Package google.cloud.threatdetection.v1beta1

Index

ThreatDetectionService

The Threat Detection API is a service that allows clients to configure the sources that should be monitored, detectors that are enabled, and destination for the findings generated. This service operates at an organization level.

ClearDetectorSettings

rpc ClearDetectorSettings(ClearDetectorSettingsRequest) returns (Empty)

Clear the organization or project's detector settings and return the settings to the default. Detector settings are present at the organization and the project level. Using Clear for a project will remove the override that was set and result in the organization-level detector settings being used.

Authorization Scopes

Requires the following OAuth scope:

  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

IAM Permissions

Requires the following Cloud IAM permission on the name resource:

  • threatdetection.detectorSettings.clear

For more information, see the Cloud IAM Documentation.

GetDetectorSettings

rpc GetDetectorSettings(GetDetectorSettingsRequest) returns (DetectorSettings)

Get the organization or project's detector settings. Detector settings are present at the organization and the project level.

Authorization Scopes

Requires the following OAuth scope:

  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

IAM Permissions

Requires the following Cloud IAM permission on the name resource:

  • threatdetection.detectorSettings.get

For more information, see the Cloud IAM Documentation.

GetSinkSettings

rpc GetSinkSettings(GetSinkSettingsRequest) returns (SinkSettings)

Get the organization's sink settings.

Authorization Scopes

Requires the following OAuth scope:

  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

IAM Permissions

Requires the following Cloud IAM permission on the name resource:

  • threatdetection.sinkSettings.get

For more information, see the Cloud IAM Documentation.

GetSourceSettings

rpc GetSourceSettings(GetSourceSettingsRequest) returns (SourceSettings)

Get the settings for an organization's sources.

Authorization Scopes

Requires the following OAuth scope:

  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

IAM Permissions

Requires the following Cloud IAM permission on the name resource:

  • threatdetection.sourceSettings.get

For more information, see the Cloud IAM Documentation.

UpdateDetectorSettings

rpc UpdateDetectorSettings(UpdateDetectorSettingsRequest) returns (DetectorSettings)

Set the organization or project's detector settings. Detector settings are present at the organization and the project level. Detector settings for a project override the detector settings for the project's organization.

Authorization Scopes

Requires the following OAuth scope:

  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

IAM Permissions

Requires the following Cloud IAM permission on the name resource:

  • threatdetection.detectorSettings.update

For more information, see the Cloud IAM Documentation.

UpdateSinkSettings

rpc UpdateSinkSettings(UpdateSinkSettingsRequest) returns (SinkSettings)

Update the organization's sink settings.

Authorization Scopes

Requires the following OAuth scope:

  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

IAM Permissions

Requires the following Cloud IAM permission on the name resource:

  • threatdetection.sinkSettings.update

For more information, see the Cloud IAM Documentation.

UpdateSourceSettings

rpc UpdateSourceSettings(UpdateSourceSettingsRequest) returns (SourceSettings)

Update the settings for an organization's sources.

Authorization Scopes

Requires the following OAuth scope:

  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

IAM Permissions

Requires the following Cloud IAM permission on the name resource:

  • threatdetection.sourceSettings.update

For more information, see the Cloud IAM Documentation.

BruteForceSshSettings

Settings for the SshBruteForce detector that looks for successful SSH brute force attempts.

Fields
enable_event_threat_detection

bool

Enable Event Threat Detection

ClearDetectorSettingsRequest

Request message for clearing DetectorSettings.

Fields
name

string

Resource name of the organization-level or project-level detector settings. Its format is "organizations/[organization_id]/detectorSettings" or "projects/[project_number]/detectorSettings".

recursive

bool

If true when the resource is an organization's settings, it will clear out the project settings under that organization too.

CryptominingPoolDomainSettings

Settings for the CryptominingPoolDomain detector that looks for network connections to or from domains associated with Cryptocurrency pools.

Fields
enable_event_threat_detection

bool

Enable Event Threat Detection

CryptominingPoolIpSettings

Settings for the CryptominingPoolIpSettings detector that looks for network connections to or from IPs associated with Cryptocurrency pools.

Fields
enable_event_threat_detection

bool

Enable Event Threat Detection

DetectorSettings

User specified settings for all the detectors that are available in Event Threat Detection. Next id: 14

Fields
malware_bad_domain

MalwareBadDomainSettings

The settings for the MalwareBadDomain detector.

malware_bad_ip

MalwareBadIpSettings

The settings for the MalwareBadIp detector.

cryptomining_pool_domain

CryptominingPoolDomainSettings

The settings for the CryptominingPoolDomain detector.

cryptomining_pool_ip

CryptominingPoolIpSettings

The settings for the CryptominingPoolIp detector.

outgoing_dos

OutgoingDoSSettings

The settings for the OutgoingDoS detector.

brute_force_ssh

BruteForceSshSettings

The settings for the BruteForceSsh detector.

iam_anomalous_grant

IamAnomalousGrantSettings

The settings for the IamAnomalousGrant detector.

GetDetectorSettingsRequest

Request message for getting DetectorSettings.

Fields
name

string

Resource name of the organization-level or project-level detector settings. Its format is "organizations/[organization_id]/detectorSettings" or "projects/[project_number]/detectorSettings".

GetSinkSettingsRequest

Request message for getting SinkSettings.

Fields
name

string

Resource name of the organization-level sink settings. E.g. organizations/[organization_id]/sinkSettings

GetSourceSettingsRequest

Request message for getting SourceSettings.

Fields
name

string

Resource name of the organization to get organization-level source settings. Its format is "organizations/[organization_id]/sourceSettings".

IamAnomalousGrantSettings

Settings for the IAM anomalous grant detector that looks for grants made to users who are not part the organization.

Fields
enable_event_threat_detection

bool

MalwareBadDomainSettings

Settings for the MalwareBadDomain detector that looks for network connections to or from known-bad domains associated with malware.

Fields
enable_event_threat_detection

bool

Enable Event Threat Detection

MalwareBadIpSettings

Settings for the MalwareBadIp detector that looks for network connections to or from known-bad IPs associated with malware.

Fields
enable_event_threat_detection

bool

Enable Event Threat Detection

OutgoingDoSSettings

Settings for the OutgoingDoS detector that looks for when a Google Cloud resource is participating in a denial of service.

Fields
enable_event_threat_detection

bool

Enable Event Threat Detection

SinkSettings

Fields
logging_sink_project

string

The resource name of the project to send logs to. This project must be part of the same organization where the Threat Detection API is enabled. The format is "projects/[project_number]". If it is empty, we do not output logs. If a project ID is provided it will be normalized to a project number.

SourceSettings

SourceSettings controls the inputs that Event Threat Detection will monitor for threats.

Fields
log_source

LogSourceConfig

Configuration for sources that Event Threat Detection should monitor.

InclusionMode

The mode of inclusion when choosing resources to monitor. If INCLUDE_ONLY is set, then only those resources within the organization are included in the set of resources monitored for threat detection. If EXCLUDE is set, then projects that don't match those resources are not monitored. If neither are set, then all projects within the organization are monitored.

Enums
INCLUSION_MODE_UNSPECIFIED Unspecified. Setting the mode with this value will disable monitoring for all resources.
INCLUDE_ONLY Only resources within the projects specified are included. All other resources will be ignored.
EXCLUDE Ignore all resources under the projects specified. All other resources will be monitored.
ALL All resources in all projects will be monitored.

LogSourceConfig

Fields
projects[]

string

Project resource names to use as inputs for Event Threat Detection. The format is "projects/[project_number]". If inclusion_mode is set to ALL this field is ignored. Any project IDs that are provided will be normalized to project numbers.

inclusion_mode

InclusionMode

Mode to use for log sources for Event Threat Detection.

UpdateDetectorSettingsRequest

Request message for updating DetectorSettings.

Fields
name

string

Resource name of the organization-level or project-level detector settings. Its format is "organizations/[organization_id]/detectorSettings" or "projects/[project_number]/detectorSettings".

update_mask

FieldMask

FieldMask for updating a subset of fields in DetectorSettings.

settings

DetectorSettings

UpdateSinkSettingsRequest

Request message for updating SinkSettings.

Fields
name

string

Resource name of the organization-level sink settings. E.g. organizations/[organization_id]/sinkSettings

update_mask

FieldMask

FieldMask for updating a subset of fields in SinkSettings.

settings

SinkSettings

UpdateSourceSettingsRequest

Request message for updating SourceSettings.

Fields
name

string

Resource name of the organization to get organization-level source settings. Its format is "organizations/[organization_id]/sourceSettings".

update_mask

FieldMask

FieldMask for updating a subset of fields in SourceSettings.

settings

SourceSettings