- JSON representation
- Domain
- User
- Attribute
- Cloud
- CloudEnvironment
- Resource
- ResourceType
- Permission
- PermissionType
- Role
- Type
- AccountType
- TimeOff
- AuthenticationStatus
- Role
- Favicon
- DNSRecord
- SSLCertificate
- CertSignature
- Extension
- AuthorityKeyId
- Subject
- EC
- Validity
- PopularityRank
- Artifact
- Url
- Tracker
- Group
- Process
- File
- FileMetadata
- PeFileMetadata
- FileMetadataPE
- FileMetadataSection
- FileMetadataImports
- FileMetadataPeResourceInfo
- StringToInt64MapEntry
- FileMetadataSignatureInfo
- SignerInfo
- X509
- FileType
- ExifInfo
- SignatureInfo
- FileMetadataCodesign
- PDFInfo
- TokenElevationType
- Asset
- Hardware
- PlatformSoftware
- Platform
- Software
- AssetType
- DeploymentStatus
- Registry
- Id
- Investigation
- Verdict
- Reputation
- Status
- Priority
- Reason
| JSON representation |
|---|
{ "hostname": string, "domain": { object ( |
| Fields | |
|---|---|
hostname |
|
domain |
|
artifact |
|
url_metadata |
|
asset_id |
|
user |
|
user_management_chain[] |
|
group |
|
process |
|
process_ancestors[] |
|
asset |
|
ip[] |
|
nat_ip[] |
|
port |
|
nat_port |
|
mac[] |
|
administrative_domain |
|
namespace |
|
url |
|
file |
|
email |
|
registry |
|
application |
|
platform |
|
platform_version |
|
platform_patch_level |
|
cloud |
|
location |
|
ip_location[] |
|
ip_geo_artifact[] |
|
resource |
|
resource_ancestors[] |
|
labels[] |
|
object_reference |
|
investigation |
|
network |
|
security_result[] |
|
Domain
| JSON representation |
|---|
{ "name": string, "prevalence": { object ( |
| Fields | |
|---|---|
name |
|
prevalence |
|
first_seen_time |
A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
last_seen_time |
A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
registrar |
|
contact_email |
|
whois_server |
|
name_server[] |
|
creation_time |
A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
update_time |
A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
expiration_time |
A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
audit_update_time |
A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
status |
|
registrant |
|
admin |
|
tech |
|
billing |
|
zone |
|
whois_record_raw_text |
A base64-encoded string. |
registry_data_raw_text |
A base64-encoded string. |
iana_registrar_id |
|
private_registration |
|
categories[] |
|
favicon |
|
jarm |
|
last_dns_records[] |
|
last_dns_records_time |
A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
last_https_certificate |
|
last_https_certificate_time |
A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
popularity_ranks[] |
|
tags[] |
|
whois_time |
A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
User
| JSON representation |
|---|
{ "product_object_id": string, "userid": string, "user_display_name": string, "first_name": string, "middle_name": string, "last_name": string, "phone_numbers": [ string ], "personal_address": { object ( |
| Fields | |
|---|---|
product_object_id |
|
userid |
|
user_display_name |
|
first_name |
|
middle_name |
|
last_name |
|
phone_numbers[] |
|
personal_address |
|
attribute |
|
first_seen_time |
A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
account_type |
|
groupid |
|
group_identifiers[] |
|
windows_sid |
|
email_addresses[] |
|
employee_id |
|
title |
|
company_name |
|
department[] |
|
office_address |
|
managers[] |
|
hire_date |
A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
termination_date |
A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
time_off[] |
|
last_login_time |
A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
last_password_change_time |
A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
password_expiration_time |
A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
account_expiration_time |
A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
account_lockout_time |
A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
last_bad_password_attempt_time |
A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
user_authentication_status |
|
role_name |
|
role_description |
|
user_role |
|
Attribute
| JSON representation |
|---|
{ "cloud": { object ( |
| Fields | |
|---|---|
cloud |
|
labels[] |
|
permissions[] |
|
roles[] |
|
creation_time |
A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
last_update_time |
A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
Cloud
| JSON representation |
|---|
{ "environment": enum ( |
| Fields | |
|---|---|
environment |
|
vpc |
|
project |
|
availability_zone |
|
CloudEnvironment
| Enums | |
|---|---|
UNSPECIFIED_CLOUD_ENVIRONMENT |
|
GOOGLE_CLOUD_PLATFORM |
|
AMAZON_WEB_SERVICES |
|
MICROSOFT_AZURE |
|
Resource
| JSON representation |
|---|
{ "type": string, "resource_type": enum ( |
| Fields | |
|---|---|
type |
|
resource_type |
|
resource_subtype |
|
id |
|
name |
|
parent |
|
product_object_id |
|
attribute |
|
ResourceType
| Enums | |
|---|---|
UNSPECIFIED |
|
MUTEX |
|
TASK |
|
PIPE |
|
DEVICE |
|
FIREWALL_RULE |
|
MAILBOX_FOLDER |
|
VPC_NETWORK |
|
VIRTUAL_MACHINE |
|
STORAGE_BUCKET |
|
STORAGE_OBJECT |
|
DATABASE |
|
TABLE |
|
CLOUD_PROJECT |
|
CLOUD_ORGANIZATION |
|
SERVICE_ACCOUNT |
|
ACCESS_POLICY |
|
CLUSTER |
|
SETTING |
|
DATASET |
|
BACKEND_SERVICE |
|
POD |
|
CONTAINER |
|
FUNCTION |
|
RUNTIME |
|
IP_ADDRESS |
|
DISK |
|
VOLUME |
|
IMAGE |
|
SNAPSHOT |
|
REPOSITORY |
|
CREDENTIAL |
|
LOAD_BALANCER |
|
GATEWAY |
|
SUBNET |
|
Permission
| JSON representation |
|---|
{
"name": string,
"description": string,
"type": enum ( |
| Fields | |
|---|---|
name |
|
description |
|
type |
|
PermissionType
| Enums | |
|---|---|
UNKNOWN_PERMISSION_TYPE |
|
ADMIN_WRITE |
|
ADMIN_READ |
|
DATA_WRITE |
|
DATA_READ |
|
Role
| JSON representation |
|---|
{
"name": string,
"description": string,
"type": enum ( |
| Fields | |
|---|---|
name |
|
description |
|
type |
|
Type
| Enums | |
|---|---|
TYPE_UNSPECIFIED |
|
ADMINISTRATOR |
|
SERVICE_ACCOUNT |
|
AccountType
| Enums | |
|---|---|
ACCOUNT_TYPE_UNSPECIFIED |
|
DOMAIN_ACCOUNT_TYPE |
|
LOCAL_ACCOUNT_TYPE |
|
CLOUD_ACCOUNT_TYPE |
|
SERVICE_ACCOUNT_TYPE |
|
DEFAULT_ACCOUNT_TYPE |
|
TimeOff
| JSON representation |
|---|
{
"interval": {
object ( |
| Fields | |
|---|---|
interval |
|
description |
|
AuthenticationStatus
| Enums | |
|---|---|
UNKNOWN_AUTHENTICATION_STATUS |
|
ACTIVE |
|
SUSPENDED |
|
NO_ACTIVE_CREDENTIALS |
|
DELETED |
|
Role
| Enums | |
|---|---|
UNKNOWN_ROLE |
|
ADMINISTRATOR |
|
SERVICE_ACCOUNT |
|
Favicon
| JSON representation |
|---|
{ "raw_md5": string, "dhash": string } |
| Fields | |
|---|---|
raw_md5 |
|
dhash |
|
DNSRecord
| JSON representation |
|---|
{ "type": string, "value": string, "ttl": string, "priority": string, "retry": string, "refresh": string, "minimum": string, "expire": string, "serial": string, "rname": string } |
| Fields | |
|---|---|
type |
|
value |
|
ttl |
A duration in seconds with up to nine fractional digits, ending with ' |
priority |
|
retry |
|
refresh |
A duration in seconds with up to nine fractional digits, ending with ' |
minimum |
A duration in seconds with up to nine fractional digits, ending with ' |
expire |
A duration in seconds with up to nine fractional digits, ending with ' |
serial |
|
rname |
|
SSLCertificate
| JSON representation |
|---|
{ "cert_signature": { object ( |
| Fields | |
|---|---|
cert_signature |
|
extension |
|
cert_extensions |
|
first_seen_time |
A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
issuer |
|
ec |
|
serial_number |
|
signature_algorithm |
|
size |
|
subject |
|
thumbprint |
|
thumbprint_sha256 |
|
validity |
|
version |
|
CertSignature
| JSON representation |
|---|
{ "signature": string, "signature_algorithm": string } |
| Fields | |
|---|---|
signature |
|
signature_algorithm |
|
Extension
| JSON representation |
|---|
{
"ca": boolean,
"subject_key_id": string,
"authority_key_id": {
object ( |
| Fields | |
|---|---|
ca |
|
subject_key_id |
|
authority_key_id |
|
key_usage |
|
ca_info_access |
|
crl_distribution_points |
|
extended_key_usage |
|
subject_alternative_name |
|
certificate_policies |
|
netscape_cert_comment |
|
cert_template_name_dc |
|
netscape_certificate |
|
pe_logotype |
|
old_authority_key_id |
|
AuthorityKeyId
| JSON representation |
|---|
{ "keyid": string, "serial_number": string } |
| Fields | |
|---|---|
keyid |
|
serial_number |
|
Subject
| JSON representation |
|---|
{ "country_name": string, "common_name": string, "locality": string, "organization": string, "organizational_unit": string, "state_or_province_name": string } |
| Fields | |
|---|---|
country_name |
|
common_name |
|
locality |
|
organization |
|
organizational_unit |
|
state_or_province_name |
|
EC
| JSON representation |
|---|
{ "oid": string, "pub": string } |
| Fields | |
|---|---|
oid |
|
pub |
|
Validity
| JSON representation |
|---|
{ "expiry_time": string, "issue_time": string } |
| Fields | |
|---|---|
expiry_time |
A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
issue_time |
A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
PopularityRank
| JSON representation |
|---|
{ "giver": string, "rank": string, "ingestion_time": string } |
| Fields | |
|---|---|
giver |
|
rank |
|
ingestion_time |
A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
Artifact
| JSON representation |
|---|
{ "ip": string, "prevalence": { object ( |
| Fields | |
|---|---|
ip |
|
prevalence |
|
first_seen_time |
A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
last_seen_time |
A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
location |
|
network |
|
as_owner |
|
asn |
|
jarm |
|
last_https_certificate |
|
last_https_certificate_date |
A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
regional_internet_registry |
|
tags[] |
|
whois |
|
whois_date |
A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
Url
| JSON representation |
|---|
{ "url": string, "categories": [ string ], "favicon": { object ( |
| Fields | |
|---|---|
url |
|
categories[] |
|
favicon |
|
html_meta |
|
last_final_url |
|
last_http_response_code |
|
last_http_response_content_length |
|
last_http_response_content_sha256 |
|
last_http_response_cookies |
|
last_http_response_headers |
|
tags[] |
|
title |
|
trackers[] |
|
Tracker
| JSON representation |
|---|
{ "tracker": string, "id": string, "timestamp": string, "url": string } |
| Fields | |
|---|---|
tracker |
|
id |
|
timestamp |
A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
url |
|
Group
| JSON representation |
|---|
{
"product_object_id": string,
"creation_time": string,
"group_display_name": string,
"attribute": {
object ( |
| Fields | |
|---|---|
product_object_id |
|
creation_time |
A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
group_display_name |
|
attribute |
|
email_addresses[] |
|
windows_sid |
|
Process
| JSON representation |
|---|
{ "pid": string, "parent_pid": string, "parent_process": { object ( |
| Fields | |
|---|---|
pid |
|
parent_pid |
|
parent_process |
|
file |
|
command_line |
|
command_line_history[] |
|
product_specific_process_id |
|
access_mask |
|
integrity_level_rid |
|
token_elevation_type |
|
product_specific_parent_process_id |
|
File
| JSON representation |
|---|
{ "sha256": string, "md5": string, "sha1": string, "size": string, "full_path": string, "mime_type": string, "file_metadata": { object ( |
| Fields | |
|---|---|
sha256 |
|
md5 |
|
sha1 |
|
size |
|
full_path |
|
mime_type |
|
file_metadata |
|
security_result |
|
pe_file |
|
ssdeep |
|
vhash |
|
ahash |
|
authentihash |
|
file_type |
|
capabilities_tags[] |
|
names[] |
|
tags[] |
|
last_modification_time |
A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
prevalence |
|
first_seen_time |
A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
last_seen_time |
A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
stat_mode |
|
stat_inode |
|
stat_dev |
|
stat_nlink |
|
stat_flags |
|
last_analysis_time |
A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
embedded_urls[] |
|
embedded_domains[] |
|
embedded_ips[] |
|
exif_info |
|
signature_info |
|
pdf_info |
|
first_submission_time |
A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
last_submission_time |
A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
main_icon |
|
FileMetadata
| JSON representation |
|---|
{
"pe": {
object ( |
| Fields | |
|---|---|
pe |
|
PeFileMetadata
| JSON representation |
|---|
{ "import_hash": string } |
| Fields | |
|---|---|
import_hash |
|
FileMetadataPE
| JSON representation |
|---|
{ "imphash": string, "entry_point": string, "entry_point_exiftool": string, "compilation_time": string, "compilation_exiftool_time": string, "section": [ { object ( |
| Fields | |
|---|---|
imphash |
|
entry_point |
|
entry_point_exiftool |
|
compilation_time |
A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
compilation_exiftool_time |
A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
section[] |
|
imports[] |
|
resource[] |
|
resources_type_count[] |
|
resources_language_count[] |
|
resources_type_count_str[] |
|
resources_language_count_str[] |
|
signature_info |
|
FileMetadataSection
| JSON representation |
|---|
{ "name": string, "entropy": number, "raw_size_bytes": string, "virtual_size_bytes": string, "md5_hex": string } |
| Fields | |
|---|---|
name |
|
entropy |
|
raw_size_bytes |
|
virtual_size_bytes |
|
md5_hex |
|
FileMetadataImports
| JSON representation |
|---|
{ "library": string, "functions": [ string ] } |
| Fields | |
|---|---|
library |
|
functions[] |
|
FileMetadataPeResourceInfo
| JSON representation |
|---|
{ "sha256_hex": string, "filetype_magic": string, "language_code": string, "entropy": number, "file_type": string } |
| Fields | |
|---|---|
sha256_hex |
|
filetype_magic |
|
language_code |
|
entropy |
|
file_type |
|
StringToInt64MapEntry
| JSON representation |
|---|
{ "key": string, "value": string } |
| Fields | |
|---|---|
key |
|
value |
|
FileMetadataSignatureInfo
| JSON representation |
|---|
{ "verification_message": string, "verified": boolean, "signer": [ string ], "signers": [ { object ( |
| Fields | |
|---|---|
verification_message |
|
verified |
|
signer[] |
|
signers[] |
|
x509[] |
|
SignerInfo
| JSON representation |
|---|
{ "name": string, "status": string, "valid_usage": string, "cert_issuer": string } |
| Fields | |
|---|---|
name |
|
status |
|
valid_usage |
|
cert_issuer |
|
X509
| JSON representation |
|---|
{ "name": string, "algorithm": string, "thumbprint": string, "cert_issuer": string, "serial_number": string } |
| Fields | |
|---|---|
name |
|
algorithm |
|
thumbprint |
|
cert_issuer |
|
serial_number |
|
FileType
| Enums | |
|---|---|
FILE_TYPE_UNSPECIFIED |
|
FILE_TYPE_PE_EXE |
|
FILE_TYPE_PE_DLL |
|
FILE_TYPE_MSI |
|
FILE_TYPE_NE_EXE |
|
FILE_TYPE_NE_DLL |
|
FILE_TYPE_DOS_EXE |
|
FILE_TYPE_DOS_COM |
|
FILE_TYPE_COFF |
|
FILE_TYPE_ELF |
|
FILE_TYPE_LINUX_KERNEL |
|
FILE_TYPE_RPM |
|
FILE_TYPE_LINUX |
|
FILE_TYPE_MACH_O |
|
FILE_TYPE_JAVA_BYTECODE |
|
FILE_TYPE_DMG |
|
FILE_TYPE_DEB |
|
FILE_TYPE_PKG |
|
FILE_TYPE_PYC |
|
FILE_TYPE_LNK |
|
FILE_TYPE_JPEG |
|
FILE_TYPE_TIFF |
|
FILE_TYPE_GIF |
|
FILE_TYPE_PNG |
|
FILE_TYPE_BMP |
|
FILE_TYPE_GIMP |
|
FILE_TYPE_IN_DESIGN |
|
FILE_TYPE_PSD |
|
FILE_TYPE_TARGA |
|
FILE_TYPE_XWD |
|
FILE_TYPE_DIB |
|
FILE_TYPE_JNG |
|
FILE_TYPE_ICO |
|
FILE_TYPE_FPX |
|
FILE_TYPE_EPS |
|
FILE_TYPE_SVG |
|
FILE_TYPE_EMF |
|
FILE_TYPE_WEBP |
|
FILE_TYPE_DWG |
|
FILE_TYPE_DXF |
|
FILE_TYPE_THREEDS |
|
FILE_TYPE_OGG |
|
FILE_TYPE_FLC |
|
FILE_TYPE_FLI |
|
FILE_TYPE_MP3 |
|
FILE_TYPE_FLAC |
|
FILE_TYPE_WAV |
|
FILE_TYPE_MIDI |
|
FILE_TYPE_AVI |
|
FILE_TYPE_MPEG |
|
FILE_TYPE_QUICKTIME |
|
FILE_TYPE_ASF |
|
FILE_TYPE_DIVX |
|
FILE_TYPE_FLV |
|
FILE_TYPE_WMA |
|
FILE_TYPE_WMV |
|
FILE_TYPE_RM |
|
FILE_TYPE_MOV |
|
FILE_TYPE_MP4 |
|
FILE_TYPE_T3GP |
|
FILE_TYPE_WEBM |
|
FILE_TYPE_MKV |
|
FILE_TYPE_PDF |
|
FILE_TYPE_PS |
|
FILE_TYPE_DOC |
|
FILE_TYPE_DOCX |
|
FILE_TYPE_PPT |
|
FILE_TYPE_PPTX |
|
FILE_TYPE_PPSX |
|
FILE_TYPE_XLS |
|
FILE_TYPE_XLSX |
|
FILE_TYPE_RTF |
|
FILE_TYPE_ODP |
|
FILE_TYPE_ODS |
|
FILE_TYPE_ODT |
|
FILE_TYPE_HWP |
|
FILE_TYPE_GUL |
|
FILE_TYPE_ODF |
|
FILE_TYPE_ODG |
|
FILE_TYPE_ONE_NOTE |
|
FILE_TYPE_OOXML |
|
FILE_TYPE_EBOOK |
|
FILE_TYPE_LATEX |
|
FILE_TYPE_TTF |
|
FILE_TYPE_EOT |
|
FILE_TYPE_WOFF |
|
FILE_TYPE_CHM |
|
FILE_TYPE_ZIP |
|
FILE_TYPE_GZIP |
|
FILE_TYPE_BZIP |
|
FILE_TYPE_RZIP |
|
FILE_TYPE_DZIP |
|
FILE_TYPE_SEVENZIP |
|
FILE_TYPE_CAB |
|
FILE_TYPE_JAR |
|
FILE_TYPE_RAR |
|
FILE_TYPE_MSCOMPRESS |
|
FILE_TYPE_ACE |
|
FILE_TYPE_ARC |
|
FILE_TYPE_ARJ |
|
FILE_TYPE_ASD |
|
FILE_TYPE_BLACKHOLE |
|
FILE_TYPE_KGB |
|
FILE_TYPE_ZLIB |
|
FILE_TYPE_TAR |
|
FILE_TYPE_ZST |
|
FILE_TYPE_LZFSE |
|
FILE_TYPE_PYTHON_WHL |
|
FILE_TYPE_PYTHON_PKG |
|
FILE_TYPE_TEXT |
|
FILE_TYPE_SCRIPT |
|
FILE_TYPE_PHP |
|
FILE_TYPE_PYTHON |
|
FILE_TYPE_PERL |
|
FILE_TYPE_RUBY |
|
FILE_TYPE_C |
|
FILE_TYPE_CPP |
|
FILE_TYPE_JAVA |
|
FILE_TYPE_SHELLSCRIPT |
|
FILE_TYPE_PASCAL |
|
FILE_TYPE_AWK |
|
FILE_TYPE_DYALOG |
|
FILE_TYPE_FORTRAN |
|
FILE_TYPE_JAVASCRIPT |
|
FILE_TYPE_POWERSHELL |
|
FILE_TYPE_VBA |
|
FILE_TYPE_M4 |
|
FILE_TYPE_OBJETIVEC |
|
FILE_TYPE_JMOD |
|
FILE_TYPE_MAKEFILE |
|
FILE_TYPE_INI |
|
FILE_TYPE_CLJ |
|
FILE_TYPE_PDB |
|
FILE_TYPE_SQL |
|
FILE_TYPE_NEKO |
|
FILE_TYPE_WER |
|
FILE_TYPE_GOLANG |
|
FILE_TYPE_SYMBIAN |
|
FILE_TYPE_PALMOS |
|
FILE_TYPE_WINCE |
|
FILE_TYPE_ANDROID |
|
FILE_TYPE_IPHONE |
|
FILE_TYPE_HTML |
|
FILE_TYPE_XML |
|
FILE_TYPE_SWF |
|
FILE_TYPE_FLA |
|
FILE_TYPE_COOKIE |
|
FILE_TYPE_TORRENT |
|
FILE_TYPE_EMAIL_TYPE |
|
FILE_TYPE_OUTLOOK |
|
FILE_TYPE_SGML |
|
FILE_TYPE_JSON |
|
FILE_TYPE_CSV |
|
FILE_TYPE_CAP |
|
FILE_TYPE_ISOIMAGE |
|
FILE_TYPE_SQUASHFS |
|
FILE_TYPE_VHD |
|
FILE_TYPE_APPLE |
|
FILE_TYPE_MACINTOSH |
|
FILE_TYPE_APPLESINGLE |
|
FILE_TYPE_APPLEDOUBLE |
|
FILE_TYPE_MACINTOSH_HFS |
|
FILE_TYPE_APPLE_PLIST |
|
FILE_TYPE_MACINTOSH_LIB |
|
FILE_TYPE_APPLESCRIPT |
|
FILE_TYPE_APPLESCRIPT_COMPILED |
|
FILE_TYPE_CRX |
|
FILE_TYPE_XPI |
|
FILE_TYPE_ROM |
|
FILE_TYPE_IPS |
|
FILE_TYPE_PEM |
|
FILE_TYPE_PGP |
|
FILE_TYPE_CRT |
|
ExifInfo
| JSON representation |
|---|
{ "original_file": string, "product": string, "company": string, "file_description": string, "entry_point": string, "compilation_time": string } |
| Fields | |
|---|---|
original_file |
|
product |
|
company |
|
file_description |
|
entry_point |
|
compilation_time |
A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
SignatureInfo
| JSON representation |
|---|
{ "sigcheck": { object ( |
| Fields | |
|---|---|
sigcheck |
|
codesign |
|
FileMetadataCodesign
| JSON representation |
|---|
{ "id": string, "format": string, "compilation_time": string } |
| Fields | |
|---|---|
id |
|
format |
|
compilation_time |
A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
PDFInfo
| JSON representation |
|---|
{ "js": string, "javascript": string, "launch_action_count": string, "object_stream_count": string, "endobj_count": string, "header": string, "acroform": string, "autoaction": string, "embedded_file": string, "encrypted": string, "flash": string, "jbig2_compression": string, "obj_count": string, "endstream_count": string, "page_count": string, "stream_count": string, "openaction": string, "startxref": string, "suspicious_colors": string, "trailer": string, "xfa": string, "xref": string } |
| Fields | |
|---|---|
js |
|
javascript |
|
launch_action_count |
|
object_stream_count |
|
endobj_count |
|
header |
|
acroform |
|
autoaction |
|
embedded_file |
|
encrypted |
|
flash |
|
jbig2_compression |
|
obj_count |
|
endstream_count |
|
page_count |
|
stream_count |
|
openaction |
|
startxref |
|
suspicious_colors |
|
trailer |
|
xfa |
|
xref |
|
TokenElevationType
| Enums | |
|---|---|
UNKNOWN |
|
TYPE_1 |
|
TYPE_2 |
|
TYPE_3 |
|
Asset
| JSON representation |
|---|
{ "product_object_id": string, "hostname": string, "asset_id": string, "ip": [ string ], "mac": [ string ], "nat_ip": [ string ], "first_seen_time": string, "hardware": [ { object ( |
| Fields | |
|---|---|
product_object_id |
|
hostname |
|
asset_id |
|
ip[] |
|
mac[] |
|
nat_ip[] |
|
first_seen_time |
A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
hardware[] |
|
platform_software |
|
software[] |
|
location |
|
category |
|
type |
|
network_domain |
|
creation_time |
A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
first_discover_time |
A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
last_discover_time |
A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
system_last_update_time |
A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
last_boot_time |
A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
labels[] |
|
deployment_status |
|
vulnerabilities[] |
|
attribute |
|
Hardware
| JSON representation |
|---|
{ "serial_number": string, "manufacturer": string, "model": string, "cpu_platform": string, "cpu_model": string, "cpu_clock_speed": string, "cpu_max_clock_speed": string, "cpu_number_cores": string, "ram": string } |
| Fields | |
|---|---|
serial_number |
|
manufacturer |
|
model |
|
cpu_platform |
|
cpu_model |
|
cpu_clock_speed |
|
cpu_max_clock_speed |
|
cpu_number_cores |
|
ram |
|
PlatformSoftware
| JSON representation |
|---|
{
"platform": enum ( |
| Fields | |
|---|---|
platform |
|
platform_version |
|
platform_patch_level |
|
Platform
| Enums | |
|---|---|
UNKNOWN_PLATFORM |
|
WINDOWS |
|
MAC |
|
LINUX |
|
GCP |
|
AWS |
|
AZURE |
|
IOS |
|
ANDROID |
|
CHROME_OS |
|
Software
| JSON representation |
|---|
{
"name": string,
"version": string,
"permissions": [
{
object ( |
| Fields | |
|---|---|
name |
|
version |
|
permissions[] |
|
description |
|
vendor_name |
|
AssetType
| Enums | |
|---|---|
ROLE_UNSPECIFIED |
|
WORKSTATION |
|
LAPTOP |
|
IOT |
|
NETWORK_ATTACHED_STORAGE |
|
PRINTER |
|
SCANNER |
|
SERVER |
|
TAPE_LIBRARY |
|
MOBILE |
|
DeploymentStatus
| Enums | |
|---|---|
DEPLOYMENT_STATUS_UNSPECIFIED |
|
ACTIVE |
|
PENDING_DECOMISSION |
|
DECOMISSIONED |
|
Registry
| JSON representation |
|---|
{ "registry_key": string, "registry_value_name": string, "registry_value_data": string } |
| Fields | |
|---|---|
registry_key |
|
registry_value_name |
|
registry_value_data |
|
Id
| JSON representation |
|---|
{
"namespace": enum ( |
| Fields | |
|---|---|
namespace |
|
id |
A base64-encoded string. |
Investigation
| JSON representation |
|---|
{ "comments": [ string ], "verdict": enum ( |
| Fields | |
|---|---|
comments[] |
|
verdict |
|
reputation |
|
severity_score |
|
status |
|
priority |
|
root_cause |
|
reason |
|
risk_score |
|
Verdict
| Enums | |
|---|---|
VERDICT_UNSPECIFIED |
|
TRUE_POSITIVE |
|
FALSE_POSITIVE |
|
Reputation
| Enums | |
|---|---|
REPUTATION_UNSPECIFIED |
|
USEFUL |
|
NOT_USEFUL |
|
Status
| Enums | |
|---|---|
STATUS_UNSPECIFIED |
|
NEW |
|
REVIEWED |
|
CLOSED |
|
OPEN |
|
Priority
| Enums | |
|---|---|
PRIORITY_UNSPECIFIED |
|
PRIORITY_INFO |
|
PRIORITY_LOW |
|
PRIORITY_MEDIUM |
|
PRIORITY_HIGH |
|
PRIORITY_CRITICAL |
|
Reason
| Enums | |
|---|---|
REASON_UNSPECIFIED |
|
REASON_NOT_MALICIOUS |
|
REASON_MALICIOUS |
|
REASON_MAINTENANCE |
|