{
  "rootUrl": "https://threatintelligence.googleapis.com/",
  "basePath": "",
  "auth": {
    "oauth2": {
      "scopes": {
        "https://www.googleapis.com/auth/cloud-platform": {
          "description": "See, edit, configure, and delete your Google Cloud data and see the email address for your Google Account."
        }
      }
    }
  },
  "baseUrl": "https://threatintelligence.googleapis.com/",
  "resources": {
    "projects": {
      "methods": {
        "generateOrgProfile": {
          "id": "threatintelligence.projects.generateOrgProfile",
          "parameters": {
            "name": {
              "description": "Required. The name of the project to generate the profile for. Format: projects/{project}",
              "location": "path",
              "required": true,
              "pattern": "^projects/[^/]+$",
              "type": "string"
            }
          },
          "flatPath": "v1beta/projects/{projectsId}:generateOrgProfile",
          "request": {
            "$ref": "GenerateOrgProfileConfigurationRequest"
          },
          "scopes": [
            "https://www.googleapis.com/auth/cloud-platform"
          ],
          "path": "v1beta/{+name}:generateOrgProfile",
          "parameterOrder": [
            "name"
          ],
          "httpMethod": "POST",
          "description": "Triggers the generation of a Customer Profile for a project.",
          "response": {
            "$ref": "Operation"
          }
        }
      },
      "resources": {
        "configurations": {
          "resources": {
            "revisions": {
              "methods": {
                "list": {
                  "response": {
                    "$ref": "ListConfigurationRevisionsResponse"
                  },
                  "parameterOrder": [
                    "parent"
                  ],
                  "httpMethod": "GET",
                  "description": "List configuration revisions that meet the filter criteria.",
                  "flatPath": "v1beta/projects/{projectsId}/configurations/{configurationsId}/revisions",
                  "scopes": [
                    "https://www.googleapis.com/auth/cloud-platform"
                  ],
                  "parameters": {
                    "orderBy": {
                      "description": "Optional. Specify ordering of response",
                      "location": "query",
                      "type": "string"
                    },
                    "pageToken": {
                      "description": "Optional. A page token provided by the API",
                      "location": "query",
                      "type": "string"
                    },
                    "pageSize": {
                      "type": "integer",
                      "description": "Optional. Page Size",
                      "format": "int32",
                      "location": "query"
                    },
                    "parent": {
                      "type": "string",
                      "description": "Required. The name of the Configuration to retrieve Revisions for",
                      "location": "path",
                      "required": true,
                      "pattern": "^projects/[^/]+/configurations/[^/]+$"
                    },
                    "filter": {
                      "location": "query",
                      "description": "Optional. An AIP-160 filter string",
                      "type": "string"
                    }
                  },
                  "path": "v1beta/{+parent}/revisions",
                  "id": "threatintelligence.projects.configurations.revisions.list"
                }
              }
            }
          },
          "methods": {
            "get": {
              "response": {
                "$ref": "Configuration"
              },
              "parameterOrder": [
                "name"
              ],
              "httpMethod": "GET",
              "description": "Get a configuration by name.",
              "flatPath": "v1beta/projects/{projectsId}/configurations/{configurationsId}",
              "scopes": [
                "https://www.googleapis.com/auth/cloud-platform"
              ],
              "parameters": {
                "name": {
                  "pattern": "^projects/[^/]+/configurations/[^/]+$",
                  "location": "path",
                  "required": true,
                  "description": "Required. Name of the configuration to get. Format: vaults/{vault}/configurations/{configuration}",
                  "type": "string"
                }
              },
              "path": "v1beta/{+name}",
              "id": "threatintelligence.projects.configurations.get"
            },
            "list": {
              "flatPath": "v1beta/projects/{projectsId}/configurations",
              "scopes": [
                "https://www.googleapis.com/auth/cloud-platform"
              ],
              "parameters": {
                "orderBy": {
                  "type": "string",
                  "description": "Optional. Order by criteria in the csv format: \"field1,field2 desc\" or \"field1,field2\" or \"field1 asc, field2\".",
                  "location": "query"
                },
                "parent": {
                  "type": "string",
                  "pattern": "^projects/[^/]+$",
                  "location": "path",
                  "required": true,
                  "description": "Required. Parent of the configuration. Format: vaults/{vault}"
                },
                "filter": {
                  "type": "string",
                  "location": "query",
                  "description": "Optional. Filter criteria."
                },
                "pageSize": {
                  "type": "integer",
                  "location": "query",
                  "description": "Optional. Page size.",
                  "format": "int32"
                },
                "pageToken": {
                  "location": "query",
                  "description": "Optional. Page token.",
                  "type": "string"
                }
              },
              "path": "v1beta/{+parent}/configurations",
              "id": "threatintelligence.projects.configurations.list",
              "response": {
                "$ref": "ListConfigurationsResponse"
              },
              "parameterOrder": [
                "parent"
              ],
              "httpMethod": "GET",
              "description": "Get a list of configurations that meet the filter criteria."
            },
            "upsert": {
              "parameters": {
                "parent": {
                  "type": "string",
                  "pattern": "^projects/[^/]+$",
                  "description": "Required. Parent of the configuration.",
                  "location": "path",
                  "required": true
                },
                "publishTime": {
                  "location": "query",
                  "description": "Optional. Time that the configuration should be considered to have been published. This is an advanced feature used when onboarding and bulk loading data from other systems. Do not set this field without consulting with the API team.",
                  "format": "google-datetime",
                  "type": "string"
                }
              },
              "flatPath": "v1beta/projects/{projectsId}/configurations:upsert",
              "request": {
                "$ref": "Configuration"
              },
              "scopes": [
                "https://www.googleapis.com/auth/cloud-platform"
              ],
              "path": "v1beta/{+parent}/configurations:upsert",
              "id": "threatintelligence.projects.configurations.upsert",
              "response": {
                "$ref": "UpsertConfigurationResponse"
              },
              "parameterOrder": [
                "parent"
              ],
              "httpMethod": "POST",
              "description": "Creates or updates a configuration."
            }
          }
        },
        "alerts": {
          "resources": {
            "documents": {
              "methods": {
                "get": {
                  "id": "threatintelligence.projects.alerts.documents.get",
                  "flatPath": "v1beta/projects/{projectsId}/alerts/{alertsId}/documents/{documentsId}",
                  "scopes": [
                    "https://www.googleapis.com/auth/cloud-platform"
                  ],
                  "parameters": {
                    "name": {
                      "pattern": "^projects/[^/]+/alerts/[^/]+/documents/[^/]+$",
                      "location": "path",
                      "required": true,
                      "description": "Required. Name of the alert document to get. Format: projects/{project}/alerts/{alert}/documents/{document}",
                      "type": "string"
                    }
                  },
                  "path": "v1beta/{+name}",
                  "parameterOrder": [
                    "name"
                  ],
                  "httpMethod": "GET",
                  "description": "Gets a specific document associated with an alert.",
                  "response": {
                    "$ref": "AlertDocument"
                  }
                }
              }
            }
          },
          "methods": {
            "get": {
              "response": {
                "$ref": "Alert"
              },
              "httpMethod": "GET",
              "description": "Get an alert by name.",
              "parameterOrder": [
                "name"
              ],
              "path": "v1beta/{+name}",
              "flatPath": "v1beta/projects/{projectsId}/alerts/{alertsId}",
              "scopes": [
                "https://www.googleapis.com/auth/cloud-platform"
              ],
              "parameters": {
                "name": {
                  "pattern": "^projects/[^/]+/alerts/[^/]+$",
                  "description": "Required. Name of the alert to get. Format: projects/{project}/alerts/{alert}",
                  "location": "path",
                  "required": true,
                  "type": "string"
                }
              },
              "id": "threatintelligence.projects.alerts.get"
            },
            "falsePositive": {
              "response": {
                "$ref": "Alert"
              },
              "parameterOrder": [
                "name"
              ],
              "httpMethod": "POST",
              "description": "Marks an alert as a false positive - FALSE_POSITIVE.",
              "flatPath": "v1beta/projects/{projectsId}/alerts/{alertsId}:falsePositive",
              "request": {
                "$ref": "MarkAlertAsFalsePositiveRequest"
              },
              "scopes": [
                "https://www.googleapis.com/auth/cloud-platform"
              ],
              "parameters": {
                "name": {
                  "type": "string",
                  "description": "Required. Name of the alert to mark as a false positive. Format: projects/{project}/alerts/{alert}",
                  "location": "path",
                  "required": true,
                  "pattern": "^projects/[^/]+/alerts/[^/]+$"
                }
              },
              "path": "v1beta/{+name}:falsePositive",
              "id": "threatintelligence.projects.alerts.falsePositive"
            },
            "resolve": {
              "flatPath": "v1beta/projects/{projectsId}/alerts/{alertsId}:resolve",
              "request": {
                "$ref": "MarkAlertAsResolvedRequest"
              },
              "scopes": [
                "https://www.googleapis.com/auth/cloud-platform"
              ],
              "parameters": {
                "name": {
                  "description": "Required. Name of the alert to mark as resolved. Format: projects/{project}/alerts/{alert}",
                  "location": "path",
                  "required": true,
                  "pattern": "^projects/[^/]+/alerts/[^/]+$",
                  "type": "string"
                }
              },
              "path": "v1beta/{+name}:resolve",
              "id": "threatintelligence.projects.alerts.resolve",
              "response": {
                "$ref": "Alert"
              },
              "parameterOrder": [
                "name"
              ],
              "httpMethod": "POST",
              "description": "Marks an alert to closed state - RESOLVED."
            },
            "notActionable": {
              "response": {
                "$ref": "Alert"
              },
              "parameterOrder": [
                "name"
              ],
              "httpMethod": "POST",
              "description": "Marks an alert as not actionable - NOT_ACTIONABLE.",
              "parameters": {
                "name": {
                  "pattern": "^projects/[^/]+/alerts/[^/]+$",
                  "description": "Required. Name of the alert to mark as a not actionable. Format: projects/{project}/alerts/{alert}",
                  "location": "path",
                  "required": true,
                  "type": "string"
                }
              },
              "flatPath": "v1beta/projects/{projectsId}/alerts/{alertsId}:notActionable",
              "request": {
                "$ref": "MarkAlertAsNotActionableRequest"
              },
              "scopes": [
                "https://www.googleapis.com/auth/cloud-platform"
              ],
              "path": "v1beta/{+name}:notActionable",
              "id": "threatintelligence.projects.alerts.notActionable"
            },
            "benign": {
              "httpMethod": "POST",
              "description": "Marks an alert as benign - BENIGN.",
              "parameterOrder": [
                "name"
              ],
              "response": {
                "$ref": "Alert"
              },
              "id": "threatintelligence.projects.alerts.benign",
              "path": "v1beta/{+name}:benign",
              "parameters": {
                "name": {
                  "pattern": "^projects/[^/]+/alerts/[^/]+$",
                  "description": "Required. Name of the alert to mark as a benign. Format: projects/{project}/alerts/{alert}",
                  "location": "path",
                  "required": true,
                  "type": "string"
                }
              },
              "flatPath": "v1beta/projects/{projectsId}/alerts/{alertsId}:benign",
              "request": {
                "$ref": "MarkAlertAsBenignRequest"
              },
              "scopes": [
                "https://www.googleapis.com/auth/cloud-platform"
              ]
            },
            "list": {
              "parameters": {
                "parent": {
                  "pattern": "^projects/[^/]+$",
                  "description": "Required. Parent of the alerts. Format: projects/{project}",
                  "location": "path",
                  "required": true,
                  "type": "string"
                },
                "filter": {
                  "type": "string",
                  "location": "query",
                  "description": "Optional. Filter criteria. Supported fields for filtering include: * `audit.create_time` * `audit.creator` * `audit.update_time` * `audit.updater` * `detail.data_leak.discovery_document_ids` * `detail.data_leak.severity` * `detail.detail_type` * `detail.initial_access_broker.discovery_document_ids` * `detail.initial_access_broker.severity` * `detail.insider_threat.discovery_document_ids` * `detail.insider_threat.severity` * `finding_count` * `priority_analysis.priority_level` * `relevance_analysis.confidence` * `relevance_analysis.relevance_level` * `relevance_analysis.relevant` * `severity_analysis.severity_level` * `state` Examples: * `detail.detail_type = \"initial_access_broker\"` * `detail.detail_type != \"data_leak\"` * `detail.insider_threat.severity = \"HIGH\"` * `audit.create_time \u003e= \"2026-04-03T00:00:00Z\" AND audit.create_time \u003c \"2026-04-06T00:00:00Z\"` * `state = \"NEW\" OR state = \"TRIAGED\"` * `severity_analysis.severity_level = \"SEVERITY_LEVEL_CRITICAL\"`"
                },
                "pageSize": {
                  "description": "Optional. Page size. Default to 100 alerts per page. Maximum is 1000 alerts per page.",
                  "format": "int32",
                  "location": "query",
                  "type": "integer"
                },
                "pageToken": {
                  "location": "query",
                  "description": "Optional. Page token to retrieve the next page of results.",
                  "type": "string"
                },
                "orderBy": {
                  "description": "Optional. Order by criteria in the csv format: \"field1, field2 desc\" or \"field1, field2\" or \"field1 asc, field2\". If a field is specified without `asc` or `desc`, ascending order is used by default. Supported fields for ordering are identical to those supported for filtering. Examples: * `audit.create_time desc` * `audit.update_time asc` * `audit.create_time desc, severity_analysis.severity_level desc`",
                  "location": "query",
                  "type": "string"
                }
              },
              "flatPath": "v1beta/projects/{projectsId}/alerts",
              "scopes": [
                "https://www.googleapis.com/auth/cloud-platform"
              ],
              "path": "v1beta/{+parent}/alerts",
              "id": "threatintelligence.projects.alerts.list",
              "response": {
                "$ref": "ListAlertsResponse"
              },
              "parameterOrder": [
                "parent"
              ],
              "httpMethod": "GET",
              "description": "Get a list of alerts that meet the filter criteria."
            },
            "enumerateFacets": {
              "parameterOrder": [
                "parent"
              ],
              "httpMethod": "GET",
              "description": "EnumerateAlertFacets returns the facets and the number of alerts that meet the filter criteria and have that value for each facet.",
              "response": {
                "$ref": "EnumerateAlertFacetsResponse"
              },
              "id": "threatintelligence.projects.alerts.enumerateFacets",
              "flatPath": "v1beta/projects/{projectsId}/alerts:enumerateFacets",
              "scopes": [
                "https://www.googleapis.com/auth/cloud-platform"
              ],
              "parameters": {
                "parent": {
                  "pattern": "^projects/[^/]+$",
                  "description": "Required. Parent of the alerts.",
                  "location": "path",
                  "required": true,
                  "type": "string"
                },
                "filter": {
                  "type": "string",
                  "location": "query",
                  "description": "Optional. Filter on what alerts will be enumerated."
                }
              },
              "path": "v1beta/{+parent}/alerts:enumerateFacets"
            },
            "escalate": {
              "id": "threatintelligence.projects.alerts.escalate",
              "path": "v1beta/{+name}:escalate",
              "parameters": {
                "name": {
                  "pattern": "^projects/[^/]+/alerts/[^/]+$",
                  "description": "Required. Name of the alert to mark as escalated. Format: projects/{project}/alerts/{alert}",
                  "location": "path",
                  "required": true,
                  "type": "string"
                }
              },
              "flatPath": "v1beta/projects/{projectsId}/alerts/{alertsId}:escalate",
              "request": {
                "$ref": "MarkAlertAsEscalatedRequest"
              },
              "scopes": [
                "https://www.googleapis.com/auth/cloud-platform"
              ],
              "httpMethod": "POST",
              "description": "Marks an alert as escalated - ESCALATED.",
              "parameterOrder": [
                "name"
              ],
              "response": {
                "$ref": "Alert"
              }
            },
            "trackExternally": {
              "parameterOrder": [
                "name"
              ],
              "httpMethod": "POST",
              "description": "Marks an alert as tracked externally - TRACKED_EXTERNALLY.",
              "response": {
                "$ref": "Alert"
              },
              "id": "threatintelligence.projects.alerts.trackExternally",
              "parameters": {
                "name": {
                  "pattern": "^projects/[^/]+/alerts/[^/]+$",
                  "location": "path",
                  "required": true,
                  "description": "Required. Name of the alert to mark as tracked externally. Format: projects/{project}/alerts/{alert}",
                  "type": "string"
                }
              },
              "flatPath": "v1beta/projects/{projectsId}/alerts/{alertsId}:trackExternally",
              "request": {
                "$ref": "MarkAlertAsTrackedExternallyRequest"
              },
              "scopes": [
                "https://www.googleapis.com/auth/cloud-platform"
              ],
              "path": "v1beta/{+name}:trackExternally"
            },
            "triage": {
              "flatPath": "v1beta/projects/{projectsId}/alerts/{alertsId}:triage",
              "request": {
                "$ref": "MarkAlertAsTriagedRequest"
              },
              "scopes": [
                "https://www.googleapis.com/auth/cloud-platform"
              ],
              "parameters": {
                "name": {
                  "type": "string",
                  "pattern": "^projects/[^/]+/alerts/[^/]+$",
                  "location": "path",
                  "required": true,
                  "description": "Required. Name of the alert to mark as a triaged. Format: projects/{project}/alerts/{alert}"
                }
              },
              "path": "v1beta/{+name}:triage",
              "id": "threatintelligence.projects.alerts.triage",
              "response": {
                "$ref": "Alert"
              },
              "parameterOrder": [
                "name"
              ],
              "httpMethod": "POST",
              "description": "Marks an alert as triaged - TRIAGED."
            },
            "duplicate": {
              "parameters": {
                "name": {
                  "location": "path",
                  "required": true,
                  "description": "Required. Name of the alert to mark as a duplicate. Format: projects/{project}/alerts/{alert}",
                  "pattern": "^projects/[^/]+/alerts/[^/]+$",
                  "type": "string"
                }
              },
              "flatPath": "v1beta/projects/{projectsId}/alerts/{alertsId}:duplicate",
              "request": {
                "$ref": "MarkAlertAsDuplicateRequest"
              },
              "scopes": [
                "https://www.googleapis.com/auth/cloud-platform"
              ],
              "path": "v1beta/{+name}:duplicate",
              "id": "threatintelligence.projects.alerts.duplicate",
              "response": {
                "$ref": "Alert"
              },
              "parameterOrder": [
                "name"
              ],
              "httpMethod": "POST",
              "description": "Marks an alert as a duplicate of another alert. - DUPLICATE."
            },
            "read": {
              "httpMethod": "POST",
              "description": "Marks an alert as read - READ.",
              "parameterOrder": [
                "name"
              ],
              "response": {
                "$ref": "Alert"
              },
              "id": "threatintelligence.projects.alerts.read",
              "path": "v1beta/{+name}:read",
              "flatPath": "v1beta/projects/{projectsId}/alerts/{alertsId}:read",
              "request": {
                "$ref": "MarkAlertAsReadRequest"
              },
              "scopes": [
                "https://www.googleapis.com/auth/cloud-platform"
              ],
              "parameters": {
                "name": {
                  "type": "string",
                  "location": "path",
                  "required": true,
                  "description": "Required. Name of the alert to mark as read. Format: projects/{project}/alerts/{alert}",
                  "pattern": "^projects/[^/]+/alerts/[^/]+$"
                }
              }
            }
          }
        },
        "findings": {
          "methods": {
            "list": {
              "response": {
                "$ref": "ListFindingsResponse"
              },
              "httpMethod": "GET",
              "description": "Get a list of findings that meet the filter criteria. The `parent` field in ListFindingsRequest should have the format: projects/{project}",
              "parameterOrder": [
                "parent"
              ],
              "path": "v1beta/{+parent}/findings",
              "flatPath": "v1beta/projects/{projectsId}/findings",
              "scopes": [
                "https://www.googleapis.com/auth/cloud-platform"
              ],
              "parameters": {
                "orderBy": {
                  "type": "string",
                  "location": "query",
                  "description": "Optional. Order by criteria in the csv format: \"field1,field2 desc\" or \"field1,field2\" or \"field1 asc, field2\"."
                },
                "parent": {
                  "pattern": "^projects/[^/]+$",
                  "location": "path",
                  "required": true,
                  "description": "Required. Parent of the findings.",
                  "type": "string"
                },
                "filter": {
                  "type": "string",
                  "location": "query",
                  "description": "Optional. Filter criteria."
                },
                "pageSize": {
                  "type": "integer",
                  "description": "Optional. Page size.",
                  "format": "int32",
                  "location": "query"
                },
                "pageToken": {
                  "description": "Optional. Page token.",
                  "location": "query",
                  "type": "string"
                }
              },
              "id": "threatintelligence.projects.findings.list"
            },
            "search": {
              "response": {
                "$ref": "SearchFindingsResponse"
              },
              "httpMethod": "GET",
              "description": "SearchFindings is a more powerful version of ListFindings that supports complex queries like \"findings for alerts\" using functions such as `has_alert` in the query string. The `parent` field in SearchFindingsRequest should have the format: projects/{project} Example to search for findings for a specific issue: `has_alert(\"name=\\\"projects/gti-12345/alerts/alert-12345\\\"\")`",
              "parameterOrder": [
                "parent"
              ],
              "path": "v1beta/{+parent}/findings:search",
              "parameters": {
                "pageSize": {
                  "location": "query",
                  "description": "Optional. Page size.",
                  "format": "int32",
                  "type": "integer"
                },
                "parent": {
                  "pattern": "^projects/[^/]+$",
                  "location": "path",
                  "required": true,
                  "description": "Required. Parent of the findings. Format: vaults/{vault}",
                  "type": "string"
                },
                "query": {
                  "description": "Optional. Query on what findings will be returned. This supports the same filter criteria as FindingService.ListFindings as well as the following relationship query `has_alert`. Example: - `has_alert(\"name=\\\"projects/gti-12345/alerts/alert-12345\\\"\")`",
                  "location": "query",
                  "type": "string"
                },
                "pageToken": {
                  "description": "Optional. Page token.",
                  "location": "query",
                  "type": "string"
                },
                "orderBy": {
                  "type": "string",
                  "description": "Optional. Order by criteria in the csv format: \"field1,field2 desc\" or \"field1,field2\" or \"field1 asc, field2\".",
                  "location": "query"
                }
              },
              "flatPath": "v1beta/projects/{projectsId}/findings:search",
              "scopes": [
                "https://www.googleapis.com/auth/cloud-platform"
              ],
              "id": "threatintelligence.projects.findings.search"
            },
            "get": {
              "id": "threatintelligence.projects.findings.get",
              "path": "v1beta/{+name}",
              "flatPath": "v1beta/projects/{projectsId}/findings/{findingsId}",
              "scopes": [
                "https://www.googleapis.com/auth/cloud-platform"
              ],
              "parameters": {
                "name": {
                  "pattern": "^projects/[^/]+/findings/[^/]+$",
                  "description": "Required. Name of the finding to get.",
                  "location": "path",
                  "required": true,
                  "type": "string"
                }
              },
              "httpMethod": "GET",
              "description": "Get a finding by name. The `name` field should have the format: `projects/{project}/findings/{finding}`",
              "parameterOrder": [
                "name"
              ],
              "response": {
                "$ref": "Finding"
              }
            }
          }
        }
      }
    }
  },
  "ownerDomain": "google.com",
  "documentationLink": "https://docs.cloud.google.com/threatintelligence/",
  "servicePath": "",
  "title": "Threat Intelligence API",
  "endpoints": [
    {
      "endpointUrl": "https://threatintelligence.us-central1.rep.googleapis.com/",
      "location": "us-central1",
      "description": "Regional Endpoint"
    }
  ],
  "protocol": "rest",
  "description": "threatintelligence.googleapis.com API.",
  "canonicalName": "Threat Intelligence Service",
  "id": "threatintelligence:v1beta",
  "version": "v1beta",
  "kind": "discovery#restDescription",
  "discoveryVersion": "v1",
  "name": "threatintelligence",
  "parameters": {
    "callback": {
      "type": "string",
      "location": "query",
      "description": "JSONP"
    },
    "key": {
      "location": "query",
      "description": "API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.",
      "type": "string"
    },
    "uploadType": {
      "location": "query",
      "description": "Legacy upload protocol for media (e.g. \"media\", \"multipart\").",
      "type": "string"
    },
    "alt": {
      "type": "string",
      "default": "json",
      "enum": [
        "json",
        "media",
        "proto"
      ],
      "enumDescriptions": [
        "Responses with Content-Type of application/json",
        "Media download with context-dependent Content-Type",
        "Responses with Content-Type of application/x-protobuf"
      ],
      "location": "query",
      "description": "Data format for response."
    },
    "quotaUser": {
      "type": "string",
      "location": "query",
      "description": "Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters."
    },
    "oauth_token": {
      "type": "string",
      "description": "OAuth 2.0 token for the current user.",
      "location": "query"
    },
    "access_token": {
      "type": "string",
      "description": "OAuth access token.",
      "location": "query"
    },
    "fields": {
      "description": "Selector specifying which fields to include in a partial response.",
      "location": "query",
      "type": "string"
    },
    "$.xgafv": {
      "location": "query",
      "description": "V1 error format.",
      "enum": [
        "1",
        "2"
      ],
      "enumDescriptions": [
        "v1 error format",
        "v2 error format"
      ],
      "type": "string"
    },
    "prettyPrint": {
      "description": "Returns response with indentations and line breaks.",
      "default": "true",
      "location": "query",
      "type": "boolean"
    },
    "upload_protocol": {
      "type": "string",
      "location": "query",
      "description": "Upload protocol for media (e.g. \"raw\", \"multipart\")."
    }
  },
  "revision": "20260628",
  "version_module": true,
  "batchPath": "batch",
  "icons": {
    "x16": "http://www.google.com/images/icons/product/search-16.gif",
    "x32": "http://www.google.com/images/icons/product/search-32.gif"
  },
  "mtlsRootUrl": "https://threatintelligence.mtls.googleapis.com/",
  "fullyEncodeReservedExpansion": true,
  "ownerName": "Google",
  "schemas": {
    "TechnologyWatchListAlertThreshold": {
      "description": "TechnologyWatchListAlertThreshold contains the thresholds for alerting.",
      "id": "TechnologyWatchListAlertThreshold",
      "type": "object",
      "properties": {
        "riskRatingMinimum": {
          "type": "string",
          "enumDescriptions": [
            "Unspecified risk rating. This is the default value when the risk rating is not set.",
            "Low risk rating.",
            "Medium risk rating.",
            "High risk rating.",
            "Critical risk rating.",
            "The vulnerability has been assessed, but a specific risk rating could not be determined or assigned."
          ],
          "enum": [
            "RISK_RATING_UNSPECIFIED",
            "LOW",
            "MEDIUM",
            "HIGH",
            "CRITICAL",
            "UNRATED"
          ],
          "description": "Optional. The minimum risk rating for the alert."
        },
        "cvssScoreMinimum": {
          "type": "number",
          "description": "Optional. The minimum CVSS score for the alert. Evaluates to CVSS v3 when available with a fallback to v2 and v4. Ex: 7.0. Valid range is [0.0, 10.0].",
          "format": "float"
        },
        "epssScoreMinimum": {
          "description": "Optional. The minimum epss score for the alert. Ex: 0.8. Valid range is [0.0, 1.0].",
          "format": "float",
          "type": "number"
        },
        "exploitationStates": {
          "items": {
            "enumDescriptions": [
              "Unspecified exploitation state.",
              "No known exploitation.",
              "Exploitation has been reported.",
              "Exploitation is suspected.",
              "Exploitation is confirmed.",
              "Widespread exploitation."
            ],
            "enum": [
              "EXPLOITATION_STATE_UNSPECIFIED",
              "EXPLOITATION_STATE_NO_KNOWN",
              "EXPLOITATION_STATE_REPORTED",
              "EXPLOITATION_STATE_SUSPECTED",
              "EXPLOITATION_STATE_CONFIRMED",
              "EXPLOITATION_STATE_WIDESPREAD"
            ],
            "type": "string"
          },
          "description": "Optional. The exploitation states of the alert.",
          "type": "array"
        },
        "priorityMinimum": {
          "enumDescriptions": [
            "Unspecified priority.",
            "Priority level 0.",
            "Priority level 1.",
            "Priority level 2.",
            "Priority level 3.",
            "Priority level 4."
          ],
          "enum": [
            "PRIORITY_UNSPECIFIED",
            "P0",
            "P1",
            "P2",
            "P3",
            "P4"
          ],
          "type": "string",
          "description": "Optional. The minimum priority for the alert."
        }
      }
    },
    "Facet": {
      "description": "Facet represents a sub element of a resource for filtering. The results from this method are used to populate the filterable facets in the UI.",
      "properties": {
        "facetType": {
          "description": "The type of the facet. Options include \"string\", \"int\", \"float\", \"bool\", \"enum\", \"timestamp\", \"user\" and are useful to show the right sort of UI controls when building a AIP-160 style filtering string.",
          "type": "string"
        },
        "minValue": {
          "description": "Min value of the facet stringified based on type. This is only populated for facets that have a clear ordering, for types like enum it will be left empty. Timestamps will be formatted using RFC3339.",
          "type": "string"
        },
        "totalCount": {
          "description": "Total number of records that contain this facet with ANY value.",
          "format": "int64",
          "type": "string"
        },
        "facet": {
          "description": "Name of the facet. This is also the string that needs to be used in the filtering expression.",
          "type": "string"
        },
        "maxValue": {
          "description": "Max value of the facet stringified based on type. Will be populated and formatted the same as min_value.",
          "type": "string"
        },
        "facetCounts": {
          "type": "array",
          "description": "List of counts for the facet (if categorical).",
          "items": {
            "$ref": "FacetCount"
          }
        }
      },
      "id": "Facet",
      "type": "object"
    },
    "SearchFindingsResponse": {
      "id": "SearchFindingsResponse",
      "type": "object",
      "properties": {
        "findings": {
          "items": {
            "$ref": "Finding"
          },
          "description": "List of findings.",
          "type": "array"
        },
        "nextPageToken": {
          "description": "Page token.",
          "type": "string"
        }
      },
      "description": "Response message for SearchFindings."
    },
    "MarkAlertAsReadRequest": {
      "properties": {},
      "id": "MarkAlertAsReadRequest",
      "type": "object",
      "description": "Request message for MarkAlertAsRead."
    },
    "CustomerProfileCitedString": {
      "description": "A string with citation ids.",
      "properties": {
        "value": {
          "description": "Required. The value of the string.",
          "type": "string"
        },
        "citationIds": {
          "items": {
            "type": "string"
          },
          "description": "Optional. The citation ids for the string.",
          "type": "array"
        }
      },
      "id": "CustomerProfileCitedString",
      "type": "object"
    },
    "TargetTechnologyAlertDetail": {
      "description": "Contains details for a technology watchlist alert.",
      "properties": {
        "vulnerabilityMatch": {
          "description": "Optional. The vulnerability match details.",
          "$ref": "VulnerabilityMatch"
        }
      },
      "id": "TargetTechnologyAlertDetail",
      "type": "object"
    },
    "TargetTechnologyFindingDetail": {
      "description": "Contains details for a technology watchlist finding.",
      "properties": {
        "vulnerabilityMatch": {
          "description": "Optional. The vulnerability match details.",
          "$ref": "VulnerabilityMatch"
        }
      },
      "id": "TargetTechnologyFindingDetail",
      "type": "object"
    },
    "Association": {
      "description": "Represents an association with a vulnerability.",
      "properties": {
        "id": {
          "description": "Required. The ID of the association.",
          "type": "string"
        },
        "type": {
          "description": "Required. The type of the association.",
          "enumDescriptions": [
            "Unspecified object type.",
            "Threat actor object type.",
            "Malware object type.",
            "Report object type.",
            "Campaign object type.",
            "IoC Collection object type.",
            "Software and toolkits object type.",
            "Vulnerability object type."
          ],
          "enum": [
            "THREAT_INTEL_OBJECT_TYPE_UNSPECIFIED",
            "THREAT_INTEL_OBJECT_TYPE_THREAT_ACTOR",
            "THREAT_INTEL_OBJECT_TYPE_MALWARE",
            "THREAT_INTEL_OBJECT_TYPE_REPORT",
            "THREAT_INTEL_OBJECT_TYPE_CAMPAIGN",
            "THREAT_INTEL_OBJECT_TYPE_IOC_COLLECTION",
            "THREAT_INTEL_OBJECT_TYPE_SOFTWARE_AND_TOOLKITS",
            "THREAT_INTEL_OBJECT_TYPE_VULNERABILITY"
          ],
          "type": "string"
        }
      },
      "id": "Association",
      "type": "object"
    },
    "DataLeakAlertDetail": {
      "description": "Captures the specific details of Data Leak alert.",
      "properties": {
        "discoveryDocumentIds": {
          "description": "Required. Array of ids to accommodate multiple discovery documents",
          "items": {
            "type": "string"
          },
          "type": "array"
        },
        "severity": {
          "description": "Required. The severity of the Data Leak alert. Allowed values are: * `LOW` * `MEDIUM` * `HIGH` * `CRITICAL`",
          "type": "string"
        }
      },
      "id": "DataLeakAlertDetail",
      "type": "object"
    },
    "GenerateOrgProfileConfigurationRequest": {
      "id": "GenerateOrgProfileConfigurationRequest",
      "type": "object",
      "properties": {
        "domain": {
          "description": "Required. The domain of the organization to generate the profile for.",
          "type": "string"
        },
        "displayName": {
          "description": "Required. The display name of the organization to generate the profile for.",
          "type": "string"
        }
      },
      "description": "Request message for GenerateOrgProfileConfiguration."
    },
    "MarkAlertAsBenignRequest": {
      "description": "Request message for MarkAlertAsBenign.",
      "id": "MarkAlertAsBenignRequest",
      "type": "object",
      "properties": {}
    },
    "EnumerateAlertFacetsResponse": {
      "description": "Response message for EnumerateAlertFacets.",
      "properties": {
        "facets": {
          "type": "array",
          "items": {
            "$ref": "Facet"
          },
          "description": "List of facets and the counts."
        }
      },
      "id": "EnumerateAlertFacetsResponse",
      "type": "object"
    },
    "PublicExploit": {
      "description": "Contains details about a public exploit.",
      "properties": {
        "sizeBytes": {
          "type": "string",
          "description": "Optional. The size of the exploit.",
          "format": "int64"
        },
        "releaseTime": {
          "description": "Optional. The release time of the exploit.",
          "format": "google-datetime",
          "type": "string"
        },
        "exploitGrade": {
          "description": "Optional. The grade of the exploit. Ex: \"non-weaponized\".",
          "enumDescriptions": [
            "Unspecified exploit grade.",
            "Unevaluated exploit grade.",
            "Proof-of-concept exploit grade.",
            "Non-weaponized exploit grade.",
            "Weaponized exploit grade.",
            "Scanner exploit grade.",
            "Fake exploit grade."
          ],
          "enum": [
            "EXPLOIT_GRADE_UNSPECIFIED",
            "UNEVALUATED",
            "PROOF_OF_CONCEPT",
            "NON_WEAPONIZED",
            "WEAPONIZED",
            "SCANNER",
            "FAKE"
          ],
          "type": "string"
        },
        "uri": {
          "description": "Optional. The URI of the exploit.",
          "type": "string"
        },
        "exploitReliability": {
          "description": "Optional. The reliability of the exploit. Ex: \"Unreviewed\".",
          "enumDescriptions": [
            "Unspecified exploit reliability.",
            "Confirmed exploit reliability.",
            "Uncorroborated exploit reliability.",
            "Unconfirmed exploit reliability."
          ],
          "enum": [
            "EXPLOIT_RELIABILITY_UNSPECIFIED",
            "UNREVIEWED",
            "REVIEWED",
            "TESTED"
          ],
          "type": "string"
        },
        "exploitName": {
          "description": "Required. The name of the exploit. Ex: \"Magentounauth.php.txt\".",
          "type": "string"
        }
      },
      "id": "PublicExploit",
      "type": "object"
    },
    "ListAlertsResponse": {
      "id": "ListAlertsResponse",
      "type": "object",
      "properties": {
        "nextPageToken": {
          "description": "Page token.",
          "type": "string"
        },
        "alerts": {
          "type": "array",
          "items": {
            "$ref": "Alert"
          },
          "description": "List of alerts."
        }
      },
      "description": "Response message for ListAlerts."
    },
    "CustomerProfileCitation": {
      "id": "CustomerProfileCitation",
      "type": "object",
      "properties": {
        "document": {
          "description": "Required. The name of the document the citation is from.",
          "type": "string"
        },
        "retrievalTime": {
          "description": "The time the citation was retrieved.",
          "format": "google-datetime",
          "type": "string"
        },
        "citationId": {
          "description": "Required. The citation id for the citation. Should be unique within the profile.",
          "type": "string"
        },
        "uri": {
          "description": "Optional. The url of the citation.",
          "type": "string"
        },
        "source": {
          "description": "Required. The source of the citation.",
          "type": "string"
        }
      },
      "description": "Citation information for the customer profile."
    },
    "UpsertConfigurationResponse": {
      "description": "Response message for UpsertConfiguration.",
      "id": "UpsertConfigurationResponse",
      "type": "object",
      "properties": {
        "configuration": {
          "type": "string",
          "description": "Output only. Created configuration ID with server assigned id.",
          "readOnly": true
        }
      }
    },
    "Alert": {
      "id": "Alert",
      "type": "object",
      "properties": {
        "detail": {
          "$ref": "AlertDetail",
          "description": "Output only. Details object for the alert, not all alerts will have a details object.",
          "readOnly": true
        },
        "priorityAnalysis": {
          "description": "Output only. High-Precision Priority Analysis for the alert.",
          "readOnly": true,
          "$ref": "PriorityAnalysis"
        },
        "audit": {
          "description": "Output only. Audit information for the alert.",
          "readOnly": true,
          "$ref": "Audit"
        },
        "displayName": {
          "type": "string",
          "description": "Output only. A short title for the alert.",
          "readOnly": true
        },
        "duplicatedBy": {
          "type": "array",
          "description": "Output only. alert names of the alerts that are duplicates of this alert. Format: projects/{project}/alerts/{alert}",
          "readOnly": true,
          "items": {
            "type": "string"
          }
        },
        "etag": {
          "description": "Optional. If included when updating an alert, this should be set to the current etag of the alert. If the etags do not match, the update will be rejected and an ABORTED error will be returned.",
          "type": "string"
        },
        "relevanceAnalysis": {
          "description": "Output only. High-Precision Relevance Analysis verdict for the alert.",
          "readOnly": true,
          "$ref": "RelevanceAnalysis"
        },
        "state": {
          "enumDescriptions": [
            "Default value, should never be set.",
            "alert is new.",
            "alert was read by a human.",
            "alert has been triaged.",
            "alert has been escalated.",
            "alert has been resolved.",
            "alert is a duplicate of another alert.",
            "alert is a false positive and should be ignored.",
            "alert is not actionable.",
            "alert is benign.",
            "alert is tracked externally."
          ],
          "enum": [
            "STATE_UNSPECIFIED",
            "NEW",
            "READ",
            "TRIAGED",
            "ESCALATED",
            "RESOLVED",
            "DUPLICATE",
            "FALSE_POSITIVE",
            "NOT_ACTIONABLE",
            "BENIGN",
            "TRACKED_EXTERNALLY"
          ],
          "description": "Output only. State of the alert.",
          "readOnly": true,
          "type": "string"
        },
        "findingCount": {
          "type": "string",
          "description": "Output only. The number of findings associated with this alert.",
          "readOnly": true,
          "format": "int64"
        },
        "externalId": {
          "description": "Output only. External ID for the alert. This is used internally to provide protection against out of order updates.",
          "readOnly": true,
          "type": "string"
        },
        "configurations": {
          "items": {
            "type": "string"
          },
          "description": "Output only. The resource names of the Configurations bound to this alert. Format: projects/{project}/configurations/{configuration}",
          "readOnly": true,
          "type": "array"
        },
        "severityAnalysis": {
          "description": "Output only. High-Precision Severity Analysis for the alert.",
          "readOnly": true,
          "$ref": "SeverityAnalysis"
        },
        "findings": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "Output only. Findings that are covered by this alert.",
          "readOnly": true
        },
        "aiSummary": {
          "description": "Optional. AI summary of the alert.",
          "type": "string"
        },
        "duplicateOf": {
          "type": "string",
          "description": "Output only. alert name of the alert this alert is a duplicate of. Format: projects/{project}/alerts/{alert}",
          "readOnly": true
        },
        "name": {
          "description": "Identifier. Server generated name for the alert. format is projects/{project}/alerts/{alert}",
          "type": "string"
        }
      },
      "description": "Stateful object representing a group of Findings. Key feature to an Alert is that it expresses the user's intent towards the findings of that group, even those that haven't occurred yet."
    },
    "CustomerProfileSummary": {
      "id": "CustomerProfileSummary",
      "type": "object",
      "properties": {
        "brands": {
          "description": "Optional. A narrative summary of brands.",
          "$ref": "CustomerProfileCitedString"
        },
        "founded": {
          "description": "Optional. The date the customer was founded.",
          "$ref": "CustomerProfileCitedString"
        },
        "servicesSummary": {
          "description": "Optional. A narrative summary of services.",
          "$ref": "CustomerProfileCitedString"
        },
        "areaServed": {
          "description": "Optional. The area the customer serves.",
          "$ref": "CustomerProfileCitedString"
        },
        "headquarters": {
          "description": "Optional. The headquarters of the customer.",
          "$ref": "CustomerProfileCitedString"
        },
        "entityType": {
          "description": "Optional. The entity type of the customer.",
          "$ref": "CustomerProfileCitedString"
        },
        "industry": {
          "description": "Optional. The industry the customer is in.",
          "$ref": "CustomerProfileCitedString"
        },
        "productsSummary": {
          "description": "Optional. A narrative summary of products.",
          "$ref": "CustomerProfileCitedString"
        },
        "title": {
          "description": "Optional. The official name of the customer.",
          "$ref": "CustomerProfileCitedString"
        },
        "primaryWebsite": {
          "description": "Optional. The primary website of the customer.",
          "$ref": "CustomerProfileCitedString"
        },
        "keyPeopleSummary": {
          "description": "Optional. A narrative summary of key people.",
          "$ref": "CustomerProfileCitedString"
        },
        "parentCompany": {
          "description": "Optional. The parent company of the customer.",
          "$ref": "CustomerProfileCitedString"
        }
      },
      "description": "A summarized version of the customer profile. Generated by the backend."
    },
    "SeverityAnalysis": {
      "properties": {
        "reasoning": {
          "description": "Human-readable explanation from the model, detailing why a particular result is considered to have a certain severity.",
          "type": "string"
        },
        "severityLevel": {
          "type": "string",
          "enumDescriptions": [
            "Default value, should never be set.",
            "Low Severity.",
            "Medium Severity.",
            "High Severity."
          ],
          "enum": [
            "SEVERITY_LEVEL_UNSPECIFIED",
            "SEVERITY_LEVEL_LOW",
            "SEVERITY_LEVEL_MEDIUM",
            "SEVERITY_LEVEL_HIGH"
          ],
          "description": "The level of severity."
        },
        "confidence": {
          "type": "string",
          "enumDescriptions": [
            "Default value. Confidence level is not specified.",
            "Low confidence in the verdict.",
            "Medium confidence in the verdict.",
            "High confidence in the verdict."
          ],
          "enum": [
            "CONFIDENCE_LEVEL_UNSPECIFIED",
            "CONFIDENCE_LEVEL_LOW",
            "CONFIDENCE_LEVEL_MEDIUM",
            "CONFIDENCE_LEVEL_HIGH"
          ],
          "description": "The level of confidence in the given verdict."
        }
      },
      "id": "SeverityAnalysis",
      "type": "object",
      "description": "Structured severity analysis for a threat."
    },
    "Configuration": {
      "description": "A configuration represents a behavior an engine should follow when producing new findings.",
      "properties": {
        "etag": {
          "description": "If included when updating a configuration, this should be set to the current etag of the configuration. If the etags do not match, the update will be rejected and an ABORTED error will be returned.",
          "type": "string"
        },
        "state": {
          "description": "Optional. State of the configuration.",
          "enumDescriptions": [
            "Configuration state is unspecified. This is not expected to occur.",
            "Configuration is enabled for the customer.",
            "Configuration is disabled for the customer.",
            "Configuration is deprecated, no new configs are allowed to be created."
          ],
          "enum": [
            "STATE_UNSPECIFIED",
            "ENABLED",
            "DISABLED",
            "DEPRECATED"
          ],
          "type": "string"
        },
        "version": {
          "description": "Optional. A user-manipulatable version. Does not adhere to a specific format",
          "type": "string"
        },
        "name": {
          "description": "Identifier. Server generated name for the configuration. format is projects/{project}/configurations/{configuration}",
          "type": "string"
        },
        "detail": {
          "description": "Required. Domain specific details for the configuration.",
          "$ref": "ConfigurationDetail"
        },
        "provider": {
          "description": "Required. Name of the service that provides the configuration.",
          "type": "string"
        },
        "displayName": {
          "description": "Output only. Human readable name for the configuration.",
          "readOnly": true,
          "type": "string"
        },
        "audit": {
          "$ref": "Audit",
          "description": "Output only. Audit information for the configuration.",
          "readOnly": true
        },
        "description": {
          "description": "Optional. A description of the configuration.",
          "type": "string"
        }
      },
      "id": "Configuration",
      "type": "object"
    },
    "MarkAlertAsDuplicateRequest": {
      "description": "Request message for MarkAlertAsDuplicate.",
      "id": "MarkAlertAsDuplicateRequest",
      "type": "object",
      "properties": {
        "duplicateOf": {
          "description": "Optional. Name of the alert to mark as a duplicate of. Format: projects/{project}/alerts/{alert}",
          "type": "string"
        }
      }
    },
    "ListConfigurationsResponse": {
      "description": "Response message for ListConfigurations.",
      "id": "ListConfigurationsResponse",
      "type": "object",
      "properties": {
        "nextPageToken": {
          "description": "Page token.",
          "type": "string"
        },
        "configurations": {
          "description": "List of configurations.",
          "items": {
            "$ref": "Configuration"
          },
          "type": "array"
        }
      }
    },
    "MarkAlertAsTrackedExternallyRequest": {
      "description": "Request message for MarkAlertAsTrackedExternally.",
      "properties": {},
      "id": "MarkAlertAsTrackedExternallyRequest",
      "type": "object"
    },
    "InsiderThreatFindingDetail": {
      "properties": {
        "severity": {
          "description": "Required. The severity of the InsiderThreat finding. This indicates the potential impact of the threat.",
          "enumDescriptions": [
            "Default value, should never be set.",
            "Low severity.",
            "Medium severity.",
            "High severity.",
            "Critical severity."
          ],
          "enum": [
            "SEVERITY_UNSPECIFIED",
            "LOW",
            "MEDIUM",
            "HIGH",
            "CRITICAL"
          ],
          "type": "string"
        },
        "matchScore": {
          "type": "number",
          "description": "Required. Reference to the match score of the InsiderThreat finding. This is a float value greater than 0 and less than or equal to 1 calculated by the matching engine based on the similarity of the document and the user provided configurations.",
          "format": "float"
        },
        "documentId": {
          "description": "Required. The unique identifier of the document that triggered the InsiderThreat finding. This ID can be used to retrieve the content of the document for further analysis.",
          "type": "string"
        }
      },
      "id": "InsiderThreatFindingDetail",
      "type": "object",
      "description": "A detail object for a InsiderThreat finding."
    },
    "CustomerProfileCompany": {
      "properties": {
        "company": {
          "description": "Required. The name of the company.",
          "type": "string"
        },
        "citationIds": {
          "description": "Optional. The citation ids for the company.",
          "items": {
            "type": "string"
          },
          "type": "array"
        }
      },
      "id": "CustomerProfileCompany",
      "type": "object",
      "description": "Company information for the customer profile."
    },
    "MarkAlertAsEscalatedRequest": {
      "description": "Request message for MarkAlertAsEscalated.",
      "properties": {},
      "id": "MarkAlertAsEscalatedRequest",
      "type": "object"
    },
    "MarkAlertAsTriagedRequest": {
      "properties": {},
      "id": "MarkAlertAsTriagedRequest",
      "type": "object",
      "description": "Request message for MarkAlertAsTriaged."
    },
    "CustomerProfileConfig": {
      "id": "CustomerProfileConfig",
      "type": "object",
      "properties": {
        "parentCompanies": {
          "type": "array",
          "description": "Optional. The parent companies of the organization.",
          "items": {
            "$ref": "CustomerProfileCompany"
          }
        },
        "executives": {
          "description": "Optional. Executives of the organization.",
          "items": {
            "$ref": "CustomerProfilePerson"
          },
          "type": "array"
        },
        "summary": {
          "description": "Optional. A summarized version of the customer profile.",
          "$ref": "CustomerProfileSummary"
        },
        "industries": {
          "type": "array",
          "items": {
            "$ref": "CustomerProfileIndustry"
          },
          "description": "Optional. The industries the organization is involved in."
        },
        "technologyPresence": {
          "description": "Optional. Technology presence of the organization.",
          "type": "string"
        },
        "securityConsiderations": {
          "description": "Optional. Security considerations for the organization.",
          "$ref": "CustomerProfileSecurityConsiderations"
        },
        "webPresences": {
          "type": "array",
          "items": {
            "$ref": "CustomerProfileWebPresence"
          },
          "description": "Optional. Web presence of the organization."
        },
        "orgSummary": {
          "description": "Optional. A summary of the organization.",
          "type": "string"
        },
        "org": {
          "description": "Required. The name of the organization.",
          "type": "string"
        },
        "products": {
          "description": "Optional. Product information for the organization.",
          "items": {
            "$ref": "CustomerProfileProduct"
          },
          "type": "array"
        },
        "citations": {
          "description": "Optional. Citations for the organization profile.",
          "items": {
            "$ref": "CustomerProfileCitation"
          },
          "type": "array"
        },
        "locations": {
          "description": "Optional. Locations the organization is present or conducts business in.",
          "items": {
            "$ref": "CustomerProfileLocation"
          },
          "type": "array"
        },
        "contactInfo": {
          "items": {
            "$ref": "CustomerProfileContactInfo"
          },
          "description": "Optional. Contact information for the organization.",
          "type": "array"
        }
      },
      "description": "CustomerProfileConfig is the configuration for the customer profile."
    },
    "MarkAlertAsNotActionableRequest": {
      "description": "Request message for MarkAlertAsNotActionable.",
      "id": "MarkAlertAsNotActionableRequest",
      "type": "object",
      "properties": {}
    },
    "CustomerProfileSecurityConsiderations": {
      "description": "Security considerations for the customer profile.",
      "properties": {
        "note": {
          "description": "Optional. A note about the security considerations.",
          "type": "string"
        },
        "considerations": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "Optional. A series of considerations for the security of the organization, such as \"high risk of compromise\" or \"vulnerable to cyberbullying\"."
        }
      },
      "id": "CustomerProfileSecurityConsiderations",
      "type": "object"
    },
    "AlertDocument": {
      "properties": {
        "createTime": {
          "type": "string",
          "description": "Output only. The timestamp of the original external publication of the document.",
          "readOnly": true,
          "format": "google-datetime"
        },
        "title": {
          "description": "Output only. The title of the document, if available.",
          "readOnly": true,
          "type": "string"
        },
        "collectionTime": {
          "type": "string",
          "description": "Output only. Time when the origin source collected the intel.",
          "readOnly": true,
          "format": "google-datetime"
        },
        "source": {
          "type": "string",
          "description": "Output only. Source of the intel item, e.g. DarkMarket.",
          "readOnly": true
        },
        "ingestTime": {
          "description": "Output only. Time when GTI received the intel.",
          "readOnly": true,
          "format": "google-datetime",
          "type": "string"
        },
        "sourceUri": {
          "type": "string",
          "description": "Output only. URI of the intel item from the source.",
          "readOnly": true
        },
        "sourceUpdateTime": {
          "type": "string",
          "description": "Output only. Time when the intel was last updated by the source.",
          "readOnly": true,
          "format": "google-datetime"
        },
        "content": {
          "description": "Output only. The content of the document.",
          "readOnly": true,
          "type": "string"
        },
        "languageCode": {
          "type": "string",
          "description": "Output only. The language code of the document.",
          "readOnly": true
        },
        "aiSummary": {
          "type": "string",
          "description": "Output only. AI summary of the document.",
          "readOnly": true
        },
        "translation": {
          "$ref": "AlertDocumentTranslation",
          "description": "Output only. The translation of the document, if available.",
          "readOnly": true
        },
        "name": {
          "description": "Identifier. Server generated name for the alert document. format is projects/{project}/alerts/{alert}/documents/{document}",
          "type": "string"
        },
        "author": {
          "description": "Output only. The author of the document.",
          "readOnly": true,
          "type": "string"
        }
      },
      "id": "AlertDocument",
      "type": "object",
      "description": "A document that is associated with an alert."
    },
    "Audit": {
      "description": "Tracks basic CRUD facts.",
      "properties": {
        "createTime": {
          "type": "string",
          "description": "Output only. Time of creation.",
          "readOnly": true,
          "format": "google-datetime"
        },
        "updateTime": {
          "description": "Output only. Time of creation or last update.",
          "readOnly": true,
          "format": "google-datetime",
          "type": "string"
        },
        "creator": {
          "description": "Output only. Agent that created or updated the record, could be a UserId or a JobId.",
          "readOnly": true,
          "type": "string"
        },
        "updater": {
          "description": "Output only. Agent that last updated the record, could be a UserId or a JobId.",
          "readOnly": true,
          "type": "string"
        }
      },
      "id": "Audit",
      "type": "object"
    },
    "AlertDocumentTranslation": {
      "description": "The translation of an alert document.",
      "id": "AlertDocumentTranslation",
      "type": "object",
      "properties": {
        "translatedTitle": {
          "description": "Output only. The translated title of the document.",
          "readOnly": true,
          "type": "string"
        },
        "translatedContent": {
          "type": "string",
          "description": "Output only. The translated content of the document.",
          "readOnly": true
        }
      }
    },
    "Finding": {
      "description": "A ‘stateless’ and a point in time event that a check produced a result of interest.",
      "properties": {
        "reoccurrenceTimes": {
          "type": "array",
          "items": {
            "type": "string",
            "format": "google-datetime"
          },
          "description": "Output only. When identical finding (same labels and same details) has re-occurred.",
          "readOnly": true
        },
        "name": {
          "description": "Identifier. Server generated name for the finding (leave clear during creation). Format: projects/{project}/findings/{finding}",
          "type": "string"
        },
        "relevanceAnalysis": {
          "$ref": "RelevanceAnalysis",
          "description": "Output only. High-Precision Relevance Analysis verdict for the finding.",
          "readOnly": true
        },
        "displayName": {
          "description": "Required. A short descriptive title for the finding \u003c= 250 chars. EX: \"Actor 'baddy' offering $1000 for credentials of 'goodguy'\".",
          "type": "string"
        },
        "audit": {
          "$ref": "Audit",
          "description": "Output only. Audit data about the finding.",
          "readOnly": true
        },
        "provider": {
          "description": "Required. Logical source of this finding (name of the sub-engine).",
          "type": "string"
        },
        "severityAnalysis": {
          "$ref": "SeverityAnalysis",
          "description": "Output only. High-Precision Severity Analysis verdict for the finding.",
          "readOnly": true
        },
        "severity": {
          "description": "Optional. Deprecated: Use the `severity_analysis` field instead. Base severity score from the finding source.",
          "format": "float",
          "deprecated": true,
          "type": "number"
        },
        "aiSummary": {
          "description": "Optional. AI summary of the finding.",
          "type": "string"
        },
        "alert": {
          "description": "Optional. Name of the alert that this finding is bound to.",
          "type": "string"
        },
        "configurations": {
          "description": "Optional. Configuration names that are bound to this finding.",
          "items": {
            "type": "string"
          },
          "type": "array"
        },
        "detail": {
          "description": "Required. Holder of the domain specific details of the finding.",
          "$ref": "FindingDetail"
        }
      },
      "id": "Finding",
      "type": "object"
    },
    "FindingDetail": {
      "description": "Wrapper class that contains the union struct for all the various findings detail specific classes.",
      "id": "FindingDetail",
      "type": "object",
      "properties": {
        "detailType": {
          "description": "Output only. Name of the detail type. Will be set by the server during creation to the name of the field that is set in the detail union.",
          "readOnly": true,
          "type": "string"
        },
        "insiderThreat": {
          "description": "Insider Threat finding detail type.",
          "$ref": "InsiderThreatFindingDetail"
        },
        "initialAccessBroker": {
          "description": "Initial Access Broker finding detail type.",
          "$ref": "InitialAccessBrokerFindingDetail"
        },
        "targetTechnology": {
          "description": "Technology Watchlist finding detail type.",
          "$ref": "TargetTechnologyFindingDetail"
        },
        "dataLeak": {
          "description": "Data Leak finding detail type.",
          "$ref": "DataLeakFindingDetail"
        }
      }
    },
    "ProductFix": {
      "id": "ProductFix",
      "type": "object",
      "properties": {
        "publishTime": {
          "type": "string",
          "description": "Optional. The published time of the fix.",
          "format": "google-datetime"
        },
        "displayName": {
          "description": "Required. The name of the fix. Ex: \"Magento\".",
          "type": "string"
        },
        "uri": {
          "description": "Optional. The URI of the fix.",
          "type": "string"
        },
        "sourceId": {
          "description": "Required. The source ID of the fix. Ex: \"APPSEC-1420\".",
          "type": "string"
        }
      },
      "description": "Contains details about a product fix."
    },
    "MarkAlertAsFalsePositiveRequest": {
      "id": "MarkAlertAsFalsePositiveRequest",
      "type": "object",
      "properties": {},
      "description": "Request message for MarkAlertAsFalsePositive."
    },
    "CustomerProfileIndustry": {
      "description": "Industry information for the customer profile.",
      "properties": {
        "industry": {
          "description": "Required. The name of the industry.",
          "type": "string"
        },
        "citationIds": {
          "items": {
            "type": "string"
          },
          "description": "Optional. The citation ids for the industry.",
          "type": "array"
        }
      },
      "id": "CustomerProfileIndustry",
      "type": "object"
    },
    "ListConfigurationRevisionsResponse": {
      "description": "Response message for ListConfigurationRevisions.",
      "id": "ListConfigurationRevisionsResponse",
      "type": "object",
      "properties": {
        "revisions": {
          "type": "array",
          "description": "The Configuration Revisions associated with the specified Configuration",
          "items": {
            "$ref": "ConfigurationRevision"
          }
        },
        "nextPageToken": {
          "description": "A token, which can be sent as `page_token` to retrieve the next page. If this field is omitted, there are no subsequent pages.",
          "type": "string"
        }
      }
    },
    "RelevanceAnalysis": {
      "description": "Structured relevance analysis for a threat.",
      "id": "RelevanceAnalysis",
      "type": "object",
      "properties": {
        "confidence": {
          "description": "The level of confidence in the given verdict.",
          "type": "string",
          "enumDescriptions": [
            "Default value. Confidence level is not specified.",
            "Low confidence in the verdict.",
            "Medium confidence in the verdict.",
            "High confidence in the verdict."
          ],
          "enum": [
            "CONFIDENCE_LEVEL_UNSPECIFIED",
            "CONFIDENCE_LEVEL_LOW",
            "CONFIDENCE_LEVEL_MEDIUM",
            "CONFIDENCE_LEVEL_HIGH"
          ]
        },
        "relevanceLevel": {
          "description": "The level of relevance.",
          "type": "string",
          "enumDescriptions": [
            "Default value, should never be set.",
            "Low Relevance.",
            "Medium Relevance.",
            "High Relevance."
          ],
          "enum": [
            "RELEVANCE_LEVEL_UNSPECIFIED",
            "RELEVANCE_LEVEL_LOW",
            "RELEVANCE_LEVEL_MEDIUM",
            "RELEVANCE_LEVEL_HIGH"
          ]
        },
        "evidence": {
          "description": "Evidence supporting the verdict, including matched and unmatched items.",
          "$ref": "Evidence"
        },
        "relevant": {
          "description": "Indicates whether the threat is considered relevant.",
          "type": "boolean"
        },
        "reasoning": {
          "description": "Human-readable explanation from the matcher, detailing why a particular result is considered relevant or not relevant.",
          "type": "string"
        }
      }
    },
    "Evidence": {
      "id": "Evidence",
      "type": "object",
      "properties": {
        "commonThemes": {
          "description": "A list of semantic themes or concepts found to be common, related, or aligned between the sources, supporting the verdict.",
          "items": {
            "type": "string"
          },
          "type": "array"
        },
        "distinctThemes": {
          "items": {
            "type": "string"
          },
          "description": "A list of semantic themes or descriptions unique to one source or semantically distant.",
          "type": "array"
        }
      },
      "description": "Details the evidence used to determine the relevance verdict."
    },
    "InitialAccessBrokerAlertDetail": {
      "id": "InitialAccessBrokerAlertDetail",
      "type": "object",
      "properties": {
        "discoveryDocumentIds": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "Required. Array of ids to accommodate multiple discovery documents"
        },
        "severity": {
          "description": "Required. The severity of the Initial Access Broker (IAB) alert. Allowed values are: * `LOW` * `MEDIUM` * `HIGH` * `CRITICAL`",
          "type": "string"
        }
      },
      "description": "Captures the specific details of InitialAccessBroker (IAB) alert."
    },
    "CustomerProfileLocation": {
      "description": "Location information for the customer profile.",
      "properties": {
        "facilityType": {
          "description": "Optional. The type of location.",
          "type": "string"
        },
        "address": {
          "description": "Required. The address of the location.",
          "type": "string"
        },
        "brand": {
          "description": "Required. The brand of the location.",
          "type": "string"
        },
        "citationIds": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "Optional. The citation ids for the location."
        }
      },
      "id": "CustomerProfileLocation",
      "type": "object"
    },
    "TechnologyWatchListConfig": {
      "properties": {
        "technologies": {
          "type": "array",
          "description": "Optional. List of vendor, technology or cpe fingerprint. example: Microsoft office 360 Apache Server 3.5 cpe:2.3:a:microsoft:outlook:*:*:*:*:*:*:*:*",
          "items": {
            "type": "string"
          }
        },
        "alertThreshold": {
          "description": "Optional. Alert thresholds to effectively reduce noise.",
          "$ref": "TechnologyWatchListAlertThreshold"
        }
      },
      "id": "TechnologyWatchListConfig",
      "type": "object",
      "description": "TechnologyWatchListConfig is the configuration for the technology watchlist."
    },
    "CustomerProfileProduct": {
      "id": "CustomerProfileProduct",
      "type": "object",
      "properties": {
        "product": {
          "description": "Required. The name of the product.",
          "type": "string"
        },
        "brand": {
          "description": "Required. The brand of the product.",
          "type": "string"
        },
        "citationIds": {
          "description": "Optional. The citation ids for the product.",
          "items": {
            "type": "string"
          },
          "type": "array"
        }
      },
      "description": "Product information for the customer profile."
    },
    "MarkAlertAsResolvedRequest": {
      "properties": {},
      "id": "MarkAlertAsResolvedRequest",
      "type": "object",
      "description": "Request message for MarkAlertAsResolved."
    },
    "Operation": {
      "description": "This resource represents a long-running operation that is the result of a network API call.",
      "id": "Operation",
      "type": "object",
      "properties": {
        "response": {
          "description": "The normal, successful response of the operation. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`.",
          "type": "object",
          "additionalProperties": {
            "type": "any",
            "description": "Properties of the object. Contains field @type with type URL."
          }
        },
        "error": {
          "description": "The error result of the operation in case of failure or cancellation.",
          "$ref": "Status"
        },
        "metadata": {
          "type": "object",
          "additionalProperties": {
            "type": "any",
            "description": "Properties of the object. Contains field @type with type URL."
          },
          "description": "Service-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any."
        },
        "name": {
          "description": "The server-assigned name, which is only unique within the same service that originally returns it. If you use the default HTTP mapping, the `name` should be a resource name ending with `operations/{unique_id}`.",
          "type": "string"
        },
        "done": {
          "description": "If the value is `false`, it means the operation is still in progress. If `true`, the operation is completed, and either `error` or `response` is available.",
          "type": "boolean"
        }
      }
    },
    "InsiderThreatAlertDetail": {
      "properties": {
        "discoveryDocumentIds": {
          "items": {
            "type": "string"
          },
          "description": "Required. Array of ids to accommodate multiple discovery documents",
          "type": "array"
        },
        "severity": {
          "description": "Required. The severity of the Insider Threat alert. Allowed values are: * `LOW` * `MEDIUM` * `HIGH` * `CRITICAL`",
          "type": "string"
        }
      },
      "id": "InsiderThreatAlertDetail",
      "type": "object",
      "description": "Captures the specific details of InsiderThreat alert."
    },
    "CustomerProfileWebPresence": {
      "description": "Web presence information for the customer profile.",
      "id": "CustomerProfileWebPresence",
      "type": "object",
      "properties": {
        "domain": {
          "description": "Required. The domain name of the web presence.",
          "type": "string"
        },
        "citationIds": {
          "items": {
            "type": "string"
          },
          "description": "Optional. The citation ids for the web presence.",
          "type": "array"
        }
      }
    },
    "PriorityAnalysis": {
      "description": "Structured priority analysis for a threat.",
      "id": "PriorityAnalysis",
      "type": "object",
      "properties": {
        "priorityLevel": {
          "description": "The level of Priority.",
          "type": "string",
          "enumDescriptions": [
            "Default value, should never be set.",
            "Low Priority.",
            "Medium Priority.",
            "High Priority.",
            "Critical Priority."
          ],
          "enum": [
            "PRIORITY_LEVEL_UNSPECIFIED",
            "PRIORITY_LEVEL_LOW",
            "PRIORITY_LEVEL_MEDIUM",
            "PRIORITY_LEVEL_HIGH",
            "PRIORITY_LEVEL_CRITICAL"
          ]
        },
        "confidence": {
          "description": "The level of confidence in the given verdict.",
          "type": "string",
          "enumDescriptions": [
            "Default value. Confidence level is not specified.",
            "Low confidence in the verdict.",
            "Medium confidence in the verdict.",
            "High confidence in the verdict."
          ],
          "enum": [
            "CONFIDENCE_LEVEL_UNSPECIFIED",
            "CONFIDENCE_LEVEL_LOW",
            "CONFIDENCE_LEVEL_MEDIUM",
            "CONFIDENCE_LEVEL_HIGH"
          ]
        },
        "reasoning": {
          "description": "Human-readable explanation from the model, detailing why a particular result is considered to have a certain priority.",
          "type": "string"
        }
      }
    },
    "FacetCount": {
      "id": "FacetCount",
      "type": "object",
      "properties": {
        "count": {
          "type": "integer",
          "description": "Count of records with the value.",
          "format": "int32"
        },
        "value": {
          "description": "Value of the facet stringified. Timestamps will be formatted using RFC3339.",
          "type": "string"
        }
      },
      "description": "FacetCount represents a count of records with each facet value."
    },
    "ConfigurationRevision": {
      "properties": {
        "snapshot": {
          "description": "The snapshot of the configuration",
          "$ref": "Configuration"
        },
        "name": {
          "description": "Identifier. The name of the ConfigurationRevision Format: projects//configurations//revisions/",
          "type": "string"
        },
        "createTime": {
          "type": "string",
          "description": "Output only. The time the Revision was created",
          "readOnly": true,
          "format": "google-datetime"
        }
      },
      "id": "ConfigurationRevision",
      "type": "object",
      "description": "A ConfigurationRevision is a snapshot of a Configuration at a point in time. It is immutable."
    },
    "ConfigurationDetail": {
      "id": "ConfigurationDetail",
      "type": "object",
      "properties": {
        "detailType": {
          "description": "Output only. Name of the detail type. Will be set by the server during creation to the name of the field that is set in the detail union.",
          "readOnly": true,
          "type": "string"
        },
        "customerProfile": {
          "description": "Customer Profile detail config.",
          "$ref": "CustomerProfileConfig"
        },
        "technologyWatchlist": {
          "description": "Technology Watchlist detail config.",
          "$ref": "TechnologyWatchListConfig"
        }
      },
      "description": "Wrapper class that contains the union struct for all the various configuration detail specific classes."
    },
    "VulnerabilityMatch": {
      "id": "VulnerabilityMatch",
      "type": "object",
      "properties": {
        "publiclyAvailableExploit": {
          "description": "Output only. Whether a publicly available exploit exists.",
          "readOnly": true,
          "type": "boolean"
        },
        "priority": {
          "enumDescriptions": [
            "Unspecified priority.",
            "Priority level 0.",
            "Priority level 1.",
            "Priority level 2.",
            "Priority level 3.",
            "Priority level 4."
          ],
          "enum": [
            "PRIORITY_UNSPECIFIED",
            "P0",
            "P1",
            "P2",
            "P3",
            "P4"
          ],
          "type": "string",
          "description": "Optional. The priority level of the vulnerability data. Ex: \"P1\"."
        },
        "collectionId": {
          "description": "Required. The collection ID of the vulnerability. Ex: \"vulnerability--cve-2025-9876\".",
          "type": "string"
        },
        "productFixes": {
          "type": "array",
          "items": {
            "$ref": "ProductFix"
          },
          "description": "Optional. List of product fixes for the vulnerability."
        },
        "epssScore": {
          "type": "number",
          "description": "Optional. The EPSS score, representing the probability of exploitation. Example: 0.87.",
          "format": "float"
        },
        "exploitationConsequences": {
          "type": "array",
          "items": {
            "enumDescriptions": [
              "Unspecified exploitation consequence.",
              "Code execution consequence.",
              "Command execution consequence.",
              "Data loss consequence.",
              "Data manipulation consequence.",
              "Denial-of-Service consequence.",
              "Information disclosure consequence.",
              "Unauthorized access consequence.",
              "Privilege escalation consequence.",
              "Sandbox escape consequence.",
              "Security bypass consequence.",
              "Container escape consequence.",
              "Spoofing consequence."
            ],
            "enum": [
              "EXPLOITATION_CONSEQUENCE_UNSPECIFIED",
              "CODE_EXECUTION",
              "COMMAND_EXECUTION",
              "DATA_LOSS",
              "DATA_MANIPULATION",
              "DENIAL_OF_SERVICE",
              "INFORMATION_DISCLOSURE",
              "UNAUTHORIZED_ACCESS",
              "PRIVILEGE_ESCALATION",
              "SANDBOX_ESCAPE",
              "SECURITY_BYPASS",
              "CONTAINER_ESCAPE",
              "SPOOFING"
            ],
            "type": "string"
          },
          "description": "Optional. List of exploitation consequences for the vulnerability."
        },
        "description": {
          "description": "Required. A description of the vulnerability.",
          "type": "string"
        },
        "exploitationState": {
          "description": "Required. The exploitation state of the vulnerability.",
          "type": "string",
          "enumDescriptions": [
            "Unspecified exploitation state.",
            "No known exploitation.",
            "Exploitation has been reported.",
            "Exploitation is suspected.",
            "Exploitation is confirmed.",
            "Widespread exploitation."
          ],
          "enum": [
            "EXPLOITATION_STATE_UNSPECIFIED",
            "EXPLOITATION_STATE_NO_KNOWN",
            "EXPLOITATION_STATE_REPORTED",
            "EXPLOITATION_STATE_SUSPECTED",
            "EXPLOITATION_STATE_CONFIRMED",
            "EXPLOITATION_STATE_WIDESPREAD"
          ]
        },
        "disclosureTime": {
          "description": "Optional. The disclosure time of the vulnerability.",
          "format": "google-datetime",
          "type": "string"
        },
        "cveId": {
          "description": "Required. The CVE ID of the vulnerability. Ex: \"CVE-2025-9876\". See https://www.cve.org/ for more information.",
          "type": "string"
        },
        "cvss3Score": {
          "description": "Required. The CVSS score of the vulnerability. Evaluates to CVSS v3 when available with a fallback to v2 and v4. Example: 6.4.",
          "format": "float",
          "type": "number"
        },
        "exploitationVectors": {
          "description": "Optional. List of exploitation vectors for the vulnerability.",
          "items": {
            "enumDescriptions": [
              "Unspecified exploitation vector.",
              "Administrative interface vector.",
              "Bluetooth access vector.",
              "Browser vector.",
              "Compromised communication channel vector.",
              "Email vector.",
              "Exposed web application vector.",
              "Local network access vector.",
              "Malicious application vector.",
              "Malicious file vector.",
              "Malicious server vector.",
              "Open port vector.",
              "Physical access vector.",
              "Short range radio vector.",
              "Unspecified local vector.",
              "Unspecified remote vector.",
              "VPN access vector.",
              "WiFi access vector."
            ],
            "enum": [
              "EXPLOITATION_VECTOR_UNSPECIFIED",
              "ADMINISTRATIVE_INTERFACE",
              "BLUETOOTH_ACCESS",
              "BROWSER",
              "COMPROMISED_COMMUNICATION_CHANNEL",
              "EMAIL",
              "EXPOSED_WEB_APPLICATION",
              "LOCAL_NETWORK_ACCESS",
              "MALICIOUS_APPLICATION",
              "MALICIOUS_FILE",
              "MALICIOUS_SERVER",
              "OPEN_PORT",
              "PHYSICAL_ACCESS",
              "SHORT_RANGE_RADIO",
              "UNSPECIFIED_LOCAL_VECTOR",
              "UNSPECIFIED_REMOTE_VECTOR",
              "VPN_ACCESS",
              "WIFI_ACCESS"
            ],
            "type": "string"
          },
          "type": "array"
        },
        "technologies": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "Required. All technologies affected by the vulnerability. Ex: \"Apache Struts\"."
        },
        "publicExploits": {
          "items": {
            "$ref": "PublicExploit"
          },
          "description": "Optional. List of public exploits.",
          "type": "array"
        },
        "riskRating": {
          "description": "Required. The risk rating of the vulnerability.",
          "enumDescriptions": [
            "Unspecified risk rating. This is the default value when the risk rating is not set.",
            "Low risk rating.",
            "Medium risk rating.",
            "High risk rating.",
            "Critical risk rating.",
            "The vulnerability has been assessed, but a specific risk rating could not be determined or assigned."
          ],
          "enum": [
            "RISK_RATING_UNSPECIFIED",
            "LOW",
            "MEDIUM",
            "HIGH",
            "CRITICAL",
            "UNRATED"
          ],
          "type": "string"
        },
        "matchedTechnologies": {
          "items": {
            "type": "string"
          },
          "description": "Optional. The specific technologies from the configured watchlist that triggered the match. Ex: \"Apache Struts\".",
          "type": "array"
        },
        "associations": {
          "type": "array",
          "items": {
            "$ref": "Association"
          },
          "description": "Optional. Associated threat actors, malware, etc. This is embedded as a snapshot because the details of the association at the time of the vulnerability match are important for context and reporting."
        }
      },
      "description": "Contains details about a vulnerability match."
    },
    "DataLeakFindingDetail": {
      "id": "DataLeakFindingDetail",
      "type": "object",
      "properties": {
        "severity": {
          "type": "string",
          "enumDescriptions": [
            "Default value, should never be set.",
            "Low severity.",
            "Medium severity.",
            "High severity.",
            "Critical severity."
          ],
          "enum": [
            "SEVERITY_UNSPECIFIED",
            "LOW",
            "MEDIUM",
            "HIGH",
            "CRITICAL"
          ],
          "description": "Required. The severity of the Data Leak finding. This indicates the potential impact of the threat."
        },
        "matchScore": {
          "description": "Required. Reference to the match score of the Data Leak finding. This is a float value greater than 0 and less than or equal to 1 calculated by the matching engine based on the similarity of the document and the user provided configurations.",
          "format": "float",
          "type": "number"
        },
        "documentId": {
          "description": "Required. The unique identifier of the document that triggered the Data Leak finding. This ID can be used to retrieve the content of the document for further analysis.",
          "type": "string"
        }
      },
      "description": "A detail object for a Data Leak finding."
    },
    "AlertDetail": {
      "description": "Container for different types of alert details.",
      "properties": {
        "insiderThreat": {
          "description": "Insider Threat alert detail type.",
          "$ref": "InsiderThreatAlertDetail"
        },
        "detailType": {
          "description": "Output only. Name of the detail type. Will be set by the server during creation to the name of the field that is set in the detail union.",
          "readOnly": true,
          "type": "string"
        },
        "initialAccessBroker": {
          "description": "Initial Access Broker alert detail type.",
          "$ref": "InitialAccessBrokerAlertDetail"
        },
        "targetTechnology": {
          "description": "Technology Watchlist alert detail type.",
          "$ref": "TargetTechnologyAlertDetail"
        },
        "dataLeak": {
          "description": "Data Leak alert detail type.",
          "$ref": "DataLeakAlertDetail"
        }
      },
      "id": "AlertDetail",
      "type": "object"
    },
    "InitialAccessBrokerFindingDetail": {
      "description": "A detail object for an Initial Access Broker (IAB) finding.",
      "id": "InitialAccessBrokerFindingDetail",
      "type": "object",
      "properties": {
        "severity": {
          "description": "Required. The severity of the IAB finding. This indicates the potential impact of the threat.",
          "enumDescriptions": [
            "",
            "",
            "",
            "",
            ""
          ],
          "enum": [
            "SEVERITY_UNSPECIFIED",
            "LOW",
            "MEDIUM",
            "HIGH",
            "CRITICAL"
          ],
          "type": "string"
        },
        "matchScore": {
          "type": "number",
          "description": "Required. Reference to the match score of the IAB finding. This is a float value between 0 and 1 calculated by the matching engine based on the similarity of the document and the user provided configurations.",
          "format": "float"
        },
        "documentId": {
          "description": "Required. The unique identifier of the document that triggered the IAB finding. This ID can be used to retrieve the content of the document for further analysis.",
          "type": "string"
        }
      }
    },
    "Status": {
      "description": "The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors).",
      "id": "Status",
      "type": "object",
      "properties": {
        "code": {
          "description": "The status code, which should be an enum value of google.rpc.Code.",
          "format": "int32",
          "type": "integer"
        },
        "message": {
          "description": "A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.",
          "type": "string"
        },
        "details": {
          "items": {
            "type": "object",
            "additionalProperties": {
              "type": "any",
              "description": "Properties of the object. Contains field @type with type URL."
            }
          },
          "description": "A list of messages that carry the error details. There is a common set of message types for APIs to use.",
          "type": "array"
        }
      }
    },
    "ListFindingsResponse": {
      "description": "Response message for ListFindings.",
      "properties": {
        "findings": {
          "description": "List of findings.",
          "items": {
            "$ref": "Finding"
          },
          "type": "array"
        },
        "nextPageToken": {
          "description": "Page token.",
          "type": "string"
        }
      },
      "id": "ListFindingsResponse",
      "type": "object"
    },
    "CustomerProfilePerson": {
      "description": "Person information for the customer profile.",
      "properties": {
        "name": {
          "description": "Required. The name of the person.",
          "type": "string"
        },
        "title": {
          "description": "Optional. The title of the person.",
          "type": "string"
        },
        "citationIds": {
          "items": {
            "type": "string"
          },
          "description": "Optional. The citation ids for the person.",
          "type": "array"
        }
      },
      "id": "CustomerProfilePerson",
      "type": "object"
    },
    "CustomerProfileContactInfo": {
      "id": "CustomerProfileContactInfo",
      "type": "object",
      "properties": {
        "address": {
          "description": "The address of the contact.",
          "type": "string"
        },
        "other": {
          "description": "The other contact information.",
          "type": "string"
        },
        "email": {
          "description": "The email address of the contact.",
          "type": "string"
        },
        "label": {
          "description": "Optional. The name of the contact.",
          "type": "string"
        },
        "citationIds": {
          "items": {
            "type": "string"
          },
          "description": "Optional. The citation ids for the contact information.",
          "type": "array"
        },
        "phone": {
          "description": "The phone number of the contact.",
          "type": "string"
        }
      },
      "description": "Contact information for the customer profile."
    }
  }
}
