REST Resource: projects.locations.instances.feeds

Resource: Feed
- JSON representation
FeedDetails
- JSON representation
AnomaliIocSettings
- JSON representation
UsernameSecretAuth
- JSON representation
AzureADContextSettings
- JSON representation
MicrosoftOAuthClientCredentials
- JSON representation
CloudPassageSettings
- JSON representation
CortexXDRSettings
- JSON representation
HttpHeaderAuth
- JSON representation
HeaderKeyValue
- JSON representation
DuoAuthSettings
- JSON representation
DuoUserContextSettings
- JSON representation
MicrosoftGraphAlertSettings
- JSON representation
MicrosoftSecurityCenterAlertSettings
- JSON representation
MimecastMailSettings
- JSON representation
Office365Settings
- JSON representation
ContentType
ProofpointMailSettings
- JSON representation
RecordedFutureIocSettings
- JSON representation
WorkdaySettings
- JSON representation
WorkdayAuth
- JSON representation
PanIocSettings
- JSON representation
OktaSettings
- JSON representation
OktaUserContextSettings
- JSON representation
FoxITStixSettings
- JSON representation
SSLClientKeypair
- JSON representation
ThreatConnectIoCSettings
- JSON representation
ServiceNowCMDBSettings
- JSON representation
ImpervaWAFSettings
- JSON representation
ThinkstCanarySettings
- JSON representation
RHIsacIocSettings
- JSON representation
OAuthClientCredentials
- JSON representation
Rapid7InsightSettings
- JSON representation
SalesforceSettings
- JSON representation
OAuthPasswordGrantCredentials
- JSON representation
OAuthJWTCredentials
- JSON representation
RSCredentials
- JSON representation
Claims
- JSON representation
NetskopeAlertSettings
- JSON representation
AzureMDMIntuneSettings
- JSON representation
AzureADSettings
- JSON representation
ProofpointOnDemandSettings
- JSON representation
WorkspaceUsersSettings
- JSON representation
WorkspaceActivitySettings
- JSON representation
WorkspaceAlertsSettings
- JSON representation
WorkspacePrivilegesSettings
- JSON representation
WorkspaceMobileSettings
- JSON representation
WorkspaceChromeOSSettings
- JSON representation
WorkspaceGroupsSettings
- JSON representation
AzureADAuditSettings
- JSON representation
SymantecEventExportSettings
- JSON representation
OAuthRefreshToken
- JSON representation
QualysVMSettings
- JSON representation
PanPrismaCloudSettings
- JSON representation
PanPrismaAuth
- JSON representation
GoogleCloudStorageSettings
- JSON representation
URISourceType
SourceDeletionOption
HttpSettings
- JSON representation
SftpSettings
- JSON representation
SftpAuth
- JSON representation
AmazonS3Settings
- JSON representation
S3Auth
- JSON representation
S3Region
AzureBlobStoreSettings
- JSON representation
AzureAuth
- JSON representation
AmazonSQSSettings
- JSON representation
SQSAuth
- JSON representation
SQSAccessKeySecretAuth
- JSON representation
AdditionalS3AccessKeySecretAuth
- JSON representation
GoogleCloudIdentityDevicesSettings
- JSON representation
GoogleCloudIdentityDeviceUsersSettings
- JSON representation
CrowdStrikeDetectsSettings
- JSON representation
MandiantIoCSettings
- JSON representation
SentineloneAlertSettings
- JSON representation
QualysScanSettings
- JSON representation
ApiType
PubsubSettings
- JSON representation
AmazonKinesisFirehoseSettings
WebhookSettings
DummyLogTypeSettings
- JSON representation
HttpsPushGoogleCloudPubSubSettings
HttpsPushAmazonKinesisFirehoseSettings
HttpsPushWebhookSettings
FeedSourceType
State
Methods

Resource: Feed

Feed is a resource that contains feed information needed to create a feed.

JSON representation
{ "name": string, "display_name": string, "details": { object (`FeedDetails`) }, "state": enum (`State`), "failure_msg": string, "read_only": boolean }

Fields
`name`	`string` The resource name of the feed. Format: projects/{project}/locations/{location}/instances/{instance}/feeds/{feed}
`display_name`	`string` Customer-provided feed name.
`details`	`object (FeedDetails)` Additional details of the feed, these details are dynamic and will be different for each of the feeds.
`state`	`enum (State)` Output only. State of the feed.
`failure_msg`	`string` Output only. Details about the most recent failure when feed state is FAILED.
`read_only`	`boolean` Output only. Whether this feed can be updated or deleted.

FeedDetails

Additional details of the feed, these details are dynamic and will be different for each of the feeds.

JSON representation

JSON representation
{ "feed_source_type": enum (`FeedSourceType`), "log_type": string, "asset_namespace": string, "labels": { string: string, ... }, // Union field `details` can be only one of the following: "anomali_settings": { object (`AnomaliIocSettings`) }, "azure_ad_context_settings": { object (`AzureADContextSettings`) }, "cloud_passage_settings": { object (`CloudPassageSettings`) }, "cortex_xdr_settings": { object (`CortexXDRSettings`) }, "duo_auth_settings": { object (`DuoAuthSettings`) }, "duo_user_context_settings": { object (`DuoUserContextSettings`) }, "microsoft_graph_alert_settings": { object (`MicrosoftGraphAlertSettings`) }, "microsoft_security_center_alert_settings": { object (`MicrosoftSecurityCenterAlertSettings`) }, "mimecast_mail_settings": { object (`MimecastMailSettings`) }, "office365_settings": { object (`Office365Settings`) }, "proofpoint_mail_settings": { object (`ProofpointMailSettings`) }, "recorded_future_ioc_settings": { object (`RecordedFutureIocSettings`) }, "workday_settings": { object (`WorkdaySettings`) }, "pan_ioc_settings": { object (`PanIocSettings`) }, "okta_settings": { object (`OktaSettings`) }, "okta_user_context_settings": { object (`OktaUserContextSettings`) }, "fox_it_stix_settings": { object (`FoxITStixSettings`) }, "threat_connect_ioc_settings": { object (`ThreatConnectIoCSettings`) }, "service_now_cmdb_settings": { object (`ServiceNowCMDBSettings`) }, "imperva_waf_settings": { object (`ImpervaWAFSettings`) }, "thinkst_canary_settings": { object (`ThinkstCanarySettings`) }, "rh_isac_ioc_settings": { object (`RHIsacIocSettings`) }, "rapid7_insight_settings": { object (`Rapid7InsightSettings`) }, "salesforce_settings": { object (`SalesforceSettings`) }, "netskope_alert_settings": { object (`NetskopeAlertSettings`) }, "azure_mdm_intune_settings": { object (`AzureMDMIntuneSettings`) }, "azure_ad_settings": { object (`AzureADSettings`) }, "proofpoint_on_demand_settings": { object (`ProofpointOnDemandSettings`) }, "workspace_users_settings": { object (`WorkspaceUsersSettings`) }, "workspace_activity_settings": { object (`WorkspaceActivitySettings`) }, "workspace_alerts_settings": { object (`WorkspaceAlertsSettings`) }, "workspace_privileges_settings": { object (`WorkspacePrivilegesSettings`) }, "workspace_mobile_settings": { object (`WorkspaceMobileSettings`) }, "workspace_chrome_os_settings": { object (`WorkspaceChromeOSSettings`) }, "workspace_groups_settings": { object (`WorkspaceGroupsSettings`) }, "azure_ad_audit_settings": { object (`AzureADAuditSettings`) }, "symantec_event_export_settings": { object (`SymantecEventExportSettings`) }, "qualys_vm_settings": { object (`QualysVMSettings`) }, "pan_prisma_cloud_settings": { object (`PanPrismaCloudSettings`) }, "gcs_settings": { object (`GoogleCloudStorageSettings`) }, "http_settings": { object (`HttpSettings`) }, "sftp_settings": { object (`SftpSettings`) }, "amazon_s3_settings": { object (`AmazonS3Settings`) }, "azure_blob_store_settings": { object (`AzureBlobStoreSettings`) }, "amazon_sqs_settings": { object (`AmazonSQSSettings`) }, "google_cloud_identity_devices_settings": { object (`GoogleCloudIdentityDevicesSettings`) }, "google_cloud_identity_device_users_settings": { object (`GoogleCloudIdentityDeviceUsersSettings`) }, "crowdstrike_detects_settings": { object (`CrowdStrikeDetectsSettings`) }, "mandiant_ioc_settings": { object (`MandiantIoCSettings`) }, "sentinelone_alert_settings": { object (`SentineloneAlertSettings`) }, "qualys_scan_settings": { object (`QualysScanSettings`) }, "pubsub_settings": { object (`PubsubSettings`) }, "amazon_kinesis_firehose_settings": { object (`AmazonKinesisFirehoseSettings`) }, "webhook_settings": { object (`WebhookSettings`) }, "dummy_log_type_settings": { object (`DummyLogTypeSettings`) }, "https_push_google_cloud_pubsub_settings": { object (`HttpsPushGoogleCloudPubSubSettings`) }, "https_push_amazon_kinesis_firehose_settings": { object (`HttpsPushAmazonKinesisFirehoseSettings`) }, "https_push_webhook_settings": { object (`HttpsPushWebhookSettings`) } // End of list of possible types for union field `details`. }

{
  "feed_source_type": enum (FeedSourceType),
  "log_type": string,
  "asset_namespace": string,
  "labels": {
    string: string,
    ...
  },

  // Union field details can be only one of the following:
  "anomali_settings": {
    object (AnomaliIocSettings)
  },
  "azure_ad_context_settings": {
    object (AzureADContextSettings)
  },
  "cloud_passage_settings": {
    object (CloudPassageSettings)
  },
  "cortex_xdr_settings": {
    object (CortexXDRSettings)
  },
  "duo_auth_settings": {
    object (DuoAuthSettings)
  },
  "duo_user_context_settings": {
    object (DuoUserContextSettings)
  },
  "microsoft_graph_alert_settings": {
    object (MicrosoftGraphAlertSettings)
  },
  "microsoft_security_center_alert_settings": {
    object (MicrosoftSecurityCenterAlertSettings)
  },
  "mimecast_mail_settings": {
    object (MimecastMailSettings)
  },
  "office365_settings": {
    object (Office365Settings)
  },
  "proofpoint_mail_settings": {
    object (ProofpointMailSettings)
  },
  "recorded_future_ioc_settings": {
    object (RecordedFutureIocSettings)
  },
  "workday_settings": {
    object (WorkdaySettings)
  },
  "pan_ioc_settings": {
    object (PanIocSettings)
  },
  "okta_settings": {
    object (OktaSettings)
  },
  "okta_user_context_settings": {
    object (OktaUserContextSettings)
  },
  "fox_it_stix_settings": {
    object (FoxITStixSettings)
  },
  "threat_connect_ioc_settings": {
    object (ThreatConnectIoCSettings)
  },
  "service_now_cmdb_settings": {
    object (ServiceNowCMDBSettings)
  },
  "imperva_waf_settings": {
    object (ImpervaWAFSettings)
  },
  "thinkst_canary_settings": {
    object (ThinkstCanarySettings)
  },
  "rh_isac_ioc_settings": {
    object (RHIsacIocSettings)
  },
  "rapid7_insight_settings": {
    object (Rapid7InsightSettings)
  },
  "salesforce_settings": {
    object (SalesforceSettings)
  },
  "netskope_alert_settings": {
    object (NetskopeAlertSettings)
  },
  "azure_mdm_intune_settings": {
    object (AzureMDMIntuneSettings)
  },
  "azure_ad_settings": {
    object (AzureADSettings)
  },
  "proofpoint_on_demand_settings": {
    object (ProofpointOnDemandSettings)
  },
  "workspace_users_settings": {
    object (WorkspaceUsersSettings)
  },
  "workspace_activity_settings": {
    object (WorkspaceActivitySettings)
  },
  "workspace_alerts_settings": {
    object (WorkspaceAlertsSettings)
  },
  "workspace_privileges_settings": {
    object (WorkspacePrivilegesSettings)
  },
  "workspace_mobile_settings": {
    object (WorkspaceMobileSettings)
  },
  "workspace_chrome_os_settings": {
    object (WorkspaceChromeOSSettings)
  },
  "workspace_groups_settings": {
    object (WorkspaceGroupsSettings)
  },
  "azure_ad_audit_settings": {
    object (AzureADAuditSettings)
  },
  "symantec_event_export_settings": {
    object (SymantecEventExportSettings)
  },
  "qualys_vm_settings": {
    object (QualysVMSettings)
  },
  "pan_prisma_cloud_settings": {
    object (PanPrismaCloudSettings)
  },
  "gcs_settings": {
    object (GoogleCloudStorageSettings)
  },
  "http_settings": {
    object (HttpSettings)
  },
  "sftp_settings": {
    object (SftpSettings)
  },
  "amazon_s3_settings": {
    object (AmazonS3Settings)
  },
  "azure_blob_store_settings": {
    object (AzureBlobStoreSettings)
  },
  "amazon_sqs_settings": {
    object (AmazonSQSSettings)
  },
  "google_cloud_identity_devices_settings": {
    object (GoogleCloudIdentityDevicesSettings)
  },
  "google_cloud_identity_device_users_settings": {
    object (GoogleCloudIdentityDeviceUsersSettings)
  },
  "crowdstrike_detects_settings": {
    object (CrowdStrikeDetectsSettings)
  },
  "mandiant_ioc_settings": {
    object (MandiantIoCSettings)
  },
  "sentinelone_alert_settings": {
    object (SentineloneAlertSettings)
  },
  "qualys_scan_settings": {
    object (QualysScanSettings)
  },
  "pubsub_settings": {
    object (PubsubSettings)
  },
  "amazon_kinesis_firehose_settings": {
    object (AmazonKinesisFirehoseSettings)
  },
  "webhook_settings": {
    object (WebhookSettings)
  },
  "dummy_log_type_settings": {
    object (DummyLogTypeSettings)
  },
  "https_push_google_cloud_pubsub_settings": {
    object (HttpsPushGoogleCloudPubSubSettings)
  },
  "https_push_amazon_kinesis_firehose_settings": {
    object (HttpsPushAmazonKinesisFirehoseSettings)
  },
  "https_push_webhook_settings": {
    object (HttpsPushWebhookSettings)
  }
  // End of list of possible types for union field details.
}

Fields
`feed_source_type`	`enum (FeedSourceType)` Source Type of the feed.
`log_type`	`string` LogType. Format: projects/{project}/locations/{location}/instances/{instance}/logTypes/{log_type}
`asset_namespace`	`string` The asset namespace to apply to all logs ingested through this feed.
`labels`	`map (key: string, value: string)` The ingestion metadata labels to apply to all logs ingested through this feed, and the resulting normalized data. An object containing a list of `"key": value` pairs. Example: `{ "name": "wrench", "mass": "1.3kg", "count": "3" }`.
Union field `details`. Additional details of the feed. Depends on the feed type. `details` can be only one of the following:
`anomali_settings`	`object (AnomaliIocSettings)` Anomali IOC settings.
`azure_ad_context_settings`	`object (AzureADContextSettings)` Azure AD Context settings.
`cloud_passage_settings`	`object (CloudPassageSettings)` Cloud Passage settings.
`cortex_xdr_settings`	`object (CortexXDRSettings)` Cortex XDR settings.
`duo_auth_settings`	`object (DuoAuthSettings)` Duo Auth settings.
`duo_user_context_settings`	`object (DuoUserContextSettings)` Duo User Context settings.
`microsoft_graph_alert_settings`	`object (MicrosoftGraphAlertSettings)` Microsoft Graph Alert settings.
`microsoft_security_center_alert_settings`	`object (MicrosoftSecurityCenterAlertSettings)` Microsoft Security center alert settings.
`mimecast_mail_settings`	`object (MimecastMailSettings)` Mimecast mail settings.
`office365_settings`	`object (Office365Settings)` Office 365 settings.
`proofpoint_mail_settings`	`object (ProofpointMailSettings)` Proofpoint mail settings.
`recorded_future_ioc_settings`	`object (RecordedFutureIocSettings)` Recorded Future IOC settings.
`workday_settings`	`object (WorkdaySettings)` Workday settings.
`pan_ioc_settings`	`object (PanIocSettings)` PAN IOC settings.
`okta_settings`	`object (OktaSettings)` Okta settings.
`okta_user_context_settings`	`object (OktaUserContextSettings)` Okta user context settings.
`fox_it_stix_settings`	`object (FoxITStixSettings)` Fox-IT STIX settings.
`threat_connect_ioc_settings`	`object (ThreatConnectIoCSettings)` ThreatConnect IOC settings.
`service_now_cmdb_settings`	`object (ServiceNowCMDBSettings)` ServiceNow CMDB settings.
`imperva_waf_settings`	`object (ImpervaWAFSettings)` Imperva WAF settings.
`thinkst_canary_settings`	`object (ThinkstCanarySettings)` Thinkst Canary settings.
`rh_isac_ioc_settings`	`object (RHIsacIocSettings)` RH-ISAC IOC settings.
`rapid7_insight_settings`	`object (Rapid7InsightSettings)` Rapid7 Insight settings.
`salesforce_settings`	`object (SalesforceSettings)` Salesforce settings.
`netskope_alert_settings`	`object (NetskopeAlertSettings)` Netskope alert settings.
`azure_mdm_intune_settings`	`object (AzureMDMIntuneSettings)` Azure MDM Intune settings.
`azure_ad_settings`	`object (AzureADSettings)` Azure AD settings.
`proofpoint_on_demand_settings`	`object (ProofpointOnDemandSettings)` Proofpoint On-Demand settings.
`workspace_users_settings`	`object (WorkspaceUsersSettings)` Workspace users settings.
`workspace_activity_settings`	`object (WorkspaceActivitySettings)` Workspace activity settings.
`workspace_alerts_settings`	`object (WorkspaceAlertsSettings)` Workspace alerts settings.
`workspace_privileges_settings`	`object (WorkspacePrivilegesSettings)` Workspace privileges settings.
`workspace_mobile_settings`	`object (WorkspaceMobileSettings)` Workspace mobile settings.
`workspace_chrome_os_settings`	`object (WorkspaceChromeOSSettings)` Workspace ChromeOS settings.
`workspace_groups_settings`	`object (WorkspaceGroupsSettings)` Workspace Groups settings.
`azure_ad_audit_settings`	`object (AzureADAuditSettings)` Azure AD Audit settings.
`symantec_event_export_settings`	`object (SymantecEventExportSettings)` Symantec Event Export settings.
`qualys_vm_settings`	`object (QualysVMSettings)` Qualys VM settings
`pan_prisma_cloud_settings`	`object (PanPrismaCloudSettings)` PAN Prisma Cloud settings.
`gcs_settings`	`object (GoogleCloudStorageSettings)` Google Cloud Storage settings.
`http_settings`	`object (HttpSettings)` HTTP settings.
`sftp_settings`	`object (SftpSettings)` SFTP settings.
`amazon_s3_settings`	`object (AmazonS3Settings)` Amazon S3 settings.
`azure_blob_store_settings`	`object (AzureBlobStoreSettings)` Azure Blob Storage settings.
`amazon_sqs_settings`	`object (AmazonSQSSettings)` Amazon SQS settings.
`google_cloud_identity_devices_settings`	`object (GoogleCloudIdentityDevicesSettings)` Google Cloud Identity Devices settings.
`google_cloud_identity_device_users_settings`	`object (GoogleCloudIdentityDeviceUsersSettings)` Google Cloud Identity Device Users settings.
`crowdstrike_detects_settings`	`object (CrowdStrikeDetectsSettings)` CrowdStrike Detects API settings.
`mandiant_ioc_settings`	`object (MandiantIoCSettings)` Mandiant IOC settings.
`sentinelone_alert_settings`	`object (SentineloneAlertSettings)` SentinelOne Alert settings.
`qualys_scan_settings`	`object (QualysScanSettings)` Qualys Scan Settings
`pubsub_settings`	`object (PubsubSettings)` Pub/Sub settings.
`amazon_kinesis_firehose_settings`	`object (AmazonKinesisFirehoseSettings)` Amazon Kinesis Firehose settings.
`webhook_settings`	`object (WebhookSettings)` Webhook settings.
`dummy_log_type_settings`	`object (DummyLogTypeSettings)` DummyLogType Settings.
`https_push_google_cloud_pubsub_settings`	`object (HttpsPushGoogleCloudPubSubSettings)` Https push Google Pub/Sub settings.
`https_push_amazon_kinesis_firehose_settings`	`object (HttpsPushAmazonKinesisFirehoseSettings)` Https push Amazon Kinesis Firehose settings.
`https_push_webhook_settings`	`object (HttpsPushWebhookSettings)` Https push Webhook settings.

AnomaliIocSettings

Anomali IOC settings.

JSON representation
{ "authentication": { object (`UsernameSecretAuth`) } }

Fields

authentication

object (UsernameSecretAuth)

Input only. Authentication.

UsernameSecretAuth

Info for username and secret based authentication.

JSON representation
{ "user": string, "secret": string }

Fields

Fields
`user`	`string` Username of an identity used for authentication.
`secret`	`string` Secret of the account identified by user_name.

user

string

Username of an identity used for authentication.

secret

string

Secret of the account identified by user_name.

AzureADContextSettings

Azure AD Context settings.

JSON representation
{ "authentication": { object (`MicrosoftOAuthClientCredentials`) }, "retrieve_devices": boolean, "retrieve_groups": boolean, "tenant_id": string, "hostname": string, "auth_endpoint": string }

Fields
`authentication`	`object (MicrosoftOAuthClientCredentials)` Input only. Authentication.
`retrieve_devices`	`boolean` Whether to retrieve device information in user context.
`retrieve_groups`	`boolean` Whether to retrieve group information in user context.
`tenant_id`	`string` Tenant ID.
`hostname`	`string` API Hostname.
`auth_endpoint`	`string` API Auth Endpoint.

MicrosoftOAuthClientCredentials

Microsoft OAuth 2.0 client credentials grant.

JSON representation
{ "client_id": string, "client_secret": string }

Fields

Fields
`client_id`	`string` Client ID.
`client_secret`	`string` Client secret.

client_id

string

Client ID.

client_secret

string

Client secret.

CloudPassageSettings

CloudPassage settings.

JSON representation
{ "authentication": { object (`UsernameSecretAuth`) }, "event_types": [ string ] }

Fields

authentication

object (UsernameSecretAuth)

Input only. Authentication.

event_types[]

string

Event types filter for the events API.

CortexXDRSettings

PAN Cortex XDR settings.

JSON representation
{ "authentication": { object (`HttpHeaderAuth`) }, "hostname": string, "endpoint": string }

Fields

authentication

object (HttpHeaderAuth)

Input only. Authentication.

hostname

string

API Hostname.

endpoint

string

API Endpoint.

HttpHeaderAuth

HTTP header based authentication.

JSON representation
{ "header_key_values": [ { object (`HeaderKeyValue`) } ] }

Fields

Fields
`header_key_values[]`	`object (HeaderKeyValue)` Header key-value pairs.

header_key_values[]

object (HeaderKeyValue)

Header key-value pairs.

HeaderKeyValue

Header key-value pairs.

JSON representation
{ "key": string, "value": string }

Fields

Fields
`key`	`string` Key.
`value`	`string` Value.

key

string

Key.

value

string

Value.

DuoAuthSettings

Duo Authentication settings.

JSON representation
{ "authentication": { object (`UsernameSecretAuth`) }, "hostname": string }

Fields

authentication

object (UsernameSecretAuth)

Input only. Authentication.

hostname

string

API Hostname.

DuoUserContextSettings

Duo User Context settings.

JSON representation
{ "authentication": { object (`UsernameSecretAuth`) }, "hostname": string }

Fields

authentication

object (UsernameSecretAuth)

Input only. Authentication.

hostname

string

API hostname.

MicrosoftGraphAlertSettings

Microsoft Graph Alert settings.

JSON representation
{ "authentication": { object (`MicrosoftOAuthClientCredentials`) }, "tenant_id": string, "hostname": string, "auth_endpoint": string }

Fields
`authentication`	`object (MicrosoftOAuthClientCredentials)` Input only. Authentication.
`tenant_id`	`string` Tenant ID.
`hostname`	`string` API Hostname.
`auth_endpoint`	`string` API Auth Endpoint.

MicrosoftSecurityCenterAlertSettings

Microsoft Security Center alert settings.

JSON representation
{ "authentication": { object (`MicrosoftOAuthClientCredentials`) }, "subscription_id": string, "tenant_id": string, "hostname": string, "auth_endpoint": string }

Fields
`authentication`	`object (MicrosoftOAuthClientCredentials)` Input only. Authentication.
`subscription_id`	`string` Subscription ID of the Microsoft security center alert settings alert.
`tenant_id`	`string` Tenant ID.
`hostname`	`string` API Hostname.
`auth_endpoint`	`string` API Auth Endpoint.

MimecastMailSettings

Mimecast Mail settings.

JSON representation
{ "authentication": { object (`HttpHeaderAuth`) }, "hostname": string }

Fields

authentication

object (HttpHeaderAuth)

Input only. Authentication.

hostname

string

API Hostname.

Office365Settings

Office 365 settings.

JSON representation
{ "authentication": { object (`MicrosoftOAuthClientCredentials`) }, "tenant_id": string, "content_type": enum (`ContentType`), "hostname": string, "auth_endpoint": string }

Fields
`authentication`	`object (MicrosoftOAuthClientCredentials)` Input only. Authentication.
`tenant_id`	`string` Tenant ID.
`content_type`	`enum (ContentType)` Supported office 365 content type.
`hostname`	`string` API Hostname.
`auth_endpoint`	`string` API Auth Endpoint.

ContentType

Office 365 supported content types: https://docs.microsoft.com/en-us/office/office-365-management-api/office-365-management-activity-api-reference#working-with-the-office-365-management-activity-api

Enums
`CONTENT_TYPE_UNSPECIFIED`	Unspecified content type.
`AUDIT_AZURE_ACTIVE_DIRECTORY`	Audit.AzureActiveDirectory.
`AUDIT_EXCHANGE`	Audit.Exchange.
`AUDIT_SHARE_POINT`	Audit.SharePoint.
`AUDIT_GENERAL`	Audit.General.
`DLP_ALL`	DLP.All.

ProofpointMailSettings

Proofpoint Mail settings.

JSON representation
{ "authentication": { object (`UsernameSecretAuth`) } }

Fields

authentication

object (UsernameSecretAuth)

Input only. Authentication.

RecordedFutureIocSettings

Recorded Future IOC settings.

JSON representation
{ "authentication": { object (`HttpHeaderAuth`) } }

Fields

authentication

object (HttpHeaderAuth)

Input only. Authentication.

WorkdaySettings

Workday settings.

JSON representation
{ "authentication": { object (`WorkdayAuth`) }, "hostname": string, "tenant_id": string }

Fields

Fields
`authentication`	`object (WorkdayAuth)` Input only. Authentication.
`hostname`	`string` API Hostname.
`tenant_id`	`string` Tenant ID.

authentication

object (WorkdayAuth)

Input only. Authentication.

hostname

string

API Hostname.

tenant_id

string

Tenant ID.

WorkdayAuth

Authentication for Workday.

JSON representation
{ "user": string, "secret": string, "token_endpoint": string, "client_id": string, "client_secret": string, "refresh_token": string }

Fields
`user`	`string` Username. This is unused: Workday feeds were originally configured using a username and secret authentication method, but only the secret field was used, and it was used to supply the OAuth access token.
`secret`	`string` The access token used to authenticate against Workday. This field is called "secret" to maintain backwards compatibility. Workday was (only) configured using username (which was unused) and secret (which is used as the access token). Either this field or all of the other OAuth fields below must be specified.
`token_endpoint`	`string` Token endpoint to get the OAuth token from.
`client_id`	`string` Client ID.
`client_secret`	`string` Client Secret.
`refresh_token`	`string` Refresh Token.

PanIocSettings

PAN IOC settings.

JSON representation
{ "authentication": { object (`HttpHeaderAuth`) }, "feed_id": string, "feed": string }

Fields

authentication

object (HttpHeaderAuth)

Input only. Authentication.

feed_id

string

PAN IOC feed ID.

feed

string

PAN IOC feed name.

OktaSettings

Okta settings.

JSON representation
{ "authentication": { object (`HttpHeaderAuth`) }, "hostname": string }

Fields

authentication

object (HttpHeaderAuth)

Input only. Authentication.

hostname

string

API Hostname.

OktaUserContextSettings

Okta user context settings.

JSON representation
{ "authentication": { object (`HttpHeaderAuth`) }, "hostname": string, "manager_id_reference_field": string }

Fields

authentication

object (HttpHeaderAuth)

Input only. Authentication.

hostname

string

API Hostname.

manager_id_reference_field

string

Manager id reference field.

FoxITStixSettings

Fox-IT STIX settings.

JSON representation
{ "authentication": { object (`UsernameSecretAuth`) }, "ssl": { object (`SSLClientKeypair`) }, "poll_service_uri": string, "collection": string }

Fields
`authentication`	`object (UsernameSecretAuth)` Input only. Authentication.
`ssl`	`object (SSLClientKeypair)` SSL client key pair.
`poll_service_uri`	`string` TAXII poll service URI.
`collection`	`string` Collection available at the poll service.

SSLClientKeypair

An SSL client certificate keypair.

JSON representation
{ "encoded_private_key": string, "ssl_certificate": string }

Fields

encoded_private_key

string

The encoded private key. The string should be a private key in PEM format, and should include the begin header and end footer lines. It may also include newlines.

Example: -----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED DEK-Info: DES-EDE3-CBC,F23074E02CF47304

-----END RSA PRIVATE KEY-----

ssl_certificate

string

The encoded SSL certificate. The string should be an SSL certificate in PEM format, and should include the begin header and end footer lines. It may also include newlines.

Example: -----BEGIN CERTIFICATE----- -----END CERTIFICATE-----

ThreatConnectIoCSettings

ThreatConnect IOC Settings.

JSON representation
{ "authentication": { object (`UsernameSecretAuth`) }, "hostname": string, "owners": [ string ] }

Fields

authentication

object (UsernameSecretAuth)

Input only. Authentication.

hostname

string

API Hostname.

owners[]

string

Owners.

ServiceNowCMDBSettings

ServiceNow CMDB settings.

JSON representation
{ "authentication": { object (`UsernameSecretAuth`) }, "hostname": string, "feedname": string }

Fields

authentication

object (UsernameSecretAuth)

Input only. Authentication.

hostname

string

API Hostname.

feedname

string

Feedname.

ImpervaWAFSettings

Imperva WAF settings.

JSON representation
{ "authentication": { object (`HttpHeaderAuth`) } }

Fields

authentication

object (HttpHeaderAuth)

Input only. Authentication.

ThinkstCanarySettings

Thinkst Canary settings.

JSON representation
{ "authentication": { object (`HttpHeaderAuth`) }, "hostname": string }

Fields

authentication

object (HttpHeaderAuth)

Input only. Authentication.

hostname

string

API Hostname.

RHIsacIocSettings

RH-ISAC settings.

JSON representation
{ "authentication": { object (`OAuthClientCredentials`) } }

Fields

authentication

object (OAuthClientCredentials)

Input only. Authentication.

OAuthClientCredentials

OAuth 2.0 client credentials grant. See https://tools.ietf.org/html/rfc6749.

JSON representation
{ "token_endpoint": string, "client_id": string, "client_secret": string }

Fields

token_endpoint

string

Token endpoint.

client_id

string

Client ID.

client_secret

string

Client secret.

Rapid7InsightSettings

Rapid7 Insight settings.

JSON representation
{ "authentication": { object (`HttpHeaderAuth`) }, "endpoint": string, "hostname": string }

Fields

authentication

object (HttpHeaderAuth)

Input only. Authentication.

endpoint

string

Rapid7 API endpoint. Should be "vulnerabilities" or "assets".

hostname

string

API Hostname.

SalesforceSettings

Salesforce settings.

JSON representation

{
  "hostname": string,

  // Union field authentication can be only one of the following:
  "oauth_password_grant_auth": {
    object (OAuthPasswordGrantCredentials)
  },
  "oauth_jwt_credentials": {
    object (OAuthJWTCredentials)
  }
  // End of list of possible types for union field authentication.
}

Fields
`hostname`	`string` API hostname.
Union field `authentication`. Possible types of authentication. `authentication` can be only one of the following:
`oauth_password_grant_auth`	`object (OAuthPasswordGrantCredentials)` Input only. OAuthPasswordGrantCredentials auth.
`oauth_jwt_credentials`	`object (OAuthJWTCredentials)` Input only. OAuthJWTCredentials auth.

OAuthPasswordGrantCredentials

OAuth 2.0 password grant. See https://tools.ietf.org/html/rfc6749.

JSON representation
{ "token_endpoint": string, "client_id": string, "client_secret": string, "user": string, "password": string }

Fields
`token_endpoint`	`string` Token endpoint to get the OAuth token from.
`client_id`	`string` Client ID.
`client_secret`	`string` Client secret.
`user`	`string` Username.
`password`	`string` Password.

OAuthJWTCredentials

OAuth 2.0 JWT grant. See, https://tools.ietf.org/html/rfc7519

JSON representation

{
  "token_endpoint": string,
  "claims": {
    object (Claims)
  },

  // Union field credentials can be only one of the following:
  "rs_credentials": {
    object (RSCredentials)
  }
  // End of list of possible types for union field credentials.
}

Fields
`token_endpoint`	`string` Token endpoint to get the OAuth token from.
`claims`	`object (Claims)` Claims.
Union field `credentials`. Credentials. `credentials` can be only one of the following:
`rs_credentials`	`object (RSCredentials)` RS credentials.

RSCredentials

RS credentials.

JSON representation
{ "private_key": string }

Fields

private_key

string

Private key in PEM format.

Claims

Claims identifying a specific customer.

JSON representation
{ "issuer": string, "subject": string, "audience": string }

Fields

issuer

string

Issuer. Usually the client_id.

subject

string

Subject. Usually the email.

audience

string

Audience.

NetskopeAlertSettings

Netskope Alert settings.

JSON representation
{ "authentication": { object (`HttpHeaderAuth`) }, "hostname": string, "feedname": string, "content_type": string }

Fields
`authentication`	`object (HttpHeaderAuth)` Input only. Authentication.
`hostname`	`string` API Hostname.
`feedname`	`string` Feedname.
`content_type`	`string` Content type.

AzureMDMIntuneSettings

Azure MDM Intune settings.

JSON representation
{ "authentication": { object (`MicrosoftOAuthClientCredentials`) }, "tenant_id": string, "hostname": string, "auth_endpoint": string }

Fields
`authentication`	`object (MicrosoftOAuthClientCredentials)` Input only. Authentication.
`tenant_id`	`string` Tenant ID.
`hostname`	`string` API Hostname.
`auth_endpoint`	`string` API Auth Endpoint.

AzureADSettings

Azure AD settings.

JSON representation
{ "authentication": { object (`MicrosoftOAuthClientCredentials`) }, "tenant_id": string, "hostname": string, "auth_endpoint": string }

Fields
`authentication`	`object (MicrosoftOAuthClientCredentials)` Input only. Authentication.
`tenant_id`	`string` Tenant ID.
`hostname`	`string` API Hostname.
`auth_endpoint`	`string` API Auth Endpoint.

ProofpointOnDemandSettings

Proofpoint On-demand settings.

JSON representation
{ "authentication": { object (`HttpHeaderAuth`) }, "cluster_id": string }

Fields

authentication

object (HttpHeaderAuth)

Input only. Authentication.

cluster_id

string

Cluster ID.

WorkspaceUsersSettings

Workspace Users settings.

JSON representation
{ "authentication": { object (`OAuthJWTCredentials`) }, "workspace_customer_id": string }

Fields

authentication

object (OAuthJWTCredentials)

Input only. Authentication.

workspace_customer_id

string

Customer ID.

WorkspaceActivitySettings

Workspace Activity settings.

JSON representation
{ "authentication": { object (`OAuthJWTCredentials`) }, "workspace_customer_id": string, "applications": [ string ] }

Fields

authentication

object (OAuthJWTCredentials)

Input only. Authentication.

workspace_customer_id

string

Customer ID.

applications[]

string

Applications.

WorkspaceAlertsSettings

Workspace Alert settings.

JSON representation
{ "authentication": { object (`OAuthJWTCredentials`) }, "workspace_customer_id": string }

Fields

authentication

object (OAuthJWTCredentials)

Input only. Authentication.

workspace_customer_id

string

Customer ID.

WorkspacePrivilegesSettings

Workspace Privileges settings.

JSON representation
{ "authentication": { object (`OAuthJWTCredentials`) }, "workspace_customer_id": string }

Fields

authentication

object (OAuthJWTCredentials)

Input only. Authentication.

workspace_customer_id

string

Customer ID.

WorkspaceMobileSettings

Workspace Mobile settings.

JSON representation
{ "authentication": { object (`OAuthJWTCredentials`) }, "workspace_customer_id": string }

Fields

authentication

object (OAuthJWTCredentials)

Input only. Authentication.

workspace_customer_id

string

Customer ID.

WorkspaceChromeOSSettings

Workspace Chrome OS settings.

JSON representation
{ "authentication": { object (`OAuthJWTCredentials`) }, "workspace_customer_id": string }

Fields

authentication

object (OAuthJWTCredentials)

Input only. Authentication.

workspace_customer_id

string

Customer ID.

WorkspaceGroupsSettings

Workspace Groups settings.

JSON representation
{ "authentication": { object (`OAuthJWTCredentials`) }, "workspace_customer_id": string }

Fields

authentication

object (OAuthJWTCredentials)

Input only. Authentication.

workspace_customer_id

string

Customer ID.

AzureADAuditSettings

Azure AD Audit settings.

JSON representation
{ "authentication": { object (`MicrosoftOAuthClientCredentials`) }, "tenant_id": string, "hostname": string, "auth_endpoint": string }

Fields
`authentication`	`object (MicrosoftOAuthClientCredentials)` Input only. Authentication.
`tenant_id`	`string` Tenant ID.
`hostname`	`string` API Hostname.
`auth_endpoint`	`string` API Auth Endpoint.

SymantecEventExportSettings

Symantec Event Export settings.

JSON representation
{ "authentication": { object (`OAuthRefreshToken`) } }

Fields

authentication

object (OAuthRefreshToken)

Input only. Authentication.

OAuthRefreshToken

OAuth 2.0 refresh token grant. See https://tools.ietf.org/html/rfc6749.

JSON representation
{ "token_endpoint": string, "client_id": string, "client_secret": string, "refresh_token": string }

Fields
`token_endpoint`	`string` Token endpoint to get the OAuth token from.
`client_id`	`string` Client ID.
`client_secret`	`string` Client secret.
`refresh_token`	`string` Refresh token.

QualysVMSettings

Qualys VM settings.

JSON representation
{ "authentication": { object (`UsernameSecretAuth`) }, "hostname": string }

Fields

authentication

object (UsernameSecretAuth)

Input only. Authentication.

hostname

string

API Hostname.

PanPrismaCloudSettings

PAN Prisma Cloud settings.

JSON representation
{ "authentication": { object (`PanPrismaAuth`) }, "hostname": string }

Fields

authentication

object (PanPrismaAuth)

Input only. Authentication.

hostname

string

API Hostname.

PanPrismaAuth

PAN Prisma Cloud auth.

JSON representation
{ "user": string, "password": string }

Fields

user

string

Username.

password

string

Password.

GoogleCloudStorageSettings

Google Cloud Storage settings.

JSON representation
{ "bucket_uri": string, "source_type": enum (`URISourceType`), "source_deletion_option": enum (`SourceDeletionOption`), "chronicle_service_account": string }

Fields
`bucket_uri`	`string` Bucket URI.
`source_type`	`enum (URISourceType)` The URI source type.
`source_deletion_option`	`enum (SourceDeletionOption)` Source deletion option.
`chronicle_service_account`	`string` Output only. Service Account Chronicle will be using to pull data.

URISourceType

The type of URIs specified in the source URIs.

Enums
`URI_SOURCE_TYPE_UNSPECIFIED`	If encountered, will throw an `INVALID_ARGUMENT` error.
`FILES`	The type of files pointed to by `source_uris` are files.
`FOLDERS`	The type of files pointed to by `source_uris` are folders and Xenon should not descend into subfolders of those folders.
`FOLDERS_RECURSIVE`	The type of files pointed to by `source_uris` are folders and Xenon should descend into subfolders of those folders.

SourceDeletionOption

Source deletion option controls whether source files should be deleted after transferring.

Enums
`SOURCE_DELETION_OPTION_UNSPECIFIED`	If encountered, will be treated as `SOURCE_DELETION_NEVER`.
`SOURCE_DELETION_NEVER`	Never delete files from the source.
`SOURCE_DELETION_ON_SUCCESS`	After the fetch completes, if there are no errors, delete files and any directories made empty by the file deletion from the source.
`SOURCE_DELETION_ON_SUCCESS_FILES_ONLY`	After the fetch completes, if there are no errors, delete files (leaving any directories) from the source.

HttpSettings

HTTP settings.

JSON representation
{ "uri": string, "source_type": enum (`URISourceType`), "source_deletion_option": enum (`SourceDeletionOption`) }

Fields

uri

string

HTTP URI.

source_type

enum (URISourceType)

The URI source type.

source_deletion_option

enum (SourceDeletionOption)

Source deletion option.

SftpSettings

SFTP settings.

JSON representation
{ "authentication": { object (`SftpAuth`) }, "uri": string, "source_type": enum (`URISourceType`), "source_deletion_option": enum (`SourceDeletionOption`) }

Fields
`authentication`	`object (SftpAuth)` Input only. Authentication.
`uri`	`string` SFTP URI.
`source_type`	`enum (URISourceType)` The URI source type.
`source_deletion_option`	`enum (SourceDeletionOption)` Source deletion option.

SftpAuth

SFTP Auth.

JSON representation
{ "username": string, "password": string, "private_key": string, "private_key_passphrase": string }

Fields
`username`	`string` Username. Used for username and password authentication.
`password`	`string` Password. Used for username and password authentication.
`private_key`	`string` Private key. Used for private key authentication.
`private_key_passphrase`	`string` Private key passphrase. Used for private key authentication.

AmazonS3Settings

Amazon S3 settings.

JSON representation
{ "authentication": { object (`S3Auth`) }, "s3_uri": string, "source_type": enum (`URISourceType`), "source_deletion_option": enum (`SourceDeletionOption`) }

Fields
`authentication`	`object (S3Auth)` Input only. Authentication.
`s3_uri`	`string` S3 URI.
`source_type`	`enum (URISourceType)` The URI source type.
`source_deletion_option`	`enum (SourceDeletionOption)` Source deletion option.

S3Auth

Amazon S3 auth.

JSON representation
{ "access_key_id": string, "secret_access_key": string, "client_id": string, "client_secret": string, "refresh_uri": string, "region": enum (`S3Region`) }

Fields
`access_key_id`	`string` Access key ID. Used when using access key auth.
`secret_access_key`	`string` Secret access key. Used when using access key auth.
`client_id`	`string` Client ID. Used when using OAuth auth.
`client_secret`	`string` Client secret. Used when using OAuth auth.
`refresh_uri`	`string` Refresh URI. Used when using OAuth auth.
`region`	`enum (S3Region)` S3 Region.

S3Region

AWS S3 regions: https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region.

Enums
`S3_REGION_UNSPECIFIED`	Unspecified region means Auto detect. Auto detect does not successfully detect GOV Cloud.
`US_EAST_1`	US. N. Virginia (previously known as US_STANDARD).
`US_EAST_2`	Ohio.
`US_WEST_1`	N. California.
`US_WEST_2`	Oregon.
`US_GOV_CLOUD`	Not accessible unless AWS US Govt. account.
`US_GOV_EAST_1`	Not accessible unless AWS US Govt. account.
`EU_WEST_1`	Europe. Ireland.
`EU_WEST_2`	London.
`EU_WEST_3`	Paris.
`EU_CENTRAL_1`	Frankfurt.
`EU_NORTH_1`	Stockholm.
`EU_SOUTH_1`	Milan.
`AP_SOUTH_1`	Asia Pacific Mumbai.
`AP_SOUTHEAST_1`	Singapore.
`AP_SOUTHEAST_2`	Sydney.
`AP_SOUTHEAST_3`	Jakarta.
`AP_NORTHEAST_1`	Tokyo.
`AP_NORTHEAST_2`	Seoul.
`AP_NORTHEAST_3`	Osaka.
`AP_EAST_1`	Hong Kong.
`SA_EAST_1`	South America. Sao Paulo.
`CN_NORTH_1`	China - Not accessible unless AWS China account. China - Beijing.
`CN_NORTHWEST_1`	China - Ningxia.
`CA_CENTRAL_1`	Canada. Canada Central.
`AF_SOUTH_1`	Africa. Capetown.
`ME_SOUTH_1`	Middle East. Bahrain.

AzureBlobStoreSettings

Azure Blob Storage settings.

JSON representation
{ "authentication": { object (`AzureAuth`) }, "azure_uri": string, "source_type": enum (`URISourceType`), "source_deletion_option": enum (`SourceDeletionOption`) }

Fields
`authentication`	`object (AzureAuth)` Input only. Authentication.
`azure_uri`	`string` Azure URI.
`source_type`	`enum (URISourceType)` The URI source type.
`source_deletion_option`	`enum (SourceDeletionOption)` Source deletion option.

AzureAuth

Azure auth.

JSON representation
{ // Union field `auth_type` can be only one of the following: "shared_key": string, "sas_token": string // End of list of possible types for union field `auth_type`. }

Fields

Union field auth_type. Type of auth used with Azure. auth_type can be only one of the following:

shared_key

string

Shared Key.

sas_token

string

SAS Token.

AmazonSQSSettings

Amazon SQS settings.

JSON representation
{ "region": enum (`S3Region`), "queue": string, "account_number": string, "authentication": { object (`SQSAuth`) }, "source_deletion_option": enum (`SourceDeletionOption`) }

Fields
`region`	`enum (S3Region)` S3 Region.
`queue`	`string` Name of the queue.
`account_number`	`string` Account number of the owner of the queue.
`authentication`	`object (SQSAuth)` Input only. Authentication.
`source_deletion_option`	`enum (SourceDeletionOption)` Source deletion option.

SQSAuth

Amazon SQS auth.

JSON representation
{ "sqs_access_key_secret_auth": { object (`SQSAccessKeySecretAuth`) }, "additional_s3_access_key_secret_auth": { object (`AdditionalS3AccessKeySecretAuth`) } }

Fields

sqs_access_key_secret_auth

object (SQSAccessKeySecretAuth)

SQS access key secret auth.

additional_s3_access_key_secret_auth

object (AdditionalS3AccessKeySecretAuth)

Authentication for the S3 bucket referred to by the items in the SQS queue. This is only required if it is different from the authentication for the queue.

SQSAccessKeySecretAuth

Amazon SQS access key and secret auth.

JSON representation
{ "access_key_id": string, "secret_access_key": string }

Fields

access_key_id

string

Access key ID.

secret_access_key

string

Secret access key.

AdditionalS3AccessKeySecretAuth

Additional S3 access key secret auth.

JSON representation
{ "access_key_id": string, "secret_access_key": string }

Fields

access_key_id

string

Access key ID.

secret_access_key

string

Secret access key.

GoogleCloudIdentityDevicesSettings

Google Cloud Identity Devices settings.

JSON representation
{ "authentication": { object (`OAuthJWTCredentials`) }, "api_version": string }

Fields

authentication

object (OAuthJWTCredentials)

Input only. Authentication

api_version

string

API Version

GoogleCloudIdentityDeviceUsersSettings

Google Cloud Identity Device Users settings.

JSON representation
{ "authentication": { object (`OAuthJWTCredentials`) } }

Fields

authentication

object (OAuthJWTCredentials)

Input only. Authentication.

CrowdStrikeDetectsSettings

CrowdStrike Detects settings.

JSON representation
{ "authentication": { object (`OAuthClientCredentials`) }, "hostname": string }

Fields

authentication

object (OAuthClientCredentials)

Input only. OAuthClientCredentials.

hostname

string

API Hostname.

MandiantIoCSettings

Mandiant IOC settings.

JSON representation
{ "authentication": { object (`HttpHeaderAuth`) }, "start_time": string }

Fields

authentication

object (HttpHeaderAuth)

Input only. Authentication.

start_time

string (Timestamp format)

time since when to start fetching the IOCs

A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".

SentineloneAlertSettings

SentinelOne Alert settings.

JSON representation
{ "authentication": { object (`HttpHeaderAuth`) }, "hostname": string, "initial_start_time": string, "is_alert_api_subscribed": boolean }

Fields
`authentication`	`object (HttpHeaderAuth)` Input only. Authentication.
`hostname`	`string` Hostname of SentinelOne alert settings.
`initial_start_time`	`string` initialStartTime from when to fetch the alerts
`is_alert_api_subscribed`	`boolean` Is the customer subscribed to Alerts Api

QualysScanSettings

Qualys Scan settings.

JSON representation
{ "authentication": { object (`UsernameSecretAuth`) }, "hostname": string, "api_type": enum (`ApiType`) }

Fields

authentication

object (UsernameSecretAuth)

Input only. Authentication

hostname

string

Hostname.

api_type

enum (ApiType)

Supported Qualys Scan api type.

ApiType

API Type

Enums
`API_TYPE_UNSPECIFIED`	Unspecified API Type
`SCAN_SUMMARY_OUTPUT`	Scan Summaries
`SCAN_COMPLIANCE_OUTPUT`	Scan Compliance
`SCAN_COMPLIANCE_CONTROL_OUTPUT`	Scan Compliance Control

PubsubSettings

Settings required by Google Cloud Pub/Sub Feeds(HTTP-Push).

JSON representation
{ "google_service_account_email": string }

Fields

google_service_account_email

string

Google Service Account Email.

AmazonKinesisFirehoseSettings

This type has no fields.

Settings required by Amazon Kinesis Firehose Feeds(HTTP-Push).

WebhookSettings

This type has no fields.

Settings required by Webhook Feeds(HTTP-Push).

DummyLogTypeSettings

Settings required by Feeds of DummyLogType(used for testing purposes).

JSON representation
{ "authentication": { object (`HttpHeaderAuth`) }, "api_endpoint": string }

Fields

authentication

object (HttpHeaderAuth)

Input only. Authentication.

api_endpoint

string

Full API Endpoint.

HttpsPushGoogleCloudPubSubSettings

This type has no fields.

Settings required by Google Cloud Pub/Sub Feeds(HTTPS-Push V2).

HttpsPushAmazonKinesisFirehoseSettings

This type has no fields.

Settings required by Amazon Kinesis Firehose Feeds(HTTPS-Push V2).

HttpsPushWebhookSettings

This type has no fields.

Settings required by Webhook Feeds(HTTPS-Push V2).

FeedSourceType

Different types of feed sources.

Enums
`FEED_SOURCE_TYPE_UNSPECIFIED`	Unspecified feed source type.
`GOOGLE_CLOUD_STORAGE`	Cloud Storage.
`HTTP`	HTTP.
`SFTP`	SFTP.
`AMAZON_S3`	S3.
`AZURE_BLOBSTORE`	Azure Blobstore.
`API`	API.
`AMAZON_SQS`	SQS.
`PUBSUB`	Pub/Sub.
`AMAZON_KINESIS_FIREHOSE`	AMAZON_KINESIS_FIREHOSE.
`WEBHOOK`	WEBHOOK.
`HTTPS_PUSH_GOOGLE_CLOUD_PUBSUB`	HTTPS GCloud Pub/Sub.
`HTTPS_PUSH_AMAZON_KINESIS_FIREHOSE`	HTTPS Amazon Kinesis Firehose.
`HTTPS_PUSH_WEBHOOK`	HTTPS Webhook.

State

List of states a feed can have.

Enums
`STATE_UNSPECIFIED`	Unspecified feed state.
`ACTIVE`	Feed is configured and ready to ingest data. Newly created feeds have this state. Once ingestion begins the feed will transition out of this state and will not transition back.
`INACTIVE`	Feed is Disabled. When a user disables a feed it will transition to this state regardless of its current state. Once enabled a feed will transition to its previous state.
`RUNNING`	Feed is enabled and currently ingesting data. A feed will transition to this state from an ACTIVE or COMPLETED state when Chronicle has begun fetching data for this feed.
`SUCCEEDED`	Feed is enabled and has recently successfully ingested data. A feed will transition to this state from RUNNING or FAILED once a fetch has completed successfully.
`FAILED`	Feed is enabled, but has recently failed to ingest data. A feed will transition to this state only from RUNNING once a fetch has failed. It will remain in this state until a subsequent fetch has succeeded.

Methods
`create`	Creates a feed.
`delete`	Deletes a feed.
`disable`	Disable feed for ingestion.
`enable`	Enable feed for ingestion.
`get`	Gets a feed.
`importPushLogs`	Import logs coming from https push feeds.
`list`	Lists all feeds for the customer.
`patch`	Updates the full feed.