// Copyright 2022 Luca Casonato. All rights reserved. MIT license. /** * Threat Intelligence API Client for Deno * ======================================= * * threatintelligence.googleapis.com API. * * Docs: https://docs.cloud.google.com/threatintelligence/ * Source: https://googleapis.deno.dev/v1/threatintelligence:v1beta.ts */ import { auth, CredentialsClient, GoogleAuth, request } from "/_/base@v1/mod.ts"; export { auth, GoogleAuth }; export type { CredentialsClient }; /** * threatintelligence.googleapis.com API. */ export class ThreatIntelligence { #client: CredentialsClient | undefined; #baseUrl: string; constructor(client?: CredentialsClient, baseUrl: string = "https://threatintelligence.googleapis.com/") { this.#client = client; this.#baseUrl = baseUrl; } /** * Marks an alert as benign - BENIGN. * * @param name Required. Name of the alert to mark as a benign. Format: projects/{project}/alerts/{alert} */ async projectsAlertsBenign(name: string, req: MarkAlertAsBenignRequest): Promise { const url = new URL(`${this.#baseUrl}v1beta/${ name }:benign`); const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "POST", body, }); return data as Alert; } /** * Gets a specific document associated with an alert. * * @param name Required. Name of the alert document to get. Format: projects/{project}/alerts/{alert}/documents/{document} */ async projectsAlertsDocumentsGet(name: string): Promise { const url = new URL(`${this.#baseUrl}v1beta/${ name }`); const data = await request(url.href, { client: this.#client, method: "GET", }); return data as AlertDocument; } /** * Marks an alert as a duplicate of another alert. - DUPLICATE. * * @param name Required. Name of the alert to mark as a duplicate. Format: projects/{project}/alerts/{alert} */ async projectsAlertsDuplicate(name: string, req: MarkAlertAsDuplicateRequest): Promise { const url = new URL(`${this.#baseUrl}v1beta/${ name }:duplicate`); const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "POST", body, }); return data as Alert; } /** * EnumerateAlertFacets returns the facets and the number of alerts that meet * the filter criteria and have that value for each facet. * * @param parent Required. Parent of the alerts. */ async projectsAlertsEnumerateFacets(parent: string, opts: ProjectsAlertsEnumerateFacetsOptions = {}): Promise { const url = new URL(`${this.#baseUrl}v1beta/${ parent }/alerts:enumerateFacets`); if (opts.filter !== undefined) { url.searchParams.append("filter", String(opts.filter)); } const data = await request(url.href, { client: this.#client, method: "GET", }); return deserializeEnumerateAlertFacetsResponse(data); } /** * Marks an alert as escalated - ESCALATED. * * @param name Required. Name of the alert to mark as escalated. Format: projects/{project}/alerts/{alert} */ async projectsAlertsEscalate(name: string, req: MarkAlertAsEscalatedRequest): Promise { const url = new URL(`${this.#baseUrl}v1beta/${ name }:escalate`); const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "POST", body, }); return data as Alert; } /** * Marks an alert as a false positive - FALSE_POSITIVE. * * @param name Required. Name of the alert to mark as a false positive. Format: projects/{project}/alerts/{alert} */ async projectsAlertsFalsePositive(name: string, req: MarkAlertAsFalsePositiveRequest): Promise { const url = new URL(`${this.#baseUrl}v1beta/${ name }:falsePositive`); const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "POST", body, }); return data as Alert; } /** * Get an alert by name. * * @param name Required. Name of the alert to get. Format: projects/{project}/alerts/{alert} */ async projectsAlertsGet(name: string): Promise { const url = new URL(`${this.#baseUrl}v1beta/${ name }`); const data = await request(url.href, { client: this.#client, method: "GET", }); return data as Alert; } /** * Get a list of alerts that meet the filter criteria. * * @param parent Required. Parent of the alerts. Format: projects/{project} */ async projectsAlertsList(parent: string, opts: ProjectsAlertsListOptions = {}): Promise { const url = new URL(`${this.#baseUrl}v1beta/${ parent }/alerts`); if (opts.filter !== undefined) { url.searchParams.append("filter", String(opts.filter)); } if (opts.orderBy !== undefined) { url.searchParams.append("orderBy", String(opts.orderBy)); } if (opts.pageSize !== undefined) { url.searchParams.append("pageSize", String(opts.pageSize)); } if (opts.pageToken !== undefined) { url.searchParams.append("pageToken", String(opts.pageToken)); } const data = await request(url.href, { client: this.#client, method: "GET", }); return data as ListAlertsResponse; } /** * Marks an alert as not actionable - NOT_ACTIONABLE. * * @param name Required. Name of the alert to mark as a not actionable. Format: projects/{project}/alerts/{alert} */ async projectsAlertsNotActionable(name: string, req: MarkAlertAsNotActionableRequest): Promise { const url = new URL(`${this.#baseUrl}v1beta/${ name }:notActionable`); const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "POST", body, }); return data as Alert; } /** * Marks an alert as read - READ. * * @param name Required. Name of the alert to mark as read. Format: projects/{project}/alerts/{alert} */ async projectsAlertsRead(name: string, req: MarkAlertAsReadRequest): Promise { const url = new URL(`${this.#baseUrl}v1beta/${ name }:read`); const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "POST", body, }); return data as Alert; } /** * Marks an alert to closed state - RESOLVED. * * @param name Required. Name of the alert to mark as resolved. Format: projects/{project}/alerts/{alert} */ async projectsAlertsResolve(name: string, req: MarkAlertAsResolvedRequest): Promise { const url = new URL(`${this.#baseUrl}v1beta/${ name }:resolve`); const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "POST", body, }); return data as Alert; } /** * Marks an alert as tracked externally - TRACKED_EXTERNALLY. * * @param name Required. Name of the alert to mark as tracked externally. Format: projects/{project}/alerts/{alert} */ async projectsAlertsTrackExternally(name: string, req: MarkAlertAsTrackedExternallyRequest): Promise { const url = new URL(`${this.#baseUrl}v1beta/${ name }:trackExternally`); const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "POST", body, }); return data as Alert; } /** * Marks an alert as triaged - TRIAGED. * * @param name Required. Name of the alert to mark as a triaged. Format: projects/{project}/alerts/{alert} */ async projectsAlertsTriage(name: string, req: MarkAlertAsTriagedRequest): Promise { const url = new URL(`${this.#baseUrl}v1beta/${ name }:triage`); const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "POST", body, }); return data as Alert; } /** * Get a configuration by name. * * @param name Required. Name of the configuration to get. Format: vaults/{vault}/configurations/{configuration} */ async projectsConfigurationsGet(name: string): Promise { const url = new URL(`${this.#baseUrl}v1beta/${ name }`); const data = await request(url.href, { client: this.#client, method: "GET", }); return deserializeConfiguration(data); } /** * Get a list of configurations that meet the filter criteria. * * @param parent Required. Parent of the configuration. Format: vaults/{vault} */ async projectsConfigurationsList(parent: string, opts: ProjectsConfigurationsListOptions = {}): Promise { const url = new URL(`${this.#baseUrl}v1beta/${ parent }/configurations`); if (opts.filter !== undefined) { url.searchParams.append("filter", String(opts.filter)); } if (opts.orderBy !== undefined) { url.searchParams.append("orderBy", String(opts.orderBy)); } if (opts.pageSize !== undefined) { url.searchParams.append("pageSize", String(opts.pageSize)); } if (opts.pageToken !== undefined) { url.searchParams.append("pageToken", String(opts.pageToken)); } const data = await request(url.href, { client: this.#client, method: "GET", }); return deserializeListConfigurationsResponse(data); } /** * List configuration revisions that meet the filter criteria. * * @param parent Required. The name of the Configuration to retrieve Revisions for */ async projectsConfigurationsRevisionsList(parent: string, opts: ProjectsConfigurationsRevisionsListOptions = {}): Promise { const url = new URL(`${this.#baseUrl}v1beta/${ parent }/revisions`); if (opts.filter !== undefined) { url.searchParams.append("filter", String(opts.filter)); } if (opts.orderBy !== undefined) { url.searchParams.append("orderBy", String(opts.orderBy)); } if (opts.pageSize !== undefined) { url.searchParams.append("pageSize", String(opts.pageSize)); } if (opts.pageToken !== undefined) { url.searchParams.append("pageToken", String(opts.pageToken)); } const data = await request(url.href, { client: this.#client, method: "GET", }); return deserializeListConfigurationRevisionsResponse(data); } /** * Creates or updates a configuration. * * @param parent Required. Parent of the configuration. */ async projectsConfigurationsUpsert(parent: string, req: Configuration, opts: ProjectsConfigurationsUpsertOptions = {}): Promise { req = serializeConfiguration(req); opts = serializeProjectsConfigurationsUpsertOptions(opts); const url = new URL(`${this.#baseUrl}v1beta/${ parent }/configurations:upsert`); if (opts.publishTime !== undefined) { url.searchParams.append("publishTime", String(opts.publishTime)); } const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "POST", body, }); return data as UpsertConfigurationResponse; } /** * Get a finding by name. The `name` field should have the format: * `projects/{project}/findings/{finding}` * * @param name Required. Name of the finding to get. */ async projectsFindingsGet(name: string): Promise { const url = new URL(`${this.#baseUrl}v1beta/${ name }`); const data = await request(url.href, { client: this.#client, method: "GET", }); return data as Finding; } /** * Get a list of findings that meet the filter criteria. The `parent` field * in ListFindingsRequest should have the format: projects/{project} * * @param parent Required. Parent of the findings. */ async projectsFindingsList(parent: string, opts: ProjectsFindingsListOptions = {}): Promise { const url = new URL(`${this.#baseUrl}v1beta/${ parent }/findings`); if (opts.filter !== undefined) { url.searchParams.append("filter", String(opts.filter)); } if (opts.orderBy !== undefined) { url.searchParams.append("orderBy", String(opts.orderBy)); } if (opts.pageSize !== undefined) { url.searchParams.append("pageSize", String(opts.pageSize)); } if (opts.pageToken !== undefined) { url.searchParams.append("pageToken", String(opts.pageToken)); } const data = await request(url.href, { client: this.#client, method: "GET", }); return data as ListFindingsResponse; } /** * SearchFindings is a more powerful version of ListFindings that supports * complex queries like "findings for alerts" using functions such as * `has_alert` in the query string. The `parent` field in * SearchFindingsRequest should have the format: projects/{project} Example to * search for findings for a specific issue: * `has_alert("name=\"projects/gti-12345/alerts/alert-12345\"")` * * @param parent Required. Parent of the findings. Format: vaults/{vault} */ async projectsFindingsSearch(parent: string, opts: ProjectsFindingsSearchOptions = {}): Promise { const url = new URL(`${this.#baseUrl}v1beta/${ parent }/findings:search`); if (opts.orderBy !== undefined) { url.searchParams.append("orderBy", String(opts.orderBy)); } if (opts.pageSize !== undefined) { url.searchParams.append("pageSize", String(opts.pageSize)); } if (opts.pageToken !== undefined) { url.searchParams.append("pageToken", String(opts.pageToken)); } if (opts.query !== undefined) { url.searchParams.append("query", String(opts.query)); } const data = await request(url.href, { client: this.#client, method: "GET", }); return data as SearchFindingsResponse; } /** * Triggers the generation of a Customer Profile for a project. * * @param name Required. The name of the project to generate the profile for. Format: projects/{project} */ async projectsGenerateOrgProfile(name: string, req: GenerateOrgProfileConfigurationRequest): Promise { const url = new URL(`${this.#baseUrl}v1beta/${ name }:generateOrgProfile`); const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "POST", body, }); return data as Operation; } } /** * Stateful object representing a group of Findings. Key feature to an Alert is * that it expresses the user's intent towards the findings of that group, even * those that haven't occurred yet. */ export interface Alert { /** * Optional. AI summary of the finding. */ aiSummary?: string; /** * Output only. Audit information for the alert. */ readonly audit?: Audit; /** * Output only. The resource names of the Configurations bound to this alert. * Format: projects/{project}/configurations/{configuration} */ readonly configurations?: string[]; /** * Output only. Details object for the alert, not all alerts will have a * details object. */ readonly detail?: AlertDetail; /** * Output only. A short title for the alert. */ readonly displayName?: string; /** * Output only. alert names of the alerts that are duplicates of this alert. * Format: projects/{project}/alerts/{alert} */ readonly duplicatedBy?: string[]; /** * Output only. alert name of the alert this alert is a duplicate of. Format: * projects/{project}/alerts/{alert} */ readonly duplicateOf?: string; /** * Optional. If included when updating an alert, this should be set to the * current etag of the alert. If the etags do not match, the update will be * rejected and an ABORTED error will be returned. */ etag?: string; /** * Output only. External ID for the alert. This is used internally to provide * protection against out of order updates. */ readonly externalId?: string; /** * Output only. The number of findings associated with this alert. */ readonly findingCount?: bigint; /** * Output only. Findings that are covered by this alert. */ readonly findings?: string[]; /** * Identifier. Server generated name for the alert. format is * projects/{project}/alerts/{alert} */ name?: string; /** * Output only. High-Precision Priority Analysis for the alert. */ readonly priorityAnalysis?: PriorityAnalysis; /** * Output only. High-Precision Relevance Analysis verdict for the alert. */ readonly relevanceAnalysis?: RelevanceAnalysis; /** * Output only. High-Precision Severity Analysis for the alert. */ readonly severityAnalysis?: SeverityAnalysis; /** * Output only. State of the alert. */ readonly state?: | "STATE_UNSPECIFIED" | "NEW" | "READ" | "TRIAGED" | "ESCALATED" | "RESOLVED" | "DUPLICATE" | "FALSE_POSITIVE" | "NOT_ACTIONABLE" | "BENIGN" | "TRACKED_EXTERNALLY"; } /** * Container for different types of alert details. */ export interface AlertDetail { /** * Data Leak alert detail type. */ dataLeak?: DataLeakAlertDetail; /** * Output only. Name of the detail type. Will be set by the server during * creation to the name of the field that is set in the detail union. */ readonly detailType?: string; /** * Initial Access Broker alert detail type. */ initialAccessBroker?: InitialAccessBrokerAlertDetail; /** * Insider Threat alert detail type. */ insiderThreat?: InsiderThreatAlertDetail; } /** * A document that is associated with an alert. */ export interface AlertDocument { /** * Output only. AI summary of the finding. */ readonly aiSummary?: string; /** * Output only. The author of the document. */ readonly author?: string; /** * Output only. Time when the origin source collected the intel. */ readonly collectionTime?: Date; /** * Output only. The content of the document. */ readonly content?: string; /** * Output only. The timestamp of the original external publication of the * document. */ readonly createTime?: Date; /** * Output only. Time when GTI received the intel. */ readonly ingestTime?: Date; /** * Output only. The language code of the document. */ readonly languageCode?: string; /** * Identifier. Server generated name for the alert document. format is * projects/{project}/alerts/{alert}/documents/{document} */ name?: string; /** * Output only. Source of the intel item, e.g. DarkMarket. */ readonly source?: string; /** * Output only. Time when the intel was last updated by the source. */ readonly sourceUpdateTime?: Date; /** * Output only. URI of the intel item from the source. */ readonly sourceUri?: string; /** * Output only. The title of the document, if available. */ readonly title?: string; /** * Output only. The translation of the document, if available. */ readonly translation?: AlertDocumentTranslation; } /** * The translation of an alert document. */ export interface AlertDocumentTranslation { /** * Output only. The translated content of the document. */ readonly translatedContent?: string; /** * Output only. The translated title of the document. */ readonly translatedTitle?: string; } /** * Tracks basic CRUD facts. */ export interface Audit { /** * Output only. Time of creation. */ readonly createTime?: Date; /** * Output only. Agent that created or updated the record, could be a UserId * or a JobId. */ readonly creator?: string; /** * Output only. Agent that last updated the record, could be a UserId or a * JobId. */ readonly updater?: string; /** * Output only. Time of creation or last update. */ readonly updateTime?: Date; } /** * A configuration represents a behavior an engine should follow when producing * new findings. */ export interface Configuration { /** * Output only. Audit information for the configuration. */ readonly audit?: Audit; /** * Optional. A description of the configuration. */ description?: string; /** * Required. Domain specific details for the configuration. */ detail?: ConfigurationDetail; /** * Output only. Human readable name for the configuration. */ readonly displayName?: string; /** * Identifier. Server generated name for the configuration. format is * projects/{project}/configurations/{configuration} */ name?: string; /** * Required. Name of the service that provides the configuration. */ provider?: string; /** * Optional. State of the configuration. */ state?: | "STATE_UNSPECIFIED" | "ENABLED" | "DISABLED" | "DEPRECATED"; /** * Optional. A user-manipulatable version. Does not adhere to a specific * format */ version?: string; } function serializeConfiguration(data: any): Configuration { return { ...data, detail: data["detail"] !== undefined ? serializeConfigurationDetail(data["detail"]) : undefined, }; } function deserializeConfiguration(data: any): Configuration { return { ...data, detail: data["detail"] !== undefined ? deserializeConfigurationDetail(data["detail"]) : undefined, }; } /** * Wrapper class that contains the union struct for all the various * configuration detail specific classes. */ export interface ConfigurationDetail { /** * Customer Profile detail config. */ customerProfile?: CustomerProfileConfig; /** * Output only. Name of the detail type. Will be set by the server during * creation to the name of the field that is set in the detail union. */ readonly detailType?: string; } function serializeConfigurationDetail(data: any): ConfigurationDetail { return { ...data, customerProfile: data["customerProfile"] !== undefined ? serializeCustomerProfileConfig(data["customerProfile"]) : undefined, }; } function deserializeConfigurationDetail(data: any): ConfigurationDetail { return { ...data, customerProfile: data["customerProfile"] !== undefined ? deserializeCustomerProfileConfig(data["customerProfile"]) : undefined, }; } /** * A ConfigurationRevision is a snapshot of a Configuration at a point in time. * It is immutable. */ export interface ConfigurationRevision { /** * Output only. The time the Revision was created */ readonly createTime?: Date; /** * Identifier. The name of the ConfigurationRevision Format: * projects//configurations//revisions/ */ name?: string; /** * The snapshot of the configuration */ snapshot?: Configuration; } function serializeConfigurationRevision(data: any): ConfigurationRevision { return { ...data, snapshot: data["snapshot"] !== undefined ? serializeConfiguration(data["snapshot"]) : undefined, }; } function deserializeConfigurationRevision(data: any): ConfigurationRevision { return { ...data, createTime: data["createTime"] !== undefined ? new Date(data["createTime"]) : undefined, snapshot: data["snapshot"] !== undefined ? deserializeConfiguration(data["snapshot"]) : undefined, }; } /** * Citation information for the customer profile. */ export interface CustomerProfileCitation { /** * Required. The citation id for the citation. Should be unique within the * profile. */ citationId?: string; /** * Required. The name of the document the citation is from. */ document?: string; /** * The time the citation was retrieved. */ retrievalTime?: Date; /** * Required. The source of the citation. */ source?: string; /** * Optional. The url of the citation. */ uri?: string; } function serializeCustomerProfileCitation(data: any): CustomerProfileCitation { return { ...data, retrievalTime: data["retrievalTime"] !== undefined ? data["retrievalTime"].toISOString() : undefined, }; } function deserializeCustomerProfileCitation(data: any): CustomerProfileCitation { return { ...data, retrievalTime: data["retrievalTime"] !== undefined ? new Date(data["retrievalTime"]) : undefined, }; } /** * A string with citation ids. */ export interface CustomerProfileCitedString { /** * Optional. The citation ids for the string. */ citationIds?: string[]; /** * Required. The value of the string. */ value?: string; } /** * Company information for the customer profile. */ export interface CustomerProfileCompany { /** * Optional. The citation ids for the company. */ citationIds?: string[]; /** * Required. The name of the company. */ company?: string; } /** * CustomerProfileConfig is the configuration for the customer profile. */ export interface CustomerProfileConfig { /** * Optional. Citations for the organization profile. */ citations?: CustomerProfileCitation[]; /** * Optional. Contact information for the organization. */ contactInfo?: CustomerProfileContactInfo[]; /** * Optional. Executives of the organization. */ executives?: CustomerProfilePerson[]; /** * Optional. The industries the organization is involved in. */ industries?: CustomerProfileIndustry[]; /** * Optional. Locations the organization is present or conducts business in. */ locations?: CustomerProfileLocation[]; /** * Required. The name of the organization. */ org?: string; /** * Optional. A summary of the organization. */ orgSummary?: string; /** * Optional. The parent companies of the organization. */ parentCompanies?: CustomerProfileCompany[]; /** * Optional. Product information for the organization. */ products?: CustomerProfileProduct[]; /** * Optional. Security considerations for the organization. */ securityConsiderations?: CustomerProfileSecurityConsiderations; /** * Optional. A summarized version of the customer profile. */ summary?: CustomerProfileSummary; /** * Optional. Technology presence of the organization. */ technologyPresence?: string; /** * Optional. Web presence of the organization. */ webPresences?: CustomerProfileWebPresence[]; } function serializeCustomerProfileConfig(data: any): CustomerProfileConfig { return { ...data, citations: data["citations"] !== undefined ? data["citations"].map((item: any) => (serializeCustomerProfileCitation(item))) : undefined, }; } function deserializeCustomerProfileConfig(data: any): CustomerProfileConfig { return { ...data, citations: data["citations"] !== undefined ? data["citations"].map((item: any) => (deserializeCustomerProfileCitation(item))) : undefined, }; } /** * Contact information for the customer profile. */ export interface CustomerProfileContactInfo { /** * The address of the contact. */ address?: string; /** * Optional. The citation ids for the contact information. */ citationIds?: string[]; /** * The email address of the contact. */ email?: string; /** * Optional. The name of the contact. */ label?: string; /** * The other contact information. */ other?: string; /** * The phone number of the contact. */ phone?: string; } /** * Industry information for the customer profile. */ export interface CustomerProfileIndustry { /** * Optional. The citation ids for the industry. */ citationIds?: string[]; /** * Required. The name of the industry. */ industry?: string; } /** * Location information for the customer profile. */ export interface CustomerProfileLocation { /** * Required. The address of the location. */ address?: string; /** * Required. The brand of the location. */ brand?: string; /** * Optional. The citation ids for the location. */ citationIds?: string[]; /** * Optional. The type of location. */ facilityType?: string; } /** * Person information for the customer profile. */ export interface CustomerProfilePerson { /** * Optional. The citation ids for the person. */ citationIds?: string[]; /** * Required. The name of the person. */ name?: string; /** * Optional. The title of the person. */ title?: string; } /** * Product information for the customer profile. */ export interface CustomerProfileProduct { /** * Required. The brand of the product. */ brand?: string; /** * Optional. The citation ids for the product. */ citationIds?: string[]; /** * Required. The name of the product. */ product?: string; } /** * Security considerations for the customer profile. */ export interface CustomerProfileSecurityConsiderations { /** * Optional. A series of considerations for the security of the organization, * such as "high risk of compromise" or "vulnerable to cyberbullying". */ considerations?: string[]; /** * Optional. A note about the security considerations. */ note?: string; } /** * A summarized version of the customer profile. Generated by the backend. */ export interface CustomerProfileSummary { /** * Optional. The area the customer serves. */ areaServed?: CustomerProfileCitedString; /** * Optional. A narrative summary of brands. */ brands?: CustomerProfileCitedString; /** * Optional. The entity type of the customer. */ entityType?: CustomerProfileCitedString; /** * Optional. The date the customer was founded. */ founded?: CustomerProfileCitedString; /** * Optional. The headquarters of the customer. */ headquarters?: CustomerProfileCitedString; /** * Optional. The industry the customer is in. */ industry?: CustomerProfileCitedString; /** * Optional. A narrative summary of key people. */ keyPeopleSummary?: CustomerProfileCitedString; /** * Optional. The parent company of the customer. */ parentCompany?: CustomerProfileCitedString; /** * Optional. The primary website of the customer. */ primaryWebsite?: CustomerProfileCitedString; /** * Optional. A narrative summary of products. */ productsSummary?: CustomerProfileCitedString; /** * Optional. A narrative summary of services. */ servicesSummary?: CustomerProfileCitedString; /** * Optional. The official name of the customer. */ title?: CustomerProfileCitedString; } /** * Web presence information for the customer profile. */ export interface CustomerProfileWebPresence { /** * Optional. The citation ids for the web presence. */ citationIds?: string[]; /** * Required. The domain name of the web presence. */ domain?: string; } /** * Captures the specific details of Data Leak alert. */ export interface DataLeakAlertDetail { /** * Required. Array of ids to accommodate multiple discovery documents */ discoveryDocumentIds?: string[]; /** * Required. The severity of the Data Leak alert. Allowed values are: * `LOW` * * `MEDIUM` * `HIGH` * `CRITICAL` */ severity?: string; } /** * A detail object for a Data Leak finding. */ export interface DataLeakFindingDetail { /** * Required. The unique identifier of the document that triggered the Data * Leak finding. This ID can be used to retrieve the content of the document * for further analysis. */ documentId?: string; /** * Required. Reference to the match score of the Data Leak finding. This is a * float value greater than 0 and less than or equal to 1 calculated by the * matching engine based on the similarity of the document and the user * provided configurations. */ matchScore?: number; /** * Required. The severity of the Data Leak finding. This indicates the * potential impact of the threat. */ severity?: | "SEVERITY_UNSPECIFIED" | "LOW" | "MEDIUM" | "HIGH" | "CRITICAL"; } /** * Response message for EnumerateAlertFacets. */ export interface EnumerateAlertFacetsResponse { /** * List of facets and the counts. */ facets?: Facet[]; } function serializeEnumerateAlertFacetsResponse(data: any): EnumerateAlertFacetsResponse { return { ...data, facets: data["facets"] !== undefined ? data["facets"].map((item: any) => (serializeFacet(item))) : undefined, }; } function deserializeEnumerateAlertFacetsResponse(data: any): EnumerateAlertFacetsResponse { return { ...data, facets: data["facets"] !== undefined ? data["facets"].map((item: any) => (deserializeFacet(item))) : undefined, }; } /** * Details the evidence used to determine the relevance verdict. */ export interface Evidence { /** * A list of semantic themes or concepts found to be common, related, or * aligned between the sources, supporting the verdict. */ commonThemes?: string[]; /** * A list of semantic themes or descriptions unique to one source or * semantically distant. */ distinctThemes?: string[]; } /** * Facet represents a sub element of a resource for filtering. The results from * this method are used to populate the filterable facets in the UI. */ export interface Facet { /** * Name of the facet. This is also the string that needs to be used in the * filtering expression. */ facet?: string; /** * List of counts for the facet (if categorical). */ facetCounts?: FacetCount[]; /** * The type of the facet. Options include "string", "int", "float", "bool", * "enum", "timestamp", "user" and are useful to show the right sort of UI * controls when building a AIP-160 style filtering string. */ facetType?: string; /** * Max value of the facet stringified based on type. Will be populated and * formatted the same as min_value. */ maxValue?: string; /** * Min value of the facet stringified based on type. This is only populated * for facets that have a clear ordering, for types like enum it will be left * empty. Timestamps will be formatted using RFC3339. */ minValue?: string; /** * Total number of records that contain this facet with ANY value. */ totalCount?: bigint; } function serializeFacet(data: any): Facet { return { ...data, totalCount: data["totalCount"] !== undefined ? String(data["totalCount"]) : undefined, }; } function deserializeFacet(data: any): Facet { return { ...data, totalCount: data["totalCount"] !== undefined ? BigInt(data["totalCount"]) : undefined, }; } /** * FacetCount represents a count of records with each facet value. */ export interface FacetCount { /** * Count of records with the value. */ count?: number; /** * Value of the facet stringified. Timestamps will be formatted using * RFC3339. */ value?: string; } /** * A ‘stateless’ and a point in time event that a check produced a result of * interest. */ export interface Finding { /** * Optional. AI summary of the finding. */ aiSummary?: string; /** * Optional. Name of the alert that this finding is bound to. */ alert?: string; /** * Output only. Audit data about the finding. */ readonly audit?: Audit; /** * Optional. Configuration names that are bound to this finding. */ configurations?: string[]; /** * Required. Holder of the domain specific details of the finding. */ detail?: FindingDetail; /** * Required. A short descriptive title for the finding <= 250 chars. EX: * "Actor 'baddy' offering $1000 for credentials of 'goodguy'". */ displayName?: string; /** * Identifier. Server generated name for the finding (leave clear during * creation). Format: projects/{project}/findings/{finding} */ name?: string; /** * Required. Logical source of this finding (name of the sub-engine). */ provider?: string; /** * Output only. High-Precision Relevance Analysis verdict for the finding. */ readonly relevanceAnalysis?: RelevanceAnalysis; /** * Output only. When identical finding (same labels and same details) has * re-occurred. */ readonly reoccurrenceTimes?: Date[]; /** * Optional. Deprecated: Use the `severity_analysis` field instead. Base * severity score from the finding source. */ severity?: number; /** * Output only. High-Precision Severity Analysis verdict for the finding. */ readonly severityAnalysis?: SeverityAnalysis; } /** * Wrapper class that contains the union struct for all the various findings * detail specific classes. */ export interface FindingDetail { /** * Data Leak finding detail type. */ dataLeak?: DataLeakFindingDetail; /** * Output only. Name of the detail type. Will be set by the server during * creation to the name of the field that is set in the detail union. */ readonly detailType?: string; /** * Initial Access Broker finding detail type. */ initialAccessBroker?: InitialAccessBrokerFindingDetail; /** * Insider Threat finding detail type. */ insiderThreat?: InsiderThreatFindingDetail; } /** * Request message for GenerateOrgProfileConfiguration. */ export interface GenerateOrgProfileConfigurationRequest { /** * Required. The display name of the organization to generate the profile * for. */ displayName?: string; /** * Required. The domain of the organization to generate the profile for. */ domain?: string; } /** * Captures the specific details of InitialAccessBroker (IAB) alert. */ export interface InitialAccessBrokerAlertDetail { /** * Required. Array of ids to accommodate multiple discovery documents */ discoveryDocumentIds?: string[]; /** * Required. The severity of the Initial Access Broker (IAB) alert. Allowed * values are: * `LOW` * `MEDIUM` * `HIGH` * `CRITICAL` */ severity?: string; } /** * A detail object for an Initial Access Broker (IAB) finding. */ export interface InitialAccessBrokerFindingDetail { /** * Required. The unique identifier of the document that triggered the IAB * finding. This ID can be used to retrieve the content of the document for * further analysis. */ documentId?: string; /** * Required. Reference to the match score of the IAB finding. This is a float * value between 0 and 1 calculated by the matching engine based on the * similarity of the document and the user provided configurations. */ matchScore?: number; /** * Required. The severity of the IAB finding. This indicates the potential * impact of the threat. */ severity?: | "SEVERITY_UNSPECIFIED" | "LOW" | "MEDIUM" | "HIGH" | "CRITICAL"; } /** * Captures the specific details of InsiderThreat alert. */ export interface InsiderThreatAlertDetail { /** * Required. Array of ids to accommodate multiple discovery documents */ discoveryDocumentIds?: string[]; /** * Required. The severity of the Insider Threat alert. Allowed values are: * * `LOW` * `MEDIUM` * `HIGH` * `CRITICAL` */ severity?: string; } /** * A detail object for a InsiderThreat finding. */ export interface InsiderThreatFindingDetail { /** * Required. The unique identifier of the document that triggered the * InsiderThreat finding. This ID can be used to retrieve the content of the * document for further analysis. */ documentId?: string; /** * Required. Reference to the match score of the InsiderThreat finding. This * is a float value greater than 0 and less than or equal to 1 calculated by * the matching engine based on the similarity of the document and the user * provided configurations. */ matchScore?: number; /** * Required. The severity of the InsiderThreat finding. This indicates the * potential impact of the threat. */ severity?: | "SEVERITY_UNSPECIFIED" | "LOW" | "MEDIUM" | "HIGH" | "CRITICAL"; } /** * Response message for ListAlerts. */ export interface ListAlertsResponse { /** * List of alerts. */ alerts?: Alert[]; /** * Page token. */ nextPageToken?: string; } /** * Response message for ListConfigurationRevisions. */ export interface ListConfigurationRevisionsResponse { /** * A token, which can be sent as `page_token` to retrieve the next page. If * this field is omitted, there are no subsequent pages. */ nextPageToken?: string; /** * The Configuration Revisions associated with the specified Configuration */ revisions?: ConfigurationRevision[]; } function serializeListConfigurationRevisionsResponse(data: any): ListConfigurationRevisionsResponse { return { ...data, revisions: data["revisions"] !== undefined ? data["revisions"].map((item: any) => (serializeConfigurationRevision(item))) : undefined, }; } function deserializeListConfigurationRevisionsResponse(data: any): ListConfigurationRevisionsResponse { return { ...data, revisions: data["revisions"] !== undefined ? data["revisions"].map((item: any) => (deserializeConfigurationRevision(item))) : undefined, }; } /** * Response message for ListConfigurations. */ export interface ListConfigurationsResponse { /** * List of configurations. */ configurations?: Configuration[]; /** * Page token. */ nextPageToken?: string; } function serializeListConfigurationsResponse(data: any): ListConfigurationsResponse { return { ...data, configurations: data["configurations"] !== undefined ? data["configurations"].map((item: any) => (serializeConfiguration(item))) : undefined, }; } function deserializeListConfigurationsResponse(data: any): ListConfigurationsResponse { return { ...data, configurations: data["configurations"] !== undefined ? data["configurations"].map((item: any) => (deserializeConfiguration(item))) : undefined, }; } /** * Response message for ListFindings. */ export interface ListFindingsResponse { /** * List of findings. */ findings?: Finding[]; /** * Page token. */ nextPageToken?: string; } /** * Request message for MarkAlertAsBenign. */ export interface MarkAlertAsBenignRequest { } /** * Request message for MarkAlertAsDuplicate. */ export interface MarkAlertAsDuplicateRequest { /** * Optional. Name of the alert to mark as a duplicate of. Format: * projects/{project}/alerts/{alert} */ duplicateOf?: string; } /** * Request message for MarkAlertAsEscalated. */ export interface MarkAlertAsEscalatedRequest { } /** * Request message for MarkAlertAsFalsePositive. */ export interface MarkAlertAsFalsePositiveRequest { } /** * Request message for MarkAlertAsNotActionable. */ export interface MarkAlertAsNotActionableRequest { } /** * Request message for MarkAlertAsRead. */ export interface MarkAlertAsReadRequest { } /** * Request message for MarkAlertAsResolved. */ export interface MarkAlertAsResolvedRequest { } /** * Request message for MarkAlertAsTrackedExternally. */ export interface MarkAlertAsTrackedExternallyRequest { } /** * Request message for MarkAlertAsTriaged. */ export interface MarkAlertAsTriagedRequest { } /** * This resource represents a long-running operation that is the result of a * network API call. */ export interface Operation { /** * If the value is `false`, it means the operation is still in progress. If * `true`, the operation is completed, and either `error` or `response` is * available. */ done?: boolean; /** * The error result of the operation in case of failure or cancellation. */ error?: Status; /** * Service-specific metadata associated with the operation. It typically * contains progress information and common metadata such as create time. Some * services might not provide such metadata. Any method that returns a * long-running operation should document the metadata type, if any. */ metadata?: { [key: string]: any }; /** * The server-assigned name, which is only unique within the same service * that originally returns it. If you use the default HTTP mapping, the `name` * should be a resource name ending with `operations/{unique_id}`. */ name?: string; /** * The normal, successful response of the operation. If the original method * returns no data on success, such as `Delete`, the response is * `google.protobuf.Empty`. If the original method is standard * `Get`/`Create`/`Update`, the response should be the resource. For other * methods, the response should have the type `XxxResponse`, where `Xxx` is * the original method name. For example, if the original method name is * `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`. */ response?: { [key: string]: any }; } /** * Structured priority analysis for a threat. */ export interface PriorityAnalysis { /** * The level of confidence in the given verdict. */ confidence?: | "CONFIDENCE_LEVEL_UNSPECIFIED" | "CONFIDENCE_LEVEL_LOW" | "CONFIDENCE_LEVEL_MEDIUM" | "CONFIDENCE_LEVEL_HIGH"; /** * The level of Priority. */ priorityLevel?: | "PRIORITY_LEVEL_UNSPECIFIED" | "PRIORITY_LEVEL_LOW" | "PRIORITY_LEVEL_MEDIUM" | "PRIORITY_LEVEL_HIGH" | "PRIORITY_LEVEL_CRITICAL"; /** * Human-readable explanation from the model, detailing why a particular * result is considered to have a certain priority. */ reasoning?: string; } /** * Additional options for ThreatIntelligence#projectsAlertsEnumerateFacets. */ export interface ProjectsAlertsEnumerateFacetsOptions { /** * Optional. Filter on what alerts will be enumerated. */ filter?: string; } /** * Additional options for ThreatIntelligence#projectsAlertsList. */ export interface ProjectsAlertsListOptions { /** * Optional. Filter criteria. Supported fields for filtering include: * * `audit.create_time` * `audit.creator` * `audit.update_time` * * `audit.updater` * `detail.data_leak.discovery_document_ids` * * `detail.data_leak.severity` * `detail.detail_type` * * `detail.initial_access_broker.discovery_document_ids` * * `detail.initial_access_broker.severity` * * `detail.insider_threat.discovery_document_ids` * * `detail.insider_threat.severity` * `finding_count` * * `priority_analysis.priority_level` * `relevance_analysis.confidence` * * `relevance_analysis.relevance_level` * `relevance_analysis.relevant` * * `severity_analysis.severity_level` * `state` Examples: * * `detail.detail_type = "initial_access_broker"` * `detail.detail_type != * "data_leak"` * `detail.insider_threat.severity = "HIGH"` * * `audit.create_time >= "2026-04-03T00:00:00Z" AND audit.create_time < * "2026-04-06T00:00:00Z"` * `state = "NEW" OR state = "TRIAGED"` * * `severity_analysis.severity_level = "SEVERITY_LEVEL_CRITICAL"` */ filter?: string; /** * Optional. Order by criteria in the csv format: "field1, field2 desc" or * "field1, field2" or "field1 asc, field2". If a field is specified without * `asc` or `desc`, ascending order is used by default. Supported fields for * ordering are identical to those supported for filtering. Examples: * * `audit.create_time desc` * `audit.update_time asc` * `audit.create_time * desc, severity_analysis.severity_level desc` */ orderBy?: string; /** * Optional. Page size. Default to 100 alerts per page. Maximum is 1000 * alerts per page. */ pageSize?: number; /** * Optional. Page token to retrieve the next page of results. */ pageToken?: string; } /** * Additional options for ThreatIntelligence#projectsConfigurationsList. */ export interface ProjectsConfigurationsListOptions { /** * Optional. Filter criteria. */ filter?: string; /** * Optional. Order by criteria in the csv format: "field1,field2 desc" or * "field1,field2" or "field1 asc, field2". */ orderBy?: string; /** * Optional. Page size. */ pageSize?: number; /** * Optional. Page token. */ pageToken?: string; } /** * Additional options for * ThreatIntelligence#projectsConfigurationsRevisionsList. */ export interface ProjectsConfigurationsRevisionsListOptions { /** * Optional. An AIP-160 filter string */ filter?: string; /** * Optional. Specify ordering of response */ orderBy?: string; /** * Optional. Page Size */ pageSize?: number; /** * Optional. A page token provided by the API */ pageToken?: string; } /** * Additional options for ThreatIntelligence#projectsConfigurationsUpsert. */ export interface ProjectsConfigurationsUpsertOptions { /** * Optional. Time that the configuration should be considered to have been * published. This is an advanced feature used when onboarding and bulk * loading data from other systems. Do not set this field without consulting * with the API team. */ publishTime?: Date; } function serializeProjectsConfigurationsUpsertOptions(data: any): ProjectsConfigurationsUpsertOptions { return { ...data, publishTime: data["publishTime"] !== undefined ? data["publishTime"].toISOString() : undefined, }; } function deserializeProjectsConfigurationsUpsertOptions(data: any): ProjectsConfigurationsUpsertOptions { return { ...data, publishTime: data["publishTime"] !== undefined ? new Date(data["publishTime"]) : undefined, }; } /** * Additional options for ThreatIntelligence#projectsFindingsList. */ export interface ProjectsFindingsListOptions { /** * Optional. Filter criteria. */ filter?: string; /** * Optional. Order by criteria in the csv format: "field1,field2 desc" or * "field1,field2" or "field1 asc, field2". */ orderBy?: string; /** * Optional. Page size. */ pageSize?: number; /** * Optional. Page token. */ pageToken?: string; } /** * Additional options for ThreatIntelligence#projectsFindingsSearch. */ export interface ProjectsFindingsSearchOptions { /** * Optional. Order by criteria in the csv format: "field1,field2 desc" or * "field1,field2" or "field1 asc, field2". */ orderBy?: string; /** * Optional. Page size. */ pageSize?: number; /** * Optional. Page token. */ pageToken?: string; /** * Optional. Query on what findings will be returned. This supports the same * filter criteria as FindingService.ListFindings as well as the following * relationship query `has_alert`. Example: - * `has_alert("name=\"projects/gti-12345/alerts/alert-12345\"")` */ query?: string; } /** * Structured relevance analysis for a threat. */ export interface RelevanceAnalysis { /** * The level of confidence in the given verdict. */ confidence?: | "CONFIDENCE_LEVEL_UNSPECIFIED" | "CONFIDENCE_LEVEL_LOW" | "CONFIDENCE_LEVEL_MEDIUM" | "CONFIDENCE_LEVEL_HIGH"; /** * Evidence supporting the verdict, including matched and unmatched items. */ evidence?: Evidence; /** * Human-readable explanation from the matcher, detailing why a particular * result is considered relevant or not relevant. */ reasoning?: string; /** * The level of relevance. */ relevanceLevel?: | "RELEVANCE_LEVEL_UNSPECIFIED" | "RELEVANCE_LEVEL_LOW" | "RELEVANCE_LEVEL_MEDIUM" | "RELEVANCE_LEVEL_HIGH"; /** * Indicates whether the threat is considered relevant. */ relevant?: boolean; } /** * Response message for SearchFindings. */ export interface SearchFindingsResponse { /** * List of findings. */ findings?: Finding[]; /** * Page token. */ nextPageToken?: string; } /** * Structured severity analysis for a threat. */ export interface SeverityAnalysis { /** * The level of confidence in the given verdict. */ confidence?: | "CONFIDENCE_LEVEL_UNSPECIFIED" | "CONFIDENCE_LEVEL_LOW" | "CONFIDENCE_LEVEL_MEDIUM" | "CONFIDENCE_LEVEL_HIGH"; /** * Human-readable explanation from the model, detailing why a particular * result is considered to have a certain severity. */ reasoning?: string; /** * The level of severity. */ severityLevel?: | "SEVERITY_LEVEL_UNSPECIFIED" | "SEVERITY_LEVEL_LOW" | "SEVERITY_LEVEL_MEDIUM" | "SEVERITY_LEVEL_HIGH"; } /** * The `Status` type defines a logical error model that is suitable for * different programming environments, including REST APIs and RPC APIs. It is * used by [gRPC](https://github.com/grpc). Each `Status` message contains three * pieces of data: error code, error message, and error details. You can find * out more about this error model and how to work with it in the [API Design * Guide](https://cloud.google.com/apis/design/errors). */ export interface Status { /** * The status code, which should be an enum value of google.rpc.Code. */ code?: number; /** * A list of messages that carry the error details. There is a common set of * message types for APIs to use. */ details?: { [key: string]: any }[]; /** * A developer-facing error message, which should be in English. Any * user-facing error message should be localized and sent in the * google.rpc.Status.details field, or localized by the client. */ message?: string; } /** * Response message for UpsertConfiguration. */ export interface UpsertConfigurationResponse { /** * Output only. Created configuration ID with server assigned id. */ readonly configuration?: string; }