| <html><body> |
| <style> |
| |
| body, h1, h2, h3, div, span, p, pre, a { |
| margin: 0; |
| padding: 0; |
| border: 0; |
| font-weight: inherit; |
| font-style: inherit; |
| font-size: 100%; |
| font-family: inherit; |
| vertical-align: baseline; |
| } |
| |
| body { |
| font-size: 13px; |
| padding: 1em; |
| } |
| |
| h1 { |
| font-size: 26px; |
| margin-bottom: 1em; |
| } |
| |
| h2 { |
| font-size: 24px; |
| margin-bottom: 1em; |
| } |
| |
| h3 { |
| font-size: 20px; |
| margin-bottom: 1em; |
| margin-top: 1em; |
| } |
| |
| pre, code { |
| line-height: 1.5; |
| font-family: Monaco, 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Lucida Console', monospace; |
| } |
| |
| pre { |
| margin-top: 0.5em; |
| } |
| |
| h1, h2, h3, p { |
| font-family: Arial, sans serif; |
| } |
| |
| h1, h2, h3 { |
| border-bottom: solid #CCC 1px; |
| } |
| |
| .toc_element { |
| margin-top: 0.5em; |
| } |
| |
| .firstline { |
| margin-left: 2 em; |
| } |
| |
| .method { |
| margin-top: 1em; |
| border: solid 1px #CCC; |
| padding: 1em; |
| background: #EEE; |
| } |
| |
| .details { |
| font-weight: bold; |
| font-size: 14px; |
| } |
| |
| </style> |
| |
| <h1><a href="threatintelligence_v1beta.html">Threat Intelligence API</a> . <a href="threatintelligence_v1beta.projects.html">projects</a> . <a href="threatintelligence_v1beta.projects.findings.html">findings</a></h1> |
| <h2>Instance Methods</h2> |
| <p class="toc_element"> |
| <code><a href="#close">close()</a></code></p> |
| <p class="firstline">Close httplib2 connections.</p> |
| <p class="toc_element"> |
| <code><a href="#get">get(name, x__xgafv=None)</a></code></p> |
| <p class="firstline">Get a finding by name. The `name` field should have the format: `projects/{project}/findings/{finding}`</p> |
| <p class="toc_element"> |
| <code><a href="#list">list(parent, filter=None, orderBy=None, pageSize=None, pageToken=None, x__xgafv=None)</a></code></p> |
| <p class="firstline">Get a list of findings that meet the filter criteria. The `parent` field in ListFindingsRequest should have the format: projects/{project}</p> |
| <p class="toc_element"> |
| <code><a href="#list_next">list_next()</a></code></p> |
| <p class="firstline">Retrieves the next page of results.</p> |
| <p class="toc_element"> |
| <code><a href="#search">search(parent, orderBy=None, pageSize=None, pageToken=None, query=None, x__xgafv=None)</a></code></p> |
| <p class="firstline">SearchFindings is a more powerful version of ListFindings that supports complex queries like "findings for alerts" using functions such as `has_alert` in the query string. The `parent` field in SearchFindingsRequest should have the format: projects/{project} Example to search for findings for a specific issue: `has_alert("name=\"projects/gti-12345/alerts/alert-12345\"")`</p> |
| <p class="toc_element"> |
| <code><a href="#search_next">search_next()</a></code></p> |
| <p class="firstline">Retrieves the next page of results.</p> |
| <h3>Method Details</h3> |
| <div class="method"> |
| <code class="details" id="close">close()</code> |
| <pre>Close httplib2 connections.</pre> |
| </div> |
| |
| <div class="method"> |
| <code class="details" id="get">get(name, x__xgafv=None)</code> |
| <pre>Get a finding by name. The `name` field should have the format: `projects/{project}/findings/{finding}` |
| |
| Args: |
| name: string, Required. Name of the finding to get. (required) |
| x__xgafv: string, V1 error format. |
| Allowed values |
| 1 - v1 error format |
| 2 - v2 error format |
| |
| Returns: |
| An object of the form: |
| |
| { # A ‘stateless’ and a point in time event that a check produced a result of interest. |
| "aiSummary": "A String", # Optional. AI summary of the finding. |
| "alert": "A String", # Optional. Name of the alert that this finding is bound to. |
| "audit": { # Tracks basic CRUD facts. # Output only. Audit data about the finding. |
| "createTime": "A String", # Output only. Time of creation. |
| "creator": "A String", # Output only. Agent that created or updated the record, could be a UserId or a JobId. |
| "updateTime": "A String", # Output only. Time of creation or last update. |
| "updater": "A String", # Output only. Agent that last updated the record, could be a UserId or a JobId. |
| }, |
| "configurations": [ # Optional. Configuration names that are bound to this finding. |
| "A String", |
| ], |
| "detail": { # Wrapper class that contains the union struct for all the various findings detail specific classes. # Required. Holder of the domain specific details of the finding. |
| "dataLeak": { # A detail object for a Data Leak finding. # Data Leak finding detail type. |
| "documentId": "A String", # Required. The unique identifier of the document that triggered the Data Leak finding. This ID can be used to retrieve the content of the document for further analysis. |
| "matchScore": 3.14, # Required. Reference to the match score of the Data Leak finding. This is a float value greater than 0 and less than or equal to 1 calculated by the matching engine based on the similarity of the document and the user provided configurations. |
| "severity": "A String", # Required. The severity of the Data Leak finding. This indicates the potential impact of the threat. |
| }, |
| "detailType": "A String", # Output only. Name of the detail type. Will be set by the server during creation to the name of the field that is set in the detail union. |
| "initialAccessBroker": { # A detail object for an Initial Access Broker (IAB) finding. # Initial Access Broker finding detail type. |
| "documentId": "A String", # Required. The unique identifier of the document that triggered the IAB finding. This ID can be used to retrieve the content of the document for further analysis. |
| "matchScore": 3.14, # Required. Reference to the match score of the IAB finding. This is a float value between 0 and 1 calculated by the matching engine based on the similarity of the document and the user provided configurations. |
| "severity": "A String", # Required. The severity of the IAB finding. This indicates the potential impact of the threat. |
| }, |
| "insiderThreat": { # A detail object for a InsiderThreat finding. # Insider Threat finding detail type. |
| "documentId": "A String", # Required. The unique identifier of the document that triggered the InsiderThreat finding. This ID can be used to retrieve the content of the document for further analysis. |
| "matchScore": 3.14, # Required. Reference to the match score of the InsiderThreat finding. This is a float value greater than 0 and less than or equal to 1 calculated by the matching engine based on the similarity of the document and the user provided configurations. |
| "severity": "A String", # Required. The severity of the InsiderThreat finding. This indicates the potential impact of the threat. |
| }, |
| }, |
| "displayName": "A String", # Required. A short descriptive title for the finding <= 250 chars. EX: "Actor 'baddy' offering $1000 for credentials of 'goodguy'". |
| "name": "A String", # Identifier. Server generated name for the finding (leave clear during creation). Format: projects/{project}/findings/{finding} |
| "provider": "A String", # Required. Logical source of this finding (name of the sub-engine). |
| "relevanceAnalysis": { # Structured relevance analysis for a threat. # Output only. High-Precision Relevance Analysis verdict for the finding. |
| "confidence": "A String", # The level of confidence in the given verdict. |
| "evidence": { # Details the evidence used to determine the relevance verdict. # Evidence supporting the verdict, including matched and unmatched items. |
| "commonThemes": [ # A list of semantic themes or concepts found to be common, related, or aligned between the sources, supporting the verdict. |
| "A String", |
| ], |
| "distinctThemes": [ # A list of semantic themes or descriptions unique to one source or semantically distant. |
| "A String", |
| ], |
| }, |
| "reasoning": "A String", # Human-readable explanation from the matcher, detailing why a particular result is considered relevant or not relevant. |
| "relevanceLevel": "A String", # The level of relevance. |
| "relevant": True or False, # Indicates whether the threat is considered relevant. |
| }, |
| "reoccurrenceTimes": [ # Output only. When identical finding (same labels and same details) has re-occurred. |
| "A String", |
| ], |
| "severity": 3.14, # Optional. Deprecated: Use the `severity_analysis` field instead. Base severity score from the finding source. |
| "severityAnalysis": { # Structured severity analysis for a threat. # Output only. High-Precision Severity Analysis verdict for the finding. |
| "confidence": "A String", # The level of confidence in the given verdict. |
| "reasoning": "A String", # Human-readable explanation from the model, detailing why a particular result is considered to have a certain severity. |
| "severityLevel": "A String", # The level of severity. |
| }, |
| }</pre> |
| </div> |
| |
| <div class="method"> |
| <code class="details" id="list">list(parent, filter=None, orderBy=None, pageSize=None, pageToken=None, x__xgafv=None)</code> |
| <pre>Get a list of findings that meet the filter criteria. The `parent` field in ListFindingsRequest should have the format: projects/{project} |
| |
| Args: |
| parent: string, Required. Parent of the findings. (required) |
| filter: string, Optional. Filter criteria. |
| orderBy: string, Optional. Order by criteria in the csv format: "field1,field2 desc" or "field1,field2" or "field1 asc, field2". |
| pageSize: integer, Optional. Page size. |
| pageToken: string, Optional. Page token. |
| x__xgafv: string, V1 error format. |
| Allowed values |
| 1 - v1 error format |
| 2 - v2 error format |
| |
| Returns: |
| An object of the form: |
| |
| { # Response message for ListFindings. |
| "findings": [ # List of findings. |
| { # A ‘stateless’ and a point in time event that a check produced a result of interest. |
| "aiSummary": "A String", # Optional. AI summary of the finding. |
| "alert": "A String", # Optional. Name of the alert that this finding is bound to. |
| "audit": { # Tracks basic CRUD facts. # Output only. Audit data about the finding. |
| "createTime": "A String", # Output only. Time of creation. |
| "creator": "A String", # Output only. Agent that created or updated the record, could be a UserId or a JobId. |
| "updateTime": "A String", # Output only. Time of creation or last update. |
| "updater": "A String", # Output only. Agent that last updated the record, could be a UserId or a JobId. |
| }, |
| "configurations": [ # Optional. Configuration names that are bound to this finding. |
| "A String", |
| ], |
| "detail": { # Wrapper class that contains the union struct for all the various findings detail specific classes. # Required. Holder of the domain specific details of the finding. |
| "dataLeak": { # A detail object for a Data Leak finding. # Data Leak finding detail type. |
| "documentId": "A String", # Required. The unique identifier of the document that triggered the Data Leak finding. This ID can be used to retrieve the content of the document for further analysis. |
| "matchScore": 3.14, # Required. Reference to the match score of the Data Leak finding. This is a float value greater than 0 and less than or equal to 1 calculated by the matching engine based on the similarity of the document and the user provided configurations. |
| "severity": "A String", # Required. The severity of the Data Leak finding. This indicates the potential impact of the threat. |
| }, |
| "detailType": "A String", # Output only. Name of the detail type. Will be set by the server during creation to the name of the field that is set in the detail union. |
| "initialAccessBroker": { # A detail object for an Initial Access Broker (IAB) finding. # Initial Access Broker finding detail type. |
| "documentId": "A String", # Required. The unique identifier of the document that triggered the IAB finding. This ID can be used to retrieve the content of the document for further analysis. |
| "matchScore": 3.14, # Required. Reference to the match score of the IAB finding. This is a float value between 0 and 1 calculated by the matching engine based on the similarity of the document and the user provided configurations. |
| "severity": "A String", # Required. The severity of the IAB finding. This indicates the potential impact of the threat. |
| }, |
| "insiderThreat": { # A detail object for a InsiderThreat finding. # Insider Threat finding detail type. |
| "documentId": "A String", # Required. The unique identifier of the document that triggered the InsiderThreat finding. This ID can be used to retrieve the content of the document for further analysis. |
| "matchScore": 3.14, # Required. Reference to the match score of the InsiderThreat finding. This is a float value greater than 0 and less than or equal to 1 calculated by the matching engine based on the similarity of the document and the user provided configurations. |
| "severity": "A String", # Required. The severity of the InsiderThreat finding. This indicates the potential impact of the threat. |
| }, |
| }, |
| "displayName": "A String", # Required. A short descriptive title for the finding <= 250 chars. EX: "Actor 'baddy' offering $1000 for credentials of 'goodguy'". |
| "name": "A String", # Identifier. Server generated name for the finding (leave clear during creation). Format: projects/{project}/findings/{finding} |
| "provider": "A String", # Required. Logical source of this finding (name of the sub-engine). |
| "relevanceAnalysis": { # Structured relevance analysis for a threat. # Output only. High-Precision Relevance Analysis verdict for the finding. |
| "confidence": "A String", # The level of confidence in the given verdict. |
| "evidence": { # Details the evidence used to determine the relevance verdict. # Evidence supporting the verdict, including matched and unmatched items. |
| "commonThemes": [ # A list of semantic themes or concepts found to be common, related, or aligned between the sources, supporting the verdict. |
| "A String", |
| ], |
| "distinctThemes": [ # A list of semantic themes or descriptions unique to one source or semantically distant. |
| "A String", |
| ], |
| }, |
| "reasoning": "A String", # Human-readable explanation from the matcher, detailing why a particular result is considered relevant or not relevant. |
| "relevanceLevel": "A String", # The level of relevance. |
| "relevant": True or False, # Indicates whether the threat is considered relevant. |
| }, |
| "reoccurrenceTimes": [ # Output only. When identical finding (same labels and same details) has re-occurred. |
| "A String", |
| ], |
| "severity": 3.14, # Optional. Deprecated: Use the `severity_analysis` field instead. Base severity score from the finding source. |
| "severityAnalysis": { # Structured severity analysis for a threat. # Output only. High-Precision Severity Analysis verdict for the finding. |
| "confidence": "A String", # The level of confidence in the given verdict. |
| "reasoning": "A String", # Human-readable explanation from the model, detailing why a particular result is considered to have a certain severity. |
| "severityLevel": "A String", # The level of severity. |
| }, |
| }, |
| ], |
| "nextPageToken": "A String", # Page token. |
| }</pre> |
| </div> |
| |
| <div class="method"> |
| <code class="details" id="list_next">list_next()</code> |
| <pre>Retrieves the next page of results. |
| |
| Args: |
| previous_request: The request for the previous page. (required) |
| previous_response: The response from the request for the previous page. (required) |
| |
| Returns: |
| A request object that you can call 'execute()' on to request the next |
| page. Returns None if there are no more items in the collection. |
| </pre> |
| </div> |
| |
| <div class="method"> |
| <code class="details" id="search">search(parent, orderBy=None, pageSize=None, pageToken=None, query=None, x__xgafv=None)</code> |
| <pre>SearchFindings is a more powerful version of ListFindings that supports complex queries like "findings for alerts" using functions such as `has_alert` in the query string. The `parent` field in SearchFindingsRequest should have the format: projects/{project} Example to search for findings for a specific issue: `has_alert("name=\"projects/gti-12345/alerts/alert-12345\"")` |
| |
| Args: |
| parent: string, Required. Parent of the findings. Format: vaults/{vault} (required) |
| orderBy: string, Optional. Order by criteria in the csv format: "field1,field2 desc" or "field1,field2" or "field1 asc, field2". |
| pageSize: integer, Optional. Page size. |
| pageToken: string, Optional. Page token. |
| query: string, Optional. Query on what findings will be returned. This supports the same filter criteria as FindingService.ListFindings as well as the following relationship query `has_alert`. Example: - `has_alert("name=\"projects/gti-12345/alerts/alert-12345\"")` |
| x__xgafv: string, V1 error format. |
| Allowed values |
| 1 - v1 error format |
| 2 - v2 error format |
| |
| Returns: |
| An object of the form: |
| |
| { # Response message for SearchFindings. |
| "findings": [ # List of findings. |
| { # A ‘stateless’ and a point in time event that a check produced a result of interest. |
| "aiSummary": "A String", # Optional. AI summary of the finding. |
| "alert": "A String", # Optional. Name of the alert that this finding is bound to. |
| "audit": { # Tracks basic CRUD facts. # Output only. Audit data about the finding. |
| "createTime": "A String", # Output only. Time of creation. |
| "creator": "A String", # Output only. Agent that created or updated the record, could be a UserId or a JobId. |
| "updateTime": "A String", # Output only. Time of creation or last update. |
| "updater": "A String", # Output only. Agent that last updated the record, could be a UserId or a JobId. |
| }, |
| "configurations": [ # Optional. Configuration names that are bound to this finding. |
| "A String", |
| ], |
| "detail": { # Wrapper class that contains the union struct for all the various findings detail specific classes. # Required. Holder of the domain specific details of the finding. |
| "dataLeak": { # A detail object for a Data Leak finding. # Data Leak finding detail type. |
| "documentId": "A String", # Required. The unique identifier of the document that triggered the Data Leak finding. This ID can be used to retrieve the content of the document for further analysis. |
| "matchScore": 3.14, # Required. Reference to the match score of the Data Leak finding. This is a float value greater than 0 and less than or equal to 1 calculated by the matching engine based on the similarity of the document and the user provided configurations. |
| "severity": "A String", # Required. The severity of the Data Leak finding. This indicates the potential impact of the threat. |
| }, |
| "detailType": "A String", # Output only. Name of the detail type. Will be set by the server during creation to the name of the field that is set in the detail union. |
| "initialAccessBroker": { # A detail object for an Initial Access Broker (IAB) finding. # Initial Access Broker finding detail type. |
| "documentId": "A String", # Required. The unique identifier of the document that triggered the IAB finding. This ID can be used to retrieve the content of the document for further analysis. |
| "matchScore": 3.14, # Required. Reference to the match score of the IAB finding. This is a float value between 0 and 1 calculated by the matching engine based on the similarity of the document and the user provided configurations. |
| "severity": "A String", # Required. The severity of the IAB finding. This indicates the potential impact of the threat. |
| }, |
| "insiderThreat": { # A detail object for a InsiderThreat finding. # Insider Threat finding detail type. |
| "documentId": "A String", # Required. The unique identifier of the document that triggered the InsiderThreat finding. This ID can be used to retrieve the content of the document for further analysis. |
| "matchScore": 3.14, # Required. Reference to the match score of the InsiderThreat finding. This is a float value greater than 0 and less than or equal to 1 calculated by the matching engine based on the similarity of the document and the user provided configurations. |
| "severity": "A String", # Required. The severity of the InsiderThreat finding. This indicates the potential impact of the threat. |
| }, |
| }, |
| "displayName": "A String", # Required. A short descriptive title for the finding <= 250 chars. EX: "Actor 'baddy' offering $1000 for credentials of 'goodguy'". |
| "name": "A String", # Identifier. Server generated name for the finding (leave clear during creation). Format: projects/{project}/findings/{finding} |
| "provider": "A String", # Required. Logical source of this finding (name of the sub-engine). |
| "relevanceAnalysis": { # Structured relevance analysis for a threat. # Output only. High-Precision Relevance Analysis verdict for the finding. |
| "confidence": "A String", # The level of confidence in the given verdict. |
| "evidence": { # Details the evidence used to determine the relevance verdict. # Evidence supporting the verdict, including matched and unmatched items. |
| "commonThemes": [ # A list of semantic themes or concepts found to be common, related, or aligned between the sources, supporting the verdict. |
| "A String", |
| ], |
| "distinctThemes": [ # A list of semantic themes or descriptions unique to one source or semantically distant. |
| "A String", |
| ], |
| }, |
| "reasoning": "A String", # Human-readable explanation from the matcher, detailing why a particular result is considered relevant or not relevant. |
| "relevanceLevel": "A String", # The level of relevance. |
| "relevant": True or False, # Indicates whether the threat is considered relevant. |
| }, |
| "reoccurrenceTimes": [ # Output only. When identical finding (same labels and same details) has re-occurred. |
| "A String", |
| ], |
| "severity": 3.14, # Optional. Deprecated: Use the `severity_analysis` field instead. Base severity score from the finding source. |
| "severityAnalysis": { # Structured severity analysis for a threat. # Output only. High-Precision Severity Analysis verdict for the finding. |
| "confidence": "A String", # The level of confidence in the given verdict. |
| "reasoning": "A String", # Human-readable explanation from the model, detailing why a particular result is considered to have a certain severity. |
| "severityLevel": "A String", # The level of severity. |
| }, |
| }, |
| ], |
| "nextPageToken": "A String", # Page token. |
| }</pre> |
| </div> |
| |
| <div class="method"> |
| <code class="details" id="search_next">search_next()</code> |
| <pre>Retrieves the next page of results. |
| |
| Args: |
| previous_request: The request for the previous page. (required) |
| previous_response: The response from the request for the previous page. (required) |
| |
| Returns: |
| A request object that you can call 'execute()' on to request the next |
| page. Returns None if there are no more items in the collection. |
| </pre> |
| </div> |
| |
| </body></html> |
