/
v1beta1.ts
2547 lines (2485 loc) · 84 KB
/
v1beta1.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
// Copyright 2020 Google LLC
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
/* eslint-disable @typescript-eslint/no-explicit-any */
/* eslint-disable @typescript-eslint/no-unused-vars */
/* eslint-disable @typescript-eslint/no-empty-interface */
/* eslint-disable @typescript-eslint/no-namespace */
/* eslint-disable no-irregular-whitespace */
import {
OAuth2Client,
JWT,
Compute,
UserRefreshClient,
BaseExternalAccountClient,
GaxiosPromise,
GoogleConfigurable,
createAPIRequest,
MethodOptions,
StreamMethodOptions,
GlobalOptions,
GoogleAuth,
BodyResponseCallback,
APIRequestContext,
} from 'googleapis-common';
import {Readable} from 'stream';
export namespace alertcenter_v1beta1 {
export interface Options extends GlobalOptions {
version: 'v1beta1';
}
interface StandardParameters {
/**
* Auth client or API Key for the request
*/
auth?:
| string
| OAuth2Client
| JWT
| Compute
| UserRefreshClient
| BaseExternalAccountClient
| GoogleAuth;
/**
* V1 error format.
*/
'$.xgafv'?: string;
/**
* OAuth access token.
*/
access_token?: string;
/**
* Data format for response.
*/
alt?: string;
/**
* JSONP
*/
callback?: string;
/**
* Selector specifying which fields to include in a partial response.
*/
fields?: string;
/**
* API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.
*/
key?: string;
/**
* OAuth 2.0 token for the current user.
*/
oauth_token?: string;
/**
* Returns response with indentations and line breaks.
*/
prettyPrint?: boolean;
/**
* Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
*/
quotaUser?: string;
/**
* Legacy upload protocol for media (e.g. "media", "multipart").
*/
uploadType?: string;
/**
* Upload protocol for media (e.g. "raw", "multipart").
*/
upload_protocol?: string;
}
/**
* Google Workspace Alert Center API
*
* Manages alerts on issues affecting your domain. Note: The current version of this API (v1beta1) is available to all Google Workspace customers.
*
* @example
* ```js
* const {google} = require('googleapis');
* const alertcenter = google.alertcenter('v1beta1');
* ```
*/
export class Alertcenter {
context: APIRequestContext;
alerts: Resource$Alerts;
v1beta1: Resource$V1beta1;
constructor(options: GlobalOptions, google?: GoogleConfigurable) {
this.context = {
_options: options || {},
google,
};
this.alerts = new Resource$Alerts(this.context);
this.v1beta1 = new Resource$V1beta1(this.context);
}
}
/**
* A generic alert for abusive user activity occurring with a customer.
*/
export interface Schema$AbuseDetected {
/**
* List of abusive users/entities to be displayed in a table in the alert.
*/
additionalDetails?: Schema$EntityList;
/**
* Product that the abuse is originating from.
*/
product?: string | null;
/**
* Unique identifier of each sub alert that is onboarded.
*/
subAlertId?: string | null;
/**
* Variation of AbuseDetected alerts. The variation_type determines the texts displayed the alert details. This differs from sub_alert_id because each sub alert can have multiple variation_types, representing different stages of the alert.
*/
variationType?: string | null;
}
/**
* Alert that is triggered when Google support requests to access customer data.
*/
export interface Schema$AccessApproval {
/**
* Justification for data access based on justification enums.
*/
justificationReason?: string[] | null;
/**
* Office location of Google staff requesting access such as "US".
*/
officeLocation?: string | null;
/**
* Products within scope of the Access Approvals request.
*/
products?: string[] | null;
/**
* ID of the Access Approvals request. This is a helpful field when requesting support from Google.
*/
requestId?: string | null;
/**
* Scope of access, also known as a resource. This is further narrowed down by the product field.
*/
scope?: string | null;
/**
* Support tickets related to this Access Approvals request. Populated if there is an associated case number.
*/
tickets?: Schema$SupportTicket[];
}
/**
* Details about why an account is receiving an account suspension warning.
*/
export interface Schema$AccountSuspensionDetails {
/**
* The reason why this account is receiving an account suspension warning.
*/
abuseReason?: string | null;
/**
* The name of the product being abused. This is restricted to only the following values: "Gmail" "Google Workspace" "Payments" "Voice" "YouTube" "Other"
*/
productName?: string | null;
}
/**
* A warning that the customer's account is about to be suspended.
*/
export interface Schema$AccountSuspensionWarning {
/**
* The amount of time remaining to appeal an imminent suspension. After this window has elapsed, the account will be suspended. Only populated if the account suspension is in WARNING state.
*/
appealWindow?: string | null;
/**
* Account suspension warning state.
*/
state?: string | null;
/**
* Details about why an account is being suspended.
*/
suspensionDetails?: Schema$AccountSuspensionDetails[];
}
/**
* Alerts for user account warning events.
*/
export interface Schema$AccountWarning {
/**
* Required. The email of the user that this event belongs to.
*/
email?: string | null;
/**
* Optional. Details of the login action associated with the warning event. This is only available for: * Suspicious login * Suspicious login (less secure app) * Suspicious programmatic login * User suspended (suspicious activity)
*/
loginDetails?: Schema$LoginDetails;
}
/**
* Metadata related to the action.
*/
export interface Schema$ActionInfo {}
/**
* Alerts from Google Workspace Security Center rules service configured by an admin.
*/
export interface Schema$ActivityRule {
/**
* List of action names associated with the rule threshold.
*/
actionNames?: string[] | null;
/**
* Rule create timestamp.
*/
createTime?: string | null;
/**
* Description of the rule.
*/
description?: string | null;
/**
* Alert display name.
*/
displayName?: string | null;
/**
* Rule name.
*/
name?: string | null;
/**
* Query that is used to get the data from the associated source.
*/
query?: string | null;
/**
* List of alert IDs superseded by this alert. It is used to indicate that this alert is essentially extension of superseded alerts and we found the relationship after creating these alerts.
*/
supersededAlerts?: string[] | null;
/**
* Alert ID superseding this alert. It is used to indicate that superseding alert is essentially extension of this alert and we found the relationship after creating both alerts.
*/
supersedingAlert?: string | null;
/**
* Alert threshold is for example “COUNT \> 5”.
*/
threshold?: string | null;
/**
* The trigger sources for this rule. * GMAIL_EVENTS * DEVICE_EVENTS * USER_EVENTS
*/
triggerSource?: string | null;
/**
* The timestamp of the last update to the rule.
*/
updateTime?: string | null;
/**
* Rule window size. Possible values are 1 hour or 24 hours.
*/
windowSize?: string | null;
}
/**
* An alert affecting a customer.
*/
export interface Schema$Alert {
/**
* Output only. The unique identifier for the alert.
*/
alertId?: string | null;
/**
* Output only. The time this alert was created.
*/
createTime?: string | null;
/**
* Output only. The unique identifier of the Google Workspace account of the customer.
*/
customerId?: string | null;
/**
* Optional. The data associated with this alert, for example google.apps.alertcenter.type.DeviceCompromised.
*/
data?: {[key: string]: any} | null;
/**
* Output only. `True` if this alert is marked for deletion.
*/
deleted?: boolean | null;
/**
* Optional. The time the event that caused this alert ceased being active. If provided, the end time must not be earlier than the start time. If not provided, it indicates an ongoing alert.
*/
endTime?: string | null;
/**
* Optional. `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of an alert from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform alert updates in order to avoid race conditions: An `etag` is returned in the response which contains alerts, and systems are expected to put that etag in the request to update alert to ensure that their change will be applied to the same version of the alert. If no `etag` is provided in the call to update alert, then the existing alert is overwritten blindly.
*/
etag?: string | null;
/**
* Output only. The metadata associated with this alert.
*/
metadata?: Schema$AlertMetadata;
/**
* Output only. An optional [Security Investigation Tool](https://support.google.com/a/answer/7575955) query for this alert.
*/
securityInvestigationToolLink?: string | null;
/**
* Required. A unique identifier for the system that reported the alert. This is output only after alert is created. Supported sources are any of the following: * Google Operations * Mobile device management * Gmail phishing * Data Loss Prevention * Domain wide takeout * State sponsored attack * Google identity * Apps outage
*/
source?: string | null;
/**
* Required. The time the event that caused this alert was started or detected.
*/
startTime?: string | null;
/**
* Required. The type of the alert. This is output only after alert is created. For a list of available alert types see [Google Workspace Alert types](https://developers.google.com/admin-sdk/alertcenter/reference/alert-types).
*/
type?: string | null;
/**
* Output only. The time this alert was last updated.
*/
updateTime?: string | null;
}
/**
* A customer feedback about an alert.
*/
export interface Schema$AlertFeedback {
/**
* Output only. The alert identifier.
*/
alertId?: string | null;
/**
* Output only. The time this feedback was created.
*/
createTime?: string | null;
/**
* Output only. The unique identifier of the Google Workspace account of the customer.
*/
customerId?: string | null;
/**
* Output only. The email of the user that provided the feedback.
*/
email?: string | null;
/**
* Output only. The unique identifier for the feedback.
*/
feedbackId?: string | null;
/**
* Required. The type of the feedback.
*/
type?: string | null;
}
/**
* An alert metadata.
*/
export interface Schema$AlertMetadata {
/**
* Output only. The alert identifier.
*/
alertId?: string | null;
/**
* The email address of the user assigned to the alert.
*/
assignee?: string | null;
/**
* Output only. The unique identifier of the Google Workspace account of the customer.
*/
customerId?: string | null;
/**
* Optional. `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of an alert metadata from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform metadata updates in order to avoid race conditions: An `etag` is returned in the response which contains alert metadata, and systems are expected to put that etag in the request to update alert metadata to ensure that their change will be applied to the same version of the alert metadata. If no `etag` is provided in the call to update alert metadata, then the existing alert metadata is overwritten blindly.
*/
etag?: string | null;
/**
* The severity value of the alert. Alert Center will set this field at alert creation time, default's to an empty string when it could not be determined. The supported values for update actions on this field are the following: * HIGH * MEDIUM * LOW
*/
severity?: string | null;
/**
* The current status of the alert. The supported values are the following: * NOT_STARTED * IN_PROGRESS * CLOSED
*/
status?: string | null;
/**
* Output only. The time this metadata was last updated.
*/
updateTime?: string | null;
}
/**
* The explanation message associated with "APNS certificate is expiring soon" and "APNS certificate has expired" alerts.
*/
export interface Schema$ApnsCertificateExpirationInfo {
/**
* The Apple ID used to create the certificate. It may be blank if admins didn't enter it.
*/
appleId?: string | null;
/**
* The expiration date of the APNS certificate.
*/
expirationTime?: string | null;
/**
* The UID of the certificate.
*/
uid?: string | null;
}
/**
* Alerts from App Maker to notify admins to set up default SQL instance.
*/
export interface Schema$AppMakerSqlSetupNotification {
/**
* List of applications with requests for default SQL set up.
*/
requestInfo?: Schema$RequestInfo[];
}
/**
* Alerts from AppSettingsChanged bucket Rules configured by Admin which contain the below rules. Calendar settings changed Drive settings changed Email settings changed Mobile settings changed
*/
export interface Schema$AppSettingsChanged {
/**
* Any other associated alert details, for example, AlertConfiguration.
*/
alertDetails?: string | null;
/**
* Rule name
*/
name?: string | null;
}
/**
* An outage incident reported for a Google Workspace service.
*/
export interface Schema$AppsOutage {
/**
* Link to the outage event in Google Workspace Status Dashboard
*/
dashboardUri?: string | null;
/**
* Incident tracking ID.
*/
incidentTrackingId?: string | null;
/**
* Indicates new alert details under which the outage is communicated. Only populated when Status is MERGED.
*/
mergeInfo?: Schema$MergeInfo;
/**
* Timestamp by which the next update is expected to arrive.
*/
nextUpdateTime?: string | null;
/**
* List of products impacted by the outage.
*/
products?: string[] | null;
/**
* Timestamp when the outage is expected to be resolved, or has confirmed resolution. Provided only when known.
*/
resolutionTime?: string | null;
/**
* Current outage status.
*/
status?: string | null;
}
/**
* Attachment with application-specific information about an alert.
*/
export interface Schema$Attachment {
/**
* A CSV file attachment.
*/
csv?: Schema$Csv;
}
/**
* Alert for setting the domain or IP that malicious email comes from as whitelisted domain or IP in Gmail advanced settings.
*/
export interface Schema$BadWhitelist {
/**
* The domain ID.
*/
domainId?: Schema$DomainId;
/**
* The entity whose actions triggered a Gmail phishing alert.
*/
maliciousEntity?: Schema$MaliciousEntity;
/**
* The list of messages contained by this alert.
*/
messages?: Schema$GmailMessageInfo[];
/**
* The source IP address of the malicious email, for example, `127.0.0.1`.
*/
sourceIp?: string | null;
}
/**
* A request to perform batch delete on alerts.
*/
export interface Schema$BatchDeleteAlertsRequest {
/**
* Required. The list of alert IDs to delete.
*/
alertId?: string[] | null;
/**
* Optional. The unique identifier of the Google Workspace account of the customer the alerts are associated with. The `customer_id` must have the initial "C" stripped (for example, `046psxkn`). Inferred from the caller identity if not provided. [Find your customer ID](https://support.google.com/cloudidentity/answer/10070793).
*/
customerId?: string | null;
}
/**
* Response to batch delete operation on alerts.
*/
export interface Schema$BatchDeleteAlertsResponse {
/**
* The status details for each failed `alert_id`.
*/
failedAlertStatus?: {[key: string]: Schema$Status} | null;
/**
* The successful list of alert IDs.
*/
successAlertIds?: string[] | null;
}
/**
* A request to perform batch undelete on alerts.
*/
export interface Schema$BatchUndeleteAlertsRequest {
/**
* Required. The list of alert IDs to undelete.
*/
alertId?: string[] | null;
/**
* Optional. The unique identifier of the Google Workspace account of the customer the alerts are associated with. The `customer_id` must have the initial "C" stripped (for example, `046psxkn`). Inferred from the caller identity if not provided. [Find your customer ID](https://support.google.com/cloudidentity/answer/10070793).
*/
customerId?: string | null;
}
/**
* Response to batch undelete operation on alerts.
*/
export interface Schema$BatchUndeleteAlertsResponse {
/**
* The status details for each failed `alert_id`.
*/
failedAlertStatus?: {[key: string]: Schema$Status} | null;
/**
* The successful list of alert IDs.
*/
successAlertIds?: string[] | null;
}
/**
* A reference to a Cloud Pubsub topic. To register for notifications, the owner of the topic must grant `alerts-api-push-notifications@system.gserviceaccount.com` the `projects.topics.publish` permission.
*/
export interface Schema$CloudPubsubTopic {
/**
* Optional. The format of the payload that would be sent. If not specified the format will be JSON.
*/
payloadFormat?: string | null;
/**
* The `name` field of a Cloud Pubsub [Topic] (https://cloud.google.com/pubsub/docs/reference/rest/v1/projects.topics#Topic).
*/
topicName?: string | null;
}
/**
* A representation of a CSV file attachment, as a list of column headers and a list of data rows.
*/
export interface Schema$Csv {
/**
* The list of data rows in a CSV file, as string arrays rather than as a single comma-separated string.
*/
dataRows?: Schema$CsvRow[];
/**
* The list of headers for data columns in a CSV file.
*/
headers?: string[] | null;
}
/**
* A representation of a single data row in a CSV file.
*/
export interface Schema$CsvRow {
/**
* The data entries in a CSV file row, as a string array rather than a single comma-separated string.
*/
entries?: string[] | null;
}
/**
* A mobile device compromised alert. Derived from audit logs.
*/
export interface Schema$DeviceCompromised {
/**
* The email of the user this alert was created for.
*/
email?: string | null;
/**
* Required. The list of security events.
*/
events?: Schema$DeviceCompromisedSecurityDetail[];
}
/**
* Detailed information of a single MDM device compromised event.
*/
export interface Schema$DeviceCompromisedSecurityDetail {
/**
* The device compromised state. Possible values are "`Compromised`" or "`Not Compromised`".
*/
deviceCompromisedState?: string | null;
/**
* Required. The device ID.
*/
deviceId?: string | null;
/**
* The model of the device.
*/
deviceModel?: string | null;
/**
* The type of the device.
*/
deviceType?: string | null;
/**
* Required for iOS, empty for others.
*/
iosVendorId?: string | null;
/**
* The device resource ID.
*/
resourceId?: string | null;
/**
* The serial number of the device.
*/
serialNumber?: string | null;
}
/**
* Alerts from Device Management Rules configured by Admin.
*/
export interface Schema$DeviceManagementRule {
/**
* Required. The device ID.
*/
deviceId?: string | null;
/**
* The model of the device.
*/
deviceModel?: string | null;
/**
* The type of the device.
*/
deviceType?: string | null;
/**
* The email of the user this alert was created for.
*/
email?: string | null;
/**
* ID of the rule that triggered the alert
*/
id?: string | null;
/**
* Required for iOS, empty for others.
*/
iosVendorId?: string | null;
/**
* Obfuscated ID of the owner of the device
*/
ownerId?: string | null;
/**
* The device resource ID.
*/
resourceId?: string | null;
/**
* Action taken as result of the rule
*/
ruleAction?: string | null;
/**
* The serial number of the device.
*/
serialNumber?: string | null;
}
/**
* Alerts that get triggered on violations of Data Loss Prevention (DLP) rules.
*/
export interface Schema$DlpRuleViolation {
/**
* Details about the violated DLP rule. Admins can use the predefined detectors provided by Google Cloud DLP https://cloud.google.com/dlp/ when setting up a DLP rule. Matched Cloud DLP detectors in this violation if any will be captured in the MatchInfo.predefined_detector.
*/
ruleViolationInfo?: Schema$RuleViolationInfo;
}
/**
* Domain ID of Gmail phishing alerts.
*/
export interface Schema$DomainId {
/**
* The primary domain for the customer.
*/
customerPrimaryDomain?: string | null;
}
/**
* A takeout operation for the entire domain was initiated by an admin. Derived from audit logs.
*/
export interface Schema$DomainWideTakeoutInitiated {
/**
* The email of the admin who initiated the takeout.
*/
email?: string | null;
/**
* The takeout request ID.
*/
takeoutRequestId?: string | null;
}
/**
* A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs. A typical example is to use it as the request or the response type of an API method. For instance: service Foo { rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); \}
*/
export interface Schema$Empty {}
/**
* Individual entity affected by, or related to, an alert.
*/
export interface Schema$Entity {
/**
* Link to a Security Investigation Tool search based on this entity, if available.
*/
link?: string | null;
/**
* Human-readable name of this entity, such as an email address, file ID, or device name.
*/
name?: string | null;
/**
* Extra values beyond name. The order of values should align with headers in EntityList.
*/
values?: string[] | null;
}
/**
* EntityList stores entities in a format that can be translated to a table in the Alert Center UI.
*/
export interface Schema$EntityList {
/**
* List of entities affected by the alert.
*/
entities?: Schema$Entity[];
/**
* Headers of the values in entities. If no value is defined in Entity, this field should be empty.
*/
headers?: string[] | null;
/**
* Name of the key detail used to display this entity list.
*/
name?: string | null;
}
/**
* Details of a message in phishing spike alert.
*/
export interface Schema$GmailMessageInfo {
/**
* The `SHA256` hash of email's attachment and all MIME parts.
*/
attachmentsSha256Hash?: string[] | null;
/**
* The date of the event related to this email.
*/
date?: string | null;
/**
* The hash of the message body text.
*/
md5HashMessageBody?: string | null;
/**
* The MD5 Hash of email's subject (only available for reported emails).
*/
md5HashSubject?: string | null;
/**
* The snippet of the message body text (only available for reported emails).
*/
messageBodySnippet?: string | null;
/**
* The message ID.
*/
messageId?: string | null;
/**
* The recipient of this email.
*/
recipient?: string | null;
/**
* The sent time of the email.
*/
sentTime?: string | null;
/**
* The email subject text (only available for reported emails).
*/
subjectText?: string | null;
}
/**
* An incident reported by Google Operations for a Google Workspace application.
*/
export interface Schema$GoogleOperations {
/**
* The list of emails which correspond to the users directly affected by the incident.
*/
affectedUserEmails?: string[] | null;
/**
* Optional. Application-specific data for an incident, provided when the Google Workspace application which reported the incident cannot be completely restored to a valid state.
*/
attachmentData?: Schema$Attachment;
/**
* A detailed, freeform incident description.
*/
description?: string | null;
/**
* Customer domain for email template personalization.
*/
domain?: string | null;
/**
* A header to display above the incident message. Typically used to attach a localized notice on the timeline for followup comms translations.
*/
header?: string | null;
/**
* A one-line incident description.
*/
title?: string | null;
}
/**
* Response message for an alert feedback listing request.
*/
export interface Schema$ListAlertFeedbackResponse {
/**
* The list of alert feedback. Feedback entries for each alert are ordered by creation time descending.
*/
feedback?: Schema$AlertFeedback[];
}
/**
* Response message for an alert listing request.
*/
export interface Schema$ListAlertsResponse {
/**
* The list of alerts.
*/
alerts?: Schema$Alert[];
/**
* The token for the next page. If not empty, indicates that there may be more alerts that match the listing request; this value can be used in a subsequent ListAlertsRequest to get alerts continuing from last result of the current list call.
*/
nextPageToken?: string | null;
}
/**
* The details of the login action.
*/
export interface Schema$LoginDetails {
/**
* Optional. The human-readable IP address (for example, `11.22.33.44`) that is associated with the warning event.
*/
ipAddress?: string | null;
/**
* Optional. The successful login time that is associated with the warning event. This isn't present for blocked login attempts.
*/
loginTime?: string | null;
}
/**
* Proto for all phishing alerts with common payload. Supported types are any of the following: * User reported phishing * User reported spam spike * Suspicious message reported * Phishing reclassification * Malware reclassification * Gmail potential employee spoofing
*/
export interface Schema$MailPhishing {
/**
* The domain ID.
*/
domainId?: Schema$DomainId;
/**
* If `true`, the email originated from within the organization.
*/
isInternal?: boolean | null;
/**
* The entity whose actions triggered a Gmail phishing alert.
*/
maliciousEntity?: Schema$MaliciousEntity;
/**
* The list of messages contained by this alert.
*/
messages?: Schema$GmailMessageInfo[];
/**
* System actions on the messages.
*/
systemActionType?: string | null;
}
/**
* Entity whose actions triggered a Gmail phishing alert.
*/
export interface Schema$MaliciousEntity {
/**
* The header from display name.
*/
displayName?: string | null;
/**
* The actor who triggered a gmail phishing alert.
*/
entity?: Schema$User;
/**
* The sender email address.
*/
fromHeader?: string | null;
}
/**
* Alert Created by the MSA team for communications necessary for continued use of Google Workspace Products.
*/
export interface Schema$MandatoryServiceAnnouncement {
/**
* Detailed, freeform text describing the announcement
*/
description?: string | null;
/**
* One line summary of the announcement
*/
title?: string | null;
}
/**
* Proto that contains match information from the condition part of the rule.
*/
export interface Schema$MatchInfo {
/**
* For matched detector predefined by Google.
*/
predefinedDetector?: Schema$PredefinedDetectorInfo;
/**
* For matched detector defined by administrators.
*/
userDefinedDetector?: Schema$UserDefinedDetectorInfo;
}
/**
* New alert tracking numbers.
*/
export interface Schema$MergeInfo {
/**
* Optional. New alert ID. Reference the [google.apps.alertcenter.Alert] with this ID for the current state.
*/
newAlertId?: string | null;
/**
* The new tracking ID from the parent incident.
*/
newIncidentTrackingId?: string | null;
}
/**
* Settings for callback notifications. For more details see [Google Workspace Alert Notification](https://developers.google.com/admin-sdk/alertcenter/guides/notifications).
*/
export interface Schema$Notification {
/**
* A Google Cloud Pub/sub topic destination.
*/
cloudPubsubTopic?: Schema$CloudPubsubTopic;
}
/**
* Alert for a spike in user reported phishing. *Warning*: This type has been deprecated. Use [MailPhishing](/admin-sdk/alertcenter/reference/rest/v1beta1/MailPhishing) instead.
*/
export interface Schema$PhishingSpike {
/**
* The domain ID.
*/
domainId?: Schema$DomainId;
/**
* If `true`, the email originated from within the organization.
*/
isInternal?: boolean | null;
/**
* The entity whose actions triggered a Gmail phishing alert.
*/
maliciousEntity?: Schema$MaliciousEntity;
/**
* The list of messages contained by this alert.
*/
messages?: Schema$GmailMessageInfo[];
}
/**
* Detector provided by Google.
*/
export interface Schema$PredefinedDetectorInfo {
/**
* Name that uniquely identifies the detector.
*/
detectorName?: string | null;
}
/**
* Event occurred when primary admin changed in customer's account. The event are being received from insight forwarder
*/
export interface Schema$PrimaryAdminChangedEvent {
/**
* domain in which actioned occurred
*/
domain?: string | null;
/**
* Email of person who was the primary admin before the action
*/
previousAdminEmail?: string | null;
/**
* Email of person who is the primary admin after the action
*/
updatedAdminEmail?: string | null;
}
/**
* Alerts from Reporting Rules configured by Admin.
*/
export interface Schema$ReportingRule {
/**
* Any other associated alert details, for example, AlertConfiguration.
*/
alertDetails?: string | null;
/**
* Rule name
*/
name?: string | null;