternallyRequest": { "type": "object", "description": "Request message for MarkAlertAsTrackedExternally." }, "MarkAlertAsDuplicateRequest": { "type": "object", "description": "Request message for MarkAlertAsDuplicate.", "properties": { "duplicateOf": { "description": "Optional. Name of the alert to mark as a duplicate of.\nFormat: projects/{project}/alerts/{alert}", "type": "string" } } }, "CustomerProfileCitedString": { "description": "A string with citation ids.", "properties": { "value": { "description": "Required. The value of the string.", "type": "string" }, "citationIds": { "items": { "type": "string" }, "description": "Optional. The citation ids for the string.", "type": "array" } }, "type": "object", "required": [ "value" ] }, "Status": { "type": "object", "description": "The `Status` type defines a logical error model that is suitable for\ndifferent programming environments, including REST APIs and RPC APIs. It is\nused by [gRPC](https://github.com/grpc). Each `Status` message contains\nthree pieces of data: error code, error message, and error details.\n\nYou can find out more about this error model and how to work with it in the\n[API Design Guide](https://cloud.google.com/apis/design/errors).", "properties": { "message": { "type": "string", "description": "A developer-facing error message, which should be in English. Any\nuser-facing error message should be localized and sent in the\ngoogle.rpc.Status.details field, or localized by the client." }, "details": { "type": "array", "description": "A list of messages that carry the error details. There is a common set of\nmessage types for APIs to use.", "items": { "additionalProperties": { "description": "Properties of the object. Contains field @type with type URL." }, "type": "object" } }, "code": { "format": "int32", "type": "integer", "description": "The status code, which should be an enum value of google.rpc.Code." } } }, "RelevanceAnalysis": { "type": "object", "description": "Structured relevance analysis for a threat.", "properties": { "relevanceLevel": { "allOf": [ { "$ref": "#/components/schemas/RelevanceLevel" } ], "description": "The level of relevance." }, "confidence": { "allOf": [ { "$ref": "#/components/schemas/ConfidenceLevel" } ], "description": "The level of confidence in the given verdict." }, "reasoning": { "description": "Human-readable explanation from the matcher, detailing why a particular\nresult is considered relevant or not relevant.", "type": "string" }, "relevant": { "type": "boolean", "description": "Indicates whether the threat is considered relevant." }, "evidence": { "allOf": [ { "$ref": "#/components/schemas/Evidence" } ], "description": "Evidence supporting the verdict, including matched and unmatched items." } } } }, "parameters": { "_.xgafv": { "name": "$.xgafv", "description": "V1 error format.", "schema": { "x-google-enum-descriptions": [ "v1 error format", "v2 error format" ], "enum": [ "1", "2" ], "type": "string" }, "in": "query" }, "alt": { "in": "query", "name": "$alt", "description": "Data format for response.", "schema": { "enum": [ "json", "media", "proto" ], "type": "string", "default": "json", "x-google-enum-descriptions": [ "Responses with Content-Type of application/json", "Media download with context-dependent Content-Type", "Responses with Content-Type of application/x-protobuf" ] } }, "callback": { "name": "$callback", "description": "JSONP", "schema": { "type": "string" }, "in": "query" }, "prettyPrint": { "name": "$prettyPrint", "description": "Returns response with indentations and line breaks.", "schema": { "default": "true", "type": "boolean" }, "in": "query" } } }, "info": { "title": "Threat Intelligence API", "version": "v1beta", "x-google-revision": "20260622", "description": "threatintelligence.googleapis.com API." }, "paths": { "/v1beta/projects/{project}/alerts/{alert}/documents/{document}": { "parameters": [ { "$ref": "#/components/parameters/alt" }, { "$ref": "#/components/parameters/callback" }, { "$ref": "#/components/parameters/prettyPrint" }, { "$ref": "#/components/parameters/_.xgafv" } ], "get": { "parameters": [ { "in": "path", "name": "project", "required": true, "description": "Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122.", "schema": { "type": "string" } }, { "in": "path", "name": "alert", "required": true, "description": "Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122.", "schema": { "type": "string" } }, { "name": "document", "in": "path", "description": "Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122.", "schema": { "type": "string" }, "required": true } ], "responses": { "default": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AlertDocument" } } } } }, "operationId": "GetAlertDocument", "tags": [ "threatintelligence" ], "security": [ { "google_oauth_implicit": [ "https://www.googleapis.com/auth/cloud-platform" ] }, { "google_oauth_code": [ "https://www.googleapis.com/auth/cloud-platform" ] }, { "bearer_auth": [] } ], "description": "Gets a specific document associated with an alert." } }, "/v1beta/projects/{project}:generateOrgProfile": { "parameters": [ { "$ref": "#/components/parameters/alt" }, { "$ref": "#/components/parameters/callback" }, { "$ref": "#/components/parameters/prettyPrint" }, { "$ref": "#/components/parameters/_.xgafv" } ], "post": { "requestBody": { "description": "The request body.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/GenerateOrgProfileConfigurationRequest" } } } }, "description": "Triggers the generation of a Customer Profile for a project.", "operationId": "GenerateOrgProfileConfiguration", "tags": [ "threatintelligence" ], "security": [ { "google_oauth_implicit": [ "https://www.googleapis.com/auth/cloud-platform" ] }, { "google_oauth_code": [ "https://www.googleapis.com/auth/cloud-platform" ] }, { "bearer_auth": [] } ], "parameters": [ { "description": "Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122.", "schema": { "type": "string" }, "required": true, "in": "path", "name": "project" } ], "x-google-lro": "true", "responses": { "default": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/GenerateOrgProfileConfigurationOperation" } } } } } } }, "/v1beta/projects/{project}/alerts/{alert}:trackExternally": { "parameters": [ { "$ref": "#/components/parameters/alt" }, { "$ref": "#/components/parameters/callback" }, { "$ref": "#/components/parameters/prettyPrint" }, { "$ref": "#/components/parameters/_.xgafv" } ], "post": { "responses": { "default": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Alert" } } } } }, "parameters": [ { "name": "project", "in": "path", "required": true, "description": "Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122.", "schema": { "type": "string" } }, { "required": true, "description": "Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122.", "schema": { "type": "string" }, "name": "alert", "in": "path" } ], "tags": [ "threatintelligence" ], "security": [ { "google_oauth_implicit": [ "https://www.googleapis.com/auth/cloud-platform" ] }, { "google_oauth_code": [ "https://www.googleapis.com/auth/cloud-platform" ] }, { "bearer_auth": [] } ], "operationId": "MarkAlertAsTrackedExternally", "description": "Marks an alert as tracked externally - TRACKED_EXTERNALLY.", "requestBody": { "description": "The request body.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/MarkAlertAsTrackedExternallyRequest" } } } } } }, "/v1beta/projects/{project}/findings:search": { "get": { "description": "SearchFindings is a more powerful version of ListFindings that\nsupports complex queries like \"findings for alerts\" using functions such as\n`has_alert` in the query string.\nThe `parent` field in SearchFindingsRequest should have the format:\nprojects/{project}\nExample to search for findings for a specific issue:\n`has_alert(\"name=\\\"projects/gti-12345/alerts/alert-12345\\\"\")`", "parameters": [ { "required": true, "description": "Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122.", "schema": { "type": "string" }, "in": "path", "name": "project" }, { "in": "query", "name": "query", "description": "Optional. Query on what findings will be returned. This supports the same filter\ncriteria as FindingService.ListFindings as well as the following\nrelationship query `has_alert`.\nExample:\n - `has_alert(\"name=\\\"projects/gti-12345/alerts/alert-12345\\\"\")`", "schema": { "type": "string" } }, { "name": "orderBy", "description": "Optional. Order by criteria in the csv format: \"field1,field2 desc\" or\n\"field1,field2\" or \"field1 asc, field2\".", "schema": { "type": "string" }, "in": "query" }, { "in": "query", "name": "pageToken", "description": "Optional. Page token.", "schema": { "type": "string" } }, { "name": "pageSize", "description": "Optional. Page size.", "schema": { "type": "integer", "format": "int32" }, "in": "query" } ], "responses": { "default": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/SearchFindingsResponse" } } } } }, "operationId": "SearchFindings", "tags": [ "threatintelligence" ], "security": [ { "google_oauth_implicit": [ "https://www.googleapis.com/auth/cloud-platform" ] }, { "google_oauth_code": [ "https://www.googleapis.com/auth/cloud-platform" ] }, { "bearer_auth": [] } ] }, "parameters": [ { "$ref": "#/components/parameters/alt" }, { "$ref": "#/components/parameters/callback" }, { "$ref": "#/components/parameters/prettyPrint" }, { "$ref": "#/components/parameters/_.xgafv" } ] }, "/v1beta/projects/{project}/alerts/{alert}:resolve": { "parameters": [ { "$ref": "#/components/parameters/alt" }, { "$ref": "#/components/parameters/callback" }, { "$ref": "#/components/parameters/prettyPrint" }, { "$ref": "#/components/parameters/_.xgafv" } ], "post": { "responses": { "default": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Alert" } } } } }, "parameters": [ { "description": "Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122.", "schema": { "type": "string" }, "required": true, "name": "project", "in": "path" }, { "in": "path", "name": "alert", "required": true, "description": "Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122.", "schema": { "type": "string" } } ], "tags": [ "threatintelligence" ], "security": [ { "google_oauth_implicit": [ "https://www.googleapis.com/auth/cloud-platform" ] }, { "google_oauth_code": [ "https://www.googleapis.com/auth/cloud-platform" ] }, { "bearer_auth": [] } ], "operationId": "MarkAlertAsResolved", "description": "Marks an alert to closed state - RESOLVED.", "requestBody": { "description": "The request body.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/MarkAlertAsResolvedRequest" } } } } } }, "/v1beta/projects/{project}/configurations:upsert": { "parameters": [ { "$ref": "#/components/parameters/alt" }, { "$ref": "#/components/parameters/callback" }, { "$ref": "#/components/parameters/prettyPrint" }, { "$ref": "#/components/parameters/_.xgafv" } ], "post": { "responses": { "default": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/UpsertConfigurationResponse" } } } } }, "parameters": [ { "name": "project", "in": "path", "required": true, "description": "Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122.", "schema": { "type": "string" } }, { "in": "query", "name": "publishTime", "description": "Optional. Time that the configuration should be considered to have been published.\nThis is an advanced feature used when onboarding and bulk loading data from\nother systems. Do not set this field without consulting with the API team.", "schema": { "type": "string", "format": "date-time" } } ], "tags": [ "threatintelligence" ], "security": [ { "google_oauth_implicit": [ "https://www.googleapis.com/auth/cloud-platform" ] }, { "google_oauth_code": [ "https://www.googleapis.com/auth/cloud-platform" ] }, { "bearer_auth": [] } ], "operationId": "UpsertConfiguration", "description": "Creates or updates a configuration.", "requestBody": { "description": "Required. Configuration we are creating or updating.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Configuration" } } } } } }, "/v1beta/projects/{project}/findings": { "get": { "description": "Get a list of findings that meet the filter criteria.\nThe `parent` field in ListFindingsRequest should have the format:\nprojects/{project}", "tags": [ "threatintelligence" ], "security": [ { "google_oauth_implicit": [ "https://www.googleapis.com/auth/cloud-platform" ] }, { "google_oauth_code": [ "https://www.googleapis.com/auth/cloud-platform" ] }, { "bearer_auth": [] } ], "operationId": "ListFindings", "responses": { "default": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ListFindingsResponse" } } } } }, "parameters": [ { "required": true, "description": "Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122.", "schema": { "type": "string" }, "in": "path", "name": "project" }, { "in": "query", "name": "filter", "description": "Optional. Filter criteria.", "schema": { "type": "string" } }, { "name": "orderBy", "description": "Optional. Order by criteria in the csv format: \"field1,field2 desc\" or\n\"field1,field2\" or \"field1 asc, field2\".", "schema": { "type": "string" }, "in": "query" }, { "name": "pageToken", "description": "Optional. Page token.", "schema": { "type": "string" }, "in": "query" }, { "in": "query", "name": "pageSize", "description": "Optional. Page size.", "schema": { "type": "integer", "format": "int32" } } ] }, "parameters": [ { "$ref": "#/components/parameters/alt" }, { "$ref": "#/components/parameters/callback" }, { "$ref": "#/components/parameters/prettyPrint" }, { "$ref": "#/components/parameters/_.xgafv" } ] }, "/v1beta/projects/{project}/alerts/{alert}:notActionable": { "parameters": [ { "$ref": "#/components/parameters/alt" }, { "$ref": "#/components/parameters/callback" }, { "$ref": "#/components/parameters/prettyPrint" }, { "$ref": "#/components/parameters/_.xgafv" } ], "post": { "requestBody": { "description": "The request body.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/MarkAlertAsNotActionableRequest" } } } }, "description": "Marks an alert as not actionable - NOT_ACTIONABLE.", "operationId": "MarkAlertAsNotActionable", "tags": [ "threatintelligence" ], "security": [ { "google_oauth_implicit": [ "https://www.googleapis.com/auth/cloud-platform" ] }, { "google_oauth_code": [ "https://www.googleapis.com/auth/cloud-platform" ] }, { "bearer_auth": [] } ], "parameters": [ { "in": "path", "name": "project", "description": "Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122.", "schema": { "type": "string" }, "required": true }, { "name": "alert", "in": "path", "description": "Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122.", "schema": { "type": "string" }, "required": true } ], "responses": { "default": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Alert" } } } } } } }, "/v1beta/projects/{project}/configurations/{configuration}": { "get": { "description": "Get a configuration by name.", "tags": [ "threatintelligence" ], "security": [ { "google_oauth_implicit": [ "https://www.googleapis.com/auth/cloud-platform" ] }, { "google_oauth_code": [ "https://www.googleapis.com/auth/cloud-platform" ] }, { "bearer_auth": [] } ], "operationId": "GetConfiguration", "responses": { "default": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Configuration" } } } } }, "parameters": [ { "required": true, "description": "Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122.", "schema": { "type": "string" }, "in": "path", "name": "project" }, { "description": "Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122.", "schema": { "type": "string" }, "required": true, "in": "path", "name": "configuration" } ] }, "parameters": [ { "$ref": "#/components/parameters/alt" }, { "$ref": "#/components/parameters/callback" }, { "$ref": "#/components/parameters/prettyPrint" }, { "$ref": "#/components/parameters/_.xgafv" } ] }, "/v1beta/projects/{project}/alerts/{alert}:triage": { "parameters": [ { "$ref": "#/components/parameters/alt" }, { "$ref": "#/components/parameters/callback" }, { "$ref": "#/components/parameters/prettyPrint" }, { "$ref": "#/components/parameters/_.xgafv" } ], "post": { "description": "Marks an alert as triaged - TRIAGED.", "requestBody": { "description": "The request body.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/MarkAlertAsTriagedRequest" } } } }, "responses": { "default": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Alert" } } } } }, "parameters": [ { "description": "Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122.", "schema": { "type": "string" }, "required": true, "name": "project", "in": "path" }, { "name": "alert", "in": "path", "required": true, "description": "Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122.", "schema": { "type": "string" } } ], "tags": [ "threatintelligence" ], "security": [ { "google_oauth_implicit": [ "https://www.googleapis.com/auth/cloud-platform" ] }, { "google_oauth_code": [ "https://www.googleapis.com/auth/cloud-platform" ] }, { "bearer_auth": [] } ], "operationId": "MarkAlertAsTriaged" } }, "/v1beta/projects/{project}/alerts/{alert}:falsePositive": { "parameters": [ { "$ref": "#/components/parameters/alt" }, { "$ref": "#/components/parameters/callback" }, { "$ref": "#/components/parameters/prettyPrint" }, { "$ref": "#/components/parameters/_.xgafv" } ], "post": { "requestBody": { "description": "The request body.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/MarkAlertAsFalsePositiveRequest" } } } }, "description": "Marks an alert as a false positive - FALSE_POSITIVE.", "operationId": "MarkAlertAsFalsePositive", "tags": [ "threatintelligence" ], "security": [ { "google_oauth_implicit": [ "https://www.googleapis.com/auth/cloud-platform" ] }, { "google_oauth_code": [ "https://www.googleapis.com/auth/cloud-platform" ] }, { "bearer_auth": [] } ], "parameters": [ { "required": true, "description": "Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122.", "schema": { "type": "string" }, "name": "project", "in": "path" }, { "description": "Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122.", "schema": { "type": "string" }, "required": true, "name": "alert", "in": "path" } ], "responses": { "default": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Alert" } } } } } } }, "/v1beta/projects/{project}/configurations/{configuration}/revisions": { "get": { "description": "List configuration revisions that meet the filter criteria.", "operationId": "ListConfigurationRevisions", "tags": [ "threatintelligence" ], "security": [ { "google_oauth_implicit": [ "https://www.googleapis.com/auth/cloud-platform" ] }, { "google_oauth_code": [ "https://www.googleapis.com/auth/cloud-platform" ] }, { "bearer_auth": [] } ], "parameters": [ { "description": "Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122.", "schema": { "type": "string" }, "required": true, "in": "path", "name": "project" }, { "in": "path", "name": "configuration", "description": "Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122.", "schema": { "type": "string" }, "required": true }, { "in": "query", "name": "filter", "description": "Optional. An AIP-160 filter string", "schema": { "type": "string" } }, { "in": "query", "name": "orderBy", "description": "Optional. Specify ordering of response", "schema": { "type": "string" } }, { "in": "query", "name": "pageSize", "description": "Optional. Page Size", "schema": { "type": "integer", "format": "int32" } }, { "name": "pageToken", "description": "Optional. A page token provided by the API", "schema": { "type": "string" }, "in": "query" } ], "responses": { "default": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ListConfigurationRevisionsResponse" } } } } } }, "parameters": [ { "$ref": "#/components/parameters/alt" }, { "$ref": "#/components/parameters/callback" }, { "$ref": "#/components/parameters/prettyPrint" }, { "$ref": "#/components/parameters/_.xgafv" } ] }, "/v1beta/projects/{project}/alerts:enumerateFacets": { "get": { "description": "EnumerateAlertFacets returns the facets and the number of alerts that meet\nthe filter criteria and have that value for each facet.", "operationId": "EnumerateAlertFacets", "tags": [ "threatintelligence" ], "security": [ { "google_oauth_implicit": [ "https://www.googleapis.com/auth/cloud-platform" ] }, { "google_oauth_code": [ "https://www.googleapis.com/auth/cloud-platform" ] }, { "bearer_auth": [] } ], "parameters": [ { "name": "project", "in": "path", "description": "Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122.", "schema": { "type": "string" }, "required": true }, { "name": "filter", "description": "Optional. Filter on what alerts will be enumerated.", "schema": { "type": "string" }, "in": "query" } ], "responses": { "default": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/EnumerateAlertFacetsResponse" } } } } } }, "parameters": [ { "$ref": "#/components/parameters/alt" }, { "$ref": "#/components/parameters/callback" }, { "$ref": "#/components/parameters/prettyPrint" }, { "$ref": "#/components/parameters/_.xgafv" } ] }, "/v1beta/projects/{project}/alerts": { "get": { "responses": { "default": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ListAlertsResponse" } } } } }, "parameters": [ { "description": "Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122.", "schema": { "type": "string" }, "required": true, "in": "path", "name": "project" }, { "in": "query", "name": "filter", "description": "Optional. Filter criteria.\n\nSupported fields for filtering include:\n\n* `audit.create_time`\n* `audit.creator`\n* `audit.update_time`\n* `audit.updater`\n* `detail.data_leak.discovery_document_ids`\n* `detail.data_leak.severity`\n* `detail.detail_type`\n* `detail.initial_access_broker.discovery_document_ids`\n* `detail.initial_access_broker.severity`\n* `detail.insider_threat.discovery_document_ids`\n* `detail.insider_threat.severity`\n* `finding_count`\n* `priority_analysis.priority_level`\n* `relevance_analysis.confidence`\n* `relevance_analysis.relevance_level`\n* `relevance_analysis.relevant`\n* `severity_analysis.severity_level`\n* `state`\n\nExamples:\n\n* `detail.detail_type = \"initial_access_broker\"`\n* `detail.detail_type != \"data_leak\"`\n* `detail.insider_threat.severity = \"HIGH\"`\n* `audit.create_time \u003e= \"2026-04-03T00:00:00Z\" AND audit.create_time \u003c\n\"2026-04-06T00:00:00Z\"`\n* `state = \"NEW\" OR state = \"TRIAGED\"`\n* `severity_analysis.severity_level = \"SEVERITY_LEVEL_CRITICAL\"`", "schema": { "type": "string" } }, { "name": "orderBy", "description": "Optional. Order by criteria in the csv format: \"field1, field2 desc\" or\n\"field1, field2\" or \"field1 asc, field2\". If a field is specified without\n`asc` or `desc`, ascending order is used by default. Supported fields for\nordering are identical to those supported for filtering.\n\nExamples:\n\n* `audit.create_time desc`\n* `audit.update_time asc`\n* `audit.create_time desc, severity_analysis.severity_level desc`", "schema": { "type": "string" }, "in": "query" }, { "in": "query", "name": "pageToken", "description": "Optional. Page token to retrieve the next page of results.", "schema": { "type": "string" } }, { "in": "query", "name": "pageSize", "description": "Optional. Page size. Default to 100 alerts per page. Maximum is 1000 alerts per page.", "schema": { "type": "integer", "format": "int32" } } ], "tags": [ "threatintelligence" ], "security": [ { "google_oauth_implicit": [ "https://www.googleapis.com/auth/cloud-platform" ] }, { "google_oauth_code": [ "https://www.googleapis.com/auth/cloud-platform" ] }, { "bearer_auth": [] } ], "operationId": "ListAlerts", "description": "Get a list of alerts that meet the filter criteria." }, "parameters": [ { "$ref": "#/components/parameters/alt" }, { "$ref": "#/components/parameters/callback" }, { "$ref": "#/components/parameters/prettyPrint" }, { "$ref": "#/components/parameters/_.xgafv" } ] }, "/v1beta/projects/{project}/alerts/{alert}:duplicate": { "parameters": [ { "$ref": "#/components/parameters/alt" }, { "$ref": "#/components/parameters/callback" }, { "$ref": "#/components/parameters/prettyPrint" }, { "$ref": "#/components/parameters/_.xgafv" } ], "post": { "description": "Marks an alert as a duplicate of another alert. - DUPLICATE.", "requestBody": { "description": "The request body.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/MarkAlertAsDuplicateRequest" } } } }, "responses": { "default": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Alert" } } } } }, "parameters": [ { "description": "Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122.", "schema": { "type": "string" }, "required": true, "in": "path", "name": "project" }, { "name": "alert", "in": "path", "description": "Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122.", "schema": { "type": "string" }, "required": true } ], "tags": [ "threatintelligence" ], "security": [ { "google_oauth_implicit": [ "https://www.googleapis.com/auth/cloud-platform" ] }, { "google_oauth_code": [ "https://www.googleapis.com/auth/cloud-platform" ] }, { "bearer_auth": [] } ], "operationId": "MarkAlertAsDuplicate" } }, "/v1beta/projects/{project}/findings/{finding}": { "get": { "description": "Get a finding by name.\nThe `name` field should have the format:\n`projects/{project}/findings/{finding}`", "tags": [ "threatintelligence" ], "security": [ { "google_oauth_implicit": [ "https://www.googleapis.com/auth/cloud-platform" ] }, { "google_oauth_code": [ "https://www.googleapis.com/auth/cloud-platform" ] }, { "bearer_auth": [] } ], "operationId": "GetFinding", "responses": { "default": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Finding" } } } } }, "parameters": [ { "description": "Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122.", "schema": { "type": "string" }, "required": true, "in": "path", "name": "project" }, { "name": "finding", "in": "path", "description": "Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122.", "schema": { "type": "string" }, "required": true } ] }, "parameters": [ { "$ref": "#/components/parameters/alt" }, { "$ref": "#/components/parameters/callback" }, { "$ref": "#/components/parameters/prettyPrint" }, { "$ref": "#/components/parameters/_.xgafv" } ] }, "/v1beta/projects/{project}/alerts/{alert}:read": { "parameters": [ { "$ref": "#/components/parameters/alt" }, { "$ref": "#/components/parameters/callback" }, { "$ref": "#/components/parameters/prettyPrint" }, { "$ref": "#/components/parameters/_.xgafv" } ], "post": { "requestBody": { "description": "The request body.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/MarkAlertAsReadRequest" } } } }, "description": "Marks an alert as read - READ.", "operationId": "MarkAlertAsRead", "tags": [ "threatintelligence" ], "security": [ { "google_oauth_implicit": [ "https://www.googleapis.com/auth/cloud-platform" ] }, { "google_oauth_code": [ "https://www.googleapis.com/auth/cloud-platform" ] }, { "bearer_auth": [] } ], "parameters": [ { "description": "Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122.", "schema": { "type": "string" }, "required": true, "in": "path", "name": "project" }, { "name": "alert", "in": "path", "description": "Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122.", "schema": { "type": "string" }, "required": true } ], "responses": { "default": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Alert" } } } } } } }, "/v1beta/projects/{project}/configurations": { "get": { "description": "Get a list of configurations that meet the filter criteria.", "responses": { "default": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ListConfigurationsResponse" } } } } }, "parameters": [ { "name": "project", "in": "path", "required": true, "description": "Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122.", "schema": { "type": "string" } }, { "name": "filter", "description": "Optional. Filter criteria.", "schema": { "type": "string" }, "in": "query" }, { "name": "orderBy", "description": "Optional. Order by criteria in the csv format: \"field1,field2 desc\" or\n\"field1,field2\" or \"field1 asc, field2\".", "schema": { "type": "string" }, "in": "query" }, { "name": "pageToken", "description": "Optional. Page token.", "schema": { "type": "string" }, "in": "query" }, { "name": "pageSize", "description": "Optional. Page size.", "schema": { "type": "integer", "format": "int32" }, "in": "query" } ], "tags": [ "threatintelligence" ], "security": [ { "google_oauth_implicit": [ "https://www.googleapis.com/auth/cloud-platform" ] }, { "google_oauth_code": [ "https://www.googleapis.com/auth/cloud-platform" ] }, { "bearer_auth": [] } ], "operationId": "ListConfigurations" }, "parameters": [ { "$ref": "#/components/parameters/alt" }, { "$ref": "#/components/parameters/callback" }, { "$ref": "#/components/parameters/prettyPrint" }, { "$ref": "#/components/parameters/_.xgafv" } ] }, "/v1beta/projects/{project}/alerts/{alert}:benign": { "parameters": [ { "$ref": "#/components/parameters/alt" }, { "$ref": "#/components/parameters/callback" }, { "$ref": "#/components/parameters/prettyPrint" }, { "$ref": "#/components/parameters/_.xgafv" } ], "post": { "tags": [ "threatintelligence" ], "security": [ { "google_oauth_implicit": [ "https://www.googleapis.com/auth/cloud-platform" ] }, { "google_oauth_code": [ "https://www.googleapis.com/auth/cloud-platform" ] }, { "bearer_auth": [] } ], "operationId": "MarkAlertAsBenign", "responses": { "default": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Alert" } } } } }, "parameters": [ { "in": "path", "name": "project", "required": true, "description": "Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122.", "schema": { "type": "string" } }, { "required": true, "description": "Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122.", "schema": { "type": "string" }, "in": "path", "name": "alert" } ], "description": "Marks an alert as benign - BENIGN.", "requestBody": { "description": "The request body.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/MarkAlertAsBenignRequest" } } } } } }, "/v1beta/projects/{project}/alerts/{alert}": { "parameters": [ { "$ref": "#/components/parameters/alt" }, { "$ref": "#/components/parameters/callback" }, { "$ref": "#/components/parameters/prettyPrint" }, { "$ref": "#/components/parameters/_.xgafv" } ], "get": { "parameters": [ { "description": "Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122.", "schema": { "type": "string" }, "required": true, "name": "project", "in": "path" }, { "required": true, "description": "Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122.", "schema": { "type": "string" }, "in": "path", "name": "alert" } ], "responses": { "default": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Alert" } } } } }, "operationId": "GetAlert", "tags": [ "threatintelligence" ], "security": [ { "google_oauth_implicit": [ "https://www.googleapis.com/auth/cloud-platform" ] }, { "google_oauth_code": [ "https://www.googleapis.com/auth/cloud-platform" ] }, { "bearer_auth": [] } ], "description": "Get an alert by name." } }, "/v1beta/projects/{project}/alerts/{alert}:escalate": { "parameters": [ { "$ref": "#/components/parameters/alt" }, { "$ref": "#/components/parameters/callback" }, { "$ref": "#/components/parameters/prettyPrint" }, { "$ref": "#/components/parameters/_.xgafv" } ], "post": { "parameters": [ { "in": "path", "name": "project", "required": true, "description": "Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122.", "schema": { "type": "string" } }, { "description": "Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122.", "schema": { "type": "string" }, "required": true, "in": "path", "name": "alert" } ], "responses": { "default": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Alert" } } } } }, "operationId": "MarkAlertAsEscalated", "tags": [ "threatintelligence" ], "security": [ { "google_oauth_implicit": [ "https://www.googleapis.com/auth/cloud-platform" ] }, { "google_oauth_code": [ "https://www.googleapis.com/auth/cloud-platform" ] }, { "bearer_auth": [] } ], "requestBody": { "description": "The request body.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/MarkAlertAsEscalatedRequest" } } } }, "description": "Marks an alert as escalated - ESCALATED." } } }, "servers": [ { "url": "https://threatintelligence.googleapis.com", "description": "Global Endpoint" }, { "url": "https://threatintelligence.us-central1.rep.googleapis.com/", "x-google-endpoint-location": "us-central1", "description": "Regional Endpoint" } ], "externalDocs": { "description": "Find more info here.", "url": "https://docs.cloud.google.com/threatintelligence/" }, "openapi": "3.0.3" }