// Copyright 2022 Luca Casonato. All rights reserved. MIT license. /** * Threat Intelligence API Client for Deno * ======================================= * * threatintelligence.googleapis.com API. * * Docs: https://docs.cloud.google.com/threatintelligence/ * Source: https://googleapis.deno.dev/v1/threatintelligence:v1beta.ts */ import { auth, CredentialsClient, GoogleAuth, request } from "/_/base@v1/mod.ts"; export { auth, GoogleAuth }; export type { CredentialsClient }; /** * threatintelligence.googleapis.com API. */ export class ThreatIntelligence { #client: CredentialsClient | undefined; #baseUrl: string; constructor(client?: CredentialsClient, baseUrl: string = "https://threatintelligence.googleapis.com/") { this.#client = client; this.#baseUrl = baseUrl; } /** * Marks an alert as benign - BENIGN. * * @param name Required. Name of the alert to mark as a benign. Format: projects/{project}/alerts/{alert} */ async projectsAlertsBenign(name: string, req: MarkAlertAsBenignRequest): Promise { const url = new URL(`${this.#baseUrl}v1beta/${ name }:benign`); const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "POST", body, }); return data as Alert; } /** * Gets a specific document associated with an alert. * * @param name Required. Name of the alert document to get. Format: projects/{project}/alerts/{alert}/documents/{document} */ async projectsAlertsDocumentsGet(name: string): Promise { const url = new URL(`${this.#baseUrl}v1beta/${ name }`); const data = await request(url.href, { client: this.#client, method: "GET", }); return data as AlertDocument; } /** * Marks an alert as a duplicate of another alert. - DUPLICATE. * * @param name Required. Name of the alert to mark as a duplicate. Format: projects/{project}/alerts/{alert} */ async projectsAlertsDuplicate(name: string, req: MarkAlertAsDuplicateRequest): Promise { const url = new URL(`${this.#baseUrl}v1beta/${ name }:duplicate`); const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "POST", body, }); return data as Alert; } /** * EnumerateAlertFacets returns the facets and the number of alerts that meet * the filter criteria and have that value for each facet. * * @param parent Required. Parent of the alerts. */ async projectsAlertsEnumerateFacets(parent: string, opts: ProjectsAlertsEnumerateFacetsOptions = {}): Promise { const url = new URL(`${this.#baseUrl}v1beta/${ parent }/alerts:enumerateFacets`); if (opts.filter !== undefined) { url.searchParams.append("filter", String(opts.filter)); } const data = await request(url.href, { client: this.#client, method: "GET", }); return deserializeEnumerateAlertFacetsResponse(data); } /** * Marks an alert as escalated - ESCALATED. * * @param name Required. Name of the alert to mark as escalated. Format: projects/{project}/alerts/{alert} */ async projectsAlertsEscalate(name: string, req: MarkAlertAsEscalatedRequest): Promise { const url = new URL(`${this.#baseUrl}v1beta/${ name }:escalate`); const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "POST", body, }); return data as Alert; } /** * Marks an alert as a false positive - FALSE_POSITIVE. * * @param name Required. Name of the alert to mark as a false positive. Format: projects/{project}/alerts/{alert} */ async projectsAlertsFalsePositive(name: string, req: MarkAlertAsFalsePositiveRequest): Promise { const url = new URL(`${this.#baseUrl}v1beta/${ name }:falsePositive`); const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "POST", body, }); return data as Alert; } /** * Get an alert by name. * * @param name Required. Name of the alert to get. Format: projects/{project}/alerts/{alert} */ async projectsAlertsGet(name: string): Promise { const url = new URL(`${this.#baseUrl}v1beta/${ name }`); const data = await request(url.href, { client: this.#client, method: "GET", }); return data as Alert; } /** * Get a list of alerts that meet the filter criteria. * * @param parent Required. Parent of the alerts. Format: projects/{project} */ async projectsAlertsList(parent: string, opts: ProjectsAlertsListOptions = {}): Promise { const url = new URL(`${this.#baseUrl}v1beta/${ parent }/alerts`); if (opts.filter !== undefined) { url.searchParams.append("filter", String(opts.filter)); } if (opts.orderBy !== undefined) { url.searchParams.append("orderBy", String(opts.orderBy)); } if (opts.pageSize !== undefined) { url.searchParams.append("pageSize", String(opts.pageSize)); } if (opts.pageToken !== undefined) { url.searchParams.append("pageToken", String(opts.pageToken)); } const data = await request(url.href, { client: this.#client, method: "GET", }); return data as ListAlertsResponse; } /** * Marks an alert as not actionable - NOT_ACTIONABLE. * * @param name Required. Name of the alert to mark as a not actionable. Format: projects/{project}/alerts/{alert} */ async projectsAlertsNotActionable(name: string, req: MarkAlertAsNotActionableRequest): Promise { const url = new URL(`${this.#baseUrl}v1beta/${ name }:notActionable`); const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "POST", body, }); return data as Alert; } /** * Marks an alert as read - READ. * * @param name Required. Name of the alert to mark as read. Format: projects/{project}/alerts/{alert} */ async projectsAlertsRead(name: string, req: MarkAlertAsReadRequest): Promise { const url = new URL(`${this.#baseUrl}v1beta/${ name }:read`); const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "POST", body, }); return data as Alert; } /** * Return the status of a URI submitted to Google WebRisk. * * @param name Required. Name of alert to refresh status from WebRisk */ async projectsAlertsRefreshUriStatus(name: string, req: RefreshAlertUriStatusRequest): Promise { const url = new URL(`${this.#baseUrl}v1beta/${ name }:refreshUriStatus`); const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "POST", body, }); return data as RefreshAlertUriStatusResponse; } /** * Report the URI associated with an alert to Google WebRisk. * * @param name Required. Name of alert to submit to WebRisk. */ async projectsAlertsReportAlertUri(name: string, req: ReportAlertUriRequest): Promise { const url = new URL(`${this.#baseUrl}v1beta/${ name }:reportAlertUri`); const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "POST", body, }); return data as ReportAlertUriResponse; } /** * Marks an alert to closed state - RESOLVED. * * @param name Required. Name of the alert to mark as resolved. Format: projects/{project}/alerts/{alert} */ async projectsAlertsResolve(name: string, req: MarkAlertAsResolvedRequest): Promise { const url = new URL(`${this.#baseUrl}v1beta/${ name }:resolve`); const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "POST", body, }); return data as Alert; } /** * Marks an alert as tracked externally - TRACKED_EXTERNALLY. * * @param name Required. Name of the alert to mark as tracked externally. Format: projects/{project}/alerts/{alert} */ async projectsAlertsTrackExternally(name: string, req: MarkAlertAsTrackedExternallyRequest): Promise { const url = new URL(`${this.#baseUrl}v1beta/${ name }:trackExternally`); const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "POST", body, }); return data as Alert; } /** * Marks an alert as triaged - TRIAGED. * * @param name Required. Name of the alert to mark as a triaged. Format: projects/{project}/alerts/{alert} */ async projectsAlertsTriage(name: string, req: MarkAlertAsTriagedRequest): Promise { const url = new URL(`${this.#baseUrl}v1beta/${ name }:triage`); const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "POST", body, }); return data as Alert; } /** * Get a configuration by name. * * @param name Required. Name of the configuration to get. Format: vaults/{vault}/configurations/{configuration} */ async projectsConfigurationsGet(name: string): Promise { const url = new URL(`${this.#baseUrl}v1beta/${ name }`); const data = await request(url.href, { client: this.#client, method: "GET", }); return deserializeConfiguration(data); } /** * Get a list of configurations that meet the filter criteria. * * @param parent Required. Parent of the configuration. Format: vaults/{vault} */ async projectsConfigurationsList(parent: string, opts: ProjectsConfigurationsListOptions = {}): Promise { const url = new URL(`${this.#baseUrl}v1beta/${ parent }/configurations`); if (opts.filter !== undefined) { url.searchParams.append("filter", String(opts.filter)); } if (opts.orderBy !== undefined) { url.searchParams.append("orderBy", String(opts.orderBy)); } if (opts.pageSize !== undefined) { url.searchParams.append("pageSize", String(opts.pageSize)); } if (opts.pageToken !== undefined) { url.searchParams.append("pageToken", String(opts.pageToken)); } const data = await request(url.href, { client: this.#client, method: "GET", }); return deserializeListConfigurationsResponse(data); } /** * List configuration revisions that meet the filter criteria. * * @param parent Required. The name of the Configuration to retrieve Revisions for */ async projectsConfigurationsRevisionsList(parent: string, opts: ProjectsConfigurationsRevisionsListOptions = {}): Promise { const url = new URL(`${this.#baseUrl}v1beta/${ parent }/revisions`); if (opts.filter !== undefined) { url.searchParams.append("filter", String(opts.filter)); } if (opts.orderBy !== undefined) { url.searchParams.append("orderBy", String(opts.orderBy)); } if (opts.pageSize !== undefined) { url.searchParams.append("pageSize", String(opts.pageSize)); } if (opts.pageToken !== undefined) { url.searchParams.append("pageToken", String(opts.pageToken)); } const data = await request(url.href, { client: this.#client, method: "GET", }); return deserializeListConfigurationRevisionsResponse(data); } /** * Creates or updates a configuration. * * @param parent Required. Parent of the configuration. */ async projectsConfigurationsUpsert(parent: string, req: Configuration, opts: ProjectsConfigurationsUpsertOptions = {}): Promise { req = serializeConfiguration(req); opts = serializeProjectsConfigurationsUpsertOptions(opts); const url = new URL(`${this.#baseUrl}v1beta/${ parent }/configurations:upsert`); if (opts.publishTime !== undefined) { url.searchParams.append("publishTime", String(opts.publishTime)); } const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "POST", body, }); return data as UpsertConfigurationResponse; } /** * Get a finding by name. * * @param name Required. Name of the finding to get. */ async projectsFindingsGet(name: string): Promise { const url = new URL(`${this.#baseUrl}v1beta/${ name }`); const data = await request(url.href, { client: this.#client, method: "GET", }); return deserializeFinding(data); } /** * Get a list of findings that meet the filter criteria. * * @param parent Required. Parent of the findings. */ async projectsFindingsList(parent: string, opts: ProjectsFindingsListOptions = {}): Promise { const url = new URL(`${this.#baseUrl}v1beta/${ parent }/findings`); if (opts.filter !== undefined) { url.searchParams.append("filter", String(opts.filter)); } if (opts.orderBy !== undefined) { url.searchParams.append("orderBy", String(opts.orderBy)); } if (opts.pageSize !== undefined) { url.searchParams.append("pageSize", String(opts.pageSize)); } if (opts.pageToken !== undefined) { url.searchParams.append("pageToken", String(opts.pageToken)); } const data = await request(url.href, { client: this.#client, method: "GET", }); return deserializeListFindingsResponse(data); } /** * SearchFindings is a more powerful version of ListFindings that supports * complex queries like "findings for issues" using functions such as * `has_issue` and `has_asset` in the query string. Example to search for * findings for a specific issue: * `has_issue("name=\"vaults/vault-12345/issues/issue-12345\"")`) * * @param parent Required. Parent of the findings. Format: vaults/{vault} */ async projectsFindingsSearch(parent: string, opts: ProjectsFindingsSearchOptions = {}): Promise { const url = new URL(`${this.#baseUrl}v1beta/${ parent }/findings:search`); if (opts.orderBy !== undefined) { url.searchParams.append("orderBy", String(opts.orderBy)); } if (opts.pageSize !== undefined) { url.searchParams.append("pageSize", String(opts.pageSize)); } if (opts.pageToken !== undefined) { url.searchParams.append("pageToken", String(opts.pageToken)); } if (opts.query !== undefined) { url.searchParams.append("query", String(opts.query)); } const data = await request(url.href, { client: this.#client, method: "GET", }); return deserializeSearchFindingsResponse(data); } /** * Triggers the generation of a Customer Profile for a project. * * @param name Required. The name of the project to generate the profile for. Format: projects/{project} */ async projectsGenerateOrgProfile(name: string, req: GenerateOrgProfileConfigurationRequest): Promise { const url = new URL(`${this.#baseUrl}v1beta/${ name }:generateOrgProfile`); const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "POST", body, }); return data as Operation; } } /** * The software that is affected by the vulnerability. */ export interface AffectedSoftware { /** * Optional. The product of the software. */ product?: string; /** * Optional. The vendor of the software. */ vendor?: string; } /** * Stateful object representing a group of Findings. Key feature to an Alert is * that it expresses the user's intent towards the findings of that group, even * those that haven't occurred yet. */ export interface Alert { /** * Optional. AI summary of the finding. */ aiSummary?: string; /** * Output only. Assets that are impacted by this alert. */ readonly assets?: string[]; /** * Output only. Audit information for the alert. */ readonly audit?: Audit; /** * Output only. The resource names of the Configurations bound to this alert. * Format: projects/{project}/configurations/{configuration} */ readonly configurations?: string[]; /** * Output only. Details object for the alert, not all alerts will have a * details object. */ readonly detail?: AlertDetail; /** * Output only. A short title for the alert. */ readonly displayName?: string; /** * Output only. alert names of the alerts that are duplicates of this alert. * Format: projects/{project}/alerts/{alert} */ readonly duplicatedBy?: string[]; /** * Output only. alert name of the alert this alert is a duplicate of. Format: * projects/{project}/alerts/{alert} */ readonly duplicateOf?: string; /** * Optional. If included when updating an alert, this should be set to the * current etag of the alert. If the etags do not match, the update will be * rejected and an ABORTED error will be returned. */ etag?: string; /** * Output only. External ID for the alert. This is used internally to provide * protection against out of order updates. */ readonly externalId?: string; /** * Output only. The number of findings associated with this alert. */ readonly findingCount?: bigint; /** * Output only. Findings that are covered by this alert. */ readonly findings?: string[]; /** * Identifier. Server generated name for the alert. format is * projects/{project}/alerts/{alert} */ name?: string; /** * Output only. High-Precision Priority Analysis for the alert. */ readonly priorityAnalysis?: PriorityAnalysis; /** * Output only. High-Precision Relevance Analysis verdict for the alert. */ readonly relevanceAnalysis?: RelevanceAnalysis; /** * Output only. High-Precision Severity Analysis for the alert. */ readonly severityAnalysis?: SeverityAnalysis; /** * Output only. State of the alert. */ readonly state?: | "STATE_UNSPECIFIED" | "NEW" | "READ" | "TRIAGED" | "ESCALATED" | "RESOLVED" | "DUPLICATE" | "FALSE_POSITIVE" | "NOT_ACTIONABLE" | "BENIGN" | "TRACKED_EXTERNALLY"; } /** * Container for different types of alert details. */ export interface AlertDetail { /** * Data Leak alert detail type. */ dataLeak?: DataLeakAlertDetail; /** * Output only. Name of the detail type. Will be set by the server during * creation to the name of the field that is set in the detail union. */ readonly detailType?: string; /** * Initial Access Broker alert detail type. */ initialAccessBroker?: InitialAccessBrokerAlertDetail; /** * Insider Threat alert detail type. */ insiderThreat?: InsiderThreatAlertDetail; /** * Domain Monitoring alert detail type. */ suspiciousDomain?: SuspiciousDomainAlertDetail; /** * Technology Watchlist alert detail type. */ targetTechnology?: TargetTechnologyAlertDetail; } function serializeAlertDetail(data: any): AlertDetail { return { ...data, suspiciousDomain: data["suspiciousDomain"] !== undefined ? serializeSuspiciousDomainAlertDetail(data["suspiciousDomain"]) : undefined, }; } function deserializeAlertDetail(data: any): AlertDetail { return { ...data, suspiciousDomain: data["suspiciousDomain"] !== undefined ? deserializeSuspiciousDomainAlertDetail(data["suspiciousDomain"]) : undefined, }; } /** * A document that is associated with an alert. */ export interface AlertDocument { /** * Output only. AI summary of the finding. */ readonly aiSummary?: string; /** * Output only. The author of the document. */ readonly author?: string; /** * Output only. Time when the origin source collected the intel. */ readonly collectionTime?: Date; /** * Output only. The content of the document. */ readonly content?: string; /** * Output only. The time the document was created. */ readonly createTime?: Date; /** * Output only. Time when GTI received the intel. */ readonly ingestTime?: Date; /** * Output only. The language code of the document. */ readonly languageCode?: string; /** * Identifier. Server generated name for the alert document. format is * projects/{project}/alerts/{alert}/documents/{document} */ name?: string; /** * Output only. Source of the intel item, e.g. DarkMarket. */ readonly source?: string; /** * Output only. Time when the intel was last updated by the source. */ readonly sourceUpdateTime?: Date; /** * Output only. URI of the intel item from the source. */ readonly sourceUri?: string; /** * Output only. The title of the document, if available. */ readonly title?: string; /** * Output only. The translation of the document, if available. */ readonly translation?: AlertDocumentTranslation; } /** * The translation of an alert document. */ export interface AlertDocumentTranslation { /** * Output only. The translated content of the document. */ readonly translatedContent?: string; /** * Output only. The translated title of the document. */ readonly translatedTitle?: string; } /** * Customer defined Configuration for asset discovery. */ export interface AssetDiscoveryConfig { /** * Output only. Timestamp of the last scan completed. This field is set by * the system and cannot be modified by the user. */ readonly lastScanCompleteTime?: Date; /** * Output only. Timestamp of the last scan started - used for scheduling the * next scan. This field is set by the system and cannot be modified by the * user. */ readonly lastScanStartTime?: Date; /** * Required. Frequency at which the scheduled discovery scan should be run. * If not specified, the default frequency is DAILY. */ scanFrequency?: | "ASSET_DISCOVERY_SCAN_FREQUENCY_UNSPECIFIED" | "ON_DEMAND" | "WEEKLY" | "DAILY" | "MONTHLY"; /** * Optional. Seed assets that are out of scope for the scheduled discovery * scan. */ scopeExclusionAssets?: AssetDiscoverySeed[]; /** * Required. Seed assets for the scheduled discovery scan. At least one seed * asset is required. */ seedAssets?: AssetDiscoverySeed[]; /** * Required. Workflow to be used for the scheduled discovery scan. If not * specified, the default workflow is EXTERNAL_DISCOVERY. */ workflow?: | "ASSET_DISCOVERY_WORKFLOW_UNSPECIFIED" | "EXTERNAL_DISCOVERY" | "EXTERNAL_DISCOVERY_AND_ASSESSMENT" | "MOBILE_APP_DISCOVERY"; } /** * Seed assets for asset discovery. */ export interface AssetDiscoverySeed { /** * Required. Type of the seed asset. */ seedType?: | "ASSET_DISCOVERY_SEED_TYPE_UNSPECIFIED" | "IP_ADDRESS" | "NETWORK_SERVICE"; /** * Required. Value for the seed asset. Could be an IP address, network * service, email addresses, etc. */ seedValue?: string; } /** * Represents an association with a vulnerability. */ export interface Association { /** * Required. The ID of the association. */ id?: string; /** * Required. The type of the association. */ type?: | "THREAT_INTEL_OBJECT_TYPE_UNSPECIFIED" | "THREAT_INTEL_OBJECT_TYPE_THREAT_ACTOR" | "THREAT_INTEL_OBJECT_TYPE_MALWARE" | "THREAT_INTEL_OBJECT_TYPE_REPORT" | "THREAT_INTEL_OBJECT_TYPE_CAMPAIGN" | "THREAT_INTEL_OBJECT_TYPE_IOC_COLLECTION" | "THREAT_INTEL_OBJECT_TYPE_SOFTWARE_AND_TOOLKITS" | "THREAT_INTEL_OBJECT_TYPE_VULNERABILITY"; } /** * Tracks basic CRUD facts. */ export interface Audit { /** * Output only. Time of creation. */ readonly createTime?: Date; /** * Output only. Agent that created or updated the record, could be a UserId * or a JobId. */ readonly creator?: string; /** * Output only. Agent that last updated the record, could be a UserId or a * JobId. */ readonly updater?: string; /** * Output only. Time of creation or last update. */ readonly updateTime?: Date; } /** * Sample compromised credential detail. */ export interface CompromisedCredentialsFindingDetail { /** * Optional. Reference to the author this detail was extracted from. This is * deprecated and will be removed. */ author?: string; /** * Optional. Claimed site the credential is intended for. */ credentialService?: string; /** * Optional. Reference to the dark web document. This is deprecated and will * be removed. */ darkWebDoc?: string; /** * Optional. This will contain a link to the external reference for this * credential. If set, this is a link back to the DTM product to allow * customers to get additional context about this finding. */ externalReferenceUri?: string; /** * Optional. If the source of the credential was from a file dump this will * contain the name of the file the credential was found in. This can be used * by customers for context on where the credential was found and to try to * find other references to the file in the wild. */ fileDump?: string; /** * Optional. A list of hashes of the file dump. These will be prefixed with * the algorithm. Example: "sha256:" */ fileDumpHashes?: string[]; /** * Optional. If file_dump is set this will contain the size of the dump file * in bytes. File dumps can be very large. */ fileDumpSizeBytes?: bigint; /** * Optional. Reference to the forum this detail was extracted from. This is * deprecated and will be removed. */ forum?: string; /** * Optional. This will indicate the malware family that leaked this * credential, if known. */ malwareFamily?: string; /** * Optional. This indicates our best guess as to when the credential was * leaked to the particular venue that triggered this finding. This is not * necessarily the time the credential was actually leaked and it may not * always be be accurate. */ postedTime?: Date; /** * Optional. If the source of a credential is publicly addressable this will * contain a uri to the where the credential was found. */ sourceUri?: string; /** * Required. This field will always be set and will be used to identify the * user named in the credential leak. In cases where customers are authorized * to see the actual user key this will be set to the actual user key. In * cases where the customer is not authorized to see the actual user key this * will be set to a hash of the user key. The hashed value is an intentionally * opaque value that is not intended to be used for any other purpose than to * uniquely identify the user in the context of this specific customer, * service domain, and user name. Example: "user@example.com" or "redacted:". */ userKey?: string; /** * Optional. Claimed evidence of the password/secret. This will always be * hashed. In the event where the plaintext password is known it will be set * to "redacted:" where the same hash will be presented when the same password * is found for the same organization for the same service. Redaction is done * by hashing the password with a salt that is unique to the customer * organization and service. In the event where the plaintext password is not * known it will be set to ":" where the algorithm is the hash algorithm used * and the hash is the hash of the password using that algorithm. In the event * we don't know the exact algorithm used we will set it to "hashed:". */ userSecretEvidence?: string; } function serializeCompromisedCredentialsFindingDetail(data: any): CompromisedCredentialsFindingDetail { return { ...data, fileDumpSizeBytes: data["fileDumpSizeBytes"] !== undefined ? String(data["fileDumpSizeBytes"]) : undefined, postedTime: data["postedTime"] !== undefined ? data["postedTime"].toISOString() : undefined, }; } function deserializeCompromisedCredentialsFindingDetail(data: any): CompromisedCredentialsFindingDetail { return { ...data, fileDumpSizeBytes: data["fileDumpSizeBytes"] !== undefined ? BigInt(data["fileDumpSizeBytes"]) : undefined, postedTime: data["postedTime"] !== undefined ? new Date(data["postedTime"]) : undefined, }; } /** * A configuration represents a behavior an engine should follow when producing * new findings. */ export interface Configuration { /** * Output only. Audit information for the configuration. */ readonly audit?: Audit; /** * Optional. A description of the configuration. */ description?: string; /** * Required. Domain specific details for the configuration. */ detail?: ConfigurationDetail; /** * Output only. Human readable name for the configuration. */ readonly displayName?: string; /** * Identifier. Server generated name for the configuration. format is * vaults/{vault}/configurations/{configuration} */ name?: string; /** * Required. Name of the service that provides the configuration. */ provider?: string; /** * Optional. State of the configuration. */ state?: | "STATE_UNSPECIFIED" | "ENABLED" | "DISABLED" | "DEPRECATED"; /** * Optional. A user-manipulatable version. Does not adhere to a specific * format */ version?: string; } function serializeConfiguration(data: any): Configuration { return { ...data, detail: data["detail"] !== undefined ? serializeConfigurationDetail(data["detail"]) : undefined, }; } function deserializeConfiguration(data: any): Configuration { return { ...data, detail: data["detail"] !== undefined ? deserializeConfigurationDetail(data["detail"]) : undefined, }; } /** * Wrapper class that contains the union struct for all the various * configuration detail specific classes. */ export interface ConfigurationDetail { /** * Asset Discovery detail config. */ assetDiscovery?: AssetDiscoveryConfig; /** * Customer Profile detail config. */ customerProfile?: CustomerProfileConfig; /** * Output only. Name of the detail type. Will be set by the server during * creation to the name of the field that is set in the detail union. */ readonly detailType?: string; /** * Domain Monitoring detail config. */ domainMonitoring?: DomainMonitoringConfig; /** * Initial Access Broker (IAB) detail config. */ initialAccessBroker?: InitialAccessBrokerConfig; /** * Technology Watchlist detail config. */ technologyWatchlist?: TechnologyWatchListConfig; } function serializeConfigurationDetail(data: any): ConfigurationDetail { return { ...data, customerProfile: data["customerProfile"] !== undefined ? serializeCustomerProfileConfig(data["customerProfile"]) : undefined, }; } function deserializeConfigurationDetail(data: any): ConfigurationDetail { return { ...data, customerProfile: data["customerProfile"] !== undefined ? deserializeCustomerProfileConfig(data["customerProfile"]) : undefined, }; } /** * A ConfigurationRevision is a snapshot of a Configuration at a point in time. * It is immutable. */ export interface ConfigurationRevision { /** * Output only. The time the Revision was created */ readonly createTime?: Date; /** * Identifier. The name of the ConfigurationRevision Format: * vaults//configurations//revisions/ OR projects//configurations//revisions/ */ name?: string; /** * The snapshot of the configuration */ snapshot?: Configuration; } function serializeConfigurationRevision(data: any): ConfigurationRevision { return { ...data, snapshot: data["snapshot"] !== undefined ? serializeConfiguration(data["snapshot"]) : undefined, }; } function deserializeConfigurationRevision(data: any): ConfigurationRevision { return { ...data, createTime: data["createTime"] !== undefined ? new Date(data["createTime"]) : undefined, snapshot: data["snapshot"] !== undefined ? deserializeConfiguration(data["snapshot"]) : undefined, }; } /** * Citation information for the customer profile. */ export interface CustomerProfileCitation { /** * Required. The citation id for the citation. Should be unique within the * profile. */ citationId?: string; /** * Required. The name of the document the citation is from. */ document?: string; /** * The time the citation was retrieved. */ retrievalTime?: Date; /** * Required. The source of the citation. */ source?: string; /** * Optional. The url of the citation. */ uri?: string; } function serializeCustomerProfileCitation(data: any): CustomerProfileCitation { return { ...data, retrievalTime: data["retrievalTime"] !== undefined ? data["retrievalTime"].toISOString() : undefined, }; } function deserializeCustomerProfileCitation(data: any): CustomerProfileCitation { return { ...data, retrievalTime: data["retrievalTime"] !== undefined ? new Date(data["retrievalTime"]) : undefined, }; } /** * A string with citation ids. */ export interface CustomerProfileCitedString { /** * Optional. The citation ids for the string. */ citationIds?: string[]; /** * Required. The value of the string. */ value?: string; } /** * Company information for the customer profile. */ export interface CustomerProfileCompany { /** * Optional. The citation ids for the company. */ citationIds?: string[]; /** * Required. The name of the company. */ company?: string; } /** * CustomerProfileConfig is the configuration for the customer profile. */ export interface CustomerProfileConfig { /** * Optional. Citations for the organization profile. */ citations?: CustomerProfileCitation[]; /** * Optional. Contact information for the organization. */ contactInfo?: CustomerProfileContactInfo[]; /** * Optional. Executives of the organization. */ executives?: CustomerProfilePerson[]; /** * Optional. The industries the organization is involved in. */ industries?: CustomerProfileIndustry[]; /** * Optional. Locations the organization is present or conducts business in. */ locations?: CustomerProfileLocation[]; /** * Required. The name of the organization. */ org?: string; /** * Optional. A summary of the organization. */ orgSummary?: string; /** * Optional. The parent companies of the organization. */ parentCompanies?: CustomerProfileCompany[]; /** * Optional. Product information for the organization. */ products?: CustomerProfileProduct[]; /** * Optional. Security considerations for the organization. */ securityConsiderations?: CustomerProfileSecurityConsiderations; /** * Optional. A summarized version of the customer profile. */ summary?: CustomerProfileSummary; /** * Optional. Technology presence of the organization. */ technologyPresence?: string; /** * Optional. Web presence of the organization. */ webPresences?: CustomerProfileWebPresence[]; } function serializeCustomerProfileConfig(data: any): CustomerProfileConfig { return { ...data, citations: data["citations"] !== undefined ? data["citations"].map((item: any) => (serializeCustomerProfileCitation(item))) : undefined, }; } function deserializeCustomerProfileConfig(data: any): CustomerProfileConfig { return { ...data, citations: data["citations"] !== undefined ? data["citations"].map((item: any) => (deserializeCustomerProfileCitation(item))) : undefined, }; } /** * Contact information for the customer profile. */ export interface CustomerProfileContactInfo { /** * The address of the contact. */ address?: string; /** * Optional. The citation ids for the contact information. */ citationIds?: string[]; /** * The email address of the contact. */ email?: string; /** * Optional. The name of the contact. */ label?: string; /** * The other contact information. */ other?: string; /** * The phone number of the contact. */ phone?: string; } /** * Industry information for the customer profile. */ export interface CustomerProfileIndustry { /** * Optional. The citation ids for the industry. */ citationIds?: string[]; /** * Required. The name of the industry. */ industry?: string; } /** * Location information for the customer profile. */ export interface CustomerProfileLocation { /** * Required. The address of the location. */ address?: string; /** * Required. The brand of the location. */ brand?: string; /** * Optional. The citation ids for the location. */ citationIds?: string[]; /** * Optional. The type of location. */ facilityType?: string; } /** * Person information for the customer profile. */ export interface CustomerProfilePerson { /** * Optional. The citation ids for the person. */ citationIds?: string[]; /** * Required. The name of the person. */ name?: string; /** * Optional. The title of the person. */ title?: string; } /** * Product information for the customer profile. */ export interface CustomerProfileProduct { /** * Required. The brand of the product. */ brand?: string; /** * Optional. The citation ids for the product. */ citationIds?: string[]; /** * Required. The name of the product. */ product?: string; } /** * Security considerations for the customer profile. */ export interface CustomerProfileSecurityConsiderations { /** * Optional. A series of considerations for the security of the organization, * such as "high risk of compromise" or "vulnerable to cyberbullying". */ considerations?: string[]; /** * Optional. A note about the security considerations. */ note?: string; } /** * A summarized version of the customer profile. Generated by the backend. */ export interface CustomerProfileSummary { /** * Optional. The area the customer serves. */ areaServed?: CustomerProfileCitedString; /** * Optional. A narrative summary of brands. */ brands?: CustomerProfileCitedString; /** * Optional. The entity type of the customer. */ entityType?: CustomerProfileCitedString; /** * Optional. The date the customer was founded. */ founded?: CustomerProfileCitedString; /** * Optional. The headquarters of the customer. */ headquarters?: CustomerProfileCitedString; /** * Optional. The industry the customer is in. */ industry?: CustomerProfileCitedString; /** * Optional. A narrative summary of key people. */ keyPeopleSummary?: CustomerProfileCitedString; /** * Optional. The parent company of the customer. */ parentCompany?: CustomerProfileCitedString; /** * Optional. The primary website of the customer. */ primaryWebsite?: CustomerProfileCitedString; /** * Optional. A narrative summary of products. */ productsSummary?: CustomerProfileCitedString; /** * Optional. A narrative summary of services. */ servicesSummary?: CustomerProfileCitedString; /** * Optional. The official name of the customer. */ title?: CustomerProfileCitedString; } /** * Web presence information for the customer profile. */ export interface CustomerProfileWebPresence { /** * Optional. The citation ids for the web presence. */ citationIds?: string[]; /** * Required. The domain name of the web presence. */ domain?: string; } /** * Captures the specific details of Data Leak alert. */ export interface DataLeakAlertDetail { /** * Required. Array of ids to accommodate multiple discovery documents */ discoveryDocumentIds?: string[]; /** * Required. Data Leak specific severity This will be the string * representation of the DataLeakFindingDetail.Severityenum. (e.g., "LOW", * "MEDIUM", "HIGH", "CRITICAL") */ severity?: string; } /** * A detail object for a Data Leak finding. */ export interface DataLeakFindingDetail { /** * Required. The unique identifier of the document that triggered the Data * Leak finding. This ID can be used to retrieve the content of the document * for further analysis. */ documentId?: string; /** * Required. Reference to the match score of the Data Leak finding. This is a * float value greater than 0 and less than or equal to 1 calculated by the * matching engine based on the similarity of the document and the user * provided configurations. */ matchScore?: number; /** * Required. The severity of the Data Leak finding. This indicates the * potential impact of the threat. */ severity?: | "SEVERITY_UNSPECIFIED" | "LOW" | "MEDIUM" | "HIGH" | "CRITICAL"; } /** * Any account-level configuration options will go here. */ export interface DomainMonitoringConfig { /** * The domains to use as "seeds" for Suspicious Domain Monitoring. */ domains?: DomainMonitoringDomain[]; } /** * A Domain Monitoring "domain" */ export interface DomainMonitoringDomain { /** * The domain name to match against. */ domain?: string; } /** * EntityProfile represents the structured profile of a customer entity, * containing key identifiers and descriptive attributes optimized for * contextual matching against threat intelligence, particularly Initial Access * Broker (IAB) offerings. */ export interface EntityProfile { /** * Optional. List of specific countries of operation. Purpose: Essential for * matching geographically targeted threats (e.g., actor specifies victims in * 'DE'). Use ISO 3166-1 alpha-2 codes (e.g., "US", "GB", "JP", "DE"). */ countries?: string[]; /** * Required. List of primary internet domain names associated with the * entity. Purpose: Crucial for explicit matching against domains mentioned in * threat intel and can inform semantic matching. Must contain at least one * domain. Example: ["acme.com", "acme.co.uk"] */ domains?: string[]; /** * Optional. List of primary industry sectors the entity operates within. * Purpose: Crucial for matching industry-specific threats and understanding * attacker motivation. Use standardized GTI Industry Classification values. * Example: ["Technology", "Financial Services", "Healthcare"] */ industries?: string[]; /** * Required. Canonical name of the entity (e.g., the legal company name). * Purpose: Primary identifier for the customer. */ name?: string; /** * Optional. Specific geographic areas of *significant* operational * concentration or strategic importance below the country level, if clearly * identifiable and relevant. Purpose: Useful for highly localized threats, * less commonly populated than `countries`. Example: ["Silicon Valley", * "Frankfurt am Main Metropolitan Region"] */ operationalAreas?: string[]; /** * Required. A concise, machine-generated (e.g., LLM) or human-curated * summary of the entity. Purpose: Captures the semantic essence for embedding * generation and similarity matching. Should synthesize key aspects like core * business, scale, and market. Example: "Acme Corporation is a large, * US-based multinational conglomerate operating..." */ profileSummary?: string; /** * Optional. List of primary geopolitical regions where the entity has * significant operations. Purpose: Filters geographically relevant threats. * Use standardized names or codes where possible (e.g., "North America", * "EMEA", "APAC", UN M49 codes). */ regions?: string[]; /** * Optional. List of more granular sub-industries, if applicable and known. * Purpose: Provides finer-grained context for more specific threat matching. * Should align with GTI classifications if possible. Example: * ["Semiconductors", "Cloud Computing Services", "Investment Banking"] */ subIndustries?: string[]; } /** * Response message for EnumerateAlertFacets. */ export interface EnumerateAlertFacetsResponse { /** * List of facets and the counts. */ facets?: Facet[]; } function serializeEnumerateAlertFacetsResponse(data: any): EnumerateAlertFacetsResponse { return { ...data, facets: data["facets"] !== undefined ? data["facets"].map((item: any) => (serializeFacet(item))) : undefined, }; } function deserializeEnumerateAlertFacetsResponse(data: any): EnumerateAlertFacetsResponse { return { ...data, facets: data["facets"] !== undefined ? data["facets"].map((item: any) => (deserializeFacet(item))) : undefined, }; } /** * Details the evidence used to determine the relevance verdict. */ export interface Evidence { /** * A list of semantic themes or concepts found to be common, related, or * aligned between the sources, supporting the verdict. */ commonThemes?: string[]; /** * A list of semantic themes or descriptions unique to one source or * semantically distant. */ distinctThemes?: string[]; } /** * Facet represents a sub element of a resource for filtering. The results from * this method are used to populate the filterable facets in the UI. */ export interface Facet { /** * Name of the facet. This is also the string that needs to be used in the * filtering expression. */ facet?: string; /** * List of counts for the facet (if categorical). */ facetCounts?: FacetCount[]; /** * The type of the facet. Options include "string", "int", "float", "bool", * "enum", "timestamp", "user" and are useful to show the right sort of UI * controls when building a AIP-160 style filtering string. */ facetType?: string; /** * Max value of the facet stringified based on type. Will be populated and * formatted the same as min_value. */ maxValue?: string; /** * Min value of the facet stringified based on type. This is only populated * for facets that have a clear ordering, for types like enum it will be left * empty. Timestamps will be formatted using RFC3339. */ minValue?: string; /** * Total number of records that contain this facet with ANY value. */ totalCount?: bigint; } function serializeFacet(data: any): Facet { return { ...data, totalCount: data["totalCount"] !== undefined ? String(data["totalCount"]) : undefined, }; } function deserializeFacet(data: any): Facet { return { ...data, totalCount: data["totalCount"] !== undefined ? BigInt(data["totalCount"]) : undefined, }; } /** * FacetCount represents a count of records with each facet value. */ export interface FacetCount { /** * Count of records with the value. */ count?: number; /** * Value of the facet stringified. Timestamps will be formatted using * RFC3339. */ value?: string; } /** * A ‘stateless’ and a point in time event that a check produced a result of * interest. */ export interface Finding { /** * Optional. AI summary of the finding. */ aiSummary?: string; /** * Optional. Name of the alert that this finding is bound to. */ alert?: string; /** * Optional. Optional - asset name if known. Format: * vaults/{vault}/assets/{asset} */ asset?: string; /** * Output only. Audit data about the finding. */ readonly audit?: Audit; /** * Optional. Configuration names that are bound to this finding. */ configurations?: string[]; /** * Required. Holder of the domain specific details of the finding. */ detail?: FindingDetail; /** * Required. A short descriptive title for the finding <= 250 chars. EX: * "Actor 'baddy' offering $1000 for credentials of 'goodguy'". */ displayName?: string; /** * Optional. Optional - name of the issue that this finding is bound to. * Format: vaults/{vault}/issues/{issue} */ issue?: string; /** * Identifier. Server generated name for the finding (leave clear during * creation). Format: vaults/{vault}/findings/{finding} */ name?: string; /** * Required. Logical source of this finding (name of the sub-engine). */ provider?: string; /** * Output only. High-Precision Relevance Analysis verdict for the finding. */ readonly relevanceAnalysis?: RelevanceAnalysis; /** * Output only. When identical finding (same labels and same details) has * re-occurred. */ readonly reoccurrenceTimes?: Date[]; /** * Optional. Deprecated: Use the `severity_analysis` field instead. Base * severity score from the finding source. */ severity?: number; /** * Output only. High-Precision Severity Analysis verdict for the finding. */ readonly severityAnalysis?: SeverityAnalysis; } function serializeFinding(data: any): Finding { return { ...data, detail: data["detail"] !== undefined ? serializeFindingDetail(data["detail"]) : undefined, }; } function deserializeFinding(data: any): Finding { return { ...data, detail: data["detail"] !== undefined ? deserializeFindingDetail(data["detail"]) : undefined, reoccurrenceTimes: data["reoccurrenceTimes"] !== undefined ? data["reoccurrenceTimes"].map((item: any) => (new Date(item))) : undefined, }; } /** * Wrapper class that contains the union struct for all the various findings * detail specific classes. */ export interface FindingDetail { /** * Compromised Credentials detail type. */ compromisedCredentials?: CompromisedCredentialsFindingDetail; /** * Data Leak finding detail type. */ dataLeak?: DataLeakFindingDetail; /** * Output only. Name of the detail type. Will be set by the server during * creation to the name of the field that is set in the detail union. */ readonly detailType?: string; /** * Inband vulnerability detail type. */ inbandVulnerability?: InbandVulnerabilityFindingDetail; /** * Initial Access Broker finding detail type. */ initialAccessBroker?: InitialAccessBrokerFindingDetail; /** * Insider Threat finding detail type. */ insiderThreat?: InsiderThreatFindingDetail; /** * Misconfiguration finding detail type. */ misconfiguration?: MisconfigurationFindingDetail; /** * Domain Monitoring finding detail type. */ suspiciousDomain?: SuspiciousDomainFindingDetail; /** * Technology Watchlist finding detail type. */ targetTechnology?: TargetTechnologyFindingDetail; } function serializeFindingDetail(data: any): FindingDetail { return { ...data, compromisedCredentials: data["compromisedCredentials"] !== undefined ? serializeCompromisedCredentialsFindingDetail(data["compromisedCredentials"]) : undefined, inbandVulnerability: data["inbandVulnerability"] !== undefined ? serializeInbandVulnerabilityFindingDetail(data["inbandVulnerability"]) : undefined, suspiciousDomain: data["suspiciousDomain"] !== undefined ? serializeSuspiciousDomainFindingDetail(data["suspiciousDomain"]) : undefined, }; } function deserializeFindingDetail(data: any): FindingDetail { return { ...data, compromisedCredentials: data["compromisedCredentials"] !== undefined ? deserializeCompromisedCredentialsFindingDetail(data["compromisedCredentials"]) : undefined, inbandVulnerability: data["inbandVulnerability"] !== undefined ? deserializeInbandVulnerabilityFindingDetail(data["inbandVulnerability"]) : undefined, suspiciousDomain: data["suspiciousDomain"] !== undefined ? deserializeSuspiciousDomainFindingDetail(data["suspiciousDomain"]) : undefined, }; } /** * Request message for GenerateOrgProfileConfiguration. */ export interface GenerateOrgProfileConfigurationRequest { /** * Required. The display name of the organization to generate the profile * for. */ displayName?: string; /** * Required. The domain of the organization to generate the profile for. */ domain?: string; } /** * Fleshed out vulnerability object that includes enough details to fill out a * vulnerability specific view for an issue. */ export interface InbandVulnerability { /** * Optional. The software that is affected by the vulnerability. */ affectedSoftware?: AffectedSoftware[]; /** * Optional. The authors of the vulnerability detection. */ authors?: string[]; /** * Required. The CVE ID of the vulnerability. */ cveId?: string; /** * Required. The CVSS V3.1 score (Base score)for the vulnerability. ( ) */ cvssV31Score?: number; /** * Optional. Temporal CVSS V3.1 score for the vulnerability. */ cvssV31ScoreTemporal?: number; /** * Optional. The human readable description. This can be basic HTML formatted * text. */ description?: string; /** * Optional. The date the vulnerability was first disclosed. */ disclosureTime?: Date; /** * Optional. Exploitation state of the vulnerability, for example * "Available". */ exploitationState?: string; /** * Required. The external ID of the vulnerability. */ externalVulnerabilityId?: string; /** * Optional. Whether this is exploited in the wild. */ isExploitedWild?: boolean; /** * Optional. Reference URLs to the vulnerability. */ referenceUrls?: string[]; /** * Optional. The human readable remediation recommendation. This can be basic * HTML formatted text. */ remediation?: string; /** * Optional. Risk rating for the vulnerability, for example "High". */ riskRating?: string; /** * Optional. Human readable name for the vulnerability. */ title?: string; } function serializeInbandVulnerability(data: any): InbandVulnerability { return { ...data, disclosureTime: data["disclosureTime"] !== undefined ? data["disclosureTime"].toISOString() : undefined, }; } function deserializeInbandVulnerability(data: any): InbandVulnerability { return { ...data, disclosureTime: data["disclosureTime"] !== undefined ? new Date(data["disclosureTime"]) : undefined, }; } /** * This is a temporary detail type that will be used to support vulnerabilities * until the engines start using the full vulnerability objects. The "Inband" * refers to the fact that all vulnerability details are included with every * finding. */ export interface InbandVulnerabilityFindingDetail { /** * Optional. A short description of the proof of the vulnerability. */ formattedProofDetails?: string; /** * Optional. The URI that lead to this detection, if appropriate. */ requestUri?: string; /** * Required. Vulnerability metadata. */ vulnerability?: InbandVulnerability; } function serializeInbandVulnerabilityFindingDetail(data: any): InbandVulnerabilityFindingDetail { return { ...data, vulnerability: data["vulnerability"] !== undefined ? serializeInbandVulnerability(data["vulnerability"]) : undefined, }; } function deserializeInbandVulnerabilityFindingDetail(data: any): InbandVulnerabilityFindingDetail { return { ...data, vulnerability: data["vulnerability"] !== undefined ? deserializeInbandVulnerability(data["vulnerability"]) : undefined, }; } /** * Captures the specific details of InitialAccessBroker (IAB) alert. */ export interface InitialAccessBrokerAlertDetail { /** * Required. Array of ids to accommodate multiple discovery documents */ discoveryDocumentIds?: string[]; /** * Required. IAB specific severity */ severity?: string; } /** * InitialAccessBrokerConfig is specific to Initial Access Broker (IAB) * matching scenarios. */ export interface InitialAccessBrokerConfig { /** * Represents the comprehensive profile of the customer entity used for * matching. */ entityProfile?: EntityProfile; } /** * A detail object for an Initial Access Broker (IAB) finding. */ export interface InitialAccessBrokerFindingDetail { /** * Required. The unique identifier of the document that triggered the IAB * finding. This ID can be used to retrieve the content of the document for * further analysis. */ documentId?: string; /** * Required. Reference to the match score of the IAB finding. This is a float * value between 0 and 1 calculated by the matching engine based on the * similarity of the document and the user provided configurations. */ matchScore?: number; /** * Required. The severity of the IAB finding. This indicates the potential * impact of the threat. */ severity?: | "SEVERITY_UNSPECIFIED" | "LOW" | "MEDIUM" | "HIGH" | "CRITICAL"; } /** * Captures the specific details of InsiderThreat alert. */ export interface InsiderThreatAlertDetail { /** * Required. Array of ids to accommodate multiple discovery documents */ discoveryDocumentIds?: string[]; /** * Required. InsiderThreat specific severity This will be the string * representation of the InsiderThreatFindingDetail.Severityenum. (e.g., * "LOW", "MEDIUM", "HIGH", "CRITICAL") */ severity?: string; } /** * A detail object for a InsiderThreat finding. */ export interface InsiderThreatFindingDetail { /** * Required. The unique identifier of the document that triggered the * InsiderThreat finding. This ID can be used to retrieve the content of the * document for further analysis. */ documentId?: string; /** * Required. Reference to the match score of the InsiderThreat finding. This * is a float value greater than 0 and less than or equal to 1 calculated by * the matching engine based on the similarity of the document and the user * provided configurations. */ matchScore?: number; /** * Required. The severity of the InsiderThreat finding. This indicates the * potential impact of the threat. */ severity?: | "SEVERITY_UNSPECIFIED" | "LOW" | "MEDIUM" | "HIGH" | "CRITICAL"; } /** * Response message for ListAlerts. */ export interface ListAlertsResponse { /** * List of alerts. */ alerts?: Alert[]; /** * Page token. */ nextPageToken?: string; } /** * Response message for ListConfigurationRevisions. */ export interface ListConfigurationRevisionsResponse { /** * A token, which can be sent as `page_token` to retrieve the next page. If * this field is omitted, there are no subsequent pages. */ nextPageToken?: string; /** * The Configuration Revisions associated with the specified Configuration */ revisions?: ConfigurationRevision[]; } function serializeListConfigurationRevisionsResponse(data: any): ListConfigurationRevisionsResponse { return { ...data, revisions: data["revisions"] !== undefined ? data["revisions"].map((item: any) => (serializeConfigurationRevision(item))) : undefined, }; } function deserializeListConfigurationRevisionsResponse(data: any): ListConfigurationRevisionsResponse { return { ...data, revisions: data["revisions"] !== undefined ? data["revisions"].map((item: any) => (deserializeConfigurationRevision(item))) : undefined, }; } /** * Response message for ListConfigurations. */ export interface ListConfigurationsResponse { /** * List of configurations. */ configurations?: Configuration[]; /** * Page token. */ nextPageToken?: string; } function serializeListConfigurationsResponse(data: any): ListConfigurationsResponse { return { ...data, configurations: data["configurations"] !== undefined ? data["configurations"].map((item: any) => (serializeConfiguration(item))) : undefined, }; } function deserializeListConfigurationsResponse(data: any): ListConfigurationsResponse { return { ...data, configurations: data["configurations"] !== undefined ? data["configurations"].map((item: any) => (deserializeConfiguration(item))) : undefined, }; } /** * Response message for ListFindings. */ export interface ListFindingsResponse { /** * List of findings. */ findings?: Finding[]; /** * Page token. */ nextPageToken?: string; } function serializeListFindingsResponse(data: any): ListFindingsResponse { return { ...data, findings: data["findings"] !== undefined ? data["findings"].map((item: any) => (serializeFinding(item))) : undefined, }; } function deserializeListFindingsResponse(data: any): ListFindingsResponse { return { ...data, findings: data["findings"] !== undefined ? data["findings"].map((item: any) => (deserializeFinding(item))) : undefined, }; } /** * Request message for MarkAlertAsBenign. */ export interface MarkAlertAsBenignRequest { } /** * Request message for MarkAlertAsDuplicate. */ export interface MarkAlertAsDuplicateRequest { /** * Optional. Name of the alert to mark as a duplicate of. Format: * projects/{project}/alerts/{alert} */ duplicateOf?: string; } /** * Request message for MarkAlertAsEscalated. */ export interface MarkAlertAsEscalatedRequest { } /** * Request message for MarkAlertAsFalsePositive. */ export interface MarkAlertAsFalsePositiveRequest { } /** * Request message for MarkAlertAsNotActionable. */ export interface MarkAlertAsNotActionableRequest { } /** * Request message for MarkAlertAsRead. */ export interface MarkAlertAsReadRequest { } /** * Request message for MarkAlertAsResolved. */ export interface MarkAlertAsResolvedRequest { } /** * Request message for MarkAlertAsTrackedExternally. */ export interface MarkAlertAsTrackedExternallyRequest { } /** * Request message for MarkAlertAsTriaged. */ export interface MarkAlertAsTriagedRequest { } /** * Misconfiguration finding detail. */ export interface MisconfigurationFindingDetail { /** * Required. The misconfiguration metadata. */ misconfigurationMetadata?: MisconfigurationMetadata; } /** * Misconfiguration metadata. */ export interface MisconfigurationMetadata { /** * Optional. Description of the misconfiguration. */ description?: string; /** * Optional. A user-friendly name for the misconfiguration. */ displayName?: string; /** * Required. The identifier for the misconfiguration. This is an internal * name generated by the finding provider. */ misconfigurationId?: string; /** * Optional. References to external resources that provide more information * about the misconfiguration. */ references?: MisconfigurationReference[]; /** * Optional. Recommended remediation steps for the misconfiguration. */ remediation?: string; /** * Optional. The endpoint which was found to have the vulnerability. */ vulnerableUri?: string; } /** * A reference to an external resource that provides more information about a * misconfiguration. */ export interface MisconfigurationReference { /** * Required. The type of the reference (e.g., "description", "remediation"). */ type?: string; /** * Required. The URI of the reference. */ uri?: string; } /** * This resource represents a long-running operation that is the result of a * network API call. */ export interface Operation { /** * If the value is `false`, it means the operation is still in progress. If * `true`, the operation is completed, and either `error` or `response` is * available. */ done?: boolean; /** * The error result of the operation in case of failure or cancellation. */ error?: Status; /** * Service-specific metadata associated with the operation. It typically * contains progress information and common metadata such as create time. Some * services might not provide such metadata. Any method that returns a * long-running operation should document the metadata type, if any. */ metadata?: { [key: string]: any }; /** * The server-assigned name, which is only unique within the same service * that originally returns it. If you use the default HTTP mapping, the `name` * should be a resource name ending with `operations/{unique_id}`. */ name?: string; /** * The normal, successful response of the operation. If the original method * returns no data on success, such as `Delete`, the response is * `google.protobuf.Empty`. If the original method is standard * `Get`/`Create`/`Update`, the response should be the resource. For other * methods, the response should have the type `XxxResponse`, where `Xxx` is * the original method name. For example, if the original method name is * `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`. */ response?: { [key: string]: any }; } /** * Structured priority analysis for a threat. */ export interface PriorityAnalysis { /** * The level of confidence in the given verdict. */ confidence?: | "CONFIDENCE_LEVEL_UNSPECIFIED" | "CONFIDENCE_LEVEL_LOW" | "CONFIDENCE_LEVEL_MEDIUM" | "CONFIDENCE_LEVEL_HIGH"; /** * The level of Priority. */ priorityLevel?: | "PRIORITY_LEVEL_UNSPECIFIED" | "PRIORITY_LEVEL_LOW" | "PRIORITY_LEVEL_MEDIUM" | "PRIORITY_LEVEL_HIGH" | "PRIORITY_LEVEL_CRITICAL"; /** * Human-readable explanation from the model, detailing why a particular * result is considered to have a certain priority. */ reasoning?: string; } /** * Additional options for ThreatIntelligence#projectsAlertsEnumerateFacets. */ export interface ProjectsAlertsEnumerateFacetsOptions { /** * Optional. Filter on what alerts will be enumerated. */ filter?: string; } /** * Additional options for ThreatIntelligence#projectsAlertsList. */ export interface ProjectsAlertsListOptions { /** * Optional. Filter criteria. */ filter?: string; /** * Optional. Order by criteria in the csv format: "field1,field2 desc" or * "field1,field2" or "field1 asc, field2". */ orderBy?: string; /** * Optional. Page size. */ pageSize?: number; /** * Optional. Page token. */ pageToken?: string; } /** * Additional options for ThreatIntelligence#projectsConfigurationsList. */ export interface ProjectsConfigurationsListOptions { /** * Optional. Filter criteria. */ filter?: string; /** * Optional. Order by criteria in the csv format: "field1,field2 desc" or * "field1,field2" or "field1 asc, field2". */ orderBy?: string; /** * Optional. Page size. */ pageSize?: number; /** * Optional. Page token. */ pageToken?: string; } /** * Additional options for * ThreatIntelligence#projectsConfigurationsRevisionsList. */ export interface ProjectsConfigurationsRevisionsListOptions { /** * Optional. An AIP-160 filter string */ filter?: string; /** * Optional. Specify ordering of response */ orderBy?: string; /** * Optional. Page Size */ pageSize?: number; /** * Optional. A page token provided by the API */ pageToken?: string; } /** * Additional options for ThreatIntelligence#projectsConfigurationsUpsert. */ export interface ProjectsConfigurationsUpsertOptions { /** * Optional. Time that the configuration should be considered to have been * published. This is an advanced feature used when onboarding and bulk * loading data from other systems. Do not set this field without consulting * with the API team. */ publishTime?: Date; } function serializeProjectsConfigurationsUpsertOptions(data: any): ProjectsConfigurationsUpsertOptions { return { ...data, publishTime: data["publishTime"] !== undefined ? data["publishTime"].toISOString() : undefined, }; } function deserializeProjectsConfigurationsUpsertOptions(data: any): ProjectsConfigurationsUpsertOptions { return { ...data, publishTime: data["publishTime"] !== undefined ? new Date(data["publishTime"]) : undefined, }; } /** * Additional options for ThreatIntelligence#projectsFindingsList. */ export interface ProjectsFindingsListOptions { /** * Optional. Filter criteria. */ filter?: string; /** * Optional. Order by criteria in the csv format: "field1,field2 desc" or * "field1,field2" or "field1 asc, field2". */ orderBy?: string; /** * Optional. Page size. */ pageSize?: number; /** * Optional. Page token. */ pageToken?: string; } /** * Additional options for ThreatIntelligence#projectsFindingsSearch. */ export interface ProjectsFindingsSearchOptions { /** * Optional. Order by criteria in the csv format: "field1,field2 desc" or * "field1,field2" or "field1 asc, field2". */ orderBy?: string; /** * Optional. Page size. */ pageSize?: number; /** * Optional. Page token. */ pageToken?: string; /** * Optional. Query on what findings will be returned. This supports the same * filter criteria as FindingService.ListFindings as well as the following * relationship queries `has_issue` and `has_asset`. Examples: - * has_issue("name=\"vaults/vault-12345/issues/issue-12345\"") - * has_asset("name=\"vaults/vault-12345/assets/asset-12345\"") */ query?: string; } /** * Request message for FetchAlertUriStatus. */ export interface RefreshAlertUriStatusRequest { } /** * Response message for FetchAlertUriStatus. */ export interface RefreshAlertUriStatusResponse { /** * Output only. Status of the alert in WebRisk. */ readonly state?: | "SUSPICIOUS_DOMAIN_WEB_RISK_STATE_UNSPECIFIED" | "SUSPICIOUS_DOMAIN_WEB_RISK_STATE_NOT_SUBMITTED" | "SUSPICIOUS_DOMAIN_WEB_RISK_STATE_SUBMITTED" | "SUSPICIOUS_DOMAIN_WEB_RISK_STATE_PROCESSING" | "SUSPICIOUS_DOMAIN_WEB_RISK_STATE_ADDED" | "SUSPICIOUS_DOMAIN_WEB_RISK_STATE_REJECTED"; } /** * Structured relevance analysis for a threat. */ export interface RelevanceAnalysis { /** * The level of confidence in the given verdict. */ confidence?: | "CONFIDENCE_LEVEL_UNSPECIFIED" | "CONFIDENCE_LEVEL_LOW" | "CONFIDENCE_LEVEL_MEDIUM" | "CONFIDENCE_LEVEL_HIGH"; /** * Evidence supporting the verdict, including matched and unmatched items. */ evidence?: Evidence; /** * Human-readable explanation from the matcher, detailing why a particular * result is considered relevant or not relevant. */ reasoning?: string; /** * The level of relevance. */ relevanceLevel?: | "RELEVANCE_LEVEL_UNSPECIFIED" | "RELEVANCE_LEVEL_LOW" | "RELEVANCE_LEVEL_MEDIUM" | "RELEVANCE_LEVEL_HIGH"; /** * Indicates whether the threat is considered relevant. */ relevant?: boolean; } /** * Request message for ReportAlertUri. */ export interface ReportAlertUriRequest { } /** * Response message for ReportAlertUri. */ export interface ReportAlertUriResponse { /** * Output only. Status of the alert in WebRisk. */ readonly state?: | "SUSPICIOUS_DOMAIN_WEB_RISK_STATE_UNSPECIFIED" | "SUSPICIOUS_DOMAIN_WEB_RISK_STATE_NOT_SUBMITTED" | "SUSPICIOUS_DOMAIN_WEB_RISK_STATE_SUBMITTED" | "SUSPICIOUS_DOMAIN_WEB_RISK_STATE_PROCESSING" | "SUSPICIOUS_DOMAIN_WEB_RISK_STATE_ADDED" | "SUSPICIOUS_DOMAIN_WEB_RISK_STATE_REJECTED"; } /** * Response message for SearchFindings. */ export interface SearchFindingsResponse { /** * List of findings. */ findings?: Finding[]; /** * Page token. */ nextPageToken?: string; } function serializeSearchFindingsResponse(data: any): SearchFindingsResponse { return { ...data, findings: data["findings"] !== undefined ? data["findings"].map((item: any) => (serializeFinding(item))) : undefined, }; } function deserializeSearchFindingsResponse(data: any): SearchFindingsResponse { return { ...data, findings: data["findings"] !== undefined ? data["findings"].map((item: any) => (deserializeFinding(item))) : undefined, }; } /** * Structured severity analysis for a threat. */ export interface SeverityAnalysis { /** * The level of confidence in the given verdict. */ confidence?: | "CONFIDENCE_LEVEL_UNSPECIFIED" | "CONFIDENCE_LEVEL_LOW" | "CONFIDENCE_LEVEL_MEDIUM" | "CONFIDENCE_LEVEL_HIGH"; /** * Human-readable explanation from the model, detailing why a particular * result is considered to have a certain severity. */ reasoning?: string; /** * The level of severity. */ severityLevel?: | "SEVERITY_LEVEL_UNSPECIFIED" | "SEVERITY_LEVEL_LOW" | "SEVERITY_LEVEL_MEDIUM" | "SEVERITY_LEVEL_HIGH"; } /** * The `Status` type defines a logical error model that is suitable for * different programming environments, including REST APIs and RPC APIs. It is * used by [gRPC](https://github.com/grpc). Each `Status` message contains three * pieces of data: error code, error message, and error details. You can find * out more about this error model and how to work with it in the [API Design * Guide](https://cloud.google.com/apis/design/errors). */ export interface Status { /** * The status code, which should be an enum value of google.rpc.Code. */ code?: number; /** * A list of messages that carry the error details. There is a common set of * message types for APIs to use. */ details?: { [key: string]: any }[]; /** * A developer-facing error message, which should be in English. Any * user-facing error message should be localized and sent in the * google.rpc.Status.details field, or localized by the client. */ message?: string; } /** * The alert detail for a suspicious domain finding. */ export interface SuspiciousDomainAlertDetail { /** * The DNS details of the suspicious domain. */ dns?: SuspiciousDomainDnsDetails; /** * Required. The suspicious domain name. */ domain?: string; /** * The GTI details of the suspicious domain. */ gtiDetails?: SuspiciousDomainGtiDetails; /** * Output only. Name of Web Risk submission operation. */ readonly webRiskOperation?: string; /** * Output only. Status of the Web Risk submission. */ readonly webRiskState?: | "SUSPICIOUS_DOMAIN_WEB_RISK_STATE_UNSPECIFIED" | "SUSPICIOUS_DOMAIN_WEB_RISK_STATE_NOT_SUBMITTED" | "SUSPICIOUS_DOMAIN_WEB_RISK_STATE_SUBMITTED" | "SUSPICIOUS_DOMAIN_WEB_RISK_STATE_PROCESSING" | "SUSPICIOUS_DOMAIN_WEB_RISK_STATE_ADDED" | "SUSPICIOUS_DOMAIN_WEB_RISK_STATE_REJECTED"; /** * The whois details of the suspicious domain. */ whois?: SuspiciousDomainWhoIsDetails; } function serializeSuspiciousDomainAlertDetail(data: any): SuspiciousDomainAlertDetail { return { ...data, dns: data["dns"] !== undefined ? serializeSuspiciousDomainDnsDetails(data["dns"]) : undefined, whois: data["whois"] !== undefined ? serializeSuspiciousDomainWhoIsDetails(data["whois"]) : undefined, }; } function deserializeSuspiciousDomainAlertDetail(data: any): SuspiciousDomainAlertDetail { return { ...data, dns: data["dns"] !== undefined ? deserializeSuspiciousDomainDnsDetails(data["dns"]) : undefined, whois: data["whois"] !== undefined ? deserializeSuspiciousDomainWhoIsDetails(data["whois"]) : undefined, }; } /** * The DNS details of the suspicious domain. */ export interface SuspiciousDomainDnsDetails { /** * The DNS records of the suspicious domain. */ dnsRecords?: SuspiciousDomainDnsRecord[]; /** * The time the DNS details were retrieved. */ retrievalTime?: Date; } function serializeSuspiciousDomainDnsDetails(data: any): SuspiciousDomainDnsDetails { return { ...data, retrievalTime: data["retrievalTime"] !== undefined ? data["retrievalTime"].toISOString() : undefined, }; } function deserializeSuspiciousDomainDnsDetails(data: any): SuspiciousDomainDnsDetails { return { ...data, retrievalTime: data["retrievalTime"] !== undefined ? new Date(data["retrievalTime"]) : undefined, }; } /** * The DNS record of the suspicious domain. */ export interface SuspiciousDomainDnsRecord { /** * The name of the DNS record. */ record?: string; /** * The TTL of the DNS record. */ ttl?: number; /** * The type of the DNS record. */ type?: string; /** * The value of the DNS record. */ value?: string; } /** * A detailed object for a suspicious Domain finding. */ export interface SuspiciousDomainFindingDetail { /** * The DNS details of the suspicious domain. */ dns?: SuspiciousDomainDnsDetails; /** * Required. The suspicious domain name. */ domain?: string; /** * The GTI details of the suspicious domain. */ gtiDetails?: SuspiciousDomainGtiDetails; /** * Required. Reference to the match score of the finding. This is a float * value between 0 and 1 calculated by the matching engine. */ matchScore?: number; /** * Required. The severity of the finding. This indicates the potential impact * of the threat. */ severity?: | "SEVERITY_UNSPECIFIED" | "LOW" | "MEDIUM" | "HIGH" | "CRITICAL"; /** * The whois details of the suspicious domain. */ whois?: SuspiciousDomainWhoIsDetails; } function serializeSuspiciousDomainFindingDetail(data: any): SuspiciousDomainFindingDetail { return { ...data, dns: data["dns"] !== undefined ? serializeSuspiciousDomainDnsDetails(data["dns"]) : undefined, whois: data["whois"] !== undefined ? serializeSuspiciousDomainWhoIsDetails(data["whois"]) : undefined, }; } function deserializeSuspiciousDomainFindingDetail(data: any): SuspiciousDomainFindingDetail { return { ...data, dns: data["dns"] !== undefined ? deserializeSuspiciousDomainDnsDetails(data["dns"]) : undefined, whois: data["whois"] !== undefined ? deserializeSuspiciousDomainWhoIsDetails(data["whois"]) : undefined, }; } /** * The GTI details of the suspicious domain. */ export interface SuspiciousDomainGtiDetails { /** * The threat score of the suspicious domain. The threat score is a number * between 0 and 100. */ threatScore?: number; /** * Output only. The verdict of the suspicious domain. */ readonly verdict?: | "SUSPICIOUS_DOMAIN_GTI_VERDICT_UNSPECIFIED" | "SUSPICIOUS_DOMAIN_GTI_VERDICT_BENIGN" | "SUSPICIOUS_DOMAIN_GTI_VERDICT_UNDETECTED" | "SUSPICIOUS_DOMAIN_GTI_VERDICT_SUSPICIOUS" | "SUSPICIOUS_DOMAIN_GTI_VERDICT_MALICIOUS" | "SUSPICIOUS_DOMAIN_GTI_VERDICT_UNKNOWN"; /** * VirusTotal link for the domain */ virustotalUri?: string; } /** * The whois details of the suspicious domain. */ export interface SuspiciousDomainWhoIsDetails { /** * The time the whois details were retrieved. */ retrievalTime?: Date; /** * The whois details of the suspicious domain. */ whois?: string; } function serializeSuspiciousDomainWhoIsDetails(data: any): SuspiciousDomainWhoIsDetails { return { ...data, retrievalTime: data["retrievalTime"] !== undefined ? data["retrievalTime"].toISOString() : undefined, }; } function deserializeSuspiciousDomainWhoIsDetails(data: any): SuspiciousDomainWhoIsDetails { return { ...data, retrievalTime: data["retrievalTime"] !== undefined ? new Date(data["retrievalTime"]) : undefined, }; } /** * Contains details for a technology watchlist alert. */ export interface TargetTechnologyAlertDetail { /** * Optional. The vulnerability match details. */ vulnerabilityMatch?: VulnerabilityMatch; } /** * Contains details for a technology watchlist finding. */ export interface TargetTechnologyFindingDetail { /** * Optional. The vulnerability match details. */ vulnerabilityMatch?: VulnerabilityMatch; } /** * TechnologyWatchListAlertThreshold contains the thresholds for alerting. */ export interface TechnologyWatchListAlertThreshold { /** * Optional. The minimum cvss V3 score for the alert. Ex: 7.0. Valid range is * [0.0, 10.0]. */ cvssScoreMinimum?: number; /** * Optional. The minimum epss score for the alert. Ex: 0.8. Valid range is * [0.0, 1.0]. */ epssScoreMinimum?: number; /** * Optional. The exploitation states of the alert. */ exploitationStates?: | "EXPLOITATION_STATE_UNSPECIFIED" | "EXPLOITATION_STATE_NO_KNOWN" | "EXPLOITATION_STATE_REPORTED" | "EXPLOITATION_STATE_SUSPECTED" | "EXPLOITATION_STATE_CONFIRMED" | "EXPLOITATION_STATE_WIDESPREAD"[]; /** * Optional. The minimum priority for the alert. */ priorityMinimum?: | "PRIORITY_UNSPECIFIED" | "P0" | "P1" | "P2" | "P3" | "P4"; } /** * TechnologyWatchListConfig is the configuration for the technology watchlist. */ export interface TechnologyWatchListConfig { /** * Optional. Alert thresholds to effectively reduce noise. */ alertThreshold?: TechnologyWatchListAlertThreshold; /** * Optional. List of vendor, technology or cpe fingerprint. example: * Microsoft office 360 Apache Server 3.5 * cpe:2.3:a:microsoft:outlook:*:*:*:*:*:*:*:* */ technologies?: string[]; } /** * Response message for UpsertConfiguration. */ export interface UpsertConfigurationResponse { /** * Output only. Created configuration ID with server assigned id. */ readonly configuration?: string; } /** * Contains details about a vulnerability match. */ export interface VulnerabilityMatch { /** * Optional. Associated threat actors, malware, etc. This is embedded as a * snapshot because the details of the association at the time of the * vulnerability match are important for context and reporting. */ associations?: Association[]; /** * Required. The collection ID of the vulnerability. Ex: * "vulnerability--cve-2025-9876". */ collectionId?: string; /** * Required. The CVE ID of the vulnerability. Ex: "CVE-2025-9876". See * https://www.cve.org/ for more information. */ cveId?: string; /** * Required. The CVSS v3 score of the vulnerability. Example: 6.4. */ cvss3Score?: number; /** * Required. A description of the vulnerability. */ description?: string; /** * Required. The exploitation state of the vulnerability. */ exploitationState?: | "EXPLOITATION_STATE_UNSPECIFIED" | "EXPLOITATION_STATE_NO_KNOWN" | "EXPLOITATION_STATE_REPORTED" | "EXPLOITATION_STATE_SUSPECTED" | "EXPLOITATION_STATE_CONFIRMED" | "EXPLOITATION_STATE_WIDESPREAD"; /** * Required. The risk rating of the vulnerability. */ riskRating?: | "RISK_RATING_UNSPECIFIED" | "LOW" | "MEDIUM" | "HIGH" | "CRITICAL" | "UNRATED"; /** * Required. The affected technologies. Ex: "Apache Struts". */ technologies?: string[]; }