google-apis-threatintelligence_v1beta 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- data/.yardopts +13 -0
- data/CHANGELOG.md +7 -0
- data/LICENSE.md +202 -0
- data/OVERVIEW.md +96 -0
- data/lib/google/apis/threatintelligence_v1beta/classes.rb +2945 -0
- data/lib/google/apis/threatintelligence_v1beta/gem_version.rb +28 -0
- data/lib/google/apis/threatintelligence_v1beta/representations.rb +1343 -0
- data/lib/google/apis/threatintelligence_v1beta/service.rb +851 -0
- data/lib/google/apis/threatintelligence_v1beta.rb +36 -0
- data/lib/google-apis-threatintelligence_v1beta.rb +15 -0
- metadata +79 -0
|
@@ -0,0 +1,2945 @@
|
|
|
1
|
+
# Copyright 2020 Google LLC
|
|
2
|
+
#
|
|
3
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
4
|
+
# you may not use this file except in compliance with the License.
|
|
5
|
+
# You may obtain a copy of the License at
|
|
6
|
+
#
|
|
7
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
|
8
|
+
#
|
|
9
|
+
# Unless required by applicable law or agreed to in writing, software
|
|
10
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
11
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
12
|
+
# See the License for the specific language governing permissions and
|
|
13
|
+
# limitations under the License.
|
|
14
|
+
|
|
15
|
+
require 'date'
|
|
16
|
+
require 'google/apis/core/base_service'
|
|
17
|
+
require 'google/apis/core/json_representation'
|
|
18
|
+
require 'google/apis/core/hashable'
|
|
19
|
+
require 'google/apis/errors'
|
|
20
|
+
|
|
21
|
+
module Google
|
|
22
|
+
module Apis
|
|
23
|
+
module ThreatintelligenceV1beta
|
|
24
|
+
|
|
25
|
+
# The software that is affected by the vulnerability.
|
|
26
|
+
class AffectedSoftware
|
|
27
|
+
include Google::Apis::Core::Hashable
|
|
28
|
+
|
|
29
|
+
# Optional. The product of the software.
|
|
30
|
+
# Corresponds to the JSON property `product`
|
|
31
|
+
# @return [String]
|
|
32
|
+
attr_accessor :product
|
|
33
|
+
|
|
34
|
+
# Optional. The vendor of the software.
|
|
35
|
+
# Corresponds to the JSON property `vendor`
|
|
36
|
+
# @return [String]
|
|
37
|
+
attr_accessor :vendor
|
|
38
|
+
|
|
39
|
+
def initialize(**args)
|
|
40
|
+
update!(**args)
|
|
41
|
+
end
|
|
42
|
+
|
|
43
|
+
# Update properties of this object
|
|
44
|
+
def update!(**args)
|
|
45
|
+
@product = args[:product] if args.key?(:product)
|
|
46
|
+
@vendor = args[:vendor] if args.key?(:vendor)
|
|
47
|
+
end
|
|
48
|
+
end
|
|
49
|
+
|
|
50
|
+
# Stateful object representing a group of Findings. Key feature to an Alert is
|
|
51
|
+
# that it expresses the user's intent towards the findings of that group, even
|
|
52
|
+
# those that haven't occurred yet.
|
|
53
|
+
class Alert
|
|
54
|
+
include Google::Apis::Core::Hashable
|
|
55
|
+
|
|
56
|
+
# Optional. AI summary of the finding.
|
|
57
|
+
# Corresponds to the JSON property `aiSummary`
|
|
58
|
+
# @return [String]
|
|
59
|
+
attr_accessor :ai_summary
|
|
60
|
+
|
|
61
|
+
# Output only. Assets that are impacted by this alert.
|
|
62
|
+
# Corresponds to the JSON property `assets`
|
|
63
|
+
# @return [Array<String>]
|
|
64
|
+
attr_accessor :assets
|
|
65
|
+
|
|
66
|
+
# Tracks basic CRUD facts.
|
|
67
|
+
# Corresponds to the JSON property `audit`
|
|
68
|
+
# @return [Google::Apis::ThreatintelligenceV1beta::Audit]
|
|
69
|
+
attr_accessor :audit
|
|
70
|
+
|
|
71
|
+
# Output only. The resource names of the Configurations bound to this alert.
|
|
72
|
+
# Format: projects/`project`/configurations/`configuration`
|
|
73
|
+
# Corresponds to the JSON property `configurations`
|
|
74
|
+
# @return [Array<String>]
|
|
75
|
+
attr_accessor :configurations
|
|
76
|
+
|
|
77
|
+
# Container for different types of alert details.
|
|
78
|
+
# Corresponds to the JSON property `detail`
|
|
79
|
+
# @return [Google::Apis::ThreatintelligenceV1beta::AlertDetail]
|
|
80
|
+
attr_accessor :detail
|
|
81
|
+
|
|
82
|
+
# Output only. A short title for the alert.
|
|
83
|
+
# Corresponds to the JSON property `displayName`
|
|
84
|
+
# @return [String]
|
|
85
|
+
attr_accessor :display_name
|
|
86
|
+
|
|
87
|
+
# Output only. alert name of the alert this alert is a duplicate of. Format:
|
|
88
|
+
# projects/`project`/alerts/`alert`
|
|
89
|
+
# Corresponds to the JSON property `duplicateOf`
|
|
90
|
+
# @return [String]
|
|
91
|
+
attr_accessor :duplicate_of
|
|
92
|
+
|
|
93
|
+
# Output only. alert names of the alerts that are duplicates of this alert.
|
|
94
|
+
# Format: projects/`project`/alerts/`alert`
|
|
95
|
+
# Corresponds to the JSON property `duplicatedBy`
|
|
96
|
+
# @return [Array<String>]
|
|
97
|
+
attr_accessor :duplicated_by
|
|
98
|
+
|
|
99
|
+
# Optional. If included when updating an alert, this should be set to the
|
|
100
|
+
# current etag of the alert. If the etags do not match, the update will be
|
|
101
|
+
# rejected and an ABORTED error will be returned.
|
|
102
|
+
# Corresponds to the JSON property `etag`
|
|
103
|
+
# @return [String]
|
|
104
|
+
attr_accessor :etag
|
|
105
|
+
|
|
106
|
+
# Output only. External ID for the alert. This is used internally to provide
|
|
107
|
+
# protection against out of order updates.
|
|
108
|
+
# Corresponds to the JSON property `externalId`
|
|
109
|
+
# @return [String]
|
|
110
|
+
attr_accessor :external_id
|
|
111
|
+
|
|
112
|
+
# Output only. Findings that are covered by this alert.
|
|
113
|
+
# Corresponds to the JSON property `findings`
|
|
114
|
+
# @return [Array<String>]
|
|
115
|
+
attr_accessor :findings
|
|
116
|
+
|
|
117
|
+
# Identifier. Server generated name for the alert. format is projects/`project`/
|
|
118
|
+
# alerts/`alert`
|
|
119
|
+
# Corresponds to the JSON property `name`
|
|
120
|
+
# @return [String]
|
|
121
|
+
attr_accessor :name
|
|
122
|
+
|
|
123
|
+
# Structured priority analysis for a threat.
|
|
124
|
+
# Corresponds to the JSON property `priorityAnalysis`
|
|
125
|
+
# @return [Google::Apis::ThreatintelligenceV1beta::PriorityAnalysis]
|
|
126
|
+
attr_accessor :priority_analysis
|
|
127
|
+
|
|
128
|
+
# Structured relevance analysis for a threat.
|
|
129
|
+
# Corresponds to the JSON property `relevanceAnalysis`
|
|
130
|
+
# @return [Google::Apis::ThreatintelligenceV1beta::RelevanceAnalysis]
|
|
131
|
+
attr_accessor :relevance_analysis
|
|
132
|
+
|
|
133
|
+
# Structured severity analysis for a threat.
|
|
134
|
+
# Corresponds to the JSON property `severityAnalysis`
|
|
135
|
+
# @return [Google::Apis::ThreatintelligenceV1beta::SeverityAnalysis]
|
|
136
|
+
attr_accessor :severity_analysis
|
|
137
|
+
|
|
138
|
+
# Output only. State of the alert.
|
|
139
|
+
# Corresponds to the JSON property `state`
|
|
140
|
+
# @return [String]
|
|
141
|
+
attr_accessor :state
|
|
142
|
+
|
|
143
|
+
def initialize(**args)
|
|
144
|
+
update!(**args)
|
|
145
|
+
end
|
|
146
|
+
|
|
147
|
+
# Update properties of this object
|
|
148
|
+
def update!(**args)
|
|
149
|
+
@ai_summary = args[:ai_summary] if args.key?(:ai_summary)
|
|
150
|
+
@assets = args[:assets] if args.key?(:assets)
|
|
151
|
+
@audit = args[:audit] if args.key?(:audit)
|
|
152
|
+
@configurations = args[:configurations] if args.key?(:configurations)
|
|
153
|
+
@detail = args[:detail] if args.key?(:detail)
|
|
154
|
+
@display_name = args[:display_name] if args.key?(:display_name)
|
|
155
|
+
@duplicate_of = args[:duplicate_of] if args.key?(:duplicate_of)
|
|
156
|
+
@duplicated_by = args[:duplicated_by] if args.key?(:duplicated_by)
|
|
157
|
+
@etag = args[:etag] if args.key?(:etag)
|
|
158
|
+
@external_id = args[:external_id] if args.key?(:external_id)
|
|
159
|
+
@findings = args[:findings] if args.key?(:findings)
|
|
160
|
+
@name = args[:name] if args.key?(:name)
|
|
161
|
+
@priority_analysis = args[:priority_analysis] if args.key?(:priority_analysis)
|
|
162
|
+
@relevance_analysis = args[:relevance_analysis] if args.key?(:relevance_analysis)
|
|
163
|
+
@severity_analysis = args[:severity_analysis] if args.key?(:severity_analysis)
|
|
164
|
+
@state = args[:state] if args.key?(:state)
|
|
165
|
+
end
|
|
166
|
+
end
|
|
167
|
+
|
|
168
|
+
# Container for different types of alert details.
|
|
169
|
+
class AlertDetail
|
|
170
|
+
include Google::Apis::Core::Hashable
|
|
171
|
+
|
|
172
|
+
# Captures the specific details of Data Leak alert.
|
|
173
|
+
# Corresponds to the JSON property `dataLeak`
|
|
174
|
+
# @return [Google::Apis::ThreatintelligenceV1beta::DataLeakAlertDetail]
|
|
175
|
+
attr_accessor :data_leak
|
|
176
|
+
|
|
177
|
+
# Output only. Name of the detail type. Will be set by the server during
|
|
178
|
+
# creation to the name of the field that is set in the detail union.
|
|
179
|
+
# Corresponds to the JSON property `detailType`
|
|
180
|
+
# @return [String]
|
|
181
|
+
attr_accessor :detail_type
|
|
182
|
+
|
|
183
|
+
# Captures the specific details of InitialAccessBroker (IAB) alert.
|
|
184
|
+
# Corresponds to the JSON property `initialAccessBroker`
|
|
185
|
+
# @return [Google::Apis::ThreatintelligenceV1beta::InitialAccessBrokerAlertDetail]
|
|
186
|
+
attr_accessor :initial_access_broker
|
|
187
|
+
|
|
188
|
+
# Captures the specific details of InsiderThreat alert.
|
|
189
|
+
# Corresponds to the JSON property `insiderThreat`
|
|
190
|
+
# @return [Google::Apis::ThreatintelligenceV1beta::InsiderThreatAlertDetail]
|
|
191
|
+
attr_accessor :insider_threat
|
|
192
|
+
|
|
193
|
+
# The alert detail for a suspicious domain finding.
|
|
194
|
+
# Corresponds to the JSON property `suspiciousDomain`
|
|
195
|
+
# @return [Google::Apis::ThreatintelligenceV1beta::SuspiciousDomainAlertDetail]
|
|
196
|
+
attr_accessor :suspicious_domain
|
|
197
|
+
|
|
198
|
+
# Contains details for a technology watchlist alert.
|
|
199
|
+
# Corresponds to the JSON property `targetTechnology`
|
|
200
|
+
# @return [Google::Apis::ThreatintelligenceV1beta::TargetTechnologyAlertDetail]
|
|
201
|
+
attr_accessor :target_technology
|
|
202
|
+
|
|
203
|
+
def initialize(**args)
|
|
204
|
+
update!(**args)
|
|
205
|
+
end
|
|
206
|
+
|
|
207
|
+
# Update properties of this object
|
|
208
|
+
def update!(**args)
|
|
209
|
+
@data_leak = args[:data_leak] if args.key?(:data_leak)
|
|
210
|
+
@detail_type = args[:detail_type] if args.key?(:detail_type)
|
|
211
|
+
@initial_access_broker = args[:initial_access_broker] if args.key?(:initial_access_broker)
|
|
212
|
+
@insider_threat = args[:insider_threat] if args.key?(:insider_threat)
|
|
213
|
+
@suspicious_domain = args[:suspicious_domain] if args.key?(:suspicious_domain)
|
|
214
|
+
@target_technology = args[:target_technology] if args.key?(:target_technology)
|
|
215
|
+
end
|
|
216
|
+
end
|
|
217
|
+
|
|
218
|
+
# A document that is associated with an alert.
|
|
219
|
+
class AlertDocument
|
|
220
|
+
include Google::Apis::Core::Hashable
|
|
221
|
+
|
|
222
|
+
# Output only. AI summary of the finding.
|
|
223
|
+
# Corresponds to the JSON property `aiSummary`
|
|
224
|
+
# @return [String]
|
|
225
|
+
attr_accessor :ai_summary
|
|
226
|
+
|
|
227
|
+
# Output only. The author of the document.
|
|
228
|
+
# Corresponds to the JSON property `author`
|
|
229
|
+
# @return [String]
|
|
230
|
+
attr_accessor :author
|
|
231
|
+
|
|
232
|
+
# Output only. Time when the origin source collected the intel.
|
|
233
|
+
# Corresponds to the JSON property `collectionTime`
|
|
234
|
+
# @return [String]
|
|
235
|
+
attr_accessor :collection_time
|
|
236
|
+
|
|
237
|
+
# Output only. The content of the document.
|
|
238
|
+
# Corresponds to the JSON property `content`
|
|
239
|
+
# @return [String]
|
|
240
|
+
attr_accessor :content
|
|
241
|
+
|
|
242
|
+
# Output only. The time the document was created.
|
|
243
|
+
# Corresponds to the JSON property `createTime`
|
|
244
|
+
# @return [String]
|
|
245
|
+
attr_accessor :create_time
|
|
246
|
+
|
|
247
|
+
# Output only. Time when GTI received the intel.
|
|
248
|
+
# Corresponds to the JSON property `ingestTime`
|
|
249
|
+
# @return [String]
|
|
250
|
+
attr_accessor :ingest_time
|
|
251
|
+
|
|
252
|
+
# Output only. The language code of the document.
|
|
253
|
+
# Corresponds to the JSON property `languageCode`
|
|
254
|
+
# @return [String]
|
|
255
|
+
attr_accessor :language_code
|
|
256
|
+
|
|
257
|
+
# Identifier. Server generated name for the alert document. format is projects/`
|
|
258
|
+
# project`/alerts/`alert`/documents/`document`
|
|
259
|
+
# Corresponds to the JSON property `name`
|
|
260
|
+
# @return [String]
|
|
261
|
+
attr_accessor :name
|
|
262
|
+
|
|
263
|
+
# Output only. Source of the intel item, e.g. DarkMarket.
|
|
264
|
+
# Corresponds to the JSON property `source`
|
|
265
|
+
# @return [String]
|
|
266
|
+
attr_accessor :source
|
|
267
|
+
|
|
268
|
+
# Output only. Time when the intel was last updated by the source.
|
|
269
|
+
# Corresponds to the JSON property `sourceUpdateTime`
|
|
270
|
+
# @return [String]
|
|
271
|
+
attr_accessor :source_update_time
|
|
272
|
+
|
|
273
|
+
# Output only. URI of the intel item from the source.
|
|
274
|
+
# Corresponds to the JSON property `sourceUri`
|
|
275
|
+
# @return [String]
|
|
276
|
+
attr_accessor :source_uri
|
|
277
|
+
|
|
278
|
+
# Output only. The title of the document, if available.
|
|
279
|
+
# Corresponds to the JSON property `title`
|
|
280
|
+
# @return [String]
|
|
281
|
+
attr_accessor :title
|
|
282
|
+
|
|
283
|
+
# The translation of an alert document.
|
|
284
|
+
# Corresponds to the JSON property `translation`
|
|
285
|
+
# @return [Google::Apis::ThreatintelligenceV1beta::AlertDocumentTranslation]
|
|
286
|
+
attr_accessor :translation
|
|
287
|
+
|
|
288
|
+
def initialize(**args)
|
|
289
|
+
update!(**args)
|
|
290
|
+
end
|
|
291
|
+
|
|
292
|
+
# Update properties of this object
|
|
293
|
+
def update!(**args)
|
|
294
|
+
@ai_summary = args[:ai_summary] if args.key?(:ai_summary)
|
|
295
|
+
@author = args[:author] if args.key?(:author)
|
|
296
|
+
@collection_time = args[:collection_time] if args.key?(:collection_time)
|
|
297
|
+
@content = args[:content] if args.key?(:content)
|
|
298
|
+
@create_time = args[:create_time] if args.key?(:create_time)
|
|
299
|
+
@ingest_time = args[:ingest_time] if args.key?(:ingest_time)
|
|
300
|
+
@language_code = args[:language_code] if args.key?(:language_code)
|
|
301
|
+
@name = args[:name] if args.key?(:name)
|
|
302
|
+
@source = args[:source] if args.key?(:source)
|
|
303
|
+
@source_update_time = args[:source_update_time] if args.key?(:source_update_time)
|
|
304
|
+
@source_uri = args[:source_uri] if args.key?(:source_uri)
|
|
305
|
+
@title = args[:title] if args.key?(:title)
|
|
306
|
+
@translation = args[:translation] if args.key?(:translation)
|
|
307
|
+
end
|
|
308
|
+
end
|
|
309
|
+
|
|
310
|
+
# The translation of an alert document.
|
|
311
|
+
class AlertDocumentTranslation
|
|
312
|
+
include Google::Apis::Core::Hashable
|
|
313
|
+
|
|
314
|
+
# Output only. The translated content of the document.
|
|
315
|
+
# Corresponds to the JSON property `translatedContent`
|
|
316
|
+
# @return [String]
|
|
317
|
+
attr_accessor :translated_content
|
|
318
|
+
|
|
319
|
+
# Output only. The translated title of the document.
|
|
320
|
+
# Corresponds to the JSON property `translatedTitle`
|
|
321
|
+
# @return [String]
|
|
322
|
+
attr_accessor :translated_title
|
|
323
|
+
|
|
324
|
+
def initialize(**args)
|
|
325
|
+
update!(**args)
|
|
326
|
+
end
|
|
327
|
+
|
|
328
|
+
# Update properties of this object
|
|
329
|
+
def update!(**args)
|
|
330
|
+
@translated_content = args[:translated_content] if args.key?(:translated_content)
|
|
331
|
+
@translated_title = args[:translated_title] if args.key?(:translated_title)
|
|
332
|
+
end
|
|
333
|
+
end
|
|
334
|
+
|
|
335
|
+
# Customer defined Configuration for asset discovery.
|
|
336
|
+
class AssetDiscoveryConfig
|
|
337
|
+
include Google::Apis::Core::Hashable
|
|
338
|
+
|
|
339
|
+
# Output only. Timestamp of the last scan completed. This field is set by the
|
|
340
|
+
# system and cannot be modified by the user.
|
|
341
|
+
# Corresponds to the JSON property `lastScanCompleteTime`
|
|
342
|
+
# @return [String]
|
|
343
|
+
attr_accessor :last_scan_complete_time
|
|
344
|
+
|
|
345
|
+
# Output only. Timestamp of the last scan started - used for scheduling the next
|
|
346
|
+
# scan. This field is set by the system and cannot be modified by the user.
|
|
347
|
+
# Corresponds to the JSON property `lastScanStartTime`
|
|
348
|
+
# @return [String]
|
|
349
|
+
attr_accessor :last_scan_start_time
|
|
350
|
+
|
|
351
|
+
# Required. Frequency at which the scheduled discovery scan should be run. If
|
|
352
|
+
# not specified, the default frequency is DAILY.
|
|
353
|
+
# Corresponds to the JSON property `scanFrequency`
|
|
354
|
+
# @return [String]
|
|
355
|
+
attr_accessor :scan_frequency
|
|
356
|
+
|
|
357
|
+
# Optional. Seed assets that are out of scope for the scheduled discovery scan.
|
|
358
|
+
# Corresponds to the JSON property `scopeExclusionAssets`
|
|
359
|
+
# @return [Array<Google::Apis::ThreatintelligenceV1beta::AssetDiscoverySeed>]
|
|
360
|
+
attr_accessor :scope_exclusion_assets
|
|
361
|
+
|
|
362
|
+
# Required. Seed assets for the scheduled discovery scan. At least one seed
|
|
363
|
+
# asset is required.
|
|
364
|
+
# Corresponds to the JSON property `seedAssets`
|
|
365
|
+
# @return [Array<Google::Apis::ThreatintelligenceV1beta::AssetDiscoverySeed>]
|
|
366
|
+
attr_accessor :seed_assets
|
|
367
|
+
|
|
368
|
+
# Required. Workflow to be used for the scheduled discovery scan. If not
|
|
369
|
+
# specified, the default workflow is EXTERNAL_DISCOVERY.
|
|
370
|
+
# Corresponds to the JSON property `workflow`
|
|
371
|
+
# @return [String]
|
|
372
|
+
attr_accessor :workflow
|
|
373
|
+
|
|
374
|
+
def initialize(**args)
|
|
375
|
+
update!(**args)
|
|
376
|
+
end
|
|
377
|
+
|
|
378
|
+
# Update properties of this object
|
|
379
|
+
def update!(**args)
|
|
380
|
+
@last_scan_complete_time = args[:last_scan_complete_time] if args.key?(:last_scan_complete_time)
|
|
381
|
+
@last_scan_start_time = args[:last_scan_start_time] if args.key?(:last_scan_start_time)
|
|
382
|
+
@scan_frequency = args[:scan_frequency] if args.key?(:scan_frequency)
|
|
383
|
+
@scope_exclusion_assets = args[:scope_exclusion_assets] if args.key?(:scope_exclusion_assets)
|
|
384
|
+
@seed_assets = args[:seed_assets] if args.key?(:seed_assets)
|
|
385
|
+
@workflow = args[:workflow] if args.key?(:workflow)
|
|
386
|
+
end
|
|
387
|
+
end
|
|
388
|
+
|
|
389
|
+
# Seed assets for asset discovery.
|
|
390
|
+
class AssetDiscoverySeed
|
|
391
|
+
include Google::Apis::Core::Hashable
|
|
392
|
+
|
|
393
|
+
# Required. Type of the seed asset.
|
|
394
|
+
# Corresponds to the JSON property `seedType`
|
|
395
|
+
# @return [String]
|
|
396
|
+
attr_accessor :seed_type
|
|
397
|
+
|
|
398
|
+
# Required. Value for the seed asset. Could be an IP address, network service,
|
|
399
|
+
# email addresses, etc.
|
|
400
|
+
# Corresponds to the JSON property `seedValue`
|
|
401
|
+
# @return [String]
|
|
402
|
+
attr_accessor :seed_value
|
|
403
|
+
|
|
404
|
+
def initialize(**args)
|
|
405
|
+
update!(**args)
|
|
406
|
+
end
|
|
407
|
+
|
|
408
|
+
# Update properties of this object
|
|
409
|
+
def update!(**args)
|
|
410
|
+
@seed_type = args[:seed_type] if args.key?(:seed_type)
|
|
411
|
+
@seed_value = args[:seed_value] if args.key?(:seed_value)
|
|
412
|
+
end
|
|
413
|
+
end
|
|
414
|
+
|
|
415
|
+
# Represents an association with a vulnerability.
|
|
416
|
+
class Association
|
|
417
|
+
include Google::Apis::Core::Hashable
|
|
418
|
+
|
|
419
|
+
# Required. The ID of the association.
|
|
420
|
+
# Corresponds to the JSON property `id`
|
|
421
|
+
# @return [String]
|
|
422
|
+
attr_accessor :id
|
|
423
|
+
|
|
424
|
+
# Required. The type of the association.
|
|
425
|
+
# Corresponds to the JSON property `type`
|
|
426
|
+
# @return [String]
|
|
427
|
+
attr_accessor :type
|
|
428
|
+
|
|
429
|
+
def initialize(**args)
|
|
430
|
+
update!(**args)
|
|
431
|
+
end
|
|
432
|
+
|
|
433
|
+
# Update properties of this object
|
|
434
|
+
def update!(**args)
|
|
435
|
+
@id = args[:id] if args.key?(:id)
|
|
436
|
+
@type = args[:type] if args.key?(:type)
|
|
437
|
+
end
|
|
438
|
+
end
|
|
439
|
+
|
|
440
|
+
# Tracks basic CRUD facts.
|
|
441
|
+
class Audit
|
|
442
|
+
include Google::Apis::Core::Hashable
|
|
443
|
+
|
|
444
|
+
# Output only. Time of creation.
|
|
445
|
+
# Corresponds to the JSON property `createTime`
|
|
446
|
+
# @return [String]
|
|
447
|
+
attr_accessor :create_time
|
|
448
|
+
|
|
449
|
+
# Output only. Agent that created or updated the record, could be a UserId or a
|
|
450
|
+
# JobId.
|
|
451
|
+
# Corresponds to the JSON property `creator`
|
|
452
|
+
# @return [String]
|
|
453
|
+
attr_accessor :creator
|
|
454
|
+
|
|
455
|
+
# Output only. Time of creation or last update.
|
|
456
|
+
# Corresponds to the JSON property `updateTime`
|
|
457
|
+
# @return [String]
|
|
458
|
+
attr_accessor :update_time
|
|
459
|
+
|
|
460
|
+
# Output only. Agent that last updated the record, could be a UserId or a JobId.
|
|
461
|
+
# Corresponds to the JSON property `updater`
|
|
462
|
+
# @return [String]
|
|
463
|
+
attr_accessor :updater
|
|
464
|
+
|
|
465
|
+
def initialize(**args)
|
|
466
|
+
update!(**args)
|
|
467
|
+
end
|
|
468
|
+
|
|
469
|
+
# Update properties of this object
|
|
470
|
+
def update!(**args)
|
|
471
|
+
@create_time = args[:create_time] if args.key?(:create_time)
|
|
472
|
+
@creator = args[:creator] if args.key?(:creator)
|
|
473
|
+
@update_time = args[:update_time] if args.key?(:update_time)
|
|
474
|
+
@updater = args[:updater] if args.key?(:updater)
|
|
475
|
+
end
|
|
476
|
+
end
|
|
477
|
+
|
|
478
|
+
# Sample compromised credential detail.
|
|
479
|
+
class CompromisedCredentialsFindingDetail
|
|
480
|
+
include Google::Apis::Core::Hashable
|
|
481
|
+
|
|
482
|
+
# Optional. Reference to the author this detail was extracted from. This is
|
|
483
|
+
# deprecated and will be removed.
|
|
484
|
+
# Corresponds to the JSON property `author`
|
|
485
|
+
# @return [String]
|
|
486
|
+
attr_accessor :author
|
|
487
|
+
|
|
488
|
+
# Optional. Claimed site the credential is intended for.
|
|
489
|
+
# Corresponds to the JSON property `credentialService`
|
|
490
|
+
# @return [String]
|
|
491
|
+
attr_accessor :credential_service
|
|
492
|
+
|
|
493
|
+
# Optional. Reference to the dark web document. This is deprecated and will be
|
|
494
|
+
# removed.
|
|
495
|
+
# Corresponds to the JSON property `darkWebDoc`
|
|
496
|
+
# @return [String]
|
|
497
|
+
attr_accessor :dark_web_doc
|
|
498
|
+
|
|
499
|
+
# Optional. This will contain a link to the external reference for this
|
|
500
|
+
# credential. If set, this is a link back to the DTM product to allow customers
|
|
501
|
+
# to get additional context about this finding.
|
|
502
|
+
# Corresponds to the JSON property `externalReferenceUri`
|
|
503
|
+
# @return [String]
|
|
504
|
+
attr_accessor :external_reference_uri
|
|
505
|
+
|
|
506
|
+
# Optional. If the source of the credential was from a file dump this will
|
|
507
|
+
# contain the name of the file the credential was found in. This can be used by
|
|
508
|
+
# customers for context on where the credential was found and to try to find
|
|
509
|
+
# other references to the file in the wild.
|
|
510
|
+
# Corresponds to the JSON property `fileDump`
|
|
511
|
+
# @return [String]
|
|
512
|
+
attr_accessor :file_dump
|
|
513
|
+
|
|
514
|
+
# Optional. A list of hashes of the file dump. These will be prefixed with the
|
|
515
|
+
# algorithm. Example: "sha256:"
|
|
516
|
+
# Corresponds to the JSON property `fileDumpHashes`
|
|
517
|
+
# @return [Array<String>]
|
|
518
|
+
attr_accessor :file_dump_hashes
|
|
519
|
+
|
|
520
|
+
# Optional. If file_dump is set this will contain the size of the dump file in
|
|
521
|
+
# bytes. File dumps can be very large.
|
|
522
|
+
# Corresponds to the JSON property `fileDumpSizeBytes`
|
|
523
|
+
# @return [Fixnum]
|
|
524
|
+
attr_accessor :file_dump_size_bytes
|
|
525
|
+
|
|
526
|
+
# Optional. Reference to the forum this detail was extracted from. This is
|
|
527
|
+
# deprecated and will be removed.
|
|
528
|
+
# Corresponds to the JSON property `forum`
|
|
529
|
+
# @return [String]
|
|
530
|
+
attr_accessor :forum
|
|
531
|
+
|
|
532
|
+
# Optional. This will indicate the malware family that leaked this credential,
|
|
533
|
+
# if known.
|
|
534
|
+
# Corresponds to the JSON property `malwareFamily`
|
|
535
|
+
# @return [String]
|
|
536
|
+
attr_accessor :malware_family
|
|
537
|
+
|
|
538
|
+
# Optional. This indicates our best guess as to when the credential was leaked
|
|
539
|
+
# to the particular venue that triggered this finding. This is not necessarily
|
|
540
|
+
# the time the credential was actually leaked and it may not always be be
|
|
541
|
+
# accurate.
|
|
542
|
+
# Corresponds to the JSON property `postedTime`
|
|
543
|
+
# @return [String]
|
|
544
|
+
attr_accessor :posted_time
|
|
545
|
+
|
|
546
|
+
# Optional. If the source of a credential is publicly addressable this will
|
|
547
|
+
# contain a uri to the where the credential was found.
|
|
548
|
+
# Corresponds to the JSON property `sourceUri`
|
|
549
|
+
# @return [String]
|
|
550
|
+
attr_accessor :source_uri
|
|
551
|
+
|
|
552
|
+
# Required. This field will always be set and will be used to identify the user
|
|
553
|
+
# named in the credential leak. In cases where customers are authorized to see
|
|
554
|
+
# the actual user key this will be set to the actual user key. In cases where
|
|
555
|
+
# the customer is not authorized to see the actual user key this will be set to
|
|
556
|
+
# a hash of the user key. The hashed value is an intentionally opaque value that
|
|
557
|
+
# is not intended to be used for any other purpose than to uniquely identify the
|
|
558
|
+
# user in the context of this specific customer, service domain, and user name.
|
|
559
|
+
# Example: "user@example.com" or "redacted:".
|
|
560
|
+
# Corresponds to the JSON property `userKey`
|
|
561
|
+
# @return [String]
|
|
562
|
+
attr_accessor :user_key
|
|
563
|
+
|
|
564
|
+
# Optional. Claimed evidence of the password/secret. This will always be hashed.
|
|
565
|
+
# In the event where the plaintext password is known it will be set to "redacted:
|
|
566
|
+
# " where the same hash will be presented when the same password is found for
|
|
567
|
+
# the same organization for the same service. Redaction is done by hashing the
|
|
568
|
+
# password with a salt that is unique to the customer organization and service.
|
|
569
|
+
# In the event where the plaintext password is not known it will be set to ":"
|
|
570
|
+
# where the algorithm is the hash algorithm used and the hash is the hash of the
|
|
571
|
+
# password using that algorithm. In the event we don't know the exact algorithm
|
|
572
|
+
# used we will set it to "hashed:".
|
|
573
|
+
# Corresponds to the JSON property `userSecretEvidence`
|
|
574
|
+
# @return [String]
|
|
575
|
+
attr_accessor :user_secret_evidence
|
|
576
|
+
|
|
577
|
+
def initialize(**args)
|
|
578
|
+
update!(**args)
|
|
579
|
+
end
|
|
580
|
+
|
|
581
|
+
# Update properties of this object
|
|
582
|
+
def update!(**args)
|
|
583
|
+
@author = args[:author] if args.key?(:author)
|
|
584
|
+
@credential_service = args[:credential_service] if args.key?(:credential_service)
|
|
585
|
+
@dark_web_doc = args[:dark_web_doc] if args.key?(:dark_web_doc)
|
|
586
|
+
@external_reference_uri = args[:external_reference_uri] if args.key?(:external_reference_uri)
|
|
587
|
+
@file_dump = args[:file_dump] if args.key?(:file_dump)
|
|
588
|
+
@file_dump_hashes = args[:file_dump_hashes] if args.key?(:file_dump_hashes)
|
|
589
|
+
@file_dump_size_bytes = args[:file_dump_size_bytes] if args.key?(:file_dump_size_bytes)
|
|
590
|
+
@forum = args[:forum] if args.key?(:forum)
|
|
591
|
+
@malware_family = args[:malware_family] if args.key?(:malware_family)
|
|
592
|
+
@posted_time = args[:posted_time] if args.key?(:posted_time)
|
|
593
|
+
@source_uri = args[:source_uri] if args.key?(:source_uri)
|
|
594
|
+
@user_key = args[:user_key] if args.key?(:user_key)
|
|
595
|
+
@user_secret_evidence = args[:user_secret_evidence] if args.key?(:user_secret_evidence)
|
|
596
|
+
end
|
|
597
|
+
end
|
|
598
|
+
|
|
599
|
+
# A configuration represents a behavior an engine should follow when producing
|
|
600
|
+
# new findings.
|
|
601
|
+
class Configuration
|
|
602
|
+
include Google::Apis::Core::Hashable
|
|
603
|
+
|
|
604
|
+
# Tracks basic CRUD facts.
|
|
605
|
+
# Corresponds to the JSON property `audit`
|
|
606
|
+
# @return [Google::Apis::ThreatintelligenceV1beta::Audit]
|
|
607
|
+
attr_accessor :audit
|
|
608
|
+
|
|
609
|
+
# Optional. A description of the configuration.
|
|
610
|
+
# Corresponds to the JSON property `description`
|
|
611
|
+
# @return [String]
|
|
612
|
+
attr_accessor :description
|
|
613
|
+
|
|
614
|
+
# Wrapper class that contains the union struct for all the various configuration
|
|
615
|
+
# detail specific classes.
|
|
616
|
+
# Corresponds to the JSON property `detail`
|
|
617
|
+
# @return [Google::Apis::ThreatintelligenceV1beta::ConfigurationDetail]
|
|
618
|
+
attr_accessor :detail
|
|
619
|
+
|
|
620
|
+
# Output only. Human readable name for the configuration.
|
|
621
|
+
# Corresponds to the JSON property `displayName`
|
|
622
|
+
# @return [String]
|
|
623
|
+
attr_accessor :display_name
|
|
624
|
+
|
|
625
|
+
# Identifier. Server generated name for the configuration. format is vaults/`
|
|
626
|
+
# vault`/configurations/`configuration`
|
|
627
|
+
# Corresponds to the JSON property `name`
|
|
628
|
+
# @return [String]
|
|
629
|
+
attr_accessor :name
|
|
630
|
+
|
|
631
|
+
# Required. Name of the service that provides the configuration.
|
|
632
|
+
# Corresponds to the JSON property `provider`
|
|
633
|
+
# @return [String]
|
|
634
|
+
attr_accessor :provider
|
|
635
|
+
|
|
636
|
+
# Optional. State of the configuration.
|
|
637
|
+
# Corresponds to the JSON property `state`
|
|
638
|
+
# @return [String]
|
|
639
|
+
attr_accessor :state
|
|
640
|
+
|
|
641
|
+
# Optional. A user-manipulatable version. Does not adhere to a specific format
|
|
642
|
+
# Corresponds to the JSON property `version`
|
|
643
|
+
# @return [String]
|
|
644
|
+
attr_accessor :version
|
|
645
|
+
|
|
646
|
+
def initialize(**args)
|
|
647
|
+
update!(**args)
|
|
648
|
+
end
|
|
649
|
+
|
|
650
|
+
# Update properties of this object
|
|
651
|
+
def update!(**args)
|
|
652
|
+
@audit = args[:audit] if args.key?(:audit)
|
|
653
|
+
@description = args[:description] if args.key?(:description)
|
|
654
|
+
@detail = args[:detail] if args.key?(:detail)
|
|
655
|
+
@display_name = args[:display_name] if args.key?(:display_name)
|
|
656
|
+
@name = args[:name] if args.key?(:name)
|
|
657
|
+
@provider = args[:provider] if args.key?(:provider)
|
|
658
|
+
@state = args[:state] if args.key?(:state)
|
|
659
|
+
@version = args[:version] if args.key?(:version)
|
|
660
|
+
end
|
|
661
|
+
end
|
|
662
|
+
|
|
663
|
+
# Wrapper class that contains the union struct for all the various configuration
|
|
664
|
+
# detail specific classes.
|
|
665
|
+
class ConfigurationDetail
|
|
666
|
+
include Google::Apis::Core::Hashable
|
|
667
|
+
|
|
668
|
+
# Customer defined Configuration for asset discovery.
|
|
669
|
+
# Corresponds to the JSON property `assetDiscovery`
|
|
670
|
+
# @return [Google::Apis::ThreatintelligenceV1beta::AssetDiscoveryConfig]
|
|
671
|
+
attr_accessor :asset_discovery
|
|
672
|
+
|
|
673
|
+
# CustomerProfileConfig is the configuration for the customer profile.
|
|
674
|
+
# Corresponds to the JSON property `customerProfile`
|
|
675
|
+
# @return [Google::Apis::ThreatintelligenceV1beta::CustomerProfileConfig]
|
|
676
|
+
attr_accessor :customer_profile
|
|
677
|
+
|
|
678
|
+
# Output only. Name of the detail type. Will be set by the server during
|
|
679
|
+
# creation to the name of the field that is set in the detail union.
|
|
680
|
+
# Corresponds to the JSON property `detailType`
|
|
681
|
+
# @return [String]
|
|
682
|
+
attr_accessor :detail_type
|
|
683
|
+
|
|
684
|
+
# Any account-level configuration options will go here.
|
|
685
|
+
# Corresponds to the JSON property `domainMonitoring`
|
|
686
|
+
# @return [Google::Apis::ThreatintelligenceV1beta::DomainMonitoringConfig]
|
|
687
|
+
attr_accessor :domain_monitoring
|
|
688
|
+
|
|
689
|
+
# InitialAccessBrokerConfig is specific to Initial Access Broker (IAB) matching
|
|
690
|
+
# scenarios.
|
|
691
|
+
# Corresponds to the JSON property `initialAccessBroker`
|
|
692
|
+
# @return [Google::Apis::ThreatintelligenceV1beta::InitialAccessBrokerConfig]
|
|
693
|
+
attr_accessor :initial_access_broker
|
|
694
|
+
|
|
695
|
+
# TechnologyWatchListConfig is the configuration for the technology watchlist.
|
|
696
|
+
# Corresponds to the JSON property `technologyWatchlist`
|
|
697
|
+
# @return [Google::Apis::ThreatintelligenceV1beta::TechnologyWatchListConfig]
|
|
698
|
+
attr_accessor :technology_watchlist
|
|
699
|
+
|
|
700
|
+
def initialize(**args)
|
|
701
|
+
update!(**args)
|
|
702
|
+
end
|
|
703
|
+
|
|
704
|
+
# Update properties of this object
|
|
705
|
+
def update!(**args)
|
|
706
|
+
@asset_discovery = args[:asset_discovery] if args.key?(:asset_discovery)
|
|
707
|
+
@customer_profile = args[:customer_profile] if args.key?(:customer_profile)
|
|
708
|
+
@detail_type = args[:detail_type] if args.key?(:detail_type)
|
|
709
|
+
@domain_monitoring = args[:domain_monitoring] if args.key?(:domain_monitoring)
|
|
710
|
+
@initial_access_broker = args[:initial_access_broker] if args.key?(:initial_access_broker)
|
|
711
|
+
@technology_watchlist = args[:technology_watchlist] if args.key?(:technology_watchlist)
|
|
712
|
+
end
|
|
713
|
+
end
|
|
714
|
+
|
|
715
|
+
# A ConfigurationRevision is a snapshot of a Configuration at a point in time.
|
|
716
|
+
# It is immutable.
|
|
717
|
+
class ConfigurationRevision
|
|
718
|
+
include Google::Apis::Core::Hashable
|
|
719
|
+
|
|
720
|
+
# Output only. The time the Revision was created
|
|
721
|
+
# Corresponds to the JSON property `createTime`
|
|
722
|
+
# @return [String]
|
|
723
|
+
attr_accessor :create_time
|
|
724
|
+
|
|
725
|
+
# Identifier. The name of the ConfigurationRevision Format: vaults//
|
|
726
|
+
# configurations//revisions/ OR projects//configurations//revisions/
|
|
727
|
+
# Corresponds to the JSON property `name`
|
|
728
|
+
# @return [String]
|
|
729
|
+
attr_accessor :name
|
|
730
|
+
|
|
731
|
+
# A configuration represents a behavior an engine should follow when producing
|
|
732
|
+
# new findings.
|
|
733
|
+
# Corresponds to the JSON property `snapshot`
|
|
734
|
+
# @return [Google::Apis::ThreatintelligenceV1beta::Configuration]
|
|
735
|
+
attr_accessor :snapshot
|
|
736
|
+
|
|
737
|
+
def initialize(**args)
|
|
738
|
+
update!(**args)
|
|
739
|
+
end
|
|
740
|
+
|
|
741
|
+
# Update properties of this object
|
|
742
|
+
def update!(**args)
|
|
743
|
+
@create_time = args[:create_time] if args.key?(:create_time)
|
|
744
|
+
@name = args[:name] if args.key?(:name)
|
|
745
|
+
@snapshot = args[:snapshot] if args.key?(:snapshot)
|
|
746
|
+
end
|
|
747
|
+
end
|
|
748
|
+
|
|
749
|
+
# Citation information for the customer profile.
|
|
750
|
+
class CustomerProfileCitation
|
|
751
|
+
include Google::Apis::Core::Hashable
|
|
752
|
+
|
|
753
|
+
# Required. The citation id for the citation. Should be unique within the
|
|
754
|
+
# profile.
|
|
755
|
+
# Corresponds to the JSON property `citationId`
|
|
756
|
+
# @return [String]
|
|
757
|
+
attr_accessor :citation_id
|
|
758
|
+
|
|
759
|
+
# Required. The name of the document the citation is from.
|
|
760
|
+
# Corresponds to the JSON property `document`
|
|
761
|
+
# @return [String]
|
|
762
|
+
attr_accessor :document
|
|
763
|
+
|
|
764
|
+
# The time the citation was retrieved.
|
|
765
|
+
# Corresponds to the JSON property `retrievalTime`
|
|
766
|
+
# @return [String]
|
|
767
|
+
attr_accessor :retrieval_time
|
|
768
|
+
|
|
769
|
+
# Required. The source of the citation.
|
|
770
|
+
# Corresponds to the JSON property `source`
|
|
771
|
+
# @return [String]
|
|
772
|
+
attr_accessor :source
|
|
773
|
+
|
|
774
|
+
# Optional. The url of the citation.
|
|
775
|
+
# Corresponds to the JSON property `uri`
|
|
776
|
+
# @return [String]
|
|
777
|
+
attr_accessor :uri
|
|
778
|
+
|
|
779
|
+
def initialize(**args)
|
|
780
|
+
update!(**args)
|
|
781
|
+
end
|
|
782
|
+
|
|
783
|
+
# Update properties of this object
|
|
784
|
+
def update!(**args)
|
|
785
|
+
@citation_id = args[:citation_id] if args.key?(:citation_id)
|
|
786
|
+
@document = args[:document] if args.key?(:document)
|
|
787
|
+
@retrieval_time = args[:retrieval_time] if args.key?(:retrieval_time)
|
|
788
|
+
@source = args[:source] if args.key?(:source)
|
|
789
|
+
@uri = args[:uri] if args.key?(:uri)
|
|
790
|
+
end
|
|
791
|
+
end
|
|
792
|
+
|
|
793
|
+
# A string with citation ids.
|
|
794
|
+
class CustomerProfileCitedString
|
|
795
|
+
include Google::Apis::Core::Hashable
|
|
796
|
+
|
|
797
|
+
# Optional. The citation ids for the string.
|
|
798
|
+
# Corresponds to the JSON property `citationIds`
|
|
799
|
+
# @return [Array<String>]
|
|
800
|
+
attr_accessor :citation_ids
|
|
801
|
+
|
|
802
|
+
# Required. The value of the string.
|
|
803
|
+
# Corresponds to the JSON property `value`
|
|
804
|
+
# @return [String]
|
|
805
|
+
attr_accessor :value
|
|
806
|
+
|
|
807
|
+
def initialize(**args)
|
|
808
|
+
update!(**args)
|
|
809
|
+
end
|
|
810
|
+
|
|
811
|
+
# Update properties of this object
|
|
812
|
+
def update!(**args)
|
|
813
|
+
@citation_ids = args[:citation_ids] if args.key?(:citation_ids)
|
|
814
|
+
@value = args[:value] if args.key?(:value)
|
|
815
|
+
end
|
|
816
|
+
end
|
|
817
|
+
|
|
818
|
+
# Company information for the customer profile.
|
|
819
|
+
class CustomerProfileCompany
|
|
820
|
+
include Google::Apis::Core::Hashable
|
|
821
|
+
|
|
822
|
+
# Optional. The citation ids for the company.
|
|
823
|
+
# Corresponds to the JSON property `citationIds`
|
|
824
|
+
# @return [Array<String>]
|
|
825
|
+
attr_accessor :citation_ids
|
|
826
|
+
|
|
827
|
+
# Required. The name of the company.
|
|
828
|
+
# Corresponds to the JSON property `company`
|
|
829
|
+
# @return [String]
|
|
830
|
+
attr_accessor :company
|
|
831
|
+
|
|
832
|
+
def initialize(**args)
|
|
833
|
+
update!(**args)
|
|
834
|
+
end
|
|
835
|
+
|
|
836
|
+
# Update properties of this object
|
|
837
|
+
def update!(**args)
|
|
838
|
+
@citation_ids = args[:citation_ids] if args.key?(:citation_ids)
|
|
839
|
+
@company = args[:company] if args.key?(:company)
|
|
840
|
+
end
|
|
841
|
+
end
|
|
842
|
+
|
|
843
|
+
# CustomerProfileConfig is the configuration for the customer profile.
|
|
844
|
+
class CustomerProfileConfig
|
|
845
|
+
include Google::Apis::Core::Hashable
|
|
846
|
+
|
|
847
|
+
# Optional. Citations for the organization profile.
|
|
848
|
+
# Corresponds to the JSON property `citations`
|
|
849
|
+
# @return [Array<Google::Apis::ThreatintelligenceV1beta::CustomerProfileCitation>]
|
|
850
|
+
attr_accessor :citations
|
|
851
|
+
|
|
852
|
+
# Optional. Contact information for the organization.
|
|
853
|
+
# Corresponds to the JSON property `contactInfo`
|
|
854
|
+
# @return [Array<Google::Apis::ThreatintelligenceV1beta::CustomerProfileContactInfo>]
|
|
855
|
+
attr_accessor :contact_info
|
|
856
|
+
|
|
857
|
+
# Optional. Executives of the organization.
|
|
858
|
+
# Corresponds to the JSON property `executives`
|
|
859
|
+
# @return [Array<Google::Apis::ThreatintelligenceV1beta::CustomerProfilePerson>]
|
|
860
|
+
attr_accessor :executives
|
|
861
|
+
|
|
862
|
+
# Optional. The industries the organization is involved in.
|
|
863
|
+
# Corresponds to the JSON property `industries`
|
|
864
|
+
# @return [Array<Google::Apis::ThreatintelligenceV1beta::CustomerProfileIndustry>]
|
|
865
|
+
attr_accessor :industries
|
|
866
|
+
|
|
867
|
+
# Optional. Locations the organization is present or conducts business in.
|
|
868
|
+
# Corresponds to the JSON property `locations`
|
|
869
|
+
# @return [Array<Google::Apis::ThreatintelligenceV1beta::CustomerProfileLocation>]
|
|
870
|
+
attr_accessor :locations
|
|
871
|
+
|
|
872
|
+
# Required. The name of the organization.
|
|
873
|
+
# Corresponds to the JSON property `org`
|
|
874
|
+
# @return [String]
|
|
875
|
+
attr_accessor :org
|
|
876
|
+
|
|
877
|
+
# Optional. A summary of the organization.
|
|
878
|
+
# Corresponds to the JSON property `orgSummary`
|
|
879
|
+
# @return [String]
|
|
880
|
+
attr_accessor :org_summary
|
|
881
|
+
|
|
882
|
+
# Optional. The parent companies of the organization.
|
|
883
|
+
# Corresponds to the JSON property `parentCompanies`
|
|
884
|
+
# @return [Array<Google::Apis::ThreatintelligenceV1beta::CustomerProfileCompany>]
|
|
885
|
+
attr_accessor :parent_companies
|
|
886
|
+
|
|
887
|
+
# Optional. Product information for the organization.
|
|
888
|
+
# Corresponds to the JSON property `products`
|
|
889
|
+
# @return [Array<Google::Apis::ThreatintelligenceV1beta::CustomerProfileProduct>]
|
|
890
|
+
attr_accessor :products
|
|
891
|
+
|
|
892
|
+
# Security considerations for the customer profile.
|
|
893
|
+
# Corresponds to the JSON property `securityConsiderations`
|
|
894
|
+
# @return [Google::Apis::ThreatintelligenceV1beta::CustomerProfileSecurityConsiderations]
|
|
895
|
+
attr_accessor :security_considerations
|
|
896
|
+
|
|
897
|
+
# A summarized version of the customer profile. Generated by the backend.
|
|
898
|
+
# Corresponds to the JSON property `summary`
|
|
899
|
+
# @return [Google::Apis::ThreatintelligenceV1beta::CustomerProfileSummary]
|
|
900
|
+
attr_accessor :summary
|
|
901
|
+
|
|
902
|
+
# Optional. Technology presence of the organization.
|
|
903
|
+
# Corresponds to the JSON property `technologyPresence`
|
|
904
|
+
# @return [String]
|
|
905
|
+
attr_accessor :technology_presence
|
|
906
|
+
|
|
907
|
+
# Optional. Web presence of the organization.
|
|
908
|
+
# Corresponds to the JSON property `webPresences`
|
|
909
|
+
# @return [Array<Google::Apis::ThreatintelligenceV1beta::CustomerProfileWebPresence>]
|
|
910
|
+
attr_accessor :web_presences
|
|
911
|
+
|
|
912
|
+
def initialize(**args)
|
|
913
|
+
update!(**args)
|
|
914
|
+
end
|
|
915
|
+
|
|
916
|
+
# Update properties of this object
|
|
917
|
+
def update!(**args)
|
|
918
|
+
@citations = args[:citations] if args.key?(:citations)
|
|
919
|
+
@contact_info = args[:contact_info] if args.key?(:contact_info)
|
|
920
|
+
@executives = args[:executives] if args.key?(:executives)
|
|
921
|
+
@industries = args[:industries] if args.key?(:industries)
|
|
922
|
+
@locations = args[:locations] if args.key?(:locations)
|
|
923
|
+
@org = args[:org] if args.key?(:org)
|
|
924
|
+
@org_summary = args[:org_summary] if args.key?(:org_summary)
|
|
925
|
+
@parent_companies = args[:parent_companies] if args.key?(:parent_companies)
|
|
926
|
+
@products = args[:products] if args.key?(:products)
|
|
927
|
+
@security_considerations = args[:security_considerations] if args.key?(:security_considerations)
|
|
928
|
+
@summary = args[:summary] if args.key?(:summary)
|
|
929
|
+
@technology_presence = args[:technology_presence] if args.key?(:technology_presence)
|
|
930
|
+
@web_presences = args[:web_presences] if args.key?(:web_presences)
|
|
931
|
+
end
|
|
932
|
+
end
|
|
933
|
+
|
|
934
|
+
# Contact information for the customer profile.
|
|
935
|
+
class CustomerProfileContactInfo
|
|
936
|
+
include Google::Apis::Core::Hashable
|
|
937
|
+
|
|
938
|
+
# The address of the contact.
|
|
939
|
+
# Corresponds to the JSON property `address`
|
|
940
|
+
# @return [String]
|
|
941
|
+
attr_accessor :address
|
|
942
|
+
|
|
943
|
+
# Optional. The citation ids for the contact information.
|
|
944
|
+
# Corresponds to the JSON property `citationIds`
|
|
945
|
+
# @return [Array<String>]
|
|
946
|
+
attr_accessor :citation_ids
|
|
947
|
+
|
|
948
|
+
# The email address of the contact.
|
|
949
|
+
# Corresponds to the JSON property `email`
|
|
950
|
+
# @return [String]
|
|
951
|
+
attr_accessor :email
|
|
952
|
+
|
|
953
|
+
# Optional. The name of the contact.
|
|
954
|
+
# Corresponds to the JSON property `label`
|
|
955
|
+
# @return [String]
|
|
956
|
+
attr_accessor :label
|
|
957
|
+
|
|
958
|
+
# The other contact information.
|
|
959
|
+
# Corresponds to the JSON property `other`
|
|
960
|
+
# @return [String]
|
|
961
|
+
attr_accessor :other
|
|
962
|
+
|
|
963
|
+
# The phone number of the contact.
|
|
964
|
+
# Corresponds to the JSON property `phone`
|
|
965
|
+
# @return [String]
|
|
966
|
+
attr_accessor :phone
|
|
967
|
+
|
|
968
|
+
def initialize(**args)
|
|
969
|
+
update!(**args)
|
|
970
|
+
end
|
|
971
|
+
|
|
972
|
+
# Update properties of this object
|
|
973
|
+
def update!(**args)
|
|
974
|
+
@address = args[:address] if args.key?(:address)
|
|
975
|
+
@citation_ids = args[:citation_ids] if args.key?(:citation_ids)
|
|
976
|
+
@email = args[:email] if args.key?(:email)
|
|
977
|
+
@label = args[:label] if args.key?(:label)
|
|
978
|
+
@other = args[:other] if args.key?(:other)
|
|
979
|
+
@phone = args[:phone] if args.key?(:phone)
|
|
980
|
+
end
|
|
981
|
+
end
|
|
982
|
+
|
|
983
|
+
# Industry information for the customer profile.
|
|
984
|
+
class CustomerProfileIndustry
|
|
985
|
+
include Google::Apis::Core::Hashable
|
|
986
|
+
|
|
987
|
+
# Optional. The citation ids for the industry.
|
|
988
|
+
# Corresponds to the JSON property `citationIds`
|
|
989
|
+
# @return [Array<String>]
|
|
990
|
+
attr_accessor :citation_ids
|
|
991
|
+
|
|
992
|
+
# Required. The name of the industry.
|
|
993
|
+
# Corresponds to the JSON property `industry`
|
|
994
|
+
# @return [String]
|
|
995
|
+
attr_accessor :industry
|
|
996
|
+
|
|
997
|
+
def initialize(**args)
|
|
998
|
+
update!(**args)
|
|
999
|
+
end
|
|
1000
|
+
|
|
1001
|
+
# Update properties of this object
|
|
1002
|
+
def update!(**args)
|
|
1003
|
+
@citation_ids = args[:citation_ids] if args.key?(:citation_ids)
|
|
1004
|
+
@industry = args[:industry] if args.key?(:industry)
|
|
1005
|
+
end
|
|
1006
|
+
end
|
|
1007
|
+
|
|
1008
|
+
# Location information for the customer profile.
|
|
1009
|
+
class CustomerProfileLocation
|
|
1010
|
+
include Google::Apis::Core::Hashable
|
|
1011
|
+
|
|
1012
|
+
# Required. The address of the location.
|
|
1013
|
+
# Corresponds to the JSON property `address`
|
|
1014
|
+
# @return [String]
|
|
1015
|
+
attr_accessor :address
|
|
1016
|
+
|
|
1017
|
+
# Required. The brand of the location.
|
|
1018
|
+
# Corresponds to the JSON property `brand`
|
|
1019
|
+
# @return [String]
|
|
1020
|
+
attr_accessor :brand
|
|
1021
|
+
|
|
1022
|
+
# Optional. The citation ids for the location.
|
|
1023
|
+
# Corresponds to the JSON property `citationIds`
|
|
1024
|
+
# @return [Array<String>]
|
|
1025
|
+
attr_accessor :citation_ids
|
|
1026
|
+
|
|
1027
|
+
# Optional. The type of location.
|
|
1028
|
+
# Corresponds to the JSON property `facilityType`
|
|
1029
|
+
# @return [String]
|
|
1030
|
+
attr_accessor :facility_type
|
|
1031
|
+
|
|
1032
|
+
def initialize(**args)
|
|
1033
|
+
update!(**args)
|
|
1034
|
+
end
|
|
1035
|
+
|
|
1036
|
+
# Update properties of this object
|
|
1037
|
+
def update!(**args)
|
|
1038
|
+
@address = args[:address] if args.key?(:address)
|
|
1039
|
+
@brand = args[:brand] if args.key?(:brand)
|
|
1040
|
+
@citation_ids = args[:citation_ids] if args.key?(:citation_ids)
|
|
1041
|
+
@facility_type = args[:facility_type] if args.key?(:facility_type)
|
|
1042
|
+
end
|
|
1043
|
+
end
|
|
1044
|
+
|
|
1045
|
+
# Person information for the customer profile.
|
|
1046
|
+
class CustomerProfilePerson
|
|
1047
|
+
include Google::Apis::Core::Hashable
|
|
1048
|
+
|
|
1049
|
+
# Optional. The citation ids for the person.
|
|
1050
|
+
# Corresponds to the JSON property `citationIds`
|
|
1051
|
+
# @return [Array<String>]
|
|
1052
|
+
attr_accessor :citation_ids
|
|
1053
|
+
|
|
1054
|
+
# Required. The name of the person.
|
|
1055
|
+
# Corresponds to the JSON property `name`
|
|
1056
|
+
# @return [String]
|
|
1057
|
+
attr_accessor :name
|
|
1058
|
+
|
|
1059
|
+
# Optional. The title of the person.
|
|
1060
|
+
# Corresponds to the JSON property `title`
|
|
1061
|
+
# @return [String]
|
|
1062
|
+
attr_accessor :title
|
|
1063
|
+
|
|
1064
|
+
def initialize(**args)
|
|
1065
|
+
update!(**args)
|
|
1066
|
+
end
|
|
1067
|
+
|
|
1068
|
+
# Update properties of this object
|
|
1069
|
+
def update!(**args)
|
|
1070
|
+
@citation_ids = args[:citation_ids] if args.key?(:citation_ids)
|
|
1071
|
+
@name = args[:name] if args.key?(:name)
|
|
1072
|
+
@title = args[:title] if args.key?(:title)
|
|
1073
|
+
end
|
|
1074
|
+
end
|
|
1075
|
+
|
|
1076
|
+
# Product information for the customer profile.
|
|
1077
|
+
class CustomerProfileProduct
|
|
1078
|
+
include Google::Apis::Core::Hashable
|
|
1079
|
+
|
|
1080
|
+
# Required. The brand of the product.
|
|
1081
|
+
# Corresponds to the JSON property `brand`
|
|
1082
|
+
# @return [String]
|
|
1083
|
+
attr_accessor :brand
|
|
1084
|
+
|
|
1085
|
+
# Optional. The citation ids for the product.
|
|
1086
|
+
# Corresponds to the JSON property `citationIds`
|
|
1087
|
+
# @return [Array<String>]
|
|
1088
|
+
attr_accessor :citation_ids
|
|
1089
|
+
|
|
1090
|
+
# Required. The name of the product.
|
|
1091
|
+
# Corresponds to the JSON property `product`
|
|
1092
|
+
# @return [String]
|
|
1093
|
+
attr_accessor :product
|
|
1094
|
+
|
|
1095
|
+
def initialize(**args)
|
|
1096
|
+
update!(**args)
|
|
1097
|
+
end
|
|
1098
|
+
|
|
1099
|
+
# Update properties of this object
|
|
1100
|
+
def update!(**args)
|
|
1101
|
+
@brand = args[:brand] if args.key?(:brand)
|
|
1102
|
+
@citation_ids = args[:citation_ids] if args.key?(:citation_ids)
|
|
1103
|
+
@product = args[:product] if args.key?(:product)
|
|
1104
|
+
end
|
|
1105
|
+
end
|
|
1106
|
+
|
|
1107
|
+
# Security considerations for the customer profile.
|
|
1108
|
+
class CustomerProfileSecurityConsiderations
|
|
1109
|
+
include Google::Apis::Core::Hashable
|
|
1110
|
+
|
|
1111
|
+
# Optional. A series of considerations for the security of the organization,
|
|
1112
|
+
# such as "high risk of compromise" or "vulnerable to cyberbullying".
|
|
1113
|
+
# Corresponds to the JSON property `considerations`
|
|
1114
|
+
# @return [Array<String>]
|
|
1115
|
+
attr_accessor :considerations
|
|
1116
|
+
|
|
1117
|
+
# Optional. A note about the security considerations.
|
|
1118
|
+
# Corresponds to the JSON property `note`
|
|
1119
|
+
# @return [String]
|
|
1120
|
+
attr_accessor :note
|
|
1121
|
+
|
|
1122
|
+
def initialize(**args)
|
|
1123
|
+
update!(**args)
|
|
1124
|
+
end
|
|
1125
|
+
|
|
1126
|
+
# Update properties of this object
|
|
1127
|
+
def update!(**args)
|
|
1128
|
+
@considerations = args[:considerations] if args.key?(:considerations)
|
|
1129
|
+
@note = args[:note] if args.key?(:note)
|
|
1130
|
+
end
|
|
1131
|
+
end
|
|
1132
|
+
|
|
1133
|
+
# A summarized version of the customer profile. Generated by the backend.
|
|
1134
|
+
class CustomerProfileSummary
|
|
1135
|
+
include Google::Apis::Core::Hashable
|
|
1136
|
+
|
|
1137
|
+
# A string with citation ids.
|
|
1138
|
+
# Corresponds to the JSON property `areaServed`
|
|
1139
|
+
# @return [Google::Apis::ThreatintelligenceV1beta::CustomerProfileCitedString]
|
|
1140
|
+
attr_accessor :area_served
|
|
1141
|
+
|
|
1142
|
+
# A string with citation ids.
|
|
1143
|
+
# Corresponds to the JSON property `brands`
|
|
1144
|
+
# @return [Google::Apis::ThreatintelligenceV1beta::CustomerProfileCitedString]
|
|
1145
|
+
attr_accessor :brands
|
|
1146
|
+
|
|
1147
|
+
# A string with citation ids.
|
|
1148
|
+
# Corresponds to the JSON property `entityType`
|
|
1149
|
+
# @return [Google::Apis::ThreatintelligenceV1beta::CustomerProfileCitedString]
|
|
1150
|
+
attr_accessor :entity_type
|
|
1151
|
+
|
|
1152
|
+
# A string with citation ids.
|
|
1153
|
+
# Corresponds to the JSON property `founded`
|
|
1154
|
+
# @return [Google::Apis::ThreatintelligenceV1beta::CustomerProfileCitedString]
|
|
1155
|
+
attr_accessor :founded
|
|
1156
|
+
|
|
1157
|
+
# A string with citation ids.
|
|
1158
|
+
# Corresponds to the JSON property `headquarters`
|
|
1159
|
+
# @return [Google::Apis::ThreatintelligenceV1beta::CustomerProfileCitedString]
|
|
1160
|
+
attr_accessor :headquarters
|
|
1161
|
+
|
|
1162
|
+
# A string with citation ids.
|
|
1163
|
+
# Corresponds to the JSON property `industry`
|
|
1164
|
+
# @return [Google::Apis::ThreatintelligenceV1beta::CustomerProfileCitedString]
|
|
1165
|
+
attr_accessor :industry
|
|
1166
|
+
|
|
1167
|
+
# A string with citation ids.
|
|
1168
|
+
# Corresponds to the JSON property `keyPeopleSummary`
|
|
1169
|
+
# @return [Google::Apis::ThreatintelligenceV1beta::CustomerProfileCitedString]
|
|
1170
|
+
attr_accessor :key_people_summary
|
|
1171
|
+
|
|
1172
|
+
# A string with citation ids.
|
|
1173
|
+
# Corresponds to the JSON property `parentCompany`
|
|
1174
|
+
# @return [Google::Apis::ThreatintelligenceV1beta::CustomerProfileCitedString]
|
|
1175
|
+
attr_accessor :parent_company
|
|
1176
|
+
|
|
1177
|
+
# A string with citation ids.
|
|
1178
|
+
# Corresponds to the JSON property `primaryWebsite`
|
|
1179
|
+
# @return [Google::Apis::ThreatintelligenceV1beta::CustomerProfileCitedString]
|
|
1180
|
+
attr_accessor :primary_website
|
|
1181
|
+
|
|
1182
|
+
# A string with citation ids.
|
|
1183
|
+
# Corresponds to the JSON property `productsSummary`
|
|
1184
|
+
# @return [Google::Apis::ThreatintelligenceV1beta::CustomerProfileCitedString]
|
|
1185
|
+
attr_accessor :products_summary
|
|
1186
|
+
|
|
1187
|
+
# A string with citation ids.
|
|
1188
|
+
# Corresponds to the JSON property `servicesSummary`
|
|
1189
|
+
# @return [Google::Apis::ThreatintelligenceV1beta::CustomerProfileCitedString]
|
|
1190
|
+
attr_accessor :services_summary
|
|
1191
|
+
|
|
1192
|
+
# A string with citation ids.
|
|
1193
|
+
# Corresponds to the JSON property `title`
|
|
1194
|
+
# @return [Google::Apis::ThreatintelligenceV1beta::CustomerProfileCitedString]
|
|
1195
|
+
attr_accessor :title
|
|
1196
|
+
|
|
1197
|
+
def initialize(**args)
|
|
1198
|
+
update!(**args)
|
|
1199
|
+
end
|
|
1200
|
+
|
|
1201
|
+
# Update properties of this object
|
|
1202
|
+
def update!(**args)
|
|
1203
|
+
@area_served = args[:area_served] if args.key?(:area_served)
|
|
1204
|
+
@brands = args[:brands] if args.key?(:brands)
|
|
1205
|
+
@entity_type = args[:entity_type] if args.key?(:entity_type)
|
|
1206
|
+
@founded = args[:founded] if args.key?(:founded)
|
|
1207
|
+
@headquarters = args[:headquarters] if args.key?(:headquarters)
|
|
1208
|
+
@industry = args[:industry] if args.key?(:industry)
|
|
1209
|
+
@key_people_summary = args[:key_people_summary] if args.key?(:key_people_summary)
|
|
1210
|
+
@parent_company = args[:parent_company] if args.key?(:parent_company)
|
|
1211
|
+
@primary_website = args[:primary_website] if args.key?(:primary_website)
|
|
1212
|
+
@products_summary = args[:products_summary] if args.key?(:products_summary)
|
|
1213
|
+
@services_summary = args[:services_summary] if args.key?(:services_summary)
|
|
1214
|
+
@title = args[:title] if args.key?(:title)
|
|
1215
|
+
end
|
|
1216
|
+
end
|
|
1217
|
+
|
|
1218
|
+
# Web presence information for the customer profile.
|
|
1219
|
+
class CustomerProfileWebPresence
|
|
1220
|
+
include Google::Apis::Core::Hashable
|
|
1221
|
+
|
|
1222
|
+
# Optional. The citation ids for the web presence.
|
|
1223
|
+
# Corresponds to the JSON property `citationIds`
|
|
1224
|
+
# @return [Array<String>]
|
|
1225
|
+
attr_accessor :citation_ids
|
|
1226
|
+
|
|
1227
|
+
# Required. The domain name of the web presence.
|
|
1228
|
+
# Corresponds to the JSON property `domain`
|
|
1229
|
+
# @return [String]
|
|
1230
|
+
attr_accessor :domain
|
|
1231
|
+
|
|
1232
|
+
def initialize(**args)
|
|
1233
|
+
update!(**args)
|
|
1234
|
+
end
|
|
1235
|
+
|
|
1236
|
+
# Update properties of this object
|
|
1237
|
+
def update!(**args)
|
|
1238
|
+
@citation_ids = args[:citation_ids] if args.key?(:citation_ids)
|
|
1239
|
+
@domain = args[:domain] if args.key?(:domain)
|
|
1240
|
+
end
|
|
1241
|
+
end
|
|
1242
|
+
|
|
1243
|
+
# Captures the specific details of Data Leak alert.
|
|
1244
|
+
class DataLeakAlertDetail
|
|
1245
|
+
include Google::Apis::Core::Hashable
|
|
1246
|
+
|
|
1247
|
+
# Required. Array of ids to accommodate multiple discovery documents
|
|
1248
|
+
# Corresponds to the JSON property `discoveryDocumentIds`
|
|
1249
|
+
# @return [Array<String>]
|
|
1250
|
+
attr_accessor :discovery_document_ids
|
|
1251
|
+
|
|
1252
|
+
# Required. Data Leak specific severity This will be the string representation
|
|
1253
|
+
# of the DataLeakFindingDetail.Severityenum. (e.g., "LOW", "MEDIUM", "HIGH", "
|
|
1254
|
+
# CRITICAL")
|
|
1255
|
+
# Corresponds to the JSON property `severity`
|
|
1256
|
+
# @return [String]
|
|
1257
|
+
attr_accessor :severity
|
|
1258
|
+
|
|
1259
|
+
def initialize(**args)
|
|
1260
|
+
update!(**args)
|
|
1261
|
+
end
|
|
1262
|
+
|
|
1263
|
+
# Update properties of this object
|
|
1264
|
+
def update!(**args)
|
|
1265
|
+
@discovery_document_ids = args[:discovery_document_ids] if args.key?(:discovery_document_ids)
|
|
1266
|
+
@severity = args[:severity] if args.key?(:severity)
|
|
1267
|
+
end
|
|
1268
|
+
end
|
|
1269
|
+
|
|
1270
|
+
# A detail object for a Data Leak finding.
|
|
1271
|
+
class DataLeakFindingDetail
|
|
1272
|
+
include Google::Apis::Core::Hashable
|
|
1273
|
+
|
|
1274
|
+
# Required. The unique identifier of the document that triggered the Data Leak
|
|
1275
|
+
# finding. This ID can be used to retrieve the content of the document for
|
|
1276
|
+
# further analysis.
|
|
1277
|
+
# Corresponds to the JSON property `documentId`
|
|
1278
|
+
# @return [String]
|
|
1279
|
+
attr_accessor :document_id
|
|
1280
|
+
|
|
1281
|
+
# Required. Reference to the match score of the Data Leak finding. This is a
|
|
1282
|
+
# float value greater than 0 and less than or equal to 1 calculated by the
|
|
1283
|
+
# matching engine based on the similarity of the document and the user provided
|
|
1284
|
+
# configurations.
|
|
1285
|
+
# Corresponds to the JSON property `matchScore`
|
|
1286
|
+
# @return [Float]
|
|
1287
|
+
attr_accessor :match_score
|
|
1288
|
+
|
|
1289
|
+
# Required. The severity of the Data Leak finding. This indicates the potential
|
|
1290
|
+
# impact of the threat.
|
|
1291
|
+
# Corresponds to the JSON property `severity`
|
|
1292
|
+
# @return [String]
|
|
1293
|
+
attr_accessor :severity
|
|
1294
|
+
|
|
1295
|
+
def initialize(**args)
|
|
1296
|
+
update!(**args)
|
|
1297
|
+
end
|
|
1298
|
+
|
|
1299
|
+
# Update properties of this object
|
|
1300
|
+
def update!(**args)
|
|
1301
|
+
@document_id = args[:document_id] if args.key?(:document_id)
|
|
1302
|
+
@match_score = args[:match_score] if args.key?(:match_score)
|
|
1303
|
+
@severity = args[:severity] if args.key?(:severity)
|
|
1304
|
+
end
|
|
1305
|
+
end
|
|
1306
|
+
|
|
1307
|
+
# Any account-level configuration options will go here.
|
|
1308
|
+
class DomainMonitoringConfig
|
|
1309
|
+
include Google::Apis::Core::Hashable
|
|
1310
|
+
|
|
1311
|
+
# The domains to use as "seeds" for Suspicious Domain Monitoring.
|
|
1312
|
+
# Corresponds to the JSON property `domains`
|
|
1313
|
+
# @return [Array<Google::Apis::ThreatintelligenceV1beta::DomainMonitoringDomain>]
|
|
1314
|
+
attr_accessor :domains
|
|
1315
|
+
|
|
1316
|
+
def initialize(**args)
|
|
1317
|
+
update!(**args)
|
|
1318
|
+
end
|
|
1319
|
+
|
|
1320
|
+
# Update properties of this object
|
|
1321
|
+
def update!(**args)
|
|
1322
|
+
@domains = args[:domains] if args.key?(:domains)
|
|
1323
|
+
end
|
|
1324
|
+
end
|
|
1325
|
+
|
|
1326
|
+
# A Domain Monitoring "domain"
|
|
1327
|
+
class DomainMonitoringDomain
|
|
1328
|
+
include Google::Apis::Core::Hashable
|
|
1329
|
+
|
|
1330
|
+
# The domain name to match against.
|
|
1331
|
+
# Corresponds to the JSON property `domain`
|
|
1332
|
+
# @return [String]
|
|
1333
|
+
attr_accessor :domain
|
|
1334
|
+
|
|
1335
|
+
def initialize(**args)
|
|
1336
|
+
update!(**args)
|
|
1337
|
+
end
|
|
1338
|
+
|
|
1339
|
+
# Update properties of this object
|
|
1340
|
+
def update!(**args)
|
|
1341
|
+
@domain = args[:domain] if args.key?(:domain)
|
|
1342
|
+
end
|
|
1343
|
+
end
|
|
1344
|
+
|
|
1345
|
+
# EntityProfile represents the structured profile of a customer entity,
|
|
1346
|
+
# containing key identifiers and descriptive attributes optimized for contextual
|
|
1347
|
+
# matching against threat intelligence, particularly Initial Access Broker (IAB)
|
|
1348
|
+
# offerings.
|
|
1349
|
+
class EntityProfile
|
|
1350
|
+
include Google::Apis::Core::Hashable
|
|
1351
|
+
|
|
1352
|
+
# Optional. List of specific countries of operation. Purpose: Essential for
|
|
1353
|
+
# matching geographically targeted threats (e.g., actor specifies victims in 'DE'
|
|
1354
|
+
# ). Use ISO 3166-1 alpha-2 codes (e.g., "US", "GB", "JP", "DE").
|
|
1355
|
+
# Corresponds to the JSON property `countries`
|
|
1356
|
+
# @return [Array<String>]
|
|
1357
|
+
attr_accessor :countries
|
|
1358
|
+
|
|
1359
|
+
# Required. List of primary internet domain names associated with the entity.
|
|
1360
|
+
# Purpose: Crucial for explicit matching against domains mentioned in threat
|
|
1361
|
+
# intel and can inform semantic matching. Must contain at least one domain.
|
|
1362
|
+
# Example: ["acme.com", "acme.co.uk"]
|
|
1363
|
+
# Corresponds to the JSON property `domains`
|
|
1364
|
+
# @return [Array<String>]
|
|
1365
|
+
attr_accessor :domains
|
|
1366
|
+
|
|
1367
|
+
# Optional. List of primary industry sectors the entity operates within. Purpose:
|
|
1368
|
+
# Crucial for matching industry-specific threats and understanding attacker
|
|
1369
|
+
# motivation. Use standardized GTI Industry Classification values. Example: ["
|
|
1370
|
+
# Technology", "Financial Services", "Healthcare"]
|
|
1371
|
+
# Corresponds to the JSON property `industries`
|
|
1372
|
+
# @return [Array<String>]
|
|
1373
|
+
attr_accessor :industries
|
|
1374
|
+
|
|
1375
|
+
# Required. Canonical name of the entity (e.g., the legal company name). Purpose:
|
|
1376
|
+
# Primary identifier for the customer.
|
|
1377
|
+
# Corresponds to the JSON property `name`
|
|
1378
|
+
# @return [String]
|
|
1379
|
+
attr_accessor :name
|
|
1380
|
+
|
|
1381
|
+
# Optional. Specific geographic areas of *significant* operational concentration
|
|
1382
|
+
# or strategic importance below the country level, if clearly identifiable and
|
|
1383
|
+
# relevant. Purpose: Useful for highly localized threats, less commonly
|
|
1384
|
+
# populated than `countries`. Example: ["Silicon Valley", "Frankfurt am Main
|
|
1385
|
+
# Metropolitan Region"]
|
|
1386
|
+
# Corresponds to the JSON property `operationalAreas`
|
|
1387
|
+
# @return [Array<String>]
|
|
1388
|
+
attr_accessor :operational_areas
|
|
1389
|
+
|
|
1390
|
+
# Required. A concise, machine-generated (e.g., LLM) or human-curated summary of
|
|
1391
|
+
# the entity. Purpose: Captures the semantic essence for embedding generation
|
|
1392
|
+
# and similarity matching. Should synthesize key aspects like core business,
|
|
1393
|
+
# scale, and market. Example: "Acme Corporation is a large, US-based
|
|
1394
|
+
# multinational conglomerate operating..."
|
|
1395
|
+
# Corresponds to the JSON property `profileSummary`
|
|
1396
|
+
# @return [String]
|
|
1397
|
+
attr_accessor :profile_summary
|
|
1398
|
+
|
|
1399
|
+
# Optional. List of primary geopolitical regions where the entity has
|
|
1400
|
+
# significant operations. Purpose: Filters geographically relevant threats. Use
|
|
1401
|
+
# standardized names or codes where possible (e.g., "North America", "EMEA", "
|
|
1402
|
+
# APAC", UN M49 codes).
|
|
1403
|
+
# Corresponds to the JSON property `regions`
|
|
1404
|
+
# @return [Array<String>]
|
|
1405
|
+
attr_accessor :regions
|
|
1406
|
+
|
|
1407
|
+
# Optional. List of more granular sub-industries, if applicable and known.
|
|
1408
|
+
# Purpose: Provides finer-grained context for more specific threat matching.
|
|
1409
|
+
# Should align with GTI classifications if possible. Example: ["Semiconductors",
|
|
1410
|
+
# "Cloud Computing Services", "Investment Banking"]
|
|
1411
|
+
# Corresponds to the JSON property `subIndustries`
|
|
1412
|
+
# @return [Array<String>]
|
|
1413
|
+
attr_accessor :sub_industries
|
|
1414
|
+
|
|
1415
|
+
def initialize(**args)
|
|
1416
|
+
update!(**args)
|
|
1417
|
+
end
|
|
1418
|
+
|
|
1419
|
+
# Update properties of this object
|
|
1420
|
+
def update!(**args)
|
|
1421
|
+
@countries = args[:countries] if args.key?(:countries)
|
|
1422
|
+
@domains = args[:domains] if args.key?(:domains)
|
|
1423
|
+
@industries = args[:industries] if args.key?(:industries)
|
|
1424
|
+
@name = args[:name] if args.key?(:name)
|
|
1425
|
+
@operational_areas = args[:operational_areas] if args.key?(:operational_areas)
|
|
1426
|
+
@profile_summary = args[:profile_summary] if args.key?(:profile_summary)
|
|
1427
|
+
@regions = args[:regions] if args.key?(:regions)
|
|
1428
|
+
@sub_industries = args[:sub_industries] if args.key?(:sub_industries)
|
|
1429
|
+
end
|
|
1430
|
+
end
|
|
1431
|
+
|
|
1432
|
+
# Response message for EnumerateAlertFacets.
|
|
1433
|
+
class EnumerateAlertFacetsResponse
|
|
1434
|
+
include Google::Apis::Core::Hashable
|
|
1435
|
+
|
|
1436
|
+
# List of facets and the counts.
|
|
1437
|
+
# Corresponds to the JSON property `facets`
|
|
1438
|
+
# @return [Array<Google::Apis::ThreatintelligenceV1beta::Facet>]
|
|
1439
|
+
attr_accessor :facets
|
|
1440
|
+
|
|
1441
|
+
def initialize(**args)
|
|
1442
|
+
update!(**args)
|
|
1443
|
+
end
|
|
1444
|
+
|
|
1445
|
+
# Update properties of this object
|
|
1446
|
+
def update!(**args)
|
|
1447
|
+
@facets = args[:facets] if args.key?(:facets)
|
|
1448
|
+
end
|
|
1449
|
+
end
|
|
1450
|
+
|
|
1451
|
+
# Details the evidence used to determine the relevance verdict.
|
|
1452
|
+
class Evidence
|
|
1453
|
+
include Google::Apis::Core::Hashable
|
|
1454
|
+
|
|
1455
|
+
# A list of semantic themes or concepts found to be common, related, or aligned
|
|
1456
|
+
# between the sources, supporting the verdict.
|
|
1457
|
+
# Corresponds to the JSON property `commonThemes`
|
|
1458
|
+
# @return [Array<String>]
|
|
1459
|
+
attr_accessor :common_themes
|
|
1460
|
+
|
|
1461
|
+
# A list of semantic themes or descriptions unique to one source or semantically
|
|
1462
|
+
# distant.
|
|
1463
|
+
# Corresponds to the JSON property `distinctThemes`
|
|
1464
|
+
# @return [Array<String>]
|
|
1465
|
+
attr_accessor :distinct_themes
|
|
1466
|
+
|
|
1467
|
+
def initialize(**args)
|
|
1468
|
+
update!(**args)
|
|
1469
|
+
end
|
|
1470
|
+
|
|
1471
|
+
# Update properties of this object
|
|
1472
|
+
def update!(**args)
|
|
1473
|
+
@common_themes = args[:common_themes] if args.key?(:common_themes)
|
|
1474
|
+
@distinct_themes = args[:distinct_themes] if args.key?(:distinct_themes)
|
|
1475
|
+
end
|
|
1476
|
+
end
|
|
1477
|
+
|
|
1478
|
+
# Facet represents a sub element of a resource for filtering. The results from
|
|
1479
|
+
# this method are used to populate the filterable facets in the UI.
|
|
1480
|
+
class Facet
|
|
1481
|
+
include Google::Apis::Core::Hashable
|
|
1482
|
+
|
|
1483
|
+
# Name of the facet. This is also the string that needs to be used in the
|
|
1484
|
+
# filtering expression.
|
|
1485
|
+
# Corresponds to the JSON property `facet`
|
|
1486
|
+
# @return [String]
|
|
1487
|
+
attr_accessor :facet
|
|
1488
|
+
|
|
1489
|
+
# List of counts for the facet (if categorical).
|
|
1490
|
+
# Corresponds to the JSON property `facetCounts`
|
|
1491
|
+
# @return [Array<Google::Apis::ThreatintelligenceV1beta::FacetCount>]
|
|
1492
|
+
attr_accessor :facet_counts
|
|
1493
|
+
|
|
1494
|
+
# The type of the facet. Options include "string", "int", "float", "bool", "enum"
|
|
1495
|
+
# , "timestamp", "user" and are useful to show the right sort of UI controls
|
|
1496
|
+
# when building a AIP-160 style filtering string.
|
|
1497
|
+
# Corresponds to the JSON property `facetType`
|
|
1498
|
+
# @return [String]
|
|
1499
|
+
attr_accessor :facet_type
|
|
1500
|
+
|
|
1501
|
+
# Max value of the facet stringified based on type. Will be populated and
|
|
1502
|
+
# formatted the same as min_value.
|
|
1503
|
+
# Corresponds to the JSON property `maxValue`
|
|
1504
|
+
# @return [String]
|
|
1505
|
+
attr_accessor :max_value
|
|
1506
|
+
|
|
1507
|
+
# Min value of the facet stringified based on type. This is only populated for
|
|
1508
|
+
# facets that have a clear ordering, for types like enum it will be left empty.
|
|
1509
|
+
# Timestamps will be formatted using RFC3339.
|
|
1510
|
+
# Corresponds to the JSON property `minValue`
|
|
1511
|
+
# @return [String]
|
|
1512
|
+
attr_accessor :min_value
|
|
1513
|
+
|
|
1514
|
+
# Total number of records that contain this facet with ANY value.
|
|
1515
|
+
# Corresponds to the JSON property `totalCount`
|
|
1516
|
+
# @return [Fixnum]
|
|
1517
|
+
attr_accessor :total_count
|
|
1518
|
+
|
|
1519
|
+
def initialize(**args)
|
|
1520
|
+
update!(**args)
|
|
1521
|
+
end
|
|
1522
|
+
|
|
1523
|
+
# Update properties of this object
|
|
1524
|
+
def update!(**args)
|
|
1525
|
+
@facet = args[:facet] if args.key?(:facet)
|
|
1526
|
+
@facet_counts = args[:facet_counts] if args.key?(:facet_counts)
|
|
1527
|
+
@facet_type = args[:facet_type] if args.key?(:facet_type)
|
|
1528
|
+
@max_value = args[:max_value] if args.key?(:max_value)
|
|
1529
|
+
@min_value = args[:min_value] if args.key?(:min_value)
|
|
1530
|
+
@total_count = args[:total_count] if args.key?(:total_count)
|
|
1531
|
+
end
|
|
1532
|
+
end
|
|
1533
|
+
|
|
1534
|
+
# FacetCount represents a count of records with each facet value.
|
|
1535
|
+
class FacetCount
|
|
1536
|
+
include Google::Apis::Core::Hashable
|
|
1537
|
+
|
|
1538
|
+
# Count of records with the value.
|
|
1539
|
+
# Corresponds to the JSON property `count`
|
|
1540
|
+
# @return [Fixnum]
|
|
1541
|
+
attr_accessor :count
|
|
1542
|
+
|
|
1543
|
+
# Value of the facet stringified. Timestamps will be formatted using RFC3339.
|
|
1544
|
+
# Corresponds to the JSON property `value`
|
|
1545
|
+
# @return [String]
|
|
1546
|
+
attr_accessor :value
|
|
1547
|
+
|
|
1548
|
+
def initialize(**args)
|
|
1549
|
+
update!(**args)
|
|
1550
|
+
end
|
|
1551
|
+
|
|
1552
|
+
# Update properties of this object
|
|
1553
|
+
def update!(**args)
|
|
1554
|
+
@count = args[:count] if args.key?(:count)
|
|
1555
|
+
@value = args[:value] if args.key?(:value)
|
|
1556
|
+
end
|
|
1557
|
+
end
|
|
1558
|
+
|
|
1559
|
+
# A ‘stateless’ and a point in time event that a check produced a result of
|
|
1560
|
+
# interest.
|
|
1561
|
+
class Finding
|
|
1562
|
+
include Google::Apis::Core::Hashable
|
|
1563
|
+
|
|
1564
|
+
# Optional. AI summary of the finding.
|
|
1565
|
+
# Corresponds to the JSON property `aiSummary`
|
|
1566
|
+
# @return [String]
|
|
1567
|
+
attr_accessor :ai_summary
|
|
1568
|
+
|
|
1569
|
+
# Optional. Name of the alert that this finding is bound to.
|
|
1570
|
+
# Corresponds to the JSON property `alert`
|
|
1571
|
+
# @return [String]
|
|
1572
|
+
attr_accessor :alert
|
|
1573
|
+
|
|
1574
|
+
# Optional. Optional - asset name if known. Format: vaults/`vault`/assets/`asset`
|
|
1575
|
+
# Corresponds to the JSON property `asset`
|
|
1576
|
+
# @return [String]
|
|
1577
|
+
attr_accessor :asset
|
|
1578
|
+
|
|
1579
|
+
# Tracks basic CRUD facts.
|
|
1580
|
+
# Corresponds to the JSON property `audit`
|
|
1581
|
+
# @return [Google::Apis::ThreatintelligenceV1beta::Audit]
|
|
1582
|
+
attr_accessor :audit
|
|
1583
|
+
|
|
1584
|
+
# Optional. Configuration names that are bound to this finding.
|
|
1585
|
+
# Corresponds to the JSON property `configurations`
|
|
1586
|
+
# @return [Array<String>]
|
|
1587
|
+
attr_accessor :configurations
|
|
1588
|
+
|
|
1589
|
+
# Wrapper class that contains the union struct for all the various findings
|
|
1590
|
+
# detail specific classes.
|
|
1591
|
+
# Corresponds to the JSON property `detail`
|
|
1592
|
+
# @return [Google::Apis::ThreatintelligenceV1beta::FindingDetail]
|
|
1593
|
+
attr_accessor :detail
|
|
1594
|
+
|
|
1595
|
+
# Required. A short descriptive title for the finding <= 250 chars. EX: "Actor '
|
|
1596
|
+
# baddy' offering $1000 for credentials of 'goodguy'".
|
|
1597
|
+
# Corresponds to the JSON property `displayName`
|
|
1598
|
+
# @return [String]
|
|
1599
|
+
attr_accessor :display_name
|
|
1600
|
+
|
|
1601
|
+
# Optional. Optional - name of the issue that this finding is bound to. Format:
|
|
1602
|
+
# vaults/`vault`/issues/`issue`
|
|
1603
|
+
# Corresponds to the JSON property `issue`
|
|
1604
|
+
# @return [String]
|
|
1605
|
+
attr_accessor :issue
|
|
1606
|
+
|
|
1607
|
+
# Identifier. Server generated name for the finding (leave clear during creation)
|
|
1608
|
+
# . Format: vaults/`vault`/findings/`finding`
|
|
1609
|
+
# Corresponds to the JSON property `name`
|
|
1610
|
+
# @return [String]
|
|
1611
|
+
attr_accessor :name
|
|
1612
|
+
|
|
1613
|
+
# Required. Logical source of this finding (name of the sub-engine).
|
|
1614
|
+
# Corresponds to the JSON property `provider`
|
|
1615
|
+
# @return [String]
|
|
1616
|
+
attr_accessor :provider
|
|
1617
|
+
|
|
1618
|
+
# Structured relevance analysis for a threat.
|
|
1619
|
+
# Corresponds to the JSON property `relevanceAnalysis`
|
|
1620
|
+
# @return [Google::Apis::ThreatintelligenceV1beta::RelevanceAnalysis]
|
|
1621
|
+
attr_accessor :relevance_analysis
|
|
1622
|
+
|
|
1623
|
+
# Output only. When identical finding (same labels and same details) has re-
|
|
1624
|
+
# occurred.
|
|
1625
|
+
# Corresponds to the JSON property `reoccurrenceTimes`
|
|
1626
|
+
# @return [Array<String>]
|
|
1627
|
+
attr_accessor :reoccurrence_times
|
|
1628
|
+
|
|
1629
|
+
# Optional. Deprecated: Use the `severity_analysis` field instead. Base severity
|
|
1630
|
+
# score from the finding source.
|
|
1631
|
+
# Corresponds to the JSON property `severity`
|
|
1632
|
+
# @return [Float]
|
|
1633
|
+
attr_accessor :severity
|
|
1634
|
+
|
|
1635
|
+
# Structured severity analysis for a threat.
|
|
1636
|
+
# Corresponds to the JSON property `severityAnalysis`
|
|
1637
|
+
# @return [Google::Apis::ThreatintelligenceV1beta::SeverityAnalysis]
|
|
1638
|
+
attr_accessor :severity_analysis
|
|
1639
|
+
|
|
1640
|
+
def initialize(**args)
|
|
1641
|
+
update!(**args)
|
|
1642
|
+
end
|
|
1643
|
+
|
|
1644
|
+
# Update properties of this object
|
|
1645
|
+
def update!(**args)
|
|
1646
|
+
@ai_summary = args[:ai_summary] if args.key?(:ai_summary)
|
|
1647
|
+
@alert = args[:alert] if args.key?(:alert)
|
|
1648
|
+
@asset = args[:asset] if args.key?(:asset)
|
|
1649
|
+
@audit = args[:audit] if args.key?(:audit)
|
|
1650
|
+
@configurations = args[:configurations] if args.key?(:configurations)
|
|
1651
|
+
@detail = args[:detail] if args.key?(:detail)
|
|
1652
|
+
@display_name = args[:display_name] if args.key?(:display_name)
|
|
1653
|
+
@issue = args[:issue] if args.key?(:issue)
|
|
1654
|
+
@name = args[:name] if args.key?(:name)
|
|
1655
|
+
@provider = args[:provider] if args.key?(:provider)
|
|
1656
|
+
@relevance_analysis = args[:relevance_analysis] if args.key?(:relevance_analysis)
|
|
1657
|
+
@reoccurrence_times = args[:reoccurrence_times] if args.key?(:reoccurrence_times)
|
|
1658
|
+
@severity = args[:severity] if args.key?(:severity)
|
|
1659
|
+
@severity_analysis = args[:severity_analysis] if args.key?(:severity_analysis)
|
|
1660
|
+
end
|
|
1661
|
+
end
|
|
1662
|
+
|
|
1663
|
+
# Wrapper class that contains the union struct for all the various findings
|
|
1664
|
+
# detail specific classes.
|
|
1665
|
+
class FindingDetail
|
|
1666
|
+
include Google::Apis::Core::Hashable
|
|
1667
|
+
|
|
1668
|
+
# Sample compromised credential detail.
|
|
1669
|
+
# Corresponds to the JSON property `compromisedCredentials`
|
|
1670
|
+
# @return [Google::Apis::ThreatintelligenceV1beta::CompromisedCredentialsFindingDetail]
|
|
1671
|
+
attr_accessor :compromised_credentials
|
|
1672
|
+
|
|
1673
|
+
# A detail object for a Data Leak finding.
|
|
1674
|
+
# Corresponds to the JSON property `dataLeak`
|
|
1675
|
+
# @return [Google::Apis::ThreatintelligenceV1beta::DataLeakFindingDetail]
|
|
1676
|
+
attr_accessor :data_leak
|
|
1677
|
+
|
|
1678
|
+
# Output only. Name of the detail type. Will be set by the server during
|
|
1679
|
+
# creation to the name of the field that is set in the detail union.
|
|
1680
|
+
# Corresponds to the JSON property `detailType`
|
|
1681
|
+
# @return [String]
|
|
1682
|
+
attr_accessor :detail_type
|
|
1683
|
+
|
|
1684
|
+
# This is a temporary detail type that will be used to support vulnerabilities
|
|
1685
|
+
# until the engines start using the full vulnerability objects. The "Inband"
|
|
1686
|
+
# refers to the fact that all vulnerability details are included with every
|
|
1687
|
+
# finding.
|
|
1688
|
+
# Corresponds to the JSON property `inbandVulnerability`
|
|
1689
|
+
# @return [Google::Apis::ThreatintelligenceV1beta::InbandVulnerabilityFindingDetail]
|
|
1690
|
+
attr_accessor :inband_vulnerability
|
|
1691
|
+
|
|
1692
|
+
# A detail object for an Initial Access Broker (IAB) finding.
|
|
1693
|
+
# Corresponds to the JSON property `initialAccessBroker`
|
|
1694
|
+
# @return [Google::Apis::ThreatintelligenceV1beta::InitialAccessBrokerFindingDetail]
|
|
1695
|
+
attr_accessor :initial_access_broker
|
|
1696
|
+
|
|
1697
|
+
# A detail object for a InsiderThreat finding.
|
|
1698
|
+
# Corresponds to the JSON property `insiderThreat`
|
|
1699
|
+
# @return [Google::Apis::ThreatintelligenceV1beta::InsiderThreatFindingDetail]
|
|
1700
|
+
attr_accessor :insider_threat
|
|
1701
|
+
|
|
1702
|
+
# Misconfiguration finding detail.
|
|
1703
|
+
# Corresponds to the JSON property `misconfiguration`
|
|
1704
|
+
# @return [Google::Apis::ThreatintelligenceV1beta::MisconfigurationFindingDetail]
|
|
1705
|
+
attr_accessor :misconfiguration
|
|
1706
|
+
|
|
1707
|
+
# A detailed object for a suspicious Domain finding.
|
|
1708
|
+
# Corresponds to the JSON property `suspiciousDomain`
|
|
1709
|
+
# @return [Google::Apis::ThreatintelligenceV1beta::SuspiciousDomainFindingDetail]
|
|
1710
|
+
attr_accessor :suspicious_domain
|
|
1711
|
+
|
|
1712
|
+
# Contains details for a technology watchlist finding.
|
|
1713
|
+
# Corresponds to the JSON property `targetTechnology`
|
|
1714
|
+
# @return [Google::Apis::ThreatintelligenceV1beta::TargetTechnologyFindingDetail]
|
|
1715
|
+
attr_accessor :target_technology
|
|
1716
|
+
|
|
1717
|
+
def initialize(**args)
|
|
1718
|
+
update!(**args)
|
|
1719
|
+
end
|
|
1720
|
+
|
|
1721
|
+
# Update properties of this object
|
|
1722
|
+
def update!(**args)
|
|
1723
|
+
@compromised_credentials = args[:compromised_credentials] if args.key?(:compromised_credentials)
|
|
1724
|
+
@data_leak = args[:data_leak] if args.key?(:data_leak)
|
|
1725
|
+
@detail_type = args[:detail_type] if args.key?(:detail_type)
|
|
1726
|
+
@inband_vulnerability = args[:inband_vulnerability] if args.key?(:inband_vulnerability)
|
|
1727
|
+
@initial_access_broker = args[:initial_access_broker] if args.key?(:initial_access_broker)
|
|
1728
|
+
@insider_threat = args[:insider_threat] if args.key?(:insider_threat)
|
|
1729
|
+
@misconfiguration = args[:misconfiguration] if args.key?(:misconfiguration)
|
|
1730
|
+
@suspicious_domain = args[:suspicious_domain] if args.key?(:suspicious_domain)
|
|
1731
|
+
@target_technology = args[:target_technology] if args.key?(:target_technology)
|
|
1732
|
+
end
|
|
1733
|
+
end
|
|
1734
|
+
|
|
1735
|
+
# Fleshed out vulnerability object that includes enough details to fill out a
|
|
1736
|
+
# vulnerability specific view for an issue.
|
|
1737
|
+
class InbandVulnerability
|
|
1738
|
+
include Google::Apis::Core::Hashable
|
|
1739
|
+
|
|
1740
|
+
# Optional. The software that is affected by the vulnerability.
|
|
1741
|
+
# Corresponds to the JSON property `affectedSoftware`
|
|
1742
|
+
# @return [Array<Google::Apis::ThreatintelligenceV1beta::AffectedSoftware>]
|
|
1743
|
+
attr_accessor :affected_software
|
|
1744
|
+
|
|
1745
|
+
# Optional. The authors of the vulnerability detection.
|
|
1746
|
+
# Corresponds to the JSON property `authors`
|
|
1747
|
+
# @return [Array<String>]
|
|
1748
|
+
attr_accessor :authors
|
|
1749
|
+
|
|
1750
|
+
# Required. The CVE ID of the vulnerability.
|
|
1751
|
+
# Corresponds to the JSON property `cveId`
|
|
1752
|
+
# @return [String]
|
|
1753
|
+
attr_accessor :cve_id
|
|
1754
|
+
|
|
1755
|
+
# Required. The CVSS V3.1 score (Base score)for the vulnerability. ( )
|
|
1756
|
+
# Corresponds to the JSON property `cvssV31Score`
|
|
1757
|
+
# @return [Float]
|
|
1758
|
+
attr_accessor :cvss_v31_score
|
|
1759
|
+
|
|
1760
|
+
# Optional. Temporal CVSS V3.1 score for the vulnerability.
|
|
1761
|
+
# Corresponds to the JSON property `cvssV31ScoreTemporal`
|
|
1762
|
+
# @return [Float]
|
|
1763
|
+
attr_accessor :cvss_v31_score_temporal
|
|
1764
|
+
|
|
1765
|
+
# Optional. The human readable description. This can be basic HTML formatted
|
|
1766
|
+
# text.
|
|
1767
|
+
# Corresponds to the JSON property `description`
|
|
1768
|
+
# @return [String]
|
|
1769
|
+
attr_accessor :description
|
|
1770
|
+
|
|
1771
|
+
# Optional. The date the vulnerability was first disclosed.
|
|
1772
|
+
# Corresponds to the JSON property `disclosureTime`
|
|
1773
|
+
# @return [String]
|
|
1774
|
+
attr_accessor :disclosure_time
|
|
1775
|
+
|
|
1776
|
+
# Optional. Exploitation state of the vulnerability, for example "Available".
|
|
1777
|
+
# Corresponds to the JSON property `exploitationState`
|
|
1778
|
+
# @return [String]
|
|
1779
|
+
attr_accessor :exploitation_state
|
|
1780
|
+
|
|
1781
|
+
# Required. The external ID of the vulnerability.
|
|
1782
|
+
# Corresponds to the JSON property `externalVulnerabilityId`
|
|
1783
|
+
# @return [String]
|
|
1784
|
+
attr_accessor :external_vulnerability_id
|
|
1785
|
+
|
|
1786
|
+
# Optional. Whether this is exploited in the wild.
|
|
1787
|
+
# Corresponds to the JSON property `isExploitedWild`
|
|
1788
|
+
# @return [Boolean]
|
|
1789
|
+
attr_accessor :is_exploited_wild
|
|
1790
|
+
alias_method :is_exploited_wild?, :is_exploited_wild
|
|
1791
|
+
|
|
1792
|
+
# Optional. Reference URLs to the vulnerability.
|
|
1793
|
+
# Corresponds to the JSON property `referenceUrls`
|
|
1794
|
+
# @return [Array<String>]
|
|
1795
|
+
attr_accessor :reference_urls
|
|
1796
|
+
|
|
1797
|
+
# Optional. The human readable remediation recommendation. This can be basic
|
|
1798
|
+
# HTML formatted text.
|
|
1799
|
+
# Corresponds to the JSON property `remediation`
|
|
1800
|
+
# @return [String]
|
|
1801
|
+
attr_accessor :remediation
|
|
1802
|
+
|
|
1803
|
+
# Optional. Risk rating for the vulnerability, for example "High".
|
|
1804
|
+
# Corresponds to the JSON property `riskRating`
|
|
1805
|
+
# @return [String]
|
|
1806
|
+
attr_accessor :risk_rating
|
|
1807
|
+
|
|
1808
|
+
# Optional. Human readable name for the vulnerability.
|
|
1809
|
+
# Corresponds to the JSON property `title`
|
|
1810
|
+
# @return [String]
|
|
1811
|
+
attr_accessor :title
|
|
1812
|
+
|
|
1813
|
+
def initialize(**args)
|
|
1814
|
+
update!(**args)
|
|
1815
|
+
end
|
|
1816
|
+
|
|
1817
|
+
# Update properties of this object
|
|
1818
|
+
def update!(**args)
|
|
1819
|
+
@affected_software = args[:affected_software] if args.key?(:affected_software)
|
|
1820
|
+
@authors = args[:authors] if args.key?(:authors)
|
|
1821
|
+
@cve_id = args[:cve_id] if args.key?(:cve_id)
|
|
1822
|
+
@cvss_v31_score = args[:cvss_v31_score] if args.key?(:cvss_v31_score)
|
|
1823
|
+
@cvss_v31_score_temporal = args[:cvss_v31_score_temporal] if args.key?(:cvss_v31_score_temporal)
|
|
1824
|
+
@description = args[:description] if args.key?(:description)
|
|
1825
|
+
@disclosure_time = args[:disclosure_time] if args.key?(:disclosure_time)
|
|
1826
|
+
@exploitation_state = args[:exploitation_state] if args.key?(:exploitation_state)
|
|
1827
|
+
@external_vulnerability_id = args[:external_vulnerability_id] if args.key?(:external_vulnerability_id)
|
|
1828
|
+
@is_exploited_wild = args[:is_exploited_wild] if args.key?(:is_exploited_wild)
|
|
1829
|
+
@reference_urls = args[:reference_urls] if args.key?(:reference_urls)
|
|
1830
|
+
@remediation = args[:remediation] if args.key?(:remediation)
|
|
1831
|
+
@risk_rating = args[:risk_rating] if args.key?(:risk_rating)
|
|
1832
|
+
@title = args[:title] if args.key?(:title)
|
|
1833
|
+
end
|
|
1834
|
+
end
|
|
1835
|
+
|
|
1836
|
+
# This is a temporary detail type that will be used to support vulnerabilities
|
|
1837
|
+
# until the engines start using the full vulnerability objects. The "Inband"
|
|
1838
|
+
# refers to the fact that all vulnerability details are included with every
|
|
1839
|
+
# finding.
|
|
1840
|
+
class InbandVulnerabilityFindingDetail
|
|
1841
|
+
include Google::Apis::Core::Hashable
|
|
1842
|
+
|
|
1843
|
+
# Optional. A short description of the proof of the vulnerability.
|
|
1844
|
+
# Corresponds to the JSON property `formattedProofDetails`
|
|
1845
|
+
# @return [String]
|
|
1846
|
+
attr_accessor :formatted_proof_details
|
|
1847
|
+
|
|
1848
|
+
# Optional. The URI that lead to this detection, if appropriate.
|
|
1849
|
+
# Corresponds to the JSON property `requestUri`
|
|
1850
|
+
# @return [String]
|
|
1851
|
+
attr_accessor :request_uri
|
|
1852
|
+
|
|
1853
|
+
# Fleshed out vulnerability object that includes enough details to fill out a
|
|
1854
|
+
# vulnerability specific view for an issue.
|
|
1855
|
+
# Corresponds to the JSON property `vulnerability`
|
|
1856
|
+
# @return [Google::Apis::ThreatintelligenceV1beta::InbandVulnerability]
|
|
1857
|
+
attr_accessor :vulnerability
|
|
1858
|
+
|
|
1859
|
+
def initialize(**args)
|
|
1860
|
+
update!(**args)
|
|
1861
|
+
end
|
|
1862
|
+
|
|
1863
|
+
# Update properties of this object
|
|
1864
|
+
def update!(**args)
|
|
1865
|
+
@formatted_proof_details = args[:formatted_proof_details] if args.key?(:formatted_proof_details)
|
|
1866
|
+
@request_uri = args[:request_uri] if args.key?(:request_uri)
|
|
1867
|
+
@vulnerability = args[:vulnerability] if args.key?(:vulnerability)
|
|
1868
|
+
end
|
|
1869
|
+
end
|
|
1870
|
+
|
|
1871
|
+
# Captures the specific details of InitialAccessBroker (IAB) alert.
|
|
1872
|
+
class InitialAccessBrokerAlertDetail
|
|
1873
|
+
include Google::Apis::Core::Hashable
|
|
1874
|
+
|
|
1875
|
+
# Required. Array of ids to accommodate multiple discovery documents
|
|
1876
|
+
# Corresponds to the JSON property `discoveryDocumentIds`
|
|
1877
|
+
# @return [Array<String>]
|
|
1878
|
+
attr_accessor :discovery_document_ids
|
|
1879
|
+
|
|
1880
|
+
# Required. IAB specific severity
|
|
1881
|
+
# Corresponds to the JSON property `severity`
|
|
1882
|
+
# @return [String]
|
|
1883
|
+
attr_accessor :severity
|
|
1884
|
+
|
|
1885
|
+
def initialize(**args)
|
|
1886
|
+
update!(**args)
|
|
1887
|
+
end
|
|
1888
|
+
|
|
1889
|
+
# Update properties of this object
|
|
1890
|
+
def update!(**args)
|
|
1891
|
+
@discovery_document_ids = args[:discovery_document_ids] if args.key?(:discovery_document_ids)
|
|
1892
|
+
@severity = args[:severity] if args.key?(:severity)
|
|
1893
|
+
end
|
|
1894
|
+
end
|
|
1895
|
+
|
|
1896
|
+
# InitialAccessBrokerConfig is specific to Initial Access Broker (IAB) matching
|
|
1897
|
+
# scenarios.
|
|
1898
|
+
class InitialAccessBrokerConfig
|
|
1899
|
+
include Google::Apis::Core::Hashable
|
|
1900
|
+
|
|
1901
|
+
# EntityProfile represents the structured profile of a customer entity,
|
|
1902
|
+
# containing key identifiers and descriptive attributes optimized for contextual
|
|
1903
|
+
# matching against threat intelligence, particularly Initial Access Broker (IAB)
|
|
1904
|
+
# offerings.
|
|
1905
|
+
# Corresponds to the JSON property `entityProfile`
|
|
1906
|
+
# @return [Google::Apis::ThreatintelligenceV1beta::EntityProfile]
|
|
1907
|
+
attr_accessor :entity_profile
|
|
1908
|
+
|
|
1909
|
+
def initialize(**args)
|
|
1910
|
+
update!(**args)
|
|
1911
|
+
end
|
|
1912
|
+
|
|
1913
|
+
# Update properties of this object
|
|
1914
|
+
def update!(**args)
|
|
1915
|
+
@entity_profile = args[:entity_profile] if args.key?(:entity_profile)
|
|
1916
|
+
end
|
|
1917
|
+
end
|
|
1918
|
+
|
|
1919
|
+
# A detail object for an Initial Access Broker (IAB) finding.
|
|
1920
|
+
class InitialAccessBrokerFindingDetail
|
|
1921
|
+
include Google::Apis::Core::Hashable
|
|
1922
|
+
|
|
1923
|
+
# Required. The unique identifier of the document that triggered the IAB finding.
|
|
1924
|
+
# This ID can be used to retrieve the content of the document for further
|
|
1925
|
+
# analysis.
|
|
1926
|
+
# Corresponds to the JSON property `documentId`
|
|
1927
|
+
# @return [String]
|
|
1928
|
+
attr_accessor :document_id
|
|
1929
|
+
|
|
1930
|
+
# Required. Reference to the match score of the IAB finding. This is a float
|
|
1931
|
+
# value between 0 and 1 calculated by the matching engine based on the
|
|
1932
|
+
# similarity of the document and the user provided configurations.
|
|
1933
|
+
# Corresponds to the JSON property `matchScore`
|
|
1934
|
+
# @return [Float]
|
|
1935
|
+
attr_accessor :match_score
|
|
1936
|
+
|
|
1937
|
+
# Required. The severity of the IAB finding. This indicates the potential impact
|
|
1938
|
+
# of the threat.
|
|
1939
|
+
# Corresponds to the JSON property `severity`
|
|
1940
|
+
# @return [String]
|
|
1941
|
+
attr_accessor :severity
|
|
1942
|
+
|
|
1943
|
+
def initialize(**args)
|
|
1944
|
+
update!(**args)
|
|
1945
|
+
end
|
|
1946
|
+
|
|
1947
|
+
# Update properties of this object
|
|
1948
|
+
def update!(**args)
|
|
1949
|
+
@document_id = args[:document_id] if args.key?(:document_id)
|
|
1950
|
+
@match_score = args[:match_score] if args.key?(:match_score)
|
|
1951
|
+
@severity = args[:severity] if args.key?(:severity)
|
|
1952
|
+
end
|
|
1953
|
+
end
|
|
1954
|
+
|
|
1955
|
+
# Captures the specific details of InsiderThreat alert.
|
|
1956
|
+
class InsiderThreatAlertDetail
|
|
1957
|
+
include Google::Apis::Core::Hashable
|
|
1958
|
+
|
|
1959
|
+
# Required. Array of ids to accommodate multiple discovery documents
|
|
1960
|
+
# Corresponds to the JSON property `discoveryDocumentIds`
|
|
1961
|
+
# @return [Array<String>]
|
|
1962
|
+
attr_accessor :discovery_document_ids
|
|
1963
|
+
|
|
1964
|
+
# Required. InsiderThreat specific severity This will be the string
|
|
1965
|
+
# representation of the InsiderThreatFindingDetail.Severityenum. (e.g., "LOW", "
|
|
1966
|
+
# MEDIUM", "HIGH", "CRITICAL")
|
|
1967
|
+
# Corresponds to the JSON property `severity`
|
|
1968
|
+
# @return [String]
|
|
1969
|
+
attr_accessor :severity
|
|
1970
|
+
|
|
1971
|
+
def initialize(**args)
|
|
1972
|
+
update!(**args)
|
|
1973
|
+
end
|
|
1974
|
+
|
|
1975
|
+
# Update properties of this object
|
|
1976
|
+
def update!(**args)
|
|
1977
|
+
@discovery_document_ids = args[:discovery_document_ids] if args.key?(:discovery_document_ids)
|
|
1978
|
+
@severity = args[:severity] if args.key?(:severity)
|
|
1979
|
+
end
|
|
1980
|
+
end
|
|
1981
|
+
|
|
1982
|
+
# A detail object for a InsiderThreat finding.
|
|
1983
|
+
class InsiderThreatFindingDetail
|
|
1984
|
+
include Google::Apis::Core::Hashable
|
|
1985
|
+
|
|
1986
|
+
# Required. The unique identifier of the document that triggered the
|
|
1987
|
+
# InsiderThreat finding. This ID can be used to retrieve the content of the
|
|
1988
|
+
# document for further analysis.
|
|
1989
|
+
# Corresponds to the JSON property `documentId`
|
|
1990
|
+
# @return [String]
|
|
1991
|
+
attr_accessor :document_id
|
|
1992
|
+
|
|
1993
|
+
# Required. Reference to the match score of the InsiderThreat finding. This is a
|
|
1994
|
+
# float value greater than 0 and less than or equal to 1 calculated by the
|
|
1995
|
+
# matching engine based on the similarity of the document and the user provided
|
|
1996
|
+
# configurations.
|
|
1997
|
+
# Corresponds to the JSON property `matchScore`
|
|
1998
|
+
# @return [Float]
|
|
1999
|
+
attr_accessor :match_score
|
|
2000
|
+
|
|
2001
|
+
# Required. The severity of the InsiderThreat finding. This indicates the
|
|
2002
|
+
# potential impact of the threat.
|
|
2003
|
+
# Corresponds to the JSON property `severity`
|
|
2004
|
+
# @return [String]
|
|
2005
|
+
attr_accessor :severity
|
|
2006
|
+
|
|
2007
|
+
def initialize(**args)
|
|
2008
|
+
update!(**args)
|
|
2009
|
+
end
|
|
2010
|
+
|
|
2011
|
+
# Update properties of this object
|
|
2012
|
+
def update!(**args)
|
|
2013
|
+
@document_id = args[:document_id] if args.key?(:document_id)
|
|
2014
|
+
@match_score = args[:match_score] if args.key?(:match_score)
|
|
2015
|
+
@severity = args[:severity] if args.key?(:severity)
|
|
2016
|
+
end
|
|
2017
|
+
end
|
|
2018
|
+
|
|
2019
|
+
# Response message for ListAlerts.
|
|
2020
|
+
class ListAlertsResponse
|
|
2021
|
+
include Google::Apis::Core::Hashable
|
|
2022
|
+
|
|
2023
|
+
# List of alerts.
|
|
2024
|
+
# Corresponds to the JSON property `alerts`
|
|
2025
|
+
# @return [Array<Google::Apis::ThreatintelligenceV1beta::Alert>]
|
|
2026
|
+
attr_accessor :alerts
|
|
2027
|
+
|
|
2028
|
+
# Page token.
|
|
2029
|
+
# Corresponds to the JSON property `nextPageToken`
|
|
2030
|
+
# @return [String]
|
|
2031
|
+
attr_accessor :next_page_token
|
|
2032
|
+
|
|
2033
|
+
def initialize(**args)
|
|
2034
|
+
update!(**args)
|
|
2035
|
+
end
|
|
2036
|
+
|
|
2037
|
+
# Update properties of this object
|
|
2038
|
+
def update!(**args)
|
|
2039
|
+
@alerts = args[:alerts] if args.key?(:alerts)
|
|
2040
|
+
@next_page_token = args[:next_page_token] if args.key?(:next_page_token)
|
|
2041
|
+
end
|
|
2042
|
+
end
|
|
2043
|
+
|
|
2044
|
+
# Response message for ListConfigurationRevisions.
|
|
2045
|
+
class ListConfigurationRevisionsResponse
|
|
2046
|
+
include Google::Apis::Core::Hashable
|
|
2047
|
+
|
|
2048
|
+
# A token, which can be sent as `page_token` to retrieve the next page. If this
|
|
2049
|
+
# field is omitted, there are no subsequent pages.
|
|
2050
|
+
# Corresponds to the JSON property `nextPageToken`
|
|
2051
|
+
# @return [String]
|
|
2052
|
+
attr_accessor :next_page_token
|
|
2053
|
+
|
|
2054
|
+
# The Configuration Revisions associated with the specified Configuration
|
|
2055
|
+
# Corresponds to the JSON property `revisions`
|
|
2056
|
+
# @return [Array<Google::Apis::ThreatintelligenceV1beta::ConfigurationRevision>]
|
|
2057
|
+
attr_accessor :revisions
|
|
2058
|
+
|
|
2059
|
+
def initialize(**args)
|
|
2060
|
+
update!(**args)
|
|
2061
|
+
end
|
|
2062
|
+
|
|
2063
|
+
# Update properties of this object
|
|
2064
|
+
def update!(**args)
|
|
2065
|
+
@next_page_token = args[:next_page_token] if args.key?(:next_page_token)
|
|
2066
|
+
@revisions = args[:revisions] if args.key?(:revisions)
|
|
2067
|
+
end
|
|
2068
|
+
end
|
|
2069
|
+
|
|
2070
|
+
# Response message for ListConfigurations.
|
|
2071
|
+
class ListConfigurationsResponse
|
|
2072
|
+
include Google::Apis::Core::Hashable
|
|
2073
|
+
|
|
2074
|
+
# List of configurations.
|
|
2075
|
+
# Corresponds to the JSON property `configurations`
|
|
2076
|
+
# @return [Array<Google::Apis::ThreatintelligenceV1beta::Configuration>]
|
|
2077
|
+
attr_accessor :configurations
|
|
2078
|
+
|
|
2079
|
+
# Page token.
|
|
2080
|
+
# Corresponds to the JSON property `nextPageToken`
|
|
2081
|
+
# @return [String]
|
|
2082
|
+
attr_accessor :next_page_token
|
|
2083
|
+
|
|
2084
|
+
def initialize(**args)
|
|
2085
|
+
update!(**args)
|
|
2086
|
+
end
|
|
2087
|
+
|
|
2088
|
+
# Update properties of this object
|
|
2089
|
+
def update!(**args)
|
|
2090
|
+
@configurations = args[:configurations] if args.key?(:configurations)
|
|
2091
|
+
@next_page_token = args[:next_page_token] if args.key?(:next_page_token)
|
|
2092
|
+
end
|
|
2093
|
+
end
|
|
2094
|
+
|
|
2095
|
+
# Response message for ListFindings.
|
|
2096
|
+
class ListFindingsResponse
|
|
2097
|
+
include Google::Apis::Core::Hashable
|
|
2098
|
+
|
|
2099
|
+
# List of findings.
|
|
2100
|
+
# Corresponds to the JSON property `findings`
|
|
2101
|
+
# @return [Array<Google::Apis::ThreatintelligenceV1beta::Finding>]
|
|
2102
|
+
attr_accessor :findings
|
|
2103
|
+
|
|
2104
|
+
# Page token.
|
|
2105
|
+
# Corresponds to the JSON property `nextPageToken`
|
|
2106
|
+
# @return [String]
|
|
2107
|
+
attr_accessor :next_page_token
|
|
2108
|
+
|
|
2109
|
+
def initialize(**args)
|
|
2110
|
+
update!(**args)
|
|
2111
|
+
end
|
|
2112
|
+
|
|
2113
|
+
# Update properties of this object
|
|
2114
|
+
def update!(**args)
|
|
2115
|
+
@findings = args[:findings] if args.key?(:findings)
|
|
2116
|
+
@next_page_token = args[:next_page_token] if args.key?(:next_page_token)
|
|
2117
|
+
end
|
|
2118
|
+
end
|
|
2119
|
+
|
|
2120
|
+
# Request message for MarkAlertAsBenign.
|
|
2121
|
+
class MarkAlertAsBenignRequest
|
|
2122
|
+
include Google::Apis::Core::Hashable
|
|
2123
|
+
|
|
2124
|
+
def initialize(**args)
|
|
2125
|
+
update!(**args)
|
|
2126
|
+
end
|
|
2127
|
+
|
|
2128
|
+
# Update properties of this object
|
|
2129
|
+
def update!(**args)
|
|
2130
|
+
end
|
|
2131
|
+
end
|
|
2132
|
+
|
|
2133
|
+
# Request message for MarkAlertAsDuplicate.
|
|
2134
|
+
class MarkAlertAsDuplicateRequest
|
|
2135
|
+
include Google::Apis::Core::Hashable
|
|
2136
|
+
|
|
2137
|
+
# Optional. Name of the alert to mark as a duplicate of. Format: projects/`
|
|
2138
|
+
# project`/alerts/`alert`
|
|
2139
|
+
# Corresponds to the JSON property `duplicateOf`
|
|
2140
|
+
# @return [String]
|
|
2141
|
+
attr_accessor :duplicate_of
|
|
2142
|
+
|
|
2143
|
+
def initialize(**args)
|
|
2144
|
+
update!(**args)
|
|
2145
|
+
end
|
|
2146
|
+
|
|
2147
|
+
# Update properties of this object
|
|
2148
|
+
def update!(**args)
|
|
2149
|
+
@duplicate_of = args[:duplicate_of] if args.key?(:duplicate_of)
|
|
2150
|
+
end
|
|
2151
|
+
end
|
|
2152
|
+
|
|
2153
|
+
# Request message for MarkAlertAsEscalated.
|
|
2154
|
+
class MarkAlertAsEscalatedRequest
|
|
2155
|
+
include Google::Apis::Core::Hashable
|
|
2156
|
+
|
|
2157
|
+
def initialize(**args)
|
|
2158
|
+
update!(**args)
|
|
2159
|
+
end
|
|
2160
|
+
|
|
2161
|
+
# Update properties of this object
|
|
2162
|
+
def update!(**args)
|
|
2163
|
+
end
|
|
2164
|
+
end
|
|
2165
|
+
|
|
2166
|
+
# Request message for MarkAlertAsFalsePositive.
|
|
2167
|
+
class MarkAlertAsFalsePositiveRequest
|
|
2168
|
+
include Google::Apis::Core::Hashable
|
|
2169
|
+
|
|
2170
|
+
def initialize(**args)
|
|
2171
|
+
update!(**args)
|
|
2172
|
+
end
|
|
2173
|
+
|
|
2174
|
+
# Update properties of this object
|
|
2175
|
+
def update!(**args)
|
|
2176
|
+
end
|
|
2177
|
+
end
|
|
2178
|
+
|
|
2179
|
+
# Request message for MarkAlertAsNotActionable.
|
|
2180
|
+
class MarkAlertAsNotActionableRequest
|
|
2181
|
+
include Google::Apis::Core::Hashable
|
|
2182
|
+
|
|
2183
|
+
def initialize(**args)
|
|
2184
|
+
update!(**args)
|
|
2185
|
+
end
|
|
2186
|
+
|
|
2187
|
+
# Update properties of this object
|
|
2188
|
+
def update!(**args)
|
|
2189
|
+
end
|
|
2190
|
+
end
|
|
2191
|
+
|
|
2192
|
+
# Request message for MarkAlertAsRead.
|
|
2193
|
+
class MarkAlertAsReadRequest
|
|
2194
|
+
include Google::Apis::Core::Hashable
|
|
2195
|
+
|
|
2196
|
+
def initialize(**args)
|
|
2197
|
+
update!(**args)
|
|
2198
|
+
end
|
|
2199
|
+
|
|
2200
|
+
# Update properties of this object
|
|
2201
|
+
def update!(**args)
|
|
2202
|
+
end
|
|
2203
|
+
end
|
|
2204
|
+
|
|
2205
|
+
# Request message for MarkAlertAsResolved.
|
|
2206
|
+
class MarkAlertAsResolvedRequest
|
|
2207
|
+
include Google::Apis::Core::Hashable
|
|
2208
|
+
|
|
2209
|
+
def initialize(**args)
|
|
2210
|
+
update!(**args)
|
|
2211
|
+
end
|
|
2212
|
+
|
|
2213
|
+
# Update properties of this object
|
|
2214
|
+
def update!(**args)
|
|
2215
|
+
end
|
|
2216
|
+
end
|
|
2217
|
+
|
|
2218
|
+
# Request message for MarkAlertAsTrackedExternally.
|
|
2219
|
+
class MarkAlertAsTrackedExternallyRequest
|
|
2220
|
+
include Google::Apis::Core::Hashable
|
|
2221
|
+
|
|
2222
|
+
def initialize(**args)
|
|
2223
|
+
update!(**args)
|
|
2224
|
+
end
|
|
2225
|
+
|
|
2226
|
+
# Update properties of this object
|
|
2227
|
+
def update!(**args)
|
|
2228
|
+
end
|
|
2229
|
+
end
|
|
2230
|
+
|
|
2231
|
+
# Request message for MarkAlertAsTriaged.
|
|
2232
|
+
class MarkAlertAsTriagedRequest
|
|
2233
|
+
include Google::Apis::Core::Hashable
|
|
2234
|
+
|
|
2235
|
+
def initialize(**args)
|
|
2236
|
+
update!(**args)
|
|
2237
|
+
end
|
|
2238
|
+
|
|
2239
|
+
# Update properties of this object
|
|
2240
|
+
def update!(**args)
|
|
2241
|
+
end
|
|
2242
|
+
end
|
|
2243
|
+
|
|
2244
|
+
# Misconfiguration finding detail.
|
|
2245
|
+
class MisconfigurationFindingDetail
|
|
2246
|
+
include Google::Apis::Core::Hashable
|
|
2247
|
+
|
|
2248
|
+
# Misconfiguration metadata.
|
|
2249
|
+
# Corresponds to the JSON property `misconfigurationMetadata`
|
|
2250
|
+
# @return [Google::Apis::ThreatintelligenceV1beta::MisconfigurationMetadata]
|
|
2251
|
+
attr_accessor :misconfiguration_metadata
|
|
2252
|
+
|
|
2253
|
+
def initialize(**args)
|
|
2254
|
+
update!(**args)
|
|
2255
|
+
end
|
|
2256
|
+
|
|
2257
|
+
# Update properties of this object
|
|
2258
|
+
def update!(**args)
|
|
2259
|
+
@misconfiguration_metadata = args[:misconfiguration_metadata] if args.key?(:misconfiguration_metadata)
|
|
2260
|
+
end
|
|
2261
|
+
end
|
|
2262
|
+
|
|
2263
|
+
# Misconfiguration metadata.
|
|
2264
|
+
class MisconfigurationMetadata
|
|
2265
|
+
include Google::Apis::Core::Hashable
|
|
2266
|
+
|
|
2267
|
+
# Optional. Description of the misconfiguration.
|
|
2268
|
+
# Corresponds to the JSON property `description`
|
|
2269
|
+
# @return [String]
|
|
2270
|
+
attr_accessor :description
|
|
2271
|
+
|
|
2272
|
+
# Optional. A user-friendly name for the misconfiguration.
|
|
2273
|
+
# Corresponds to the JSON property `displayName`
|
|
2274
|
+
# @return [String]
|
|
2275
|
+
attr_accessor :display_name
|
|
2276
|
+
|
|
2277
|
+
# Required. The identifier for the misconfiguration. This is an internal name
|
|
2278
|
+
# generated by the finding provider.
|
|
2279
|
+
# Corresponds to the JSON property `misconfigurationId`
|
|
2280
|
+
# @return [String]
|
|
2281
|
+
attr_accessor :misconfiguration_id
|
|
2282
|
+
|
|
2283
|
+
# Optional. References to external resources that provide more information about
|
|
2284
|
+
# the misconfiguration.
|
|
2285
|
+
# Corresponds to the JSON property `references`
|
|
2286
|
+
# @return [Array<Google::Apis::ThreatintelligenceV1beta::MisconfigurationReference>]
|
|
2287
|
+
attr_accessor :references
|
|
2288
|
+
|
|
2289
|
+
# Optional. Recommended remediation steps for the misconfiguration.
|
|
2290
|
+
# Corresponds to the JSON property `remediation`
|
|
2291
|
+
# @return [String]
|
|
2292
|
+
attr_accessor :remediation
|
|
2293
|
+
|
|
2294
|
+
# Optional. The endpoint which was found to have the vulnerability.
|
|
2295
|
+
# Corresponds to the JSON property `vulnerableUri`
|
|
2296
|
+
# @return [String]
|
|
2297
|
+
attr_accessor :vulnerable_uri
|
|
2298
|
+
|
|
2299
|
+
def initialize(**args)
|
|
2300
|
+
update!(**args)
|
|
2301
|
+
end
|
|
2302
|
+
|
|
2303
|
+
# Update properties of this object
|
|
2304
|
+
def update!(**args)
|
|
2305
|
+
@description = args[:description] if args.key?(:description)
|
|
2306
|
+
@display_name = args[:display_name] if args.key?(:display_name)
|
|
2307
|
+
@misconfiguration_id = args[:misconfiguration_id] if args.key?(:misconfiguration_id)
|
|
2308
|
+
@references = args[:references] if args.key?(:references)
|
|
2309
|
+
@remediation = args[:remediation] if args.key?(:remediation)
|
|
2310
|
+
@vulnerable_uri = args[:vulnerable_uri] if args.key?(:vulnerable_uri)
|
|
2311
|
+
end
|
|
2312
|
+
end
|
|
2313
|
+
|
|
2314
|
+
# A reference to an external resource that provides more information about a
|
|
2315
|
+
# misconfiguration.
|
|
2316
|
+
class MisconfigurationReference
|
|
2317
|
+
include Google::Apis::Core::Hashable
|
|
2318
|
+
|
|
2319
|
+
# Required. The type of the reference (e.g., "description", "remediation").
|
|
2320
|
+
# Corresponds to the JSON property `type`
|
|
2321
|
+
# @return [String]
|
|
2322
|
+
attr_accessor :type
|
|
2323
|
+
|
|
2324
|
+
# Required. The URI of the reference.
|
|
2325
|
+
# Corresponds to the JSON property `uri`
|
|
2326
|
+
# @return [String]
|
|
2327
|
+
attr_accessor :uri
|
|
2328
|
+
|
|
2329
|
+
def initialize(**args)
|
|
2330
|
+
update!(**args)
|
|
2331
|
+
end
|
|
2332
|
+
|
|
2333
|
+
# Update properties of this object
|
|
2334
|
+
def update!(**args)
|
|
2335
|
+
@type = args[:type] if args.key?(:type)
|
|
2336
|
+
@uri = args[:uri] if args.key?(:uri)
|
|
2337
|
+
end
|
|
2338
|
+
end
|
|
2339
|
+
|
|
2340
|
+
# Structured priority analysis for a threat.
|
|
2341
|
+
class PriorityAnalysis
|
|
2342
|
+
include Google::Apis::Core::Hashable
|
|
2343
|
+
|
|
2344
|
+
# The level of confidence in the given verdict.
|
|
2345
|
+
# Corresponds to the JSON property `confidence`
|
|
2346
|
+
# @return [String]
|
|
2347
|
+
attr_accessor :confidence
|
|
2348
|
+
|
|
2349
|
+
# The level of Priority.
|
|
2350
|
+
# Corresponds to the JSON property `priorityLevel`
|
|
2351
|
+
# @return [String]
|
|
2352
|
+
attr_accessor :priority_level
|
|
2353
|
+
|
|
2354
|
+
# Human-readable explanation from the model, detailing why a particular result
|
|
2355
|
+
# is considered to have a certain priority.
|
|
2356
|
+
# Corresponds to the JSON property `reasoning`
|
|
2357
|
+
# @return [String]
|
|
2358
|
+
attr_accessor :reasoning
|
|
2359
|
+
|
|
2360
|
+
def initialize(**args)
|
|
2361
|
+
update!(**args)
|
|
2362
|
+
end
|
|
2363
|
+
|
|
2364
|
+
# Update properties of this object
|
|
2365
|
+
def update!(**args)
|
|
2366
|
+
@confidence = args[:confidence] if args.key?(:confidence)
|
|
2367
|
+
@priority_level = args[:priority_level] if args.key?(:priority_level)
|
|
2368
|
+
@reasoning = args[:reasoning] if args.key?(:reasoning)
|
|
2369
|
+
end
|
|
2370
|
+
end
|
|
2371
|
+
|
|
2372
|
+
# Request message for FetchAlertUriStatus.
|
|
2373
|
+
class RefreshAlertUriStatusRequest
|
|
2374
|
+
include Google::Apis::Core::Hashable
|
|
2375
|
+
|
|
2376
|
+
def initialize(**args)
|
|
2377
|
+
update!(**args)
|
|
2378
|
+
end
|
|
2379
|
+
|
|
2380
|
+
# Update properties of this object
|
|
2381
|
+
def update!(**args)
|
|
2382
|
+
end
|
|
2383
|
+
end
|
|
2384
|
+
|
|
2385
|
+
# Response message for FetchAlertUriStatus.
|
|
2386
|
+
class RefreshAlertUriStatusResponse
|
|
2387
|
+
include Google::Apis::Core::Hashable
|
|
2388
|
+
|
|
2389
|
+
# Output only. Status of the alert in WebRisk.
|
|
2390
|
+
# Corresponds to the JSON property `state`
|
|
2391
|
+
# @return [String]
|
|
2392
|
+
attr_accessor :state
|
|
2393
|
+
|
|
2394
|
+
def initialize(**args)
|
|
2395
|
+
update!(**args)
|
|
2396
|
+
end
|
|
2397
|
+
|
|
2398
|
+
# Update properties of this object
|
|
2399
|
+
def update!(**args)
|
|
2400
|
+
@state = args[:state] if args.key?(:state)
|
|
2401
|
+
end
|
|
2402
|
+
end
|
|
2403
|
+
|
|
2404
|
+
# Structured relevance analysis for a threat.
|
|
2405
|
+
class RelevanceAnalysis
|
|
2406
|
+
include Google::Apis::Core::Hashable
|
|
2407
|
+
|
|
2408
|
+
# The level of confidence in the given verdict.
|
|
2409
|
+
# Corresponds to the JSON property `confidence`
|
|
2410
|
+
# @return [String]
|
|
2411
|
+
attr_accessor :confidence
|
|
2412
|
+
|
|
2413
|
+
# Details the evidence used to determine the relevance verdict.
|
|
2414
|
+
# Corresponds to the JSON property `evidence`
|
|
2415
|
+
# @return [Google::Apis::ThreatintelligenceV1beta::Evidence]
|
|
2416
|
+
attr_accessor :evidence
|
|
2417
|
+
|
|
2418
|
+
# Human-readable explanation from the matcher, detailing why a particular result
|
|
2419
|
+
# is considered relevant or not relevant.
|
|
2420
|
+
# Corresponds to the JSON property `reasoning`
|
|
2421
|
+
# @return [String]
|
|
2422
|
+
attr_accessor :reasoning
|
|
2423
|
+
|
|
2424
|
+
# The level of relevance.
|
|
2425
|
+
# Corresponds to the JSON property `relevanceLevel`
|
|
2426
|
+
# @return [String]
|
|
2427
|
+
attr_accessor :relevance_level
|
|
2428
|
+
|
|
2429
|
+
# Indicates whether the threat is considered relevant.
|
|
2430
|
+
# Corresponds to the JSON property `relevant`
|
|
2431
|
+
# @return [Boolean]
|
|
2432
|
+
attr_accessor :relevant
|
|
2433
|
+
alias_method :relevant?, :relevant
|
|
2434
|
+
|
|
2435
|
+
def initialize(**args)
|
|
2436
|
+
update!(**args)
|
|
2437
|
+
end
|
|
2438
|
+
|
|
2439
|
+
# Update properties of this object
|
|
2440
|
+
def update!(**args)
|
|
2441
|
+
@confidence = args[:confidence] if args.key?(:confidence)
|
|
2442
|
+
@evidence = args[:evidence] if args.key?(:evidence)
|
|
2443
|
+
@reasoning = args[:reasoning] if args.key?(:reasoning)
|
|
2444
|
+
@relevance_level = args[:relevance_level] if args.key?(:relevance_level)
|
|
2445
|
+
@relevant = args[:relevant] if args.key?(:relevant)
|
|
2446
|
+
end
|
|
2447
|
+
end
|
|
2448
|
+
|
|
2449
|
+
# Request message for ReportAlertUri.
|
|
2450
|
+
class ReportAlertUriRequest
|
|
2451
|
+
include Google::Apis::Core::Hashable
|
|
2452
|
+
|
|
2453
|
+
def initialize(**args)
|
|
2454
|
+
update!(**args)
|
|
2455
|
+
end
|
|
2456
|
+
|
|
2457
|
+
# Update properties of this object
|
|
2458
|
+
def update!(**args)
|
|
2459
|
+
end
|
|
2460
|
+
end
|
|
2461
|
+
|
|
2462
|
+
# Response message for ReportAlertUri.
|
|
2463
|
+
class ReportAlertUriResponse
|
|
2464
|
+
include Google::Apis::Core::Hashable
|
|
2465
|
+
|
|
2466
|
+
# Output only. Status of the alert in WebRisk.
|
|
2467
|
+
# Corresponds to the JSON property `state`
|
|
2468
|
+
# @return [String]
|
|
2469
|
+
attr_accessor :state
|
|
2470
|
+
|
|
2471
|
+
def initialize(**args)
|
|
2472
|
+
update!(**args)
|
|
2473
|
+
end
|
|
2474
|
+
|
|
2475
|
+
# Update properties of this object
|
|
2476
|
+
def update!(**args)
|
|
2477
|
+
@state = args[:state] if args.key?(:state)
|
|
2478
|
+
end
|
|
2479
|
+
end
|
|
2480
|
+
|
|
2481
|
+
# Response message for SearchFindings.
|
|
2482
|
+
class SearchFindingsResponse
|
|
2483
|
+
include Google::Apis::Core::Hashable
|
|
2484
|
+
|
|
2485
|
+
# List of findings.
|
|
2486
|
+
# Corresponds to the JSON property `findings`
|
|
2487
|
+
# @return [Array<Google::Apis::ThreatintelligenceV1beta::Finding>]
|
|
2488
|
+
attr_accessor :findings
|
|
2489
|
+
|
|
2490
|
+
# Page token.
|
|
2491
|
+
# Corresponds to the JSON property `nextPageToken`
|
|
2492
|
+
# @return [String]
|
|
2493
|
+
attr_accessor :next_page_token
|
|
2494
|
+
|
|
2495
|
+
def initialize(**args)
|
|
2496
|
+
update!(**args)
|
|
2497
|
+
end
|
|
2498
|
+
|
|
2499
|
+
# Update properties of this object
|
|
2500
|
+
def update!(**args)
|
|
2501
|
+
@findings = args[:findings] if args.key?(:findings)
|
|
2502
|
+
@next_page_token = args[:next_page_token] if args.key?(:next_page_token)
|
|
2503
|
+
end
|
|
2504
|
+
end
|
|
2505
|
+
|
|
2506
|
+
# Structured severity analysis for a threat.
|
|
2507
|
+
class SeverityAnalysis
|
|
2508
|
+
include Google::Apis::Core::Hashable
|
|
2509
|
+
|
|
2510
|
+
# The level of confidence in the given verdict.
|
|
2511
|
+
# Corresponds to the JSON property `confidence`
|
|
2512
|
+
# @return [String]
|
|
2513
|
+
attr_accessor :confidence
|
|
2514
|
+
|
|
2515
|
+
# Human-readable explanation from the model, detailing why a particular result
|
|
2516
|
+
# is considered to have a certain severity.
|
|
2517
|
+
# Corresponds to the JSON property `reasoning`
|
|
2518
|
+
# @return [String]
|
|
2519
|
+
attr_accessor :reasoning
|
|
2520
|
+
|
|
2521
|
+
# The level of severity.
|
|
2522
|
+
# Corresponds to the JSON property `severityLevel`
|
|
2523
|
+
# @return [String]
|
|
2524
|
+
attr_accessor :severity_level
|
|
2525
|
+
|
|
2526
|
+
def initialize(**args)
|
|
2527
|
+
update!(**args)
|
|
2528
|
+
end
|
|
2529
|
+
|
|
2530
|
+
# Update properties of this object
|
|
2531
|
+
def update!(**args)
|
|
2532
|
+
@confidence = args[:confidence] if args.key?(:confidence)
|
|
2533
|
+
@reasoning = args[:reasoning] if args.key?(:reasoning)
|
|
2534
|
+
@severity_level = args[:severity_level] if args.key?(:severity_level)
|
|
2535
|
+
end
|
|
2536
|
+
end
|
|
2537
|
+
|
|
2538
|
+
# The alert detail for a suspicious domain finding.
|
|
2539
|
+
class SuspiciousDomainAlertDetail
|
|
2540
|
+
include Google::Apis::Core::Hashable
|
|
2541
|
+
|
|
2542
|
+
# The DNS details of the suspicious domain.
|
|
2543
|
+
# Corresponds to the JSON property `dns`
|
|
2544
|
+
# @return [Google::Apis::ThreatintelligenceV1beta::SuspiciousDomainDnsDetails]
|
|
2545
|
+
attr_accessor :dns
|
|
2546
|
+
|
|
2547
|
+
# Required. The suspicious domain name.
|
|
2548
|
+
# Corresponds to the JSON property `domain`
|
|
2549
|
+
# @return [String]
|
|
2550
|
+
attr_accessor :domain
|
|
2551
|
+
|
|
2552
|
+
# The GTI details of the suspicious domain.
|
|
2553
|
+
# Corresponds to the JSON property `gtiDetails`
|
|
2554
|
+
# @return [Google::Apis::ThreatintelligenceV1beta::SuspiciousDomainGtiDetails]
|
|
2555
|
+
attr_accessor :gti_details
|
|
2556
|
+
|
|
2557
|
+
# Output only. Name of Web Risk submission operation.
|
|
2558
|
+
# Corresponds to the JSON property `webRiskOperation`
|
|
2559
|
+
# @return [String]
|
|
2560
|
+
attr_accessor :web_risk_operation
|
|
2561
|
+
|
|
2562
|
+
# Output only. Status of the Web Risk submission.
|
|
2563
|
+
# Corresponds to the JSON property `webRiskState`
|
|
2564
|
+
# @return [String]
|
|
2565
|
+
attr_accessor :web_risk_state
|
|
2566
|
+
|
|
2567
|
+
# The whois details of the suspicious domain.
|
|
2568
|
+
# Corresponds to the JSON property `whois`
|
|
2569
|
+
# @return [Google::Apis::ThreatintelligenceV1beta::SuspiciousDomainWhoIsDetails]
|
|
2570
|
+
attr_accessor :whois
|
|
2571
|
+
|
|
2572
|
+
def initialize(**args)
|
|
2573
|
+
update!(**args)
|
|
2574
|
+
end
|
|
2575
|
+
|
|
2576
|
+
# Update properties of this object
|
|
2577
|
+
def update!(**args)
|
|
2578
|
+
@dns = args[:dns] if args.key?(:dns)
|
|
2579
|
+
@domain = args[:domain] if args.key?(:domain)
|
|
2580
|
+
@gti_details = args[:gti_details] if args.key?(:gti_details)
|
|
2581
|
+
@web_risk_operation = args[:web_risk_operation] if args.key?(:web_risk_operation)
|
|
2582
|
+
@web_risk_state = args[:web_risk_state] if args.key?(:web_risk_state)
|
|
2583
|
+
@whois = args[:whois] if args.key?(:whois)
|
|
2584
|
+
end
|
|
2585
|
+
end
|
|
2586
|
+
|
|
2587
|
+
# The DNS details of the suspicious domain.
|
|
2588
|
+
class SuspiciousDomainDnsDetails
|
|
2589
|
+
include Google::Apis::Core::Hashable
|
|
2590
|
+
|
|
2591
|
+
# The DNS records of the suspicious domain.
|
|
2592
|
+
# Corresponds to the JSON property `dnsRecords`
|
|
2593
|
+
# @return [Array<Google::Apis::ThreatintelligenceV1beta::SuspiciousDomainDnsRecord>]
|
|
2594
|
+
attr_accessor :dns_records
|
|
2595
|
+
|
|
2596
|
+
# The time the DNS details were retrieved.
|
|
2597
|
+
# Corresponds to the JSON property `retrievalTime`
|
|
2598
|
+
# @return [String]
|
|
2599
|
+
attr_accessor :retrieval_time
|
|
2600
|
+
|
|
2601
|
+
def initialize(**args)
|
|
2602
|
+
update!(**args)
|
|
2603
|
+
end
|
|
2604
|
+
|
|
2605
|
+
# Update properties of this object
|
|
2606
|
+
def update!(**args)
|
|
2607
|
+
@dns_records = args[:dns_records] if args.key?(:dns_records)
|
|
2608
|
+
@retrieval_time = args[:retrieval_time] if args.key?(:retrieval_time)
|
|
2609
|
+
end
|
|
2610
|
+
end
|
|
2611
|
+
|
|
2612
|
+
# The DNS record of the suspicious domain.
|
|
2613
|
+
class SuspiciousDomainDnsRecord
|
|
2614
|
+
include Google::Apis::Core::Hashable
|
|
2615
|
+
|
|
2616
|
+
# The name of the DNS record.
|
|
2617
|
+
# Corresponds to the JSON property `record`
|
|
2618
|
+
# @return [String]
|
|
2619
|
+
attr_accessor :record
|
|
2620
|
+
|
|
2621
|
+
# The TTL of the DNS record.
|
|
2622
|
+
# Corresponds to the JSON property `ttl`
|
|
2623
|
+
# @return [Fixnum]
|
|
2624
|
+
attr_accessor :ttl
|
|
2625
|
+
|
|
2626
|
+
# The type of the DNS record.
|
|
2627
|
+
# Corresponds to the JSON property `type`
|
|
2628
|
+
# @return [String]
|
|
2629
|
+
attr_accessor :type
|
|
2630
|
+
|
|
2631
|
+
# The value of the DNS record.
|
|
2632
|
+
# Corresponds to the JSON property `value`
|
|
2633
|
+
# @return [String]
|
|
2634
|
+
attr_accessor :value
|
|
2635
|
+
|
|
2636
|
+
def initialize(**args)
|
|
2637
|
+
update!(**args)
|
|
2638
|
+
end
|
|
2639
|
+
|
|
2640
|
+
# Update properties of this object
|
|
2641
|
+
def update!(**args)
|
|
2642
|
+
@record = args[:record] if args.key?(:record)
|
|
2643
|
+
@ttl = args[:ttl] if args.key?(:ttl)
|
|
2644
|
+
@type = args[:type] if args.key?(:type)
|
|
2645
|
+
@value = args[:value] if args.key?(:value)
|
|
2646
|
+
end
|
|
2647
|
+
end
|
|
2648
|
+
|
|
2649
|
+
# A detailed object for a suspicious Domain finding.
|
|
2650
|
+
class SuspiciousDomainFindingDetail
|
|
2651
|
+
include Google::Apis::Core::Hashable
|
|
2652
|
+
|
|
2653
|
+
# The DNS details of the suspicious domain.
|
|
2654
|
+
# Corresponds to the JSON property `dns`
|
|
2655
|
+
# @return [Google::Apis::ThreatintelligenceV1beta::SuspiciousDomainDnsDetails]
|
|
2656
|
+
attr_accessor :dns
|
|
2657
|
+
|
|
2658
|
+
# Required. The suspicious domain name.
|
|
2659
|
+
# Corresponds to the JSON property `domain`
|
|
2660
|
+
# @return [String]
|
|
2661
|
+
attr_accessor :domain
|
|
2662
|
+
|
|
2663
|
+
# The GTI details of the suspicious domain.
|
|
2664
|
+
# Corresponds to the JSON property `gtiDetails`
|
|
2665
|
+
# @return [Google::Apis::ThreatintelligenceV1beta::SuspiciousDomainGtiDetails]
|
|
2666
|
+
attr_accessor :gti_details
|
|
2667
|
+
|
|
2668
|
+
# Required. Reference to the match score of the finding. This is a float value
|
|
2669
|
+
# between 0 and 1 calculated by the matching engine.
|
|
2670
|
+
# Corresponds to the JSON property `matchScore`
|
|
2671
|
+
# @return [Float]
|
|
2672
|
+
attr_accessor :match_score
|
|
2673
|
+
|
|
2674
|
+
# Required. The severity of the finding. This indicates the potential impact of
|
|
2675
|
+
# the threat.
|
|
2676
|
+
# Corresponds to the JSON property `severity`
|
|
2677
|
+
# @return [String]
|
|
2678
|
+
attr_accessor :severity
|
|
2679
|
+
|
|
2680
|
+
# The whois details of the suspicious domain.
|
|
2681
|
+
# Corresponds to the JSON property `whois`
|
|
2682
|
+
# @return [Google::Apis::ThreatintelligenceV1beta::SuspiciousDomainWhoIsDetails]
|
|
2683
|
+
attr_accessor :whois
|
|
2684
|
+
|
|
2685
|
+
def initialize(**args)
|
|
2686
|
+
update!(**args)
|
|
2687
|
+
end
|
|
2688
|
+
|
|
2689
|
+
# Update properties of this object
|
|
2690
|
+
def update!(**args)
|
|
2691
|
+
@dns = args[:dns] if args.key?(:dns)
|
|
2692
|
+
@domain = args[:domain] if args.key?(:domain)
|
|
2693
|
+
@gti_details = args[:gti_details] if args.key?(:gti_details)
|
|
2694
|
+
@match_score = args[:match_score] if args.key?(:match_score)
|
|
2695
|
+
@severity = args[:severity] if args.key?(:severity)
|
|
2696
|
+
@whois = args[:whois] if args.key?(:whois)
|
|
2697
|
+
end
|
|
2698
|
+
end
|
|
2699
|
+
|
|
2700
|
+
# The GTI details of the suspicious domain.
|
|
2701
|
+
class SuspiciousDomainGtiDetails
|
|
2702
|
+
include Google::Apis::Core::Hashable
|
|
2703
|
+
|
|
2704
|
+
# The threat score of the suspicious domain. The threat score is a number
|
|
2705
|
+
# between 0 and 100.
|
|
2706
|
+
# Corresponds to the JSON property `threatScore`
|
|
2707
|
+
# @return [Fixnum]
|
|
2708
|
+
attr_accessor :threat_score
|
|
2709
|
+
|
|
2710
|
+
# Output only. The verdict of the suspicious domain.
|
|
2711
|
+
# Corresponds to the JSON property `verdict`
|
|
2712
|
+
# @return [String]
|
|
2713
|
+
attr_accessor :verdict
|
|
2714
|
+
|
|
2715
|
+
# VirusTotal link for the domain
|
|
2716
|
+
# Corresponds to the JSON property `virustotalUri`
|
|
2717
|
+
# @return [String]
|
|
2718
|
+
attr_accessor :virustotal_uri
|
|
2719
|
+
|
|
2720
|
+
def initialize(**args)
|
|
2721
|
+
update!(**args)
|
|
2722
|
+
end
|
|
2723
|
+
|
|
2724
|
+
# Update properties of this object
|
|
2725
|
+
def update!(**args)
|
|
2726
|
+
@threat_score = args[:threat_score] if args.key?(:threat_score)
|
|
2727
|
+
@verdict = args[:verdict] if args.key?(:verdict)
|
|
2728
|
+
@virustotal_uri = args[:virustotal_uri] if args.key?(:virustotal_uri)
|
|
2729
|
+
end
|
|
2730
|
+
end
|
|
2731
|
+
|
|
2732
|
+
# The whois details of the suspicious domain.
|
|
2733
|
+
class SuspiciousDomainWhoIsDetails
|
|
2734
|
+
include Google::Apis::Core::Hashable
|
|
2735
|
+
|
|
2736
|
+
# The time the whois details were retrieved.
|
|
2737
|
+
# Corresponds to the JSON property `retrievalTime`
|
|
2738
|
+
# @return [String]
|
|
2739
|
+
attr_accessor :retrieval_time
|
|
2740
|
+
|
|
2741
|
+
# The whois details of the suspicious domain.
|
|
2742
|
+
# Corresponds to the JSON property `whois`
|
|
2743
|
+
# @return [String]
|
|
2744
|
+
attr_accessor :whois
|
|
2745
|
+
|
|
2746
|
+
def initialize(**args)
|
|
2747
|
+
update!(**args)
|
|
2748
|
+
end
|
|
2749
|
+
|
|
2750
|
+
# Update properties of this object
|
|
2751
|
+
def update!(**args)
|
|
2752
|
+
@retrieval_time = args[:retrieval_time] if args.key?(:retrieval_time)
|
|
2753
|
+
@whois = args[:whois] if args.key?(:whois)
|
|
2754
|
+
end
|
|
2755
|
+
end
|
|
2756
|
+
|
|
2757
|
+
# Contains details for a technology watchlist alert.
|
|
2758
|
+
class TargetTechnologyAlertDetail
|
|
2759
|
+
include Google::Apis::Core::Hashable
|
|
2760
|
+
|
|
2761
|
+
# Contains details about a vulnerability match.
|
|
2762
|
+
# Corresponds to the JSON property `vulnerabilityMatch`
|
|
2763
|
+
# @return [Google::Apis::ThreatintelligenceV1beta::VulnerabilityMatch]
|
|
2764
|
+
attr_accessor :vulnerability_match
|
|
2765
|
+
|
|
2766
|
+
def initialize(**args)
|
|
2767
|
+
update!(**args)
|
|
2768
|
+
end
|
|
2769
|
+
|
|
2770
|
+
# Update properties of this object
|
|
2771
|
+
def update!(**args)
|
|
2772
|
+
@vulnerability_match = args[:vulnerability_match] if args.key?(:vulnerability_match)
|
|
2773
|
+
end
|
|
2774
|
+
end
|
|
2775
|
+
|
|
2776
|
+
# Contains details for a technology watchlist finding.
|
|
2777
|
+
class TargetTechnologyFindingDetail
|
|
2778
|
+
include Google::Apis::Core::Hashable
|
|
2779
|
+
|
|
2780
|
+
# Contains details about a vulnerability match.
|
|
2781
|
+
# Corresponds to the JSON property `vulnerabilityMatch`
|
|
2782
|
+
# @return [Google::Apis::ThreatintelligenceV1beta::VulnerabilityMatch]
|
|
2783
|
+
attr_accessor :vulnerability_match
|
|
2784
|
+
|
|
2785
|
+
def initialize(**args)
|
|
2786
|
+
update!(**args)
|
|
2787
|
+
end
|
|
2788
|
+
|
|
2789
|
+
# Update properties of this object
|
|
2790
|
+
def update!(**args)
|
|
2791
|
+
@vulnerability_match = args[:vulnerability_match] if args.key?(:vulnerability_match)
|
|
2792
|
+
end
|
|
2793
|
+
end
|
|
2794
|
+
|
|
2795
|
+
# TechnologyWatchListAlertThreshold contains the thresholds for alerting.
|
|
2796
|
+
class TechnologyWatchListAlertThreshold
|
|
2797
|
+
include Google::Apis::Core::Hashable
|
|
2798
|
+
|
|
2799
|
+
# Optional. The minimum cvss V3 score for the alert. Ex: 7.0. Valid range is [0.
|
|
2800
|
+
# 0, 10.0].
|
|
2801
|
+
# Corresponds to the JSON property `cvssScoreMinimum`
|
|
2802
|
+
# @return [Float]
|
|
2803
|
+
attr_accessor :cvss_score_minimum
|
|
2804
|
+
|
|
2805
|
+
# Optional. The minimum epss score for the alert. Ex: 0.8. Valid range is [0.0,
|
|
2806
|
+
# 1.0].
|
|
2807
|
+
# Corresponds to the JSON property `epssScoreMinimum`
|
|
2808
|
+
# @return [Float]
|
|
2809
|
+
attr_accessor :epss_score_minimum
|
|
2810
|
+
|
|
2811
|
+
# Optional. The exploitation states of the alert.
|
|
2812
|
+
# Corresponds to the JSON property `exploitationStates`
|
|
2813
|
+
# @return [Array<String>]
|
|
2814
|
+
attr_accessor :exploitation_states
|
|
2815
|
+
|
|
2816
|
+
# Optional. The minimum priority for the alert.
|
|
2817
|
+
# Corresponds to the JSON property `priorityMinimum`
|
|
2818
|
+
# @return [String]
|
|
2819
|
+
attr_accessor :priority_minimum
|
|
2820
|
+
|
|
2821
|
+
def initialize(**args)
|
|
2822
|
+
update!(**args)
|
|
2823
|
+
end
|
|
2824
|
+
|
|
2825
|
+
# Update properties of this object
|
|
2826
|
+
def update!(**args)
|
|
2827
|
+
@cvss_score_minimum = args[:cvss_score_minimum] if args.key?(:cvss_score_minimum)
|
|
2828
|
+
@epss_score_minimum = args[:epss_score_minimum] if args.key?(:epss_score_minimum)
|
|
2829
|
+
@exploitation_states = args[:exploitation_states] if args.key?(:exploitation_states)
|
|
2830
|
+
@priority_minimum = args[:priority_minimum] if args.key?(:priority_minimum)
|
|
2831
|
+
end
|
|
2832
|
+
end
|
|
2833
|
+
|
|
2834
|
+
# TechnologyWatchListConfig is the configuration for the technology watchlist.
|
|
2835
|
+
class TechnologyWatchListConfig
|
|
2836
|
+
include Google::Apis::Core::Hashable
|
|
2837
|
+
|
|
2838
|
+
# TechnologyWatchListAlertThreshold contains the thresholds for alerting.
|
|
2839
|
+
# Corresponds to the JSON property `alertThreshold`
|
|
2840
|
+
# @return [Google::Apis::ThreatintelligenceV1beta::TechnologyWatchListAlertThreshold]
|
|
2841
|
+
attr_accessor :alert_threshold
|
|
2842
|
+
|
|
2843
|
+
# Optional. List of vendor, technology or cpe fingerprint. example: Microsoft
|
|
2844
|
+
# office 360 Apache Server 3.5 cpe:2.3:a:microsoft:outlook:*:*:*:*:*:*:*:*
|
|
2845
|
+
# Corresponds to the JSON property `technologies`
|
|
2846
|
+
# @return [Array<String>]
|
|
2847
|
+
attr_accessor :technologies
|
|
2848
|
+
|
|
2849
|
+
def initialize(**args)
|
|
2850
|
+
update!(**args)
|
|
2851
|
+
end
|
|
2852
|
+
|
|
2853
|
+
# Update properties of this object
|
|
2854
|
+
def update!(**args)
|
|
2855
|
+
@alert_threshold = args[:alert_threshold] if args.key?(:alert_threshold)
|
|
2856
|
+
@technologies = args[:technologies] if args.key?(:technologies)
|
|
2857
|
+
end
|
|
2858
|
+
end
|
|
2859
|
+
|
|
2860
|
+
# Response message for UpsertConfiguration.
|
|
2861
|
+
class UpsertConfigurationResponse
|
|
2862
|
+
include Google::Apis::Core::Hashable
|
|
2863
|
+
|
|
2864
|
+
# Output only. Created configuration ID with server assigned id.
|
|
2865
|
+
# Corresponds to the JSON property `configuration`
|
|
2866
|
+
# @return [String]
|
|
2867
|
+
attr_accessor :configuration
|
|
2868
|
+
|
|
2869
|
+
def initialize(**args)
|
|
2870
|
+
update!(**args)
|
|
2871
|
+
end
|
|
2872
|
+
|
|
2873
|
+
# Update properties of this object
|
|
2874
|
+
def update!(**args)
|
|
2875
|
+
@configuration = args[:configuration] if args.key?(:configuration)
|
|
2876
|
+
end
|
|
2877
|
+
end
|
|
2878
|
+
|
|
2879
|
+
# Contains details about a vulnerability match.
|
|
2880
|
+
class VulnerabilityMatch
|
|
2881
|
+
include Google::Apis::Core::Hashable
|
|
2882
|
+
|
|
2883
|
+
# Optional. Associated threat actors, malware, etc. This is embedded as a
|
|
2884
|
+
# snapshot because the details of the association at the time of the
|
|
2885
|
+
# vulnerability match are important for context and reporting.
|
|
2886
|
+
# Corresponds to the JSON property `associations`
|
|
2887
|
+
# @return [Array<Google::Apis::ThreatintelligenceV1beta::Association>]
|
|
2888
|
+
attr_accessor :associations
|
|
2889
|
+
|
|
2890
|
+
# Output only. The collection ID of the vulnerability. Ex: "vulnerability--cve-
|
|
2891
|
+
# 2025-9876".
|
|
2892
|
+
# Corresponds to the JSON property `collectionId`
|
|
2893
|
+
# @return [String]
|
|
2894
|
+
attr_accessor :collection_id
|
|
2895
|
+
|
|
2896
|
+
# Output only. The CVE ID of the vulnerability. Ex: "CVE-2025-9876". See https://
|
|
2897
|
+
# www.cve.org/ for more information.
|
|
2898
|
+
# Corresponds to the JSON property `cveId`
|
|
2899
|
+
# @return [String]
|
|
2900
|
+
attr_accessor :cve_id
|
|
2901
|
+
|
|
2902
|
+
# Output only. The CVSS v3 score of the vulnerability. Example: 6.4.
|
|
2903
|
+
# Corresponds to the JSON property `cvss3Score`
|
|
2904
|
+
# @return [Float]
|
|
2905
|
+
attr_accessor :cvss3_score
|
|
2906
|
+
|
|
2907
|
+
# Output only. A description of the vulnerability.
|
|
2908
|
+
# Corresponds to the JSON property `description`
|
|
2909
|
+
# @return [String]
|
|
2910
|
+
attr_accessor :description
|
|
2911
|
+
|
|
2912
|
+
# Output only. The exploitation state of the vulnerability.
|
|
2913
|
+
# Corresponds to the JSON property `exploitationState`
|
|
2914
|
+
# @return [String]
|
|
2915
|
+
attr_accessor :exploitation_state
|
|
2916
|
+
|
|
2917
|
+
# Output only. The risk rating of the vulnerability.
|
|
2918
|
+
# Corresponds to the JSON property `riskRating`
|
|
2919
|
+
# @return [String]
|
|
2920
|
+
attr_accessor :risk_rating
|
|
2921
|
+
|
|
2922
|
+
# Output only. The affected technologies. Ex: "Apache Struts".
|
|
2923
|
+
# Corresponds to the JSON property `technologies`
|
|
2924
|
+
# @return [Array<String>]
|
|
2925
|
+
attr_accessor :technologies
|
|
2926
|
+
|
|
2927
|
+
def initialize(**args)
|
|
2928
|
+
update!(**args)
|
|
2929
|
+
end
|
|
2930
|
+
|
|
2931
|
+
# Update properties of this object
|
|
2932
|
+
def update!(**args)
|
|
2933
|
+
@associations = args[:associations] if args.key?(:associations)
|
|
2934
|
+
@collection_id = args[:collection_id] if args.key?(:collection_id)
|
|
2935
|
+
@cve_id = args[:cve_id] if args.key?(:cve_id)
|
|
2936
|
+
@cvss3_score = args[:cvss3_score] if args.key?(:cvss3_score)
|
|
2937
|
+
@description = args[:description] if args.key?(:description)
|
|
2938
|
+
@exploitation_state = args[:exploitation_state] if args.key?(:exploitation_state)
|
|
2939
|
+
@risk_rating = args[:risk_rating] if args.key?(:risk_rating)
|
|
2940
|
+
@technologies = args[:technologies] if args.key?(:technologies)
|
|
2941
|
+
end
|
|
2942
|
+
end
|
|
2943
|
+
end
|
|
2944
|
+
end
|
|
2945
|
+
end
|