- Resource: SecurityProfile
- ScoringConfig
- Environment
- ProfileConfig
- Category
- Abuse
- Mediation
- Authorization
- Threat
- MTLS
- CORS
- Methods
Resource: SecurityProfile
Represents a SecurityProfile resource.
JSON representation |
---|
{ "name": string, "displayName": string, "revisionId": string, "revisionCreateTime": string, "revisionUpdateTime": string, "revisionPublishTime": string, "scoringConfigs": [ { object ( |
Fields | |
---|---|
name |
Immutable. Name of the security profile resource. Format: organizations/{org}/securityProfiles/{profile} |
displayName |
DEPRECATED: DO NOT USE Display name of the security profile. |
revision |
Output only. Revision ID of the security profile. |
revision |
Output only. The time when revision was created. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
revision |
Output only. The time when revision was updated. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
revisionPublishTime |
Output only. DEPRECATED: DO NOT USE The time when revision was published. Once published, the security profile revision cannot be updated further and can be attached to environments. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
scoring |
List of profile scoring configs in this revision. |
environments[] |
List of environments attached to security profile. |
max |
Output only. Maximum security score that can be generated by this profile. |
min |
Output only. Minimum security score that can be generated by this profile. |
profile |
Required. Customized profile configuration that computes the security score. |
description |
Description of the security profile. |
ScoringConfig
Security configurations to manage scoring.
JSON representation |
---|
{ "title": string, "scorePath": string, "description": string } |
Fields | |
---|---|
title |
Title of the config. |
score |
Path of the component config used for scoring. |
description |
Description of the config. |
Environment
Environment information of attached environments. Scoring an environment is enabled only if it is attached to a security profile.
JSON representation |
---|
{ "environment": string, "attachTime": string } |
Fields | |
---|---|
environment |
Output only. Name of the environment. |
attach |
Output only. Time at which environment was attached to the security profile. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
ProfileConfig
ProfileConfig defines a set of categories and policies which will be used to compute security score.
JSON representation |
---|
{
"categories": [
{
object ( |
Fields | |
---|---|
categories[] |
List of categories of profile config. |
Category
Advanced API Security provides security profile that scores the following categories.
JSON representation |
---|
{ // Union field |
Fields | |
---|---|
Union field CategoryType . LINT.IfChange CategoryType can be only one of the following: |
|
abuse |
Checks for abuse, which includes any requests sent to the API for purposes other than what it is intended for, such as high volumes of requests, data scraping, and abuse related to authorization. |
mediation |
Checks to see if you have a mediation policy in place. |
authorization |
Checks to see if you have an authorization policy in place. |
threat |
Checks to see if you have a threat protection policy in place. |
mtls |
Checks to see if you have configured mTLS for the target server. |
cors |
Checks to see if you have CORS policy in place. |
Abuse
This type has no fields.
Checks for abuse, which includes any requests sent to the API for purposes other than what it is intended for, such as high volumes of requests, data scraping, and abuse related to authorization.
Mediation
This type has no fields.
By default, following policies will be included: - OASValidation - SOAPMessageValidation
Authorization
This type has no fields.
By default, following policies will be included: - JWS - JWT - OAuth - BasicAuth - APIKey
Threat
This type has no fields.
By default, following policies will be included: - XMLThreatProtection - JSONThreatProtection
MTLS
This type has no fields.
Checks to see if you have configured mTLS for the target server.
CORS
This type has no fields.
Checks to see if you have CORS policy in place.
Methods |
|
---|---|
|
CreateSecurityProfile create a new custom security profile. |
|
DeleteSecurityProfile delete a profile with all its revisions. |
|
GetSecurityProfile gets the specified security profile. |
|
ListSecurityProfiles lists all the security profiles associated with the org including attached and unattached profiles. |
|
ListSecurityProfileRevisions lists all the revisions of the security profile. |
|
UpdateSecurityProfile update the metadata of security profile. |