DetectorSettings

User specified settings for all the detectors that are available in Event Threat Detection. Next id: 14

JSON representation
{
  "malwareBadDomain": {
    object (MalwareBadDomainSettings)
  },
  "malwareBadIp": {
    object (MalwareBadIpSettings)
  },
  "cryptominingPoolDomain": {
    object (CryptominingPoolDomainSettings)
  },
  "cryptominingPoolIp": {
    object (CryptominingPoolIpSettings)
  },
  "outgoingDos": {
    object (OutgoingDoSSettings)
  },
  "bruteForceSsh": {
    object (BruteForceSshSettings)
  },
  "iamAnomalousGrant": {
    object (IamAnomalousGrantSettings)
  }
}
Fields
malwareBadDomain

object (MalwareBadDomainSettings)

The settings for the MalwareBadDomain detector.

malwareBadIp

object (MalwareBadIpSettings)

The settings for the MalwareBadIp detector.

cryptominingPoolDomain

object (CryptominingPoolDomainSettings)

The settings for the CryptominingPoolDomain detector.

cryptominingPoolIp

object (CryptominingPoolIpSettings)

The settings for the CryptominingPoolIp detector.

outgoingDos

object (OutgoingDoSSettings)

The settings for the OutgoingDoS detector.

bruteForceSsh

object (BruteForceSshSettings)

The settings for the BruteForceSsh detector.

iamAnomalousGrant

object (IamAnomalousGrantSettings)

The settings for the IamAnomalousGrant detector.

MalwareBadDomainSettings

Settings for the MalwareBadDomain detector that looks for network connections to or from known-bad domains associated with malware.

JSON representation
{
  "enableEventThreatDetection": boolean
}
Fields
enableEventThreatDetection

boolean

Enable Event Threat Detection

MalwareBadIpSettings

Settings for the MalwareBadIp detector that looks for network connections to or from known-bad IPs associated with malware.

JSON representation
{
  "enableEventThreatDetection": boolean
}
Fields
enableEventThreatDetection

boolean

Enable Event Threat Detection

CryptominingPoolDomainSettings

Settings for the CryptominingPoolDomain detector that looks for network connections to or from domains associated with Cryptocurrency pools.

JSON representation
{
  "enableEventThreatDetection": boolean
}
Fields
enableEventThreatDetection

boolean

Enable Event Threat Detection

CryptominingPoolIpSettings

Settings for the CryptominingPoolIpSettings detector that looks for network connections to or from IPs associated with Cryptocurrency pools.

JSON representation
{
  "enableEventThreatDetection": boolean
}
Fields
enableEventThreatDetection

boolean

Enable Event Threat Detection

OutgoingDoSSettings

Settings for the OutgoingDoS detector that looks for when a Google Cloud resource is participating in a denial of service.

JSON representation
{
  "enableEventThreatDetection": boolean
}
Fields
enableEventThreatDetection

boolean

Enable Event Threat Detection

BruteForceSshSettings

Settings for the SshBruteForce detector that looks for successful SSH brute force attempts.

JSON representation
{
  "enableEventThreatDetection": boolean
}
Fields
enableEventThreatDetection

boolean

Enable Event Threat Detection

IamAnomalousGrantSettings

Settings for the IAM anomalous grant detector that looks for grants made to users who are not part the organization.

JSON representation
{
  "enableEventThreatDetection": boolean
}
Fields
enableEventThreatDetection

boolean