Google Git
Sign in
code / google-api-go-client / 511bab8e55decfbe784cd2d1868fa5cda62dc6c1 / . / alertcenter / v1beta1 / alertcenter-api.json
blob: 3b913f8bdd47413646d6b2dc246d3611b3275850 [file] [log] [blame]
{
"basePath": "",
"baseUrl": "https://alertcenter.googleapis.com/",
"batchPath": "batch",
"canonicalName": "AlertCenter",
"description": "G Suite Alert Center API to view and manage alerts on issues affecting your domain.",
"discoveryVersion": "v1",
"documentationLink": "https://developers.google.com/admin-sdk/alertcenter/",
"fullyEncodeReservedExpansion": true,
"icons": {
"x16": "http://www.google.com/images/icons/product/search-16.gif",
"x32": "http://www.google.com/images/icons/product/search-32.gif"
},
"id": "alertcenter:v1beta1",
"kind": "discovery#restDescription",
"name": "alertcenter",
"ownerDomain": "google.com",
"ownerName": "Google",
"parameters": {
"$.xgafv": {
"description": "V1 error format.",
"enum": [
"1",
"2"
],
"enumDescriptions": [
"v1 error format",
"v2 error format"
],
"location": "query",
"type": "string"
},
"access_token": {
"description": "OAuth access token.",
"location": "query",
"type": "string"
},
"alt": {
"default": "json",
"description": "Data format for response.",
"enum": [
"json",
"media",
"proto"
],
"enumDescriptions": [
"Responses with Content-Type of application/json",
"Media download with context-dependent Content-Type",
"Responses with Content-Type of application/x-protobuf"
],
"location": "query",
"type": "string"
},
"callback": {
"description": "JSONP",
"location": "query",
"type": "string"
},
"fields": {
"description": "Selector specifying which fields to include in a partial response.",
"location": "query",
"type": "string"
},
"key": {
"description": "API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.",
"location": "query",
"type": "string"
},
"oauth_token": {
"description": "OAuth 2.0 token for the current user.",
"location": "query",
"type": "string"
},
"prettyPrint": {
"default": "true",
"description": "Returns response with indentations and line breaks.",
"location": "query",
"type": "boolean"
},
"quotaUser": {
"description": "Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.",
"location": "query",
"type": "string"
},
"uploadType": {
"description": "Legacy upload protocol for media (e.g. \"media\", \"multipart\").",
"location": "query",
"type": "string"
},
"upload_protocol": {
"description": "Upload protocol for media (e.g. \"raw\", \"multipart\").",
"location": "query",
"type": "string"
}
},
"protocol": "rest",
"resources": {
"alerts": {
"methods": {
"delete": {
"description": "Marks the specified alert for deletion. An alert that has been marked for\ndeletion will be excluded from the results of a List operation by default,\nand will be removed from the Alert Center after 30 days.\nMarking an alert for deletion will have no effect on an alert which has\nalready been marked for deletion. Attempting to mark a nonexistent alert\nfor deletion will return NOT_FOUND.",
"flatPath": "v1beta1/alerts/{alertId}",
"httpMethod": "DELETE",
"id": "alertcenter.alerts.delete",
"parameterOrder": [
"alertId"
],
"parameters": {
"alertId": {
"description": "Required. The identifier of the alert to delete.",
"location": "path",
"required": true,
"type": "string"
},
"customerId": {
"description": "Optional. The unique identifier of the Google account of the customer the\nalert is associated with. This is obfuscated and not the plain customer\nID as stored internally. Inferred from the caller identity if not provided.",
"location": "query",
"type": "string"
}
},
"path": "v1beta1/alerts/{alertId}",
"response": {
"$ref": "Empty"
}
},
"get": {
"description": "Gets the specified alert.",
"flatPath": "v1beta1/alerts/{alertId}",
"httpMethod": "GET",
"id": "alertcenter.alerts.get",
"parameterOrder": [
"alertId"
],
"parameters": {
"alertId": {
"description": "Required. The identifier of the alert to retrieve.",
"location": "path",
"required": true,
"type": "string"
},
"customerId": {
"description": "Optional. The unique identifier of the Google account of the customer the\nalert is associated with. This is obfuscated and not the plain customer\nID as stored internally. Inferred from the caller identity if not provided.",
"location": "query",
"type": "string"
}
},
"path": "v1beta1/alerts/{alertId}",
"response": {
"$ref": "Alert"
}
},
"list": {
"description": "Lists all the alerts for the current user and application.",
"flatPath": "v1beta1/alerts",
"httpMethod": "GET",
"id": "alertcenter.alerts.list",
"parameterOrder": [],
"parameters": {
"customerId": {
"description": "Optional. The unique identifier of the Google account of the customer the\nalerts are associated with. This is obfuscated and not the plain\ncustomer ID as stored internally. Inferred from the caller identity if not\nprovided.",
"location": "query",
"type": "string"
},
"filter": {
"description": "Optional. Query string for filtering alert results.\nThis string must be specified as an expression or list of expressions,\nusing the following grammar:\n\n### Expressions\n\nAn expression has the general form `\u003cfield\u003e \u003coperator\u003e \u003cvalue\u003e`.\n\nA field or value which contains a space or a colon must be enclosed by\ndouble quotes.\n\n#### Operators\n\nOperators follow the BNF specification:\n\n`\u003cequalityOperator\u003e ::= \"=\" | \":\"`\n\n`\u003crelationalOperator\u003e ::= \"\u003c\" | \"\u003e\" | \"\u003c=\" | \"\u003e=\"`\n\nRelational operators are defined only for timestamp fields. Equality\noperators are defined only for string fields.\n\n#### Timestamp fields\n\nThe value supplied for a timestamp field must be an\n[RFC 3339](https://tools.ietf.org/html/rfc3339) date-time string.\n\nSupported timestamp fields are `create_time`, `start_time`, and `end_time`.\n\n#### String fields\n\nThe value supplied for a string field may be an arbitrary string.\n\n#### Examples\n\nTo query for all alerts created on or after April 5, 2018:\n\n`create_time \u003e= \"2018-04-05T00:00:00Z\"`\n\nTo query for all alerts from the source \"Gmail phishing\":\n\n`source:\"Gmail phishing\"`\n\n### Joining expressions\n\nExpressions may be joined to form a more complex query. The BNF\nspecification is:\n\n`\u003cexpressionList\u003e ::= \u003cexpression\u003e | \u003cexpressionList\u003e \u003cconjunction\u003e\n\u003cexpressionList\u003e | \u003cnegation\u003e \u003cexpressionList\u003e`\n`\u003cconjunction\u003e ::= \"AND\" | \"OR\" | \"\"`\n`\u003cnegation\u003e ::= \"NOT\"`\n\nUsing the empty string as a conjunction acts as an implicit AND.\n\nThe precedence of joining operations, from highest to lowest, is NOT, AND,\nOR.\n\n#### Examples\n\nTo query for all alerts which started in 2017:\n\n`start_time \u003e= \"2017-01-01T00:00:00Z\" AND start_time \u003c\n\"2018-01-01T00:00:00Z\"`\n\nTo query for all user reported phishing alerts from the source\n\"Gmail phishing\":\n\n`type:\"User reported phishing\" source:\"Gmail phishing\"`",
"location": "query",
"type": "string"
},
"orderBy": {
"description": "Optional. Sort the list results by a certain order.\nIf not specified results may be returned in arbitrary order.\nYou can sort the results in a descending order based on the creation\ntimestamp using order_by=\"create_time desc\".\nCurrently, only sorting by create_time desc is supported.",
"location": "query",
"type": "string"
},
"pageSize": {
"description": "Optional. Requested page size. Server may return fewer items than\nrequested. If unspecified, server will pick an appropriate default.",
"format": "int32",
"location": "query",
"type": "integer"
},
"pageToken": {
"description": "Optional. A token identifying a page of results the server should return.\nIf empty, a new iteration is started. To continue an iteration, pass in\nthe value from the previous ListAlertsResponse's next_page_token field.",
"location": "query",
"type": "string"
}
},
"path": "v1beta1/alerts",
"response": {
"$ref": "ListAlertsResponse"
}
}
},
"resources": {
"feedback": {
"methods": {
"create": {
"description": "Creates a new alert feedback.",
"flatPath": "v1beta1/alerts/{alertId}/feedback",
"httpMethod": "POST",
"id": "alertcenter.alerts.feedback.create",
"parameterOrder": [
"alertId"
],
"parameters": {
"alertId": {
"description": "Required. The identifier of the alert this feedback belongs to.\nReturns a NOT_FOUND error if no such alert.",
"location": "path",
"required": true,
"type": "string"
},
"customerId": {
"description": "Optional. The unique identifier of the Google account of the customer the\nalert's feedback is associated with. This is obfuscated and not the\nplain customer ID as stored internally. Inferred from the caller identity\nif not provided.",
"location": "query",
"type": "string"
}
},
"path": "v1beta1/alerts/{alertId}/feedback",
"request": {
"$ref": "AlertFeedback"
},
"response": {
"$ref": "AlertFeedback"
}
},
"list": {
"description": "Lists all the feedback for an alert.",
"flatPath": "v1beta1/alerts/{alertId}/feedback",
"httpMethod": "GET",
"id": "alertcenter.alerts.feedback.list",
"parameterOrder": [
"alertId"
],
"parameters": {
"alertId": {
"description": "Required. The alert identifier.\nIf the alert does not exist returns a NOT_FOUND error.",
"location": "path",
"required": true,
"type": "string"
},
"customerId": {
"description": "Optional. The unique identifier of the Google account of the customer the\nalert is associated with. This is obfuscated and not the plain customer\nID as stored internally. Inferred from the caller identity if not provided.",
"location": "query",
"type": "string"
}
},
"path": "v1beta1/alerts/{alertId}/feedback",
"response": {
"$ref": "ListAlertFeedbackResponse"
}
}
}
}
}
}
},
"revision": "20181018",
"rootUrl": "https://alertcenter.googleapis.com/",
"schemas": {
"AccountWarning": {
"description": "Alerts for user account warning events.",
"id": "AccountWarning",
"properties": {
"email": {
"description": "Required. Email of the user that this event belongs to.",
"type": "string"
},
"loginDetails": {
"$ref": "LoginDetails",
"description": "Optional. Details of the login action associated with the warning event.\nThis is only available for:\nSuspicious login\nSuspicious login (less secure app)\nUser suspended (suspicious activity)"
}
},
"type": "object"
},
"Alert": {
"description": "An alert affecting a customer.\nAll fields are read-only once created.",
"id": "Alert",
"properties": {
"alertId": {
"description": "Output only. The unique identifier for the alert.",
"type": "string"
},
"createTime": {
"description": "Output only. The time this alert was created. Assigned by the server.",
"format": "google-datetime",
"type": "string"
},
"customerId": {
"description": "Output only. The unique identifier of the Google account of the customer.",
"type": "string"
},
"data": {
"additionalProperties": {
"description": "Properties of the object. Contains field @type with type URL.",
"type": "any"
},
"description": "Optional. Specific data associated with this alert.\ne.g. google.apps.alertcenter.type.DeviceCompromised.",
"type": "object"
},
"deleted": {
"description": "Output only. Whether this alert has been marked for deletion.",
"type": "boolean"
},
"endTime": {
"description": "Optional. The time this alert was no longer active. If provided, the\nend time must not be earlier than the start time. If not provided, the end\ntime will default to the start time.",
"format": "google-datetime",
"type": "string"
},
"securityInvestigationToolLink": {
"description": "Output only. An optional Security Investigation Tool query for this\nalert.",
"type": "string"
},
"source": {
"description": "Required. A unique identifier for the system that is reported the alert.\n\nSupported sources are any of the following:\n * \"Google Operations\"\n * \"Mobile device management\"\n * \"Gmail phishing\"\n * \"Domain wide takeout\"\n * \"Government attack warning\"\n * \"Google identity\"",
"type": "string"
},
"startTime": {
"description": "Required. The time this alert became active.",
"format": "google-datetime",
"type": "string"
},
"type": {
"description": "Required. The type of the alert.\n\nSupported types are any of the following:\n * \"Google Operations\"\n * \"Device compromised\"\n * \"Suspicious activity\"\n * \"User reported phishing\"\n * \"Misconfigured whitelist\"\n * \"Customer takeout initiated\"\n * \"Government attack warning\"\n * \"User reported spam spike\"\n * \"Suspicious message reported\"\n * \"Phishing reclassification\"\n * \"Malware reclassification\"\nLINT.IfChange\n * \"Suspicious login\"\n * \"Suspicious login (less secure app)\"\n * \"User suspended\"\n * \"Leaked password\"\n * \"User suspended (suspicious activity)\"\n * \"User suspended (spam)\"\n * \"User suspended (spam through relay)\"\nLINT.ThenChange(//depot/google3/apps/albert/data/albert_enums.proto)",
"type": "string"
}
},
"type": "object"
},
"AlertFeedback": {
"description": "A customer feedback about an alert.",
"id": "AlertFeedback",
"properties": {
"alertId": {
"description": "Output only. The alert identifier.",
"type": "string"
},
"createTime": {
"description": "Output only. The time this feedback was created. Assigned by the server.",
"format": "google-datetime",
"type": "string"
},
"customerId": {
"description": "Output only. The unique identifier of the Google account of the customer.",
"type": "string"
},
"email": {
"description": "Output only. The email of the user that provided the feedback.",
"type": "string"
},
"feedbackId": {
"description": "Output only. A unique identifier for the feedback. When creating a new\nfeedback the system will assign one.",
"type": "string"
},
"type": {
"description": "Required. The type of the feedback.",
"enum": [
"ALERT_FEEDBACK_TYPE_UNSPECIFIED",
"NOT_USEFUL",
"SOMEWHAT_USEFUL",
"VERY_USEFUL"
],
"enumDescriptions": [
"Feedback type is not specified.",
"Alert report is not useful.",
"Alert report is somewhat useful.",
"Alert report is very useful."
],
"type": "string"
}
},
"type": "object"
},
"Attachment": {
"description": "Attachment with application-specific information about an alert.",
"id": "Attachment",
"properties": {
"csv": {
"$ref": "Csv",
"description": "CSV file attachment."
}
},
"type": "object"
},
"BadWhitelist": {
"description": "Alert for setting the domain or ip that malicious email comes from as\nwhitelisted domain or ip in Gmail advanced settings.",
"id": "BadWhitelist",
"properties": {
"domainId": {
"$ref": "DomainId",
"description": "Domain id."
},
"maliciousEntity": {
"$ref": "MaliciousEntity",
"description": "Entity whose actions triggered a Gmail phishing alert."
},
"messages": {
"description": "Every alert could contain multiple messages.",
"items": {
"$ref": "GmailMessageInfo"
},
"type": "array"
},
"sourceIp": {
"description": "The source ip address of the malicious email. e.g. \"127.0.0.1\".",
"type": "string"
}
},
"type": "object"
},
"Csv": {
"description": "Representation of a CSV file attachment, as a list of column headers and\na list of data rows.",
"id": "Csv",
"properties": {
"dataRows": {
"description": "List of data rows in a CSV file, as string arrays rather than as a\nsingle comma-separated string.",
"items": {
"$ref": "CsvRow"
},
"type": "array"
},
"headers": {
"description": "List of headers for data columns in a CSV file.",
"items": {
"type": "string"
},
"type": "array"
}
},
"type": "object"
},
"CsvRow": {
"description": "Representation of a single data row in a CSV file.",
"id": "CsvRow",
"properties": {
"entries": {
"description": "Data entries in a CSV file row, as a string array rather than a single\ncomma-separated string.",
"items": {
"type": "string"
},
"type": "array"
}
},
"type": "object"
},
"DeviceCompromised": {
"description": "A mobile device compromised alert. Derived from audit logs.",
"id": "DeviceCompromised",
"properties": {
"email": {
"description": "The email of the user this alert was created for.",
"type": "string"
},
"events": {
"description": "Required. List of security events.",
"items": {
"$ref": "DeviceCompromisedSecurityDetail"
},
"type": "array"
}
},
"type": "object"
},
"DeviceCompromisedSecurityDetail": {
"description": "Detailed information of a single MDM device compromised event.",
"id": "DeviceCompromisedSecurityDetail",
"properties": {
"deviceCompromisedState": {
"description": "Device compromised state includes: \"Compromised\" and \"Not Compromised\".",
"type": "string"
},
"deviceId": {
"description": "Required. Device Info.",
"type": "string"
},
"deviceModel": {
"description": "The model of the device.",
"type": "string"
},
"deviceType": {
"description": "The type of the device.",
"type": "string"
},
"iosVendorId": {
"description": "Required for IOS, empty for others.",
"type": "string"
},
"resourceId": {
"description": "The device resource id.",
"type": "string"
},
"serialNumber": {
"description": "The serial number of the device.",
"type": "string"
}
},
"type": "object"
},
"DomainId": {
"description": "Domain id of Gmail phishing alerts.",
"id": "DomainId",
"properties": {
"customerPrimaryDomain": {
"description": "The primary domain for the customer.",
"type": "string"
}
},
"type": "object"
},
"DomainWideTakeoutInitiated": {
"description": "A takeout operation for the entire domain was initiated by an admin. Derived\nfrom audit logs.",
"id": "DomainWideTakeoutInitiated",
"properties": {
"email": {
"description": "Email of the admin who initiated the takeout.",
"type": "string"
},
"takeoutRequestId": {
"description": "takeout request id.",
"type": "string"
}
},
"type": "object"
},
"Empty": {
"description": "A generic empty message that you can re-use to avoid defining duplicated\nempty messages in your APIs. A typical example is to use it as the request\nor the response type of an API method. For instance:\n\n service Foo {\n rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty);\n }\n\nThe JSON representation for `Empty` is empty JSON object `{}`.",
"id": "Empty",
"properties": {},
"type": "object"
},
"GmailMessageInfo": {
"description": "Details of a message in phishing spike alert.",
"id": "GmailMessageInfo",
"properties": {
"attachmentsSha256Hash": {
"description": "SHA256 Hash of email's attachment and all MIME parts.",
"items": {
"type": "string"
},
"type": "array"
},
"date": {
"description": "The date the malicious email was sent.",
"format": "google-datetime",
"type": "string"
},
"md5HashMessageBody": {
"description": "Hash of message body text.",
"type": "string"
},
"md5HashSubject": {
"description": "MD5 Hash of email's subject. (Only available for reported emails).",
"type": "string"
},
"messageBodySnippet": {
"description": "Snippet of the message body text. (Only available for reported emails)",
"type": "string"
},
"messageId": {
"description": "Message id.",
"type": "string"
},
"recipient": {
"description": "Recipient of this email.",
"type": "string"
},
"subjectText": {
"description": "Email subject text. (Only available for reported emails).",
"type": "string"
}
},
"type": "object"
},
"GoogleOperations": {
"description": "An incident reported by Google Operations for a G Suite application.",
"id": "GoogleOperations",
"properties": {
"affectedUserEmails": {
"description": "List of emails which correspond to the users directly affected by the\nincident.",
"items": {
"type": "string"
},
"type": "array"
},
"attachmentData": {
"$ref": "Attachment",
"description": "Optional application-specific data for an incident, provided when the\nG Suite application which reported the incident cannot be completely\nrestored to a valid state."
},
"description": {
"description": "Detailed, freeform incident description.",
"type": "string"
},
"title": {
"description": "One-line incident description.",
"type": "string"
}
},
"type": "object"
},
"ListAlertFeedbackResponse": {
"description": "Response message for an alert feedback listing request.",
"id": "ListAlertFeedbackResponse",
"properties": {
"feedback": {
"description": "The list of alert feedback.\nResult is ordered descending by creation time.",
"items": {
"$ref": "AlertFeedback"
},
"type": "array"
}
},
"type": "object"
},
"ListAlertsResponse": {
"description": "Response message for an alert listing request.",
"id": "ListAlertsResponse",
"properties": {
"alerts": {
"description": "The list of alerts.",
"items": {
"$ref": "Alert"
},
"type": "array"
},
"nextPageToken": {
"description": "If not empty, indicates that there may be more alerts that match the\nrequest; this value can be passed in a new ListAlertsRequest to get the\nnext page of values.",
"type": "string"
}
},
"type": "object"
},
"LoginDetails": {
"description": "Details of the login action",
"id": "LoginDetails",
"properties": {
"ipAddress": {
"description": "Optional. Human readable IP address (e.g., 11.22.33.44) that is\nassociated with the warning event.",
"type": "string"
},
"loginTime": {
"description": "Optional. Login time that is associated with the warning event.",
"format": "google-datetime",
"type": "string"
}
},
"type": "object"
},
"MailPhishing": {
"description": "Proto for all phishing alerts with common payload.\nSupported types are any of the following:\nUser reported phishing\nUser reported spam spike\nSuspicious message reported\nPhishing reclassification\nMalware reclassification",
"id": "MailPhishing",
"properties": {
"domainId": {
"$ref": "DomainId",
"description": "Domain id."
},
"isInternal": {
"description": "If true, the email is originated from within the organization.",
"type": "boolean"
},
"maliciousEntity": {
"$ref": "MaliciousEntity",
"description": "Entity whose actions triggered a Gmail phishing alert."
},
"messages": {
"description": "Every alert could contain multiple messages.",
"items": {
"$ref": "GmailMessageInfo"
},
"type": "array"
}
},
"type": "object"
},
"MaliciousEntity": {
"description": "Entity whose actions triggered a Gmail phishing alert.",
"id": "MaliciousEntity",
"properties": {
"fromHeader": {
"description": "Sender email address.",
"type": "string"
}
},
"type": "object"
},
"PhishingSpike": {
"description": "Alert for a spike in user reported phishing.\nThis will be deprecated in favor of MailPhishing.",
"id": "PhishingSpike",
"properties": {
"domainId": {
"$ref": "DomainId",
"description": "Domain id."
},
"isInternal": {
"description": "If true, the email is originated from within the organization.",
"type": "boolean"
},
"maliciousEntity": {
"$ref": "MaliciousEntity",
"description": "Entity whose actions triggered a Gmail phishing alert."
},
"messages": {
"description": "Every alert could contain multiple messages.",
"items": {
"$ref": "GmailMessageInfo"
},
"type": "array"
}
},
"type": "object"
},
"StateSponsoredAttack": {
"description": "A state sponsored attack alert. Derived from audit logs.",
"id": "StateSponsoredAttack",
"properties": {
"email": {
"description": "The email of the user this incident was created for.",
"type": "string"
}
},
"type": "object"
},
"SuspiciousActivity": {
"description": "A mobile suspicious activity alert. Derived from audit logs.",
"id": "SuspiciousActivity",
"properties": {
"email": {
"description": "The email of the user this alert was created for.",
"type": "string"
},
"events": {
"description": "Required. List of security events.",
"items": {
"$ref": "SuspiciousActivitySecurityDetail"
},
"type": "array"
}
},
"type": "object"
},
"SuspiciousActivitySecurityDetail": {
"description": "Detailed information of a single MDM suspicious activity event.",
"id": "SuspiciousActivitySecurityDetail",
"properties": {
"deviceId": {
"description": "Required. Device Info.",
"type": "string"
},
"deviceModel": {
"description": "The model of the device.",
"type": "string"
},
"deviceProperty": {
"description": "Device property which is changed.",
"type": "string"
},
"deviceType": {
"description": "The type of the device.",
"type": "string"
},
"iosVendorId": {
"description": "Required for IOS, empty for others.",
"type": "string"
},
"newValue": {
"description": "New value of the device property after change.",
"type": "string"
},
"oldValue": {
"description": "Old value of the device property before change.",
"type": "string"
},
"resourceId": {
"description": "The device resource id.",
"type": "string"
},
"serialNumber": {
"description": "The serial number of the device.",
"type": "string"
}
},
"type": "object"
}
},
"servicePath": "",
"title": "G Suite Alert Center API",
"version": "v1beta1",
"version_module": true
}