SecurityResult

JSON representation
SecurityCategory
AlertState
Action
ProductSeverity
ProductConfidence
ProductPriority
ThreatStatus
AttackDetails
- JSON representation
Tactic
- JSON representation
Technique
- JSON representation
Association
- JSON representation
AssociationType
AssociationAlias
- JSON representation
Verdict
- JSON representation
ProviderMLVerdict
- JSON representation
Source
- JSON representation
AnalystVerdict
- JSON representation
VerdictResponse
VerdictInfo
- JSON representation
VerdictType
IoCStats
- JSON representation
IoCStatsType
ThreatVerdict

JSON representation

JSON representation
{ "about": { object (`Noun`) }, "category": [ enum (`SecurityCategory`) ], "category_details": [ string ], "threat_name": string, "rule_set": string, "rule_set_display_name": string, "ruleset_category_display_name": string, "rule_id": string, "rule_name": string, "rule_version": string, "rule_type": string, "rule_author": string, "rule_labels": [ { object (`Label`) } ], "alert_state": enum (`AlertState`), "detection_fields": [ { object (`Label`) } ], "outcomes": [ { object (`Label`) } ], "summary": string, "description": string, "action": [ enum (`Action`) ], "action_details": string, "severity": enum (`ProductSeverity`), "confidence": enum (`ProductConfidence`), "priority": enum (`ProductPriority`), "risk_score": number, "severity_details": string, "confidence_details": string, "priority_details": string, "url_back_to_product": string, "threat_id": string, "threat_feed_name": string, "threat_id_namespace": enum (`Namespace`), "threat_status": enum (`ThreatStatus`), "attack_details": { object (`AttackDetails`) }, "first_discovered_time": string, "associations": [ { object (`Association`) } ], "campaigns": [ string ], "verdict": { object (`Verdict`) }, "last_updated_time": string, "verdict_info": [ { object (`VerdictInfo`) } ], "threat_verdict": enum (`ThreatVerdict`), "last_discovered_time": string }

{
  "about": {
    object (Noun)
  },
  "category": [
    enum (SecurityCategory)
  ],
  "category_details": [
    string
  ],
  "threat_name": string,
  "rule_set": string,
  "rule_set_display_name": string,
  "ruleset_category_display_name": string,
  "rule_id": string,
  "rule_name": string,
  "rule_version": string,
  "rule_type": string,
  "rule_author": string,
  "rule_labels": [
    {
      object (Label)
    }
  ],
  "alert_state": enum (AlertState),
  "detection_fields": [
    {
      object (Label)
    }
  ],
  "outcomes": [
    {
      object (Label)
    }
  ],
  "summary": string,
  "description": string,
  "action": [
    enum (Action)
  ],
  "action_details": string,
  "severity": enum (ProductSeverity),
  "confidence": enum (ProductConfidence),
  "priority": enum (ProductPriority),
  "risk_score": number,
  "severity_details": string,
  "confidence_details": string,
  "priority_details": string,
  "url_back_to_product": string,
  "threat_id": string,
  "threat_feed_name": string,
  "threat_id_namespace": enum (Namespace),
  "threat_status": enum (ThreatStatus),
  "attack_details": {
    object (AttackDetails)
  },
  "first_discovered_time": string,
  "associations": [
    {
      object (Association)
    }
  ],
  "campaigns": [
    string
  ],
  "verdict": {
    object (Verdict)
  },
  "last_updated_time": string,
  "verdict_info": [
    {
      object (VerdictInfo)
    }
  ],
  "threat_verdict": enum (ThreatVerdict),
  "last_discovered_time": string
}

Fields
`about`	`object (Noun)`
`category[]`	`enum (SecurityCategory)`
`category_details[]`	`string`
`threat_name`	`string`
`rule_set`	`string`
`rule_set_display_name`	`string`
`ruleset_category_display_name`	`string`
`rule_id`	`string`
`rule_name`	`string`
`rule_version`	`string`
`rule_type`	`string`
`rule_author`	`string`
`rule_labels[]`	`object (Label)`
`alert_state`	`enum (AlertState)`
`detection_fields[]`	`object (Label)`
`outcomes[]`	`object (Label)`
`summary`	`string`
`description`	`string`
`action[]`	`enum (Action)`
`action_details`	`string`
`severity`	`enum (ProductSeverity)`
`confidence`	`enum (ProductConfidence)`
`priority`	`enum (ProductPriority)`
`risk_score`	`number`
`severity_details`	`string`
`confidence_details`	`string`
`priority_details`	`string`
`url_back_to_product`	`string`
`threat_id`	`string`
`threat_feed_name`	`string`
`threat_id_namespace`	`enum (Namespace)`
`threat_status`	`enum (ThreatStatus)`
`attack_details`	`object (AttackDetails)`
`first_discovered_time`	`string (Timestamp format)` A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: `"2014-10-02T15:01:23Z"` and `"2014-10-02T15:01:23.045123456Z"`.
`associations[]`	`object (Association)`
`campaigns[]`	`string`
`verdict (deprecated)`	`object (Verdict)` This item is deprecated!
`last_updated_time`	`string (Timestamp format)` A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: `"2014-10-02T15:01:23Z"` and `"2014-10-02T15:01:23.045123456Z"`.
`verdict_info[]`	`object (VerdictInfo)`
`threat_verdict`	`enum (ThreatVerdict)`
`last_discovered_time`	`string (Timestamp format)` A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: `"2014-10-02T15:01:23Z"` and `"2014-10-02T15:01:23.045123456Z"`.

SecurityCategory

Enums
`UNKNOWN_CATEGORY`
`SOFTWARE_MALICIOUS`
`SOFTWARE_SUSPICIOUS`
`SOFTWARE_PUA`
`NETWORK_MALICIOUS`
`NETWORK_SUSPICIOUS`
`NETWORK_CATEGORIZED_CONTENT`
`NETWORK_DENIAL_OF_SERVICE`
`NETWORK_RECON`
`NETWORK_COMMAND_AND_CONTROL`
`ACL_VIOLATION`
`AUTH_VIOLATION`
`EXPLOIT`
`DATA_EXFILTRATION`
`DATA_AT_REST`
`DATA_DESTRUCTION`
`TOR_EXIT_NODE`
`MAIL_SPAM`
`MAIL_PHISHING`
`MAIL_SPOOFING`
`POLICY_VIOLATION`
`SOCIAL_ENGINEERING`
`PHISHING`

AlertState

Enums
`UNSPECIFIED`
`NOT_ALERTING`
`ALERTING`

Action

Enums
`UNKNOWN_ACTION`
`ALLOW`
`BLOCK`
`ALLOW_WITH_MODIFICATION`
`QUARANTINE`
`FAIL`
`CHALLENGE`

ProductSeverity

Enums
`UNKNOWN_SEVERITY`
`INFORMATIONAL`
`ERROR`
`NONE`
`LOW`
`MEDIUM`
`HIGH`
`CRITICAL`

ProductConfidence

Enums
`UNKNOWN_CONFIDENCE`
`LOW_CONFIDENCE`
`MEDIUM_CONFIDENCE`
`HIGH_CONFIDENCE`

ProductPriority

Enums
`UNKNOWN_PRIORITY`
`LOW_PRIORITY`
`MEDIUM_PRIORITY`
`HIGH_PRIORITY`

ThreatStatus

Enums
`THREAT_STATUS_UNSPECIFIED`
`ACTIVE`
`CLEARED`
`FALSE_POSITIVE`

AttackDetails

JSON representation
{ "version": string, "tactics": [ { object (`Tactic`) } ], "techniques": [ { object (`Technique`) } ] }

Fields
`version`	`string`
`tactics[]`	`object (Tactic)`
`techniques[]`	`object (Technique)`

Tactic

JSON representation
{ "id": string, "name": string }

Fields
`id`	`string`
`name`	`string`

Technique

JSON representation
{ "id": string, "name": string, "subtechnique_id": string, "subtechnique_name": string }

Fields
`id`	`string`
`name`	`string`
`subtechnique_id`	`string`
`subtechnique_name`	`string`

Association

JSON representation

JSON representation
{ "id": string, "country_code": [ string ], "type": enum (`AssociationType`), "name": string, "description": string, "role": string, "source_country": string, "alias": [ { object (`AssociationAlias`) } ], "first_reference_time": string, "last_reference_time": string, "industries_affected": [ string ], "associated_actors": [ { object (`Association`) } ], "region_code": { object (`Location`) }, "sponsor_region": { object (`Location`) }, "targeted_regions": [ { object (`Location`) } ], "tags": [ string ] }

{
  "id": string,
  "country_code": [
    string
  ],
  "type": enum (AssociationType),
  "name": string,
  "description": string,
  "role": string,
  "source_country": string,
  "alias": [
    {
      object (AssociationAlias)
    }
  ],
  "first_reference_time": string,
  "last_reference_time": string,
  "industries_affected": [
    string
  ],
  "associated_actors": [
    {
      object (Association)
    }
  ],
  "region_code": {
    object (Location)
  },
  "sponsor_region": {
    object (Location)
  },
  "targeted_regions": [
    {
      object (Location)
    }
  ],
  "tags": [
    string
  ]
}

Fields
`id`	`string`
`country_code[]`	`string`
`type`	`enum (AssociationType)`
`name`	`string`
`description`	`string`
`role`	`string`
`source_country (deprecated)`	`string` This item is deprecated!
`alias[]`	`object (AssociationAlias)`
`first_reference_time`	`string (Timestamp format)` A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: `"2014-10-02T15:01:23Z"` and `"2014-10-02T15:01:23.045123456Z"`.
`last_reference_time`	`string (Timestamp format)` A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: `"2014-10-02T15:01:23Z"` and `"2014-10-02T15:01:23.045123456Z"`.
`industries_affected[]`	`string`
`associated_actors[]`	`object (Association)`
`region_code`	`object (Location)`
`sponsor_region`	`object (Location)`
`targeted_regions[]`	`object (Location)`
`tags[]`	`string`

AssociationType

Enums
`ASSOCIATION_TYPE_UNSPECIFIED`
`THREAT_ACTOR`
`MALWARE`

AssociationAlias

JSON representation
{ "name": string, "company": string }

Fields
`name`	`string`
`company`	`string`

Verdict

JSON representation
{ "source_count": integer, "response_count": integer, "neighbour_influence": string, "verdict": { object (`ProviderMLVerdict`) }, "analyst_verdict": { object (`AnalystVerdict`) } }

Fields
`source_count`	`integer`
`response_count`	`integer`
`neighbour_influence`	`string`
`verdict`	`object (ProviderMLVerdict)`
`analyst_verdict`	`object (AnalystVerdict)`

ProviderMLVerdict

JSON representation

JSON representation
{ "source_provider": string, "benign_count": integer, "malicious_count": integer, "confidence_score": integer, "mandiant_sources": [ { object (`Source`) } ], "third_party_sources": [ { object (`Source`) } ] }

{
  "source_provider": string,
  "benign_count": integer,
  "malicious_count": integer,
  "confidence_score": integer,
  "mandiant_sources": [
    {
      object (Source)
    }
  ],
  "third_party_sources": [
    {
      object (Source)
    }
  ]
}

Fields
`source_provider`	`string`
`benign_count`	`integer`
`malicious_count`	`integer`
`confidence_score`	`integer`
`mandiant_sources[]`	`object (Source)`
`third_party_sources[]`	`object (Source)`

Source

JSON representation

JSON representation
{ "name": string, "benign_count": integer, "malicious_count": integer, "quality": enum (`ProductConfidence`), "response_count": integer, "source_count": integer, "threat_intelligence_sources": [ { object (`Source`) } ] }

{
  "name": string,
  "benign_count": integer,
  "malicious_count": integer,
  "quality": enum (ProductConfidence),
  "response_count": integer,
  "source_count": integer,
  "threat_intelligence_sources": [
    {
      object (Source)
    }
  ]
}

Fields
`name`	`string`
`benign_count`	`integer`
`malicious_count`	`integer`
`quality`	`enum (ProductConfidence)`
`response_count`	`integer`
`source_count`	`integer`
`threat_intelligence_sources[]`	`object (Source)`

AnalystVerdict

JSON representation
{ "confidence_score": integer, "verdict_time": string, "verdict_response": enum (`VerdictResponse`) }

Fields

Fields
`confidence_score`	`integer`
`verdict_time`	`string (Timestamp format)` A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: `"2014-10-02T15:01:23Z"` and `"2014-10-02T15:01:23.045123456Z"`.
`verdict_response`	`enum (VerdictResponse)`

confidence_score

integer

verdict_time

string (Timestamp format)

A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".

verdict_response

enum (VerdictResponse)

VerdictResponse

Enums
`VERDICT_RESPONSE_UNSPECIFIED`
`MALICIOUS`
`BENIGN`

VerdictInfo

JSON representation

JSON representation
{ "source_count": integer, "response_count": integer, "neighbour_influence": string, "verdict_type": enum (`VerdictType`), "source_provider": string, "benign_count": integer, "malicious_count": integer, "confidence_score": integer, "ioc_stats": [ { object (`IoCStats`) } ], "verdict_time": string, "verdict_response": enum (`VerdictResponse`), "global_customer_count": integer, "global_hits_count": integer, "pwn": boolean, "category_details": string, "pwn_first_tagged_time": string }

{
  "source_count": integer,
  "response_count": integer,
  "neighbour_influence": string,
  "verdict_type": enum (VerdictType),
  "source_provider": string,
  "benign_count": integer,
  "malicious_count": integer,
  "confidence_score": integer,
  "ioc_stats": [
    {
      object (IoCStats)
    }
  ],
  "verdict_time": string,
  "verdict_response": enum (VerdictResponse),
  "global_customer_count": integer,
  "global_hits_count": integer,
  "pwn": boolean,
  "category_details": string,
  "pwn_first_tagged_time": string
}

Fields
`source_count`	`integer`
`response_count`	`integer`
`neighbour_influence`	`string`
`verdict_type`	`enum (VerdictType)`
`source_provider`	`string`
`benign_count`	`integer`
`malicious_count`	`integer`
`confidence_score`	`integer`
`ioc_stats[]`	`object (IoCStats)`
`verdict_time`	`string (Timestamp format)` A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: `"2014-10-02T15:01:23Z"` and `"2014-10-02T15:01:23.045123456Z"`.
`verdict_response`	`enum (VerdictResponse)`
`global_customer_count`	`integer`
`global_hits_count`	`integer`
`pwn`	`boolean`
`category_details`	`string`
`pwn_first_tagged_time`	`string (Timestamp format)` A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: `"2014-10-02T15:01:23Z"` and `"2014-10-02T15:01:23.045123456Z"`.

VerdictType

Enums
`VERDICT_TYPE_UNSPECIFIED`
`PROVIDER_ML_VERDICT`
`ANALYST_VERDICT`

IoCStats

JSON representation

JSON representation
{ "ioc_stats_type": enum (`IoCStatsType`), "first_level_source": string, "second_level_source": string, "benign_count": integer, "quality": enum (`ProductConfidence`), "malicious_count": integer, "response_count": integer, "source_count": integer }

{
  "ioc_stats_type": enum (IoCStatsType),
  "first_level_source": string,
  "second_level_source": string,
  "benign_count": integer,
  "quality": enum (ProductConfidence),
  "malicious_count": integer,
  "response_count": integer,
  "source_count": integer
}

Fields
`ioc_stats_type`	`enum (IoCStatsType)`
`first_level_source`	`string`
`second_level_source`	`string`
`benign_count`	`integer`
`quality`	`enum (ProductConfidence)`
`malicious_count`	`integer`
`response_count`	`integer`
`source_count`	`integer`

IoCStatsType

Enums
`UNSPECIFIED_IOC_STATS_TYPE`
`MANDIANT_SOURCES`
`THIRD_PARTY_SOURCES`
`THREAT_INTELLIGENCE_IOC_STATS`

ThreatVerdict

Enums
`THREAT_VERDICT_UNSPECIFIED`
`UNDETECTED`
`SUSPICIOUS`
`MALICIOUS`